From 7a6a665cea13854c28384fd4e51da0f10b4933cc Mon Sep 17 00:00:00 2001 From: "Schanzenbach, Martin" Date: Thu, 15 Dec 2016 13:36:40 +0100 Subject: -fix rest; prelim test; --- src/credential/credential_api.c | 1 + src/credential/plugin_rest_credential.c | 31 +++++++--- src/credential/test_credential_lookup.conf | 3 + src/credential/test_credential_verify_rest.sh | 84 +++++++++++++++++++++++++++ 4 files changed, 111 insertions(+), 8 deletions(-) create mode 100755 src/credential/test_credential_verify_rest.sh (limited to 'src/credential') diff --git a/src/credential/credential_api.c b/src/credential/credential_api.c index 860504e61..d9e01c1d3 100644 --- a/src/credential/credential_api.c +++ b/src/credential/credential_api.c @@ -234,6 +234,7 @@ handle_result (void *cls, GNUNET_CONTAINER_DLL_remove (handle->verify_head, handle->verify_tail, vr); + GNUNET_MQ_discard (vr->env); GNUNET_free (vr); GNUNET_assert (GNUNET_OK == GNUNET_CREDENTIAL_delegation_chain_deserialize (mlen, diff --git a/src/credential/plugin_rest_credential.c b/src/credential/plugin_rest_credential.c index f6e4fc5a8..11e6fb276 100644 --- a/src/credential/plugin_rest_credential.c +++ b/src/credential/plugin_rest_credential.c @@ -193,12 +193,14 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch json_t *attr_obj; issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->issuer_key); + if (NULL == issuer) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Issuer in delegation malformed\n"); return NULL; } subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&delegation_chain_entry->subject_key); + if (NULL == subject) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Subject in credential malformed\n"); @@ -207,16 +209,17 @@ attribute_delegation_to_json (struct GNUNET_CREDENTIAL_Delegation *delegation_ch } attr_obj = json_object (); - json_object_set_new (attr_obj, "subject", json_string (subject)); - json_object_set_new (attr_obj, "issuer", json_string (issuer)); + json_object_set_new (attr_obj, "issuer", json_string (issuer)); json_object_set_new (attr_obj, "issuer_attribute", json_string (delegation_chain_entry->issuer_attribute)); + json_object_set_new (attr_obj, "subject", json_string (subject)); if (0 < delegation_chain_entry->subject_attribute_len) { json_object_set_new (attr_obj, "subject_attribute", json_string (delegation_chain_entry->subject_attribute)); } + GNUNET_free (issuer); GNUNET_free (subject); return attr_obj; } @@ -286,6 +289,8 @@ handle_verify_response (void *cls, json_t *cred_array; json_t *attr_array; char *result; + char *issuer; + char *id; uint32_t i; handle->verify_request = NULL; @@ -296,23 +301,33 @@ handle_verify_response (void *cls, GNUNET_SCHEDULER_add_now (&do_error, handle); return; } + issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->issuer_key); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Issuer in delegation malformed\n"); + return; + } + GNUNET_asprintf (&id, + "%s.%s", + issuer, + handle->issuer_attr); + GNUNET_free (issuer); json_document = GNUNET_JSONAPI_document_new (); json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO, - handle->issuer_attr); - cred_obj = credential_to_json (cred); + id); + GNUNET_free (id); attr_array = json_array (); for (i = 0; i < d_count; i++) { attr_obj = attribute_delegation_to_json (&delegation_chain[i]); - json_array_append (attr_array, attr_obj); - json_decref (attr_obj); + json_array_append_new (attr_array, attr_obj); } cred_array = json_array (); for (i=0;i /dev/null +if test $? != 0 +then + echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX" + exit 77 +fi + +rm -rf `gnunet-config -c test_credential_lookup.conf -s PATHS -o GNUNET_HOME -f` + +# (1) Service.user -> GNU.project.member +# (2) GNU.project -> GNUnet +# (3) GNUnet.member -> GNUnet.developer +# (4) GNUnet.member -> GNUnet.user +# (5) GNUnet.developer -> Alice + + +which timeout &> /dev/null && DO_TIMEOUT="timeout 30" +gnunet-arm -s -c test_credential_lookup.conf +gnunet-identity -C service -c test_credential_lookup.conf +gnunet-identity -C alice -c test_credential_lookup.conf +gnunet-identity -C gnu -c test_credential_lookup.conf +gnunet-identity -C gnunet -c test_credential_lookup.conf + +GNU_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnu | grep -v gnunet | awk '{print $3}') +ALICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep alice | awk '{print $3}') +GNUNET_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep gnunet | awk '{print $3}') +SERVICE_KEY=$(gnunet-identity -d -c test_credential_lookup.conf | grep service | awk '{print $3}') + +USER_ATTR="user" +GNU_PROJECT_ATTR="project" +MEMBER_ATTR="member" +DEVELOPER_ATTR="developer" +DEV_ATTR="developer" +TEST_CREDENTIAL="mygnunetcreds" + +# (1) A service assigns the attribute "user" to all entities that have been assigned "member" by entities that werde assigned "project" from GNU +gnunet-namestore -p -z service -a -n $USER_ATTR -t ATTR -V "$GNU_KEY $GNU_PROJECT_ATTR.$MEMBER_ATTR" -e 5m -c test_credential_lookup.conf + +# (2) GNU recognized GNUnet as a GNU project and delegates the "project" attribute +gnunet-namestore -p -z gnu -a -n $GNU_PROJECT_ATTR -t ATTR -V "$GNUNET_KEY" -e 5m -c test_credential_lookup.conf + +# (3+4) GNUnet assigns the attribute "member" to all entities gnunet has also assigned "developer" or "user" +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $DEVELOPER_ATTR" -e 5m -c test_credential_lookup.conf +gnunet-namestore -p -z gnunet -a -n $MEMBER_ATTR -t ATTR -V "$GNUNET_KEY $USER_ATTR" -e 5m -c test_credential_lookup.conf + +# (5) GNUnet issues Alice the credential "developer" +CRED=`$DO_TIMEOUT gnunet-credential --issue --ego=gnunet --subject=$ALICE_KEY --attribute=$DEV_ATTR --ttl=5m -c test_credential_lookup.conf` + +# Alice stores the credential under "mygnunetcreds" +gnunet-namestore -p -z alice -a -n $TEST_CREDENTIAL -t CRED -V "$CRED" -e 5m -c test_credential_lookup.conf + +#TODO2 Add -z swich like in gnunet-gns +RES_CRED=`gnunet-credential --verify --issuer=$SERVICE_KEY --attribute=$USER_ATTR --subject=$ALICE_KEY --credential=$TEST_CREDENTIAL -c test_credential_lookup.conf` + +gnunet-arm -i rest -c test_credential_lookup.conf + +sleep 5 + +echo "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" +curl -v "localhost:7776/credential?attribute=$SERVICE_KEY.$USER_ATTR&credential=$ALICE_KEY.$TEST_CREDENTIAL" + +#TODO cleanup properly +gnunet-namestore -z alice -d -n $TEST_CREDENTIAL -t CRED -e never -c test_credential_lookup.conf +gnunet-namestore -z gnu -d -n $GNU_PROJECT_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z gnunet -d -n $MEMBER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-namestore -z service -d -n $USER_ATTR -t ATTR -c test_credential_lookup.conf +gnunet-arm -e -c test_credential_lookup.conf + +if [ "$RES_CRED" != "Failed." ] +then + echo -e "${RES_CRED}" + exit 0 +else + echo "FAIL: Failed to verify credential $RES_CRED." + exit 1 +fi -- cgit v1.2.3