--- /dev/null
+FROM ubuntu:18.04
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install tools and dependencies
+RUN apt-get update && \
+ apt-get -y install --no-install-recommends \
+ ca-certificates \
+ libsasl2-modules \
+ git \
+ automake \
+ autopoint \
+ autoconf \
+ texinfo \
+ libtool \
+ libltdl-dev \
+ libgpg-error-dev \
+ libidn11-dev \
+ libunistring-dev \
+ libglpk-dev \
+ libbluetooth-dev \
+ libextractor-dev \
+ libmicrohttpd-dev \
+ libgnutls28-dev \
+ libgcrypt20-dev \
+ libpq-dev \
+ libsqlite3-dev && \
+ apt-get clean all && \
+ apt-get -y autoremove && \
+ rm -rf \
+ /var/lib/apt/lists/* \
+ /tmp/*
+
+# Install GNUrl
+ENV GNURL_GIT_URL https://git.taler.net/gnurl.git
+ENV GNURL_GIT_BRANCH gnurl-7.57.0
+
+RUN git clone $GNURL_GIT_URL \
+ --branch $GNURL_GIT_BRANCH \
+ --depth=1 \
+ --quiet && \
+ cd /gnurl && \
+ autoreconf -i && \
+ ./configure \
+ --enable-ipv6 \
+ --with-gnutls \
+ --without-libssh2 \
+ --without-libmetalink \
+ --without-winidn \
+ --without-librtmp \
+ --without-nghttp2 \
+ --without-nss \
+ --without-cyassl \
+ --without-polarssl \
+ --without-ssl \
+ --without-winssl \
+ --without-darwinssl \
+ --disable-sspi \
+ --disable-ntlm-wb \
+ --disable-ldap \
+ --disable-rtsp \
+ --disable-dict \
+ --disable-telnet \
+ --disable-tftp \
+ --disable-pop3 \
+ --disable-imap \
+ --disable-smtp \
+ --disable-gopher \
+ --disable-file \
+ --disable-ftp \
+ --disable-smb && \
+ make install && \
+ cd - && \
+ rm -fr /gnurl
+
+# Install GNUnet
+ENV GNUNET_PREFIX /usr/local/gnunet
+ENV CFLAGS '-g -Wall -O0'
+
+COPY . /gnunet
+
+RUN cd /gnunet && \
+ ./bootstrap && \
+ ./configure \
+ --with-nssdir=/lib \
+ --prefix="$GNUNET_PREFIX" \
+ --enable-logging=verbose && \
+ make -j3 && \
+ make install && \
+ ldconfig && \
+ cd - && \
+ rm -fr /gnunet
+
+# Configure GNUnet
+COPY docker/gnunet.conf /etc/gnunet.conf
+COPY docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint
+RUN chmod 755 /usr/local/bin/docker-entrypoint
+
+ENV LOCAL_PORT_RANGE='40001 40200'
+ENV PATH "$GNUNET_PREFIX/bin:/usr/local/bin:$PATH"
+
+ENTRYPOINT ["docker-entrypoint"]
if DOCUMENTATION_ONLY
SUBDIRS = doc
-else
- SUBDIRS = doc m4 src po pkgconfig
+else
+ SUBDIRS = m4 src po pkgconfig
+if DOCUMENTATION
+ SUBDIRS += doc
+endif
endif
if !TALER_ONLY
* Documentation
- A preliminary rendering of the new GNUnet manual is deployed at
+ A HTML version of the new GNUnet manual is deployed at
- https://d.n0.is/pub/doc/gnunet/manual/
+ https://docs.gnunet.org
- we plan to have a complete new gnunet.org up and running in 2019.
- This website output exists as a convenience solution until then.
+ which currently displays just GNUnet documentation. Until 2019
+ we will add more reading material.
* Academia / papers
--- /dev/null
+<p align="center">
+ <a href="https://gnunet.org"><img src="contrib/branding/logo/gnunet-logo-dark-text.svg" alt="GNUnet" width="300px"/></a>
+</p>
+
+> GNUnet is a *new* network protocol stack for building secure, distributed, and privacy-preserving applications.
+
+* [Install](#how-to-install-gnunet)
+ * [From Source](#from-source)
+ * [Using Docker](#docker)
+* [Using GNUnet](#using-gnunet)
+* [License](#license)
+
+How to Install GNUnet
+---------------------
+
+### 1. From Source
+
+**Dependencies**
+
+Install these packages. Some of them may need to be installed from source depending on your OS.
+
+```
+- libmicrohttpd >= 0.9.42 (available from https://www.gnu.org/software/libmicrohttpd/)
+- libgcrypt >= 1.6
+- libgnurl >= 7.35.0 (recommended, available from https://gnunet.org/gnurl)
+- libcurl >= 7.35.0 (alternative to libgnurl)
+- libunistring >= 0.9.2
+- gnutls >= 3.2.12 (highly recommended: a gnutls linked against libunbound)
+- libidn >= 1.0
+- libextractor >= 0.6.1 (highly recommended)
+- openssl >= 1.0 (binary, used to generate X.509 certificate)
+- libltdl >= 2.2 (part of GNU libtool)
+- sqlite >= 3.8 (default database, required)
+- mysql >= 5.1 (alternative to sqlite)
+- postgres >= 9.5 (alternative to sqlite)
+- Texinfo >= 5.2 [*1]
+- which (for the bootstrap script)
+- gettext
+- zlib
+- pkg-config
+```
+
+
+You can also install the dependencies with the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/) by using the provided environment file:
+
+```shell
+guix package -l guix-env.scm
+```
+
+
+**Using GNU Make**
+
+```shell
+./bootstrap # Run this to generate the configure files.
+./configure # See the various flags avalable to you.
+make
+make install
+```
+
+**Using the [GNU Guix package manager:](https://https://www.gnu.org/software/guix/)**
+
+```shell
+# To build, run tests, and install:
+guix package -f guix-env.scm
+
+# To skip the testing phase:
+guix package -f guix-env.scm:notest
+```
+
+
+### 2. Docker
+
+```
+docker build -t gnunet .
+```
+
+
+
+Using GNUnet
+-------------
+
+There are many possible ways to use the subsystems of GNUnet, so we will provide a few examples in this section.
+
+<p align="center">
+ <a href="contrib/gnunet-arch-full.svg"><img src="contrib/gnunet-arch-full.svg" alt="GNUnet Modular Architecture" width="600px" border="1px"/></a>
+</p>
+
+>***GNUnet is composed of over 30 modular subsystems***
+
+
+### Start GNUnet Services
+
+Before we can begin using most of the components we must start them.
+
+```shell
+gnunet-arm --start
+```
+
+Now we can open up another shell and try using some of the modules.
+
+### Cadet
+
+#### Examples
+
+Open a Cadet connection:
+
+```shell
+# Node 1
+gnunet-cadet -o <shared secret>
+```
+
+Conect to peer:
+
+```shell
+# Node 2
+gnunet-cadet <peer-id of Node 1> <shared secret>
+```
+
+#### Sharing Files
+
+With the cli tool, you can also share files:
+
+```shell
+# Node 1
+gnunet-cadet -o <shared secret> > filename
+```
+
+On the Node 2 we're going to send the file to Node 1, and to do this we need to make use of [coprocesses](https://www.gnu.org/software/bash/manual/html_node/Coprocesses.html).
+The syntax for using coprocesses varies per shell. In our example we are assuming Bash. More info for different shells can be found [here](https://unix.stackexchange.com/questions/86270/how-do-you-use-the-command-coproc-in-various-shells)
+
+```shell
+# Node 2
+coproc gnunet-cadet <peer-id of Node 1> <shared secret>
+cat <file> >&"${COPROC[1]}"
+```
+
+Now this enables us to do some fun things, such as streaming video by piping to a media player:
+
+```shell
+# Node 1
+gnunet-cadet -o <shared secret> | vlc -
+```
+
+```shell
+# Node 2
+coproc gnunet-cadet <peer-id of Node 1> <shared secret>
+cat <video-file> >&"${COPROC[1]}"
+```
+
+### Filesharing
+
+You can use GNUnet as a content-addressed storage, much like IPFS: sharing immutable files in a decentralized fashion with added privacy.
+
+For instance, you can get a nice cat picture with
+```sh
+gnunet-download gnunet://fs/loc/CB0ZX5EM1ZNNRT7AX93RVHCN1H49242DWZ4AXBTCJBAG22Z33VHYMR61J71YJXTXHEC22TNE0PRWA6D5X7NFNY2J9BNMG0SFN5DKZ0G.R48JSE2T4Y3W2AMDHZYX2MMDJC4HR0BVTJYNWJT2DGK7EQXR35DT84H9ZRAK3QTCTHDBAE1S6W16P8PCKC4HGEEKNW2T42HXF9RS1J0.1906755.J5Z3BDEG2PW332001GGZ2SSKCCSV8WDM696HNARG49X9TMABC4DG.B6Y7BCJ6B5K40EXCXASX1HQAD8MBJ9WTFWPCE3F15Q3Q4Y2PB8BKVGCS5HA4FG4484858NB74PBEE5V1638MGG7NS40A82K7QKK3G0G.1577833200 --output cat.png
+```
+
+You can also give files to the network, like so:
+
+```sh
+$ echo "I love GNUnet" > ILoveGNUnet.txt
+$ gnunet-publish ILoveGNUnet.txt
+
+Publishing `/tmp/ILoveGNUnet.txt` done.
+URI is `gnunet://fs/chk/SXA4RGZWDHE4PDWD2F4XG778J4SZY3E3SNDZ9AWFRZYYBV52W1T2WQNZCF1NYAT842800SSBQ8F247TG6MX7H4S1RWZZSC8ZXGQ4YPR.AZ3B5WR1XCWCWR6W30S2365KFY7A3R5AMF5SRN3Z11R72SMVQDX3F6GXQSZMWZGM5BSYVDQEJ93CR024QAAE65CKHM52GH8MZK1BM90.14`.
+```
+
+The URI you get is what you can use to retrieve the file with `gnunet-download`.
+
+### GNS
+
+*coming soon*
+
+
+### VPN
+
+#### "Half-hidden" services
+
+You can tunnel IP traffic through GNUnet allowing you to offer web, [rsh](https://linux.die.net/man/1/rsh), messaging or other servers without revealing your IP address.
+
+This is similar to Tor's Hidden (aka Onion) services, but currently does not provide as much privacy as onion routing isn't yet implemented; on the other hand, you can tunnel UDP, unlike Tor.
+
+#### Configuring server
+
+First, set up access from GNUnet to IP with `exit`:
+
+`gnunet.conf`:
+```
+[exit]
+FORCESTART = YES
+EXIT_IPV4 = YES
+EXIT_RANGE_IPV4_POLICY = 169.254.86.1;
+```
+
+Exit, by the way can also be used as a general-purpose IP proxy i.e. exit relay but here we restrict IPs to be accessed to those we'll be serving stuff on only.
+
+Then, start up a server to be shared. For the sake of example,
+
+```sh
+python3 -m http.server 8080
+```
+
+Now to configure the actual "half-hidden service". The config syntax is as follows:
+
+```sh
+[<shared secret>.gnunet.]
+TCP_REDIRECTS = <exposed port>:<local IP>:<local port>
+```
+
+...which for our example would be
+
+```sh
+[myhttptest.gnunet.]
+TCP_REDIRECTS = 80:169.254.86.1:8080
+```
+
+Local IP can be anything (if allowed by other configuration) but a localhost address (in other words, you can't bind a hidden service to the loopback interface and say 127.0.0.1 in `TCP_REDIRECTS`). The packets will appear as coming from the exit TUN interface to whatever address is configured in `TCP_REDIRECTS` (unlike SSH local forwarding, where the packets appear as coming from the loopback interface) and so they will not be forwarded to 127.0.0.1.
+
+You can share access to this service with a peer id, shared secret and IP port numbler: here `gnunet-peerinfo -s`, `myhttptest` and `80` respectively.
+
+#### Connecting
+
+`gnunet-vpn` gives you ephemeral IPs to connect to if you tell it a peer id and a shared secret, like so:
+
+```sh
+$ gnunet-vpn -p N7R25J8ADR553EPW0NFWNCXK9V80RVCP69QJ47XMT82VKAR7Y300 -t -s myhttptest
+10.11.139.20
+
+# And just connect to the given IP
+$ wget 10.11.139.20
+Connecting to 10.11.139.20:80... connected.
+```
+
+(You can try it out with your browser too.)
+
+### Running a Hostlist Server
+
+*coming soon*
+
+GNUnet Configuration
+--------------------------
+### Examples
+
+```yaml
+[transport]
+OPTIONS = -L DEBUG
+PLUGINS = tcp
+#PLUGINS = udp
+
+[transport-tcp]
+OPTIONS = -L DEBUG
+BINDTO = 192.168.0.2
+```
+
+TODO: *explain what this does and add more*
+
+
+Philosophy
+-------------------------
+
+GNUnet is made for an open society: It's a self-organizing network and it's [http://www.gnu.org/philosophy/free-sw.html](free software) as in freedom. GNUnet puts you in control of your data. You determine which data to share with whom, and you're not pressured to accept compromises.
+
+
+Related Projects
+-------------------------
+
+ <a href="https://pep.foundation"><img src="https://pep.foundation/static/media/uploads/peplogo.svg" alt="pep.foundation" width="80px"/></a> <a href="https://secushare.org"><img src="https://secushare.org/img/secushare-0444.png" alt="Secushare" width="80px"/></a>
# should the build process be building the documentation?
AC_MSG_CHECKING(whether to build documentation)
AC_ARG_ENABLE([documentation],
- [AS_HELP_STRING([--enable-documentation], [build the documentation])],
+ [AS_HELP_STRING([--disable-documentation], [do not build the documentation])],
[documentation=${enableval}],
[documentation=yes])
AC_MSG_RESULT($documentation)
src/zonemaster/zonemaster.conf
src/rest/Makefile
src/abe/Makefile
-src/identity-attribute/Makefile
-src/identity-provider/Makefile
+src/reclaim-attribute/Makefile
+src/reclaim/Makefile
pkgconfig/Makefile
pkgconfig/gnunetarm.pc
pkgconfig/gnunetats.pc
gnunet_pyexpect.py
pydiffer.py
terminate.py
-timeout_watchdog
gnunet_pyexpect.py
gnunet_pyexpect.pyc
pydiffer.pyc
tap64dir = $(pkgdatadir)/openvpn-tap32/tapw64/
-noinst_PROGRAMS = \
- timeout_watchdog
-
-if !MINGW
-timeout_watchdog_SOURCES = \
- timeout_watchdog.c
-else
-timeout_watchdog_SOURCES = \
- timeout_watchdog_w32.c
-endif
-
noinst_SCRIPTS = \
scripts/terminate.py \
scripts/pydiffer.py \
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc="http://purl.org/dc/elements/1.1/"
+ xmlns:cc="http://creativecommons.org/ns#"
+ xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+ xmlns:svg="http://www.w3.org/2000/svg"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ version="1.1"
+ id="svg2"
+ height="280"
+ width="320">
+ <title
+ id="title3310">logo for GNUnet</title>
+ <defs
+ id="defs4">
+ <linearGradient
+ id="gnunet">
+ <stop
+ style="stop-color:#ff0000;stop-opacity:0.58431375;"
+ offset="0"
+ id="stop9516" />
+ <stop
+ style="stop-color:#ffcc00;stop-opacity:1;"
+ offset="1"
+ id="stop9518" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient4094">
+ <stop
+ style="stop-color:#232323;stop-opacity:1;"
+ offset="0"
+ id="stop4096" />
+ <stop
+ style="stop-color:#4d4d4d;stop-opacity:1;"
+ offset="1"
+ id="stop4098" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient4014">
+ <stop
+ style="stop-color:#a0a0a0;stop-opacity:1;"
+ offset="0"
+ id="stop4016" />
+ <stop
+ style="stop-color:#ffffff;stop-opacity:1;"
+ offset="1"
+ id="stop4018" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient4678">
+ <stop
+ style="stop-color:#e5e5e5;stop-opacity:1;"
+ offset="0"
+ id="stop4680" />
+ <stop
+ style="stop-color:#d3cdcd;stop-opacity:1;"
+ offset="1"
+ id="stop4682" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient4341">
+ <stop
+ id="stop4343"
+ offset="0"
+ style="stop-color:#333333;stop-opacity:1;" />
+ <stop
+ id="stop4345"
+ offset="1"
+ style="stop-color:#484848;stop-opacity:1;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient4696-5">
+ <stop
+ id="stop4698-6"
+ offset="0"
+ style="stop-color:#ffb638;stop-opacity:1;" />
+ <stop
+ id="stop4700-2"
+ offset="1"
+ style="stop-color:#f0ae26;stop-opacity:1;" />
+ </linearGradient>
+ <linearGradient
+ id="linearGradient4702-3-6">
+ <stop
+ id="stop4704-1"
+ offset="0"
+ style="stop-color:#ff0000;stop-opacity:0.58431375;" />
+ <stop
+ id="stop4706-8"
+ offset="1"
+ style="stop-color:#ffcc00;stop-opacity:1;" />
+ </linearGradient>
+ <color-profile
+ name="Artifex-PS-CMYK-Profile"
+ xlink:href="/usr/share/color/icc/ghostscript/ps_cmyk.icc"
+ id="color-profile27" />
+ <linearGradient
+ y2="69.791016"
+ x2="177.04297"
+ y1="63.65625"
+ x1="142.96875"
+ gradientTransform="matrix(-0.88803314,0,0,0.88803314,595.57001,1106.9291)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3138"
+ xlink:href="#linearGradient4702-3-6" />
+ <linearGradient
+ y2="1043.709"
+ x2="80.655251"
+ y1="1025.709"
+ x1="108.08774"
+ gradientTransform="matrix(-0.49726789,0,0,0.49726789,555.31016,722.70088)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3141"
+ xlink:href="#linearGradient4696-5" />
+ <linearGradient
+ y2="922.07178"
+ x2="78.000107"
+ y1="1004.8033"
+ x1="113.5146"
+ gradientTransform="matrix(0.88803314,0,0,0.88803314,415.18739,350.00262)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3144"
+ xlink:href="#linearGradient4702-3-6" />
+ <linearGradient
+ y2="70.667412"
+ x2="176.60477"
+ y1="63.65625"
+ x1="142.96875"
+ gradientTransform="matrix(0.88803314,0,0,0.88803314,415.2161,1106.9294)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3148"
+ xlink:href="#linearGradient4702-3-6" />
+ <linearGradient
+ y2="70.667412"
+ x2="176.60477"
+ y1="63.65625"
+ x1="142.96875"
+ gradientTransform="matrix(0.88803314,0,0,0.88803314,415.2161,1106.9294)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3780"
+ xlink:href="#linearGradient4702-3-6" />
+ <linearGradient
+ y2="922.07178"
+ x2="78.000107"
+ y1="1004.8033"
+ x1="113.5146"
+ gradientTransform="matrix(0.88803314,0,0,0.88803314,415.18739,350.00262)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3782"
+ xlink:href="#linearGradient4702-3-6" />
+ <linearGradient
+ y2="1043.709"
+ x2="80.655251"
+ y1="1025.709"
+ x1="108.08774"
+ gradientTransform="matrix(-0.49726789,0,0,0.49726789,555.31016,722.70088)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3784"
+ xlink:href="#linearGradient4696-5" />
+ <linearGradient
+ y2="69.791016"
+ x2="177.04297"
+ y1="63.65625"
+ x1="142.96875"
+ gradientTransform="matrix(-0.88803314,0,0,0.88803314,595.57001,1106.9291)"
+ gradientUnits="userSpaceOnUse"
+ id="linearGradient3786"
+ xlink:href="#linearGradient4702-3-6" />
+ <filter
+ id="filter9204"
+ style="color-interpolation-filters:sRGB">
+ <feColorMatrix
+ id="feColorMatrix9194"
+ result="colormatrix"
+ values="1 0 0 0 0 0 1 0 0 0 0 0 1 0 0 -0.2125 -0.7154 -0.0721 1 0 "
+ in="SourceGraphic" />
+ <feComposite
+ k1="0"
+ id="feComposite9196"
+ result="composite"
+ k4="0"
+ k3="0"
+ k2="1"
+ operator="arithmetic"
+ in2="colormatrix"
+ in="SourceGraphic" />
+ <feGaussianBlur
+ id="feGaussianBlur9198"
+ result="blur1"
+ stdDeviation="5 0.01" />
+ <feGaussianBlur
+ id="feGaussianBlur9200"
+ result="blur2"
+ stdDeviation="0.01 5"
+ in="composite" />
+ <feBlend
+ id="feBlend9202"
+ result="blend"
+ mode="darken"
+ in2="blur1"
+ in="blur2" />
+ </filter>
+ <filter
+ id="filter9330"
+ style="color-interpolation-filters:sRGB">
+ <feGaussianBlur
+ id="feGaussianBlur9328"
+ result="blur"
+ stdDeviation="2 2" />
+ </filter>
+ </defs>
+ <metadata
+ id="metadata7">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title>logo for GNUnet</dc:title>
+ <dc:creator>
+ <cc:Agent>
+ <dc:title>Luis Felipe López Acevedo, Amirouche Boubekki, carlo von lynX</dc:title>
+ </cc:Agent>
+ </dc:creator>
+ <dc:rights>
+ <cc:Agent>
+ <dc:title>GNUnet e.V.</dc:title>
+ </cc:Agent>
+ </dc:rights>
+ <cc:license
+ rdf:resource="http://creativecommons.org/licenses/by-sa/4.0/" />
+ <dc:description />
+ </cc:Work>
+ <cc:License
+ rdf:about="http://creativecommons.org/licenses/by-sa/4.0/">
+ <cc:permits
+ rdf:resource="http://creativecommons.org/ns#Reproduction" />
+ <cc:permits
+ rdf:resource="http://creativecommons.org/ns#Distribution" />
+ <cc:requires
+ rdf:resource="http://creativecommons.org/ns#Notice" />
+ <cc:requires
+ rdf:resource="http://creativecommons.org/ns#Attribution" />
+ <cc:permits
+ rdf:resource="http://creativecommons.org/ns#DerivativeWorks" />
+ <cc:requires
+ rdf:resource="http://creativecommons.org/ns#ShareAlike" />
+ </cc:License>
+ </rdf:RDF>
+ </metadata>
+ <g
+ id="g5346"
+ style="display:none"
+ transform="translate(-387.41463,-609.81931)">
+ <text
+ xml:space="preserve"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ x="453.95291"
+ y="869.96057"
+ id="text5344"><tspan
+ id="tspan5342"
+ x="453.95291"
+ y="869.96057"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:49.33333206px;font-family:'Ubuntu Bold';-inkscape-font-specification:'Ubuntu Bold, ';fill:#ffffff;stroke-width:1.03365779px"
+ dx="0 0 0">gnu net</tspan></text>
+ </g>
+ <g
+ transform="translate(-387.41463,-609.81931)"
+ style="display:none"
+ id="g950">
+ <text
+ id="text948"
+ y="869.21057"
+ x="467.77612"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ xml:space="preserve"><tspan
+ dx="0 -2.5 -3 0 -19.25 -2.5 -3"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#ffffff;stroke-width:1.03365779px"
+ y="869.21057"
+ x="467.77612"
+ id="tspan946">gnu net</tspan></text>
+ </g>
+ <g
+ id="g941"
+ style="display:none"
+ transform="translate(0,-20)">
+ <ellipse
+ ry="17.690269"
+ rx="17.68549"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:1.68696308;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+ id="ellipse937"
+ cx="157.97346"
+ cy="180.65355" />
+ <ellipse
+ ry="17.690269"
+ rx="17.68549"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:1.68696308;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+ id="ellipse939"
+ cx="157.97346"
+ cy="111.16864" />
+ </g>
+ <g
+ transform="translate(-387.41463,-609.81931)"
+ style="display:none"
+ id="g935">
+ <g
+ aria-label="gnu net"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;image-rendering:auto"
+ id="g933">
+ <path
+ d="m 423.90503,684.79003 h 22.14128 v 61.61056 q 0,11.55196 4.3855,16.04443 4.38546,4.49242 12.72857,4.49242 12.19374,0 20.00203,-9.94753 7.80828,-9.94753 7.80828,-27.48942 v -44.71046 h 22.14128 v 99.6893 h -22.14128 v -24.92231 q -3.31586,12.83553 -12.30071,20.10899 -8.98489,7.27346 -22.14132,7.27346 -15.29567,0 -23.95963,-9.94753 -8.664,-10.0545 -8.664,-30.59135 z"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#ffffff;stroke-width:4.46906853px"
+ id="path925" />
+ <path
+ d="m 669.48029,784.47933 h -22.14128 v -61.50359 q 0,-11.65892 -4.3855,-16.15139 -4.38546,-4.49243 -12.72857,-4.49243 -12.30071,0 -20.10899,9.94753 -7.70132,9.94754 -7.70132,27.48947 v 44.71041 h -22.14128 v -99.6893 h 22.14128 v 25.02928 q 3.31586,-12.94249 12.30071,-20.10899 8.98489,-7.27346 22.14132,-7.27346 15.29567,0 23.95967,9.94753 8.66396,9.94753 8.66396,30.59135 z"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#ffffff;stroke-width:4.46906853px"
+ id="path927" />
+ </g>
+ </g>
+ <g
+ id="g1296"
+ style="display:none"
+ transform="translate(0,-67.278107)">
+ <path
+ style="fill:none;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 62.698223,85.778107 -39.5,48.000003 v 0 l -1,2"
+ id="path1256" />
+ <path
+ style="fill:none;stroke:#dddddd;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 12.698223,104.77811 10,29 21,-10.5 v 0 0"
+ id="path1258" />
+ <path
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 11.809253,105.24526 63.6227,34.91188 23.31802,-11.09978 -35.03955,28.74946 11.86161,-17.77468 -53.18435,-5.79678 40.95076,23.69646 25.32406,0.49689 24.193047,3.02495 v 48.02104 l 21.04995,-32.14943 -20.559,-15.87161 32.52749,48.02104 -8.06937,31.38386 -24.94907,-31.76198 24.94907,77.51429 22.25436,-36.69889 21.97354,37.07701 -43.59987,-0.37188 41.32877,-28.87448 22.05899,-21.17152 -19.90986,50.171 -3.71591,-29.60613 -8.57843,-31.7682 -9.69437,24.71516 54.37611,-52.19866 -24.96716,8.94671 -18.39175,19.15282 18.27579,-55.07718 25.20812,27.362 20.66591,-41.35238 -46.00204,14.12783 22.94304,-37.07431 23.05297,23.0777 31.8814,-26.48075 40.07874,-25.58708 -15.26372,39.20869 -24.69305,-13.74039 -55.05634,4.03119 79.62738,9.58108 -56.57441,12.73416"
+ id="path1260" />
+ <path
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 98.868943,129.31358 37.045597,48.02106"
+ id="path1262" />
+ <path
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 88.284483,158.4287 10.96248,-29.11512 12.474537,32.51819"
+ id="path1264" />
+ <path
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 212.13974,133.78236 54.69043,-3.64603 -31.75647,27.04795"
+ id="path1266" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#dddddd;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 399.11285,648.31931 50.5,-19.5 -14.05,28.1 0.925,-1.725 -5.875,11.75 -0.25,-0.75"
+ id="path1268" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:#729fcf;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 601.57854,741.42859 -2.26809,-64.28015"
+ id="path1270" />
+ <path
+ style="fill:none;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 189.57322,206.52811 -44,2.625 25.375,17.125 v 0"
+ id="path1272" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 475.69911,700.21367 24.57107,51.42411"
+ id="path1274" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 534.29164,751.63778 12.85257,40.08057"
+ id="path1276" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 525.21925,783.02162 0.37803,45.75234"
+ id="path1278" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 601.95657,742.56293 -12.09653,36.6775"
+ id="path1280" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 475.69911,700.59178 46.98395,22.0278 10.85256,28.26194"
+ id="path1282" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 589.104,778.86231 -12.85255,-66.17074 v 36.6775 z"
+ id="path1284" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 557.35064,768.27501 31.75336,10.5873"
+ id="path1286" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 500.27018,704.37298 v 48.77728 l 24.57105,30.2495 23.81505,9.45293"
+ id="path1288" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 524.46323,829.53019 44.98392,-0.37812"
+ id="path1290" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;stroke:#dddddd;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ d="m 694.61285,647.31931 -40.285,-17.00922 -4.715,-1.99078 29,57.5 v -0.5 0 h 0.5 v 0"
+ id="path1292" />
+ <path
+ transform="translate(-387.41463,-542.5412)"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#dddddd;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 409.92428,677.14844 54.05634,6.0499"
+ id="path1294" />
+ </g>
+ <g
+ transform="translate(0,-67.278107)"
+ style="display:none"
+ id="g1254">
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="829.24042"
+ cx="568.98083"
+ id="ellipse1194"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1196"
+ cx="588.85413"
+ cy="778.67493" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="740.67249"
+ cx="601.57867"
+ id="ellipse1198"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1200"
+ cx="525.79852"
+ cy="829.24042" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1202"
+ cx="557.82654"
+ cy="768.71582" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="783.02173"
+ cx="525.21936"
+ id="ellipse1204"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1206"
+ cx="400.09586"
+ cy="647.34271" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1208"
+ cx="450.11285"
+ cy="628.31934" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1210"
+ cx="622.36951"
+ cy="699.45752" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1212"
+ cx="547.21771"
+ cy="792.29773" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1214"
+ cx="566.20697"
+ cy="800.12549" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="751.63794"
+ cx="500.64822"
+ id="ellipse1216"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1218"
+ cx="533.33447"
+ cy="751.72632" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1220"
+ cx="450.75012"
+ cy="699.83545" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="700.59174"
+ cx="476.07718"
+ id="ellipse1222"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1224"
+ cx="521.49146"
+ cy="719.65314" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1226"
+ cx="500.6362"
+ cy="703.87305" />
+ <ellipse
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="134.28851"
+ cx="211.9584"
+ id="ellipse1228"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1230"
+ cx="576.62964"
+ cy="713.44794" />
+ <ellipse
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="123.16669"
+ cx="43.166531"
+ id="ellipse1232"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1234"
+ cx="98.865997"
+ cy="129.43542" />
+ <ellipse
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="130.05022"
+ cx="267.08618"
+ id="ellipse1236"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1238"
+ cx="679.07196"
+ cy="686.22339" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="748.99109"
+ cx="577.00763"
+ id="ellipse1240"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1242"
+ cx="577.00763"
+ cy="748.99109" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="748.99109"
+ cx="577.07013"
+ id="ellipse1244"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(0,-3e-6)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="133.85095"
+ cx="22.887779"
+ id="ellipse1246"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="682.1922"
+ cx="462.47165"
+ id="ellipse1248"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ cy="647.3053"
+ cx="694.58264"
+ id="ellipse1250"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1" />
+ <ellipse
+ transform="translate(-387.41463,-542.5412)"
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#ffffff;fill-opacity:1;stroke:#eeeeee;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1252"
+ cx="649.61285"
+ cy="628.31934" />
+ </g>
+ <g
+ transform="translate(0,-67.278107)"
+ style="display:inline"
+ id="g1533">
+ <path
+ id="path1493"
+ d="m 62.698223,85.778107 -39.5,48.000003 v 0 l -1,2"
+ style="fill:none;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1495"
+ d="m 12.698223,104.77811 10,29 21,-10.5 v 0 0"
+ style="fill:none;stroke:#3399cc;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1497"
+ d="m 11.809253,105.24526 63.6227,34.91188 23.31802,-11.09978 -35.03955,28.74946 11.86161,-17.77468 -53.18435,-5.79678 40.95076,23.69646 25.32406,0.49689 24.193047,3.02495 v 48.02104 l 21.04995,-32.14943 -20.559,-15.87161 32.52749,48.02104 -8.06937,31.38386 -24.94907,-31.76198 24.94907,77.51429 22.25436,-36.69889 21.97354,37.07701 -43.59987,-0.37188 41.32877,-28.87448 22.05899,-21.17152 -19.90986,50.171 -3.71591,-29.60613 -8.57843,-31.7682 -9.69437,24.71516 54.37611,-52.19866 -24.96716,8.94671 -18.39175,19.15282 18.27579,-55.07718 25.20812,27.362 20.66591,-41.35238 -46.00204,14.12783 22.94304,-37.07431 23.05297,23.0777 31.8814,-26.48075 40.07874,-25.58708 -15.26372,39.20869 -24.69305,-13.74039 -55.05634,4.03119 79.62738,9.58108 -56.57441,12.73416"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1499"
+ d="m 98.868943,129.31358 37.045597,48.02106"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1501"
+ d="m 88.284483,158.4287 10.96248,-29.11512 12.474537,32.51819"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1503"
+ d="m 212.13974,133.78236 54.69043,-3.64603 -31.75647,27.04795"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1505"
+ d="m 399.11285,648.31931 50.5,-19.5 -14.05,28.1 0.925,-1.725 -5.875,11.75 -0.25,-0.75"
+ style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#3399cc;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1507"
+ d="m 601.57854,741.42859 -2.26809,-64.28015"
+ style="display:inline;opacity:1;fill:#729fcf;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1509"
+ d="m 189.57322,206.52811 -44,2.625 25.375,17.125 v 0"
+ style="fill:none;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+ <path
+ id="path1511"
+ d="m 475.69911,700.21367 24.57107,51.42411"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1513"
+ d="m 534.29164,751.63778 12.85257,40.08057"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1515"
+ d="m 525.21925,783.02162 0.37803,45.75234"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1517"
+ d="m 601.95657,742.56293 -12.09653,36.6775"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1519"
+ d="m 475.69911,700.59178 46.98395,22.0278 10.85256,28.26194"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1521"
+ d="m 589.104,778.86231 -12.85255,-66.17074 v 36.6775 z"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1523"
+ d="m 557.35064,768.27501 31.75336,10.5873"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1525"
+ d="m 500.27018,704.37298 v 48.77728 l 24.57105,30.2495 23.81505,9.45293"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1527"
+ d="m 524.46323,829.53019 44.98392,-0.37812"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1529"
+ d="m 694.61285,647.31931 -40.285,-17.00922 -4.715,-1.99078 29,57.5 v -0.5 0 h 0.5 v 0"
+ style="display:inline;opacity:1;fill:none;stroke:#3399cc;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path1531"
+ d="m 409.92428,677.14844 54.05634,6.0499"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#3399cc;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ transform="translate(-387.41463,-542.5412)" />
+ </g>
+ <g
+ id="g1491"
+ style="display:inline"
+ transform="translate(0,-67.278107)">
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1431"
+ cx="568.98083"
+ cy="829.24042"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="778.67493"
+ cx="588.85413"
+ id="ellipse1433"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1435"
+ cx="601.57867"
+ cy="740.67249"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="829.24042"
+ cx="525.79852"
+ id="ellipse1437"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="768.71582"
+ cx="557.82654"
+ id="ellipse1439"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1441"
+ cx="525.21936"
+ cy="783.02173"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="647.34271"
+ cx="400.09586"
+ id="ellipse1443"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="628.31934"
+ cx="450.11285"
+ id="ellipse1445"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="699.45752"
+ cx="622.36951"
+ id="ellipse1447"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="792.29773"
+ cx="547.21771"
+ id="ellipse1449"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="800.12549"
+ cx="566.20697"
+ id="ellipse1451"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1453"
+ cx="500.64822"
+ cy="751.63794"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="751.72632"
+ cx="533.33447"
+ id="ellipse1455"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="699.83545"
+ cx="450.75012"
+ id="ellipse1457"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1459"
+ cx="476.07718"
+ cy="700.59174"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="719.65314"
+ cx="521.49146"
+ id="ellipse1461"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="703.87305"
+ cx="500.6362"
+ id="ellipse1463"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1465"
+ cx="211.9584"
+ cy="134.28851"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="713.44794"
+ cx="576.62964"
+ id="ellipse1467"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1469"
+ cx="43.166531"
+ cy="123.16669"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="129.43542"
+ cx="98.865997"
+ id="ellipse1471"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1473"
+ cx="267.08618"
+ cy="130.05022"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="686.22339"
+ cx="679.07196"
+ id="ellipse1475"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1477"
+ cx="577.00763"
+ cy="748.99109"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="748.99109"
+ cx="577.00763"
+ id="ellipse1479"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1481"
+ cx="577.07013"
+ cy="748.99109"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1483"
+ cx="22.887779"
+ cy="133.85095"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(0,-3e-6)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1485"
+ cx="462.47165"
+ cy="682.1922"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1487"
+ cx="694.58264"
+ cy="647.3053"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="628.31934"
+ cx="649.61285"
+ id="ellipse1489"
+ style="display:inline;opacity:1;fill:#419edb;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ </g>
+ <g
+ id="g1539"
+ style="display:inline"
+ transform="translate(0,-20)">
+ <ellipse
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#3399cc;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1535"
+ cx="159.80099"
+ cy="276.32968" />
+ <ellipse
+ ry="4.1593032"
+ rx="4.1581793"
+ style="display:inline;opacity:1;fill:#3399cc;fill-opacity:1;stroke:#3399cc;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse1537"
+ cx="159.80099"
+ cy="259.99252" />
+ </g>
+ <g
+ transform="translate(0,-67.278107)"
+ style="display:none"
+ id="layer3">
+ <path
+ id="path5313"
+ d="m 62.698223,85.778107 -39.5,48.000003 v 0 l -1,2"
+ style="fill:none;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path5311"
+ d="m 12.698223,104.77811 10,29 21,-10.5 v 0 0"
+ style="fill:none;stroke:#cc0000;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path9316"
+ d="m 11.809253,105.24526 63.6227,34.91188 23.31802,-11.09978 -35.03955,28.74946 11.86161,-17.77468 -53.18435,-5.79678 40.95076,23.69646 25.32406,0.49689 24.193047,3.02495 v 48.02104 l 21.04995,-32.14943 -20.559,-15.87161 32.52749,48.02104 -8.06937,31.38386 -24.94907,-31.76198 24.94907,77.51429 22.25436,-36.69889 21.97354,37.07701 -43.59987,-0.37188 41.32877,-28.87448 22.05899,-21.17152 -19.90986,50.171 -3.71591,-29.60613 -8.57843,-31.7682 -9.69437,24.71516 54.37611,-52.19866 -24.96716,8.94671 -18.39175,19.15282 18.27579,-55.07718 25.20812,27.362 20.66591,-41.35238 -46.00204,14.12783 22.94304,-37.07431 23.05297,23.0777 31.8814,-26.48075 40.07874,-25.58708 -15.26372,39.20869 -24.69305,-13.74039 -55.05634,4.03119 79.62738,9.58108 -56.57441,12.73416"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path9318"
+ d="m 98.868943,129.31358 37.045597,48.02106"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path12058"
+ d="m 88.284483,158.4287 10.96248,-29.11512 12.474537,32.51819"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path12250"
+ d="m 212.13974,133.78236 54.69043,-3.64603 -31.75647,27.04795"
+ style="display:inline;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path5161"
+ d="m 399.11285,648.31931 50.5,-19.5 -14.05,28.1 0.925,-1.725 -5.875,11.75 -0.25,-0.75"
+ style="display:inline;opacity:1;fill:none;fill-opacity:1;stroke:#cc0000;stroke-width:2;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12206"
+ d="m 601.57854,741.42859 -2.26809,-64.28015"
+ style="display:inline;opacity:1;fill:#729fcf;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path5331"
+ d="m 189.57322,206.52811 -44,2.625 25.375,17.125 v 0"
+ style="fill:none;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843" />
+ <path
+ id="path9320"
+ d="m 475.69911,700.21367 24.57107,51.42411"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path9322"
+ d="m 534.29164,751.63778 12.85257,40.08057"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path9324"
+ d="m 525.21925,783.02162 0.37803,45.75234"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path9326"
+ d="m 601.95657,742.56293 -12.09653,36.6775"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12060"
+ d="m 475.69911,700.59178 46.98395,22.0278 10.85256,28.26194"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12208"
+ d="m 589.104,778.86231 -12.85255,-66.17074 v 36.6775 z"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12210"
+ d="m 557.35064,768.27501 31.75336,10.5873"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12212"
+ d="m 500.27018,704.37298 v 48.77728 l 24.57105,30.2495 23.81505,9.45293"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12216"
+ d="m 524.46323,829.53019 44.98392,-0.37812"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:3;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path5163"
+ d="m 694.61285,647.31931 -40.285,-17.00922 -4.715,-1.99078 29,57.5 v -0.5 0 h 0.5 v 0"
+ style="display:inline;opacity:1;fill:none;stroke:#cc0000;stroke-width:2.5;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ <path
+ id="path12214"
+ d="m 409.92428,677.14844 54.05634,6.0499"
+ style="display:inline;opacity:1;fill:none;fill-rule:evenodd;stroke:#cc0000;stroke-width:1.58654225px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:0.99607843"
+ transform="translate(-387.41463,-542.5412)" />
+ </g>
+ <g
+ id="g325"
+ style="display:none"
+ transform="translate(0,-67.278107)">
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12254"
+ cx="568.98083"
+ cy="829.24042"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="778.67493"
+ cx="588.85413"
+ id="ellipse12290"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12284"
+ cx="601.57867"
+ cy="740.67249"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="829.24042"
+ cx="525.79852"
+ id="ellipse12256"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="768.71582"
+ cx="557.82654"
+ id="ellipse12306"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12280"
+ cx="525.21936"
+ cy="783.02173"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="647.34271"
+ cx="400.09586"
+ id="ellipse12258"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="628.31934"
+ cx="450.11285"
+ id="ellipse12258-3"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="699.45752"
+ cx="622.36951"
+ id="ellipse12294"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="792.29773"
+ cx="547.21771"
+ id="ellipse12252"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="800.12549"
+ cx="566.20697"
+ id="ellipse12282"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12276"
+ cx="500.64822"
+ cy="751.63794"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="751.72632"
+ cx="533.33447"
+ id="ellipse12278"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="699.83545"
+ cx="450.75012"
+ id="ellipse12262"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12268"
+ cx="476.07718"
+ cy="700.59174"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="719.65314"
+ cx="521.49146"
+ id="ellipse12270"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="703.87305"
+ cx="500.6362"
+ id="ellipse12274"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12292"
+ cx="211.9584"
+ cy="134.28851"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="713.44794"
+ cx="576.62964"
+ id="ellipse12286"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12260"
+ cx="43.166531"
+ cy="123.16669"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="129.43542"
+ cx="98.865997"
+ id="ellipse12266"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12296"
+ cx="267.08618"
+ cy="130.05022"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="686.22339"
+ cx="679.07196"
+ id="ellipse12298"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12288"
+ cx="577.00763"
+ cy="748.99109"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="748.99109"
+ cx="577.00763"
+ id="ellipse12302"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12304"
+ cx="577.07013"
+ cy="748.99109"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12264"
+ cx="22.887779"
+ cy="133.85095"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(0,-3e-6)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12272"
+ cx="462.47165"
+ cy="682.1922"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ id="ellipse12300"
+ cx="694.58264"
+ cy="647.3053"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ <ellipse
+ cy="628.31934"
+ cx="649.61285"
+ id="ellipse12258-3-0"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#cc0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:1"
+ rx="4.1581793"
+ ry="4.1593032"
+ transform="translate(-387.41463,-542.5412)" />
+ </g>
+ <g
+ transform="translate(0,-20)"
+ style="display:none"
+ id="layer6">
+ <ellipse
+ cy="276.32968"
+ cx="159.80099"
+ id="ellipse12282-8-9-0"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+ rx="4.1581793"
+ ry="4.1593032" />
+ <ellipse
+ cy="259.99252"
+ cx="159.80099"
+ id="ellipse12282-8-9"
+ style="display:inline;opacity:1;fill:#ee0000;fill-opacity:1;stroke:#ee0000;stroke-width:0.39663559;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-dasharray:none;stroke-dashoffset:0;stroke-opacity:0.97635139"
+ rx="4.1581793"
+ ry="4.1593032" />
+ </g>
+ <g
+ id="g975"
+ style="display:inline"
+ transform="translate(-387.41463,-609.81931)">
+ <g
+ id="text973"
+ style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:16.53852463px;line-height:125%;font-family:Ubuntu;-inkscape-font-specification:Ubuntu;letter-spacing:0px;word-spacing:0px;display:inline;opacity:1;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1.03365779px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;image-rendering:auto"
+ aria-label="gnu net">
+ <path
+ id="path977"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+ d="m 489.62118,868.96318 q 0,2.375 -0.81641,4.23046 -0.81641,1.85547 -2.30078,3.14193 -1.45964,1.28646 -3.46354,1.95443 -1.97917,0.69271 -4.42839,0.69271 -6.01172,0 -10.26693,-3.63672 l 2.42448,-3.95834 q 3.53776,3.04297 7.84245,3.04297 2.64714,0 4.25521,-1.31119 1.63281,-1.28646 1.63281,-4.0573 v -2.47395 q -1.58333,1.36067 -3.04297,2.02864 -1.45963,0.64323 -3.38932,0.64323 -2.22656,0 -4.13151,-0.9401 -1.90495,-0.94011 -3.29037,-2.54818 -1.36067,-1.63281 -2.15234,-3.78516 -0.76693,-2.15234 -0.76693,-4.57682 0,-2.42448 0.76693,-4.57682 0.79167,-2.17709 2.15234,-3.76042 1.38542,-1.60807 3.29037,-2.52344 1.90495,-0.9401 4.13151,-0.9401 1.92969,0 3.4388,0.66797 1.50912,0.64323 2.99349,1.95442 v -2.07812 h 5.1211 z m -5.1211,-16.67448 q -0.91536,-1.01433 -2.375,-1.53386 -1.43489,-0.54427 -2.79557,-0.54427 -2.89453,0 -4.70052,2.02865 -1.78125,2.02864 -1.78125,5.17057 0,1.55859 0.47005,2.89453 0.49479,1.3112 1.33594,2.27604 0.86588,0.96485 2.05338,1.53386 1.21224,0.54427 2.6224,0.54427 1.36068,0 2.79557,-0.54427 1.45964,-0.56901 2.375,-1.58334 z" />
+ <path
+ id="path979"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+ d="m 514.82951,869.21057 h -5.12109 v -14.22526 q 0,-2.69661 -1.01433,-3.73568 -1.01432,-1.03906 -2.94401,-1.03906 -2.84505,0 -4.65104,2.30078 -1.78125,2.30078 -1.78125,6.35808 v 10.34114 h -5.12109 v -23.05729 h 5.12109 v 5.78906 q 0.76693,-2.99349 2.84505,-4.65104 2.07813,-1.68229 5.1211,-1.68229 3.53776,0 5.54166,2.30078 2.00391,2.30078 2.00391,7.07552 z" />
+ <path
+ id="path981"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+ d="m 518.90503,846.15328 h 5.12109 v 14.25 q 0,2.67187 1.01433,3.71094 1.01432,1.03906 2.94401,1.03906 2.82031,0 4.6263,-2.30078 1.80599,-2.30078 1.80599,-6.35807 v -10.34115 h 5.12109 v 23.05729 h -5.12109 v -5.76432 q -0.76693,2.96875 -2.84505,4.65104 -2.07813,1.68229 -5.1211,1.68229 -3.53776,0 -5.54166,-2.30078 -2.00391,-2.32552 -2.00391,-7.07552 z" />
+ <path
+ id="path983"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+ d="m 575.70451,869.21057 h -5.12109 v -14.22526 q 0,-2.69661 -1.01433,-3.73568 -1.01432,-1.03906 -2.94401,-1.03906 -2.84505,0 -4.65104,2.30078 -1.78125,2.30078 -1.78125,6.35808 v 10.34114 h -5.12109 v -23.05729 h 5.12109 v 5.78906 q 0.76693,-2.99349 2.84505,-4.65104 2.07813,-1.68229 5.1211,-1.68229 3.53776,0 5.54167,2.30078 2.0039,2.30078 2.0039,7.07552 z" />
+ <path
+ id="path985"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+ d="m 583.76832,859.63635 q 0.37109,2.375 2.2513,3.95834 1.90495,1.55859 5.09635,1.55859 2.4987,0 4.32943,-0.76693 1.85547,-0.79166 3.19141,-2.07812 l 2.62239,3.61198 q -2.22656,2.22656 -4.72526,3.04297 -2.47396,0.8164 -5.41797,0.8164 -2.67187,0 -4.97265,-0.89062 -2.30079,-0.89063 -3.98308,-2.47396 -1.68229,-1.60807 -2.64713,-3.8099 -0.94011,-2.20182 -0.94011,-4.89844 0,-2.62239 0.86589,-4.82421 0.89062,-2.22657 2.47396,-3.83464 1.60807,-1.63281 3.83463,-2.52344 2.22657,-0.91536 4.92318,-0.91536 2.79557,0 5.07161,0.96484 2.27605,0.94011 3.88412,2.7461 1.63281,1.80599 2.54818,4.42838 0.91536,2.59766 0.91536,5.88802 z m 13.53255,-4.5026 q -0.39584,-2.22656 -2.30078,-3.5625 -1.90495,-1.36068 -4.32943,-1.36068 -2.42448,0 -4.35417,1.36068 -1.92968,1.33594 -2.32552,3.5625 z" />
+ <path
+ id="path987"
+ style="font-style:normal;font-variant:normal;font-weight:bold;font-stretch:normal;font-size:50.66666794px;font-family:'Anonymous Pro';-inkscape-font-specification:'Anonymous Pro Bold';fill:#292929;stroke-width:1.03365779px;fill-opacity:1"
+ d="m 627.08081,861.86291 q -0.39583,3.63672 -2.86979,5.78907 -2.44922,2.1276 -6.13542,2.1276 -2.02864,0 -3.71094,-0.66797 -1.68229,-0.66797 -2.86979,-1.85547 -1.1875,-1.1875 -1.85547,-2.84505 -0.64322,-1.68229 -0.64322,-3.66146 v -9.97005 h -5.22006 v -4.6263 h 5.22006 v -9.22787 h 5.12109 v 9.22787 h 9.67318 v 4.6263 h -9.67318 v 9.97005 q 0,2.22657 1.08854,3.31511 1.08854,1.08854 2.86979,1.08854 2.17709,0 3.24089,-1.26172 1.0638,-1.26172 1.26172,-3.04297 z" />
+ </g>
+ </g>
+</svg>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
+ "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<!-- Generated by graphviz version 2.38.0 (20140413.2041)
+ -->
+<!-- Title: dependencies Pages: 1 -->
+<svg width="1277pt" height="836pt"
+ viewBox="0.00 0.00 1276.81 836.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 832)">
+<title>dependencies</title>
+<polygon fill="white" stroke="none" points="-4,4 -4,-832 1272.81,-832 1272.81,4 -4,4"/>
+<!-- voting -->
+<g id="node1" class="node"><title>voting</title>
+<polygon fill="none" stroke="black" points="120.944,-743.562 80,-756 39.0559,-743.562 39.0942,-723.438 120.906,-723.438 120.944,-743.562"/>
+<text text-anchor="middle" x="80" y="-734.3" font-family="Times,serif" font-size="14.00">voting</text>
+</g>
+<!-- consensus -->
+<g id="node2" class="node"><title>consensus</title>
+<ellipse fill="none" stroke="black" cx="112" cy="-594" rx="46.2923" ry="18"/>
+<text text-anchor="middle" x="112" y="-590.3" font-family="Times,serif" font-size="14.00">consensus</text>
+</g>
+<!-- voting->consensus -->
+<g id="edge1" class="edge"><title>voting->consensus</title>
+<path fill="none" stroke="black" d="M121.028,-728.482C145.315,-721.103 174.155,-707.724 189,-684 197.487,-670.436 196.445,-662.162 189,-648 180.933,-632.654 166.19,-620.887 151.748,-612.383"/>
+<polygon fill="black" stroke="black" points="153.308,-609.247 142.857,-607.508 149.942,-615.385 153.308,-609.247"/>
+</g>
+<!-- identity -->
+<g id="node3" class="node"><title>identity</title>
+<ellipse fill="none" stroke="black" cx="282" cy="-450" rx="37.8943" ry="18"/>
+<text text-anchor="middle" x="282" y="-446.3" font-family="Times,serif" font-size="14.00">identity</text>
+</g>
+<!-- voting->identity -->
+<g id="edge2" class="edge"><title>voting->identity</title>
+<path fill="none" stroke="black" d="M58.5145,-723.377C45.8789,-714.02 31.0387,-700.353 24,-684 5.02284,-639.911 -2.50901,-616.016 24,-576 46.6577,-541.798 71.8444,-557.396 109,-540 158.351,-516.894 214.207,-487.564 248.77,-469.032"/>
+<polygon fill="black" stroke="black" points="250.781,-471.924 257.931,-464.105 247.466,-465.759 250.781,-471.924"/>
+</g>
+<!-- cadet -->
+<g id="node4" class="node"><title>cadet</title>
+<ellipse fill="none" stroke="black" cx="538" cy="-450" rx="29.4969" ry="18"/>
+<text text-anchor="middle" x="538" y="-446.3" font-family="Times,serif" font-size="14.00">cadet</text>
+</g>
+<!-- voting->cadet -->
+<g id="edge3" class="edge"><title>voting->cadet</title>
+<path fill="none" stroke="black" d="M72.0051,-723.243C55.682,-693.149 22.8306,-620.604 57,-576 70.8829,-557.877 390.653,-484.265 500.977,-459.316"/>
+<polygon fill="black" stroke="black" points="501.999,-462.673 510.983,-457.057 500.458,-455.845 501.999,-462.673"/>
+</g>
+<!-- secretsharing -->
+<g id="node5" class="node"><title>secretsharing</title>
+<ellipse fill="none" stroke="black" cx="123" cy="-666" rx="57.3905" ry="18"/>
+<text text-anchor="middle" x="123" y="-662.3" font-family="Times,serif" font-size="14.00">secretsharing</text>
+</g>
+<!-- voting->secretsharing -->
+<g id="edge4" class="edge"><title>voting->secretsharing</title>
+<path fill="none" stroke="black" d="M88.4954,-723.17C93.8716,-714.418 100.986,-702.837 107.357,-692.466"/>
+<polygon fill="black" stroke="black" points="110.45,-694.117 112.702,-683.764 104.486,-690.453 110.45,-694.117"/>
+</g>
+<!-- consensus->cadet -->
+<g id="edge72" class="edge"><title>consensus->cadet</title>
+<path fill="none" stroke="black" d="M146.507,-581.905C153.275,-579.85 160.34,-577.79 167,-576 236.135,-557.417 256.193,-562.96 324,-540 360.547,-527.625 367.474,-519.056 403,-504 437.068,-489.562 476.509,-474.236 503.927,-463.798"/>
+<polygon fill="black" stroke="black" points="505.344,-467.004 513.453,-460.185 502.862,-460.459 505.344,-467.004"/>
+</g>
+<!-- set -->
+<g id="node24" class="node"><title>set</title>
+<ellipse fill="none" stroke="black" cx="517" cy="-522" rx="27" ry="18"/>
+<text text-anchor="middle" x="517" y="-518.3" font-family="Times,serif" font-size="14.00">set</text>
+</g>
+<!-- consensus->set -->
+<g id="edge71" class="edge"><title>consensus->set</title>
+<path fill="none" stroke="black" d="M145.818,-581.678C152.772,-579.596 160.083,-577.583 167,-576 182.24,-572.511 394.44,-541.075 480.815,-528.33"/>
+<polygon fill="black" stroke="black" points="481.561,-531.758 490.943,-526.837 480.539,-524.833 481.561,-531.758"/>
+</g>
+<!-- dht -->
+<g id="node7" class="node"><title>dht</title>
+<ellipse fill="none" stroke="black" cx="756" cy="-378" rx="27" ry="18"/>
+<text text-anchor="middle" x="756" y="-374.3" font-family="Times,serif" font-size="14.00">dht</text>
+</g>
+<!-- cadet->dht -->
+<g id="edge51" class="edge"><title>cadet->dht</title>
+<path fill="none" stroke="black" d="M563.434,-440.833C602.822,-428.186 678.592,-403.856 722.428,-389.78"/>
+<polygon fill="black" stroke="black" points="723.607,-393.078 732.058,-386.688 721.467,-386.413 723.607,-393.078"/>
+</g>
+<!-- core -->
+<g id="node8" class="node"><title>core</title>
+<ellipse fill="none" stroke="black" cx="555" cy="-234" rx="27" ry="18"/>
+<text text-anchor="middle" x="555" y="-230.3" font-family="Times,serif" font-size="14.00">core</text>
+</g>
+<!-- cadet->core -->
+<g id="edge50" class="edge"><title>cadet->core</title>
+<path fill="none" stroke="black" d="M539.362,-431.849C542.303,-394.832 549.266,-307.181 552.824,-262.386"/>
+<polygon fill="black" stroke="black" points="556.328,-262.478 553.631,-252.232 549.35,-261.924 556.328,-262.478"/>
+</g>
+<!-- block -->
+<g id="node11" class="node"><title>block</title>
+<polygon fill="none" stroke="black" points="429,-324 385.598,-306 429,-288 472.402,-306 429,-324"/>
+<text text-anchor="middle" x="429" y="-302.3" font-family="Times,serif" font-size="14.00">block</text>
+</g>
+<!-- cadet->block -->
+<g id="edge52" class="edge"><title>cadet->block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M522.106,-434.467C511.33,-424.227 497.085,-409.913 486,-396 469.058,-374.736 452.633,-348.272 441.802,-329.75"/>
+<polygon fill="blue" stroke="blue" points="444.702,-327.773 436.674,-320.859 438.638,-331.27 444.702,-327.773"/>
+</g>
+<!-- secretsharing->consensus -->
+<g id="edge5" class="edge"><title>secretsharing->consensus</title>
+<path fill="none" stroke="black" d="M120.281,-647.697C119.069,-639.983 117.612,-630.712 116.261,-622.112"/>
+<polygon fill="black" stroke="black" points="119.698,-621.44 114.688,-612.104 112.783,-622.526 119.698,-621.44"/>
+</g>
+<!-- fs -->
+<g id="node6" class="node"><title>fs</title>
+<polygon fill="none" stroke="black" points="100,-527.562 73,-540 46,-527.562 46.0252,-507.438 99.9748,-507.438 100,-527.562"/>
+<text text-anchor="middle" x="73" y="-518.3" font-family="Times,serif" font-size="14.00">fs</text>
+</g>
+<!-- fs->identity -->
+<g id="edge12" class="edge"><title>fs->identity</title>
+<path fill="none" stroke="black" d="M100.21,-509.307C104.786,-507.46 109.507,-505.625 114,-504 164.764,-485.643 178.566,-484.387 230,-468 233.971,-466.735 238.108,-465.404 242.237,-464.067"/>
+<polygon fill="black" stroke="black" points="243.351,-467.386 251.778,-460.965 241.186,-460.729 243.351,-467.386"/>
+</g>
+<!-- fs->cadet -->
+<g id="edge9" class="edge"><title>fs->cadet</title>
+<path fill="none" stroke="black" d="M100.01,-516.934C178.772,-505.077 408.387,-470.512 499.803,-456.75"/>
+<polygon fill="black" stroke="black" points="500.372,-460.204 509.74,-455.254 499.33,-453.282 500.372,-460.204"/>
+</g>
+<!-- fs->dht -->
+<g id="edge6" class="edge"><title>fs->dht</title>
+<path fill="none" stroke="black" d="M100.081,-509.411C132.571,-495.433 183.726,-473.164 192,-468 213.144,-454.802 212.035,-441.688 235,-432 322.67,-395.017 615.27,-383.079 719.081,-379.955"/>
+<polygon fill="black" stroke="black" points="719.199,-383.453 729.093,-379.664 718.996,-376.456 719.199,-383.453"/>
+</g>
+<!-- fs->core -->
+<g id="edge7" class="edge"><title>fs->core</title>
+<path fill="none" stroke="black" d="M65.0877,-507.277C55.5997,-488.827 42.6595,-455.618 57,-432 93.0072,-372.699 269.007,-312.27 334,-288 397.135,-264.424 474.404,-248.714 518.841,-240.869"/>
+<polygon fill="black" stroke="black" points="519.614,-244.287 528.871,-239.134 518.42,-237.39 519.614,-244.287"/>
+</g>
+<!-- datastore -->
+<g id="node9" class="node"><title>datastore</title>
+<ellipse fill="none" stroke="black" cx="108" cy="-450" rx="42.4939" ry="18"/>
+<text text-anchor="middle" x="108" y="-446.3" font-family="Times,serif" font-size="14.00">datastore</text>
+</g>
+<!-- fs->datastore -->
+<g id="edge8" class="edge"><title>fs->datastore</title>
+<path fill="none" stroke="black" d="M79.9149,-507.17C84.2467,-498.507 89.9645,-487.071 95.1098,-476.78"/>
+<polygon fill="black" stroke="black" points="98.2763,-478.274 99.618,-467.764 92.0153,-475.143 98.2763,-478.274"/>
+</g>
+<!-- ats -->
+<g id="node10" class="node"><title>ats</title>
+<ellipse fill="none" stroke="black" cx="385" cy="-90" rx="27" ry="18"/>
+<text text-anchor="middle" x="385" y="-86.3" font-family="Times,serif" font-size="14.00">ats</text>
+</g>
+<!-- fs->ats -->
+<g id="edge10" class="edge"><title>fs->ats</title>
+<path fill="none" stroke="black" d="M60.2844,-507.296C39.3694,-483.267 0,-431.113 0,-379 0,-379 0,-379 0,-233 0,-159.097 252.872,-111.714 348.742,-96.4063"/>
+<polygon fill="black" stroke="black" points="349.504,-99.8296 358.84,-94.8203 348.418,-92.9144 349.504,-99.8296"/>
+</g>
+<!-- fs->block -->
+<g id="edge11" class="edge"><title>fs->block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M99.0792,-507.426C116.81,-497.613 140.343,-483.417 159,-468 175.732,-454.174 174.815,-445.258 192,-432 259.224,-380.139 351.062,-338.689 398.245,-319.166"/>
+<polygon fill="blue" stroke="blue" points="399.679,-322.361 407.611,-315.337 397.03,-315.881 399.679,-322.361"/>
+</g>
+<!-- dht->core -->
+<g id="edge42" class="edge"><title>dht->core</title>
+<path fill="none" stroke="black" d="M780.722,-370.233C802.496,-362.816 832.877,-348.569 847,-324 854.974,-310.128 857.48,-300.09 847,-288 810.092,-245.421 650.341,-266.908 596,-252 592.628,-251.075 589.164,-249.944 585.745,-248.709"/>
+<polygon fill="black" stroke="black" points="586.936,-245.416 576.348,-245.037 584.388,-251.936 586.936,-245.416"/>
+</g>
+<!-- dht->block -->
+<g id="edge44" class="edge"><title>dht->block</title>
+<path fill="none" stroke="black" d="M730.132,-372.774C681.84,-364.697 574.817,-345.908 486,-324 478.104,-322.052 469.673,-319.694 461.782,-317.363"/>
+<polygon fill="black" stroke="black" points="462.742,-313.997 452.157,-314.456 460.718,-320.698 462.742,-313.997"/>
+</g>
+<!-- nse -->
+<g id="node27" class="node"><title>nse</title>
+<ellipse fill="none" stroke="black" cx="811" cy="-306" rx="27" ry="18"/>
+<text text-anchor="middle" x="811" y="-302.3" font-family="Times,serif" font-size="14.00">nse</text>
+</g>
+<!-- dht->nse -->
+<g id="edge43" class="edge"><title>dht->nse</title>
+<path fill="none" stroke="black" d="M767.934,-361.811C775.214,-352.546 784.663,-340.52 792.854,-330.094"/>
+<polygon fill="black" stroke="black" points="795.663,-332.185 799.089,-322.159 790.159,-327.86 795.663,-332.185"/>
+</g>
+<!-- datacache -->
+<g id="node28" class="node"><title>datacache</title>
+<polygon fill="none" stroke="black" points="702,-324 637.818,-306 702,-288 766.182,-306 702,-324"/>
+<text text-anchor="middle" x="702" y="-302.3" font-family="Times,serif" font-size="14.00">datacache</text>
+</g>
+<!-- dht->datacache -->
+<g id="edge45" class="edge"><title>dht->datacache</title>
+<path fill="none" stroke="black" d="M744.016,-361.465C736.66,-351.93 727.125,-339.57 718.998,-329.034"/>
+<polygon fill="black" stroke="black" points="721.73,-326.846 712.851,-321.066 716.187,-331.121 721.73,-326.846"/>
+</g>
+<!-- peerinfo -->
+<g id="node29" class="node"><title>peerinfo</title>
+<ellipse fill="none" stroke="black" cx="518" cy="-90" rx="40.0939" ry="18"/>
+<text text-anchor="middle" x="518" y="-86.3" font-family="Times,serif" font-size="14.00">peerinfo</text>
+</g>
+<!-- dht->peerinfo -->
+<g id="edge46" class="edge"><title>dht->peerinfo</title>
+<path fill="none" stroke="black" d="M728.828,-376.457C687.438,-374.282 608.033,-364.658 557,-324 495.436,-274.952 504.26,-168.494 512.535,-118.27"/>
+<polygon fill="black" stroke="black" points="516.027,-118.624 514.32,-108.168 509.133,-117.406 516.027,-118.624"/>
+</g>
+<!-- hello -->
+<g id="node30" class="node"><title>hello</title>
+<polygon fill="none" stroke="black" points="854,-36 813.614,-18 854,-3.55271e-15 894.386,-18 854,-36"/>
+<text text-anchor="middle" x="854" y="-14.3" font-family="Times,serif" font-size="14.00">hello</text>
+</g>
+<!-- dht->hello -->
+<g id="edge47" class="edge"><title>dht->hello</title>
+<path fill="none" stroke="black" d="M782.364,-373.864C833.24,-367.278 942.225,-350.399 968,-324 996.322,-294.992 988,-275.542 988,-235 988,-235 988,-235 988,-161 988,-99.7534 921.245,-54.2239 881.968,-32.736"/>
+<polygon fill="black" stroke="black" points="883.108,-29.3792 872.632,-27.796 879.834,-35.5665 883.108,-29.3792"/>
+</g>
+<!-- transport -->
+<g id="node33" class="node"><title>transport</title>
+<ellipse fill="none" stroke="black" cx="680" cy="-162" rx="42.4939" ry="18"/>
+<text text-anchor="middle" x="680" y="-158.3" font-family="Times,serif" font-size="14.00">transport</text>
+</g>
+<!-- core->transport -->
+<g id="edge58" class="edge"><title>core->transport</title>
+<path fill="none" stroke="black" d="M575.083,-221.753C594.251,-211.02 623.495,-194.643 646.244,-181.903"/>
+<polygon fill="black" stroke="black" points="648.219,-184.809 655.234,-176.869 644.799,-178.701 648.219,-184.809"/>
+</g>
+<!-- exit -->
+<g id="node12" class="node"><title>exit</title>
+<polygon fill="none" stroke="black" points="952,-540 898,-540 898,-504 952,-504 952,-540"/>
+<text text-anchor="middle" x="925" y="-518.3" font-family="Times,serif" font-size="14.00">exit</text>
+</g>
+<!-- exit->cadet -->
+<g id="edge13" class="edge"><title>exit->cadet</title>
+<path fill="none" stroke="black" d="M897.67,-514.323C883.742,-511.021 866.513,-507.093 851,-504 752.337,-484.331 635.236,-465.765 576.155,-456.729"/>
+<polygon fill="black" stroke="black" points="576.571,-453.252 566.158,-455.206 575.517,-460.172 576.571,-453.252"/>
+</g>
+<!-- tun -->
+<g id="node13" class="node"><title>tun</title>
+<polygon fill="none" stroke="black" points="929,-468 897.995,-450 929,-432 960.005,-450 929,-468"/>
+<text text-anchor="middle" x="929" y="-446.3" font-family="Times,serif" font-size="14.00">tun</text>
+</g>
+<!-- exit->tun -->
+<g id="edge14" class="edge"><title>exit->tun</title>
+<path fill="none" stroke="black" d="M925.989,-503.697C926.436,-495.868 926.975,-486.435 927.473,-477.728"/>
+<polygon fill="black" stroke="black" points="930.974,-477.806 928.05,-467.622 923.985,-477.406 930.974,-477.806"/>
+</g>
+<!-- dnsstub -->
+<g id="node14" class="node"><title>dnsstub</title>
+<polygon fill="none" stroke="black" points="1032,-468 978.877,-450 1032,-432 1085.12,-450 1032,-468"/>
+<text text-anchor="middle" x="1032" y="-446.3" font-family="Times,serif" font-size="14.00">dnsstub</text>
+</g>
+<!-- exit->dnsstub -->
+<g id="edge15" class="edge"><title>exit->dnsstub</title>
+<path fill="none" stroke="black" d="M951.175,-503.876C967.88,-492.948 989.443,-478.841 1006.1,-467.947"/>
+<polygon fill="black" stroke="black" points="1008.33,-470.67 1014.78,-462.266 1004.49,-464.812 1008.33,-470.67"/>
+</g>
+<!-- vpn -->
+<g id="node15" class="node"><title>vpn</title>
+<ellipse fill="none" stroke="black" cx="815" cy="-522" rx="27" ry="18"/>
+<text text-anchor="middle" x="815" y="-518.3" font-family="Times,serif" font-size="14.00">vpn</text>
+</g>
+<!-- vpn->cadet -->
+<g id="edge16" class="edge"><title>vpn->cadet</title>
+<path fill="none" stroke="black" d="M793.129,-511.116C787.017,-508.578 780.317,-506.003 774,-504 705.524,-482.293 623.185,-465.931 576.085,-457.463"/>
+<polygon fill="black" stroke="black" points="576.482,-453.979 566.025,-455.678 575.26,-460.871 576.482,-453.979"/>
+</g>
+<!-- vpn->tun -->
+<g id="edge18" class="edge"><title>vpn->tun</title>
+<path fill="none" stroke="black" d="M834.339,-509.125C854.149,-496.961 884.945,-478.051 905.995,-465.126"/>
+<polygon fill="black" stroke="black" points="907.942,-468.038 914.632,-459.822 904.279,-462.072 907.942,-468.038"/>
+</g>
+<!-- regex -->
+<g id="node16" class="node"><title>regex</title>
+<ellipse fill="none" stroke="black" cx="756" cy="-450" rx="30.5947" ry="18"/>
+<text text-anchor="middle" x="756" y="-446.3" font-family="Times,serif" font-size="14.00">regex</text>
+</g>
+<!-- vpn->regex -->
+<g id="edge17" class="edge"><title>vpn->regex</title>
+<path fill="none" stroke="black" d="M802.198,-505.811C794.496,-496.673 784.53,-484.849 775.827,-474.524"/>
+<polygon fill="black" stroke="black" points="778.307,-472.035 769.186,-466.644 772.954,-476.546 778.307,-472.035"/>
+</g>
+<!-- regex->dht -->
+<g id="edge57" class="edge"><title>regex->dht</title>
+<path fill="none" stroke="black" d="M756,-431.697C756,-423.983 756,-414.712 756,-406.112"/>
+<polygon fill="black" stroke="black" points="759.5,-406.104 756,-396.104 752.5,-406.104 759.5,-406.104"/>
+</g>
+<!-- regex->block -->
+<g id="edge49" class="edge"><title>regex->block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M732.22,-438.673C673.767,-413.29 523.157,-347.888 458.838,-319.957"/>
+<polygon fill="blue" stroke="blue" points="459.85,-316.581 449.283,-315.808 457.061,-323.002 459.85,-316.581"/>
+</g>
+<!-- pt -->
+<g id="node17" class="node"><title>pt</title>
+<polygon fill="none" stroke="black" points="986,-599.562 959,-612 932,-599.562 932.025,-579.438 985.975,-579.438 986,-599.562"/>
+<text text-anchor="middle" x="959" y="-590.3" font-family="Times,serif" font-size="14.00">pt</text>
+</g>
+<!-- pt->cadet -->
+<g id="edge19" class="edge"><title>pt->cadet</title>
+<path fill="none" stroke="black" d="M931.717,-579.439C928.807,-578.197 925.864,-577.023 923,-576 860.875,-553.809 836.841,-571.725 779,-540 758.602,-528.812 761.339,-515.294 741,-504 688.34,-474.76 619.008,-461.18 576.516,-455.23"/>
+<polygon fill="black" stroke="black" points="576.951,-451.758 566.577,-453.91 576.029,-458.697 576.951,-451.758"/>
+</g>
+<!-- pt->vpn -->
+<g id="edge20" class="edge"><title>pt->vpn</title>
+<path fill="none" stroke="black" d="M931.915,-579.834C907.352,-567.894 871.179,-550.309 845.585,-537.868"/>
+<polygon fill="black" stroke="black" points="846.864,-534.598 836.34,-533.373 843.803,-540.893 846.864,-534.598"/>
+</g>
+<!-- dns -->
+<g id="node18" class="node"><title>dns</title>
+<ellipse fill="none" stroke="black" cx="997" cy="-522" rx="27" ry="18"/>
+<text text-anchor="middle" x="997" y="-518.3" font-family="Times,serif" font-size="14.00">dns</text>
+</g>
+<!-- pt->dns -->
+<g id="edge21" class="edge"><title>pt->dns</title>
+<path fill="none" stroke="black" d="M966.508,-579.17C971.277,-570.385 977.594,-558.748 983.241,-548.346"/>
+<polygon fill="black" stroke="black" points="986.48,-549.716 988.175,-539.257 980.328,-546.376 986.48,-549.716"/>
+</g>
+<!-- dnsparser -->
+<g id="node19" class="node"><title>dnsparser</title>
+<polygon fill="none" stroke="black" points="1143,-540 1080.49,-522 1143,-504 1205.51,-522 1143,-540"/>
+<text text-anchor="middle" x="1143" y="-518.3" font-family="Times,serif" font-size="14.00">dnsparser</text>
+</g>
+<!-- pt->dnsparser -->
+<g id="edge22" class="edge"><title>pt->dnsparser</title>
+<path fill="none" stroke="black" d="M986.15,-582.671C1018.5,-570.365 1072.61,-549.781 1108.05,-536.296"/>
+<polygon fill="black" stroke="black" points="1109.42,-539.521 1117.52,-532.694 1106.93,-532.979 1109.42,-539.521"/>
+</g>
+<!-- dns->tun -->
+<g id="edge23" class="edge"><title>dns->tun</title>
+<path fill="none" stroke="black" d="M982.91,-506.496C972.543,-495.824 958.362,-481.226 947.147,-469.681"/>
+<polygon fill="black" stroke="black" points="949.418,-466.995 939.94,-462.261 944.397,-471.873 949.418,-466.995"/>
+</g>
+<!-- dns->dnsstub -->
+<g id="edge24" class="edge"><title>dns->dnsstub</title>
+<path fill="none" stroke="black" d="M1005.12,-504.765C1009.59,-495.828 1015.21,-484.573 1020.16,-474.673"/>
+<polygon fill="black" stroke="black" points="1023.3,-476.227 1024.64,-465.717 1017.04,-473.096 1023.3,-476.227"/>
+</g>
+<!-- gnsrecord -->
+<g id="node25" class="node"><title>gnsrecord</title>
+<ellipse fill="none" stroke="black" cx="1192" cy="-450" rx="45.4919" ry="18"/>
+<text text-anchor="middle" x="1192" y="-446.3" font-family="Times,serif" font-size="14.00">gnsrecord</text>
+</g>
+<!-- dnsparser->gnsrecord -->
+<g id="edge39" class="edge"><title>dnsparser->gnsrecord</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M1152.92,-506.834C1159.12,-497.971 1167.29,-486.304 1174.55,-475.928"/>
+<polygon fill="blue" stroke="blue" points="1177.51,-477.805 1180.38,-467.606 1171.77,-473.791 1177.51,-477.805"/>
+</g>
+<!-- zonemaster -->
+<g id="node20" class="node"><title>zonemaster</title>
+<polygon fill="none" stroke="black" points="914.433,-599.562 851,-612 787.567,-599.562 787.626,-579.438 914.374,-579.438 914.433,-599.562"/>
+<text text-anchor="middle" x="851" y="-590.3" font-family="Times,serif" font-size="14.00">zonemaster</text>
+</g>
+<!-- zonemaster->dht -->
+<g id="edge26" class="edge"><title>zonemaster->dht</title>
+<path fill="none" stroke="black" d="M853.642,-579.298C856.499,-561.438 859.583,-529.479 851,-504 836.849,-461.994 802.343,-422.916 779.052,-399.996"/>
+<polygon fill="black" stroke="black" points="781.264,-397.267 771.628,-392.861 776.413,-402.314 781.264,-397.267"/>
+</g>
+<!-- namestore -->
+<g id="node21" class="node"><title>namestore</title>
+<ellipse fill="none" stroke="black" cx="685" cy="-522" rx="47.3916" ry="18"/>
+<text text-anchor="middle" x="685" y="-518.3" font-family="Times,serif" font-size="14.00">namestore</text>
+</g>
+<!-- zonemaster->namestore -->
+<g id="edge25" class="edge"><title>zonemaster->namestore</title>
+<path fill="none" stroke="black" d="M818.599,-579.337C791.812,-568.041 753.653,-551.95 724.971,-539.855"/>
+<polygon fill="black" stroke="black" points="726.212,-536.58 715.637,-535.919 723.492,-543.03 726.212,-536.58"/>
+</g>
+<!-- namestore->identity -->
+<g id="edge37" class="edge"><title>namestore->identity</title>
+<path fill="none" stroke="black" d="M642.634,-513.641C566.046,-500.338 405.247,-472.408 326.867,-458.793"/>
+<polygon fill="black" stroke="black" points="327.275,-455.312 316.823,-457.049 326.077,-462.208 327.275,-455.312"/>
+</g>
+<!-- namestore->gnsrecord -->
+<g id="edge38" class="edge"><title>namestore->gnsrecord</title>
+<path fill="none" stroke="black" d="M726.085,-512.971C742.503,-509.919 761.609,-506.564 779,-504 918.405,-483.451 954.522,-488.05 1094,-468 1109.42,-465.784 1126.13,-463.019 1141.32,-460.368"/>
+<polygon fill="black" stroke="black" points="1142.32,-463.746 1151.56,-458.558 1141.1,-456.853 1142.32,-463.746"/>
+</g>
+<!-- gns -->
+<g id="node22" class="node"><title>gns</title>
+<ellipse fill="none" stroke="black" cx="850" cy="-666" rx="27" ry="18"/>
+<text text-anchor="middle" x="850" y="-662.3" font-family="Times,serif" font-size="14.00">gns</text>
+</g>
+<!-- gns->identity -->
+<g id="edge34" class="edge"><title>gns->identity</title>
+<path fill="none" stroke="black" d="M823.048,-663.899C740.091,-660.169 489.801,-646.281 417,-612 395.952,-602.089 396.543,-591.28 379,-576 359.686,-559.178 350.742,-559.383 334,-540 317.464,-520.856 303.335,-495.717 293.996,-477.041"/>
+<polygon fill="black" stroke="black" points="297.085,-475.39 289.562,-467.93 290.791,-478.453 297.085,-475.39"/>
+</g>
+<!-- gns->dht -->
+<g id="edge28" class="edge"><title>gns->dht</title>
+<path fill="none" stroke="black" d="M870.511,-653.985C875.467,-651.699 880.829,-649.525 886,-648 1002.11,-613.746 1046.93,-664.524 1156,-612 1236.59,-573.194 1305.75,-498.559 1246,-432 1215.85,-398.416 902.601,-384.19 793.343,-380.225"/>
+<polygon fill="black" stroke="black" points="793.243,-376.719 783.125,-379.863 792.995,-383.715 793.243,-376.719"/>
+</g>
+<!-- gns->block -->
+<g id="edge29" class="edge"><title>gns->block</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M822.824,-664.872C770.707,-663.582 654.321,-655.598 569,-612 548.284,-601.414 548.925,-590.83 531,-576 509.902,-558.544 496.079,-562.857 481,-540 438.212,-475.142 430.206,-380.324 428.985,-334.208"/>
+<polygon fill="blue" stroke="blue" points="432.483,-334.033 428.808,-324.096 425.484,-334.156 432.483,-334.033"/>
+</g>
+<!-- gns->dnsstub -->
+<g id="edge33" class="edge"><title>gns->dnsstub</title>
+<path fill="none" stroke="black" d="M871.065,-654.325C875.905,-652.077 881.078,-649.834 886,-648 941.778,-627.217 973.486,-654.658 1015,-612 1049.82,-576.222 1044.5,-512.583 1037.99,-476.971"/>
+<polygon fill="black" stroke="black" points="1041.36,-476 1035.97,-466.88 1034.5,-477.373 1041.36,-476"/>
+</g>
+<!-- gns->vpn -->
+<g id="edge31" class="edge"><title>gns->vpn</title>
+<path fill="none" stroke="black" d="M827.858,-655.35C811.041,-646.688 789.135,-632.213 779,-612 768.086,-590.233 781.353,-564.325 794.756,-546.091"/>
+<polygon fill="black" stroke="black" points="797.832,-547.84 801.242,-537.808 792.321,-543.524 797.832,-547.84"/>
+</g>
+<!-- gns->dns -->
+<g id="edge27" class="edge"><title>gns->dns</title>
+<path fill="none" stroke="black" d="M871.13,-654.496C875.967,-652.239 881.122,-649.949 886,-648 933.377,-629.072 964.65,-653.009 995,-612 1008.03,-594.39 1007.25,-568.995 1003.95,-549.835"/>
+<polygon fill="black" stroke="black" points="1007.35,-549.022 1001.93,-539.921 1000.49,-550.418 1007.35,-549.022"/>
+</g>
+<!-- gns->dnsparser -->
+<g id="edge32" class="edge"><title>gns->dnsparser</title>
+<path fill="none" stroke="black" d="M870.586,-654.227C875.54,-651.931 880.881,-649.692 886,-648 963.461,-622.391 995.505,-653.066 1066,-612 1093.37,-596.054 1115.84,-566.774 1129.29,-546.163"/>
+<polygon fill="black" stroke="black" points="1132.29,-547.978 1134.66,-537.654 1126.37,-544.243 1132.29,-547.978"/>
+</g>
+<!-- revocation -->
+<g id="node23" class="node"><title>revocation</title>
+<ellipse fill="none" stroke="black" cx="474" cy="-594" rx="48.1917" ry="18"/>
+<text text-anchor="middle" x="474" y="-590.3" font-family="Times,serif" font-size="14.00">revocation</text>
+</g>
+<!-- gns->revocation -->
+<g id="edge30" class="edge"><title>gns->revocation</title>
+<path fill="none" stroke="black" d="M823.776,-661.482C769.658,-654.024 641.808,-635.374 536,-612 531.019,-610.9 525.841,-609.65 520.694,-608.34"/>
+<polygon fill="black" stroke="black" points="521.456,-604.922 510.895,-605.77 519.68,-611.693 521.456,-604.922"/>
+</g>
+<!-- gns->gnsrecord -->
+<g id="edge41" class="edge"><title>gns->gnsrecord</title>
+<path fill="none" stroke="black" d="M870.549,-654.113C875.504,-651.822 880.856,-649.613 886,-648 978.027,-619.137 1009.84,-646.249 1100,-612 1156.37,-590.587 1185.79,-592.754 1215,-540 1225.98,-520.174 1217.7,-494.957 1208.15,-476.431"/>
+<polygon fill="black" stroke="black" points="1211.2,-474.717 1203.29,-467.672 1205.08,-478.114 1211.2,-474.717"/>
+</g>
+<!-- revocation->core -->
+<g id="edge35" class="edge"><title>revocation->core</title>
+<path fill="none" stroke="black" d="M447.586,-578.755C410.639,-556.683 348,-510.49 348,-451 348,-451 348,-451 348,-377 348,-335.398 347.208,-317.038 377,-288 415.046,-250.916 477.859,-239.613 517.794,-236.267"/>
+<polygon fill="black" stroke="black" points="518.191,-239.747 527.918,-235.547 517.695,-232.765 518.191,-239.747"/>
+</g>
+<!-- revocation->set -->
+<g id="edge36" class="edge"><title>revocation->set</title>
+<path fill="none" stroke="black" d="M484.409,-576.055C489.683,-567.469 496.183,-556.888 501.987,-547.439"/>
+<polygon fill="black" stroke="black" points="505.024,-549.182 507.276,-538.829 499.06,-545.518 505.024,-549.182"/>
+</g>
+<!-- set->cadet -->
+<g id="edge75" class="edge"><title>set->cadet</title>
+<path fill="none" stroke="black" d="M522.084,-504.055C524.482,-496.059 527.401,-486.331 530.08,-477.4"/>
+<polygon fill="black" stroke="black" points="533.442,-478.373 532.963,-467.789 526.737,-476.362 533.442,-478.373"/>
+</g>
+<!-- conversation -->
+<g id="node26" class="node"><title>conversation</title>
+<polygon fill="none" stroke="black" points="1017.18,-743.562 948,-756 878.82,-743.562 878.884,-723.438 1017.12,-723.438 1017.18,-743.562"/>
+<text text-anchor="middle" x="948" y="-734.3" font-family="Times,serif" font-size="14.00">conversation</text>
+</g>
+<!-- conversation->cadet -->
+<g id="edge53" class="edge"><title>conversation->cadet</title>
+<path fill="none" stroke="black" d="M900.537,-723.335C873.864,-714.435 840.677,-701.257 814,-684 756.206,-646.615 759.329,-615.558 703,-576 673.069,-554.981 658.318,-561.866 629,-540 611.601,-527.024 611.36,-519.336 596,-504 585.077,-493.094 572.479,-481.475 561.82,-471.903"/>
+<polygon fill="black" stroke="black" points="563.901,-469.069 554.107,-465.028 559.243,-474.295 563.901,-469.069"/>
+</g>
+<!-- conversation->gns -->
+<g id="edge54" class="edge"><title>conversation->gns</title>
+<path fill="none" stroke="black" d="M928.638,-723.17C913.533,-712.381 892.408,-697.291 875.857,-685.469"/>
+<polygon fill="black" stroke="black" points="877.846,-682.589 867.674,-679.625 873.777,-688.285 877.846,-682.589"/>
+</g>
+<!-- conversation->gnsrecord -->
+<g id="edge40" class="edge"><title>conversation->gnsrecord</title>
+<path fill="none" stroke="blue" stroke-dasharray="1,5" d="M1017.21,-728.51C1076.25,-719.968 1155.24,-705.041 1179,-684 1241.33,-628.786 1256.97,-583.117 1231,-504 1227.58,-493.58 1221.24,-483.522 1214.65,-475.019"/>
+<polygon fill="blue" stroke="blue" points="1217.15,-472.551 1208.08,-467.08 1211.76,-477.015 1217.15,-472.551"/>
+</g>
+<!-- speaker -->
+<g id="node31" class="node"><title>speaker</title>
+<polygon fill="none" stroke="black" points="948,-684 894.877,-666 948,-648 1001.12,-666 948,-684"/>
+<text text-anchor="middle" x="948" y="-662.3" font-family="Times,serif" font-size="14.00">speaker</text>
+</g>
+<!-- conversation->speaker -->
+<g id="edge55" class="edge"><title>conversation->speaker</title>
+<path fill="none" stroke="black" d="M948,-723.17C948,-714.919 948,-704.153 948,-694.256"/>
+<polygon fill="black" stroke="black" points="951.5,-694.019 948,-684.019 944.5,-694.019 951.5,-694.019"/>
+</g>
+<!-- microphone -->
+<g id="node32" class="node"><title>microphone</title>
+<polygon fill="none" stroke="black" points="1095,-684 1019.76,-666 1095,-648 1170.24,-666 1095,-684"/>
+<text text-anchor="middle" x="1095" y="-662.3" font-family="Times,serif" font-size="14.00">microphone</text>
+</g>
+<!-- conversation->microphone -->
+<g id="edge56" class="edge"><title>conversation->microphone</title>
+<path fill="none" stroke="black" d="M976.692,-723.337C1001.14,-711.695 1036.29,-694.958 1061.92,-682.753"/>
+<polygon fill="black" stroke="black" points="1063.71,-685.777 1071.23,-678.318 1060.7,-679.457 1063.71,-685.777"/>
+</g>
+<!-- nse->core -->
+<g id="edge48" class="edge"><title>nse->core</title>
+<path fill="none" stroke="black" d="M790.412,-294.231C785.459,-291.935 780.118,-289.695 775,-288 697.966,-262.487 673.625,-275.652 596,-252 592.83,-251.034 589.569,-249.913 586.336,-248.716"/>
+<polygon fill="black" stroke="black" points="587.428,-245.385 576.841,-244.978 584.864,-251.899 587.428,-245.385"/>
+</g>
+<!-- peerinfo->hello -->
+<g id="edge76" class="edge"><title>peerinfo->hello</title>
+<path fill="none" stroke="black" d="M548.194,-77.9517C554.676,-75.8006 561.524,-73.6914 568,-72 654.752,-49.3407 758.747,-32.6176 814.333,-24.4966"/>
+<polygon fill="black" stroke="black" points="815.063,-27.9277 824.46,-23.0344 814.062,-20.9995 815.063,-27.9277"/>
+</g>
+<!-- transport->ats -->
+<g id="edge66" class="edge"><title>transport->ats</title>
+<path fill="none" stroke="black" d="M644.122,-152.487C587.168,-138.972 476.742,-112.769 420.21,-99.3548"/>
+<polygon fill="black" stroke="black" points="420.844,-95.9082 410.306,-97.0048 419.228,-102.719 420.844,-95.9082"/>
+</g>
+<!-- transport->peerinfo -->
+<g id="edge68" class="edge"><title>transport->peerinfo</title>
+<path fill="none" stroke="black" d="M651.411,-148.647C624.725,-137.116 584.738,-119.837 555.501,-107.204"/>
+<polygon fill="black" stroke="black" points="556.601,-103.867 546.033,-103.113 553.824,-110.292 556.601,-103.867"/>
+</g>
+<!-- transport->hello -->
+<g id="edge67" class="edge"><title>transport->hello</title>
+<path fill="none" stroke="black" d="M721.405,-157.922C756.719,-153.037 806.213,-140.439 835,-108 850.042,-91.0495 854.193,-65.1533 854.935,-45.6573"/>
+<polygon fill="black" stroke="black" points="858.435,-45.6195 855.044,-35.5822 851.436,-45.5437 858.435,-45.6195"/>
+</g>
+<!-- nat -->
+<g id="node36" class="node"><title>nat</title>
+<polygon fill="none" stroke="black" points="796,-108 765.835,-90 796,-72 826.165,-90 796,-108"/>
+<text text-anchor="middle" x="796" y="-86.3" font-family="Times,serif" font-size="14.00">nat</text>
+</g>
+<!-- transport->nat -->
+<g id="edge69" class="edge"><title>transport->nat</title>
+<path fill="none" stroke="black" d="M703.474,-146.834C723.706,-134.626 752.749,-117.1 772.878,-104.953"/>
+<polygon fill="black" stroke="black" points="774.946,-107.793 781.7,-99.6294 771.33,-101.799 774.946,-107.793"/>
+</g>
+<!-- fragmentation -->
+<g id="node37" class="node"><title>fragmentation</title>
+<polygon fill="none" stroke="black" points="662,-108 576.537,-90 662,-72 747.463,-90 662,-108"/>
+<text text-anchor="middle" x="662" y="-86.3" font-family="Times,serif" font-size="14.00">fragmentation</text>
+</g>
+<!-- transport->fragmentation -->
+<g id="edge70" class="edge"><title>transport->fragmentation</title>
+<path fill="none" stroke="black" d="M675.643,-144.055C673.556,-135.941 671.011,-126.044 668.687,-117.006"/>
+<polygon fill="black" stroke="black" points="672.073,-116.12 666.193,-107.307 665.294,-117.864 672.073,-116.12"/>
+</g>
+<!-- topology -->
+<g id="node34" class="node"><title>topology</title>
+<polygon fill="none" stroke="black" points="959.5,-324 894.5,-324 894.5,-288 959.5,-288 959.5,-324"/>
+<text text-anchor="middle" x="927" y="-302.3" font-family="Times,serif" font-size="14.00">topology</text>
+</g>
+<!-- topology->core -->
+<g id="edge61" class="edge"><title>topology->core</title>
+<path fill="none" stroke="black" d="M894.413,-292.17C889.63,-290.593 884.724,-289.139 880,-288 756.312,-258.18 718.97,-284.656 596,-252 592.621,-251.103 589.151,-249.989 585.73,-248.765"/>
+<polygon fill="black" stroke="black" points="586.918,-245.471 576.329,-245.106 584.379,-251.995 586.918,-245.471"/>
+</g>
+<!-- topology->peerinfo -->
+<g id="edge59" class="edge"><title>topology->peerinfo</title>
+<path fill="none" stroke="black" d="M894.233,-295.354C862.315,-285.612 812.655,-269.532 771,-252 705.781,-224.55 688.475,-218.336 629,-180 597.704,-159.827 564.778,-132.553 542.992,-113.534"/>
+<polygon fill="black" stroke="black" points="545.032,-110.666 535.215,-106.682 540.404,-115.919 545.032,-110.666"/>
+</g>
+<!-- topology->hello -->
+<g id="edge62" class="edge"><title>topology->hello</title>
+<path fill="none" stroke="black" d="M922.652,-287.966C910.314,-239.626 875.032,-101.398 860.438,-44.2243"/>
+<polygon fill="black" stroke="black" points="863.829,-43.3557 857.964,-34.532 857.046,-45.087 863.829,-43.3557"/>
+</g>
+<!-- topology->transport -->
+<g id="edge60" class="edge"><title>topology->transport</title>
+<path fill="none" stroke="black" d="M897.206,-287.871C850.798,-261.191 761.564,-209.891 713.17,-182.069"/>
+<polygon fill="black" stroke="black" points="714.758,-178.945 704.344,-176.995 711.269,-185.014 714.758,-178.945"/>
+</g>
+<!-- hostlist -->
+<g id="node35" class="node"><title>hostlist</title>
+<polygon fill="none" stroke="black" points="214,-324 158,-324 158,-288 214,-288 214,-324"/>
+<text text-anchor="middle" x="186" y="-302.3" font-family="Times,serif" font-size="14.00">hostlist</text>
+</g>
+<!-- hostlist->core -->
+<g id="edge63" class="edge"><title>hostlist->core</title>
+<path fill="none" stroke="black" d="M214.167,-292.599C218.733,-290.88 223.455,-289.271 228,-288 330.933,-259.219 456.746,-244.294 517.975,-238.275"/>
+<polygon fill="black" stroke="black" points="518.666,-241.725 528.286,-237.286 517.998,-234.757 518.666,-241.725"/>
+</g>
+<!-- hostlist->peerinfo -->
+<g id="edge64" class="edge"><title>hostlist->peerinfo</title>
+<path fill="none" stroke="black" d="M212.608,-287.849C273.449,-248.632 422.455,-152.586 487.166,-110.875"/>
+<polygon fill="black" stroke="black" points="489.21,-113.721 495.719,-105.362 485.418,-107.838 489.21,-113.721"/>
+</g>
+<!-- hostlist->hello -->
+<g id="edge65" class="edge"><title>hostlist->hello</title>
+<path fill="none" stroke="black" d="M192.198,-287.715C209.228,-243.039 261.382,-123.627 349,-72 425.521,-26.9118 694.449,-19.9666 805.486,-19.053"/>
+<polygon fill="black" stroke="black" points="805.751,-22.5513 815.727,-18.9823 805.703,-15.5515 805.751,-22.5513"/>
+</g>
+<!-- scalarproduct -->
+<g id="node38" class="node"><title>scalarproduct</title>
+<ellipse fill="none" stroke="black" cx="636" cy="-594" rx="57.6901" ry="18"/>
+<text text-anchor="middle" x="636" y="-590.3" font-family="Times,serif" font-size="14.00">scalarproduct</text>
+</g>
+<!-- scalarproduct->cadet -->
+<g id="edge74" class="edge"><title>scalarproduct->cadet</title>
+<path fill="none" stroke="black" d="M622.726,-576.035C614.79,-565.742 604.61,-552.266 596,-540 581.021,-518.662 564.9,-493.752 553.465,-475.721"/>
+<polygon fill="black" stroke="black" points="556.241,-473.562 547.943,-466.975 550.322,-477.299 556.241,-473.562"/>
+</g>
+<!-- scalarproduct->set -->
+<g id="edge73" class="edge"><title>scalarproduct->set</title>
+<path fill="none" stroke="black" d="M610.179,-577.811C591.059,-566.564 565.021,-551.248 545.33,-539.665"/>
+<polygon fill="black" stroke="black" points="546.899,-536.527 536.505,-534.473 543.349,-542.56 546.899,-536.527"/>
+</g>
+<!-- secushare -->
+<g id="node39" class="node"><title>secushare</title>
+<polygon fill="none" stroke="black" points="633.366,-815.562 578,-828 522.634,-815.562 522.686,-795.438 633.314,-795.438 633.366,-815.562"/>
+<text text-anchor="middle" x="578" y="-806.3" font-family="Times,serif" font-size="14.00">secushare</text>
+</g>
+<!-- social -->
+<g id="node42" class="node"><title>social</title>
+<ellipse fill="none" stroke="black" cx="578" cy="-738" rx="31.3957" ry="18"/>
+<text text-anchor="middle" x="578" y="-734.3" font-family="Times,serif" font-size="14.00">social</text>
+</g>
+<!-- secushare->social -->
+<g id="edge80" class="edge"><title>secushare->social</title>
+<path fill="none" stroke="black" d="M578,-795.17C578,-786.919 578,-776.153 578,-766.256"/>
+<polygon fill="black" stroke="black" points="581.5,-766.019 578,-756.019 574.5,-766.019 581.5,-766.019"/>
+</g>
+<!-- multicast -->
+<g id="node40" class="node"><title>multicast</title>
+<ellipse fill="none" stroke="black" cx="326" cy="-594" rx="43.5923" ry="18"/>
+<text text-anchor="middle" x="326" y="-590.3" font-family="Times,serif" font-size="14.00">multicast</text>
+</g>
+<!-- multicast->cadet -->
+<g id="edge82" class="edge"><title>multicast->cadet</title>
+<path fill="none" stroke="black" d="M347.889,-578.338C386.803,-552.273 467.927,-497.935 510.526,-469.402"/>
+<polygon fill="black" stroke="black" points="512.642,-472.198 519.003,-463.725 508.747,-466.382 512.642,-472.198"/>
+</g>
+<!-- psyc -->
+<g id="node41" class="node"><title>psyc</title>
+<ellipse fill="none" stroke="black" cx="326" cy="-666" rx="27" ry="18"/>
+<text text-anchor="middle" x="326" y="-662.3" font-family="Times,serif" font-size="14.00">psyc</text>
+</g>
+<!-- psyc->multicast -->
+<g id="edge81" class="edge"><title>psyc->multicast</title>
+<path fill="none" stroke="black" d="M326,-647.697C326,-639.983 326,-630.712 326,-622.112"/>
+<polygon fill="black" stroke="black" points="329.5,-622.104 326,-612.104 322.5,-622.104 329.5,-622.104"/>
+</g>
+<!-- psycstore -->
+<g id="node43" class="node"><title>psycstore</title>
+<ellipse fill="none" stroke="black" cx="220" cy="-594" rx="44.393" ry="18"/>
+<text text-anchor="middle" x="220" y="-590.3" font-family="Times,serif" font-size="14.00">psycstore</text>
+</g>
+<!-- psyc->psycstore -->
+<g id="edge79" class="edge"><title>psyc->psycstore</title>
+<path fill="none" stroke="black" d="M307.536,-652.807C291.938,-642.506 269.271,-627.537 250.911,-615.413"/>
+<polygon fill="black" stroke="black" points="252.567,-612.312 242.294,-609.722 248.71,-618.154 252.567,-612.312"/>
+</g>
+<!-- social->gns -->
+<g id="edge78" class="edge"><title>social->gns</title>
+<path fill="none" stroke="black" d="M605.831,-729.838C655.82,-716.973 760.68,-689.987 815.282,-675.935"/>
+<polygon fill="black" stroke="black" points="816.373,-679.268 825.185,-673.386 814.628,-672.489 816.373,-679.268"/>
+</g>
+<!-- social->psyc -->
+<g id="edge77" class="edge"><title>social->psyc</title>
+<path fill="none" stroke="black" d="M550.552,-729.376C504.247,-716.513 410.731,-690.537 360.222,-676.506"/>
+<polygon fill="black" stroke="black" points="360.996,-673.089 350.424,-673.784 359.122,-679.833 360.996,-673.089"/>
+</g>
+<!-- rps -->
+<g id="node44" class="node"><title>rps</title>
+<ellipse fill="none" stroke="black" cx="593" cy="-306" rx="27" ry="18"/>
+<text text-anchor="middle" x="593" y="-302.3" font-family="Times,serif" font-size="14.00">rps</text>
+</g>
+<!-- rps->core -->
+<g id="edge83" class="edge"><title>rps->core</title>
+<path fill="none" stroke="black" d="M584.187,-288.765C579.582,-280.283 573.845,-269.714 568.679,-260.197"/>
+<polygon fill="black" stroke="black" points="571.613,-258.266 563.766,-251.147 565.461,-261.606 571.613,-258.266"/>
+</g>
+</g>
+</svg>
--- /dev/null
+;;; This file is part of GNUnet.
+;;; Copyright (C) 2016, 2017, 2018 GNUnet e.V.
+;;;
+;;; GNUnet is free software: you can redistribute it and/or modify it
+;;; under the terms of the GNU Affero General Public License as published
+;;; by the Free Software Foundation, either version 3 of the License,
+;;; or (at your option) any later version.
+;;;
+;;; GNUnet is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+;;; Affero General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU Affero General Public License
+;;; along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules
+ (ice-9 popen)
+ (ice-9 match)
+ (ice-9 rdelim)
+ (guix packages)
+ (guix build-system gnu)
+ (guix gexp)
+ ((guix build utils) #:select (with-directory-excursion))
+ (guix git-download)
+ (guix utils) ; current-source-directory
+ (gnu packages)
+ (gnu packages aidc)
+ (gnu packages autotools)
+ (gnu packages backup)
+ (gnu packages base)
+ (gnu packages compression)
+ (gnu packages curl)
+ (gnu packages databases)
+ (gnu packages file)
+ (gnu packages gettext)
+ (gnu packages glib)
+ (gnu packages gnome)
+ (gnu packages gnunet)
+ (gnu packages gnupg)
+ (gnu packages gnuzilla)
+ (gnu packages groff)
+ (gnu packages gstreamer)
+ (gnu packages gtk)
+ (gnu packages guile)
+ (gnu packages image)
+ (gnu packages image-viewers)
+ (gnu packages libidn)
+ (gnu packages libunistring)
+ (gnu packages linux)
+ (gnu packages maths)
+ (gnu packages multiprecision)
+ (gnu packages perl)
+ (gnu packages pkg-config)
+ (gnu packages pulseaudio)
+ (gnu packages python)
+ (gnu packages tex)
+ (gnu packages texinfo)
+ (gnu packages tex)
+ (gnu packages tls)
+ (gnu packages upnp)
+ (gnu packages video)
+ (gnu packages web)
+ (gnu packages xiph)
+ ((guix licenses) #:prefix license:))
+
+(define %source-dir (current-source-directory))
+
+(define gnunet-dev-env
+ (let* ((revision "1")
+ (select? (delay (or (git-predicate
+ (current-source-directory))
+ source-file?))))
