*/
/**
* @author Martin Schanzenbach
- * @file gns/plugin_rest_credential.c
+ * @file credential/plugin_rest_credential.c
* @brief GNUnet CREDENTIAL REST plugin
*
*/
#define GNUNET_REST_API_NS_CREDENTIAL_VERIFY "/credential/verify"
+#define GNUNET_REST_API_NS_CREDENTIAL_COLLECT "/credential/collect"
+
#define GNUNET_REST_JSONAPI_CREDENTIAL_EXPIRATION "expiration"
#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY "subject_key"
+#define GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO "subject"
+
#define GNUNET_REST_JSONAPI_CREDENTIAL "credential"
#define GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO "credential"
*/
struct GNUNET_IDENTITY_Operation *id_op;
+ /**
+ * Handle to ego lookup
+ */
+ struct GNUNET_IDENTITY_EgoLookup *ego_lookup;
+
/**
* Handle to rest request
*/
if (NULL != handle->subject_attr)
GNUNET_free (handle->subject_attr);
if (NULL != handle->verify_request)
- GNUNET_CREDENTIAL_verify_cancel (handle->verify_request);
+ GNUNET_CREDENTIAL_request_cancel (handle->verify_request);
if (NULL != handle->credential)
GNUNET_CREDENTIAL_disconnect (handle->credential);
if (NULL != handle->id_op)
GNUNET_IDENTITY_cancel (handle->id_op);
+ if (NULL != handle->ego_lookup)
+ GNUNET_IDENTITY_ego_lookup_cancel (handle->ego_lookup);
if (NULL != handle->identity)
GNUNET_IDENTITY_disconnect (handle->identity);
if (NULL != handle->timeout_task)
}
-/**
- * Task run on shutdown. Cleans up everything.
- *
- * @param cls unused
- * @param tc scheduler context
- */
static void
do_error (void *cls)
{
/**
* Attribute delegation to JSON
- * @param attr the attribute
+ *
+ * @param delegation_chain_entry the DSE
* @return JSON, NULL if failed
*/
static json_t*
return attr_obj;
}
+/**
+ * JSONAPI resource to Credential
+ *
+ * @param res the JSONAPI resource
+ * @return the resulting credential, NULL if failed
+ */
+static struct GNUNET_CREDENTIAL_Credential*
+json_to_credential (json_t *res)
+{
+ struct GNUNET_CREDENTIAL_Credential *cred;
+ json_t *tmp;
+ const char *attribute;
+ const char *signature;
+ char *sig;
+
+ tmp = json_object_get (res, "attribute");
+ if (0 == json_is_string (tmp))
+ {
+ return NULL;
+ }
+ attribute = json_string_value (tmp);
+ cred = GNUNET_malloc (sizeof (struct GNUNET_CREDENTIAL_Credential)
+ + strlen (attribute));
+ cred->issuer_attribute = attribute;
+ cred->issuer_attribute_len = strlen (attribute);
+ tmp = json_object_get (res, "issuer");
+ if (0 == json_is_string (tmp))
+ {
+ GNUNET_free (cred);
+ return NULL;
+ }
+
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp),
+ strlen (json_string_value(tmp)),
+ &cred->issuer_key);
+ tmp = json_object_get (res, "subject");
+ if (0 == json_is_string (tmp))
+ {
+ GNUNET_free (cred);
+ return NULL;
+ }
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (json_string_value(tmp),
+ strlen (json_string_value(tmp)),
+ &cred->subject_key);
+
+ tmp = json_object_get (res, "signature");
+ if (0 == json_is_string (tmp))
+ {
+ GNUNET_free (cred);
+ return NULL;
+ }
+ signature = json_string_value (tmp);
+ GNUNET_STRINGS_base64_decode (signature,
+ strlen (signature),
+ (char**)&sig);
+ GNUNET_memcpy (&cred->signature,
+ sig,
+ sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
+ GNUNET_free (sig);
+
+ tmp = json_object_get (res, "expiration");
+ if (0 == json_is_integer (tmp))
+ {
+ GNUNET_free (cred);
+ return NULL;
+ }
+ cred->expiration.abs_value_us = json_integer_value (tmp);
+ return cred;
+}
+
+
/**
* Credential to JSON
+ *
* @param cred the credential
* @return the resulting json, NULL if failed
*/
{
char *issuer;
char *subject;
+ char *signature;
char attribute[cred->issuer_attribute_len + 1];
json_t *cred_obj;
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Issuer in credential malformed\n");
return NULL;
- }
+ }
subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key);
if (NULL == subject)
{
GNUNET_free (issuer);
return NULL;
}
- memcpy (attribute,
- cred->issuer_attribute,
- cred->issuer_attribute_len);
+ GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
+ sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
+ &signature);
+ GNUNET_memcpy (attribute,
+ cred->issuer_attribute,
