From 3cd24823660a0447e590ff352e9da7eb076b292b Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Mon, 22 Feb 2021 10:16:16 +0100 Subject: RECLAIM: Added libpabc credential support. --- src/reclaim/Makefile.am | 40 ++ src/reclaim/json_reclaim.c | 16 +- src/reclaim/pabc_helper.c | 364 +++++++++++++++ src/reclaim/pabc_helper.h | 41 ++ src/reclaim/plugin_reclaim_credential_jwt.c | 32 +- src/reclaim/plugin_reclaim_credential_pabc.c | 639 +++++++++++++++++++++++++ src/reclaim/plugin_rest_pabc.c | 666 +++++++++++++++++++++++++++ src/reclaim/reclaim_credential.c | 1 - 8 files changed, 1780 insertions(+), 19 deletions(-) create mode 100644 src/reclaim/pabc_helper.c create mode 100644 src/reclaim/pabc_helper.h create mode 100644 src/reclaim/plugin_reclaim_credential_pabc.c create mode 100644 src/reclaim/plugin_rest_pabc.c (limited to 'src') diff --git a/src/reclaim/Makefile.am b/src/reclaim/Makefile.am index 9463f19d9..1a0b7fae4 100644 --- a/src/reclaim/Makefile.am +++ b/src/reclaim/Makefile.am @@ -16,6 +16,11 @@ REST_PLUGIN = \ CREDENTIAL_PLUGIN = \ libgnunet_plugin_reclaim_credential_jwt.la +if HAVE_PABC + CREDENTIAL_PLUGIN += libgnunet_plugin_reclaim_credential_pabc.la + REST_PLUGIN += libgnunet_plugin_rest_pabc.la +endif + EXTRA_DIST = \ reclaim.conf \ test_reclaim_defaults.conf \ @@ -87,6 +92,26 @@ libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) libgnunet_plugin_rest_openid_connect_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) +if HAVE_PABC +libgnunet_plugin_rest_pabc_la_SOURCES = \ + plugin_rest_pabc.c \ + pabc_helper.c +libgnunet_plugin_rest_pabc_la_LIBADD = \ + libgnunetreclaim.la \ + $(top_builddir)/src/json/libgnunetjson.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \ + $(LTLIBINTL) -ljansson -lpabc $(MHD_LIBS) +libgnunet_plugin_rest_pabc_la_DEPENDENCIES = \ + libgnunetreclaim.la \ + $(top_builddir)/src/json/libgnunetjson.la \ + $(top_builddir)/src/rest/libgnunetrest.la \ + $(top_builddir)/src/util/libgnunetutil.la +libgnunet_plugin_rest_pabc_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) +libgnunet_plugin_rest_pabc_la_CFLAGS = $(MHD_CFLAGS) $(AM_CFLAGS) +endif + libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \ plugin_gnsrecord_reclaim.c @@ -134,6 +159,21 @@ libgnunet_plugin_reclaim_attribute_basic_la_LIBADD = \ libgnunet_plugin_reclaim_attribute_basic_la_LDFLAGS = \ $(GN_PLUGIN_LDFLAGS) +if HAVE_PABC +libgnunet_plugin_reclaim_credential_pabc_la_SOURCES = \ + plugin_reclaim_credential_pabc.c \ + pabc_helper.c +libgnunet_plugin_reclaim_credential_pabc_la_LIBADD = \ + $(top_builddir)/src/util/libgnunetutil.la \ + libgnunetreclaim.la \ + -ljansson\ + -lpabc \ + $(LTLIBINTL) +libgnunet_plugin_reclaim_credential_pabc_la_LDFLAGS = \ + $(GN_PLUGIN_LDFLAGS) +endif + + libgnunet_plugin_reclaim_credential_jwt_la_SOURCES = \ plugin_reclaim_credential_jwt.c libgnunet_plugin_reclaim_credential_jwt_la_LIBADD = \ diff --git a/src/reclaim/json_reclaim.c b/src/reclaim/json_reclaim.c index 4eeb22bee..b1ca7a4a5 100644 --- a/src/reclaim/json_reclaim.c +++ b/src/reclaim/json_reclaim.c @@ -290,10 +290,11 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe { struct GNUNET_RECLAIM_Credential *cred; const char *name_str = NULL; - const char *val_str = NULL; const char *type_str = NULL; const char *id_str = NULL; - char *data; + json_t *val_json; + char *data = NULL; + char *val_str = NULL; int unpack_state; uint32_t type; size_t data_size; @@ -308,7 +309,7 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe } // interpret single attribute unpack_state = json_unpack (root, - "{s:s, s?s, s:s, s:s!}", + "{s:s, s?s, s:s, s:o!}", "name", &name_str, "id", @@ -316,14 +317,19 @@ parse_credential (void *cls, json_t *root, struct GNUNET_JSON_Specification *spe "type", &type_str, "value", - &val_str); - if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_str) || + &val_json); + if ((0 != unpack_state) || (NULL == name_str) || (NULL == val_json) || (NULL == type_str)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error json object has a wrong format!\n"); return GNUNET_SYSERR; } + if (json_is_string (val_json)) { + val_str = GNUNET_strdup (json_string_value (val_json)); + } else { + val_str = json_dumps (val_json, JSON_COMPACT); + } type = GNUNET_RECLAIM_credential_typename_to_number (type_str); if (GNUNET_SYSERR == (GNUNET_RECLAIM_credential_string_to_value (type, diff --git a/src/reclaim/pabc_helper.c b/src/reclaim/pabc_helper.c new file mode 100644 index 000000000..1b1dbea0f --- /dev/null +++ b/src/reclaim/pabc_helper.c @@ -0,0 +1,364 @@ +// maximilian.kaul@aisec.fraunhofer.de + +// WIP implementation of +// https://github.com/ontio/ontology-crypto/wiki/Anonymous-Credential +// using the relic library https://github.com/relic-toolkit/relic/ + +#include "pabc_helper.h" +#include +#include +#include + +static char pabc_dir[PATH_MAX + 1]; + +static const char * +get_homedir () +{ + const char *homedir; + if ((homedir = getenv ("HOME")) == NULL) + { + homedir = getpwuid (getuid ())->pw_dir; + } + return homedir; +} + + +static enum GNUNET_GenericReturnValue +write_file (char const *const filename, const char *buffer) +{ + struct GNUNET_DISK_FileHandle *fh; + fh = GNUNET_DISK_file_open (filename, + GNUNET_DISK_OPEN_WRITE + | GNUNET_DISK_OPEN_TRUNCATE + | GNUNET_DISK_OPEN_CREATE, + GNUNET_DISK_PERM_USER_WRITE + | GNUNET_DISK_PERM_USER_READ); + if (fh == NULL) + return GNUNET_SYSERR; + if (GNUNET_SYSERR == GNUNET_DISK_file_write (fh, + buffer, strlen (buffer) + 1)) + goto fail; + GNUNET_DISK_file_close (fh); + return GNUNET_OK; + +fail: + GNUNET_DISK_file_close (fh); + return GNUNET_SYSERR; +} + + +static enum GNUNET_GenericReturnValue +init_pabc_dir () +{ + size_t filename_size = strlen (get_homedir ()) + 1 + strlen (".local") + 1 + + strlen ("pabc-reclaim") + 1; + snprintf (pabc_dir, filename_size, "%s/%s/%s", + get_homedir (), ".local", "pabc-reclaim"); + return GNUNET_DISK_directory_create (pabc_dir); +} + + +static const char * +get_pabcdir () +{ + init_pabc_dir (); + return pabc_dir; +} + + +enum GNUNET_GenericReturnValue +read_file (char const *const filename, char **buffer) +{ + struct GNUNET_DISK_FileHandle *fh; + if (GNUNET_YES != GNUNET_DISK_file_test (filename)) + return GNUNET_SYSERR; + + fh = GNUNET_DISK_file_open (filename, + GNUNET_DISK_OPEN_READ, + GNUNET_DISK_PERM_USER_READ); + if (fh == NULL) + return GNUNET_SYSERR; + long lSize = GNUNET_DISK_file_seek (fh, 0, GNUNET_DISK_SEEK_END); + if (lSize < 0) + goto fail; + GNUNET_DISK_file_seek (fh, 0, GNUNET_DISK_SEEK_SET); + *buffer = calloc ((size_t) lSize + 1, sizeof(char)); + if (*buffer == NULL) + goto fail; + + // copy the file into the buffer: + size_t r = GNUNET_DISK_file_read (fh, *buffer, (size_t) lSize); + if (r != (size_t) lSize) + goto fail; + + GNUNET_DISK_file_close (fh); + return GNUNET_OK; + +fail: + GNUNET_DISK_file_close (fh); + return GNUNET_SYSERR; +} + + +struct pabc_public_parameters * +PABC_read_issuer_ppfile (const char *f, struct pabc_context *const ctx) +{ + if (NULL == ctx) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No global context provided\n"); + return NULL; + } + struct pabc_public_parameters *pp; + char *buffer; + int r; + r = read_file (f, &buffer); + if (GNUNET_OK != r) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error reading file\n"); + return NULL; + } + if (PABC_OK != pabc_decode_and_new_public_parameters (ctx, &pp, buffer)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to decode public parameters\n"); + PABC_FREE_NULL (buffer); + return NULL; + } + PABC_FREE_NULL (buffer); + return pp; +} + + +enum GNUNET_GenericReturnValue +PABC_load_public_parameters (struct pabc_context *const ctx, + char const *const pp_name, + struct pabc_public_parameters **pp) +{ + char fname[PATH_MAX]; + char *pp_filename; + const char *pdir = get_pabcdir (); + + if (ctx == NULL) + return GNUNET_SYSERR; + if (pp_name == NULL) + return GNUNET_SYSERR; + + GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); + if (GNUNET_YES != GNUNET_DISK_directory_test (pdir, GNUNET_YES)) + { + GNUNET_free (pp_filename); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error reading %s\n", pdir); + return GNUNET_SYSERR; + } + snprintf (fname, PATH_MAX, "%s/%s%s", pdir, pp_filename, PABC_PP_EXT); + if (GNUNET_YES != GNUNET_DISK_file_test (fname)) + { + GNUNET_free (pp_filename); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error testing %s\n", fname); + return GNUNET_SYSERR; + } + *pp = PABC_read_issuer_ppfile (fname, ctx); + if (*pp) + return GNUNET_OK; + else + return GNUNET_SYSERR; +} + + +enum GNUNET_GenericReturnValue +PABC_write_public_parameters (char const *const pp_name, + struct pabc_public_parameters *const pp) +{ + char *json; + char *filename; + char *pp_filename; + enum pabc_status status; + struct pabc_context *ctx = NULL; + + GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); + PABC_ASSERT (pabc_new_ctx (&ctx)); + // store in json file + status = pabc_encode_public_parameters (ctx, pp, &json); + if (status != PABC_OK) + { + GNUNET_free (pp_filename); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to encode public parameters.\n"); + pabc_free_ctx (&ctx); + return GNUNET_SYSERR; + } + + size_t filename_size = + strlen (get_pabcdir ()) + 1 + strlen (pp_filename) + strlen (PABC_PP_EXT) + + 1; + filename = GNUNET_malloc (filename_size); + if (! filename) + { + GNUNET_free (pp_filename); + PABC_FREE_NULL (json); + pabc_free_ctx (&ctx); + return GNUNET_SYSERR; + } + snprintf (filename, filename_size, "%s/%s%s", get_pabcdir (), pp_filename, + PABC_PP_EXT); + + GNUNET_free (pp_filename); + if (GNUNET_OK != write_file (filename, json)) + { + PABC_FREE_NULL (filename); + PABC_FREE_NULL (json); + pabc_free_ctx (&ctx); + return GNUNET_SYSERR; + } + PABC_FREE_NULL (filename); + PABC_FREE_NULL (json); + pabc_free_ctx (&ctx); + return GNUNET_OK; +} + + +enum GNUNET_GenericReturnValue +PABC_write_usr_ctx (char const *const usr_name, + char const *const pp_name, + struct pabc_context const *const ctx, + struct pabc_public_parameters const *const pp, + struct pabc_user_context *const usr_ctx) +{ + + char *pp_filename; + char *json = NULL; + enum pabc_status status; + char *fname = NULL; + + if (NULL == usr_name) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer given.\n"); + return GNUNET_SYSERR; + } + if (NULL == pp_name) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user given.\n"); + return GNUNET_SYSERR; + } + if (NULL == ctx) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No context given.\n"); + return GNUNET_SYSERR; + } + if (NULL == pp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No public parameters given.\n"); + return GNUNET_SYSERR; + } + if (NULL == usr_ctx) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n"); + return GNUNET_SYSERR; + } + + GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); + status = pabc_encode_user_ctx (ctx, pp, usr_ctx, &json); + if (PABC_OK != status) + { + GNUNET_free (pp_filename); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to encode user context.\n"); + return status; + } + + size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1 + + strlen (pp_filename) + strlen (PABC_USR_EXT) + 1; + fname = GNUNET_malloc (fname_size); + + snprintf (fname, fname_size, "%s/%s_%s%s", get_pabcdir (), usr_name, + pp_filename, + PABC_USR_EXT); + + GNUNET_free (pp_filename); + if (GNUNET_OK == write_file (fname, json)) + { + GNUNET_free (fname); + GNUNET_free (json); + return GNUNET_OK; + } + else + { + GNUNET_free (fname); + GNUNET_free (json); + return GNUNET_SYSERR; + } +} + + +enum GNUNET_GenericReturnValue +PABC_read_usr_ctx (char const *const usr_name, + char const *const pp_name, + struct pabc_context const *const ctx, + struct pabc_public_parameters const *const pp, + struct pabc_user_context **usr_ctx) +{ + char *json = NULL; + char *pp_filename; + enum pabc_status status; + + char *fname = NULL; + + if (NULL == usr_name) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No issuer given.\n"); + return GNUNET_SYSERR; + } + if (NULL == pp_name) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user given.\n"); + return GNUNET_SYSERR; + } + if (NULL == ctx) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No context given.\n"); + return GNUNET_SYSERR; + } + if (NULL == pp) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No public parameters given.\n"); + return GNUNET_SYSERR; + } + if (NULL == usr_ctx) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No user context given.