X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Fidentity-provider%2Fgnunet-idp.c;h=4f17919b9597d4406b8535de615bbf044ea942fa;hb=7eb7bd8666aeb2e855cd22b1ea7f44b87bb60400;hp=b4785580a663e918a5e918a045a6756e7b207835;hpb=9e6994a55e64aaf7b45fdad7277c27bf30e3c0f3;p=oweals%2Fgnunet.git

diff --git a/src/identity-provider/gnunet-idp.c b/src/identity-provider/gnunet-idp.c
index b4785580a..4f17919b9 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/identity-provider/gnunet-idp.c
@@ -32,15 +32,20 @@
 #include "gnunet_signatures.h"
 
 /**
- * Init flag
+ * return value
  */
-static int init;
+static int ret;
 
 /**
  * List attribute flag
  */
 static int list;
 
+/**
+ * Relying party
+ */
+static char* rp;
+
 /**
  * The attribute
  */
@@ -51,6 +56,26 @@ static char* attr_name;
  */
 static char* attr_value;
 
+/**
+ * Attributes to issue
+ */
+static char* issue_attrs;
+
+/**
+ * Ticket to consume
+ */
+static char* consume_ticket;
+
+/**
+ * Attribute type
+ */
+static char* type_str;
+
+/**
+ * Ticket to revoke
+ */
+static char* revoke_ticket;
+
 /**
  * Ego name
  */
@@ -72,48 +97,78 @@ static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle;
 static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
 
 /**
- * Namestore handle
+ * Attribute iterator
  */
-static struct GNUNET_NAMESTORE_Handle *namestore_handle;
+static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator;
 
 /**
- * Namestore iterator
+ * Master ABE key
  */
-static struct GNUNET_NAMESTORE_ZoneIterator *ns_iterator;
+static struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
 
 /**
- * Namestore queue
+ * ego private key
  */
-static struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey;
 
 /**
- * Master ABE key
+ * rp public key
  */
-static struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
+
+/**
+ * Ticket to consume
+ */
+static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
+
+/**
+ * Attribute list
+ */
+static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+
+/**
+ * Attribute expiration interval
+ */
+static struct GNUNET_TIME_Relative exp_interval;
+
+/**
+ * Timeout task
+ */
+static struct GNUNET_SCHEDULER_Task *timeout;
 
 static void
 do_cleanup(void *cls)
 {
-  if (NULL != ns_qe)
-    GNUNET_NAMESTORE_cancel (ns_qe);
-  if (NULL != ns_iterator)
-    GNUNET_NAMESTORE_zone_iteration_stop (ns_iterator);
-  if (NULL != namestore_handle)
-    GNUNET_NAMESTORE_disconnect (namestore_handle);
+  if (NULL != timeout)
+    GNUNET_SCHEDULER_cancel (timeout);
+  if (NULL != idp_op)
+    GNUNET_IDENTITY_PROVIDER_cancel (idp_op);
+  if (NULL != attr_iterator)
+    GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator);
+  if (NULL != idp_handle)
+    GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle);
   if (NULL != identity_handle)
     GNUNET_IDENTITY_disconnect (identity_handle);
   if (NULL != abe_key)
     GNUNET_free (abe_key);
+  if (NULL != attr_list)
+    GNUNET_free (attr_list);
 }
 