+ (package
+ (inherit gnunet)
+ (name "gnunet")
+ (version (string-append "git" revision))
+ (source
+ (local-file
+ (string-append (getcwd))
+ #:recursive? #t))
+ (inputs
+ `(("glpk" ,glpk)
+ ("gnurl" ,gnurl)
+ ("gstreamer" ,gstreamer)
+ ("gst-plugins-base" ,gst-plugins-base)
+ ("gnutls/dane" ,gnutls/dane)
+ ("libextractor" ,libextractor)
+ ("libgcrypt" ,libgcrypt)
+ ("libidn" ,libidn)
+ ("libmicrohttpd" ,libmicrohttpd)
+ ("libltdl" ,libltdl)
+ ("libunistring" ,libunistring)
+ ("openssl" ,openssl)
+ ("opus" ,opus)
+ ("pulseaudio" ,pulseaudio)
+ ("sqlite" ,sqlite)
+ ("postgresql" ,postgresql)
+ ("mysql" ,mariadb)
+ ("zlib" ,zlib)
+ ("perl" ,perl)
+ ("python-2" ,python-2) ; tests and gnunet-qr
+ ("python2-future" ,python2-future)
+ ("jansson" ,jansson)
+ ("nss" ,nss)
+ ("glib" ,glib "bin")
+ ("gmp" ,gmp)
+ ("bluez" ,bluez) ; for optional bluetooth feature
+ ("glib" ,glib)
+ ;; ("texlive" ,texlive) ;FIXME: minimize.
+ ("texlive-tiny" ,texlive-tiny) ;; Seems to be enough for _just_ info output.
+ ("miniupnpc" ,miniupnpc)
+ ("libogg" ,libogg)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)
+ ("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("gnu-gettext" ,gnu-gettext)
+ ("which" ,which)
+ ("texinfo" ,texinfo-5) ; Debian stable: 5.2
+ ("libtool" ,libtool)))
+ (outputs '("out" "debug"))
+ (arguments
+ `(#:configure-flags
+ (list (string-append "--with-nssdir=" %output "/lib")
+ "--enable-experimental")
+ #:phases
+ ;; swap check and install phases and set paths to installed bin
+ (modify-phases %standard-phases
+ (add-after 'unpack 'patch-bin-sh
+ (lambda _
+ (for-each (lambda (f) (chmod f #o755))
+ (find-files "po" ""))
+ #t))
+ (add-after 'patch-bin-sh 'bootstrap
+ (lambda _
+ (invoke "sh" "bootstrap")))
+ ;;(add-before 'build 'chdir
+ ;; (lambda _
+ ;; (chdir "doc/documentation")))
+ (delete 'check)
+ ;; XXX: https://gnunet.org/bugs/view.php?id=4619
+ ))))))
+
+gnunet-dev-env
+++ /dev/null
-!*.patch
\ No newline at end of file
+++ /dev/null
-From 60a4c0f7c60ef705db17561fd3e930bbe11730c9 Mon Sep 17 00:00:00 2001
-From: ng0 <ng0@we.make.ritual.n0.is>
-Date: Mon, 12 Sep 2016 12:26:52 +0000
-Subject: [PATCH] gnu: services: Add gnunet-service.
-
-* gnu/services/networking.scm (gnunet): New service.
-
-Signed-off-by: Nils Gillmann <ng0@n0.is>
----
- doc/guix.texi | 36 ++++++++++++++
- gnu/services/networking.scm | 93 ++++++++++++++++++++++++++++++++++++-
- 2 files changed, 128 insertions(+), 1 deletion(-)
-
-diff --git a/doc/guix.texi b/doc/guix.texi
-index d925b4eda..eb7b409d7 100644
---- a/doc/guix.texi
-+++ b/doc/guix.texi
-@@ -11016,6 +11016,42 @@ Package object of the Open vSwitch.
- @end table
- @end deftp
-
-+@cindex GNUnet
-+@cindex gnunet
-+@subsubheading GNUnet Service
-+
-+@deffn {Scheme Variable} gnunet-service-type
-+This is the type of the @uref{https://gnunet.org, GNUnet}
-+service, whose value should be an @code{gnunet-configuration} object
-+as in this example:
-+
-+@example
-+(service gnunet-service-type
-+ (gnunet-configuration
-+ (config-file (local-file "./gnunet.conf"))))
-+@end example
-+@end deffn
-+
-+@deftp {Data Type} gnunet-configuration
-+Data type representing the configuration of GNUnet.
-+
-+@table @asis
-+@item @code{package} (default: @var{gnunet})
-+Package object of the GNUnet service.
-+
-+@item @code{config-file} (default: @var{%default-gnunet-file})
-+File-like object of the GNUnet configuration file to use. For NAT is
-+assumes by default that you are behind a NAT (@var{BEHIND_NAT = YES})
-+and enables UPNP (@var{ENABLE_UPNP = YES}).
-+The hostlist is configured with the options @var{-b} (bootstrap using
-+configured hostlist servers) and @var{-e} (enable learning advertised hostlists).
-+Read the configuration files in @var{"~/.guix-profile/share/gnunet/config.d/"}
-+for more information. These files also set the defaults when you don't set
-+any explicit values to override them.
-+
-+@end table
-+@end deftp
-+
- @node X Window
- @subsubsection X Window
-
-diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
-index b0c23aafc..0ff20e707 100644
---- a/gnu/services/networking.scm
-+++ b/gnu/services/networking.scm
-@@ -5,6 +5,7 @@
- ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
- ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
- ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
-+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
- ;;;
- ;;; This file is part of GNU Guix.
- ;;;
-@@ -29,6 +30,7 @@
- #:use-module (gnu system pam)
- #:use-module (gnu packages admin)
- #:use-module (gnu packages connman)
-+ #:use-module (gnu packages gnunet)
- #:use-module (gnu packages linux)
- #:use-module (gnu packages tor)
- #:use-module (gnu packages messaging)
-@@ -92,7 +94,12 @@
- wpa-supplicant-service-type
-
- openvswitch-service-type
-- openvswitch-configuration))
-+ openvswitch-configuration
-+
-+ gnunet-configuration
-+ gnunet-configuration?
-+ gnunet-service
-+ gnunet-service-type))
-
- ;;; Commentary:
- ;;;
-@@ -1125,4 +1132,88 @@ a network connection manager."))))
- switch designed to enable massive network automation through programmatic
- extension.")))
-
-+;;;
-+;;; GNUnet
-+;;;
-+
-+(define-record-type* <gnunet-configuration>
-+ gnunet-configuration make-gnunet-configuration
-+ gnunet-configuration?
-+ (package gnunet-configuration-package
-+ (default gnunet))
-+ (config-file gnunet-configuration-config-file
-+ (default %default-gnunet-config-file)))
-+
-+(define %default-gnunet-config-file
-+ (plain-file "gnunet.conf" "
-+[PATHS]
-+SERVICEHOME = /var/lib/gnunet
-+GNUNET_CONFIG_HOME = /var/lib/gnunet
-+
-+[arm]
-+SYSTEM_ONLY = YES
-+USER_ONLY = NO
-+
-+[nat]
-+BEHIND_NAT = YES
-+ENABLE_UPNP = YES
-+
-+[hostlist]
-+OPTIONS = -b -e
-+"))
-+
-+(define gnunet-shepherd-service
-+ (match-lambda
-+ (($ <gnunet-configuration> package config-file)
-+ (list (shepherd-service
-+ (provision '(gnunet))
-+ (requirement '(loopback))
-+ (documentation "Run the GNUnet service.")
-+ (start
-+ (let ((gnunet
-+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
-+ #~(make-forkexec-constructor
-+ (list #$gnunet "-c" #$config-file)
-+ #:log-file "/var/log/gnunet.log"
-+ #:pid-file "/var/run/gnunet.pid")))
-+ (stop
-+ #~(make-kill-destructor)))))))
-+
-+(define %gnunet-accounts
-+ (list (user-group
-+ (name "gnunetdns")
-+ (system? #t))
-+ (user-group
-+ (name "gnunet")
-+ (system? #t))
-+ (user-account
-+ (name "gnunet")
-+ (group "gnunet")
-+ (system? #t)
-+ (comment "GNUnet system user")
-+ (home-directory "/var/lib/gnunet")
-+ (shell #~(string-append #$shadow "/sbin/nologin")))))
-+
-+(define gnunet-activation
-+ (match-lambda
-+ (($ <gnunet-configuration> package config-file)
-+ (let ((gnunet
-+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
-+ #~(begin
-+ ;; Create the .config + .cache for gnunet user
-+ (mkdir-p "/var/lib/gnunet/.config/gnunet")
-+ (mkdir-p "/var/lib/gnunet/.cache/gnunet"))))))
-+
-+(define gnunet-service-type
-+ (service-type
-+ (name 'gnunet)
-+ (extensions (list (service-extension account-service-type
-+ (const %gnunet-accounts))
-+ (service-extension activation-service-type
-+ gnunet-activation)
-+ (service-extension profile-service-type
-+ (compose list gnunet-configuration-package))
-+ (service-extension shepherd-root-service-type
-+ gnunet-shepherd-service)))))
-+
- ;;; networking.scm ends here
---
-2.17.0
-
+++ /dev/null
-From 434b05bc1a11b4865c0bd634281acd91dfce972c Mon Sep 17 00:00:00 2001
-From: ng0 <ng0@we.make.ritual.n0.is>
-Date: Mon, 12 Sep 2016 12:26:52 +0000
-Subject: [PATCH] gnu: services: Add gnunet-service.
-
-Signed-off-by: Nils Gillmann <ng0@n0.is>
----
- doc/guix.texi | 36 ++++++++++
- gnu/services/networking.scm | 134 +++++++++++++++++++++++++++++++++++-
- 2 files changed, 169 insertions(+), 1 deletion(-)
-
-diff --git a/doc/guix.texi b/doc/guix.texi
-index 00bf24d3f..73589c88b 100644
---- a/doc/guix.texi
-+++ b/doc/guix.texi
-@@ -10138,6 +10138,42 @@ Package object of the Open vSwitch.
- @end table
- @end deftp
-
-+@cindex GNUnet
-+@cindex gnunet
-+@subsubheading GNUnet Service
-+
-+@deffn {Scheme Variable} gnunet-service-type
-+This is the type of the @uref{https://gnunet.org, GNUnet}
-+service, whose value should be an @code{gnunet-configuration} object
-+as in this example:
-+
-+@example
-+(service gnunet-service-type
-+ (gnunet-configuration
-+ (config-file (local-file "./gnunet.conf"))))
-+@end example
-+@end deffn
-+
-+@deftp {Data Type} gnunet-configuration
-+Data type representing the configuration of GNUnet.
-+
-+@table @asis
-+@item @code{package} (default: @var{gnunet})
-+Package object of the GNUnet service.
-+
-+@item @code{config-file} (default: @var{%default-gnunet-file})
-+File-like object of the GNUnet configuration file to use. For NAT is
-+assumes by default that you are behind a NAT (@var{BEHIND_NAT = YES})
-+and enables UPNP (@var{ENABLE_UPNP = YES}).
-+The hostlist is configured with the options @var{-b} (bootstrap using
-+configured hostlist servers) and @var{-e} (enable learning advertised hostlists).
-+Read the configuration files in @var{"~/.guix-profile/share/gnunet/config.d/"}
-+for more information. These files also set the defaults when you don't set
-+any explicit values to override them.
-+
-+@end table
-+@end deftp
-+
- @node X Window
- @subsubsection X Window
-
-diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
-index 99a3d493c..fe682b267 100644
---- a/gnu/services/networking.scm
-+++ b/gnu/services/networking.scm
-@@ -5,6 +5,7 @@
- ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
- ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
- ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
-+;;; Copyright © 2017 ng0 <ng0@no-reply.pragmatique.xyt>
- ;;;
- ;;; This file is part of GNU Guix.
- ;;;
-@@ -29,6 +30,7 @@
- #:use-module (gnu system pam)
- #:use-module (gnu packages admin)
- #:use-module (gnu packages connman)
-+ #:use-module (gnu packages gnunet)
- #:use-module (gnu packages linux)
- #:use-module (gnu packages tor)
- #:use-module (gnu packages messaging)
-@@ -92,7 +94,12 @@
- wpa-supplicant-service-type
-
- openvswitch-service-type
-- openvswitch-configuration))
-+ openvswitch-configuration
-+
-+ gnunet-configuration
-+ gnunet-configuration?
-+ gnunet-service-type
-+ %default-gnunet-config-file))
-
- ;;; Commentary:
- ;;;
-@@ -1069,4 +1076,129 @@ dns=" dns "
- (service-extension shepherd-root-service-type
- openvswitch-shepherd-service)))))
-
-+;;;
-+;;; GNUnet
-+;;;
-+
-+;; steps:
-+;; 0. The service works!!!
-+;; 1. We want a completely adjustable config.
-+;; 2. We want to extend this service with functions like
-+;; vpn, comparable to tor-service
-+;; Because of (1) we can't have a default. We can have
-+;; default values which can be adjusted. A config is
-+;; generated from these.
-+
-+(define-record-type* <gnunet-configuration>
-+ gnunet-configuration make-gnunet-configuration
-+ gnunet-configuration?
-+ (gnunet gnunet-configuration-package
-+ (default gnunet))
-+ (config-file gnunet-configuration-config-file
-+ (default (plain-file "empty" ""))))
-+
-+(define %default-gnunet-config-file
-+ (plain-file "gnunet.conf" "
-+[PATHS]
-+SERVICEHOME = /var/lib/gnunet
-+GNUNET_CONFIG_HOME = /var/lib/gnunet
-+
-+[arm]
-+SYSTEM_ONLY = NO
-+USER_ONLY = NO
-+
-+[nat]
-+BEHIND_NAT = YES
-+ENABLE_UPNP = YES
-+
-+[hostlist]
-+OPTIONS = -b -e
-+"))
-+
-+(define gnunet-shepherd-service
-+ (match-lambda
-+ (($ <gnunet-configuration> package config-file)
-+ (list (shepherd-service
-+ (provision '(gnunet))
-+ (requirement '(user-processes loopback networking))
-+ (documentation "Run the GNUnet service.")
-+ (start
-+ (let ((gnunet
-+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
-+ #~(make-forkexec-constructor
-+ (list #$gnunet "-c" #$config-file "-d")
-+ #:pid-file "/var/run/gnunet/arm-service.pid"
-+ #:user "gnunet"
-+ #:group "gnunet"
-+ ;;#:log-file "/var/lib/gnunet/gnunet.log")))
-+ #:log-file "/var/log/gnunet.log")))
-+ (stop #~(make-kill-destructor)))))))
-+
-+(define %gnunet-accounts
-+ (list (user-group (name "gnunetdns") (system? #t))
-+ (user-group (name "gnunet") (system? #t))
-+ (user-account
-+ (name "gnunet")
-+ (group "gnunet")
-+ (system? #t)
-+ (comment "GNUnet system user")
-+ (home-directory "/var/empty")
-+ (shell (file-append shadow "/sbin/nologin")))))
-+
-+;; ${GNUNET_HOME}/.local/share/gnunet/gnunet.conf -> chmod 600
-+;; mkdir -p ${GNUNET_HOME}/.cache/gnunet
-+
-+(define gnunet-activation
-+ (match-lambda
-+ (($ <gnunet-configuration> package config-file)
-+ (let ((gnunet
-+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
-+ #~(begin
-+ (use-modules (guix build utils))
-+ (define %user (getpw "gnunet"))
-+ (mkdir-p "/var/lib/gnunet/")
-+ (chown "/var/lib/gnunet" (passwd:uid %user) (passwd:gid %user))
-+ ;;(chmod "/var/lib/gnunet/" #o755)
-+ (mkdir-p "/var/lib/gnunet/.local/share/gnunet")
-+ (mkdir-p "/var/lib/gnunet/.cache/gnunet")
-+ (mkdir-p "/var/lib/gnunet/hostlist")
-+ (mkdir-p "/var/lib/gnunet/.config/gnunet")
-+ (chown "/var/lib/gnunet/.local/share/gnunet" (passwd:uid %user) (passwd:gid %user))
-+ (chown "/var/lib/gnunet/.cache/gnunet" (passwd:uid %user) (passwd:gid %user))
-+ (chown "/var/lib/gnunet/hostlist" (passwd:uid %user) (passwd:gid %user))
-+ ;;(chown "/var/lib/gnunet/gnunet.conf" (passwd:uid %user) (passwd:gid %user))
-+ (chown "/var/lib/gnunet/.config/gnunet" (passwd:uid %user) (passwd:gid %user)))))))
-+ ;;(chmod "/var/lib/gnunet/.config/gnunet" #o755)
-+ ;;(chmod "/var/lib/gnunet/.cache/gnunet" #o755)
-+ ;;(chmod "/var/lib/gnunet/.local/share/gnunet" #o755))))))
-+
-+;; SUID_ROOT_HELPERS="exit nat-server nat-client transport-bluetooth transport-wlan vpn"
-+;; set chmod u+s for those above.
-+;; chmodown_execbin ${libexec}/gnunet-helper-dns 4750 root:gnunetdns
-+;; chmodown_execbin ${libexec}/gnunet-service-dns 2750 gnunet:gnunetdns
-+(define gnunet-setuid-programs
-+ (match-lambda
-+ (($ <gnunet-configuration> package)
-+ (list (file-append package "/lib/gnunet/libexec/gnunet-helper-exit")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-server")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-client")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-bluetooth")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-wlan")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-vpn")))))
-+
-+(define gnunet-service-type
-+ (service-type
-+ (name 'gnunet)
-+ (extensions (list (service-extension account-service-type
-+ (const %gnunet-accounts))
-+ (service-extension activation-service-type
-+ gnunet-activation)
-+ (service-extension profile-service-type
-+ (compose list gnunet-configuration-package))
-+ (service-extension setuid-program-service-type
-+ gnunet-setuid-programs)
-+ (service-extension shepherd-root-service-type
-+ gnunet-shepherd-service)))))
-+;;; --- here starts the rewrite.
-+
- ;;; networking.scm ends here
---
-2.17.0
-
+++ /dev/null
-From 91241bacb6533745535ff28d20f087ecd571e7be Mon Sep 17 00:00:00 2001
-From: ng0 <ng0@we.make.ritual.n0.is>
-Date: Mon, 12 Sep 2016 12:26:52 +0000
-Subject: [PATCH] gnu: services: Add gnunet-service.
-
----
- doc/guix.texi | 36 ++++++++++++++
- gnu/services/networking.scm | 114 +++++++++++++++++++++++++++++++++++++++++++-
- 2 files changed, 149 insertions(+), 1 deletion(-)
-
-diff --git a/doc/guix.texi b/doc/guix.texi
-index 99bde4aca..6c683393e 100644
---- a/doc/guix.texi
-+++ b/doc/guix.texi
-@@ -8903,6 +8903,42 @@ Boolean values @var{ipv4?} and @var{ipv6?} determine whether to use IPv4/IPv6
- sockets.
- @end deffn
-
-+@cindex GNUnet
-+@cindex gnunet
-+@subsubheading GNUnet Service
-+
-+@deffn {Scheme Variable} gnunet-service-type
-+This is the type of the @uref{https://gnunet.org, GNUnet}
-+service, whose value should be an @code{gnunet-configuration} object
-+as in this example:
-+
-+@example
-+(service gnunet-service-type
-+ (gnunet-configuration
-+ (config-file (local-file "./gnunet.conf"))))
-+@end example
-+@end deffn
-+
-+@deftp {Data Type} gnunet-configuration
-+Data type representing the configuration of GNUnet.
-+
-+@table @asis
-+@item @code{package} (default: @var{gnunet})
-+Package object of the GNUnet service.
-+
-+@item @code{config-file} (default: @var{%default-gnunet-file})
-+File-like object of the GNUnet configuration file to use. For NAT is
-+assumes by default that you are behind a NAT (@var{BEHIND_NAT = YES})
-+and enables UPNP (@var{ENABLE_UPNP = YES}).
-+The hostlist is configured with the options @var{-b} (bootstrap using
-+configured hostlist servers) and @var{-e} (enable learning advertised hostlists).
-+Read the configuration files in @var{"~/.guix-profile/share/gnunet/config.d/"}
-+for more information. These files also set the defaults when you don't set
-+any explicit values to override them.
-+
-+@end table
-+@end deftp
-+
-
- @node X Window
- @subsubsection X Window
-diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
-index d672ecf68..ff3615ea2 100644
---- a/gnu/services/networking.scm
-+++ b/gnu/services/networking.scm
-@@ -3,6 +3,7 @@
- ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
- ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
- ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
-+;;; Copyright © 2016 ng0 <ng0@libertad.pw>
- ;;;
- ;;; This file is part of GNU Guix.
- ;;;
-@@ -27,6 +28,7 @@
- #:use-module (gnu system pam)
- #:use-module (gnu packages admin)
- #:use-module (gnu packages connman)
-+ #:use-module (gnu packages gnunet)
- #:use-module (gnu packages linux)
- #:use-module (gnu packages tor)
- #:use-module (gnu packages messaging)
-@@ -66,7 +68,12 @@
- wicd-service
- network-manager-service
- connman-service
-- wpa-supplicant-service-type))
-+ wpa-supplicant-service-type
-+
-+ gnunet-configuration
-+ gnunet-configuration?
-+ gnunet-service-type
-+ %default-gnunet-config-file))
-
- ;;; Commentary:
- ;;;
-@@ -781,4 +788,109 @@ configure networking."
- (service-extension dbus-root-service-type list)
- (service-extension profile-service-type list)))))
-
-+\f
-+;;; GNUnet
-+;;;
-+;;;
-+
-+(define-record-type* <gnunet-configuration>
-+ gnunet-configuration make-gnunet-configuration
-+ gnunet-configuration?
-+ (package gnunet-configuration-package
-+ (default gnunet))
-+ (config-file gnunet-configuration-config-file
-+ (default %default-gnunet-config-file)))
-+
-+(define %default-gnunet-config-file
-+ (plain-file "gnunet.conf" "
-+[PATHS]
-+SERVICEHOME = /var/lib/gnunet
-+GNUNET_CONFIG_HOME = /var/lib/gnunet
-+
-+[arm]
-+SYSTEM_ONLY = YES
-+USER_ONLY = NO
-+
-+[nat]
-+BEHIND_NAT = YES
-+ENABLE_UPNP = YES
-+
-+[hostlist]
-+OPTIONS = -b -e
-+"))
-+
-+(define gnunet-shepherd-service
-+ (match-lambda
-+ (($ <gnunet-configuration> package config-file)
-+ (list (shepherd-service
-+ (provision '(gnunet))
-+ (requirement '(user-processes loopback))
-+ (documentation "Run the GNUnet service.")
-+ (start
-+ (let ((gnunet
-+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
-+ #~(make-forkexec-constructor
-+ (list #$gnunet "-c" #$config-file)
-+ #:pid-file "/var/run/gnunet.pid")))
-+ (stop
-+ #~(make-kill-destructor
-+ (list #$gnunet "-e"))))))))
-+
-+(define %gnunet-accounts
-+ (list (user-group
-+ (name "gnunetdns")
-+ (system? #t))
-+ (user-group
-+ (name "gnunet")
-+ (system? #t))
-+ (user-account
-+ (name "gnunet")
-+ (group "gnunet")
-+ (system? #t)
-+ (comment "GNUnet system user")
-+ (home-directory "/var/empty")
-+ (shell #~(string-append #$shadow "/sbin/nologin")))))
-+
-+(define gnunet-activation
-+ (match-lambda
-+ (($ <gnunet-configuration> package config-file)
-+ (let ((gnunet
-+ (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
-+ #~(begin
-+ (use-modules (guix build utils))
-+ (define %user (getpw "gnunet"))
-+ (mkdir-p "/var/lib/gnunet/")
-+ (chown "/var/lib/gnunet" (passwd:uid %user) (passwd:gid %user))
-+ (chmod "/var/lib/gnunet/" #o600)
-+ (mkdir-p "/var/lib/gnunet/.local/share/gnunet")
-+ (mkdir-p "/var/lib/gnunet/.cache/gnunet")
-+ (mkdir-p "/var/lib/gnunet/.config/gnunet")
-+ (chmod "/var/lib/gnunet/.config/gnunet" #o600)
-+ (chmod "/var/lib/gnunet/.cache/gnunet" #o600)
-+ (chmod "/var/lib/gnunet/.local/share/gnunet" #o600))))))
-+
-+(define gnunet-setuid-programs
-+ (match-lambda
-+ (($ <gnunet-configuration> package)
-+ (list (file-append package "/lib/gnunet/libexec/gnunet-helper-exit")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-server")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-nat-client")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-bluetooth")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-transport-wlan")
-+ (file-append package "/lib/gnunet/libexec/gnunet-helper-vpn")))))
-+
-+(define gnunet-service-type
-+ (service-type
-+ (name 'gnunet)
-+ (extensions (list (service-extension account-service-type
-+ (const %gnunet-accounts))
-+ (service-extension activation-service-type
-+ gnunet-activation)
-+ (service-extension profile-service-type
-+ (compose list gnunet-configuration-package))
-+ (service-extension setuid-program-service-type
-+ gnunet-setuid-programs)
-+ (service-extension shepherd-root-service-type
-+ gnunet-shepherd-service)))))
-+
- ;;; networking.scm ends here
---
-2.11.0
-
+++ /dev/null
-short notes:
-
-* you are not expected to be able to run this as-is.
-* you must keep it GPL3 licensed and NOT license it to GNUnet e.V.,
- for changes add your line to the header.
-* does not apply to a guix checkout, you have to search and replace
- the imported modules. in my development of plant, infotropique
- services is equivalent to gnu services (same for packages) and plant
- XYZ is guix XYZ.
-* Understanding is optional.
-* Patches come as context reading material.
\ No newline at end of file
+++ /dev/null
-;;; plant ---
-;;; Copyright (C) 2016, 2017, 2018 Nils Gillmann <gillmann@infotropique.org>
-;;;
-;;; This file is part of plant.
-;;;
-;;; plant is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; plant is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of thye GNU General Public License
-;;; along with plant. If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (infotropique services networking)
- #:use-module (infotropique services)
- #:use-module (infotropique services shepherd)
- #:use-module (infotropique services dbus)
- #:use-module (infotropique system shadow)
- #:use-module (infotropique system pam)
- #:use-module (infotropique packages admin)
- #:use-module (infotropique packages connman)
- #:use-module (infotropique packages linux)
- #:use-module (infotropique packages tor)
- #:use-module (infotropique packages messaging)
- #:use-module (infotropique packages networking)
- #:use-module (infotropique packages ntp)
- #:use-module (infotropique packages wicd)
- #:use-module (infotropique packages gnome)
- #:use-module (infotropique packages gnunet)
- #:use-module (plant gexp)
- #:use-module (plant records)
- #:use-module (plant modules)
- #:use-module (srfi srfi-1)
- #:use-module (srfi srfi-9)
- #:use-module (srfi srfi-26)
- #:use-module (ice-9 match)
- #:export (gnunet-configuration
- gnunet-configuration?
- gnunet-service
- gnunet-service-type))
-
-;;;
-;;; Commentary:
-;;; gnunet (GNUnet) related services, mainly gnunet itself.
-;;;
-
-;; GENTOO OpenRC:
-DONE: depends on "net".
-DONE: PIDFILE=/run/gnunet/arm-service.pid
-SUID_ROOT_HELPERS=exit, nat-server, nat-client, transport-bluetooth, transport-wlan, vpn
-
-/var/lib/gnunet/.local/share/gnunet/gnunet.conf must be chmod 600 and chown gnunet:gnunet
-/var/lib/gnunet/.cache/gnunet must exist.
-/usr/lib/gnunet/libexec/gnunet-helper-SUID_ROOT_HELPERS must be s+u (--> suid)
-
-/usr/lib/gnunet/libexec/gnunet-helper-dns must be: chown root:gnunetdns and chmod 4750
-/usr/lib/gnunet/libexec/gnunet-service-dns must be: chown gnunet:gnunetdns and chmod 2750
-
-directory with PID file must then be chowned by gnunet:gnunet
-
-user gnunet startet dann /usr/lib/gnunet/libexec/gnunet-service-arm -d
-
-stop process hat:
-start-stop-daemon --stop --signal QUIT --pidfile ${PIDFILE}
-sleep 1
-killall -u gnunet
-sleep 1
-rm -rf /tmp/gnunet-gnunet-runtime >/dev/null 2>&1
-rm -rf /tmp/gnunet-system-runtime >/dev/null 2>&1
-
-/etc/nsswitch.conf kriegt den eintrag:
-hosts: files gns [NOTFOUND=return] dns
-
-und die dateien die in der source rumliegen bzgl nss müssen noch kopiert werden
-UND nss muss sie finden.
-
-
-
-(define-record-type* <gnunet-configuration>
- gnunet-configuration make-gnunet-configuration
- gnunet-configuration?
- (package gnunet-configuration-package
- (default gnunet))
- (config-file gnunet-configuration-config-file
- (default %default-gnunet-config-file)))
-
-;; TODO: [PATHS] DEFAULTCONFIG = ?
-(define %default-gnunet-config-file
- (plain-file "gnunet.conf" "
-[PATHS]
-SERVICEHOME = /var/lib/gnunet
-GNUNET_CONFIG_HOME = /var/lib/gnunet
-
-[arm]
-SYSTEM_ONLY = YES
-USER_ONLY = NO
-
-[nat]
-BEHIND_NAT = YES
-ENABLE_UPNP = NO
-USE_LOCALADDR = NO
-DISABLEV6 = YES
-
-[hostlist]
-OPTIONS = -b -e
-"))
-
-(define gnunet-shepherd-service
- (match-lambda
- (($ <gnunet-configuration> package config-file)
- (list (shepherd-service
- (provision '(gnunet))
- ;; do we require networking? arm will try to reconnect until a connection
- ;; exists (again), but we might also set up vpn and not succeed at service
- ;; boot time as well as the general certificate issue we have especially on
- ;; Guix-on-GuixSD systems.
- (requirement '(loopback))
- (documentation "Run the GNUnet service.")
- (start
- (let ((gnunet
- (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
- #~(make-forkexec-constructor
- (list #$gnunet "-c" #$config-file)
- #:log-file "/var/log/gnunet.log"
- #:pid-file "/var/run/gnunet/arm-service.pid")))
- (stop
- #~(make-kill-destructor)))))))
-
-(define %gnunet-accounts
- (list (user-group
- (name "gnunetdns")
- (system? #t))
- (user-group
- (name "gnunet")
- (system? #t))
- (user-account
- (name "gnunet")
- (group "gnunet")
- (system? #t)
- (comment "GNUnet system user")
- (home-directory "/var/lib/gnunet")
- (shell #~(string-append #$shadow "/sbin/nologin")))))
-
-;; TODO: setuids.
-;; TODO: certificate issues -- gnunet should honor CURL_CA_BUNDLE!
-(define gnunet-activation
- (match-lambda
- (($ <gnunet-configuration> package config-file)
- (let ((gnunet
- (file-append package "/lib/gnunet/libexec/gnunet-service-arm")))
- #~(begin
- ;; Create the .config + .cache for gnunet user
- (mkdir-p "/var/lib/gnunet/.config/gnunet")
- (mkdir-p "/var/lib/gnunet/.cache/gnunet"))))))
-
-(define gnunet-service-type
- (service-type
- (name 'gnunet)
- (extensions (list (service-extension account-service-type
- (const %gnunet-accounts))
- (service-extension activation-service-type
- gnunet-activation)
- (service-extension profile-service-type
- (compose list gnunet-configuration-package))
- (service-extension shepherd-root-service-type
- gnunet-shepherd-service)))))
-
-;;; gnunet.scm ends here
+++ /dev/null
-(use-modules (gnu))
-(use-service-modules
-;; admin
- base
- mcron
- networking
- ssh)
-
-(use-package-modules
- admin
- ssh
- version-control
- gnunet)
-
-(define %user (getenv "USER"))
-
-(define os
- (operating-system
- (host-name "os")
- (timezone "Europe/Amsterdam")
- (locale "en_US.UTF-8")
-
- (bootloader
- (grub-configuration
- (device "/dev/sda")))
-
- (file-systems
- (cons* (file-system (mount-point "/")
- (device "/dev/sda1")
- (type "ext4"))
- %base-file-systems))
-
- (groups
- (cons* (user-group (name %user))
- %base-groups))
-
- (users
- (cons* (user-account (name %user)
- (group %user)
- (password (crypt "" "xx"))
- (uid 1000)
- (supplementary-groups '("wheel" "gnunet"))
- (home-directory (string-append "/home/" %user)))
- %base-user-accounts))
-
- (packages
- (cons*
- git
- openssh
- gnunet
- %base-packages))
-
- (services
- (cons*
- (dhcp-client-service)
- (lsh-service #:port-number 2222
- #:allow-empty-passwords? #t
- #:root-login? #t)
- (gnunet-service)
- %base-services
- ))))
-os
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2010 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @file contrib/timeout_watchdog.c
- * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period
- * @author Matthias Wachs
- */
-
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-static pid_t child;
-
-
-static void
-sigchld_handler (int val)
-{
- int status = 0;
- int ret = 0;
-
- (void) val;
- waitpid (child, &status, 0);
- if (WIFEXITED (status) != 0)
- {
- ret = WEXITSTATUS (status);
- printf ("Test process exited with result %u\n", ret);
- }
- if (WIFSIGNALED (status) != 0)
- {
- ret = WTERMSIG (status);
- printf ("Test process was signaled %u\n", ret);
- }
- exit (ret);
-}
-
-
-static void
-sigint_handler (int val)
-{
- kill (0, val);
- exit (val);
-}
-
-
-int
-main (int argc,
- char *argv[])
-{
- int timeout = 0;
- pid_t gpid = 0;
-
- if (argc < 3)
- {
- printf
- ("arg 1: timeout in sec., arg 2: executable, arg<n> arguments\n");
- exit (1);
- }
-
- timeout = atoi (argv[1]);
-
- if (timeout == 0)
- timeout = 600;
-
-/* with getpgid() it does not compile, but getpgrp is the BSD version and working */
- gpid = getpgrp ();
-
- signal (SIGCHLD, sigchld_handler);
- signal (SIGABRT, sigint_handler);
- signal (SIGFPE, sigint_handler);
- signal (SIGILL, sigint_handler);
- signal (SIGINT, sigint_handler);
- signal (SIGSEGV, sigint_handler);
- signal (SIGTERM, sigint_handler);
-
- child = fork ();
- if (child == 0)
- {
- /* int setpgrp(pid_t pid, pid_t pgid); is not working on this machine */
- //setpgrp (0, pid_t gpid);
- if (-1 != gpid)
- setpgid (0, gpid);
- execvp (argv[2], &argv[2]);
- exit (1);
- }
- if (child > 0)
- {
- sleep (timeout);
- printf ("Child processes were killed after timeout of %u seconds\n",
- timeout);
- kill (0, SIGTERM);
- exit (1);
- }
- exit (1);
-}
-
-/* end of timeout_watchdog.c */
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2010 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @file contrib/timeout_watchdog_w32.c
- * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period
- * @author LRN
- */
-
-#include <windows.h>
-#include <sys/types.h>
-#include <stdio.h>
-
-int
-main (int argc, char *argv[])
-{
- int i;
- DWORD wait_result;
- wchar_t *commandline;
- wchar_t **wargv;
- wchar_t *arg;
- unsigned int cmdlen;
- STARTUPINFOW start;
- PROCESS_INFORMATION proc;
-
- wchar_t wpath[MAX_PATH + 1];
-
- wchar_t *pathbuf;
- DWORD pathbuf_len, alloc_len;
- wchar_t *ptr;
- wchar_t *non_const_filename;
- wchar_t *wcmd;
- int wargc;
- int timeout = 0;
- ssize_t wrote;
-
- HANDLE job;
-
- if (argc < 3)
- {
- printf
- ("arg 1: timeout in sec., arg 2: executable, arg<n> arguments\n");
- exit (1);
- }
-
- timeout = atoi (argv[1]);
-
- if (timeout == 0)
- timeout = 600;
-
- commandline = GetCommandLineW ();
- if (commandline == NULL)
- {
- printf ("Failed to get commandline: %lu\n", GetLastError ());
- exit (2);
- }
-
- wargv = CommandLineToArgvW (commandline, &wargc);
- if (wargv == NULL || wargc <= 1)
- {
- printf ("Failed to get parse commandline: %lu\n", GetLastError ());
- exit (3);
- }
-
- job = CreateJobObject (NULL, NULL);
- if (job == NULL)
- {
- printf ("Failed to create a job: %lu\n", GetLastError ());
- exit (4);
- }
-
- pathbuf_len = GetEnvironmentVariableW (L"PATH", (wchar_t *) &pathbuf, 0);
-
- alloc_len = pathbuf_len + 1;
-
- pathbuf = malloc (alloc_len * sizeof (wchar_t));
-
- ptr = pathbuf;
-
- alloc_len = GetEnvironmentVariableW (L"PATH", ptr, pathbuf_len);
-
- cmdlen = wcslen (wargv[2]);
- if (cmdlen < 5 || wcscmp (&wargv[2][cmdlen - 4], L".exe") != 0)
- {
- non_const_filename = malloc (sizeof (wchar_t) * (cmdlen + 5));
- swprintf (non_const_filename, cmdlen + 5, L"%S.exe", wargv[2]);
- }
- else
- {
- non_const_filename = wcsdup (wargv[2]);
- }
-
- /* Check that this is the full path. If it isn't, search. */
- if (non_const_filename[1] == L':')
- swprintf (wpath, sizeof (wpath) / sizeof (wchar_t), L"%S", non_const_filename);
- else if (!SearchPathW
- (pathbuf, non_const_filename, NULL, sizeof (wpath) / sizeof (wchar_t),
- wpath, NULL))
- {
- printf ("Failed to get find executable: %lu\n", GetLastError ());
- exit (5);
- }
- free (pathbuf);
- free (non_const_filename);
-
- cmdlen = wcslen (wpath) + 4;
- i = 3;
- while (NULL != (arg = wargv[i++]))
- cmdlen += wcslen (arg) + 4;
-
- wcmd = malloc (sizeof (wchar_t) * (cmdlen + 1));
- wrote = 0;
- i = 2;
- while (NULL != (arg = wargv[i++]))
- {
- /* This is to escape trailing slash */
- wchar_t arg_lastchar = arg[wcslen (arg) - 1];
- if (wrote == 0)
- {
- wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\" ", wpath,
- arg_lastchar == L'\\' ? L"\\" : L"");
- }
- else
- {
- if (wcschr (arg, L' ') != NULL)
- wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\"%S", arg,
- arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" ");
- else
- wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"%S%S%S", arg,
- arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" ");
- }
- }
-
- LocalFree (wargv);
-
- memset (&start, 0, sizeof (start));
- start.cb = sizeof (start);
-
- if (!CreateProcessW (wpath, wcmd, NULL, NULL, TRUE, CREATE_SUSPENDED,
- NULL, NULL, &start, &proc))
- {
- wprintf (L"Failed to get spawn process `%S' with arguments `%S': %lu\n", wpath, wcmd, GetLastError ());
- exit (6);
- }
-
- AssignProcessToJobObject (job, proc.hProcess);
-
- ResumeThread (proc.hThread);
- CloseHandle (proc.hThread);
-
- free (wcmd);
-
- wait_result = WaitForSingleObject (proc.hProcess, timeout * 1000);
- if (wait_result == WAIT_OBJECT_0)
- {
- DWORD status;
- wait_result = GetExitCodeProcess (proc.hProcess, &status);
- CloseHandle (proc.hProcess);
- if (wait_result != 0)
- {
- printf ("Test process exited with result %lu\n", status);
- TerminateJobObject (job, status);
- exit (status);
- }
- printf ("Test process exited (failed to obtain exit status)\n");
- TerminateJobObject (job, 0);
- exit (0);
- }
- printf ("Child processes were killed after timeout of %u seconds\n",
- timeout);
- TerminateJobObject (job, 1);
- CloseHandle (proc.hProcess);
- exit (1);
-}
-
-/* end of timeout_watchdog_w32.c */
chapters/terminology.cps \
chapters/vocabulary.cps \
fdl-1.3.cps \
+ agpl-3.0.cps \
gpl-3.0.cps
# if HAVE_EXTENDED_DOCUMENTATION_BUILDING
# echo "@set EDITION $(PACKAGE_VERSION)" >> $@
# echo "@set VERSION $(PACKAGE_VERSION)" >> $@
-# Workaround for makeinfo error. Whcih in turn introduces more
-# date-related 'warnings'. Well.
+# Workaround for makeinfo error. Which in turn introduces more
+# date-related 'warnings' for GNUism. Well.
version2.texi:
echo "@set UPDATED $(date +'%d %B %Y')" > $@
echo "@set UPDATED-MONTH $(date +'%B %Y')" >> $@
--- /dev/null
+@c The GNU Affero General Public License.
+@center Version 3, 19 November 2007
+
+@c This file is intended to be included within another document,
+@c hence no sectioning command or @node.
+
+@display
+Copyright @copyright{} 2007 Free Software Foundation, Inc. @url{https://fsf.org/}
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+@end display
+
+@heading Preamble
+
+The GNU Affero General Public License is a free, copyleft license
+for software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+The licenses for most software and other practical works are
+designed to take away your freedom to share and change the works. By
+contrast, our General Public Licenses are intended to guarantee your
+freedom to share and change all versions of a program--to make sure it
+remains free software for all its users.
+
+When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+The precise terms and conditions for copying, distribution and
+modification follow.
+
+@heading TERMS AND CONDITIONS
+
+@enumerate 0
+@item Definitions.
+
+``This License'' refers to version 3 of the GNU Affero General Public License.
+
+``Copyright'' also means copyright-like laws that apply to other kinds
+of works, such as semiconductor masks.
+
+``The Program'' refers to any copyrightable work licensed under this
+License. Each licensee is addressed as ``you''. ``Licensees'' and
+``recipients'' may be individuals or organizations.
+
+To ``modify'' a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of
+an exact copy. The resulting work is called a ``modified version'' of
+the earlier work or a work ``based on'' the earlier work.
+
+A ``covered work'' means either the unmodified Program or a work based
+on the Program.
+
+To ``propagate'' a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+To ``convey'' a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user
+through a computer network, with no transfer of a copy, is not
+conveying.
+
+An interactive user interface displays ``Appropriate Legal Notices'' to
+the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+@item Source Code.
+
+The ``source code'' for a work means the preferred form of the work for
+making modifications to it. ``Object code'' means any non-source form
+of a work.
+
+A ``Standard Interface'' means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+The ``System Libraries'' of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+``Major Component'', in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+The ``Corresponding Source'' for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+The Corresponding Source need not include anything that users can
+regenerate automatically from other parts of the Corresponding Source.
+
+The Corresponding Source for a work in source code form is that same
+work.
+
+@item Basic Permissions.
+
+All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+You may make, run and propagate covered works that you do not convey,
+without conditions so long as your license otherwise remains in force.
+You may convey covered works to others for the sole purpose of having
+them make modifications exclusively for you, or provide you with
+facilities for running those works, provided that you comply with the
+terms of this License in conveying all material for which you do not
+control copyright. Those thus making or running the covered works for
+you must do so exclusively on your behalf, under your direction and
+control, on terms that prohibit them from making any copies of your
+copyrighted material outside their relationship with you.
+
+Conveying under any other circumstances is permitted solely under the
+conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+@item Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such
+circumvention is effected by exercising rights under this License with
+respect to the covered work, and you disclaim any intention to limit
+operation or modification of the work as a means of enforcing, against
+the work's users, your or third parties' legal rights to forbid
+circumvention of technological measures.
+
+@item Conveying Verbatim Copies.
+
+You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+@item Conveying Modified Source Versions.
+
+You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these
+conditions:
+
+@enumerate a
+@item
+The work must carry prominent notices stating that you modified it,
+and giving a relevant date.
+
+@item
+The work must carry prominent notices stating that it is released
+under this License and any conditions added under section 7. This
+requirement modifies the requirement in section 4 to ``keep intact all
+notices''.
+
+@item
+You must license the entire work, as a whole, under this License to
+anyone who comes into possession of a copy. This License will
+therefore apply, along with any applicable section 7 additional terms,
+to the whole of the work, and all its parts, regardless of how they
+are packaged. This License gives no permission to license the work in
+any other way, but it does not invalidate such permission if you have
+separately received it.
+
+@item
+If the work has interactive user interfaces, each must display
+Appropriate Legal Notices; however, if the Program has interactive
+interfaces that do not display Appropriate Legal Notices, your work
+need not make them do so.
+@end enumerate
+
+A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+``aggregate'' if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+@item Conveying Non-Source Forms.
+
+You may convey a covered work in object code form under the terms of
+sections 4 and 5, provided that you also convey the machine-readable
+Corresponding Source under the terms of this License, in one of these
+ways:
+
+@enumerate a
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by the
+Corresponding Source fixed on a durable physical medium customarily
+used for software interchange.
+
+@item
+Convey the object code in, or embodied in, a physical product
+(including a physical distribution medium), accompanied by a written
+offer, valid for at least three years and valid for as long as you
+offer spare parts or customer support for that product model, to give
+anyone who possesses the object code either (1) a copy of the
+Corresponding Source for all the software in the product that is
+covered by this License, on a durable physical medium customarily used
+for software interchange, for a price no more than your reasonable
+cost of physically performing this conveying of source, or (2) access
+to copy the Corresponding Source from a network server at no charge.
+
+@item
+Convey individual copies of the object code with a copy of the written
+offer to provide the Corresponding Source. This alternative is
+allowed only occasionally and noncommercially, and only if you
+received the object code with such an offer, in accord with subsection
+6b.
+
+@item
+Convey the object code by offering access from a designated place
+(gratis or for a charge), and offer equivalent access to the
+Corresponding Source in the same way through the same place at no
+further charge. You need not require recipients to copy the
+Corresponding Source along with the object code. If the place to copy
+the object code is a network server, the Corresponding Source may be
+on a different server (operated by you or a third party) that supports
+equivalent copying facilities, provided you maintain clear directions
+next to the object code saying where to find the Corresponding Source.
+Regardless of what server hosts the Corresponding Source, you remain
+obligated to ensure that it is available for as long as needed to
+satisfy these requirements.
+
+@item
+Convey the object code using peer-to-peer transmission, provided you
+inform other peers where the object code and Corresponding Source of
+the work are being offered to the general public at no charge under
+subsection 6d.
+
+@end enumerate
+
+A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+A ``User Product'' is either (1) a ``consumer product'', which means any
+tangible personal property which is normally used for personal,
+family, or household purposes, or (2) anything designed or sold for
+incorporation into a dwelling. In determining whether a product is a
+consumer product, doubtful cases shall be resolved in favor of
+coverage. For a particular product received by a particular user,
+``normally used'' refers to a typical or common use of that class of
+product, regardless of the status of the particular user or of the way
+in which the particular user actually uses, or expects or is expected
+to use, the product. A product is a consumer product regardless of
+whether the product has substantial commercial, industrial or
+non-consumer uses, unless such uses represent the only significant
+mode of use of the product.
+
+``Installation Information'' for a User Product means any methods,
+procedures, authorization keys, or other information required to
+install and execute modified versions of a covered work in that User
+Product from a modified version of its Corresponding Source. The
+information must suffice to ensure that the continued functioning of
+the modified object code is in no case prevented or interfered with
+solely because modification has been made.
+
+If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or
+updates for a work that has been modified or installed by the
+recipient, or for the User Product in which it has been modified or
+installed. Access to a network may be denied when the modification
+itself materially and adversely affects the operation of the network
+or violates the rules and protocols for communication across the
+network.
+
+Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+@item Additional Terms.
+
+``Additional permissions'' are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders
+of that material) supplement the terms of this License with terms:
+
+@enumerate a
+@item
+Disclaiming warranty or limiting liability differently from the terms
+of sections 15 and 16 of this License; or
+
+@item
+Requiring preservation of specified reasonable legal notices or author
+attributions in that material or in the Appropriate Legal Notices
+displayed by works containing it; or
+
+@item
+Prohibiting misrepresentation of the origin of that material, or
+requiring that modified versions of such material be marked in
+reasonable ways as different from the original version; or
+
+@item
+Limiting the use for publicity purposes of names of licensors or
+authors of the material; or
+
+@item
+Declining to grant rights under trademark law for use of some trade
+names, trademarks, or service marks; or
+
+@item
+Requiring indemnification of licensors and authors of that material by
+anyone who conveys the material (or modified versions of it) with
+contractual assumptions of liability to the recipient, for any
+liability that these contractual assumptions directly impose on those
+licensors and authors.
+@end enumerate
+
+All other non-permissive additional terms are considered ``further
+restrictions'' within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions; the
+above requirements apply either way.
+
+@item Termination.
+
+You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+However, if you cease all violation of this License, then your license
+from a particular copyright holder is reinstated (a) provisionally,
+unless and until the copyright holder explicitly and finally
+terminates your license, and (b) permanently, if the copyright holder
+fails to notify you of the violation by some reasonable means prior to
+60 days after the cessation.
+
+Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+@item Acceptance Not Required for Having Copies.
+
+You are not required to accept this License in order to receive or run
+a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+@item Automatic Licensing of Downstream Recipients.
+
+Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+An ``entity transaction'' is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+@item Patents.
+
+A ``contributor'' is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's ``contributor version''.
+
+A contributor's ``essential patent claims'' are all patent claims owned
+or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, ``control'' includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+In the following three paragraphs, a ``patent license'' is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To ``grant'' such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. ``Knowingly relying'' means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+A patent license is ``discriminatory'' if it does not include within the
+scope of its coverage, prohibits the exercise of, or is conditioned on
+the non-exercise of one or more of the rights that are specifically
+granted under this License. You may not convey a covered work if you
+are a party to an arrangement with a third party that is in the
+business of distributing software, under which you make payment to the
+third party based on the extent of your activity of conveying the
+work, and under which the third party grants, to any of the parties
+who would receive the covered work from you, a discriminatory patent
+license (a) in connection with copies of the covered work conveyed by
+you (or copies made from those copies), or (b) primarily for and in
+connection with specific products or compilations that contain the
+covered work, unless you entered into that arrangement, or that patent
+license was granted, prior to 28 March 2007.
+
+Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+@item No Surrender of Others' Freedom.
+
+If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey
+a covered work so as to satisfy simultaneously your obligations under
+this License and any other pertinent obligations, then as a
+consequence you may not convey it at all. For example, if you agree
+to terms that obligate you to collect a royalty for further conveying
+from those to whom you convey the Program, the only way you could
+satisfy both those terms and this License would be to refrain entirely
+from conveying the Program.
+
+@item Remote Network Interaction; Use with the GNU General Public License.
+
+Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users interacting
+with it remotely through a computer network (if your version supports such
+interaction) an opportunity to receive the Corresponding Source of your
+version by providing access to the Corresponding Source from a network
+server at no charge, through some standard or customary means of
+facilitating copying of software. This Corresponding Source shall include
+the Corresponding Source for any work covered by version 3 of the GNU
+General Public License that is incorporated pursuant to the following
+paragraph.
+
+Notwithstanding any other provision of this License, you have permission to
+link or combine any covered work with a work licensed under version 3 of
+the GNU General Public License into a single combined work, and to convey
+the resulting work. The terms of this License will continue to apply to
+the part which is the covered work, but the work with which it is combined
+will remain governed by version 3 of the GNU General Public License.
+
+@item Revised Versions of this License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU Affero General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies that a certain numbered version of the GNU Affero General Public
+License ``or any later version'' applies to it, you have the option of
+following the terms and conditions either of that numbered version or
+of any later version published by the Free Software Foundation. If
+the Program does not specify a version number of the GNU Affero General
+Public License, you may choose any version ever published by the Free
+Software Foundation.
+
+If the Program specifies that a proxy can decide which future versions
+of the GNU Affero General Public License can be used, that proxy's public
+statement of acceptance of a version permanently authorizes you to
+choose that version for the Program.
+
+Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+@item Disclaimer of Warranty.
+
+THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM ``AS IS'' WITHOUT
+WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
+PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE
+DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR
+CORRECTION.
+
+@item Limitation of Liability.
+
+IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR
+CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
+ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT
+NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR
+LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM
+TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER
+PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+@item Interpretation of Sections 15 and 16.
+
+If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+@end enumerate
+
+@heading END OF TERMS AND CONDITIONS
+
+@heading How to Apply These Terms to Your New Programs
+
+If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the ``copyright'' line and a pointer to where the full notice is found.
+
+@smallexample
+@var{one line to give the program's name and a brief idea of what it does.}
+Copyright (C) @var{year} @var{name of author}
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or (at
+your option) any later version.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see @url{https://www.gnu.org/licenses/}.
+@end smallexample
+
+Also add information on how to contact you by electronic and paper mail.
+
+If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a ``Source'' link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+You should also get your employer (if you work as a programmer) or school,
+if any, to sign a ``copyright disclaimer'' for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+@url{https://www.gnu.org/licenses/}.
* Licenses of contributions::
* Copyright Assignment::
* Contributing to the Reference Manual::
+* Contributing testcases::
@end menu
@node Contributing to GNUnet
@section Contributing to GNUnet
+@cindex licenses
+@cindex licenses of contributions
@node Licenses of contributions
@section Licenses of contributions
GNUnet is a @uref{https://www.gnu.org/, GNU} package.
All code contributions must thus be put under the
-@uref{https://www.gnu.org/copyleft/gpl.html, GNU Public License (GPL)}.
+@uref{https://www.gnu.org/licenses/agpl.html, GNU Affero Public License (AGPL)}.
All documentation should be put under FSF approved licenses
(see @uref{https://www.gnu.org/copyleft/fdl.html, fdl}).
retain non-exclusive rights to your contributions, so you can also
share your contributions freely with other projects.
-GNUnet e.V. will publish all accepted contributions under the GPLv3
+GNUnet e.V. will publish all accepted contributions under the AGPLv3
or any later version. The association may decide to publish
contributions under additional licenses (dual-licensing).
without having to skip over to the end.
@end itemize
+
+@node Contributing testcases
+@section Contributing testcases
+
+In the core of gnunet, we restrict new testcases to a small subset
+of languages, in order of preference:
+@enumerate
+@item C
+@item Bash (preferable portable without too much specifics to Bash)
+@item Python (@geq{}3.6)
+@end enumerate
+
+We welcome efforts to remove our existing python-2.7 scripts to
+replace them either with Bash or, at your choice, python-3.6+.
+
+If you contribute new python based testcases, we advise you to
+not repeat our past misfortunes and write the tests in a standard
+test framework like for example pytest.
Template for starting 'external' GNUnet projects
@item @command{gnunet-java}
Java APIs for writing GNUnet services and applications
-@c ** FIXME: Point to new website repository once we have it:
-@c ** @item svn/gnunet-www/ Code and media helping drive the GNUnet
-@c website
+@item @command{gnunet-java-ext}
@item @command{eclectic}
Code to run GNUnet nodes on testbeds for research, development,
testing and evaluation
cocoa-based GNUnet GUI (is it deprecated?)
@item @command{gnunet-guile}
Guile bindings for GNUnet
+@item @command{gnunet-python}
+Python bindings for GNUnet
@end table
Library for accessing satellite connection quality reports
@item @command{libgnurl}
gnURL (feature-restricted variant of cURL/libcurl)
+@item @command{www}
+work in progress of the new gnunet.org website (Jinja2 framework based to
+replace our current Drupal website)
+@item @command{bibliography}
+Our collected bibliography, papers, references, and so forth
+@item @command{gnunet-videos-}
+Videos about and around gnunet activities
@end table
Finally, there are various external projects (see links for a list of
@node Installing GNUnet
@chapter Installing GNUnet
-This guide is intended for those who want to install Gnunet from source. For instructions on how to install GNUnet as a binary package please refer to the official documentation of your operating system or package manager.
+This guide is intended for those who want to install Gnunet from
+source. For instructions on how to install GNUnet as a binary package
+please refer to the official documentation of your operating system or
+package manager.
-@node Getting the Source Code
+@menu
+* Installing dependencies::
+* Getting the Source Code::
+* Create @code{gnunet} user and group::
+* Preparing and Compiling the Source Code::
+* Installation::
+* MOVED FROM USER Checking the Installation::
+* MOVED FROM USER The graphical configuration interface::
+* MOVED FROM USER Config Leftovers::
+@end menu
+
+@c -----------------------------------------------------------------------
+@node Installing dependencies
@section Installing dependencies
-GNUnet needs few libraries and applications for being able to run and another few optional ones for using certain features. Preferably they should be installed with a package manager. Just in case we include a link to the project websites.
+GNUnet needs few libraries and applications for being able to run and
+another few optional ones for using certain features. Preferably they
+should be installed with a package manager. Just in case we include a
+link to the project websites.
The mandatory libraries and applications are
@itemize @bullet
@item libtool
-@item autoconf >= version 2.59
-@item automake >= version 1.11.1
+@item autoconf @geq{}2.59
+@item automake @geq{}1.11.1
@item pkg-config
-@item libgcrypt >= version 1.6
+@item libgcrypt @geq{}1.6
@item libextractor
@item libidn
-@item libmicrohttpd >= version 0.9.52
+@item libmicrohttpd @geq{}0.9.52
@item libnss
@item libunistring
@item gettext
@item libpulse (for running the GNUnet conversation telephony application)
@item libogg (for running the GNUnet conversation telephony application)
@item bluez (for bluetooth support)
-@item libpbc (for attribute-based encryption and the identity provider subsystem)
-@item libgabe (for attribute-based encryption and the identity provider subsystem)
+@item libpbc
+(for attribute-based encryption and the identity provider subsystem)
+@item libgabe
+(for attribute-based encryption and the identity provider subsystem)
@end itemize
-
+@c -----------------------------------------------------------------------
+@node Getting the Source Code
@section Getting the Source Code
-You can either download the source code using git (you obviously need git installed) or as an archive.
+You can either download the source code using git (you obviously need
+git installed) or as an archive.
Using git type
@example
git clone https://gnunet.org/git/gnunet.git
@end example
-The archive can be found at @uref{https://gnunet.org/downloads}. Extract it using a graphical archive tool or @code{tar}:
+The archive can be found at
+@uref{https://gnunet.org/downloads}. Extract it using a graphical
+archive tool or @code{tar}:
@example
tar xzvf gnunet-0.11.0pre66.tar.gz
@end example
-In the next chapter we will assume that the source code is available in the home directory at @code{~/gnunet}.
+In the next chapter we will assume that the source code is available
+in the home directory at @code{~/gnunet}.
+@c -----------------------------------------------------------------------
+@node Create @code{gnunet} user and group
@section Create @code{gnunet} user and group
-The GNUnet services should be run as a dedicated user called @code{gnunet}. For using them a user should be in the same group as this system user.
+The GNUnet services should be run as a dedicated user called
+@code{gnunet}. For using them a user should be in the same group as
+this system user.
-Create user @code{gnunet} who is member of the group @code{gnunet} and specify a home directory where the GNUnet services will store persistant data such as information about peers.
+Create user @code{gnunet} who is member of the group @code{gnunet} and
+specify a home directory where the GNUnet services will store
+persistant data such as information about peers.
@example
$ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet
@end example
$ sudo adduser alice gnunet
@end example
+@c -----------------------------------------------------------------------
+@node Preparing and Compiling the Source Code
@section Preparing and Compiling the Source Code
-For preparing the source code for compilation a bootstrap script and @code{configure} has to be run from the source code directory. When running @code{configure} the following options can be specified to customize the compilation and installation process:
+For preparing the source code for compilation a bootstrap script and
+@code{configure} has to be run from the source code directory. When
+running @code{configure} the following options can be specified to
+customize the compilation and installation process:
@itemize @bullet
@item @code{--disable-documentation} - don't build the configuration documents
@item @code{--with-sudo=[PATH]} - path to the sudo binary (no need to run @code{make install} as root if specified)
@end itemize
-The following example configures the installation prefix @code{/usr/lib} and disables building the documentation
+The following example configures the installation prefix
+@code{/usr/lib} and disables building the documentation
@example
$ cd ~/gnunet
$ ./bootstrap
$ configure --prefix=/usr/lib --disable-configuration
@end example
-After running the bootstrap script and @code{configure} successfully the source code can be compiled with make. Here @code{-j5} specifies that 5 threads should be used.
+After running the bootstrap script and @code{configure} successfully
+the source code can be compiled with make. Here @code{-j5} specifies
+that 5 threads should be used.
@example
$ make -j5
@end example
-
+@c -----------------------------------------------------------------------
+@node Installation
@section Installation
-The compiled binaries can be installed using @code{make install}. It needs to be run as root (or with sudo) because some binaries need the @code{suid} bit set. Without that some GNUnet subsystems (such as VPN) will not work.
+The compiled binaries can be installed using @code{make install}. It
+needs to be run as root (or with sudo) because some binaries need the
+@code{suid} bit set. Without that some GNUnet subsystems (such as VPN)
+will not work.
@example
$ sudo make install
@end example
-One important library is the GNS plugin for NSS (the name services switch) which allows using GNS (the GNU name system) in the normal DNS resolution process. Unfortunately NSS expects it in a specific location (probably @code{/lib}) which may differ from the installation prefix (see @code{--prefix} option in the previous section). This is why the pugin has to be installed manually.
+One important library is the GNS plugin for NSS (the name services
+switch) which allows using GNS (the GNU name system) in the normal DNS
+resolution process. Unfortunately NSS expects it in a specific
+location (probably @code{/lib}) which may differ from the installation
+prefix (see @code{--prefix} option in the previous section). This is
+why the pugin has to be installed manually.
Find the directory where nss plugins are installed on your system, e.g.
cp ~/gnunet/src/gns/nss/libnss_gns.so.2 /lib
@end example
-Now, to activate the plugin, you need to edit your @code{/etc/nsswitch.conf} where you should find a line like this:
+Now, to activate the plugin, you need to edit your
+@code{/etc/nsswitch.conf} where you should find a line like this:
@example
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
@end example
-The exact details may differ a bit, which is fine. Add the text @code{"gns [NOTFOUND=return]"} after @code{"files"}.
+The exact details may differ a bit, which is fine. Add the text
+@code{"gns [NOTFOUND=return]"} after @code{"files"}.
@example
hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
@end example
-Optionally, if GNS shall be used with a browser, execute the GNS CA-setup script. It will isetup the GNS Certificate Authority with the user's browser.
+Optionally, if GNS shall be used with a browser, execute the GNS
+CA-setup script. It will isetup the GNS Certificate Authority with the
+user's browser.
@example
$ gnunet-gns-proxy-setup-ca
@end example
-Finally install a configuration file in @code{~/.gnunet/gnunet.conf}. Below you find an example config which allows you to start GNUnet.
+Finally install a configuration file in
+@code{~/.gnunet/gnunet.conf}. Below you find an example config which
+allows you to start GNUnet.
@example
[arm]
installation works. However, if it does not, we do not cover
steps for recovery --- for this, please study the instructions
provided in the developer handbook as well as the system-specific
-instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}.
+instruction in the source code repository@footnote{The system specific
+instructions are not provided as part of this handbook!}.
@menu
@subsection Statistics
@c %**end of header
-First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}.
+First, you should launch GNUnet gtk@footnote{Obviously you should also
+start gnunet, via gnunet-arm or the system provided method}.
You can do this from the command-line by typing
@example
gnunet-statistics-gtk
@end example
-If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.}
-is running correctly, you should see a bunch of lines,
-all of which should be ``significantly'' above zero (at least if your
-peer has been running for more than a few seconds). The lines indicate
-how many other peers your peer is connected to (via different
-mechanisms) and how large the entire overlay network is currently
-estimated to be. The X-axis represents time (in seconds since the
-start of @command{gnunet-gtk}).
+If your peer@footnote{The term ``peer'' is a common word used in
+federated and distributed networks to describe a participating device
+which is connected to the network. Thus, your Personal Computer or
+whatever it is you are looking at the Gtk+ interface describes a
+``Peer'' or a ``Node''.} is running correctly, you should see a bunch
+of lines, all of which should be ``significantly'' above zero (at
+least if your peer has been running for more than a few seconds). The
+lines indicate how many other peers your peer is connected to (via
+different mechanisms) and how large the entire overlay network is
+currently estimated to be. The X-axis represents time (in seconds
+since the start of @command{gnunet-gtk}).
You can click on "Traffic" to see information about the amount of
bandwidth your peer has consumed, and on "Storage" to check the amount
@menu
* About this book::
+* Contributing to this book::
* Introduction::
* Project governance::
-* General Terminology::
* Typography::
@end menu
chapter (``Philosophy'') give an introduction to GNUnet as a project,
what GNUnet tries to achieve.
+@node Contributing to this book
+@section Contributing to this book
+
+The GNUnet Reference Manual is a collective work produced by various
+people throughout the years. The version you are reading is derived
+from many individual efforts hosted on our website. This was a failed
+experiment, and with the conversion to Texinfo we hope to address this
+in the longterm. Texinfo is the documentation language of the GNU project.
+While it can be intimidating at first and look scary or complicated,
+it is just another way to express text format instructions. We encourage
+you to take this opportunity and learn about Texinfo, learn about GNUnet,
+and one word at a time we will arrive at a book which explains GNUnet in
+the least complicated way to you. Even when you don't want or can't learn
+Texinfo, you can contribute. Send us an Email or join our IRC chat room
+on freenode and talk with us about the documentation (the prefered way
+to reach out is the mailinglist, since you can communicate with us
+without waiting on someone in the chatroom). One way or another you
+can help shape the understanding of GNUnet without the ability to read
+and understand its sourcecode.
+
@node Introduction
@section Introduction
GNU project, happily agreed to their governance model and became an
official GNU package.
-Within the first year, we created GNU libextractor, a helper library
+Within the first year, we created
+@uref{https://gnu.org/s/libextractor, GNU libextractor}, a helper library
for meta data extraction which has been used by a few other projects
as well. 2003 saw the emergence of pluggable transports, the ability
for GNUnet to use different mechanisms for communication, starting
with TCP, UDP and SMTP (support for the latter was later dropped due
to a lack of maintenance). In 2005, the project first started to
evolve beyond the original file-sharing application with a first
-simple P2P chat. In 2007, we created GNU libmicrohttpd
+simple P2P chat. In 2007, we created
+@uref{https://gnu.org/s/libmicrohttpd, GNU libmicrohttpd}
to support a pluggable transport based on HTTP. In 2009, the
architecture was radically modularized into the multi-process system
-that exists today. Coincidentally, the first version of the ARM
+that exists today. Coincidentally, the first version of the ARM@footnote{ARM: Automatic Restart Manager}
service was implemented a day before systemd was announced. From 2009
to 2014 work progressed rapidly thanks to a significant research grant
from the Deutsche Forschungsgesellschaft. This resulted in particular
in the creation of the R5N DHT, CADET, ATS and the GNU Name System.
-In 2010, GNUnet was selected as the basis for the SecuShare online
-social network, resutling in a significant growth of the core team.
-In 2013, we launched GNU Taler to address the challenge of convenient
-and privacy-preserving online payments. In 2015, the pEp project
+In 2010, GNUnet was selected as the basis for the
+@uref{https://secushare.org, secushare} online
+social network, resulting in a significant growth of the core team.
+In 2013, we launched @uref{https://taler.net, GNU Taler} to address
+the challenge of convenient
+and privacy-preserving online payments. In 2015, the
+@c TODO: Maybe even markup for the E if it renders in most outputs.
+@uref{https://pep.foundation/, pEp}@footnote{pretty easy privacy} project
announced that they will use GNUnet as the technology for their
meta-data protection layer, ultimately resulting in GNUnet e.V.
entering into a formal long-term collaboration with the pEp
are focusing on informational self-determination for collaborative
computing and communication over networks.
-The Internet is shaped as much by code and protocols as by its
-associated political processes (IETF, ICANN, IEEE, etc.), and its
-flaws are similarly not limited to the protocol design. Thus,
+The Internet is shaped as much by code and protocols as it is by its
+associated political processes (IETF, ICANN, IEEE, etc.).
+Similarly its flaws are not limited to the protocol design. Thus,
technical excellence by itself will not suffice to create a better
network. We also need to build a community that is wise, humble and
has a sense of humor to achieve our goal to create a technical
that ultimately, the GNU project appoints the GNU maintainer and can
overrule decisions made by the GNUnet maintainer. Similarly, the
GNUnet maintainer can overrule any decisions made by individual
+@c TODO: Should we mention if this is just about GNUnet? Other projects
+@c TODO: in GNU seem to have rare issues (GCC, the 2018 documentation
+@c TODO: discussion.
developers. Still, in practice neither has happened in the last 20
years, and we hope to keep it that way.
+@c TODO: Actually we are a Swiss association, or just a German association
+@c TODO: with Swiss bylaws/Satzung?
+@c TODO: Rewrite one of the 'GNUnet eV may also' sentences.
The GNUnet project is supported by GNUnet e.V., a German association
-where any developer can become a member. GNUnet e.V. servers as a
+where any developer can become a member. GNUnet e.V. serves as a
legal entity to hold the copyrights to GNUnet. GNUnet e.V. may also
choose to pay for project resources, and can collect donations.
GNUnet e.V. may also choose to adjust the license of the
-software (with the constraint that it has to remain free software).
-
-
-@node General Terminology
-@section General Terminology
+software (with the constraint that it has to remain free software)@footnote{For example in 2018 we switched from GPL3 to AGPL3. In practice these changes do not happen very often.}
-In the following manual we may use words that can not be found in the
-Appendix. Since we want to keep the manual selfcontained, we will
-explain words here.
@node Typography
@section Typography
sufficient. We use a @code{#} for root's shell prompt, a
@code{%} for users' shell prompt, assuming they use the C-shell or tcsh
and a @code{$} for bourne shell and derivatives.
+@c TODO: Really? Why the different prompts? Do we already have c-shell
+@c TODO: examples?
* First steps - Using the GNUnet VPN::
* File-sharing::
* The GNU Name System::
+* re@:claim Identity Provider::
* Using the Virtual Public Network::
@end menu
@example
$ gnunet-arm -e
@end example
+
@node First steps - Using the GNU Name System
@section First steps - Using the GNU Name System
@c %**end of header
time. Still, it is a possible use-case and we welcome help with testing
and development.
-
+@pindex gnunet-bcd
@node Creating a Business Card
@subsection Creating a Business Card
@c FIXME: Which parts of texlive are needed? Some systems offer a modular
If you are using a Debian GNU/Linux based operating system, the
following command should install the required components.
Keep in mind that this @b{requires 3GB} of downloaded data and possibly
-@b{even more} when unpacked.
+@b{even more}@footnote{Author's note:
+@command{guix size `guix build texlive`} in summer 2018 returns a DAG
+size of 5032.4 MiB} when unpacked.
@b{We welcome any help in identifying the required components of the
TexLive Distribution. This way we could just state the required components
without pulling in the full distribution of TexLive.}
Before we get started, we need to tell @code{gnunet-qr} which zone
it should import new records into. For this, run:
+@pindex gnunet-identity
@example
$ gnunet-identity -s namestore -e NAME
@end example
where NAME is the name of the zone you want to import records
into. In our running example, this would be ``gnu''.
+@pindex gnunet-qr
Henceforth, for every business card you collect, simply run:
@example
$ gnunet-qr
resolve your friends names. Suppose your friend's nickname
is "Bob". Then, type
+@pindex gnunet-gns
@example
$ gnunet-gns -u test.bob.gnu
@end example
when published on the P2P network, flags your private key as invalid,
and all further resolutions or other checks involving the key will fail.
+@pindex gnunet-revocation
A revocation certificate is thus a useful tool when things go out of
control, but at the same time it should be stored securely.
Generation of the revocation certificate for a zone can be done through
with the next GNUnet release for even more applications
using this new public key infrastructure.
+@pindex gnunet-conservation-gtk
@node First steps - Using GNUnet Conversation
@section First steps - Using GNUnet Conversation
@c %**end of header
GNS zone that will be used to resolve names of users that you
are calling. Run
+@pindex gnunet-conversation
@example
gnunet-conversation -e zone-name
@end example
@menu
* VPN Preliminaries::
-* Exit configuration::
+* GNUnet-Exit configuration::
* GNS configuration::
* Accessing the service::
* Using a Browser::
hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
@end example
+@c TODO: outdated section, we no longer install this as part of the
+@c TODO: standard installation procedure and should point out the manual
+@c TODO: steps required to make it useful.
@noindent
You might want to make sure that @code{/lib/libnss_gns.so.2} exists on
your system, it should have been created during the installation.
@noindent
to install the NSS plugins in the proper location.
-@node Exit configuration
-@subsection Exit configuration
+@node GNUnet-Exit configuration
+@subsection GNUnet-Exit configuration
@c %**end of header
Stop your peer (as user @code{gnunet}, run @command{gnunet-arm -e}) and
file-sharing is used. If either user specifies some desired degree
of anonymity, anonymous file-sharing will be used.
-After a short introduction, we will first look at the various concepts in
-GNUnet's file-sharing implementation. Then, we will discuss specifics as to how
-they impact users that publish, search or download files.
+After a short introduction, we will first look at the various concepts
+in GNUnet's file-sharing implementation. Then, we will discuss
+specifics as to how they impact users that publish, search or download
+files.
@menu
* fs-Downloading::
* fs-Publishing::
* fs-Concepts::
-* fs-Directories::
* Namespace Management::
* File-Sharing URIs::
* GTK User Interface::
@end example
@noindent
-The -t option specifies that the query should timeout after
-approximately TIMEOUT seconds. A value of zero is interpreted
-as @emph{no timeout}, which is also the default. In this case,
-gnunet-search will never terminate (unless you press CTRL-C).
+The @command{-t} option specifies that the query should timeout after
+approximately TIMEOUT seconds. A value of zero (``0'') is interpreted
+as @emph{no timeout}, which is the default. In this case,
+@command{gnunet-search} will never terminate (unless you press
+@command{CTRL-C}).
If multiple words are passed as keywords, they will all be
considered optional. Prefix keywords with a "+" to make them mandatory.
"Das" or "Kapital" whereas the second will match files
shared under the keyword "Das Kapital".
-Search results are printed by gnunet-search like this:
+Search results are printed by @command{gnunet-search} like this:
@c it will be better the avoid the ellipsis altogether because I don't
@c understand the explanation below that
+@c ng0: who is ``I'' and what was the complete sentence?
@example
#15:
gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
@noindent
The whole line is the command you would have to enter to download
-the file. The argument passed to @code{-o} is the suggested
+the file. The first argument passed to @code{-o} is the suggested
filename (you may change it to whatever you like).
-It is followed by the key for decrypting the file, the query for searching the
-file, a checksum (in hexadecimal) finally the size of the file in bytes.
+It is followed by the key for decrypting the file, the query for
+searching the file, a checksum (in hexadecimal) finally the size of
+the file in bytes.
@node fs-Downloading
@subsection Downloading
GNUnet's file-encoding mechanism will ensure file integrity, even if the
existing file was not downloaded from GNUnet in the first place.
-You may want to use the @command{-V} switch to turn on verbose reporting. In
-this case, @command{gnunet-download} will print the current number of bytes
-downloaded whenever new data was received.
+You may want to use the @command{-V} switch to turn on verbose
+reporting. In this case, @command{gnunet-download} will print the
+current number of bytes downloaded whenever new data was received.
@node fs-Publishing
@subsection Publishing
The option @code{-k} is used to specify keywords for the file that
should be inserted. You can supply any number of keywords,
and each of the keywords will be sufficient to locate and
-retrieve the file. Please note that you must use the @code{-k} option
+retrieve the file. Please note that you must use the @code{-k} option
more than once -- one for each expression you use as a keyword for
the filename.
meta-data argument if the value contains spaces. The meta-data
is displayed to other users when they select which files to
download. The meta-data and the keywords are optional and
-maybe inferred using @code{GNU libextractor}.
+may be inferred using @code{GNU libextractor}.
+
+@command{gnunet-publish} has a few additional options to handle
+namespaces and directories. Refer to the man-page for details:
-gnunet-publish has a few additional options to handle namespaces and
-directories. See the man-page for details.
+@example
+man gnunet-publish
+@end example
@node Indexing vs. Inserting
@subsubsection Indexing vs Inserting
@subsection Concepts
@c %**end of header
-Sharing files in GNUnet is not quite as simple as in traditional
-file sharing systems. For example, it is not sufficient to just
-place files into a specific directory to share them. In addition
-to anonymous routing GNUnet attempts to give users a better experience
-in searching for content. GNUnet uses cryptography to safely break
-content into smaller pieces that can be obtained from different
-sources without allowing participants to corrupt files. GNUnet
-makes it difficult for an adversary to send back bogus search
-results. GNUnet enables content providers to group related content
-and to establish a reputation. Furthermore, GNUnet allows updates
-to certain content to be made available. This section is supposed
-to introduce users to the concepts that are used to achieve these goals.
+For better results with filesharing it is useful to understand the
+following concepts.
+In addition to anonymous routing GNUnet attempts to give users a better
+experience in searching for content. GNUnet uses cryptography to safely
+break content into smaller pieces that can be obtained from different
+sources without allowing participants to corrupt files. GNUnet makes it
+difficult for an adversary to send back bogus search results. GNUnet
+enables content providers to group related content and to establish a
+reputation. Furthermore, GNUnet allows updates to certain content to be
+made available. This section is supposed to introduce users to the
+concepts that are used to achieve these goals.
@menu
@c %**end of header
A file in GNUnet is just a sequence of bytes. Any file-format is allowed
-and the maximum file size is theoretically 264 bytes, except that it
-would take an impractical amount of time to share such a file.
-GNUnet itself never interprets the contents of shared files, except
-when using GNU libextractor to obtain keywords.
+and the maximum file size is theoretically @math{2^64 - 1} bytes, except
+that it would take an impractical amount of time to share such a file.
+GNUnet itself never interprets the contents of shared files, except when
+using GNU libextractor to obtain keywords.
@node Keywords
@subsubsection Keywords
by the network. Small files (of a few kilobytes) can be inlined in
the directory, so that a separate download becomes unnecessary.
+Directories are shared just like ordinary files. If you download a
+directory with @command{gnunet-download}, you can use
+@command{gnunet-directory} to list its contents. The canonical
+extension for GNUnet directories when stored as files in your
+local file-system is ".gnd". The contents of a directory are URIs and
+meta data.
+The URIs contain all the information required by
+@command{gnunet-download} to retrieve the file. The meta data
+typically includes the mime-type, description, a filename and
+other meta information, and possibly even the full original file
+(if it was small).
+
@node Pseudonyms
@subsubsection Pseudonyms
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
Pseudonyms in GNUnet are essentially public-private (RSA) key pairs
that allow a GNUnet user to maintain an identity (which may or may not
be detached from their real-life identity). GNUnet's pseudonyms are not
@subsubsection Namespaces
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
A namespace is a set of files that were signed by the same pseudonym.
Files (or directories) that have been signed and placed into a namespace
can be updated. Updates are identified as authentic if the same secret
@subsubsection Advertisements
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
Advertisements are used to notify other users about the existence of a
namespace. Advertisements are propagated using the normal keyword search.
When an advertisement is received (in response to a search), the namespace
is added to the list of namespaces available in the namespace-search
-dialogs of gnunet-fs-gtk and printed by gnunet-pseudonym. Whenever a
+dialogs of gnunet-fs-gtk and printed by @code{gnunet-identity}. Whenever a
namespace is created, an appropriate advertisement can be generated.
The default keyword for the advertising of namespaces is "namespace".
that you control) and namespaces. If you create a pseudonym, you will
not automatically see the respective namespace. You first have to create
an advertisement for the namespace and find it using keyword
-search --- even for your own namespaces. The @command{gnunet-pseudonym}
+search --- even for your own namespaces. The @command{gnunet-identity}
tool is currently responsible for both managing pseudonyms and namespaces.
This will likely change in the future to reduce the potential for
confusion.
selection is simply random.
-@node fs-Directories
-@subsection Directories
-@c %**end of header
-
-Directories are shared just like ordinary files. If you download a
-directory with @command{gnunet-download}, you can use
-@command{gnunet-directory} to list its contents. The canonical
-extension for GNUnet directories when stored as files in your
-local file-system is ".gnd". The contents of a directory are URIs and
-meta data.
-The URIs contain all the information required by
-@command{gnunet-download} to retrieve the file. The meta data
-typically includes the mime-type, description, a filename and
-other meta information, and possibly even the full original file
-(if it was small).
-
@node Namespace Management
@subsection Namespace Management
@c %**end of header
@b{Please note that the text in this subsection is outdated and needs}
@b{to be rewritten for version 0.10!}
-The gnunet-pseudonym tool can be used to create pseudonyms and
-to advertise namespaces. By default, gnunet-pseudonym simply
+The @code{gnunet-identity} tool can be used to create pseudonyms and
+to advertise namespaces. By default, @code{gnunet-identity -D} simply
lists all locally available pseudonyms.
@subsubsection Creating Pseudonyms
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
With the @command{-C NICK} option it can also be used to
create a new pseudonym. A pseudonym is the virtual identity
of the entity in control of a namespace. Anyone can create
@subsubsection Deleting Pseudonyms
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
With the @command{-D NICK} option pseudonyms can be deleted.
Once the pseudonym has been deleted it is impossible to add
content to the corresponding namespace. Deleting the
@subsubsection Advertising namespaces
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
Each namespace is associated with meta-data that describes
the namespace. This meta-data is provided by the user at
the time that the namespace is advertised. Advertisements
@subsubsection Namespace names
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
While the namespace is uniquely identified by its ID, another way
to refer to the namespace is to use the NICKNAME.
The NICKNAME can be freely chosen by the creator of the namespace and
@subsubsection Namespace root
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
An item of particular interest in the namespace advertisement is
the ROOT. The ROOT is the identifier of a designated entry in the
namespace. The idea is that the ROOT can be used to advertise an
@subsubsection Namespace content (sks)
@c %**end of header
+@b{Please note that the text in this subsection is outdated and needs}
+@b{to be rewritten for version 0.10!}
+@b{This especially concerns the terminology of Pseudonym/Ego/Identity.}
+
Namespaces are sets of files that have been approved by some (usually
pseudonymous) user --- typically by that user publishing all of the
files together. A file can be in many namespaces. A file is in a
Henceforth, on your system you control the TLD ``myzone''.
-All of your zones can be listed using the @command{gnunet-identity}
-command line tool as well:
+All of your zones can be listed (displayed) using the
+@command{gnunet-identity} command line tool as well:
@example
$ gnunet-identity -d
@subsection Using Public Keys as Top Level Domains
-GNS also assumes responsibility for any name that uses in a well-formed
-public key for the TLD. Names ending this way are then resolved by querying
-the respective zone. Such public key TLDs are expected to be used under rare
-circumstances where globally unique names are required, and for
-integration with legacy systems.
+GNS also assumes responsibility for any name that uses in a
+well-formed public key for the TLD. Names ending this way are then
+resolved by querying the respective zone. Such public key TLDs are
+expected to be used under rare circumstances where globally unique
+names are required, and for integration with legacy systems.
@node Resource Records in GNS
@subsection Resource Records in GNS
* CNAME::
* GNS2DNS::
* SOA SRV PTR and MX::
+* PLACE::
+* PHONE::
+* ID ATTR::
+* ID TOKEN::
+* ID TOKEN METADATA::
+* CREDENTIAL::
+* POLICY::
+* ATTRIBUTE::
+* ABE KEY::
+* ABE MASTER::
+* RECLAIM OIDC CLIENT::
+* RECLAIM OIDC REDIRECT::
@end menu
@node NICK
@subsubsection NICK
-A NICK record is used to give a zone a name. With a NICK record, you can
-essentially specify how you would like to be called. GNS expects this
-record under the empty label ``@@'' in the zone's database (NAMESTORE); however,
-it will then automatically be copied into each record set, so that
-clients never need to do a separate lookup to discover the NICK record.
-Also, users do not usually have to worry about setting the NICK record:
-it is automatically set to the local name of the TLD.
+A NICK record is used to give a zone a name. With a NICK record, you
+can essentially specify how you would like to be called. GNS expects
+this record under the empty label ``@@'' in the zone's database
+(NAMESTORE); however, it will then automatically be copied into each
+record set, so that clients never need to do a separate lookup to
+discover the NICK record. Also, users do not usually have to worry
+about setting the NICK record: it is automatically set to the local
+name of the TLD.
@b{Example}@
GNS-enabled mail servers should be configured to accept
e-mails to the ZKEY-zones of all local users.
+@node PLACE
+@subsubsection PLACE
+
+Record type for a social place.
+
+@node PHONE
+@subsubsection PHONE
+
+Record type for a phone (of CONVERSATION).
+
+@node ID ATTR
+@subsubsection ID ATTR
+
+Record type for identity attributes (of IDENTITY).
+
+@node ID TOKEN
+@subsubsection ID TOKEN
+
+Record type for an identity token (of IDENTITY-TOKEN).
+
+@node ID TOKEN METADATA
+@subsubsection ID TOKEN METADATA
+
+Record type for the private metadata of an identity token (of IDENTITY-TOKEN).
+
+@node CREDENTIAL
+@subsubsection CREDENTIAL
+
+Record type for credential.
+
+@node POLICY
+@subsubsection POLICY
+
+Record type for policies.
+
+@node ATTRIBUTE
+@subsubsection ATTRIBUTE
+
+Record type for reverse lookups.
+
+@node ABE KEY
+@subsubsection ABE KEY
+
+Record type for ABE records.
+
+@node ABE MASTER
+@subsubsection ABE MASTER
+
+Record type for ABE master keys.
+
+@node RECLAIM OIDC CLIENT
+@subsubsection RECLAIM OIDC CLIENT
+
+Record type for reclaim OIDC clients.
+
+@node RECLAIM OIDC REDIRECT
+@subsubsection RECLAIM OIDC REDIRECT
+
+Record type for reclaim OIDC redirect URIs.
+
@node Synchronizing with legacy DNS
@subsection Synchronizing with legacy DNS
option ``DISABLE'' to ``YES'' in section ``[namecache]''.
+@node re@:claim Identity Provider
+@section re@:claim Identity Provider
+
+The re:claim Identity Provider (IdP) is a decentralized IdP service.
+It allows its users to manage and authorize third parties to access their identity attributes such as email or shipping addresses.
+
+It basically mimics the concepts of centralized IdPs, such as those offered by Google or Facebook.
+Like other IdPs, re:claim features an (optional) OpenID-Connect 1.0-compliant protocol layer that can be used for websites to integrate re:claim as an Identity Provider with little effort.
+
+@menu
+* Managing Attributes::
+* Sharing Attributes with Third Parties::
+* Revoking Authorizations of Third Parties::
+* Using the OpenID-Connect IdP::
+@end menu
+
+@node Managing Attributes
+@subsection Managing Attributes
+
+Before adding attributes to an identity, you must first create an ego:
+
+@example
+$ gnunet-identity -C "username"
+@end example
+
+Henceforth, you can manage a new user profile of the user ``username''.
+
+To add an email address to your user profile, simply use the @command{gnunet-reclaim} command line tool::
+
+@example
+$ gnunet-reclaim -e "username" -a "email" -V "username@@example.gnunet"
+@end example
+
+All of your attributes can be listed using the @command{gnunet-reclaim}
+command line tool as well:
+
+@example
+$ gnunet-reclaim -e "username" -D
+@end example
+
+Currently, and by default, attribute values are interpreted as plain text.
+In the future there might be more value types such as X.509 certificate credentials.
+
+@node Sharing Attributes with Third Parties
+@subsection Sharing Attributes with Third Parties
+
+If you want to allow a third party such as a website or friend to access to your attributes (or a subset thereof) execute:
+
+@example
+$ gnunet-reclaim -e "username" -r "PKEY" -i "attribute1,attribute2,..."
+@end example
+
+Where "PKEY" is the public key of the third party and "attribute1,attribute2,..." is a comma-separated list of attribute names, such as "email", that you want to share.
+
+The command will return a "ticket" string.
+You must give this "ticket" to the requesting third party.
+
+The third party can then retrieve your shared identity attributes using:
+
+@example
+$ gnunet-reclaim -e "friend" -C "ticket"
+@end example
+
+This will retrieve and list the shared identity attributes.
+The above command will also work if the user "username" is currently offline since the attributes are retrieved from GNS.
+Further, the "ticket" can be re-used later to retrieve up-to-date attributes in case "username" has changed the value(s). For instance, becasue his email address changed.
+
+To list all given authorizations (tickets) you can execute:
+@example
+$ gnunet-reclaim -e "friend" -T (TODO there is only a REST API for this ATM)
+@end example
+
+
+@node Revoking Authorizations of Third Parties
+@subsection Revoking Authorizations of Third Parties
+
+If you want to revoke the access of a third party to your attributes you can execute:
+
+@example
+$ gnunet-idp -e "username" -R "ticket"
+@end example
+
+This will prevent the third party from accessing the attribute in the future.
+Please note that if the third party has previously accessed the attribute, there is not way in which the system could have prevented the thiry party from storing the data.
+As such, only access to updated data in the future can be revoked.
+This behaviour is _exactly the same_ as with other IdPs.
+
+@node Using the OpenID-Connect IdP
+@subsection Using the OpenID-Connect IdP
+
+TODO: Document setup and REST endpoints
+
@node Using the Virtual Public Network
@section Using the Virtual Public Network
* GNUnet Contributors Handbook:: Contributing to GNUnet
* GNUnet Developer Handbook:: Developing GNUnet
* GNU Free Documentation License:: The license of this manual
-* GNU General Public License:: The license of this manual
+* GNU General Public License::
+* GNU Affero General Public License::
* Concept Index:: Concepts
* Programming Index:: Data types, functions, and variables
Preface
* About this book
+* Contributing to this book
* Introduction
-* General Terminology::
* Typography::
Philosophy
* Revocation::
Installing GNUnet
+* Installing dependencies::
+* Getting the Source Code::
+* Create @code{gnunet} user and group::
+* Preparing and Compiling the Source Code::
+* Installation::
+* MOVED FROM USER Checking the Installation::
+* MOVED FROM USER The graphical configuration interface::
+* MOVED FROM USER Config Leftovers::
Using GNUnet
* Licenses of contributions::
* Copyright Assignment::
* Contributing to the Reference Manual::
+* Contributing testcases::
GNUnet Developer Handbook
@cindex license, GNU General Public License
@include gpl-3.0.texi
+@c *********************************************************************
+@node GNU Affero General Public License
+@appendix GNU Affero General Public License
+@cindex license, GNU Affero General Public License
+@include agpl-3.0.texi
+
@c *********************************************************************
@node Concept Index
@unnumbered Concept Index
@unnumbered Programming Index
@syncodeindex tp fn
@syncodeindex vr fn
+@syncodeindex pg fn
@printindex fn
@bye
gnunet-statistics.1 \
gnunet-testbed-profiler.1 \
gnunet-testing-run-service.1 \
+ gnunet-timeout.1 \
gnunet-transport.1 \
gnunet-transport-certificate-creation.1 \
gnunet-unindex.1 \
.SH RETURN VALUE
gnunet\-gns will return 0 on success, 1 on internal failures, 2 on
-launch failures, 3 if the given name is not configured to use GNS.
+launch failures, 4 if the given name is not configured to use GNS.
.SH BUGS
--- /dev/null
+.TH GNUNET\-TIMOUET 1 "Jun 5, 2018" "GNUnet"
+
+.SH NAME
+gnunet\-timeout \- run process with timeout
+
+.SH SYNOPSIS
+.B gnunet\-timeout
+.RI TIMEOUT PROGRAM ARGS
+.br
+
+.SH DESCRIPTION
+\fBgnunet\-timeout\fP can be used to run another process with a
+timeout. Provided as the standard "timout" utility may not be
+available on all platforms.
+
+.SH BUGS
+Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <gnunet\-developers@gnu.org>
+
+.SH SEE
+timeout(1)
--- /dev/null
+# gnunet-docker
+A Dockerfile (and maybe later docker-compose.yml) for getting a running GNUnet docker container.
+
+> This README and parts of the Dockerfile were adapted from https://github.com/compiaffe/gnunet-docker
+
+
+## Build it
+This will take quite a while and will consume a bit of data.
+
+First you need to go to the root of this repo.
+
+```bash
+cd ..
+```
+
+Now you can build the image.
+
+```bash
+docker build -t gnunet .
+```
+
+## Start it from the newly created gnunet image
+Start a container from `gnunet` image, which can access /dev/net/tun, has access to the host network. We are going to name it `gnunet1`.
+
+Note the `--rm` that will delete the container as soon as you stop it and `-ti` gives you an interactive terminal.
+
+#### Linux Users
+```bash
+docker run \
+ --rm \
+ -ti \
+ --privileged \
+ --name gnunet1 \
+ --net=host \
+ -v /dev/net/tun:/dev/net/tun \
+ gnunet
+```
+
+#### Mac Users
+```bash
+docker run \
+ --rm \
+ -it \
+ --privileged \
+ --name gnunet1 \
+ -e LOCAL_PORT_RANGE='40001 40200' \
+ -e GNUNET_PORT=2086 \
+ -p 2086:2086 \
+ -p 2086:2086/udp \
+ -p40001-40200:40001-40200 \
+ -p40001-40200:40001-40200/udp \
+ gnunet
+```
+
+This terminal will keep on printing to screen at the moment. So go on in a new terminal please.
+
+Don't worry about warnings too much...
+
+## Check if you are connected
+Open a new terminal and connect to the container we just started:
+
+```bash
+docker exec -it gnunet1 gnunet-peerinfo -i
+```
+
+If you get a list of peers, all is good.
+
+## Multiple containers on the same host
+### Running
+#### Run Container 1
+```bash
+export GPORT=2086 LPORT='40001-40200' GNAME=gnunet1
+docker run \
+ --rm \
+ -it \
+ --privileged \
+ -e GNUNET_PORT=$GPORT \
+ -e LOCAL_PORT_RANGE="${LPORT/-/ }" \
+ -p $GPORT:$GPORT \
+ -p $GPORT:$GPORT/udp \
+ -p$LPORT:$LPORT \
+ -p$LPORT:$LPORT/udp \
+ --name $GNAME \
+ gnunet
+```
+
+#### Run Container 2
+```bash
+export GPORT=2087 LPORT='40201-40400' GNAME=gnunet2
+docker run \
+ --rm \
+ -it \
+ --privileged \
+ -e GNUNET_PORT=$GPORT \
+ -e LOCAL_PORT_RANGE="${LPORT/-/ }" \
+ -p $GPORT:$GPORT \
+ -p $GPORT:$GPORT/udp \
+ -p$LPORT:$LPORT \
+ -p$LPORT:$LPORT/udp \
+ --name $GNAME \
+ gnunet
+```
+
+### Testing cadet example
+#### Container 1
+```bash
+$ docker exec -it gnunet1 bash
+$ gnunet-peerinfo -s
+I am peer `VWPN1NZA6YMM866EJ5J2NY47XG692MQ6H6WASVECF0M18A9SCMZ0'.
+$ gnunet-cadet -o asdasd
+```
+
+#### Container 2
+```bash
+$ docker exec -it gnunet2 bash
+$ gnunet-cadet VWPN1NZA6YMM866EJ5J2NY47XG692MQ6H6WASVECF0M18A9SCMZ0 asdasd
+```
+
+### Testing file sharing example
+#### Container 1
+```bash
+$ docker exec -it gnunet1 bash
+$ echo 'test' > test.txt
+$ gnunet-publish test.txt
+Publishing `/test.txt' done.
+URI is `gnunet://fs/chk/1RZ7A8TAQHMF8DWAGTSZ9CSA365T60C4BC6DDS810VM78D2Q0366CRX8DGFA29EWBT9BW5Y9HYD0Z1EAKNFNJQDJ04QQSGTQ352W28R.7MYB03GYXT17Z93ZRZRVV64AH9KPWFSVDEZGVE84YHD63XZFJ36B86M48KHTZVF87SZ05HBVB44PCXE8CVWAH72VN1SKYPRK1QN2C98.5'.
+```
+
+#### Container 2
+```bash
+$ docker exec -it gnunet2 bash
+$ gnunet-download -o out.file "gnunet://fs/chk/1RZ7A8TAQHMF8DWAGTSZ9CSA365T60C4BC6DDS810VM78D2Q0366CRX8DGFA29EWBT9BW5Y9HYD0Z1EAKNFNJQDJ04QQSGTQ352W28R.7MYB03GYXT17Z93ZRZRVV64AH9KPWFSVDEZGVE84YHD63XZFJ36B86M48KHTZVF87SZ05HBVB44PCXE8CVWAH72VN1SKYPRK1QN2C98.5"
+100% [============================================================]
+Downloading `out.file' done (0 b/s).
