diff options
Diffstat (limited to 'src/identity-provider/gnunet-service-identity-provider.c')
-rw-r--r-- | src/identity-provider/gnunet-service-identity-provider.c | 73 |
1 files changed, 58 insertions, 15 deletions
diff --git a/src/identity-provider/gnunet-service-identity-provider.c b/src/identity-provider/gnunet-service-identity-provider.c index 207923d5e..a518d00ae 100644 --- a/src/identity-provider/gnunet-service-identity-provider.c +++ b/src/identity-provider/gnunet-service-identity-provider.c | |||
@@ -364,6 +364,11 @@ struct AttributeStoreHandle | |||
364 | struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; | 364 | struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim; |
365 | 365 | ||
366 | /** | 366 | /** |
367 | * The attribute expiration interval | ||
368 | */ | ||
369 | struct GNUNET_TIME_Relative exp; | ||
370 | |||
371 | /** | ||
367 | * request id | 372 | * request id |
368 | */ | 373 | */ |
369 | uint32_t r_id; | 374 | uint32_t r_id; |
@@ -1308,12 +1313,29 @@ revocation_reissue_tickets (struct TicketRevocationHandle *rh) | |||
1308 | } | 1313 | } |
1309 | 1314 | ||
1310 | /** | 1315 | /** |
1311 | * Revoke next attribte by reencryption with | 1316 | * Failed to check for attribute |
1312 | * new ABE master | ||
1313 | */ | 1317 | */ |
1314 | static void | 1318 | static void |
1315 | reenc_next_attribute (struct TicketRevocationHandle *rh) | 1319 | check_attr_error (void *cls) |
1320 | { | ||
1321 | struct TicketRevocationHandle *rh = cls; | ||
1322 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1323 | "Unable to check for existing attribute\n"); | ||
1324 | send_revocation_finished (rh, GNUNET_SYSERR); | ||
1325 | cleanup_revoke_ticket_handle (rh); | ||
1326 | } | ||
1327 | |||
1328 | /** | ||
1329 | * Check for existing attribute and overwrite | ||
1330 | */ | ||
1331 | static void | ||
1332 | check_attr_cb (void *cls, | ||
1333 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone, | ||
1334 | const char *label, | ||
1335 | unsigned int rd_count, | ||
1336 | const struct GNUNET_GNSRECORD_Data *rd_old) | ||
1316 | { | 1337 | { |
1338 | struct TicketRevocationHandle *rh = cls; | ||
1317 | struct GNUNET_GNSRECORD_Data rd[1]; | 1339 | struct GNUNET_GNSRECORD_Data rd[1]; |
1318 | char* buf; | 1340 | char* buf; |
1319 | char* enc_buf; | 1341 | char* enc_buf; |
@@ -1323,15 +1345,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1323 | char* policy; | 1345 | char* policy; |
1324 | uint32_t attr_ver; | 1346 | uint32_t attr_ver; |
1325 | 1347 | ||
1326 | if (NULL == rh->attrs->list_head) | 1348 | |
1327 | { | ||
1328 | revocation_reissue_tickets (rh); | ||
1329 | return; | ||
1330 | } | ||
1331 | buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim); | 1349 | buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim); |
1332 | buf = GNUNET_malloc (buf_size); | 1350 | buf = GNUNET_malloc (buf_size); |
1333 | GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim, | 1351 | GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim, |
1334 | buf); | 1352 | buf); |
1335 | rh->attrs->list_head->claim->version++; | 1353 | rh->attrs->list_head->claim->version++; |
1336 | GNUNET_asprintf (&policy, "%s_%lu", | 1354 | GNUNET_asprintf (&policy, "%s_%lu", |
1337 | rh->attrs->list_head->claim->name, | 1355 | rh->attrs->list_head->claim->name, |
@@ -1342,10 +1360,10 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1342 | * Encrypt the attribute value and store in namestore | 1360 | * Encrypt the attribute value and store in namestore |
1343 | */ | 1361 | */ |
1344 | enc_size = GNUNET_ABE_cpabe_encrypt (buf, | 1362 | enc_size = GNUNET_ABE_cpabe_encrypt (buf, |
1345 | buf_size, | 1363 | buf_size, |
1346 | policy, //Policy | 1364 | policy, //Policy |
1347 | rh->abe_key, | 1365 | rh->abe_key, |
1348 | (void**)&enc_buf); | 1366 | (void**)&enc_buf); |
1349 | GNUNET_free (buf); | 1367 | GNUNET_free (buf); |
1350 | if (GNUNET_SYSERR == enc_size) | 1368 | if (GNUNET_SYSERR == enc_size) |
1351 | { | 1369 | { |
@@ -1371,7 +1389,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1371 | rd[0].data = rd_buf; | 1389 | rd[0].data = rd_buf; |
1372 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; | 1390 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; |
1373 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 1391 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; |
1374 | rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? | 1392 | rd[0].expiration_time = rd_old[0].expiration_time; |
1375 | rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | 1393 | rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, |
1376 | &rh->identity, | 1394 | &rh->identity, |
1377 | rh->attrs->list_head->claim->name, | 1395 | rh->attrs->list_head->claim->name, |
@@ -1383,6 +1401,30 @@ reenc_next_attribute (struct TicketRevocationHandle *rh) | |||
1383 | GNUNET_free (rd_buf); | 1401 | GNUNET_free (rd_buf); |
1384 | } | 1402 | } |
1385 | 1403 | ||
1404 | |||
1405 | /** | ||
1406 | * Revoke next attribte by reencryption with | ||
1407 | * new ABE master | ||
1408 | */ | ||
1409 | static void | ||
1410 | reenc_next_attribute (struct TicketRevocationHandle *rh) | ||
1411 | { | ||
1412 | if (NULL == rh->attrs->list_head) | ||
1413 | { | ||
1414 | revocation_reissue_tickets (rh); | ||
1415 | return; | ||
1416 | } | ||
1417 | /* First check if attribute still exists */ | ||
1418 | rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle, | ||
1419 | &rh->identity, | ||
1420 | rh->attrs->list_head->claim->name, | ||
1421 | &check_attr_error, | ||
1422 | rh, | ||
1423 | &check_attr_cb, | ||
1424 | rh); | ||
1425 | } | ||
1426 | |||
1427 | |||
1386 | /** | 1428 | /** |
1387 | * Namestore callback after revoked attribute | 1429 | * Namestore callback after revoked attribute |
1388 | * is stored | 1430 | * is stored |
@@ -1878,7 +1920,7 @@ attr_store_task (void *cls) | |||
1878 | rd[0].data = rd_buf; | 1920 | rd[0].data = rd_buf; |
1879 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; | 1921 | rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR; |
1880 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; | 1922 | rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION; |
1881 | rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane? | 1923 | rd[0].expiration_time = as_handle->exp.rel_value_us; |
1882 | as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, | 1924 | as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle, |
1883 | &as_handle->identity, | 1925 | &as_handle->identity, |
1884 | as_handle->claim->name, | 1926 | as_handle->claim->name, |
@@ -1936,6 +1978,7 @@ handle_attribute_store_message (void *cls, | |||
1936 | 1978 | ||
1937 | as_handle->r_id = ntohl (sam->id); | 1979 | as_handle->r_id = ntohl (sam->id); |
1938 | as_handle->identity = sam->identity; | 1980 | as_handle->identity = sam->identity; |
1981 | as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp); | ||
1939 | GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, | 1982 | GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity, |
1940 | &as_handle->identity_pkey); | 1983 | &as_handle->identity_pkey); |
1941 | 1984 | ||