src/credential/gnunet-credential.c

   1 /*
   2      This file is part of GNUnet.
   3      Copyright (C) 2012-2013 GNUnet e.V.
   4
   5      GNUnet is free software; you can redistribute it and/or modify
   6      it under the terms of the GNU General Public License as published
   7      by the Free Software Foundation; either version 3, or (at your
   8      option) any later version.
   9
  10      GNUnet is distributed in the hope that it will be useful, but
  11      WITHOUT ANY WARRANTY; without even the implied warranty of
  12      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13      General Public License for more details.
  14
  15      You should have received a copy of the GNU General Public License
  16      along with GNUnet; see the file COPYING.  If not, write to the
  17      Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
  18      Boston, MA 02110-1301, USA.
  19 */
  20 /**
  21  * @file gnunet-credential.c
  22  * @brief command line tool to access command line Credential service
  23  * @author Adnan Husain
  24  */
  25 #include "platform.h"
  26 #include <gnunet_util_lib.h>
  27 #include <gnunet_credential_service.h>
  28 #include <gnunet_gnsrecord_lib.h>
  29
  30 /**
  31  * Configuration we are using.
  32  */
  33 static const struct GNUNET_CONFIGURATION_Handle *cfg;
  34
  35 /**
  36  * EgoLookup
  37  */
  38 static struct GNUNET_IDENTITY_EgoLookup *el;
  39
  40 /**
  41  * Handle to Credential service.
  42  */
  43 static struct GNUNET_CREDENTIAL_Handle *credential;
  44
  45 /**
  46  * Desired timeout for the lookup (default is no timeout).
  47  */
  48 static struct GNUNET_TIME_Relative timeout;
  49
  50 /**
  51  * Handle to verify request
  52  */
  53 static struct GNUNET_CREDENTIAL_Request *verify_request;
  54
  55 /**
  56  * Task scheduled to handle timeout.
  57  */
  58 static struct GNUNET_SCHEDULER_Task *tt;
  59
  60 /**
  61  * Subject pubkey string
  62  */
  63 static char *subject_key;
  64
  65 /**
  66  * Subject credential string
  67  */
  68 static char *subject_credential;
  69
  70 /**
  71  * Credential TTL
  72  */
  73 static char *expiration;
  74
  75 /**
  76  * Subject key
  77  */
  78 struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey;
  79
  80 /**
  81  * Issuer key
  82  */
  83 struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey;
  84
  85
  86 /**
  87  * Issuer pubkey string
  88  */
  89 static char *issuer_key;
  90
  91 /**
  92  * Issuer ego
  93  */
  94 static char *issuer_ego_name;
  95
  96 /**
  97  * Issuer attribute
  98  */
  99 static char *issuer_attr;
 100
 101 /**
 102  * Verify mode
 103  */
 104 static uint32_t verify;
 105
 106 /**
 107  * Issue mode
 108  */
 109 static uint32_t create_cred;
 110
 111
 112 /**
 113  * Task run on shutdown.  Cleans up everything.
 114  *
 115  * @param cls unused
 116  */
 117 static void
 118 do_shutdown (void *cls)
 119 {
 120   if (NULL != verify_request)
 121   {
 122     GNUNET_CREDENTIAL_verify_cancel (verify_request);
 123     verify_request = NULL;
 124   }
 125   if (NULL != credential)
 126   {
 127     GNUNET_CREDENTIAL_disconnect (credential);
 128     credential = NULL;
 129   }
 130   if (NULL != tt)
 131   {
 132     GNUNET_SCHEDULER_cancel (tt);
 133     tt = NULL;
 134   }
 135 }
 136
 137
 138 /**
 139  * Task run on timeout. Triggers shutdown.
 140  *
 141  * @param cls unused
 142  */
 143 static void
 144 do_timeout (void *cls)
 145 {
 146   tt = NULL;
 147   GNUNET_SCHEDULER_shutdown ();
 148 }
 149
 150
 151 /**
 152  * Function called with the result of a Credential lookup.
