/*
This file is part of GNUnet.
Copyright (C) 2012-2016 GNUnet e.V.
GNUnet is free software: you can redistribute it and/or modify it
under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.
GNUnet is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
SPDX-License-Identifier: AGPL3.0-or-later
*/
/**
* @author Martin Schanzenbach
* @file credential/plugin_rest_credential.c
* @brief GNUnet CREDENTIAL REST plugin
*
*/
#include "platform.h"
#include "gnunet_rest_plugin.h"
#include
#include
#include
#include
#include
#include
#include
#include
#define GNUNET_REST_API_NS_CREDENTIAL "/credential"
#define GNUNET_REST_API_NS_CREDENTIAL_ISSUE "/credential/issue"
#define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify"
#define GNUNET_REST_API_NS_CREDENTIAL_COLLECT "/credential/collect"
#define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration"
#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key"
#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO "subject"
#define GNUNET_REST_JSONAPI_CREDENTIAL "credential"
#define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential"
#define GNUNET_REST_JSONAPI_DELEGATIONS "delegations"
#define GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR "attribute"
#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR "credential"
/**
* @brief struct returned by the initialization function of the plugin
*/
struct Plugin {
const struct GNUNET_CONFIGURATION_Handle *cfg;
};
const struct GNUNET_CONFIGURATION_Handle *cfg;
struct RequestHandle {
/**
* Handle to Credential service.
*/
struct GNUNET_CREDENTIAL_Handle *credential;
/**
* Handle to lookup request
*/
struct GNUNET_CREDENTIAL_Request *verify_request;
/**
* Handle to issue request
*/
struct GNUNET_CREDENTIAL_Request *issue_request;
/**
* Handle to identity
*/
struct GNUNET_IDENTITY_Handle *identity;
/**
* Handle to identity operation
*/
struct GNUNET_IDENTITY_Operation *id_op;
/**
* Handle to ego lookup
*/
struct GNUNET_IDENTITY_EgoLookup *ego_lookup;
/**
* Handle to rest request
*/
struct GNUNET_REST_RequestHandle *rest_handle;
/**
* ID of a task associated with the resolution process.
*/
struct GNUNET_SCHEDULER_Task * timeout_task;
/**
* The root of the received JSON or NULL
*/
json_t *json_root;
/**
* The plugin result processor
*/
GNUNET_REST_ResultProcessor proc;
/**
* The closure of the result processor
*/
void *proc_cls;
/**
* The issuer attribute to verify
*/
char *issuer_attr;
/**
* The subject attribute
*/
char *subject_attr;
/**
* The public key of the issuer
*/
struct GNUNET_CRYPTO_EcdsaPublicKey issuer_key;
/**
* The public key of the subject
*/
struct GNUNET_CRYPTO_EcdsaPublicKey subject_key;
/**
* HTTP response code
*/
int response_code;
/**
* Timeout
*/
struct GNUNET_TIME_Relative timeout;
};
/**
* Cleanup lookup handle.
*
* @param handle Handle to clean up
*/
static void
cleanup_handle(struct RequestHandle *handle)
{
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Cleaning up\n");
if (NULL != handle->json_root)
json_decref(handle->json_root);
if (NULL != handle->issuer_attr)
GNUNET_free(handle->issuer_attr);
if (NULL != handle->subject_attr)
GNUNET_free(handle->subject_attr);
if (NULL != handle->verify_request)
GNUNET_CREDENTIAL_request_cancel(handle->verify_request);
if (NULL != handle->credential)
GNUNET_CREDENTIAL_disconnect(handle->credential);
if (NULL != handle->id_op)
GNUNET_IDENTITY_cancel(handle->id_op);
if (NULL != handle->ego_lookup)
GNUNET_IDENTITY_ego_lookup_cancel(handle->ego_lookup);
if (NULL != handle->identity)
GNUNET_IDENTITY_disconnect(handle->identity);
if (NULL != handle->timeout_task)
{
GNUNET_SCHEDULER_cancel(handle->timeout_task);
}
GNUNET_free(handle);
}
static void
do_error(void *cls)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
resp = GNUNET_REST_create_response(NULL);
handle->proc(handle->proc_cls, resp, handle->response_code);
cleanup_handle(handle);
}
/**
* Attribute delegation to JSON
*
* @param delegation_chain_entry the DSE
* @return JSON, NULL if failed
*/
static json_t*
attribute_delegation_to_json(struct GNUNET_CREDENTIAL_Delegation *delegation_chain_entry)
{
char *subject;
char *issuer;
json_t *attr_obj;
issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string(&delegation_chain_entry->issuer_key);
if (NULL == issuer)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Issuer in delegation malformed\n");
return NULL;
}
subject = GNUNET_CRYPTO_ecdsa_public_key_to_string(&delegation_chain_entry->subject_key);