 static void
-ns_error_cb (void *cls)
+ticket_issue_cb (void* cls,
+                 const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
 {
-  ns_qe = NULL;
-  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-              "Failed.");
-  do_cleanup(NULL);
-  return;
+  char* ticket_str;
+  idp_op = NULL;
+  if (NULL != ticket) {
+    ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
+                                                      sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+    printf("%s\n",
+           ticket_str);
+    GNUNET_free (ticket_str);
+  }
+  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
@@ -121,160 +176,174 @@ store_attr_cont (void *cls,
                  int32_t success,
                  const char*emsg)
 {
-  ns_qe = NULL;
+  idp_op = NULL;
   if (GNUNET_SYSERR == success) {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                 "%s\n", emsg);
-  } else {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "Sucessfully added identity attribute %s=%s\n",
-                attr_name, attr_value);
   }
   GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
-store_abe_cont (void *cls,
-                 int32_t success,
-                 const char*emsg)
+process_attrs (void *cls,
+         const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
 {
-  ns_qe = NULL;
-  if (GNUNET_SYSERR == success) {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "%s\n", emsg);
-  } else {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "Bootstrapped ABE master key. Please run command again.\n");
+  char *value_str;
+  if (NULL == identity)
+  {
+    idp_op = NULL;
+    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+    return;
   }
-  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  if (NULL == attr)
+  {
+    ret = 1;
+    return;
+  }
+  value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
+                                                     attr->data,
+                                                     attr->data_size);
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "%s: %s\n", attr->name, value_str);
 }
 
+
 static void
 iter_error (void *cls)
 {
-  ns_iterator = NULL;
+  attr_iterator = NULL;
   GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
               "Failed to iterate over attributes\n");
   GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
-iter_finished (void *cls)
+timeout_task (void *cls)
 {
-  ns_iterator = NULL;
+  timeout = NULL;
+  ret = 1;
+  GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+              "Timeout\n");
   GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
-iter_cb (void *cls,
-            const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-            const char *label,
-            unsigned int rd_count,
-            const struct GNUNET_GNSRECORD_Data *rd)
+process_rvk (void *cls, int success, const char* msg)
 {
-  struct GNUNET_CRYPTO_AbeKey *key;
-  int i;
-  char *attr_value;
-  char* attrs[2];
-  for (i=0;i<rd_count;i++) {
-    if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd[i].record_type)
-      continue;
-    attrs[0] = (char*)label;
-    attrs[1] = 0;
-    key = GNUNET_CRYPTO_cpabe_create_key (abe_key,
-                                          attrs);
-    GNUNET_CRYPTO_cpabe_decrypt (rd[i].data,
-                                 rd[i].data_size,
-                                 key,
-                                 (void**)&attr_value);
-    GNUNET_CRYPTO_cpabe_delete_key (key);
+  idp_op = NULL;
+  if (GNUNET_OK != success)
+  {
     GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                "%s: %s\n", label, attr_value);
+                "Revocation failed.\n");
+    ret = 1;
   }
-  GNUNET_NAMESTORE_zone_iterator_next (ns_iterator);
+  GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
 }
 
