2 This file is part of GNUnet.
3 Copyright (C) 2016 GNUnet e.V.
5 GNUnet is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published
7 by the Free Software Foundation; either version 3, or (at your
8 option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with GNUnet; see the file COPYING. If not, write to the
17 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 Boston, MA 02110-1301, USA.
22 * @author Martin Schanzenbach
25 * Identity provider service; implements identity provider for GNUnet
27 * @defgroup identity-provider Identity Provider service
30 #ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
31 #define GNUNET_IDENTITY_PROVIDER_SERVICE_H
36 #if 0 /* keep Emacsens' auto-indent happy */
41 #include "gnunet_util_lib.h"
45 * Version number of GNUnet Identity Provider API.
47 #define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
50 * Handle to access the identity service.
52 struct GNUNET_IDENTITY_PROVIDER_Handle;
57 struct GNUNET_IDENTITY_PROVIDER_Token;
62 struct GNUNET_IDENTITY_PROVIDER_Ticket;
65 * Handle for an operation with the identity provider service.
67 struct GNUNET_IDENTITY_PROVIDER_Operation;
70 * Flags that can be set for an attribute.
72 enum GNUNET_IDENTITY_PROVIDER_AttributeType
78 GNUNET_IDENTITY_PROVIDER_AT_NULL = 0,
83 GNUNET_IDENTITY_PROVIDER_AT_STRING = 1,
92 struct GNUNET_IDENTITY_PROVIDER_Attribute
98 uint32_t attribute_type;
101 * Number of bytes in @e data.
106 * The name of the attribute. Note "name" must never be individually
112 * Binary value stored as attribute value. Note: "data" must never
113 * be individually 'malloc'ed, but instead always points into some
114 * existing data area.
123 * Method called when a token has been exchanged for a ticket.
124 * On success returns a token
127 * @param token the token
130 (*GNUNET_IDENTITY_PROVIDER_ExchangeCallback)(void *cls,
131 const struct GNUNET_IDENTITY_PROVIDER_Token *token,
132 uint64_t ticket_nonce);
135 * Method called when a token has been issued.
136 * On success returns a ticket that can be given to the audience to retrive the
140 * @param grant the label in GNS pointing to the token
141 * @param ticket the ticket
142 * @param token the issued token
143 * @param name name assigned by the user for this ego,
144 * NULL if the user just deleted the ego and it
145 * must thus no longer be used
148 (*GNUNET_IDENTITY_PROVIDER_IssueCallback)(void *cls,
150 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
151 const struct GNUNET_IDENTITY_PROVIDER_Token *token);
155 * Connect to the identity provider service.
157 * @param cfg Configuration to contact the identity provider service.
158 * @return handle to communicate with identity provider service
160 struct GNUNET_IDENTITY_PROVIDER_Handle *
161 GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
164 * Continuation called to notify client about result of the
168 * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate)
169 * #GNUNET_NO if content was already there or not found
170 * #GNUNET_YES (or other positive value) on success
171 * @param emsg NULL on success, otherwise an error message
174 (*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
180 * Store an attribute. If the attribute is already present,
181 * it is replaced with the new attribute.
183 * @param h handle to the identity provider
184 * @param pkey private key of the identity
185 * @param attr the attribute
186 * @param cont continuation to call when done
187 * @param cont_cls closure for @a cont
188 * @return handle to abort the request
190 struct GNUNET_IDENTITY_PROVIDER_Operation *
191 GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
192 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
193 const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr,
194 GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
199 * Create a new attribute.
201 * @param name the attribute name
202 * @param type the attribute type
203 * @param data the attribute value
204 * @param data_size the attribute value size
205 * @return the new attribute
207 struct GNUNET_IDENTITY_PROVIDER_Attribute *
208 GNUNET_IDENTITY_PROVIDER_attribute_new (const char* attr_name,
214 * Process an attribute that was stored in the idp.
217 * @param attr the attribute
220 (*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
221 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
222 const struct GNUNET_IDENTITY_PROVIDER_Attribute *attr);
227 * List all attributes for a local identity.
228 * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
229 * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
230 * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
231 * immediately, and then again after
232 * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
234 * On error (disconnect), @a error_cb will be invoked.