\n"); + return GNUNET_SYSERR; + } + GNUNET_STRINGS_urlencode (pp_name, strlen (pp_name), &pp_filename); + + size_t fname_size = strlen (get_pabcdir ()) + 1 + strlen (usr_name) + 1 + + strlen (pp_filename) + strlen (PABC_USR_EXT) + 1; + fname = GNUNET_malloc (fname_size); + snprintf (fname, fname_size, "%s/%s_%s%s", get_pabcdir (), usr_name, + pp_filename, + PABC_USR_EXT); + GNUNET_free (pp_filename); + if (GNUNET_OK != read_file (fname, &json)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to read `%s'\n", fname); + PABC_FREE_NULL (fname); + return GNUNET_SYSERR; + } + GNUNET_free (fname); + + status = pabc_new_user_context (ctx, pp, usr_ctx); + if (PABC_OK != status) + { + GNUNET_free (json); + return GNUNET_SYSERR; + } + status = pabc_decode_user_ctx (ctx, pp, *usr_ctx, json); + GNUNET_free (json); + if (PABC_OK != status) + { + pabc_free_user_context (ctx, pp, usr_ctx); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to encode user context.\n"); + return GNUNET_SYSERR; + } + + return GNUNET_OK; +} diff --git a/src/reclaim/pabc_helper.h b/src/reclaim/pabc_helper.h new file mode 100644 index 000000000..045ad5dda --- /dev/null +++ b/src/reclaim/pabc_helper.h @@ -0,0 +1,41 @@ +#include "platform.h" +#include "gnunet_util_lib.h" +#include + +#ifndef PATH_MAX +#define PATH_MAX 4096 +#endif + +#define PABC_ISK_EXT ".isk" + +#define PABC_PP_EXT ".pp" + +#define PABC_USR_EXT ".usr" + +#define PABC_ATTR_DELIM "=" + +enum GNUNET_GenericReturnValue +PABC_write_public_parameters (char const *const pp_name, + struct pabc_public_parameters *const pp); + + +enum GNUNET_GenericReturnValue +PABC_load_public_parameters (struct pabc_context *const ctx, + char const *const pp_name, + struct pabc_public_parameters **pp); + +enum GNUNET_GenericReturnValue +PABC_write_usr_ctx (char const *const user_name, + char const *const pp_name, + struct pabc_context const *const ctx, + struct pabc_public_parameters const *const + pp, + struct pabc_user_context *const usr_ctx); + +enum GNUNET_GenericReturnValue +PABC_read_usr_ctx (char const *const user_name, + char const *const pp_name, + struct pabc_context const *const ctx, + struct pabc_public_parameters const *const + pp, + struct pabc_user_context **usr_ctx); diff --git a/src/reclaim/plugin_reclaim_credential_jwt.c b/src/reclaim/plugin_reclaim_credential_jwt.c index aac0a6ea5..e5dc90363 100644 --- a/src/reclaim/plugin_reclaim_credential_jwt.c +++ b/src/reclaim/plugin_reclaim_credential_jwt.c @@ -158,11 +158,10 @@ jwt_parse_attributes (void *cls, struct GNUNET_RECLAIM_AttributeList *attrs; char delim[] = "."; char *val_str = NULL; - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); char *decoded_jwt; char *tmp; json_t *json_val; - json_error_t *json_err = NULL; + json_error_t json_err; attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); @@ -173,7 +172,7 @@ jwt_parse_attributes (void *cls, (void **) &decoded_jwt); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded JWT: %s\n", decoded_jwt); GNUNET_assert (NULL != decoded_jwt); - json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); + json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); GNUNET_free (decoded_jwt); const char *key; const char *addr_key; @@ -252,6 +251,8 @@ struct GNUNET_RECLAIM_AttributeList * jwt_parse_attributes_c (void *cls, const struct GNUNET_RECLAIM_Credential *cred) { + if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) + return NULL; return jwt_parse_attributes (cls, cred->data, cred->data_size); } @@ -267,6 +268,8 @@ struct GNUNET_RECLAIM_AttributeList * jwt_parse_attributes_p (void *cls, const struct GNUNET_RECLAIM_Presentation *cred) { + if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT) + return NULL; return jwt_parse_attributes (cls, cred->data, cred->data_size); } @@ -291,14 +294,14 @@ jwt_get_issuer (void *cls, json_t *issuer_json; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); json_t *json_val; - json_error_t *json_err = NULL; + json_error_t json_err; jwt_string = GNUNET_strndup (data, data_size); jwt_body = strtok (jwt_string, delim); jwt_body = strtok (NULL, delim); GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), (void **) &decoded_jwt); - json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); + json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); GNUNET_free (decoded_jwt); GNUNET_free (jwt_string); if (NULL == json_val) @@ -355,7 +358,7 @@ jwt_get_issuer_p (void *cls, * @param cred the jwt credential * @return a string, containing the isser */ -int +enum GNUNET_GenericReturnValue jwt_get_expiration (void *cls, const char *data, size_t data_size, @@ -368,14 +371,14 @@ jwt_get_expiration (void *cls, json_t *exp_json; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Parsing JWT attributes.\n"); json_t *json_val; - json_error_t *json_err = NULL; + json_error_t json_err; jwt_string = GNUNET_strndup (data, data_size); jwt_body = strtok (jwt_string, delim); jwt_body = strtok (NULL, delim); GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), (void **) &decoded_jwt); - json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, json_err); + json_val = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); GNUNET_free (decoded_jwt); GNUNET_free (jwt_string); if (NULL == json_val) @@ -396,13 +399,15 @@ jwt_get_expiration (void *cls, * * @param cls the plugin * @param cred the jwt credential - * @return a string, containing the isser + * @return the expirati */ -int +enum GNUNET_GenericReturnValue jwt_get_expiration_c (void *cls, const struct GNUNET_RECLAIM_Credential *cred, struct GNUNET_TIME_Absolute *exp) { + if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) + return GNUNET_NO; return jwt_get_expiration (cls, cred->data, cred->data_size, exp); } @@ -414,22 +419,23 @@ jwt_get_expiration_c (void *cls, * @param cred the jwt credential * @return a string, containing the isser */ -int +enum GNUNET_GenericReturnValue jwt_get_expiration_p (void *cls, const struct GNUNET_RECLAIM_Presentation *cred, struct GNUNET_TIME_Absolute *exp) { + if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) + return GNUNET_NO; return jwt_get_expiration (cls, cred->data, cred->data_size, exp); } -int +enum GNUNET_GenericReturnValue jwt_create_presentation (void *cls, const struct GNUNET_RECLAIM_Credential *cred, const struct GNUNET_RECLAIM_AttributeList *attrs, struct GNUNET_RECLAIM_Presentation **pres) { - // FIXME sanity checks?? if (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT != cred->type) return GNUNET_NO; *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_JWT, diff --git a/src/reclaim/plugin_reclaim_credential_pabc.c b/src/reclaim/plugin_reclaim_credential_pabc.c new file mode 100644 index 000000000..2f6b7b8c4 --- /dev/null +++ b/src/reclaim/plugin_reclaim_credential_pabc.c @@ -0,0 +1,639 @@ +/* + This file is part of GNUnet + Copyright (C) 2013, 2014, 2016 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + + SPDX-License-Identifier: AGPL3.0-or-later + */ + +/** + * @file reclaim/plugin_reclaim_credential_pabc.c + * @brief reclaim-credential-plugin-pabc attribute plugin to provide the API for + * pabc credentials. + * + * @author Martin Schanzenbach + */ +#include "platform.h" +#include "gnunet_util_lib.h" +#include "gnunet_reclaim_plugin.h" +#include +#include +#include +#include "pabc_helper.h" + +/** + * Convert the 'value' of an credential to a string. + * + * @param cls closure, unused + * @param type type of the credential + * @param data value in binary encoding + * @param data_size number of bytes in @a data + * @return NULL on error, otherwise human-readable representation of the value + */ +static char * +pabc_value_to_string (void *cls, + uint32_t type, + const void *data, + size_t data_size) +{ + switch (type) + { + case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC: + return GNUNET_strndup (data, data_size); + + default: + return NULL; + } +} + + +/** + * Convert human-readable version of a 'value' of an credential to the binary + * representation. + * + * @param cls closure, unused + * @param type type of the credential + * @param s human-readable string + * @param data set to value in binary encoding (will be allocated) + * @param data_size set to number of bytes in @a data + * @return #GNUNET_OK on success + */ +static int +pabc_string_to_value (void *cls, + uint32_t type, + const char *s, + void **data, + size_t *data_size) +{ + if (NULL == s) + return GNUNET_SYSERR; + switch (type) + { + case GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC: + *data = GNUNET_strdup (s); + *data_size = strlen (s) + 1; + return GNUNET_OK; + + default: + return GNUNET_SYSERR; + } +} + + +/** + * Mapping of credential type numbers to human-readable + * credential type names. + */ +static struct +{ + const char *name; + uint32_t number; +} pabc_cred_name_map[] = { { "PABC", GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC }, + { NULL, UINT32_MAX } }; + +/** + * Convert a type name to the corresponding number. + * + * @param cls closure, unused + * @param pabc_typename name to convert + * @return corresponding number, UINT32_MAX on error + */ +static uint32_t +pabc_typename_to_number (void *cls, const char *pabc_typename) +{ + unsigned int i; + + i = 0; + while ((NULL != pabc_cred_name_map[i].name) && + (0 != strcasecmp (pabc_typename, pabc_cred_name_map[i].name))) + i++; + return pabc_cred_name_map[i].number; +} + + +/** + * Convert a type number (i.e. 1) to the corresponding type string + * + * @param cls closure, unused + * @param type number of a type to convert + * @return corresponding typestring, NULL on error + */ +static const char * +pabc_number_to_typename (void *cls, uint32_t type) +{ + unsigned int i; + + i = 0; + while ((NULL != pabc_cred_name_map[i].name) && (type != + pabc_cred_name_map[i]. + number)) + i++; + return pabc_cred_name_map[i].name; +} + + +static void +inspect_attrs (char const *const key, + char const *const value, + void *ctx) +{ + struct GNUNET_RECLAIM_AttributeList *attrs = ctx; + + if (NULL == value) + return; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found attribue in PABC credential: `%s': `%s'\n", + key, value); + if (0 == strcmp (key, "expiration")) + return; + if (0 == strcmp (key, "issuer")) + return; + if (0 == strcmp (key, "subject")) + return; + GNUNET_RECLAIM_attribute_list_add (attrs, + key, + NULL, + GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING, + value, + strlen (value)); +} + + +/** + * Parse a pabc and return the respective claim value as Attribute + * + * @param cls the plugin + * @param cred the pabc credential + * @return a GNUNET_RECLAIM_Attribute, containing the new value + */ +struct GNUNET_RECLAIM_AttributeList * +pabc_parse_attributes (void *cls, + const char *data, + size_t data_size) +{ + struct GNUNET_RECLAIM_AttributeList *attrs; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Collecting PABC attributes...\n"); + attrs = GNUNET_new (struct GNUNET_RECLAIM_AttributeList); + GNUNET_assert (PABC_OK == + pabc_cred_inspect_credential (data, + &inspect_attrs, attrs)); + return attrs; +} + + +/** + * Parse a pabc and return the respective claim value as Attribute + * + * @param cls the plugin + * @param cred the pabc credential + * @return a GNUNET_RECLAIM_Attribute, containing the new value + */ +struct GNUNET_RECLAIM_AttributeList * +pabc_parse_attributes_c (void *cls, + const struct GNUNET_RECLAIM_Credential *cred) +{ + if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) + return NULL; + return pabc_parse_attributes (cls, cred->data, cred->data_size); +} + + +/** + * Parse a pabc and return the respective claim value as Attribute + * + * @param cls the plugin + * @param cred the pabc credential + * @return a GNUNET_RECLAIM_Attribute, containing the new value + */ +struct GNUNET_RECLAIM_AttributeList * +pabc_parse_attributes_p (void *cls, + const struct GNUNET_RECLAIM_Presentation *cred) +{ + if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) + return NULL; + return pabc_parse_attributes (cls, cred->data, cred->data_size); +} + +struct Finder +{ + const char* target; + char *result; +}; + +static void +find_attr (char const *const key, + char const *const value, + void *ctx) +{ + struct Finder *fdr = ctx; + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found `%s', looking for `%s'\n", + key, fdr->target); + if (0 == strcmp (key, fdr->target)) + fdr->result = GNUNET_strdup (value); +} + + + +/** + * Parse a pabc and return an attribute value. + * + * @param cls the plugin + * @param data the pabc credential data + * @param data_size the pabc credential size + * @param