if (NULL == subject)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Subject in credential malformed\n");
GNUNET_free(issuer);
return NULL;
}
attr_obj = json_object();
json_object_set_new(attr_obj, "issuer", json_string(issuer));
json_object_set_new(attr_obj, "issuer_attribute",
json_string(delegation_chain_entry->issuer_attribute));
json_object_set_new(attr_obj, "subject", json_string(subject));
if (0 < delegation_chain_entry->subject_attribute_len)
{
json_object_set_new(attr_obj, "subject_attribute",
json_string(delegation_chain_entry->subject_attribute));
}
GNUNET_free(issuer);
GNUNET_free(subject);
return attr_obj;
}
/**
* JSONAPI resource to Credential
*
* @param res the JSONAPI resource
* @return the resulting credential, NULL if failed
*/
static struct GNUNET_CREDENTIAL_Credential*
json_to_credential(json_t *res)
{
struct GNUNET_CREDENTIAL_Credential *cred;
json_t *tmp;
const char *attribute;
const char *signature;
char *sig;
tmp = json_object_get(res, "attribute");
if (0 == json_is_string(tmp))
{
return NULL;
}
attribute = json_string_value(tmp);
cred = GNUNET_malloc(sizeof(struct GNUNET_CREDENTIAL_Credential)
+ strlen(attribute));
cred->issuer_attribute = attribute;
cred->issuer_attribute_len = strlen(attribute);
tmp = json_object_get(res, "issuer");
if (0 == json_is_string(tmp))
{
GNUNET_free(cred);
return NULL;
}
GNUNET_CRYPTO_ecdsa_public_key_from_string(json_string_value(tmp),
strlen(json_string_value(tmp)),
&cred->issuer_key);
tmp = json_object_get(res, "subject");
if (0 == json_is_string(tmp))
{
GNUNET_free(cred);
return NULL;
}
GNUNET_CRYPTO_ecdsa_public_key_from_string(json_string_value(tmp),
strlen(json_string_value(tmp)),
&cred->subject_key);
tmp = json_object_get(res, "signature");
if (0 == json_is_string(tmp))
{
GNUNET_free(cred);
return NULL;
}
signature = json_string_value(tmp);
GNUNET_STRINGS_base64_decode(signature,
strlen(signature),
(char**)&sig);
GNUNET_memcpy(&cred->signature,
sig,
sizeof(struct GNUNET_CRYPTO_EcdsaSignature));
GNUNET_free(sig);
tmp = json_object_get(res, "expiration");
if (0 == json_is_integer(tmp))
{
GNUNET_free(cred);
return NULL;
}
cred->expiration.abs_value_us = json_integer_value(tmp);
return cred;
}
/**
* Credential to JSON
*
* @param cred the credential
* @return the resulting json, NULL if failed
*/
static json_t*
credential_to_json(struct GNUNET_CREDENTIAL_Credential *cred)
{
char *issuer;
char *subject;
char *signature;
char attribute[cred->issuer_attribute_len + 1];
json_t *cred_obj;
issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string(&cred->issuer_key);
if (NULL == issuer)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Issuer in credential malformed\n");
return NULL;
}
subject = GNUNET_CRYPTO_ecdsa_public_key_to_string(&cred->subject_key);
if (NULL == subject)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Subject in credential malformed\n");
GNUNET_free(issuer);
return NULL;
}
GNUNET_STRINGS_base64_encode((char*)&cred->signature,
sizeof(struct GNUNET_CRYPTO_EcdsaSignature),
&signature);
GNUNET_memcpy(attribute,
cred->issuer_attribute,
cred->issuer_attribute_len);
attribute[cred->issuer_attribute_len] = '\0';
cred_obj = json_object();
json_object_set_new(cred_obj, "issuer", json_string(issuer));
json_object_set_new(cred_obj, "subject", json_string(subject));
json_object_set_new(cred_obj, "attribute", json_string(attribute));
json_object_set_new(cred_obj, "signature", json_string(signature));
json_object_set_new(cred_obj, "expiration", json_integer(cred->expiration.abs_value_us));
GNUNET_free(issuer);
GNUNET_free(subject);
GNUNET_free(signature);
return cred_obj;
}
static void
handle_collect_response(void *cls,
unsigned int d_count,
struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
unsigned int c_count,
struct GNUNET_CREDENTIAL_Credential *cred)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
struct GNUNET_JSONAPI_Document *json_document;
struct GNUNET_JSONAPI_Resource *json_resource;
json_t *cred_obj;
json_t *cred_array;
char *result;
char *issuer;
char *id;
uint32_t i;
handle->verify_request = NULL;
if (NULL == cred)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Verify failed.\n");
handle->response_code = MHD_HTTP_NOT_FOUND;
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string(&handle->issuer_key);
if (NULL == issuer)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Issuer in delegation malformed\n");
