diff options
Diffstat (limited to 'src/include/gnunet_identity_provider_service.h')
-rw-r--r-- | src/include/gnunet_identity_provider_service.h | 333 |
1 files changed, 237 insertions, 96 deletions
diff --git a/src/include/gnunet_identity_provider_service.h b/src/include/gnunet_identity_provider_service.h index e533f6f8c..be935e898 100644 --- a/src/include/gnunet_identity_provider_service.h +++ b/src/include/gnunet_identity_provider_service.h | |||
@@ -39,7 +39,7 @@ extern "C" | |||
39 | #endif | 39 | #endif |
40 | 40 | ||
41 | #include "gnunet_util_lib.h" | 41 | #include "gnunet_util_lib.h" |
42 | 42 | #include "gnunet_identity_attribute_lib.h" | |
43 | 43 | ||
44 | /** | 44 | /** |
45 | * Version number of GNUnet Identity Provider API. | 45 | * Version number of GNUnet Identity Provider API. |
@@ -57,169 +57,310 @@ struct GNUNET_IDENTITY_PROVIDER_Handle; | |||
57 | struct GNUNET_IDENTITY_PROVIDER_Token; | 57 | struct GNUNET_IDENTITY_PROVIDER_Token; |
58 | 58 | ||
59 | /** | 59 | /** |
60 | * Handle for a ticket | 60 | * The ticket |
61 | */ | 61 | */ |
62 | struct GNUNET_IDENTITY_PROVIDER_Ticket; | 62 | struct GNUNET_IDENTITY_PROVIDER_Ticket |
63 | { | ||
64 | /** | ||
65 | * The ticket issuer | ||
66 | */ | ||
67 | struct GNUNET_CRYPTO_EcdsaPublicKey identity; | ||
68 | |||
69 | /** | ||
70 | * The ticket audience | ||
71 | */ | ||
72 | struct GNUNET_CRYPTO_EcdsaPublicKey audience; | ||
73 | |||
74 | /** | ||
75 | * The ticket random (NBO) | ||
76 | */ | ||
77 | uint64_t rnd; | ||
78 | }; | ||
63 | 79 | ||
64 | /** | 80 | /** |
65 | * Handle for an operation with the identity provider service. | 81 | * Handle for an operation with the identity provider service. |
66 | */ | 82 | */ |
67 | struct GNUNET_IDENTITY_PROVIDER_Operation; | 83 | struct GNUNET_IDENTITY_PROVIDER_Operation; |
68 | 84 | ||
85 | |||
69 | /** | 86 | /** |
70 | * Method called when a token has been exchanged for a ticket. | 87 | * Connect to the identity provider service. |
71 | * On success returns a token | ||
72 | * | 88 | * |
73 | * @param cls closure | 89 | * @param cfg Configuration to contact the identity provider service. |
74 | * @param token the token | 90 | * @return handle to communicate with identity provider service |
75 | */ | 91 | */ |
76 | typedef void | 92 | struct GNUNET_IDENTITY_PROVIDER_Handle * |
77 | (*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls, | 93 | GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); |
78 | const struct GNUNET_IDENTITY_PROVIDER_Token *token, | ||
79 | uint64_t ticket_nonce); | ||
80 | 94 | ||
81 | /** | 95 | /** |
82 | * Method called when a token has been issued. | 96 | * Continuation called to notify client about result of the |
83 | * On success returns a ticket that can be given to the audience to retrive the | 97 | * operation. |
84 | * token | ||
85 | * | 98 | * |
86 | * @param cls closure | 99 | * @param cls closure |
87 | * @param grant the label in GNS pointing to the token | 100 | * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate) |
88 | * @param ticket the ticket | 101 | * #GNUNET_NO if content was already there or not found |
89 | * @param token the issued token | 102 | * #GNUNET_YES (or other positive value) on success |
90 | * @param name name assigned by the user for this ego, | 103 | * @param emsg NULL on success, otherwise an error message |
91 | * NULL if the user just deleted the ego and it | ||
92 | * must thus no longer be used | ||
93 | */ | 104 | */ |
94 | typedef void | 105 | typedef void |
95 | (*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls, | 106 | (*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls, |
96 | const char *grant, | 107 | int32_t success, |
97 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | 108 | const char *emsg); |
98 | const struct GNUNET_IDENTITY_PROVIDER_Token *token); | ||
99 | 109 | ||
100 | 110 | ||
101 | /** | 111 | /** |
102 | * Connect to the identity provider service. | 112 | * Store an attribute. If the attribute is already present, |
113 | * it is replaced with the new attribute. | ||
103 | * | 114 | * |
104 | * @param cfg Configuration to contact the identity provider service. | 115 | * @param h handle to the identity provider |
105 | * @return handle to communicate with identity provider service | 116 | * @param pkey private key of the identity |
117 | * @param attr the attribute | ||
118 | * @param cont continuation to call when done | ||
119 | * @param cont_cls closure for @a cont | ||
120 | * @return handle to abort the request | ||
106 | */ | 121 | */ |
107 | struct GNUNET_IDENTITY_PROVIDER_Handle * | 122 | struct GNUNET_IDENTITY_PROVIDER_Operation * |
