GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
"GNS_PHASE_DELEGATE_NS-%llu: Resolution status: %d.\n",
rh->id, rh->status);
+
+ if (rh->status & RSL_PKEY_REVOKED)
+ {
+ finish_lookup (rh, rlh, 0, NULL);
+ free_resolver_handle (rh);
+ return;
+ }
if (strcmp(rh->name, "") == 0)
{
}
else if (rh->status & RSL_DELEGATE_PKEY)
{
- if (rlh->record_type == GNUNET_GNS_RECORD_PKEY)
+ if (rh->status & RSL_PKEY_REVOKED)
+ {
+ GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+ "GNS_PHASE_DELEGATE_NS-%llu: Resolved PKEY is revoked.\n",
+ rh->id);
+ finish_lookup (rh, rlh, 0, NULL);
+ free_resolver_handle (rh);
+ return;
+ }
+ else if (rlh->record_type == GNUNET_GNS_RECORD_PKEY)
{
GNUNET_assert(rd_count == 1);
GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
resolve_delegation_dht(rh);
}
+/**
+ * This is a callback function that checks for key revocation
+ *
+ * @param cls the pending query
+ * @param key the key of the zone we did the lookup
+ * @param expiration expiration date of the record data set in the namestore
+ * @param name the name for which we need an authority
+ * @param rd_count the number of records with 'name'
+ * @param rd the record data
+ * @param signature the signature of the authority for the record data
+ */
+static void
+process_pkey_revocation_result_ns (void *cls,
+ const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
+ struct GNUNET_TIME_Absolute expiration,
+ const char *name,
+ unsigned int rd_count,
+ const struct GNUNET_NAMESTORE_RecordData *rd,
+ const struct GNUNET_CRYPTO_RsaSignature *signature)
+{
+ struct ResolverHandle *rh = cls;
+ struct GNUNET_TIME_Relative remaining_time;
+ int i;
+
+ remaining_time = GNUNET_TIME_absolute_get_remaining (expiration);
+
+ for (i = 0; i < rd_count; i++)
+ {
+ if (rd[i].record_type == GNUNET_GNS_RECORD_REV)
+ {
+ GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+ "GNS_PHASE_DELEGATE_NS-%llu: Zone has been revoked.\n",
+ rh->id);
+ rh->status |= RSL_PKEY_REVOKED;
+ rh->proc (rh->proc_cls, rh, 0, NULL);
+ return;
+ }
+ }
+
+ if ((name == NULL) ||
+ (remaining_time.rel_value == 0))
+ {
+ GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+ "GNS_PHASE_DELEGATE_NS-%llu: + Records don't exist or are expired.\n",
+ rh->id, name);
+ //FIXME start BG lookup
+ GNUNET_log(GNUNET_ERROR_TYPE_DEBUG,
+ "GNS_PHASE_DELEGATE_NS-%d: Starting background lookup for %s type %d\n",
+ rh->id, "+.gnunet", GNUNET_GNS_RECORD_REV);
+
+ gns_resolver_lookup_record(rh->authority,
+ rh->private_local_zone,
+ GNUNET_GNS_RECORD_REV,
+ GNUNET_GNS_TLD,
+ rh->priv_key,
+ GNUNET_TIME_UNIT_FOREVER_REL,
+ GNUNET_NO,
+ &background_lookup_result_processor,
+ NULL);
+ }
+
+ /**
+ * We are done with PKEY resolution if name is empty
+ * else resolve again with new authority
+ */
+ if (strcmp (rh->name, "") == 0)
+ rh->proc (rh->proc_cls, rh, 0, NULL);
+ else
+ resolve_delegation_ns (rh);
+ return;
+}
/**
* @param signature the signature of the authority for the record data
*/
static void
-process_delegation_result_ns(void* cls,
+process_delegation_result_ns (void* cls,
const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *key,
struct GNUNET_TIME_Absolute expiration,
const char *name,
rh->authority_chain_tail,
auth);
- /** try to import pkey if private key available
- * TODO: Only import last one?