 153  *
 154  * @param cls the 'const char *' name that was resolved
 155  * @param cd_count number of records returned
 156  * @param cd array of @a cd_count records with the results
 157  */
 158 static void
 159 handle_verify_result (void *cls,
 160                       unsigned int d_count,
 161                       struct GNUNET_CREDENTIAL_Delegation *dc,
 162                       unsigned int c_count,
 163                       struct GNUNET_CREDENTIAL_Credential *cred)
 164 {
 165   int i;
 166   char* iss_key;
 167   char* sub_key;
 168
 169   verify_request = NULL;
 170   if (NULL == cred)
 171     printf ("Failed.\n");
 172   else
 173   {
 174     printf("Delegation Chain:\n");
 175     for (i=0;i<d_count;i++)
 176     {
 177       iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].issuer_key);
 178       sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].subject_key);
 179       if (0 != dc[i].subject_attribute_len)
 180       {
 181         printf ("(%d) %s.%s <- %s.%s\n", i,
 182                 iss_key, dc[i].issuer_attribute,
 183                 sub_key, dc[i].subject_attribute);
 184       } else {
 185         printf ("(%d) %s.%s <- %s\n", i,
 186                 iss_key, dc[i].issuer_attribute,
 187                 sub_key);
 188       }
 189       GNUNET_free (iss_key);
 190       GNUNET_free (sub_key);
 191     }
 192     printf("\nCredentials:\n");
 193     for (i=0;i<c_count;i++)
 194     {
 195       iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred[i].issuer_key);
 196       sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred[i].subject_key);
 197       printf ("%s.%s <- %s\n",
 198               iss_key, cred[i].issuer_attribute,
 199               sub_key);
 200       GNUNET_free (iss_key);
 201       GNUNET_free (sub_key);
 202
 203     }
 204     printf ("Successful.\n");
 205   }
 206
 207
 208   GNUNET_SCHEDULER_shutdown ();
 209 }
 210
 211 /**
 212  * Callback invoked from identity service with ego information.
 213  * An @a ego of NULL means the ego was not found.
 214  *
 215  * @param cls closure with the configuration
 216  * @param ego an ego known to identity service, or NULL
 217  */
 218 static void
 219 identity_cb (void *cls,
 220              const struct GNUNET_IDENTITY_Ego *ego)
 221 {
 222   const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
 223   struct GNUNET_CREDENTIAL_CredentialRecordData *crd;
 224   struct GNUNET_TIME_Absolute etime_abs;
 225   struct GNUNET_TIME_Relative etime_rel;
 226   char *res;
 227
 228   el = NULL;
 229   if (NULL == ego)
 230   {
 231     if (NULL != issuer_ego_name)
 232     {
 233       fprintf (stderr,
 234                _("Ego `%s' not known to identity service\n"),
 235                issuer_ego_name);
 236     }
 237     GNUNET_SCHEDULER_shutdown ();
 238     return;
 239   }
 240   if (NULL == expiration)
 241   {
 242     fprintf (stderr,
 243              "Please specify a TTL\n");
 244     GNUNET_SCHEDULER_shutdown ();
 245     return;
 246   } else if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration,
 247                                                                  &etime_rel))
 248   {
 249     etime_abs = GNUNET_TIME_relative_to_absolute (etime_rel);
 250   } else if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (expiration,
 251                                                                  &etime_abs))
 252   {
 253     fprintf (stderr,
 254              "%s is not a valid ttl!\n",
 255              expiration);
 256     GNUNET_SCHEDULER_shutdown ();
 257     return;
 258   }
 259
 260
 261   privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
 262   GNUNET_free_non_null (issuer_ego_name);
 263   issuer_ego_name = NULL;
 264   crd = GNUNET_CREDENTIAL_issue (credential,
 265                                  privkey,
 266                                  &subject_pkey,
 267                                  issuer_attr,
 268                                  &etime_abs);
 269   res =  GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_CREDENTIAL,
 270                                            crd,
 271                                            sizeof (struct GNUNET_CREDENTIAL_CredentialRecordData) + strlen (issuer_attr) + 1);
 272   printf ("%s\n", res);
 273   GNUNET_SCHEDULER_shutdown ();
 274 }
 275
 276
 277
 278
 279 /**
 280  * Main function that will be run.
 281  *
 282  * @param cls closure
 283  * @param args remaining command-line arguments
 284  * @param cfgfile name of the configuration file used (for saving, can be NULL!)