108 | GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg); | 123 | GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h, |
124 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, | ||
125 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr, | ||
126 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont, | ||
127 | void *cont_cls); | ||
109 | 128 | ||
110 | 129 | ||
111 | /** | 130 | /** |
112 | * Issue a token for a specific audience. | 131 | * Process an attribute that was stored in the idp. |
113 | * | 132 | * |
114 | * @param id identity provider service to use | 133 | * @param cls closure |
115 | * @param iss issuer (identity) | 134 | * @param identity the identity |
116 | * @param aud audience (identity) | 135 | * @param attr the attribute |
117 | * @param scope the identity attributes requested, comman separated | ||
118 | * @param expiration the token expiration | ||
119 | * @param nonce the nonce that will be included in token and ticket | ||
120 | * @param cb callback to call with result | ||
121 | * @param cb_cls closure | ||
122 | * @return handle to abort the operation | ||
123 | */ | 136 | */ |
124 | struct GNUNET_IDENTITY_PROVIDER_Operation * | 137 | typedef void |
125 | GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | 138 | (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls, |
126 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key, | 139 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, |
127 | const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, | 140 | const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr); |
128 | const char* scope, | 141 | |
129 | struct GNUNET_TIME_Absolute expiration, | ||
130 | uint64_t nonce, | ||
131 | GNUNET_IDENTITY_PROVIDER_IssueCallback cb, | ||
132 | void *cb_cls); | ||
133 | 142 | ||
134 | 143 | ||
135 | /** | 144 | /** |
136 | * Exchange a ticket for a token. Intended to be used by audience that | 145 | * List all attributes for a local identity. |
137 | * received a ticket. | 146 | * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle` |
147 | * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and | ||
148 | * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once | ||
149 | * immediately, and then again after | ||
150 | * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked. | ||
138 | * | 151 | * |
139 | * @param id identity provider service to use | 152 | * On error (disconnect), @a error_cb will be invoked. |
140 | * @param ticket the ticket to exchange | 153 | * On normal completion, @a finish_cb proc will be |
141 | * @param aud_privkey the audience of the ticket | 154 | * invoked. |
142 | * @param cont function to call once the operation finished | 155 | * |
143 | * @param cont_cls closure for @a cont | 156 | * @param h handle to the idp |
144 | * @return handle to abort the operation | 157 | * @param identity identity to access |
158 | * @param error_cb function to call on error (i.e. disconnect), | ||
159 | * the handle is afterwards invalid | ||
160 | * @param error_cb_cls closure for @a error_cb | ||
161 | * @param proc function to call on each attribute; it | ||
162 | * will be called repeatedly with a value (if available) | ||
163 | * @param proc_cls closure for @a proc | ||
164 | * @param finish_cb function to call on completion | ||
165 | * the handle is afterwards invalid | ||
166 | * @param finish_cb_cls closure for @a finish_cb | ||
167 | * @return an iterator handle to use for iteration | ||
145 | */ | 168 | */ |
146 | struct GNUNET_IDENTITY_PROVIDER_Operation * | 169 | struct GNUNET_IDENTITY_PROVIDER_AttributeIterator * |
147 | GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id, | 170 | GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, |
148 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | 171 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, |
149 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey, | 172 | GNUNET_SCHEDULER_TaskCallback error_cb, |
150 | GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont, | 173 | void *error_cb_cls, |
151 | void *cont_cls); | 174 | GNUNET_IDENTITY_PROVIDER_AttributeResult proc, |
175 | void *proc_cls, | ||
176 | GNUNET_SCHEDULER_TaskCallback finish_cb, | ||
177 | void *finish_cb_cls); | ||
152 | 178 | ||
153 | 179 | ||
154 | /** | 180 | /** |
155 | * Disconnect from identity provider service. | 181 | * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start |
182 | * for the next record. | ||
156 | * | 183 | * |
157 | * @param h identity provider service to disconnect | 184 | * @param it the iterator |
158 | */ | 185 | */ |
159 | void | 186 | void |
160 | GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); | 187 | GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); |
