From 4c2b05fe49e5ee49c69337e763a3572af59e78d5 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Thu, 7 Jan 2016 21:02:11 +0000 Subject: - Start commenting. Major refactor --- src/identity-token/Makefile.am | 17 +- src/identity-token/gnunet-service-identity-token.c | 48 ++-- src/identity-token/identity-token.c | 269 +++++++++++---------- src/identity-token/identity-token.h | 190 ++++++++++++--- src/identity-token/plugin_rest_identity_token.c | 107 ++++---- 5 files changed, 393 insertions(+), 238 deletions(-) diff --git a/src/identity-token/Makefile.am b/src/identity-token/Makefile.am index 974de98d9..a9338ba59 100644 --- a/src/identity-token/Makefile.am +++ b/src/identity-token/Makefile.am @@ -19,10 +19,10 @@ libexecdir= $(pkglibdir)/libexec/ pkgcfg_DATA = \ identity-token.conf -if HAVE_REST plugin_LTLIBRARIES = \ libgnunet_plugin_rest_identity_token.la -endif +lib_LTLIBRARIES = \ + libgnunetidentityprovider.la bin_PROGRAMS = \ gnunet-identity-token @@ -31,9 +31,9 @@ libexec_PROGRAMS = \ gnunet-service-identity-token gnunet_service_identity_token_SOURCES = \ - gnunet-service-identity-token.c \ - identity-token.c + gnunet-service-identity-token.c gnunet_service_identity_token_LDADD = \ + libgnunetidentityprovider.la \ $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \ $(top_builddir)/src/util/libgnunetutil.la \ $(top_builddir)/src/namestore/libgnunetnamestore.la \ @@ -41,9 +41,14 @@ gnunet_service_identity_token_LDADD = \ $(GN_LIBINTL) \ -ljansson +libgnunetidentityprovider_la_SOURCES = \ + identity-token.c +libgnunetidentityprovider_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson + libgnunet_plugin_rest_identity_token_la_SOURCES = \ - plugin_rest_identity_token.c \ - identity-token.c + plugin_rest_identity_token.c libgnunet_plugin_rest_identity_token_la_LIBADD = \ $(top_builddir)/src/identity/libgnunetidentity.la \ $(top_builddir)/src/rest/libgnunetrest.la \ diff --git a/src/identity-token/gnunet-service-identity-token.c b/src/identity-token/gnunet-service-identity-token.c index 00fc25852..039d1c7e0 100644 --- a/src/identity-token/gnunet-service-identity-token.c +++ b/src/identity-token/gnunet-service-identity-token.c @@ -30,7 +30,7 @@ #include "gnunet_namestore_service.h" #include #include "gnunet_signatures.h" -#include "identity-token.h" +#include "gnunet_identity_provider_lib.h" /** * First pass state @@ -102,7 +102,7 @@ static struct GNUNET_TIME_Relative min_rel_exp; /** * Currently processed token */ -static struct IdentityToken *token; +static struct GNUNET_IDENTITY_PROVIDER_Token *token; /** * Label for currently processed token @@ -201,9 +201,8 @@ handle_token_update (void *cls, char *write_ptr; char *enc_token_str; const char *key; - const char *iss; - const char *aud; const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey; struct EgoEntry *ego_entry = cls; struct GNUNET_GNSRECORD_Data token_record[2]; @@ -215,7 +214,7 @@ handle_token_update (void *cls, struct GNUNET_TIME_Absolute new_exp; struct GNUNET_TIME_Absolute new_iat; struct GNUNET_TIME_Absolute new_nbf; - struct IdentityToken *new_token; + struct GNUNET_IDENTITY_PROVIDER_Token *new_token; json_t *payload_json; json_t *value; json_t *cur_value; @@ -224,6 +223,8 @@ handle_token_update (void *cls, size_t token_metadata_len; priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, + &pub_key); //Note: We need the token expiration time here. Not the record expiration //time. @@ -262,9 +263,8 @@ handle_token_update (void *cls, } GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Token is expired. Create a new one\n"); - iss = json_string_value (json_object_get (payload_json, "iss")); - aud = json_string_value (json_object_get (payload_json, "aud")); - new_token = identity_token_create (iss, aud); + new_token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key, + &token->aud_key); new_exp = GNUNET_TIME_relative_to_absolute (token_rel_exp); new_nbf = GNUNET_TIME_absolute_get (); new_iat = new_nbf; @@ -272,15 +272,15 @@ handle_token_update (void *cls, json_object_foreach(payload_json, key, value) { if (0 == strcmp (key, "exp")) { - identity_token_add_json (new_token, key, json_integer (new_exp.abs_value_us)); + GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer (new_exp.abs_value_us)); } else if (0 == strcmp (key, "nbf")) { - identity_token_add_json (new_token, key, json_integer (new_nbf.abs_value_us)); + GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer (new_nbf.abs_value_us)); } else if (0 == strcmp (key, "iat")) { - identity_token_add_json (new_token, key, json_integer (new_iat.abs_value_us)); + GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer (new_iat.abs_value_us)); } else if ((0 == strcmp (key, "iss")) || (0 == strcmp (key, "aud"))) @@ -290,7 +290,7 @@ handle_token_update (void *cls, else if ((0 == strcmp (key, "sub")) || (0 == strcmp (key, "rnl"))) { - identity_token_add_json (new_token, key, value); + GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, value); } else { GNUNET_CRYPTO_hash (key, @@ -302,16 +302,16 @@ handle_token_update (void *cls, { cur_value = GNUNET_CONTAINER_multihashmap_get (ego_entry->attr_map, &key_hash); - identity_token_add_json (new_token, key, cur_value); + GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, cur_value); } } } // reassemble and set - GNUNET_assert (identity_token_serialize (new_token, - priv_key, - &new_ecdhe_privkey, - &enc_token_str)); + GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (new_token, + priv_key, + &new_ecdhe_privkey, + &enc_token_str)); json_decref (payload_json); @@ -347,10 +347,10 @@ handle_token_update (void *cls, &store_token_cont, ego_entry); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, ">>> Updating Token w/ %s\n", new_token); - identity_token_destroy (new_token); + GNUNET_IDENTITY_PROVIDER_token_destroy (new_token); + GNUNET_IDENTITY_PROVIDER_token_destroy (token); GNUNET_free (new_ecdhe_privkey); GNUNET_free (enc_token_str); - GNUNET_free (token); token = NULL; GNUNET_free (label); label = NULL; @@ -438,16 +438,16 @@ token_collect (void *cls, } GNUNET_assert (token_metadata_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA); GNUNET_assert (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN); - + //Get metadata and decrypt token ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey *)token_metadata_record->data); aud_key = (struct GNUNET_CRYPTO_EcdsaPublicKey *)&ecdhe_privkey+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey); scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - identity_token_parse2 (token_record->data, - &ecdhe_privkey, - aud_key, - &token); + GNUNET_IDENTITY_PROVIDER_token_parse2 (token_record->data, + &ecdhe_privkey, + aud_key, + &token); //token = GNUNET_GNSRECORD_value_to_string (rd->record_type, // rd->data, diff --git a/src/identity-token/identity-token.c b/src/identity-token/identity-token.c index dc0154c21..a9f210b14 100644 --- a/src/identity-token/identity-token.c +++ b/src/identity-token/identity-token.c @@ -26,7 +26,7 @@ #include "platform.h" #include "gnunet_util_lib.h" #include "gnunet_signatures.h" -#include "identity-token.h" +#include "gnunet_identity_provider_lib.h" #include @@ -189,13 +189,22 @@ encrypt_str_ecdhe (const char *plaintext, * @param id the JSON API resource id * @return a new JSON API resource or NULL on error. */ -struct IdentityToken* -identity_token_create (const char* issuer, - const char* audience) +struct GNUNET_IDENTITY_PROVIDER_Token* +GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey* iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey* aud) { - struct IdentityToken *token; + struct GNUNET_IDENTITY_PROVIDER_Token *token; + char* audience; + char* issuer; - token = GNUNET_malloc (sizeof (struct IdentityToken)); + issuer = GNUNET_STRINGS_data_to_string_alloc (iss, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + audience = GNUNET_STRINGS_data_to_string_alloc (aud, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + + + + token = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token)); token->header = json_object(); token->payload = json_object(); @@ -206,16 +215,14 @@ identity_token_create (const char* issuer, json_object_set_new (token->payload, "iss", json_string (issuer)); json_object_set_new (token->payload, "aud", json_string (audience)); - GNUNET_STRINGS_string_to_data (audience, - strlen (audience), - &token->aud_key, - sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); - + token->aud_key = *aud; + GNUNET_free (issuer); + GNUNET_free (audience); return token; } void -identity_token_destroy (struct IdentityToken *token) +GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token) { json_decref (token->header); json_decref (token->payload); @@ -223,9 +230,9 @@ identity_token_destroy (struct IdentityToken *token) } void -identity_token_add_attr (const struct IdentityToken *token, - const char* key, - const char* value) +GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, + const char* key, + const char* value) { GNUNET_assert (NULL != token); GNUNET_assert (NULL != token->payload); @@ -234,9 +241,9 @@ identity_token_add_attr (const struct IdentityToken *token, } void -identity_token_add_json (const struct IdentityToken *token, - const char* key, - json_t* value) +GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, + const char* key, + json_t* value) { GNUNET_assert (NULL != token); GNUNET_assert (NULL != token->payload); @@ -246,10 +253,10 @@ identity_token_add_json (const struct IdentityToken *token, int -identity_token_parse2 (const char* raw_data, - const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - struct IdentityToken **result) +GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* raw_data, + const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, + const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, + struct GNUNET_IDENTITY_PROVIDER_Token **result) { char *enc_token_str; char *tmp_buf; @@ -292,7 +299,7 @@ identity_token_parse2 (const char* raw_data, //TODO signature - *result = GNUNET_malloc (sizeof (struct IdentityToken)); + *result = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token)); (*result)->aud_key = *aud_key; (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); @@ -305,9 +312,9 @@ identity_token_parse2 (const char* raw_data, } int -identity_token_parse (const