 static void
-abe_lookup_cb (void *cls,
-               const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
-               const char *label,
-               unsigned int rd_count,
-               const struct GNUNET_GNSRECORD_Data *rd)
+iter_finished (void *cls)
 {
-  struct GNUNET_GNSRECORD_Data new_record;
-  struct GNUNET_CRYPTO_AbeMasterKey *new_key;
-  int i;
-  ssize_t size;
-  ns_qe = NULL;
-  for (i=0;i<rd_count;i++) {
-    if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
-      continue;
-    abe_key = GNUNET_CRYPTO_cpabe_deserialize_master_key (rd[i].data,
-                                                          rd[i].data_size);
+  struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
+  char *data;
+  size_t data_size;
+  int type;
+
+  attr_iterator = NULL;
+  if (list)
+  {
+    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+    return;
   }
-  if (NULL == abe_key) {
-    new_key = GNUNET_CRYPTO_cpabe_create_master_key ();
-    size = GNUNET_CRYPTO_cpabe_serialize_master_key (new_key,
-                                                     (void**)&new_record.data);
-    new_record.data_size = size;
-    new_record.record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
-    new_record.expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
-    new_record.flags = GNUNET_GNSRECORD_RF_PRIVATE | GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-    ns_qe = GNUNET_NAMESTORE_records_store (namestore_handle,
-                                            zone,
-                                            "+",
-                                            1,
-                                            &new_record,
-                                            &store_abe_cont,
-                                            NULL);
+
+  if (issue_attrs)
+  {
+    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle,
+                                                    pkey,
+                                                    &rp_key,
+                                                    attr_list,
+                                                    &ticket_issue_cb,
+                                                    NULL);
     return;
   }
-  if (init) {
-    GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+  if (consume_ticket)
+  {
+    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle,
+                                                      pkey,
+                                                      &ticket,
+                                                      &process_attrs,
+                                                      NULL);
+    timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10),
+                                            &timeout_task,
+                                            NULL);
     return;
   }
-
-  if (list) {
-    ns_iterator = GNUNET_NAMESTORE_zone_iteration_start (namestore_handle,
-                                                         zone,
-                                                         &iter_error,
-                                                         NULL,
-                                                         &iter_cb,
-                                                         NULL,
-                                                         &iter_finished,
-                                                         NULL);
+  if (revoke_ticket)
+  {
+    idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle,
+                                                     pkey,
+                                                     &ticket,
+                                                     &process_rvk,
+                                                     NULL);
     return;
   }
-
-  struct GNUNET_IDENTITY_PROVIDER_Attribute *attr;
-  attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Attribute) + strlen (attr_value) + 1);
-  attr->attribute_type = GNUNET_IDENTITY_PROVIDER_AT_STRING;
-  attr->data = &attr[1];
-  attr->data_size = strlen (attr_value) + 1;
+  if (NULL == type_str)
+    type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING;
+  else
+    type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str);
+
+  GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type,
+                                             attr_value,
+                                             (void**)&data,
+                                             &data_size));
+  claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
+                                               type,
+                                               data,
+                                               data_size);
   idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
-                                                    zone,
-                                                    attr_name,
-                                                    attr,
-                                                    &store_attr_cont,
-                                                    NULL);
+                                                     pkey,
+                                                     claim,
+                                                     &exp_interval,
+                                                     &store_attr_cont,
+                                                     NULL);
+
 
-  /*size = GNUNET_CRYPTO_cpabe_encrypt (attr_value,
-                                      strlen (attr_value) + 1,
-                                      attr_name,
-                                      abe_key,
-                                      (void**)&new_record.data);
-  new_record.data_size = size;
-  new_record.record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
-  new_record.expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us;
-  new_record.flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-
-  ns_qe = GNUNET_NAMESTORE_records_store (namestore_handle,
-                                          zone,
-                                          attr_name,
-                                          1,
-                                          &new_record,
-                                          &store_attr_cont,
-                                          NULL);*/
+}
+
+static void
+iter_cb (void *cls,
+         const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+         const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
+{
+  struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
+  char *attrs_tmp;
+  char *attr_str;
+
+  if (issue_attrs)
+  {
+    attrs_tmp = GNUNET_strdup (issue_attrs);
+    attr_str = strtok (attrs_tmp, ",");
+    while (NULL != attr_str) {
+      if (0 != strcmp (attr_str, attr->name)) {
+        attr_str = strtok (NULL, ",");
+        continue;
+      }
+      le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
+      le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name,
+                                                       attr->type,
+                                                       attr->data,
+                                                       attr->data_size);
+      GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
+                                   attr_list->list_tail,
+                                   le);
+      break;
+    }
+    GNUNET_free (attrs_tmp);
+  } else if (list) {
+    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
+                "%s: %s\n", attr->name, (char*)attr->data);
+  }
+  GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator);
 }
 