+$ cat out.file
+test
+```
+
--- /dev/null
+#!/bin/bash -e
+
+echo "${LOCAL_PORT_RANGE:-49152 65535}" > /proc/sys/net/ipv4/ip_local_port_range
+sed -i 's/$GNUNET_PORT/'${GNUNET_PORT:-2086}'/g' /etc/gnunet.conf
+
+if [[ $# -eq 0 ]]; then
+ exec gnunet-arm \
+ --config=/etc/gnunet.conf \
+ --start \
+ --monitor
+elif [[ -z $1 ]] || [[ ${1:0:1} == '-' ]]; then
+ exec gnunet-arm "$@"
+else
+ exec "$@"
+fi
--- /dev/null
+[arm]
+SYSTEM_ONLY = NO
+USER_ONLY = NO
+
+[fs]
+FORCESTART = NO
+
+[nat]
+ENABLE_UPNP = NO
+BEHIND_NAT = YES
+
+[transport-tcp]
+PORT = $GNUNET_PORT
+ADVERTISED_PORT = $GNUNET_PORT
+
+[transport-udp]
+PORT = $GNUNET_PORT
+BROADCAST = YES
+
+[cadet]
+TESTING_IGNORE_KEYS = ACCEPT_FROM;
src/arm/gnunet-arm.c
src/arm/gnunet-service-arm.c
src/arm/mockup-service.c
+src/ats-tests/ats-testing-experiment.c
+src/ats-tests/ats-testing-log.c
+src/ats-tests/ats-testing-preferences.c
+src/ats-tests/ats-testing-traffic.c
+src/ats-tests/ats-testing.c
+src/ats-tests/gnunet-ats-sim.c
+src/ats-tests/gnunet-solver-eval.c
+src/ats-tool/gnunet-ats.c
src/ats/ats_api_connectivity.c
src/ats/ats_api_performance.c
src/ats/ats_api_scanner.c
src/ats/ats_api_scheduling.c
src/ats/gnunet-ats-solver-eval.c
-src/ats/gnunet-service-ats_addresses.c
src/ats/gnunet-service-ats.c
+src/ats/gnunet-service-ats_addresses.c
src/ats/gnunet-service-ats_connectivity.c
src/ats/gnunet-service-ats_normalization.c
src/ats/gnunet-service-ats_performance.c
src/ats/plugin_ats_mlp.c
src/ats/plugin_ats_proportional.c
src/ats/plugin_ats_ril.c
-src/ats-tests/ats-testing.c
-src/ats-tests/ats-testing-experiment.c
-src/ats-tests/ats-testing-log.c
-src/ats-tests/ats-testing-preferences.c
-src/ats-tests/ats-testing-traffic.c
-src/ats-tests/gnunet-ats-sim.c
-src/ats-tests/gnunet-solver-eval.c
-src/ats-tool/gnunet-ats.c
src/auction/gnunet-auction-create.c
src/auction/gnunet-auction-info.c
src/auction/gnunet-auction-join.c
src/cadet/cadet_api.c
src/cadet/cadet_test_lib.c
src/cadet/desirability_table.c
-src/cadet/gnunet-cadet.c
src/cadet/gnunet-cadet-profiler.c
+src/cadet/gnunet-cadet.c
src/cadet/gnunet-service-cadet.c
src/cadet/gnunet-service-cadet_channel.c
src/cadet/gnunet-service-cadet_connection.c
src/consensus/plugin_block_consensus.c
src/conversation/conversation_api.c
src/conversation/conversation_api_call.c
-src/conversation/gnunet-conversation.c
src/conversation/gnunet-conversation-test.c
-src/conversation/gnunet_gst.c
-src/conversation/gnunet_gst_test.c
-src/conversation/gnunet-helper-audio-playback.c
+src/conversation/gnunet-conversation.c
src/conversation/gnunet-helper-audio-playback-gst.c
-src/conversation/gnunet-helper-audio-record.c
+src/conversation/gnunet-helper-audio-playback.c
src/conversation/gnunet-helper-audio-record-gst.c
+src/conversation/gnunet-helper-audio-record.c
src/conversation/gnunet-service-conversation.c
+src/conversation/gnunet_gst.c
+src/conversation/gnunet_gst_test.c
src/conversation/microphone.c
src/conversation/plugin_gnsrecord_conversation.c
src/conversation/speaker.c
src/dht/dht_test_lib.c
src/dht/gnunet-dht-get.c
src/dht/gnunet-dht-monitor.c
-src/dht/gnunet_dht_profiler.c
src/dht/gnunet-dht-put.c
src/dht/gnunet-service-dht.c
src/dht/gnunet-service-dht_clients.c
src/dht/gnunet-service-dht_neighbours.c
src/dht/gnunet-service-dht_nse.c
src/dht/gnunet-service-dht_routing.c
+src/dht/gnunet_dht_profiler.c
src/dht/plugin_block_dht.c
src/dns/dns_api.c
src/dns/gnunet-dns-monitor.c
src/dv/gnunet-service-dv.c
src/dv/plugin_transport_dv.c
src/exit/gnunet-daemon-exit.c
-src/exit/gnunet-helper-exit.c
src/exit/gnunet-helper-exit-windows.c
+src/exit/gnunet-helper-exit.c
src/fragmentation/defragmentation.c
src/fragmentation/fragmentation.c
src/fs/fs_api.c
src/fs/gnunet-daemon-fsprofiler.c
src/fs/gnunet-directory.c
src/fs/gnunet-download.c
-src/fs/gnunet-fs.c
src/fs/gnunet-fs-profiler.c
+src/fs/gnunet-fs.c
src/fs/gnunet-helper-fs-publish.c
src/fs/gnunet-publish.c
src/fs/gnunet-search.c
src/gns/gnunet-bcd.c
src/gns/gnunet-dns2gns.c
src/gns/gnunet-gns-benchmark.c
-src/gns/gnunet-gns.c
src/gns/gnunet-gns-helper-service-w32.c
src/gns/gnunet-gns-import.c
src/gns/gnunet-gns-proxy.c
+src/gns/gnunet-gns.c
src/gns/gnunet-service-gns.c
src/gns/gnunet-service-gns_interceptor.c
src/gns/gnunet-service-gns_resolver.c
src/gns/plugin_block_gns.c
src/gns/plugin_gnsrecord_gns.c
src/gns/plugin_rest_gns.c
+src/gns/w32nsp-install.c
+src/gns/w32nsp-resolve.c
+src/gns/w32nsp-uninstall.c
+src/gns/w32nsp.c
src/gnsrecord/gnsrecord.c
src/gnsrecord/gnsrecord_crypto.c
src/gnsrecord/gnsrecord_misc.c
src/gnsrecord/gnsrecord_serialization.c
src/gnsrecord/plugin_gnsrecord_dns.c
-src/gns/w32nsp.c
-src/gns/w32nsp-install.c
-src/gns/w32nsp-resolve.c
-src/gns/w32nsp-uninstall.c
src/hello/address.c
src/hello/gnunet-hello.c
src/hello/hello.c
src/hostlist/gnunet-daemon-hostlist.c
src/hostlist/gnunet-daemon-hostlist_client.c
src/hostlist/gnunet-daemon-hostlist_server.c
-src/identity-attribute/identity_attribute.c
-src/identity-attribute/plugin_identity_attribute_gnuid.c
src/identity/gnunet-identity.c
src/identity/gnunet-service-identity.c
src/identity/identity_api.c
src/identity/identity_api_lookup.c
src/identity/plugin_rest_identity.c
-src/identity-provider/gnunet-idp.c
-src/identity-provider/gnunet-service-identity-provider.c
-src/identity-provider/identity_provider_api.c
-src/identity-provider/jwt.c
-src/identity-provider/plugin_gnsrecord_identity_provider.c
-src/identity-provider/plugin_identity_provider_sqlite.c
-src/identity-provider/plugin_rest_identity_provider.c
-src/identity-provider/plugin_rest_openid_connect.c
+src/json/json.c
+src/json/json_generator.c
+src/json/json_helper.c
+src/json/json_mhd.c
src/jsonapi/jsonapi.c
src/jsonapi/jsonapi_document.c
src/jsonapi/jsonapi_error.c
src/jsonapi/jsonapi_relationship.c
src/jsonapi/jsonapi_resource.c
-src/json/json.c
-src/json/json_generator.c
-src/json/json_helper.c
-src/json/json_mhd.c
src/multicast/gnunet-multicast.c
src/multicast/gnunet-service-multicast.c
src/multicast/multicast_api.c
src/namecache/plugin_namecache_flat.c
src/namecache/plugin_namecache_postgres.c
src/namecache/plugin_namecache_sqlite.c
-src/namestore/gnunet-namestore.c
src/namestore/gnunet-namestore-fcfsd.c
+src/namestore/gnunet-namestore.c
src/namestore/gnunet-service-namestore.c
src/namestore/gnunet-zoneimport.c
src/namestore/namestore_api.c
src/nat-auto/gnunet-service-nat-auto_legacy.c
src/nat-auto/nat_auto_api.c
src/nat-auto/nat_auto_api_test.c
-src/nat/gnunet-helper-nat-client.c
src/nat/gnunet-helper-nat-client-windows.c
-src/nat/gnunet-helper-nat-server.c
+src/nat/gnunet-helper-nat-client.c
src/nat/gnunet-helper-nat-server-windows.c
+src/nat/gnunet-helper-nat-server.c
src/nat/gnunet-nat.c
src/nat/gnunet-service-nat.c
src/nat/gnunet-service-nat_externalip.c
src/nat/gnunet-service-nat_stun.c
src/nat/nat_api.c
src/nat/nat_api_stun.c
-src/nse/gnunet-nse.c
src/nse/gnunet-nse-profiler.c
+src/nse/gnunet-nse.c
src/nse/gnunet-service-nse.c
src/nse/nse_api.c
+src/peerinfo-tool/gnunet-peerinfo.c
+src/peerinfo-tool/gnunet-peerinfo_plugins.c
src/peerinfo/gnunet-service-peerinfo.c
src/peerinfo/peerinfo_api.c
src/peerinfo/peerinfo_api_notify.c
-src/peerinfo-tool/gnunet-peerinfo.c
-src/peerinfo-tool/gnunet-peerinfo_plugins.c
src/peerstore/gnunet-peerstore.c
src/peerstore/gnunet-service-peerstore.c
src/peerstore/peerstore_api.c
src/psycutil/psyc_message.c
src/psycutil/psyc_slicer.c
src/pt/gnunet-daemon-pt.c
+src/reclaim-attribute/plugin_reclaim_attribute_gnuid.c
+src/reclaim-attribute/reclaim_attribute.c
+src/reclaim/gnunet-reclaim.c
+src/reclaim/gnunet-service-reclaim.c
+src/reclaim/jwt.c
+src/reclaim/plugin_gnsrecord_reclaim.c
+src/reclaim/plugin_reclaim_sqlite.c
+src/reclaim/plugin_rest_openid_connect.c
+src/reclaim/plugin_rest_reclaim.c
+src/reclaim/reclaim_api.c
src/regex/gnunet-daemon-regexprofiler.c
src/regex/gnunet-regex-profiler.c
src/regex/gnunet-regex-simulation-profiler.c
src/revocation/gnunet-service-revocation.c
src/revocation/plugin_block_revocation.c
src/revocation/revocation_api.c
-src/rps/gnunet-rps.c
src/rps/gnunet-rps-profiler.c
+src/rps/gnunet-rps.c
src/rps/gnunet-service-rps.c
src/rps/gnunet-service-rps_custommap.c
src/rps/gnunet-service-rps_sampler.c
src/rps/gnunet-service-rps_sampler_elem.c
src/rps/gnunet-service-rps_view.c
-src/rps/rps_api.c
src/rps/rps-test_util.c
+src/rps/rps_api.c
src/scalarproduct/gnunet-scalarproduct.c
-src/scalarproduct/gnunet-service-scalarproduct_alice.c
-src/scalarproduct/gnunet-service-scalarproduct_bob.c
src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
+src/scalarproduct/gnunet-service-scalarproduct_alice.c
+src/scalarproduct/gnunet-service-scalarproduct_bob.c
src/scalarproduct/scalarproduct_api.c
src/secretsharing/gnunet-secretsharing-profiler.c
src/secretsharing/gnunet-service-secretsharing.c
src/statistics/statistics_api.c
src/template/gnunet-service-template.c
src/template/gnunet-template.c
+src/testbed-logger/gnunet-service-testbed-logger.c
+src/testbed-logger/testbed_logger_api.c
src/testbed/generate-underlay-topology.c
src/testbed/gnunet-daemon-latency-logger.c
src/testbed/gnunet-daemon-testbed-blacklist.c
src/testbed/gnunet-daemon-testbed-underlay.c
src/testbed/gnunet-helper-testbed.c
-src/testbed/gnunet_mpi_test.c
src/testbed/gnunet-service-test-barriers.c
-src/testbed/gnunet-service-testbed_barriers.c
src/testbed/gnunet-service-testbed.c
+src/testbed/gnunet-service-testbed_barriers.c
src/testbed/gnunet-service-testbed_cache.c
src/testbed/gnunet-service-testbed_connectionpool.c
src/testbed/gnunet-service-testbed_cpustatus.c
src/testbed/gnunet-service-testbed_meminfo.c
src/testbed/gnunet-service-testbed_oc.c
src/testbed/gnunet-service-testbed_peers.c
-src/testbed/gnunet_testbed_mpi_spawn.c
src/testbed/gnunet-testbed-profiler.c
-src/testbed-logger/gnunet-service-testbed-logger.c
-src/testbed-logger/testbed_logger_api.c
-src/testbed/testbed_api_barriers.c
+src/testbed/gnunet_mpi_test.c
+src/testbed/gnunet_testbed_mpi_spawn.c
src/testbed/testbed_api.c
+src/testbed/testbed_api_barriers.c
src/testbed/testbed_api_hosts.c
src/testbed/testbed_api_operations.c
src/testbed/testbed_api_peers.c
src/testbed/testbed_api_sd.c
src/testbed/testbed_api_services.c
src/testbed/testbed_api_statistics.c
-src/testbed/testbed_api_testbed.c
src/testbed/testbed_api_test.c
+src/testbed/testbed_api_testbed.c
src/testbed/testbed_api_topology.c
src/testbed/testbed_api_underlay.c
src/testing/gnunet-testing.c
src/topology/friends.c
src/topology/gnunet-daemon-topology.c
src/transport/gnunet-helper-transport-bluetooth.c
-src/transport/gnunet-helper-transport-wlan.c
src/transport/gnunet-helper-transport-wlan-dummy.c
-src/transport/gnunet-service-transport_ats.c
+src/transport/gnunet-helper-transport-wlan.c
src/transport/gnunet-service-transport.c
+src/transport/gnunet-service-transport_ats.c
src/transport/gnunet-service-transport_hello.c
src/transport/gnunet-service-transport_manipulation.c
src/transport/gnunet-service-transport_neighbours.c
src/transport/gnunet-service-transport_plugins.c
src/transport/gnunet-service-transport_validation.c
-src/transport/gnunet-transport.c
src/transport/gnunet-transport-certificate-creation.c
src/transport/gnunet-transport-profiler.c
src/transport/gnunet-transport-wlan-receiver.c
src/transport/gnunet-transport-wlan-sender.c
+src/transport/gnunet-transport.c
src/transport/plugin_transport_http_client.c
src/transport/plugin_transport_http_common.c
src/transport/plugin_transport_http_server.c
src/transport/plugin_transport_smtp.c
src/transport/plugin_transport_tcp.c
src/transport/plugin_transport_template.c
-src/transport/plugin_transport_udp_broadcasting.c
src/transport/plugin_transport_udp.c
+src/transport/plugin_transport_udp_broadcasting.c
src/transport/plugin_transport_unix.c
src/transport/plugin_transport_wlan.c
src/transport/plugin_transport_xt.c
src/transport/tcp_server_legacy.c
src/transport/tcp_server_mst_legacy.c
src/transport/tcp_service_legacy.c
+src/transport/transport-testing-filenames.c
+src/transport/transport-testing-loggers.c
+src/transport/transport-testing-main.c
+src/transport/transport-testing-send.c
+src/transport/transport-testing.c
src/transport/transport_api_address_to_string.c
src/transport/transport_api_blacklist.c
src/transport/transport_api_core.c
src/transport/transport_api_monitor_peers.c
src/transport/transport_api_monitor_plugins.c
src/transport/transport_api_offer_hello.c
-src/transport/transport-testing.c
-src/transport/transport-testing-filenames.c
-src/transport/transport-testing-loggers.c
-src/transport/transport-testing-main.c
-src/transport/transport-testing-send.c
src/util/bandwidth.c
src/util/bio.c
src/util/client.c
src/util/container_bloomfilter.c
src/util/container_heap.c
src/util/container_meta_data.c
-src/util/container_multihashmap32.c
src/util/container_multihashmap.c
+src/util/container_multihashmap32.c
src/util/container_multipeermap.c
src/util/container_multishortmap.c
src/util/crypto_abe.c
src/util/dnsstub.c
src/util/getopt.c
src/util/getopt_helpers.c
-src/util/gnunet-config.c
src/util/gnunet-config-diff.c
+src/util/gnunet-config.c
src/util/gnunet-ecc.c
src/util/gnunet-helper-w32-console.c
src/util/gnunet-resolver.c
src/util/gnunet-scrypt.c
src/util/gnunet-service-resolver.c
+src/util/gnunet-timeout-w32.c
+src/util/gnunet-timeout.c
src/util/gnunet-uri.c
src/util/helper.c
src/util/load.c
src/util/w32cat.c
src/util/win.c
src/util/winproc.c
-src/vpn/gnunet-helper-vpn.c
src/vpn/gnunet-helper-vpn-windows.c
+src/vpn/gnunet-helper-vpn.c
src/vpn/gnunet-service-vpn.c
src/vpn/gnunet-vpn.c
src/vpn/vpn_api.c
-src/zonemaster/gnunet-service-zonemaster.c
src/zonemaster/gnunet-service-zonemaster-monitor.c
+src/zonemaster/gnunet-service-zonemaster.c
src/fs/fs_api.h
src/include/gnunet_common.h
src/include/gnunet_mq_lib.h
social
# dv (FTBFS)
if HAVE_ABE
+if HAVE_JSON
EXP_DIR += \
abe \
credential \
- identity-attribute \
- identity-provider
+ reclaim-attribute \
+ reclaim
+endif
endif
if HAVE_JSON
EXP_DIR += \
cfg = GNUNET_CONFIGURATION_create ();
if (GNUNET_OK != GNUNET_CONFIGURATION_parse (cfg,
"test_arm_api_data.conf"))
+ {
+ GNUNET_CONFIGURATION_destroy (cfg);
return GNUNET_SYSERR;
+ }
if (NULL == getcwd (pwd, PATH_MAX))
return GNUNET_SYSERR;
GNUNET_assert (0 < GNUNET_asprintf (&binary,
ACCEPT_FROM = 127.0.0.1;
ACCEPT_FROM6 = ::1;
UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-cadet.sock
-UNIX_MATCH_UID = YES
+UNIX_MATCH_UID = NO
UNIX_MATCH_GID = YES
h);
GNUNET_MQ_destroy (h->mq);
h->mq = NULL;
+ GNUNET_assert (NULL == h->reconnect_task);
h->reconnect_task = GNUNET_SCHEDULER_add_delayed (h->reconnect_time,
&reconnect_cbk,
h);
void
GNUNET_CADET_close_port (struct GNUNET_CADET_Port *p)
{
- struct GNUNET_CADET_PortMessage *msg;
- struct GNUNET_MQ_Envelope *env;
-
GNUNET_assert (GNUNET_YES ==
GNUNET_CONTAINER_multihashmap_remove (p->cadet->ports,
&p->id,
p));
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_CADET_LOCAL_PORT_CLOSE);
- msg->port = p->id;
- GNUNET_MQ_send (p->cadet->mq,
- env);
+ if (NULL != p->cadet->mq)
+ {
+ struct GNUNET_CADET_PortMessage *msg;
+ struct GNUNET_MQ_Envelope *env;
+
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_CADET_LOCAL_PORT_CLOSE);
+ msg->port = p->id;
+ GNUNET_MQ_send (p->cadet->mq,
+ env);
+ }
GNUNET_free_non_null (p->handlers);
GNUNET_free (p);
}
}
}
-void *
+void
mq_cb(void *cls)
{
listen_stdio ();
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
unsigned long long delta;
delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+ if (0 == delta)
+ delta = 1;
FPRINTF (stderr,
"\nThroughput was %llu kb/s\n",
total_bytes * 1000000LL / 1024 / delta);
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
running = GNUNET_NO;
delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
-
+ if (0 == delta)
+ delta = 1;
throughput_out = total_bytes_sent * 1000000LL / delta; /* convert to bytes/s */
throughput_in = total_bytes_recv * 1000000LL / delta; /* convert to bytes/s */
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
" value BLOB NOT NULL,"
" path BLOB DEFAULT '')");
SQLITE3_EXEC (dbh, "CREATE INDEX idx_hashidx ON ds091 (key,type,expire)");
- SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire ON ds091 (prox,expire)");
+ SQLITE3_EXEC (dbh, "CREATE INDEX idx_prox_expire ON ds091 (prox,expire)");
+ SQLITE3_EXEC (dbh, "CREATE INDEX idx_expire_only ON ds091 (expire)");
plugin = GNUNET_new (struct Plugin);
plugin->env = env;
plugin->dbh = dbh;
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
handle),
GNUNET_MQ_handler_end ()
};
- struct GNUNET_GNS_LookupRequest *lh;
GNUNET_assert (NULL == handle->mq);
LOG (GNUNET_ERROR_TYPE_DEBUG,
handle);
if (NULL == handle->mq)
return;
- for (lh = handle->lookup_head; NULL != lh; lh = lh->next)
+ for (struct GNUNET_GNS_LookupRequest *lh = handle->lookup_head;
+ NULL != lh;
+ lh = lh->next)
GNUNET_MQ_send_copy (handle->mq,
lh->env);
}
}
request->packet = GNUNET_DNSPARSER_parse ((char*)dns,
r);
+ GNUNET_DNSSTUB_resolve_cancel (request->dns_lookup);
send_response (request);
}
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Global return value.
* 0 on success (default),
- * 1 on internal failures, 2 on launch failure,
- * 3 if the name is not a GNS-supported TLD,
+ * 1 on internal failures
+ * 2 on launch failure,
+ * 4 if the name is not a GNS-supported TLD,
*/
static int global_ret;
lr = NULL;
if (GNUNET_NO == was_gns)
{
- global_ret = 3;
+ global_ret = 4; /* not for GNS */
GNUNET_SCHEDULER_shutdown ();
return;
}
global_ret = 2;
return;
}
-
GNUNET_SCHEDULER_add_shutdown (&do_shutdown,
NULL);
* @return a nss_status code
*/
enum nss_status
-_nss_gns_gethostbyname2_r(
- const char *name,
- int af,
- struct hostent * result,
- char *buffer,
- size_t buflen,
- int *errnop,
- int *h_errnop) {
-
- struct userdata u;
- enum nss_status status = NSS_STATUS_UNAVAIL;
- int i;
- size_t address_length, l, idx, astart;
-
- if (af == AF_UNSPEC)
+_nss_gns_gethostbyname2_r(const char *name,
+ int af,
+ struct hostent *result,
+ char *buffer,
+ size_t buflen,
+ int *errnop,
+ int *h_errnop)
+{
+ struct userdata u;
+ enum nss_status status = NSS_STATUS_UNAVAIL;
+ int i;
+ size_t address_length;
+ size_t l;
+ size_t idx;
+ size_t astart;
+
+ if (af == AF_UNSPEC)
#ifdef NSS_IPV6_ONLY
- af = AF_INET6;
+ af = AF_INET6;
#else
- af = AF_INET;
+ af = AF_INET;
#endif
#ifdef NSS_IPV4_ONLY
- if (af != AF_INET)
+ if (af != AF_INET)
#elif NSS_IPV6_ONLY
- if (af != AF_INET6)
+ if (af != AF_INET6)
#else
- if (af != AF_INET && af != AF_INET6)
+ if ( (af != AF_INET) &&
+ (af != AF_INET6) )
#endif
- {
- *errnop = EINVAL;
- *h_errnop = NO_RECOVERY;
-
- goto finish;
- }
-
- address_length = af == AF_INET ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t);
- if (buflen <
- sizeof(char*)+ /* alias names */
- strlen(name)+1) { /* official name */
-
- *errnop = ERANGE;
- *h_errnop = NO_RECOVERY;
- status = NSS_STATUS_TRYAGAIN;
-
- goto finish;
- }
-
- u.count = 0;
- u.data_len = 0;
-
- i = gns_resolve_name(af, name, &u);
- if (-3 == i)
- {
- status = NSS_STATUS_NOTFOUND;
- goto finish;
- }
- if (-2 == i)
- {
- status = NSS_STATUS_UNAVAIL;
- goto finish;
- }
- if ( (-1 == i) ||
- (u.count == 0) )
- {
- *errnop = ETIMEDOUT;
- *h_errnop = HOST_NOT_FOUND;
- status = NSS_STATUS_NOTFOUND;
- goto finish;
- }
-
-
- /* Alias names */
- *((char**) buffer) = NULL;
- result->h_aliases = (char**) buffer;
- idx = sizeof(char*);
-
- /* Official name */
- strcpy(buffer+idx, name);
- result->h_name = buffer+idx;
- idx += strlen(name)+1;
-
- ALIGN(idx);
-
- result->h_addrtype = af;
- result->h_length = address_length;
-
- /* Check if there's enough space for the addresses */
- if (buflen < idx+u.data_len+sizeof(char*)*(u.count+1)) {
- *errnop = ERANGE;
- *h_errnop = NO_RECOVERY;
- status = NSS_STATUS_TRYAGAIN;
- goto finish;
- }
+ {
+ *errnop = EINVAL;
+ *h_errnop = NO_RECOVERY;
+
+ goto finish;
+ }
+ address_length = (af == AF_INET) ? sizeof(ipv4_address_t) : sizeof(ipv6_address_t);
+ if (buflen <
+ sizeof(char*)+ /* alias names */
+ strlen(name)+1)
+ { /* official name */
+ *errnop = ERANGE;
+ *h_errnop = NO_RECOVERY;
+ status = NSS_STATUS_TRYAGAIN;
+
+ goto finish;
+ }
+ u.count = 0;
+ u.data_len = 0;
+ i = gns_resolve_name (af,
+ name,
+ &u);
+ if (-3 == i)
+ {
+ status = NSS_STATUS_NOTFOUND;
+ goto finish;
+ }
+ if (-2 == i)
+ {
+ status = NSS_STATUS_UNAVAIL;
+ goto finish;
+ }
+ if ( (-1 == i) ||
+ (u.count == 0) )
+ {
+ *errnop = ETIMEDOUT;
+ *h_errnop = HOST_NOT_FOUND;
+ status = NSS_STATUS_NOTFOUND;
+ goto finish;
+ }
+ /* Alias names */
+ *((char**) buffer) = NULL;
+ result->h_aliases = (char**) buffer;
+ idx = sizeof(char*);
+
+ /* Official name */
+ strcpy (buffer+idx,
+ name);
+ result->h_name = buffer+idx;
+ idx += strlen (name)+1;
+
+ ALIGN(idx);
+
+ result->h_addrtype = af;
+ result->h_length = address_length;
+
+ /* Check if there's enough space for the addresses */
+ if (buflen < idx+u.data_len+sizeof(char*)*(u.count+1))
+ {
+ *errnop = ERANGE;
+ *h_errnop = NO_RECOVERY;
+ status = NSS_STATUS_TRYAGAIN;
+ goto finish;
+ }
/* Addresses */
- astart = idx;
- l = u.count*address_length;
- if (0 != l)
- memcpy(buffer+astart, &u.data, l);
- /* address_length is a multiple of 32bits, so idx is still aligned
- * correctly */
- idx += l;
-
- /* Address array address_length is always a multiple of 32bits */
- for (i = 0; i < u.count; i++)
- ((char**) (buffer+idx))[i] = buffer+astart+address_length*i;
- ((char**) (buffer+idx))[i] = NULL;
- result->h_addr_list = (char**) (buffer+idx);
-
- status = NSS_STATUS_SUCCESS;
+ astart = idx;
+ l = u.count*address_length;
+ if (0 != l)
+ memcpy (buffer+astart,
+ &u.data,
+ l);
+ /* address_length is a multiple of 32bits, so idx is still aligned
+ * correctly */
+ idx += l;
+
+ /* Address array address_length is always a multiple of 32bits */
+ for (i = 0; i < u.count; i++)
+ ((char**) (buffer+idx))[i] = buffer+astart+address_length*i;
+ ((char**) (buffer+idx))[i] = NULL;
+ result->h_addr_list = (char**) (buffer+idx);
+
+ status = NSS_STATUS_SUCCESS;
finish:
- return status;
+ return status;
}
+
/**
* The gethostbyname hook executed by nsswitch
*
* @param result the result hostent
* @param buffer the result buffer
* @param buflen length of the buffer
- * @param errnop idk
+ * @param errnop[out] the low-level error code to return to the application
* @param h_errnop idk
* @return a nss_status code
*/
enum nss_status
-_nss_gns_gethostbyname_r (
- const char *name,
- struct hostent *result,
- char *buffer,
- size_t buflen,
- int *errnop,
- int *h_errnop) {
-
- return _nss_gns_gethostbyname2_r(
- name,
- AF_UNSPEC,
- result,
- buffer,
- buflen,
- errnop,
- h_errnop);
+_nss_gns_gethostbyname_r (const char *name,
+ struct hostent *result,
+ char *buffer,
+ size_t buflen,
+ int *errnop,
+ int *h_errnop)
+{
+ return _nss_gns_gethostbyname2_r (name,
+ AF_UNSPEC,
+ result,
+ buffer,
+ buflen,
+ errnop,
+ h_errnop);
}
+
/**
* The gethostbyaddr hook executed by nsswitch
* We can't do this so we always return NSS_STATUS_UNAVAIL
* @param result the result hostent
* @param buffer the result buffer
* @param buflen length of the buffer
- * @param errnop idk
+ * @param errnop[out] the low-level error code to return to the application
* @param h_errnop idk
* @return NSS_STATUS_UNAVAIL
*/
enum nss_status
-_nss_gns_gethostbyaddr_r(
- const void* addr,
- int len,
- int af,
- struct hostent *result,
- char *buffer,
- size_t buflen,
- int *errnop,
- int *h_errnop) {
-
- *errnop = EINVAL;
- *h_errnop = NO_RECOVERY;
- //NOTE we allow to leak this into DNS so no NOTFOUND
- return NSS_STATUS_UNAVAIL;
+_nss_gns_gethostbyaddr_r (const void* addr,
+ int len,
+ int af,
+ struct hostent *result,
+ char *buffer,
+ size_t buflen,
+ int *errnop,
+ int *h_errnop)
+{
+ *errnop = EINVAL;
+ *h_errnop = NO_RECOVERY;
+ //NOTE we allow to leak this into DNS so no NOTFOUND
+ return NSS_STATUS_UNAVAIL;
}
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
{
if (-1 == asprintf (&cmd,
"%s -t AAAA -u %s\n",
- "gnunet-gns -r", name))
+ "gnunet-gns -r",
+ name))
return -1;
}
else
{
if (-1 == asprintf (&cmd,
"%s %s\n",
- "gnunet-gns -r -u", name))
+ "gnunet-gns -r -u",
+ name))
return -1;
}
if (NULL == (p = popen (cmd, "r")))
free (cmd);
return -1;
}
- while (NULL != fgets (line, sizeof(line), p))
+ while (NULL != fgets (line,
+ sizeof(line),
+ p))
{
if (u->count >= MAX_ENTRIES)
break;
line[strlen(line)-1] = '\0';
if (AF_INET == af)
{
- if (inet_pton(af, line, &(u->data.ipv4[u->count])))
+ if (inet_pton(af,
+ line,
+ &u->data.ipv4[u->count]))
{
u->count++;
u->data_len += sizeof(ipv4_address_t);
}
else if (AF_INET6 == af)
{
- if (inet_pton(af, line, &(u->data.ipv6[u->count])))
+ if (inet_pton(af,
+ line,
+ &u->data.ipv6[u->count]))
{
u->count++;
u->data_len += sizeof(ipv6_address_t);
if (4 == ret)
return -2; /* not for GNS */
if (3 == ret)
- return -3; /* timeout */
+ return -3; /* timeout -> not found */
+ if ( (2 == ret) || (1 == ret) )
+ return -2; /* launch failure -> service unavailable */
return 0;
}
+
/* end of nss_gns_query.c */
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* Maximum number of entries to return */
#define MAX_ENTRIES 16
-typedef struct {
- uint32_t address;
+typedef struct
+{
+ uint32_t address;
} ipv4_address_t;
-typedef struct {
- uint8_t address[16];
+
+typedef struct
+{
+ uint8_t address[16];
} ipv6_address_t;
-struct userdata {
+struct userdata
+{
int count;
int data_len; /* only valid when doing reverse lookup */
union {
- ipv4_address_t ipv4[MAX_ENTRIES];
- ipv6_address_t ipv6[MAX_ENTRIES];
- char *name[MAX_ENTRIES];
+ ipv4_address_t ipv4[MAX_ENTRIES];
+ ipv6_address_t ipv6[MAX_ENTRIES];
+ char *name[MAX_ENTRIES];
} data;
};
+
/**
* Wrapper function that uses gnunet-gns cli tool to resolve
* an IPv4/6 address.
* @param u the userdata (result struct)
* @return -1 on error else 0
*/
-int gns_resolve_name(int af,
- const char *name,
- struct userdata *userdata);
+int
+gns_resolve_name(int af,
+ const char *name,
+ struct userdata *userdata);
#endif
return record_obj;
}
+
+static void
+do_cleanup (void *cls)
+{
+ struct LookupHandle *handle = cls;
+ cleanup_handle (handle);
+}
+
+
/**
* Function called with the result of a GNS lookup.
*
resp = GNUNET_REST_create_response (result);
handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
GNUNET_free (result);
- cleanup_handle (handle);
+ GNUNET_SCHEDULER_add_now (&do_cleanup, handle);
}
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
}
cert_size = GNUNET_STRINGS_base64_decode (certp,
strlen (certp),
- &cert_data);
+ (void **) &cert_data);
GNUNET_free (sdup);
cert.cert_type = type;
cert.cert_tag = key;
+++ /dev/null
-# This Makefile.am is in the public domain
-AM_CPPFLAGS = -I$(top_srcdir)/src/include
-
-plugindir = $(libdir)/gnunet
-
-pkgcfgdir= $(pkgdatadir)/config.d/
-
-libexecdir= $(pkglibdir)/libexec/
-
-if MINGW
- WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
-endif
-
-if USE_COVERAGE
- AM_CFLAGS = --coverage -O0
- XLIBS = -lgcov
-endif
-
-lib_LTLIBRARIES = \
- libgnunetidentityattribute.la
-
-libgnunetidentityattribute_la_SOURCES = \
- identity_attribute.c
-libgnunetidentityattribute_la_LIBADD = \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(GN_LIBINTL)
-libgnunetidentityattribute_la_LDFLAGS = \
- $(GN_LIB_LDFLAGS) $(WINFLAGS) \
- -version-info 0:0:0
-
-
-plugin_LTLIBRARIES = \
- libgnunet_plugin_identity_attribute_gnuid.la
-
-
-libgnunet_plugin_identity_attribute_gnuid_la_SOURCES = \
- plugin_identity_attribute_gnuid.c
-libgnunet_plugin_identity_attribute_gnuid_la_LIBADD = \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(LTLIBINTL)
-libgnunet_plugin_identity_attribute_gnuid_la_LDFLAGS = \
- $(GN_PLUGIN_LDFLAGS)
-
-
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2010-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * @file identity-attribute/identity_attribute.c
- * @brief helper library to manage identity attributes
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "identity_attribute.h"
-#include "gnunet_identity_attribute_plugin.h"
-
-/**
- * Handle for a plugin
- */
-struct Plugin
-{
- /**
- * Name of the plugin
- */
- char *library_name;
-
- /**
- * Plugin API
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
-};
-
-/**
- * Plugins
- */
-static struct Plugin **attr_plugins;
-
-/**
- * Number of plugins
- */
-static unsigned int num_plugins;
-
-/**
- * Init canary
- */
-static int initialized;
-
-/**
- * Add a plugin
- */
-static void
-add_plugin (void* cls,
- const char *library_name,
- void *lib_ret)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = lib_ret;
- struct Plugin *plugin;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Loading attribute plugin `%s'\n",
- library_name);
- plugin = GNUNET_new (struct Plugin);
- plugin->api = api;
- plugin->library_name = GNUNET_strdup (library_name);
- GNUNET_array_append (attr_plugins, num_plugins, plugin);
-}
-
-/**
- * Load plugins
- */
-static void
-init()
-{
- if (GNUNET_YES == initialized)
- return;
- initialized = GNUNET_YES;
- GNUNET_PLUGIN_load_all ("libgnunet_plugin_identity_attribute_", NULL,
- &add_plugin, NULL);
-}
-
-/**
- * Convert a type name to the corresponding number
- *
- * @param typename name to convert
- * @return corresponding number, UINT32_MAX on error
- */
-uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename)
-{
- unsigned int i;
- struct Plugin *plugin;
- uint32_t ret;
-
- init ();
- for (i = 0; i < num_plugins; i++)
- {
- plugin = attr_plugins[i];
- if (UINT32_MAX != (ret = plugin->api->typename_to_number (plugin->api->cls,
- typename)))
- return ret;
- }
- return UINT32_MAX;
-}
-
-/**
- * Convert a type number to the corresponding type string
- *
- * @param type number of a type
- * @return corresponding typestring, NULL on error
- */
-const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type)
-{
- unsigned int i;
- struct Plugin *plugin;
- const char *ret;
-
- init ();
- for (i = 0; i < num_plugins; i++)
- {
- plugin = attr_plugins[i];
- if (NULL != (ret = plugin->api->number_to_typename (plugin->api->cls,
- type)))
- return ret;
- }
- return NULL;
-}
-
-/**
- * Convert human-readable version of a 'claim' of an attribute to the binary
- * representation
- *
- * @param type type of the claim
- * @param s human-readable string
- * @param data set to value in binary encoding (will be allocated)
- * @param data_size set to number of bytes in @a data
- * @return #GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
- const char *s,
- void **data,
- size_t *data_size)
-{
- unsigned int i;
- struct Plugin *plugin;
-
- init ();
- for (i = 0; i < num_plugins; i++)
- {
- plugin = attr_plugins[i];
- if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls,
- type,
- s,
- data,
- data_size))
- return GNUNET_OK;
- }
- return GNUNET_SYSERR;
-}
-
-/**
- * Convert the 'claim' of an attribute to a string
- *
- * @param type the type of attribute
- * @param data claim in binary encoding
- * @param data_size number of bytes in @a data
- * @return NULL on error, otherwise human-readable representation of the claim
- */
-char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
- const void* data,
- size_t data_size)
-{
- unsigned int i;
- struct Plugin *plugin;
- char *ret;
-
- init();
- for (i = 0; i < num_plugins; i++)
- {
- plugin = attr_plugins[i];
- if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls,
- type,
- data,
- data_size)))
- return ret;
- }
- return NULL;
-}
-
-/**
- * Create a new attribute.
- *
- * @param attr_name the attribute name
- * @param type the attribute type
- * @param data the attribute value
- * @param data_size the attribute value size
- * @return the new attribute
- */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
- uint32_t type,
- const void* data,
- size_t data_size)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
- char *write_ptr;
-
- attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim) +
- strlen (attr_name) + 1 +
- data_size);
- attr->type = type;
- attr->data_size = data_size;
- attr->version = 0;
- write_ptr = (char*)&attr[1];
- GNUNET_memcpy (write_ptr,
- attr_name,
- strlen (attr_name) + 1);
- attr->name = write_ptr;
- write_ptr += strlen (attr->name) + 1;
- GNUNET_memcpy (write_ptr,
- data,
- data_size);
- attr->data = write_ptr;
- return attr;
-}
-
-/**
- * Add a new claim list entry.
- *
- * @param claim_list the attribute name
- * @param attr_name the attribute name
- * @param type the attribute type
- * @param data the attribute value
- * @param data_size the attribute value size
- * @return
- */
-void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *claim_list,
- const char* attr_name,
- uint32_t type,
- const void* data,
- size_t data_size)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
- le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
- type,
- data,
- data_size);
- GNUNET_CONTAINER_DLL_insert (claim_list->list_head,
- claim_list->list_tail,
- le);
-}
-
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- size_t len = 0;
- for (le = attrs->list_head; NULL != le; le = le->next)
- len += GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
- return len;
-}
-
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- char *result)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- size_t len;
- size_t total_len;
- char* write_ptr;
-
- write_ptr = result;
- total_len = 0;
- for (le = attrs->list_head; NULL != le; le = le->next)
- {
- len = GNUNET_IDENTITY_ATTRIBUTE_serialize (le->claim,
- write_ptr);
- total_len += len;
- write_ptr += len;
- }
- return total_len;
-}
-
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
- size_t data_size)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- size_t attr_len;
- const char* read_ptr;
-
- if (data_size < sizeof (struct Attribute))
- return NULL;
-
- attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- read_ptr = data;
- while (((data + data_size) - read_ptr) >= sizeof (struct Attribute))
- {
-
- le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
- le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (read_ptr,
- data_size - (read_ptr - data));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Deserialized attribute %s\n", le->claim->name);
- GNUNET_CONTAINER_DLL_insert (attrs->list_head,
- attrs->list_tail,
- le);
- attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (le->claim);
- read_ptr += attr_len;
- }
- return attrs;
-}
-
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *result_le;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *result;
-
- result = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- for (le = attrs->list_head; NULL != le; le = le->next)
- {
- result_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
- result_le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (le->claim->name,
- le->claim->type,
- le->claim->data,
- le->claim->data_size);
- GNUNET_CONTAINER_DLL_insert (result->list_head,
- result->list_tail,
- result_le);
- }
- return result;
-}
-
-
-void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *tmp_le;
-
- for (le = attrs->list_head; NULL != le;)
- {
- GNUNET_free (le->claim);
- tmp_le = le;
- le = le->next;
- GNUNET_free (tmp_le);
- }
- GNUNET_free (attrs);
-
-}
-
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- return sizeof (struct Attribute)
- + strlen (attr->name)
- + attr->data_size;
-}
-
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
- char *result)
-{
- size_t data_len_ser;
- size_t name_len;
- struct Attribute *attr_ser;
- char* write_ptr;
-
- attr_ser = (struct Attribute*)result;
- attr_ser->attribute_type = htons (attr->type);
- attr_ser->attribute_version = htonl (attr->version);
- name_len = strlen (attr->name);
- attr_ser->name_len = htons (name_len);
- write_ptr = (char*)&attr_ser[1];
- GNUNET_memcpy (write_ptr, attr->name, name_len);
- write_ptr += name_len;
- //TODO plugin-ize
- //data_len_ser = plugin->serialize_attribute_value (attr,
- // &attr_ser[1]);
- data_len_ser = attr->data_size;
- GNUNET_memcpy (write_ptr, attr->data, attr->data_size);
- attr_ser->data_size = htons (data_len_ser);
-
- return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size;
-}
-
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
- size_t data_size)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
- struct Attribute *attr_ser;
- size_t data_len;
- size_t name_len;
- char* write_ptr;
-
- if (data_size < sizeof (struct Attribute))
- return NULL;
-
- attr_ser = (struct Attribute*)data;
- data_len = ntohs (attr_ser->data_size);
- name_len = ntohs (attr_ser->name_len);
- attr = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_ATTRIBUTE_Claim)
- + data_len + name_len + 1);
- attr->type = ntohs (attr_ser->attribute_type);
- attr->version = ntohl (attr_ser->attribute_version);
- attr->data_size = ntohs (attr_ser->data_size);
-
- write_ptr = (char*)&attr[1];
- GNUNET_memcpy (write_ptr,
- &attr_ser[1],
- name_len);
- write_ptr[name_len] = '\0';
- attr->name = write_ptr;
-
- write_ptr += name_len + 1;
- GNUNET_memcpy (write_ptr,
- (char*)&attr_ser[1] + name_len,
- attr->data_size);
- attr->data = write_ptr;
- return attr;
-
-}
-
-/* end of identity_attribute.c */
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2012-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * @author Martin Schanzenbach
- * @file identity-attribute/identity_attribute.h
- * @brief GNUnet Identity attributes
- *
- */
-#ifndef IDENTITY_ATTRIBUTE_H
-#define IDENTITY_ATTRIBUTE_H
-
-#include "gnunet_identity_provider_service.h"
-
-struct Attribute
-{
- /**
- * Attribute type
- */
- uint32_t attribute_type;
-
- /**
- * Attribute version
- */
- uint32_t attribute_version;
-
- /**
- * Name length
- */
- uint32_t name_len;
-
- /**
- * Data size
- */
- uint32_t data_size;
-
- //followed by data_size Attribute value data
-};
-
-#endif
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2013, 2014, 2016 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @file identity-attribute/plugin_identity_attribute_gnuid.c
- * @brief identity attribute plugin to provide the API for fundamental
- * attribute types.
- *
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_plugin.h"
-#include <inttypes.h>
-
-
-/**
- * Convert the 'value' of an attribute to a string.
- *
- * @param cls closure, unused
- * @param type type of the attribute
- * @param data value in binary encoding
- * @param data_size number of bytes in @a data
- * @return NULL on error, otherwise human-readable representation of the value
- */
-static char *
-gnuid_value_to_string (void *cls,
- uint32_t type,
- const void *data,
- size_t data_size)
-{
-
- switch (type)
- {
- case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
- return GNUNET_strndup (data, data_size);
- default:
- return NULL;
- }
-}
-
-
-/**
- * Convert human-readable version of a 'value' of an attribute to the binary
- * representation.
- *
- * @param cls closure, unused
- * @param type type of the attribute
- * @param s human-readable string
- * @param data set to value in binary encoding (will be allocated)
- * @param data_size set to number of bytes in @a data
- * @return #GNUNET_OK on success
- */
-static int
-gnuid_string_to_value (void *cls,
- uint32_t type,
- const char *s,
- void **data,
- size_t *data_size)
-{
- if (NULL == s)
- return GNUNET_SYSERR;
- switch (type)
- {
-
- case GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING:
- *data = GNUNET_strdup (s);
- *data_size = strlen (s);
- return GNUNET_OK;
- default:
- return GNUNET_SYSERR;
- }
-}
-
-
-/**
- * Mapping of attribute type numbers to human-readable
- * attribute type names.
- */
-static struct {
- const char *name;
- uint32_t number;
-} gnuid_name_map[] = {
- { "STRING", GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING },
- { NULL, UINT32_MAX }
-};
-
-
-/**
- * Convert a type name to the corresponding number.
- *
- * @param cls closure, unused
- * @param gnuid_typename name to convert
- * @return corresponding number, UINT32_MAX on error
- */
-static uint32_t
-gnuid_typename_to_number (void *cls,
- const char *gnuid_typename)
-{
- unsigned int i;
-
- i=0;
- while ( (NULL != gnuid_name_map[i].name) &&
- (0 != strcasecmp (gnuid_typename,
- gnuid_name_map[i].name)) )
- i++;
- return gnuid_name_map[i].number;
-}
-
-
-/**
- * Convert a type number (i.e. 1) to the corresponding type string
- *
- * @param cls closure, unused
- * @param type number of a type to convert
- * @return corresponding typestring, NULL on error
- */
-static const char *
-gnuid_number_to_typename (void *cls,
- uint32_t type)
-{
- unsigned int i;
-
- i=0;
- while ( (NULL != gnuid_name_map[i].name) &&
- (type != gnuid_name_map[i].number) )
- i++;
- return gnuid_name_map[i].name;
-}
-
-
-/**
- * Entry point for the plugin.
- *
- * @param cls NULL
- * @return the exported block API
- */
-void *
-libgnunet_plugin_identity_attribute_gnuid_init (void *cls)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api;
-
- api = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions);
- api->value_to_string = &gnuid_value_to_string;
- api->string_to_value = &gnuid_string_to_value;
- api->typename_to_number = &gnuid_typename_to_number;
- api->number_to_typename = &gnuid_number_to_typename;
- return api;
-}
-
-
-/**
- * Exit point from the plugin.
- *
- * @param cls the return value from #libgnunet_plugin_block_test_init()
- * @return NULL
- */
-void *
-libgnunet_plugin_identity_attribute_gnuid_done (void *cls)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions *api = cls;
-
- GNUNET_free (api);
- return NULL;
-}
-
-/* end of plugin_identity_attribute_type_gnuid.c */
+++ /dev/null
-gnunet-service-identity-provider
-gnunet-identity-token
+++ /dev/null
-# This Makefile.am is in the public domain
-AM_CPPFLAGS = -I$(top_srcdir)/src/include
-
- plugindir = $(libdir)/gnunet
-
-if MINGW
- WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
-endif
-
-if USE_COVERAGE
- AM_CFLAGS = --coverage -O0
- XLIB = -lgcov
-endif
-
-if HAVE_SQLITE
-SQLITE_PLUGIN = libgnunet_plugin_identity_provider_sqlite.la
-endif
-
-EXTRA_DIST = \
- test_idp_defaults.conf \
- test_idp.conf \
- $(check_SCRIPTS)
-
-pkgcfgdir= $(pkgdatadir)/config.d/
-
-libexecdir= $(pkglibdir)/libexec/
-
-pkgcfg_DATA = \
- identity-provider.conf
-
-lib_LTLIBRARIES = \
- libgnunetidentityprovider.la
-plugin_LTLIBRARIES = \
- libgnunet_plugin_rest_identity_provider.la \
- libgnunet_plugin_rest_openid_connect.la \
- libgnunet_plugin_gnsrecord_identity_provider.la \
- $(SQLITE_PLUGIN)
-
-bin_PROGRAMS = \
- gnunet-idp
-
-libexec_PROGRAMS = \
- gnunet-service-identity-provider
-
-libgnunet_plugin_gnsrecord_identity_provider_la_SOURCES = \
- plugin_gnsrecord_identity_provider.c
-libgnunet_plugin_gnsrecord_identity_provider_la_LIBADD = \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(LTLIBINTL)
-libgnunet_plugin_gnsrecord_identity_provider_la_LDFLAGS = \
- $(GN_PLUGIN_LDFLAGS)
-
-libgnunet_plugin_identity_provider_sqlite_la_SOURCES = \
- plugin_identity_provider_sqlite.c
-libgnunet_plugin_identity_provider_sqlite_la_LIBADD = \
- libgnunetidentityprovider.la \
- $(top_builddir)/src/sq/libgnunetsq.la \
- $(top_builddir)/src/statistics/libgnunetstatistics.la \
- $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
- $(LTLIBINTL)
-libgnunet_plugin_identity_provider_sqlite_la_LDFLAGS = \
- $(GN_PLUGIN_LDFLAGS)
-
-
-
-gnunet_service_identity_provider_SOURCES = \
- gnunet-service-identity-provider.c
-gnunet_service_identity_provider_LDADD = \
- $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(top_builddir)/src/namestore/libgnunetnamestore.la \
- $(top_builddir)/src/identity/libgnunetidentity.la \
- $(top_builddir)/src/statistics/libgnunetstatistics.la \
- $(top_builddir)/src/abe/libgnunetabe.la \
- $(top_builddir)/src/credential/libgnunetcredential.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
- libgnunetidentityprovider.la \
- $(top_builddir)/src/gns/libgnunetgns.la \
- $(GN_LIBINTL)
-
-libgnunetidentityprovider_la_SOURCES = \
- identity_provider_api.c \
- identity_provider.h
-libgnunetidentityprovider_la_LIBADD = \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(GN_LIBINTL) $(XLIB)
-libgnunetidentityprovider_la_LDFLAGS = \
- $(GN_LIB_LDFLAGS) $(WINFLAGS) \
- -version-info 0:0:0
-
-libgnunet_plugin_rest_identity_provider_la_SOURCES = \
- plugin_rest_identity_provider.c \
- jwt.c
-libgnunet_plugin_rest_identity_provider_la_LIBADD = \
- $(top_builddir)/src/identity/libgnunetidentity.la \
- libgnunetidentityprovider.la \
- $(top_builddir)/src/rest/libgnunetrest.la \
- $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
- $(top_builddir)/src/namestore/libgnunetnamestore.la \
- $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
- $(LTLIBINTL) -ljansson -lmicrohttpd
-libgnunet_plugin_rest_identity_provider_la_LDFLAGS = \
- $(GN_PLUGIN_LDFLAGS)
-
-libgnunet_plugin_rest_openid_connect_la_SOURCES = \
- plugin_rest_openid_connect.c \
- jwt.c
-libgnunet_plugin_rest_openid_connect_la_LIBADD = \
- $(top_builddir)/src/identity/libgnunetidentity.la \
- libgnunetidentityprovider.la \
- $(top_builddir)/src/rest/libgnunetrest.la \
- $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
- $(top_builddir)/src/namestore/libgnunetnamestore.la \
- $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
- $(LTLIBINTL) -ljansson -lmicrohttpd
-libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \
- $(GN_PLUGIN_LDFLAGS)
-
-gnunet_idp_SOURCES = \
- gnunet-idp.c
-gnunet_idp_LDADD = \
- $(top_builddir)/src/util/libgnunetutil.la \
- $(top_builddir)/src/namestore/libgnunetnamestore.la \
- libgnunetidentityprovider.la \
- $(top_builddir)/src/identity/libgnunetidentity.la \
- $(top_builddir)/src/identity-attribute/libgnunetidentityattribute.la \
- $(GN_LIBINTL)
-
-check_SCRIPTS = \
- test_idp_attribute.sh \
- test_idp_issue.sh \
- test_idp_consume.sh \
- test_idp_revoke.sh
-
-if ENABLE_TEST_RUN
- AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
- TESTS = $(check_SCRIPTS)
-endif
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2012-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-idp.c
- * @brief Identity Provider utility
- *
- */
-
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_namestore_service.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_service.h"
-#include "gnunet_signatures.h"
-
-/**
- * return value
- */
-static int ret;
-
-/**
- * List attribute flag
- */
-static int list;
-
-/**
- * Relying party
- */
-static char* rp;
-
-/**
- * The attribute
- */
-static char* attr_name;
-
-/**
- * Attribute value
- */
-static char* attr_value;
-
-/**
- * Attributes to issue
- */
-static char* issue_attrs;
-
-/**
- * Ticket to consume
- */
-static char* consume_ticket;
-
-/**
- * Attribute type
- */
-static char* type_str;
-
-/**
- * Ticket to revoke
- */
-static char* revoke_ticket;
-
-/**
- * Ego name
- */
-static char* ego_name;
-
-/**
- * Identity handle
- */
-static struct GNUNET_IDENTITY_Handle *identity_handle;
-
-/**
- * IdP handle
- */
-static struct GNUNET_IDENTITY_PROVIDER_Handle *idp_handle;
-
-/**
- * IdP operation
- */
-static struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
-
-/**
- * Attribute iterator
- */
-static struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_iterator;
-
-/**
- * Master ABE key
- */
-static struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
-
-/**
- * ego private key
- */
-static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey;
-
-/**
- * rp public key
- */
-static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
-
-/**
- * Ticket to consume
- */
-static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-
-/**
- * Attribute list
- */
-static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
-
-/**
- * Attribute expiration interval
- */
-static struct GNUNET_TIME_Relative exp_interval;
-
-/**
- * Timeout task
- */
-static struct GNUNET_SCHEDULER_Task *timeout;
-
-static void
-do_cleanup(void *cls)
-{
- if (NULL != timeout)
- GNUNET_SCHEDULER_cancel (timeout);
- if (NULL != idp_op)
- GNUNET_IDENTITY_PROVIDER_cancel (idp_op);
- if (NULL != attr_iterator)
- GNUNET_IDENTITY_PROVIDER_get_attributes_stop (attr_iterator);
- if (NULL != idp_handle)
- GNUNET_IDENTITY_PROVIDER_disconnect (idp_handle);
- if (NULL != identity_handle)
- GNUNET_IDENTITY_disconnect (identity_handle);
- if (NULL != abe_key)
- GNUNET_free (abe_key);
- if (NULL != attr_list)
- GNUNET_free (attr_list);
-}
-
-static void
-ticket_issue_cb (void* cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
-{
- char* ticket_str;
- idp_op = NULL;
- if (NULL != ticket) {
- ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
- printf("%s\n",
- ticket_str);
- GNUNET_free (ticket_str);
- }
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
-}
-
-static void
-store_attr_cont (void *cls,
- int32_t success,
- const char*emsg)
-{
- idp_op = NULL;
- if (GNUNET_SYSERR == success) {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "%s\n", emsg);
- }
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
-}
-
-static void
-process_attrs (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- char *value_str;
- if (NULL == identity)
- {
- idp_op = NULL;
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
- return;
- }
- if (NULL == attr)
- {
- ret = 1;
- return;
- }
- value_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
- attr->data,
- attr->data_size);
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- "%s: %s\n", attr->name, value_str);
-}
-
-
-static void
-iter_error (void *cls)
-{
- attr_iterator = NULL;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to iterate over attributes\n");
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
-}
-
-static void
-timeout_task (void *cls)
-{
- timeout = NULL;
- ret = 1;
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- "Timeout\n");
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
-}
-
-static void
-process_rvk (void *cls, int success, const char* msg)
-{
- idp_op = NULL;
- if (GNUNET_OK != success)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- "Revocation failed.\n");
- ret = 1;
- }
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
-}
-
-static void
-iter_finished (void *cls)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
- char *data;
- size_t data_size;
- int type;
-
- attr_iterator = NULL;
- if (list)
- {
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
- return;
- }
-
- if (issue_attrs)
- {
- idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (idp_handle,
- pkey,
- &rp_key,
- attr_list,
- &ticket_issue_cb,
- NULL);
- return;
- }
- if (consume_ticket)
- {
- idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (idp_handle,
- pkey,
- &ticket,
- &process_attrs,
- NULL);
- timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10),
- &timeout_task,
- NULL);
- return;
- }
- if (revoke_ticket)
- {
- idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (idp_handle,
- pkey,
- &ticket,
- &process_rvk,
- NULL);
- return;
- }
- if (attr_name)
- {
- if (NULL == type_str)
- type = GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING;
- else
- type = GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (type_str);
-
- GNUNET_assert (GNUNET_SYSERR != GNUNET_IDENTITY_ATTRIBUTE_string_to_value (type,
- attr_value,
- (void**)&data,
- &data_size));
- claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr_name,
- type,
- data,
- data_size);
- idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
- pkey,
- claim,
- &exp_interval,
- &store_attr_cont,
- NULL);
- return;
- }
- GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
-}
-
-static void
-iter_cb (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- char *attrs_tmp;
- char *attr_str;
-
- if (issue_attrs)
- {
- attrs_tmp = GNUNET_strdup (issue_attrs);
- attr_str = strtok (attrs_tmp, ",");
- while (NULL != attr_str) {
- if (0 != strcmp (attr_str, attr->name)) {
- attr_str = strtok (NULL, ",");
- continue;
- }
- le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
- le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name,
- attr->type,
- attr->data,
- attr->data_size);
- GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
- attr_list->list_tail,
- le);
- break;
- }
- GNUNET_free (attrs_tmp);
- } else if (list) {
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- "%s: %s\n", attr->name, (char*)attr->data);
- }
- GNUNET_IDENTITY_PROVIDER_get_attributes_next (attr_iterator);
-}
-
-static void
-ego_iter_finished (void *cls)
-{
- if (NULL == pkey)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- "Ego %s not found\n", ego_name);
- return;
- }
-
- if (NULL != rp)
- GNUNET_CRYPTO_ecdsa_public_key_from_string (rp,
- strlen (rp),
- &rp_key);
- if (NULL != consume_ticket)
- GNUNET_STRINGS_string_to_data (consume_ticket,
- strlen (consume_ticket),
- &ticket,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
- if (NULL != revoke_ticket)
- GNUNET_STRINGS_string_to_data (revoke_ticket,
- strlen (revoke_ticket),
- &ticket,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
-
-
- attr_list = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
-
- attr_iterator = GNUNET_IDENTITY_PROVIDER_get_attributes_start (idp_handle,
- pkey,
- &iter_error,
- NULL,
- &iter_cb,
- NULL,
- &iter_finished,
- NULL);
-
-
-}
-
-static int init = GNUNET_YES;
-
-static void
-ego_cb (void *cls,
- struct GNUNET_IDENTITY_Ego *ego,
- void **ctx,
- const char *name)
-{
- if (NULL == name) {
- if (GNUNET_YES == init) {
- init = GNUNET_NO;
- GNUNET_SCHEDULER_add_now (&ego_iter_finished, NULL);
- }
- return;
- }
- if (0 != strcmp (name, ego_name))
- return;
- pkey = GNUNET_IDENTITY_ego_get_private_key (ego);
-}
-
-
-static void
-run (void *cls,
- char *const *args,
- const char *cfgfile,
- const struct GNUNET_CONFIGURATION_Handle *c)
-{
- ret = 0;
- if (NULL == ego_name)
- {
- ret = 1;
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- _("Ego is required\n"));
- return;
- }
-
- if ( (NULL == attr_value) && (NULL != attr_name) )
- {
- ret = 1;
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- _("Attribute value missing!\n"));
- return;
- }
-
- if ( (NULL == rp) && (NULL != issue_attrs) )
- {
- ret = 1;
- GNUNET_log (GNUNET_ERROR_TYPE_MESSAGE,
- _("Requesting party key is required!\n"));
- return;
- }
-
- idp_handle = GNUNET_IDENTITY_PROVIDER_connect (c);
- //Get Ego
- identity_handle = GNUNET_IDENTITY_connect (c,
- &ego_cb,
- NULL);
-
-
-}
-
-
-int
-main(int argc, char *const argv[])
-{
- exp_interval = GNUNET_TIME_UNIT_HOURS;
- struct GNUNET_GETOPT_CommandLineOption options[] = {
-
- GNUNET_GETOPT_option_string ('a',
- "add",
- NULL,
- gettext_noop ("Add attribute"),
- &attr_name),
-
- GNUNET_GETOPT_option_string ('V',
- "value",
- NULL,
- gettext_noop ("Attribute value"),
- &attr_value),
- GNUNET_GETOPT_option_string ('e',
- "ego",
- NULL,
- gettext_noop ("Ego"),
- &ego_name),
- GNUNET_GETOPT_option_string ('r',
- "rp",
- NULL,
- gettext_noop ("Audience (relying party)"),
- &rp),
- GNUNET_GETOPT_option_flag ('D',
- "dump",
- gettext_noop ("List attributes for Ego"),
- &list),
- GNUNET_GETOPT_option_string ('i',
- "issue",
- NULL,
- gettext_noop ("Issue a ticket"),
- &issue_attrs),
- GNUNET_GETOPT_option_string ('C',
- "consume",
- NULL,
- gettext_noop ("Consume a ticket"),
- &consume_ticket),
- GNUNET_GETOPT_option_string ('R',
- "revoke",
- NULL,
- gettext_noop ("Revoke a ticket"),
- &revoke_ticket),
- GNUNET_GETOPT_option_string ('t',
- "type",
- NULL,
- gettext_noop ("Type of attribute"),
- &type_str),
- GNUNET_GETOPT_option_relative_time ('E',
- "expiration",
- NULL,
- gettext_noop ("Expiration interval of the attribute"),
- &exp_interval),
-
- GNUNET_GETOPT_OPTION_END
- };
- if (GNUNET_OK != GNUNET_PROGRAM_run (argc, argv, "ct",
- "ct", options,
- &run, NULL))
- return 1;
- else
- return ret;
-}
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2012-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * @author Martin Schanzenbach
- * @file src/identity-provider/gnunet-service-identity-provider.c
- * @brief Identity Token Service
- *
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_constants.h"
-#include "gnunet_protocols.h"
-#include "gnunet_identity_service.h"
-#include "gnunet_gnsrecord_lib.h"
-#include "gnunet_namestore_service.h"
-#include "gnunet_abe_lib.h"
-#include "gnunet_credential_service.h"
-#include "gnunet_statistics_service.h"
-#include "gnunet_gns_service.h"
-#include "gnunet_identity_provider_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_signatures.h"
-#include "identity_provider.h"
-
-/**
- * First pass state
- */
-#define STATE_INIT 0
-
-/**
- * Normal operation state
- */
-#define STATE_POST_INIT 1
-
-/**
- * Minimum interval between updates
- */
-#define MIN_WAIT_TIME GNUNET_TIME_UNIT_MINUTES
-
-/**
- * Standard token expiration time
- */
-#define DEFAULT_TOKEN_EXPIRATION_INTERVAL GNUNET_TIME_UNIT_HOURS
-
-/**
- * Identity handle
- */
-static struct GNUNET_IDENTITY_Handle *identity_handle;
-
-/**
- * Database handle
- */
-static struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *TKT_database;
-
-/**
- * Name of DB plugin
- */
-static char *db_lib_name;
-
-/**
- * Token expiration interval
- */
-static struct GNUNET_TIME_Relative token_expiration_interval;
-
-/**
- * Namestore handle
- */
-static struct GNUNET_NAMESTORE_Handle *ns_handle;
-
-/**
- * GNS handle
- */
-static struct GNUNET_GNS_Handle *gns_handle;
-
-/**
- * Credential handle
- */
-static struct GNUNET_CREDENTIAL_Handle *credential_handle;
-
-/**
- * Namestore qe
- */
-static struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
-
-/**
- * Namestore iterator
- */
-static struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
-
-/**
- * Timeout task
- */
-static struct GNUNET_SCHEDULER_Task *timeout_task;
-
-/**
- * Update task
- */
-static struct GNUNET_SCHEDULER_Task *update_task;
-
-
-/**
- * Currently processed token
- */
-static struct IdentityToken *token;
-
-/**
- * Label for currently processed token
- */
-static char* label;
-
-/**
- * Scopes for processed token
- */
-static char* scopes;
-
-/**
- * Handle to the statistics service.
- */
-static struct GNUNET_STATISTICS_Handle *stats;
-
-/**
- * Our configuration.
- */
-static const struct GNUNET_CONFIGURATION_Handle *cfg;
-
-/**
- * An idp client
- */
-struct IdpClient;
-
-/**
- * A ticket iteration operation.
- */
-struct TicketIteration
-{
- /**
- * DLL
- */
- struct TicketIteration *next;
-
- /**
- * DLL
- */
- struct TicketIteration *prev;
-
- /**
- * Client which intiated this zone iteration
- */
- struct IdpClient *client;
-
- /**
- * Key of the identity we are iterating over.
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity;
-
- /**
- * Identity is audience
- */
- uint32_t is_audience;
-
- /**
- * The operation id fot the iteration in the response for the client
- */
- uint32_t r_id;
-
- /**
- * Offset of the iteration used to address next result of the
- * iteration in the store
- *
- * Initialy set to 0 in handle_iteration_start
- * Incremented with by every call to handle_iteration_next
- */
- uint32_t offset;
-
-};
-
-
-
-/**
- * Callback after an ABE bootstrap
- *
- * @param cls closure
- * @param abe_key the ABE key that exists or was created
- */
-typedef void
-(*AbeBootstrapResult) (void *cls,
- struct GNUNET_ABE_AbeMasterKey *abe_key);
-
-
-struct AbeBootstrapHandle
-{
- /**
- * Function to call when finished
- */
- AbeBootstrapResult proc;
-
- /**
- * Callback closure
- */
- char *proc_cls;
-
- /**
- * Key of the zone we are iterating over.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * Namestore Queue Entry
- */
- struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
-
- /**
- * The issuer egos ABE master key
- */
- struct GNUNET_ABE_AbeMasterKey *abe_key;
-};
-
-/**
- * An attribute iteration operation.
- */
-struct AttributeIterator
-{
- /**
- * Next element in the DLL
- */
- struct AttributeIterator *next;
-
- /**
- * Previous element in the DLL
- */
- struct AttributeIterator *prev;
-
- /**
- * IDP client which intiated this zone iteration
- */
- struct IdpClient *client;
-
- /**
- * Key of the zone we are iterating over.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * The issuer egos ABE master key
- */
- struct GNUNET_ABE_AbeMasterKey *abe_key;
-
- /**
- * Namestore iterator
- */
- struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
-
- /**
- * The operation id fot the zone iteration in the response for the client
- */
- uint32_t request_id;
-
-};
-
-
-
-/**
- * An idp client
- */
-struct IdpClient
-{
-
- /**
- * The client
- */
- struct GNUNET_SERVICE_Client *client;
-
- /**
- * Message queue for transmission to @e client
- */
- struct GNUNET_MQ_Handle *mq;
-
- /**
- * Head of the DLL of
- * Attribute iteration operations in
- * progress initiated by this client
- */
- struct AttributeIterator *attr_iter_head;
-
- /**
- * Tail of the DLL of
- * Attribute iteration operations
- * in progress initiated by this client
- */
- struct AttributeIterator *attr_iter_tail;
-
- /**
- * Head of DLL of ticket iteration ops
- */
- struct TicketIteration *ticket_iter_head;
-
- /**
- * Tail of DLL of ticket iteration ops
- */
- struct TicketIteration *ticket_iter_tail;
-
- /**
- * Head of DLL of ticket revocation ops
- */
- struct TicketRevocationHandle *revoke_op_head;
-
- /**
- * Tail of DLL of ticket revocation ops
- */
- struct TicketRevocationHandle *revoke_op_tail;
-
- /**
- * Head of DLL of ticket issue ops
- */
- struct TicketIssueHandle *issue_op_head;
-
- /**
- * Tail of DLL of ticket issue ops
- */
- struct TicketIssueHandle *issue_op_tail;
-
- /**
- * Head of DLL of ticket consume ops
- */
- struct ConsumeTicketHandle *consume_op_head;
-
- /**
- * Tail of DLL of ticket consume ops
- */
- struct ConsumeTicketHandle *consume_op_tail;
-
- /**
- * Head of DLL of attribute store ops
- */
- struct AttributeStoreHandle *store_op_head;
-
- /**
- * Tail of DLL of attribute store ops
- */
- struct AttributeStoreHandle *store_op_tail;
-
-};
-
-struct AttributeStoreHandle
-{
- /**
- * DLL
- */
- struct AttributeStoreHandle *next;
-
- /**
- * DLL
- */
- struct AttributeStoreHandle *prev;
-
- /**
- * Client connection
- */
- struct IdpClient *client;
-
- /**
- * Identity
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * Identity pubkey
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity_pkey;
-
- /**
- * The issuer egos ABE master key
- */
- struct GNUNET_ABE_AbeMasterKey *abe_key;
-
- /**
- * QueueEntry
- */
- struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
-
- /**
- * The attribute to store
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
-
- /**
- * The attribute expiration interval
- */
- struct GNUNET_TIME_Relative exp;
-
- /**
- * request id
- */
- uint32_t r_id;
-};
-
-
-/* Prototype */
-struct ParallelLookup;
-
-struct ConsumeTicketHandle
-{
- /**
- * DLL
- */
- struct ConsumeTicketHandle *next;
-
- /**
- * DLL
- */
- struct ConsumeTicketHandle *prev;
-
- /**
- * Client connection
- */
- struct IdpClient *client;
-
- /**
- * Ticket
- */
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-
- /**
- * LookupRequest
- */
- struct GNUNET_GNS_LookupRequest *lookup_request;
-
- /**
- * Audience Key
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * Audience Key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
-
- /**
- * Lookup DLL
- */
- struct ParallelLookup *parallel_lookups_head;
-
- /**
- * Lookup DLL
- */
- struct ParallelLookup *parallel_lookups_tail;
-
- /**
- * Kill task
- */
- struct GNUNET_SCHEDULER_Task *kill_task;
-
- /**
- * The ABE key
- */
- struct GNUNET_ABE_AbeKey *key;
-
- /**
- * Attributes
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-
- /**
- * Lookup time
- */
- struct GNUNET_TIME_Absolute lookup_start_time;
-
- /**
- * request id
- */
- uint32_t r_id;
-};
-
-/**
- * Handle for a parallel GNS lookup job
- */
-struct ParallelLookup
-{
- /* DLL */
- struct ParallelLookup *next;
-
- /* DLL */
- struct ParallelLookup *prev;
-
- /* The GNS request */
- struct GNUNET_GNS_LookupRequest *lookup_request;
-
- /* The handle the return to */
- struct ConsumeTicketHandle *handle;
-
- /**
- * Lookup time
- */
- struct GNUNET_TIME_Absolute lookup_start_time;
-
- /* The label to look up */
- char *label;
-};
-
-/**
- * Ticket revocation request handle
- */
-struct TicketRevocationHandle
-{
- /**
- * DLL
- */
- struct TicketRevocationHandle *prev;
-
- /**
- * DLL
- */
- struct TicketRevocationHandle *next;
-
- /**
- * Client connection
- */
- struct IdpClient *client;
-
- /**
- * Attributes to reissue
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-
- /**
- * Attributes to revoke
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *rvk_attrs;
-
- /**
- * Issuer Key
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * Ticket to issue
- */
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-
- /**
- * QueueEntry
- */
- struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
-
- /**
- * Namestore iterator
- */
- struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
-
- /**
- * The ABE master key
- */
- struct GNUNET_ABE_AbeMasterKey *abe_key;
-
- /**
- * Offset
- */
- uint32_t offset;
-
- /**
- * request id
- */
- uint32_t r_id;
-};
-
-
-
-/**
- * Ticket issue request handle
- */
-struct TicketIssueHandle
-{
- /**
- * DLL
- */
- struct TicketIssueHandle *prev;
-
- /**
- * DLL
- */
- struct TicketIssueHandle *next;
-
- /**
- * Client connection
- */
- struct IdpClient *client;
-
- /**
- * Attributes to issue
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
-
- /**
- * Issuer Key
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * Ticket to issue
- */
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-
- /**
- * QueueEntry
- */
- struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
-
- /**
- * request id
- */
- uint32_t r_id;
-};
-
-
-/**
- * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format
- *
- */
-struct EgoEntry
-{
- /**
- * DLL
- */
- struct EgoEntry *next;
-
- /**
- * DLL
- */
- struct EgoEntry *prev;
-
- /**
- * Ego handle
- */
- struct GNUNET_IDENTITY_Ego *ego;
-
- /**
- * Attribute map. Contains the attributes as json_t
- */
- struct GNUNET_CONTAINER_MultiHashMap *attr_map;
-
-};
-
-/**
- * Cleanup task
- */
-static void
-cleanup()
-{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Cleaning up\n");
-
- if (NULL != stats)
- {
- GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
- stats = NULL;
- }
- GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name,
- TKT_database));
- GNUNET_free (db_lib_name);
- db_lib_name = NULL;
- if (NULL != timeout_task)
- GNUNET_SCHEDULER_cancel (timeout_task);
- if (NULL != update_task)
- GNUNET_SCHEDULER_cancel (update_task);
- if (NULL != identity_handle)
- GNUNET_IDENTITY_disconnect (identity_handle);
- if (NULL != gns_handle)
- GNUNET_GNS_disconnect (gns_handle);
- if (NULL != credential_handle)
- GNUNET_CREDENTIAL_disconnect (credential_handle);
- if (NULL != ns_it)
- GNUNET_NAMESTORE_zone_iteration_stop (ns_it);
- if (NULL != ns_qe)
- GNUNET_NAMESTORE_cancel (ns_qe);
- if (NULL != ns_handle)
- GNUNET_NAMESTORE_disconnect (ns_handle);
- GNUNET_free_non_null (token);
- GNUNET_free_non_null (label);
-
-}
-
-/**
- * Shutdown task
- *
- * @param cls NULL
- */
-static void
-do_shutdown (void *cls)
-{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Shutting down...\n");
- cleanup();
-}
-
-/**
- * Finished storing newly bootstrapped ABE key
- */
-static void
-bootstrap_store_cont (void *cls,
- int32_t success,
- const char *emsg)
-{
- struct AbeBootstrapHandle *abh = cls;
- if (GNUNET_SYSERR == success)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to bootstrap ABE master %s\n",
- emsg);
- abh->proc (abh->proc_cls, NULL);
- GNUNET_free (abh->abe_key);
- GNUNET_free (abh);
- return;
- }
- abh->proc (abh->proc_cls, abh->abe_key);
- GNUNET_free (abh);
-}
-
-/**
- * Generates and stores a new ABE key
- */
-static void
-bootstrap_store_task (void *cls)
-{
- struct AbeBootstrapHandle *abh = cls;
- struct GNUNET_GNSRECORD_Data rd[1];
- char *key;
-
- rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key,
- (void**)&key);
- rd[0].data = key;
- rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
- rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE;
- rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
- abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
- &abh->identity,
- "+",
- 1,
- rd,
- &bootstrap_store_cont,
- abh);
- GNUNET_free (key);
-}
-
-/**
- * Error checking for ABE master
- */
-static void
-bootstrap_abe_error (void *cls)
-{
- struct AbeBootstrapHandle *abh = cls;
- abh->proc (abh->proc_cls, NULL);
- GNUNET_free (abh);
-}
-
-
-/**
- * Handle ABE lookup in namestore
- */
-static void
-bootstrap_abe_result (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
- const char *label,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- struct AbeBootstrapHandle *abh = cls;
- struct GNUNET_ABE_AbeMasterKey *abe_key;
-
- for (uint32_t i=0;i<rd_count;i++) {
- if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
- continue;
- abe_key = GNUNET_ABE_cpabe_deserialize_master_key (rd[i].data,
- rd[i].data_size);
- abh->proc (abh->proc_cls, abe_key);
- GNUNET_free (abh);
- return;
- }
-
- //No ABE master found, bootstrapping...
- abh->abe_key = GNUNET_ABE_cpabe_create_master_key ();
- GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
-}
-
-/**
- * Bootstrap ABE master if it does not yet exists.
- * Will call the AbeBootstrapResult processor when done.
- * will always recreate the ABE key of GNUNET_YES == recreate
- */
-static void
-bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- AbeBootstrapResult proc,
- void* cls,
- int recreate)
-{
- struct AbeBootstrapHandle *abh;
-
- abh = GNUNET_new (struct AbeBootstrapHandle);
- abh->proc = proc;
- abh->proc_cls = cls;
- abh->identity = *identity;
- if (GNUNET_YES == recreate)
- {
- abh->abe_key = GNUNET_ABE_cpabe_create_master_key ();
- GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
- } else {
- abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
- identity,
- "+",
- &bootstrap_abe_error,
- abh,
- &bootstrap_abe_result,
- abh);
- }
-}
-
-
-
-static int
-create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash,
- struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
- struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
-{
- struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str;
-
- GNUNET_CRYPTO_hash_to_enc (new_key_hash,
- &new_key_hash_str);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str);
- static const char ctx_key[] = "gnuid-aes-ctx-key";
- GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
- new_key_hash, sizeof (struct GNUNET_HashCode),
- ctx_key, strlen (ctx_key),
- NULL, 0);
- static const char ctx_iv[] = "gnuid-aes-ctx-iv";
- GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
- new_key_hash, sizeof (struct GNUNET_HashCode),
- ctx_iv, strlen (ctx_iv),
- NULL, 0);
- return GNUNET_OK;
-}
-
-/**
- * Cleanup ticket consume handle
- * @param handle the handle to clean up
- */
-static void
-cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
-{
- if (NULL != handle->attrs)
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
- if (NULL != handle->ns_qe)
- GNUNET_NAMESTORE_cancel (handle->ns_qe);
- GNUNET_free (handle);
-}
-
-
-static void
-send_ticket_result (struct IdpClient *client,
- uint32_t r_id,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct TicketResultMessage *irm;
- struct GNUNET_MQ_Envelope *env;
- struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket_buf;
-
- /* store ticket in DB */
- if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
- ticket,
- attrs))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to store ticket after issue\n");
- GNUNET_break (0);
- }
-
- env = GNUNET_MQ_msg_extra (irm,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
- ticket_buf = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&irm[1];
- *ticket_buf = *ticket;
- irm->id = htonl (r_id);
- GNUNET_MQ_send (client->mq,
- env);
-}
-
-static void
-store_ticket_issue_cont (void *cls,
- int32_t success,
- const char *emsg)
-{
- struct TicketIssueHandle *handle = cls;
-
- handle->ns_qe = NULL;
- GNUNET_CONTAINER_DLL_remove (handle->client->issue_op_head,
- handle->client->issue_op_tail,
- handle);
- if (GNUNET_SYSERR == success)
- {
- cleanup_ticket_issue_handle (handle);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
- "Unknown Error\n");
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
- return;
- }
- send_ticket_result (handle->client,
- handle->r_id,
- &handle->ticket,
- handle->attrs);
- cleanup_ticket_issue_handle (handle);
-}
-
-
-
-int
-serialize_abe_keyinfo2 (const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- const struct GNUNET_ABE_AbeKey *rp_key,
- struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
- char **result)
-{
- struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- char *enc_keyinfo;
- char *serialized_key;
- char *buf;
- char *write_ptr;
- char attrs_str_len;
- ssize_t size;
-
- struct GNUNET_CRYPTO_SymmetricSessionKey skey;
- struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
- struct GNUNET_HashCode new_key_hash;
- ssize_t enc_size;
-
- size = GNUNET_ABE_cpabe_serialize_key (rp_key,
- (void**)&serialized_key);
- attrs_str_len = 0;
- for (le = attrs->list_head; NULL != le; le = le->next) {
- attrs_str_len += strlen (le->claim->name) + 1;
- }
- buf = GNUNET_malloc (attrs_str_len + size);
- write_ptr = buf;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Writing attributes\n");
- for (le = attrs->list_head; NULL != le; le = le->next) {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "%s\n", le->claim->name);
-
-
- GNUNET_memcpy (write_ptr,
- le->claim->name,
- strlen (le->claim->name));
- write_ptr[strlen (le->claim->name)] = ',';
- write_ptr += strlen (le->claim->name) + 1;
- }
- write_ptr--;
- write_ptr[0] = '\0'; //replace last , with a 0-terminator
- write_ptr++;
- GNUNET_memcpy (write_ptr,
- serialized_key,
- size);
- GNUNET_free (serialized_key);
- // ECDH keypair E = eG
- *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
- GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
- &ecdh_pubkey);
- enc_keyinfo = GNUNET_malloc (size + attrs_str_len);
- // Derived key K = H(eB)
- GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
- &ticket->audience,
- &new_key_hash));
- create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
- enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
- size + attrs_str_len,
- &skey, &iv,
- enc_keyinfo);
- *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+
- enc_size);
- GNUNET_memcpy (*result,
- &ecdh_pubkey,
- sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
- GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
- enc_keyinfo,
- enc_size);
- GNUNET_free (enc_keyinfo);
- GNUNET_free (buf);
- return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size;
-}
-
-
-
-static void
-issue_ticket_after_abe_bootstrap (void *cls,
- struct GNUNET_ABE_AbeMasterKey *abe_key)
-{
- struct TicketIssueHandle *ih = cls;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
- struct GNUNET_GNSRECORD_Data code_record[1];
- struct GNUNET_ABE_AbeKey *rp_key;
- char *code_record_data;
- char **attrs;
- char *label;
- char *policy;
- int attrs_len;
- uint32_t i;
- size_t code_record_len;
-
- //Create new ABE key for RP
- attrs_len = 0;
- for (le = ih->attrs->list_head; NULL != le; le = le->next)
- attrs_len++;
- attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
- i = 0;
- for (le = ih->attrs->list_head; NULL != le; le = le->next) {
- GNUNET_asprintf (&policy, "%s_%lu",
- le->claim->name,
- le->claim->version);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Adding attribute to key: %s\n",
- policy);
- attrs[i] = policy;
- i++;
- }
- attrs[i] = NULL;
- rp_key = GNUNET_ABE_cpabe_create_key (abe_key,
- attrs);
-
- //TODO review this wireformat
- code_record_len = serialize_abe_keyinfo2 (&ih->ticket,
- ih->attrs,
- rp_key,
- &ecdhe_privkey,
- &code_record_data);
- code_record[0].data = code_record_data;
- code_record[0].data_size = code_record_len;
- code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
- code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
- code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-
- label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd,
- sizeof (uint64_t));
- //Publish record
- ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
- &ih->identity,
- label,
- 1,
- code_record,
- &store_ticket_issue_cont,
- ih);
- //for (; i > 0; i--)
- // GNUNET_free (attrs[i-1]);
- GNUNET_free (ecdhe_privkey);
- GNUNET_free (label);
- GNUNET_free (attrs);
- GNUNET_free (code_record_data);
- GNUNET_ABE_cpabe_delete_key (rp_key,
- GNUNET_YES);
- GNUNET_ABE_cpabe_delete_master_key (abe_key);
-}
-
-
-static int
-check_issue_ticket_message(void *cls,
- const struct IssueTicketMessage *im)
-{
- uint16_t size;
-
- size = ntohs (im->header.size);
- if (size <= sizeof (struct IssueTicketMessage))
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-static void
-handle_issue_ticket_message (void *cls,
- const struct IssueTicketMessage *im)
-{
- struct TicketIssueHandle *ih;
- struct IdpClient *idp = cls;
- size_t attrs_len;
-
- ih = GNUNET_new (struct TicketIssueHandle);
- attrs_len = ntohs (im->attr_len);
- ih->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
- ih->r_id = ntohl (im->id);
- ih->client = idp;
- ih->identity = im->identity;
- GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity,
- &ih->ticket.identity);
- ih->ticket.audience = im->rp;
- ih->ticket.rnd =
- GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
- UINT64_MAX);
- GNUNET_CONTAINER_DLL_insert (idp->issue_op_head,
- idp->issue_op_tail,
- ih);
- bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih, GNUNET_NO);
- GNUNET_SERVICE_client_continue (idp->client);
-
-}
-
-/**********************************************************
- * Revocation
- **********************************************************/
-
-/**
- * Cleanup revoke handle
- *
- * @param rh the ticket revocation handle
- */
-static void
-cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh)
-{
- if (NULL != rh->attrs)
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->attrs);
- if (NULL != rh->rvk_attrs)
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy (rh->rvk_attrs);
- if (NULL != rh->abe_key)
- GNUNET_ABE_cpabe_delete_master_key (rh->abe_key);
- if (NULL != rh->ns_qe)
- GNUNET_NAMESTORE_cancel (rh->ns_qe);
- if (NULL != rh->ns_it)
- GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it);
- GNUNET_free (rh);
-}
-
-
-/**
- * Send revocation result
- *
- * @param rh ticket revocation handle
- * @param success GNUNET_OK if successful result
- */
-static void
-send_revocation_finished (struct TicketRevocationHandle *rh,
- uint32_t success)
-{
- struct GNUNET_MQ_Envelope *env;
- struct RevokeTicketResultMessage *trm;
-
- env = GNUNET_MQ_msg (trm,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT);
- trm->id = htonl (rh->r_id);
- trm->success = htonl (success);
- GNUNET_MQ_send (rh->client->mq,
- env);
- GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
- rh->client->revoke_op_tail,
- rh);
-}
-
-
-/**
- * Process ticket from database
- *
- * @param cls struct TicketIterationProcResult
- * @param ticket the ticket
- * @param attrs the attributes
- */
-static void
-ticket_reissue_proc (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
-
-static void
-revocation_reissue_tickets (struct TicketRevocationHandle *rh);
-
-
-static void reissue_next (void *cls)
-{
- struct TicketRevocationHandle *rh = cls;
- revocation_reissue_tickets (rh);
-}
-
-
-static void
-reissue_ticket_cont (void *cls,
- int32_t success,
- const char *emsg)
-{
- struct TicketRevocationHandle *rh = cls;
-
- rh->ns_qe = NULL;
- if (GNUNET_SYSERR == success)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
- "Unknown Error\n");
- send_revocation_finished (rh, GNUNET_SYSERR);
- GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
- rh->client->revoke_op_tail,
- rh);
- cleanup_revoke_ticket_handle (rh);
- return;
- }
- rh->offset++;
- GNUNET_SCHEDULER_add_now (&reissue_next, rh);
-}
-
-
-/**
- * Process ticket from database
- *
- * @param cls struct TicketIterationProcResult
- * @param ticket the ticket
- * @param attrs the attributes
- */
-static void
-ticket_reissue_proc (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct TicketRevocationHandle *rh = cls;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le_rollover;
- struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
- struct GNUNET_GNSRECORD_Data code_record[1];
- struct GNUNET_ABE_AbeKey *rp_key;
- char *code_record_data;
- char **attr_arr;
- char *label;
- char *policy;
- int attrs_len;
- uint32_t i;
- int reissue_ticket;
- size_t code_record_len;
-
-
- if (NULL == ticket)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Iteration done\n");
- return;
- }
-
- if (0 == memcmp (&ticket->audience,
- &rh->ticket.audience,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Do not reissue for this identity.!\n");
-
- rh->offset++;
- GNUNET_SCHEDULER_add_now (&reissue_next, rh);
- return;
- }
-
- /*
- * Check if any attribute of this ticket intersects with a rollover attribute
- */
- reissue_ticket = GNUNET_NO;
- for (le = attrs->list_head; NULL != le; le = le->next)
- {
- for (le_rollover = rh->rvk_attrs->list_head;
- NULL != le_rollover;
- le_rollover = le_rollover->next)
- {
- if (0 == strcmp (le_rollover->claim->name,
- le->claim->name))
- {
- reissue_ticket = GNUNET_YES;
- le->claim->version = le_rollover->claim->version;
- }
- }
- }
-
- if (GNUNET_NO == reissue_ticket)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Skipping ticket.\n");
-
- rh->offset++;
- GNUNET_SCHEDULER_add_now (&reissue_next, rh);
-
-
- return;
- }
-
- //Create new ABE key for RP
- attrs_len = 0;
-
- /* If this is the RP we want to revoke attributes of, the do so */
-
- for (le = attrs->list_head; NULL != le; le = le->next)
- attrs_len++;
- attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
- i = 0;
- for (le = attrs->list_head; NULL != le; le = le->next) {
- GNUNET_asprintf (&policy, "%s_%lu",
- le->claim->name,
- le->claim->version);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Recreating key with %s\n", policy);
- attr_arr[i] = policy;
- i++;
- }
- attr_arr[i] = NULL;
- rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key,
- attr_arr);
-
- //TODO review this wireformat
- code_record_len = serialize_abe_keyinfo2 (ticket,
- attrs,
- rp_key,
- &ecdhe_privkey,
- &code_record_data);
- code_record[0].data = code_record_data;
- code_record[0].data_size = code_record_len;
- code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
- code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
- code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
-
- label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
- sizeof (uint64_t));
- //Publish record
- rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
- &rh->identity,
- label,
- 1,
- code_record,
- &reissue_ticket_cont,
- rh);
- //for (; i > 0; i--)
- // GNUNET_free (attr_arr[i-1]);
- GNUNET_free (ecdhe_privkey);
- GNUNET_free (label);
- GNUNET_free (attr_arr);
- GNUNET_free (code_record_data);
- GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES);
-}
-
-
-/* Prototype for below function */
-static void
-attr_reenc_cont (void *cls,
- int32_t success,
- const char *emsg);
-
-static void
-revocation_reissue_tickets (struct TicketRevocationHandle *rh)
-{
- int ret;
- /* Done, issue new keys */
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Revocation Phase III: Reissuing Tickets\n");
- if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,
- &rh->ticket.identity,
- GNUNET_NO,
- rh->offset,
- &ticket_reissue_proc,
- rh)))
- {
- GNUNET_break (0);
- }
- if (GNUNET_NO == ret)
- {
- send_revocation_finished (rh, GNUNET_OK);
- GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
- rh->client->revoke_op_tail,
- rh);
- cleanup_revoke_ticket_handle (rh);
- return;
- }
-}
-
-/**
- * Failed to check for attribute
- */
-static void
-check_attr_error (void *cls)
-{
- struct TicketRevocationHandle *rh = cls;
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to check for existing attribute\n");
- send_revocation_finished (rh, GNUNET_SYSERR);
- GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
- rh->client->revoke_op_tail,
- rh);
- cleanup_revoke_ticket_handle (rh);
-}
-
-
-/**
- * Revoke next attribte by reencryption with
- * new ABE master
- */
-static void
-reenc_next_attribute (void *cls);
-
-/**
- * Check for existing attribute and overwrite
- */
-static void
-check_attr_cb (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
- const char *label,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data *rd_old)
-{
- struct TicketRevocationHandle *rh = cls;
- struct GNUNET_GNSRECORD_Data rd[1];
- char* buf;
- char* enc_buf;
- size_t enc_size;
- char* rd_buf;
- size_t buf_size;
- char* policy;
- uint32_t attr_ver;
-
- if (1 != rd_count) {
- GNUNET_SCHEDULER_add_now (&reenc_next_attribute,
- rh);
- return;
- }
-
- buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
- buf = GNUNET_malloc (buf_size);
- GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
- buf);
- rh->attrs->list_head->claim->version++;
- GNUNET_asprintf (&policy, "%s_%lu",
- rh->attrs->list_head->claim->name,
- rh->attrs->list_head->claim->version);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Encrypting with policy %s\n", policy);
- /**
- * Encrypt the attribute value and store in namestore
- */
- enc_size = GNUNET_ABE_cpabe_encrypt (buf,
- buf_size,
- policy, //Policy
- rh->abe_key,
- (void**)&enc_buf);
- GNUNET_free (buf);
- if (GNUNET_SYSERR == enc_size)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to re-encrypt with policy %s\n",
- policy);
- GNUNET_free (policy);
- send_revocation_finished (rh, GNUNET_SYSERR);
- GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
- rh->client->revoke_op_tail,
- rh);
- cleanup_revoke_ticket_handle (rh);
- return;
- }
- GNUNET_free (policy);
-
- rd[0].data_size = enc_size + sizeof (uint32_t);
- rd_buf = GNUNET_malloc (rd[0].data_size);
- attr_ver = htonl (rh->attrs->list_head->claim->version);
- GNUNET_memcpy (rd_buf,
- &attr_ver,
- sizeof (uint32_t));
- GNUNET_memcpy (rd_buf+sizeof (uint32_t),
- enc_buf,
- enc_size);
- rd[0].data = rd_buf;
- rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
- rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
- rd[0].expiration_time = rd_old[0].expiration_time;
- rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
- &rh->identity,
- rh->attrs->list_head->claim->name,
- 1,
- rd,
- &attr_reenc_cont,
- rh);
- GNUNET_free (enc_buf);
- GNUNET_free (rd_buf);
-}
-
-
-/**
- * Revoke next attribte by reencryption with
- * new ABE master
- */
-static void
-reenc_next_attribute (void *cls)
-{
- struct TicketRevocationHandle *rh = cls;
- if (NULL == rh->attrs->list_head)
- {
- revocation_reissue_tickets (rh);
- return;
- }
- /* First check if attribute still exists */
- rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
- &rh->identity,
- rh->attrs->list_head->claim->name,
- &check_attr_error,
- rh,
- &check_attr_cb,
- rh);
-}
-
-
-/**
- * Namestore callback after revoked attribute
- * is stored
- */
-static void
-attr_reenc_cont (void *cls,
- int32_t success,
- const char *emsg)
-{
- struct TicketRevocationHandle *rh = cls;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
-
- if (GNUNET_SYSERR == success)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to reencrypt attribute %s\n",
- emsg);
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
- return;
- }
- if (NULL == rh->attrs->list_head)
- {
- revocation_reissue_tickets (rh);
- return;
- }
- le = rh->attrs->list_head;
- GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,
- rh->attrs->list_tail,
- le);
- GNUNET_assert (NULL != rh->rvk_attrs);
- GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head,
- rh->rvk_attrs->list_tail,
- le);
-
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Re-encrypting next attribute\n");
- reenc_next_attribute (rh);
-}
-
-
-static void
-process_attributes_to_update (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct TicketRevocationHandle *rh = cls;
-
- rh->attrs = GNUNET_IDENTITY_ATTRIBUTE_list_dup (attrs);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Revocation Phase I: Collecting attributes\n");
- /* Reencrypt all attributes with new key */
- if (NULL == rh->attrs->list_head)
- {
- /* No attributes to reencrypt */
- send_revocation_finished (rh, GNUNET_OK);
- GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
- rh->client->revoke_op_tail,
- rh);
- cleanup_revoke_ticket_handle (rh);
- return;
- } else {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Revocation Phase II: Re-encrypting attributes\n");
- reenc_next_attribute (rh);
- }
-
-}
-
-
-
-static void
-get_ticket_after_abe_bootstrap (void *cls,
- struct GNUNET_ABE_AbeMasterKey *abe_key)
-{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Finished ABE bootstrap\n");
- struct TicketRevocationHandle *rh = cls;
- rh->abe_key = abe_key;
- TKT_database->get_ticket_attributes (TKT_database->cls,
- &rh->ticket,
- &process_attributes_to_update,
- rh);
-}
-
-static int
-check_revoke_ticket_message(void *cls,
- const struct RevokeTicketMessage *im)
-{
- uint16_t size;
-
- size = ntohs (im->header.size);
- if (size <= sizeof (struct RevokeTicketMessage))
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-static void
-handle_revoke_ticket_message (void *cls,
- const struct RevokeTicketMessage *rm)
-{
- struct TicketRevocationHandle *rh;
- struct IdpClient *idp = cls;
- struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
-
- rh = GNUNET_new (struct TicketRevocationHandle);
- ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket*)&rm[1];
- rh->rvk_attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- rh->ticket = *ticket;
- rh->r_id = ntohl (rm->id);
- rh->client = idp;
- rh->identity = rm->identity;
- GNUNET_CRYPTO_ecdsa_key_get_public (&rh->identity,
- &rh->ticket.identity);
- GNUNET_CONTAINER_DLL_insert (idp->revoke_op_head,
- idp->revoke_op_tail,
- rh);
- bootstrap_abe (&rh->identity, &get_ticket_after_abe_bootstrap, rh, GNUNET_NO);
- GNUNET_SERVICE_client_continue (idp->client);
-
-}
-
-/**
- * Cleanup ticket consume handle
- * @param handle the handle to clean up
- */
-static void
-cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
-{
- struct ParallelLookup *lu;
- struct ParallelLookup *tmp;
- if (NULL != handle->lookup_request)
- GNUNET_GNS_lookup_cancel (handle->lookup_request);
- for (lu = handle->parallel_lookups_head;
- NULL != lu;) {
- GNUNET_GNS_lookup_cancel (lu->lookup_request);
- GNUNET_free (lu->label);
- tmp = lu->next;
- GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
- handle->parallel_lookups_tail,
- lu);
- GNUNET_free (lu);
- lu = tmp;
- }
-
- if (NULL != handle->key)
- GNUNET_ABE_cpabe_delete_key (handle->key,
- GNUNET_YES);
- if (NULL != handle->attrs)
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy (handle->attrs);
- GNUNET_free (handle);
-}
-
-
-
-static int
-check_consume_ticket_message(void *cls,
- const struct ConsumeTicketMessage *cm)
-{
- uint16_t size;
-
- size = ntohs (cm->header.size);
- if (size <= sizeof (struct ConsumeTicketMessage))
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-static void
-process_parallel_lookup2 (void *cls, uint32_t rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Parallel lookup finished (count=%u)\n", rd_count);
- struct ParallelLookup *parallel_lookup = cls;
- struct ConsumeTicketHandle *handle = parallel_lookup->handle;
- struct ConsumeTicketResultMessage *crm;
- struct GNUNET_MQ_Envelope *env;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *attr_le;
- struct GNUNET_TIME_Absolute decrypt_duration;
- char *data;
- char *data_tmp;
- ssize_t attr_len;
- size_t attrs_len;
-
- GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
- handle->parallel_lookups_tail,
- parallel_lookup);
- GNUNET_free (parallel_lookup->label);
-
- GNUNET_STATISTICS_update (stats,
- "attribute_lookup_time_total",
- GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time).rel_value_us,
- GNUNET_YES);
- GNUNET_STATISTICS_update (stats,
- "attribute_lookups_count",
- 1,
- GNUNET_YES);
-
-
- GNUNET_free (parallel_lookup);
- if (1 != rd_count)
- GNUNET_break(0);//TODO
- if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
- {
- decrypt_duration = GNUNET_TIME_absolute_get ();
- attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t),
- rd->data_size - sizeof (uint32_t),
- handle->key,
- (void**)&data);
- if (GNUNET_SYSERR != attr_len)
- {
- GNUNET_STATISTICS_update (stats,
- "abe_decrypt_time_total",
- GNUNET_TIME_absolute_get_duration (decrypt_duration).rel_value_us,
- GNUNET_YES);
- GNUNET_STATISTICS_update (stats,
- "abe_decrypt_count",
- 1,
- GNUNET_YES);
-
- attr_le = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
- attr_le->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize (data,
- attr_len);
- attr_le->claim->version = ntohl(*(uint32_t*)rd->data);
- GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
- handle->attrs->list_tail,
- attr_le);
- GNUNET_free (data);
- }
- }
- if (NULL != handle->parallel_lookups_head)
- return; //Wait for more
- /* Else we are done */
-
- /* Store ticket in DB */
- if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
- &handle->ticket,
- handle->attrs))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to store ticket after consume\n");
- GNUNET_break (0);
- }
-
- GNUNET_SCHEDULER_cancel (handle->kill_task);
- attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (handle->attrs);
- env = GNUNET_MQ_msg_extra (crm,
- attrs_len,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT);
- crm->id = htonl (handle->r_id);
- crm->attrs_len = htons (attrs_len);
- crm->identity = handle->ticket.identity;
- data_tmp = (char *) &crm[1];
- GNUNET_IDENTITY_ATTRIBUTE_list_serialize (handle->attrs,
- data_tmp);
- GNUNET_MQ_send (handle->client->mq, env);
- GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
- handle->client->consume_op_tail,
- handle);
- cleanup_consume_ticket_handle (handle);
-}
-
-void
-abort_parallel_lookups2 (void *cls)
-{
- struct ConsumeTicketHandle *handle = cls;
- struct ParallelLookup *lu;
- struct ParallelLookup *tmp;
- struct AttributeResultMessage *arm;
- struct GNUNET_MQ_Envelope *env;
-
- handle->kill_task = NULL;
- for (lu = handle->parallel_lookups_head;
- NULL != lu;) {
- GNUNET_GNS_lookup_cancel (lu->lookup_request);
- GNUNET_free (lu->label);
- tmp = lu->next;
- GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
- handle->parallel_lookups_tail,
- lu);
- GNUNET_free (lu);
- lu = tmp;
- }
- env = GNUNET_MQ_msg (arm,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
- arm->id = htonl (handle->r_id);
- arm->attr_len = htons (0);
- GNUNET_MQ_send (handle->client->mq, env);
-
-}
-
-
-static void
-process_consume_abe_key (void *cls, uint32_t rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- struct ConsumeTicketHandle *handle = cls;
- struct GNUNET_HashCode new_key_hash;
- struct GNUNET_CRYPTO_SymmetricSessionKey enc_key;
- struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv;
- struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key;
- struct ParallelLookup *parallel_lookup;
- size_t size;
- char *buf;
- char *scope;
-
- handle->lookup_request = NULL;
- if (1 != rd_count)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Number of keys %d != 1.",
- rd_count);
- cleanup_consume_ticket_handle (handle);
- GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
- handle->client->consume_op_tail,
- handle);
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
- return;
- }
-
- //Decrypt
- ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data;
-
- buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
-
- //Calculate symmetric key from ecdh parameters
- GNUNET_assert (GNUNET_OK ==
- GNUNET_CRYPTO_ecdsa_ecdh (&handle->identity,
- ecdh_key,
- &new_key_hash));
- create_sym_key_from_ecdh (&new_key_hash,
- &enc_key,
- &enc_iv);
- size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
- rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
- &enc_key,
- &enc_iv,
- buf);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Decrypted bytes: %zd Expected bytes: %zd\n",
- size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
- GNUNET_STATISTICS_update (stats,
- "abe_key_lookup_time_total",
- GNUNET_TIME_absolute_get_duration (handle->lookup_start_time).rel_value_us,
- GNUNET_YES);
- GNUNET_STATISTICS_update (stats,
- "abe_key_lookups_count",
- 1,
- GNUNET_YES);
- scopes = GNUNET_strdup (buf);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Scopes %s\n", scopes);
- handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1),
- rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)
- - strlen (scopes) - 1);
-
- for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ","))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Looking up %s\n", scope);
- parallel_lookup = GNUNET_new (struct ParallelLookup);
- parallel_lookup->handle = handle;
- parallel_lookup->label = GNUNET_strdup (scope);
- parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get();
- parallel_lookup->lookup_request
- = GNUNET_GNS_lookup (gns_handle,
- scope,
- &handle->ticket.identity,
- GNUNET_GNSRECORD_TYPE_ID_ATTR,
- GNUNET_GNS_LO_DEFAULT,
- &process_parallel_lookup2,
- parallel_lookup);
- GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head,
- handle->parallel_lookups_tail,
- parallel_lookup);
- }
- GNUNET_free (scopes);
- GNUNET_free (buf);
- handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),
- &abort_parallel_lookups2,
- handle);
-}
-
-
-static void
-handle_consume_ticket_message (void *cls,
- const struct ConsumeTicketMessage *cm)
-{
- struct ConsumeTicketHandle *ch;
- struct IdpClient *idp = cls;
- char* rnd_label;
-
- ch = GNUNET_new (struct ConsumeTicketHandle);
- ch->r_id = ntohl (cm->id);
- ch->client = idp;
- ch->identity = cm->identity;
- ch->attrs = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
- &ch->identity_pub);
- ch->ticket = *((struct GNUNET_IDENTITY_PROVIDER_Ticket*)&cm[1]);
- rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
- sizeof (uint64_t));
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Looking for ABE key under %s\n", rnd_label);
- ch->lookup_start_time = GNUNET_TIME_absolute_get ();
- ch->lookup_request
- = GNUNET_GNS_lookup (gns_handle,
- rnd_label,
- &ch->ticket.identity,
- GNUNET_GNSRECORD_TYPE_ABE_KEY,
- GNUNET_GNS_LO_DEFAULT,
- &process_consume_abe_key,
- ch);
- GNUNET_CONTAINER_DLL_insert (idp->consume_op_head,
- idp->consume_op_tail,
- ch);
- GNUNET_free (rnd_label);
- GNUNET_SERVICE_client_continue (idp->client);
-}
-
-/**
- * Cleanup attribute store handle
- *
- * @param handle handle to clean up
- */
-static void
-cleanup_as_handle (struct AttributeStoreHandle *handle)
-{
- if (NULL != handle->ns_qe)
- GNUNET_NAMESTORE_cancel (handle->ns_qe);
- if (NULL != handle->claim)
- GNUNET_free (handle->claim);
- if (NULL != handle->abe_key)
- GNUNET_ABE_cpabe_delete_master_key (handle->abe_key);
- GNUNET_free (handle);
-}
-
-static void
-attr_store_cont (void *cls,
- int32_t success,
- const char *emsg)
-{
- struct AttributeStoreHandle *as_handle = cls;
- struct GNUNET_MQ_Envelope *env;
- struct AttributeStoreResultMessage *acr_msg;
-
- as_handle->ns_qe = NULL;
- GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
- as_handle->client->store_op_tail,
- as_handle);
-
- if (GNUNET_SYSERR == success)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to store attribute %s\n",
- emsg);
- cleanup_as_handle (as_handle);
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
- return;
- }
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Sending ATTRIBUTE_STORE_RESPONSE message\n");
- env = GNUNET_MQ_msg (acr_msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE);
- acr_msg->id = htonl (as_handle->r_id);
- acr_msg->op_result = htonl (GNUNET_OK);
- GNUNET_MQ_send (as_handle->client->mq,
- env);
- cleanup_as_handle (as_handle);
-}
-
-static void
-attr_store_task (void *cls)
-{
- struct AttributeStoreHandle *as_handle = cls;
- struct GNUNET_GNSRECORD_Data rd[1];
- char* buf;
- char* policy;
- char* enc_buf;
- char* rd_buf;
- size_t enc_size;
- size_t buf_size;
- uint32_t attr_ver;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Storing attribute\n");
- buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (as_handle->claim);
- buf = GNUNET_malloc (buf_size);
-
- GNUNET_IDENTITY_ATTRIBUTE_serialize (as_handle->claim,
- buf);
-
- GNUNET_asprintf (&policy,
- "%s_%lu",
- as_handle->claim->name,
- as_handle->claim->version);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Encrypting with policy %s\n", policy);
- /**
- * Encrypt the attribute value and store in namestore
- */
- enc_size = GNUNET_ABE_cpabe_encrypt (buf,
- buf_size,
- policy, //Policy
- as_handle->abe_key,
- (void**)&enc_buf);
- if (GNUNET_SYSERR == enc_size)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to encrypt with policy %s\n",
- policy);
- GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
- as_handle->client->store_op_tail,
- as_handle);
-
- cleanup_as_handle (as_handle);
- GNUNET_free (buf);
- GNUNET_free (policy);
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
- return;
- }
- GNUNET_free (buf);
- GNUNET_free (policy);
- rd[0].data_size = enc_size + sizeof (uint32_t);
- rd_buf = GNUNET_malloc (rd[0].data_size);
- attr_ver = htonl (as_handle->claim->version);
- GNUNET_memcpy (rd_buf,
- &attr_ver,
- sizeof (uint32_t));
- GNUNET_memcpy (rd_buf+sizeof (uint32_t),
- enc_buf,
- enc_size);
- rd[0].data = rd_buf;
- rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
- rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
- rd[0].expiration_time = as_handle->exp.rel_value_us;
- as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
- &as_handle->identity,
- as_handle->claim->name,
- 1,
- rd,
- &attr_store_cont,
- as_handle);
- GNUNET_free (enc_buf);
- GNUNET_free (rd_buf);
-}
-
-
-static void
-store_after_abe_bootstrap (void *cls,
- struct GNUNET_ABE_AbeMasterKey *abe_key)
-{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Finished ABE bootstrap\n");
- struct AttributeStoreHandle *ash = cls;
- ash->abe_key = abe_key;
- GNUNET_SCHEDULER_add_now (&attr_store_task, ash);
-}
-
-static int
-check_attribute_store_message(void *cls,
- const struct AttributeStoreMessage *sam)
-{
- uint16_t size;
-
- size = ntohs (sam->header.size);
- if (size <= sizeof (struct AttributeStoreMessage))
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-static void
-handle_attribute_store_message (void *cls,
- const struct AttributeStoreMessage *sam)
-{
- struct AttributeStoreHandle *as_handle;
- struct IdpClient *idp = cls;
- size_t data_len;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received ATTRIBUTE_STORE message\n");
-
- data_len = ntohs (sam->attr_len);
-
- as_handle = GNUNET_new (struct AttributeStoreHandle);
- as_handle->claim = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&sam[1],
- data_len);
-
- as_handle->r_id = ntohl (sam->id);
- as_handle->identity = sam->identity;
- as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
- GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
- &as_handle->identity_pkey);
-
- GNUNET_SERVICE_client_continue (idp->client);
- as_handle->client = idp;
- GNUNET_CONTAINER_DLL_insert (idp->store_op_head,
- idp->store_op_tail,
- as_handle);
- bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle, GNUNET_NO);
-}
-
-static void
-cleanup_attribute_iter_handle (struct AttributeIterator *ai)
-{
- if (NULL != ai->abe_key)
- GNUNET_ABE_cpabe_delete_master_key (ai->abe_key);
- GNUNET_free (ai);
-}
-
-static void
-attr_iter_error (void *cls)
-{
- struct AttributeIterator *ai = cls;
- //TODO
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to iterate over attributes\n");
- GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head,
- ai->client->attr_iter_tail,
- ai);
- cleanup_attribute_iter_handle (ai);
- GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
-}
-
-static void
-attr_iter_finished (void *cls)
-{
- struct AttributeIterator *ai = cls;
- struct GNUNET_MQ_Envelope *env;
- struct AttributeResultMessage *arm;
-
- env = GNUNET_MQ_msg (arm,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
- arm->id = htonl (ai->request_id);
- arm->attr_len = htons (0);
- GNUNET_MQ_send (ai->client->mq, env);
- GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head,
- ai->client->attr_iter_tail,
- ai);
- cleanup_attribute_iter_handle (ai);
-}
-
-static void
-attr_iter_cb (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
- const char *label,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- struct AttributeIterator *ai = cls;
- struct AttributeResultMessage *arm;
- struct GNUNET_ABE_AbeKey *key;
- struct GNUNET_MQ_Envelope *env;
- ssize_t msg_extra_len;
- char* attr_ser;
- char* attrs[2];
- char* data_tmp;
- char* policy;
- uint32_t attr_ver;
-
- if (rd_count != 1)
- {
- GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
- 1);
- return;
- }
-
- if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type)
- {
- GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
- 1);
- return;
- }
- attr_ver = ntohl(*((uint32_t*)rd->data));
- GNUNET_asprintf (&policy, "%s_%lu",
- label, attr_ver);
- attrs[0] = policy;
- attrs[1] = 0;
- key = GNUNET_ABE_cpabe_create_key (ai->abe_key,
- attrs);
- msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t),
- rd->data_size-sizeof (uint32_t),
- key,
- (void**)&attr_ser);
- if (GNUNET_SYSERR == msg_extra_len)
- {
- GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
- 1);
- return;
- }
-
- GNUNET_ABE_cpabe_delete_key (key,
- GNUNET_YES);
- //GNUNET_free (policy);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Found attribute: %s\n", label);
- env = GNUNET_MQ_msg_extra (arm,
- msg_extra_len,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT);
- arm->id = htonl (ai->request_id);
- arm->attr_len = htons (msg_extra_len);
- GNUNET_CRYPTO_ecdsa_key_get_public (zone,
- &arm->identity);
- data_tmp = (char *) &arm[1];
- GNUNET_memcpy (data_tmp,
- attr_ser,
- msg_extra_len);
- GNUNET_MQ_send (ai->client->mq, env);
- GNUNET_free (attr_ser);
- GNUNET_ABE_cpabe_delete_master_key (ai->abe_key);
- ai->abe_key = NULL;
-}
-
-
-void
-iterate_after_abe_bootstrap (void *cls,
- struct GNUNET_ABE_AbeMasterKey *abe_key)
-{
- struct AttributeIterator *ai = cls;
- ai->abe_key = abe_key;
- ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
- &ai->identity,
- &attr_iter_error,
- ai,
- &attr_iter_cb,
- ai,
- &attr_iter_finished,
- ai);
-}
-
-
-static void
-iterate_next_after_abe_bootstrap (void *cls,
- struct GNUNET_ABE_AbeMasterKey *abe_key)
-{
- struct AttributeIterator *ai = cls;
- ai->abe_key = abe_key;
- GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
- 1);
-}
-
-
-
-static void
-handle_iteration_start (void *cls,
- const struct AttributeIterationStartMessage *ais_msg)
-{
- struct IdpClient *idp = cls;
- struct AttributeIterator *ai;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received ATTRIBUTE_ITERATION_START message\n");
- ai = GNUNET_new (struct AttributeIterator);
- ai->request_id = ntohl (ais_msg->id);
- ai->client = idp;
- ai->identity = ais_msg->identity;
-
- GNUNET_CONTAINER_DLL_insert (idp->attr_iter_head,
- idp->attr_iter_tail,
- ai);
- bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai, GNUNET_NO);
- GNUNET_SERVICE_client_continue (idp->client);
-}
-
-
-static void
-handle_iteration_stop (void *cls,
- const struct AttributeIterationStopMessage *ais_msg)
-{
- struct IdpClient *idp = cls;
- struct AttributeIterator *ai;
- uint32_t rid;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received `%s' message\n",
- "ATTRIBUTE_ITERATION_STOP");
- rid = ntohl (ais_msg->id);
- for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next)
- if (ai->request_id == rid)
- break;
- if (NULL == ai)
- {
- GNUNET_break (0);
- GNUNET_SERVICE_client_drop (idp->client);
- return;
- }
- GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head,
- idp->attr_iter_tail,
- ai);
- GNUNET_free (ai);
- GNUNET_SERVICE_client_continue (idp->client);
-}
-
-
-static void
-handle_iteration_next (void *cls,
- const struct AttributeIterationNextMessage *ais_msg)
-{
- struct IdpClient *idp = cls;
- struct AttributeIterator *ai;
- uint32_t rid;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received ATTRIBUTE_ITERATION_NEXT message\n");
- rid = ntohl (ais_msg->id);
- for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next)
- if (ai->request_id == rid)
- break;
- if (NULL == ai)
- {
- GNUNET_break (0);
- GNUNET_SERVICE_client_drop (idp->client);
- return;
- }
- bootstrap_abe (&ai->identity,
- &iterate_next_after_abe_bootstrap,
- ai,
- GNUNET_NO);
- GNUNET_SERVICE_client_continue (idp->client);
-}
-
-/**
- * Ticket iteration processor result
- */
-enum ZoneIterationResult
-{
- /**
- * Iteration start.