skey the attribute key to look for. + * @return a string, containing the isser + */ +char * +pabc_get_attribute (void *cls, + const char *data, + size_t data_size, + const char *skey) +{ + + struct Finder fdr; + memset (&fdr, 0, sizeof (fdr)); + fdr.target = skey; + pabc_cred_inspect_credential (data, &find_attr, &fdr); + return fdr.result; +} + + +/** + * Parse a pabc and return the issuer + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +char* +pabc_get_issuer (void *cls, + const char *data, + size_t data_size) +{ + char *res; + if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (data, + "issuer", + &res)) + return NULL; + return res; +} + + +/** + * Parse a pabc and return the issuer + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +char* +pabc_get_issuer (void *cls, + const char *data, + size_t data_size) +{ + return pabc_get_attribute (cls, data, data_size, "issuer"); +} + + +/** + * Parse a pabc and return the issuer + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +char * +pabc_get_issuer_c (void *cls, + const struct GNUNET_RECLAIM_Credential *cred) +{ + if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type) + return NULL; + return pabc_get_issuer (cls, cred->data, cred->data_size); +} + + +/** + * Parse a pabc and return the issuer + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +char * +pabc_get_issuer_p (void *cls, + const struct GNUNET_RECLAIM_Presentation *cred) +{ + if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != cred->type) + return NULL; + return pabc_get_issuer (cls, cred->data, cred->data_size); +} + + +/** + * Parse a pabc and return the expiration + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +int +pabc_get_expiration (void *cls, + const char *data, + size_t data_size, + struct GNUNET_TIME_Absolute *exp) +{ + json_t *json_root; + json_t *json_attrs; + json_t *value; + json_t *exp_j; + json_error_t *json_err = NULL; + const char*key; + + json_root = json_loads (data, JSON_DECODE_ANY, json_err); + if ((NULL == json_root) || + (! json_is_object (json_root))) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to retrive expiration from credential\n"); + return GNUNET_SYSERR; + } + + if (1 != sscanf (exp_str, "%llu", &exp_i)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Invalid expiration `%s'\n", exp_str); + GNUNET_free (exp_str); + return GNUNET_SYSERR; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Converted expiration string `%s' to %llu", + exp_str, exp_i); + + GNUNET_free (exp_str); + exp->abs_value_us = exp_i * 1000 * 1000; + return GNUNET_OK; +} + + +/** + * Parse a pabc and return the expiration + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +enum GNUNET_GenericReturnValue +pabc_get_expiration_c (void *cls, + const struct GNUNET_RECLAIM_Credential *cred, + struct GNUNET_TIME_Absolute *exp) +{ + if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) + return GNUNET_NO; + return pabc_get_expiration (cls, cred->data, cred->data_size, exp); +} + + +/** + * Parse a pabc and return the expiration + * + * @param cls the plugin + * @param cred the pabc credential + * @return a string, containing the isser + */ +enum GNUNET_GenericReturnValue +pabc_get_expiration_p (void *cls, + const struct GNUNET_RECLAIM_Presentation *cred, + struct GNUNET_TIME_Absolute *exp) +{ + if (cred->type != GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC) + return GNUNET_NO; + return pabc_get_expiration (cls, cred->data, cred->data_size, exp); +} + + +int +pabc_create_presentation (void *cls, + const struct GNUNET_RECLAIM_Credential *credential, + const struct GNUNET_RECLAIM_AttributeList *attrs, + struct GNUNET_RECLAIM_Presentation **pres) +{ + struct pabc_context *ctx = NULL; + struct pabc_user_context *usr_ctx = NULL; + struct pabc_public_parameters *pp = NULL; + struct pabc_credential *cred = NULL; + struct pabc_blinded_proof *proof = NULL; + struct GNUNET_RECLAIM_AttributeListEntry *ale; + char *issuer; + char *subject; + enum pabc_status status; + + if (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC != credential->type) + return GNUNET_NO; + + + PABC_ASSERT (pabc_new_ctx (&ctx)); + issuer = pabc_get_issuer_c (cls, credential); + if (NULL == issuer) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "No issuer found in credential\n"); + pabc_free_ctx (&ctx); + return GNUNET_SYSERR; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Got issuer for credential: %s\n", issuer); + status = PABC_load_public_parameters (ctx, issuer, &pp); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to read public parameters.\n"); + pabc_free_ctx (&ctx); + GNUNET_free (issuer); + return GNUNET_SYSERR; + } + if (PABC_OK != pabc_cred_get_attr_by_name_from_cred (credential->data, + "subject", + &subject)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to get subject.\n"); + pabc_free_ctx (&ctx); + GNUNET_free (issuer); + return GNUNET_SYSERR; + } + status = PABC_read_usr_ctx (subject, issuer, ctx, pp, &usr_ctx); + GNUNET_free (issuer); + GNUNET_free (subject); + if (PABC_OK != status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to read user context.\n"); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + + status = pabc_new_credential (ctx, pp, &cred); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to allocate credential.\n"); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + + status = pabc_decode_credential (ctx, pp, cred, credential->data); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to decode credential.\n"); + pabc_free_credential (ctx, pp, &cred); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + + status = pabc_new_proof (ctx, pp, &proof); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to allocate proof.\n"); + pabc_free_credential (ctx, pp, &cred); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + + // now we can parse the attributes to disclose and configure the proof + for (ale = attrs->list_head; NULL != ale; ale = ale->next) + { + status = pabc_set_disclosure_by_attribute_name (ctx, pp, proof, + ale->attribute->name, + PABC_DISCLOSED, cred); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to configure proof.\n"); + pabc_free_credential (ctx, pp, &cred); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + } + + // and finally -> sign the proof + status = pabc_gen_proof (ctx, usr_ctx, pp, proof, cred); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to sign proof.