 static void
@@ -283,19 +352,40 @@ ego_cb (void *cls,
         void **ctx,
         const char *name)
 {
-  const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey;
   if (NULL == name)
     return;
   if (0 != strcmp (name, ego_name))
     return;
   pkey = GNUNET_IDENTITY_ego_get_private_key (ego);
-  ns_qe = GNUNET_NAMESTORE_records_lookup (namestore_handle,
-                                           pkey,
-                                           "+",
-                                           &ns_error_cb,
-                                           NULL,
-                                           &abe_lookup_cb,
-                                           NULL);
+
+  if (NULL != rp)
+    GNUNET_CRYPTO_ecdsa_public_key_from_string (rp,
+                                                strlen (rp),
+                                                &rp_key);
+  if (NULL != consume_ticket)
+    GNUNET_STRINGS_string_to_data (consume_ticket,
+                                   strlen (consume_ticket),
+                                   &ticket,
+                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+  if (NULL != revoke_ticket)
+    GNUNET_STRINGS_string_to_data (revoke_ticket,
+                                   strlen (revoke_ticket),
+                                   &ticket,
+                                   sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
+
+
+  attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
+
+  attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle,
+                                                                 pkey,
+                                                                 &iter_error,
+                                                                 NULL,
+                                                                 &iter_cb,
+                                                                 NULL,
+                                                                 &iter_finished,
+                                                                 NULL);
+
+
 }
 
 static void
@@ -304,7 +394,7 @@ run (void *cls,
      const char *cfgfile,
      const struct GNUNET_CONFIGURATION_Handle *c)
 {
-
+  ret = 0;
   if (NULL == ego_name)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
@@ -312,18 +402,6 @@ run (void *cls,
     return;
   } 
 
-  if ((NULL == attr_name) && !list && !init)
-  {
-    return;
-  }
-  if ((NULL == attr_value) && !list && !init)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
-                _("Value is required\n"));
-    return;
-  }
-
-  namestore_handle = GNUNET_NAMESTORE_connect (c);
   idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c);
   //Get Ego
   identity_handle = GNUNET_IDENTITY_connect (c,
@@ -337,6 +415,7 @@ run (void *cls,
 int
 main(int argc, char *const argv[])
 {
+  exp_interval = GNUNET_TIME_UNIT_HOURS;
   struct GNUNET_GETOPT_CommandLineOption options[] = {
 
     GNUNET_GETOPT_option_string ('a',
@@ -355,17 +434,47 @@ main(int argc, char *const argv[])
                                  NULL,
                                  gettext_noop ("Ego"),
                                  &ego_name),
+    GNUNET_GETOPT_option_string ('r',
+                                 "rp",
+                                 NULL,
+                                 gettext_noop ("Audience (relying party)"),
+                                 &rp),
     GNUNET_GETOPT_option_flag ('D',
                                "dump",
                                gettext_noop ("List attributes for Ego"),
                                &list),
-    GNUNET_GETOPT_option_flag ('i',
-                               "init",
-                               gettext_noop ("Initialize attribute store"),
-                               &init),
+    GNUNET_GETOPT_option_string ('i',
+                                 "issue",
+                                 NULL,
+                                 gettext_noop ("Issue a ticket"),
+                                 &issue_attrs),
+    GNUNET_GETOPT_option_string ('C',
+                                 "consume",
+                                 NULL,
+                                 gettext_noop ("Consume a ticket"),
+                                 &consume_ticket),
+    GNUNET_GETOPT_option_string ('R',
+                                 "revoke",
+                                 NULL,
+                                 gettext_noop ("Revoke a ticket"),
+                                 &revoke_ticket),
+    GNUNET_GETOPT_option_string ('t',
+                                 "type",
+                                 NULL,
+                                 gettext_noop ("Type of attribute"),
+                                 &type_str),
+    GNUNET_GETOPT_option_relative_time ('E',
+                                        "expiration",
+                                        NULL,
+                                        gettext_noop ("Expiration interval of the attribute"),
+                                        &exp_interval),
+
     GNUNET_GETOPT_OPTION_END
   };
-  return GNUNET_PROGRAM_run (argc, argv, "ct",
-                             "ct", options,
-                             &run, NULL);
+  if (GNUNET_OK != GNUNET_PROGRAM_run (argc, argv, "ct",
+                      "ct", options,
+                      &run, NULL))
+    return 1;
+  else
+    return ret;
 }