+ cred->issuer_attribute_len);
attribute[cred->issuer_attribute_len] = '\0';
cred_obj = json_object ();
json_object_set_new (cred_obj, "issuer", json_string (issuer));
json_object_set_new (cred_obj, "subject", json_string (subject));
json_object_set_new (cred_obj, "attribute", json_string (attribute));
+ json_object_set_new (cred_obj, "signature", json_string (signature));
+ json_object_set_new (cred_obj, "expiration", json_integer (cred->expiration.abs_value_us));
GNUNET_free (issuer);
GNUNET_free (subject);
+ GNUNET_free (signature);
return cred_obj;
}
-/**
- * Function called with the result of a Credential lookup.
- *
- * @param cls the 'const char *' name that was resolved
- * @param cd_count number of records returned
- * @param cd array of @a cd_count records with the results
- */
+static void
+handle_collect_response (void *cls,
+ unsigned int d_count,
+ struct GNUNET_CREDENTIAL_Delegation *delegation_chain,
+ unsigned int c_count,
+ struct GNUNET_CREDENTIAL_Credential *cred)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ struct GNUNET_JSONAPI_Document *json_document;
+ struct GNUNET_JSONAPI_Resource *json_resource;
+ json_t *cred_obj;
+ json_t *cred_array;
+ char *result;
+ char *issuer;
+ char *id;
+ uint32_t i;
+
+ handle->verify_request = NULL;
+ if (NULL == cred) {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Verify failed.\n");
+ handle->response_code = MHD_HTTP_NOT_FOUND;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&handle->issuer_key);
+ if (NULL == issuer)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Issuer in delegation malformed\n");
+ return;
+ }
+ GNUNET_asprintf (&id,
+ "%s.%s",
+ issuer,
+ handle->issuer_attr);
+ GNUNET_free (issuer);
+ json_document = GNUNET_JSONAPI_document_new ();
+ json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO,
+ id);
+ GNUNET_free (id);
+ cred_array = json_array ();
+ for (i=0;i<c_count;i++)
+ {
+ cred_obj = credential_to_json (&cred[i]);
+ json_array_append_new (cred_array, cred_obj);
+ }
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ GNUNET_REST_JSONAPI_CREDENTIAL,
+ cred_array);
+ GNUNET_JSONAPI_document_resource_add (json_document, json_resource);
+ GNUNET_JSONAPI_document_serialize (json_document, &result);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Result %s\n",
+ result);
+ json_decref (cred_array);
+ GNUNET_JSONAPI_document_delete (json_document);
+ resp = GNUNET_REST_create_response (result);
+ GNUNET_free(result);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ cleanup_handle (handle);
+}
+
+static void
+subject_ego_lookup (void *cls,
+ const struct GNUNET_IDENTITY_Ego *ego)
+{
+ struct RequestHandle *handle = cls;
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *sub_key;
+ handle->ego_lookup = NULL;
+
+ if (NULL == ego)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Subject not found\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ sub_key = GNUNET_IDENTITY_ego_get_private_key (ego);
+ handle->verify_request = GNUNET_CREDENTIAL_collect (handle->credential,
+ &handle->issuer_key,
+ handle->issuer_attr,
+ sub_key,
+ &handle_collect_response,
+ handle);
+}
+
+
+
static void
handle_verify_response (void *cls,
unsigned int d_count,
cleanup_handle (handle);
}
-
static void
-verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
- const char* url,
- void *cls)
+collect_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
+ const char* url,
+ void *cls)
{
struct RequestHandle *handle = cls;
struct GNUNET_HashCode key;
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Missing issuer attribute\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map,
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- if (GNUNET_OK !=
+ if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp,
strlen (tmp),
&handle->issuer_key))
handle->issuer_attr = GNUNET_strdup (tmp);
GNUNET_free (entity_attr);
- GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR,
- strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_ATTR),
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO,
+ strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_EGO),
&key);
if ( GNUNET_NO ==
GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map,
&key) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Missing subject or attribute\n");
- GNUNET_free (entity_attr);
+ "Missing subject\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map,
+ &key);
+ if (NULL == tmp)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Malformed subject\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->ego_lookup = GNUNET_IDENTITY_ego_lookup (cfg,
+ tmp,
+ &subject_ego_lookup,
+ handle);
+}
+
+
+
+static void
+verify_cred_cont (struct GNUNET_REST_RequestHandle *conndata_handle,
+ const char* url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode key;
+ struct GNUNET_JSONAPI_Document *json_obj;
+ struct GNUNET_JSONAPI_Resource *res;
+ struct GNUNET_CREDENTIAL_Credential *cred;
+ char *tmp;
+ char *entity_attr;
+ int i;
+ uint32_t credential_count;
+ uint32_t resource_count;
+ json_t *cred_json;
+ json_t *data_js;
+ json_error_t err;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connecting...\n");
+ handle->credential = GNUNET_CREDENTIAL_connect (cfg);
+ handle->timeout_task = GNUNET_SCHEDULER_add_delayed (handle->timeout,
+ &do_error, handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connected\n");
+ if (NULL == handle->credential)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Connecting to CREDENTIAL failed\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
+ strlen (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR),
+ &key);
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map,
+ &key) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Missing issuer attribute\n");
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
if (NULL == tmp)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Malformed subject\n");
+ "Malformed issuer or attribute\n");
GNUNET_free (entity_attr);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp,
strlen (tmp),
- &handle->subject_key)) {
+ &handle->issuer_key))
+ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Malformed subject key\n");
+ "Malformed issuer key\n");
GNUNET_free (entity_attr);
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- tmp = strtok (NULL, ".");
+ tmp = strtok (NULL, "."); //Issuer attribute
if (NULL == tmp)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Malformed subject attribute\n");
+ "Malformed attribute\n");
GNUNET_free (entity_attr);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- handle->subject_attr = GNUNET_strdup (tmp);
+ handle->issuer_attr = GNUNET_strdup (tmp);
GNUNET_free (entity_attr);
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY,
+ strlen (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY),
+ &key);
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (conndata_handle->url_param_map,
+ &key) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Missing subject key\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ tmp = GNUNET_CONTAINER_multihashmap_get (conndata_handle->url_param_map,
+ &key);
+ if (NULL == tmp)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Malformed subject\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (tmp,
+ strlen (tmp),
+ &handle->subject_key)) {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Malformed subject key\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ if (0 >= handle->rest_handle->data_size)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Missing credentials\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ struct GNUNET_JSON_Specification docspec[] = {
+ GNUNET_JSON_spec_jsonapi_document (&json_obj),
+ GNUNET_JSON_spec_end()
+ };
+ char term_data[handle->rest_handle->data_size+1];
+ term_data[handle->rest_handle->data_size] = '\0';
+ credential_count = 0;
+ GNUNET_memcpy (term_data,
+ handle->rest_handle->data,
+ handle->rest_handle->data_size);
+ data_js = json_loads (term_data,
+ JSON_DECODE_ANY,
+ &err);
+ GNUNET_assert (GNUNET_OK == GNUNET_JSON_parse (data_js, docspec,
+ NULL, NULL));
+ json_decref (data_js);
+ if (NULL == json_obj)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse JSONAPI Object from %s\n",
+ term_data);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ resource_count = GNUNET_JSONAPI_document_resource_count(json_obj);