return;
}
GNUNET_asprintf(&id,
"%s.%s",
issuer,
handle->issuer_attr);
GNUNET_free(issuer);
json_document = GNUNET_JSONAPI_document_new();
json_resource = GNUNET_JSONAPI_resource_new(GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
id);
GNUNET_free(id);
cred_array = json_array();
for (i = 0; i < c_count; i++)
{
cred_obj = credential_to_json(&cred[i]);
json_array_append_new(cred_array, cred_obj);
}
GNUNET_JSONAPI_resource_add_attr(json_resource,
GNUNET_REST_JSONAPI_CREDENTIAL,
cred_array);
GNUNET_JSONAPI_document_resource_add(json_document, json_resource);
GNUNET_JSONAPI_document_serialize(json_document, &result);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Result %s\n",
result);
json_decref(cred_array);
GNUNET_JSONAPI_document_delete(json_document);
resp = GNUNET_REST_create_response(result);
GNUNET_free(result);
handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
cleanup_handle(handle);
}
static void
subject_ego_lookup(void *cls,
const struct GNUNET_IDENTITY_Ego *ego)
{
struct RequestHandle *handle = cls;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *sub_key;
handle->ego_lookup = NULL;
if (NULL == ego)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Subject not found\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
sub_key = GNUNET_IDENTITY_ego_get_private_key(ego);
handle->verify_request = GNUNET_CREDENTIAL_collect(handle->credential,
&handle->issuer_key,
handle->issuer_attr,
sub_key,
&handle_collect_response,
handle);
}
static void
handle_verify_response(void *cls,
unsigned int d_count,
struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
unsigned int c_count,
struct GNUNET_CREDENTIAL_Credential *cred)
{
struct RequestHandle *handle = cls;
struct MHD_Response *resp;
struct GNUNET_JSONAPI_Document *json_document;
struct GNUNET_JSONAPI_Resource *json_resource;
json_t *cred_obj;
json_t *attr_obj;
json_t *cred_array;
json_t *attr_array;
char *result;
char *issuer;
char *id;
uint32_t i;
handle->verify_request = NULL;
if (NULL == cred)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Verify failed.\n");
handle->response_code = MHD_HTTP_NOT_FOUND;
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string(&handle->issuer_key);
if (NULL == issuer)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Issuer in delegation malformed\n");
return;
}
GNUNET_asprintf(&id,
"%s.%s",
issuer,
handle->issuer_attr);
GNUNET_free(issuer);
json_document = GNUNET_JSONAPI_document_new();
json_resource = GNUNET_JSONAPI_resource_new(GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
id);
GNUNET_free(id);
attr_array = json_array();
for (i = 0; i < d_count; i++)
{
attr_obj = attribute_delegation_to_json(&delegation_chain[i]);
json_array_append_new(attr_array, attr_obj);
}
cred_array = json_array();
for (i = 0; i < c_count; i++)
{
cred_obj = credential_to_json(&cred[i]);
json_array_append_new(cred_array, cred_obj);
}
GNUNET_JSONAPI_resource_add_attr(json_resource,
GNUNET_REST_JSONAPI_CREDENTIAL,
cred_array);
GNUNET_JSONAPI_resource_add_attr(json_resource,
GNUNET_REST_JSONAPI_DELEGATIONS,
attr_array);
GNUNET_JSONAPI_document_resource_add(json_document, json_resource);
GNUNET_JSONAPI_document_serialize(json_document, &result);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Result %s\n",
result);
json_decref(attr_array);
json_decref(cred_array);
GNUNET_JSONAPI_document_delete(json_document);
resp = GNUNET_REST_create_response(result);
handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
GNUNET_free(result);
cleanup_handle(handle);
}
static void
collect_cred_cont(struct GNUNET_REST_RequestHandle *conndata_handle,
const char* url,
void *cls)
{
struct RequestHandle *handle = cls;
struct GNUNET_HashCode key;
char *tmp;
char *entity_attr;
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Connecting...\n");
handle->credential = GNUNET_CREDENTIAL_connect(cfg);
handle->timeout_task = GNUNET_SCHEDULER_add_delayed(handle->timeout,
&do_error, handle);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Connected\n");
if (NULL == handle->credential)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Connecting to CREDENTIAL failed\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(conndata_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing issuer attribute\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = GNUNET_CONTAINER_multihashmap_get(conndata_handle->url_param_map,
&key);
entity_attr = GNUNET_strdup(tmp);
