2 This file is part of GNUnet.
3 Copyright (C) 2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
25 * Identity provider service; implements identity provider for GNUnet
27 * @defgroup identity-provider Identity Provider service
30 #ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
31 #define GNUNET_IDENTITY_PROVIDER_SERVICE_H
36 #if 0 /* keep Emacsens' auto-indent happy */
41 #include "gnunet_util_lib.h"
45 * Version number of GNUnet Identity Provider API.
47 #define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
50 * Handle to access the identity service.
52 struct GNUNET_IDENTITY_PROVIDER_Handle;
57 struct GNUNET_IDENTITY_PROVIDER_Token;
62 struct GNUNET_IDENTITY_PROVIDER_Ticket
67 struct GNUNET_CRYPTO_EcdsaPublicKey identity;
72 struct GNUNET_CRYPTO_EcdsaPublicKey audience;
75 * The ticket random (NBO)
81 * Handle for an operation with the identity provider service.
83 struct GNUNET_IDENTITY_PROVIDER_Operation;
86 * Flags that can be set for an attribute.
88 enum GNUNET_IDENTITY_PROVIDER_AttributeType
94 GNUNET_IDENTITY_PROVIDER_AT_NULL = 0,
99 GNUNET_IDENTITY_PROVIDER_AT_STRING = 1,
108 struct GNUNET_IDENTITY_PROVIDER_Attribute
114 uint32_t attribute_type;
119 uint32_t attribute_version;
122 * Number of bytes in @e data.
127 * The name of the attribute. Note "name" must never be individually
133 * Binary value stored as attribute value. Note: "data" must never
134 * be individually 'malloc'ed, but instead always points into some
135 * existing data area.
141 struct GNUNET_IDENTITY_PROVIDER_AttributeList
146 struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_head;
151 struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *list_tail;
154 struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry
159 struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *prev;
164 struct GNUNET_IDENTITY_PROVIDER_AttributeListEntry *next;
169 struct GNUNET_IDENTITY_PROVIDER_Attribute *attribute;
173 * Connect to the identity provider service.
175 * @param cfg Configuration to contact the identity provider service.
176 * @return handle to communicate with identity provider service
178 struct GNUNET_IDENTITY_PROVIDER_Handle *
179 GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
182 * Continuation called to notify client about result of the
186 * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate)
187 * #GNUNET_NO if content was already there or not found
188 * #GNUNET_YES (or other positive value) on success
189 * @param emsg NULL on success, otherwise an error message
192 (*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
198 * Store an attribute. If the attribute is already present,
199 * it is replaced with the new attribute.
201 * @param h handle to the identity provider
202 * @param pkey private key of the identity
203 * @param attr the attribute
204 * @param cont continuation to call when done
205 * @param cont_cls closure for @a cont
206 * @return handle to abort the request
208 struct GNUNET_IDENTITY_PROVIDER_Operation *
209 GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
210 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
211 const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
212 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
217 * Create a new attribute.
219 * @param name the attribute name
220 * @param type the attribute type
221 * @param data the attribute value
222 * @param data_size the attribute value size
223 * @return the new attribute
225 struct GNUNET_IDENTITY_PROVIDER_Attribute *
226 GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name,
232 * Process an attribute that was stored in the idp.
235 * @param attr the attribute
238 (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
239 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
240 const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr);
245 * List all attributes for a local identity.
246 * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
247 * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
248 * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
249 * immediately, and then again after
250 * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
252 * On error (disconnect), @a error_cb will be invoked.
253 * On normal completion, @a finish_cb proc will be
256 * @param h handle to the idp
257 * @param identity identity to access
258 * @param error_cb function to call on error (i.e. disconnect),
259 * the handle is afterwards invalid
260 * @param error_cb_cls closure for @a error_cb
261 * @param proc function to call on each attribute; it
262 * will be called repeatedly with a value (if available)
263 * @param proc_cls closure for @a proc
264 * @param finish_cb function to call on completion
265 * the handle is afterwards invalid
266 * @param finish_cb_cls closure for @a finish_cb
267 * @return an iterator handle to use for iteration
269 struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
270 GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
271 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
272 GNUNET_SCHEDULER_TaskCallback error_cb,
274 GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
276 GNUNET_SCHEDULER_TaskCallback finish_cb,
277 void *finish_cb_cls);
281 * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
282 * for the next record.