\n"); + pabc_free_proof (ctx, pp, &proof); + pabc_free_credential (ctx, pp, &cred); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + // print the result + char *json = NULL; + char *ppid = NULL; + char *userid = NULL; + GNUNET_assert (PABC_OK == pabc_cred_get_userid_from_cred (credential->data, + &userid)); + GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_cred (credential->data, + &ppid)); + pabc_cred_encode_proof (ctx, pp, proof, userid, ppid, &json); + GNUNET_free (ppid); + GNUNET_free (userid); + if (PABC_OK != status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to serialize proof.\n"); + pabc_free_proof (ctx, pp, &proof); + pabc_free_credential (ctx, pp, &cred); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_SYSERR; + } + char *json_enc; + GNUNET_STRINGS_base64_encode (json, + strlen (json) + 1, + &json_enc); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Presentation: %s\n", json_enc); + // clean up + *pres = GNUNET_RECLAIM_presentation_new (GNUNET_RECLAIM_CREDENTIAL_TYPE_PABC, + json_enc, + strlen (json_enc) + 1); + GNUNET_free (json_enc); + PABC_FREE_NULL (json); + pabc_free_proof (ctx, pp, &proof); + pabc_free_credential (ctx, pp, &cred); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + return GNUNET_OK; +} + + +/** + * Entry point for the plugin. + * + * @param cls NULL + * @return the exported block API + */ +void * +libgnunet_plugin_reclaim_credential_pabc_init (void *cls) +{ + struct GNUNET_RECLAIM_CredentialPluginFunctions *api; + + api = GNUNET_new (struct GNUNET_RECLAIM_CredentialPluginFunctions); + api->value_to_string = &pabc_value_to_string; + api->string_to_value = &pabc_string_to_value; + api->typename_to_number = &pabc_typename_to_number; + api->number_to_typename = &pabc_number_to_typename; + api->get_attributes = &pabc_parse_attributes_c; + api->get_issuer = &pabc_get_issuer_c; + api->get_expiration = &pabc_get_expiration_c; + api->value_to_string_p = &pabc_value_to_string; + api->string_to_value_p = &pabc_string_to_value; + api->typename_to_number_p = &pabc_typename_to_number; + api->number_to_typename_p = &pabc_number_to_typename; + api->get_attributes_p = &pabc_parse_attributes_p; + api->get_issuer_p = &pabc_get_issuer_p; + api->get_expiration_p = &pabc_get_expiration_p; + api->create_presentation = &pabc_create_presentation; + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the return value from #libgnunet_plugin_block_test_init() + * @return NULL + */ +void * +libgnunet_plugin_reclaim_credential_pabc_done (void *cls) +{ + struct GNUNET_RECLAIM_CredentialPluginFunctions *api = cls; + + GNUNET_free (api); + return NULL; +} + + +/* end of plugin_reclaim_credential_type_pabc.c */ diff --git a/src/reclaim/plugin_rest_pabc.c b/src/reclaim/plugin_rest_pabc.c new file mode 100644 index 000000000..6603fb888 --- /dev/null +++ b/src/reclaim/plugin_rest_pabc.c @@ -0,0 +1,666 @@ +/* + This file is part of GNUnet. + Copyright (C) 2012-2015 GNUnet e.V. + + GNUnet is free software: you can redistribute it and/or modify it + under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, + or (at your option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + + SPDX-License-Identifier: AGPL3.0-or-later + */ +/** + * @author Martin Schanzenbach + * @file reclaim/plugin_rest_pabc.c + * @brief GNUnet pabc REST plugin + * + */ +#include "platform.h" +#include "microhttpd.h" +#include +#include +#include +#include "gnunet_reclaim_lib.h" +#include "gnunet_reclaim_service.h" +#include "gnunet_rest_lib.h" +#include "gnunet_rest_plugin.h" +#include "gnunet_signatures.h" +#include "pabc_helper.h" + +/** + * REST root namespace + */ +#define GNUNET_REST_API_NS_PABC "/pabc" + +/** + * Credential request endpoint + */ +#define GNUNET_REST_API_NS_PABC_CR "/pabc/cr" + +/** + * The configuration handle + */ +const struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * HTTP methods allows for this plugin + */ +static char *allow_methods; + +/** + * @brief struct returned by the initialization function of the plugin + */ +struct Plugin +{ + const struct GNUNET_CONFIGURATION_Handle *cfg; +}; + + +struct RequestHandle +{ + /** + * DLL + */ + struct RequestHandle *next; + + /** + * DLL + */ + struct RequestHandle *prev; + + /** + * Rest connection + */ + struct GNUNET_REST_RequestHandle *rest_handle; + + /** + * Desired timeout for the lookup (default is no timeout). + */ + struct GNUNET_TIME_Relative timeout; + + /** + * ID of a task associated with the resolution process. + */ + struct GNUNET_SCHEDULER_Task *timeout_task; + + /** + * The plugin result processor + */ + GNUNET_REST_ResultProcessor proc; + + /** + * The closure of the result processor + */ + void *proc_cls; + + /** + * The url + */ + char *url; + + /** + * Error response message + */ + char *emsg; + + /** + * Reponse code + */ + int response_code; + + /** + * Response object + */ + json_t *resp_object; +}; + +/** + * DLL + */ +static struct RequestHandle *requests_head; + +/** + * DLL + */ +static struct RequestHandle *requests_tail; + + +/** + * Cleanup lookup handle + * @param handle Handle to clean up + */ +static void +cleanup_handle (void *cls) +{ + struct RequestHandle *handle = cls; + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Cleaning up\n"); + if (NULL != handle->resp_object) + json_decref (handle->resp_object); + if (NULL != handle->timeout_task) + GNUNET_SCHEDULER_cancel (handle->timeout_task); + if (NULL != handle->url) + GNUNET_free (handle->url); + if (NULL != handle->emsg) + GNUNET_free (handle->emsg); + GNUNET_CONTAINER_DLL_remove (requests_head, + requests_tail, + handle); + GNUNET_free (handle); +} + + +/** + * Task run on error, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_error (void *cls) +{ + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + char *json_error; + + GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }", handle->emsg); + if (0 == handle->response_code) + { + handle->response_code = MHD_HTTP_BAD_REQUEST; + } + resp = GNUNET_REST_create_response (json_error); + MHD_add_response_header (resp, "Content-Type", "application/json"); + handle->proc (handle->proc_cls, resp, handle->response_code); + cleanup_handle (handle); + GNUNET_free (json_error); +} + + +/** + * Task run on timeout, sends error message. Cleans up everything. + * + * @param cls the `struct RequestHandle` + */ +static void +do_timeout (void *cls) +{ + struct RequestHandle *handle = cls; + + handle->timeout_task = NULL; + do_error (handle); +} + + +static void +return_response (void *cls) +{ + char *result_str; + struct RequestHandle *handle = cls; + struct MHD_Response *resp; + + result_str = json_dumps (handle->resp_object, 0); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str); + resp = GNUNET_REST_create_response (result_str); + MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + GNUNET_free (result_str); + cleanup_handle (handle); +} + + +static enum pabc_status +set_attributes_from_idtoken (const struct pabc_context *ctx, + const struct pabc_public_parameters *pp, + struct pabc_user_context *usr_ctx, + const char *id_token) +{ + json_t *payload_json; + json_t *value; + json_error_t json_err; + const char *key; + const char *jwt_body; + char *decoded_jwt; + char delim[] = "."; + char *jwt_string; + const char *pabc_key; + enum pabc_status status; + + // FIXME parse JWT + jwt_string = GNUNET_strndup (id_token, strlen (id_token)); + jwt_body = strtok (jwt_string, delim); + jwt_body = strtok (NULL, delim); + GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body), + (void **) &decoded_jwt); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Decoded ID Token: %s\n", decoded_jwt); + payload_json = json_loads (decoded_jwt, JSON_DECODE_ANY, &json_err); + GNUNET_free (decoded_jwt); + + json_object_foreach (payload_json, key, value) + { + pabc_key = key; + if (0 == strcmp ("iss", key)) + pabc_key = "issuer"; // rename + if (0 == strcmp ("sub", key)) + pabc_key = "subject"; // rename + if (0 == strcmp ("jti", key)) + continue; + if (0 == strcmp ("exp", key)) + pabc_key = "expiration"; // rename + if (0 == strcmp ("iat", key)) + continue; + if (0 == strcmp ("nbf", key)) + continue; + if (0 == strcmp ("aud", key)) + continue; + char *tmp_val; + if (json_is_string (value)) + tmp_val = GNUNET_strdup (json_string_value (value)); + else + tmp_val = json_dumps (value, JSON_ENCODE_ANY); + if (NULL == tmp_val) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to encode JSON value for `%s'\n", key); + continue; + } + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Setting `%s' to `%s'\n", key, tmp_val); + status = pabc_set_attribute_value_by_name (ctx, pp, usr_ctx, + pabc_key, + tmp_val); + GNUNET_free (tmp_val); + if (PABC_OK != status) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Failed to set attribute `%s'.\n", key); + } + } + return PABC_OK; +} + + +static enum GNUNET_GenericReturnValue +setup_new_user_context (struct pabc_context *ctx, + struct pabc_public_parameters *pp, + struct pabc_user_context **usr_ctx) +{ + if (PABC_OK != pabc_new_user_context (ctx, pp, usr_ctx)) + return GNUNET_SYSERR; + + if (PABC_OK != pabc_populate_user_context (ctx, *usr_ctx)) + { + pabc_free_user_context (ctx, pp, usr_ctx); + return GNUNET_SYSERR; + } + return GNUNET_OK; +} + + +static void +cr_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char *url, + void *cls) +{ + struct RequestHandle *handle = cls; + char term_data[handle->rest_handle->data_size + 1]; + char *response_str; + json_t *data_json; + json_t *nonce_json; + json_t *pp_json; + json_t *idtoken_json; + json_t *iss_json; + json_t *identity_json; + json_error_t err; + struct pabc_public_parameters *pp = NULL; + struct pabc_context *ctx = NULL; + struct pabc_user_context *usr_ctx = NULL; + struct pabc_credential_request *cr = NULL; + struct pabc_nonce *nonce = NULL; + enum pabc_status status; + + + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Credential request...\n"); + + if (0 >= handle->rest_handle->data_size) + { + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + term_data[handle->rest_handle->data_size] = '\0'; + GNUNET_memcpy (term_data, + handle->rest_handle->data, + handle->rest_handle->data_size); + data_json = json_loads (term_data, JSON_DECODE_ANY, &err); + if (NULL == data_json) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse %s\n", term_data); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + if (! json_is_object (data_json)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse %s\n", term_data); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + nonce_json = json_object_get (data_json, "nonce"); + if (NULL == nonce_json) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse nonce\n"); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + iss_json = json_object_get (data_json, "issuer"); + if (NULL == iss_json) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse issuer\n"); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + identity_json = json_object_get (data_json, "identity"); + if (NULL == identity_json) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse identity\n"); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + idtoken_json = json_object_get (data_json, "id_token"); + if (NULL == idtoken_json) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse id_token\n"); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + pp_json = json_object_get (data_json, "public_params"); + if (NULL == pp_json) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse public parameters\n"); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + PABC_ASSERT (pabc_new_ctx (&ctx)); + char *pp_str = json_dumps (pp_json, JSON_ENCODE_ANY); + status = pabc_decode_and_new_public_parameters (ctx, + &pp, + pp_str); + char *ppid; + GNUNET_assert (PABC_OK == pabc_cred_get_ppid_from_pp (pp_str, &ppid)); + GNUNET_free (pp_str); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to read public parameters: %s\n", + pp_str); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + // (Over)write parameters + status = PABC_write_public_parameters (json_string_value (iss_json), + pp); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Failed to write public parameters.\n"); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + status = PABC_read_usr_ctx (json_string_value (identity_json), + json_string_value (iss_json), + ctx, pp, &usr_ctx); + if (PABC_OK != status) + { + if (GNUNET_OK != setup_new_user_context (ctx, pp, &usr_ctx)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to setup user context.