161 | 188 | ||
162 | 189 | ||
163 | /** | 190 | /** |
164 | * Cancel an identity provider operation. Note that the operation MAY still | 191 | * Stops iteration and releases the idp handle for further calls. Must |
165 | * be executed; this merely cancels the continuation; if the request | 192 | * be called on any iteration that has not yet completed prior to calling |
166 | * was already transmitted, the service may still choose to complete | 193 | * #GNUNET_IDENTITY_PROVIDER_disconnect. |
167 | * the operation. | ||
168 | * | 194 | * |
169 | * @param op operation to cancel | 195 | * @param it the iterator |
170 | */ | 196 | */ |
171 | void | 197 | void |
172 | GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); | 198 | GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it); |
173 | 199 | ||
174 | 200 | ||
175 | /** | 201 | /** |
176 | * Convenience API | 202 | * Method called when a token has been issued. |
203 | * On success returns a ticket that can be given to the audience to retrive the | ||
204 | * token | ||
205 | * | ||
206 | * @param cls closure | ||
207 | * @param ticket the ticket | ||
177 | */ | 208 | */ |
209 | typedef void | ||
210 | (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls, | ||
211 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | ||
178 | 212 | ||
179 | /** | 213 | /** |
180 | * Destroy token | 214 | * Issues a ticket to another identity. The identity may use |
215 | * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket | ||
216 | * and retrieve the attributes specified in the AttributeList. | ||
181 | * | 217 | * |
182 | * @param token the token | 218 | * @param h the identity provider to use |
219 | * @param iss the issuing identity | ||
220 | * @param rp the subject of the ticket (the relying party) | ||
221 | * @param attrs the attributes that the relying party is given access to | ||
222 | * @param cb the callback | ||
223 | * @param cb_cls the callback closure | ||
224 | * @return handle to abort the operation | ||
183 | */ | 225 | */ |
184 | void | 226 | struct GNUNET_IDENTITY_PROVIDER_Operation * |
185 | GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token); | 227 | GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h, |
228 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss, | ||
229 | const struct GNUNET_CRYPTO_EcdsaPublicKey *rp, | ||
230 | const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs, | ||
231 | GNUNET_IDENTITY_PROVIDER_TicketCallback cb, | ||
232 | void *cb_cls); | ||
186 | 233 | ||
187 | /** | 234 | /** |
188 | * Returns string representation of token. A JSON-Web-Token. | 235 | * Revoked an issued ticket. The relying party will be unable to retrieve |
236 | * updated attributes. | ||
189 | * | 237 | * |
190 | * @param token the token | 238 | * @param h the identity provider to use |
191 | * @return The JWT (must be freed) | 239 | * @param identity the issuing identity |
240 | * @param ticket the ticket to revoke | ||
241 | * @param cb the callback | ||
242 | * @param cb_cls the callback closure | ||
243 | * @return handle to abort the operation | ||
192 | */ | 244 | */ |
193 | char * | 245 | struct GNUNET_IDENTITY_PROVIDER_Operation * |
194 | GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token); | 246 | GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h, |
247 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
248 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
249 | GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb, | ||
250 | void *cb_cls); | ||
251 | |||
252 | |||
195 | 253 | ||
196 | /** | 254 | /** |
197 | * Returns string representation of ticket. Base64-Encoded | 255 | * Consumes an issued ticket. The ticket is persisted |
256 | * and used to retrieve identity information from the issuer | ||
198 | * | 257 | * |
199 | * @param ticket the ticket | 258 | * @param h the identity provider to use |
200 | * @return the Base64-Encoded ticket | 259 | * @param identity the identity that is the subject of the issued ticket (the audience) |
260 | * @param ticket the issued ticket to consume | ||
261 | * @param cb the callback to call | ||
262 | * @param cb_cls the callback closure | ||
263 | * @return handle to abort the operation | ||
264 | */ | ||
265 | struct GNUNET_IDENTITY_PROVIDER_Operation * | ||
266 | GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h, | ||
267 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
268 | const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket, | ||
269 | GNUNET_IDENTITY_PROVIDER_AttributeResult cb, | ||
270 | void *cb_cls); | ||
271 | |||
272 | /** | ||