- */
- IT_START = 0,
-
- /**
- * Found tickets,
- * Continue to iterate with next iteration_next call
- */
- IT_SUCCESS_MORE_AVAILABLE = 1,
-
- /**
- * Iteration complete
- */
- IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE = 2
-};
-
-
-/**
- * Context for ticket iteration
- */
-struct TicketIterationProcResult
-{
- /**
- * The ticket iteration handle
- */
- struct TicketIteration *ti;
-
- /**
- * Iteration result: iteration done?
- * #IT_SUCCESS_MORE_AVAILABLE: if there may be more results overall but
- * we got one for now and have sent it to the client
- * #IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE: if there are no further results,
- * #IT_START: if we are still trying to find a result.
- */
- int res_iteration_finished;
-
-};
-
-static void
-cleanup_ticket_iter_handle (struct TicketIteration *ti)
-{
- GNUNET_free (ti);
-}
-
-/**
- * Process ticket from database
- *
- * @param cls struct TicketIterationProcResult
- * @param ticket the ticket
- * @param attrs the attributes
- */
-static void
-ticket_iterate_proc (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct TicketIterationProcResult *proc = cls;
-
- if (NULL == ticket)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Iteration done\n");
- proc->res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE;
- return;
- }
- proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE;
- send_ticket_result (proc->ti->client,
- proc->ti->r_id,
- ticket,
- attrs);
-
-}
-
-/**
- * Perform ticket iteration step
- *
- * @param ti ticket iterator to process
- */
-static void
-run_ticket_iteration_round (struct TicketIteration *ti)
-{
- struct TicketIterationProcResult proc;
- struct GNUNET_MQ_Envelope *env;
- struct TicketResultMessage *trm;
- int ret;
-
- memset (&proc, 0, sizeof (proc));
- proc.ti = ti;
- proc.res_iteration_finished = IT_START;
- while (IT_START == proc.res_iteration_finished)
- {
- if (GNUNET_SYSERR ==
- (ret = TKT_database->iterate_tickets (TKT_database->cls,
- &ti->identity,
- ti->is_audience,
- ti->offset,
- &ticket_iterate_proc,
- &proc)))
- {
- GNUNET_break (0);
- break;
- }
- if (GNUNET_NO == ret)
- proc.res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE;
- ti->offset++;
- }
- if (IT_SUCCESS_MORE_AVAILABLE == proc.res_iteration_finished)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "More results available\n");
- return; /* more later */
- }
- /* send empty response to indicate end of list */
- env = GNUNET_MQ_msg (trm,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT);
- trm->id = htonl (ti->r_id);
- GNUNET_MQ_send (ti->client->mq,
- env);
- GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head,
- ti->client->ticket_iter_tail,
- ti);
- cleanup_ticket_iter_handle (ti);
-}
-
-static void
-handle_ticket_iteration_start (void *cls,
- const struct TicketIterationStartMessage *tis_msg)
-{
- struct IdpClient *client = cls;
- struct TicketIteration *ti;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received TICKET_ITERATION_START message\n");
- ti = GNUNET_new (struct TicketIteration);
- ti->r_id = ntohl (tis_msg->id);
- ti->offset = 0;
- ti->client = client;
- ti->identity = tis_msg->identity;
- ti->is_audience = ntohl (tis_msg->is_audience);
-
- GNUNET_CONTAINER_DLL_insert (client->ticket_iter_head,
- client->ticket_iter_tail,
- ti);
- run_ticket_iteration_round (ti);
- GNUNET_SERVICE_client_continue (client->client);
-}
-
-
-static void
-handle_ticket_iteration_stop (void *cls,
- const struct TicketIterationStopMessage *tis_msg)
-{
- struct IdpClient *client = cls;
- struct TicketIteration *ti;
- uint32_t rid;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received `%s' message\n",
- "TICKET_ITERATION_STOP");
- rid = ntohl (tis_msg->id);
- for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next)
- if (ti->r_id == rid)
- break;
- if (NULL == ti)
- {
- GNUNET_break (0);
- GNUNET_SERVICE_client_drop (client->client);
- return;
- }
- GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head,
- client->ticket_iter_tail,
- ti);
- cleanup_ticket_iter_handle (ti);
- GNUNET_SERVICE_client_continue (client->client);
-}
-
-
-static void
-handle_ticket_iteration_next (void *cls,
- const struct TicketIterationNextMessage *tis_msg)
-{
- struct IdpClient *client = cls;
- struct TicketIteration *ti;
- uint32_t rid;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Received TICKET_ITERATION_NEXT message\n");
- rid = ntohl (tis_msg->id);
- for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next)
- if (ti->r_id == rid)
- break;
- if (NULL == ti)
- {
- GNUNET_break (0);
- GNUNET_SERVICE_client_drop (client->client);
- return;
- }
- run_ticket_iteration_round (ti);
- GNUNET_SERVICE_client_continue (client->client);
-}
-
-
-
-
-/**
- * Main function that will be run
- *
- * @param cls closure
- * @param c the configuration used
- * @param server the service handle
- */
-static void
-run (void *cls,
- const struct GNUNET_CONFIGURATION_Handle *c,
- struct GNUNET_SERVICE_Handle *server)
-{
- char *database;
- cfg = c;
-
- stats = GNUNET_STATISTICS_create ("identity-provider", cfg);
-
- //Connect to identity and namestore services
- ns_handle = GNUNET_NAMESTORE_connect (cfg);
- if (NULL == ns_handle)
- {
- GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to namestore");
- }
-
- gns_handle = GNUNET_GNS_connect (cfg);
- if (NULL == gns_handle)
- {
- GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns");
- }
- credential_handle = GNUNET_CREDENTIAL_connect (cfg);
- if (NULL == credential_handle)
- {
- GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to credential");
- }
- identity_handle = GNUNET_IDENTITY_connect (cfg,
- NULL,
- NULL);
- /* Loading DB plugin */
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_string (cfg,
- "identity-provider",
- "database",
- &database))
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "No database backend configured\n");
- GNUNET_asprintf (&db_lib_name,
- "libgnunet_plugin_identity_provider_%s",
- database);
- TKT_database = GNUNET_PLUGIN_load (db_lib_name,
- (void *) cfg);
- GNUNET_free (database);
- if (NULL == TKT_database)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Could not load database backend `%s'\n",
- db_lib_name);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
-
- if (GNUNET_OK ==
- GNUNET_CONFIGURATION_get_value_time (cfg,
- "identity-provider",
- "TOKEN_EXPIRATION_INTERVAL",
- &token_expiration_interval))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Time window for zone iteration: %s\n",
- GNUNET_STRINGS_relative_time_to_string (token_expiration_interval,
- GNUNET_YES));
- } else {
- token_expiration_interval = DEFAULT_TOKEN_EXPIRATION_INTERVAL;
- }
-
- GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
-}
-
-/**
- * Called whenever a client is disconnected.
- *
- * @param cls closure
- * @param client identification of the client
- * @param app_ctx @a client
- */
-static void
-client_disconnect_cb (void *cls,
- struct GNUNET_SERVICE_Client *client,
- void *app_ctx)
-{
- struct IdpClient *idp = app_ctx;
- struct AttributeIterator *ai;
- struct TicketIteration *ti;
- struct TicketRevocationHandle *rh;
- struct TicketIssueHandle *iss;
- struct ConsumeTicketHandle *ct;
- struct AttributeStoreHandle *as;
-
- //TODO other operations
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Client %p disconnected\n",
- client);
-
- while (NULL != (iss = idp->issue_op_head))
- {
- GNUNET_CONTAINER_DLL_remove (idp->issue_op_head,
- idp->issue_op_tail,
- iss);
- cleanup_ticket_issue_handle (iss);
- }
- while (NULL != (ct = idp->consume_op_head))
- {
- GNUNET_CONTAINER_DLL_remove (idp->consume_op_head,
- idp->consume_op_tail,
- ct);
- cleanup_consume_ticket_handle (ct);
- }
- while (NULL != (as = idp->store_op_head))
- {
- GNUNET_CONTAINER_DLL_remove (idp->store_op_head,
- idp->store_op_tail,
- as);
- cleanup_as_handle (as);
- }
-
- while (NULL != (ai = idp->attr_iter_head))
- {
- GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head,
- idp->attr_iter_tail,
- ai);
- cleanup_attribute_iter_handle (ai);
- }
- while (NULL != (rh = idp->revoke_op_head))
- {
- GNUNET_CONTAINER_DLL_remove (idp->revoke_op_head,
- idp->revoke_op_tail,
- rh);
- cleanup_revoke_ticket_handle (rh);
- }
- while (NULL != (ti = idp->ticket_iter_head))
- {
- GNUNET_CONTAINER_DLL_remove (idp->ticket_iter_head,
- idp->ticket_iter_tail,
- ti);
- cleanup_ticket_iter_handle (ti);
- }
- GNUNET_free (idp);
-}
-
-
-/**
- * Add a client to our list of active clients.
- *
- * @param cls NULL
- * @param client client to add
- * @param mq message queue for @a client
- * @return internal namestore client structure for this client
- */
-static void *
-client_connect_cb (void *cls,
- struct GNUNET_SERVICE_Client *client,
- struct GNUNET_MQ_Handle *mq)
-{
- struct IdpClient *idp;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Client %p connected\n",
- client);
- idp = GNUNET_new (struct IdpClient);
- idp->client = client;
- idp->mq = mq;
- return idp;
-}
-
-
-
-/**
- * Define "main" method using service macro.
- */
-GNUNET_SERVICE_MAIN
-("identity-provider",
- GNUNET_SERVICE_OPTION_NONE,
- &run,
- &client_connect_cb,
- &client_disconnect_cb,
- NULL,
- GNUNET_MQ_hd_var_size (attribute_store_message,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE,
- struct AttributeStoreMessage,
- NULL),
- GNUNET_MQ_hd_fixed_size (iteration_start,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START,
- struct AttributeIterationStartMessage,
- NULL),
- GNUNET_MQ_hd_fixed_size (iteration_next,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT,
- struct AttributeIterationNextMessage,
- NULL),
- GNUNET_MQ_hd_fixed_size (iteration_stop,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP,
- struct AttributeIterationStopMessage,
- NULL),
- GNUNET_MQ_hd_var_size (issue_ticket_message,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET,
- struct IssueTicketMessage,
- NULL),
- GNUNET_MQ_hd_var_size (consume_ticket_message,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET,
- struct ConsumeTicketMessage,
- NULL),
- GNUNET_MQ_hd_fixed_size (ticket_iteration_start,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START,
- struct TicketIterationStartMessage,
- NULL),
- GNUNET_MQ_hd_fixed_size (ticket_iteration_next,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT,
- struct TicketIterationNextMessage,
- NULL),
- GNUNET_MQ_hd_fixed_size (ticket_iteration_stop,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP,
- struct TicketIterationStopMessage,
- NULL),
- GNUNET_MQ_hd_var_size (revoke_ticket_message,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET,
- struct RevokeTicketMessage,
- NULL),
- GNUNET_MQ_handler_end());
-/* end of gnunet-service-identity-provider.c */
+++ /dev/null
-[identity-provider]
-START_ON_DEMAND = NO
-RUN_PER_USER = YES
-#PORT = 2108
-HOSTNAME = localhost
-BINARY = gnunet-service-identity-provider
-ACCEPT_FROM = 127.0.0.1;
-ACCEPT_FROM6 = ::1;
-UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-identity-provider.sock
-UNIX_MATCH_UID = NO
-UNIX_MATCH_GID = YES
-TOKEN_EXPIRATION_INTERVAL = 30 m
-DATABASE = sqlite
-
-[identity-rest-plugin]
-#ADDRESS = https://identity.gnu:8000#/login
-ADDRESS = https://reclaim.ui/#/login
-PSW = secret
-EXPIRATION_TIME = 3600
-
-[identity-provider-sqlite]
-FILENAME = $GNUNET_DATA_HOME/identity-provider/sqlite.db
+++ /dev/null
-[identity-token]
-BINARY=gnunet-service-identity-token
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2016 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @author Martin Schanzenbach
- * @file identity-provider/identity_provider.h
- *
- * @brief Common type definitions for the identity provider
- * service and API.
- */
-#ifndef IDENTITY_PROVIDER_H
-#define IDENTITY_PROVIDER_H
-
-#include "gnunet_common.h"
-
-
-GNUNET_NETWORK_STRUCT_BEGIN
-
-/**
- * Use to store an identity attribute
- */
-struct AttributeStoreMessage
-{
- /**
- * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * The length of the attribute
- */
- uint32_t attr_len GNUNET_PACKED;
-
- /**
- * The expiration interval of the attribute
- */
- uint64_t exp GNUNET_PACKED;
-
- /**
- * Identity
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /* followed by the serialized attribute */
-
-};
-
-/**
- * Attribute store response message
- */
-struct AttributeStoreResultMessage
-{
- /**
- * Message header
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * #GNUNET_SYSERR on failure, #GNUNET_OK on success
- */
- int32_t op_result GNUNET_PACKED;
-
-};
-
-/**
- * Attribute is returned from the idp.
- */
-struct AttributeResultMessage
-{
- /**
- * Message header
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Length of serialized attribute data
- */
- uint16_t attr_len GNUNET_PACKED;
-
- /**
- * always zero (for alignment)
- */
- uint16_t reserved GNUNET_PACKED;
-
- /**
- * The public key of the identity.
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity;
-
- /* followed by:
- * serialized attribute data
- */
-};
-
-
-/**
- * Start a attribute iteration for the given identity
- */
-struct AttributeIterationStartMessage
-{
- /**
- * Message
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Identity.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
-};
-
-
-/**
- * Ask for next result of attribute iteration for the given operation
- */
-struct AttributeIterationNextMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
-};
-
-
-/**
- * Stop attribute iteration for the given operation
- */
-struct AttributeIterationStopMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
-};
-
-/**
- * Start a ticket iteration for the given identity
- */
-struct TicketIterationStartMessage
-{
- /**
- * Message
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Identity.
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity;
-
- /**
- * Identity is audience or issuer
- */
- uint32_t is_audience GNUNET_PACKED;
-};
-
-
-/**
- * Ask for next result of ticket iteration for the given operation
- */
-struct TicketIterationNextMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
-};
-
-
-/**
- * Stop ticket iteration for the given operation
- */
-struct TicketIterationStopMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
-};
-
-
-
-/**
- * Ticket issue message
- */
-struct IssueTicketMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Identity.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * Requesting party.
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey rp;
-
- /**
- * length of serialized attribute list
- */
- uint32_t attr_len GNUNET_PACKED;
-
- //Followed by a serialized attribute list
-};
-
-/**
- * Ticket revoke message
- */
-struct RevokeTicketMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Identity.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * length of serialized attribute list
- */
- uint32_t attrs_len GNUNET_PACKED;
-
- //Followed by a ticket and serialized attribute list
-};
-
-/**
- * Ticket revoke message
- */
-struct RevokeTicketResultMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Revocation result
- */
- uint32_t success GNUNET_PACKED;
-};
-
-
-/**
- * Ticket result message
- */
-struct TicketResultMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
-};
-
-/**
- * Ticket consume message
- */
-struct ConsumeTicketMessage
-{
- /**
- * Type will be #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Identity.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- //Followed by a serialized ticket
-};
-
-/**
- * Attribute list is returned from the idp.
- */
-struct ConsumeTicketResultMessage
-{
- /**
- * Message header
- */
- struct GNUNET_MessageHeader header;
-
- /**
- * Unique identifier for this request (for key collisions).
- */
- uint32_t id GNUNET_PACKED;
-
- /**
- * Length of serialized attribute data
- */
- uint16_t attrs_len GNUNET_PACKED;
-
- /**
- * always zero (for alignment)
- */
- uint16_t reserved GNUNET_PACKED;
-
- /**
- * The public key of the identity.
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity;
-
- /* followed by:
- * serialized attributes data
- */
-};
-
-
-
-GNUNET_NETWORK_STRUCT_END
-
-#endif
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2016 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @file identity-provider/identity_provider_api.c
- * @brief api to interact with the identity provider service
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_constants.h"
-#include "gnunet_protocols.h"
-#include "gnunet_mq_lib.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "identity_provider.h"
-
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-api",__VA_ARGS__)
-
-
-/**
- * Handle for an operation with the service.
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation
-{
-
- /**
- * Main handle.
- */
- struct GNUNET_IDENTITY_PROVIDER_Handle *h;
-
- /**
- * We keep operations in a DLL.
- */
- struct GNUNET_IDENTITY_PROVIDER_Operation *next;
-
- /**
- * We keep operations in a DLL.
- */
- struct GNUNET_IDENTITY_PROVIDER_Operation *prev;
-
- /**
- * Message to send to the service.
- * Allocated at the end of this struct.
- */
- const struct GNUNET_MessageHeader *msg;
-
- /**
- * Continuation to invoke after attribute store call
- */
- GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus as_cb;
-
- /**
- * Attribute result callback
- */
- GNUNET_IDENTITY_PROVIDER_AttributeResult ar_cb;
-
- /**
- * Revocation result callback
- */
- GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus rvk_cb;
-
- /**
- * Ticket result callback
- */
- GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
-
- /**
- * Envelope with the message for this queue entry.
- */
- struct GNUNET_MQ_Envelope *env;
-
- /**
- * request id
- */
- uint32_t r_id;
-
- /**
- * Closure for @e cont or @e cb.
- */
- void *cls;
-
-};
-
-/**
- * Handle for a ticket iterator operation
- */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator
-{
-
- /**
- * Kept in a DLL.
- */
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *next;
-
- /**
- * Kept in a DLL.
- */
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *prev;
-
- /**
- * Main handle to access the idp.
- */
- struct GNUNET_IDENTITY_PROVIDER_Handle *h;
-
- /**
- * Function to call on completion.
- */
- GNUNET_SCHEDULER_TaskCallback finish_cb;
-
- /**
- * Closure for @e error_cb.
- */
- void *finish_cb_cls;
-
- /**
- * The continuation to call with the results
- */
- GNUNET_IDENTITY_PROVIDER_TicketCallback tr_cb;
-
- /**
- * Closure for @e tr_cb.
- */
- void *cls;
-
- /**
- * Function to call on errors.
- */
- GNUNET_SCHEDULER_TaskCallback error_cb;
-
- /**
- * Closure for @e error_cb.
- */
- void *error_cb_cls;
-
- /**
- * Envelope of the message to send to the service, if not yet
- * sent.
- */
- struct GNUNET_MQ_Envelope *env;
-
- /**
- * The operation id this zone iteration operation has
- */
- uint32_t r_id;
-
-};
-
-
-/**
- * Handle for a attribute iterator operation
- */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator
-{
-
- /**
- * Kept in a DLL.
- */
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *next;
-
- /**
- * Kept in a DLL.
- */
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *prev;
-
- /**
- * Main handle to access the idp.
- */
- struct GNUNET_IDENTITY_PROVIDER_Handle *h;
-
- /**
- * Function to call on completion.
- */
- GNUNET_SCHEDULER_TaskCallback finish_cb;
-
- /**
- * Closure for @e error_cb.
- */
- void *finish_cb_cls;
-
- /**
- * The continuation to call with the results
- */
- GNUNET_IDENTITY_PROVIDER_AttributeResult proc;
-
- /**
- * Closure for @e proc.
- */
- void *proc_cls;
-
- /**
- * Function to call on errors.
- */
- GNUNET_SCHEDULER_TaskCallback error_cb;
-
- /**
- * Closure for @e error_cb.
- */
- void *error_cb_cls;
-
- /**
- * Envelope of the message to send to the service, if not yet
- * sent.
- */
- struct GNUNET_MQ_Envelope *env;
-
- /**
- * Private key of the zone.
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
-
- /**
- * The operation id this zone iteration operation has
- */
- uint32_t r_id;
-
-};
-
-
-/**
- * Handle for the service.
- */
-struct GNUNET_IDENTITY_PROVIDER_Handle
-{
- /**
- * Configuration to use.
- */
- const struct GNUNET_CONFIGURATION_Handle *cfg;
-
- /**
- * Socket (if available).
- */
- struct GNUNET_CLIENT_Connection *client;
-
- /**
- * Closure for 'cb'.
- */
- void *cb_cls;
-
- /**
- * Head of active operations.
- */
- struct GNUNET_IDENTITY_PROVIDER_Operation *op_head;
-
- /**
- * Tail of active operations.
- */
- struct GNUNET_IDENTITY_PROVIDER_Operation *op_tail;
-
- /**
- * Head of active iterations
- */
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_head;
-
- /**
- * Tail of active iterations
- */
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it_tail;
-
- /**
- * Head of active iterations
- */
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_head;
-
- /**
- * Tail of active iterations
- */
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it_tail;
-
-
- /**
- * Currently pending transmission request, or NULL for none.
- */
- struct GNUNET_CLIENT_TransmitHandle *th;
-
- /**
- * Task doing exponential back-off trying to reconnect.
- */
- struct GNUNET_SCHEDULER_Task * reconnect_task;
-
- /**
- * Time for next connect retry.
- */
- struct GNUNET_TIME_Relative reconnect_backoff;
-
- /**
- * Connection to service (if available).
- */
- struct GNUNET_MQ_Handle *mq;
-
- /**
- * Request Id generator. Incremented by one for each request.
- */
- uint32_t r_id_gen;
-
- /**
- * Are we polling for incoming messages right now?
- */
- int in_receive;
-
-};
-
-/**
- * Try again to connect to the service.
- *
- * @param h handle to the identity provider service.
- */
-static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
-
-/**
- * Reconnect
- *
- * @param cls the handle
- */
-static void
-reconnect_task (void *cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
-
- handle->reconnect_task = NULL;
- reconnect (handle);
-}
-
-
-/**
- * Disconnect from service and then reconnect.
- *
- * @param handle our service
- */
-static void
-force_reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *handle)
-{
- GNUNET_MQ_destroy (handle->mq);
- handle->mq = NULL;
- handle->reconnect_backoff
- = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff);
- handle->reconnect_task
- = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff,
- &reconnect_task,
- handle);
-}
-
-/**
- * Free @a it.
- *
- * @param it entry to free
- */
-static void
-free_it (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
-
- GNUNET_CONTAINER_DLL_remove (h->it_head,
- h->it_tail,
- it);
- if (NULL != it->env)
- GNUNET_MQ_discard (it->env);
- GNUNET_free (it);
-}
-
-static void
-free_op (struct GNUNET_IDENTITY_PROVIDER_Operation* op)
-{
- if (NULL == op)
- return;
- if (NULL != op->env)
- GNUNET_MQ_discard (op->env);
- GNUNET_free(op);
-}
-
-
-/**
- * Generic error handler, called with the appropriate error code and
- * the same closure specified at the creation of the message queue.
- * Not every message queue implementation supports an error handler.
- *
- * @param cls closure with the `struct GNUNET_GNS_Handle *`
- * @param error error code
- */
-static void
-mq_error_handler (void *cls,
- enum GNUNET_MQ_Error error)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
- force_reconnect (handle);
-}
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE
- *
- * @param cls
- * @param msg the message we received
- */
-static void
-handle_attribute_store_response (void *cls,
- const struct AttributeStoreResultMessage *msg)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- uint32_t r_id = ntohl (msg->id);
- int res;
- const char *emsg;
-
- for (op = h->op_head; NULL != op; op = op->next)
- if (op->r_id == r_id)
- break;
- if (NULL == op)
- return;
-
- res = ntohl (msg->op_result);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Received ATTRIBUTE_STORE_RESPONSE with result %d\n",
- res);
-
- /* TODO: add actual error message to response... */
- if (GNUNET_SYSERR == res)
- emsg = _("failed to store record\n");
- else
- emsg = NULL;
- if (NULL != op->as_cb)
- op->as_cb (op->cls,
- res,
- emsg);
- GNUNET_CONTAINER_DLL_remove (h->op_head,
- h->op_tail,
- op);
- free_op (op);
-
-}
-
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
- *
- * @param cls
- * @param msg the message we received
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-static int
-check_consume_ticket_result (void *cls,
- const struct ConsumeTicketResultMessage *msg)
-{
- size_t msg_len;
- size_t attrs_len;
-
- msg_len = ntohs (msg->header.size);
- attrs_len = ntohs (msg->attrs_len);
- if (msg_len != sizeof (struct ConsumeTicketResultMessage) + attrs_len)
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT
- *
- * @param cls
- * @param msg the message we received
- */
-static void
-handle_consume_ticket_result (void *cls,
- const struct ConsumeTicketResultMessage *msg)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- size_t attrs_len;
- uint32_t r_id = ntohl (msg->id);
-
- attrs_len = ntohs (msg->attrs_len);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Processing attribute result.\n");
-
-
- for (op = h->op_head; NULL != op; op = op->next)
- if (op->r_id == r_id)
- break;
- if (NULL == op)
- return;
-
- {
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize ((char*)&msg[1],
- attrs_len);
- if (NULL != op->ar_cb)
- {
- if (NULL == attrs)
- {
- op->ar_cb (op->cls,
- &msg->identity,
- NULL);
- }
- else
- {
- for (le = attrs->list_head; NULL != le; le = le->next)
- op->ar_cb (op->cls,
- &msg->identity,
- le->claim);
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
- }
- }
- if (NULL != op)
- {
- op->ar_cb (op->cls,
- NULL,
- NULL);
- GNUNET_CONTAINER_DLL_remove (h->op_head,
- h->op_tail,
- op);
- free_op (op);
- }
- return;
- }
- GNUNET_assert (0);
-}
-
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
- *
- * @param cls
- * @param msg the message we received
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-static int
-check_attribute_result (void *cls,
- const struct AttributeResultMessage *msg)
-{
- size_t msg_len;
- size_t attr_len;
-
- msg_len = ntohs (msg->header.size);
- attr_len = ntohs (msg->attr_len);
- if (msg_len != sizeof (struct AttributeResultMessage) + attr_len)
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT
- *
- * @param cls
- * @param msg the message we received
- */
-static void
-handle_attribute_result (void *cls,
- const struct AttributeResultMessage *msg)
-{
- static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- size_t attr_len;
- uint32_t r_id = ntohl (msg->id);
-
- attr_len = ntohs (msg->attr_len);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Processing attribute result.\n");
-
-
- for (it = h->it_head; NULL != it; it = it->next)
- if (it->r_id == r_id)
- break;
- for (op = h->op_head; NULL != op; op = op->next)
- if (op->r_id == r_id)
- break;
- if ((NULL == it) && (NULL == op))
- return;
-
- if ( (0 == (memcmp (&msg->identity,
- &identity_dummy,
- sizeof (identity_dummy)))) )
- {
- if ((NULL == it) && (NULL == op))
- {
- GNUNET_break (0);
- force_reconnect (h);
- return;
- }
- if (NULL != it)
- {
- if (NULL != it->finish_cb)
- it->finish_cb (it->finish_cb_cls);
- free_it (it);
- }
- if (NULL != op)
- {
- if (NULL != op->ar_cb)
- op->ar_cb (op->cls,
- NULL,
- NULL);
- GNUNET_CONTAINER_DLL_remove (h->op_head,
- h->op_tail,
- op);
- free_op (op);
-
- }
- return;
- }
-
- {
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr;
- attr = GNUNET_IDENTITY_ATTRIBUTE_deserialize ((char*)&msg[1],
- attr_len);
- if (NULL != it)
- {
- if (NULL != it->proc)
- it->proc (it->proc_cls,
- &msg->identity,
- attr);
- } else if (NULL != op)
- {
- if (NULL != op->ar_cb)
- op->ar_cb (op->cls,
- &msg->identity,
- attr);
-
- }
- GNUNET_free (attr);
- return;
- }
- GNUNET_assert (0);
-}
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
- *
- * @param cls
- * @param msg the message we received
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-static int
-check_ticket_result (void *cls,
- const struct TicketResultMessage *msg)
-{
- size_t msg_len;
-
- msg_len = ntohs (msg->header.size);
- if (msg_len < sizeof (struct TicketResultMessage))
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT
- *
- * @param cls
- * @param msg the message we received
- */
-static void
-handle_ticket_result (void *cls,
- const struct TicketResultMessage *msg)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *handle = cls;
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
- uint32_t r_id = ntohl (msg->id);
- size_t msg_len;
-
- for (op = handle->op_head; NULL != op; op = op->next)
- if (op->r_id == r_id)
- break;
- for (it = handle->ticket_it_head; NULL != it; it = it->next)
- if (it->r_id == r_id)
- break;
- if ((NULL == op) && (NULL == it))
- return;
- msg_len = ntohs (msg->header.size);
- if (NULL != op)
- {
- GNUNET_CONTAINER_DLL_remove (handle->op_head,
- handle->op_tail,
- op);
- if (msg_len == sizeof (struct TicketResultMessage))
- {
- if (NULL != op->tr_cb)
- op->tr_cb (op->cls, NULL);
- } else {
- ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
- if (NULL != op->tr_cb)
- op->tr_cb (op->cls, ticket);
- }
- free_op (op);
- return;
- } else if (NULL != it) {
- if (msg_len == sizeof (struct TicketResultMessage))
- {
- if (NULL != it->tr_cb)
- GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head,
- handle->ticket_it_tail,
- it);
- it->finish_cb (it->finish_cb_cls);
- GNUNET_free (it);
- } else {
- ticket = (struct GNUNET_IDENTITY_PROVIDER_Ticket *)&msg[1];
- if (NULL != it->tr_cb)
- it->tr_cb (it->cls, ticket);
- }
- return;
- }
- GNUNET_break (0);
-}
-
-
-/**
- * Handle an incoming message of type
- * #GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT
- *
- * @param cls
- * @param msg the message we received
- */
-static void
-handle_revoke_ticket_result (void *cls,
- const struct RevokeTicketResultMessage *msg)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = cls;
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- uint32_t r_id = ntohl (msg->id);
- int32_t success;
-
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Processing revocation result.\n");
-
-
- for (op = h->op_head; NULL != op; op = op->next)
- if (op->r_id == r_id)
- break;
- if (NULL == op)
- return;
- success = ntohl (msg->success);
- {
- if (NULL != op->rvk_cb)
- {
- op->rvk_cb (op->cls,
- success,
- NULL);
- }
- GNUNET_CONTAINER_DLL_remove (h->op_head,
- h->op_tail,
- op);
- free_op (op);
- return;
- }
- GNUNET_assert (0);
-}
-
-
-
-/**
- * Try again to connect to the service.
- *
- * @param h handle to the identity provider service.
- */
-static void
-reconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
-{
- struct GNUNET_MQ_MessageHandler handlers[] = {
- GNUNET_MQ_hd_fixed_size (attribute_store_response,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE,
- struct AttributeStoreResultMessage,
- h),
- GNUNET_MQ_hd_var_size (attribute_result,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT,
- struct AttributeResultMessage,
- h),
- GNUNET_MQ_hd_var_size (ticket_result,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT,
- struct TicketResultMessage,
- h),
- GNUNET_MQ_hd_var_size (consume_ticket_result,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT,
- struct ConsumeTicketResultMessage,
- h),
- GNUNET_MQ_hd_fixed_size (revoke_ticket_result,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT,
- struct RevokeTicketResultMessage,
- h),
- GNUNET_MQ_handler_end ()
- };
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
-
- GNUNET_assert (NULL == h->mq);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Connecting to identity provider service.\n");
-
- h->mq = GNUNET_CLIENT_connect (h->cfg,
- "identity-provider",
- handlers,
- &mq_error_handler,
- h);
- if (NULL == h->mq)
- return;
- for (op = h->op_head; NULL != op; op = op->next)
- GNUNET_MQ_send_copy (h->mq,
- op->env);
-}
-
-
-/**
- * Connect to the identity provider service.
- *
- * @param cfg the configuration to use
- * @return handle to use
- */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h;
-
- h = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Handle);
- h->cfg = cfg;
- reconnect (h);
- if (NULL == h->mq)
- {
- GNUNET_free (h);
- return NULL;
- }
- return h;
-}
-
-
-/**
- * Cancel an operation. Note that the operation MAY still
- * be executed; this merely cancels the continuation; if the request
- * was already transmitted, the service may still choose to complete
- * the operation.
- *
- * @param op operation to cancel
- */
-void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = op->h;
-
- GNUNET_CONTAINER_DLL_remove (h->op_head,
- h->op_tail,
- op);
- free_op (op);
-}
-
-
-/**
- * Disconnect from service
- *
- * @param h handle to destroy
- */
-void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h)
-{
- GNUNET_assert (NULL != h);
- if (NULL != h->mq)
- {
- GNUNET_MQ_destroy (h->mq);
- h->mq = NULL;
- }
- if (NULL != h->reconnect_task)
- {
- GNUNET_SCHEDULER_cancel (h->reconnect_task);
- h->reconnect_task = NULL;
- }
- GNUNET_assert (NULL == h->op_head);
- GNUNET_free (h);
-}
-
-/**
- * Store an attribute. If the attribute is already present,
- * it is replaced with the new attribute.
- *
- * @param h handle to the identity provider
- * @param pkey private key of the identity
- * @param attr the attribute value
- * @param exp_interval the relative expiration interval for the attribute
- * @param cont continuation to call when done
- * @param cont_cls closure for @a cont
- * @return handle to abort the request
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
- const struct GNUNET_TIME_Relative *exp_interval,
- GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
- void *cont_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- struct AttributeStoreMessage *sam;
- size_t attr_len;
-
- op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
- op->h = h;
- op->as_cb = cont;
- op->cls = cont_cls;
- op->r_id = h->r_id_gen++;
- GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
- h->op_tail,
- op);
- attr_len = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (attr);
- op->env = GNUNET_MQ_msg_extra (sam,
- attr_len,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
- sam->identity = *pkey;
- sam->id = htonl (op->r_id);
- sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
-
- GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
- (char*)&sam[1]);
-
- sam->attr_len = htons (attr_len);
- if (NULL != h->mq)
- GNUNET_MQ_send_copy (h->mq,
- op->env);
- return op;
-
-}
-
-
-/**
- * List all attributes for a local identity.
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
- * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
- *
- * On error (disconnect), @a error_cb will be invoked.
- * On normal completion, @a finish_cb proc will be
- * invoked.
- *
- * @param h handle to the idp
- * @param identity identity to access
- * @param error_cb function to call on error (i.e. disconnect),
- * the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param proc function to call on each attribute; it
- * will be called repeatedly with a value (if available)
- * @param proc_cls closure for @a proc
- * @param finish_cb function to call on completion
- * the handle is afterwards invalid
- * @param finish_cb_cls closure for @a finish_cb
- * @return an iterator handle to use for iteration
- */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- GNUNET_SCHEDULER_TaskCallback error_cb,
- void *error_cb_cls,
- GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
- void *proc_cls,
- GNUNET_SCHEDULER_TaskCallback finish_cb,
- void *finish_cb_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it;
- struct GNUNET_MQ_Envelope *env;
- struct AttributeIterationStartMessage *msg;
- uint32_t rid;
-
- rid = h->r_id_gen++;
- it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator);
- it->h = h;
- it->error_cb = error_cb;
- it->error_cb_cls = error_cb_cls;
- it->finish_cb = finish_cb;
- it->finish_cb_cls = finish_cb_cls;
- it->proc = proc;
- it->proc_cls = proc_cls;
- it->r_id = rid;
- it->identity = *identity;
- GNUNET_CONTAINER_DLL_insert_tail (h->it_head,
- h->it_tail,
- it);
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START);
- msg->id = htonl (rid);
- msg->identity = *identity;
- if (NULL == h->mq)
- it->env = env;
- else
- GNUNET_MQ_send (h->mq,
- env);
- return it;
-}
-
-
-/**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
- * for the next record.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
- struct AttributeIterationNextMessage *msg;
- struct GNUNET_MQ_Envelope *env;
-
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT);
- msg->id = htonl (it->r_id);
- GNUNET_MQ_send (h->mq,
- env);
-}
-
-
-/**
- * Stops iteration and releases the idp handle for further calls. Must
- * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
- struct GNUNET_MQ_Envelope *env;
- struct AttributeIterationStopMessage *msg;
-
- if (NULL != h->mq)
- {
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP);
- msg->id = htonl (it->r_id);
- GNUNET_MQ_send (h->mq,
- env);
- }
- free_it (it);
-}
-
-
-/** TODO
- * Issues a ticket to another identity. The identity may use
- * @GNUNET_IDENTITY_PROVIDER_authorization_ticket_consume to consume the ticket
- * and retrieve the attributes specified in the AttributeList.
- *
- * @param h the identity provider to use
- * @param iss the issuing identity
- * @param rp the subject of the ticket (the relying party)
- * @param attrs the attributes that the relying party is given access to
- * @param cb the callback
- * @param cb_cls the callback closure
- * @return handle to abort the operation
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
- void *cb_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- struct IssueTicketMessage *tim;
- size_t attr_len;
-
- op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
- op->h = h;
- op->tr_cb = cb;
- op->cls = cb_cls;
- op->r_id = h->r_id_gen++;
- GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
- h->op_tail,
- op);
- attr_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
- op->env = GNUNET_MQ_msg_extra (tim,
- attr_len,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET);
- tim->identity = *iss;
- tim->rp = *rp;
- tim->id = htonl (op->r_id);
-
- GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
- (char*)&tim[1]);
-
- tim->attr_len = htons (attr_len);
- if (NULL != h->mq)
- GNUNET_MQ_send_copy (h->mq,
- op->env);
- return op;
-}
-
-/**
- * Consumes an issued ticket. The ticket is persisted
- * and used to retrieve identity information from the issuer
- *
- * @param h the identity provider to use
- * @param identity the identity that is the subject of the issued ticket (the relying party)
- * @param ticket the issued ticket to consume
- * @param cb the callback to call
- * @param cb_cls the callback closure
- * @return handle to abort the operation
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
- void *cb_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- struct ConsumeTicketMessage *ctm;
-
- op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
- op->h = h;
- op->ar_cb = cb;
- op->cls = cb_cls;
- op->r_id = h->r_id_gen++;
- GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
- h->op_tail,
- op);
- op->env = GNUNET_MQ_msg_extra (ctm,
- sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket),
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET);
- ctm->identity = *identity;
- ctm->id = htonl (op->r_id);
-
- GNUNET_memcpy ((char*)&ctm[1],
- ticket,
- sizeof (const struct GNUNET_IDENTITY_PROVIDER_Ticket));
-
- if (NULL != h->mq)
- GNUNET_MQ_send_copy (h->mq,
- op->env);
- return op;
-
-}
-
-
-/**
- * Lists all tickets that have been issued to remote
- * identites (relying parties)
- *
- * @param h the identity provider to use
- * @param identity the issuing identity
- * @param error_cb function to call on error (i.e. disconnect),
- * the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param proc function to call on each ticket; it
- * will be called repeatedly with a value (if available)
- * @param proc_cls closure for @a proc
- * @param finish_cb function to call on completion
- * the handle is afterwards invalid
- * @param finish_cb_cls closure for @a finish_cb
- * @return an iterator handle to use for iteration
- */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- GNUNET_SCHEDULER_TaskCallback error_cb,
- void *error_cb_cls,
- GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
- void *proc_cls,
- GNUNET_SCHEDULER_TaskCallback finish_cb,
- void *finish_cb_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
- struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
- struct GNUNET_MQ_Envelope *env;
- struct TicketIterationStartMessage *msg;
- uint32_t rid;
-
- GNUNET_CRYPTO_ecdsa_key_get_public (identity,
- &identity_pub);
- rid = h->r_id_gen++;
- it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
- it->h = h;
- it->error_cb = error_cb;
- it->error_cb_cls = error_cb_cls;
- it->finish_cb = finish_cb;
- it->finish_cb_cls = finish_cb_cls;
- it->tr_cb = proc;
- it->cls = proc_cls;
- it->r_id = rid;
- GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head,
- h->ticket_it_tail,
- it);
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
- msg->id = htonl (rid);
- msg->identity = identity_pub;
- msg->is_audience = htonl (GNUNET_NO);
- if (NULL == h->mq)
- it->env = env;
- else
- GNUNET_MQ_send (h->mq,
- env);
- return it;
-
-}
-
-
-/**
- * Lists all tickets that have been issued to remote
- * identites (relying parties)
- *
- * @param h the identity provider to use
- * @param identity the issuing identity
- * @param error_cb function to call on error (i.e. disconnect),
- * the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param proc function to call on each ticket; it
- * will be called repeatedly with a value (if available)
- * @param proc_cls closure for @a proc
- * @param finish_cb function to call on completion
- * the handle is afterwards invalid
- * @param finish_cb_cls closure for @a finish_cb
- * @return an iterator handle to use for iteration
- */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- GNUNET_SCHEDULER_TaskCallback error_cb,
- void *error_cb_cls,
- GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
- void *proc_cls,
- GNUNET_SCHEDULER_TaskCallback finish_cb,
- void *finish_cb_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it;
- struct GNUNET_MQ_Envelope *env;
- struct TicketIterationStartMessage *msg;
- uint32_t rid;
-
- rid = h->r_id_gen++;
- it = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_TicketIterator);
- it->h = h;
- it->error_cb = error_cb;
- it->error_cb_cls = error_cb_cls;
- it->finish_cb = finish_cb;
- it->finish_cb_cls = finish_cb_cls;
- it->tr_cb = proc;
- it->cls = proc_cls;
- it->r_id = rid;
- GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head,
- h->ticket_it_tail,
- it);
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START);
- msg->id = htonl (rid);
- msg->identity = *identity;
- msg->is_audience = htonl (GNUNET_YES);
- if (NULL == h->mq)
- it->env = env;
- else
- GNUNET_MQ_send (h->mq,
- env);
- return it;
-
-
-}
-
-/**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
- * for the next record.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
- struct TicketIterationNextMessage *msg;
- struct GNUNET_MQ_Envelope *env;
-
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT);
- msg->id = htonl (it->r_id);
- GNUNET_MQ_send (h->mq,
- env);
-}
-
-
-/**
- * Stops iteration and releases the idp handle for further calls. Must
- * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it)
-{
- struct GNUNET_IDENTITY_PROVIDER_Handle *h = it->h;
- struct GNUNET_MQ_Envelope *env;
- struct TicketIterationStopMessage *msg;
-
- if (NULL != h->mq)
- {
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP);
- msg->id = htonl (it->r_id);
- GNUNET_MQ_send (h->mq,
- env);
- }
- GNUNET_free (it);
-}
-
-/**
- * Revoked an issued ticket. The relying party will be unable to retrieve
- * updated attributes.
- *
- * @param h the identity provider to use
- * @param identity the issuing identity
- * @param ticket the ticket to revoke
- * @param cb the callback
- * @param cb_cls the callback closure
- * @return handle to abort the operation
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
- void *cb_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_Operation *op;
- struct GNUNET_MQ_Envelope *env;
- struct RevokeTicketMessage *msg;
- uint32_t rid;
-
- rid = h->r_id_gen++;
- op = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_Operation);
- op->h = h;
- op->rvk_cb = cb;
- op->cls = cb_cls;
- op->r_id = rid;
- GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
- h->op_tail,
- op);
- env = GNUNET_MQ_msg_extra (msg,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket),
- GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET);
- msg->id = htonl (rid);
- msg->identity = *identity;
- GNUNET_memcpy (&msg[1],
- ticket,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
- if (NULL == h->mq)
- op->env = env;
- else
- GNUNET_MQ_send (h->mq,
- env);
- return op;
-}
-
-
-
-/* end of identity_provider_api.c */
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2010-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * @file identity-provider/jwt.c
- * @brief helper library for JSON-Web-Tokens
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include <jansson.h>
-
-
-#define JWT_ALG "alg"
-
-/*TODO is this the correct way to define new algs? */
-#define JWT_ALG_VALUE "urn:org:gnunet:jwt:alg:ecdsa:ed25519"
-
-#define JWT_TYP "typ"
-
-#define JWT_TYP_VALUE "jwt"
-
-//TODO change server address
-#define SERVER_ADDRESS "https://localhost"
-
-static char*
-create_jwt_header(void)
-{
- json_t *root;
- char *json_str;
-
- root = json_object ();
- json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
- json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
-
- json_str = json_dumps (root, JSON_INDENT(1));
- json_decref (root);
- return json_str;
-}
-
-/**
- * Create a JWT from attributes
- *
- * @param aud_key the public of the subject
- * @param attrs the attribute list
- * @param priv_key the key used to sign the JWT
- * @return a new base64-encoded JWT string.
- */
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- struct GNUNET_CRYPTO_EcdsaPublicKey sub_key;
- struct GNUNET_CRYPTO_EcdsaSignature signature;
- struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
- char* audience;
- char* subject;
- char* header;
- char* padding;
- char* body_str;
- char* result;
- char* header_base64;
- char* body_base64;
- char* signature_target;
- char* signature_base64;
- char* attr_val_str;
- json_t* body;
-
- //exp REQUIRED time expired from config
- //iat REQUIRED time now
- //auth_time only if max_age
- //nonce only if nonce
- // OPTIONAL acr,amr,azp
- GNUNET_CRYPTO_ecdsa_key_get_public (priv_key, &sub_key);
- /* TODO maybe we should use a local identity here */
- subject = GNUNET_STRINGS_data_to_string_alloc (&sub_key,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- header = create_jwt_header ();
- body = json_object ();
- /* TODO who is the issuer? local IdP or subject ? See self-issued tokens? */
- //iss REQUIRED case sensitive server uri with https
- json_object_set_new (body,
- "iss", json_string (SERVER_ADDRESS));
- //sub REQUIRED public key identity, not exceed 255 ASCII length
- json_object_set_new (body,
- "sub", json_string (subject));
- /* TODO what should be in here exactly? */
- //aud REQUIRED public key client_id must be there
- json_object_set_new (body,
- "aud", json_string (audience));
- for (le = attrs->list_head; NULL != le; le = le->next)
- {
- /**
- * TODO here we should have a function that
- * calls the Attribute plugins to create a
- * json representation for its value
- */
- attr_val_str = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (le->claim->type,
- le->claim->data,
- le->claim->data_size);
- json_object_set_new (body,
- le->claim->name,
- json_string (attr_val_str));
- GNUNET_free (attr_val_str);
- }
- body_str = json_dumps (body, JSON_INDENT(0));
- json_decref (body);
-
- GNUNET_STRINGS_base64_encode (header,
- strlen (header),
- &header_base64);
- //Remove GNUNET padding of base64
- padding = strtok(header_base64, "=");
- while (NULL != padding)
- padding = strtok(NULL, "=");
-
- GNUNET_STRINGS_base64_encode (body_str,
- strlen (body_str),
- &body_base64);
-
- //Remove GNUNET padding of base64
- padding = strtok(body_base64, "=");
- while (NULL != padding)
- padding = strtok(NULL, "=");
-
- GNUNET_free (subject);
- GNUNET_free (audience);
-
- /**
- * TODO
- * Creating the JWT signature. This might not be
- * standards compliant, check.
- */
- GNUNET_asprintf (&signature_target, "%s,%s", header_base64, body_base64);
-
- purpose =
- GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
- strlen (signature_target));
- purpose->size =
- htonl (strlen (signature_target) + sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose));
- purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN);
- GNUNET_memcpy (&purpose[1], signature_target, strlen (signature_target));
- if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_sign (priv_key,
- purpose,
- (struct GNUNET_CRYPTO_EcdsaSignature *)&signature))
- {
- GNUNET_free (signature_target);
- GNUNET_free (body_str);
- GNUNET_free (body_base64);
- GNUNET_free (header_base64);
- GNUNET_free (purpose);
- return NULL;
- }
- GNUNET_STRINGS_base64_encode ((const char*)&signature,
- sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
- &signature_base64);
- GNUNET_asprintf (&result, "%s.%s.%s",
- header_base64, body_base64, signature_base64);
-
- GNUNET_free (signature_target);
- GNUNET_free (header);
- GNUNET_free (body_str);
- GNUNET_free (signature_base64);
- GNUNET_free (body_base64);
- GNUNET_free (header_base64);
- GNUNET_free (purpose);
- return result;
-}
+++ /dev/null
-#ifndef JWT_H
-#define JWT_H
-
-char*
-jwt_create_from_list (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key);
-
-#endif
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2013, 2014 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @file identity-provider/plugin_gnsrecord_identity_provider.c
- * @brief gnsrecord plugin to provide the API for identity records
- * @author Martin Schanzenbach
- */
-#include "platform.h"
-#include "gnunet_util_lib.h"
-#include "gnunet_gnsrecord_lib.h"
-#include "gnunet_gnsrecord_plugin.h"
-
-
-/**
- * Convert the 'value' of a record to a string.
- *
- * @param cls closure, unused
- * @param type type of the record
- * @param data value in binary encoding
- * @param data_size number of bytes in @a data
- * @return NULL on error, otherwise human-readable representation of the value
- */
-static char *
-value_to_string (void *cls,
- uint32_t type,
- const void *data,
- size_t data_size)
-{
- const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
- const struct GNUNET_CRYPTO_EcdsaPublicKey *audience_pubkey;
- const char *scopes;
- char *ecdhe_str;
- char *aud_str;
- char *result;
-
- switch (type)
- {
- case GNUNET_GNSRECORD_TYPE_ID_ATTR:
- return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
- case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED
- return GNUNET_strndup (data, data_size);
- case GNUNET_GNSRECORD_TYPE_ABE_KEY:
- case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
- return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
- case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED
- ecdhe_privkey = data;
- audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey);
- scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- ecdhe_str = GNUNET_STRINGS_data_to_string_alloc (ecdhe_privkey,
- sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
- aud_str = GNUNET_STRINGS_data_to_string_alloc (audience_pubkey,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_asprintf (&result,
- "%s;%s;%s",
- ecdhe_str, aud_str, scopes);
- GNUNET_free (aud_str);
- GNUNET_free (ecdhe_str);
- return result;
-
- default:
- return NULL;
- }
-}
-
-
-/**
- * Convert human-readable version of a 'value' of a record to the binary
- * representation.
- *
- * @param cls closure, unused
- * @param type type of the record
- * @param s human-readable string
- * @param data set to value in binary encoding (will be allocated)
- * @param data_size set to number of bytes in @a data
- * @return #GNUNET_OK on success
- */
-static int
-string_to_value (void *cls,
- uint32_t type,
- const char *s,
- void **data,
- size_t *data_size)
-{
- char* ecdhe_str;
- char* aud_keystr;
- char* write_ptr;
- char* tmp_tok;
- char* str;
-
- if (NULL == s)
- return GNUNET_SYSERR;
- switch (type)
- {
- case GNUNET_GNSRECORD_TYPE_ID_ATTR:
- return GNUNET_STRINGS_string_to_data (s,
- strlen (s),
- *data,
- *data_size);
- case GNUNET_GNSRECORD_TYPE_ID_TOKEN:
- *data = GNUNET_strdup (s);
- *data_size = strlen (s);
- return GNUNET_OK;
- case GNUNET_GNSRECORD_TYPE_ABE_KEY:
- case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
- return GNUNET_STRINGS_string_to_data (s,
- strlen (s),
- *data,
- *data_size);
- case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA:
- tmp_tok = GNUNET_strdup (s);
- ecdhe_str = strtok (tmp_tok, ";");
- if (NULL == ecdhe_str)
- {
- GNUNET_free (tmp_tok);
- return GNUNET_SYSERR;
- }
- aud_keystr = strtok (NULL, ";");
- if (NULL == aud_keystr)
- {
- GNUNET_free (tmp_tok);
- return GNUNET_SYSERR;
- }
- str = strtok (NULL, ";");
- if (NULL == str)
- {
- GNUNET_free (tmp_tok);
- return GNUNET_SYSERR;
- }
- *data_size = strlen (str) + 1
- +sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)
- +sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey);
- *data = GNUNET_malloc (*data_size);
-
- write_ptr = *data;
- GNUNET_STRINGS_string_to_data (ecdhe_str,
- strlen (ecdhe_str),
- write_ptr,
- sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
- write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey);
- GNUNET_STRINGS_string_to_data (aud_keystr,
- strlen (aud_keystr),
- write_ptr,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey);
- GNUNET_memcpy (write_ptr, str, strlen (str) + 1); //with 0-Terminator
- GNUNET_free (tmp_tok);
- return GNUNET_OK;
-
- default:
- return GNUNET_SYSERR;
- }
-}
-
-
-/**
- * Mapping of record type numbers to human-readable
- * record type names.
- */
-static struct {
- const char *name;
- uint32_t number;
-} name_map[] = {
- { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR },
- { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN },
- { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY },
- { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER },
- { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA },
- { NULL, UINT32_MAX }
-};
-
-
-/**
- * Convert a type name (i.e. "AAAA") to the corresponding number.
- *
- * @param cls closure, unused
- * @param dns_typename name to convert
- * @return corresponding number, UINT32_MAX on error
- */
-static uint32_t
-typename_to_number (void *cls,
- const char *dns_typename)
-{
- unsigned int i;
-
- i=0;
- while ( (NULL != name_map[i].name) &&
- (0 != strcasecmp (dns_typename, name_map[i].name)) )
- i++;
- return name_map[i].number;
-}
-
-
-/**
- * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
- *
- * @param cls closure, unused
- * @param type number of a type to convert
- * @return corresponding typestring, NULL on error
- */
-static const char *
-number_to_typename (void *cls,
- uint32_t type)
-{
- unsigned int i;
-
- i=0;
- while ( (NULL != name_map[i].name) &&
- (type != name_map[i].number) )
- i++;
- return name_map[i].name;
-}
-
-
-/**
- * Entry point for the plugin.
- *
- * @param cls NULL
- * @return the exported block API
- */
-void *
-libgnunet_plugin_gnsrecord_identity_provider_init (void *cls)
-{
- struct GNUNET_GNSRECORD_PluginFunctions *api;
-
- api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions);
- api->value_to_string = &value_to_string;
- api->string_to_value = &string_to_value;
- api->typename_to_number = &typename_to_number;
- api->number_to_typename = &number_to_typename;
- return api;
-}
-
-
-/**
- * Exit point from the plugin.
- *
- * @param cls the return value from #libgnunet_plugin_block_test_init
- * @return NULL
- */
-void *
-libgnunet_plugin_gnsrecord_identity_provider_done (void *cls)
-{
- struct GNUNET_GNSRECORD_PluginFunctions *api = cls;
-
- GNUNET_free (api);
- return NULL;
-}
-
-/* end of plugin_gnsrecord_dns.c */
+++ /dev/null
- /*
- * This file is part of GNUnet
- * Copyright (C) 2009-2017 GNUnet e.V.
- *
- * GNUnet is free software: you can redistribute it and/or modify it
- * under the terms of the GNU Affero General Public License as published
- * by the Free Software Foundation, either version 3 of the License,
- * or (at your option) any later version.
- *
- * GNUnet is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-/**
- * @file identity-provider/plugin_identity_provider_sqlite.c
- * @brief sqlite-based idp backend
- * @author Martin Schanzenbach
- */
-
-#include "platform.h"
-#include "gnunet_identity_provider_service.h"
-#include "gnunet_identity_provider_plugin.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_sq_lib.h"
-#include <sqlite3.h>
-
-/**
- * After how many ms "busy" should a DB operation fail for good? A
- * low value makes sure that we are more responsive to requests
- * (especially PUTs). A high value guarantees a higher success rate
- * (SELECTs in iterate can take several seconds despite LIMIT=1).
- *
- * The default value of 1s should ensure that users do not experience
- * huge latencies while at the same time allowing operations to
- * succeed with reasonable probability.
- */
-#define BUSY_TIMEOUT_MS 1000
-
-
-/**
- * Log an error message at log-level 'level' that indicates
- * a failure of the command 'cmd' on file 'filename'
- * with the message given by strerror(errno).
- */
-#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "identity-provider", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
-
-#define LOG(kind,...) GNUNET_log_from (kind, "identity-provider-sqlite", __VA_ARGS__)
-
-
-/**
- * Context for all functions in this plugin.
- */
-struct Plugin
-{
-
- const struct GNUNET_CONFIGURATION_Handle *cfg;
-
- /**
- * Database filename.
- */
- char *fn;
-
- /**
- * Native SQLite database handle.
- */
- sqlite3 *dbh;
-
- /**
- * Precompiled SQL to store ticket.
- */
- sqlite3_stmt *store_ticket;
-
- /**
- * Precompiled SQL to delete existing ticket.
- */
- sqlite3_stmt *delete_ticket;
-
- /**
- * Precompiled SQL to iterate tickets.
- */
- sqlite3_stmt *iterate_tickets;
-
- /**
- * Precompiled SQL to get ticket attributes.
- */
- sqlite3_stmt *get_ticket_attrs;
-
- /**
- * Precompiled SQL to iterate tickets by audience.
- */
- sqlite3_stmt *iterate_tickets_by_audience;
-};
-
-
-/**
- * @brief Prepare a SQL statement
- *
- * @param dbh handle to the database
- * @param zSql SQL statement, UTF-8 encoded
- * @param ppStmt set to the prepared statement
- * @return 0 on success
- */
-static int
-sq_prepare (sqlite3 *dbh,
- const char *zSql,
- sqlite3_stmt **ppStmt)
-{
- char *dummy;
- int result;
-
- result =
- sqlite3_prepare_v2 (dbh,
- zSql,
- strlen (zSql),
- ppStmt,
- (const char **) &dummy);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Prepared `%s' / %p: %d\n",
- zSql,
- *ppStmt,
- result);
- return result;
-}
-
-/**
- * Create our database indices.
- *
- * @param dbh handle to the database
- */
-static void
-create_indices (sqlite3 * dbh)
-{
- /* create indices */
- if ( (SQLITE_OK !=
- sqlite3_exec (dbh,
- "CREATE INDEX IF NOT EXISTS identity_reverse ON identity001tickets (identity,audience)",
- NULL, NULL, NULL)) ||
- (SQLITE_OK !=
- sqlite3_exec (dbh,
- "CREATE INDEX IF NOT EXISTS it_iter ON identity001tickets (rnd)",
- NULL, NULL, NULL)) )
- LOG (GNUNET_ERROR_TYPE_ERROR,
- "Failed to create indices: %s\n",
- sqlite3_errmsg (dbh));
-}
-
-
-
-#if 0
-#define CHECK(a) GNUNET_break(a)
-#define ENULL NULL
-#else
-#define ENULL &e
-#define ENULL_DEFINED 1
-#define CHECK(a) if (! (a)) { GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s\n", e); sqlite3_free(e); }
-#endif
-
-
-/**
- * Initialize the database connections and associated
- * data structures (create tables and indices
- * as needed as well).
- *
- * @param plugin the plugin context (state for this module)
- * @return #GNUNET_OK on success
- */
-static int
-database_setup (struct Plugin *plugin)
-{
- sqlite3_stmt *stmt;
- char *afsdir;
-#if ENULL_DEFINED
- char *e;
-#endif
-
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
- "identity-provider-sqlite",
- "FILENAME",
- &afsdir))
- {
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "identity-provider-sqlite",
- "FILENAME");
- return GNUNET_SYSERR;
- }
- if (GNUNET_OK !=
- GNUNET_DISK_file_test (afsdir))
- {
- if (GNUNET_OK !=
- GNUNET_DISK_directory_create_for_file (afsdir))
- {
- GNUNET_break (0);
- GNUNET_free (afsdir);
- return GNUNET_SYSERR;
- }
- }
- /* afsdir should be UTF-8-encoded. If it isn't, it's a bug */
- plugin->fn = afsdir;
-
- /* Open database and precompile statements */
- if (sqlite3_open (plugin->fn, &plugin->dbh) != SQLITE_OK)
- {
- LOG (GNUNET_ERROR_TYPE_ERROR,
- _("Unable to initialize SQLite: %s.\n"),
- sqlite3_errmsg (plugin->dbh));
- return GNUNET_SYSERR;
- }
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA temp_store=MEMORY", NULL, NULL,
- ENULL));
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA synchronous=NORMAL", NULL, NULL,
- ENULL));
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA legacy_file_format=OFF", NULL, NULL,
- ENULL));
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA auto_vacuum=INCREMENTAL", NULL,
- NULL, ENULL));
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA encoding=\"UTF-8\"", NULL,
- NULL, ENULL));
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA locking_mode=EXCLUSIVE", NULL, NULL,
- ENULL));
- CHECK (SQLITE_OK ==
- sqlite3_exec (plugin->dbh,
- "PRAGMA page_size=4092", NULL, NULL,
- ENULL));
-
- CHECK (SQLITE_OK ==
- sqlite3_busy_timeout (plugin->dbh,
- BUSY_TIMEOUT_MS));
-
-
- /* Create table */
- CHECK (SQLITE_OK ==
- sq_prepare (plugin->dbh,
- "SELECT 1 FROM sqlite_master WHERE tbl_name = 'identity001tickets'",
- &stmt));
- if ((sqlite3_step (stmt) == SQLITE_DONE) &&
- (sqlite3_exec
- (plugin->dbh,
- "CREATE TABLE identity001tickets ("
- " identity BLOB NOT NULL DEFAULT '',"
- " audience BLOB NOT NULL DEFAULT '',"
- " rnd INT8 NOT NULL DEFAULT '',"
- " attributes BLOB NOT NULL DEFAULT ''"
- ")",
- NULL, NULL, NULL) != SQLITE_OK))
- {
- LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR,
- "sqlite3_exec");
- sqlite3_finalize (stmt);
- return GNUNET_SYSERR;
- }
- sqlite3_finalize (stmt);
-
- create_indices (plugin->dbh);
-
- if ( (SQLITE_OK !=
- sq_prepare (plugin->dbh,
- "INSERT INTO identity001tickets (identity, audience, rnd, attributes)"
- " VALUES (?, ?, ?, ?)",
- &plugin->store_ticket)) ||
- (SQLITE_OK !=
- sq_prepare (plugin->dbh,
- "DELETE FROM identity001tickets WHERE identity=? AND rnd=?",
- &plugin->delete_ticket)) ||
- (SQLITE_OK !=
- sq_prepare (plugin->dbh,
- "SELECT identity,audience,rnd,attributes"
- " FROM identity001tickets WHERE identity=? AND rnd=?",
- &plugin->get_ticket_attrs)) ||
- (SQLITE_OK !=
- sq_prepare (plugin->dbh,
- "SELECT identity,audience,rnd,attributes"
- " FROM identity001tickets WHERE identity=?"
- " ORDER BY rnd LIMIT 1 OFFSET ?",
- &plugin->iterate_tickets)) ||
- (SQLITE_OK !=
- sq_prepare (plugin->dbh,
- "SELECT identity,audience,rnd,attributes"
- " FROM identity001tickets WHERE audience=?"
- " ORDER BY rnd LIMIT 1 OFFSET ?",
- &plugin->iterate_tickets_by_audience)) )
- {
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR,
- "precompiling");
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-/**
- * Shutdown database connection and associate data
- * structures.
- * @param plugin the plugin context (state for this module)
- */
-static void
-database_shutdown (struct Plugin *plugin)
-{
- int result;
- sqlite3_stmt *stmt;
-
- if (NULL != plugin->store_ticket)
- sqlite3_finalize (plugin->store_ticket);
- if (NULL != plugin->delete_ticket)
- sqlite3_finalize (plugin->delete_ticket);
- if (NULL != plugin->iterate_tickets)
- sqlite3_finalize (plugin->iterate_tickets);
- if (NULL != plugin->iterate_tickets_by_audience)
- sqlite3_finalize (plugin->iterate_tickets_by_audience);
- if (NULL != plugin->get_ticket_attrs)
- sqlite3_finalize (plugin->get_ticket_attrs);
- result = sqlite3_close (plugin->dbh);
- if (result == SQLITE_BUSY)
- {
- LOG (GNUNET_ERROR_TYPE_WARNING,
- _("Tried to close sqlite without finalizing all prepared statements.\n"));
- stmt = sqlite3_next_stmt (plugin->dbh,
- NULL);
- while (NULL != stmt)
- {
- GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG,
- "sqlite",
- "Closing statement %p\n",
- stmt);
- result = sqlite3_finalize (stmt);
- if (result != SQLITE_OK)
- GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
- "sqlite",
- "Failed to close statement %p: %d\n",
- stmt,
- result);
- stmt = sqlite3_next_stmt (plugin->dbh,
- NULL);
- }
- result = sqlite3_close (plugin->dbh);
- }
- if (SQLITE_OK != result)
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR,
- "sqlite3_close");
-
- GNUNET_free_non_null (plugin->fn);
-}
-
-
-/**
- * Store a ticket in the database.
- *
- * @param cls closure (internal context for the plugin)
- * @param ticket the ticket to persist
- * @param attrs the attributes associated with the ticket
- * @return #GNUNET_OK on success, else #GNUNET_SYSERR
- */
-static int
-identity_provider_sqlite_store_ticket (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs)
-{
- struct Plugin *plugin = cls;
- size_t attrs_len;
- char *attrs_ser;
- int n;
-
- {
- /* First delete duplicates */
- struct GNUNET_SQ_QueryParam dparams[] = {
- GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
- GNUNET_SQ_query_param_uint64 (&ticket->rnd),
- GNUNET_SQ_query_param_end
- };
- if (GNUNET_OK !=
- GNUNET_SQ_bind (plugin->delete_ticket,
- dparams))
- {
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_bind_XXXX");
- GNUNET_SQ_reset (plugin->dbh,
- plugin->delete_ticket);
- return GNUNET_SYSERR;
- }
- n = sqlite3_step (plugin->delete_ticket);
- GNUNET_SQ_reset (plugin->dbh,
- plugin->delete_ticket);
-
- attrs_len = GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (attrs);
- attrs_ser = GNUNET_malloc (attrs_len);
- GNUNET_IDENTITY_ATTRIBUTE_list_serialize (attrs,
- attrs_ser);
- struct GNUNET_SQ_QueryParam sparams[] = {
- GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
- GNUNET_SQ_query_param_auto_from_type (&ticket->audience),
- GNUNET_SQ_query_param_uint64 (&ticket->rnd),
- GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len),
- GNUNET_SQ_query_param_end
- };
-
- if (GNUNET_OK !=
- GNUNET_SQ_bind (plugin->store_ticket,
- sparams))
- {
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_bind_XXXX");
- GNUNET_SQ_reset (plugin->dbh,
- plugin->store_ticket);
- return GNUNET_SYSERR;
- }
- n = sqlite3_step (plugin->store_ticket);
- GNUNET_SQ_reset (plugin->dbh,
- plugin->store_ticket);
- GNUNET_free (attrs_ser);
- }
- switch (n)
- {
- case SQLITE_DONE:
- GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG,
- "sqlite",
- "Ticket stored\n");
- return GNUNET_OK;
- case SQLITE_BUSY:
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_step");
- return GNUNET_NO;
- default:
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_step");
- return GNUNET_SYSERR;
- }
-}
-
-
-/**
- * Store a ticket in the database.
- *
- * @param cls closure (internal context for the plugin)
- * @param ticket the ticket to delete
- * @return #GNUNET_OK on success, else #GNUNET_SYSERR
- */
-static int
-identity_provider_sqlite_delete_ticket (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
-{
- struct Plugin *plugin = cls;
- int n;
-
- {
- struct GNUNET_SQ_QueryParam sparams[] = {
- GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
- GNUNET_SQ_query_param_uint64 (&ticket->rnd),
- GNUNET_SQ_query_param_end
- };
-
- if (GNUNET_OK !=
- GNUNET_SQ_bind (plugin->delete_ticket,
- sparams))
- {
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_bind_XXXX");
- GNUNET_SQ_reset (plugin->dbh,
- plugin->store_ticket);
- return GNUNET_SYSERR;
- }
- n = sqlite3_step (plugin->delete_ticket);
- GNUNET_SQ_reset (plugin->dbh,
- plugin->delete_ticket);
- }
- switch (n)
- {
- case SQLITE_DONE:
- GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG,
- "sqlite",
- "Ticket deleted\n");
- return GNUNET_OK;
- case SQLITE_BUSY:
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_step");
- return GNUNET_NO;
- default:
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_step");
- return GNUNET_SYSERR;
- }
-}
-
-
-/**
- * The given 'sqlite' statement has been prepared to be run.
- * It will return a record which should be given to the iterator.
- * Runs the statement and parses the returned record.
- *
- * @param plugin plugin context
- * @param stmt to run (and then clean up)
- * @param iter iterator to call with the result
- * @param iter_cls closure for @a iter
- * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
- */
-static int
-get_ticket_and_call_iterator (struct Plugin *plugin,
- sqlite3_stmt *stmt,
- GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
- void *iter_cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs;
- int ret;
- int sret;
- size_t attrs_len;
- char *attrs_ser;
-
- ret = GNUNET_NO;
- if (SQLITE_ROW == (sret = sqlite3_step (stmt)))
- {
- struct GNUNET_SQ_ResultSpec rs[] = {
- GNUNET_SQ_result_spec_auto_from_type (&ticket.identity),
- GNUNET_SQ_result_spec_auto_from_type (&ticket.audience),
- GNUNET_SQ_result_spec_uint64 (&ticket.rnd),
- GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser,
- &attrs_len),
- GNUNET_SQ_result_spec_end
-
- };
- ret = GNUNET_SQ_extract_result (stmt,
- rs);
- if (GNUNET_OK != ret)
- {
- GNUNET_break (0);
- ret = GNUNET_SYSERR;
- }
- else
- {
- attrs = GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (attrs_ser,
- attrs_len);
- if (NULL != iter)
- iter (iter_cls,
- &ticket,
- attrs);
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy (attrs);
- ret = GNUNET_YES;
- }
- GNUNET_SQ_cleanup_result (rs);
- }
- else
- {
- if (SQLITE_DONE != sret)
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR,
- "sqlite_step");
- }
- GNUNET_SQ_reset (plugin->dbh,
- stmt);
- return ret;
-}
-
-
-/**
- * Lookup tickets in the datastore.
- *
- * @param cls closure (internal context for the plugin)
- * @param ticket the ticket to retrieve attributes for
- * @param iter function to call with the result
- * @param iter_cls closure for @a iter
- * @return #GNUNET_OK on success, else #GNUNET_SYSERR
- */
-static int
-identity_provider_sqlite_ticket_get_attrs (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
- void *iter_cls)
-{
- struct Plugin *plugin = cls;
- struct GNUNET_SQ_QueryParam params[] = {
- GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
- GNUNET_SQ_query_param_uint64 (&ticket->rnd),
- GNUNET_SQ_query_param_end
- };
-
- if (GNUNET_OK !=
- GNUNET_SQ_bind (plugin->get_ticket_attrs,
- params))
- {
- LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_bind_XXXX");
- GNUNET_SQ_reset (plugin->dbh,
- plugin->get_ticket_attrs);
- return GNUNET_SYSERR;
- }
- return get_ticket_and_call_iterator (plugin,
- plugin->get_ticket_attrs,
- iter,
- iter_cls);
-}
-
-
-/**
- * Iterate over the results for a particular key and zone in the
- * datastore. Will return at most one result to the iterator.
- *
- * @param cls closure (internal context for the plugin)
- * @param identity the issuing identity or audience (depending on audience switch)
- * @param audience GNUNET_YES if identity is audience
- * @param offset offset in the list of all matching records
- * @param iter function to call with the result
- * @param iter_cls closure for @a iter
- * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
- */
-static int
-identity_provider_sqlite_iterate_tickets (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- int audience,
- uint64_t offset,
- GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
- void *iter_cls)
-{
- struct Plugin *plugin = cls;
- sqlite3_stmt *stmt;
- int err;
-
- if (NULL == identity)
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- struct GNUNET_SQ_QueryParam params[] = {
- GNUNET_SQ_query_param_auto_from_type (identity),
- GNUNET_SQ_query_param_uint64 (&offset),
- GNUNET_SQ_query_param_end
- };
- if (GNUNET_YES == audience)
- {
- stmt = plugin->iterate_tickets_by_audience;
- err = GNUNET_SQ_bind (stmt,
- params);
- }
- else
- {
- stmt = plugin->iterate_tickets;
- err = GNUNET_SQ_bind (stmt,
- params);
- }
- if (GNUNET_OK != err)
- {
- LOG_SQLITE (plugin,
- GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
- "sqlite3_bind_XXXX");
- GNUNET_SQ_reset (plugin->dbh,
- stmt);
- return GNUNET_SYSERR;
- }
- return get_ticket_and_call_iterator (plugin,
- stmt,
- iter,
- iter_cls);
-}
-
-
-/**
- * Entry point for the plugin.
- *
- * @param cls the "struct GNUNET_IDENTITY_PROVIDER_PluginEnvironment*"
- * @return NULL on error, otherwise the plugin context
- */
-void *
-libgnunet_plugin_identity_provider_sqlite_init (void *cls)
-{
- static struct Plugin plugin;
- const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
- struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api;
-
- if (NULL != plugin.cfg)
- return NULL; /* can only initialize once! */
- memset (&plugin, 0, sizeof (struct Plugin));
- plugin.cfg = cfg;
- if (GNUNET_OK != database_setup (&plugin))
- {
- database_shutdown (&plugin);
- return NULL;
- }
- api = GNUNET_new (struct GNUNET_IDENTITY_PROVIDER_PluginFunctions);
- api->cls = &plugin;
- api->store_ticket = &identity_provider_sqlite_store_ticket;
- api->delete_ticket = &identity_provider_sqlite_delete_ticket;
- api->iterate_tickets = &identity_provider_sqlite_iterate_tickets;
- api->get_ticket_attributes = &identity_provider_sqlite_ticket_get_attrs;
- LOG (GNUNET_ERROR_TYPE_INFO,
- _("Sqlite database running\n"));
- return api;
-}
-
-
-/**
- * Exit point from the plugin.
- *
- * @param cls the plugin context (as returned by "init")
- * @return always NULL
- */
-void *
-libgnunet_plugin_identity_provider_sqlite_done (void *cls)
-{
- struct GNUNET_IDENTITY_PROVIDER_PluginFunctions *api = cls;
- struct Plugin *plugin = api->cls;
-
- database_shutdown (plugin);
- plugin->cfg = NULL;
- GNUNET_free (api);
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "sqlite plugin is finished\n");
- return NULL;
-}
-
-/* end of plugin_identity_provider_sqlite.c */
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2012-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * @author Martin Schanzenbach
- * @author Philippe Buschmann
- * @file identity/plugin_rest_identity.c
- * @brief GNUnet Namestore REST plugin
- *
- */
-
-#include "platform.h"
-#include "gnunet_rest_plugin.h"
-#include "gnunet_identity_service.h"
-#include "gnunet_gns_service.h"
-#include "gnunet_gnsrecord_lib.h"
-#include "gnunet_namestore_service.h"
-#include "gnunet_rest_lib.h"
-#include "gnunet_jsonapi_lib.h"
-#include "gnunet_jsonapi_util.h"
-#include "microhttpd.h"
-#include <jansson.h>
-#include <inttypes.h>
-#include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
-
-/**
- * REST root namespace
- */
-#define GNUNET_REST_API_NS_IDENTITY_PROVIDER "/idp"
-
-/**
- * Attribute namespace
- */
-#define GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES "/idp/attributes"
-
-/**
- * Ticket namespace
- */
-#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/idp/tickets"
-
-/**
- * Revoke namespace
- */
-#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/idp/revoke"
-
-/**
- * Revoke namespace
- */
-#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/idp/consume"
-
-/**
- * Attribute key
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
-
-/**
- * Ticket key
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket"
-
-
-/**
- * Value key
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
-
-/**
- * State while collecting all egos
- */
-#define ID_REST_STATE_INIT 0
-
-/**
- * Done collecting egos
- */
-#define ID_REST_STATE_POST_INIT 1
-
-/**
- * The configuration handle
- */
-const struct GNUNET_CONFIGURATION_Handle *cfg;
-
-/**
- * HTTP methods allows for this plugin
- */
-static char* allow_methods;
-
-/**
- * @brief struct returned by the initialization function of the plugin
- */
-struct Plugin
-{
- const struct GNUNET_CONFIGURATION_Handle *cfg;
-};
-
-/**
- * The ego list
- */
-struct EgoEntry
-{
- /**
- * DLL
- */
- struct EgoEntry *next;
-
- /**
- * DLL
- */
- struct EgoEntry *prev;
-
- /**
- * Ego Identifier
- */
- char *identifier;
-
- /**
- * Public key string
- */
- char *keystring;
-
- /**
- * The Ego
- */
- struct GNUNET_IDENTITY_Ego *ego;
-};
-
-
-struct RequestHandle
-{
- /**
- * Ego list
- */
- struct EgoEntry *ego_head;
-
- /**
- * Ego list
- */
- struct EgoEntry *ego_tail;
-
- /**
- * Selected ego
- */
- struct EgoEntry *ego_entry;
-
- /**
- * Pointer to ego private key
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key;
-
- /**
- * The processing state
- */
- int state;
-
- /**
- * Handle to Identity service.
- */
- struct GNUNET_IDENTITY_Handle *identity_handle;
-
- /**
- * Rest connection
- */
- struct GNUNET_REST_RequestHandle *rest_handle;
-
- /**
- * Handle to NAMESTORE
- */
- struct GNUNET_NAMESTORE_Handle *namestore_handle;
-
- /**
- * Iterator for NAMESTORE
- */
- struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it;
-
- /**
- * Attribute claim list
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
-
- /**
- * IDENTITY Operation
- */
- struct GNUNET_IDENTITY_Operation *op;
-
- /**
- * Identity Provider
- */
- struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
-
- /**
- * Idp Operation
- */
- struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
-
- /**
- * Attribute iterator
- */
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
-
- /**
- * Ticket iterator
- */
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
-
- /**
- * A ticket
- */
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-
- /**
- * Desired timeout for the lookup (default is no timeout).
- */
- struct GNUNET_TIME_Relative timeout;
-
- /**
- * ID of a task associated with the resolution process.
- */
- struct GNUNET_SCHEDULER_Task *timeout_task;
-
- /**
- * The plugin result processor
- */
- GNUNET_REST_ResultProcessor proc;
-
- /**
- * The closure of the result processor
- */
- void *proc_cls;
-
- /**
- * The url
- */
- char *url;
-
- /**
- * Error response message
- */
- char *emsg;
-
- /**
- * Reponse code
- */
- int response_code;
-
- /**
- * Response object
- */
- struct GNUNET_JSONAPI_Document *resp_object;
-
-};
-
-/**
- * Cleanup lookup handle
- * @param handle Handle to clean up
- */
-static void
-cleanup_handle (struct RequestHandle *handle)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
- struct EgoEntry *ego_entry;
- struct EgoEntry *ego_tmp;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Cleaning up\n");
- if (NULL != handle->resp_object)
- GNUNET_JSONAPI_document_delete (handle->resp_object);
- if (NULL != handle->timeout_task)
- GNUNET_SCHEDULER_cancel (handle->timeout_task);
- if (NULL != handle->identity_handle)
- GNUNET_IDENTITY_disconnect (handle->identity_handle);
- if (NULL != handle->attr_it)
- GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
- if (NULL != handle->ticket_it)
- GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
- if (NULL != handle->idp)
- GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
- if (NULL != handle->url)
- GNUNET_free (handle->url);
- if (NULL != handle->emsg)
- GNUNET_free (handle->emsg);
- if (NULL != handle->namestore_handle)
- GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
- if ( NULL != handle->attr_list )
- {
- for (claim_entry = handle->attr_list->list_head;
- NULL != claim_entry;)
- {
- claim_tmp = claim_entry;
- claim_entry = claim_entry->next;
- GNUNET_free(claim_tmp->claim);
- GNUNET_free(claim_tmp);
- }
- GNUNET_free (handle->attr_list);
- }
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;)
- {
- ego_tmp = ego_entry;
- ego_entry = ego_entry->next;
- GNUNET_free (ego_tmp->identifier);
- GNUNET_free (ego_tmp->keystring);
- GNUNET_free (ego_tmp);
- }
- if (NULL != handle->attr_it)
- {
- GNUNET_free(handle->attr_it);
- }
- GNUNET_free (handle);
-}
-
-static void
-cleanup_handle_delayed (void *cls)
-{
- cleanup_handle (cls);
-}
-
-
-/**
- * Task run on error, sends error message. Cleans up everything.
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-do_error (void *cls)
-{
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
- char *json_error;
-
- GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }",
- handle->emsg);
- if ( 0 == handle->response_code )
- {
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- }
- resp = GNUNET_REST_create_response (json_error);
- MHD_add_response_header (resp, "Content-Type", "application/json");
- handle->proc (handle->proc_cls, resp, handle->response_code);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- GNUNET_free (json_error);
-}
-
-
-/**
- * Task run on timeout, sends error message. Cleans up everything.
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-do_timeout (void *cls)
-{
- struct RequestHandle *handle = cls;
-
- handle->timeout_task = NULL;
- do_error (handle);
-}
-
-
-static void
-collect_error_cb (void *cls)
-{
- struct RequestHandle *handle = cls;
-
- do_error (handle);
-}
-
-static void
-finished_cont (void *cls,
- int32_t success,
- const char *emsg)
-{
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
-
- resp = GNUNET_REST_create_response (emsg);
- if (GNUNET_OK != success)
- {
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
-}
-
-
-/**
- * Return attributes for identity
- *
- * @param cls the request handle
- */
-static void
-return_response (void *cls)
-{
- char* result_str;
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
-
- GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
- resp = GNUNET_REST_create_response (result_str);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_free (result_str);
- cleanup_handle (handle);
-}
-
-static void
-collect_finished_cb (void *cls)
-{
- struct RequestHandle *handle = cls;
- //Done
- handle->attr_it = NULL;
- handle->ticket_it = NULL;
- GNUNET_SCHEDULER_add_now (&return_response, handle);
-}
-
-
-/**
- * Collect all attributes for an ego
- *
- */
-static void
-ticket_collect (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
-{
- struct GNUNET_JSONAPI_Resource *json_resource;
- struct RequestHandle *handle = cls;
- json_t *value;
- char* tmp;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n");
- tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
- sizeof (uint64_t));
- json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET,
- tmp);
- GNUNET_free (tmp);
- GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
-
- tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- value = json_string (tmp);
- GNUNET_JSONAPI_resource_add_attr (json_resource,
- "issuer",
- value);
- GNUNET_free (tmp);
- json_decref (value);
- tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- value = json_string (tmp);
- GNUNET_JSONAPI_resource_add_attr (json_resource,
- "audience",
- value);
- GNUNET_free (tmp);
- json_decref (value);
- tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
- sizeof (uint64_t));
- value = json_string (tmp);
- GNUNET_JSONAPI_resource_add_attr (json_resource,
- "rnd",
- value);
- GNUNET_free (tmp);
- json_decref (value);
- GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (handle->ticket_it);
-}
-
-
-
-/**
- * List tickets for identity request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- char *identity;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting tickets for %s.\n",
- handle->url);
- if ( strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >=
- strlen (handle->url))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1;
-
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;
- ego_entry = ego_entry->next)
- if (0 == strcmp (identity, ego_entry->identifier))
- break;
- handle->resp_object = GNUNET_JSONAPI_document_new ();
-
- if (NULL == ego_entry)
- {
- //Done
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n",
- identity);
- GNUNET_SCHEDULER_add_now (&return_response, handle);
- return;
- }
- priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->ticket_it = GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (handle->idp,
- priv_key,
- &collect_error_cb,
- handle,
- &ticket_collect,
- handle,
- &collect_finished_cb,
- handle);
-}
-
-
-static void
-add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
- const char* identity;
- const char* name_str;
- const char* value_str;
- const char* exp_str;
-
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- struct MHD_Response *resp;
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
- struct GNUNET_JSONAPI_Document *json_obj;
- struct GNUNET_JSONAPI_Resource *json_res;
- struct GNUNET_TIME_Relative exp;
- char term_data[handle->rest_handle->data_size+1];
- json_t *value_json;
- json_t *data_json;
- json_t *exp_json;
- json_error_t err;
- struct GNUNET_JSON_Specification docspec[] = {
- GNUNET_JSON_spec_jsonapi_document (&json_obj),
- GNUNET_JSON_spec_end()
- };
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n",
- handle->url);
- if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
- strlen (handle->url))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
-
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;
- ego_entry = ego_entry->next)
- if (0 == strcmp (identity, ego_entry->identifier))
- break;
-
- if (NULL == ego_entry)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Identity unknown (%s)\n", identity);
- GNUNET_JSONAPI_document_delete (json_obj);
- return;
- }
- identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-
- if (0 >= handle->rest_handle->data_size)
- {
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- term_data[handle->rest_handle->data_size] = '\0';
- GNUNET_memcpy (term_data,
- handle->rest_handle->data,
- handle->rest_handle->data_size);
- data_json = json_loads (term_data,
- JSON_DECODE_ANY,
- &err);
- GNUNET_assert (GNUNET_OK ==
- GNUNET_JSON_parse (data_json, docspec,
- NULL, NULL));
- json_decref (data_json);
- if (NULL == json_obj)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to parse JSONAPI Object from %s\n",
- term_data);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- if (1 != GNUNET_JSONAPI_document_resource_count (json_obj))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Cannot create more than 1 resource! (Got %d)\n",
- GNUNET_JSONAPI_document_resource_count (json_obj));
- GNUNET_JSONAPI_document_delete (json_obj);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
- if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
- GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unsupported JSON data type\n");
- GNUNET_JSONAPI_document_delete (json_obj);
- resp = GNUNET_REST_create_response (NULL);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT);
- cleanup_handle (handle);
- return;
- }
- name_str = GNUNET_JSONAPI_resource_get_id (json_res);
- exp_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "exp");
- exp_str = json_string_value (exp_json);
- if (NULL == exp_str) {
- exp = GNUNET_TIME_UNIT_HOURS;
- } else {
- if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str,
- &exp)) {
- exp = GNUNET_TIME_UNIT_HOURS;
- }
- }
-
- value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "value");
- value_str = json_string_value (value_json);
- attribute = GNUNET_IDENTITY_ATTRIBUTE_claim_new (name_str,
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- value_str,
- strlen (value_str) + 1);
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
- identity_priv,
- attribute,
- &exp,
- &finished_cont,
- handle);
- GNUNET_free (attribute);
- GNUNET_JSONAPI_document_delete (json_obj);
-}
-
-
-
-/**
- * Collect all attributes for an ego
- *
- */
-static void
-attr_collect (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- struct GNUNET_JSONAPI_Resource *json_resource;
- struct RequestHandle *handle = cls;
- json_t *value;
- char* tmp_value;
-
- if ((NULL == attr->name) || (NULL == attr->data))
- {
- GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
- return;
- }
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
- attr->name);
- json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
- attr->name);
- GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
-
- tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
- attr->data,
- attr->data_size);
-
- value = json_string (tmp_value);
-
- GNUNET_JSONAPI_resource_add_attr (json_resource,
- "value",
- value);
- json_decref (value);
- GNUNET_free(tmp_value);
- GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
-}
-
-
-
-/**
- * List attributes for identity request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- char *identity;
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n",
- handle->url);
- if ( strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) >=
- strlen (handle->url))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES) + 1;
-
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;
- ego_entry = ego_entry->next)
- if (0 == strcmp (identity, ego_entry->identifier))
- break;
- handle->resp_object = GNUNET_JSONAPI_document_new ();
-
-
- if (NULL == ego_entry)
- {
- //Done
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n",
- identity);
- GNUNET_SCHEDULER_add_now (&return_response, handle);
- return;
- }
- priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (handle->idp,
- priv_key,
- &collect_error_cb,
- handle,
- &attr_collect,
- handle,
- &collect_finished_cb,
- handle);
-}
-
-
-static void
-revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
- const char* identity_str;
- const char* audience_str;
- const char* rnd_str;
-
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- struct MHD_Response *resp;
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
- struct GNUNET_JSONAPI_Document *json_obj;
- struct GNUNET_JSONAPI_Resource *json_res;
- struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
- char term_data[handle->rest_handle->data_size+1];
- json_t *rnd_json;
- json_t *identity_json;
- json_t *audience_json;
- json_t *data_json;
- json_error_t err;
- struct GNUNET_JSON_Specification docspec[] = {
- GNUNET_JSON_spec_jsonapi_document (&json_obj),
- GNUNET_JSON_spec_end()
- };
-
- if (0 >= handle->rest_handle->data_size)
- {
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- term_data[handle->rest_handle->data_size] = '\0';
- GNUNET_memcpy (term_data,
- handle->rest_handle->data,
- handle->rest_handle->data_size);
- data_json = json_loads (term_data,
- JSON_DECODE_ANY,
- &err);
- GNUNET_assert (GNUNET_OK ==
- GNUNET_JSON_parse (data_json, docspec,
- NULL, NULL));
- json_decref (data_json);
- if (NULL == json_obj)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to parse JSONAPI Object from %s\n",
- term_data);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- if (1 != GNUNET_JSONAPI_document_resource_count (json_obj))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Cannot create more than 1 resource! (Got %d)\n",
- GNUNET_JSONAPI_document_resource_count (json_obj));
- GNUNET_JSONAPI_document_delete (json_obj);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
- if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
- GNUNET_REST_JSONAPI_IDENTITY_TICKET))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unsupported JSON data type\n");
- GNUNET_JSONAPI_document_delete (json_obj);
- resp = GNUNET_REST_create_response (NULL);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT);
- cleanup_handle (handle);
- return;
- }
- rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "rnd");
- identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "identity");
- audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "audience");
- rnd_str = json_string_value (rnd_json);
- identity_str = json_string_value (identity_json);
- audience_str = json_string_value (audience_json);
-
- GNUNET_STRINGS_string_to_data (rnd_str,
- strlen (rnd_str),
- &ticket.rnd,
- sizeof (uint64_t));
- GNUNET_STRINGS_string_to_data (identity_str,
- strlen (identity_str),
- &ticket.identity,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_STRINGS_string_to_data (audience_str,
- strlen (audience_str),
- &ticket.audience,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;
- ego_entry = ego_entry->next)
- {
- GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
- &tmp_pk);
- if (0 == memcmp (&ticket.identity,
- &tmp_pk,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
- break;
- }
- if (NULL == ego_entry)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Identity unknown (%s)\n", identity_str);
- GNUNET_JSONAPI_document_delete (json_obj);
- return;
- }
- identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
-
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_revoke (handle->idp,
- identity_priv,
- &ticket,
- &finished_cont,
- handle);
- GNUNET_JSONAPI_document_delete (json_obj);
-}
-
-static void
-consume_cont (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- struct RequestHandle *handle = cls;
- struct GNUNET_JSONAPI_Resource *json_resource;
- json_t *value;
-
- if (NULL == identity)
- {
- GNUNET_SCHEDULER_add_now (&return_response, handle);
- return;
- }
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
- attr->name);
- json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE,
- attr->name);
- GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
-
- value = json_string (attr->data);
- GNUNET_JSONAPI_resource_add_attr (json_resource,
- "value",
- value);
- json_decref (value);
-}
-
-static void
-consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
- const char* identity_str;
- const char* audience_str;
- const char* rnd_str;
-
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- struct MHD_Response *resp;
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
- struct GNUNET_JSONAPI_Document *json_obj;
- struct GNUNET_JSONAPI_Resource *json_res;
- struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
- char term_data[handle->rest_handle->data_size+1];
- json_t *rnd_json;
- json_t *identity_json;
- json_t *audience_json;
- json_t *data_json;
- json_error_t err;
- struct GNUNET_JSON_Specification docspec[] = {
- GNUNET_JSON_spec_jsonapi_document (&json_obj),
- GNUNET_JSON_spec_end()
- };
-
- if (0 >= handle->rest_handle->data_size)
- {
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- term_data[handle->rest_handle->data_size] = '\0';
- GNUNET_memcpy (term_data,
- handle->rest_handle->data,
- handle->rest_handle->data_size);
- data_json = json_loads (term_data,
- JSON_DECODE_ANY,
- &err);
- GNUNET_assert (GNUNET_OK ==
- GNUNET_JSON_parse (data_json, docspec,
- NULL, NULL));
- json_decref (data_json);
- if (NULL == json_obj)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unable to parse JSONAPI Object from %s\n",
- term_data);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- if (1 != GNUNET_JSONAPI_document_resource_count (json_obj))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Cannot create more than 1 resource! (Got %d)\n",
- GNUNET_JSONAPI_document_resource_count (json_obj));
- GNUNET_JSONAPI_document_delete (json_obj);
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
- if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
- GNUNET_REST_JSONAPI_IDENTITY_TICKET))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Unsupported JSON data type\n");
- GNUNET_JSONAPI_document_delete (json_obj);
- resp = GNUNET_REST_create_response (NULL);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT);
- cleanup_handle (handle);
- return;
- }
- rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "rnd");
- identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "identity");
- audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
- "audience");
- rnd_str = json_string_value (rnd_json);
- identity_str = json_string_value (identity_json);
- audience_str = json_string_value (audience_json);
-
- GNUNET_STRINGS_string_to_data (rnd_str,
- strlen (rnd_str),
- &ticket.rnd,
- sizeof (uint64_t));
- GNUNET_STRINGS_string_to_data (identity_str,
- strlen (identity_str),
- &ticket.identity,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
- GNUNET_STRINGS_string_to_data (audience_str,
- strlen (audience_str),
- &ticket.audience,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
-
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;
- ego_entry = ego_entry->next)
- {
- GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
- &tmp_pk);
- if (0 == memcmp (&ticket.audience,
- &tmp_pk,
- sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
- break;
- }
- if (NULL == ego_entry)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Identity unknown (%s)\n", identity_str);
- GNUNET_JSONAPI_document_delete (json_obj);
- return;
- }
- identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
- handle->resp_object = GNUNET_JSONAPI_document_new ();
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (handle->idp,
- identity_priv,
- &ticket,
- &consume_cont,
- handle);
- GNUNET_JSONAPI_document_delete (json_obj);
-}
-
-
-
-/**
- * Respond to OPTIONS request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-options_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- struct MHD_Response *resp;
- struct RequestHandle *handle = cls;
-
- //For now, independent of path return all options
- resp = GNUNET_REST_create_response (NULL);
- MHD_add_response_header (resp,
- "Access-Control-Allow-Methods",
- allow_methods);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- cleanup_handle (handle);
- return;
-}
-
-/**
- * Handle rest request
- *
- * @param handle the request handle
- */
-static void
-init_cont (struct RequestHandle *handle)
-{
- struct GNUNET_REST_RequestHandlerError err;
- static const struct GNUNET_REST_RequestHandler handlers[] = {
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &list_attribute_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_ATTRIBUTES, &add_attribute_cont},
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
- {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_PROVIDER,
- &options_cont},
- GNUNET_REST_HANDLER_END
- };
-
- if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle,
- handlers,
- &err,
- handle))
- {
- handle->response_code = err.error_code;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- }
-}
-
-/**
- * If listing is enabled, prints information about the egos.
- *
- * This function is initially called for all egos and then again
- * whenever a ego's identifier changes or if it is deleted. At the
- * end of the initial pass over all egos, the function is once called
- * with 'NULL' for 'ego'. That does NOT mean that the callback won't
- * be invoked in the future or that there was an error.
- *
- * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
- * this function is only called ONCE, and 'NULL' being passed in
- * 'ego' does indicate an error (i.e. name is taken or no default
- * value is known). If 'ego' is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
- * that one was not NULL).
- *
- * When an identity is renamed, this function is called with the
- * (known) ego but the NEW identifier.
- *
- * When an identity is deleted, this function is called with the
- * (known) ego and "NULL" for the 'identifier'. In this case,
- * the 'ego' is henceforth invalid (and the 'ctx' should also be
- * cleaned up).