\n"); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + PABC_write_usr_ctx (json_string_value (identity_json), + json_string_value (iss_json), + ctx, pp, usr_ctx); + } + + // Set attributes from JWT to context + status = set_attributes_from_idtoken (ctx, + pp, + usr_ctx, + json_string_value (idtoken_json)); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to set attributes.\n"); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + + // nonce + status = pabc_new_nonce (ctx, &nonce); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to allocate nonce.\n"); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + char *nonce_str = json_dumps (nonce_json, JSON_ENCODE_ANY); + status = pabc_decode_nonce (ctx, nonce, nonce_str); + if (status != PABC_OK) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to decode nonce.\n"); + pabc_free_nonce (ctx, &nonce); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + // cr + status = pabc_new_credential_request (ctx, pp, &cr); + if (PABC_OK != status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to allocate cr.\n"); + pabc_free_nonce (ctx, &nonce); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + + status = pabc_gen_credential_request (ctx, pp, usr_ctx, nonce, cr); + if (PABC_OK != status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to generate cr.\n"); + pabc_free_nonce (ctx, &nonce); + pabc_free_credential_request (ctx, pp, &cr); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + handle->resp_object = json_object (); + GNUNET_assert (PABC_OK == pabc_cred_encode_cr (ctx, pp, cr, + json_string_value ( + identity_json), + ppid, &response_str)); + if (PABC_OK != status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failed to serialize cr.\n"); + pabc_free_nonce (ctx, &nonce); + pabc_free_credential_request (ctx, pp, &cr); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + json_decref (data_json); + GNUNET_SCHEDULER_add_now (&do_error, handle); + return; + } + json_decref (handle->resp_object); + handle->resp_object = json_loads (response_str, JSON_DECODE_ANY, &err); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "%s\n", response_str); + GNUNET_free (response_str); + + // clean up + pabc_free_nonce (ctx, &nonce); + pabc_free_credential_request (ctx, pp, &cr); + pabc_free_user_context (ctx, pp, &usr_ctx); + pabc_free_public_parameters (ctx, &pp); + GNUNET_SCHEDULER_add_now (&return_response, handle); + json_decref (data_json); +} + + +/** + * Respond to OPTIONS request + * + * @param con_handle the connection handle + * @param url the url + * @param cls the RequestHandle + */ +static void +options_cont (struct GNUNET_REST_RequestHandle *con_handle, + const char *url, + void *cls) +{ + struct MHD_Response *resp; + struct RequestHandle *handle = cls; + + // For now, independent of path return all options + resp = GNUNET_REST_create_response (NULL); + MHD_add_response_header (resp, "Access-Control-Allow-Methods", allow_methods); + handle->proc (handle->proc_cls, resp, MHD_HTTP_OK); + cleanup_handle (handle); + return; +} + + +static enum GNUNET_GenericReturnValue +rest_identity_process_request (struct GNUNET_REST_RequestHandle *rest_handle, + GNUNET_REST_ResultProcessor proc, + void *proc_cls) +{ + struct RequestHandle *handle = GNUNET_new (struct RequestHandle); + struct GNUNET_REST_RequestHandlerError err; + static const struct GNUNET_REST_RequestHandler handlers[] = { + {MHD_HTTP_METHOD_POST, + GNUNET_REST_API_NS_PABC_CR, &cr_cont }, + { MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_PABC, &options_cont }, + GNUNET_REST_HANDLER_END + }; + + handle->response_code = 0; + handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL; + handle->proc_cls = proc_cls; + handle->proc = proc; + handle->rest_handle = rest_handle; + + handle->url = GNUNET_strdup (rest_handle->url); + if (handle->url[strlen (handle->url) - 1] == '/') + handle->url[strlen (handle->url) - 1] = '\0'; + handle->timeout_task = + GNUNET_SCHEDULER_add_delayed (handle->timeout, &do_timeout, handle); + GNUNET_CONTAINER_DLL_insert (requests_head, + requests_tail, + handle); + if (GNUNET_NO == + GNUNET_REST_handle_request (handle->rest_handle, handlers, &err, handle)) + { + cleanup_handle (handle); + return GNUNET_NO; + } + + return GNUNET_YES; +} + + +/** + * Entry point for the plugin. + * + * @param cls Config info + * @return NULL on error, otherwise the plugin context + */ +void * +libgnunet_plugin_rest_pabc_init (void *cls) +{ + static struct Plugin plugin; + struct GNUNET_REST_Plugin *api; + + cfg = cls; + if (NULL != plugin.cfg) + return NULL; /* can only initialize once! */ + memset (&plugin, 0, sizeof(struct Plugin)); + plugin.cfg = cfg; + api = GNUNET_new (struct GNUNET_REST_Plugin); + api->cls = &plugin; + api->name = GNUNET_REST_API_NS_PABC; + api->process_request = &rest_identity_process_request; + GNUNET_asprintf (&allow_methods, + "%s, %s", + MHD_HTTP_METHOD_POST, + MHD_HTTP_METHOD_OPTIONS); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + _ ("Identity Provider REST API initialized\n")); + return api; +} + + +/** + * Exit point from the plugin. + * + * @param cls the plugin context (as returned by "init") + * @return always NULL + */ +void * +libgnunet_plugin_rest_reclaim_done (void *cls) +{ + struct GNUNET_REST_Plugin *api = cls; + struct Plugin *plugin = api->cls; + struct RequestHandle *request; + + plugin->cfg = NULL; + while (NULL != (request = requests_head)) + do_error (request); + + GNUNET_free (allow_methods); + GNUNET_free (api); + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "PABC REST plugin is finished\n"); + return NULL; +} + + +/* end of plugin_rest_reclaim.c */ diff --git a/src/reclaim/reclaim_credential.c b/src/reclaim/reclaim_credential.c index c8c0d397c..da5cee988 100644 --- a/src/reclaim/reclaim_credential.c +++ b/src/reclaim/reclaim_credential.c @@ -1033,7 +1033,6 @@ GNUNET_RECLAIM_presentation_get_expiration (const struct /** * Create a presentation from a credential and a lift of (selected) * attributes in the credential. - * FIXME not yet implemented * * @param cred the credential to use * @param attrs the attributes to present from the credential -- cgit v1.2.3