273 | * Lists all tickets that have been issued to remote | ||
274 | * identites (relying parties) | ||
275 | * | ||
276 | * @param h the identity provider to use | ||
277 | * @param identity the issuing identity | ||
278 | * @param error_cb function to call on error (i.e. disconnect), | ||
279 | * the handle is afterwards invalid | ||
280 | * @param error_cb_cls closure for @a error_cb | ||
281 | * @param proc function to call on each ticket; it | ||
282 | * will be called repeatedly with a value (if available) | ||
283 | * @param proc_cls closure for @a proc | ||
284 | * @param finish_cb function to call on completion | ||
285 | * the handle is afterwards invalid | ||
286 | * @param finish_cb_cls closure for @a finish_cb | ||
287 | * @return an iterator handle to use for iteration | ||
288 | */ | ||
289 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator * | ||
290 | GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h, | ||
291 | const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity, | ||
292 | GNUNET_SCHEDULER_TaskCallback error_cb, | ||
293 | void *error_cb_cls, | ||
294 | GNUNET_IDENTITY_PROVIDER_TicketCallback proc, | ||
295 | void *proc_cls, | ||
296 | GNUNET_SCHEDULER_TaskCallback finish_cb, | ||
297 | void *finish_cb_cls); | ||
298 | |||
299 | /** | ||
300 | * Lists all tickets that have been issued to remote | ||
301 | * identites (relying parties) | ||
302 | * | ||
303 | * @param h the identity provider to use | ||
304 | * @param identity the issuing identity | ||
305 | * @param error_cb function to call on error (i.e. disconnect), | ||
306 | * the handle is afterwards invalid | ||
307 | * @param error_cb_cls closure for @a error_cb | ||
308 | * @param proc function to call on each ticket; it | ||
309 | * will be called repeatedly with a value (if available) | ||
310 | * @param proc_cls closure for @a proc | ||
311 | * @param finish_cb function to call on completion | ||
312 | * the handle is afterwards invalid | ||
313 | * @param finish_cb_cls closure for @a finish_cb | ||
314 | * @return an iterator handle to use for iteration | ||
201 | */ | 315 | */ |
202 | char * | 316 | struct GNUNET_IDENTITY_PROVIDER_TicketIterator * |
203 | GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | 317 | GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h, |
318 | const struct GNUNET_CRYPTO_EcdsaPublicKey *identity, | ||
319 | GNUNET_SCHEDULER_TaskCallback error_cb, | ||
320 | void *error_cb_cls, | ||
321 | GNUNET_IDENTITY_PROVIDER_TicketCallback proc, | ||
322 | void *proc_cls, | ||
323 | GNUNET_SCHEDULER_TaskCallback finish_cb, | ||
324 | void *finish_cb_cls); | ||
204 | 325 | ||
205 | /** | 326 | /** |
206 | * Created a ticket from a string (Base64 encoded ticket) | 327 | * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start |
328 | * for the next record. | ||
207 | * | 329 | * |
208 | * @param input Base64 encoded ticket | 330 | * @param it the iterator |
209 | * @param ticket pointer where the ticket is stored | ||
210 | * @return GNUNET_OK | ||
211 | */ | 331 | */ |
212 | int | 332 | void |
213 | GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input, | 333 | GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); |
214 | struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket); | ||
215 | 334 | ||
216 | /** | 335 | /** |
217 | * Destroys a ticket | 336 | * Stops iteration and releases the idp handle for further calls. Must |
337 | * be called on any iteration that has not yet completed prior to calling | ||
338 | * #GNUNET_IDENTITY_PROVIDER_disconnect. | ||
218 | * | 339 | * |
219 | * @param ticket the ticket to destroy | 340 | * @param it the iterator |
220 | */ | 341 | */ |
221 | void | 342 | void |
222 | GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket); | 343 | GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it); |
344 | |||
345 | /** | ||
346 | * Disconnect from identity provider service. | ||
347 | * | ||
348 | * @param h identity provider service to disconnect | ||
349 | */ | ||
350 | void | ||
351 | GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h); | ||
352 | |||
353 | |||
354 | /** | ||
355 | * Cancel an identity provider operation. Note that the operation MAY still | ||
356 | * be executed; this merely cancels the continuation; if the request | ||
357 | * was already transmitted, the service may still choose to complete | ||
358 | * the operation. | ||
359 | * | ||
360 | * @param op operation to cancel | ||
361 | */ | ||
362 | void | ||
363 | GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op); | ||
223 | 364 | ||
224 | #if 0 /* keep Emacsens' auto-indent happy */ | 365 | #if 0 /* keep Emacsens' auto-indent happy */ |
225 | { | 366 | { |