- *
- * @param cls closure
- * @param ego ego handle
- * @param ctx context for application to store data for this ego
- * (during the lifetime of this process, initially NULL)
- * @param identifier identifier assigned by the user for this ego,
- * NULL if the user just deleted the ego and it
- * must thus no longer be used
- */
-static void
-list_ego (void *cls,
- struct GNUNET_IDENTITY_Ego *ego,
- void **ctx,
- const char *identifier)
-{
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- struct GNUNET_CRYPTO_EcdsaPublicKey pk;
-
- if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
- {
- handle->state = ID_REST_STATE_POST_INIT;
- init_cont (handle);
- return;
- }
- if (ID_REST_STATE_INIT == handle->state) {
- ego_entry = GNUNET_new (struct EgoEntry);
- GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
- ego_entry->keystring =
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
- ego_entry->ego = ego;
- ego_entry->identifier = GNUNET_strdup (identifier);
- GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
- }
-
-}
-
-static void
-rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
- GNUNET_REST_ResultProcessor proc,
- void *proc_cls)
-{
- struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
- handle->response_code = 0;
- handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
- handle->proc_cls = proc_cls;
- handle->proc = proc;
- handle->state = ID_REST_STATE_INIT;
- handle->rest_handle = rest_handle;
-
- handle->url = GNUNET_strdup (rest_handle->url);
- if (handle->url[strlen (handle->url)-1] == '/')
- handle->url[strlen (handle->url)-1] = '\0';
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Connecting...\n");
- handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
- &list_ego,
- handle);
- handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
- handle->timeout_task =
- GNUNET_SCHEDULER_add_delayed (handle->timeout,
- &do_timeout,
- handle);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Connected\n");
-}
-
-/**
- * Entry point for the plugin.
- *
- * @param cls Config info
- * @return NULL on error, otherwise the plugin context
- */
-void *
-libgnunet_plugin_rest_identity_provider_init (void *cls)
-{
- static struct Plugin plugin;
- struct GNUNET_REST_Plugin *api;
-
- cfg = cls;
- if (NULL != plugin.cfg)
- return NULL; /* can only initialize once! */
- memset (&plugin, 0, sizeof (struct Plugin));
- plugin.cfg = cfg;
- api = GNUNET_new (struct GNUNET_REST_Plugin);
- api->cls = &plugin;
- api->name = GNUNET_REST_API_NS_IDENTITY_PROVIDER;
- api->process_request = &rest_identity_process_request;
- GNUNET_asprintf (&allow_methods,
- "%s, %s, %s, %s, %s",
- MHD_HTTP_METHOD_GET,
- MHD_HTTP_METHOD_POST,
- MHD_HTTP_METHOD_PUT,
- MHD_HTTP_METHOD_DELETE,
- MHD_HTTP_METHOD_OPTIONS);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- _("Identity Provider REST API initialized\n"));
- return api;
-}
-
-
-/**
- * Exit point from the plugin.
- *
- * @param cls the plugin context (as returned by "init")
- * @return always NULL
- */
-void *
-libgnunet_plugin_rest_identity_provider_done (void *cls)
-{
- struct GNUNET_REST_Plugin *api = cls;
- struct Plugin *plugin = api->cls;
- plugin->cfg = NULL;
-
- GNUNET_free_non_null (allow_methods);
- GNUNET_free (api);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Identity Provider REST plugin is finished\n");
- return NULL;
-}
-
-/* end of plugin_rest_identity_provider.c */
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2012-2015 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-/**
- * @author Martin Schanzenbach
- * @author Philippe Buschmann
- * @file identity/plugin_rest_openid_connect.c
- * @brief GNUnet Namestore REST plugin
- *
- */
-
-#include "platform.h"
-#include "gnunet_rest_plugin.h"
-#include "gnunet_identity_service.h"
-#include "gnunet_gns_service.h"
-#include "gnunet_gnsrecord_lib.h"
-#include "gnunet_namestore_service.h"
-#include "gnunet_rest_lib.h"
-#include "gnunet_jsonapi_lib.h"
-#include "gnunet_jsonapi_util.h"
-#include "microhttpd.h"
-#include <jansson.h>
-#include <inttypes.h>
-#include "gnunet_signatures.h"
-#include "gnunet_identity_attribute_lib.h"
-#include "gnunet_identity_provider_service.h"
-#include "jwt.h"
-
-/**
- * REST root namespace
- */
-#define GNUNET_REST_API_NS_OIDC "/openid"
-
-/**
- * Authorize endpoint
- */
-#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize"
-
-/**
- * Token endpoint
- */
-#define GNUNET_REST_API_NS_TOKEN "/openid/token"
-
-/**
- * UserInfo endpoint
- */
-#define GNUNET_REST_API_NS_USERINFO "/openid/userinfo"
-
-/**
- * Login namespace
- */
-#define GNUNET_REST_API_NS_LOGIN "/openid/login"
-
-/**
- * Attribute key
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE "attribute"
-
-/**
- * Ticket key
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket"
-
-
-/**
- * Value key
- */
-#define GNUNET_REST_JSONAPI_IDENTITY_ATTRIBUTE_VALUE "value"
-
-/**
- * State while collecting all egos
- */
-#define ID_REST_STATE_INIT 0
-
-/**
- * Done collecting egos
- */
-#define ID_REST_STATE_POST_INIT 1
-
-/**
- * OIDC grant_type key
- */
-#define OIDC_GRANT_TYPE_KEY "grant_type"
-
-/**
- * OIDC grant_type key
- */
-#define OIDC_GRANT_TYPE_VALUE "authorization_code"
-
-/**
- * OIDC code key
- */
-#define OIDC_CODE_KEY "code"
-
-/**
- * OIDC response_type key
- */
-#define OIDC_RESPONSE_TYPE_KEY "response_type"
-
-/**
- * OIDC client_id key
- */
-#define OIDC_CLIENT_ID_KEY "client_id"
-
-/**
- * OIDC scope key
- */
-#define OIDC_SCOPE_KEY "scope"
-
-/**
- * OIDC redirect_uri key
- */
-#define OIDC_REDIRECT_URI_KEY "redirect_uri"
-
-/**
- * OIDC state key
- */
-#define OIDC_STATE_KEY "state"
-
-/**
- * OIDC nonce key
- */
-#define OIDC_NONCE_KEY "nonce"
-
-/**
- * OIDC cookie header key
- */
-#define OIDC_COOKIE_HEADER_KEY "cookie"
-
-/**
- * OIDC cookie header information key
- */
-#define OIDC_AUTHORIZATION_HEADER_KEY "authorization"
-
-/**
- * OIDC cookie header information key
- */
-#define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity="
-
-/**
- * OIDC expected response_type while authorizing
- */
-#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code"
-
-/**
- * OIDC expected scope part while authorizing
- */
-#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid"
-
-/**
- * OIDC ignored parameter array
- */
-static char* OIDC_ignored_parameter_array [] =
-{
- "display",
- "prompt",
- "max_age",
- "ui_locales",
- "response_mode",
- "id_token_hint",
- "login_hint",
- "acr_values"
-};
-
-/**
- * OIDC authorized identities and times hashmap
- */
-struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time;
-
-/**
- * OIDC authorized identities and times hashmap
- */
-struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants;
-
-/**
- * OIDC ticket/code use only once
- */
-struct GNUNET_CONTAINER_MultiHashMap *OIDC_ticket_once;
-
-/**
- * OIDC access_token to ticket and ego
- */
-struct GNUNET_CONTAINER_MultiHashMap *OIDC_interpret_access_token;
-
-/**
- * The configuration handle
- */
-const struct GNUNET_CONFIGURATION_Handle *cfg;
-
-/**
- * HTTP methods allows for this plugin
- */
-static char* allow_methods;
-
-/**
- * @brief struct returned by the initialization function of the plugin
- */
-struct Plugin
-{
- const struct GNUNET_CONFIGURATION_Handle *cfg;
-};
-
-/**
- * OIDC needed variables
- */
-struct OIDC_Variables
-{
- /**
- * The RP client public key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey;
-
- /**
- * The OIDC client id of the RP
- */
- char *client_id;
-
- /**
- * GNUNET_YES if there is a delegation to
- * this RP or if it is a local identity
- */
- int is_client_trusted;
-
- /**
- * The OIDC redirect uri
- */
- char *redirect_uri;
-
- /**
- * The list of oidc scopes
- */
- char *scope;
-
- /**
- * The OIDC state
- */
- char *state;
-
- /**
- * The OIDC nonce
- */
- char *nonce;
-
- /**
- * The OIDC response type
- */
- char *response_type;
-
- /**
- * The identity chosen by the user to login
- */
- char *login_identity;
-
- /**
- * The response JSON
- */
- json_t *response;
-
-};
-
-/**
- * The ego list
- */
-struct EgoEntry
-{
- /**
- * DLL
- */
- struct EgoEntry *next;
-
- /**
- * DLL
- */
- struct EgoEntry *prev;
-
- /**
- * Ego Identifier
- */
- char *identifier;
-
- /**
- * Public key string
- */
- char *keystring;
-
- /**
- * The Ego
- */
- struct GNUNET_IDENTITY_Ego *ego;
-};
-
-
-struct RequestHandle
-{
- /**
- * Ego list
- */
- struct EgoEntry *ego_head;
-
- /**
- * Ego list
- */
- struct EgoEntry *ego_tail;
-
- /**
- * Selected ego
- */
- struct EgoEntry *ego_entry;
-
- /**
- * Pointer to ego private key
- */
- struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key;
-
- /**
- * OIDC variables
- */
- struct OIDC_Variables *oidc;
-
- /**
- * The processing state
- */
- int state;
-
- /**
- * Handle to Identity service.
- */
- struct GNUNET_IDENTITY_Handle *identity_handle;
-
- /**
- * Rest connection
- */
- struct GNUNET_REST_RequestHandle *rest_handle;
-
- /**
- * Handle to NAMESTORE
- */
- struct GNUNET_NAMESTORE_Handle *namestore_handle;
-
- /**
- * Iterator for NAMESTORE
- */
- struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it;
-
- /**
- * Attribute claim list
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
-
- /**
- * IDENTITY Operation
- */
- struct GNUNET_IDENTITY_Operation *op;
-
- /**
- * Identity Provider
- */
- struct GNUNET_IDENTITY_PROVIDER_Handle *idp;
-
- /**
- * Idp Operation
- */
- struct GNUNET_IDENTITY_PROVIDER_Operation *idp_op;
-
- /**
- * Attribute iterator
- */
- struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *attr_it;
-
- /**
- * Ticket iterator
- */
- struct GNUNET_IDENTITY_PROVIDER_TicketIterator *ticket_it;
-
- /**
- * A ticket
- */
- struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
-
- /**
- * Desired timeout for the lookup (default is no timeout).
- */
- struct GNUNET_TIME_Relative timeout;
-
- /**
- * ID of a task associated with the resolution process.
- */
- struct GNUNET_SCHEDULER_Task *timeout_task;
-
- /**
- * The plugin result processor
- */
- GNUNET_REST_ResultProcessor proc;
-
- /**
- * The closure of the result processor
- */
- void *proc_cls;
-
- /**
- * The url
- */
- char *url;
-
- /**
- * The tld for redirect
- */
- char *tld;
-
- /**
- * Error response message
- */
- char *emsg;
-
- /**
- * Error response description
- */
- char *edesc;
-
- /**
- * Reponse code
- */
- int response_code;
-
- /**
- * Response object
- */
- struct GNUNET_JSONAPI_Document *resp_object;
-
-};
-
-/**
- * Cleanup lookup handle
- * @param handle Handle to clean up
- */
-static void
-cleanup_handle (struct RequestHandle *handle)
-{
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_entry;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *claim_tmp;
- struct EgoEntry *ego_entry;
- struct EgoEntry *ego_tmp;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Cleaning up\n");
- if (NULL != handle->resp_object)
- GNUNET_JSONAPI_document_delete (handle->resp_object);
- if (NULL != handle->timeout_task)
- GNUNET_SCHEDULER_cancel (handle->timeout_task);
- if (NULL != handle->identity_handle)
- GNUNET_IDENTITY_disconnect (handle->identity_handle);
- if (NULL != handle->attr_it)
- GNUNET_IDENTITY_PROVIDER_get_attributes_stop (handle->attr_it);
- if (NULL != handle->ticket_it)
- GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (handle->ticket_it);
- if (NULL != handle->idp)
- GNUNET_IDENTITY_PROVIDER_disconnect (handle->idp);
- if (NULL != handle->url)
- GNUNET_free (handle->url);
- if (NULL != handle->tld)
- GNUNET_free (handle->tld);
- if (NULL != handle->emsg)
- GNUNET_free (handle->emsg);
- if (NULL != handle->edesc)
- GNUNET_free (handle->edesc);
- if (NULL != handle->namestore_handle)
- GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
- if (NULL != handle->oidc)
- {
- if (NULL != handle->oidc->client_id)
- GNUNET_free(handle->oidc->client_id);
- if (NULL != handle->oidc->login_identity)
- GNUNET_free(handle->oidc->login_identity);
- if (NULL != handle->oidc->nonce)
- GNUNET_free(handle->oidc->nonce);
- if (NULL != handle->oidc->redirect_uri)
- GNUNET_free(handle->oidc->redirect_uri);
- if (NULL != handle->oidc->response_type)
- GNUNET_free(handle->oidc->response_type);
- if (NULL != handle->oidc->scope)
- GNUNET_free(handle->oidc->scope);
- if (NULL != handle->oidc->state)
- GNUNET_free(handle->oidc->state);
- if (NULL != handle->oidc->response)
- json_decref(handle->oidc->response);
- GNUNET_free(handle->oidc);
- }
- if ( NULL != handle->attr_list )
- {
- for (claim_entry = handle->attr_list->list_head;
- NULL != claim_entry;)
- {
- claim_tmp = claim_entry;
- claim_entry = claim_entry->next;
- GNUNET_free(claim_tmp->claim);
- GNUNET_free(claim_tmp);
- }
- GNUNET_free (handle->attr_list);
- }
- for (ego_entry = handle->ego_head;
- NULL != ego_entry;)
- {
- ego_tmp = ego_entry;
- ego_entry = ego_entry->next;
- GNUNET_free (ego_tmp->identifier);
- GNUNET_free (ego_tmp->keystring);
- GNUNET_free (ego_tmp);
- }
- if (NULL != handle->attr_it)
- {
- GNUNET_free(handle->attr_it);
- }
- GNUNET_free (handle);
-}
-
-static void
-cleanup_handle_delayed (void *cls)
-{
- cleanup_handle (cls);
-}
-
-
-/**
- * Task run on error, sends error message. Cleans up everything.
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-do_error (void *cls)
-{
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
- char *json_error;
-
- GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
- handle->emsg,
- (NULL != handle->edesc) ? handle->edesc : "",
- (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
- (NULL != handle->oidc->state) ? handle->oidc->state : "",
- (NULL != handle->oidc->state) ? "\"" : "");
- if ( 0 == handle->response_code )
- {
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- }
- resp = GNUNET_REST_create_response (json_error);
- if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
- {
- MHD_add_response_header(resp, "WWW-Authenticate", "Basic");
- }
- MHD_add_response_header (resp, "Content-Type", "application/json");
- handle->proc (handle->proc_cls, resp, handle->response_code);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- GNUNET_free (json_error);
-}
-
-
-/**
- * Task run on error in userinfo endpoint, sends error header. Cleans up
- * everything
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-do_userinfo_error (void *cls)
-{
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
- char *error;
-
- GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"",
- handle->emsg,
- (NULL != handle->edesc) ? handle->edesc : "");
- resp = GNUNET_REST_create_response ("");
- MHD_add_response_header(resp, "WWW-Authenticate", error);
- handle->proc (handle->proc_cls, resp, handle->response_code);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- GNUNET_free (error);
-}
-
-
-/**
- * Task run on error, sends error message and redirects. Cleans up everything.
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-do_redirect_error (void *cls)
-{
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
- char* redirect;
- GNUNET_asprintf (&redirect,
- "%s?error=%s&error_description=%s%s%s",
- handle->oidc->redirect_uri, handle->emsg, handle->edesc,
- (NULL != handle->oidc->state) ? "&state=" : "",
- (NULL != handle->oidc->state) ? handle->oidc->state : "");
- resp = GNUNET_REST_create_response ("");
- MHD_add_response_header (resp, "Location", redirect);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- GNUNET_free (redirect);
-}
-
-/**
- * Task run on timeout, sends error message. Cleans up everything.
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-do_timeout (void *cls)
-{
- struct RequestHandle *handle = cls;
-
- handle->timeout_task = NULL;
- do_error (handle);
-}
-
-/**
- * Return attributes for claim
- *
- * @param cls the request handle
- */
-static void
-return_userinfo_response (void *cls)
-{
- char* result_str;
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
-
- result_str = json_dumps (handle->oidc->response, 0);
-
- resp = GNUNET_REST_create_response (result_str);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_free (result_str);
- cleanup_handle (handle);
-}
-
-/**
- * Returns base64 encoded string without padding
- *
- * @param string the string to encode
- * @return base64 encoded string
- */
-static char*
-base_64_encode(const char *s)
-{
- char *enc;
- char *tmp;
-
- GNUNET_STRINGS_base64_encode(s, strlen(s), &enc);
- tmp = strrchr (enc, '=');
- *tmp = '\0';
- return enc;
-}
-
-/**
- * Respond to OPTIONS request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-options_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- struct MHD_Response *resp;
- struct RequestHandle *handle = cls;
-
- //For now, independent of path return all options
- resp = GNUNET_REST_create_response (NULL);
- MHD_add_response_header (resp,
- "Access-Control-Allow-Methods",
- allow_methods);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- cleanup_handle (handle);
- return;
-}
-
-/**
- * Interprets cookie header and pass its identity keystring to handle
- */
-static void
-cookie_identity_interpretation (struct RequestHandle *handle)
-{
- struct GNUNET_HashCode cache_key;
- char *cookies;
- struct GNUNET_TIME_Absolute current_time, *relog_time;
- char delimiter[] = "; ";
-
- //gets identity of login try with cookie
- GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
- &cache_key);
- if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
- &cache_key) )
- {
- //splits cookies and find 'Identity' cookie
- cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
- handle->oidc->login_identity = strtok(cookies, delimiter);
-
- while ( NULL != handle->oidc->login_identity )
- {
- if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) )
- {
- break;
- }
- handle->oidc->login_identity = strtok (NULL, delimiter);
- }
- GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity),
- &cache_key);
- if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) )
- {
- relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time,
- &cache_key);
- current_time = GNUNET_TIME_absolute_get ();
- // 30 min after old login -> redirect to login
- if ( current_time.abs_value_us <= relog_time->abs_value_us )
- {
- handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY);
- handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity);
- }
- }
- else
- {
- handle->oidc->login_identity = NULL;
- }
- }
-}
-
-/**
- * Redirects to login page stored in configuration file
- */
-static void
-login_redirection(void *cls)
-{
- char *login_base_url;
- char *new_redirect;
- struct MHD_Response *resp;
- struct RequestHandle *handle = cls;
-
- if ( GNUNET_OK
- == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
- "address", &login_base_url) )
- {
- GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
- login_base_url,
- OIDC_RESPONSE_TYPE_KEY,
- handle->oidc->response_type,
- OIDC_CLIENT_ID_KEY,
- handle->oidc->client_id,
- OIDC_REDIRECT_URI_KEY,
- handle->oidc->redirect_uri,
- OIDC_SCOPE_KEY,
- handle->oidc->scope,
- OIDC_STATE_KEY,
- (NULL != handle->oidc->state) ? handle->oidc->state : "",
- OIDC_NONCE_KEY,
- (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "");
- resp = GNUNET_REST_create_response ("");
- MHD_add_response_header (resp, "Location", new_redirect);
- GNUNET_free(login_base_url);
- }
- else
- {
- handle->emsg = GNUNET_strdup("server_error");
- handle->edesc = GNUNET_strdup ("gnunet configuration failed");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_free(new_redirect);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
-}
-
-/**
- * Does internal server error when iteration failed.
- */
-static void
-oidc_iteration_error (void *cls)
-{
- struct RequestHandle *handle = cls;
- handle->emsg = GNUNET_strdup("INTERNAL_SERVER_ERROR");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
-}
-
-static void get_client_name_result (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
- const char *label,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- struct RequestHandle *handle = cls;
- struct MHD_Response *resp;
- char *ticket_str;
- char *redirect_uri;
- char *code_json_string;
- char *code_base64_final_string;
- char *redirect_path;
- char *tmp;
- char *tmp_prefix;
- char *prefix;
- ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
- sizeof (struct GNUNET_IDENTITY_PROVIDER_Ticket));
- //TODO change if more attributes are needed (see max_age)
- GNUNET_asprintf (&code_json_string, "{\"ticket\":\"%s\"%s%s%s}",
- ticket_str,
- (NULL != handle->oidc->nonce) ? ", \"nonce\":\"" : "",
- (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "",
- (NULL != handle->oidc->nonce) ? "\"" : "");
- code_base64_final_string = base_64_encode(code_json_string);
- tmp = GNUNET_strdup (handle->oidc->redirect_uri);
- redirect_path = strtok (tmp, "/");
- redirect_path = strtok (NULL, "/");
- redirect_path = strtok (NULL, "/");
- tmp_prefix = GNUNET_strdup (handle->oidc->redirect_uri);
- prefix = strrchr (tmp_prefix,
- (unsigned char) '.');
- *prefix = '\0';
- GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
- tmp_prefix,
- handle->tld,
- redirect_path,
- handle->oidc->response_type,
- code_base64_final_string, handle->oidc->state);
- resp = GNUNET_REST_create_response ("");
- MHD_add_response_header (resp, "Location", redirect_uri);
- handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- GNUNET_free (tmp);
- GNUNET_free (tmp_prefix);
- GNUNET_free (redirect_uri);
- GNUNET_free (ticket_str);
- GNUNET_free (code_json_string);
- GNUNET_free (code_base64_final_string);
- return;
-}
-
-static void
-get_client_name_error (void *cls)
-{
- struct RequestHandle *handle = cls;
-
- handle->emsg = GNUNET_strdup("server_error");
- handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client.");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
-}
-
-/**
- * Issues ticket and redirects to relying party with the authorization code as
- * parameter. Otherwise redirects with error
- */
-static void
-oidc_ticket_issue_cb (void* cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket)
-{
- struct RequestHandle *handle = cls;
- handle->idp_op = NULL;
- handle->ticket = *ticket;
- if (NULL != ticket) {
- GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
- &handle->priv_key,
- &handle->oidc->client_pkey,
- &get_client_name_error,
- handle,
- &get_client_name_result,
- handle);
- return;
- }
- handle->emsg = GNUNET_strdup("server_error");
- handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
-}
-
-static void
-oidc_collect_finished_cb (void *cls)
-{
- struct RequestHandle *handle = cls;
- handle->attr_it = NULL;
- handle->ticket_it = NULL;
- if (NULL == handle->attr_list->list_head)
- {
- handle->emsg = GNUNET_strdup("invalid_scope");
- handle->edesc = GNUNET_strdup("The requested scope is not available.");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
- handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_issue (handle->idp,
- &handle->priv_key,
- &handle->oidc->client_pkey,
- handle->attr_list,
- &oidc_ticket_issue_cb,
- handle);
-}
-
-
-/**
- * Collects all attributes for an ego if in scope parameter
- */
-static void
-oidc_attr_collect (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- struct RequestHandle *handle = cls;
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *le;
- char* scope_variables;
- char* scope_variable;
- char delimiter[]=" ";
-
- if ( (NULL == attr->name) || (NULL == attr->data) )
- {
- GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
- return;
- }
-
- scope_variables = GNUNET_strdup(handle->oidc->scope);
- scope_variable = strtok (scope_variables, delimiter);
- while (NULL != scope_variable)
- {
- if ( 0 == strcmp (attr->name, scope_variable) )
- {
- break;
- }
- scope_variable = strtok (NULL, delimiter);
- }
- if ( NULL == scope_variable )
- {
- GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
- GNUNET_free(scope_variables);
- return;
- }
- GNUNET_free(scope_variables);
-
- le = GNUNET_new(struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry);
- le->claim = GNUNET_IDENTITY_ATTRIBUTE_claim_new (attr->name, attr->type,
- attr->data, attr->data_size);
- GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
- handle->attr_list->list_tail, le);
- GNUNET_IDENTITY_PROVIDER_get_attributes_next (handle->attr_it);
-}
-
-
-/**
- * Checks time and cookie and redirects accordingly
- */
-static void
-login_check (void *cls)
-{
- struct RequestHandle *handle = cls;
- struct GNUNET_TIME_Absolute current_time, *relog_time;
- struct GNUNET_CRYPTO_EcdsaPublicKey pubkey, ego_pkey;
- struct GNUNET_HashCode cache_key;
- char *identity_cookie;
-
- GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity);
- GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
- GNUNET_free(identity_cookie);
- //No login time for identity -> redirect to login
- if ( GNUNET_YES
- == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time,
- &cache_key) )
- {
- relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time,
- &cache_key);
- current_time = GNUNET_TIME_absolute_get ();
- // 30 min after old login -> redirect to login
- if ( current_time.abs_value_us <= relog_time->abs_value_us )
- {
- if ( GNUNET_OK
- != GNUNET_CRYPTO_ecdsa_public_key_from_string (
- handle->oidc->login_identity,
- strlen (handle->oidc->login_identity), &pubkey) )
- {
- handle->emsg = GNUNET_strdup("invalid_cookie");
- handle->edesc = GNUNET_strdup(
- "The cookie of a login identity is not valid");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
- // iterate over egos and compare their public key
- for (handle->ego_entry = handle->ego_head;
- NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
- {
- GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
- if ( 0
- == memcmp (&ego_pkey, &pubkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
- handle->ego_entry->ego);
- handle->resp_object = GNUNET_JSONAPI_document_new ();
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->attr_list = GNUNET_new(
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- handle->attr_it = GNUNET_IDENTITY_PROVIDER_get_attributes_start (
- handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
- &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
- return;
- }
- }
- handle->emsg = GNUNET_strdup("invalid_cookie");
- handle->edesc = GNUNET_strdup(
- "The cookie of the login identity is not valid");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
- }
-}
-
-/**
- * Searches for client_id in namestore. If found trust status stored in handle
- * Else continues to search
- *
- * @param handle the RequestHandle
- */
-static void
-namestore_iteration_callback (
- void *cls, const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
- const char *rname, unsigned int rd_len,
- const struct GNUNET_GNSRECORD_Data *rd)
-{
- struct RequestHandle *handle = cls;
- struct GNUNET_CRYPTO_EcdsaPublicKey login_identity_pkey;
- struct GNUNET_CRYPTO_EcdsaPublicKey current_zone_pkey;
- int i;
-
- for (i = 0; i < rd_len; i++)
- {
- if ( GNUNET_GNSRECORD_TYPE_PKEY != rd[i].record_type )
- continue;
-
- if ( NULL != handle->oidc->login_identity )
- {
- GNUNET_CRYPTO_ecdsa_public_key_from_string (
- handle->oidc->login_identity,
- strlen (handle->oidc->login_identity),
- &login_identity_pkey);
- GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego,
- ¤t_zone_pkey);
-
- if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- if ( 0 == memcmp (&login_identity_pkey, ¤t_zone_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- handle->oidc->is_client_trusted = GNUNET_YES;
- }
- }
- }
- else
- {
- if ( 0 == memcmp (rd[i].data, &handle->oidc->client_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- handle->oidc->is_client_trusted = GNUNET_YES;
- }
- }
- }
-
- GNUNET_NAMESTORE_zone_iterator_next (handle->namestore_handle_it,
- 1);
-}
-
-
-/**
- * Iteration over all results finished, build final
- * response.
- *
- * @param cls the `struct RequestHandle`
- */
-static void
-namestore_iteration_finished (void *cls)
-{
- struct RequestHandle *handle = cls;
- struct GNUNET_HashCode cache_key;
-
- char *expected_scope;
- char delimiter[]=" ";
- int number_of_ignored_parameter, iterator;
-
-
- handle->ego_entry = handle->ego_entry->next;
-
- if(NULL != handle->ego_entry)
- {
- handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego);
- handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (handle->namestore_handle, &handle->priv_key,
- &oidc_iteration_error, handle, &namestore_iteration_callback, handle,
- &namestore_iteration_finished, handle);
- return;
- }
- if (GNUNET_NO == handle->oidc->is_client_trusted)
- {
- handle->emsg = GNUNET_strdup("unauthorized_client");
- handle->edesc = GNUNET_strdup("The client is not authorized to request an "
- "authorization code using this method.");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- // REQUIRED value: redirect_uri
- GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
- &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->edesc=GNUNET_strdup("missing parameter redirect_uri");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key));
-
- // REQUIRED value: response_type
- GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
- &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->edesc=GNUNET_strdup("missing parameter response_type");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
- handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
- handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type);
-
- // REQUIRED value: scope
- GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->edesc=GNUNET_strdup("missing parameter scope");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
- handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
- handle->oidc->scope = GNUNET_strdup(handle->oidc->scope);
-
- //OPTIONAL value: nonce
- GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key);
- if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
- handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
- }
-
- //TODO check other values if needed
- number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
- for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
- {
- GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
- strlen(OIDC_ignored_parameter_array[iterator]),
- &cache_key);
- if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->emsg=GNUNET_strdup("access_denied");
- GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s",
- OIDC_ignored_parameter_array[iterator]);
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
- }
-
- // Checks if response_type is 'code'
- if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) )
- {
- handle->emsg=GNUNET_strdup("unsupported_response_type");
- handle->edesc=GNUNET_strdup("The authorization server does not support "
- "obtaining this authorization code.");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- return;
- }
-
- // Checks if scope contains 'openid'
- expected_scope = GNUNET_strdup(handle->oidc->scope);
- char* test;
- test = strtok (expected_scope, delimiter);
- while (NULL != test)
- {
- if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) )
- {
- break;
- }
- test = strtok (NULL, delimiter);
- }
- if (NULL == test)
- {
- handle->emsg = GNUNET_strdup("invalid_scope");
- handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or "
- "malformed.");
- GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
- GNUNET_free(expected_scope);
- return;
- }
-
- GNUNET_free(expected_scope);
-
- if( NULL != handle->oidc->login_identity )
- {
- GNUNET_SCHEDULER_add_now(&login_check,handle);
- return;
- }
-
- GNUNET_SCHEDULER_add_now(&login_redirection,handle);
-}
-
-/**
- * Responds to authorization GET and url-encoded POST request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- struct RequestHandle *handle = cls;
- struct GNUNET_HashCode cache_key;
- struct EgoEntry *tmp_ego;
- struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
-
- cookie_identity_interpretation(handle);
-
- //RECOMMENDED value: state - REQUIRED for answers
- GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
- if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key);
- handle->oidc->state = GNUNET_strdup (handle->oidc->state);
- }
-
- // REQUIRED value: client_id
- GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
- &cache_key);
- if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
- &cache_key))
- {
- handle->emsg=GNUNET_strdup("invalid_request");
- handle->edesc=GNUNET_strdup("missing parameter client_id");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
- &cache_key));
-
- if ( GNUNET_OK
- != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
- strlen (handle->oidc->client_id),
- &handle->oidc->client_pkey) )
- {
- handle->emsg = GNUNET_strdup("unauthorized_client");
- handle->edesc = GNUNET_strdup("The client is not authorized to request an "
- "authorization code using this method.");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
-
- if ( NULL == handle->ego_head )
- {
- handle->emsg = GNUNET_strdup("server_error");
- handle->edesc = GNUNET_strdup ("Egos are missing");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- handle->ego_entry = handle->ego_head;
- handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
- handle->oidc->is_client_trusted = GNUNET_NO;
-
- //First check if client_id is one of our egos; TODO: handle other TLD cases: Delegation, from config
- for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
- {
- priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
- GNUNET_CRYPTO_ecdsa_key_get_public (priv_key,
- &pkey);
- if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey,
- sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
- {
- handle->tld = GNUNET_strdup (tmp_ego->identifier);
- handle->oidc->is_client_trusted = GNUNET_YES;
- handle->ego_entry = handle->ego_tail;
- }
- }
-
-
- // Checks if client_id is valid:
- handle->namestore_handle_it = GNUNET_NAMESTORE_zone_iteration_start (
- handle->namestore_handle, &handle->priv_key, &oidc_iteration_error,
- handle, &namestore_iteration_callback, handle,
- &namestore_iteration_finished, handle);
-}
-
-/**
- * Combines an identity with a login time and responds OK to login request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-login_cont (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- struct MHD_Response *resp = GNUNET_REST_create_response ("");
- struct RequestHandle *handle = cls;
- struct GNUNET_HashCode cache_key;
- struct GNUNET_TIME_Absolute *current_time;
- struct GNUNET_TIME_Absolute *last_time;
- char* cookie;
- json_t *root;
- json_error_t error;
- json_t *identity;
- char term_data[handle->rest_handle->data_size+1];
- term_data[handle->rest_handle->data_size] = '\0';
- GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size);
- root = json_loads (term_data, JSON_DECODE_ANY, &error);
- identity = json_object_get (root, "identity");
- if ( json_is_string(identity) )
- {
- GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
- MHD_add_response_header (resp, "Set-Cookie", cookie);
- MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
- GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
-
- current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
- *current_time = GNUNET_TIME_relative_to_absolute (
- GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_minute_ (),
- 30));
- last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
- if (NULL != last_time)
- {
- GNUNET_free(last_time);
- }
- GNUNET_CONTAINER_multihashmap_put (
- OIDC_identity_login_time, &cache_key, current_time,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
-
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
- GNUNET_free(cookie);
- }
- else
- {
- handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
- }
- json_decref (root);
- GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
- return;
-}
-
-/**
- * Responds to token url-encoded POST request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url,
- void *cls)
-{
- //TODO static strings
- struct RequestHandle *handle = cls;
- struct GNUNET_HashCode cache_key;
- char *authorization, *credentials;
- char delimiter[]=" ";
- char delimiter_user_psw[]=":";
- char *grant_type, *code;
- char *user_psw = NULL, *client_id, *psw;
- char *expected_psw;
- int client_exists = GNUNET_NO;
- struct MHD_Response *resp;
- char* code_output;
- json_t *root, *ticket_string, *nonce, *max_age;
- json_error_t error;
- char *json_response;
-
- /*
- * Check Authorization
- */
- GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
- strlen (OIDC_AUTHORIZATION_HEADER_KEY),
- &cache_key);
- if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
- &cache_key) )
- {
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->edesc=GNUNET_strdup("missing authorization");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- authorization = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
-
- //split header in "Basic" and [content]
- credentials = strtok (authorization, delimiter);
- if (0 != strcmp ("Basic",credentials))
- {
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- credentials = strtok(NULL, delimiter);
- if (NULL == credentials)
- {
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- GNUNET_STRINGS_base64_decode (credentials, strlen (credentials), &user_psw);
-
- if ( NULL == user_psw )
- {
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- client_id = strtok (user_psw, delimiter_user_psw);
- if ( NULL == client_id )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- psw = strtok (NULL, delimiter_user_psw);
- if (NULL == psw)
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- //check client password
- if ( GNUNET_OK
- == GNUNET_CONFIGURATION_get_value_string (cfg, "identity-rest-plugin",
- "psw", &expected_psw) )
- {
- if (0 != strcmp (expected_psw, psw))
- {
- GNUNET_free_non_null(user_psw);
- GNUNET_free(expected_psw);
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- GNUNET_free(expected_psw);
- }
- else
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("server_error");
- handle->edesc = GNUNET_strdup ("gnunet configuration failed");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- //check client_id
- for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; )
- {
- if ( 0 == strcmp(handle->ego_entry->keystring, client_id))
- {
- client_exists = GNUNET_YES;
- break;
- }
- handle->ego_entry = handle->ego_entry->next;
- }
- if (GNUNET_NO == client_exists)
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg=GNUNET_strdup("invalid_client");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- /*
- * Check parameter
- */
-
- //TODO Do not allow multiple equal parameter names
- //REQUIRED grant_type
- GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key);
- if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->url_param_map, &cache_key) )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("missing parameter grant_type");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- grant_type = GNUNET_CONTAINER_multihashmap_get (
- handle->rest_handle->url_param_map, &cache_key);
-
- //REQUIRED code
- GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
- if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->url_param_map, &cache_key) )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("missing parameter code");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
- &cache_key);
-
- //REQUIRED redirect_uri
- GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
- &cache_key);
- if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->url_param_map, &cache_key) )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- //Check parameter grant_type == "authorization_code"
- if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg=GNUNET_strdup("unsupported_grant_type");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
- GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
- int i = 1;
- if ( GNUNET_SYSERR
- == GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
- &cache_key,
- &i,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("Cannot use the same code more than once");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- //decode code
- GNUNET_STRINGS_base64_decode(code,strlen(code),&code_output);
- root = json_loads (code_output, 0, &error);
- GNUNET_free(code_output);
- ticket_string = json_object_get (root, "ticket");
- nonce = json_object_get (root, "nonce");
- max_age = json_object_get (root, "max_age");
-
- if(ticket_string == NULL && !json_is_string(ticket_string))
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("invalid code");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
-
- struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
- if ( GNUNET_OK
- != GNUNET_STRINGS_string_to_data (json_string_value(ticket_string),
- strlen (json_string_value(ticket_string)),
- ticket,
- sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("invalid code");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- GNUNET_free(ticket);
- return;
- }
- // this is the current client (relying party)
- struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
- GNUNET_IDENTITY_ego_get_public_key(handle->ego_entry->ego,&pub_key);
- if (0 != memcmp(&pub_key,&ticket->audience,sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("invalid code");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- GNUNET_free(ticket);
- return;
- }
-
- //create jwt
- unsigned long long int expiration_time;
- if ( GNUNET_OK
- != GNUNET_CONFIGURATION_get_value_number(cfg, "identity-rest-plugin",
- "expiration_time", &expiration_time) )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("server_error");
- handle->edesc = GNUNET_strdup ("gnunet configuration failed");
- handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- GNUNET_free(ticket);
- return;
- }
-
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *cl = GNUNET_new (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList);
- //aud REQUIRED public key client_id must be there
- GNUNET_IDENTITY_ATTRIBUTE_list_add(cl,
- "aud",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- client_id,
- strlen(client_id));
- //exp REQUIRED time expired from config
- struct GNUNET_TIME_Absolute exp_time = GNUNET_TIME_relative_to_absolute (
- GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
- expiration_time));
- const char* exp_time_string = GNUNET_STRINGS_absolute_time_to_string(exp_time);
- GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "exp",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- exp_time_string,
- strlen(exp_time_string));
- //iat REQUIRED time now
- struct GNUNET_TIME_Absolute time_now = GNUNET_TIME_absolute_get();
- const char* time_now_string = GNUNET_STRINGS_absolute_time_to_string(time_now);
- GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "iat",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- time_now_string,
- strlen(time_now_string));
- //nonce only if nonce is provided
- if ( NULL != nonce && json_is_string(nonce) )
- {
- GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "nonce",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- json_string_value(nonce),
- strlen(json_string_value(nonce)));
- }
- //auth_time only if max_age is provided
- if ( NULL != max_age && json_is_string(max_age) )
- {
- GNUNET_IDENTITY_ATTRIBUTE_list_add (cl,
- "auth_time",
- GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING,
- json_string_value(max_age),
- strlen(json_string_value(max_age)));
- }
- //TODO OPTIONAL acr,amr,azp
-
- struct EgoEntry *ego_entry;
- for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
- {
- GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
- if (0 == memcmp (&pub_key, &ticket->audience, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
- {
- break;
- }
- }
- if ( NULL == ego_entry )
- {
- GNUNET_free_non_null(user_psw);
- handle->emsg = GNUNET_strdup("invalid_request");
- handle->edesc = GNUNET_strdup("invalid code....");
- handle->response_code = MHD_HTTP_BAD_REQUEST;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- GNUNET_free(ticket);
- return;
- }
- char *id_token = jwt_create_from_list(&ticket->audience,
- cl,
- GNUNET_IDENTITY_ego_get_private_key(ego_entry->ego));
-
- //Create random access_token
- char* access_token_number;
- char* access_token;
- uint64_t random_number;
- random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
- GNUNET_asprintf(&access_token_number, "%" PRIu64, random_number);
- GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
-
-
-
- //TODO OPTIONAL add refresh_token and scope
- GNUNET_asprintf (&json_response,
- "{ \"access_token\" : \"%s\", "
- "\"token_type\" : \"Bearer\", "
- "\"expires_in\" : %d, "
- "\"id_token\" : \"%s\"}",
- access_token,
- expiration_time,
- id_token);
- GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
- char *id_ticket_combination;
- GNUNET_asprintf(&id_ticket_combination,
- "%s;%s",
- client_id,
- json_string_value(ticket_string));
- GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
- &cache_key,
- id_ticket_combination,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
-
- resp = GNUNET_REST_create_response (json_response);
- MHD_add_response_header (resp, "Cache-Control", "no-store");
- MHD_add_response_header (resp, "Pragma", "no-cache");
- MHD_add_response_header (resp, "Content-Type", "application/json");
- handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
-
- GNUNET_IDENTITY_ATTRIBUTE_list_destroy(cl);
- GNUNET_free(access_token_number);
- GNUNET_free(access_token);
- GNUNET_free(user_psw);
- GNUNET_free(json_response);
- GNUNET_free(ticket);
- GNUNET_free(id_token);
- json_decref (root);
- GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
-}
-
-/**
- * Collects claims and stores them in handle
- */
-static void
-consume_ticket (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr)
-{
- struct RequestHandle *handle = cls;
- char *tmp_value;
- json_t *value;
-
- if (NULL == identity)
- {
- GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
- return;
- }
-
- tmp_value = GNUNET_IDENTITY_ATTRIBUTE_value_to_string (attr->type,
- attr->data,
- attr->data_size);
-
- value = json_string (tmp_value);
-
-
- json_object_set_new (handle->oidc->response,
- attr->name,
- value);
- GNUNET_free (tmp_value);
-}
-
-/**
- * Responds to userinfo GET and url-encoded POST request
- *
- * @param con_handle the connection handle
- * @param url the url
- * @param cls the RequestHandle
- */
-static void
-userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
- const char* url, void *cls)
-{
- //TODO expiration time
- struct RequestHandle *handle = cls;
- char delimiter[] = " ";
- char delimiter_db[] = ";";
- struct GNUNET_HashCode cache_key;
- char *authorization, *authorization_type, *authorization_access_token;
- char *client_ticket, *client, *ticket_str;
- struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket;
-
- GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
- strlen (OIDC_AUTHORIZATION_HEADER_KEY),
- &cache_key);
- if ( GNUNET_NO
- == GNUNET_CONTAINER_multihashmap_contains (
- handle->rest_handle->header_param_map, &cache_key) )
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("No Access Token");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- return;
- }
- authorization = GNUNET_CONTAINER_multihashmap_get (
- handle->rest_handle->header_param_map, &cache_key);
-
- //split header in "Bearer" and access_token
- authorization = GNUNET_strdup(authorization);
- authorization_type = strtok (authorization, delimiter);
- if ( 0 != strcmp ("Bearer", authorization_type) )
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("No Access Token");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
- authorization_access_token = strtok (NULL, delimiter);
- if ( NULL == authorization_access_token )
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("No Access Token");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
-
- GNUNET_CRYPTO_hash (authorization_access_token,
- strlen (authorization_access_token),
- &cache_key);
- if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token,
- &cache_key) )
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("The Access Token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(authorization);
- return;
- }
-
- client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token,
- &cache_key);
- client_ticket = GNUNET_strdup(client_ticket);
- client = strtok(client_ticket,delimiter_db);
- if (NULL == client)
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("The Access Token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(authorization);
- GNUNET_free(client_ticket);
- return;
- }
- handle->ego_entry = handle->ego_head;
- for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
- {
- if (0 == strcmp(handle->ego_entry->keystring,client))
- {
- break;
- }
- }
- if (NULL == handle->ego_entry)
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("The Access Token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(authorization);
- GNUNET_free(client_ticket);
- return;
- }
- ticket_str = strtok(NULL, delimiter_db);
- if (NULL == ticket_str)
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("The Access Token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(authorization);
- GNUNET_free(client_ticket);
- return;
- }
- ticket = GNUNET_new(struct GNUNET_IDENTITY_PROVIDER_Ticket);
- if ( GNUNET_OK
- != GNUNET_STRINGS_string_to_data (ticket_str,
- strlen (ticket_str),
- ticket,
- sizeof(struct GNUNET_IDENTITY_PROVIDER_Ticket)))
- {
- handle->emsg = GNUNET_strdup("invalid_token");
- handle->edesc = GNUNET_strdup("The Access Token expired");
- handle->response_code = MHD_HTTP_UNAUTHORIZED;
- GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
- GNUNET_free(ticket);
- GNUNET_free(authorization);
- GNUNET_free(client_ticket);
- return;
- }
-
- handle->idp = GNUNET_IDENTITY_PROVIDER_connect (cfg);
- handle->oidc->response = json_object();
- json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring));
- handle->idp_op = GNUNET_IDENTITY_PROVIDER_ticket_consume (
- handle->idp,
- GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
- ticket,
- consume_ticket,
- handle);
- GNUNET_free(ticket);
- GNUNET_free(authorization);
- GNUNET_free(client_ticket);
-
-}
-
-
-/**
- * Handle rest request
- *
- * @param handle the request handle
- */
-static void
-init_cont (struct RequestHandle *handle)
-{
- struct GNUNET_REST_RequestHandlerError err;
- static const struct GNUNET_REST_RequestHandler handlers[] = {
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
- {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
- {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC,
- &options_cont},
- GNUNET_REST_HANDLER_END
- };
-
- if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle,
- handlers,
- &err,
- handle))
- {
- handle->response_code = err.error_code;
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- }
-}
-
-/**
- * If listing is enabled, prints information about the egos.
- *
- * This function is initially called for all egos and then again
- * whenever a ego's identifier changes or if it is deleted. At the
- * end of the initial pass over all egos, the function is once called
- * with 'NULL' for 'ego'. That does NOT mean that the callback won't
- * be invoked in the future or that there was an error.
- *
- * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
- * this function is only called ONCE, and 'NULL' being passed in
- * 'ego' does indicate an error (i.e. name is taken or no default
- * value is known). If 'ego' is non-NULL and if '*ctx'
- * is set in those callbacks, the value WILL be passed to a subsequent
- * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
- * that one was not NULL).
- *
- * When an identity is renamed, this function is called with the
- * (known) ego but the NEW identifier.
- *
- * When an identity is deleted, this function is called with the
- * (known) ego and "NULL" for the 'identifier'. In this case,
- * the 'ego' is henceforth invalid (and the 'ctx' should also be
- * cleaned up).
- *
- * @param cls closure
- * @param ego ego handle
- * @param ctx context for application to store data for this ego
- * (during the lifetime of this process, initially NULL)
- * @param identifier identifier assigned by the user for this ego,
- * NULL if the user just deleted the ego and it
- * must thus no longer be used
- */
-static void
-list_ego (void *cls,
- struct GNUNET_IDENTITY_Ego *ego,
- void **ctx,
- const char *identifier)
-{
- struct RequestHandle *handle = cls;
- struct EgoEntry *ego_entry;
- struct GNUNET_CRYPTO_EcdsaPublicKey pk;
-
- if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
- {
- handle->state = ID_REST_STATE_POST_INIT;
- init_cont (handle);
- return;
- }
- if (ID_REST_STATE_INIT == handle->state) {
- ego_entry = GNUNET_new (struct EgoEntry);
- GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
- ego_entry->keystring =
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
- ego_entry->ego = ego;
- ego_entry->identifier = GNUNET_strdup (identifier);
- GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
- return;
- }
- /* Ego renamed or added */
- if (identifier != NULL) {
- for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) {
- if (ego_entry->ego == ego) {
- /* Rename */
- GNUNET_free (ego_entry->identifier);
- ego_entry->identifier = GNUNET_strdup (identifier);
- break;
- }
- }
- if (NULL == ego_entry) {
- /* Add */
- ego_entry = GNUNET_new (struct EgoEntry);
- GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
- ego_entry->keystring =
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
- ego_entry->ego = ego;
- ego_entry->identifier = GNUNET_strdup (identifier);
- GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
- }
- } else {
- /* Delete */
- for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) {
- if (ego_entry->ego == ego)
- break;
- }
- if (NULL != ego_entry)
- GNUNET_CONTAINER_DLL_remove(handle->ego_head,handle->ego_tail, ego_entry);
- }
-
-}
-
-static void
-rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
- GNUNET_REST_ResultProcessor proc,
- void *proc_cls)
-{
- struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
- handle->oidc = GNUNET_new (struct OIDC_Variables);
- if ( NULL == OIDC_identity_login_time )
- OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
- if ( NULL == OIDC_identity_grants )
- OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
- if ( NULL == OIDC_ticket_once )
- OIDC_ticket_once = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
- if ( NULL == OIDC_interpret_access_token )
- OIDC_interpret_access_token = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
- handle->response_code = 0;
- handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
- handle->proc_cls = proc_cls;
- handle->proc = proc;
- handle->state = ID_REST_STATE_INIT;
- handle->rest_handle = rest_handle;
-
- handle->url = GNUNET_strdup (rest_handle->url);
- if (handle->url[strlen (handle->url)-1] == '/')
- handle->url[strlen (handle->url)-1] = '\0';
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Connecting...\n");
- handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
- &list_ego,
- handle);
- handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
- handle->timeout_task =
- GNUNET_SCHEDULER_add_delayed (handle->timeout,
- &do_timeout,
- handle);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Connected\n");
-}
-
-/**
- * Entry point for the plugin.
- *
- * @param cls Config info
- * @return NULL on error, otherwise the plugin context
- */
-void *
-libgnunet_plugin_rest_openid_connect_init (void *cls)
-{
- static struct Plugin plugin;
- struct GNUNET_REST_Plugin *api;
-
- cfg = cls;
- if (NULL != plugin.cfg)
- return NULL; /* can only initialize once! */
- memset (&plugin, 0, sizeof (struct Plugin));
- plugin.cfg = cfg;
- api = GNUNET_new (struct GNUNET_REST_Plugin);
- api->cls = &plugin;
- api->name = GNUNET_REST_API_NS_OIDC;
- api->process_request = &rest_identity_process_request;
- GNUNET_asprintf (&allow_methods,
- "%s, %s, %s, %s, %s",
- MHD_HTTP_METHOD_GET,
- MHD_HTTP_METHOD_POST,
- MHD_HTTP_METHOD_PUT,
- MHD_HTTP_METHOD_DELETE,
- MHD_HTTP_METHOD_OPTIONS);
-
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- _("Identity Provider REST API initialized\n"));
- return api;
-}
-
-
-/**
- * Exit point from the plugin.
- *
- * @param cls the plugin context (as returned by "init")
- * @return always NULL
- */
-void *
-libgnunet_plugin_rest_openid_connect_done (void *cls)
-{
- struct GNUNET_REST_Plugin *api = cls;
- struct Plugin *plugin = api->cls;
- plugin->cfg = NULL;
-
- struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
- void *value = NULL;
- hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (
- OIDC_identity_login_time);
- while (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
- {
- if (NULL != value)
- GNUNET_free(value);
- }
- GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time);
- hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants);
- while (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
- {
- if (NULL != value)
- GNUNET_free(value);
- }
- GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants);
- hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_ticket_once);
- while (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
- {
- if (NULL != value)
- GNUNET_free(value);
- }
- GNUNET_CONTAINER_multihashmap_destroy(OIDC_ticket_once);
- hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_interpret_access_token);
- while (GNUNET_YES ==
- GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
- {
- if (NULL != value)
- GNUNET_free(value);
- }
- GNUNET_CONTAINER_multihashmap_destroy(OIDC_interpret_access_token);
- GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it);
- GNUNET_free_non_null (allow_methods);
- GNUNET_free (api);
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Identity Provider REST plugin is finished\n");
- return NULL;
-}
-
-/* end of plugin_rest_identity_provider.c */
+++ /dev/null
-@INLINE@ test_idp_defaults.conf
-
-[PATHS]
-GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-peer-1/
-
-[dht]
-START_ON_DEMAND = YES
-
-[rest]
-START_ON_DEMAND = YES
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=$GNUNET_TMP/restlog
-
-[transport]
-PLUGINS =
-
-[identity-provider]
-START_ON_DEMAND = YES
-#PREFIX = valgrind --leak-check=full --show-leak-kinds=all --track-origins=yes --log-file=$GNUNET_TMP/idplog
-
-[gns]
-#PREFIX = valgrind --leak-check=full --track-origins=yes
-START_ON_DEMAND = YES
-AUTO_IMPORT_PKEY = YES
-MAX_PARALLEL_BACKGROUND_QUERIES = 10
-DEFAULT_LOOKUP_TIMEOUT = 15 s
-RECORD_PUT_INTERVAL = 1 h
-ZONE_PUBLISH_TIME_WINDOW = 1 h
-DNS_ROOT=PD67SGHF3E0447TU9HADIVU9OM7V4QHTOG0EBU69TFRI2LG63DR0
-
-[identity-rest-plugin]
-address = http://localhost:8000/#/login
-psw = mysupersecretpassword
-expiration_time = 3600
+++ /dev/null
-#!/bin/bash
-#trap "gnunet-arm -e -c test_idp_lookup.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
- LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
- echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
- exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-# (1) PKEY1.user -> PKEY2.resu.user
-# (2) PKEY2.resu -> PKEY3
-# (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-valgrind gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-gnunet-idp -e testego -D -c test_idp.conf
-gnunet-arm -e -c test_idp.conf
+++ /dev/null
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
- LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
- echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
- exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-# (1) PKEY1.user -> PKEY2.resu.user
-# (2) PKEY2.resu -> PKEY3
-# (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
- echo "Failed."
- exit 1
-fi
-
-#curl localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
+++ /dev/null
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
- LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
- echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
- exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-# (1) PKEY1.user -> PKEY2.resu.user
-# (2) PKEY2.resu -> PKEY3
-# (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e testego -a name -V John -c test_idp.conf
-TICKET=$(gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf | awk '{print $1}')
-gnunet-idp -e rpego -C $TICKET -c test_idp.conf > /dev/null 2>&1
-
-if test $? != 0
-then
- "Failed."
- exit 1
-fi
-#curl http://localhost:7776/idp/tickets/testego
-gnunet-arm -e -c test_idp.conf
+++ /dev/null
-@INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf
-
-[PATHS]
-GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-testing/
-
-[namestore-sqlite]
-FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db
-
-[namecache-sqlite]
-FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db
-
-[identity]
-# Directory where we store information about our egos
-EGODIR = $GNUNET_TEST_HOME/identity/egos/
-
-[dhtcache]
-DATABASE = heap
-
-[transport]
-PLUGINS = tcp
-
-[transport-tcp]
-BINDTO = 127.0.0.1
-
+++ /dev/null
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
- LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
- echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
- exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-# (1) PKEY1.user -> PKEY2.resu.user
-# (2) PKEY2.resu -> PKEY3
-# (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf
-#gnunet-arm -i rest -c test_idp.conf
-gnunet-identity -C testego -c test_idp.conf
-gnunet-identity -C rpego -c test_idp.conf
-SUBJECT_KEY=$(gnunet-identity -d -c test_idp.conf | grep rpego | awk '{print $3}')
-TEST_KEY=$(gnunet-identity -d -c test_idp.conf | grep testego | awk '{print $3}')
-gnunet-idp -e testego -a email -V john@doe.gnu -c test_idp.conf > /dev/null 2>&1
-gnunet-idp -e testego -a name -V John -c test_idp.conf > /dev/null 2>&1
-#gnunet-idp -e testego -D -c test_idp.conf
-gnunet-idp -e testego -i "email,name" -r $SUBJECT_KEY -c test_idp.conf > /dev/null 2>&1
-if test $? != 0
-then
- echo "Failed."
- exit 1
-fi
-#curl http://localhost:7776/idp/attributes/testego
-gnunet-arm -e -c test_idp.conf
+++ /dev/null
-#!/bin/bash
-trap "gnunet-arm -e -c test_idp.conf" SIGINT
-
-LOCATION=$(which gnunet-config)
-if [ -z $LOCATION ]
-then
- LOCATION="gnunet-config"
-fi
-$LOCATION --version 1> /dev/null
-if test $? != 0
-then
- echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
- exit 77
-fi
-
-rm -rf `gnunet-config -c test_idp.conf -s PATHS -o GNUNET_HOME -f`
-
-# (1) PKEY1.user -> PKEY2.resu.user
-# (2) PKEY2.resu -> PKEY3
-# (3) PKEY3.user -> PKEY4
-
-
-which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
-
-TEST_ATTR="test"
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-gnunet-identity -C alice -c test_idp.conf
-gnunet-identity -C bob -c test_idp.conf
-gnunet-identity -C eve -c test_idp.conf
-ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep alice | awk '{print $3}')
-BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}')
-EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}')
-
-gnunet-idp -e alice -E 15s -a email -V john@doe.gnu -c test_idp.conf
-gnunet-idp -e alice -E 15s -a name -V John -c test_idp.conf
-TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf | awk '{print $1}')
-#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf
-TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk '{print $1}')
-
-#echo "Consuming $TICKET"
-#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf
-gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf
-
-#sleep 6
-
-gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf 2&>1 >/dev/null
-if test $? == 0
-then
- echo "Eve can still resolve attributes..."
- gnunet-arm -e -c test_idp.conf
- exit 1
-fi
-
-gnunet-arm -e -c test_idp.conf
-gnunet-arm -s -c test_idp.conf 2&>1 > /dev/null
-
-gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf 2&>1 >/dev/null
-if test $? != 0
-then
- echo "Bob cannot resolve attributes..."
- gnunet-arm -e -c test_idp.conf
- exit 1
-fi
-
-gnunet-arm -e -c test_idp.conf
struct GNUNET_MQ_Envelope *env;
struct GNUNET_SERVICE_Client *client = cls;
struct Ego *ego;
- const char *name;
+ char *name;
char *identifier;
- name = (const char *) &gdm[1];
+ name = GNUNET_strdup ((const char *) &gdm[1]);
+ GNUNET_STRINGS_utf8_tolower ((const char *) &gdm[1], name);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received GET_DEFAULT for service `%s' from client\n",
name);
{
send_result_code (client, 1, gettext_noop ("no default known"));
GNUNET_SERVICE_client_continue (client);
+ GNUNET_free (name);
return;
}
for (ego = ego_head; NULL != ego; ego = ego->next)
GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client), env);
GNUNET_SERVICE_client_continue (client);
GNUNET_free (identifier);
+ GNUNET_free (name);
return;
}
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Failed to find ego `%s'\n",
name);
+ GNUNET_free (name);
send_result_code (client, 1,
gettext_noop ("default configured, but ego unknown (internal error)"));
GNUNET_SERVICE_client_continue (client);
{
struct Ego *ego;
struct GNUNET_SERVICE_Client *client = cls;
- const char *str;
+ char *str;
+
+ str = GNUNET_strdup ((const char *) &sdm[1]);
+ GNUNET_STRINGS_utf8_tolower ((const char *) &sdm[1], str);
- str = (const char *) &sdm[1];
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received SET_DEFAULT for service `%s' from client\n",
str);
subsystem_cfg_file);
send_result_code (client, 0, NULL);
GNUNET_SERVICE_client_continue (client);
+ GNUNET_free (str);
return;
}
}
send_result_code (client, 1, _("Unknown ego specified for service (internal error)"));
+ GNUNET_free (str);
GNUNET_SERVICE_client_continue (client);
}
{
struct GNUNET_SERVICE_Client *client = cls;
struct Ego *ego;
- const char *str;
+ char *str;
char *fn;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received CREATE message from client\n");
- str = (const char *) &crm[1];
+ str = GNUNET_strdup ((const char *) &crm[1]);
+ GNUNET_STRINGS_utf8_tolower ((const char *) &crm[1], str);
for (ego = ego_head; NULL != ego; ego = ego->next)
{
if (0 == strcmp (ego->identifier,
{
send_result_code (client, 1, gettext_noop ("identifier already in use for another ego"));
GNUNET_SERVICE_client_continue (client);
+ GNUNET_free (str);
return;
}
}
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
"write", fn);
GNUNET_free (fn);
+ GNUNET_free (str);
notify_listeners (ego);
GNUNET_SERVICE_client_continue (client);
}
{
uint16_t old_name_len;
struct Ego *ego;
- const char *old_name;
- const char *new_name;
+ char *old_name;
+ char *new_name;
struct RenameContext rename_ctx;
struct GNUNET_SERVICE_Client *client = cls;
char *fn_old;
char *fn_new;
+ const char *old_name_tmp;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received RENAME message from client\n");
old_name_len = ntohs (rm->old_name_len);
- old_name = (const char *) &rm[1];
- new_name = &old_name[old_name_len];
+ old_name_tmp = (const char *) &rm[1];
+ old_name = GNUNET_strdup (old_name_tmp);
+ GNUNET_STRINGS_utf8_tolower (old_name_tmp, old_name);
+ new_name = GNUNET_strdup (&old_name_tmp[old_name_len]);
+ GNUNET_STRINGS_utf8_tolower (&old_name_tmp[old_name_len], old_name);
/* check if new name is already in use */
for (ego = ego_head; NULL != ego; ego = ego->next)
{
send_result_code (client, 1, gettext_noop ("target name already exists"));
GNUNET_SERVICE_client_continue (client);
+ GNUNET_free (old_name);
+ GNUNET_free (new_name);
return;
}
}
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING, "rename", fn_old);
GNUNET_free (fn_old);
GNUNET_free (fn_new);
+ GNUNET_free (old_name);
+ GNUNET_free (new_name);
notify_listeners (ego);
send_result_code (client, 0, NULL);
GNUNET_SERVICE_client_continue (client);
/* failed to locate old name */
send_result_code (client, 1, gettext_noop ("no matching ego found"));
+ GNUNET_free (old_name);
+ GNUNET_free (new_name);
GNUNET_SERVICE_client_continue (client);
}
const struct DeleteMessage *dm)
{
struct Ego *ego;
- const char *name;
+ char *name;
char *fn;
struct GNUNET_SERVICE_Client *client = cls;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received DELETE message from client\n");
- name = (const char *) &dm[1];
+ name = GNUNET_strdup ((const char *) &dm[1]);
+ GNUNET_STRINGS_utf8_tolower ((const char *) &dm[1], name);
+
for (ego = ego_head; NULL != ego; ego = ego->next)
{
if (0 == strcmp (ego->identifier,
notify_listeners (ego);
GNUNET_free (ego->pk);
GNUNET_free (ego);
+ GNUNET_free (name);
send_result_code (client, 0, NULL);
GNUNET_SERVICE_client_continue (client);
return;
}
send_result_code (client, 1, gettext_noop ("no matching ego found"));
+ GNUNET_free (name);
GNUNET_SERVICE_client_continue (client);
}
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
el->identity = GNUNET_IDENTITY_connect (cfg,
&identity_cb,
el);
+ if (NULL == el->identity)
+ {
+ GNUNET_free (el->name);
+ GNUNET_free (el);
+ return NULL;
+ }
return el;
}
json_decref (name_str);
GNUNET_JSONAPI_document_resource_add (json_document, json_resource);
}
- if (0 == GNUNET_JSONAPI_document_resource_count (json_document))
- {
- GNUNET_JSONAPI_document_delete (json_document);
- handle->emsg = GNUNET_strdup ("No identities found!");
- GNUNET_SCHEDULER_add_now (&do_error, handle);
- return;
- }
GNUNET_JSONAPI_document_serialize (json_document, &result_str);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
resp = GNUNET_REST_create_response (result_str);
gnunet_hello_lib.h \
gnunet_helper_lib.h \
gnunet_identity_service.h \
- gnunet_identity_provider_service.h \
+ gnunet_reclaim_service.h \
gnunet_json_lib.h \
gnunet_jsonapi_lib.h \
gnunet_jsonapi_util.h \
* Delete a CP-ABE key.
*
* @param key the key to delete
- * @param delete_pub GNUNE_YES if the public key should also be freed (bug in gabe)
+ * @param delete_pub GNUNET_YES if the public key should also be freed (bug in gabe)
* @return fresh private key; free using #GNUNET_free
*/
void
* @param tsize the target size for the resulting vector, use 0 to
* free the vector (then, arr will be NULL afterwards).
*/
-#define GNUNET_array_grow(arr,size,tsize) GNUNET_xgrow_((void**)&arr, sizeof(arr[0]), &size, tsize, __FILE__, __LINE__)
+#define GNUNET_array_grow(arr,size,tsize) GNUNET_xgrow_((void**)&(arr), sizeof((arr)[0]), &size, tsize, __FILE__, __LINE__)
/**
* @ingroup memory
* array size
* @param element the element that will be appended to the array
*/
-#define GNUNET_array_append(arr,size,element) do { GNUNET_array_grow(arr,size,size+1); arr[size-1] = element; } while(0)
+#define GNUNET_array_append(arr,size,element) do { GNUNET_array_grow(arr,size,size+1); (arr)[size-1] = element; } while(0)
/**
* @ingroup memory
/**
- * Public ECC key (always for Curve25519) encoded in a format suitable
- * for network transmission and EdDSA signatures.
+ * Public ECC key (always for curve Ed25519) encoded in a format
+ * suitable for network transmission and EdDSA signatures.
*/
struct GNUNET_CRYPTO_EddsaPublicKey
{
/**
- * Q consists of an x- and a y-value, each mod p (256 bits), given
- * here in affine coordinates and Ed25519 standard compact format.
+ * Point Q consists of a y-value mod p (256 bits); the x-value is
+ * always positive. The point is stored in Ed25519 standard
+ * compact format.
*/
unsigned char q_y[256 / 8];
GNUNET_CRYPTO_hash_context_abort (struct GNUNET_HashContext *hc);
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
+ *
+ * @param key secret key
+ * @param key_len secret key length
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
+ const void *plaintext, size_t plaintext_len,
+ struct GNUNET_HashCode *hmac);
+
+
/**
* @ingroup hash
* Calculate HMAC of a message (RFC 2104)
#define GNUNET_DNSPARSER_TYPE_OPENPGPKEY 61
#define GNUNET_DNSPARSER_TYPE_TKEY 249
#define GNUNET_DNSPARSER_TYPE_TSIG 250
+#define GNUNET_DNSPARSER_TYPE_ALL 255
#define GNUNET_DNSPARSER_TYPE_URI 256
#define GNUNET_DNSPARSER_TYPE_TA 32768
size_t udp_payload_length,
size_t *off);
+/* ***************** low-level duplication API ******************** */
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_Record *
+GNUNET_DNSPARSER_duplicate_record (const struct GNUNET_DNSPARSER_Record *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SoaRecord *
+GNUNET_DNSPARSER_duplicate_soa_record (const struct GNUNET_DNSPARSER_SoaRecord *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_duplicate_cert_record (const struct GNUNET_DNSPARSER_CertRecord *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_MxRecord *
+GNUNET_DNSPARSER_duplicate_mx_record (const struct GNUNET_DNSPARSER_MxRecord *r);
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SrvRecord *
+GNUNET_DNSPARSER_duplicate_srv_record (const struct GNUNET_DNSPARSER_SrvRecord *r);
+
+
/* ***************** low-level deallocation API ******************** */
/**
*/
#define GNUNET_GNSRECORD_TYPE_ABE_MASTER 65551
+/**
+ * Record type for reclaim OIDC clients
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT 65552
+
+/**
+ * Record type for reclaim OIDC redirect URIs
+ */
+#define GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT 65553
+
/**
* Flags that can be set for a record.
*/
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2017 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @author Martin Schanzenbach
- *
- * @file
- * Identity attribute definitions
- *
- * @defgroup identity-provider Identity Provider service
- * @{
- */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H
-#define GNUNET_IDENTITY_ATTRIBUTE_LIB_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0 /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-#include "gnunet_util_lib.h"
-
-
-/**
- * No value attribute.
- */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_NONE 0
-
-/**
- * String attribute.
- */
-#define GNUNET_IDENTITY_ATTRIBUTE_TYPE_STRING 1
-
-
-
-/**
- * An attribute.
- */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim
-{
- /**
- * The name of the attribute. Note "name" must never be individually
- * free'd
- */
- const char* name;
-
- /**
- * Type of Claim
- */
- uint32_t type;
-
- /**
- * Version
- */
- uint32_t version;
-
- /**
- * Number of bytes in @e data.
- */
- size_t data_size;
-
- /**
- * Binary value stored as attribute value. Note: "data" must never
- * be individually 'malloc'ed, but instead always points into some
- * existing data area.
- */
- const void *data;
-
-};
-
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList
-{
- /**
- * List head
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_head;
-
- /**
- * List tail
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *list_tail;
-};
-
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry
-{
- /**
- * DLL
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *prev;
-
- /**
- * DLL
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_ClaimListEntry *next;
-
- /**
- * The attribute claim
- */
- struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
-};
-
-/**
- * Create a new attribute claim.
- *
- * @param attr_name the attribute name
- * @param type the attribute type
- * @param data the attribute value
- * @param data_size the attribute value size
- * @return the new attribute
- */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_claim_new (const char* attr_name,
- uint32_t type,
- const void* data,
- size_t data_size);
-
-
-/**
- * Get required size for serialization buffer
- *
- * @param attrs the attribute list to serialize
- *
- * @return the required buffer size
- */
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
-
-void
-GNUNET_IDENTITY_ATTRIBUTE_list_destroy (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
-
-void
-GNUNET_IDENTITY_ATTRIBUTE_list_add (struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- const char* attr_name,
- uint32_t type,
- const void* data,
- size_t data_size);
-
-/**
- * Serialize an attribute list
- *
- * @param attrs the attribute list to serialize
- * @param result the serialized attribute
- *
- * @return length of serialized data
- */
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_list_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- char *result);
-
-/**
- * Deserialize an attribute list
- *
- * @param data the serialized attribute list
- * @param data_size the length of the serialized data
- *
- * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
- */
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *
-GNUNET_IDENTITY_ATTRIBUTE_list_deserialize (const char* data,
- size_t data_size);
-
-
-/**
- * Get required size for serialization buffer
- *
- * @param attr the attribute to serialize
- *
- * @return the required buffer size
- */
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
-
-
-
-/**
- * Serialize an attribute
- *
- * @param attr the attribute to serialize
- * @param result the serialized attribute
- *
- * @return length of serialized data
- */
-size_t
-GNUNET_IDENTITY_ATTRIBUTE_serialize (const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
- char *result);
-
-/**
- * Deserialize an attribute
- *
- * @param data the serialized attribute
- * @param data_size the length of the serialized data
- *
- * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
- */
-struct GNUNET_IDENTITY_ATTRIBUTE_Claim *
-GNUNET_IDENTITY_ATTRIBUTE_deserialize (const char* data,
- size_t data_size);
-
-struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList*
-GNUNET_IDENTITY_ATTRIBUTE_list_dup (const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
-
-/**
- * Convert a type name to the corresponding number
- *
- * @param typename name to convert
- * @return corresponding number, UINT32_MAX on error
- */
-uint32_t
-GNUNET_IDENTITY_ATTRIBUTE_typename_to_number (const char *typename);
-
-/**
- * Convert human-readable version of a 'claim' of an attribute to the binary
- * representation
- *
- * @param type type of the claim
- * @param s human-readable string
- * @param data set to value in binary encoding (will be allocated)
- * @param data_size set to number of bytes in @a data
- * @return #GNUNET_OK on success
- */
-int
-GNUNET_IDENTITY_ATTRIBUTE_string_to_value (uint32_t type,
- const char *s,
- void **data,
- size_t *data_size);
-
-/**
- * Convert the 'claim' of an attribute to a string
- *
- * @param type the type of attribute
- * @param data claim in binary encoding
- * @param data_size number of bytes in @a data
- * @return NULL on error, otherwise human-readable representation of the claim
- */
-char *
-GNUNET_IDENTITY_ATTRIBUTE_value_to_string (uint32_t type,
- const void* data,
- size_t data_size);
-
-/**
- * Convert a type number to the corresponding type string
- *
- * @param type number of a type
- * @return corresponding typestring, NULL on error
- */
-const char*
-GNUNET_IDENTITY_ATTRIBUTE_number_to_typename (uint32_t type);
-
-
-#if 0 /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-
-/* ifndef GNUNET_IDENTITY_ATTRIBUTE_LIB_H */
-#endif
-
-/** @} */ /* end of group identity */
-
-/* end of gnunet_identity_attribute_lib.h */
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2012, 2013 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @author Martin Schanzenbach
- *
- * @file
- * Plugin API for the idp database backend
- *
- * @defgroup identity-provider-plugin IdP service plugin API
- * Plugin API for the idp database backend
- * @{
- */
-#ifndef GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
-#define GNUNET_IDENTITY_ATTRIBUTE_PLUGIN_H
-
-#include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0 /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-
-/**
- * Function called to convert the binary value @a data of an attribute of
- * type @a type to a human-readable string.
- *
- * @param cls closure
- * @param type type of the attribute
- * @param data value in binary encoding
- * @param data_size number of bytes in @a data
- * @return NULL on error, otherwise human-readable representation of the value
- */
-typedef char * (*GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction) (void *cls,
- uint32_t type,
- const void *data,
- size_t data_size);
-
-
-/**
- * Function called to convert human-readable version of the value @a s
- * of an attribute of type @a type to the respective binary
- * representation.
- *
- * @param cls closure
- * @param type type of the attribute
- * @param s human-readable string
- * @param data set to value in binary encoding (will be allocated)
- * @param data_size set to number of bytes in @a data
- * @return #GNUNET_OK on success
- */
-typedef int (*GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction) (void *cls,
- uint32_t type,
- const char *s,
- void **data,
- size_t *data_size);
-
-
-/**
- * Function called to convert a type name to the
- * corresponding number.
- *
- * @param cls closure
- * @param typename name to convert
- * @return corresponding number, UINT32_MAX on error
- */
-typedef uint32_t (*GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
- const char *typename);
-
-
-/**
- * Function called to convert a type number (i.e. 1) to the
- * corresponding type string
- *
- * @param cls closure
- * @param type number of a type to convert
- * @return corresponding typestring, NULL on error
- */
-typedef const char * (*GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
- uint32_t type);
-
-
-/**
- * Each plugin is required to return a pointer to a struct of this
- * type as the return value from its entry point.
- */
-struct GNUNET_IDENTITY_ATTRIBUTE_PluginFunctions
-{
-
- /**
- * Closure for all of the callbacks.
- */
- void *cls;
-
- /**
- * Conversion to string.
- */
- GNUNET_IDENTITY_ATTRIBUTE_ValueToStringFunction value_to_string;
-
- /**
- * Conversion to binary.
- */
- GNUNET_IDENTITY_ATTRIBUTE_StringToValueFunction string_to_value;
-
- /**
- * Typename to number.
- */
- GNUNET_IDENTITY_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
-
- /**
- * Number to typename.
- */
- GNUNET_IDENTITY_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
-
-};
-
-
-#if 0 /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/** @} */ /* end of group */
+++ /dev/null
-/*
- This file is part of GNUnet
- Copyright (C) 2012, 2013 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @author Martin Schanzenbach
- *
- * @file
- * Plugin API for the idp database backend
- *
- * @defgroup identity-provider-plugin IdP service plugin API
- * Plugin API for the idp database backend
- * @{
- */
-#ifndef GNUNET_IDENTITY_PROVIDER_PLUGIN_H
-#define GNUNET_IDENTITY_PROVIDER_PLUGIN_H
-
-#include "gnunet_util_lib.h"
-#include "gnunet_identity_provider_service.h"
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0 /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-
-/**
- * Function called by for each matching ticket.
- *
- * @param cls closure
- * @param ticket the ticket
- */
-typedef void (*GNUNET_IDENTITY_PROVIDER_TicketIterator) (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
-
-
-/**
- * @brief struct returned by the initialization function of the plugin
- */
-struct GNUNET_IDENTITY_PROVIDER_PluginFunctions
-{
-
- /**
- * Closure to pass to all plugin functions.
- */
- void *cls;
-
- /**
- * Store a ticket in the database.
- *
- * @param cls closure (internal context for the plugin)
- * @param ticket the ticket to store
- * @return #GNUNET_OK on success, else #GNUNET_SYSERR
- */
- int (*store_ticket) (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs);
-
- /**
- * Delete a ticket from the database.
- *
- * @param cls closure (internal context for the plugin)
- * @param ticket the ticket to store
- * @return #GNUNET_OK on success, else #GNUNET_SYSERR
- */
- int (*delete_ticket) (void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
-
-
-
- /**
- * Iterate over all tickets
- *
- * @param cls closure (internal context for the plugin)
- * @param identity the identity
- * @param audience GNUNET_YES if the identity is the audience of the ticket
- * else it is considered the issuer
- * @param iter function to call with the result
- * @param iter_cls closure for @a iter
- * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
- */
- int (*iterate_tickets) (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- int audience,
- uint64_t offset,
- GNUNET_IDENTITY_PROVIDER_TicketIterator iter, void *iter_cls);
-
- int (*get_ticket_attributes) (void* cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- GNUNET_IDENTITY_PROVIDER_TicketIterator iter,
- void *iter_cls);
-};
-
-#if 0 /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
-/** @} */ /* end of group */
+++ /dev/null
-/*
- This file is part of GNUnet.
- Copyright (C) 2016 GNUnet e.V.
-
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
-
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-/**
- * @author Martin Schanzenbach
- *
- * @file
- * Identity provider service; implements identity provider for GNUnet
- *
- * @defgroup identity-provider Identity Provider service
- * @{
- */
-#ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H
-#define GNUNET_IDENTITY_PROVIDER_SERVICE_H
-
-#ifdef __cplusplus
-extern "C"
-{
-#if 0 /* keep Emacsens' auto-indent happy */
-}
-#endif
-#endif
-
-#include "gnunet_util_lib.h"
-#include "gnunet_identity_attribute_lib.h"
-
-/**
- * Version number of GNUnet Identity Provider API.
- */
-#define GNUNET_IDENTITY_PROVIDER_VERSION 0x00000000
-
-/**
- * Handle to access the identity service.
- */
-struct GNUNET_IDENTITY_PROVIDER_Handle;
-
-/**
- * Handle for a token.
- */
-struct GNUNET_IDENTITY_PROVIDER_Token;
-
-/**
- * The ticket
- */
-struct GNUNET_IDENTITY_PROVIDER_Ticket
-{
- /**
- * The ticket issuer
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey identity;
-
- /**
- * The ticket audience
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey audience;
-
- /**
- * The ticket random (NBO)
- */
- uint64_t rnd;
-};
-
-/**
- * Handle for an operation with the identity provider service.
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation;
-
-
-/**
- * Connect to the identity provider service.
- *
- * @param cfg Configuration to contact the identity provider service.
- * @return handle to communicate with identity provider service
- */
-struct GNUNET_IDENTITY_PROVIDER_Handle *
-GNUNET_IDENTITY_PROVIDER_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
-
-/**
- * Continuation called to notify client about result of the
- * operation.
- *
- * @param cls closure
- * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate)
- * #GNUNET_NO if content was already there or not found
- * #GNUNET_YES (or other positive value) on success
- * @param emsg NULL on success, otherwise an error message
- */
-typedef void
-(*GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus) (void *cls,
- int32_t success,
- const char *emsg);
-
-
-/**
- * Store an attribute. If the attribute is already present,
- * it is replaced with the new attribute.
- *
- * @param h handle to the identity provider
- * @param pkey private key of the identity
- * @param attr the attribute
- * @param exp_interval the relative expiration interval for the attribute
- * @param cont continuation to call when done
- * @param cont_cls closure for @a cont
- * @return handle to abort the request
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_attribute_store (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
- const struct GNUNET_TIME_Relative *exp_interval,
- GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
- void *cont_cls);
-
-
-/**
- * Process an attribute that was stored in the idp.
- *
- * @param cls closure
- * @param identity the identity
- * @param attr the attribute
- */
-typedef void
-(*GNUNET_IDENTITY_PROVIDER_AttributeResult) (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- const struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attr);
-
-
-
-/**
- * List all attributes for a local identity.
- * This MUST lock the `struct GNUNET_IDENTITY_PROVIDER_Handle`
- * for any other calls than #GNUNET_IDENTITY_PROVIDER_get_attributes_next() and
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_stop. @a proc will be called once
- * immediately, and then again after
- * #GNUNET_IDENTITY_PROVIDER_get_attributes_next() is invoked.
- *
- * On error (disconnect), @a error_cb will be invoked.
- * On normal completion, @a finish_cb proc will be
- * invoked.
- *
- * @param h handle to the idp
- * @param identity identity to access
- * @param error_cb function to call on error (i.e. disconnect),
- * the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param proc function to call on each attribute; it
- * will be called repeatedly with a value (if available)
- * @param proc_cls closure for @a proc
- * @param finish_cb function to call on completion
- * the handle is afterwards invalid
- * @param finish_cb_cls closure for @a finish_cb
- * @return an iterator handle to use for iteration
- */
-struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *
-GNUNET_IDENTITY_PROVIDER_get_attributes_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- GNUNET_SCHEDULER_TaskCallback error_cb,
- void *error_cb_cls,
- GNUNET_IDENTITY_PROVIDER_AttributeResult proc,
- void *proc_cls,
- GNUNET_SCHEDULER_TaskCallback finish_cb,
- void *finish_cb_cls);
-
-
-/**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_get_attributes_start
- * for the next record.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_get_attributes_next (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
-
-
-/**
- * Stops iteration and releases the idp handle for further calls. Must
- * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_get_attributes_stop (struct GNUNET_IDENTITY_PROVIDER_AttributeIterator *it);
-
-
-/**
- * Method called when a token has been issued.
- * On success returns a ticket that can be given to the audience to retrive the
- * token
- *
- * @param cls closure
- * @param ticket the ticket
- */
-typedef void
-(*GNUNET_IDENTITY_PROVIDER_TicketCallback)(void *cls,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket);
-
-/**
- * Issues a ticket to another identity. The identity may use
- * GNUNET_IDENTITY_PROVIDER_ticket_consume to consume the ticket
- * and retrieve the attributes specified in the AttributeList.
- *
- * @param h the identity provider to use
- * @param iss the issuing identity
- * @param rp the subject of the ticket (the relying party)
- * @param attrs the attributes that the relying party is given access to
- * @param cb the callback
- * @param cb_cls the callback closure
- * @return handle to abort the operation
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_issue (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
- const struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attrs,
- GNUNET_IDENTITY_PROVIDER_TicketCallback cb,
- void *cb_cls);
-
-/**
- * Revoked an issued ticket. The relying party will be unable to retrieve
- * updated attributes.
- *
- * @param h the identity provider to use
- * @param identity the issuing identity
- * @param ticket the ticket to revoke
- * @param cb the callback
- * @param cb_cls the callback closure
- * @return handle to abort the operation
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_revoke (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cb,
- void *cb_cls);
-
-
-
-/**
- * Consumes an issued ticket. The ticket is persisted
- * and used to retrieve identity information from the issuer
- *
- * @param h the identity provider to use
- * @param identity the identity that is the subject of the issued ticket (the audience)
- * @param ticket the issued ticket to consume
- * @param cb the callback to call
- * @param cb_cls the callback closure
- * @return handle to abort the operation
- */
-struct GNUNET_IDENTITY_PROVIDER_Operation *
-GNUNET_IDENTITY_PROVIDER_ticket_consume (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- const struct GNUNET_IDENTITY_PROVIDER_Ticket *ticket,
- GNUNET_IDENTITY_PROVIDER_AttributeResult cb,
- void *cb_cls);
-
-/**
- * Lists all tickets that have been issued to remote
- * identites (relying parties)
- *
- * @param h the identity provider to use
- * @param identity the issuing identity
- * @param error_cb function to call on error (i.e. disconnect),
- * the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param proc function to call on each ticket; it
- * will be called repeatedly with a value (if available)
- * @param proc_cls closure for @a proc
- * @param finish_cb function to call on completion
- * the handle is afterwards invalid
- * @param finish_cb_cls closure for @a finish_cb
- * @return an iterator handle to use for iteration
- */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
- GNUNET_SCHEDULER_TaskCallback error_cb,
- void *error_cb_cls,
- GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
- void *proc_cls,
- GNUNET_SCHEDULER_TaskCallback finish_cb,
- void *finish_cb_cls);
-
-/**
- * Lists all tickets that have been issued to remote
- * identites (relying parties)
- *
- * @param h the identity provider to use
- * @param identity the issuing identity
- * @param error_cb function to call on error (i.e. disconnect),
- * the handle is afterwards invalid
- * @param error_cb_cls closure for @a error_cb
- * @param proc function to call on each ticket; it
- * will be called repeatedly with a value (if available)
- * @param proc_cls closure for @a proc
- * @param finish_cb function to call on completion
- * the handle is afterwards invalid
- * @param finish_cb_cls closure for @a finish_cb
- * @return an iterator handle to use for iteration
- */
-struct GNUNET_IDENTITY_PROVIDER_TicketIterator *
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_start_rp (struct GNUNET_IDENTITY_PROVIDER_Handle *h,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
- GNUNET_SCHEDULER_TaskCallback error_cb,
- void *error_cb_cls,
- GNUNET_IDENTITY_PROVIDER_TicketCallback proc,
- void *proc_cls,
- GNUNET_SCHEDULER_TaskCallback finish_cb,
- void *finish_cb_cls);
-
-/**
- * Calls the record processor specified in #GNUNET_IDENTITY_PROVIDER_ticket_iteration_start
- * for the next record.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_next (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
-
-/**
- * Stops iteration and releases the idp handle for further calls. Must
- * be called on any iteration that has not yet completed prior to calling
- * #GNUNET_IDENTITY_PROVIDER_disconnect.
- *
- * @param it the iterator
- */
-void
-GNUNET_IDENTITY_PROVIDER_ticket_iteration_stop (struct GNUNET_IDENTITY_PROVIDER_TicketIterator *it);
-
-/**
- * Disconnect from identity provider service.
- *
- * @param h identity provider service to disconnect
- */
-void
-GNUNET_IDENTITY_PROVIDER_disconnect (struct GNUNET_IDENTITY_PROVIDER_Handle *h);
-
-
-/**
- * Cancel an identity provider operation. Note that the operation MAY still
- * be executed; this merely cancels the continuation; if the request
- * was already transmitted, the service may still choose to complete
- * the operation.
- *
- * @param op operation to cancel
- */
-void
-GNUNET_IDENTITY_PROVIDER_cancel (struct GNUNET_IDENTITY_PROVIDER_Operation *op);
-
-#if 0 /* keep Emacsens' auto-indent happy */
-{
-#endif
-#ifdef __cplusplus
-}
-#endif
-
-
-/* ifndef GNUNET_IDENTITY_PROVIDER_SERVICE_H */
-#endif
-
-/** @} */ /* end of group identity */
-
-/* end of gnunet_identity_provider_service.h */
*
* IDENTITY PROVIDER MESSAGE TYPES
*/
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE 961
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE 961
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE_RESPONSE 962
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE 962
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_START 963
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START 963
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_STOP 964
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP 964
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_ITERATION_NEXT 965
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT 965
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_RESULT 966
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT 966
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ISSUE_TICKET 967
+#define GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET 967
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_RESULT 968
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT 968
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET 969
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET 969
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_REVOKE_TICKET_RESULT 970
+#define GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT 970
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET 971
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET 971
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_CONSUME_TICKET_RESULT 972
+#define GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT 972
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_START 973
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START 973
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_STOP 974
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP 974
-#define GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_TICKET_ITERATION_NEXT 975
+#define GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT 975
/**************************************************
*
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2017 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * Identity attribute definitions
+ *
+ * @defgroup identity-provider Identity Provider service
+ * @{
+ */
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H
+#define GNUNET_RECLAIM_ATTRIBUTE_LIB_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0 /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+#include "gnunet_util_lib.h"
+
+
+/**
+ * No value attribute.
+ */
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_NONE 0
+
+/**
+ * String attribute.
+ */
+#define GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING 1
+
+
+
+/**
+ * An attribute.
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim
+{
+ /**
+ * The name of the attribute. Note "name" must never be individually
+ * free'd
+ */
+ const char* name;
+
+ /**
+ * Type of Claim
+ */
+ uint32_t type;
+
+ /**
+ * Version
+ */
+ uint32_t version;
+
+ /**
+ * Number of bytes in @e data.
+ */
+ size_t data_size;
+
+ /**
+ * Binary value stored as attribute value. Note: "data" must never
+ * be individually 'malloc'ed, but instead always points into some
+ * existing data area.
+ */
+ const void *data;
+
+};
+
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList
+{
+ /**
+ * List head
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_head;
+
+ /**
+ * List tail
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *list_tail;
+};
+
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry
+{
+ /**
+ * DLL
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *prev;
+
+ /**
+ * DLL
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *next;
+
+ /**
+ * The attribute claim
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
+};
+
+/**
+ * Create a new attribute claim.
+ *
+ * @param attr_name the attribute name
+ * @param type the attribute type
+ * @param data the attribute value
+ * @param data_size the attribute value size
+ * @return the new attribute
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
+ uint32_t type,
+ const void* data,
+ size_t data_size);
+
+
+/**
+ * Get required size for serialization buffer
+ *
+ * @param attrs the attribute list to serialize
+ *
+ * @return the required buffer size
+ */
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
+
+void
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
+
+void
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const char* attr_name,
+ uint32_t type,
+ const void* data,
+ size_t data_size);
+
+/**
+ * Serialize an attribute list
+ *
+ * @param attrs the attribute list to serialize
+ * @param result the serialized attribute
+ *
+ * @return length of serialized data
+ */
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ char *result);
+
+/**
+ * Deserialize an attribute list
+ *
+ * @param data the serialized attribute list
+ * @param data_size the length of the serialized data
+ *
+ * @return a GNUNET_IDENTITY_PROVIDER_AttributeList, must be free'd by caller
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
+ size_t data_size);
+
+
+/**
+ * Get required size for serialization buffer
+ *
+ * @param attr the attribute to serialize
+ *
+ * @return the required buffer size
+ */
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
+
+
+
+/**
+ * Serialize an attribute
+ *
+ * @param attr the attribute to serialize
+ * @param result the serialized attribute
+ *
+ * @return length of serialized data
+ */
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
+ char *result);
+
+/**
+ * Deserialize an attribute
+ *
+ * @param data the serialized attribute
+ * @param data_size the length of the serialized data
+ *
+ * @return a GNUNET_IDENTITY_PROVIDER_Attribute, must be free'd by caller
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
+ size_t data_size);
+
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
+
+/**
+ * Convert a type name to the corresponding number
+ *
+ * @param typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+uint32_t
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename);
+
+/**
+ * Convert human-readable version of a 'claim' of an attribute to the binary
+ * representation
+ *
+ * @param type type of the claim
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+int
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
+ const char *s,
+ void **data,
+ size_t *data_size);
+
+/**
+ * Convert the 'claim' of an attribute to a string
+ *
+ * @param type the type of attribute
+ * @param data claim in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the claim
+ */
+char *
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
+ const void* data,
+ size_t data_size);
+
+/**
+ * Convert a type number to the corresponding type string
+ *
+ * @param type number of a type
+ * @return corresponding typestring, NULL on error
+ */
+const char*
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type);
+
+
+#if 0 /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+
+/* ifndef GNUNET_RECLAIM_ATTRIBUTE_LIB_H */
+#endif
+
+/** @} */ /* end of group identity */
+
+/* end of gnunet_reclaim_attribute_lib.h */
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2012, 2013 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * Plugin API for the idp database backend
+ *
+ * @defgroup identity-provider-plugin IdP service plugin API
+ * Plugin API for the idp database backend
+ * @{
+ */
+#ifndef GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
+#define GNUNET_RECLAIM_ATTRIBUTE_PLUGIN_H
+
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0 /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+
+/**
+ * Function called to convert the binary value @a data of an attribute of
+ * type @a type to a human-readable string.
+ *
+ * @param cls closure
+ * @param type type of the attribute
+ * @param data value in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the value
+ */
+typedef char * (*GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction) (void *cls,
+ uint32_t type,
+ const void *data,
+ size_t data_size);
+
+
+/**
+ * Function called to convert human-readable version of the value @a s
+ * of an attribute of type @a type to the respective binary
+ * representation.
+ *
+ * @param cls closure
+ * @param type type of the attribute
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+typedef int (*GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction) (void *cls,
+ uint32_t type,
+ const char *s,
+ void **data,
+ size_t *data_size);
+
+
+/**
+ * Function called to convert a type name to the
+ * corresponding number.
+ *
+ * @param cls closure
+ * @param typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+typedef uint32_t (*GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction) (void *cls,
+ const char *typename);
+
+
+/**
+ * Function called to convert a type number (i.e. 1) to the
+ * corresponding type string
+ *
+ * @param cls closure
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+typedef const char * (*GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction) (void *cls,
+ uint32_t type);
+
+
+/**
+ * Each plugin is required to return a pointer to a struct of this
+ * type as the return value from its entry point.
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions
+{
+
+ /**
+ * Closure for all of the callbacks.
+ */
+ void *cls;
+
+ /**
+ * Conversion to string.
+ */
+ GNUNET_RECLAIM_ATTRIBUTE_ValueToStringFunction value_to_string;
+
+ /**
+ * Conversion to binary.
+ */
+ GNUNET_RECLAIM_ATTRIBUTE_StringToValueFunction string_to_value;
+
+ /**
+ * Typename to number.
+ */
+ GNUNET_RECLAIM_ATTRIBUTE_TypenameToNumberFunction typename_to_number;
+
+ /**
+ * Number to typename.
+ */
+ GNUNET_RECLAIM_ATTRIBUTE_NumberToTypenameFunction number_to_typename;
+
+};
+
+
+#if 0 /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/** @} */ /* end of group */
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2012, 2013 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * Plugin API for the idp database backend
+ *
+ * @defgroup reclaim-plugin IdP service plugin API
+ * Plugin API for the idp database backend
+ * @{
+ */
+#ifndef GNUNET_RECLAIM_PLUGIN_H
+#define GNUNET_RECLAIM_PLUGIN_H
+
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_service.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0 /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+
+/**
+ * Function called by for each matching ticket.
+ *
+ * @param cls closure
+ * @param ticket the ticket
+ */
+typedef void (*GNUNET_RECLAIM_TicketIterator) (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
+
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct GNUNET_RECLAIM_PluginFunctions
+{
+
+ /**
+ * Closure to pass to all plugin functions.
+ */
+ void *cls;
+
+ /**
+ * Store a ticket in the database.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param ticket the ticket to store
+ * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+ */
+ int (*store_ticket) (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
+
+ /**
+ * Delete a ticket from the database.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param ticket the ticket to store
+ * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+ */
+ int (*delete_ticket) (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket);
+
+
+
+ /**
+ * Iterate over all tickets
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param identity the identity
+ * @param audience GNUNET_YES if the identity is the audience of the ticket
+ * else it is considered the issuer
+ * @param iter function to call with the result
+ * @param iter_cls closure for @a iter
+ * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
+ */
+ int (*iterate_tickets) (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ int audience,
+ uint64_t offset,
+ GNUNET_RECLAIM_TicketIterator iter, void *iter_cls);
+
+ int (*get_ticket_attributes) (void* cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ GNUNET_RECLAIM_TicketIterator iter,
+ void *iter_cls);
+};
+
+#if 0 /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/** @} */ /* end of group */
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2016 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ *
+ * @file
+ * Identity provider service; implements identity provider for GNUnet
+ *
+ * @defgroup reclaim Identity Provider service
+ * @{
+ */
+#ifndef GNUNET_RECLAIM_SERVICE_H
+#define GNUNET_RECLAIM_SERVICE_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#if 0 /* keep Emacsens' auto-indent happy */
+}
+#endif
+#endif
+
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_attribute_lib.h"
+
+/**
+ * Version number of GNUnet Identity Provider API.
+ */
+#define GNUNET_RECLAIM_VERSION 0x00000000
+
+/**
+ * Handle to access the identity service.
+ */
+struct GNUNET_RECLAIM_Handle;
+
+/**
+ * Handle for a token.
+ */
+struct GNUNET_RECLAIM_Token;
+
+/**
+ * The ticket
+ */
+struct GNUNET_RECLAIM_Ticket
+{
+ /**
+ * The ticket issuer
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+
+ /**
+ * The ticket audience
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey audience;
+
+ /**
+ * The ticket random (NBO)
+ */
+ uint64_t rnd;
+};
+
+/**
+ * Handle for an operation with the identity provider service.
+ */
+struct GNUNET_RECLAIM_Operation;
+
+
+/**
+ * Connect to the identity provider service.
+ *
+ * @param cfg Configuration to contact the identity provider service.
+ * @return handle to communicate with identity provider service
+ */
+struct GNUNET_RECLAIM_Handle *
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg);
+
+/**
+ * Continuation called to notify client about result of the
+ * operation.
+ *
+ * @param cls closure
+ * @param success #GNUNET_SYSERR on failure (including timeout/queue drop/failure to validate)
+ * #GNUNET_NO if content was already there or not found
+ * #GNUNET_YES (or other positive value) on success
+ * @param emsg NULL on success, otherwise an error message
+ */
+typedef void
+(*GNUNET_RECLAIM_ContinuationWithStatus) (void *cls,
+ int32_t success,
+ const char *emsg);
+
+
+/**
+ * Store an attribute. If the attribute is already present,
+ * it is replaced with the new attribute.
+ *
+ * @param h handle to the identity provider
+ * @param pkey private key of the identity
+ * @param attr the attribute
+ * @param exp_interval the relative expiration interval for the attribute
+ * @param cont continuation to call when done
+ * @param cont_cls closure for @a cont
+ * @return handle to abort the request
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
+ const struct GNUNET_TIME_Relative *exp_interval,
+ GNUNET_RECLAIM_ContinuationWithStatus cont,
+ void *cont_cls);
+
+
+/**
+ * Process an attribute that was stored in the idp.
+ *
+ * @param cls closure
+ * @param identity the identity
+ * @param attr the attribute
+ */
+typedef void
+(*GNUNET_RECLAIM_AttributeResult) (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr);
+
+
+
+/**
+ * List all attributes for a local identity.
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
+ * immediately, and then again after
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
+ *
+ * On error (disconnect), @a error_cb will be invoked.
+ * On normal completion, @a finish_cb proc will be
+ * invoked.
+ *
+ * @param h handle to the idp
+ * @param identity identity to access
+ * @param error_cb function to call on error (i.e. disconnect),
+ * the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param proc function to call on each attribute; it
+ * will be called repeatedly with a value (if available)
+ * @param proc_cls closure for @a proc
+ * @param finish_cb function to call on completion
+ * the handle is afterwards invalid
+ * @param finish_cb_cls closure for @a finish_cb
+ * @return an iterator handle to use for iteration
+ */
+struct GNUNET_RECLAIM_AttributeIterator *
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ GNUNET_SCHEDULER_TaskCallback error_cb,
+ void *error_cb_cls,
+ GNUNET_RECLAIM_AttributeResult proc,
+ void *proc_cls,
+ GNUNET_SCHEDULER_TaskCallback finish_cb,
+ void *finish_cb_cls);
+
+
+/**
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
+ * for the next record.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it);
+
+
+/**
+ * Stops iteration and releases the idp handle for further calls. Must
+ * be called on any iteration that has not yet completed prior to calling
+ * #GNUNET_RECLAIM_disconnect.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it);
+
+
+/**
+ * Method called when a token has been issued.
+ * On success returns a ticket that can be given to the audience to retrive the
+ * token
+ *
+ * @param cls closure
+ * @param ticket the ticket
+ */
+typedef void
+(*GNUNET_RECLAIM_TicketCallback)(void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket);
+
+/**
+ * Issues a ticket to another identity. The identity may use
+ * GNUNET_RECLAIM_ticket_consume to consume the ticket
+ * and retrieve the attributes specified in the AttributeList.
+ *
+ * @param h the identity provider to use
+ * @param iss the issuing identity
+ * @param rp the subject of the ticket (the relying party)
+ * @param attrs the attributes that the relying party is given access to
+ * @param cb the callback
+ * @param cb_cls the callback closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ GNUNET_RECLAIM_TicketCallback cb,
+ void *cb_cls);
+
+/**
+ * Revoked an issued ticket. The relying party will be unable to retrieve
+ * updated attributes.
+ *
+ * @param h the identity provider to use
+ * @param identity the issuing identity
+ * @param ticket the ticket to revoke
+ * @param cb the callback
+ * @param cb_cls the callback closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ GNUNET_RECLAIM_ContinuationWithStatus cb,
+ void *cb_cls);
+
+
+
+/**
+ * Consumes an issued ticket. The ticket is persisted
+ * and used to retrieve identity information from the issuer
+ *
+ * @param h the identity provider to use
+ * @param identity the identity that is the subject of the issued ticket (the audience)
+ * @param ticket the issued ticket to consume
+ * @param cb the callback to call
+ * @param cb_cls the callback closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ GNUNET_RECLAIM_AttributeResult cb,
+ void *cb_cls);
+
+/**
+ * Lists all tickets that have been issued to remote
+ * identites (relying parties)
+ *
+ * @param h the identity provider to use
+ * @param identity the issuing identity
+ * @param error_cb function to call on error (i.e. disconnect),
+ * the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param proc function to call on each ticket; it
+ * will be called repeatedly with a value (if available)
+ * @param proc_cls closure for @a proc
+ * @param finish_cb function to call on completion
+ * the handle is afterwards invalid
+ * @param finish_cb_cls closure for @a finish_cb
+ * @return an iterator handle to use for iteration
+ */
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ GNUNET_SCHEDULER_TaskCallback error_cb,
+ void *error_cb_cls,
+ GNUNET_RECLAIM_TicketCallback proc,
+ void *proc_cls,
+ GNUNET_SCHEDULER_TaskCallback finish_cb,
+ void *finish_cb_cls);
+
+/**
+ * Lists all tickets that have been issued to remote
+ * identites (relying parties)
+ *
+ * @param h the identity provider to use
+ * @param identity the issuing identity
+ * @param error_cb function to call on error (i.e. disconnect),
+ * the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param proc function to call on each ticket; it
+ * will be called repeatedly with a value (if available)
+ * @param proc_cls closure for @a proc
+ * @param finish_cb function to call on completion
+ * the handle is afterwards invalid
+ * @param finish_cb_cls closure for @a finish_cb
+ * @return an iterator handle to use for iteration
+ */
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ GNUNET_SCHEDULER_TaskCallback error_cb,
+ void *error_cb_cls,
+ GNUNET_RECLAIM_TicketCallback proc,
+ void *proc_cls,
+ GNUNET_SCHEDULER_TaskCallback finish_cb,
+ void *finish_cb_cls);
+
+/**
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
+ * for the next record.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it);
+
+/**
+ * Stops iteration and releases the idp handle for further calls. Must
+ * be called on any iteration that has not yet completed prior to calling
+ * #GNUNET_RECLAIM_disconnect.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it);
+
+/**
+ * Disconnect from identity provider service.