char* raw_data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityToken **result) +GNUNET_IDENTITY_PROVIDER_token_parse (const char* raw_data, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + struct GNUNET_IDENTITY_PROVIDER_Token **result) { char *ecdh_pubkey_str; char *enc_token_str; @@ -356,7 +363,7 @@ identity_token_parse (const char* raw_data, //TODO signature and aud key - *result = GNUNET_malloc (sizeof (struct IdentityToken)); + *result = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token)); (*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json); (*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json); GNUNET_free (enc_token); @@ -368,9 +375,9 @@ identity_token_parse (const char* raw_data, } int -identity_token_to_string (const struct IdentityToken *token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result) +GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + char **result) { char *payload_str; char *header_str; @@ -436,10 +443,10 @@ identity_token_to_string (const struct IdentityToken *token, } int -identity_token_serialize (const struct IdentityToken *token, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, - char **result) +GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey, + char **result) { char *token_str; char *enc_token; @@ -447,9 +454,9 @@ identity_token_serialize (const struct IdentityToken *token, char *enc_token_base64; struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey; - GNUNET_assert (GNUNET_OK == identity_token_to_string (token, - priv_key, - &token_str)); + GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (token, + priv_key, + &token_str)); GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str, &token->aud_key, @@ -469,14 +476,14 @@ identity_token_serialize (const struct IdentityToken *token, return GNUNET_OK; } -struct IdentityTokenCodePayload* -identity_token_code_payload_create (const char* nonce, - const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, - const char* lbl_str) +struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* +GNUNET_IDENTITY_PROVIDER_ticket_payload_create (const char* nonce, + const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, + const char* lbl_str) { - struct IdentityTokenCodePayload* payload; + struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* payload; - payload = GNUNET_malloc (sizeof (struct IdentityTokenCodePayload)); + payload = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload)); GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce)); payload->identity_key = *identity_pkey; GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str)); @@ -484,7 +491,7 @@ identity_token_code_payload_create (const char* nonce, } void -identity_token_code_payload_destroy (struct IdentityTokenCodePayload* payload) +GNUNET_IDENTITY_PROVIDER_ticket_payload_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* payload) { GNUNET_free (payload->nonce); GNUNET_free (payload->label); @@ -492,8 +499,8 @@ identity_token_code_payload_destroy (struct IdentityTokenCodePayload* payload) } void -identity_token_code_payload_serialize (struct IdentityTokenCodePayload *payload, - char **result) +GNUNET_IDENTITY_PROVIDER_ticket_payload_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload, + char **result) { char* identity_key_str; @@ -512,60 +519,60 @@ identity_token_code_payload_serialize (struct IdentityTokenCodePayload *payload, * Create the token code * The metadata is encrypted with a share ECDH derived secret using B (aud_key) * and e (ecdh_privkey) - * The token_code also contains E (ecdh_pubkey) and a signature over the + * The ticket also contains E (ecdh_pubkey) and a signature over the * metadata and E */ -struct IdentityTokenCode* -identity_token_code_create (const char* nonce_str, - const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, - const char* lbl_str, - const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) +struct GNUNET_IDENTITY_PROVIDER_TokenTicket* +GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, + const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, + const char* lbl_str, + const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key) { - struct IdentityTokenCode *token_code; - struct IdentityTokenCodePayload *code_payload; + struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket; + struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *code_payload; - token_code = GNUNET_malloc (sizeof (struct IdentityTokenCode)); - code_payload = identity_token_code_payload_create (nonce_str, - identity_pkey, - lbl_str); - token_code->aud_key = *aud_key; - token_code->payload = code_payload; + ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_TokenTicket)); + code_payload = GNUNET_IDENTITY_PROVIDER_ticket_payload_create (nonce_str, + identity_pkey, + lbl_str); + ticket->aud_key = *aud_key; + ticket->payload = code_payload; - return token_code; + return ticket; } void -identity_token_code_destroy (struct IdentityTokenCode *token_code) +GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket) { - identity_token_code_payload_destroy (token_code->payload); - GNUNET_free (token_code); + GNUNET_IDENTITY_PROVIDER_ticket_payload_destroy (ticket->payload); + GNUNET_free (ticket); } int -identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - char **result) +GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + char **result) { char *code_payload_str; - char *enc_token_code_payload; - char *token_code_payload_str; - char *token_code_sig_str; - char *token_code_str; + char *enc_ticket_payload; + char *ticket_payload_str; + char *ticket_sig_str; + char *ticket_str; char *dh_key_str; char *write_ptr; struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey; struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - identity_token_code_payload_serialize (identity_token_code->payload, - &code_payload_str); + GNUNET_IDENTITY_PROVIDER_ticket_payload_serialize (ticket->payload, + &code_payload_str); GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str, - &identity_token_code->aud_key, - &enc_token_code_payload, + &ticket->aud_key, + &enc_ticket_payload, &ecdhe_privkey, - &identity_token_code->ecdh_pubkey)); + &ticket->ecdh_pubkey)); GNUNET_free (ecdhe_privkey); @@ -577,44 +584,44 @@ identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + strlen (code_payload_str)); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE); + purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); write_ptr = (char*) &purpose[1]; memcpy (write_ptr, - &identity_token_code->ecdh_pubkey, + &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); - memcpy (write_ptr, enc_token_code_payload, strlen (code_payload_str)); + memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str)); GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key, purpose, - &identity_token_code->signature)); - GNUNET_STRINGS_base64_encode (enc_token_code_payload, + &ticket->signature)); + GNUNET_STRINGS_base64_encode (enc_ticket_payload, strlen (code_payload_str), - &token_code_payload_str); - token_code_sig_str = GNUNET_STRINGS_data_to_string_alloc (&identity_token_code->signature, - sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); + &ticket_payload_str); + ticket_sig_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->signature, + sizeof (struct GNUNET_CRYPTO_EcdsaSignature)); - dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&identity_token_code->ecdh_pubkey, + dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s to encrypt\n", dh_key_str); - GNUNET_asprintf (&token_code_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", - token_code_payload_str, dh_key_str, token_code_sig_str); - GNUNET_STRINGS_base64_encode (token_code_str, strlen (token_code_str), result); + GNUNET_asprintf (&ticket_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\", \"signature\": \"%s\"}", + ticket_payload_str, dh_key_str, ticket_sig_str); + GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result); GNUNET_free (dh_key_str); GNUNET_free (purpose); - GNUNET_free (token_code_str); - GNUNET_free (token_code_sig_str); + GNUNET_free (ticket_str); + GNUNET_free (ticket_sig_str); GNUNET_free (code_payload_str); - GNUNET_free (enc_token_code_payload); - GNUNET_free (token_code_payload_str); + GNUNET_free (enc_ticket_payload); + GNUNET_free (ticket_payload_str); return GNUNET_OK; } int -identity_token_code_payload_parse(const char *raw_data, - ssize_t data_len, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, - struct IdentityTokenCodePayload **result) +GNUNET_IDENTITY_PROVIDER_ticket_payload_parse(const char *raw_data, + ssize_t data_len, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + const struct GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey, + struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload **result) { const char* label_str; const char* nonce_str; @@ -690,9 +697,9 @@ identity_token_code_payload_parse(const char *raw_data, nonce_str = json_string_value (nonce_json); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str); - *result = identity_token_code_payload_create (nonce_str, - (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, - label_str); + *result = GNUNET_IDENTITY_PROVIDER_ticket_payload_create (nonce_str, + (const struct GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey, + label_str); GNUNET_free (meta_str); json_decref (root); return GNUNET_OK; @@ -700,9 +707,9 @@ identity_token_code_payload_parse(const char *raw_data, } int -identity_token_code_parse (const char *raw_data, - const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityTokenCode **result) +GNUNET_IDENTITY_PROVIDER_ticket_parse (const char *raw_data, + const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, + struct GNUNET_IDENTITY_PROVIDER_TokenTicket **result) { const char* enc_meta_str; const char* ecdh_enc_str; @@ -714,17 +721,17 @@ identity_token_code_parse (const char *raw_data, json_t *enc_meta_json; json_error_t err_json; char* enc_meta; - char* token_code_decoded; + char* ticket_decoded; char* write_ptr; size_t enc_meta_len; struct GNUNET_CRYPTO_EccSignaturePurpose *purpose; - struct IdentityTokenCode *token_code; - struct IdentityTokenCodePayload *token_code_payload; + struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket; + struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *ticket_payload; - token_code_decoded = NULL; - GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &token_code_decoded); - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Token Code: %s\n", token_code_decoded); - root = json_loads (token_code_decoded, JSON_DECODE_ANY, &err_json); + ticket_decoded = NULL; + GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &ticket_decoded); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Token Code: %s\n", ticket_decoded); + root = json_loads (ticket_decoded, JSON_DECODE_ANY, &err_json); if (!root) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, @@ -740,27 +747,27 @@ identity_token_code_parse (const char *raw_data, ecdh_enc_str = json_string_value (ecdh_json); enc_meta_str = json_string_value (enc_meta_json); - token_code = GNUNET_malloc (sizeof (struct IdentityTokenCode)); + ticket = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_TokenTicket)); if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str, strlen (ecdh_enc_str), - &token_code->ecdh_pubkey, + &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey))) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in metadata\n", ecdh_enc_str); json_decref (root); - GNUNET_free (token_code); + GNUNET_free (ticket); return GNUNET_SYSERR; } GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s for metadata decryption\n", ecdh_enc_str); if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str, strlen (signature_enc_str), - &token_code->signature, + &ticket->signature, sizeof (struct GNUNET_CRYPTO_EcdsaSignature))) { json_decref (root); - GNUNET_free (token_code_decoded); - GNUNET_free (token_code); + GNUNET_free (ticket_decoded); + GNUNET_free (ticket); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in metadata\n"); return GNUNET_SYSERR; } @@ -770,13 +777,13 @@ identity_token_code_parse (const char *raw_data, &enc_meta); - identity_token_code_payload_parse (enc_meta, - enc_meta_len, - priv_key, - (const struct GNUNET_CRYPTO_EcdhePublicKey*)&token_code->ecdh_pubkey, - &token_code_payload); + GNUNET_IDENTITY_PROVIDER_ticket_payload_parse (enc_meta, + enc_meta_len, + priv_key, + (const struct GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey, + &ticket_payload); - token_code->payload = token_code_payload; + ticket->payload = ticket_payload; //TODO: check signature here purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + @@ -786,30 +793,30 @@ identity_token_code_parse (const char *raw_data, htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) + enc_meta_len); - purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE); + purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET); write_ptr = (char*) &purpose[1]; - memcpy (write_ptr, &token_code->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); + memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)); write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey); memcpy (write_ptr, enc_meta, enc_meta_len); - if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE, + if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET, purpose, - &token_code->signature, - &token_code_payload->identity_key)) + &ticket->signature, + &ticket_payload->identity_key)) { - identity_token_code_destroy (token_code); - GNUNET_free (token_code_decoded); + GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket); + GNUNET_free (ticket_decoded); json_decref (root); GNUNET_free (purpose); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error verifying signature for token code\n"); return GNUNET_SYSERR; } - *result = token_code; + *result = ticket; GNUNET_free (purpose); GNUNET_free (enc_meta); - GNUNET_free (token_code_decoded); + GNUNET_free (ticket_decoded); json_decref (root); return GNUNET_OK; diff --git a/src/identity-token/identity-token.h b/src/identity-token/identity-token.h index 1520dcf6a..6e41a009d 100644 --- a/src/identity-token/identity-token.h +++ b/src/identity-token/identity-token.h @@ -1,13 +1,35 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors) -#ifndef GNUNET_IDENTITY_TOKEN_H -#define GNUNET_IDENTITY_TOKEN_H + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 3, or (at your + option) any later version. + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. + */ +/** + * @author Martin Schanzenbach + * @file include/gnunet_identity_provider_lib.h + * @brief GNUnet Identity Provider library + * + */ +#ifndef GNUNET_IDENTITY_PROVIDER_LIB_H +#define GNUNET_IDENTITY_PROVIDER_LIB_H #include "gnunet_crypto_lib.h" #include -struct IdentityToken +struct GNUNET_IDENTITY_PROVIDER_Token { /** * JSON header @@ -30,7 +52,7 @@ struct IdentityToken struct GNUNET_CRYPTO_EcdsaPublicKey aud_key; }; -struct IdentityTokenCodePayload +struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload { /** * Nonce @@ -49,12 +71,12 @@ struct IdentityTokenCodePayload }; -struct IdentityTokenCode +struct GNUNET_IDENTITY_PROVIDER_TokenTicket { /** * Meta info */ - struct IdentityTokenCodePayload *payload; + struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload; /** * ECDH Pubkey @@ -74,62 +96,174 @@ struct IdentityTokenCode -struct IdentityToken* -identity_token_create (const char* issuer, - const