235 * On normal completion, @a finish_cb proc will be
238 * @param h handle to the idp
239 * @param identity identity to access
240 * @param error_cb function to call on error (i.e. disconnect),
241 * the handle is afterwards invalid
242 * @param error_cb_cls closure for @a error_cb
243 * @param proc function to call on each attribute; it
244 * will be called repeatedly with a value (if available)
245 * @param proc_cls closure for @a proc
246 * @param finish_cb function to call on completion
247 * the handle is afterwards invalid
248 * @param finish_cb_cls closure for @a finish_cb
249 * @return an iterator handle to use for iteration
251 struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
252 GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
253 const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
254 GNUNET_SCHEDULER_TaskCallback error_cb,
256 GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
258 GNUNET_SCHEDULER_TaskCallback finish_cb,
259 void *finish_cb_cls);
263 * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
264 * for the next record.
266 * @param it the iterator
269 GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
273 * Stops iteration and releases the idp handle for further calls. Must
274 * be called on any iteration that has not yet completed prior to calling
275 * #GNUNET_IDENTITY_PROVIDER_disconnect.
277 * @param it the iterator
280 GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
285 * Issue a token for a specific audience.
287 * @param id identity provider service to use
288 * @param iss issuer (identity)
289 * @param aud audience (identity)
290 * @param scope the identity attributes requested, comman separated
291 * @param expiration the token expiration
292 * @param nonce the nonce that will be included in token and ticket
293 * @param cb callback to call with result
294 * @param cb_cls closure
295 * @return handle to abort the operation
297 struct GNUNET_IDENTITY_PROVIDER_Operation *
298 GNUNET_IDENTITY_PROVIDER_issue_token (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
299 const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
300 const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
303 struct GNUNET_TIME_Absolute expiration,
305 GNUNET_IDENTITY_PROVIDER_IssueCallback cb,
310 * Exchange a ticket for a token. Intended to be used by audience that
313 * @param id identity provider service to use
314 * @param ticket the ticket to exchange
315 * @param aud_privkey the audience of the ticket
316 * @param cont function to call once the operation finished
317 * @param cont_cls closure for @a cont
318 * @return handle to abort the operation
320 struct GNUNET_IDENTITY_PROVIDER_Operation *
321 GNUNET_IDENTITY_PROVIDER_exchange_ticket (struct GNUNET_IDENTITY_PROVIDER_Handle *id,
322 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
323 const struct GNUNET_CRYPTO_EcdsaPrivateKey *aud_privkey,
324 GNUNET_IDENTITY_PROVIDER_ExchangeCallback cont,
329 * Disconnect from identity provider service.
331 * @param h identity provider service to disconnect
334 GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
338 * Cancel an identity provider operation. Note that the operation MAY still
339 * be executed; this merely cancels the continuation; if the request
340 * was already transmitted, the service may still choose to complete
343 * @param op operation to cancel
346 GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
356 * @param token the token
359 GNUNET_IDENTITY_PROVIDER_token_destroy(struct GNUNET_IDENTITY_PROVIDER_Token *token);
362 * Returns string representation of token. A JSON-Web-Token.
364 * @param token the token
365 * @return The JWT (must be freed)
368 GNUNET_IDENTITY_PROVIDER_token_to_string (const struct GNUNET_IDENTITY_PROVIDER_Token *token);
371 * Returns string representation of ticket. Base64-Encoded
373 * @param ticket the ticket
374 * @return the Base64-Encoded ticket
377 GNUNET_IDENTITY_PROVIDER_ticket_to_string (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
380 * Created a ticket from a string (Base64 encoded ticket)
382 * @param input Base64 encoded ticket
383 * @param ticket pointer where the ticket is stored
387 GNUNET_IDENTITY_PROVIDER_string_to_ticket (const char* input,
388 struct GNUNET_IDENTITY_PROVIDER_Ticket **ticket);
393 * @param ticket the ticket to destroy
396 GNUNET_IDENTITY_PROVIDER_ticket_destroy(struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
398 #if 0 /* keep Emacsens' auto-indent happy */
406 /* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
409 /** @} */ /* end of group identity */
411 /* end of gnunet_identity_provider_service.h */