2 This file is part of GNUnet.
3 Copyright (C) 2012-2013 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
21 * @file gnunet-credential.c
22 * @brief command line tool to access command line Credential service
23 * @author Adnan Husain
26 #include <gnunet_util_lib.h>
27 #include <gnunet_credential_service.h>
28 #include <gnunet_gnsrecord_lib.h>
31 * Configuration we are using.
33 static const struct GNUNET_CONFIGURATION_Handle *cfg;
38 static struct GNUNET_IDENTITY_EgoLookup *el;
41 * Handle to Credential service.
43 static struct GNUNET_CREDENTIAL_Handle *credential;
46 * Desired timeout for the lookup (default is no timeout).
48 static struct GNUNET_TIME_Relative timeout;
51 * Handle to verify request
53 static struct GNUNET_CREDENTIAL_Request *verify_request;
56 * Task scheduled to handle timeout.
58 static struct GNUNET_SCHEDULER_Task *tt;
61 * Subject pubkey string
63 static char *subject_key;
66 * Subject credential string
68 static char *subject_credential;
73 static char *expiration;
78 struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey;
83 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey;
87 * Issuer pubkey string
89 static char *issuer_key;
94 static char *issuer_ego_name;
99 static char *issuer_attr;
104 static uint32_t verify;
109 static uint32_t create_cred;
113 * Task run on shutdown. Cleans up everything.
118 do_shutdown (void *cls)
120 if (NULL != verify_request)
122 GNUNET_CREDENTIAL_verify_cancel (verify_request);
123 verify_request = NULL;
125 if (NULL != credential)
127 GNUNET_CREDENTIAL_disconnect (credential);
132 GNUNET_SCHEDULER_cancel (tt);
139 * Task run on timeout. Triggers shutdown.
144 do_timeout (void *cls)
147 GNUNET_SCHEDULER_shutdown ();
152 * Function called with the result of a Credential lookup.
154 * @param cls the 'const char *' name that was resolved
155 * @param cd_count number of records returned
156 * @param cd array of @a cd_count records with the results
159 handle_verify_result (void *cls,
160 unsigned int d_count,
161 struct GNUNET_CREDENTIAL_Delegation *dc,
162 unsigned int c_count,
163 struct GNUNET_CREDENTIAL_Credential *cred)
169 verify_request = NULL;
171 printf ("Failed.\n");
174 printf("Delegation Chain:\n");
175 for (i=0;i<d_count;i++)
177 iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].issuer_key);
178 sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].subject_key);
179 if (0 != dc[i].subject_attribute_len)
181 printf ("(%d) %s.%s <- %s.%s\n", i,
182 iss_key, dc[i].issuer_attribute,
183 sub_key, dc[i].subject_attribute);
185 printf ("(%d) %s.%s <- %s\n", i,
186 iss_key, dc[i].issuer_attribute,
189 GNUNET_free (iss_key);
190 GNUNET_free (sub_key);
192 printf("\nCredentials:\n");
193 for (i=0;i<c_count;i++)
195 iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred[i].issuer_key);
196 sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred[i].subject_key);
197 printf ("%s.%s <- %s\n",
198 iss_key, cred[i].issuer_attribute,
200 GNUNET_free (iss_key);
201 GNUNET_free (sub_key);
204 printf ("Successful.\n");
208 GNUNET_SCHEDULER_shutdown ();
212 * Callback invoked from identity service with ego information.
213 * An @a ego of NULL means the ego was not found.
215 * @param cls closure with the configuration
216 * @param ego an ego known to identity service, or NULL
219 identity_cb (void *cls,
220 const struct GNUNET_IDENTITY_Ego *ego)
222 const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
223 struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
224 struct GNUNET_TIME_Absolute etime_abs;
225 struct GNUNET_TIME_Relative etime_rel;
231 if (NULL != issuer_ego_name)
234 _("Ego `%s' not known to identity service\n"),
237 GNUNET_SCHEDULER_shutdown ();
240 if (NULL == expiration)
243 "Please specify a TTL\n");
244 GNUNET_SCHEDULER_shutdown ();
246 } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration,
249 etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
250 } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration,
254 "%s is not a valid ttl!\n",
256 GNUNET_SCHEDULER_shutdown ();
261 privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
262 GNUNET_free_non_null (issuer_ego_name);
263 issuer_ego_name = NULL;
264 crd = GNUNET_CREDENTIAL_issue (credential,
269 res = GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL,
271 sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
272 printf ("%s\n", res);
273 GNUNET_SCHEDULER_shutdown ();
280 * Main function that will be run.