284 * @param it the iterator
287 GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
291 * Stops iteration and releases the idp handle for further calls. Must
292 * be called on any iteration that has not yet completed prior to calling
293 * #GNUNET_IDENTITY_PROVIDER_disconnect.
295 * @param it the iterator
298 GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
302 * Method called when a token has been issued.
303 * On success returns a ticket that can be given to the audience to retrive the
307 * @param ticket the ticket
310 (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
311 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
314 * Issues a ticket to another identity. The identity may use
315 * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket
316 * and retrieve the attributes specified in the AttributeList.
318 * @param id the identity provider to use
319 * @param iss the issuing identity
320 * @param rp the subject of the ticket (the relying party)
321 * @param attr the attributes that the relying party is given access to
322 * @param cb the callback
323 * @param cb_cls the callback closure
324 * @return handle to abort the operation
326 struct GNUNET_IDENTITY_PROVIDER_Operation *
327 GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
328 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
329 const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
330 const struct GNUNET_IDENTITY_PROVIDER_AttributeList *attrs,
331 GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
335 * Revoked an issued ticket. The relying party will be unable to retrieve
336 * updated attributes.
338 * @param id the identity provider to use
339 * @param identity the issuing identity
340 * @param ticket the ticket to revoke
341 * @param cb the callback
342 * @param cb_cls the callback closure
343 * @return handle to abort the operation
345 struct GNUNET_IDENTITY_PROVIDER_Operation *
346 GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
347 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
348 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
349 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
355 * Consumes an issued ticket. The ticket is persisted
356 * and used to retrieve identity information from the issuer
358 * @param id the identity provider to use
359 * @param identity the identity that is the subject of the issued ticket (the audience)
360 * @param ticket the issued ticket to consume
361 * @param cb the callback to call
362 * @param cb_cls the callback closure
363 * @return handle to abort the operation
365 struct GNUNET_IDENTITY_PROVIDER_Operation *
366 GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
367 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
368 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
369 GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
373 * Lists all tickets that have been issued to remote
374 * identites (relying parties)
376 * @param h the identity provider to use
377 * @param identity the issuing identity
378 * @param error_cb function to call on error (i.e. disconnect),
379 * the handle is afterwards invalid
380 * @param error_cb_cls closure for @a error_cb
381 * @param proc function to call on each ticket; it
382 * will be called repeatedly with a value (if available)
383 * @param proc_cls closure for @a proc
384 * @param finish_cb function to call on completion
385 * the handle is afterwards invalid
386 * @param finish_cb_cls closure for @a finish_cb
387 * @return an iterator handle to use for iteration
389 struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
390 GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
391 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
392 GNUNET_SCHEDULER_TaskCallback error_cb,
394 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
396 GNUNET_SCHEDULER_TaskCallback finish_cb,
397 void *finish_cb_cls);
400 * Lists all tickets that have been issued to remote
401 * identites (relying parties)
403 * @param id the identity provider to use
404 * @param identity the issuing identity
405 * @param error_cb function to call on error (i.e. disconnect),
406 * the handle is afterwards invalid
407 * @param error_cb_cls closure for @a error_cb
408 * @param proc function to call on each ticket; it
409 * will be called repeatedly with a value (if available)
410 * @param proc_cls closure for @a proc
411 * @param finish_cb function to call on completion
412 * the handle is afterwards invalid
413 * @param finish_cb_cls closure for @a finish_cb
414 * @return an iterator handle to use for iteration
416 struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
417 GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
418 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
419 GNUNET_SCHEDULER_TaskCallback error_cb,
421 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
423 GNUNET_SCHEDULER_TaskCallback finish_cb,
424 void *finish_cb_cls);
427 * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
428 * for the next record.
430 * @param it the iterator
433 GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
436 * Stops iteration and releases the idp handle for further calls. Must
437 * be called on any iteration that has not yet completed prior to calling
438 * #GNUNET_IDENTITY_PROVIDER_disconnect.
440 * @param it the iterator
443 GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
446 * Disconnect from identity provider service.
448 * @param h identity provider service to disconnect
451 GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
455 * Cancel an identity provider operation. Note that the operation MAY still
456 * be executed; this merely cancels the continuation; if the request
457 * was already transmitted, the service may still choose to complete
460 * @param op operation to cancel
463 GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
465 #if 0 /* keep Emacsens' auto-indent happy */
473 /* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
476 /** @} */ /* end of group identity */
478 /* end of gnunet_identity_provider_service.h */