tmp = strtok(entity_attr, ".");
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed issuer or attribute\n");
GNUNET_free(entity_attr);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_public_key_from_string(tmp,
strlen(tmp),
&handle->issuer_key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed issuer key\n");
GNUNET_free(entity_attr);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = strtok(NULL, "."); //Issuer attribute
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed attribute\n");
GNUNET_free(entity_attr);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
handle->issuer_attr = GNUNET_strdup(tmp);
GNUNET_free(entity_attr);
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(conndata_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing subject\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = GNUNET_CONTAINER_multihashmap_get(conndata_handle->url_param_map,
&key);
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed subject\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
handle->ego_lookup = GNUNET_IDENTITY_ego_lookup(cfg,
tmp,
&subject_ego_lookup,
handle);
}
static void
verify_cred_cont(struct GNUNET_REST_RequestHandle *conndata_handle,
const char* url,
void *cls)
{
struct RequestHandle *handle = cls;
struct GNUNET_HashCode key;
struct GNUNET_JSONAPI_Document *json_obj;
struct GNUNET_JSONAPI_Resource *res;
struct GNUNET_CREDENTIAL_Credential *cred;
char *tmp;
char *entity_attr;
int i;
uint32_t credential_count;
uint32_t resource_count;
json_t *cred_json;
json_t *data_js;
json_error_t err;
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Connecting...\n");
handle->credential = GNUNET_CREDENTIAL_connect(cfg);
handle->timeout_task = GNUNET_SCHEDULER_add_delayed(handle->timeout,
&do_error, handle);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Connected\n");
if (NULL == handle->credential)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Connecting to CREDENTIAL failed\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(conndata_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing issuer attribute\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = GNUNET_CONTAINER_multihashmap_get(conndata_handle->url_param_map,
&key);
entity_attr = GNUNET_strdup(tmp);
tmp = strtok(entity_attr, ".");
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed issuer or attribute\n");
GNUNET_free(entity_attr);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_public_key_from_string(tmp,
strlen(tmp),
&handle->issuer_key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed issuer key\n");
GNUNET_free(entity_attr);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = strtok(NULL, "."); //Issuer attribute
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed attribute\n");
GNUNET_free(entity_attr);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
handle->issuer_attr = GNUNET_strdup(tmp);
GNUNET_free(entity_attr);
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(conndata_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing subject key\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = GNUNET_CONTAINER_multihashmap_get(conndata_handle->url_param_map,
&key);
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed subject\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_public_key_from_string(tmp,
strlen(tmp),
&handle->subject_key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed subject key\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
if (0 >= handle->rest_handle->data_size)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing credentials\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
struct GNUNET_JSON_Specification docspec[] = {
GNUNET_JSON_spec_jsonapi_document(&json_obj),
GNUNET_JSON_spec_end()
};
char term_data[handle->rest_handle->data_size + 1];
term_data[handle->rest_handle->data_size] = '\0';
credential_count = 0;
GNUNET_memcpy(term_data,
handle->rest_handle->data,
handle->rest_handle->data_size);
data_js = json_loads(term_data,
JSON_DECODE_ANY,
&err);
GNUNET_assert(GNUNET_OK == GNUNET_JSON_parse(data_js, docspec,
NULL, NULL));
json_decref(data_js);
if (NULL == json_obj)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Unable to parse JSONAPI Object from %s\n",
term_data);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
resource_count = GNUNET_JSONAPI_document_resource_count(json_obj);
GNUNET_assert(1 == resource_count);
