2 This file is part of GNUnet.
3 Copyright (C) 2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
25 * Identity provider service; implements identity provider for GNUnet
27 * @defgroup identity-provider Identity Provider service
30 #ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
31 #define GNUNET_IDENTITY_PROVIDER_SERVICE_H
36 #if 0 /* keep Emacsens' auto-indent happy */
41 #include "gnunet_util_lib.h"
42 #include "gnunet_identity_attribute_lib.h"
45 * Version number of GNUnet Identity Provider API.
47 #define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
50 * Handle to access the identity service.
52 struct GNUNET_IDENTITY_PROVIDER_Handle;
57 struct GNUNET_IDENTITY_PROVIDER_Token;
62 struct GNUNET_IDENTITY_PROVIDER_Ticket
67 struct GNUNET_CRYPTO_EcdsaPublicKey identity;
72 struct GNUNET_CRYPTO_EcdsaPublicKey audience;
75 * The ticket random (NBO)
81 * Handle for an operation with the identity provider service.
83 struct GNUNET_IDENTITY_PROVIDER_Operation;
87 * Connect to the identity provider service.
89 * @param cfg Configuration to contact the identity provider service.
90 * @return handle to communicate with identity provider service
92 struct GNUNET_IDENTITY_PROVIDER_Handle *
93 GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
96 * Continuation called to notify client about result of the
100 * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate)
101 * #GNUNET_NO if content was already there or not found
102 * #GNUNET_YES (or other positive value) on success
103 * @param emsg NULL on success, otherwise an error message
106 (*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
112 * Store an attribute. If the attribute is already present,
113 * it is replaced with the new attribute.
115 * @param h handle to the identity provider
116 * @param pkey private key of the identity
117 * @param attr the attribute
118 * @param cont continuation to call when done
119 * @param cont_cls closure for @a cont
120 * @return handle to abort the request
122 struct GNUNET_IDENTITY_PROVIDER_Operation *
123 GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
124 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
125 const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
126 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
131 * Process an attribute that was stored in the idp.
134 * @param attr the attribute
137 (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
138 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
139 const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
144 * List all attributes for a local identity.
145 * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
146 * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
147 * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
148 * immediately, and then again after
149 * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
151 * On error (disconnect), @a error_cb will be invoked.
152 * On normal completion, @a finish_cb proc will be
155 * @param h handle to the idp
156 * @param identity identity to access
157 * @param error_cb function to call on error (i.e. disconnect),
158 * the handle is afterwards invalid
159 * @param error_cb_cls closure for @a error_cb
160 * @param proc function to call on each attribute; it
161 * will be called repeatedly with a value (if available)
162 * @param proc_cls closure for @a proc
163 * @param finish_cb function to call on completion
164 * the handle is afterwards invalid
165 * @param finish_cb_cls closure for @a finish_cb
166 * @return an iterator handle to use for iteration
168 struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
169 GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
170 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
171 GNUNET_SCHEDULER_TaskCallback error_cb,
173 GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
175 GNUNET_SCHEDULER_TaskCallback finish_cb,
176 void *finish_cb_cls);
180 * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
181 * for the next record.
183 * @param it the iterator
186 GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
190 * Stops iteration and releases the idp handle for further calls. Must
191 * be called on any iteration that has not yet completed prior to calling
192 * #GNUNET_IDENTITY_PROVIDER_disconnect.
194 * @param it the iterator
197 GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
201 * Method called when a token has been issued.
202 * On success returns a ticket that can be given to the audience to retrive the
206 * @param ticket the ticket
209 (*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
210 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
213 * Issues a ticket to another identity. The identity may use
214 * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket
215 * and retrieve the attributes specified in the AttributeList.
217 * @param id the identity provider to use
218 * @param iss the issuing identity
219 * @param rp the subject of the ticket (the relying party)
220 * @param attr the attributes that the relying party is given access to
221 * @param cb the callback
222 * @param cb_cls the callback closure
223 * @return handle to abort the operation
225 struct GNUNET_IDENTITY_PROVIDER_Operation *
226 GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
227 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
228 const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
229 const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
230 GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
234 * Revoked an issued ticket. The relying party will be unable to retrieve
235 * updated attributes.
237 * @param id the identity provider to use
238 * @param identity the issuing identity
239 * @param ticket the ticket to revoke
240 * @param cb the callback
241 * @param cb_cls the callback closure
242 * @return handle to abort the operation
244 struct GNUNET_IDENTITY_PROVIDER_Operation *
245 GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
246 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
247 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
248 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
254 * Consumes an issued ticket. The ticket is persisted
255 * and used to retrieve identity information from the issuer
257 * @param id the identity provider to use
258 * @param identity the identity that is the subject of the issued ticket (the audience)
259 * @param ticket the issued ticket to consume
260 * @param cb the callback to call
261 * @param cb_cls the callback closure
262 * @return handle to abort the operation
264 struct GNUNET_IDENTITY_PROVIDER_Operation *
265 GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
266 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
267 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
268 GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
272 * Lists all tickets that have been issued to remote
273 * identites (relying parties)
275 * @param h the identity provider to use
276 * @param identity the issuing identity
277 * @param error_cb function to call on error (i.e. disconnect),
278 * the handle is afterwards invalid
279 * @param error_cb_cls closure for @a error_cb
280 * @param proc function to call on each ticket; it
281 * will be called repeatedly with a value (if available)
282 * @param proc_cls closure for @a proc
283 * @param finish_cb function to call on completion
284 * the handle is afterwards invalid
285 * @param finish_cb_cls closure for @a finish_cb
286 * @return an iterator handle to use for iteration
288 struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
289 GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
290 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
291 GNUNET_SCHEDULER_TaskCallback error_cb,
293 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
295 GNUNET_SCHEDULER_TaskCallback finish_cb,
296 void *finish_cb_cls);
299 * Lists all tickets that have been issued to remote
300 * identites (relying parties)
302 * @param id the identity provider to use
303 * @param identity the issuing identity
304 * @param error_cb function to call on error (i.e. disconnect),
305 * the handle is afterwards invalid
306 * @param error_cb_cls closure for @a error_cb
307 * @param proc function to call on each ticket; it
308 * will be called repeatedly with a value (if available)
309 * @param proc_cls closure for @a proc
310 * @param finish_cb function to call on completion
311 * the handle is afterwards invalid
312 * @param finish_cb_cls closure for @a finish_cb
313 * @return an iterator handle to use for iteration
315 struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
316 GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
317 const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
318 GNUNET_SCHEDULER_TaskCallback error_cb,
320 GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
322 GNUNET_SCHEDULER_TaskCallback finish_cb,
323 void *finish_cb_cls);
326 * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
327 * for the next record.
329 * @param it the iterator
332 GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
335 * Stops iteration and releases the idp handle for further calls. Must
336 * be called on any iteration that has not yet completed prior to calling
337 * #GNUNET_IDENTITY_PROVIDER_disconnect.
339 * @param it the iterator
342 GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
345 * Disconnect from identity provider service.
347 * @param h identity provider service to disconnect
350 GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
354 * Cancel an identity provider operation. Note that the operation MAY still
355 * be executed; this merely cancels the continuation; if the request
356 * was already transmitted, the service may still choose to complete
359 * @param op operation to cancel
362 GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
364 #if 0 /* keep Emacsens' auto-indent happy */
372 /* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
375 /** @} */ /* end of group identity */
377 /* end of gnunet_identity_provider_service.h */