 285  * @param c configuration
 286  */
 287 static void
 288 run (void *cls,
 289      char *const *args,
 290      const char *cfgfile,
 291      const struct GNUNET_CONFIGURATION_Handle *c)
 292 {
 293
 294   cfg = c;
 295
 296
 297   tt = GNUNET_SCHEDULER_add_delayed (timeout,
 298                                      &do_timeout, NULL);
 299   GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
 300
 301
 302
 303   if (NULL == subject_key)
 304   {
 305     fprintf (stderr,
 306              _("Subject public key needed\n"));
 307     GNUNET_SCHEDULER_shutdown ();
 308     return;
 309
 310   }
 311   if (GNUNET_OK !=
 312       GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_key,
 313                                                   strlen (subject_key),
 314                                                   &subject_pkey))
 315   {
 316     fprintf (stderr,
 317              _("Subject public key `%s' is not well-formed\n"),
 318              subject_key);
 319     GNUNET_SCHEDULER_shutdown ();
 320     return;
 321   }
 322
 323   if (GNUNET_YES == verify) {
 324     if (NULL == issuer_key)
 325     {
 326       fprintf (stderr,
 327                _("Issuer public key not well-formed\n"));
 328       GNUNET_SCHEDULER_shutdown ();
 329       return;
 330
 331     }
 332     if (GNUNET_OK !=
 333         GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key,
 334                                                     strlen (issuer_key),
 335                                                     &issuer_pkey))
 336     {
 337       fprintf (stderr,
 338                _("Issuer public key `%s' is not well-formed\n"),
 339                issuer_key);
 340       GNUNET_SCHEDULER_shutdown ();
 341     }
 342     credential = GNUNET_CREDENTIAL_connect (cfg);
 343
 344     if (NULL == credential)
 345     {
 346       fprintf (stderr,
 347                _("Failed to connect to CREDENTIAL\n"));
 348       GNUNET_SCHEDULER_shutdown ();
 349     }
 350
 351     if (NULL == issuer_attr || NULL == subject_credential)
 352     {
 353       fprintf (stderr,
 354                _("You must provide issuer and subject attributes\n"));
 355       GNUNET_SCHEDULER_shutdown ();
 356     }
 357
 358     printf ("Trying to find a chain from a credential under %s of %s to the attribute %s issued by %s\n",
 359             subject_credential, subject_key, issuer_attr, issuer_key);
 360
 361     verify_request = GNUNET_CREDENTIAL_verify(credential,
 362                                               &issuer_pkey,
 363                                               issuer_attr, //TODO argument
 364                                               &subject_pkey,
 365                                               subject_credential,
 366                                               &handle_verify_result,
 367                                               NULL);
 368   } else if (GNUNET_YES == create_cred) {
 369     if (NULL == issuer_ego_name)
 370     {
 371       fprintf (stderr,
 372                _("Issuer ego required\n"));
 373       GNUNET_SCHEDULER_shutdown ();
 374       return;
 375
 376     }
 377     el = GNUNET_IDENTITY_ego_lookup (cfg,
 378                                      issuer_ego_name,
 379                                      &identity_cb,
 380                                      (void *) cfg);
 381     return;
 382   } else {
 383     fprintf (stderr,
 384              _("Please specify name to lookup, subject key and issuer key!\n"));
 385     GNUNET_SCHEDULER_shutdown ();
 386   }
 387   return;
 388 }
 389
 390
 391 /**
 392  * The main function for gnunet-gns.
 393  *
 394  * @param argc number of arguments from the command line
 395  * @param argv command line arguments
 396  * @return 0 ok, 1 on error
 397  */
 398 int
 399 main (int argc, char *const *argv)
 400 {
 401   static const struct GNUNET_GETOPT_CommandLineOption options[] = {
 402     {'I', "issue", NULL,
 403       gettext_noop ("create credential"), 0,
 404       &GNUNET_GETOPT_set_one, &create_cred},
 405     {'V', "verify", NULL,
 406       gettext_noop ("verify credential against attribute"), 0,
 407       &GNUNET_GETOPT_set_one, &verify},
 408     {'s', "subject", "PKEY",
 409       gettext_noop ("The public key of the subject to lookup the credential for"), 1,
 410       &GNUNET_GETOPT_set_string, &subject_key},
 411     {'b', "credential", "CRED",
 412       gettext_noop ("The name of the credential presented by the subject"), 1,
 413       &GNUNET_GETOPT_set_string, &subject_credential},
 414     {'i', "issuer", "PKEY",
 415       gettext_noop ("The public key of the authority to verify the credential against"), 1,
 416       &GNUNET_GETOPT_set_string, &issuer_key},
 417     {'e', "ego", "EGO",
 418       gettext_noop ("The ego to use to issue"), 1,
 419       &GNUNET_GETOPT_set_string, &issuer_ego_name},
 420     {'a', "attribute", "ATTR",
 421       gettext_noop ("The issuer attribute to verify against or to issue"), 1,
 422       &GNUNET_GETOPT_set_string, &issuer_attr},
 423     {'T', "ttl", "EXP",
 424       gettext_noop ("The time to live for the credential"), 1,
 425       &GNUNET_GETOPT_set_string, &expiration},
 426     GNUNET_GETOPT_OPTION_END
 427   };
 428   int ret;
 429
 430   timeout = GNUNET_TIME_UNIT_FOREVER_REL;
 431   if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
 432     return 2;
 433
 434   GNUNET_log_setup ("gnunet-credential", "WARNING", NULL);
 435   ret =
 436     (GNUNET_OK ==
 437      GNUNET_PROGRAM_run (argc, argv, "gnunet-credential",
 438                          _("GNUnet credential resolver tool"),
 439                          options,
 440                          &run, NULL)) ? 0 : 1;
 441   GNUNET_free ((void*) argv);
 442   return ret;
 443 }
 444
 445 /* end of gnunet-credential.c */