res = (GNUNET_JSONAPI_document_get_resource(json_obj, 0));
if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type(res,
GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Resource not a credential!\n");
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Unable to parse JSONAPI Object from %s\n",
term_data);
GNUNET_JSONAPI_document_delete(json_obj);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
cred_json = GNUNET_JSONAPI_resource_read_attr(res,
GNUNET_REST_JSONAPI_CREDENTIAL);
GNUNET_assert(json_is_array(cred_json));
credential_count = json_array_size(cred_json);
struct GNUNET_CREDENTIAL_Credential credentials[credential_count];
for (i = 0; i < credential_count; i++)
{
cred = json_to_credential(json_array_get(cred_json, i));
if (NULL == cred)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Unable to parse credential!\n");
continue;
}
GNUNET_memcpy(&credentials[i],
cred,
sizeof(struct GNUNET_CREDENTIAL_Credential));
credentials[i].issuer_attribute = GNUNET_strdup(cred->issuer_attribute);
GNUNET_free(cred);
}
GNUNET_JSONAPI_document_delete(json_obj);
handle->verify_request = GNUNET_CREDENTIAL_verify(handle->credential,
&handle->issuer_key,
handle->issuer_attr,
&handle->subject_key,
credential_count,
credentials,
&handle_verify_response,
handle);
for (i = 0; i < credential_count; i++)
GNUNET_free((char*)credentials[i].issuer_attribute);
}
void
send_cred_response(struct RequestHandle *handle,
struct GNUNET_CREDENTIAL_Credential *cred)
{
struct MHD_Response *resp;
struct GNUNET_JSONAPI_Document *json_document;
struct GNUNET_JSONAPI_Resource *json_resource;
json_t *cred_obj;
char *result;
char *issuer;
char *subject;
char *signature;
char *id;
GNUNET_assert(NULL != cred);
issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string(&cred->issuer_key);
if (NULL == issuer)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Subject malformed\n");
GNUNET_free(issuer);
return;
}
GNUNET_asprintf(&id,
"%s.%s",
issuer,
(char*)&cred[1]);
subject = GNUNET_CRYPTO_ecdsa_public_key_to_string(&cred->subject_key);
if (NULL == subject)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Subject malformed\n");
GNUNET_free(id);
GNUNET_free(issuer);
return;
}
GNUNET_STRINGS_base64_encode((char*)&cred->signature,
sizeof(struct GNUNET_CRYPTO_EcdsaSignature),
&signature);
json_document = GNUNET_JSONAPI_document_new();
json_resource = GNUNET_JSONAPI_resource_new(GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
id);
GNUNET_free(id);
cred_obj = json_object();
json_object_set_new(cred_obj, "issuer", json_string(issuer));
json_object_set_new(cred_obj, "subject", json_string(subject));
json_object_set_new(cred_obj, "expiration", json_integer(cred->expiration.abs_value_us));
json_object_set_new(cred_obj, "signature", json_string(signature));
GNUNET_JSONAPI_resource_add_attr(json_resource,
GNUNET_REST_JSONAPI_CREDENTIAL,
cred_obj);
GNUNET_JSONAPI_document_resource_add(json_document, json_resource);
GNUNET_JSONAPI_document_serialize(json_document, &result);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Result %s\n",
result);
json_decref(cred_obj);
GNUNET_JSONAPI_document_delete(json_document);
resp = GNUNET_REST_create_response(result);
handle->proc(handle->proc_cls, resp, MHD_HTTP_OK);
GNUNET_free(result);
GNUNET_free(signature);
GNUNET_free(issuer);
GNUNET_free(subject);
cleanup_handle(handle);
}
void
get_cred_issuer_cb(void *cls,
struct GNUNET_IDENTITY_Ego *ego,
void **ctx,
const char *name)
{
struct RequestHandle *handle = cls;
struct GNUNET_TIME_Absolute etime_abs;
struct GNUNET_TIME_Relative etime_rel;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer_key;
struct GNUNET_HashCode key;
struct GNUNET_CREDENTIAL_Credential *cred;
char* expiration_str;
char* tmp;
handle->id_op = NULL;
if (NULL == name)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Issuer not configured!\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Connecting to credential service...\n");
handle->credential = GNUNET_CREDENTIAL_connect(cfg);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"Connected\n");
if (NULL == handle->credential)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Connecting to CREDENTIAL failed\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing expiration\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
expiration_str = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
&key);