char* audience); +/** + * Create an identity token + * + * @param iss the issuer string for the token + * @param aud the audience of the token + * + * @return a new token + */ +struct GNUNET_IDENTITY_PROVIDER_Token* +GNUNET_IDENTITY_PROVIDER_token_create (const struct GNUNET_CRYPTO_EcdsaPublicKey *iss, + const struct GNUNET_CRYPTO_EcdsaPublicKey* aud); +/** + * Destroy an identity token + * + * @param token the token to destroy + */ void -identity_token_destroy (struct IdentityToken *token); +GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token *token); +/** + * Add a new key value pair to the token + * + * @param token the token to modify + * @param key the key + * @param value the value + */ void -identity_token_add_attr (const struct IdentityToken *token, - const char* key, - const char* value); +GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct GNUNET_IDENTITY_PROVIDER_Token *token, + const char* key, + const char* value); + +/** + * Add a new key value pair to the token with the value as json + * + * @param the token to modify + * @param key the key + * @param value the value + * + */ void -identity_token_add_json (const struct IdentityToken *token, +GNUNET_IDENTITY_PROVIDER_token_add_json (const struct GNUNET_IDENTITY_PROVIDER_Token *token, const char* key, json_t* value); +/** + * Serialize a token. The token will be signed and base64 according to the + * JWT format. The signature is base32-encoded ECDSA. + * The resulting JWT is encrypted using + * ECDHE for the audience and Base64 + * encoded in result. The audience requires the ECDHE public key P + * to decrypt the token T. The key P is included in the result and prepended + * before the token + * + * @param token the token to serialize + * @param priv_key the private key used to sign the token + * @param ecdhe_privkey the ECDHE private key used to encrypt the token + * @param result P,Base64(E(T)) + * + * @return GNUNET_OK on success + */ int -identity_token_serialize (const struct IdentityToken *token, +GNUNET_IDENTITY_PROVIDER_token_serialize (const struct GNUNET_IDENTITY_PROVIDER_Token *token, const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey, char **result); +/** + * Parses the serialized token and returns a token + * + * @param data the serialized token + * @param priv_key the private key of the audience + * @param result the token + * + * @return GNUNET_OK on success + */ int -identity_token_parse (const char* raw_data, +GNUNET_IDENTITY_PROVIDER_token_parse (const char* data, const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityToken **result); + struct GNUNET_IDENTITY_PROVIDER_Token **result); +/** + * Parses the serialized token and returns a token + * This variant is intended for the party that issued the token and also + * wants to decrypt the serialized token. + * + * @param data the serialized token + * @param priv_key the private (!) ECDHE key + * @param aud_key the identity of the audience + * @param result the token + * + * @return GNUNET_OK on success + */ int -identity_token_parse2 (const char* raw_data, +GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data, const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key, const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key, - struct IdentityToken **result); + struct GNUNET_IDENTITY_PROVIDER_Token **result); + +/** + * + * Returns a JWT-string representation of the token + * + * @param token the token + * @param priv_key the private key used to sign the JWT + * @param result the JWT + * + * @return GNUNET_OK on success + */ int -identity_token_to_string (const struct IdentityToken *token, +GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token, const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, char **result); -struct IdentityTokenCode* -identity_token_code_create (const char* nonce_str, - const struct GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey, +/** + * + * Creates a ticket that can be exchanged by the audience for + * the token. The token must be placed under the label + * + * @param nonce_str nonce provided by the audience that requested the ticket + * @param iss_pkey the issuer pubkey used to sign the ticket + * @param label the label encoded in the ticket + * @param aud_ley the audience pubkey used to encrypt the ticket payload + * + * @return the ticket + */ +struct GNUNET_IDENTITY_PROVIDER_TokenTicket* +GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str, + const struct GNUNET_CRYPTO_EcdsaPublicKey* iss_pkey, const char* lbl_str, const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key); +/** + * Serialize a ticket. Returns the Base64 representation of the ticket. + * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } ) + * + * @param ticket the ticket to serialize + * @param priv_key the issuer private key to sign the ticket payload + * @param result the serialized ticket + * + * @return GNUNET_OK on success + */ int -identity_token_code_serialize (struct IdentityTokenCode *identity_token_code, +GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket, const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, char **result); +/** + * Destroys a ticket + * + * @param