+ GNUNET_assert (1 == resource_count);
+ res = (GNUNET_JSONAPI_document_get_resource(json_obj, 0));
+ if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type(res,
+ GNUNET_REST_JSONAPI_CREDENTIAL_TYPEINFO))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Resource not a credential!\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse JSONAPI Object from %s\n",
+ term_data);
+ GNUNET_JSONAPI_document_delete (json_obj);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ cred_json = GNUNET_JSONAPI_resource_read_attr (res,
+ GNUNET_REST_JSONAPI_CREDENTIAL);
+
+ GNUNET_assert (json_is_array (cred_json));
+
+ credential_count = json_array_size(cred_json);
+
+ struct GNUNET_CREDENTIAL_Credential credentials[credential_count];
+ for (i=0;i<credential_count;i++)
+ {
+ cred = json_to_credential (json_array_get (cred_json, i));
+ if (NULL == cred)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse credential!\n");
+ continue;
+ }
+ GNUNET_memcpy (&credentials[i],
+ cred,
+ sizeof (struct GNUNET_CREDENTIAL_Credential));
+ credentials[i].issuer_attribute = GNUNET_strdup (cred->issuer_attribute);
+ GNUNET_free (cred);
+ }
+ GNUNET_JSONAPI_document_delete(json_obj);
handle->verify_request = GNUNET_CREDENTIAL_verify (handle->credential,
&handle->issuer_key,
handle->issuer_attr,
&handle->subject_key,
- handle->subject_attr,
+ credential_count,
+ credentials,
&handle_verify_response,
handle);
+ for (i=0;i<credential_count;i++)
+ GNUNET_free ((char*)credentials[i].issuer_attribute);
}
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Subject malformed\n");
+ GNUNET_free (issuer);
return;
}
GNUNET_asprintf (&id,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Subject malformed\n");
+ GNUNET_free (id);
+ GNUNET_free (issuer);
return;
}
GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Missing expiration\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
expiration_str = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
&key);
+ if ( NULL == expiration_str )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Expiration malformed\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
if (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_relative (expiration_str,
&etime_rel))
{
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Malformed expiration: %s\n", expiration_str);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_ISSUER_ATTR,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Missing issuer attribute\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
- handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get
+ handle->issuer_attr = GNUNET_strdup(GNUNET_CONTAINER_multihashmap_get
(handle->rest_handle->url_param_map,
&key));
GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_CREDENTIAL_SUBJECT_KEY,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Malformed subject\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
if (GNUNET_OK !=
handle);
}
-/**
- * Handle rest request
- *
- * @param handle the lookup handle
- */
static void
options_cont (struct GNUNET_REST_RequestHandle *con_handle,
const char* url,
}
-/**
- * Function processing the REST call
- *
- * @param method HTTP method
- * @param url URL of the HTTP request
- * @param data body of the HTTP request (optional)
- * @param data_size length of the body
- * @param proc callback function for the result
- * @param proc_cls closure for callback function
- * @return GNUNET_OK if request accepted
- */
static void
rest_credential_process_request(struct GNUNET_REST_RequestHandle *conndata_handle,
GNUNET_REST_ResultProcessor proc,
handle->rest_handle = conndata_handle;
static const struct GNUNET_REST_RequestHandler handlers[] = {
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_CREDENTIAL_VERIFY, &verify_cred_cont},
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_COLLECT, &collect_cred_cont},
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_CREDENTIAL_ISSUE, &issue_cred_cont},
{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_CREDENTIAL, &options_cont},
GNUNET_REST_HANDLER_END
projects / oweals / gnunet.git / blobdiff