+ *
+ * @param h identity provider service to disconnect
+ */
+void
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h);
+
+
+/**
+ * Cancel an identity provider operation. Note that the operation MAY still
+ * be executed; this merely cancels the continuation; if the request
+ * was already transmitted, the service may still choose to complete
+ * the operation.
+ *
+ * @param op operation to cancel
+ */
+void
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op);
+
+#if 0 /* keep Emacsens' auto-indent happy */
+{
+#endif
+#ifdef __cplusplus
+}
+#endif
+
+
+/* ifndef GNUNET_RECLAIM_SERVICE_H */
+#endif
+
+/** @} */ /* end of group identity */
+
+/* end of gnunet_reclaim_service.h */
/**
* Signature for the first round of distributed key generation.
*/
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 22
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG1 21
/**
* Signature for the second round of distributed key generation.
*/
-#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 23
+#define GNUNET_SIGNATURE_PURPOSE_SECRETSHARING_DKG2 22
/**
* Signature for cooperatice decryption.
/**
* Signature for a GNUid Ticket
*/
-#define GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET 27
+#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN 27
/**
* Signature for a GNUnet credential
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
* @return the size of the output
*/
size_t
-GNUNET_STRINGS_base64_encode (const char *data, size_t len, char **output);
+GNUNET_STRINGS_base64_encode (const void *in,
+ size_t len,
+ char **output);
/**
size_t
GNUNET_STRINGS_base64_decode (const char *data,
size_t len,
- char **output);
+ void **output);
/**
struct GNUNET_PeerIdentity *relays = (struct GNUNET_PeerIdentity *) &msg[1];
uint32_t relay_count = ntohl (msg->relay_count);
- if (0 == relay_count)
+ if (0 != relay_count)
{
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- if (UINT32_MAX / relay_count < sizeof (*relays)){
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "relay_count (%lu) * sizeof (*relays) (%lu) exceeds UINT32_MAX!\n",
- (unsigned long)relay_count,
- sizeof (*relays));
- return GNUNET_SYSERR;
+ if (UINT32_MAX / relay_count < sizeof (*relays)){
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "relay_count (%lu) * sizeof (*relays) (%lu) exceeds UINT32_MAX!\n",
+ (unsigned long)relay_count,
+ sizeof (*relays));
+ return GNUNET_SYSERR;
+ }
}
uint32_t relay_size = relay_count * sizeof (*relays);
struct GNUNET_MessageHeader *join_msg = NULL;
*data_size = sizeof (struct pingpong_msg);
GNUNET_memcpy(data, pp_msg, *data_size);
+ GNUNET_free (pp_msg);
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Peer #%u sents ping to origin\n", mc_peer->peer);
pp_msg->msg = PONG;
*data_size = sizeof (struct pingpong_msg);
GNUNET_memcpy(data, pp_msg, *data_size);
+ GNUNET_free (pp_msg);
GNUNET_log (GNUNET_ERROR_TYPE_INFO, "origin sends pong\n");
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
char *rawp;
struct GNUNET_DNSPARSER_Packet p;
struct GNUNET_DNSPARSER_Query q;
+ int ret;
q.name = (char *) req->hostname;
q.type = GNUNET_DNSPARSER_TYPE_NS;
p.num_queries = 1;
p.queries = &q;
p.id = req->id;
- if (GNUNET_OK !=
- GNUNET_DNSPARSER_pack (&p,
- UINT16_MAX,
- &rawp,
- raw_size))
+ ret = GNUNET_DNSPARSER_pack (&p,
+ UINT16_MAX,
+ &rawp,
+ raw_size);
+ if (GNUNET_OK != ret)
{
+ if (GNUNET_NO == ret)
+ GNUNET_free (rawp);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to pack query for hostname `%s'\n",
req->hostname);
/**
* Entry zone
*/
- struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key;
+ struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
/**
* Record cound
database_setup (struct Plugin *plugin)
{
char *afsdir;
- char *key;
char *record_data;
char *zone_private_key;
char *record_data_b64;
char *record_count;
size_t record_data_size;
uint64_t size;
- size_t key_len;
struct GNUNET_HashCode hkey;
struct GNUNET_DISK_FileHandle *fh;
struct FlatFileEntry *entry;
record_data_size
= GNUNET_STRINGS_base64_decode (record_data_b64,
strlen (record_data_b64),
- &record_data);
+ (void **) &record_data);
entry->record_data =
GNUNET_new_array (entry->record_count,
struct GNUNET_GNSRECORD_Data);
break;
}
GNUNET_free (record_data);
- GNUNET_STRINGS_base64_decode (zone_private_key,
- strlen (zone_private_key),
- (char**)&entry->private_key);
- key_len = strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
- key = GNUNET_malloc (strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
- GNUNET_memcpy (key,
- label,
- strlen (label));
- GNUNET_memcpy (key+strlen(label),
- entry->private_key,
- sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
- GNUNET_CRYPTO_hash (key,
- key_len,
- &hkey);
- GNUNET_free (key);
+
+ {
+ struct GNUNET_CRYPTO_EcdsaPrivateKey *private_key;
+
+ GNUNET_STRINGS_base64_decode (zone_private_key,
+ strlen (zone_private_key),
+ (void**)&private_key);
+ entry->private_key = *private_key;
+ GNUNET_free (private_key);
+ }
+
+ {
+ char *key;
+ size_t key_len;
+
+ key_len = strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
+ key = GNUNET_malloc (strlen (label) + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
+ GNUNET_memcpy (key,
+ label,
+ strlen (label));
+ GNUNET_memcpy (key+strlen(label),
+ &entry->private_key,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
+ GNUNET_CRYPTO_hash (key,
+ key_len,
+ &hkey);
+ GNUNET_free (key);
+ }
if (GNUNET_OK !=
GNUNET_CONTAINER_multihashmap_put (plugin->hm,
&hkey,
ssize_t data_size;
(void) key;
- GNUNET_STRINGS_base64_encode ((char*)entry->private_key,
+ GNUNET_STRINGS_base64_encode (&entry->private_key,
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey),
&zone_private_key);
data_size = GNUNET_GNSRECORD_records_get_size (entry->record_count,
strlen (line));
GNUNET_free (line);
- GNUNET_free (entry->private_key);
GNUNET_free (entry->label);
GNUNET_free (entry->record_data);
GNUNET_free (entry);
return GNUNET_OK;
}
entry = GNUNET_new (struct FlatFileEntry);
- entry->private_key = GNUNET_new (struct GNUNET_CRYPTO_EcdsaPrivateKey);
GNUNET_asprintf (&entry->label,
label,
strlen (label));
- GNUNET_memcpy (entry->private_key,
+ GNUNET_memcpy (&entry->private_key,
zone_key,
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
entry->rvalue = rvalue;
if (NULL != iter)
iter (iter_cls,
0,
- entry->private_key,
+ &entry->private_key,
entry->label,
entry->record_count,
entry->record_data);
if (0 == ic->limit)
return GNUNET_NO;
if ( (NULL != ic->zone) &&
- (0 != memcmp (entry->private_key,
+ (0 != memcmp (&entry->private_key,
ic->zone,
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey))) )
return GNUNET_YES;
}
ic->iter (ic->iter_cls,
ic->pos,
- entry->private_key,
+ &entry->private_key,
entry->label,
entry->record_count,
entry->record_data);
struct FlatFileEntry *entry = value;
(void) key;
- if (0 != memcmp (entry->private_key,
+ if (0 != memcmp (&entry->private_key,
ztn->zone,
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)))
return GNUNET_YES;
{
ztn->iter (ztn->iter_cls,
0,
- entry->private_key,
+ &entry->private_key,
entry->label,
entry->record_count,
entry->record_data);
if HAVE_TESTING
-check_PROGRAMS = \
- test_psyc2
+#check_PROGRAMS = \
+# test_psyc2
# test_psyc
endif
--- /dev/null
+# This Makefile.am is in the public domain
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+plugindir = $(libdir)/gnunet
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+libexecdir= $(pkglibdir)/libexec/
+
+if MINGW
+ WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
+endif
+
+if USE_COVERAGE
+ AM_CFLAGS = --coverage -O0
+ XLIBS = -lgcov
+endif
+
+lib_LTLIBRARIES = \
+ libgnunetreclaimattribute.la
+
+libgnunetreclaimattribute_la_SOURCES = \
+ reclaim_attribute.c
+libgnunetreclaimattribute_la_LIBADD = \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(GN_LIBINTL)
+libgnunetreclaimattribute_la_LDFLAGS = \
+ $(GN_LIB_LDFLAGS) $(WINFLAGS) \
+ -version-info 0:0:0
+
+
+plugin_LTLIBRARIES = \
+ libgnunet_plugin_reclaim_attribute_gnuid.la
+
+
+libgnunet_plugin_reclaim_attribute_gnuid_la_SOURCES = \
+ plugin_reclaim_attribute_gnuid.c
+libgnunet_plugin_reclaim_attribute_gnuid_la_LIBADD = \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(LTLIBINTL)
+libgnunet_plugin_reclaim_attribute_gnuid_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2013, 2014, 2016 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file reclaim-attribute/plugin_reclaim_attribute_gnuid.c
+ * @brief identity attribute plugin to provide the API for fundamental
+ * attribute types.
+ *
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_reclaim_attribute_plugin.h"
+#include <inttypes.h>
+
+
+/**
+ * Convert the 'value' of an attribute to a string.
+ *
+ * @param cls closure, unused
+ * @param type type of the attribute
+ * @param data value in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the value
+ */
+static char *
+gnuid_value_to_string (void *cls,
+ uint32_t type,
+ const void *data,
+ size_t data_size)
+{
+
+ switch (type)
+ {
+ case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
+ return GNUNET_strndup (data, data_size);
+ default:
+ return NULL;
+ }
+}
+
+
+/**
+ * Convert human-readable version of a 'value' of an attribute to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the attribute
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+gnuid_string_to_value (void *cls,
+ uint32_t type,
+ const char *s,
+ void **data,
+ size_t *data_size)
+{
+ if (NULL == s)
+ return GNUNET_SYSERR;
+ switch (type)
+ {
+
+ case GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING:
+ *data = GNUNET_strdup (s);
+ *data_size = strlen (s);
+ return GNUNET_OK;
+ default:
+ return GNUNET_SYSERR;
+ }
+}
+
+
+/**
+ * Mapping of attribute type numbers to human-readable
+ * attribute type names.
+ */
+static struct {
+ const char *name;
+ uint32_t number;
+} gnuid_name_map[] = {
+ { "STRING", GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING },
+ { NULL, UINT32_MAX }
+};
+
+
+/**
+ * Convert a type name to the corresponding number.
+ *
+ * @param cls closure, unused
+ * @param gnuid_typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+static uint32_t
+gnuid_typename_to_number (void *cls,
+ const char *gnuid_typename)
+{
+ unsigned int i;
+
+ i=0;
+ while ( (NULL != gnuid_name_map[i].name) &&
+ (0 != strcasecmp (gnuid_typename,
+ gnuid_name_map[i].name)) )
+ i++;
+ return gnuid_name_map[i].number;
+}
+
+
+/**
+ * Convert a type number (i.e. 1) to the corresponding type string
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+gnuid_number_to_typename (void *cls,
+ uint32_t type)
+{
+ unsigned int i;
+
+ i=0;
+ while ( (NULL != gnuid_name_map[i].name) &&
+ (type != gnuid_name_map[i].number) )
+ i++;
+ return gnuid_name_map[i].name;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_reclaim_attribute_gnuid_init (void *cls)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
+
+ api = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions);
+ api->value_to_string = &gnuid_value_to_string;
+ api->string_to_value = &gnuid_string_to_value;
+ api->typename_to_number = &gnuid_typename_to_number;
+ api->number_to_typename = &gnuid_number_to_typename;
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init()
+ * @return NULL
+ */
+void *
+libgnunet_plugin_reclaim_attribute_gnuid_done (void *cls)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = cls;
+
+ GNUNET_free (api);
+ return NULL;
+}
+
+/* end of plugin_reclaim_attribute_type_gnuid.c */
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2010-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim-attribute/reclaim_attribute.c
+ * @brief helper library to manage identity attributes
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "reclaim_attribute.h"
+#include "gnunet_reclaim_attribute_plugin.h"
+
+/**
+ * Handle for a plugin
+ */
+struct Plugin
+{
+ /**
+ * Name of the plugin
+ */
+ char *library_name;
+
+ /**
+ * Plugin API
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api;
+};
+
+/**
+ * Plugins
+ */
+static struct Plugin **attr_plugins;
+
+/**
+ * Number of plugins
+ */
+static unsigned int num_plugins;
+
+/**
+ * Init canary
+ */
+static int initialized;
+
+/**
+ * Add a plugin
+ */
+static void
+add_plugin (void* cls,
+ const char *library_name,
+ void *lib_ret)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_PluginFunctions *api = lib_ret;
+ struct Plugin *plugin;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Loading attribute plugin `%s'\n",
+ library_name);
+ plugin = GNUNET_new (struct Plugin);
+ plugin->api = api;
+ plugin->library_name = GNUNET_strdup (library_name);
+ GNUNET_array_append (attr_plugins, num_plugins, plugin);
+}
+
+/**
+ * Load plugins
+ */
+static void
+init()
+{
+ if (GNUNET_YES == initialized)
+ return;
+ initialized = GNUNET_YES;
+ GNUNET_PLUGIN_load_all ("libgnunet_plugin_reclaim_attribute_", NULL,
+ &add_plugin, NULL);
+}
+
+/**
+ * Convert a type name to the corresponding number
+ *
+ * @param typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+uint32_t
+GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (const char *typename)
+{
+ unsigned int i;
+ struct Plugin *plugin;
+ uint32_t ret;
+
+ init ();
+ for (i = 0; i < num_plugins; i++)
+ {
+ plugin = attr_plugins[i];
+ if (UINT32_MAX != (ret = plugin->api->typename_to_number (plugin->api->cls,
+ typename)))
+ return ret;
+ }
+ return UINT32_MAX;
+}
+
+/**
+ * Convert a type number to the corresponding type string
+ *
+ * @param type number of a type
+ * @return corresponding typestring, NULL on error
+ */
+const char*
+GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (uint32_t type)
+{
+ unsigned int i;
+ struct Plugin *plugin;
+ const char *ret;
+
+ init ();
+ for (i = 0; i < num_plugins; i++)
+ {
+ plugin = attr_plugins[i];
+ if (NULL != (ret = plugin->api->number_to_typename (plugin->api->cls,
+ type)))
+ return ret;
+ }
+ return NULL;
+}
+
+/**
+ * Convert human-readable version of a 'claim' of an attribute to the binary
+ * representation
+ *
+ * @param type type of the claim
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+int
+GNUNET_RECLAIM_ATTRIBUTE_string_to_value (uint32_t type,
+ const char *s,
+ void **data,
+ size_t *data_size)
+{
+ unsigned int i;
+ struct Plugin *plugin;
+
+ init ();
+ for (i = 0; i < num_plugins; i++)
+ {
+ plugin = attr_plugins[i];
+ if (GNUNET_OK == plugin->api->string_to_value (plugin->api->cls,
+ type,
+ s,
+ data,
+ data_size))
+ return GNUNET_OK;
+ }
+ return GNUNET_SYSERR;
+}
+
+/**
+ * Convert the 'claim' of an attribute to a string
+ *
+ * @param type the type of attribute
+ * @param data claim in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the claim
+ */
+char *
+GNUNET_RECLAIM_ATTRIBUTE_value_to_string (uint32_t type,
+ const void* data,
+ size_t data_size)
+{
+ unsigned int i;
+ struct Plugin *plugin;
+ char *ret;
+
+ init();
+ for (i = 0; i < num_plugins; i++)
+ {
+ plugin = attr_plugins[i];
+ if (NULL != (ret = plugin->api->value_to_string (plugin->api->cls,
+ type,
+ data,
+ data_size)))
+ return ret;
+ }
+ return NULL;
+}
+
+/**
+ * Create a new attribute.
+ *
+ * @param attr_name the attribute name
+ * @param type the attribute type
+ * @param data the attribute value
+ * @param data_size the attribute value size
+ * @return the new attribute
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_claim_new (const char* attr_name,
+ uint32_t type,
+ const void* data,
+ size_t data_size)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
+ char *write_ptr;
+ char *attr_name_tmp = GNUNET_strdup (attr_name);
+
+ GNUNET_STRINGS_utf8_tolower (attr_name, attr_name_tmp);
+
+ attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim) +
+ strlen (attr_name_tmp) + 1 +
+ data_size);
+ attr->type = type;
+ attr->data_size = data_size;
+ attr->version = 0;
+ write_ptr = (char*)&attr[1];
+ GNUNET_memcpy (write_ptr,
+ attr_name_tmp,
+ strlen (attr_name_tmp) + 1);
+ attr->name = write_ptr;
+ write_ptr += strlen (attr->name) + 1;
+ GNUNET_memcpy (write_ptr,
+ data,
+ data_size);
+ attr->data = write_ptr;
+ GNUNET_free (attr_name_tmp);
+ return attr;
+}
+
+/**
+ * Add a new claim list entry.
+ *
+ * @param claim_list the attribute name
+ * @param attr_name the attribute name
+ * @param type the attribute type
+ * @param data the attribute value
+ * @param data_size the attribute value size
+ * @return
+ */
+void
+GNUNET_RECLAIM_ATTRIBUTE_list_add (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *claim_list,
+ const char* attr_name,
+ uint32_t type,
+ const void* data,
+ size_t data_size)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
+ type,
+ data,
+ data_size);
+ GNUNET_CONTAINER_DLL_insert (claim_list->list_head,
+ claim_list->list_tail,
+ le);
+}
+
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ size_t len = 0;
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ len += GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
+ return len;
+}
+
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_list_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ char *result)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ size_t len;
+ size_t total_len;
+ char* write_ptr;
+
+ write_ptr = result;
+ total_len = 0;
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ {
+ len = GNUNET_RECLAIM_ATTRIBUTE_serialize (le->claim,
+ write_ptr);
+ total_len += len;
+ write_ptr += len;
+ }
+ return total_len;
+}
+
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *
+GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (const char* data,
+ size_t data_size)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ size_t attr_len;
+ const char* read_ptr;
+
+ if (data_size < sizeof (struct Attribute))
+ return NULL;
+
+ attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ read_ptr = data;
+ while (((data + data_size) - read_ptr) >= sizeof (struct Attribute))
+ {
+
+ le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (read_ptr,
+ data_size - (read_ptr - data));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Deserialized attribute %s\n", le->claim->name);
+ GNUNET_CONTAINER_DLL_insert (attrs->list_head,
+ attrs->list_tail,
+ le);
+ attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (le->claim);
+ read_ptr += attr_len;
+ }
+ return attrs;
+}
+
+struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList*
+GNUNET_RECLAIM_ATTRIBUTE_list_dup (const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *result_le;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *result;
+
+ result = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ {
+ result_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ result_le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (le->claim->name,
+ le->claim->type,
+ le->claim->data,
+ le->claim->data_size);
+ GNUNET_CONTAINER_DLL_insert (result->list_head,
+ result->list_tail,
+ result_le);
+ }
+ return result;
+}
+
+
+void
+GNUNET_RECLAIM_ATTRIBUTE_list_destroy (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *tmp_le;
+
+ for (le = attrs->list_head; NULL != le;)
+ {
+ GNUNET_free (le->claim);
+ tmp_le = le;
+ le = le->next;
+ GNUNET_free (tmp_le);
+ }
+ GNUNET_free (attrs);
+
+}
+
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ return sizeof (struct Attribute)
+ + strlen (attr->name)
+ + attr->data_size;
+}
+
+size_t
+GNUNET_RECLAIM_ATTRIBUTE_serialize (const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
+ char *result)
+{
+ size_t data_len_ser;
+ size_t name_len;
+ struct Attribute *attr_ser;
+ char* write_ptr;
+
+ attr_ser = (struct Attribute*)result;
+ attr_ser->attribute_type = htons (attr->type);
+ attr_ser->attribute_version = htonl (attr->version);
+ name_len = strlen (attr->name);
+ attr_ser->name_len = htons (name_len);
+ write_ptr = (char*)&attr_ser[1];
+ GNUNET_memcpy (write_ptr, attr->name, name_len);
+ write_ptr += name_len;
+ //TODO plugin-ize
+ //data_len_ser = plugin->serialize_attribute_value (attr,
+ // &attr_ser[1]);
+ data_len_ser = attr->data_size;
+ GNUNET_memcpy (write_ptr, attr->data, attr->data_size);
+ attr_ser->data_size = htons (data_len_ser);
+
+ return sizeof (struct Attribute) + strlen (attr->name) + attr->data_size;
+}
+
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *
+GNUNET_RECLAIM_ATTRIBUTE_deserialize (const char* data,
+ size_t data_size)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
+ struct Attribute *attr_ser;
+ size_t data_len;
+ size_t name_len;
+ char* write_ptr;
+
+ if (data_size < sizeof (struct Attribute))
+ return NULL;
+
+ attr_ser = (struct Attribute*)data;
+ data_len = ntohs (attr_ser->data_size);
+ name_len = ntohs (attr_ser->name_len);
+ attr = GNUNET_malloc (sizeof (struct GNUNET_RECLAIM_ATTRIBUTE_Claim)
+ + data_len + name_len + 1);
+ attr->type = ntohs (attr_ser->attribute_type);
+ attr->version = ntohl (attr_ser->attribute_version);
+ attr->data_size = ntohs (attr_ser->data_size);
+
+ write_ptr = (char*)&attr[1];
+ GNUNET_memcpy (write_ptr,
+ &attr_ser[1],
+ name_len);
+ write_ptr[name_len] = '\0';
+ attr->name = write_ptr;
+
+ write_ptr += name_len + 1;
+ GNUNET_memcpy (write_ptr,
+ (char*)&attr_ser[1] + name_len,
+ attr->data_size);
+ attr->data = write_ptr;
+ return attr;
+
+}
+
+/* end of reclaim_attribute.c */
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @file reclaim-attribute/reclaim_attribute.h
+ * @brief GNUnet reclaim identity attributes
+ *
+ */
+#ifndef RECLAIM_ATTRIBUTE_H
+#define RECLAIM_ATTRIBUTE_H
+
+#include "gnunet_reclaim_service.h"
+
+struct Attribute
+{
+ /**
+ * Attribute type
+ */
+ uint32_t attribute_type;
+
+ /**
+ * Attribute version
+ */
+ uint32_t attribute_version;
+
+ /**
+ * Name length
+ */
+ uint32_t name_len;
+
+ /**
+ * Data size
+ */
+ uint32_t data_size;
+
+ //followed by data_size Attribute value data
+};
+
+#endif
--- /dev/null
+gnunet-service-identity-provider
+gnunet-identity-token
--- /dev/null
+# This Makefile.am is in the public domain
+AM_CPPFLAGS = -I$(top_srcdir)/src/include
+
+ plugindir = $(libdir)/gnunet
+
+if MINGW
+ WINFLAGS = -Wl,--no-undefined -Wl,--export-all-symbols
+endif
+
+if USE_COVERAGE
+ AM_CFLAGS = --coverage -O0
+ XLIB = -lgcov
+endif
+
+if HAVE_SQLITE
+SQLITE_PLUGIN = libgnunet_plugin_reclaim_sqlite.la
+endif
+
+EXTRA_DIST = \
+ test_reclaim_defaults.conf \
+ test_reclaim.conf \
+ $(check_SCRIPTS)
+
+pkgcfgdir= $(pkgdatadir)/config.d/
+
+libexecdir= $(pkglibdir)/libexec/
+
+pkgcfg_DATA = \
+ reclaim.conf
+
+lib_LTLIBRARIES = \
+ libgnunetreclaim.la
+plugin_LTLIBRARIES = \
+ libgnunet_plugin_rest_reclaim.la \
+ libgnunet_plugin_rest_openid_connect.la \
+ libgnunet_plugin_gnsrecord_reclaim.la \
+ $(SQLITE_PLUGIN)
+
+bin_PROGRAMS = \
+ gnunet-reclaim
+
+libexec_PROGRAMS = \
+ gnunet-service-reclaim
+
+libgnunet_plugin_gnsrecord_reclaim_la_SOURCES = \
+ plugin_gnsrecord_reclaim.c
+libgnunet_plugin_gnsrecord_reclaim_la_LIBADD = \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(LTLIBINTL)
+libgnunet_plugin_gnsrecord_reclaim_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+libgnunet_plugin_reclaim_sqlite_la_SOURCES = \
+ plugin_reclaim_sqlite.c
+libgnunet_plugin_reclaim_sqlite_la_LIBADD = \
+ libgnunetreclaim.la \
+ $(top_builddir)/src/sq/libgnunetsq.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la \
+ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) -lsqlite3 \
+ $(LTLIBINTL)
+libgnunet_plugin_reclaim_sqlite_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+
+
+gnunet_service_reclaim_SOURCES = \
+ gnunet-service-reclaim.c
+gnunet_service_reclaim_LDADD = \
+ $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/namestore/libgnunetnamestore.la \
+ $(top_builddir)/src/identity/libgnunetidentity.la \
+ $(top_builddir)/src/statistics/libgnunetstatistics.la \
+ $(top_builddir)/src/abe/libgnunetabe.la \
+ $(top_builddir)/src/credential/libgnunetcredential.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
+ libgnunetreclaim.la \
+ $(top_builddir)/src/gns/libgnunetgns.la \
+ $(GN_LIBINTL)
+
+libgnunetreclaim_la_SOURCES = \
+ reclaim_api.c \
+ reclaim.h
+libgnunetreclaim_la_LIBADD = \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(GN_LIBINTL) $(XLIB)
+libgnunetreclaim_la_LDFLAGS = \
+ $(GN_LIB_LDFLAGS) $(WINFLAGS) \
+ -version-info 0:0:0
+
+libgnunet_plugin_rest_reclaim_la_SOURCES = \
+ plugin_rest_reclaim.c
+libgnunet_plugin_rest_reclaim_la_LIBADD = \
+ $(top_builddir)/src/identity/libgnunetidentity.la \
+ libgnunetreclaim.la \
+ $(top_builddir)/src/rest/libgnunetrest.la \
+ $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
+ $(top_builddir)/src/namestore/libgnunetnamestore.la \
+ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+ $(LTLIBINTL) -ljansson -lmicrohttpd
+libgnunet_plugin_rest_reclaim_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+libgnunet_plugin_rest_openid_connect_la_SOURCES = \
+ plugin_rest_openid_connect.c \
+ oidc_helper.c
+libgnunet_plugin_rest_openid_connect_la_LIBADD = \
+ $(top_builddir)/src/identity/libgnunetidentity.la \
+ libgnunetreclaim.la \
+ $(top_builddir)/src/rest/libgnunetrest.la \
+ $(top_builddir)/src/jsonapi/libgnunetjsonapi.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
+ $(top_builddir)/src/namestore/libgnunetnamestore.la \
+ $(top_builddir)/src/gns/libgnunetgns.la \
+ $(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
+ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+ $(LTLIBINTL) -ljansson -lmicrohttpd
+libgnunet_plugin_rest_openid_connect_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+gnunet_reclaim_SOURCES = \
+ gnunet-reclaim.c
+gnunet_reclaim_LDADD = \
+ $(top_builddir)/src/util/libgnunetutil.la \
+ $(top_builddir)/src/namestore/libgnunetnamestore.la \
+ libgnunetreclaim.la \
+ $(top_builddir)/src/identity/libgnunetidentity.la \
+ $(top_builddir)/src/reclaim-attribute/libgnunetreclaimattribute.la \
+ $(GN_LIBINTL)
+
+check_SCRIPTS = \
+ test_reclaim_attribute.sh \
+ test_reclaim_issue.sh \
+ test_reclaim_consume.sh \
+ test_reclaim_revoke.sh
+
+if ENABLE_TEST_RUN
+ AM_TESTS_ENVIRONMENT=export GNUNET_PREFIX=$${GNUNET_PREFIX:-@libdir@};export PATH=$${GNUNET_PREFIX:-@prefix@}/bin:$$PATH;unset XDG_DATA_HOME;unset XDG_CONFIG_HOME;
+ TESTS = $(check_SCRIPTS)
+endif
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @file src/reclaim/gnunet-reclaim.c
+ * @brief Identity Provider utility
+ *
+ */
+
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_namestore_service.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_identity_service.h"
+#include "gnunet_signatures.h"
+
+/**
+ * return value
+ */
+static int ret;
+
+/**
+ * List attribute flag
+ */
+static int list;
+
+/**
+ * Relying party
+ */
+static char* rp;
+
+/**
+ * The attribute
+ */
+static char* attr_name;
+
+/**
+ * Attribute value
+ */
+static char* attr_value;
+
+/**
+ * Attributes to issue
+ */
+static char* issue_attrs;
+
+/**
+ * Ticket to consume
+ */
+static char* consume_ticket;
+
+/**
+ * Attribute type
+ */
+static char* type_str;
+
+/**
+ * Ticket to revoke
+ */
+static char* revoke_ticket;
+
+/**
+ * Ego name
+ */
+static char* ego_name;
+
+/**
+ * Identity handle
+ */
+static struct GNUNET_IDENTITY_Handle *identity_handle;
+
+/**
+ * reclaim handle
+ */
+static struct GNUNET_RECLAIM_Handle *reclaim_handle;
+
+/**
+ * reclaim operation
+ */
+static struct GNUNET_RECLAIM_Operation *reclaim_op;
+
+/**
+ * Attribute iterator
+ */
+static struct GNUNET_RECLAIM_AttributeIterator *attr_iterator;
+
+/**
+ * Master ABE key
+ */
+static struct GNUNET_CRYPTO_AbeMasterKey *abe_key;
+
+/**
+ * ego private key
+ */
+static const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey;
+
+/**
+ * rp public key
+ */
+static struct GNUNET_CRYPTO_EcdsaPublicKey rp_key;
+
+/**
+ * Ticket to consume
+ */
+static struct GNUNET_RECLAIM_Ticket ticket;
+
+/**
+ * Attribute list
+ */
+static struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
+
+/**
+ * Attribute expiration interval
+ */
+static struct GNUNET_TIME_Relative exp_interval;
+
+/**
+ * Timeout task
+ */
+static struct GNUNET_SCHEDULER_Task *timeout;
+
+/**
+ * Cleanup task
+ */
+static struct GNUNET_SCHEDULER_Task *cleanup_task;
+
+/**
+ * Claim to store
+ */
+struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
+
+static void
+do_cleanup(void *cls)
+{
+ cleanup_task = NULL;
+ if (NULL != timeout)
+ GNUNET_SCHEDULER_cancel (timeout);
+ if (NULL != reclaim_op)
+ GNUNET_RECLAIM_cancel (reclaim_op);
+ if (NULL != attr_iterator)
+ GNUNET_RECLAIM_get_attributes_stop (attr_iterator);
+ if (NULL != reclaim_handle)
+ GNUNET_RECLAIM_disconnect (reclaim_handle);
+ if (NULL != identity_handle)
+ GNUNET_IDENTITY_disconnect (identity_handle);
+ if (NULL != abe_key)
+ GNUNET_free (abe_key);
+ if (NULL != attr_list)
+ GNUNET_free (attr_list);
+}
+
+static void
+ticket_issue_cb (void* cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+ char* ticket_str;
+ reclaim_op = NULL;
+ if (NULL != ticket) {
+ ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ printf("%s\n",
+ ticket_str);
+ GNUNET_free (ticket_str);
+ }
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
+static void
+store_attr_cont (void *cls,
+ int32_t success,
+ const char*emsg)
+{
+ reclaim_op = NULL;
+ if (GNUNET_SYSERR == success) {
+ fprintf (stderr,
+ "%s\n", emsg);
+ }
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
+static void
+process_attrs (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ char *value_str;
+ const char* attr_type;
+
+ if (NULL == identity)
+ {
+ reclaim_op = NULL;
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+ return;
+ }
+ if (NULL == attr)
+ {
+ ret = 1;
+ return;
+ }
+ value_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+ attr->data,
+ attr->data_size);
+ attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type);
+ fprintf (stdout,
+ "%s: %s [%s,v%u]\n", attr->name, value_str, attr_type, attr->version);
+}
+
+
+static void
+iter_error (void *cls)
+{
+ attr_iterator = NULL;
+ fprintf (stderr,
+ "Failed to iterate over attributes\n");
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
+static void
+timeout_task (void *cls)
+{
+ timeout = NULL;
+ ret = 1;
+ fprintf (stderr,
+ "Timeout\n");
+ if (NULL == cleanup_task)
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
+static void
+process_rvk (void *cls, int success, const char* msg)
+{
+ reclaim_op = NULL;
+ if (GNUNET_OK != success)
+ {
+ fprintf (stderr,
+ "Revocation failed.\n");
+ ret = 1;
+ }
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
+static void
+iter_finished (void *cls)
+{
+ char *data;
+ size_t data_size;
+ int type;
+
+ attr_iterator = NULL;
+ if (list)
+ {
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+ return;
+ }
+
+ if (issue_attrs)
+ {
+ reclaim_op = GNUNET_RECLAIM_ticket_issue (reclaim_handle,
+ pkey,
+ &rp_key,
+ attr_list,
+ &ticket_issue_cb,
+ NULL);
+ return;
+ }
+ if (consume_ticket)
+ {
+ reclaim_op = GNUNET_RECLAIM_ticket_consume (reclaim_handle,
+ pkey,
+ &ticket,
+ &process_attrs,
+ NULL);
+ timeout = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_SECONDS, 10),
+ &timeout_task,
+ NULL);
+ return;
+ }
+ if (revoke_ticket)
+ {
+ reclaim_op = GNUNET_RECLAIM_ticket_revoke (reclaim_handle,
+ pkey,
+ &ticket,
+ &process_rvk,
+ NULL);
+ return;
+ }
+ if (attr_name)
+ {
+ if (NULL == type_str)
+ type = GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING;
+ else
+ type = GNUNET_RECLAIM_ATTRIBUTE_typename_to_number (type_str);
+
+ GNUNET_assert (GNUNET_SYSERR != GNUNET_RECLAIM_ATTRIBUTE_string_to_value (type,
+ attr_value,
+ (void**)&data,
+ &data_size));
+ if (NULL != claim)
+ {
+ claim->type = type;
+ claim->data = data;
+ claim->data_size = data_size;
+ }
+ else
+ {
+ claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr_name,
+ type,
+ data,
+ data_size);
+ }
+ reclaim_op = GNUNET_RECLAIM_attribute_store (reclaim_handle,
+ pkey,
+ claim,
+ &exp_interval,
+ &store_attr_cont,
+ NULL);
+ GNUNET_free (data);
+ GNUNET_free (claim);
+ return;
+ }
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+}
+
+static void
+iter_cb (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ char *attrs_tmp;
+ char *attr_str;
+ const char *attr_type;
+
+ if ((NULL != attr_name) && (NULL != claim))
+ {
+ if (0 == strcasecmp (attr_name, attr->name))
+ {
+ claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
+ attr->type,
+ attr->data,
+ attr->data_size);
+ }
+ }
+ else if (issue_attrs)
+ {
+ attrs_tmp = GNUNET_strdup (issue_attrs);
+ attr_str = strtok (attrs_tmp, ",");
+ while (NULL != attr_str) {
+ if (0 != strcasecmp (attr_str, attr->name)) {
+ attr_str = strtok (NULL, ",");
+ continue;
+ }
+ le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name,
+ attr->type,
+ attr->data,
+ attr->data_size);
+ le->claim->version = attr->version;
+ GNUNET_CONTAINER_DLL_insert (attr_list->list_head,
+ attr_list->list_tail,
+ le);
+ break;
+ }
+ GNUNET_free (attrs_tmp);
+ }
+ else if (list)
+ {
+ attr_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+ attr->data,
+ attr->data_size);
+ attr_type = GNUNET_RECLAIM_ATTRIBUTE_number_to_typename (attr->type);
+ fprintf (stdout,
+ "%s: %s [%s,v%u]\n", attr->name, attr_str, attr_type, attr->version);
+ }
+ GNUNET_RECLAIM_get_attributes_next (attr_iterator);
+}
+
+static void
+start_get_attributes ()
+{
+ if (NULL == pkey)
+ {
+ fprintf (stderr,
+ "Ego %s not found\n", ego_name);
+ cleanup_task = GNUNET_SCHEDULER_add_now (&do_cleanup, NULL);
+ return;
+ }
+
+ if (NULL != rp)
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (rp,
+ strlen (rp),
+ &rp_key);
+ if (NULL != consume_ticket)
+ GNUNET_STRINGS_string_to_data (consume_ticket,
+ strlen (consume_ticket),
+ &ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ if (NULL != revoke_ticket)
+ GNUNET_STRINGS_string_to_data (revoke_ticket,
+ strlen (revoke_ticket),
+ &ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+
+ attr_list = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ claim = NULL;
+ attr_iterator = GNUNET_RECLAIM_get_attributes_start (reclaim_handle,
+ pkey,
+ &iter_error,
+ NULL,
+ &iter_cb,
+ NULL,
+ &iter_finished,
+ NULL);
+
+
+}
+
+static int init = GNUNET_YES;
+
+static void
+ego_cb (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *name)
+{
+ if (NULL == name) {
+ if (GNUNET_YES == init) {
+ init = GNUNET_NO;
+ start_get_attributes();
+ }
+ return;
+ }
+ if (0 != strcmp (name, ego_name))
+ return;
+ pkey = GNUNET_IDENTITY_ego_get_private_key (ego);
+}
+
+
+static void
+run (void *cls,
+ char *const *args,
+ const char *cfgfile,
+ const struct GNUNET_CONFIGURATION_Handle *c)
+{
+ ret = 0;
+ if (NULL == ego_name)
+ {
+ ret = 1;
+ fprintf (stderr,
+ _("Ego is required\n"));
+ return;
+ }
+
+ if ( (NULL == attr_value) && (NULL != attr_name) )
+ {
+ ret = 1;
+ fprintf (stderr,
+ _("Attribute value missing!\n"));
+ return;
+ }
+
+ if ( (NULL == rp) && (NULL != issue_attrs) )
+ {
+ ret = 1;
+ fprintf (stderr,
+ _("Requesting party key is required!\n"));
+ return;
+ }
+
+ reclaim_handle = GNUNET_RECLAIM_connect (c);
+ //Get Ego
+ identity_handle = GNUNET_IDENTITY_connect (c,
+ &ego_cb,
+ NULL);
+
+
+}
+
+
+int
+main(int argc, char *const argv[])
+{
+ exp_interval = GNUNET_TIME_UNIT_HOURS;
+ struct GNUNET_GETOPT_CommandLineOption options[] = {
+
+ GNUNET_GETOPT_option_string ('a',
+ "add",
+ NULL,
+ gettext_noop ("Add attribute"),
+ &attr_name),
+
+ GNUNET_GETOPT_option_string ('V',
+ "value",
+ NULL,
+ gettext_noop ("Attribute value"),
+ &attr_value),
+ GNUNET_GETOPT_option_string ('e',
+ "ego",
+ NULL,
+ gettext_noop ("Ego"),
+ &ego_name),
+ GNUNET_GETOPT_option_string ('r',
+ "rp",
+ NULL,
+ gettext_noop ("Audience (relying party)"),
+ &rp),
+ GNUNET_GETOPT_option_flag ('D',
+ "dump",
+ gettext_noop ("List attributes for Ego"),
+ &list),
+ GNUNET_GETOPT_option_string ('i',
+ "issue",
+ NULL,
+ gettext_noop ("Issue a ticket"),
+ &issue_attrs),
+ GNUNET_GETOPT_option_string ('C',
+ "consume",
+ NULL,
+ gettext_noop ("Consume a ticket"),
+ &consume_ticket),
+ GNUNET_GETOPT_option_string ('R',
+ "revoke",
+ NULL,
+ gettext_noop ("Revoke a ticket"),
+ &revoke_ticket),
+ GNUNET_GETOPT_option_string ('t',
+ "type",
+ NULL,
+ gettext_noop ("Type of attribute"),
+ &type_str),
+ GNUNET_GETOPT_option_relative_time ('E',
+ "expiration",
+ NULL,
+ gettext_noop ("Expiration interval of the attribute"),
+ &exp_interval),
+
+ GNUNET_GETOPT_OPTION_END
+ };
+ if (GNUNET_OK != GNUNET_PROGRAM_run (argc, argv, "ct",
+ "ct", options,
+ &run, NULL))
+ return 1;
+ else
+ return ret;
+}
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @file src/reclaim/gnunet-service-reclaim.c
+ * @brief reclaim Service
+ *
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_constants.h"
+#include "gnunet_protocols.h"
+#include "gnunet_identity_service.h"
+#include "gnunet_gnsrecord_lib.h"
+#include "gnunet_namestore_service.h"
+#include "gnunet_abe_lib.h"
+#include "gnunet_credential_service.h"
+#include "gnunet_statistics_service.h"
+#include "gnunet_gns_service.h"
+#include "gnunet_reclaim_plugin.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_signatures.h"
+#include "reclaim.h"
+
+/**
+ * First pass state
+ */
+#define STATE_INIT 0
+
+/**
+ * Normal operation state
+ */
+#define STATE_POST_INIT 1
+
+/**
+ * Minimum interval between updates
+ */
+#define MIN_WAIT_TIME GNUNET_TIME_UNIT_MINUTES
+
+/**
+ * Standard token expiration time
+ */
+#define DEFAULT_TOKEN_EXPIRATION_INTERVAL GNUNET_TIME_UNIT_HOURS
+
+/**
+ * Identity handle
+ */
+static struct GNUNET_IDENTITY_Handle *identity_handle;
+
+/**
+ * Database handle
+ */
+static struct GNUNET_RECLAIM_PluginFunctions *TKT_database;
+
+/**
+ * Name of DB plugin
+ */
+static char *db_lib_name;
+
+/**
+ * Token expiration interval
+ */
+static struct GNUNET_TIME_Relative token_expiration_interval;
+
+/**
+ * Namestore handle
+ */
+static struct GNUNET_NAMESTORE_Handle *ns_handle;
+
+/**
+ * GNS handle
+ */
+static struct GNUNET_GNS_Handle *gns_handle;
+
+/**
+ * Credential handle
+ */
+static struct GNUNET_CREDENTIAL_Handle *credential_handle;
+
+/**
+ * Namestore qe
+ */
+static struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+
+/**
+ * Namestore iterator
+ */
+static struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
+
+/**
+ * Timeout task
+ */
+static struct GNUNET_SCHEDULER_Task *timeout_task;
+
+/**
+ * Update task
+ */
+static struct GNUNET_SCHEDULER_Task *update_task;
+
+
+/**
+ * Currently processed token
+ */
+static struct IdentityToken *token;
+
+/**
+ * Label for currently processed token
+ */
+static char* label;
+
+/**
+ * Scopes for processed token
+ */
+static char* scopes;
+
+/**
+ * Handle to the statistics service.
+ */
+static struct GNUNET_STATISTICS_Handle *stats;
+
+/**
+ * Our configuration.
+ */
+static const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * An idp client
+ */
+struct IdpClient;
+
+/**
+ * A ticket iteration operation.
+ */
+struct TicketIteration
+{
+ /**
+ * DLL
+ */
+ struct TicketIteration *next;
+
+ /**
+ * DLL
+ */
+ struct TicketIteration *prev;
+
+ /**
+ * Client which intiated this zone iteration
+ */
+ struct IdpClient *client;
+
+ /**
+ * Key of the identity we are iterating over.
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+
+ /**
+ * Identity is audience
+ */
+ uint32_t is_audience;
+
+ /**
+ * The operation id fot the iteration in the response for the client
+ */
+ uint32_t r_id;
+
+ /**
+ * Offset of the iteration used to address next result of the
+ * iteration in the store
+ *
+ * Initialy set to 0 in handle_iteration_start
+ * Incremented with by every call to handle_iteration_next
+ */
+ uint32_t offset;
+
+};
+
+
+
+/**
+ * Callback after an ABE bootstrap
+ *
+ * @param cls closure
+ * @param abe_key the ABE key that exists or was created
+ */
+typedef void
+(*AbeBootstrapResult) (void *cls,
+ struct GNUNET_ABE_AbeMasterKey *abe_key);
+
+
+struct AbeBootstrapHandle
+{
+ /**
+ * Function to call when finished
+ */
+ AbeBootstrapResult proc;
+
+ /**
+ * Callback closure
+ */
+ char *proc_cls;
+
+ /**
+ * Key of the zone we are iterating over.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * Namestore Queue Entry
+ */
+ struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+
+ /**
+ * The issuer egos ABE master key
+ */
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
+};
+
+/**
+ * An attribute iteration operation.
+ */
+struct AttributeIterator
+{
+ /**
+ * Next element in the DLL
+ */
+ struct AttributeIterator *next;
+
+ /**
+ * Previous element in the DLL
+ */
+ struct AttributeIterator *prev;
+
+ /**
+ * IDP client which intiated this zone iteration
+ */
+ struct IdpClient *client;
+
+ /**
+ * Key of the zone we are iterating over.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * The issuer egos ABE master key
+ */
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
+
+ /**
+ * Namestore iterator
+ */
+ struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
+
+ /**
+ * The operation id fot the zone iteration in the response for the client
+ */
+ uint32_t request_id;
+
+};
+
+
+
+/**
+ * An idp client
+ */
+struct IdpClient
+{
+
+ /**
+ * The client
+ */
+ struct GNUNET_SERVICE_Client *client;
+
+ /**
+ * Message queue for transmission to @e client
+ */
+ struct GNUNET_MQ_Handle *mq;
+
+ /**
+ * Head of the DLL of
+ * Attribute iteration operations in
+ * progress initiated by this client
+ */
+ struct AttributeIterator *attr_iter_head;
+
+ /**
+ * Tail of the DLL of
+ * Attribute iteration operations
+ * in progress initiated by this client
+ */
+ struct AttributeIterator *attr_iter_tail;
+
+ /**
+ * Head of DLL of ticket iteration ops
+ */
+ struct TicketIteration *ticket_iter_head;
+
+ /**
+ * Tail of DLL of ticket iteration ops
+ */
+ struct TicketIteration *ticket_iter_tail;
+
+ /**
+ * Head of DLL of ticket revocation ops
+ */
+ struct TicketRevocationHandle *revoke_op_head;
+
+ /**
+ * Tail of DLL of ticket revocation ops
+ */
+ struct TicketRevocationHandle *revoke_op_tail;
+
+ /**
+ * Head of DLL of ticket issue ops
+ */
+ struct TicketIssueHandle *issue_op_head;
+
+ /**
+ * Tail of DLL of ticket issue ops
+ */
+ struct TicketIssueHandle *issue_op_tail;
+
+ /**
+ * Head of DLL of ticket consume ops
+ */
+ struct ConsumeTicketHandle *consume_op_head;
+
+ /**
+ * Tail of DLL of ticket consume ops
+ */
+ struct ConsumeTicketHandle *consume_op_tail;
+
+ /**
+ * Head of DLL of attribute store ops
+ */
+ struct AttributeStoreHandle *store_op_head;
+
+ /**
+ * Tail of DLL of attribute store ops
+ */
+ struct AttributeStoreHandle *store_op_tail;
+
+};
+
+struct AttributeStoreHandle
+{
+ /**
+ * DLL
+ */
+ struct AttributeStoreHandle *next;
+
+ /**
+ * DLL
+ */
+ struct AttributeStoreHandle *prev;
+
+ /**
+ * Client connection
+ */
+ struct IdpClient *client;
+
+ /**
+ * Identity
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * Identity pubkey
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity_pkey;
+
+ /**
+ * The issuer egos ABE master key
+ */
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
+
+ /**
+ * QueueEntry
+ */
+ struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+
+ /**
+ * The attribute to store
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_Claim *claim;
+
+ /**
+ * The attribute expiration interval
+ */
+ struct GNUNET_TIME_Relative exp;
+
+ /**
+ * request id
+ */
+ uint32_t r_id;
+};
+
+
+/* Prototype */
+struct ParallelLookup;
+
+struct ConsumeTicketHandle
+{
+ /**
+ * DLL
+ */
+ struct ConsumeTicketHandle *next;
+
+ /**
+ * DLL
+ */
+ struct ConsumeTicketHandle *prev;
+
+ /**
+ * Client connection
+ */
+ struct IdpClient *client;
+
+ /**
+ * Ticket
+ */
+ struct GNUNET_RECLAIM_Ticket ticket;
+
+ /**
+ * LookupRequest
+ */
+ struct GNUNET_GNS_LookupRequest *lookup_request;
+
+ /**
+ * Audience Key
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * Audience Key
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
+
+ /**
+ * Lookup DLL
+ */
+ struct ParallelLookup *parallel_lookups_head;
+
+ /**
+ * Lookup DLL
+ */
+ struct ParallelLookup *parallel_lookups_tail;
+
+ /**
+ * Kill task
+ */
+ struct GNUNET_SCHEDULER_Task *kill_task;
+
+ /**
+ * The ABE key
+ */
+ struct GNUNET_ABE_AbeKey *key;
+
+ /**
+ * Attributes
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+
+ /**
+ * Lookup time
+ */
+ struct GNUNET_TIME_Absolute lookup_start_time;
+
+ /**
+ * request id
+ */
+ uint32_t r_id;
+};
+
+/**
+ * Handle for a parallel GNS lookup job
+ */
+struct ParallelLookup
+{
+ /* DLL */
+ struct ParallelLookup *next;
+
+ /* DLL */
+ struct ParallelLookup *prev;
+
+ /* The GNS request */
+ struct GNUNET_GNS_LookupRequest *lookup_request;
+
+ /* The handle the return to */
+ struct ConsumeTicketHandle *handle;
+
+ /**
+ * Lookup time
+ */
+ struct GNUNET_TIME_Absolute lookup_start_time;
+
+ /* The label to look up */
+ char *label;
+};
+
+/**
+ * Ticket revocation request handle
+ */
+struct TicketRevocationHandle
+{
+ /**
+ * DLL
+ */
+ struct TicketRevocationHandle *prev;
+
+ /**
+ * DLL
+ */
+ struct TicketRevocationHandle *next;
+
+ /**
+ * Client connection
+ */
+ struct IdpClient *client;
+
+ /**
+ * Attributes to reissue
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+
+ /**
+ * Attributes to revoke
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *rvk_attrs;
+
+ /**
+ * Issuer Key
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * Ticket to issue
+ */
+ struct GNUNET_RECLAIM_Ticket ticket;
+
+ /**
+ * QueueEntry
+ */
+ struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+
+ /**
+ * Namestore iterator
+ */
+ struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
+
+ /**
+ * The ABE master key
+ */
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
+
+ /**
+ * Offset
+ */
+ uint32_t offset;
+
+ /**
+ * request id
+ */
+ uint32_t r_id;
+};
+
+
+
+/**
+ * Ticket issue request handle
+ */
+struct TicketIssueHandle
+{
+ /**
+ * DLL
+ */
+ struct TicketIssueHandle *prev;
+
+ /**
+ * DLL
+ */
+ struct TicketIssueHandle *next;
+
+ /**
+ * Client connection
+ */
+ struct IdpClient *client;
+
+ /**
+ * Attributes to issue
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+
+ /**
+ * Issuer Key
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * Ticket to issue
+ */
+ struct GNUNET_RECLAIM_Ticket ticket;
+
+ /**
+ * QueueEntry
+ */
+ struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
+
+ /**
+ * request id
+ */
+ uint32_t r_id;
+};
+
+
+/**
+ * DLL for ego handles to egos containing the ID_ATTRS in a map in json_t format
+ *
+ */
+struct EgoEntry
+{
+ /**
+ * DLL
+ */
+ struct EgoEntry *next;
+
+ /**
+ * DLL
+ */
+ struct EgoEntry *prev;
+
+ /**
+ * Ego handle
+ */
+ struct GNUNET_IDENTITY_Ego *ego;
+
+ /**
+ * Attribute map. Contains the attributes as json_t
+ */
+ struct GNUNET_CONTAINER_MultiHashMap *attr_map;
+
+};
+
+/**
+ * Cleanup task
+ */
+static void
+cleanup()
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Cleaning up\n");
+
+ if (NULL != stats)
+ {
+ GNUNET_STATISTICS_destroy (stats, GNUNET_NO);
+ stats = NULL;
+ }
+ GNUNET_break (NULL == GNUNET_PLUGIN_unload (db_lib_name,
+ TKT_database));
+ GNUNET_free (db_lib_name);
+ db_lib_name = NULL;
+ if (NULL != timeout_task)
+ GNUNET_SCHEDULER_cancel (timeout_task);
+ if (NULL != update_task)
+ GNUNET_SCHEDULER_cancel (update_task);
+ if (NULL != identity_handle)
+ GNUNET_IDENTITY_disconnect (identity_handle);
+ if (NULL != gns_handle)
+ GNUNET_GNS_disconnect (gns_handle);
+ if (NULL != credential_handle)
+ GNUNET_CREDENTIAL_disconnect (credential_handle);
+ if (NULL != ns_it)
+ GNUNET_NAMESTORE_zone_iteration_stop (ns_it);
+ if (NULL != ns_qe)
+ GNUNET_NAMESTORE_cancel (ns_qe);
+ if (NULL != ns_handle)
+ GNUNET_NAMESTORE_disconnect (ns_handle);
+ GNUNET_free_non_null (token);
+ GNUNET_free_non_null (label);
+
+}
+
+/**
+ * Shutdown task
+ *
+ * @param cls NULL
+ */
+static void
+do_shutdown (void *cls)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Shutting down...\n");
+ cleanup();
+}
+
+/**
+ * Finished storing newly bootstrapped ABE key
+ */
+static void
+bootstrap_store_cont (void *cls,
+ int32_t success,
+ const char *emsg)
+{
+ struct AbeBootstrapHandle *abh = cls;
+ if (GNUNET_SYSERR == success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to bootstrap ABE master %s\n",
+ emsg);
+ abh->proc (abh->proc_cls, NULL);
+ GNUNET_free (abh->abe_key);
+ GNUNET_free (abh);
+ return;
+ }
+ abh->proc (abh->proc_cls, abh->abe_key);
+ GNUNET_free (abh);
+}
+
+/**
+ * Generates and stores a new ABE key
+ */
+static void
+bootstrap_store_task (void *cls)
+{
+ struct AbeBootstrapHandle *abh = cls;
+ struct GNUNET_GNSRECORD_Data rd[1];
+ char *key;
+
+ rd[0].data_size = GNUNET_ABE_cpabe_serialize_master_key (abh->abe_key,
+ (void**)&key);
+ rd[0].data = key;
+ rd[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_MASTER;
+ rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION | GNUNET_GNSRECORD_RF_PRIVATE;
+ rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+ abh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+ &abh->identity,
+ "+",
+ 1,
+ rd,
+ &bootstrap_store_cont,
+ abh);
+ GNUNET_free (key);
+}
+
+/**
+ * Error checking for ABE master
+ */
+static void
+bootstrap_abe_error (void *cls)
+{
+ struct AbeBootstrapHandle *abh = cls;
+ abh->proc (abh->proc_cls, NULL);
+ GNUNET_free (abh);
+}
+
+
+/**
+ * Handle ABE lookup in namestore
+ */
+static void
+bootstrap_abe_result (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct AbeBootstrapHandle *abh = cls;
+ struct GNUNET_ABE_AbeMasterKey *abe_key;
+
+ for (uint32_t i=0;i<rd_count;i++) {
+ if (GNUNET_GNSRECORD_TYPE_ABE_MASTER != rd[i].record_type)
+ continue;
+ abe_key = GNUNET_ABE_cpabe_deserialize_master_key (rd[i].data,
+ rd[i].data_size);
+ abh->proc (abh->proc_cls, abe_key);
+ GNUNET_free (abh);
+ return;
+ }
+
+ //No ABE master found, bootstrapping...
+ abh->abe_key = GNUNET_ABE_cpabe_create_master_key ();
+ GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
+}
+
+/**
+ * Bootstrap ABE master if it does not yet exists.
+ * Will call the AbeBootstrapResult processor when done.
+ * will always recreate the ABE key of GNUNET_YES == recreate
+ */
+static void
+bootstrap_abe (const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ AbeBootstrapResult proc,
+ void* cls,
+ int recreate)
+{
+ struct AbeBootstrapHandle *abh;
+
+ abh = GNUNET_new (struct AbeBootstrapHandle);
+ abh->proc = proc;
+ abh->proc_cls = cls;
+ abh->identity = *identity;
+ if (GNUNET_YES == recreate)
+ {
+ abh->abe_key = GNUNET_ABE_cpabe_create_master_key ();
+ GNUNET_SCHEDULER_add_now (&bootstrap_store_task, abh);
+ } else {
+ abh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
+ identity,
+ "+",
+ &bootstrap_abe_error,
+ abh,
+ &bootstrap_abe_result,
+ abh);
+ }
+}
+
+
+
+static int
+create_sym_key_from_ecdh(const struct GNUNET_HashCode *new_key_hash,
+ struct GNUNET_CRYPTO_SymmetricSessionKey *skey,
+ struct GNUNET_CRYPTO_SymmetricInitializationVector *iv)
+{
+ struct GNUNET_CRYPTO_HashAsciiEncoded new_key_hash_str;
+
+ GNUNET_CRYPTO_hash_to_enc (new_key_hash,
+ &new_key_hash_str);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Creating symmetric rsa key from %s\n", (char*)&new_key_hash_str);
+ static const char ctx_key[] = "gnuid-aes-ctx-key";
+ GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
+ new_key_hash, sizeof (struct GNUNET_HashCode),
+ ctx_key, strlen (ctx_key),
+ NULL, 0);
+ static const char ctx_iv[] = "gnuid-aes-ctx-iv";
+ GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
+ new_key_hash, sizeof (struct GNUNET_HashCode),
+ ctx_iv, strlen (ctx_iv),
+ NULL, 0);
+ return GNUNET_OK;
+}
+
+/**
+ * Cleanup ticket consume handle
+ * @param handle the handle to clean up
+ */
+static void
+cleanup_ticket_issue_handle (struct TicketIssueHandle *handle)
+{
+ if (NULL != handle->attrs)
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
+ if (NULL != handle->ns_qe)
+ GNUNET_NAMESTORE_cancel (handle->ns_qe);
+ GNUNET_free (handle);
+}
+
+
+static void
+send_ticket_result (struct IdpClient *client,
+ uint32_t r_id,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct TicketResultMessage *irm;
+ struct GNUNET_MQ_Envelope *env;
+ struct GNUNET_RECLAIM_Ticket *ticket_buf;
+
+ /* store ticket in DB */
+ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
+ ticket,
+ attrs))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to store ticket after issue\n");
+ GNUNET_break (0);
+ }
+
+ env = GNUNET_MQ_msg_extra (irm,
+ sizeof (struct GNUNET_RECLAIM_Ticket),
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
+ ticket_buf = (struct GNUNET_RECLAIM_Ticket *)&irm[1];
+ *ticket_buf = *ticket;
+ irm->id = htonl (r_id);
+ GNUNET_MQ_send (client->mq,
+ env);
+}
+
+static void
+store_ticket_issue_cont (void *cls,
+ int32_t success,
+ const char *emsg)
+{
+ struct TicketIssueHandle *handle = cls;
+
+ handle->ns_qe = NULL;
+ GNUNET_CONTAINER_DLL_remove (handle->client->issue_op_head,
+ handle->client->issue_op_tail,
+ handle);
+ if (GNUNET_SYSERR == success)
+ {
+ cleanup_ticket_issue_handle (handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
+ "Unknown Error\n");
+ GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+ return;
+ }
+ send_ticket_result (handle->client,
+ handle->r_id,
+ &handle->ticket,
+ handle->attrs);
+ cleanup_ticket_issue_handle (handle);
+}
+
+
+
+int
+serialize_abe_keyinfo2 (const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const struct GNUNET_ABE_AbeKey *rp_key,
+ struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
+ char **result)
+{
+ struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ char *enc_keyinfo;
+ char *serialized_key;
+ char *buf;
+ char *write_ptr;
+ char attrs_str_len;
+ ssize_t size;
+
+ struct GNUNET_CRYPTO_SymmetricSessionKey skey;
+ struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+ struct GNUNET_HashCode new_key_hash;
+ ssize_t enc_size;
+
+ size = GNUNET_ABE_cpabe_serialize_key (rp_key,
+ (void**)&serialized_key);
+ attrs_str_len = 0;
+ for (le = attrs->list_head; NULL != le; le = le->next) {
+ attrs_str_len += strlen (le->claim->name) + 1;
+ }
+ buf = GNUNET_malloc (attrs_str_len + size);
+ write_ptr = buf;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Writing attributes\n");
+ for (le = attrs->list_head; NULL != le; le = le->next) {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "%s\n", le->claim->name);
+
+
+ GNUNET_memcpy (write_ptr,
+ le->claim->name,
+ strlen (le->claim->name));
+ write_ptr[strlen (le->claim->name)] = ',';
+ write_ptr += strlen (le->claim->name) + 1;
+ }
+ write_ptr--;
+ write_ptr[0] = '\0'; //replace last , with a 0-terminator
+ write_ptr++;
+ GNUNET_memcpy (write_ptr,
+ serialized_key,
+ size);
+ GNUNET_free (serialized_key);
+ // ECDH keypair E = eG
+ *ecdh_privkey = GNUNET_CRYPTO_ecdhe_key_create();
+ GNUNET_CRYPTO_ecdhe_key_get_public (*ecdh_privkey,
+ &ecdh_pubkey);
+ enc_keyinfo = GNUNET_malloc (size + attrs_str_len);
+ // Derived key K = H(eB)
+ GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdh_ecdsa (*ecdh_privkey,
+ &ticket->audience,
+ &new_key_hash));
+ create_sym_key_from_ecdh(&new_key_hash, &skey, &iv);
+ enc_size = GNUNET_CRYPTO_symmetric_encrypt (buf,
+ size + attrs_str_len,
+ &skey, &iv,
+ enc_keyinfo);
+ *result = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+
+ enc_size);
+ GNUNET_memcpy (*result,
+ &ecdh_pubkey,
+ sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
+ GNUNET_memcpy (*result + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
+ enc_keyinfo,
+ enc_size);
+ GNUNET_free (enc_keyinfo);
+ GNUNET_free (buf);
+ return sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)+enc_size;
+}
+
+
+
+static void
+issue_ticket_after_abe_bootstrap (void *cls,
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
+{
+ struct TicketIssueHandle *ih = cls;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
+ struct GNUNET_GNSRECORD_Data code_record[1];
+ struct GNUNET_ABE_AbeKey *rp_key;
+ char *code_record_data;
+ char **attrs;
+ char *label;
+ char *policy;
+ int attrs_len;
+ uint32_t i;
+ size_t code_record_len;
+
+ //Create new ABE key for RP
+ attrs_len = 0;
+ for (le = ih->attrs->list_head; NULL != le; le = le->next)
+ attrs_len++;
+ attrs = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
+ i = 0;
+ for (le = ih->attrs->list_head; NULL != le; le = le->next) {
+ GNUNET_asprintf (&policy, "%s_%lu",
+ le->claim->name,
+ le->claim->version);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Adding attribute to key: %s\n",
+ policy);
+ attrs[i] = policy;
+ i++;
+ }
+ attrs[i] = NULL;
+ rp_key = GNUNET_ABE_cpabe_create_key (abe_key,
+ attrs);
+
+ //TODO review this wireformat
+ code_record_len = serialize_abe_keyinfo2 (&ih->ticket,
+ ih->attrs,
+ rp_key,
+ &ecdhe_privkey,
+ &code_record_data);
+ code_record[0].data = code_record_data;
+ code_record[0].data_size = code_record_len;
+ code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
+ code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
+ code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+
+ label = GNUNET_STRINGS_data_to_string_alloc (&ih->ticket.rnd,
+ sizeof (uint64_t));
+ //Publish record
+ ih->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+ &ih->identity,
+ label,
+ 1,
+ code_record,
+ &store_ticket_issue_cont,
+ ih);
+ //for (; i > 0; i--)
+ // GNUNET_free (attrs[i-1]);
+ GNUNET_free (ecdhe_privkey);
+ GNUNET_free (label);
+ GNUNET_free (attrs);
+ GNUNET_free (code_record_data);
+ GNUNET_ABE_cpabe_delete_key (rp_key,
+ GNUNET_YES);
+ GNUNET_ABE_cpabe_delete_master_key (abe_key);
+}
+
+
+static int
+check_issue_ticket_message(void *cls,
+ const struct IssueTicketMessage *im)
+{
+ uint16_t size;
+
+ size = ntohs (im->header.size);
+ if (size <= sizeof (struct IssueTicketMessage))
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+static void
+handle_issue_ticket_message (void *cls,
+ const struct IssueTicketMessage *im)
+{
+ struct TicketIssueHandle *ih;
+ struct IdpClient *idp = cls;
+ size_t attrs_len;
+
+ ih = GNUNET_new (struct TicketIssueHandle);
+ attrs_len = ntohs (im->attr_len);
+ ih->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&im[1], attrs_len);
+ ih->r_id = ntohl (im->id);
+ ih->client = idp;
+ ih->identity = im->identity;
+ GNUNET_CRYPTO_ecdsa_key_get_public (&ih->identity,
+ &ih->ticket.identity);
+ ih->ticket.audience = im->rp;
+ ih->ticket.rnd =
+ GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
+ UINT64_MAX);
+ GNUNET_CONTAINER_DLL_insert (idp->issue_op_head,
+ idp->issue_op_tail,
+ ih);
+ bootstrap_abe (&ih->identity, &issue_ticket_after_abe_bootstrap, ih, GNUNET_NO);
+ GNUNET_SERVICE_client_continue (idp->client);
+
+}
+
+/**********************************************************
+ * Revocation
+ **********************************************************/
+
+/**
+ * Cleanup revoke handle
+ *
+ * @param rh the ticket revocation handle
+ */
+static void
+cleanup_revoke_ticket_handle (struct TicketRevocationHandle *rh)
+{
+ if (NULL != rh->attrs)
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->attrs);
+ if (NULL != rh->rvk_attrs)
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (rh->rvk_attrs);
+ if (NULL != rh->abe_key)
+ GNUNET_ABE_cpabe_delete_master_key (rh->abe_key);
+ if (NULL != rh->ns_qe)
+ GNUNET_NAMESTORE_cancel (rh->ns_qe);
+ if (NULL != rh->ns_it)
+ GNUNET_NAMESTORE_zone_iteration_stop (rh->ns_it);
+ GNUNET_free (rh);
+}
+
+
+/**
+ * Send revocation result
+ *
+ * @param rh ticket revocation handle
+ * @param success GNUNET_OK if successful result
+ */
+static void
+send_revocation_finished (struct TicketRevocationHandle *rh,
+ uint32_t success)
+{
+ struct GNUNET_MQ_Envelope *env;
+ struct RevokeTicketResultMessage *trm;
+
+ GNUNET_break(TKT_database->delete_ticket (TKT_database->cls,
+ &rh->ticket));
+
+ env = GNUNET_MQ_msg (trm,
+ GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT);
+ trm->id = htonl (rh->r_id);
+ trm->success = htonl (success);
+ GNUNET_MQ_send (rh->client->mq,
+ env);
+ GNUNET_CONTAINER_DLL_remove (rh->client->revoke_op_head,
+ rh->client->revoke_op_tail,
+ rh);
+}
+
+
+/**
+ * Process ticket from database
+ *
+ * @param cls struct TicketIterationProcResult
+ * @param ticket the ticket
+ * @param attrs the attributes
+ */
+static void
+ticket_reissue_proc (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs);
+
+static void
+revocation_reissue_tickets (struct TicketRevocationHandle *rh);
+
+
+static void reissue_next (void *cls)
+{
+ struct TicketRevocationHandle *rh = cls;
+ revocation_reissue_tickets (rh);
+}
+
+
+static void
+reissue_ticket_cont (void *cls,
+ int32_t success,
+ const char *emsg)
+{
+ struct TicketRevocationHandle *rh = cls;
+
+ rh->ns_qe = NULL;
+ if (GNUNET_SYSERR == success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n",
+ "Unknown Error\n");
+ send_revocation_finished (rh, GNUNET_SYSERR);
+ cleanup_revoke_ticket_handle (rh);
+ return;
+ }
+ rh->offset++;
+ GNUNET_SCHEDULER_add_now (&reissue_next, rh);
+}
+
+
+/**
+ * Process ticket from database
+ *
+ * @param cls struct TicketIterationProcResult
+ * @param ticket the ticket
+ * @param attrs the attributes
+ */
+static void
+ticket_reissue_proc (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct TicketRevocationHandle *rh = cls;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le_rollover;
+ struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
+ struct GNUNET_GNSRECORD_Data code_record[1];
+ struct GNUNET_ABE_AbeKey *rp_key;
+ char *code_record_data;
+ char **attr_arr;
+ char *label;
+ char *policy;
+ int attrs_len;
+ uint32_t i;
+ int reissue_ticket;
+ size_t code_record_len;
+
+
+ if (NULL == ticket)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Iteration done\n");
+ return;
+ }
+
+ if (0 == memcmp (&ticket->audience,
+ &rh->ticket.audience,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Do not reissue for this identity.!\n");
+ label = GNUNET_STRINGS_data_to_string_alloc (&rh->ticket.rnd,
+ sizeof (uint64_t));
+ //Delete record
+ rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+ &rh->identity,
+ label,
+ 0,
+ NULL,
+ &reissue_ticket_cont,
+ rh);
+
+ GNUNET_free (label);
+ return;
+ }
+
+ /*
+ * Check if any attribute of this ticket intersects with a rollover attribute
+ */
+ reissue_ticket = GNUNET_NO;
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ {
+ for (le_rollover = rh->rvk_attrs->list_head;
+ NULL != le_rollover;
+ le_rollover = le_rollover->next)
+ {
+ if (0 == strcmp (le_rollover->claim->name,
+ le->claim->name))
+ {
+ reissue_ticket = GNUNET_YES;
+ le->claim->version = le_rollover->claim->version;
+ }
+ }
+ }
+
+ if (GNUNET_NO == reissue_ticket)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Skipping ticket.\n");
+
+ rh->offset++;
+ GNUNET_SCHEDULER_add_now (&reissue_next, rh);
+
+
+ return;
+ }
+
+ //Create new ABE key for RP
+ attrs_len = 0;
+
+ /* If this is the RP we want to revoke attributes of, the do so */
+
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ attrs_len++;
+ attr_arr = GNUNET_malloc ((attrs_len + 1)*sizeof (char*));
+ i = 0;
+ for (le = attrs->list_head; NULL != le; le = le->next) {
+ GNUNET_asprintf (&policy, "%s_%lu",
+ le->claim->name,
+ le->claim->version);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Recreating key with %s\n", policy);
+ attr_arr[i] = policy;
+ i++;
+ }
+ attr_arr[i] = NULL;
+ rp_key = GNUNET_ABE_cpabe_create_key (rh->abe_key,
+ attr_arr);
+
+ //TODO review this wireformat
+ code_record_len = serialize_abe_keyinfo2 (ticket,
+ attrs,
+ rp_key,
+ &ecdhe_privkey,
+ &code_record_data);
+ code_record[0].data = code_record_data;
+ code_record[0].data_size = code_record_len;
+ code_record[0].expiration_time = GNUNET_TIME_UNIT_DAYS.rel_value_us;
+ code_record[0].record_type = GNUNET_GNSRECORD_TYPE_ABE_KEY;
+ code_record[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+
+ label = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
+ sizeof (uint64_t));
+ //Publish record
+ rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+ &rh->identity,
+ label,
+ 1,
+ code_record,
+ &reissue_ticket_cont,
+ rh);
+ //for (; i > 0; i--)
+ // GNUNET_free (attr_arr[i-1]);
+ GNUNET_free (ecdhe_privkey);
+ GNUNET_free (label);
+ GNUNET_free (attr_arr);
+ GNUNET_free (code_record_data);
+ GNUNET_ABE_cpabe_delete_key (rp_key, GNUNET_YES);
+}
+
+
+/* Prototype for below function */
+static void
+attr_reenc_cont (void *cls,
+ int32_t success,
+ const char *emsg);
+
+static void
+revocation_reissue_tickets (struct TicketRevocationHandle *rh)
+{
+ int ret;
+ /* Done, issue new keys */
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Revocation Phase III: Reissuing Tickets\n");
+ if (GNUNET_SYSERR == (ret = TKT_database->iterate_tickets (TKT_database->cls,
+ &rh->ticket.identity,
+ GNUNET_NO,
+ rh->offset,
+ &ticket_reissue_proc,
+ rh)))
+ {
+ GNUNET_break (0);
+ }
+ if (GNUNET_NO == ret)
+ {
+ send_revocation_finished (rh, GNUNET_OK);
+ cleanup_revoke_ticket_handle (rh);
+ return;
+ }
+}
+
+/**
+ * Failed to check for attribute
+ */
+static void
+check_attr_error (void *cls)
+{
+ struct TicketRevocationHandle *rh = cls;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to check for existing attribute\n");
+ rh->ns_qe = NULL;
+ send_revocation_finished (rh, GNUNET_SYSERR);
+ cleanup_revoke_ticket_handle (rh);
+}
+
+
+/**
+ * Revoke next attribte by reencryption with
+ * new ABE master
+ */
+static void
+reenc_next_attribute (void *cls);
+
+/**
+ * Check for existing attribute and overwrite
+ */
+static void
+check_attr_cb (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd_old)
+{
+ struct TicketRevocationHandle *rh = cls;
+ struct GNUNET_GNSRECORD_Data rd[1];
+ char* buf;
+ char* enc_buf;
+ size_t enc_size;
+ char* rd_buf;
+ size_t buf_size;
+ char* policy;
+ uint32_t attr_ver;
+
+ rh->ns_qe = NULL;
+ if (1 != rd_count) {
+ GNUNET_SCHEDULER_add_now (&reenc_next_attribute,
+ rh);
+ return;
+ }
+
+ buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (rh->attrs->list_head->claim);
+ buf = GNUNET_malloc (buf_size);
+ rh->attrs->list_head->claim->version++;
+ GNUNET_RECLAIM_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
+ buf);
+ GNUNET_asprintf (&policy, "%s_%lu",
+ rh->attrs->list_head->claim->name,
+ rh->attrs->list_head->claim->version);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Encrypting with policy %s\n", policy);
+ /**
+ * Encrypt the attribute value and store in namestore
+ */
+ enc_size = GNUNET_ABE_cpabe_encrypt (buf,
+ buf_size,
+ policy, //Policy
+ rh->abe_key,
+ (void**)&enc_buf);
+ GNUNET_free (buf);
+ if (GNUNET_SYSERR == enc_size)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to re-encrypt with policy %s\n",
+ policy);
+ GNUNET_free (policy);
+ send_revocation_finished (rh, GNUNET_SYSERR);
+ cleanup_revoke_ticket_handle (rh);
+ return;
+ }
+ GNUNET_free (policy);
+
+ rd[0].data_size = enc_size + sizeof (uint32_t);
+ rd_buf = GNUNET_malloc (rd[0].data_size);
+ attr_ver = htonl (rh->attrs->list_head->claim->version);
+ GNUNET_memcpy (rd_buf,
+ &attr_ver,
+ sizeof (uint32_t));
+ GNUNET_memcpy (rd_buf+sizeof (uint32_t),
+ enc_buf,
+ enc_size);
+ rd[0].data = rd_buf;
+ rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
+ rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+ rd[0].expiration_time = rd_old[0].expiration_time;
+ rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+ &rh->identity,
+ rh->attrs->list_head->claim->name,
+ 1,
+ rd,
+ &attr_reenc_cont,
+ rh);
+ GNUNET_free (enc_buf);
+ GNUNET_free (rd_buf);
+}
+
+
+/**
+ * Revoke next attribte by reencryption with
+ * new ABE master
+ */
+static void
+reenc_next_attribute (void *cls)
+{
+ struct TicketRevocationHandle *rh = cls;
+ if (NULL == rh->attrs->list_head)
+ {
+ revocation_reissue_tickets (rh);
+ return;
+ }
+ /* First check if attribute still exists */
+ rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
+ &rh->identity,
+ rh->attrs->list_head->claim->name,
+ &check_attr_error,
+ rh,
+ &check_attr_cb,
+ rh);
+}
+
+
+/**
+ * Namestore callback after revoked attribute
+ * is stored
+ */
+static void
+attr_reenc_cont (void *cls,
+ int32_t success,
+ const char *emsg)
+{
+ struct TicketRevocationHandle *rh = cls;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+
+ rh->ns_qe = NULL;
+ if (GNUNET_SYSERR == success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to reencrypt attribute %s\n",
+ emsg);
+ GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+ return;
+ }
+ if (NULL == rh->attrs->list_head)
+ {
+ revocation_reissue_tickets (rh);
+ return;
+ }
+ le = rh->attrs->list_head;
+ GNUNET_CONTAINER_DLL_remove (rh->attrs->list_head,
+ rh->attrs->list_tail,
+ le);
+ GNUNET_assert (NULL != rh->rvk_attrs);
+ GNUNET_CONTAINER_DLL_insert (rh->rvk_attrs->list_head,
+ rh->rvk_attrs->list_tail,
+ le);
+
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Re-encrypting next attribute\n");
+ reenc_next_attribute (rh);
+}
+
+
+static void
+process_attributes_to_update (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct TicketRevocationHandle *rh = cls;
+
+ rh->attrs = GNUNET_RECLAIM_ATTRIBUTE_list_dup (attrs);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Revocation Phase I: Collecting attributes\n");
+ /* Reencrypt all attributes with new key */
+ if (NULL == rh->attrs->list_head)
+ {
+ /* No attributes to reencrypt */
+ send_revocation_finished (rh, GNUNET_OK);
+ cleanup_revoke_ticket_handle (rh);
+ return;
+ } else {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Revocation Phase II: Re-encrypting attributes\n");
+ reenc_next_attribute (rh);
+ }
+
+}
+
+
+
+static void
+get_ticket_after_abe_bootstrap (void *cls,
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Finished ABE bootstrap\n");
+ struct TicketRevocationHandle *rh = cls;
+ rh->abe_key = abe_key;
+ TKT_database->get_ticket_attributes (TKT_database->cls,
+ &rh->ticket,
+ &process_attributes_to_update,
+ rh);
+}
+
+static int
+check_revoke_ticket_message(void *cls,
+ const struct RevokeTicketMessage *im)
+{
+ uint16_t size;
+
+ size = ntohs (im->header.size);
+ if (size <= sizeof (struct RevokeTicketMessage))
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+static void
+handle_revoke_ticket_message (void *cls,
+ const struct RevokeTicketMessage *rm)
+{
+ struct TicketRevocationHandle *rh;
+ struct IdpClient *idp = cls;
+ struct GNUNET_RECLAIM_Ticket *ticket;
+
+ rh = GNUNET_new (struct TicketRevocationHandle);
+ ticket = (struct GNUNET_RECLAIM_Ticket*)&rm[1];
+ rh->rvk_attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ rh->ticket = *ticket;
+ rh->r_id = ntohl (rm->id);
+ rh->client = idp;
+ rh->identity = rm->identity;
+ GNUNET_CRYPTO_ecdsa_key_get_public (&rh->identity,
+ &rh->ticket.identity);
+ GNUNET_CONTAINER_DLL_insert (idp->revoke_op_head,
+ idp->revoke_op_tail,
+ rh);
+ bootstrap_abe (&rh->identity, &get_ticket_after_abe_bootstrap, rh, GNUNET_NO);
+ GNUNET_SERVICE_client_continue (idp->client);
+
+}
+
+/**
+ * Cleanup ticket consume handle
+ * @param handle the handle to clean up
+ */
+static void
+cleanup_consume_ticket_handle (struct ConsumeTicketHandle *handle)
+{
+ struct ParallelLookup *lu;
+ struct ParallelLookup *tmp;
+ if (NULL != handle->lookup_request)
+ GNUNET_GNS_lookup_cancel (handle->lookup_request);
+ for (lu = handle->parallel_lookups_head;
+ NULL != lu;) {
+ GNUNET_GNS_lookup_cancel (lu->lookup_request);
+ GNUNET_free (lu->label);
+ tmp = lu->next;
+ GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
+ handle->parallel_lookups_tail,
+ lu);
+ GNUNET_free (lu);
+ lu = tmp;
+ }
+
+ if (NULL != handle->key)
+ GNUNET_ABE_cpabe_delete_key (handle->key,
+ GNUNET_YES);
+ if (NULL != handle->attrs)
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (handle->attrs);
+ GNUNET_free (handle);
+}
+
+
+
+static int
+check_consume_ticket_message(void *cls,
+ const struct ConsumeTicketMessage *cm)
+{
+ uint16_t size;
+
+ size = ntohs (cm->header.size);
+ if (size <= sizeof (struct ConsumeTicketMessage))
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+static void
+process_parallel_lookup2 (void *cls, uint32_t rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Parallel lookup finished (count=%u)\n", rd_count);
+ struct ParallelLookup *parallel_lookup = cls;
+ struct ConsumeTicketHandle *handle = parallel_lookup->handle;
+ struct ConsumeTicketResultMessage *crm;
+ struct GNUNET_MQ_Envelope *env;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *attr_le;
+ struct GNUNET_TIME_Absolute decrypt_duration;
+ char *data;
+ char *data_tmp;
+ ssize_t attr_len;
+ size_t attrs_len;
+
+ GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
+ handle->parallel_lookups_tail,
+ parallel_lookup);
+ GNUNET_free (parallel_lookup->label);
+
+ GNUNET_STATISTICS_update (stats,
+ "attribute_lookup_time_total",
+ GNUNET_TIME_absolute_get_duration (parallel_lookup->lookup_start_time).rel_value_us,
+ GNUNET_YES);
+ GNUNET_STATISTICS_update (stats,
+ "attribute_lookups_count",
+ 1,
+ GNUNET_YES);
+
+
+ GNUNET_free (parallel_lookup);
+ if (1 != rd_count)
+ GNUNET_break(0);//TODO
+ if (rd->record_type == GNUNET_GNSRECORD_TYPE_ID_ATTR)
+ {
+ decrypt_duration = GNUNET_TIME_absolute_get ();
+ attr_len = GNUNET_ABE_cpabe_decrypt (rd->data + sizeof (uint32_t),
+ rd->data_size - sizeof (uint32_t),
+ handle->key,
+ (void**)&data);
+ if (GNUNET_SYSERR != attr_len)
+ {
+ GNUNET_STATISTICS_update (stats,
+ "abe_decrypt_time_total",
+ GNUNET_TIME_absolute_get_duration (decrypt_duration).rel_value_us,
+ GNUNET_YES);
+ GNUNET_STATISTICS_update (stats,
+ "abe_decrypt_count",
+ 1,
+ GNUNET_YES);
+
+ attr_le = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ attr_le->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize (data,
+ attr_len);
+ attr_le->claim->version = ntohl(*(uint32_t*)rd->data);
+ GNUNET_CONTAINER_DLL_insert (handle->attrs->list_head,
+ handle->attrs->list_tail,
+ attr_le);
+ GNUNET_free (data);
+ }
+ }
+ if (NULL != handle->parallel_lookups_head)
+ return; //Wait for more
+ /* Else we are done */
+
+ /* Store ticket in DB */
+ if (GNUNET_OK != TKT_database->store_ticket (TKT_database->cls,
+ &handle->ticket,
+ handle->attrs))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to store ticket after consume\n");
+ GNUNET_break (0);
+ }
+
+ GNUNET_SCHEDULER_cancel (handle->kill_task);
+ attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (handle->attrs);
+ env = GNUNET_MQ_msg_extra (crm,
+ attrs_len,
+ GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT);
+ crm->id = htonl (handle->r_id);
+ crm->attrs_len = htons (attrs_len);
+ crm->identity = handle->ticket.identity;
+ data_tmp = (char *) &crm[1];
+ GNUNET_RECLAIM_ATTRIBUTE_list_serialize (handle->attrs,
+ data_tmp);
+ GNUNET_MQ_send (handle->client->mq, env);
+ GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
+ handle->client->consume_op_tail,
+ handle);
+ cleanup_consume_ticket_handle (handle);
+}
+
+void
+abort_parallel_lookups2 (void *cls)
+{
+ struct ConsumeTicketHandle *handle = cls;
+ struct ParallelLookup *lu;
+ struct ParallelLookup *tmp;
+ struct AttributeResultMessage *arm;
+ struct GNUNET_MQ_Envelope *env;
+
+ handle->kill_task = NULL;
+ for (lu = handle->parallel_lookups_head;
+ NULL != lu;) {
+ GNUNET_GNS_lookup_cancel (lu->lookup_request);
+ GNUNET_free (lu->label);
+ tmp = lu->next;
+ GNUNET_CONTAINER_DLL_remove (handle->parallel_lookups_head,
+ handle->parallel_lookups_tail,
+ lu);
+ GNUNET_free (lu);
+ lu = tmp;
+ }
+ env = GNUNET_MQ_msg (arm,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
+ arm->id = htonl (handle->r_id);
+ arm->attr_len = htons (0);
+ GNUNET_MQ_send (handle->client->mq, env);
+
+}
+
+
+static void
+process_consume_abe_key (void *cls, uint32_t rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct ConsumeTicketHandle *handle = cls;
+ struct GNUNET_HashCode new_key_hash;
+ struct GNUNET_CRYPTO_SymmetricSessionKey enc_key;
+ struct GNUNET_CRYPTO_SymmetricInitializationVector enc_iv;
+ struct GNUNET_CRYPTO_EcdhePublicKey *ecdh_key;
+ struct ParallelLookup *parallel_lookup;
+ size_t size;
+ char *buf;
+ char *scope;
+
+ handle->lookup_request = NULL;
+ if (1 != rd_count)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Number of keys %d != 1.",
+ rd_count);
+ cleanup_consume_ticket_handle (handle);
+ GNUNET_CONTAINER_DLL_remove (handle->client->consume_op_head,
+ handle->client->consume_op_tail,
+ handle);
+ GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+ return;
+ }
+
+ //Decrypt
+ ecdh_key = (struct GNUNET_CRYPTO_EcdhePublicKey *)rd->data;
+
+ buf = GNUNET_malloc (rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
+
+ //Calculate symmetric key from ecdh parameters
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_ecdsa_ecdh (&handle->identity,
+ ecdh_key,
+ &new_key_hash));
+ create_sym_key_from_ecdh (&new_key_hash,
+ &enc_key,
+ &enc_iv);
+ size = GNUNET_CRYPTO_symmetric_decrypt (rd->data + sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
+ rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey),
+ &enc_key,
+ &enc_iv,
+ buf);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Decrypted bytes: %zd Expected bytes: %zd\n",
+ size, rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
+ GNUNET_STATISTICS_update (stats,
+ "abe_key_lookup_time_total",
+ GNUNET_TIME_absolute_get_duration (handle->lookup_start_time).rel_value_us,
+ GNUNET_YES);
+ GNUNET_STATISTICS_update (stats,
+ "abe_key_lookups_count",
+ 1,
+ GNUNET_YES);
+ scopes = GNUNET_strdup (buf);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Scopes %s\n", scopes);
+ handle->key = GNUNET_ABE_cpabe_deserialize_key ((void*)(buf + strlen (scopes) + 1),
+ rd->data_size - sizeof (struct GNUNET_CRYPTO_EcdhePublicKey)
+ - strlen (scopes) - 1);
+
+ for (scope = strtok (scopes, ","); NULL != scope; scope = strtok (NULL, ","))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Looking up %s\n", scope);
+ parallel_lookup = GNUNET_new (struct ParallelLookup);
+ parallel_lookup->handle = handle;
+ parallel_lookup->label = GNUNET_strdup (scope);
+ parallel_lookup->lookup_start_time = GNUNET_TIME_absolute_get();
+ parallel_lookup->lookup_request
+ = GNUNET_GNS_lookup (gns_handle,
+ scope,
+ &handle->ticket.identity,
+ GNUNET_GNSRECORD_TYPE_ID_ATTR,
+ GNUNET_GNS_LO_DEFAULT,
+ &process_parallel_lookup2,
+ parallel_lookup);
+ GNUNET_CONTAINER_DLL_insert (handle->parallel_lookups_head,
+ handle->parallel_lookups_tail,
+ parallel_lookup);
+ }
+ GNUNET_free (scopes);
+ GNUNET_free (buf);
+ handle->kill_task = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_relative_multiply(GNUNET_TIME_UNIT_MINUTES,3),
+ &abort_parallel_lookups2,
+ handle);
+}
+
+
+static void
+handle_consume_ticket_message (void *cls,
+ const struct ConsumeTicketMessage *cm)
+{
+ struct ConsumeTicketHandle *ch;
+ struct IdpClient *idp = cls;
+ char* rnd_label;
+
+ ch = GNUNET_new (struct ConsumeTicketHandle);
+ ch->r_id = ntohl (cm->id);
+ ch->client = idp;
+ ch->identity = cm->identity;
+ ch->attrs = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ GNUNET_CRYPTO_ecdsa_key_get_public (&ch->identity,
+ &ch->identity_pub);
+ ch->ticket = *((struct GNUNET_RECLAIM_Ticket*)&cm[1]);
+ rnd_label = GNUNET_STRINGS_data_to_string_alloc (&ch->ticket.rnd,
+ sizeof (uint64_t));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Looking for ABE key under %s\n", rnd_label);
+ ch->lookup_start_time = GNUNET_TIME_absolute_get ();
+ ch->lookup_request
+ = GNUNET_GNS_lookup (gns_handle,
+ rnd_label,
+ &ch->ticket.identity,
+ GNUNET_GNSRECORD_TYPE_ABE_KEY,
+ GNUNET_GNS_LO_DEFAULT,
+ &process_consume_abe_key,
+ ch);
+ GNUNET_CONTAINER_DLL_insert (idp->consume_op_head,
+ idp->consume_op_tail,
+ ch);
+ GNUNET_free (rnd_label);
+ GNUNET_SERVICE_client_continue (idp->client);
+}
+
+/**
+ * Cleanup attribute store handle
+ *
+ * @param handle handle to clean up
+ */
+static void
+cleanup_as_handle (struct AttributeStoreHandle *handle)
+{
+ if (NULL != handle->ns_qe)
+ GNUNET_NAMESTORE_cancel (handle->ns_qe);
+ if (NULL != handle->claim)
+ GNUNET_free (handle->claim);
+ if (NULL != handle->abe_key)
+ GNUNET_ABE_cpabe_delete_master_key (handle->abe_key);
+ GNUNET_free (handle);
+}
+
+static void
+attr_store_cont (void *cls,
+ int32_t success,
+ const char *emsg)
+{
+ struct AttributeStoreHandle *as_handle = cls;
+ struct GNUNET_MQ_Envelope *env;
+ struct AttributeStoreResultMessage *acr_msg;
+
+ as_handle->ns_qe = NULL;
+ GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
+ as_handle->client->store_op_tail,
+ as_handle);
+
+ if (GNUNET_SYSERR == success)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to store attribute %s\n",
+ emsg);
+ cleanup_as_handle (as_handle);
+ GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+ return;
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Sending ATTRIBUTE_STORE_RESPONSE message\n");
+ env = GNUNET_MQ_msg (acr_msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE);
+ acr_msg->id = htonl (as_handle->r_id);
+ acr_msg->op_result = htonl (GNUNET_OK);
+ GNUNET_MQ_send (as_handle->client->mq,
+ env);
+ cleanup_as_handle (as_handle);
+}
+
+static void
+attr_store_task (void *cls)
+{
+ struct AttributeStoreHandle *as_handle = cls;
+ struct GNUNET_GNSRECORD_Data rd[1];
+ char* buf;
+ char* policy;
+ char* enc_buf;
+ char* rd_buf;
+ size_t enc_size;
+ size_t buf_size;
+ uint32_t attr_ver;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Storing attribute\n");
+ buf_size = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (as_handle->claim);
+ buf = GNUNET_malloc (buf_size);
+
+ GNUNET_RECLAIM_ATTRIBUTE_serialize (as_handle->claim,
+ buf);
+
+ GNUNET_asprintf (&policy,
+ "%s_%lu",
+ as_handle->claim->name,
+ as_handle->claim->version);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Encrypting with policy %s\n", policy);
+ /**
+ * Encrypt the attribute value and store in namestore
+ */
+ enc_size = GNUNET_ABE_cpabe_encrypt (buf,
+ buf_size,
+ policy, //Policy
+ as_handle->abe_key,
+ (void**)&enc_buf);
+ if (GNUNET_SYSERR == enc_size)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to encrypt with policy %s\n",
+ policy);
+ GNUNET_CONTAINER_DLL_remove (as_handle->client->store_op_head,
+ as_handle->client->store_op_tail,
+ as_handle);
+
+ cleanup_as_handle (as_handle);
+ GNUNET_free (buf);
+ GNUNET_free (policy);
+ GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+ return;
+ }
+ GNUNET_free (buf);
+ GNUNET_free (policy);
+ rd[0].data_size = enc_size + sizeof (uint32_t);
+ rd_buf = GNUNET_malloc (rd[0].data_size);
+ attr_ver = htonl (as_handle->claim->version);
+ GNUNET_memcpy (rd_buf,
+ &attr_ver,
+ sizeof (uint32_t));
+ GNUNET_memcpy (rd_buf+sizeof (uint32_t),
+ enc_buf,
+ enc_size);
+ rd[0].data = rd_buf;
+ rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
+ rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
+ rd[0].expiration_time = as_handle->exp.rel_value_us;
+ as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
+ &as_handle->identity,
+ as_handle->claim->name,
+ 1,
+ rd,
+ &attr_store_cont,
+ as_handle);
+ GNUNET_free (enc_buf);
+ GNUNET_free (rd_buf);
+}
+
+
+static void
+store_after_abe_bootstrap (void *cls,
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Finished ABE bootstrap\n");
+ struct AttributeStoreHandle *ash = cls;
+ ash->abe_key = abe_key;
+ GNUNET_SCHEDULER_add_now (&attr_store_task, ash);
+}
+
+static int
+check_attribute_store_message(void *cls,
+ const struct AttributeStoreMessage *sam)
+{
+ uint16_t size;
+
+ size = ntohs (sam->header.size);
+ if (size <= sizeof (struct AttributeStoreMessage))
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+static void
+handle_attribute_store_message (void *cls,
+ const struct AttributeStoreMessage *sam)
+{
+ struct AttributeStoreHandle *as_handle;
+ struct IdpClient *idp = cls;
+ size_t data_len;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received ATTRIBUTE_STORE message\n");
+
+ data_len = ntohs (sam->attr_len);
+
+ as_handle = GNUNET_new (struct AttributeStoreHandle);
+ as_handle->claim = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&sam[1],
+ data_len);
+
+ as_handle->r_id = ntohl (sam->id);
+ as_handle->identity = sam->identity;
+ as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
+ GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
+ &as_handle->identity_pkey);
+
+ GNUNET_SERVICE_client_continue (idp->client);
+ as_handle->client = idp;
+ GNUNET_CONTAINER_DLL_insert (idp->store_op_head,
+ idp->store_op_tail,
+ as_handle);
+ bootstrap_abe (&as_handle->identity, &store_after_abe_bootstrap, as_handle, GNUNET_NO);
+}
+
+static void
+cleanup_attribute_iter_handle (struct AttributeIterator *ai)
+{
+ if (NULL != ai->abe_key)
+ GNUNET_ABE_cpabe_delete_master_key (ai->abe_key);
+ GNUNET_free (ai);
+}
+
+static void
+attr_iter_error (void *cls)
+{
+ struct AttributeIterator *ai = cls;
+ //TODO
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to iterate over attributes\n");
+ GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head,
+ ai->client->attr_iter_tail,
+ ai);
+ cleanup_attribute_iter_handle (ai);
+ GNUNET_SCHEDULER_add_now (&do_shutdown, NULL);
+}
+
+static void
+attr_iter_finished (void *cls)
+{
+ struct AttributeIterator *ai = cls;
+ struct GNUNET_MQ_Envelope *env;
+ struct AttributeResultMessage *arm;
+
+ env = GNUNET_MQ_msg (arm,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
+ arm->id = htonl (ai->request_id);
+ arm->attr_len = htons (0);
+ GNUNET_MQ_send (ai->client->mq, env);
+ GNUNET_CONTAINER_DLL_remove (ai->client->attr_iter_head,
+ ai->client->attr_iter_tail,
+ ai);
+ cleanup_attribute_iter_handle (ai);
+}
+
+static void
+attr_iter_cb (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct AttributeIterator *ai = cls;
+ struct AttributeResultMessage *arm;
+ struct GNUNET_ABE_AbeKey *key;
+ struct GNUNET_MQ_Envelope *env;
+ ssize_t msg_extra_len;
+ char* attr_ser;
+ char* attrs[2];
+ char* data_tmp;
+ char* policy;
+ uint32_t attr_ver;
+
+ if (rd_count != 1)
+ {
+ GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
+ 1);
+ return;
+ }
+
+ if (GNUNET_GNSRECORD_TYPE_ID_ATTR != rd->record_type)
+ {
+ GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
+ 1);
+ return;
+ }
+ attr_ver = ntohl(*((uint32_t*)rd->data));
+ GNUNET_asprintf (&policy, "%s_%lu",
+ label, attr_ver);
+ attrs[0] = policy;
+ attrs[1] = 0;
+ key = GNUNET_ABE_cpabe_create_key (ai->abe_key,
+ attrs);
+ msg_extra_len = GNUNET_ABE_cpabe_decrypt (rd->data+sizeof (uint32_t),
+ rd->data_size-sizeof (uint32_t),
+ key,
+ (void**)&attr_ser);
+ if (GNUNET_SYSERR == msg_extra_len)
+ {
+ GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
+ 1);
+ return;
+ }
+
+ GNUNET_ABE_cpabe_delete_key (key,
+ GNUNET_YES);
+ //GNUNET_free (policy);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Found attribute: %s\n", label);
+ env = GNUNET_MQ_msg_extra (arm,
+ msg_extra_len,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT);
+ arm->id = htonl (ai->request_id);
+ arm->attr_len = htons (msg_extra_len);
+ GNUNET_CRYPTO_ecdsa_key_get_public (zone,
+ &arm->identity);
+ data_tmp = (char *) &arm[1];
+ GNUNET_memcpy (data_tmp,
+ attr_ser,
+ msg_extra_len);
+ GNUNET_MQ_send (ai->client->mq, env);
+ GNUNET_free (attr_ser);
+ GNUNET_ABE_cpabe_delete_master_key (ai->abe_key);
+ ai->abe_key = NULL;
+}
+
+
+void
+iterate_after_abe_bootstrap (void *cls,
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
+{
+ struct AttributeIterator *ai = cls;
+ ai->abe_key = abe_key;
+ ai->ns_it = GNUNET_NAMESTORE_zone_iteration_start (ns_handle,
+ &ai->identity,
+ &attr_iter_error,
+ ai,
+ &attr_iter_cb,
+ ai,
+ &attr_iter_finished,
+ ai);
+}
+
+
+static void
+iterate_next_after_abe_bootstrap (void *cls,
+ struct GNUNET_ABE_AbeMasterKey *abe_key)
+{
+ struct AttributeIterator *ai = cls;
+ ai->abe_key = abe_key;
+ GNUNET_NAMESTORE_zone_iterator_next (ai->ns_it,
+ 1);
+}
+
+
+
+static void
+handle_iteration_start (void *cls,
+ const struct AttributeIterationStartMessage *ais_msg)
+{
+ struct IdpClient *idp = cls;
+ struct AttributeIterator *ai;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received ATTRIBUTE_ITERATION_START message\n");
+ ai = GNUNET_new (struct AttributeIterator);
+ ai->request_id = ntohl (ais_msg->id);
+ ai->client = idp;
+ ai->identity = ais_msg->identity;
+
+ GNUNET_CONTAINER_DLL_insert (idp->attr_iter_head,
+ idp->attr_iter_tail,
+ ai);
+ bootstrap_abe (&ai->identity, &iterate_after_abe_bootstrap, ai, GNUNET_NO);
+ GNUNET_SERVICE_client_continue (idp->client);
+}
+
+
+static void
+handle_iteration_stop (void *cls,
+ const struct AttributeIterationStopMessage *ais_msg)
+{
+ struct IdpClient *idp = cls;
+ struct AttributeIterator *ai;
+ uint32_t rid;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received `%s' message\n",
+ "ATTRIBUTE_ITERATION_STOP");
+ rid = ntohl (ais_msg->id);
+ for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next)
+ if (ai->request_id == rid)
+ break;
+ if (NULL == ai)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (idp->client);
+ return;
+ }
+ GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head,
+ idp->attr_iter_tail,
+ ai);
+ GNUNET_free (ai);
+ GNUNET_SERVICE_client_continue (idp->client);
+}
+
+
+static void
+handle_iteration_next (void *cls,
+ const struct AttributeIterationNextMessage *ais_msg)
+{
+ struct IdpClient *idp = cls;
+ struct AttributeIterator *ai;
+ uint32_t rid;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received ATTRIBUTE_ITERATION_NEXT message\n");
+ rid = ntohl (ais_msg->id);
+ for (ai = idp->attr_iter_head; NULL != ai; ai = ai->next)
+ if (ai->request_id == rid)
+ break;
+ if (NULL == ai)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (idp->client);
+ return;
+ }
+ bootstrap_abe (&ai->identity,
+ &iterate_next_after_abe_bootstrap,
+ ai,
+ GNUNET_NO);
+ GNUNET_SERVICE_client_continue (idp->client);
+}
+
+/**
+ * Ticket iteration processor result
+ */
+enum ZoneIterationResult
+{
+ /**
+ * Iteration start.
+ */
+ IT_START = 0,
+
+ /**
+ * Found tickets,
+ * Continue to iterate with next iteration_next call
+ */
+ IT_SUCCESS_MORE_AVAILABLE = 1,
+
+ /**
+ * Iteration complete
+ */
+ IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE = 2
+};
+
+
+/**
+ * Context for ticket iteration
+ */
+struct TicketIterationProcResult
+{
+ /**
+ * The ticket iteration handle
+ */
+ struct TicketIteration *ti;
+
+ /**
+ * Iteration result: iteration done?
+ * #IT_SUCCESS_MORE_AVAILABLE: if there may be more results overall but
+ * we got one for now and have sent it to the client
+ * #IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE: if there are no further results,
+ * #IT_START: if we are still trying to find a result.