the ticket to destroy + */ void -identity_token_code_destroy (struct IdentityTokenCode *token_code); - +GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket); +/** + * Parses a serialized ticket + * + * @param data the serialized ticket + * @param priv_key the audience private key + * @param ticket the ticket + * + * @return GNUNET_OK on success + */ int -identity_token_code_parse (const char* raw_data, +GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data, const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key, - struct IdentityTokenCode **result); + struct GNUNET_IDENTITY_PROVIDER_TokenTicket **ticket); #endif diff --git a/src/identity-token/plugin_rest_identity_token.c b/src/identity-token/plugin_rest_identity_token.c index 580d34ed0..d2c1b6c5d 100644 --- a/src/identity-token/plugin_rest_identity_token.c +++ b/src/identity-token/plugin_rest_identity_token.c @@ -34,7 +34,7 @@ #include "microhttpd.h" #include #include "gnunet_signatures.h" -#include "identity-token.h" +#include "gnunet_identity_provider_lib.h" /** * REST root namespace @@ -61,7 +61,7 @@ */ #define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize" -#define GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE "code" +#define GNUNET_REST_JSONAPI_IDENTITY_token_ticket "code" #define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE "authorization_code" @@ -290,12 +290,12 @@ struct RequestHandle /** * Identity Token */ - struct IdentityToken *token; + struct GNUNET_IDENTITY_PROVIDER_Token *token; /** * Identity Token Code */ - struct IdentityTokenCode *token_code; + struct GNUNET_IDENTITY_PROVIDER_TokenTicket *token_ticket; /** * Response object @@ -341,9 +341,9 @@ cleanup_handle (struct RequestHandle *handle) if (NULL != handle->attr_map) GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map); if (NULL != handle->token) - identity_token_destroy (handle->token); - if (NULL != handle->token_code) - identity_token_code_destroy (handle->token_code); + GNUNET_IDENTITY_PROVIDER_token_destroy (handle->token); + if (NULL != handle->token_ticket) + GNUNET_IDENTITY_PROVIDER_ticket_destroy (handle->token_ticket); if (NULL != handle->url) GNUNET_free (handle->url); if (NULL != handle->emsg) @@ -455,10 +455,10 @@ sign_and_return_token (void *cls, struct GNUNET_TIME_Relative etime_rel; json_t *token_str; json_t *name_str; - json_t *token_code_json; + json_t *token_ticket_json; char *lbl_str; char *exp_str; - char *token_code_str; + char *token_ticket_str; char *audience; char *nonce_str; char *enc_token_str; @@ -520,14 +520,14 @@ sign_and_return_token (void *cls, GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &pub_key); - handle->token_code = identity_token_code_create (nonce_str, + handle->token_ticket = GNUNET_IDENTITY_PROVIDER_ticket_create (nonce_str, &pub_key, lbl_str, &aud_pkey); - if (GNUNET_OK != identity_token_code_serialize (handle->token_code, + if (GNUNET_OK != GNUNET_IDENTITY_PROVIDER_ticket_serialize (handle->token_ticket, priv_key, - &token_code_str)) + &token_ticket_str)) { handle->emsg = GNUNET_strdup ("Unable to create ref token!\n"); GNUNET_SCHEDULER_add_now (&do_error, handle); @@ -563,11 +563,11 @@ sign_and_return_token (void *cls, exp_time = time + etime_rel.rel_value_us; //json_object_set_new (handle->payload, "lbl", json_string (lbl_str)); - identity_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); - identity_token_add_json (handle->token, "nbf", json_integer (time)); - identity_token_add_json (handle->token, "iat", json_integer (time)); - identity_token_add_json (handle->token, "exp", json_integer (exp_time)); - identity_token_add_attr (handle->token, "nonce", nonce_str); + GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "sub", handle->ego_entry->identifier); + GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "nbf", json_integer (time)); + GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "iat", json_integer (time)); + GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "exp", json_integer (exp_time)); + GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "nonce", nonce_str); handle->resp_object = GNUNET_REST_jsonapi_object_new (); @@ -583,18 +583,18 @@ sign_and_return_token (void *cls, GNUNET_REST_jsonapi_resource_add_attr (json_resource, GNUNET_REST_JSONAPI_IDENTITY_TOKEN, token_str); - token_code_json = json_string (token_code_str); + token_ticket_json = json_string (token_ticket_str); GNUNET_REST_jsonapi_resource_add_attr (json_resource, - GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, - token_code_json); - GNUNET_free (token_code_str); - json_decref (token_code_json); + GNUNET_REST_JSONAPI_IDENTITY_token_ticket, + token_ticket_json); + GNUNET_free (token_ticket_str); + json_decref (token_ticket_json); GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource); //Token in a serialized encrypted format - GNUNET_assert (identity_token_serialize (handle->token, - priv_key, - &ecdhe_privkey, - &enc_token_str)); + GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (handle->token, + priv_key, + &ecdhe_privkey, + &enc_token_str)); //Token record E,E_K (Token) token_record[0].data = enc_token_str; @@ -703,7 +703,7 @@ attr_collect (void *cls, rd->data, rd->data_size); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data); - identity_token_add_attr (handle->token, label, data); + GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, label, data); GNUNET_free (data); } GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); @@ -727,7 +727,7 @@ attr_collect (void *cls, if (0 < json_array_size (attr_arr)) { - identity_token_add_json (handle->token, label, attr_arr); + GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, label, attr_arr); } json_decref (attr_arr); GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it); @@ -754,6 +754,8 @@ issue_token_cont (struct RestConnectionDataHandle *con, struct GNUNET_HashCode key; struct MHD_Response *resp; const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key; + struct GNUNET_CRYPTO_EcdsaPublicKey pub_key; + struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key; if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url, GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE)) @@ -820,13 +822,20 @@ issue_token_cont (struct RestConnectionDataHandle *con, &key); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n", audience); - handle->token = identity_token_create (ego_entry->keystring, - audience); + priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); + GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, + &pub_key); + GNUNET_STRINGS_string_to_data (audience, + strlen (audience), + &aud_key, + sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)); + handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key, + aud_key); + GNUNET_free (aud_key); //Get identity attributes handle->ns_handle = GNUNET_NAMESTORE_connect (cfg); - priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego); handle->ego_entry = ego_entry; handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle, priv_key, @@ -1033,14 +1042,14 @@ process_lookup_result (void *cls, uint32_t rd_count, rd->data_size); //Decrypt and parse - GNUNET_assert (GNUNET_OK == identity_token_parse (record_str, - handle->priv_key, - &handle->token)); + GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_parse (record_str, + handle->priv_key, + &handle->token)); //Readable - GNUNET_assert (GNUNET_OK == identity_token_to_string (handle->token, - handle->priv_key, - &token_str)); + GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (handle->token, + handle->priv_key, + &token_str)); json_object_set_new (root, "access_token", json_string (token_str)); json_object_set_new (root, "token_type", json_string ("gnuid")); @@ -1058,7 +1067,7 @@ process_lookup_result (void *cls, uint32_t rd_count, static void -exchange_token_code_cb (void *cls, +exchange_token_ticket_cb (void *cls, struct GNUNET_IDENTITY_Ego *ego, void **ctx, const char *name) @@ -1077,8 +1086,8 @@ exchange_token_code_cb (void *cls, return; } - GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE, - strlen (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE), + GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_token_ticket, + strlen (GNUNET_REST_JSONAPI_IDENTITY_token_ticket), &key); if ( GNUNET_NO == @@ -1094,21 +1103,21 @@ exchange_token_code_cb (void *cls, handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego); - if (GNUNET_SYSERR == identity_token_code_parse (code, - handle->priv_key, - &handle->token_code)) + if (GNUNET_SYSERR == GNUNET_IDENTITY_PROVIDER_ticket_parse (code, + handle->priv_key, + &handle->token_ticket)) { handle->emsg = GNUNET_strdup ("Error extracting values from token code."); GNUNET_SCHEDULER_add_now (&do_error, handle); return; } GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n", - handle->token_code->payload->label); + handle->token_ticket->payload->label); handle->gns_handle = GNUNET_GNS_connect (cfg); - GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_code->payload->label); + GNUNET_asprintf (&lookup_query, "%s.gnu", handle->token_ticket->payload->label); handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle, lookup_query, - &handle->token_code->payload->identity_key, + &handle->token_ticket->payload->identity_key, GNUNET_GNSRECORD_TYPE_ID_TOKEN, GNUNET_GNS_LO_LOCAL_MASTER, NULL, @@ -1125,7 +1134,7 @@ exchange_token_code_cb (void *cls, * @param cls the RequestHandle */ static void -exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, +exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle, const char* url, void *cls) { @@ -1149,7 +1158,7 @@ exchange_token_code_cont (struct RestConnectionDataHandle *con_handle, //Get token from GNS handle->op = GNUNET_IDENTITY_get (handle->identity_handle, "gns-master", - &exchange_token_code_cb, + &exchange_token_ticket_cb, handle); } @@ -1194,7 +1203,7 @@ init_cont (struct RequestHandle *handle) //{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK, &check_token_cont}, {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont}, {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN, &options_cont}, - {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_code_cont}, + {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN, &exchange_token_ticket_cont}, GNUNET_REST_HANDLER_END }; -- cgit v1.2.3