- */
- //if (rh->priv_key && (name != NULL) && is_canonical (rh->name))
- // process_discovered_authority((char*)name, auth->zone,
- // rh->authority_chain_tail->zone,
- // rh->priv_key);
- /**
- * We are done with PKEY resolution if name is empty
- * else resolve again with new authority
- */
- if (strcmp (rh->name, "") == 0)
- rh->proc (rh->proc_cls, rh, rd_count, rd);
- else
- resolve_delegation_ns (rh);
+ /* Check for key revocation and delegate */
+ GNUNET_NAMESTORE_lookup_record (namestore_handle,
+ &rh->authority,
+ "+",
+ GNUNET_GNS_RECORD_REV,
+ &process_pkey_revocation_result_ns,
+ rh);
return;
+
}
/**
--- /dev/null
+/*
+ This file is part of GNUnet.
+ (C) 2009 Christian Grothoff (and other contributing authors)
+
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.
+*/
+/**
+ * @file gns/test_gns_revovation.c
+ * @brief base testcase for testing zone revocation
+ *
+ */
+#include "platform.h"
+#include "gnunet_testing_lib.h"
+#include "gnunet_core_service.h"
+#include "block_dns.h"
+#include "gnunet_signatures.h"
+#include "gnunet_namestore_service.h"
+#include "../namestore/namestore.h"
+#include "gnunet_dnsparser_lib.h"
+#include "gnunet_gns_service.h"
+
+/* DEFINES */
+#define VERBOSE GNUNET_YES
+
+/* Timeout for entire testcase */
+#define TIMEOUT GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 20)
+
+/* If number of peers not in config file, use this number */
+#define DEFAULT_NUM_PEERS 2
+
+/* test records to resolve */
+#define TEST_DOMAIN "www.bob.gnunet"
+#define TEST_IP "127.0.0.1"
+#define TEST_RECORD_NAME "www"
+
+#define TEST_AUTHORITY_NAME "bob"
+
+#define KEYFILE_BOB "../namestore/zonefiles/HGU0A0VCU334DN7F2I9UIUMVQMM7JMSD142LIMNUGTTV9R0CF4EG.zkey"
+
+/* Globals */
+
+/**
+ * Directory to store temp data in, defined in config file
+ */
+static char *test_directory;
+
+static struct GNUNET_TESTING_PeerGroup *pg;
+
+/* Task handle to use to schedule test failure */
+GNUNET_SCHEDULER_TaskIdentifier die_task;
+
+/* Global return value (0 for success, anything else for failure) */
+static int ok;
+
+static struct GNUNET_NAMESTORE_Handle *namestore_handle;
+
+static struct GNUNET_GNS_Handle *gns_handle;
+
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * Check whether peers successfully shut down.