+ */
+ int res_iteration_finished;
+
+};
+
+static void
+cleanup_ticket_iter_handle (struct TicketIteration *ti)
+{
+ GNUNET_free (ti);
+}
+
+/**
+ * Process ticket from database
+ *
+ * @param cls struct TicketIterationProcResult
+ * @param ticket the ticket
+ * @param attrs the attributes
+ */
+static void
+ticket_iterate_proc (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct TicketIterationProcResult *proc = cls;
+
+ if (NULL == ticket)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Iteration done\n");
+ proc->res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE;
+ return;
+ }
+ proc->res_iteration_finished = IT_SUCCESS_MORE_AVAILABLE;
+ send_ticket_result (proc->ti->client,
+ proc->ti->r_id,
+ ticket,
+ attrs);
+
+}
+
+/**
+ * Perform ticket iteration step
+ *
+ * @param ti ticket iterator to process
+ */
+static void
+run_ticket_iteration_round (struct TicketIteration *ti)
+{
+ struct TicketIterationProcResult proc;
+ struct GNUNET_MQ_Envelope *env;
+ struct TicketResultMessage *trm;
+ int ret;
+
+ memset (&proc, 0, sizeof (proc));
+ proc.ti = ti;
+ proc.res_iteration_finished = IT_START;
+ while (IT_START == proc.res_iteration_finished)
+ {
+ if (GNUNET_SYSERR ==
+ (ret = TKT_database->iterate_tickets (TKT_database->cls,
+ &ti->identity,
+ ti->is_audience,
+ ti->offset,
+ &ticket_iterate_proc,
+ &proc)))
+ {
+ GNUNET_break (0);
+ break;
+ }
+ if (GNUNET_NO == ret)
+ proc.res_iteration_finished = IT_SUCCESS_NOT_MORE_RESULTS_AVAILABLE;
+ ti->offset++;
+ }
+ if (IT_SUCCESS_MORE_AVAILABLE == proc.res_iteration_finished)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "More results available\n");
+ return; /* more later */
+ }
+ /* send empty response to indicate end of list */
+ env = GNUNET_MQ_msg (trm,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT);
+ trm->id = htonl (ti->r_id);
+ GNUNET_MQ_send (ti->client->mq,
+ env);
+ GNUNET_CONTAINER_DLL_remove (ti->client->ticket_iter_head,
+ ti->client->ticket_iter_tail,
+ ti);
+ cleanup_ticket_iter_handle (ti);
+}
+
+static void
+handle_ticket_iteration_start (void *cls,
+ const struct TicketIterationStartMessage *tis_msg)
+{
+ struct IdpClient *client = cls;
+ struct TicketIteration *ti;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received TICKET_ITERATION_START message\n");
+ ti = GNUNET_new (struct TicketIteration);
+ ti->r_id = ntohl (tis_msg->id);
+ ti->offset = 0;
+ ti->client = client;
+ ti->identity = tis_msg->identity;
+ ti->is_audience = ntohl (tis_msg->is_audience);
+
+ GNUNET_CONTAINER_DLL_insert (client->ticket_iter_head,
+ client->ticket_iter_tail,
+ ti);
+ run_ticket_iteration_round (ti);
+ GNUNET_SERVICE_client_continue (client->client);
+}
+
+
+static void
+handle_ticket_iteration_stop (void *cls,
+ const struct TicketIterationStopMessage *tis_msg)
+{
+ struct IdpClient *client = cls;
+ struct TicketIteration *ti;
+ uint32_t rid;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received `%s' message\n",
+ "TICKET_ITERATION_STOP");
+ rid = ntohl (tis_msg->id);
+ for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next)
+ if (ti->r_id == rid)
+ break;
+ if (NULL == ti)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (client->client);
+ return;
+ }
+ GNUNET_CONTAINER_DLL_remove (client->ticket_iter_head,
+ client->ticket_iter_tail,
+ ti);
+ cleanup_ticket_iter_handle (ti);
+ GNUNET_SERVICE_client_continue (client->client);
+}
+
+
+static void
+handle_ticket_iteration_next (void *cls,
+ const struct TicketIterationNextMessage *tis_msg)
+{
+ struct IdpClient *client = cls;
+ struct TicketIteration *ti;
+ uint32_t rid;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Received TICKET_ITERATION_NEXT message\n");
+ rid = ntohl (tis_msg->id);
+ for (ti = client->ticket_iter_head; NULL != ti; ti = ti->next)
+ if (ti->r_id == rid)
+ break;
+ if (NULL == ti)
+ {
+ GNUNET_break (0);
+ GNUNET_SERVICE_client_drop (client->client);
+ return;
+ }
+ run_ticket_iteration_round (ti);
+ GNUNET_SERVICE_client_continue (client->client);
+}
+
+
+
+
+/**
+ * Main function that will be run
+ *
+ * @param cls closure
+ * @param c the configuration used
+ * @param server the service handle
+ */
+static void
+run (void *cls,
+ const struct GNUNET_CONFIGURATION_Handle *c,
+ struct GNUNET_SERVICE_Handle *server)
+{
+ char *database;
+ cfg = c;
+
+ stats = GNUNET_STATISTICS_create ("reclaim", cfg);
+
+ //Connect to identity and namestore services
+ ns_handle = GNUNET_NAMESTORE_connect (cfg);
+ if (NULL == ns_handle)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to namestore");
+ }
+
+ gns_handle = GNUNET_GNS_connect (cfg);
+ if (NULL == gns_handle)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns");
+ }
+ credential_handle = GNUNET_CREDENTIAL_connect (cfg);
+ if (NULL == credential_handle)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to credential");
+ }
+ identity_handle = GNUNET_IDENTITY_connect (cfg,
+ NULL,
+ NULL);
+ /* Loading DB plugin */
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (cfg,
+ "reclaim",
+ "database",
+ &database))
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "No database backend configured\n");
+ GNUNET_asprintf (&db_lib_name,
+ "libgnunet_plugin_reclaim_%s",
+ database);
+ TKT_database = GNUNET_PLUGIN_load (db_lib_name,
+ (void *) cfg);
+ GNUNET_free (database);
+ if (NULL == TKT_database)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not load database backend `%s'\n",
+ db_lib_name);
+ GNUNET_SCHEDULER_shutdown ();
+ return;
+ }
+
+ if (GNUNET_OK ==
+ GNUNET_CONFIGURATION_get_value_time (cfg,
+ "reclaim",
+ "TOKEN_EXPIRATION_INTERVAL",
+ &token_expiration_interval))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Time window for zone iteration: %s\n",
+ GNUNET_STRINGS_relative_time_to_string (token_expiration_interval,
+ GNUNET_YES));
+ } else {
+ token_expiration_interval = DEFAULT_TOKEN_EXPIRATION_INTERVAL;
+ }
+
+ GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
+}
+
+/**
+ * Called whenever a client is disconnected.
+ *
+ * @param cls closure
+ * @param client identification of the client
+ * @param app_ctx @a client
+ */
+static void
+client_disconnect_cb (void *cls,
+ struct GNUNET_SERVICE_Client *client,
+ void *app_ctx)
+{
+ struct IdpClient *idp = app_ctx;
+ struct AttributeIterator *ai;
+ struct TicketIteration *ti;
+ struct TicketRevocationHandle *rh;
+ struct TicketIssueHandle *iss;
+ struct ConsumeTicketHandle *ct;
+ struct AttributeStoreHandle *as;
+
+ //TODO other operations
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Client %p disconnected\n",
+ client);
+
+ while (NULL != (iss = idp->issue_op_head))
+ {
+ GNUNET_CONTAINER_DLL_remove (idp->issue_op_head,
+ idp->issue_op_tail,
+ iss);
+ cleanup_ticket_issue_handle (iss);
+ }
+ while (NULL != (ct = idp->consume_op_head))
+ {
+ GNUNET_CONTAINER_DLL_remove (idp->consume_op_head,
+ idp->consume_op_tail,
+ ct);
+ cleanup_consume_ticket_handle (ct);
+ }
+ while (NULL != (as = idp->store_op_head))
+ {
+ GNUNET_CONTAINER_DLL_remove (idp->store_op_head,
+ idp->store_op_tail,
+ as);
+ cleanup_as_handle (as);
+ }
+
+ while (NULL != (ai = idp->attr_iter_head))
+ {
+ GNUNET_CONTAINER_DLL_remove (idp->attr_iter_head,
+ idp->attr_iter_tail,
+ ai);
+ cleanup_attribute_iter_handle (ai);
+ }
+ while (NULL != (rh = idp->revoke_op_head))
+ {
+ GNUNET_CONTAINER_DLL_remove (idp->revoke_op_head,
+ idp->revoke_op_tail,
+ rh);
+ cleanup_revoke_ticket_handle (rh);
+ }
+ while (NULL != (ti = idp->ticket_iter_head))
+ {
+ GNUNET_CONTAINER_DLL_remove (idp->ticket_iter_head,
+ idp->ticket_iter_tail,
+ ti);
+ cleanup_ticket_iter_handle (ti);
+ }
+ GNUNET_free (idp);
+}
+
+
+/**
+ * Add a client to our list of active clients.
+ *
+ * @param cls NULL
+ * @param client client to add
+ * @param mq message queue for @a client
+ * @return internal namestore client structure for this client
+ */
+static void *
+client_connect_cb (void *cls,
+ struct GNUNET_SERVICE_Client *client,
+ struct GNUNET_MQ_Handle *mq)
+{
+ struct IdpClient *idp;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Client %p connected\n",
+ client);
+ idp = GNUNET_new (struct IdpClient);
+ idp->client = client;
+ idp->mq = mq;
+ return idp;
+}
+
+
+
+/**
+ * Define "main" method using service macro.
+ */
+GNUNET_SERVICE_MAIN
+("reclaim",
+ GNUNET_SERVICE_OPTION_NONE,
+ &run,
+ &client_connect_cb,
+ &client_disconnect_cb,
+ NULL,
+ GNUNET_MQ_hd_var_size (attribute_store_message,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE,
+ struct AttributeStoreMessage,
+ NULL),
+ GNUNET_MQ_hd_fixed_size (iteration_start,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START,
+ struct AttributeIterationStartMessage,
+ NULL),
+ GNUNET_MQ_hd_fixed_size (iteration_next,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT,
+ struct AttributeIterationNextMessage,
+ NULL),
+ GNUNET_MQ_hd_fixed_size (iteration_stop,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP,
+ struct AttributeIterationStopMessage,
+ NULL),
+ GNUNET_MQ_hd_var_size (issue_ticket_message,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET,
+ struct IssueTicketMessage,
+ NULL),
+ GNUNET_MQ_hd_var_size (consume_ticket_message,
+ GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET,
+ struct ConsumeTicketMessage,
+ NULL),
+ GNUNET_MQ_hd_fixed_size (ticket_iteration_start,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START,
+ struct TicketIterationStartMessage,
+ NULL),
+ GNUNET_MQ_hd_fixed_size (ticket_iteration_next,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT,
+ struct TicketIterationNextMessage,
+ NULL),
+ GNUNET_MQ_hd_fixed_size (ticket_iteration_stop,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP,
+ struct TicketIterationStopMessage,
+ NULL),
+ GNUNET_MQ_hd_var_size (revoke_ticket_message,
+ GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET,
+ struct RevokeTicketMessage,
+ NULL),
+ GNUNET_MQ_handler_end());
+/* end of gnunet-service-reclaim.c */
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2010-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/oidc_helper.c
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_signatures.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include <jansson.h>
+#include <inttypes.h>
+#include "oidc_helper.h"
+
+static char*
+create_jwt_header(void)
+{
+ json_t *root;
+ char *json_str;
+
+ root = json_object ();
+ json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE));
+ json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
+
+ json_str = json_dumps (root, JSON_INDENT(0) | JSON_COMPACT);
+ json_decref (root);
+ return json_str;
+}
+
+static void
+replace_char(char* str, char find, char replace){
+ char *current_pos = strchr(str,find);
+ while (current_pos){
+ *current_pos = replace;
+ current_pos = strchr(current_pos,find);
+ }
+}
+
+//RFC4648
+static void
+fix_base64(char* str) {
+ char *padding;
+ //First, remove trailing padding '='
+ padding = strtok(str, "=");
+ while (NULL != padding)
+ padding = strtok(NULL, "=");
+
+ //Replace + with -
+ replace_char (str, '+', '-');
+
+ //Replace / with _
+ replace_char (str, '/', '_');
+
+}
+
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ const char *nonce,
+ const char *secret_key)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ struct GNUNET_HashCode signature;
+ struct GNUNET_TIME_Absolute exp_time;
+ struct GNUNET_TIME_Absolute time_now;
+ char* audience;
+ char* subject;
+ char* header;
+ char* body_str;
+ char* result;
+ char* header_base64;
+ char* body_base64;
+ char* signature_target;
+ char* signature_base64;
+ char* attr_val_str;
+ json_t* body;
+
+ //iat REQUIRED time now
+ time_now = GNUNET_TIME_absolute_get();
+ //exp REQUIRED time expired from config
+ exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
+ //auth_time only if max_age
+ //nonce only if nonce
+ // OPTIONAL acr,amr,azp
+ subject = GNUNET_STRINGS_data_to_string_alloc (sub_key,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ audience = GNUNET_STRINGS_data_to_string_alloc (aud_key,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ header = create_jwt_header ();
+ body = json_object ();
+
+ //iss REQUIRED case sensitive server uri with https
+ //The issuer is the local reclaim instance (e.g. https://reclaim.id/api/openid)
+ json_object_set_new (body,
+ "iss", json_string (SERVER_ADDRESS));
+ //sub REQUIRED public key identity, not exceed 255 ASCII length
+ json_object_set_new (body,
+ "sub", json_string (subject));
+ //aud REQUIRED public key client_id must be there
+ json_object_set_new (body,
+ "aud", json_string (audience));
+ //iat
+ json_object_set_new (body,
+ "iat", json_integer (time_now.abs_value_us / (1000*1000)));
+ //exp
+ json_object_set_new (body,
+ "exp", json_integer (exp_time.abs_value_us / (1000*1000)));
+ //nbf
+ json_object_set_new (body,
+ "nbf", json_integer (time_now.abs_value_us / (1000*1000)));
+ //nonce
+ if (NULL != nonce)
+ json_object_set_new (body,
+ "nonce", json_string (nonce));
+
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ {
+ attr_val_str = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (le->claim->type,
+ le->claim->data,
+ le->claim->data_size);
+ json_object_set_new (body,
+ le->claim->name,
+ json_string (attr_val_str));
+ GNUNET_free (attr_val_str);
+ }
+ body_str = json_dumps (body, JSON_INDENT(0) | JSON_COMPACT);
+ json_decref (body);
+
+ GNUNET_STRINGS_base64_encode (header,
+ strlen (header),
+ &header_base64);
+ fix_base64(header_base64);
+
+ GNUNET_STRINGS_base64_encode (body_str,
+ strlen (body_str),
+ &body_base64);
+ fix_base64(body_base64);
+
+ GNUNET_free (subject);
+ GNUNET_free (audience);
+
+ /**
+ * Creating the JWT signature. This might not be
+ * standards compliant, check.
+ */
+ GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
+ GNUNET_CRYPTO_hmac_raw (secret_key, strlen (secret_key), signature_target, strlen (signature_target), &signature);
+ GNUNET_STRINGS_base64_encode ((const char*)&signature,
+ sizeof (struct GNUNET_HashCode),
+ &signature_base64);
+ fix_base64(signature_base64);
+
+ GNUNET_asprintf (&result, "%s.%s.%s",
+ header_base64, body_base64, signature_base64);
+
+ GNUNET_free (signature_target);
+ GNUNET_free (header);
+ GNUNET_free (body_str);
+ GNUNET_free (signature_base64);
+ GNUNET_free (body_base64);
+ GNUNET_free (header_base64);
+ return result;
+}
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const char* nonce)
+{
+ char *ticket_str;
+ json_t *code_json;
+ char *signature_payload;
+ char *signature_str;
+ char *authz_code;
+ size_t signature_payload_len;
+ struct GNUNET_CRYPTO_EcdsaSignature signature;
+ struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+
+ signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+ if (NULL != nonce)
+ signature_payload_len += strlen (nonce);
+
+ signature_payload = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+ purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *)signature_payload;
+ purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+ purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+ memcpy (&purpose[1],
+ ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ if (NULL != nonce)
+ memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+ nonce,
+ strlen (nonce));
+ if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_sign (issuer,
+ purpose,
+ &signature))
+ {
+ GNUNET_free (signature_payload);
+ return NULL;
+ }
+ signature_str = GNUNET_STRINGS_data_to_string_alloc (&signature,
+ sizeof (signature));
+ ticket_str = GNUNET_STRINGS_data_to_string_alloc (ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+
+ code_json = json_object ();
+ json_object_set_new (code_json,
+ "ticket",
+ json_string (ticket_str));
+ if (NULL != nonce)
+ json_object_set_new (code_json,
+ "nonce",
+ json_string (nonce));
+ json_object_set_new (code_json,
+ "signature",
+ json_string (signature_str));
+ authz_code = json_dumps (code_json,
+ JSON_INDENT(0) | JSON_COMPACT);
+ GNUNET_free (signature_payload);
+ GNUNET_free (signature_str);
+ GNUNET_free (ticket_str);
+ json_decref (code_json);
+ return authz_code;
+}
+
+
+
+
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+ const char* code,
+ struct GNUNET_RECLAIM_Ticket **ticket,
+ char **nonce)
+{
+ json_error_t error;
+ json_t *code_json;
+ json_t *ticket_json;
+ json_t *nonce_json;
+ json_t *signature_json;
+ const char *ticket_str;
+ const char *signature_str;
+ const char *nonce_str;
+ char *code_output;
+ struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
+ struct GNUNET_CRYPTO_EcdsaSignature signature;
+ size_t signature_payload_len;
+
+ code_output = NULL;
+ GNUNET_STRINGS_base64_decode (code,
+ strlen(code),
+ (void**)&code_output);
+ code_json = json_loads (code_output, 0 , &error);
+ GNUNET_free (code_output);
+ ticket_json = json_object_get (code_json, "ticket");
+ nonce_json = json_object_get (code_json, "nonce");
+ signature_json = json_object_get (code_json, "signature");
+ *ticket = NULL;
+ *nonce = NULL;
+
+ if ((NULL == ticket_json || !json_is_string (ticket_json)) ||
+ (NULL == signature_json || !json_is_string (signature_json)))
+ {
+ json_decref (code_json);
+ return GNUNET_SYSERR;
+ }
+ ticket_str = json_string_value (ticket_json);
+ signature_str = json_string_value (signature_json);
+ nonce_str = NULL;
+ if (NULL != nonce_json)
+ nonce_str = json_string_value (nonce_json);
+ signature_payload_len = sizeof (struct GNUNET_RECLAIM_Ticket);
+ if (NULL != nonce_str)
+ signature_payload_len += strlen (nonce_str);
+ purpose = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
+ signature_payload_len);
+ purpose->size = htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) + signature_payload_len);
+ purpose->purpose = htonl (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN);
+ if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ticket_str,
+ strlen (ticket_str),
+ &purpose[1],
+ sizeof (struct GNUNET_RECLAIM_Ticket)))
+ {
+ GNUNET_free (purpose);
+ json_decref (code_json);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot parse ticket!\n");
+ return GNUNET_SYSERR;
+ }
+ if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_str,
+ strlen (signature_str),
+ &signature,
+ sizeof (struct GNUNET_CRYPTO_EcdsaSignature)))
+ {
+ GNUNET_free (purpose);
+ json_decref (code_json);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot parse signature!\n");
+ return GNUNET_SYSERR;
+ }
+ *ticket = GNUNET_new (struct GNUNET_RECLAIM_Ticket);
+ memcpy (*ticket,
+ &purpose[1],
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ if (0 != memcmp (audience,
+ &(*ticket)->audience,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ {
+ GNUNET_free (purpose);
+ GNUNET_free (*ticket);
+ json_decref (code_json);
+ *ticket = NULL;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Audience in ticket does not match client!\n");
+ return GNUNET_SYSERR;
+
+ }
+ if (NULL != nonce_str)
+ memcpy (((char*)&purpose[1]) + sizeof (struct GNUNET_RECLAIM_Ticket),
+ nonce_str,
+ strlen (nonce_str));
+ if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify (GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN,
+ purpose,
+ &signature,
+ &(*ticket)->identity))
+ {
+ GNUNET_free (purpose);
+ GNUNET_free (*ticket);
+ json_decref (code_json);
+ *ticket = NULL;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Signature of authZ code invalid!\n");
+ return GNUNET_SYSERR;
+ }
+ *nonce = GNUNET_strdup (nonce_str);
+ return GNUNET_OK;
+}
+
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+ const char *id_token,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ char **token_response)
+{
+ json_t *root_json;
+
+ root_json = json_object ();
+
+ GNUNET_assert (NULL != access_token);
+ GNUNET_assert (NULL != id_token);
+ GNUNET_assert (NULL != expiration_time);
+ json_object_set_new (root_json,
+ "access_token",
+ json_string (access_token));
+ json_object_set_new (root_json,
+ "token_type",
+ json_string ("Bearer"));
+ json_object_set_new (root_json,
+ "expires_in",
+ json_integer (expiration_time->rel_value_us / (1000 * 1000)));
+ json_object_set_new (root_json,
+ "id_token",
+ json_string (id_token));
+ *token_response = json_dumps (root_json,
+ JSON_INDENT(0) | JSON_COMPACT);
+ json_decref (root_json);
+}
+
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ()
+{
+ char* access_token_number;
+ char* access_token;
+ uint64_t random_number;
+
+ random_number = GNUNET_CRYPTO_random_u64(GNUNET_CRYPTO_QUALITY_NONCE, UINT64_MAX);
+ GNUNET_asprintf (&access_token_number, "%" PRIu64, random_number);
+ GNUNET_STRINGS_base64_encode(access_token_number,strlen(access_token_number),&access_token);
+ return access_token;
+}
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2010-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/oidc_helper.h
+ * @brief helper library for OIDC related functions
+ * @author Martin Schanzenbach
+ */
+
+#ifndef JWT_H
+#define JWT_H
+
+#define JWT_ALG "alg"
+
+/* Use 512bit HMAC */
+#define JWT_ALG_VALUE "HS512"
+
+#define JWT_TYP "typ"
+
+#define JWT_TYP_VALUE "jwt"
+
+#define SERVER_ADDRESS "https://reclaim.id"
+
+/**
+ * Create a JWT from attributes
+ *
+ * @param aud_key the public of the audience
+ * @param sub_key the public key of the subject
+ * @param attrs the attribute list
+ * @param expiration_time the validity of the token
+ * @param secret_key the key used to sign the JWT
+ * @return a new base64-encoded JWT string.
+ */
+char*
+OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ const char *nonce,
+ const char *secret_key);
+
+/**
+ * Builds an OIDC authorization code including
+ * a reclaim ticket and nonce
+ *
+ * @param issuer the issuer of the ticket, used to sign the ticket and nonce
+ * @param ticket the ticket to include in the code
+ * @param nonce the nonce to include in the code
+ * @return a new authorization code (caller must free)
+ */
+char*
+OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const char* nonce);
+
+/**
+ * Parse reclaim ticket and nonce from
+ * authorization code.
+ * This also verifies the signature in the code.
+ *
+ * @param audience the expected audience of the code
+ * @param code the string representation of the code
+ * @param ticket where to store the ticket
+ * @param nonce where to store the nonce
+ * @return GNUNET_OK if successful, else GNUNET_SYSERR
+ */
+int
+OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPublicKey *audience,
+ const char* code,
+ struct GNUNET_RECLAIM_Ticket **ticket,
+ char **nonce);
+
+/**
+ * Build a token response for a token request
+ * TODO: Maybe we should add the scope here?
+ *
+ * @param access_token the access token to include
+ * @param id_token the id_token to include
+ * @param expiration_time the expiration time of the token(s)
+ * @param token_response where to store the response
+ */
+void
+OIDC_build_token_response (const char *access_token,
+ const char *id_token,
+ const struct GNUNET_TIME_Relative *expiration_time,
+ char **token_response);
+/**
+ * Generate a new access token
+ */
+char*
+OIDC_access_token_new ();
+
+
+#endif
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2013, 2014 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file reclaim/plugin_gnsrecord_reclaim.c
+ * @brief gnsrecord plugin to provide the API for identity records
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_gnsrecord_lib.h"
+#include "gnunet_gnsrecord_plugin.h"
+
+
+/**
+ * Convert the 'value' of a record to a string.
+ *
+ * @param cls closure, unused
+ * @param type type of the record
+ * @param data value in binary encoding
+ * @param data_size number of bytes in @a data
+ * @return NULL on error, otherwise human-readable representation of the value
+ */
+static char *
+value_to_string (void *cls,
+ uint32_t type,
+ const void *data,
+ size_t data_size)
+{
+ const struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *audience_pubkey;
+ const char *scopes;
+ char *ecdhe_str;
+ char *aud_str;
+ char *result;
+
+ switch (type)
+ {
+ case GNUNET_GNSRECORD_TYPE_ID_ATTR:
+ return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
+ case GNUNET_GNSRECORD_TYPE_ID_TOKEN: //DEPRECATED
+ case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+ case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
+ return GNUNET_strndup (data, data_size);
+ case GNUNET_GNSRECORD_TYPE_ABE_KEY:
+ case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
+ return GNUNET_STRINGS_data_to_string_alloc (data, data_size);
+ case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA: //DEPRECATED
+ ecdhe_privkey = data;
+ audience_pubkey = data+sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey);
+ scopes = (char*) audience_pubkey+(sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ ecdhe_str = GNUNET_STRINGS_data_to_string_alloc (ecdhe_privkey,
+ sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
+ aud_str = GNUNET_STRINGS_data_to_string_alloc (audience_pubkey,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ GNUNET_asprintf (&result,
+ "%s;%s;%s",
+ ecdhe_str, aud_str, scopes);
+ GNUNET_free (aud_str);
+ GNUNET_free (ecdhe_str);
+ return result;
+
+ default:
+ return NULL;
+ }
+}
+
+
+/**
+ * Convert human-readable version of a 'value' of a record to the binary
+ * representation.
+ *
+ * @param cls closure, unused
+ * @param type type of the record
+ * @param s human-readable string
+ * @param data set to value in binary encoding (will be allocated)
+ * @param data_size set to number of bytes in @a data
+ * @return #GNUNET_OK on success
+ */
+static int
+string_to_value (void *cls,
+ uint32_t type,
+ const char *s,
+ void **data,
+ size_t *data_size)
+{
+ char* ecdhe_str;
+ char* aud_keystr;
+ char* write_ptr;
+ char* tmp_tok;
+ char* str;
+
+ if (NULL == s)
+ return GNUNET_SYSERR;
+ switch (type)
+ {
+ case GNUNET_GNSRECORD_TYPE_ID_ATTR:
+ return GNUNET_STRINGS_string_to_data (s,
+ strlen (s),
+ *data,
+ *data_size);
+ case GNUNET_GNSRECORD_TYPE_ID_TOKEN:
+ case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT:
+ case GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT:
+ *data = GNUNET_strdup (s);
+ *data_size = strlen (s);
+ return GNUNET_OK;
+ case GNUNET_GNSRECORD_TYPE_ABE_KEY:
+ case GNUNET_GNSRECORD_TYPE_ABE_MASTER:
+ return GNUNET_STRINGS_string_to_data (s,
+ strlen (s),
+ *data,
+ *data_size);
+ case GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA:
+ tmp_tok = GNUNET_strdup (s);
+ ecdhe_str = strtok (tmp_tok, ";");
+ if (NULL == ecdhe_str)
+ {
+ GNUNET_free (tmp_tok);
+ return GNUNET_SYSERR;
+ }
+ aud_keystr = strtok (NULL, ";");
+ if (NULL == aud_keystr)
+ {
+ GNUNET_free (tmp_tok);
+ return GNUNET_SYSERR;
+ }
+ str = strtok (NULL, ";");
+ if (NULL == str)
+ {
+ GNUNET_free (tmp_tok);
+ return GNUNET_SYSERR;
+ }
+ *data_size = strlen (str) + 1
+ +sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey)
+ +sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey);
+ *data = GNUNET_malloc (*data_size);
+
+ write_ptr = *data;
+ GNUNET_STRINGS_string_to_data (ecdhe_str,
+ strlen (ecdhe_str),
+ write_ptr,
+ sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
+ write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey);
+ GNUNET_STRINGS_string_to_data (aud_keystr,
+ strlen (aud_keystr),
+ write_ptr,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ write_ptr += sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey);
+ GNUNET_memcpy (write_ptr, str, strlen (str) + 1); //with 0-Terminator
+ GNUNET_free (tmp_tok);
+ return GNUNET_OK;
+
+ default:
+ return GNUNET_SYSERR;
+ }
+}
+
+
+/**
+ * Mapping of record type numbers to human-readable
+ * record type names.
+ */
+static struct {
+ const char *name;
+ uint32_t number;
+} name_map[] = {
+ { "ID_ATTR", GNUNET_GNSRECORD_TYPE_ID_ATTR },
+ { "ID_TOKEN", GNUNET_GNSRECORD_TYPE_ID_TOKEN },
+ { "ABE_KEY", GNUNET_GNSRECORD_TYPE_ABE_KEY },
+ { "ABE_MASTER", GNUNET_GNSRECORD_TYPE_ABE_MASTER },
+ { "ID_TOKEN_METADATA", GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA },
+ { "RECLAIM_OIDC_CLIENT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_CLIENT },
+ { "RECLAIM_OIDC_REDIRECT", GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT },
+ { NULL, UINT32_MAX }
+};
+
+
+/**
+ * Convert a type name (i.e. "AAAA") to the corresponding number.
+ *
+ * @param cls closure, unused
+ * @param dns_typename name to convert
+ * @return corresponding number, UINT32_MAX on error
+ */
+static uint32_t
+typename_to_number (void *cls,
+ const char *dns_typename)
+{
+ unsigned int i;
+
+ i=0;
+ while ( (NULL != name_map[i].name) &&
+ (0 != strcasecmp (dns_typename, name_map[i].name)) )
+ i++;
+ return name_map[i].number;
+}
+
+
+/**
+ * Convert a type number (i.e. 1) to the corresponding type string (i.e. "A")
+ *
+ * @param cls closure, unused
+ * @param type number of a type to convert
+ * @return corresponding typestring, NULL on error
+ */
+static const char *
+number_to_typename (void *cls,
+ uint32_t type)
+{
+ unsigned int i;
+
+ i=0;
+ while ( (NULL != name_map[i].name) &&
+ (type != name_map[i].number) )
+ i++;
+ return name_map[i].name;
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls NULL
+ * @return the exported block API
+ */
+void *
+libgnunet_plugin_gnsrecord_reclaim_init (void *cls)
+{
+ struct GNUNET_GNSRECORD_PluginFunctions *api;
+
+ api = GNUNET_new (struct GNUNET_GNSRECORD_PluginFunctions);
+ api->value_to_string = &value_to_string;
+ api->string_to_value = &string_to_value;
+ api->typename_to_number = &typename_to_number;
+ api->number_to_typename = &number_to_typename;
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the return value from #libgnunet_plugin_block_test_init
+ * @return NULL
+ */
+void *
+libgnunet_plugin_gnsrecord_reclaim_done (void *cls)
+{
+ struct GNUNET_GNSRECORD_PluginFunctions *api = cls;
+
+ GNUNET_free (api);
+ return NULL;
+}
+
+/* end of plugin_gnsrecord_dns.c */
--- /dev/null
+ /*
+ * This file is part of GNUnet
+ * Copyright (C) 2009-2017 GNUnet e.V.
+ *
+ * GNUnet is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License,
+ * or (at your option) any later version.
+ *
+ * GNUnet is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/**
+ * @file reclaim/plugin_reclaim_sqlite.c
+ * @brief sqlite-based idp backend
+ * @author Martin Schanzenbach
+ */
+
+#include "platform.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_plugin.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_sq_lib.h"
+#include <sqlite3.h>
+
+/**
+ * After how many ms "busy" should a DB operation fail for good? A
+ * low value makes sure that we are more responsive to requests
+ * (especially PUTs). A high value guarantees a higher success rate
+ * (SELECTs in iterate can take several seconds despite LIMIT=1).
+ *
+ * The default value of 1s should ensure that users do not experience
+ * huge latencies while at the same time allowing operations to
+ * succeed with reasonable probability.
+ */
+#define BUSY_TIMEOUT_MS 1000
+
+
+/**
+ * Log an error message at log-level 'level' that indicates
+ * a failure of the command 'cmd' on file 'filename'
+ * with the message given by strerror(errno).
+ */
+#define LOG_SQLITE(db, level, cmd) do { GNUNET_log_from (level, "reclaim", _("`%s' failed at %s:%d with error: %s\n"), cmd, __FILE__, __LINE__, sqlite3_errmsg(db->dbh)); } while(0)
+
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-sqlite", __VA_ARGS__)
+
+
+/**
+ * Context for all functions in this plugin.
+ */
+struct Plugin
+{
+
+ const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+ /**
+ * Database filename.
+ */
+ char *fn;
+
+ /**
+ * Native SQLite database handle.
+ */
+ sqlite3 *dbh;
+
+ /**
+ * Precompiled SQL to store ticket.
+ */
+ sqlite3_stmt *store_ticket;
+
+ /**
+ * Precompiled SQL to delete existing ticket.
+ */
+ sqlite3_stmt *delete_ticket;
+
+ /**
+ * Precompiled SQL to iterate tickets.
+ */
+ sqlite3_stmt *iterate_tickets;
+
+ /**
+ * Precompiled SQL to get ticket attributes.
+ */
+ sqlite3_stmt *get_ticket_attrs;
+
+ /**
+ * Precompiled SQL to iterate tickets by audience.
+ */
+ sqlite3_stmt *iterate_tickets_by_audience;
+};
+
+
+/**
+ * @brief Prepare a SQL statement
+ *
+ * @param dbh handle to the database
+ * @param zSql SQL statement, UTF-8 encoded
+ * @param ppStmt set to the prepared statement
+ * @return 0 on success
+ */
+static int
+sq_prepare (sqlite3 *dbh,
+ const char *zSql,
+ sqlite3_stmt **ppStmt)
+{
+ char *dummy;
+ int result;
+
+ result =
+ sqlite3_prepare_v2 (dbh,
+ zSql,
+ strlen (zSql),
+ ppStmt,
+ (const char **) &dummy);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Prepared `%s' / %p: %d\n",
+ zSql,
+ *ppStmt,
+ result);
+ return result;
+}
+
+/**
+ * Create our database indices.
+ *
+ * @param dbh handle to the database
+ */
+static void
+create_indices (sqlite3 * dbh)
+{
+ /* create indices */
+ if ( (SQLITE_OK !=
+ sqlite3_exec (dbh,
+ "CREATE INDEX IF NOT EXISTS identity_reverse ON identity001tickets (identity,audience)",
+ NULL, NULL, NULL)) ||
+ (SQLITE_OK !=
+ sqlite3_exec (dbh,
+ "CREATE INDEX IF NOT EXISTS it_iter ON identity001tickets (rnd)",
+ NULL, NULL, NULL)) )
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to create indices: %s\n",
+ sqlite3_errmsg (dbh));
+}
+
+
+
+#if 0
+#define CHECK(a) GNUNET_break(a)
+#define ENULL NULL
+#else
+#define ENULL &e
+#define ENULL_DEFINED 1
+#define CHECK(a) if (! (a)) { GNUNET_log(GNUNET_ERROR_TYPE_ERROR, "%s\n", e); sqlite3_free(e); }
+#endif
+
+
+/**
+ * Initialize the database connections and associated
+ * data structures (create tables and indices
+ * as needed as well).
+ *
+ * @param plugin the plugin context (state for this module)
+ * @return #GNUNET_OK on success
+ */
+static int
+database_setup (struct Plugin *plugin)
+{
+ sqlite3_stmt *stmt;
+ char *afsdir;
+#if ENULL_DEFINED
+ char *e;
+#endif
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (plugin->cfg,
+ "reclaim-sqlite",
+ "FILENAME",
+ &afsdir))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "reclaim-sqlite",
+ "FILENAME");
+ return GNUNET_SYSERR;
+ }
+ if (GNUNET_OK !=
+ GNUNET_DISK_file_test (afsdir))
+ {
+ if (GNUNET_OK !=
+ GNUNET_DISK_directory_create_for_file (afsdir))
+ {
+ GNUNET_break (0);
+ GNUNET_free (afsdir);
+ return GNUNET_SYSERR;
+ }
+ }
+ /* afsdir should be UTF-8-encoded. If it isn't, it's a bug */
+ plugin->fn = afsdir;
+
+ /* Open database and precompile statements */
+ if (sqlite3_open (plugin->fn, &plugin->dbh) != SQLITE_OK)
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ _("Unable to initialize SQLite: %s.\n"),
+ sqlite3_errmsg (plugin->dbh));
+ return GNUNET_SYSERR;
+ }
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA temp_store=MEMORY", NULL, NULL,
+ ENULL));
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA synchronous=NORMAL", NULL, NULL,
+ ENULL));
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA legacy_file_format=OFF", NULL, NULL,
+ ENULL));
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA auto_vacuum=INCREMENTAL", NULL,
+ NULL, ENULL));
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA encoding=\"UTF-8\"", NULL,
+ NULL, ENULL));
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA locking_mode=EXCLUSIVE", NULL, NULL,
+ ENULL));
+ CHECK (SQLITE_OK ==
+ sqlite3_exec (plugin->dbh,
+ "PRAGMA page_size=4092", NULL, NULL,
+ ENULL));
+
+ CHECK (SQLITE_OK ==
+ sqlite3_busy_timeout (plugin->dbh,
+ BUSY_TIMEOUT_MS));
+
+
+ /* Create table */
+ CHECK (SQLITE_OK ==
+ sq_prepare (plugin->dbh,
+ "SELECT 1 FROM sqlite_master WHERE tbl_name = 'identity001tickets'",
+ &stmt));
+ if ((sqlite3_step (stmt) == SQLITE_DONE) &&
+ (sqlite3_exec
+ (plugin->dbh,
+ "CREATE TABLE identity001tickets ("
+ " identity BLOB NOT NULL DEFAULT '',"
+ " audience BLOB NOT NULL DEFAULT '',"
+ " rnd INT8 NOT NULL DEFAULT '',"
+ " attributes BLOB NOT NULL DEFAULT ''"
+ ")",
+ NULL, NULL, NULL) != SQLITE_OK))
+ {
+ LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR,
+ "sqlite3_exec");
+ sqlite3_finalize (stmt);
+ return GNUNET_SYSERR;
+ }
+ sqlite3_finalize (stmt);
+
+ create_indices (plugin->dbh);
+
+ if ( (SQLITE_OK !=
+ sq_prepare (plugin->dbh,
+ "INSERT INTO identity001tickets (identity, audience, rnd, attributes)"
+ " VALUES (?, ?, ?, ?)",
+ &plugin->store_ticket)) ||
+ (SQLITE_OK !=
+ sq_prepare (plugin->dbh,
+ "DELETE FROM identity001tickets WHERE identity=? AND rnd=?",
+ &plugin->delete_ticket)) ||
+ (SQLITE_OK !=
+ sq_prepare (plugin->dbh,
+ "SELECT identity,audience,rnd,attributes"
+ " FROM identity001tickets WHERE identity=? AND rnd=?",
+ &plugin->get_ticket_attrs)) ||
+ (SQLITE_OK !=
+ sq_prepare (plugin->dbh,
+ "SELECT identity,audience,rnd,attributes"
+ " FROM identity001tickets WHERE identity=?"
+ " ORDER BY rnd LIMIT 1 OFFSET ?",
+ &plugin->iterate_tickets)) ||
+ (SQLITE_OK !=
+ sq_prepare (plugin->dbh,
+ "SELECT identity,audience,rnd,attributes"
+ " FROM identity001tickets WHERE audience=?"
+ " ORDER BY rnd LIMIT 1 OFFSET ?",
+ &plugin->iterate_tickets_by_audience)) )
+ {
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR,
+ "precompiling");
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+/**
+ * Shutdown database connection and associate data
+ * structures.
+ * @param plugin the plugin context (state for this module)
+ */
+static void
+database_shutdown (struct Plugin *plugin)
+{
+ int result;
+ sqlite3_stmt *stmt;
+
+ if (NULL != plugin->store_ticket)
+ sqlite3_finalize (plugin->store_ticket);
+ if (NULL != plugin->delete_ticket)
+ sqlite3_finalize (plugin->delete_ticket);
+ if (NULL != plugin->iterate_tickets)
+ sqlite3_finalize (plugin->iterate_tickets);
+ if (NULL != plugin->iterate_tickets_by_audience)
+ sqlite3_finalize (plugin->iterate_tickets_by_audience);
+ if (NULL != plugin->get_ticket_attrs)
+ sqlite3_finalize (plugin->get_ticket_attrs);
+ result = sqlite3_close (plugin->dbh);
+ if (result == SQLITE_BUSY)
+ {
+ LOG (GNUNET_ERROR_TYPE_WARNING,
+ _("Tried to close sqlite without finalizing all prepared statements.\n"));
+ stmt = sqlite3_next_stmt (plugin->dbh,
+ NULL);
+ while (NULL != stmt)
+ {
+ GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG,
+ "sqlite",
+ "Closing statement %p\n",
+ stmt);
+ result = sqlite3_finalize (stmt);
+ if (result != SQLITE_OK)
+ GNUNET_log_from (GNUNET_ERROR_TYPE_WARNING,
+ "sqlite",
+ "Failed to close statement %p: %d\n",
+ stmt,
+ result);
+ stmt = sqlite3_next_stmt (plugin->dbh,
+ NULL);
+ }
+ result = sqlite3_close (plugin->dbh);
+ }
+ if (SQLITE_OK != result)
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR,
+ "sqlite3_close");
+
+ GNUNET_free_non_null (plugin->fn);
+}
+
+
+/**
+ * Store a ticket in the database.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param ticket the ticket to persist
+ * @param attrs the attributes associated with the ticket
+ * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+ */
+static int
+reclaim_sqlite_store_ticket (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs)
+{
+ struct Plugin *plugin = cls;
+ size_t attrs_len;
+ char *attrs_ser;
+ int n;
+
+ {
+ /* First delete duplicates */
+ struct GNUNET_SQ_QueryParam dparams[] = {
+ GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
+ GNUNET_SQ_query_param_uint64 (&ticket->rnd),
+ GNUNET_SQ_query_param_end
+ };
+ if (GNUNET_OK !=
+ GNUNET_SQ_bind (plugin->delete_ticket,
+ dparams))
+ {
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_bind_XXXX");
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->delete_ticket);
+ return GNUNET_SYSERR;
+ }
+ n = sqlite3_step (plugin->delete_ticket);
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->delete_ticket);
+
+ attrs_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
+ attrs_ser = GNUNET_malloc (attrs_len);
+ GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
+ attrs_ser);
+ struct GNUNET_SQ_QueryParam sparams[] = {
+ GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
+ GNUNET_SQ_query_param_auto_from_type (&ticket->audience),
+ GNUNET_SQ_query_param_uint64 (&ticket->rnd),
+ GNUNET_SQ_query_param_fixed_size (attrs_ser, attrs_len),
+ GNUNET_SQ_query_param_end
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_SQ_bind (plugin->store_ticket,
+ sparams))
+ {
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_bind_XXXX");
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->store_ticket);
+ return GNUNET_SYSERR;
+ }
+ n = sqlite3_step (plugin->store_ticket);
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->store_ticket);
+ GNUNET_free (attrs_ser);
+ }
+ switch (n)
+ {
+ case SQLITE_DONE:
+ GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG,
+ "sqlite",
+ "Ticket stored\n");
+ return GNUNET_OK;
+ case SQLITE_BUSY:
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_step");
+ return GNUNET_NO;
+ default:
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_step");
+ return GNUNET_SYSERR;
+ }
+}
+
+
+/**
+ * Store a ticket in the database.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param ticket the ticket to delete
+ * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+ */
+static int
+reclaim_sqlite_delete_ticket (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+ struct Plugin *plugin = cls;
+ int n;
+
+ {
+ struct GNUNET_SQ_QueryParam sparams[] = {
+ GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
+ GNUNET_SQ_query_param_uint64 (&ticket->rnd),
+ GNUNET_SQ_query_param_end
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_SQ_bind (plugin->delete_ticket,
+ sparams))
+ {
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_bind_XXXX");
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->store_ticket);
+ return GNUNET_SYSERR;
+ }
+ n = sqlite3_step (plugin->delete_ticket);
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->delete_ticket);
+ }
+ switch (n)
+ {
+ case SQLITE_DONE:
+ GNUNET_log_from (GNUNET_ERROR_TYPE_DEBUG,
+ "sqlite",
+ "Ticket deleted\n");
+ return GNUNET_OK;
+ case SQLITE_BUSY:
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_WARNING | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_step");
+ return GNUNET_NO;
+ default:
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_step");
+ return GNUNET_SYSERR;
+ }
+}
+
+
+/**
+ * The given 'sqlite' statement has been prepared to be run.
+ * It will return a record which should be given to the iterator.
+ * Runs the statement and parses the returned record.
+ *
+ * @param plugin plugin context
+ * @param stmt to run (and then clean up)
+ * @param iter iterator to call with the result
+ * @param iter_cls closure for @a iter
+ * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
+ */
+static int
+get_ticket_and_call_iterator (struct Plugin *plugin,
+ sqlite3_stmt *stmt,
+ GNUNET_RECLAIM_TicketIterator iter,
+ void *iter_cls)
+{
+ struct GNUNET_RECLAIM_Ticket ticket;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+ int ret;
+ int sret;
+ size_t attrs_len;
+ char *attrs_ser;
+
+ ret = GNUNET_NO;
+ if (SQLITE_ROW == (sret = sqlite3_step (stmt)))
+ {
+ struct GNUNET_SQ_ResultSpec rs[] = {
+ GNUNET_SQ_result_spec_auto_from_type (&ticket.identity),
+ GNUNET_SQ_result_spec_auto_from_type (&ticket.audience),
+ GNUNET_SQ_result_spec_uint64 (&ticket.rnd),
+ GNUNET_SQ_result_spec_variable_size ((void**)&attrs_ser,
+ &attrs_len),
+ GNUNET_SQ_result_spec_end
+
+ };
+ ret = GNUNET_SQ_extract_result (stmt,
+ rs);
+ if (GNUNET_OK != ret)
+ {
+ GNUNET_break (0);
+ ret = GNUNET_SYSERR;
+ }
+ else
+ {
+ attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize (attrs_ser,
+ attrs_len);
+ if (NULL != iter)
+ iter (iter_cls,
+ &ticket,
+ attrs);
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
+ ret = GNUNET_YES;
+ }
+ GNUNET_SQ_cleanup_result (rs);
+ }
+ else
+ {
+ if (SQLITE_DONE != sret)
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR,
+ "sqlite_step");
+ }
+ GNUNET_SQ_reset (plugin->dbh,
+ stmt);
+ return ret;
+}
+
+
+/**
+ * Lookup tickets in the datastore.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param ticket the ticket to retrieve attributes for
+ * @param iter function to call with the result
+ * @param iter_cls closure for @a iter
+ * @return #GNUNET_OK on success, else #GNUNET_SYSERR
+ */
+static int
+reclaim_sqlite_ticket_get_attrs (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ GNUNET_RECLAIM_TicketIterator iter,
+ void *iter_cls)
+{
+ struct Plugin *plugin = cls;
+ struct GNUNET_SQ_QueryParam params[] = {
+ GNUNET_SQ_query_param_auto_from_type (&ticket->identity),
+ GNUNET_SQ_query_param_uint64 (&ticket->rnd),
+ GNUNET_SQ_query_param_end
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_SQ_bind (plugin->get_ticket_attrs,
+ params))
+ {
+ LOG_SQLITE (plugin, GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_bind_XXXX");
+ GNUNET_SQ_reset (plugin->dbh,
+ plugin->get_ticket_attrs);
+ return GNUNET_SYSERR;
+ }
+ return get_ticket_and_call_iterator (plugin,
+ plugin->get_ticket_attrs,
+ iter,
+ iter_cls);
+}
+
+
+/**
+ * Iterate over the results for a particular key and zone in the
+ * datastore. Will return at most one result to the iterator.
+ *
+ * @param cls closure (internal context for the plugin)
+ * @param identity the issuing identity or audience (depending on audience switch)
+ * @param audience GNUNET_YES if identity is audience
+ * @param offset offset in the list of all matching records
+ * @param iter function to call with the result
+ * @param iter_cls closure for @a iter
+ * @return #GNUNET_OK on success, #GNUNET_NO if there were no results, #GNUNET_SYSERR on error
+ */
+static int
+reclaim_sqlite_iterate_tickets (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ int audience,
+ uint64_t offset,
+ GNUNET_RECLAIM_TicketIterator iter,
+ void *iter_cls)
+{
+ struct Plugin *plugin = cls;
+ sqlite3_stmt *stmt;
+ int err;
+
+ if (NULL == identity)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ struct GNUNET_SQ_QueryParam params[] = {
+ GNUNET_SQ_query_param_auto_from_type (identity),
+ GNUNET_SQ_query_param_uint64 (&offset),
+ GNUNET_SQ_query_param_end
+ };
+ if (GNUNET_YES == audience)
+ {
+ stmt = plugin->iterate_tickets_by_audience;
+ err = GNUNET_SQ_bind (stmt,
+ params);
+ }
+ else
+ {
+ stmt = plugin->iterate_tickets;
+ err = GNUNET_SQ_bind (stmt,
+ params);
+ }
+ if (GNUNET_OK != err)
+ {
+ LOG_SQLITE (plugin,
+ GNUNET_ERROR_TYPE_ERROR | GNUNET_ERROR_TYPE_BULK,
+ "sqlite3_bind_XXXX");
+ GNUNET_SQ_reset (plugin->dbh,
+ stmt);
+ return GNUNET_SYSERR;
+ }
+ return get_ticket_and_call_iterator (plugin,
+ stmt,
+ iter,
+ iter_cls);
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls the "struct GNUNET_RECLAIM_PluginEnvironment*"
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_reclaim_sqlite_init (void *cls)
+{
+ static struct Plugin plugin;
+ const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
+ struct GNUNET_RECLAIM_PluginFunctions *api;
+
+ if (NULL != plugin.cfg)
+ return NULL; /* can only initialize once! */
+ memset (&plugin, 0, sizeof (struct Plugin));
+ plugin.cfg = cfg;
+ if (GNUNET_OK != database_setup (&plugin))
+ {
+ database_shutdown (&plugin);
+ return NULL;
+ }
+ api = GNUNET_new (struct GNUNET_RECLAIM_PluginFunctions);
+ api->cls = &plugin;
+ api->store_ticket = &reclaim_sqlite_store_ticket;
+ api->delete_ticket = &reclaim_sqlite_delete_ticket;
+ api->iterate_tickets = &reclaim_sqlite_iterate_tickets;
+ api->get_ticket_attributes = &reclaim_sqlite_ticket_get_attrs;
+ LOG (GNUNET_ERROR_TYPE_INFO,
+ _("Sqlite database running\n"));
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_reclaim_sqlite_done (void *cls)
+{
+ struct GNUNET_RECLAIM_PluginFunctions *api = cls;
+ struct Plugin *plugin = api->cls;
+
+ database_shutdown (plugin);
+ plugin->cfg = NULL;
+ GNUNET_free (api);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "sqlite plugin is finished\n");
+ return NULL;
+}
+
+/* end of plugin_reclaim_sqlite.c */
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @author Philippe Buschmann
+ * @file identity/plugin_rest_openid_connect.c
+ * @brief GNUnet Namestore REST plugin
+ *
+ */
+
+#include "platform.h"
+#include "gnunet_rest_plugin.h"
+#include "gnunet_identity_service.h"
+#include "gnunet_gns_service.h"
+#include "gnunet_gnsrecord_lib.h"
+#include "gnunet_namestore_service.h"
+#include "gnunet_rest_lib.h"
+#include "gnunet_jsonapi_lib.h"
+#include "gnunet_jsonapi_util.h"
+#include "microhttpd.h"
+#include <jansson.h>
+#include <inttypes.h>
+#include "gnunet_signatures.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "oidc_helper.h"
+
+/**
+ * REST root namespace
+ */
+#define GNUNET_REST_API_NS_OIDC "/openid"
+
+/**
+ * Authorize endpoint
+ */
+#define GNUNET_REST_API_NS_AUTHORIZE "/openid/authorize"
+
+/**
+ * Token endpoint
+ */
+#define GNUNET_REST_API_NS_TOKEN "/openid/token"
+
+/**
+ * UserInfo endpoint
+ */
+#define GNUNET_REST_API_NS_USERINFO "/openid/userinfo"
+
+/**
+ * Login namespace
+ */
+#define GNUNET_REST_API_NS_LOGIN "/openid/login"
+
+/**
+ * Attribute key
+ */
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
+
+/**
+ * Ticket key
+ */
+#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket"
+
+
+/**
+ * Value key
+ */
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
+
+/**
+ * State while collecting all egos
+ */
+#define ID_REST_STATE_INIT 0
+
+/**
+ * Done collecting egos
+ */
+#define ID_REST_STATE_POST_INIT 1
+
+/**
+ * OIDC grant_type key
+ */
+#define OIDC_GRANT_TYPE_KEY "grant_type"
+
+/**
+ * OIDC grant_type key
+ */
+#define OIDC_GRANT_TYPE_VALUE "authorization_code"
+
+/**
+ * OIDC code key
+ */
+#define OIDC_CODE_KEY "code"
+
+/**
+ * OIDC response_type key
+ */
+#define OIDC_RESPONSE_TYPE_KEY "response_type"
+
+/**
+ * OIDC client_id key
+ */
+#define OIDC_CLIENT_ID_KEY "client_id"
+
+/**
+ * OIDC scope key
+ */
+#define OIDC_SCOPE_KEY "scope"
+
+/**
+ * OIDC redirect_uri key
+ */
+#define OIDC_REDIRECT_URI_KEY "redirect_uri"
+
+/**
+ * OIDC state key
+ */
+#define OIDC_STATE_KEY "state"
+
+/**
+ * OIDC nonce key
+ */
+#define OIDC_NONCE_KEY "nonce"
+
+/**
+ * OIDC cookie header key
+ */
+#define OIDC_COOKIE_HEADER_KEY "cookie"
+
+/**
+ * OIDC cookie header information key
+ */
+#define OIDC_AUTHORIZATION_HEADER_KEY "authorization"
+
+/**
+ * OIDC cookie header information key
+ */
+#define OIDC_COOKIE_HEADER_INFORMATION_KEY "Identity="
+
+/**
+ * OIDC expected response_type while authorizing
+ */
+#define OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE "code"
+
+/**
+ * OIDC expected scope part while authorizing
+ */
+#define OIDC_EXPECTED_AUTHORIZATION_SCOPE "openid"
+
+/**
+ * OIDC ignored parameter array
+ */
+static char* OIDC_ignored_parameter_array [] =
+{
+ "display",
+ "prompt",
+ "ui_locales",
+ "response_mode",
+ "id_token_hint",
+ "login_hint",
+ "acr_values"
+};
+
+/**
+ * OIDC authorized identities and times hashmap
+ */
+struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_login_time;
+
+/**
+ * OIDC authorized identities and times hashmap
+ */
+struct GNUNET_CONTAINER_MultiHashMap *OIDC_identity_grants;
+
+/**
+ * OIDC ticket/code use only once
+ */
+struct GNUNET_CONTAINER_MultiHashMap *OIDC_ticket_once;
+
+/**
+ * OIDC access_token to ticket and ego
+ */
+struct GNUNET_CONTAINER_MultiHashMap *OIDC_interpret_access_token;
+
+/**
+ * The configuration handle
+ */
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * HTTP methods allows for this plugin
+ */
+static char* allow_methods;
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+ const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+/**
+ * OIDC needed variables
+ */
+struct OIDC_Variables
+{
+ /**
+ * The RP client public key
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey client_pkey;
+
+ /**
+ * The OIDC client id of the RP
+ */
+ char *client_id;
+
+ /**
+ * The OIDC redirect uri
+ */
+ char *redirect_uri;
+
+ /**
+ * The list of oidc scopes
+ */
+ char *scope;
+
+ /**
+ * The OIDC state
+ */
+ char *state;
+
+ /**
+ * The OIDC nonce
+ */
+ char *nonce;
+
+ /**
+ * The OIDC response type
+ */
+ char *response_type;
+
+ /**
+ * The identity chosen by the user to login
+ */
+ char *login_identity;
+
+ /**
+ * The response JSON
+ */
+ json_t *response;
+
+};
+
+/**
+ * The ego list
+ */
+struct EgoEntry
+{
+ /**
+ * DLL
+ */
+ struct EgoEntry *next;
+
+ /**
+ * DLL
+ */
+ struct EgoEntry *prev;
+
+ /**
+ * Ego Identifier
+ */
+ char *identifier;
+
+ /**
+ * Public key string
+ */
+ char *keystring;
+
+ /**
+ * The Ego
+ */
+ struct GNUNET_IDENTITY_Ego *ego;
+};
+
+
+struct RequestHandle
+{
+ /**
+ * Ego list
+ */
+ struct EgoEntry *ego_head;
+
+ /**
+ * Ego list
+ */
+ struct EgoEntry *ego_tail;
+
+ /**
+ * Selected ego
+ */
+ struct EgoEntry *ego_entry;
+
+ /**
+ * Pointer to ego private key
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key;
+
+ /**
+ * OIDC variables
+ */
+ struct OIDC_Variables *oidc;
+
+ /**
+ * The processing state
+ */
+ int state;
+
+ /**
+ * Handle to Identity service.
+ */
+ struct GNUNET_IDENTITY_Handle *identity_handle;
+
+ /**
+ * Rest connection
+ */
+ struct GNUNET_REST_RequestHandle *rest_handle;
+
+ /**
+ * GNS handle
+ */
+ struct GNUNET_GNS_Handle *gns_handle;
+
+ /**
+ * GNS lookup op
+ */
+ struct GNUNET_GNS_LookupRequest *gns_op;
+
+ /**
+ * Handle to NAMESTORE
+ */
+ struct GNUNET_NAMESTORE_Handle *namestore_handle;
+
+ /**
+ * Iterator for NAMESTORE
+ */
+ struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it;
+
+ /**
+ * Attribute claim list
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
+
+ /**
+ * IDENTITY Operation
+ */
+ struct GNUNET_IDENTITY_Operation *op;
+
+ /**
+ * Identity Provider
+ */
+ struct GNUNET_RECLAIM_Handle *idp;
+
+ /**
+ * Idp Operation
+ */
+ struct GNUNET_RECLAIM_Operation *idp_op;
+
+ /**
+ * Attribute iterator
+ */
+ struct GNUNET_RECLAIM_AttributeIterator *attr_it;
+
+ /**
+ * Ticket iterator
+ */
+ struct GNUNET_RECLAIM_TicketIterator *ticket_it;
+
+ /**
+ * A ticket
+ */
+ struct GNUNET_RECLAIM_Ticket ticket;
+
+ /**
+ * Desired timeout for the lookup (default is no timeout).
+ */
+ struct GNUNET_TIME_Relative timeout;
+
+ /**
+ * ID of a task associated with the resolution process.
+ */
+ struct GNUNET_SCHEDULER_Task *timeout_task;
+
+ /**
+ * The plugin result processor
+ */
+ GNUNET_REST_ResultProcessor proc;
+
+ /**
+ * The closure of the result processor
+ */
+ void *proc_cls;
+
+ /**
+ * The url
+ */
+ char *url;
+
+ /**
+ * The tld for redirect
+ */
+ char *tld;
+
+ /**
+ * The redirect prefix
+ */
+ char *redirect_prefix;
+
+ /**
+ * The redirect suffix
+ */
+ char *redirect_suffix;
+
+ /**
+ * Error response message
+ */
+ char *emsg;
+
+ /**
+ * Error response description
+ */
+ char *edesc;
+
+ /**
+ * Reponse code
+ */
+ int response_code;
+
+ /**
+ * Response object
+ */
+ struct GNUNET_JSONAPI_Document *resp_object;
+
+};
+
+/**
+ * Cleanup lookup handle
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (struct RequestHandle *handle)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
+ struct EgoEntry *ego_entry;
+ struct EgoEntry *ego_tmp;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Cleaning up\n");
+ if (NULL != handle->resp_object)
+ GNUNET_JSONAPI_document_delete (handle->resp_object);
+ if (NULL != handle->timeout_task)
+ GNUNET_SCHEDULER_cancel (handle->timeout_task);
+ if (NULL != handle->identity_handle)
+ GNUNET_IDENTITY_disconnect (handle->identity_handle);
+ if (NULL != handle->attr_it)
+ GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
+ if (NULL != handle->ticket_it)
+ GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
+ if (NULL != handle->idp)
+ GNUNET_RECLAIM_disconnect (handle->idp);
+ if (NULL != handle->url)
+ GNUNET_free (handle->url);
+ if (NULL != handle->tld)
+ GNUNET_free (handle->tld);
+ if (NULL != handle->redirect_prefix)
+ GNUNET_free (handle->redirect_prefix);
+ if (NULL != handle->redirect_suffix)
+ GNUNET_free (handle->redirect_suffix);
+ if (NULL != handle->emsg)
+ GNUNET_free (handle->emsg);
+ if (NULL != handle->edesc)
+ GNUNET_free (handle->edesc);
+ if (NULL != handle->gns_op)
+ GNUNET_GNS_lookup_cancel (handle->gns_op);
+ if (NULL != handle->gns_handle)
+ GNUNET_GNS_disconnect (handle->gns_handle);
+
+ if (NULL != handle->namestore_handle)
+ GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
+ if (NULL != handle->oidc)
+ {
+ if (NULL != handle->oidc->client_id)
+ GNUNET_free(handle->oidc->client_id);
+ if (NULL != handle->oidc->login_identity)
+ GNUNET_free(handle->oidc->login_identity);
+ if (NULL != handle->oidc->nonce)
+ GNUNET_free(handle->oidc->nonce);
+ if (NULL != handle->oidc->redirect_uri)
+ GNUNET_free(handle->oidc->redirect_uri);
+ if (NULL != handle->oidc->response_type)
+ GNUNET_free(handle->oidc->response_type);
+ if (NULL != handle->oidc->scope)
+ GNUNET_free(handle->oidc->scope);
+ if (NULL != handle->oidc->state)
+ GNUNET_free(handle->oidc->state);
+ if (NULL != handle->oidc->response)
+ json_decref(handle->oidc->response);
+ GNUNET_free(handle->oidc);
+ }
+ if ( NULL != handle->attr_list )
+ {
+ for (claim_entry = handle->attr_list->list_head;
+ NULL != claim_entry;)
+ {
+ claim_tmp = claim_entry;
+ claim_entry = claim_entry->next;
+ GNUNET_free(claim_tmp->claim);
+ GNUNET_free(claim_tmp);
+ }
+ GNUNET_free (handle->attr_list);
+ }
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;)
+ {
+ ego_tmp = ego_entry;
+ ego_entry = ego_entry->next;
+ GNUNET_free (ego_tmp->identifier);
+ GNUNET_free (ego_tmp->keystring);
+ GNUNET_free (ego_tmp);
+ }
+ if (NULL != handle->attr_it)
+ {
+ GNUNET_free(handle->attr_it);
+ }
+ GNUNET_free (handle);
+}
+
+static void
+cleanup_handle_delayed (void *cls)
+{
+ cleanup_handle (cls);
+}
+
+
+/**
+ * Task run on error, sends error message. Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char *json_error;
+
+ GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\", \"error_description\" : \"%s\"%s%s%s}",
+ handle->emsg,
+ (NULL != handle->edesc) ? handle->edesc : "",
+ (NULL != handle->oidc->state) ? ", \"state\":\"" : "",
+ (NULL != handle->oidc->state) ? handle->oidc->state : "",
+ (NULL != handle->oidc->state) ? "\"" : "");
+ if ( 0 == handle->response_code )
+ {
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ }
+ resp = GNUNET_REST_create_response (json_error);
+ if (MHD_HTTP_UNAUTHORIZED == handle->response_code)
+ {
+ MHD_add_response_header(resp, "WWW-Authenticate", "Basic");
+ }
+ MHD_add_response_header (resp, "Content-Type", "application/json");
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (json_error);
+}
+
+
+/**
+ * Task run on error in userinfo endpoint, sends error header. Cleans up
+ * everything
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_userinfo_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char *error;
+
+ GNUNET_asprintf (&error, "error=\"%s\", error_description=\"%s\"",
+ handle->emsg,
+ (NULL != handle->edesc) ? handle->edesc : "");
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header(resp, "WWW-Authenticate", error);
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (error);
+}
+
+
+/**
+ * Task run on error, sends error message and redirects. Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_redirect_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char* redirect;
+ GNUNET_asprintf (&redirect,
+ "%s?error=%s&error_description=%s%s%s",
+ handle->oidc->redirect_uri, handle->emsg, handle->edesc,
+ (NULL != handle->oidc->state) ? "&state=" : "",
+ (NULL != handle->oidc->state) ? handle->oidc->state : "");
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (redirect);
+}
+
+/**
+ * Task run on timeout, sends error message. Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_timeout (void *cls)
+{
+ struct RequestHandle *handle = cls;
+
+ handle->timeout_task = NULL;
+ do_error (handle);
+}
+
+/**
+ * Return attributes for claim
+ *
+ * @param cls the request handle
+ */
+static void
+return_userinfo_response (void *cls)
+{
+ char* result_str;
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+
+ result_str = json_dumps (handle->oidc->response, 0);
+
+ resp = GNUNET_REST_create_response (result_str);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free (result_str);
+ cleanup_handle (handle);
+}
+
+/**
+ * Returns base64 encoded string without padding
+ *
+ * @param string the string to encode
+ * @return base64 encoded string
+ */
+static char*
+base_64_encode(const char *s)
+{
+ char *enc;
+ char *tmp;
+
+ GNUNET_STRINGS_base64_encode(s, strlen(s), &enc);
+ tmp = strrchr (enc, '=');
+ *tmp = '\0';
+ return enc;
+}
+
+/**
+ * Respond to OPTIONS request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ //For now, independent of path return all options
+ resp = GNUNET_REST_create_response (NULL);
+ MHD_add_response_header (resp,
+ "Access-Control-Allow-Methods",
+ allow_methods);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ cleanup_handle (handle);
+ return;
+}
+
+/**
+ * Interprets cookie header and pass its identity keystring to handle
+ */
+static void
+cookie_identity_interpretation (struct RequestHandle *handle)
+{
+ struct GNUNET_HashCode cache_key;
+ char *cookies;
+ struct GNUNET_TIME_Absolute current_time, *relog_time;
+ char delimiter[] = "; ";
+
+ //gets identity of login try with cookie
+ GNUNET_CRYPTO_hash (OIDC_COOKIE_HEADER_KEY, strlen (OIDC_COOKIE_HEADER_KEY),
+ &cache_key);
+ if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
+ &cache_key) )
+ {
+ //splits cookies and find 'Identity' cookie
+ cookies = GNUNET_CONTAINER_multihashmap_get ( handle->rest_handle->header_param_map, &cache_key);
+ handle->oidc->login_identity = strtok(cookies, delimiter);
+
+ while ( NULL != handle->oidc->login_identity )
+ {
+ if ( NULL != strstr (handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY) )
+ {
+ break;
+ }
+ handle->oidc->login_identity = strtok (NULL, delimiter);
+ }
+ GNUNET_CRYPTO_hash (handle->oidc->login_identity, strlen (handle->oidc->login_identity),
+ &cache_key);
+ if ( GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time, &cache_key) )
+ {
+ relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time,
+ &cache_key);
+ current_time = GNUNET_TIME_absolute_get ();
+ // 30 min after old login -> redirect to login
+ if ( current_time.abs_value_us <= relog_time->abs_value_us )
+ {
+ handle->oidc->login_identity = strtok(handle->oidc->login_identity, OIDC_COOKIE_HEADER_INFORMATION_KEY);
+ handle->oidc->login_identity = GNUNET_strdup(handle->oidc->login_identity);
+ } else {
+ handle->oidc->login_identity = NULL;
+ }
+ }
+ else
+ {
+ handle->oidc->login_identity = NULL;
+ }
+ }
+}
+
+/**
+ * Redirects to login page stored in configuration file
+ */
+static void
+login_redirection(void *cls)
+{
+ char *login_base_url;
+ char *new_redirect;
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ if ( GNUNET_OK
+ == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+ "address", &login_base_url) )
+ {
+ GNUNET_asprintf (&new_redirect, "%s?%s=%s&%s=%s&%s=%s&%s=%s&%s=%s&%s=%s",
+ login_base_url,
+ OIDC_RESPONSE_TYPE_KEY,
+ handle->oidc->response_type,
+ OIDC_CLIENT_ID_KEY,
+ handle->oidc->client_id,
+ OIDC_REDIRECT_URI_KEY,
+ handle->oidc->redirect_uri,
+ OIDC_SCOPE_KEY,
+ handle->oidc->scope,
+ OIDC_STATE_KEY,
+ (NULL != handle->oidc->state) ? handle->oidc->state : "",
+ OIDC_NONCE_KEY,
+ (NULL != handle->oidc->nonce) ? handle->oidc->nonce : "");
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", new_redirect);
+ GNUNET_free(login_base_url);
+ }
+ else
+ {
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_free(new_redirect);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+}
+
+/**
+ * Does internal server error when iteration failed.
+ */
+static void
+oidc_iteration_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ handle->emsg = GNUNET_strdup("INTERNAL_SERVER_ERROR");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+}
+
+static void
+get_client_name_result (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char *ticket_str;
+ char *redirect_uri;
+ char *code_json_string;
+ char *code_base64_final_string;
+
+ ticket_str = GNUNET_STRINGS_data_to_string_alloc (&handle->ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ //TODO change if more attributes are needed (see max_age)
+ code_json_string = OIDC_build_authz_code (&handle->priv_key,
+ &handle->ticket,
+ handle->oidc->nonce);
+ code_base64_final_string = base_64_encode(code_json_string);
+ GNUNET_asprintf (&redirect_uri, "%s.%s/%s?%s=%s&state=%s",
+ handle->redirect_prefix,
+ handle->tld,
+ handle->redirect_suffix,
+ handle->oidc->response_type,
+ code_base64_final_string, handle->oidc->state);
+ resp = GNUNET_REST_create_response ("");
+ MHD_add_response_header (resp, "Location", redirect_uri);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_FOUND);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (redirect_uri);
+ GNUNET_free (ticket_str);
+ GNUNET_free (code_json_string);
+ GNUNET_free (code_base64_final_string);
+ return;
+
+}
+
+
+static void
+get_client_name_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup("Server cannot generate ticket, no name found for client.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+}
+
+
+static void
+lookup_redirect_uri_result (void *cls,
+ uint32_t rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct RequestHandle *handle = cls;
+ char *tmp;
+ char *tmp_key_str;
+ char *pos;
+ struct GNUNET_CRYPTO_EcdsaPublicKey redirect_zone;
+
+ handle->gns_op = NULL;
+ if (0 == rd_count)
+ {
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ for (int i = 0; i < rd_count; i++)
+ {
+ if (GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT != rd[i].record_type)
+ continue;
+ if (0 != strcmp (rd[i].data,
+ handle->oidc->redirect_uri))
+ continue;
+ tmp = GNUNET_strdup (rd[i].data);
+ pos = strrchr (tmp,
+ (unsigned char) '.');
+ *pos = '\0';
+ handle->redirect_prefix = GNUNET_strdup (tmp);
+ tmp_key_str = pos + 1;
+ pos = strchr (tmp_key_str,
+ (unsigned char) '/');
+ *pos = '\0';
+ handle->redirect_suffix = GNUNET_strdup (pos + 1);
+
+ GNUNET_STRINGS_string_to_data (tmp_key_str,
+ strlen (tmp_key_str),
+ &redirect_zone,
+ sizeof (redirect_zone));
+
+ GNUNET_NAMESTORE_zone_to_name (handle->namestore_handle,
+ &handle->priv_key,
+ &redirect_zone,
+ &get_client_name_error,
+ handle,
+ &get_client_name_result,
+ handle);
+ GNUNET_free (tmp);
+ return;
+ }
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup("Server cannot generate ticket, redirect uri not found.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+}
+
+/**
+ * Issues ticket and redirects to relying party with the authorization code as
+ * parameter. Otherwise redirects with error
+ */
+static void
+oidc_ticket_issue_cb (void* cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+ struct RequestHandle *handle = cls;
+
+ handle->idp_op = NULL;
+ handle->ticket = *ticket;
+ if (NULL == ticket)
+ {
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup("Server cannot generate ticket.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ handle->gns_op = GNUNET_GNS_lookup (handle->gns_handle,
+ "+",
+ &handle->oidc->client_pkey,
+ GNUNET_GNSRECORD_TYPE_RECLAIM_OIDC_REDIRECT,
+ GNUNET_GNS_LO_DEFAULT,
+ &lookup_redirect_uri_result,
+ handle);
+
+}
+
+static void
+oidc_collect_finished_cb (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ handle->attr_it = NULL;
+ handle->ticket_it = NULL;
+ if (NULL == handle->attr_list->list_head)
+ {
+ handle->emsg = GNUNET_strdup("invalid_scope");
+ handle->edesc = GNUNET_strdup("The requested scope is not available.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ handle->idp_op = GNUNET_RECLAIM_ticket_issue (handle->idp,
+ &handle->priv_key,
+ &handle->oidc->client_pkey,
+ handle->attr_list,
+ &oidc_ticket_issue_cb,
+ handle);
+}
+
+
+/**
+ * Collects all attributes for an ego if in scope parameter
+ */
+static void
+oidc_attr_collect (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ char* scope_variables;
+ char* scope_variable;
+ char delimiter[]=" ";
+
+ if ( (NULL == attr->name) || (NULL == attr->data) )
+ {
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+ return;
+ }
+
+ scope_variables = GNUNET_strdup(handle->oidc->scope);
+ scope_variable = strtok (scope_variables, delimiter);
+ while (NULL != scope_variable)
+ {
+ if ( 0 == strcmp (attr->name, scope_variable) )
+ {
+ break;
+ }
+ scope_variable = strtok (NULL, delimiter);
+ }
+ if ( NULL == scope_variable )
+ {
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+ GNUNET_free(scope_variables);
+ return;
+ }
+ GNUNET_free(scope_variables);
+
+ le = GNUNET_new(struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry);
+ le->claim = GNUNET_RECLAIM_ATTRIBUTE_claim_new (attr->name, attr->type,
+ attr->data, attr->data_size);
+ GNUNET_CONTAINER_DLL_insert(handle->attr_list->list_head,
+ handle->attr_list->list_tail, le);
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+}
+
+
+/**
+ * Checks time and cookie and redirects accordingly
+ */
+static void
+login_check (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_TIME_Absolute current_time, *relog_time;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pubkey, ego_pkey;
+ struct GNUNET_HashCode cache_key;
+ char *identity_cookie;
+
+ GNUNET_asprintf (&identity_cookie, "Identity=%s", handle->oidc->login_identity);
+ GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
+ GNUNET_free(identity_cookie);
+ //No login time for identity -> redirect to login
+ if ( GNUNET_YES
+ == GNUNET_CONTAINER_multihashmap_contains (OIDC_identity_login_time,
+ &cache_key) )
+ {
+ relog_time = GNUNET_CONTAINER_multihashmap_get (OIDC_identity_login_time,
+ &cache_key);
+ current_time = GNUNET_TIME_absolute_get ();
+ // 30 min after old login -> redirect to login
+ if ( current_time.abs_value_us <= relog_time->abs_value_us )
+ {
+ if ( GNUNET_OK
+ != GNUNET_CRYPTO_ecdsa_public_key_from_string (
+ handle->oidc->login_identity,
+ strlen (handle->oidc->login_identity), &pubkey) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_cookie");
+ handle->edesc = GNUNET_strdup(
+ "The cookie of a login identity is not valid");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ // iterate over egos and compare their public key
+ for (handle->ego_entry = handle->ego_head;
+ NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
+ {
+ GNUNET_IDENTITY_ego_get_public_key (handle->ego_entry->ego, &ego_pkey);
+ if ( 0
+ == memcmp (&ego_pkey, &pubkey,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ {
+ handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (
+ handle->ego_entry->ego);
+ handle->resp_object = GNUNET_JSONAPI_document_new ();
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->attr_list = GNUNET_new(
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ handle->attr_it = GNUNET_RECLAIM_get_attributes_start (
+ handle->idp, &handle->priv_key, &oidc_iteration_error, handle,
+ &oidc_attr_collect, handle, &oidc_collect_finished_cb, handle);
+ return;
+ }
+ }
+ //handle->emsg = GNUNET_strdup("invalid_cookie");
+ //handle->edesc = GNUNET_strdup(
+ // "The cookie of the login identity is not valid");
+ //GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ GNUNET_SCHEDULER_add_now (&login_redirection,handle);
+ return;
+ }
+ }
+}
+
+/**
+ * Iteration over all results finished, build final
+ * response.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+build_authz_response (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode cache_key;
+
+ char *expected_scope;
+ char delimiter[]=" ";
+ int number_of_ignored_parameter, iterator;
+
+
+ // REQUIRED value: redirect_uri
+ GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
+ &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter redirect_uri");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->oidc->redirect_uri = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key));
+
+ // REQUIRED value: response_type
+ GNUNET_CRYPTO_hash (OIDC_RESPONSE_TYPE_KEY, strlen (OIDC_RESPONSE_TYPE_KEY),
+ &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter response_type");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ handle->oidc->response_type = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key);
+ handle->oidc->response_type = GNUNET_strdup (handle->oidc->response_type);
+
+ // REQUIRED value: scope
+ GNUNET_CRYPTO_hash (OIDC_SCOPE_KEY, strlen (OIDC_SCOPE_KEY), &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter scope");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ handle->oidc->scope = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key);
+ handle->oidc->scope = GNUNET_strdup(handle->oidc->scope);
+
+ //OPTIONAL value: nonce
+ GNUNET_CRYPTO_hash (OIDC_NONCE_KEY, strlen (OIDC_NONCE_KEY), &cache_key);
+ if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->oidc->nonce = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key);
+ handle->oidc->nonce = GNUNET_strdup (handle->oidc->nonce);
+ }
+
+ //TODO check other values if needed
+ number_of_ignored_parameter = sizeof(OIDC_ignored_parameter_array) / sizeof(char *);
+ for( iterator = 0; iterator < number_of_ignored_parameter; iterator++ )
+ {
+ GNUNET_CRYPTO_hash (OIDC_ignored_parameter_array[iterator],
+ strlen(OIDC_ignored_parameter_array[iterator]),
+ &cache_key);
+ if(GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains(handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg=GNUNET_strdup("access_denied");
+ GNUNET_asprintf (&handle->edesc, "Server will not handle parameter: %s",
+ OIDC_ignored_parameter_array[iterator]);
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+ }
+
+ // Checks if response_type is 'code'
+ if( 0 != strcmp( handle->oidc->response_type, OIDC_EXPECTED_AUTHORIZATION_RESPONSE_TYPE ) )
+ {
+ handle->emsg=GNUNET_strdup("unsupported_response_type");
+ handle->edesc=GNUNET_strdup("The authorization server does not support "
+ "obtaining this authorization code.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ return;
+ }
+
+ // Checks if scope contains 'openid'
+ expected_scope = GNUNET_strdup(handle->oidc->scope);
+ char* test;
+ test = strtok (expected_scope, delimiter);
+ while (NULL != test)
+ {
+ if ( 0 == strcmp (OIDC_EXPECTED_AUTHORIZATION_SCOPE, expected_scope) )
+ {
+ break;
+ }
+ test = strtok (NULL, delimiter);
+ }
+ if (NULL == test)
+ {
+ handle->emsg = GNUNET_strdup("invalid_scope");
+ handle->edesc=GNUNET_strdup("The requested scope is invalid, unknown, or "
+ "malformed.");
+ GNUNET_SCHEDULER_add_now (&do_redirect_error, handle);
+ GNUNET_free(expected_scope);
+ return;
+ }
+
+ GNUNET_free(expected_scope);
+
+ if( NULL != handle->oidc->login_identity )
+ {
+ GNUNET_SCHEDULER_add_now(&login_check,handle);
+ return;
+ }
+
+ GNUNET_SCHEDULER_add_now(&login_redirection,handle);
+}
+
+/**
+ * Responds to authorization GET and url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+authorize_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode cache_key;
+ struct EgoEntry *tmp_ego;
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+
+ cookie_identity_interpretation(handle);
+
+ //RECOMMENDED value: state - REQUIRED for answers
+ GNUNET_CRYPTO_hash (OIDC_STATE_KEY, strlen (OIDC_STATE_KEY), &cache_key);
+ if (GNUNET_YES == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->oidc->state = GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key);
+ handle->oidc->state = GNUNET_strdup (handle->oidc->state);
+ }
+
+ // REQUIRED value: client_id
+ GNUNET_CRYPTO_hash (OIDC_CLIENT_ID_KEY, strlen (OIDC_CLIENT_ID_KEY),
+ &cache_key);
+ if (GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg=GNUNET_strdup("invalid_request");
+ handle->edesc=GNUNET_strdup("missing parameter client_id");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->oidc->client_id = GNUNET_strdup (GNUNET_CONTAINER_multihashmap_get(handle->rest_handle->url_param_map,
+ &cache_key));
+
+ if ( GNUNET_OK
+ != GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->oidc->client_id,
+ strlen (handle->oidc->client_id),
+ &handle->oidc->client_pkey) )
+ {
+ handle->emsg = GNUNET_strdup("unauthorized_client");
+ handle->edesc = GNUNET_strdup("The client is not authorized to request an "
+ "authorization code using this method.");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+
+ if ( NULL == handle->ego_head )
+ {
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup ("Egos are missing");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ handle->ego_entry = handle->ego_head;
+ handle->priv_key = *GNUNET_IDENTITY_ego_get_private_key (handle->ego_head->ego);
+ //If we know this identity, translated the corresponding TLD
+ //TODO: We might want to have a reverse lookup functionality for TLDs?
+ for (tmp_ego = handle->ego_head; NULL != tmp_ego; tmp_ego = tmp_ego->next)
+ {
+ priv_key = GNUNET_IDENTITY_ego_get_private_key (tmp_ego->ego);
+ GNUNET_CRYPTO_ecdsa_key_get_public (priv_key,
+ &pkey);
+ if ( 0 == memcmp (&pkey, &handle->oidc->client_pkey,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)) )
+ {
+ handle->tld = GNUNET_strdup (tmp_ego->identifier);
+ handle->ego_entry = handle->ego_tail;
+ }
+ }
+ GNUNET_SCHEDULER_add_now (&build_authz_response, handle);
+}
+
+/**
+ * Combines an identity with a login time and responds OK to login request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+login_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct MHD_Response *resp = GNUNET_REST_create_response ("");
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode cache_key;
+ struct GNUNET_TIME_Absolute *current_time;
+ struct GNUNET_TIME_Absolute *last_time;
+ char* cookie;
+ json_t *root;
+ json_error_t error;
+ json_t *identity;
+ char term_data[handle->rest_handle->data_size+1];
+ term_data[handle->rest_handle->data_size] = '\0';
+ GNUNET_memcpy (term_data, handle->rest_handle->data, handle->rest_handle->data_size);
+ root = json_loads (term_data, JSON_DECODE_ANY, &error);
+ identity = json_object_get (root, "identity");
+ if ( json_is_string(identity) )
+ {
+ GNUNET_asprintf (&cookie, "Identity=%s", json_string_value (identity));
+ MHD_add_response_header (resp, "Set-Cookie", cookie);
+ MHD_add_response_header (resp, "Access-Control-Allow-Methods", "POST");
+ GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
+
+ current_time = GNUNET_new(struct GNUNET_TIME_Absolute);
+ *current_time = GNUNET_TIME_relative_to_absolute (
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_relative_get_second_ (),
+ 5));
+ last_time = GNUNET_CONTAINER_multihashmap_get(OIDC_identity_login_time, &cache_key);
+ if (NULL != last_time)
+ {
+ GNUNET_free(last_time);
+ }
+ GNUNET_CONTAINER_multihashmap_put (
+ OIDC_identity_login_time, &cache_key, current_time,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free(cookie);
+ }
+ else
+ {
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_BAD_REQUEST);
+ }
+ json_decref (root);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ return;
+}
+
+static int
+check_authorization (struct RequestHandle *handle,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+{
+ struct GNUNET_HashCode cache_key;
+ char *authorization;
+ char *credentials;
+ char *basic_authorization;
+ char *client_id;
+ char *pass;
+ char *expected_pass;
+ int client_exists = GNUNET_NO;
+
+ GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
+ strlen (OIDC_AUTHORIZATION_HEADER_KEY),
+ &cache_key);
+ if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->header_param_map,
+ &cache_key) )
+ {
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->edesc=GNUNET_strdup("missing authorization");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ authorization = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->header_param_map,
+ &cache_key);
+
+ //split header in "Basic" and [content]
+ credentials = strtok (authorization, " ");
+ if (0 != strcmp ("Basic", credentials))
+ {
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ credentials = strtok(NULL, " ");
+ if (NULL == credentials)
+ {
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ GNUNET_STRINGS_base64_decode (credentials,
+ strlen (credentials),
+ (void**)&basic_authorization);
+
+ if ( NULL == basic_authorization )
+ {
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ client_id = strtok (basic_authorization, ":");
+ if ( NULL == client_id )
+ {
+ GNUNET_free_non_null(basic_authorization);
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ pass = strtok (NULL, ":");
+ if (NULL == pass)
+ {
+ GNUNET_free_non_null(basic_authorization);
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+
+ //check client password
+ if ( GNUNET_OK
+ == GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+ "psw", &expected_pass) )
+ {
+ if (0 != strcmp (expected_pass, pass))
+ {
+ GNUNET_free_non_null(basic_authorization);
+ GNUNET_free(expected_pass);
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ GNUNET_free(expected_pass);
+ }
+ else
+ {
+ GNUNET_free_non_null(basic_authorization);
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ return GNUNET_SYSERR;
+ }
+
+ //check client_id
+ for (handle->ego_entry = handle->ego_head; NULL != handle->ego_entry->next; )
+ {
+ if ( 0 == strcmp(handle->ego_entry->keystring, client_id))
+ {
+ client_exists = GNUNET_YES;
+ break;
+ }
+ handle->ego_entry = handle->ego_entry->next;
+ }
+ if (GNUNET_NO == client_exists)
+ {
+ GNUNET_free_non_null(basic_authorization);
+ handle->emsg=GNUNET_strdup("invalid_client");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ return GNUNET_SYSERR;
+ }
+ GNUNET_STRINGS_string_to_data (client_id,
+ strlen(client_id),
+ cid,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+
+ GNUNET_free (basic_authorization);
+ return GNUNET_OK;
+}
+
+static int
+ego_exists (struct RequestHandle *handle,
+ struct GNUNET_CRYPTO_EcdsaPublicKey *test_key)
+{
+ struct EgoEntry *ego_entry;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
+
+ for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next)
+ {
+ GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego, &pub_key);
+ if (0 == memcmp (&pub_key,
+ test_key,
+ sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ {
+ break;
+ }
+ }
+ if (NULL == ego_entry)
+ return GNUNET_NO;
+ return GNUNET_YES;
+}
+
+static void
+store_ticket_reference (const struct RequestHandle *handle,
+ const char* access_token,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *cid)
+{
+ struct GNUNET_HashCode cache_key;
+ char *id_ticket_combination;
+ char *ticket_string;
+ char *client_id;
+
+ GNUNET_CRYPTO_hash(access_token, strlen(access_token), &cache_key);
+ client_id = GNUNET_STRINGS_data_to_string_alloc (cid,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ ticket_string = GNUNET_STRINGS_data_to_string_alloc (ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ GNUNET_asprintf(&id_ticket_combination,
+ "%s;%s",
+ client_id,
+ ticket_string);
+ GNUNET_CONTAINER_multihashmap_put(OIDC_interpret_access_token,
+ &cache_key,
+ id_ticket_combination,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
+
+ GNUNET_free (client_id);
+ GNUNET_free (ticket_string);
+}
+
+/**
+ * Responds to token url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+token_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_TIME_Relative expiration_time;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *cl;
+ struct GNUNET_RECLAIM_Ticket *ticket;
+ struct GNUNET_CRYPTO_EcdsaPublicKey cid;
+ struct GNUNET_HashCode cache_key;
+ struct MHD_Response *resp;
+ char *grant_type;
+ char *code;
+ char *json_response;
+ char *id_token;
+ char *access_token;
+ char *jwt_secret;
+ char *nonce;
+ int i = 1;
+
+ /*
+ * Check Authorization
+ */
+ if (GNUNET_SYSERR == check_authorization (handle,
+ &cid))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "OIDC authorization for token endpoint failed\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ /*
+ * Check parameter
+ */
+
+ //TODO Do not allow multiple equal parameter names
+ //REQUIRED grant_type
+ GNUNET_CRYPTO_hash (OIDC_GRANT_TYPE_KEY, strlen (OIDC_GRANT_TYPE_KEY), &cache_key);
+ if (GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("missing parameter grant_type");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ grant_type = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
+ &cache_key);
+
+ //REQUIRED code
+ GNUNET_CRYPTO_hash (OIDC_CODE_KEY, strlen (OIDC_CODE_KEY), &cache_key);
+ if (GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key))
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("missing parameter code");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ code = GNUNET_CONTAINER_multihashmap_get (handle->rest_handle->url_param_map,
+ &cache_key);
+
+ //REQUIRED redirect_uri
+ GNUNET_CRYPTO_hash (OIDC_REDIRECT_URI_KEY, strlen (OIDC_REDIRECT_URI_KEY),
+ &cache_key);
+ if (GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains (handle->rest_handle->url_param_map,
+ &cache_key) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("missing parameter redirect_uri");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ //Check parameter grant_type == "authorization_code"
+ if (0 != strcmp(OIDC_GRANT_TYPE_VALUE, grant_type))
+ {
+ handle->emsg=GNUNET_strdup("unsupported_grant_type");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ GNUNET_CRYPTO_hash (code, strlen (code), &cache_key);
+ if (GNUNET_SYSERR ==
+ GNUNET_CONTAINER_multihashmap_put (OIDC_ticket_once,
+ &cache_key,
+ &i,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("Cannot use the same code more than once");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ //decode code
+ if(GNUNET_OK != OIDC_parse_authz_code (&cid,
+ code,
+ &ticket,
+ &nonce))
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("invalid code");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ //create jwt
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_time(cfg,
+ "reclaim-rest-plugin",
+ "expiration_time",
+ &expiration_time))
+ {
+ handle->emsg = GNUNET_strdup("server_error");
+ handle->edesc = GNUNET_strdup ("gnunet configuration failed");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_free(ticket);
+ return;
+ }
+
+
+ //TODO OPTIONAL acr,amr,azp
+ if (GNUNET_NO == ego_exists (handle,
+ &ticket->audience))
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("invalid code...");
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_free(ticket);
+ }
+ if ( GNUNET_OK
+ != GNUNET_CONFIGURATION_get_value_string (cfg, "reclaim-rest-plugin",
+ "jwt_secret", &jwt_secret) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_request");
+ handle->edesc = GNUNET_strdup("No signing secret configured!");
+ handle->response_code = MHD_HTTP_INTERNAL_SERVER_ERROR;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ GNUNET_free(ticket);
+ return;
+ }
+ //TODO We should collect the attributes here. cl always empty
+ cl = GNUNET_new (struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList);
+ id_token = OIDC_id_token_new (&ticket->audience,
+ &ticket->identity,
+ cl,
+ &expiration_time,
+ (NULL != nonce) ? nonce : NULL,
+ jwt_secret);
+ access_token = OIDC_access_token_new ();
+ OIDC_build_token_response (access_token,
+ id_token,
+ &expiration_time,
+ &json_response);
+
+ store_ticket_reference (handle,
+ access_token,
+ ticket,
+ &cid);
+ resp = GNUNET_REST_create_response (json_response);
+ MHD_add_response_header (resp, "Cache-Control", "no-store");
+ MHD_add_response_header (resp, "Pragma", "no-cache");
+ MHD_add_response_header (resp, "Content-Type", "application/json");
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy(cl);
+ GNUNET_free(access_token);
+ GNUNET_free(json_response);
+ GNUNET_free(ticket);
+ GNUNET_free(id_token);
+ GNUNET_SCHEDULER_add_now(&cleanup_handle_delayed, handle);
+}
+
+/**
+ * Collects claims and stores them in handle
+ */
+static void
+consume_ticket (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ struct RequestHandle *handle = cls;
+ char *tmp_value;
+ json_t *value;
+
+ if (NULL == identity)
+ {
+ GNUNET_SCHEDULER_add_now (&return_userinfo_response, handle);
+ return;
+ }
+
+ tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+ attr->data,
+ attr->data_size);
+
+ value = json_string (tmp_value);
+
+
+ json_object_set_new (handle->oidc->response,
+ attr->name,
+ value);
+ GNUNET_free (tmp_value);
+}
+
+/**
+ * Responds to userinfo GET and url-encoded POST request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+userinfo_endpoint (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url, void *cls)
+{
+ //TODO expiration time
+ struct RequestHandle *handle = cls;
+ char delimiter[] = " ";
+ char delimiter_db[] = ";";
+ struct GNUNET_HashCode cache_key;
+ char *authorization, *authorization_type, *authorization_access_token;
+ char *client_ticket, *client, *ticket_str;
+ struct GNUNET_RECLAIM_Ticket *ticket;
+
+ GNUNET_CRYPTO_hash (OIDC_AUTHORIZATION_HEADER_KEY,
+ strlen (OIDC_AUTHORIZATION_HEADER_KEY),
+ &cache_key);
+ if ( GNUNET_NO
+ == GNUNET_CONTAINER_multihashmap_contains (
+ handle->rest_handle->header_param_map, &cache_key) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("No Access Token");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ return;
+ }
+ authorization = GNUNET_CONTAINER_multihashmap_get (
+ handle->rest_handle->header_param_map, &cache_key);
+
+ //split header in "Bearer" and access_token
+ authorization = GNUNET_strdup(authorization);
+ authorization_type = strtok (authorization, delimiter);
+ if ( 0 != strcmp ("Bearer", authorization_type) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("No Access Token");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ return;
+ }
+ authorization_access_token = strtok (NULL, delimiter);
+ if ( NULL == authorization_access_token )
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("No Access Token");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ return;
+ }
+
+ GNUNET_CRYPTO_hash (authorization_access_token,
+ strlen (authorization_access_token),
+ &cache_key);
+ if ( GNUNET_NO == GNUNET_CONTAINER_multihashmap_contains (OIDC_interpret_access_token,
+ &cache_key) )
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("The Access Token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ return;
+ }
+
+ client_ticket = GNUNET_CONTAINER_multihashmap_get(OIDC_interpret_access_token,
+ &cache_key);
+ client_ticket = GNUNET_strdup(client_ticket);
+ client = strtok(client_ticket,delimiter_db);
+ if (NULL == client)
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("The Access Token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
+ return;
+ }
+ handle->ego_entry = handle->ego_head;
+ for(; NULL != handle->ego_entry; handle->ego_entry = handle->ego_entry->next)
+ {
+ if (0 == strcmp(handle->ego_entry->keystring,client))
+ {
+ break;
+ }
+ }
+ if (NULL == handle->ego_entry)
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("The Access Token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
+ return;
+ }
+ ticket_str = strtok(NULL, delimiter_db);
+ if (NULL == ticket_str)
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("The Access Token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
+ return;
+ }
+ ticket = GNUNET_new(struct GNUNET_RECLAIM_Ticket);
+ if ( GNUNET_OK
+ != GNUNET_STRINGS_string_to_data (ticket_str,
+ strlen (ticket_str),
+ ticket,
+ sizeof(struct GNUNET_RECLAIM_Ticket)))
+ {
+ handle->emsg = GNUNET_strdup("invalid_token");
+ handle->edesc = GNUNET_strdup("The Access Token expired");
+ handle->response_code = MHD_HTTP_UNAUTHORIZED;
+ GNUNET_SCHEDULER_add_now (&do_userinfo_error, handle);
+ GNUNET_free(ticket);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
+ return;
+ }
+
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->oidc->response = json_object();
+ json_object_set_new( handle->oidc->response, "sub", json_string( handle->ego_entry->keystring));
+ handle->idp_op = GNUNET_RECLAIM_ticket_consume (
+ handle->idp,
+ GNUNET_IDENTITY_ego_get_private_key (handle->ego_entry->ego),
+ ticket,
+ consume_ticket,
+ handle);
+ GNUNET_free(ticket);
+ GNUNET_free(authorization);
+ GNUNET_free(client_ticket);
+
+}
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the request handle
+ */
+static void
+init_cont (struct RequestHandle *handle)
+{
+ struct GNUNET_REST_RequestHandlerError err;
+ static const struct GNUNET_REST_RequestHandler handlers[] = {
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_AUTHORIZE, &authorize_endpoint}, //url-encoded
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_LOGIN, &login_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_TOKEN, &token_endpoint },
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_USERINFO, &userinfo_endpoint },
+ {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_OIDC,
+ &options_cont},
+ GNUNET_REST_HANDLER_END
+ };
+
+ if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle,
+ handlers,
+ &err,
+ handle))
+ {
+ handle->response_code = err.error_code;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ }
+}
+
+/**
+ * If listing is enabled, prints information about the egos.
+ *
+ * This function is initially called for all egos and then again
+ * whenever a ego's identifier changes or if it is deleted. At the
+ * end of the initial pass over all egos, the function is once called
+ * with 'NULL' for 'ego'. That does NOT mean that the callback won't
+ * be invoked in the future or that there was an error.
+ *
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
+ * this function is only called ONCE, and 'NULL' being passed in
+ * 'ego' does indicate an error (i.e. name is taken or no default
+ * value is known). If 'ego' is non-NULL and if '*ctx'
+ * is set in those callbacks, the value WILL be passed to a subsequent
+ * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
+ * that one was not NULL).
+ *
+ * When an identity is renamed, this function is called with the
+ * (known) ego but the NEW identifier.
+ *
+ * When an identity is deleted, this function is called with the
+ * (known) ego and "NULL" for the 'identifier'. In this case,
+ * the 'ego' is henceforth invalid (and the 'ctx' should also be
+ * cleaned up).
+ *
+ * @param cls closure
+ * @param ego ego handle
+ * @param ctx context for application to store data for this ego
+ * (during the lifetime of this process, initially NULL)
+ * @param identifier identifier assigned by the user for this ego,
+ * NULL if the user just deleted the ego and it
+ * must thus no longer be used
+ */
+static void
+list_ego (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *identifier)
+{
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+
+ if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
+ {
+ handle->state = ID_REST_STATE_POST_INIT;
+ init_cont (handle);
+ return;
+ }
+ if (ID_REST_STATE_INIT == handle->state) {
+ ego_entry = GNUNET_new (struct EgoEntry);
+ GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
+ ego_entry->keystring =
+ GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+ ego_entry->ego = ego;
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
+ return;
+ }
+ /* Ego renamed or added */
+ if (identifier != NULL) {
+ for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) {
+ if (ego_entry->ego == ego) {
+ /* Rename */
+ GNUNET_free (ego_entry->identifier);
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ break;
+ }
+ }
+ if (NULL == ego_entry) {
+ /* Add */
+ ego_entry = GNUNET_new (struct EgoEntry);
+ GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
+ ego_entry->keystring =
+ GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+ ego_entry->ego = ego;
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
+ }
+ } else {
+ /* Delete */
+ for (ego_entry = handle->ego_head; NULL != ego_entry; ego_entry = ego_entry->next) {
+ if (ego_entry->ego == ego)
+ break;
+ }
+ if (NULL != ego_entry)
+ GNUNET_CONTAINER_DLL_remove(handle->ego_head,handle->ego_tail, ego_entry);
+ }
+
+}
+
+static void
+rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
+ GNUNET_REST_ResultProcessor proc,
+ void *proc_cls)
+{
+ struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+ handle->oidc = GNUNET_new (struct OIDC_Variables);
+ if ( NULL == OIDC_identity_login_time )
+ OIDC_identity_login_time = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
+ if ( NULL == OIDC_identity_grants )
+ OIDC_identity_grants = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
+ if ( NULL == OIDC_ticket_once )
+ OIDC_ticket_once = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
+ if ( NULL == OIDC_interpret_access_token )
+ OIDC_interpret_access_token = GNUNET_CONTAINER_multihashmap_create (10, GNUNET_NO);
+ handle->response_code = 0;
+ handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
+ handle->proc_cls = proc_cls;
+ handle->proc = proc;
+ handle->state = ID_REST_STATE_INIT;
+ handle->rest_handle = rest_handle;
+
+ handle->url = GNUNET_strdup (rest_handle->url);
+ if (handle->url[strlen (handle->url)-1] == '/')
+ handle->url[strlen (handle->url)-1] = '\0';
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connecting...\n");
+ handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
+ &list_ego,
+ handle);
+ handle->gns_handle = GNUNET_GNS_connect (cfg);
+ handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
+ handle->timeout_task =
+ GNUNET_SCHEDULER_add_delayed (handle->timeout,
+ &do_timeout,
+ handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connected\n");
+}
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls Config info
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_openid_connect_init (void *cls)
+{
+ static struct Plugin plugin;
+ struct GNUNET_REST_Plugin *api;
+
+ cfg = cls;
+ if (NULL != plugin.cfg)
+ return NULL; /* can only initialize once! */
+ memset (&plugin, 0, sizeof (struct Plugin));
+ plugin.cfg = cfg;
+ api = GNUNET_new (struct GNUNET_REST_Plugin);
+ api->cls = &plugin;
+ api->name = GNUNET_REST_API_NS_OIDC;
+ api->process_request = &rest_identity_process_request;
+ GNUNET_asprintf (&allow_methods,
+ "%s, %s, %s, %s, %s",
+ MHD_HTTP_METHOD_GET,
+ MHD_HTTP_METHOD_POST,
+ MHD_HTTP_METHOD_PUT,
+ MHD_HTTP_METHOD_DELETE,
+ MHD_HTTP_METHOD_OPTIONS);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ _("Identity Provider REST API initialized\n"));
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_openid_connect_done (void *cls)
+{
+ struct GNUNET_REST_Plugin *api = cls;
+ struct Plugin *plugin = api->cls;
+ plugin->cfg = NULL;
+
+ struct GNUNET_CONTAINER_MultiHashMapIterator *hashmap_it;
+ void *value = NULL;
+ hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (
+ OIDC_identity_login_time);
+ while (GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
+ {
+ if (NULL != value)
+ GNUNET_free(value);
+ }
+ GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_login_time);
+ hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_identity_grants);
+ while (GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
+ {
+ if (NULL != value)
+ GNUNET_free(value);
+ }
+ GNUNET_CONTAINER_multihashmap_destroy(OIDC_identity_grants);
+ hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_ticket_once);
+ while (GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
+ {
+ if (NULL != value)
+ GNUNET_free(value);
+ }
+ GNUNET_CONTAINER_multihashmap_destroy(OIDC_ticket_once);
+ hashmap_it = GNUNET_CONTAINER_multihashmap_iterator_create (OIDC_interpret_access_token);
+ while (GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_iterator_next (hashmap_it, NULL, value))
+ {
+ if (NULL != value)
+ GNUNET_free(value);
+ }
+ GNUNET_CONTAINER_multihashmap_destroy(OIDC_interpret_access_token);
+ GNUNET_CONTAINER_multihashmap_iterator_destroy(hashmap_it);
+ GNUNET_free_non_null (allow_methods);
+ GNUNET_free (api);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Identity Provider REST plugin is finished\n");
+ return NULL;
+}
+
+/* end of plugin_rest_identity_provider.c */
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2015 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @author Philippe Buschmann
+ * @file reclaim/plugin_rest_reclaim.c
+ * @brief GNUnet reclaim REST plugin
+ *
+ */
+
+#include "platform.h"
+#include "gnunet_rest_plugin.h"
+#include "gnunet_identity_service.h"
+#include "gnunet_gns_service.h"
+#include "gnunet_gnsrecord_lib.h"
+#include "gnunet_namestore_service.h"
+#include "gnunet_rest_lib.h"
+#include "gnunet_jsonapi_lib.h"
+#include "gnunet_jsonapi_util.h"
+#include "microhttpd.h"
+#include <jansson.h>
+#include <inttypes.h>
+#include "gnunet_signatures.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "gnunet_reclaim_service.h"
+
+/**
+ * REST root namespace
+ */
+#define GNUNET_REST_API_NS_RECLAIM "/reclaim"
+
+/**
+ * Attribute namespace
+ */
+#define GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES "/reclaim/attributes"
+
+/**
+ * Ticket namespace
+ */
+#define GNUNET_REST_API_NS_IDENTITY_TICKETS "/reclaim/tickets"
+
+/**
+ * Revoke namespace
+ */
+#define GNUNET_REST_API_NS_IDENTITY_REVOKE "/reclaim/revoke"
+
+/**
+ * Revoke namespace
+ */
+#define GNUNET_REST_API_NS_IDENTITY_CONSUME "/reclaim/consume"
+
+/**
+ * Attribute key
+ */
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE "attribute"
+
+/**
+ * Ticket key
+ */
+#define GNUNET_REST_JSONAPI_IDENTITY_TICKET "ticket"
+
+
+/**
+ * Value key
+ */
+#define GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE_VALUE "value"
+
+/**
+ * State while collecting all egos
+ */
+#define ID_REST_STATE_INIT 0
+
+/**
+ * Done collecting egos
+ */
+#define ID_REST_STATE_POST_INIT 1
+
+/**
+ * The configuration handle
+ */
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * HTTP methods allows for this plugin
+ */
+static char* allow_methods;
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+ const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+/**
+ * The ego list
+ */
+struct EgoEntry
+{
+ /**
+ * DLL
+ */
+ struct EgoEntry *next;
+
+ /**
+ * DLL
+ */
+ struct EgoEntry *prev;
+
+ /**
+ * Ego Identifier
+ */
+ char *identifier;
+
+ /**
+ * Public key string
+ */
+ char *keystring;
+
+ /**
+ * The Ego
+ */
+ struct GNUNET_IDENTITY_Ego *ego;
+};
+
+
+struct RequestHandle
+{
+ /**
+ * Ego list
+ */
+ struct EgoEntry *ego_head;
+
+ /**
+ * Ego list
+ */
+ struct EgoEntry *ego_tail;
+
+ /**
+ * Selected ego
+ */
+ struct EgoEntry *ego_entry;
+
+ /**
+ * Pointer to ego private key
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey priv_key;
+
+ /**
+ * The processing state
+ */
+ int state;
+
+ /**
+ * Handle to Identity service.