283 * @param args remaining command-line arguments
284 * @param cfgfile name of the configuration file used (for saving, can be NULL!)
285 * @param c configuration
291 const struct GNUNET_CONFIGURATION_Handle *c)
297 tt = GNUNET_SCHEDULER_add_delayed (timeout,
299 GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
303 if (NULL == subject_key)
306 _("Subject public key needed\n"));
307 GNUNET_SCHEDULER_shutdown ();
312 GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key,
313 strlen (subject_key),
317 _("Subject public key `%s' is not well-formed\n"),
319 GNUNET_SCHEDULER_shutdown ();
323 if (GNUNET_YES == verify) {
324 if (NULL == issuer_key)
327 _("Issuer public key not well-formed\n"));
328 GNUNET_SCHEDULER_shutdown ();
333 GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key,
338 _("Issuer public key `%s' is not well-formed\n"),
340 GNUNET_SCHEDULER_shutdown ();
342 credential = GNUNET_CREDENTIAL_connect (cfg);
344 if (NULL == credential)
347 _("Failed to connect to CREDENTIAL\n"));
348 GNUNET_SCHEDULER_shutdown ();
351 if (NULL == issuer_attr || NULL == subject_credential)
354 _("You must provide issuer and subject attributes\n"));
355 GNUNET_SCHEDULER_shutdown ();
358 printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n",
359 subject_credential, subject_key, issuer_attr, issuer_key);
361 verify_request = GNUNET_CREDENTIAL_verify(credential,
363 issuer_attr, //TODO argument
366 &handle_verify_result,
368 } else if (GNUNET_YES == create_cred) {
369 if (NULL == issuer_ego_name)
372 _("Issuer ego required\n"));
373 GNUNET_SCHEDULER_shutdown ();
377 el = GNUNET_IDENTITY_ego_lookup (cfg,
384 _("Please specify name to lookup, subject key and issuer key!\n"));
385 GNUNET_SCHEDULER_shutdown ();
392 * The main function for gnunet-gns.
394 * @param argc number of arguments from the command line
395 * @param argv command line arguments
396 * @return 0 ok, 1 on error
399 main (int argc, char *const *argv)
401 static const struct GNUNET_GETOPT_CommandLineOption options[] = {
403 gettext_noop ("create credential"), 0,
404 &GNUNET_GETOPT_set_one, &create_cred},
405 {'V', "verify", NULL,
406 gettext_noop ("verify credential against attribute"), 0,
407 &GNUNET_GETOPT_set_one, &verify},
408 {'s', "subject", "PKEY",
409 gettext_noop ("The public key of the subject to lookup the credential for"), 1,
410 &GNUNET_GETOPT_set_string, &subject_key},
411 {'b', "credential", "CRED",
412 gettext_noop ("The name of the credential presented by the subject"), 1,
413 &GNUNET_GETOPT_set_string, &subject_credential},
414 {'i', "issuer", "PKEY",
415 gettext_noop ("The public key of the authority to verify the credential against"), 1,
416 &GNUNET_GETOPT_set_string, &issuer_key},
418 gettext_noop ("The ego to use to issue"), 1,
419 &GNUNET_GETOPT_set_string, &issuer_ego_name},
420 {'a', "attribute", "ATTR",
421 gettext_noop ("The issuer attribute to verify against or to issue"), 1,
422 &GNUNET_GETOPT_set_string, &issuer_attr},
424 gettext_noop ("The time to live for the credential"), 1,
425 &GNUNET_GETOPT_set_string, &expiration},
426 GNUNET_GETOPT_OPTION_END
430 timeout = GNUNET_TIME_UNIT_FOREVER_REL;
431 if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
434 GNUNET_log_setup ("gnunet-credential", "WARNING", NULL);
437 GNUNET_PROGRAM_run (argc, argv, "gnunet-credential",
438 _("GNUnet credential resolver tool"),
440 &run, NULL)) ? 0 : 1;
441 GNUNET_free ((void*) argv);
445 /* end of gnunet-credential.c */