+ */
+void
+shutdown_callback (void *cls, const char *emsg)
+{
+ if (emsg != NULL)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Error on shutdown! ret=%d\n", ok);
+ if (ok == 0)
+ ok = 2;
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO, "done(ret=%d)!\n", ok);
+}
+
+static void
+on_lookup_result(void *cls, uint32_t rd_count,
+ const struct GNUNET_NAMESTORE_RecordData *rd)
+{
+ struct in_addr a;
+ int i;
+ char* addr;
+
+ if (rd_count == 0)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Lookup failed, this is good!\n");
+ ok = 0;
+ }
+ else
+ {
+ ok = 1;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "name: %s\n", (char*)cls);
+ for (i=0; i<rd_count; i++)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "type: %d\n", rd[i].record_type);
+ if (rd[i].record_type == GNUNET_GNS_RECORD_TYPE_A)
+ {
+ memcpy(&a, rd[i].data, sizeof(a));
+ addr = inet_ntoa(a);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "address: %s\n", addr);
+ if (0 == strcmp(addr, TEST_IP))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "%s incorrectly resolved to %s!\n", TEST_DOMAIN, addr);
+ ok = 2;
+ }
+ }
+ else
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No resolution!\n");
+ }
+ }
+ }
+ GNUNET_GNS_disconnect(gns_handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Shutting down peer1!\n");
+ GNUNET_TESTING_daemons_stop (pg, TIMEOUT, &shutdown_callback, NULL);
+}
+
+
+/**
+ * Function scheduled to be run on the successful start of services
+ * tries to look up the dns record for TEST_DOMAIN
+ */
+static void
+commence_testing (void *cls, int32_t success, const char *emsg)
+{
+ GNUNET_NAMESTORE_disconnect(namestore_handle, GNUNET_YES);
+
+ gns_handle = GNUNET_GNS_connect(cfg);
+
+ if (NULL == gns_handle)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to connect to GNS!\n");
+ }
+
+ GNUNET_GNS_lookup(gns_handle, TEST_DOMAIN, GNUNET_GNS_RECORD_TYPE_A,
+ GNUNET_NO,
+ NULL,
+ &on_lookup_result, TEST_DOMAIN);
+}
+
+/**
+ * Continuation for the GNUNET_DHT_get_stop call, so that we don't shut
+ * down the peers without freeing memory associated with GET request.
+ */
+static void
+end_badly_cont (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
+{
+
+ if (pg != NULL)
+ GNUNET_TESTING_daemons_stop (pg, TIMEOUT, &shutdown_callback, NULL);
+ GNUNET_SCHEDULER_cancel (die_task);
+}
+
+/**
+ * Check if the get_handle is being used, if so stop the request. Either
+ * way, schedule the end_badly_cont function which actually shuts down the
+ * test.
+ */
+static void
+end_badly (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Failing test with error: `%s'!\n",
+ (char *) cls);
+ GNUNET_SCHEDULER_add_now (&end_badly_cont, NULL);
+ ok = 1;
+}
+
+static void
+do_lookup(void *cls, const struct GNUNET_PeerIdentity *id,
+ const struct GNUNET_CONFIGURATION_Handle *_cfg,
+ struct GNUNET_TESTING_Daemon *d, const char *emsg)
+{
+ struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded alice_pkey;
+ struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded bob_pkey;
+ struct GNUNET_CRYPTO_RsaPrivateKey *alice_key;
+ struct GNUNET_CRYPTO_RsaPrivateKey *bob_key;
+ struct GNUNET_CRYPTO_ShortHashCode bob_hash;
+ struct GNUNET_CRYPTO_RsaSignature *sig;
+ char* alice_keyfile;
+
+ cfg = _cfg;
+
+ GNUNET_SCHEDULER_cancel (die_task);
+
+ /* put records into namestore */
+ namestore_handle = GNUNET_NAMESTORE_connect(cfg);
+ if (NULL == namestore_handle)
+ {
+ GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Failed to connect to namestore\n");
+ ok = -1;
+ return;
+ }
+
+ if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns",
+ "ZONEKEY",
+ &alice_keyfile))
+ {
+ GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "Failed to get key from cfg\n");
+ ok = -1;
+ return;
+ }
+
+ alice_key = GNUNET_CRYPTO_rsa_key_create_from_file (alice_keyfile);
+ bob_key = GNUNET_CRYPTO_rsa_key_create_from_file (KEYFILE_BOB);
+
+ GNUNET_CRYPTO_rsa_key_get_public (alice_key, &alice_pkey);
+ GNUNET_CRYPTO_rsa_key_get_public (bob_key, &bob_pkey);
+
+ struct GNUNET_NAMESTORE_RecordData rd;
+ char* ip = TEST_IP;
+ struct in_addr *web = GNUNET_malloc(sizeof(struct in_addr));
+ rd.expiration = GNUNET_TIME_UNIT_FOREVER_ABS;
+ GNUNET_assert(1 == inet_pton (AF_INET, ip, web));
+
+ GNUNET_CRYPTO_short_hash(&bob_pkey, sizeof(bob_pkey), &bob_hash);
+
+ rd.data_size = sizeof(struct GNUNET_CRYPTO_ShortHashCode);
+ rd.data = &bob_hash;
+ rd.record_type = GNUNET_GNS_RECORD_PKEY;
+
+ GNUNET_NAMESTORE_record_create (namestore_handle,
+ alice_key,
+ TEST_AUTHORITY_NAME,
+ &rd,
+ NULL,
+ NULL);
+
+ rd.data_size = sizeof(struct in_addr);
+ rd.data = web;
+ rd.record_type = GNUNET_DNSPARSER_TYPE_A;
+ sig = GNUNET_NAMESTORE_create_signature(bob_key,
+ GNUNET_TIME_UNIT_FOREVER_ABS,
+ TEST_RECORD_NAME,
+ &rd, 1);
+
+ GNUNET_NAMESTORE_record_put (namestore_handle,
+ &bob_pkey,
+ TEST_RECORD_NAME,
+ rd.expiration,
+ 1,
+ &rd,
+ sig,
+ &commence_testing,
+ NULL);
+ rd.data_size = 0;
+ rd.record_type = GNUNET_GNS_RECORD_REV;
+
+ GNUNET_NAMESTORE_record_create (namestore_handle,
+ bob_key,
+ "+",
+ &rd,
+ &commence_testing,
+ NULL);
+ GNUNET_free(sig);
+ GNUNET_CRYPTO_rsa_key_free(bob_key);
+ GNUNET_CRYPTO_rsa_key_free(alice_key);
+}
+
+static void
+run (void *cls, char *const *args, const char *cfgfile,
+ const struct GNUNET_CONFIGURATION_Handle *c)
+{
+ cfg = c;
+ /* Get path from configuration file */
+ if (GNUNET_YES !=
+ GNUNET_CONFIGURATION_get_value_string (cfg, "paths", "servicehome",
+ &test_directory))
+ {
+ ok = 404;
+ return;
+ }
+
+
+ /* Set up a task to end testing if peer start fails */
+ die_task =
+ GNUNET_SCHEDULER_add_delayed (TIMEOUT, &end_badly,
+ "didn't start all daemons in reasonable amount of time!!!");
+
+ /* Start alice */
+ pg = GNUNET_TESTING_daemons_start(cfg, 1, 1, 1, TIMEOUT,
+ NULL, NULL, &do_lookup, NULL,
+ NULL, NULL, NULL);
+}
+
+static int
+check ()
+{
+ int ret;
+
+ /* Arguments for GNUNET_PROGRAM_run */
+ char *const argv[] = { "test-gns-revocation", /* Name to give running binary */
+ "-c",
+ "test_gns_simple_lookup.conf", /* Config file to use */
+#if VERBOSE
+ "-L", "DEBUG",
+#endif
+ NULL
+ };
+ struct GNUNET_GETOPT_CommandLineOption options[] = {
+ GNUNET_GETOPT_OPTION_END
+ };
+ /* Run the run function as a new program */
+ ret =
+ GNUNET_PROGRAM_run ((sizeof (argv) / sizeof (char *)) - 1, argv,
+ "test-gns-revocation", "nohelp", options, &run,
+ &ok);
+ if (ret != GNUNET_OK)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "`test-gns-revocation': Failed with error code %d\n", ret);
+ }
+ return ok;
+}
+
+int
+main (int argc, char *argv[])
+{
+ int ret;
+
+ GNUNET_log_setup ("test-gns-revocation",
+#if VERBOSE
+ "DEBUG",
+#else
+ "WARNING",
+#endif
+ NULL);
+ ret = check ();
+ /**
+ * Need to remove base directory, subdirectories taken care
+ * of by the testing framework.
+ */
+ return ret;
+}
+
+/* end of test_gns_twopeer.c */
projects / oweals / gnunet.git / commitdiff