2 This file is part of GNUnet.
3 Copyright (C) 2016 Christian Grothoff (and other contributing authors)
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @file include/gnunet_identity_provider_service.h
23 * @brief Identity provider service; implements identity provider for GNUnet
24 * @author Martin Schanzenbach
26 * Egos in GNUnet are ECDSA keys. You assume an ego by using (signing
27 * with) a particular private key. As GNUnet users are expected to
28 * have many egos, we need an identity service to allow users to
29 * manage their egos. The identity service manages the egos (private
30 * keys) of the local user; it does NOT manage egos of other users
31 * (public keys). For giving names to other users and manage their
32 * public keys securely, we use GNS.
34 * @defgroup identity-provider service
37 #ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
38 #define GNUNET_IDENTITY_PROVIDER_SERVICE_H
43 #if 0 /* keep Emacsens' auto-indent happy */
48 #include "gnunet_util_lib.h"
52 * Version number of GNUnet Identity Provider API.
54 #define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
57 * Handle to access the identity service.
59 struct GNUNET_IDENTITY_PROVIDER_Handle;
64 struct GNUNET_IDENTITY_PROVIDER_Token;
69 struct GNUNET_IDENTITY_PROVIDER_Ticket;
72 * Handle for an operation with the identity provider service.
74 struct GNUNET_IDENTITY_PROVIDER_Operation;
77 * Method called when a token has been exchanged for a ticket.
78 * On success returns a token
81 * @param token the token
84 (*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls,
85 const struct GNUNET_IDENTITY_PROVIDER_Token *token);
88 * Method called when a token has been issued.
89 * On success returns a ticket that can be given to the audience to retrive the
93 * @param grant the label in GNS pointing to the token
94 * @param ticket the ticket
95 * @param token the issued token
96 * @param name name assigned by the user for this ego,
97 * NULL if the user just deleted the ego and it
98 * must thus no longer be used
101 (*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls,
103 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
104 const struct GNUNET_IDENTITY_PROVIDER_Token *token);
108 * Connect to the identity provider service.
110 * @param cfg Configuration to contact the identity provider service.
111 * @return handle to communicate with identity provider service
113 struct GNUNET_IDENTITY_PROVIDER_Handle *
114 GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
118 * Issue a token for a specific audience.
120 * @param id identity provider service to use
121 * @param iss issuer (identity)
122 * @param aud audience (identity)
123 * @param scope the identity attributes requested, comman separated
124 * @param expiration the token expiration
125 * @param nonce the nonce that will be included in token and ticket
126 * @param cb callback to call with result
127 * @param cb_cls closure
128 * @return handle to abort the operation
130 struct GNUNET_IDENTITY_PROVIDER_Operation *
131 GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
132 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
133 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
135 struct GNUNET_TIME_Absolute expiration,
137 GNUNET_IDENTITY_PROVIDER_IssueCallback cb,
142 * Exchange a ticket for a token. Intended to be used by audience that
145 * @param id identity provider service to use
146 * @param ticket the ticket to exchange
147 * @param aud_privkey the audience of the ticket
148 * @param cont function to call once the operation finished
149 * @param cont_cls closure for @a cont
150 * @return handle to abort the operation
152 struct GNUNET_IDENTITY_PROVIDER_Operation *
153 GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
154 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
155 const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey,
156 GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont,
161 * Disconnect from identity provider service.
163 * @param h identity provider service to disconnect
166 GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
170 * Cancel an identity provider operation. Note that the operation MAY still
171 * be executed; this merely cancels the continuation; if the request
172 * was already transmitted, the service may still choose to complete
175 * @param op operation to cancel
178 GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
188 * @param token the token
191 GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token);
194 * Returns string representation of token. A JSON-Web-Token.
196 * @param token the token
197 * @return The JWT (must be freed)
200 GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token);
203 * Returns string representation of ticket. Base64-Encoded
205 * @param ticket the ticket
206 * @return the Base64-Encoded ticket
209 GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
212 * Created a ticket from a string (Base64 encoded ticket)
214 * @param input Base64 encoded ticket
215 * @param ticket pointer where the ticket is stored
219 GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input,
220 struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket);
225 * @param ticket the ticket to destroy
228 GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
230 #if 0 /* keep Emacsens' auto-indent happy */
237 /** @} */ /* end of group identity */
239 /* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
241 /* end of gnunet_identity_provider_service.h */