if (NULL == expiration_str)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Expiration malformed\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative(expiration_str,
&etime_rel))
{
etime_abs = GNUNET_TIME_relative_to_absolute(etime_rel);
}
else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute(expiration_str,
&etime_abs))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed expiration: %s\n", expiration_str);
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing issuer attribute\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get
(handle->rest_handle->url_param_map,
&key));
GNUNET_CRYPTO_hash(GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY,
strlen(GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY),
&key);
if (GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
&key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Missing subject\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
tmp = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
&key);
if (NULL == tmp)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed subject\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_public_key_from_string(tmp,
strlen(tmp),
&handle->subject_key))
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Malformed subject key\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
issuer_key = GNUNET_IDENTITY_ego_get_private_key(ego);
cred = GNUNET_CREDENTIAL_credential_issue(issuer_key,
&handle->subject_key,
handle->issuer_attr,
&etime_abs);
if (NULL == cred)
{
GNUNET_log(GNUNET_ERROR_TYPE_ERROR,
"Failed to create credential\n");
GNUNET_SCHEDULER_add_now(&do_error, handle);
return;
}
send_cred_response(handle, cred);
}
static void
issue_cred_cont(struct GNUNET_REST_RequestHandle *conndata_handle,
const char* url,
void *cls)
{
struct RequestHandle *handle = cls;
handle->identity = GNUNET_IDENTITY_connect(cfg,
NULL,
NULL);
handle->id_op = GNUNET_IDENTITY_get(handle->identity,
"credential-issuer",
&get_cred_issuer_cb,
handle);
handle->timeout_task = GNUNET_SCHEDULER_add_delayed(handle->timeout,
&do_error,
handle);
}
static void
options_cont(struct GNUNET_REST_RequestHandle *con_handle,
const char* url,
void *cls)
{
struct MHD_Response *resp;
struct RequestHandle *handle = cls;
//For GNS, independent of path return all options
resp = GNUNET_REST_create_response(NULL);
MHD_add_response_header(resp,
"Access-Control-Allow-Methods",
MHD_HTTP_METHOD_GET);
handle->proc(handle->proc_cls,
resp,
MHD_HTTP_OK);
cleanup_handle(handle);
}
static void
rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle,
GNUNET_REST_ResultProcessor proc,
void *proc_cls)
{
struct RequestHandle *handle = GNUNET_new(struct RequestHandle);
struct GNUNET_REST_RequestHandlerError err;
handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
handle->proc_cls = proc_cls;
handle->proc = proc;
handle->rest_handle = conndata_handle;
static const struct GNUNET_REST_RequestHandler handlers[] = {
{ MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont },
{ MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_COLLECT, &collect_cred_cont },
{ MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont },
{ MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont },
GNUNET_REST_HANDLER_END
};
if (GNUNET_NO == GNUNET_JSONAPI_handle_request(conndata_handle,
handlers,
&err,
handle))
{
handle->response_code = err.error_code;
GNUNET_SCHEDULER_add_now(&do_error, handle);
}
}
/**
* Entry point for the plugin.
*
* @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*"
* @return NULL on error, otherwise the plugin context
*/
void *
libgnunet_plugin_rest_credential_init(void *cls)
{
static struct Plugin plugin;
cfg = cls;
struct GNUNET_REST_Plugin *api;
if (NULL != plugin.cfg)
return NULL; /* can only initialize once! */
memset(&plugin, 0, sizeof(struct Plugin));
plugin.cfg = cfg;
api = GNUNET_new(struct GNUNET_REST_Plugin);
api->cls = &plugin;
api->name = GNUNET_REST_API_NS_CREDENTIAL;
api->process_request = &rest_credential_process_request;
GNUNET_log(GNUNET_ERROR_TYPE_INFO,
_("GNS REST API initialized\n"));
return api;
}
/**
* Exit point from the plugin.
*
* @param cls the plugin context (as returned by "init")
* @return always NULL
*/
void *
libgnunet_plugin_rest_credential_done(void *cls)
{
struct GNUNET_REST_Plugin *api = cls;
struct Plugin *plugin = api->cls;
plugin->cfg = NULL;
GNUNET_free(api);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"GNS REST plugin is finished\n");
return NULL;
}
/* end of plugin_rest_gns.c */