+ */
+ struct GNUNET_IDENTITY_Handle *identity_handle;
+
+ /**
+ * Rest connection
+ */
+ struct GNUNET_REST_RequestHandle *rest_handle;
+
+ /**
+ * Handle to NAMESTORE
+ */
+ struct GNUNET_NAMESTORE_Handle *namestore_handle;
+
+ /**
+ * Iterator for NAMESTORE
+ */
+ struct GNUNET_NAMESTORE_ZoneIterator *namestore_handle_it;
+
+ /**
+ * Attribute claim list
+ */
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attr_list;
+
+ /**
+ * IDENTITY Operation
+ */
+ struct GNUNET_IDENTITY_Operation *op;
+
+ /**
+ * Identity Provider
+ */
+ struct GNUNET_RECLAIM_Handle *idp;
+
+ /**
+ * Idp Operation
+ */
+ struct GNUNET_RECLAIM_Operation *idp_op;
+
+ /**
+ * Attribute iterator
+ */
+ struct GNUNET_RECLAIM_AttributeIterator *attr_it;
+
+ /**
+ * Ticket iterator
+ */
+ struct GNUNET_RECLAIM_TicketIterator *ticket_it;
+
+ /**
+ * A ticket
+ */
+ struct GNUNET_RECLAIM_Ticket ticket;
+
+ /**
+ * Desired timeout for the lookup (default is no timeout).
+ */
+ struct GNUNET_TIME_Relative timeout;
+
+ /**
+ * ID of a task associated with the resolution process.
+ */
+ struct GNUNET_SCHEDULER_Task *timeout_task;
+
+ /**
+ * The plugin result processor
+ */
+ GNUNET_REST_ResultProcessor proc;
+
+ /**
+ * The closure of the result processor
+ */
+ void *proc_cls;
+
+ /**
+ * The url
+ */
+ char *url;
+
+ /**
+ * Error response message
+ */
+ char *emsg;
+
+ /**
+ * Reponse code
+ */
+ int response_code;
+
+ /**
+ * Response object
+ */
+ struct GNUNET_JSONAPI_Document *resp_object;
+
+};
+
+/**
+ * Cleanup lookup handle
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (struct RequestHandle *handle)
+{
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_entry;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *claim_tmp;
+ struct EgoEntry *ego_entry;
+ struct EgoEntry *ego_tmp;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Cleaning up\n");
+ if (NULL != handle->resp_object)
+ GNUNET_JSONAPI_document_delete (handle->resp_object);
+ if (NULL != handle->timeout_task)
+ GNUNET_SCHEDULER_cancel (handle->timeout_task);
+ if (NULL != handle->identity_handle)
+ GNUNET_IDENTITY_disconnect (handle->identity_handle);
+ if (NULL != handle->attr_it)
+ GNUNET_RECLAIM_get_attributes_stop (handle->attr_it);
+ if (NULL != handle->ticket_it)
+ GNUNET_RECLAIM_ticket_iteration_stop (handle->ticket_it);
+ if (NULL != handle->idp)
+ GNUNET_RECLAIM_disconnect (handle->idp);
+ if (NULL != handle->url)
+ GNUNET_free (handle->url);
+ if (NULL != handle->emsg)
+ GNUNET_free (handle->emsg);
+ if (NULL != handle->namestore_handle)
+ GNUNET_NAMESTORE_disconnect (handle->namestore_handle);
+ if ( NULL != handle->attr_list )
+ {
+ for (claim_entry = handle->attr_list->list_head;
+ NULL != claim_entry;)
+ {
+ claim_tmp = claim_entry;
+ claim_entry = claim_entry->next;
+ GNUNET_free(claim_tmp->claim);
+ GNUNET_free(claim_tmp);
+ }
+ GNUNET_free (handle->attr_list);
+ }
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;)
+ {
+ ego_tmp = ego_entry;
+ ego_entry = ego_entry->next;
+ GNUNET_free (ego_tmp->identifier);
+ GNUNET_free (ego_tmp->keystring);
+ GNUNET_free (ego_tmp);
+ }
+ if (NULL != handle->attr_it)
+ {
+ GNUNET_free(handle->attr_it);
+ }
+ GNUNET_free (handle);
+}
+
+static void
+cleanup_handle_delayed (void *cls)
+{
+ cleanup_handle (cls);
+}
+
+
+/**
+ * Task run on error, sends error message. Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ char *json_error;
+
+ GNUNET_asprintf (&json_error, "{ \"error\" : \"%s\" }",
+ handle->emsg);
+ if ( 0 == handle->response_code )
+ {
+ handle->response_code = MHD_HTTP_BAD_REQUEST;
+ }
+ resp = GNUNET_REST_create_response (json_error);
+ MHD_add_response_header (resp, "Content-Type", "application/json");
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ GNUNET_free (json_error);
+}
+
+
+/**
+ * Task run on timeout, sends error message. Cleans up everything.
+ *
+ * @param cls the `struct RequestHandle`
+ */
+static void
+do_timeout (void *cls)
+{
+ struct RequestHandle *handle = cls;
+
+ handle->timeout_task = NULL;
+ do_error (handle);
+}
+
+
+static void
+collect_error_cb (void *cls)
+{
+ struct RequestHandle *handle = cls;
+
+ do_error (handle);
+}
+
+static void
+finished_cont (void *cls,
+ int32_t success,
+ const char *emsg)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+
+ resp = GNUNET_REST_create_response (emsg);
+ if (GNUNET_OK != success)
+ {
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+}
+
+
+/**
+ * Return attributes for identity
+ *
+ * @param cls the request handle
+ */
+static void
+return_response (void *cls)
+{
+ char* result_str;
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+
+ GNUNET_JSONAPI_document_serialize (handle->resp_object, &result_str);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Result %s\n", result_str);
+ resp = GNUNET_REST_create_response (result_str);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free (result_str);
+ cleanup_handle (handle);
+}
+
+static void
+collect_finished_cb (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ //Done
+ handle->attr_it = NULL;
+ handle->ticket_it = NULL;
+ GNUNET_SCHEDULER_add_now (&return_response, handle);
+}
+
+
+/**
+ * Collect all attributes for an ego
+ *
+ */
+static void
+ticket_collect (void *cls,
+ const struct GNUNET_RECLAIM_Ticket *ticket)
+{
+ struct GNUNET_JSONAPI_Resource *json_resource;
+ struct RequestHandle *handle = cls;
+ json_t *value;
+ char* tmp;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding ticket\n");
+ tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
+ sizeof (uint64_t));
+ json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_IDENTITY_TICKET,
+ tmp);
+ GNUNET_free (tmp);
+ GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
+
+ tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->identity,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ value = json_string (tmp);
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ "issuer",
+ value);
+ GNUNET_free (tmp);
+ json_decref (value);
+ tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->audience,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ value = json_string (tmp);
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ "audience",
+ value);
+ GNUNET_free (tmp);
+ json_decref (value);
+ tmp = GNUNET_STRINGS_data_to_string_alloc (&ticket->rnd,
+ sizeof (uint64_t));
+ value = json_string (tmp);
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ "rnd",
+ value);
+ GNUNET_free (tmp);
+ json_decref (value);
+ GNUNET_RECLAIM_ticket_iteration_next (handle->ticket_it);
+}
+
+
+
+/**
+ * List tickets for identity request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+list_tickets_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ char *identity;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting tickets for %s.\n",
+ handle->url);
+ if ( strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >=
+ strlen (handle->url))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1;
+
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;
+ ego_entry = ego_entry->next)
+ if (0 == strcmp (identity, ego_entry->identifier))
+ break;
+ handle->resp_object = GNUNET_JSONAPI_document_new ();
+
+ if (NULL == ego_entry)
+ {
+ //Done
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n",
+ identity);
+ GNUNET_SCHEDULER_add_now (&return_response, handle);
+ return;
+ }
+ priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->ticket_it = GNUNET_RECLAIM_ticket_iteration_start (handle->idp,
+ priv_key,
+ &collect_error_cb,
+ handle,
+ &ticket_collect,
+ handle,
+ &collect_finished_cb,
+ handle);
+}
+
+
+static void
+add_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+ const char* identity;
+ const char* name_str;
+ const char* value_str;
+ const char* exp_str;
+
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ struct MHD_Response *resp;
+ struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attribute;
+ struct GNUNET_JSONAPI_Document *json_obj;
+ struct GNUNET_JSONAPI_Resource *json_res;
+ struct GNUNET_TIME_Relative exp;
+ char term_data[handle->rest_handle->data_size+1];
+ json_t *value_json;
+ json_t *data_json;
+ json_t *exp_json;
+ json_error_t err;
+ struct GNUNET_JSON_Specification docspec[] = {
+ GNUNET_JSON_spec_jsonapi_document (&json_obj),
+ GNUNET_JSON_spec_end()
+ };
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding an attribute for %s.\n",
+ handle->url);
+ if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
+ strlen (handle->url))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
+
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;
+ ego_entry = ego_entry->next)
+ if (0 == strcmp (identity, ego_entry->identifier))
+ break;
+
+ if (NULL == ego_entry)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Identity unknown (%s)\n", identity);
+ GNUNET_JSONAPI_document_delete (json_obj);
+ return;
+ }
+ identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+
+ if (0 >= handle->rest_handle->data_size)
+ {
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ term_data[handle->rest_handle->data_size] = '\0';
+ GNUNET_memcpy (term_data,
+ handle->rest_handle->data,
+ handle->rest_handle->data_size);
+ data_json = json_loads (term_data,
+ JSON_DECODE_ANY,
+ &err);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_JSON_parse (data_json, docspec,
+ NULL, NULL));
+ json_decref (data_json);
+ if (NULL == json_obj)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse JSONAPI Object from %s\n",
+ term_data);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ if (1 != GNUNET_JSONAPI_document_resource_count (json_obj))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot create more than 1 resource! (Got %d)\n",
+ GNUNET_JSONAPI_document_resource_count (json_obj));
+ GNUNET_JSONAPI_document_delete (json_obj);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
+ if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
+ GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unsupported JSON data type\n");
+ GNUNET_JSONAPI_document_delete (json_obj);
+ resp = GNUNET_REST_create_response (NULL);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT);
+ cleanup_handle (handle);
+ return;
+ }
+ name_str = GNUNET_JSONAPI_resource_get_id (json_res);
+ exp_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "exp");
+ exp_str = json_string_value (exp_json);
+ if (NULL == exp_str) {
+ exp = GNUNET_TIME_UNIT_HOURS;
+ } else {
+ if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str,
+ &exp)) {
+ exp = GNUNET_TIME_UNIT_HOURS;
+ }
+ }
+
+ value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "value");
+ value_str = json_string_value (value_json);
+ attribute = GNUNET_RECLAIM_ATTRIBUTE_claim_new (name_str,
+ GNUNET_RECLAIM_ATTRIBUTE_TYPE_STRING,
+ value_str,
+ strlen (value_str) + 1);
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->idp_op = GNUNET_RECLAIM_attribute_store (handle->idp,
+ identity_priv,
+ attribute,
+ &exp,
+ &finished_cont,
+ handle);
+ GNUNET_free (attribute);
+ GNUNET_JSONAPI_document_delete (json_obj);
+}
+
+
+
+/**
+ * Collect all attributes for an ego
+ *
+ */
+static void
+attr_collect (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ struct GNUNET_JSONAPI_Resource *json_resource;
+ struct RequestHandle *handle = cls;
+ json_t *value;
+ char* tmp_value;
+
+ if ((NULL == attr->name) || (NULL == attr->data))
+ {
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+ return;
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
+ attr->name);
+ json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
+ attr->name);
+ GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
+
+ tmp_value = GNUNET_RECLAIM_ATTRIBUTE_value_to_string (attr->type,
+ attr->data,
+ attr->data_size);
+
+ value = json_string (tmp_value);
+
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ "value",
+ value);
+ json_decref (value);
+ GNUNET_free(tmp_value);
+ GNUNET_RECLAIM_get_attributes_next (handle->attr_it);
+}
+
+
+
+/**
+ * List attributes for identity request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+list_attribute_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ char *identity;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Getting attributes for %s.\n",
+ handle->url);
+ if ( strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >=
+ strlen (handle->url))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "No identity given.\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
+
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;
+ ego_entry = ego_entry->next)
+ if (0 == strcmp (identity, ego_entry->identifier))
+ break;
+ handle->resp_object = GNUNET_JSONAPI_document_new ();
+
+
+ if (NULL == ego_entry)
+ {
+ //Done
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Ego %s not found.\n",
+ identity);
+ GNUNET_SCHEDULER_add_now (&return_response, handle);
+ return;
+ }
+ priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->attr_it = GNUNET_RECLAIM_get_attributes_start (handle->idp,
+ priv_key,
+ &collect_error_cb,
+ handle,
+ &attr_collect,
+ handle,
+ &collect_finished_cb,
+ handle);
+}
+
+
+static void
+revoke_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+ const char* identity_str;
+ const char* audience_str;
+ const char* rnd_str;
+
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ struct MHD_Response *resp;
+ struct GNUNET_RECLAIM_Ticket ticket;
+ struct GNUNET_JSONAPI_Document *json_obj;
+ struct GNUNET_JSONAPI_Resource *json_res;
+ struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
+ char term_data[handle->rest_handle->data_size+1];
+ json_t *rnd_json;
+ json_t *identity_json;
+ json_t *audience_json;
+ json_t *data_json;
+ json_error_t err;
+ struct GNUNET_JSON_Specification docspec[] = {
+ GNUNET_JSON_spec_jsonapi_document (&json_obj),
+ GNUNET_JSON_spec_end()
+ };
+
+ if (0 >= handle->rest_handle->data_size)
+ {
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ term_data[handle->rest_handle->data_size] = '\0';
+ GNUNET_memcpy (term_data,
+ handle->rest_handle->data,
+ handle->rest_handle->data_size);
+ data_json = json_loads (term_data,
+ JSON_DECODE_ANY,
+ &err);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_JSON_parse (data_json, docspec,
+ NULL, NULL));
+ json_decref (data_json);
+ if (NULL == json_obj)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse JSONAPI Object from %s\n",
+ term_data);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ if (1 != GNUNET_JSONAPI_document_resource_count (json_obj))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot create more than 1 resource! (Got %d)\n",
+ GNUNET_JSONAPI_document_resource_count (json_obj));
+ GNUNET_JSONAPI_document_delete (json_obj);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
+ if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
+ GNUNET_REST_JSONAPI_IDENTITY_TICKET))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unsupported JSON data type\n");
+ GNUNET_JSONAPI_document_delete (json_obj);
+ resp = GNUNET_REST_create_response (NULL);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT);
+ cleanup_handle (handle);
+ return;
+ }
+ rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "rnd");
+ identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "issuer");
+ audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "audience");
+ rnd_str = json_string_value (rnd_json);
+ identity_str = json_string_value (identity_json);
+ audience_str = json_string_value (audience_json);
+
+ GNUNET_STRINGS_string_to_data (rnd_str,
+ strlen (rnd_str),
+ &ticket.rnd,
+ sizeof (uint64_t));
+ GNUNET_STRINGS_string_to_data (identity_str,
+ strlen (identity_str),
+ &ticket.identity,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ GNUNET_STRINGS_string_to_data (audience_str,
+ strlen (audience_str),
+ &ticket.audience,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;
+ ego_entry = ego_entry->next)
+ {
+ GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
+ &tmp_pk);
+ if (0 == memcmp (&ticket.identity,
+ &tmp_pk,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ break;
+ }
+ if (NULL == ego_entry)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Identity unknown (%s)\n", identity_str);
+ GNUNET_JSONAPI_document_delete (json_obj);
+ return;
+ }
+ identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->idp_op = GNUNET_RECLAIM_ticket_revoke (handle->idp,
+ identity_priv,
+ &ticket,
+ &finished_cont,
+ handle);
+ GNUNET_JSONAPI_document_delete (json_obj);
+}
+
+static void
+consume_cont (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_JSONAPI_Resource *json_resource;
+ json_t *value;
+
+ if (NULL == identity)
+ {
+ GNUNET_SCHEDULER_add_now (&return_response, handle);
+ return;
+ }
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute: %s\n",
+ attr->name);
+ json_resource = GNUNET_JSONAPI_resource_new (GNUNET_REST_JSONAPI_RECLAIM_ATTRIBUTE,
+ attr->name);
+ GNUNET_JSONAPI_document_resource_add (handle->resp_object, json_resource);
+
+ value = json_string (attr->data);
+ GNUNET_JSONAPI_resource_add_attr (json_resource,
+ "value",
+ value);
+ json_decref (value);
+}
+
+static void
+consume_ticket_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity_priv;
+ const char* identity_str;
+ const char* audience_str;
+ const char* rnd_str;
+
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ struct MHD_Response *resp;
+ struct GNUNET_RECLAIM_Ticket ticket;
+ struct GNUNET_JSONAPI_Document *json_obj;
+ struct GNUNET_JSONAPI_Resource *json_res;
+ struct GNUNET_CRYPTO_EcdsaPublicKey tmp_pk;
+ char term_data[handle->rest_handle->data_size+1];
+ json_t *rnd_json;
+ json_t *identity_json;
+ json_t *audience_json;
+ json_t *data_json;
+ json_error_t err;
+ struct GNUNET_JSON_Specification docspec[] = {
+ GNUNET_JSON_spec_jsonapi_document (&json_obj),
+ GNUNET_JSON_spec_end()
+ };
+
+ if (0 >= handle->rest_handle->data_size)
+ {
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ term_data[handle->rest_handle->data_size] = '\0';
+ GNUNET_memcpy (term_data,
+ handle->rest_handle->data,
+ handle->rest_handle->data_size);
+ data_json = json_loads (term_data,
+ JSON_DECODE_ANY,
+ &err);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_JSON_parse (data_json, docspec,
+ NULL, NULL));
+ json_decref (data_json);
+ if (NULL == json_obj)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to parse JSONAPI Object from %s\n",
+ term_data);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ if (1 != GNUNET_JSONAPI_document_resource_count (json_obj))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot create more than 1 resource! (Got %d)\n",
+ GNUNET_JSONAPI_document_resource_count (json_obj));
+ GNUNET_JSONAPI_document_delete (json_obj);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ json_res = GNUNET_JSONAPI_document_get_resource (json_obj, 0);
+ if (GNUNET_NO == GNUNET_JSONAPI_resource_check_type (json_res,
+ GNUNET_REST_JSONAPI_IDENTITY_TICKET))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unsupported JSON data type\n");
+ GNUNET_JSONAPI_document_delete (json_obj);
+ resp = GNUNET_REST_create_response (NULL);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_CONFLICT);
+ cleanup_handle (handle);
+ return;
+ }
+ rnd_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "rnd");
+ identity_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "identity");
+ audience_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "audience");
+ rnd_str = json_string_value (rnd_json);
+ identity_str = json_string_value (identity_json);
+ audience_str = json_string_value (audience_json);
+
+ GNUNET_STRINGS_string_to_data (rnd_str,
+ strlen (rnd_str),
+ &ticket.rnd,
+ sizeof (uint64_t));
+ GNUNET_STRINGS_string_to_data (identity_str,
+ strlen (identity_str),
+ &ticket.identity,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ GNUNET_STRINGS_string_to_data (audience_str,
+ strlen (audience_str),
+ &ticket.audience,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+
+ for (ego_entry = handle->ego_head;
+ NULL != ego_entry;
+ ego_entry = ego_entry->next)
+ {
+ GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
+ &tmp_pk);
+ if (0 == memcmp (&ticket.audience,
+ &tmp_pk,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey)))
+ break;
+ }
+ if (NULL == ego_entry)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Identity unknown (%s)\n", identity_str);
+ GNUNET_JSONAPI_document_delete (json_obj);
+ return;
+ }
+ identity_priv = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+ handle->resp_object = GNUNET_JSONAPI_document_new ();
+ handle->idp = GNUNET_RECLAIM_connect (cfg);
+ handle->idp_op = GNUNET_RECLAIM_ticket_consume (handle->idp,
+ identity_priv,
+ &ticket,
+ &consume_cont,
+ handle);
+ GNUNET_JSONAPI_document_delete (json_obj);
+}
+
+
+
+/**
+ * Respond to OPTIONS request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ //For now, independent of path return all options
+ resp = GNUNET_REST_create_response (NULL);
+ MHD_add_response_header (resp,
+ "Access-Control-Allow-Methods",
+ allow_methods);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ cleanup_handle (handle);
+ return;
+}
+
+/**
+ * Handle rest request
+ *
+ * @param handle the request handle
+ */
+static void
+init_cont (struct RequestHandle *handle)
+{
+ struct GNUNET_REST_RequestHandlerError err;
+ static const struct GNUNET_REST_RequestHandler handlers[] = {
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &list_attribute_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES, &add_attribute_cont},
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TICKETS, &list_tickets_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_REVOKE, &revoke_ticket_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_CONSUME, &consume_ticket_cont},
+ {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_RECLAIM,
+ &options_cont},
+ GNUNET_REST_HANDLER_END
+ };
+
+ if (GNUNET_NO == GNUNET_REST_handle_request (handle->rest_handle,
+ handlers,
+ &err,
+ handle))
+ {
+ handle->response_code = err.error_code;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ }
+}
+
+/**
+ * If listing is enabled, prints information about the egos.
+ *
+ * This function is initially called for all egos and then again
+ * whenever a ego's identifier changes or if it is deleted. At the
+ * end of the initial pass over all egos, the function is once called
+ * with 'NULL' for 'ego'. That does NOT mean that the callback won't
+ * be invoked in the future or that there was an error.
+ *
+ * When used with 'GNUNET_IDENTITY_create' or 'GNUNET_IDENTITY_get',
+ * this function is only called ONCE, and 'NULL' being passed in
+ * 'ego' does indicate an error (i.e. name is taken or no default
+ * value is known). If 'ego' is non-NULL and if '*ctx'
+ * is set in those callbacks, the value WILL be passed to a subsequent
+ * call to the identity callback of 'GNUNET_IDENTITY_connect' (if
+ * that one was not NULL).
+ *
+ * When an identity is renamed, this function is called with the
+ * (known) ego but the NEW identifier.
+ *
+ * When an identity is deleted, this function is called with the
+ * (known) ego and "NULL" for the 'identifier'. In this case,
+ * the 'ego' is henceforth invalid (and the 'ctx' should also be
+ * cleaned up).
+ *
+ * @param cls closure
+ * @param ego ego handle
+ * @param ctx context for application to store data for this ego
+ * (during the lifetime of this process, initially NULL)
+ * @param identifier identifier assigned by the user for this ego,
+ * NULL if the user just deleted the ego and it
+ * must thus no longer be used
+ */
+static void
+list_ego (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *identifier)
+{
+ struct RequestHandle *handle = cls;
+ struct EgoEntry *ego_entry;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+
+ if ((NULL == ego) && (ID_REST_STATE_INIT == handle->state))
+ {
+ handle->state = ID_REST_STATE_POST_INIT;
+ init_cont (handle);
+ return;
+ }
+ if (ID_REST_STATE_INIT == handle->state) {
+ ego_entry = GNUNET_new (struct EgoEntry);
+ GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
+ ego_entry->keystring =
+ GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+ ego_entry->ego = ego;
+ ego_entry->identifier = GNUNET_strdup (identifier);
+ GNUNET_CONTAINER_DLL_insert_tail(handle->ego_head,handle->ego_tail, ego_entry);
+ }
+
+}
+
+static void
+rest_identity_process_request(struct GNUNET_REST_RequestHandle *rest_handle,
+ GNUNET_REST_ResultProcessor proc,
+ void *proc_cls)
+{
+ struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+ handle->response_code = 0;
+ handle->timeout = GNUNET_TIME_UNIT_FOREVER_REL;
+ handle->proc_cls = proc_cls;
+ handle->proc = proc;
+ handle->state = ID_REST_STATE_INIT;
+ handle->rest_handle = rest_handle;
+
+ handle->url = GNUNET_strdup (rest_handle->url);
+ if (handle->url[strlen (handle->url)-1] == '/')
+ handle->url[strlen (handle->url)-1] = '\0';
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connecting...\n");
+ handle->identity_handle = GNUNET_IDENTITY_connect (cfg,
+ &list_ego,
+ handle);
+ handle->namestore_handle = GNUNET_NAMESTORE_connect (cfg);
+ handle->timeout_task =
+ GNUNET_SCHEDULER_add_delayed (handle->timeout,
+ &do_timeout,
+ handle);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connected\n");
+}
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls Config info
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_reclaim_init (void *cls)
+{
+ static struct Plugin plugin;
+ struct GNUNET_REST_Plugin *api;
+
+ cfg = cls;
+ if (NULL != plugin.cfg)
+ return NULL; /* can only initialize once! */
+ memset (&plugin, 0, sizeof (struct Plugin));
+ plugin.cfg = cfg;
+ api = GNUNET_new (struct GNUNET_REST_Plugin);
+ api->cls = &plugin;
+ api->name = GNUNET_REST_API_NS_RECLAIM;
+ api->process_request = &rest_identity_process_request;
+ GNUNET_asprintf (&allow_methods,
+ "%s, %s, %s, %s, %s",
+ MHD_HTTP_METHOD_GET,
+ MHD_HTTP_METHOD_POST,
+ MHD_HTTP_METHOD_PUT,
+ MHD_HTTP_METHOD_DELETE,
+ MHD_HTTP_METHOD_OPTIONS);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ _("Identity Provider REST API initialized\n"));
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_reclaim_done (void *cls)
+{
+ struct GNUNET_REST_Plugin *api = cls;
+ struct Plugin *plugin = api->cls;
+ plugin->cfg = NULL;
+
+ GNUNET_free_non_null (allow_methods);
+ GNUNET_free (api);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Identity Provider REST plugin is finished\n");
+ return NULL;
+}
+
+/* end of plugin_rest_reclaim.c */
--- /dev/null
+[reclaim]
+START_ON_DEMAND = NO
+RUN_PER_USER = YES
+#PORT = 2108
+HOSTNAME = localhost
+BINARY = gnunet-service-reclaim
+ACCEPT_FROM = 127.0.0.1;
+ACCEPT_FROM6 = ::1;
+UNIXPATH = $GNUNET_USER_RUNTIME_DIR/gnunet-service-reclaim.sock
+UNIX_MATCH_UID = NO
+UNIX_MATCH_GID = YES
+TOKEN_EXPIRATION_INTERVAL = 30 m
+DATABASE = sqlite
+
+[reclaim-rest-plugin]
+#ADDRESS = https://identity.gnu:8000#/login
+ADDRESS = https://reclaim.ui/#/login
+PSW = secret
+JWT_SECRET = secret
+EXPIRATION_TIME = 1d
+
+[reclaim-sqlite]
+FILENAME = $GNUNET_DATA_HOME/reclaim/sqlite.db
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2016 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @author Martin Schanzenbach
+ * @file reclaim/reclaim.h
+ *
+ * @brief Common type definitions for the identity provider
+ * service and API.
+ */
+#ifndef RECLAIM_H
+#define RECLAIM_H
+
+#include "gnunet_common.h"
+
+
+GNUNET_NETWORK_STRUCT_BEGIN
+
+/**
+ * Use to store an identity attribute
+ */
+struct AttributeStoreMessage
+{
+ /**
+ * Type: #GNUNET_MESSAGE_TYPE_IDENTITY_SET_DEFAULT
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * The length of the attribute
+ */
+ uint32_t attr_len GNUNET_PACKED;
+
+ /**
+ * The expiration interval of the attribute
+ */
+ uint64_t exp GNUNET_PACKED;
+
+ /**
+ * Identity
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /* followed by the serialized attribute */
+
+};
+
+/**
+ * Attribute store response message
+ */
+struct AttributeStoreResultMessage
+{
+ /**
+ * Message header
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * #GNUNET_SYSERR on failure, #GNUNET_OK on success
+ */
+ int32_t op_result GNUNET_PACKED;
+
+};
+
+/**
+ * Attribute is returned from the idp.
+ */
+struct AttributeResultMessage
+{
+ /**
+ * Message header
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Length of serialized attribute data
+ */
+ uint16_t attr_len GNUNET_PACKED;
+
+ /**
+ * always zero (for alignment)
+ */
+ uint16_t reserved GNUNET_PACKED;
+
+ /**
+ * The public key of the identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+
+ /* followed by:
+ * serialized attribute data
+ */
+};
+
+
+/**
+ * Start a attribute iteration for the given identity
+ */
+struct AttributeIterationStartMessage
+{
+ /**
+ * Message
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+};
+
+
+/**
+ * Ask for next result of attribute iteration for the given operation
+ */
+struct AttributeIterationNextMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+};
+
+
+/**
+ * Stop attribute iteration for the given operation
+ */
+struct AttributeIterationStopMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+};
+
+/**
+ * Start a ticket iteration for the given identity
+ */
+struct TicketIterationStartMessage
+{
+ /**
+ * Message
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+
+ /**
+ * Identity is audience or issuer
+ */
+ uint32_t is_audience GNUNET_PACKED;
+};
+
+
+/**
+ * Ask for next result of ticket iteration for the given operation
+ */
+struct TicketIterationNextMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+};
+
+
+/**
+ * Stop ticket iteration for the given operation
+ */
+struct TicketIterationStopMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+};
+
+
+
+/**
+ * Ticket issue message
+ */
+struct IssueTicketMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * Requesting party.
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey rp;
+
+ /**
+ * length of serialized attribute list
+ */
+ uint32_t attr_len GNUNET_PACKED;
+
+ //Followed by a serialized attribute list
+};
+
+/**
+ * Ticket revoke message
+ */
+struct RevokeTicketMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * length of serialized attribute list
+ */
+ uint32_t attrs_len GNUNET_PACKED;
+
+ //Followed by a ticket and serialized attribute list
+};
+
+/**
+ * Ticket revoke message
+ */
+struct RevokeTicketResultMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Revocation result
+ */
+ uint32_t success GNUNET_PACKED;
+};
+
+
+/**
+ * Ticket result message
+ */
+struct TicketResultMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+};
+
+/**
+ * Ticket consume message
+ */
+struct ConsumeTicketMessage
+{
+ /**
+ * Type will be #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ //Followed by a serialized ticket
+};
+
+/**
+ * Attribute list is returned from the idp.
+ */
+struct ConsumeTicketResultMessage
+{
+ /**
+ * Message header
+ */
+ struct GNUNET_MessageHeader header;
+
+ /**
+ * Unique identifier for this request (for key collisions).
+ */
+ uint32_t id GNUNET_PACKED;
+
+ /**
+ * Length of serialized attribute data
+ */
+ uint16_t attrs_len GNUNET_PACKED;
+
+ /**
+ * always zero (for alignment)
+ */
+ uint16_t reserved GNUNET_PACKED;
+
+ /**
+ * The public key of the identity.
+ */
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity;
+
+ /* followed by:
+ * serialized attributes data
+ */
+};
+
+
+
+GNUNET_NETWORK_STRUCT_END
+
+#endif
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2016 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file reclaim/reclaim_api.c
+ * @brief api to interact with the reclaim service
+ * @author Martin Schanzenbach
+ */
+#include "platform.h"
+#include "gnunet_util_lib.h"
+#include "gnunet_constants.h"
+#include "gnunet_protocols.h"
+#include "gnunet_mq_lib.h"
+#include "gnunet_reclaim_service.h"
+#include "gnunet_reclaim_attribute_lib.h"
+#include "reclaim.h"
+
+#define LOG(kind,...) GNUNET_log_from (kind, "reclaim-api",__VA_ARGS__)
+
+
+/**
+ * Handle for an operation with the service.
+ */
+struct GNUNET_RECLAIM_Operation
+{
+
+ /**
+ * Main handle.
+ */
+ struct GNUNET_RECLAIM_Handle *h;
+
+ /**
+ * We keep operations in a DLL.
+ */
+ struct GNUNET_RECLAIM_Operation *next;
+
+ /**
+ * We keep operations in a DLL.
+ */
+ struct GNUNET_RECLAIM_Operation *prev;
+
+ /**
+ * Message to send to the service.
+ * Allocated at the end of this struct.
+ */
+ const struct GNUNET_MessageHeader *msg;
+
+ /**
+ * Continuation to invoke after attribute store call
+ */
+ GNUNET_RECLAIM_ContinuationWithStatus as_cb;
+
+ /**
+ * Attribute result callback
+ */
+ GNUNET_RECLAIM_AttributeResult ar_cb;
+
+ /**
+ * Revocation result callback
+ */
+ GNUNET_RECLAIM_ContinuationWithStatus rvk_cb;
+
+ /**
+ * Ticket result callback
+ */
+ GNUNET_RECLAIM_TicketCallback tr_cb;
+
+ /**
+ * Envelope with the message for this queue entry.
+ */
+ struct GNUNET_MQ_Envelope *env;
+
+ /**
+ * request id
+ */
+ uint32_t r_id;
+
+ /**
+ * Closure for @e cont or @e cb.
+ */
+ void *cls;
+
+};
+
+/**
+ * Handle for a ticket iterator operation
+ */
+struct GNUNET_RECLAIM_TicketIterator
+{
+
+ /**
+ * Kept in a DLL.
+ */
+ struct GNUNET_RECLAIM_TicketIterator *next;
+
+ /**
+ * Kept in a DLL.
+ */
+ struct GNUNET_RECLAIM_TicketIterator *prev;
+
+ /**
+ * Main handle to access the idp.
+ */
+ struct GNUNET_RECLAIM_Handle *h;
+
+ /**
+ * Function to call on completion.
+ */
+ GNUNET_SCHEDULER_TaskCallback finish_cb;
+
+ /**
+ * Closure for @e error_cb.
+ */
+ void *finish_cb_cls;
+
+ /**
+ * The continuation to call with the results
+ */
+ GNUNET_RECLAIM_TicketCallback tr_cb;
+
+ /**
+ * Closure for @e tr_cb.
+ */
+ void *cls;
+
+ /**
+ * Function to call on errors.
+ */
+ GNUNET_SCHEDULER_TaskCallback error_cb;
+
+ /**
+ * Closure for @e error_cb.
+ */
+ void *error_cb_cls;
+
+ /**
+ * Envelope of the message to send to the service, if not yet
+ * sent.
+ */
+ struct GNUNET_MQ_Envelope *env;
+
+ /**
+ * The operation id this zone iteration operation has
+ */
+ uint32_t r_id;
+
+};
+
+
+/**
+ * Handle for a attribute iterator operation
+ */
+struct GNUNET_RECLAIM_AttributeIterator
+{
+
+ /**
+ * Kept in a DLL.
+ */
+ struct GNUNET_RECLAIM_AttributeIterator *next;
+
+ /**
+ * Kept in a DLL.
+ */
+ struct GNUNET_RECLAIM_AttributeIterator *prev;
+
+ /**
+ * Main handle to access the idp.
+ */
+ struct GNUNET_RECLAIM_Handle *h;
+
+ /**
+ * Function to call on completion.
+ */
+ GNUNET_SCHEDULER_TaskCallback finish_cb;
+
+ /**
+ * Closure for @e error_cb.
+ */
+ void *finish_cb_cls;
+
+ /**
+ * The continuation to call with the results
+ */
+ GNUNET_RECLAIM_AttributeResult proc;
+
+ /**
+ * Closure for @e proc.
+ */
+ void *proc_cls;
+
+ /**
+ * Function to call on errors.
+ */
+ GNUNET_SCHEDULER_TaskCallback error_cb;
+
+ /**
+ * Closure for @e error_cb.
+ */
+ void *error_cb_cls;
+
+ /**
+ * Envelope of the message to send to the service, if not yet
+ * sent.
+ */
+ struct GNUNET_MQ_Envelope *env;
+
+ /**
+ * Private key of the zone.
+ */
+ struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
+
+ /**
+ * The operation id this zone iteration operation has
+ */
+ uint32_t r_id;
+
+};
+
+
+/**
+ * Handle for the service.
+ */
+struct GNUNET_RECLAIM_Handle
+{
+ /**
+ * Configuration to use.
+ */
+ const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+ /**
+ * Socket (if available).
+ */
+ struct GNUNET_CLIENT_Connection *client;
+
+ /**
+ * Closure for 'cb'.
+ */
+ void *cb_cls;
+
+ /**
+ * Head of active operations.
+ */
+ struct GNUNET_RECLAIM_Operation *op_head;
+
+ /**
+ * Tail of active operations.
+ */
+ struct GNUNET_RECLAIM_Operation *op_tail;
+
+ /**
+ * Head of active iterations
+ */
+ struct GNUNET_RECLAIM_AttributeIterator *it_head;
+
+ /**
+ * Tail of active iterations
+ */
+ struct GNUNET_RECLAIM_AttributeIterator *it_tail;
+
+ /**
+ * Head of active iterations
+ */
+ struct GNUNET_RECLAIM_TicketIterator *ticket_it_head;
+
+ /**
+ * Tail of active iterations
+ */
+ struct GNUNET_RECLAIM_TicketIterator *ticket_it_tail;
+
+
+ /**
+ * Currently pending transmission request, or NULL for none.
+ */
+ struct GNUNET_CLIENT_TransmitHandle *th;
+
+ /**
+ * Task doing exponential back-off trying to reconnect.
+ */
+ struct GNUNET_SCHEDULER_Task * reconnect_task;
+
+ /**
+ * Time for next connect retry.
+ */
+ struct GNUNET_TIME_Relative reconnect_backoff;
+
+ /**
+ * Connection to service (if available).
+ */
+ struct GNUNET_MQ_Handle *mq;
+
+ /**
+ * Request Id generator. Incremented by one for each request.
+ */
+ uint32_t r_id_gen;
+
+ /**
+ * Are we polling for incoming messages right now?
+ */
+ int in_receive;
+
+};
+
+/**
+ * Try again to connect to the service.
+ *
+ * @param h handle to the reclaim service.
+ */
+static void
+reconnect (struct GNUNET_RECLAIM_Handle *h);
+
+/**
+ * Reconnect
+ *
+ * @param cls the handle
+ */
+static void
+reconnect_task (void *cls)
+{
+ struct GNUNET_RECLAIM_Handle *handle = cls;
+
+ handle->reconnect_task = NULL;
+ reconnect (handle);
+}
+
+
+/**
+ * Disconnect from service and then reconnect.
+ *
+ * @param handle our service
+ */
+static void
+force_reconnect (struct GNUNET_RECLAIM_Handle *handle)
+{
+ GNUNET_MQ_destroy (handle->mq);
+ handle->mq = NULL;
+ handle->reconnect_backoff
+ = GNUNET_TIME_STD_BACKOFF (handle->reconnect_backoff);
+ handle->reconnect_task
+ = GNUNET_SCHEDULER_add_delayed (handle->reconnect_backoff,
+ &reconnect_task,
+ handle);
+}
+
+/**
+ * Free @a it.
+ *
+ * @param it entry to free
+ */
+static void
+free_it (struct GNUNET_RECLAIM_AttributeIterator *it)
+{
+ struct GNUNET_RECLAIM_Handle *h = it->h;
+
+ GNUNET_CONTAINER_DLL_remove (h->it_head,
+ h->it_tail,
+ it);
+ if (NULL != it->env)
+ GNUNET_MQ_discard (it->env);
+ GNUNET_free (it);
+}
+
+static void
+free_op (struct GNUNET_RECLAIM_Operation* op)
+{
+ if (NULL == op)
+ return;
+ if (NULL != op->env)
+ GNUNET_MQ_discard (op->env);
+ GNUNET_free(op);
+}
+
+
+/**
+ * Generic error handler, called with the appropriate error code and
+ * the same closure specified at the creation of the message queue.
+ * Not every message queue implementation supports an error handler.
+ *
+ * @param cls closure with the `struct GNUNET_GNS_Handle *`
+ * @param error error code
+ */
+static void
+mq_error_handler (void *cls,
+ enum GNUNET_MQ_Error error)
+{
+ struct GNUNET_RECLAIM_Handle *handle = cls;
+ force_reconnect (handle);
+}
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_NAMESTORE_RECORD_STORE_RESPONSE
+ *
+ * @param cls
+ * @param msg the message we received
+ */
+static void
+handle_attribute_store_response (void *cls,
+ const struct AttributeStoreResultMessage *msg)
+{
+ struct GNUNET_RECLAIM_Handle *h = cls;
+ struct GNUNET_RECLAIM_Operation *op;
+ uint32_t r_id = ntohl (msg->id);
+ int res;
+ const char *emsg;
+
+ for (op = h->op_head; NULL != op; op = op->next)
+ if (op->r_id == r_id)
+ break;
+ if (NULL == op)
+ return;
+
+ res = ntohl (msg->op_result);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Received ATTRIBUTE_STORE_RESPONSE with result %d\n",
+ res);
+
+ /* TODO: add actual error message to response... */
+ if (GNUNET_SYSERR == res)
+ emsg = _("failed to store record\n");
+ else
+ emsg = NULL;
+ if (NULL != op->as_cb)
+ op->as_cb (op->cls,
+ res,
+ emsg);
+ GNUNET_CONTAINER_DLL_remove (h->op_head,
+ h->op_tail,
+ op);
+ free_op (op);
+
+}
+
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+check_consume_ticket_result (void *cls,
+ const struct ConsumeTicketResultMessage *msg)
+{
+ size_t msg_len;
+ size_t attrs_len;
+
+ msg_len = ntohs (msg->header.size);
+ attrs_len = ntohs (msg->attrs_len);
+ if (msg_len != sizeof (struct ConsumeTicketResultMessage) + attrs_len)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ */
+static void
+handle_consume_ticket_result (void *cls,
+ const struct ConsumeTicketResultMessage *msg)
+{
+ struct GNUNET_RECLAIM_Handle *h = cls;
+ struct GNUNET_RECLAIM_Operation *op;
+ size_t attrs_len;
+ uint32_t r_id = ntohl (msg->id);
+
+ attrs_len = ntohs (msg->attrs_len);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Processing attribute result.\n");
+
+
+ for (op = h->op_head; NULL != op; op = op->next)
+ if (op->r_id == r_id)
+ break;
+ if (NULL == op)
+ return;
+
+ {
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs;
+ struct GNUNET_RECLAIM_ATTRIBUTE_ClaimListEntry *le;
+ attrs = GNUNET_RECLAIM_ATTRIBUTE_list_deserialize ((char*)&msg[1],
+ attrs_len);
+ if (NULL != op->ar_cb)
+ {
+ if (NULL == attrs)
+ {
+ op->ar_cb (op->cls,
+ &msg->identity,
+ NULL);
+ }
+ else
+ {
+ for (le = attrs->list_head; NULL != le; le = le->next)
+ op->ar_cb (op->cls,
+ &msg->identity,
+ le->claim);
+ GNUNET_RECLAIM_ATTRIBUTE_list_destroy (attrs);
+ }
+ }
+ if (NULL != op)
+ {
+ op->ar_cb (op->cls,
+ NULL,
+ NULL);
+ GNUNET_CONTAINER_DLL_remove (h->op_head,
+ h->op_tail,
+ op);
+ free_op (op);
+ }
+ return;
+ }
+ GNUNET_assert (0);
+}
+
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+check_attribute_result (void *cls,
+ const struct AttributeResultMessage *msg)
+{
+ size_t msg_len;
+ size_t attr_len;
+
+ msg_len = ntohs (msg->header.size);
+ attr_len = ntohs (msg->attr_len);
+ if (msg_len != sizeof (struct AttributeResultMessage) + attr_len)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ */
+static void
+handle_attribute_result (void *cls,
+ const struct AttributeResultMessage *msg)
+{
+ static struct GNUNET_CRYPTO_EcdsaPrivateKey identity_dummy;
+ struct GNUNET_RECLAIM_Handle *h = cls;
+ struct GNUNET_RECLAIM_AttributeIterator *it;
+ struct GNUNET_RECLAIM_Operation *op;
+ size_t attr_len;
+ uint32_t r_id = ntohl (msg->id);
+
+ attr_len = ntohs (msg->attr_len);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Processing attribute result.\n");
+
+
+ for (it = h->it_head; NULL != it; it = it->next)
+ if (it->r_id == r_id)
+ break;
+ for (op = h->op_head; NULL != op; op = op->next)
+ if (op->r_id == r_id)
+ break;
+ if ((NULL == it) && (NULL == op))
+ return;
+
+ if ( (0 == (memcmp (&msg->identity,
+ &identity_dummy,
+ sizeof (identity_dummy)))) )
+ {
+ if ((NULL == it) && (NULL == op))
+ {
+ GNUNET_break (0);
+ force_reconnect (h);
+ return;
+ }
+ if (NULL != it)
+ {
+ if (NULL != it->finish_cb)
+ it->finish_cb (it->finish_cb_cls);
+ free_it (it);
+ }
+ if (NULL != op)
+ {
+ if (NULL != op->ar_cb)
+ op->ar_cb (op->cls,
+ NULL,
+ NULL);
+ GNUNET_CONTAINER_DLL_remove (h->op_head,
+ h->op_tail,
+ op);
+ free_op (op);
+
+ }
+ return;
+ }
+
+ {
+ struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr;
+ attr = GNUNET_RECLAIM_ATTRIBUTE_deserialize ((char*)&msg[1],
+ attr_len);
+ if (NULL != it)
+ {
+ if (NULL != it->proc)
+ it->proc (it->proc_cls,
+ &msg->identity,
+ attr);
+ } else if (NULL != op)
+ {
+ if (NULL != op->ar_cb)
+ op->ar_cb (op->cls,
+ &msg->identity,
+ attr);
+
+ }
+ GNUNET_free (attr);
+ return;
+ }
+ GNUNET_assert (0);
+}
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ */
+static int
+check_ticket_result (void *cls,
+ const struct TicketResultMessage *msg)
+{
+ size_t msg_len;
+
+ msg_len = ntohs (msg->header.size);
+ if (msg_len < sizeof (struct TicketResultMessage))
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ return GNUNET_OK;
+}
+
+
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ */
+static void
+handle_ticket_result (void *cls,
+ const struct TicketResultMessage *msg)
+{
+ struct GNUNET_RECLAIM_Handle *handle = cls;
+ struct GNUNET_RECLAIM_Operation *op;
+ struct GNUNET_RECLAIM_TicketIterator *it;
+ const struct GNUNET_RECLAIM_Ticket *ticket;
+ uint32_t r_id = ntohl (msg->id);
+ size_t msg_len;
+
+ for (op = handle->op_head; NULL != op; op = op->next)
+ if (op->r_id == r_id)
+ break;
+ for (it = handle->ticket_it_head; NULL != it; it = it->next)
+ if (it->r_id == r_id)
+ break;
+ if ((NULL == op) && (NULL == it))
+ return;
+ msg_len = ntohs (msg->header.size);
+ if (NULL != op)
+ {
+ GNUNET_CONTAINER_DLL_remove (handle->op_head,
+ handle->op_tail,
+ op);
+ if (msg_len == sizeof (struct TicketResultMessage))
+ {
+ if (NULL != op->tr_cb)
+ op->tr_cb (op->cls, NULL);
+ } else {
+ ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
+ if (NULL != op->tr_cb)
+ op->tr_cb (op->cls, ticket);
+ }
+ free_op (op);
+ return;
+ } else if (NULL != it) {
+ if (msg_len == sizeof (struct TicketResultMessage))
+ {
+ if (NULL != it->tr_cb)
+ GNUNET_CONTAINER_DLL_remove (handle->ticket_it_head,
+ handle->ticket_it_tail,
+ it);
+ it->finish_cb (it->finish_cb_cls);
+ GNUNET_free (it);
+ } else {
+ ticket = (struct GNUNET_RECLAIM_Ticket *)&msg[1];
+ if (NULL != it->tr_cb)
+ it->tr_cb (it->cls, ticket);
+ }
+ return;
+ }
+ GNUNET_break (0);
+}
+
+
+/**
+ * Handle an incoming message of type
+ * #GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT
+ *
+ * @param cls
+ * @param msg the message we received
+ */
+static void
+handle_revoke_ticket_result (void *cls,
+ const struct RevokeTicketResultMessage *msg)
+{
+ struct GNUNET_RECLAIM_Handle *h = cls;
+ struct GNUNET_RECLAIM_Operation *op;
+ uint32_t r_id = ntohl (msg->id);
+ int32_t success;
+
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Processing revocation result.\n");
+
+
+ for (op = h->op_head; NULL != op; op = op->next)
+ if (op->r_id == r_id)
+ break;
+ if (NULL == op)
+ return;
+ success = ntohl (msg->success);
+ {
+ if (NULL != op->rvk_cb)
+ {
+ op->rvk_cb (op->cls,
+ success,
+ NULL);
+ }
+ GNUNET_CONTAINER_DLL_remove (h->op_head,
+ h->op_tail,
+ op);
+ free_op (op);
+ return;
+ }
+ GNUNET_assert (0);
+}
+
+
+
+/**
+ * Try again to connect to the service.
+ *
+ * @param h handle to the reclaim service.
+ */
+static void
+reconnect (struct GNUNET_RECLAIM_Handle *h)
+{
+ struct GNUNET_MQ_MessageHandler handlers[] = {
+ GNUNET_MQ_hd_fixed_size (attribute_store_response,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE_RESPONSE,
+ struct AttributeStoreResultMessage,
+ h),
+ GNUNET_MQ_hd_var_size (attribute_result,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_RESULT,
+ struct AttributeResultMessage,
+ h),
+ GNUNET_MQ_hd_var_size (ticket_result,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_RESULT,
+ struct TicketResultMessage,
+ h),
+ GNUNET_MQ_hd_var_size (consume_ticket_result,
+ GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET_RESULT,
+ struct ConsumeTicketResultMessage,
+ h),
+ GNUNET_MQ_hd_fixed_size (revoke_ticket_result,
+ GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET_RESULT,
+ struct RevokeTicketResultMessage,
+ h),
+ GNUNET_MQ_handler_end ()
+ };
+ struct GNUNET_RECLAIM_Operation *op;
+
+ GNUNET_assert (NULL == h->mq);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Connecting to reclaim service.\n");
+
+ h->mq = GNUNET_CLIENT_connect (h->cfg,
+ "reclaim",
+ handlers,
+ &mq_error_handler,
+ h);
+ if (NULL == h->mq)
+ return;
+ for (op = h->op_head; NULL != op; op = op->next)
+ GNUNET_MQ_send_copy (h->mq,
+ op->env);
+}
+
+
+/**
+ * Connect to the reclaim service.
+ *
+ * @param cfg the configuration to use
+ * @return handle to use
+ */
+struct GNUNET_RECLAIM_Handle *
+GNUNET_RECLAIM_connect (const struct GNUNET_CONFIGURATION_Handle *cfg)
+{
+ struct GNUNET_RECLAIM_Handle *h;
+
+ h = GNUNET_new (struct GNUNET_RECLAIM_Handle);
+ h->cfg = cfg;
+ reconnect (h);
+ if (NULL == h->mq)
+ {
+ GNUNET_free (h);
+ return NULL;
+ }
+ return h;
+}
+
+
+/**
+ * Cancel an operation. Note that the operation MAY still
+ * be executed; this merely cancels the continuation; if the request
+ * was already transmitted, the service may still choose to complete
+ * the operation.
+ *
+ * @param op operation to cancel
+ */
+void
+GNUNET_RECLAIM_cancel (struct GNUNET_RECLAIM_Operation *op)
+{
+ struct GNUNET_RECLAIM_Handle *h = op->h;
+
+ GNUNET_CONTAINER_DLL_remove (h->op_head,
+ h->op_tail,
+ op);
+ free_op (op);
+}
+
+
+/**
+ * Disconnect from service
+ *
+ * @param h handle to destroy
+ */
+void
+GNUNET_RECLAIM_disconnect (struct GNUNET_RECLAIM_Handle *h)
+{
+ GNUNET_assert (NULL != h);
+ if (NULL != h->mq)
+ {
+ GNUNET_MQ_destroy (h->mq);
+ h->mq = NULL;
+ }
+ if (NULL != h->reconnect_task)
+ {
+ GNUNET_SCHEDULER_cancel (h->reconnect_task);
+ h->reconnect_task = NULL;
+ }
+ GNUNET_assert (NULL == h->op_head);
+ GNUNET_free (h);
+}
+
+/**
+ * Store an attribute. If the attribute is already present,
+ * it is replaced with the new attribute.
+ *
+ * @param h handle to the reclaim
+ * @param pkey private key of the identity
+ * @param attr the attribute value
+ * @param exp_interval the relative expiration interval for the attribute
+ * @param cont continuation to call when done
+ * @param cont_cls closure for @a cont
+ * @return handle to abort the request
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_attribute_store (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_Claim *attr,
+ const struct GNUNET_TIME_Relative *exp_interval,
+ GNUNET_RECLAIM_ContinuationWithStatus cont,
+ void *cont_cls)
+{
+ struct GNUNET_RECLAIM_Operation *op;
+ struct AttributeStoreMessage *sam;
+ size_t attr_len;
+
+ op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
+ op->h = h;
+ op->as_cb = cont;
+ op->cls = cont_cls;
+ op->r_id = h->r_id_gen++;
+ GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
+ h->op_tail,
+ op);
+ attr_len = GNUNET_RECLAIM_ATTRIBUTE_serialize_get_size (attr);
+ op->env = GNUNET_MQ_msg_extra (sam,
+ attr_len,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_STORE);
+ sam->identity = *pkey;
+ sam->id = htonl (op->r_id);
+ sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
+
+ GNUNET_RECLAIM_ATTRIBUTE_serialize (attr,
+ (char*)&sam[1]);
+
+ sam->attr_len = htons (attr_len);
+ if (NULL != h->mq)
+ GNUNET_MQ_send_copy (h->mq,
+ op->env);
+ return op;
+
+}
+
+
+/**
+ * List all attributes for a local identity.
+ * This MUST lock the `struct GNUNET_RECLAIM_Handle`
+ * for any other calls than #GNUNET_RECLAIM_get_attributes_next() and
+ * #GNUNET_RECLAIM_get_attributes_stop. @a proc will be called once
+ * immediately, and then again after
+ * #GNUNET_RECLAIM_get_attributes_next() is invoked.
+ *
+ * On error (disconnect), @a error_cb will be invoked.
+ * On normal completion, @a finish_cb proc will be
+ * invoked.
+ *
+ * @param h handle to the idp
+ * @param identity identity to access
+ * @param error_cb function to call on error (i.e. disconnect),
+ * the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param proc function to call on each attribute; it
+ * will be called repeatedly with a value (if available)
+ * @param proc_cls closure for @a proc
+ * @param finish_cb function to call on completion
+ * the handle is afterwards invalid
+ * @param finish_cb_cls closure for @a finish_cb
+ * @return an iterator handle to use for iteration
+ */
+struct GNUNET_RECLAIM_AttributeIterator *
+GNUNET_RECLAIM_get_attributes_start (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ GNUNET_SCHEDULER_TaskCallback error_cb,
+ void *error_cb_cls,
+ GNUNET_RECLAIM_AttributeResult proc,
+ void *proc_cls,
+ GNUNET_SCHEDULER_TaskCallback finish_cb,
+ void *finish_cb_cls)
+{
+ struct GNUNET_RECLAIM_AttributeIterator *it;
+ struct GNUNET_MQ_Envelope *env;
+ struct AttributeIterationStartMessage *msg;
+ uint32_t rid;
+
+ rid = h->r_id_gen++;
+ it = GNUNET_new (struct GNUNET_RECLAIM_AttributeIterator);
+ it->h = h;
+ it->error_cb = error_cb;
+ it->error_cb_cls = error_cb_cls;
+ it->finish_cb = finish_cb;
+ it->finish_cb_cls = finish_cb_cls;
+ it->proc = proc;
+ it->proc_cls = proc_cls;
+ it->r_id = rid;
+ it->identity = *identity;
+ GNUNET_CONTAINER_DLL_insert_tail (h->it_head,
+ h->it_tail,
+ it);
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_START);
+ msg->id = htonl (rid);
+ msg->identity = *identity;
+ if (NULL == h->mq)
+ it->env = env;
+ else
+ GNUNET_MQ_send (h->mq,
+ env);
+ return it;
+}
+
+
+/**
+ * Calls the record processor specified in #GNUNET_RECLAIM_get_attributes_start
+ * for the next record.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_get_attributes_next (struct GNUNET_RECLAIM_AttributeIterator *it)
+{
+ struct GNUNET_RECLAIM_Handle *h = it->h;
+ struct AttributeIterationNextMessage *msg;
+ struct GNUNET_MQ_Envelope *env;
+
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_NEXT);
+ msg->id = htonl (it->r_id);
+ GNUNET_MQ_send (h->mq,
+ env);
+}
+
+
+/**
+ * Stops iteration and releases the idp handle for further calls. Must
+ * be called on any iteration that has not yet completed prior to calling
+ * #GNUNET_RECLAIM_disconnect.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_get_attributes_stop (struct GNUNET_RECLAIM_AttributeIterator *it)
+{
+ struct GNUNET_RECLAIM_Handle *h = it->h;
+ struct GNUNET_MQ_Envelope *env;
+ struct AttributeIterationStopMessage *msg;
+
+ if (NULL != h->mq)
+ {
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ATTRIBUTE_ITERATION_STOP);
+ msg->id = htonl (it->r_id);
+ GNUNET_MQ_send (h->mq,
+ env);
+ }
+ free_it (it);
+}
+
+
+/** TODO
+ * Issues a ticket to another identity. The identity may use
+ * @GNUNET_RECLAIM_authorization_ticket_consume to consume the ticket
+ * and retrieve the attributes specified in the AttributeList.
+ *
+ * @param h the reclaim to use
+ * @param iss the issuing identity
+ * @param rp the subject of the ticket (the relying party)
+ * @param attrs the attributes that the relying party is given access to
+ * @param cb the callback
+ * @param cb_cls the callback closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_issue (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *rp,
+ const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
+ GNUNET_RECLAIM_TicketCallback cb,
+ void *cb_cls)
+{
+ struct GNUNET_RECLAIM_Operation *op;
+ struct IssueTicketMessage *tim;
+ size_t attr_len;
+
+ op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
+ op->h = h;
+ op->tr_cb = cb;
+ op->cls = cb_cls;
+ op->r_id = h->r_id_gen++;
+ GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
+ h->op_tail,
+ op);
+ attr_len = GNUNET_RECLAIM_ATTRIBUTE_list_serialize_get_size (attrs);
+ op->env = GNUNET_MQ_msg_extra (tim,
+ attr_len,
+ GNUNET_MESSAGE_TYPE_RECLAIM_ISSUE_TICKET);
+ tim->identity = *iss;
+ tim->rp = *rp;
+ tim->id = htonl (op->r_id);
+
+ GNUNET_RECLAIM_ATTRIBUTE_list_serialize (attrs,
+ (char*)&tim[1]);
+
+ tim->attr_len = htons (attr_len);
+ if (NULL != h->mq)
+ GNUNET_MQ_send_copy (h->mq,
+ op->env);
+ return op;
+}
+
+/**
+ * Consumes an issued ticket. The ticket is persisted
+ * and used to retrieve identity information from the issuer
+ *
+ * @param h the reclaim to use
+ * @param identity the identity that is the subject of the issued ticket (the relying party)
+ * @param ticket the issued ticket to consume
+ * @param cb the callback to call
+ * @param cb_cls the callback closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_consume (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ GNUNET_RECLAIM_AttributeResult cb,
+ void *cb_cls)
+{
+ struct GNUNET_RECLAIM_Operation *op;
+ struct ConsumeTicketMessage *ctm;
+
+ op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
+ op->h = h;
+ op->ar_cb = cb;
+ op->cls = cb_cls;
+ op->r_id = h->r_id_gen++;
+ GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
+ h->op_tail,
+ op);
+ op->env = GNUNET_MQ_msg_extra (ctm,
+ sizeof (const struct GNUNET_RECLAIM_Ticket),
+ GNUNET_MESSAGE_TYPE_RECLAIM_CONSUME_TICKET);
+ ctm->identity = *identity;
+ ctm->id = htonl (op->r_id);
+
+ GNUNET_memcpy ((char*)&ctm[1],
+ ticket,
+ sizeof (const struct GNUNET_RECLAIM_Ticket));
+
+ if (NULL != h->mq)
+ GNUNET_MQ_send_copy (h->mq,
+ op->env);
+ return op;
+
+}
+
+
+/**
+ * Lists all tickets that have been issued to remote
+ * identites (relying parties)
+ *
+ * @param h the reclaim to use
+ * @param identity the issuing identity
+ * @param error_cb function to call on error (i.e. disconnect),
+ * the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param proc function to call on each ticket; it
+ * will be called repeatedly with a value (if available)
+ * @param proc_cls closure for @a proc
+ * @param finish_cb function to call on completion
+ * the handle is afterwards invalid
+ * @param finish_cb_cls closure for @a finish_cb
+ * @return an iterator handle to use for iteration
+ */
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ GNUNET_SCHEDULER_TaskCallback error_cb,
+ void *error_cb_cls,
+ GNUNET_RECLAIM_TicketCallback proc,
+ void *proc_cls,
+ GNUNET_SCHEDULER_TaskCallback finish_cb,
+ void *finish_cb_cls)
+{
+ struct GNUNET_RECLAIM_TicketIterator *it;
+ struct GNUNET_CRYPTO_EcdsaPublicKey identity_pub;
+ struct GNUNET_MQ_Envelope *env;
+ struct TicketIterationStartMessage *msg;
+ uint32_t rid;
+
+ GNUNET_CRYPTO_ecdsa_key_get_public (identity,
+ &identity_pub);
+ rid = h->r_id_gen++;
+ it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
+ it->h = h;
+ it->error_cb = error_cb;
+ it->error_cb_cls = error_cb_cls;
+ it->finish_cb = finish_cb;
+ it->finish_cb_cls = finish_cb_cls;
+ it->tr_cb = proc;
+ it->cls = proc_cls;
+ it->r_id = rid;
+ GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head,
+ h->ticket_it_tail,
+ it);
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
+ msg->id = htonl (rid);
+ msg->identity = identity_pub;
+ msg->is_audience = htonl (GNUNET_NO);
+ if (NULL == h->mq)
+ it->env = env;
+ else
+ GNUNET_MQ_send (h->mq,
+ env);
+ return it;
+
+}
+
+
+/**
+ * Lists all tickets that have been issued to remote
+ * identites (relying parties)
+ *
+ * @param h the reclaim to use
+ * @param identity the issuing identity
+ * @param error_cb function to call on error (i.e. disconnect),
+ * the handle is afterwards invalid
+ * @param error_cb_cls closure for @a error_cb
+ * @param proc function to call on each ticket; it
+ * will be called repeatedly with a value (if available)
+ * @param proc_cls closure for @a proc
+ * @param finish_cb function to call on completion
+ * the handle is afterwards invalid
+ * @param finish_cb_cls closure for @a finish_cb
+ * @return an iterator handle to use for iteration
+ */
+struct GNUNET_RECLAIM_TicketIterator *
+GNUNET_RECLAIM_ticket_iteration_start_rp (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey *identity,
+ GNUNET_SCHEDULER_TaskCallback error_cb,
+ void *error_cb_cls,
+ GNUNET_RECLAIM_TicketCallback proc,
+ void *proc_cls,
+ GNUNET_SCHEDULER_TaskCallback finish_cb,
+ void *finish_cb_cls)
+{
+ struct GNUNET_RECLAIM_TicketIterator *it;
+ struct GNUNET_MQ_Envelope *env;
+ struct TicketIterationStartMessage *msg;
+ uint32_t rid;
+
+ rid = h->r_id_gen++;
+ it = GNUNET_new (struct GNUNET_RECLAIM_TicketIterator);
+ it->h = h;
+ it->error_cb = error_cb;
+ it->error_cb_cls = error_cb_cls;
+ it->finish_cb = finish_cb;
+ it->finish_cb_cls = finish_cb_cls;
+ it->tr_cb = proc;
+ it->cls = proc_cls;
+ it->r_id = rid;
+ GNUNET_CONTAINER_DLL_insert_tail (h->ticket_it_head,
+ h->ticket_it_tail,
+ it);
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_START);
+ msg->id = htonl (rid);
+ msg->identity = *identity;
+ msg->is_audience = htonl (GNUNET_YES);
+ if (NULL == h->mq)
+ it->env = env;
+ else
+ GNUNET_MQ_send (h->mq,
+ env);
+ return it;
+
+
+}
+
+/**
+ * Calls the record processor specified in #GNUNET_RECLAIM_ticket_iteration_start
+ * for the next record.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_ticket_iteration_next (struct GNUNET_RECLAIM_TicketIterator *it)
+{
+ struct GNUNET_RECLAIM_Handle *h = it->h;
+ struct TicketIterationNextMessage *msg;
+ struct GNUNET_MQ_Envelope *env;
+
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_NEXT);
+ msg->id = htonl (it->r_id);
+ GNUNET_MQ_send (h->mq,
+ env);
+}
+
+
+/**
+ * Stops iteration and releases the idp handle for further calls. Must
+ * be called on any iteration that has not yet completed prior to calling
+ * #GNUNET_RECLAIM_disconnect.
+ *
+ * @param it the iterator
+ */
+void
+GNUNET_RECLAIM_ticket_iteration_stop (struct GNUNET_RECLAIM_TicketIterator *it)
+{
+ struct GNUNET_RECLAIM_Handle *h = it->h;
+ struct GNUNET_MQ_Envelope *env;
+ struct TicketIterationStopMessage *msg;
+
+ if (NULL != h->mq)
+ {
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RECLAIM_TICKET_ITERATION_STOP);
+ msg->id = htonl (it->r_id);
+ GNUNET_MQ_send (h->mq,
+ env);
+ }
+ GNUNET_free (it);
+}
+
+/**
+ * Revoked an issued ticket. The relying party will be unable to retrieve
+ * updated attributes.
+ *
+ * @param h the reclaim to use
+ * @param identity the issuing identity
+ * @param ticket the ticket to revoke
+ * @param cb the callback
+ * @param cb_cls the callback closure
+ * @return handle to abort the operation
+ */
+struct GNUNET_RECLAIM_Operation *
+GNUNET_RECLAIM_ticket_revoke (struct GNUNET_RECLAIM_Handle *h,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *identity,
+ const struct GNUNET_RECLAIM_Ticket *ticket,
+ GNUNET_RECLAIM_ContinuationWithStatus cb,
+ void *cb_cls)
+{
+ struct GNUNET_RECLAIM_Operation *op;
+ struct RevokeTicketMessage *msg;
+ uint32_t rid;
+
+ rid = h->r_id_gen++;
+ op = GNUNET_new (struct GNUNET_RECLAIM_Operation);
+ op->h = h;
+ op->rvk_cb = cb;
+ op->cls = cb_cls;
+ op->r_id = rid;
+ GNUNET_CONTAINER_DLL_insert_tail (h->op_head,
+ h->op_tail,
+ op);
+ op->env = GNUNET_MQ_msg_extra (msg,
+ sizeof (struct GNUNET_RECLAIM_Ticket),
+ GNUNET_MESSAGE_TYPE_RECLAIM_REVOKE_TICKET);
+ msg->id = htonl (rid);
+ msg->identity = *identity;
+ GNUNET_memcpy (&msg[1],
+ ticket,
+ sizeof (struct GNUNET_RECLAIM_Ticket));
+ if (NULL != h->mq) {
+ GNUNET_MQ_send (h->mq,
+ op->env);
+ op->env = NULL;
+ }
+ return op;
+}
+
+
+
+/* end of reclaim_api.c */
--- /dev/null
+#!/bin/bash
+#trap "gnunet-arm -e -c test_reclaim_lookup.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+ LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+ echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+ exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+# (1) PKEY1.user -> PKEY2.resu.user
+# (2) PKEY2.resu -> PKEY3
+# (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+valgrind gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-arm -e -c test_reclaim.conf
--- /dev/null
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+ LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+ echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+ exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+# (1) PKEY1.user -> PKEY2.resu.user
+# (2) PKEY2.resu -> PKEY3
+# (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+ echo "Failed."
+ exit 1
+fi
+
+#curl localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
--- /dev/null
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+ LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+ echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+ exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+# (1) PKEY1.user -> PKEY2.resu.user
+# (2) PKEY2.resu -> PKEY3
+# (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf
+TICKET=$(gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf | awk '{print $1}')
+gnunet-reclaim -e rpego -C $TICKET -c test_reclaim.conf > /dev/null 2>&1
+
+if test $? != 0
+then
+ "Failed."
+ exit 1
+fi
+#curl http://localhost:7776/reclaim/tickets/testego
+gnunet-arm -e -c test_reclaim.conf
--- /dev/null
+@INLINE@ ../../contrib/conf/gnunet/no_forcestart.conf
+
+[PATHS]
+GNUNET_TEST_HOME = $GNUNET_TMP/test-gnunet-idp-testing/
+
+[namestore-sqlite]
+FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db
+
+[namecache-sqlite]
+FILENAME=$GNUNET_TEST_HOME/namecache/namecache.db
+
+[identity]
+# Directory where we store information about our egos
+EGODIR = $GNUNET_TEST_HOME/identity/egos/
+
+[dhtcache]
+DATABASE = heap
+
+[transport]
+PLUGINS = tcp
+
+[transport-tcp]
+BINDTO = 127.0.0.1
+
--- /dev/null
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+ LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+ echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+ exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+# (1) PKEY1.user -> PKEY2.resu.user
+# (2) PKEY2.resu -> PKEY3
+# (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf
+#gnunet-arm -i rest -c test_reclaim.conf
+gnunet-identity -C testego -c test_reclaim.conf
+gnunet-identity -C rpego -c test_reclaim.conf
+SUBJECT_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep rpego | awk '{print $3}')
+TEST_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep testego | awk '{print $3}')
+gnunet-reclaim -e testego -a email -V john@doe.gnu -c test_reclaim.conf > /dev/null 2>&1
+gnunet-reclaim -e testego -a name -V John -c test_reclaim.conf > /dev/null 2>&1
+#gnunet-reclaim -e testego -D -c test_reclaim.conf
+gnunet-reclaim -e testego -i "email,name" -r $SUBJECT_KEY -c test_reclaim.conf > /dev/null 2>&1
+if test $? != 0
+then
+ echo "Failed."
+ exit 1
+fi
+#curl http://localhost:7776/reclaim/attributes/testego
+gnunet-arm -e -c test_reclaim.conf
--- /dev/null
+#!/bin/bash
+trap "gnunet-arm -e -c test_reclaim.conf" SIGINT
+
+LOCATION=$(which gnunet-config)
+if [ -z $LOCATION ]
+then
+ LOCATION="gnunet-config"
+fi
+$LOCATION --version 1> /dev/null
+if test $? != 0
+then
+ echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
+ exit 77
+fi
+
+rm -rf `gnunet-config -c test_reclaim.conf -s PATHS -o GNUNET_HOME -f`
+
+# (1) PKEY1.user -> PKEY2.resu.user
+# (2) PKEY2.resu -> PKEY3
+# (3) PKEY3.user -> PKEY4
+
+
+which timeout &> /dev/null && DO_TIMEOUT="timeout 30"
+
+TEST_ATTR="test"
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+gnunet-identity -C alice -c test_reclaim.conf
+gnunet-identity -C bob -c test_reclaim.conf
+gnunet-identity -C eve -c test_reclaim.conf
+ALICE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep alice | awk '{print $3}')
+BOB_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep bob | awk '{print $3}')
+EVE_KEY=$(gnunet-identity -d -c test_reclaim.conf | grep eve | awk '{print $3}')
+
+gnunet-reclaim -e alice -E 15s -a email -V john@doe.gnu -c test_reclaim.conf
+gnunet-reclaim -e alice -E 15s -a name -V John -c test_reclaim.conf
+TICKET_BOB=$(gnunet-reclaim -e alice -i "email,name" -r $BOB_KEY -c test_reclaim.conf | awk '{print $1}')
+#gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf
+TICKET_EVE=$(gnunet-reclaim -e alice -i "email" -r $EVE_KEY -c test_reclaim.conf | awk '{print $1}')
+
+#echo "Consuming $TICKET"
+#gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf
+gnunet-reclaim -e alice -R $TICKET_EVE -c test_reclaim.conf
+
+#sleep 6
+
+gnunet-reclaim -e eve -C $TICKET_EVE -c test_reclaim.conf 2&>1 >/dev/null
+if test $? == 0
+then
+ echo "Eve can still resolve attributes..."
+ gnunet-arm -e -c test_reclaim.conf
+ exit 1
+fi
+
+gnunet-arm -e -c test_reclaim.conf
+gnunet-arm -s -c test_reclaim.conf 2&>1 > /dev/null
+
+gnunet-reclaim -e bob -C $TICKET_BOB -c test_reclaim.conf 2&>1 >/dev/null
+if test $? != 0
+then
+ echo "Bob cannot resolve attributes..."
+ gnunet-arm -e -c test_reclaim.conf
+ exit 1
+fi
+
+gnunet-arm -e -c test_reclaim.conf
EXTRA_DIST = \
rest.conf
+plugin_LTLIBRARIES = libgnunet_plugin_rest_copying.la
+
+libgnunet_plugin_rest_copying_la_SOURCES = \
+ plugin_rest_copying.c
+libgnunet_plugin_rest_copying_la_LIBADD = \
+ $(top_builddir)/src/rest/libgnunetrest.la \
+ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+ $(LTLIBINTL) -lmicrohttpd
+libgnunet_plugin_rest_copying_la_LDFLAGS = \
+ $(GN_PLUGIN_LDFLAGS)
+
+
gnunet_rest_server_SOURCES = \
gnunet-rest-server.c
--- /dev/null
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2018 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License,
+ or (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @file gns/plugin_rest_copying.c
+ * @brief REST plugin that serves licensing information.
+ *
+ */
+
+#include "platform.h"
+#include "gnunet_rest_plugin.h"
+#include <gnunet_rest_lib.h>
+
+#define GNUNET_REST_API_NS_COPYING "/copying"
+
+#define GNUNET_REST_COPYING_TEXT "GNU Affero General Public License version 3 or later. See also: <http://www.gnu.org/licenses/>"
+
+/**
+ * @brief struct returned by the initialization function of the plugin
+ */
+struct Plugin
+{
+ const struct GNUNET_CONFIGURATION_Handle *cfg;
+};
+
+const struct GNUNET_CONFIGURATION_Handle *cfg;
+
+struct RequestHandle
+{
+ /**
+ * Handle to rest request
+ */
+ struct GNUNET_REST_RequestHandle *rest_handle;
+
+ /**
+ * The plugin result processor
+ */
+ GNUNET_REST_ResultProcessor proc;
+
+ /**
+ * The closure of the result processor
+ */
+ void *proc_cls;
+
+ /**
+ * HTTP response code
+ */
+ int response_code;
+
+};
+
+
+/**
+ * Cleanup request handle.
+ *
+ * @param handle Handle to clean up
+ */
+static void
+cleanup_handle (struct RequestHandle *handle)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Cleaning up\n");
+ GNUNET_free (handle);
+}
+
+
+/**
+ * Task run on shutdown. Cleans up everything.
+ *
+ * @param cls unused
+ * @param tc scheduler context
+ */
+static void
+do_error (void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+
+ resp = GNUNET_REST_create_response (NULL);
+ handle->proc (handle->proc_cls, resp, handle->response_code);
+ cleanup_handle (handle);
+}
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+get_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ resp = GNUNET_REST_create_response (GNUNET_REST_COPYING_TEXT);
+ handle->proc (handle->proc_cls,
+ resp,
+ MHD_HTTP_OK);
+ cleanup_handle (handle);
+}
+
+
+
+/**
+ * Handle rest request
+ *
+ * @param handle the lookup handle
+ */
+static void
+options_cont (struct GNUNET_REST_RequestHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct MHD_Response *resp;
+ struct RequestHandle *handle = cls;
+
+ resp = GNUNET_REST_create_response (NULL);
+ MHD_add_response_header (resp,
+ "Access-Control-Allow-Methods",
+ MHD_HTTP_METHOD_GET);
+ handle->proc (handle->proc_cls,
+ resp,
+ MHD_HTTP_OK);
+ cleanup_handle (handle);
+}
+
+
+/**
+ * Function processing the REST call
+ *
+ * @param method HTTP method
+ * @param url URL of the HTTP request
+ * @param data body of the HTTP request (optional)
+ * @param data_size length of the body
+ * @param proc callback function for the result
+ * @param proc_cls closure for @a proc
+ * @return #GNUNET_OK if request accepted
+ */
+static void
+rest_copying_process_request (struct GNUNET_REST_RequestHandle *conndata_handle,
+ GNUNET_REST_ResultProcessor proc,
+ void *proc_cls)
+{
+ static const struct GNUNET_REST_RequestHandler handlers[] = {
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_COPYING, &get_cont},
+ {MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_COPYING, &options_cont},
+ GNUNET_REST_HANDLER_END
+ };
+ struct RequestHandle *handle = GNUNET_new (struct RequestHandle);
+ struct GNUNET_REST_RequestHandlerError err;
+
+ handle->proc_cls = proc_cls;
+ handle->proc = proc;
+ handle->rest_handle = conndata_handle;
+
+ if (GNUNET_NO == GNUNET_REST_handle_request (conndata_handle,
+ handlers,
+ &err,
+ handle))
+ {
+ handle->response_code = err.error_code;
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ }
+}
+
+
+/**
+ * Entry point for the plugin.
+ *
+ * @param cls the "struct GNUNET_NAMESTORE_PluginEnvironment*"
+ * @return NULL on error, otherwise the plugin context
+ */
+void *
+libgnunet_plugin_rest_copying_init (void *cls)
+{
+ static struct Plugin plugin;
+ cfg = cls;
+ struct GNUNET_REST_Plugin *api;
+
+ if (NULL != plugin.cfg)
+ return NULL; /* can only initialize once! */
+ memset (&plugin, 0, sizeof (struct Plugin));
+ plugin.cfg = cfg;
+ api = GNUNET_new (struct GNUNET_REST_Plugin);
+ api->cls = &plugin;
+ api->name = GNUNET_REST_API_NS_COPYING;
+ api->process_request = &rest_copying_process_request;
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ _("COPYING REST API initialized\n"));
+ return api;
+}
+
+
+/**
+ * Exit point from the plugin.
+ *
+ * @param cls the plugin context (as returned by "init")
+ * @return always NULL
+ */
+void *
+libgnunet_plugin_rest_copying_done (void *cls)
+{
+ struct GNUNET_REST_Plugin *api = cls;
+ struct Plugin *plugin = api->cls;
+
+ plugin->cfg = NULL;
+ GNUNET_free (api);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "COPYING REST plugin is finished\n");
+ return NULL;
+}
+
+/* end of plugin_rest_copying.c */
/**
* How long do we run the test?
*/
-//#define TIMEOUT GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 30)
+static struct GNUNET_TIME_Relative duration;
+
+/**
+ * When do we do a hard shutdown?
+ */
static struct GNUNET_TIME_Relative timeout;
* @brief statistics values
*/
uint64_t stats[STAT_TYPE_MAX];
+ /**
+ * @brief Handle for the statistics get request
+ */
+ struct GNUNET_STATISTICS_GetHandle *h_stat_get[STAT_TYPE_MAX];
};
/**
static int ok;
/**
- * Identifier for the churn task that runs periodically
+ * Identifier for the task that runs after the test to collect results
*/
static struct GNUNET_SCHEDULER_Task *post_test_task;
/**
- * Identifier for the churn task that runs periodically
+ * Identifier for the shutdown task
*/
static struct GNUNET_SCHEDULER_Task *shutdown_task;
+
/**
* Identifier for the churn task that runs periodically
*/
return GNUNET_YES;
}
+static void
+rps_disconnect_adapter (void *cls,
+ void *op_result);
+
+static void
+cancel_pending_req (struct PendingRequest *pending_req)
+{
+ struct RPSPeer *rps_peer;
+
+ rps_peer = pending_req->rps_peer;
+ GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
+ rps_peer->pending_req_tail,
+ pending_req);
+ rps_peer->num_pending_reqs--;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Cancelling pending rps get request\n");
+ GNUNET_SCHEDULER_cancel (pending_req->request_task);
+ GNUNET_free (pending_req);
+}
+
+static void
+cancel_request (struct PendingReply *pending_rep)
+{
+ struct RPSPeer *rps_peer;
+
+ rps_peer = pending_rep->rps_peer;
+ GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
+ rps_peer->pending_rep_tail,
+ pending_rep);
+ rps_peer->num_pending_reps--;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Cancelling rps get reply\n");
+ GNUNET_RPS_request_cancel (pending_rep->req_handle);
+ GNUNET_free (pending_rep);
+}
+
+void
+clean_peer (unsigned peer_index)
+{
+ struct PendingRequest *pending_req;
+
+ while (NULL != (pending_req = rps_peers[peer_index].pending_req_head))
+ {
+ cancel_pending_req (pending_req);
+ }
+ pending_req = rps_peers[peer_index].pending_req_head;
+ rps_disconnect_adapter (&rps_peers[peer_index],
+ &rps_peers[peer_index].rps_handle);
+ for (unsigned stat_type = STAT_TYPE_ROUNDS;
+ stat_type < STAT_TYPE_MAX;
+ stat_type++)
+ {
+ if (NULL != rps_peers[peer_index].h_stat_get[stat_type])
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "(%u) did not yet receive stat value for `%s'\n",
+ rps_peers[peer_index].index,
+ stat_type_2_str (stat_type));
+ GNUNET_STATISTICS_get_cancel (
+ rps_peers[peer_index].h_stat_get[stat_type]);
+ }
+ }
+ if (NULL != rps_peers[peer_index].op)
+ {
+ GNUNET_TESTBED_operation_done (rps_peers[peer_index].op);
+ rps_peers[peer_index].op = NULL;
+ }
+}
+
/**
* Task run on timeout to shut everything down.
*/
shutdown_op (void *cls)
{
unsigned int i;
+ struct OpListEntry *entry;
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Shutdown task scheduled, going down.\n");
in_shutdown = GNUNET_YES;
+
+ if (NULL != shutdown_task)
+ {
+ GNUNET_SCHEDULER_cancel (shutdown_task);
+ shutdown_task = NULL;
+ }
if (NULL != post_test_task)
{
GNUNET_SCHEDULER_cancel (post_test_task);
+ post_test_task = NULL;
}
if (NULL != churn_task)
{
GNUNET_SCHEDULER_cancel (churn_task);
churn_task = NULL;
}
+ entry = oplist_head;
+ while (NULL != (entry = oplist_head))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Operation still pending on shutdown (%u)\n",
+ entry->index);
+ GNUNET_TESTBED_operation_done (entry->op);
+ GNUNET_CONTAINER_DLL_remove (oplist_head, oplist_tail, entry);
+ GNUNET_free (entry);
+ }
for (i = 0; i < num_peers; i++)
{
- if (NULL != rps_peers[i].rps_handle)
- {
- GNUNET_RPS_disconnect (rps_peers[i].rps_handle);
- }
- if (NULL != rps_peers[i].op)
- {
- GNUNET_TESTBED_operation_done (rps_peers[i].op);
- }
+ clean_peer (i);
}
}
+static void
+trigger_shutdown (void *cls)
+{
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Shutdown was triggerd by timeout, going down.\n");
+ shutdown_task = NULL;
+ GNUNET_SCHEDULER_shutdown ();
+}
+
/**
- * Task run on timeout to collect statistics and potentially shut down.
+ * Task run after #duration to collect statistics and potentially shut down.
*/
static void
post_test_op (void *cls)
post_test_task = NULL;
post_test = GNUNET_YES;
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Post test task scheduled, going down.\n");
+ "Post test task scheduled.\n");
if (NULL != churn_task)
{
GNUNET_SCHEDULER_cancel (churn_task);
GNUNET_YES == check_statistics_collect_completed())
{
GNUNET_SCHEDULER_cancel (shutdown_task);
- shutdown_task = GNUNET_SCHEDULER_add_now (&shutdown_op, NULL);
+ shutdown_task = NULL;
GNUNET_SCHEDULER_shutdown ();
}
}
*/
static void
rps_connect_complete_cb (void *cls,
- struct GNUNET_TESTBED_Operation *op,
- void *ca_result,
- const char *emsg)
+ struct GNUNET_TESTBED_Operation *op,
+ void *ca_result,
+ const char *emsg)
{
struct RPSPeer *rps_peer = cls;
struct GNUNET_RPS_Handle *rps = ca_result;
return;
}
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Started client successfully\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Started client successfully (%u)\n",
+ rps_peer->index);
cur_test_run.main_test (rps_peer);
}
*/
static void *
rps_connect_adapter (void *cls,
- const struct GNUNET_CONFIGURATION_Handle *cfg)
+ const struct GNUNET_CONFIGURATION_Handle *cfg)
{
struct GNUNET_RPS_Handle *h;
*/
static void
rps_disconnect_adapter (void *cls,
- void *op_result)
+ void *op_result)
{
struct RPSPeer *peer = cls;
struct GNUNET_RPS_Handle *h = op_result;
+ struct PendingReply *pending_rep;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "disconnect_adapter()\n");
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "disconnect_adapter (%u)\n",
+ peer->index);
GNUNET_assert (NULL != peer);
- GNUNET_RPS_disconnect (h);
- peer->rps_handle = NULL;
+ if (NULL != peer->rps_handle)
+ {
+ while (NULL != (pending_rep = peer->pending_rep_head))
+ {
+ cancel_request (pending_rep);
+ }
+ GNUNET_assert (h == peer->rps_handle);
+ GNUNET_RPS_disconnect (h);
+ peer->rps_handle = NULL;
+ }
}
rps_peer->num_recv_ids++;
}
- if (0 == evaluate () && HAVE_QUICK_QUIT == cur_test_run.have_quick_quit)
+ if (GNUNET_YES != post_test) return;
+ if (HAVE_QUICK_QUIT != cur_test_run.have_quick_quit) return;
+ if (0 == evaluate())
{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Test succeeded before timeout\n");
- GNUNET_assert (NULL != post_test_task);
- GNUNET_SCHEDULER_cancel (post_test_task);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Test succeeded before end of duration\n");
+ if (NULL != post_test_task) GNUNET_SCHEDULER_cancel (post_test_task);
post_test_task = GNUNET_SCHEDULER_add_now (&post_test_op, NULL);
- GNUNET_assert (NULL!= post_test_task);
+ GNUNET_assert (NULL != post_test_task);
}
}
struct RPSPeer *rps_peer;
struct PendingReply *pending_rep;
- if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test)
- return;
rps_peer = pending_req->rps_peer;
GNUNET_assert (1 <= rps_peer->num_pending_reqs);
GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
rps_peer->pending_req_tail,
pending_req);
+ rps_peer->num_pending_reqs--;
+ if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test) return;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Requesting one peer\n");
pending_rep = GNUNET_new (struct PendingReply);
rps_peer->pending_rep_tail,
pending_rep);
rps_peer->num_pending_reps++;
- rps_peer->num_pending_reqs--;
-}
-
-static void
-cancel_pending_req (struct PendingRequest *pending_req)
-{
- struct RPSPeer *rps_peer;
-
- rps_peer = pending_req->rps_peer;
- GNUNET_CONTAINER_DLL_remove (rps_peer->pending_req_head,
- rps_peer->pending_req_tail,
- pending_req);
- rps_peer->num_pending_reqs--;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Cancelling pending request\n");
- GNUNET_SCHEDULER_cancel (pending_req->request_task);
- GNUNET_free (pending_req);
-}
-
-static void
-cancel_request (struct PendingReply *pending_rep)
-{
- struct RPSPeer *rps_peer;
-
- rps_peer = pending_rep->rps_peer;
- GNUNET_CONTAINER_DLL_remove (rps_peer->pending_rep_head,
- rps_peer->pending_rep_tail,
- pending_rep);
- rps_peer->num_pending_reps--;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Cancelling request\n");
- GNUNET_RPS_request_cancel (pending_rep->req_handle);
- GNUNET_free (pending_rep);
}
stat_type < STAT_TYPE_MAX;
stat_type++)
{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Add to sum (%" PRIu64 ") %" PRIu64 " of stat type %u - %s\n",
- sums[stat_type],
- rps_peers[i].stats[stat_type],
- stat_type,
- stat_type_2_str (stat_type));
sums[stat_type] += rps_peers[i].stats[stat_type];
}
}
{
struct STATcls *stat_cls = (struct STATcls *) cls;
struct RPSPeer *rps_peer = stat_cls->rps_peer;
+
+ rps_peer->h_stat_get[stat_cls->stat_type] = NULL;
if (GNUNET_OK == success)
{
/* set flag that we we got the value */
{
const struct STATcls *stat_cls = (const struct STATcls *) cls;
struct RPSPeer *rps_peer = (struct RPSPeer *) stat_cls->rps_peer;
+
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got stat value: %s - %" PRIu64 "\n",
//stat_type_2_str (stat_cls->stat_type),
name,
stat_cls->stat_type = stat_type;
rps_peer->file_name_stats =
store_prefix_file_name (rps_peer->peer_id, "stats");
- GNUNET_STATISTICS_get (rps_peer->stats_h,
- "rps",
- stat_type_2_str (stat_type),
- post_test_shutdown_ready_cb,
- stat_iterator,
- (struct STATcls *) stat_cls);
+ rps_peer->h_stat_get[stat_type] = GNUNET_STATISTICS_get (
+ rps_peer->stats_h,
+ "rps",
+ stat_type_2_str (stat_type),
+ post_test_shutdown_ready_cb,
+ stat_iterator,
+ (struct STATcls *) stat_cls);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Requested statistics for %s (peer %" PRIu32 ")\n",
stat_type_2_str (stat_type),
/* Connect all peers to statistics service */
if (COLLECT_STATISTICS == cur_test_run.have_collect_statistics)
{
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Connecting to statistics service\n");
rps_peers[i].stat_op =
GNUNET_TESTBED_service_connect (NULL,
peers[i],
if (NULL != churn_task)
GNUNET_SCHEDULER_cancel (churn_task);
- post_test_task = GNUNET_SCHEDULER_add_delayed (timeout, &post_test_op, NULL);
- timeout = GNUNET_TIME_relative_multiply (timeout, 1 + (0.1 * num_peers));
- shutdown_task = GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
- shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout, &shutdown_op, NULL);
-
+ post_test_task = GNUNET_SCHEDULER_add_delayed (duration, &post_test_op, NULL);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "timeout for shutdown is %lu\n", timeout.rel_value_us/1000000);
+ shutdown_task = GNUNET_SCHEDULER_add_delayed (timeout,
+ &trigger_shutdown,
+ NULL);
+ GNUNET_SCHEDULER_add_shutdown (shutdown_op, NULL);
}
if (0 == cur_test_run.num_requests) cur_test_run.num_requests = 5;
//cur_test_run.have_churn = HAVE_CHURN;
cur_test_run.have_churn = HAVE_NO_CHURN;
- cur_test_run.have_quick_quit = HAVE_NO_QUICK_QUIT;
+ cur_test_run.have_quick_quit = HAVE_QUICK_QUIT;
cur_test_run.have_collect_statistics = COLLECT_STATISTICS;
cur_test_run.stat_collect_flags = BIT(STAT_TYPE_ROUNDS) |
BIT(STAT_TYPE_BLOCKS) |
/* 'Clean' directory */
(void) GNUNET_DISK_directory_remove ("/tmp/rps/");
GNUNET_DISK_directory_create ("/tmp/rps/");
- if (0 == timeout.rel_value_us)
+ if (0 == duration.rel_value_us)
{
- timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+ if (0 == timeout.rel_value_us)
+ {
+ duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 90);
+ timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+ (90 * 1.2) +
+ (0.01 * num_peers));
+ }
+ else
+ {
+ duration = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+ (timeout.rel_value_us/1000000)
+ * 0.75);
+ }
}
+ else
+ {
+ if (0 == timeout.rel_value_us)
+ {
+ timeout = GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS,
+ ((duration.rel_value_us/1000000)
+ * 1.2) + (0.01 * num_peers));
+ }
+ }
+ GNUNET_assert (duration.rel_value_us < timeout.rel_value_us);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "duration is %lus\n",
+ duration.rel_value_us/1000000);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "timeout is %lus\n",
+ timeout.rel_value_us/1000000);
/* Compute number of bits for representing largest peer id */
for (bits_needed = 1; (1 << bits_needed) < num_peers; bits_needed++)
gettext_noop ("number of peers to start"),
&num_peers),
+ GNUNET_GETOPT_option_relative_time ('d',
+ "duration",
+ "DURATION",
+ gettext_noop ("duration of the profiling"),
+ &duration),
+
GNUNET_GETOPT_option_relative_time ('t',
"timeout",
"TIMEOUT",
GNUNET_free (rps_peers);
GNUNET_free (rps_peer_ids);
GNUNET_CONTAINER_multipeermap_destroy (peer_map);
- printf ("test -1\n");
return ret_value;
}
*/
static struct GNUNET_PeerIdentity own_identity;
+static int in_shutdown = GNUNET_NO;
/**
* @brief Port used for cadet.
*/
#define unset_peer_flag(peer_ctx, mask) ((peer_ctx->peer_flags) &= ~(mask))
-/**
- * Set a channel flag of given channel context.
- */
-#define set_channel_flag(channel_flags, mask) ((*channel_flags) |= (mask))
-
/**
* Get channel flag of given channel context.
*/
const char *type;
};
+/**
+ * @brief Context for a channel
+ */
+struct ChannelCtx;
+
/**
* Struct used to keep track of other peer's status
*
/**
* Channel open to client.
*/
- struct GNUNET_CADET_Channel *send_channel;
-
- /**
- * Flags to the sending channel
- */
- uint32_t *send_channel_flags;
+ struct ChannelCtx *send_channel_ctx;
/**
* Channel open from client.
*/
- struct GNUNET_CADET_Channel *recv_channel; // unneeded?
-
- /**
- * Flags to the receiving channel
- */
- uint32_t *recv_channel_flags;
+ struct ChannelCtx *recv_channel_ctx;
/**
* Array of pending operations on this peer.
struct PendingMessage *pending_messages_head;
struct PendingMessage *pending_messages_tail;
+ /**
+ * @brief Task to destroy this context.
+ */
+ struct GNUNET_SCHEDULER_Task *destruction_task;
+
/**
* This is pobably followed by 'statistical' data (when we first saw
* it, how did we get its ID, how many pushes (in a timeinterval),
void *cls;
};
+/**
+ * @brief Context for a channel
+ */
+struct ChannelCtx
+{
+ /**
+ * @brief Meant to be used in a DLL
+ */
+ struct ChannelCtx *next;
+ struct ChannelCtx *prev;
+
+ /**
+ * @brief The channel itself
+ */
+ struct GNUNET_CADET_Channel *channel;
+
+ /**
+ * @brief The peer context associated with the channel
+ */
+ struct PeerContext *peer_ctx;
+
+ /**
+ * @brief Scheduled task that will destroy this context
+ */
+ struct GNUNET_SCHEDULER_Task *destruction_task;
+};
+
/**
* @brief Hashmap of valid peers.
*/
ctx = GNUNET_new (struct PeerContext);
ctx->peer_id = *peer;
- ctx->send_channel_flags = GNUNET_new (uint32_t);
- ctx->recv_channel_flags = GNUNET_new (uint32_t);
ret = GNUNET_CONTAINER_multipeermap_put (peer_map, peer, ctx,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
GNUNET_assert (GNUNET_OK == ret);
/* Get the context */
peer_ctx = get_peer_ctx (peer);
/* If we have no channel to this peer we don't know whether it's online */
- if ( (NULL == peer_ctx->send_channel) &&
- (NULL == peer_ctx->recv_channel) )
+ if ( (NULL == peer_ctx->send_channel_ctx) &&
+ (NULL == peer_ctx->recv_channel_ctx) )
{
Peers_unset_peer_flag (peer, Peers_ONLINE);
return GNUNET_NO;
/* End declaration of handlers */
+/**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx);
+
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx);
+
/**
* @brief Get the channel of a peer. If not existing, create.
peer_ctx = get_peer_ctx (peer);
- if (NULL == peer_ctx->send_channel)
+ if (NULL == peer_ctx->send_channel_ctx)
{
LOG (GNUNET_ERROR_TYPE_DEBUG,
"Trying to establish channel to peer %s\n",
GNUNET_i2s (peer));
ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
*ctx_peer = *peer;
- peer_ctx->send_channel =
+ peer_ctx->send_channel_ctx = add_channel_ctx (peer_ctx);
+ peer_ctx->send_channel_ctx->channel =
GNUNET_CADET_channel_create (cadet_handle,
- (struct GNUNET_PeerIdentity *) ctx_peer, /* context */
+ peer_ctx->send_channel_ctx, /* context */
peer,
&port,
GNUNET_CADET_OPTION_RELIABLE,
cleanup_destroyed_channel, /* Disconnect handler */
cadet_handlers);
}
- GNUNET_assert (NULL != peer_ctx->send_channel);
- return peer_ctx->send_channel;
+ GNUNET_assert (NULL != peer_ctx->send_channel_ctx);
+ GNUNET_assert (NULL != peer_ctx->send_channel_ctx->channel);
+ return peer_ctx->send_channel_ctx->channel;
}
*/
void
Peers_initialise (char* fn_valid_peers,
- struct GNUNET_CADET_Handle *cadet_h,
- const struct GNUNET_PeerIdentity *own_id)
+ struct GNUNET_CADET_Handle *cadet_h)
{
filename_valid_peers = GNUNET_strdup (fn_valid_peers);
cadet_handle = cadet_h;
- own_identity = *own_id;
peer_map = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
valid_peers = GNUNET_CONTAINER_multipeermap_create (4, GNUNET_NO);
restore_valid_peers ();
* @param peer the new #GNUNET_PeerIdentity
*
* @return #GNUNET_YES if peer was inserted
- * #GNUNET_NO otherwise (if peer was already known or
- * peer was #own_identity)
+ * #GNUNET_NO otherwise
*/
int
Peers_insert_peer (const struct GNUNET_PeerIdentity *peer)
{
- if ( (GNUNET_YES == Peers_check_peer_known (peer)) ||
- (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity)) )
+ if (GNUNET_YES == Peers_check_peer_known (peer))
{
return GNUNET_NO; /* We already know this peer - nothing to do */
}
*
* @param peer the peer whose liveliness is to be checked
* @return #GNUNET_YES if peer had to be inserted
- * #GNUNET_NO otherwise (if peer was already known or
- * peer was #own_identity)
+ * #GNUNET_NO otherwise
*/
int
Peers_issue_peer_liveliness_check (const struct GNUNET_PeerIdentity *peer)
struct PeerContext *peer_ctx;
int ret;
- if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
- {
- return GNUNET_NO;
- }
ret = Peers_insert_peer (peer);
peer_ctx = get_peer_ctx (peer);
- if (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE))
+ if ( (GNUNET_NO == Peers_check_peer_flag (peer, Peers_ONLINE)) &&
+ (NULL == peer_ctx->liveliness_check_pending) )
{
check_peer_live (peer_ctx);
}
}
peer_ctx = get_peer_ctx (peer);
- if ( (NULL != peer_ctx->recv_channel) ||
+ if ( (NULL != peer_ctx->recv_channel_ctx) ||
(NULL != peer_ctx->pending_messages_head) ||
(GNUNET_NO == check_peer_flag_set (peer_ctx, Peers_PULL_REPLY_PENDING)) )
{
int
Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags);
+/**
+ * @brief Callback for the scheduler to destroy the knowledge of a peer.
+ *
+ * @param cls Context of the peer
+ */
+static void
+destroy_peer (void *cls)
+{
+ struct PeerContext *peer_ctx = cls;
+
+ GNUNET_assert (NULL != peer_ctx);
+ peer_ctx->destruction_task = NULL;
+ Peers_remove_peer (&peer_ctx->peer_id);
+}
+
+static void
+destroy_channel (void *cls);
+
+
+/**
+ * @brief Schedule the destruction of the given channel.
+ *
+ * Do so only if it was not already scheduled and not during shutdown.
+ *
+ * @param channel_ctx The context of the channel to destroy.
+ */
+static void
+schedule_channel_destruction (struct ChannelCtx *channel_ctx)
+{
+ GNUNET_assert (NULL != channel_ctx);
+ if (NULL != channel_ctx->destruction_task &&
+ GNUNET_NO == in_shutdown)
+ {
+ channel_ctx->destruction_task =
+ GNUNET_SCHEDULER_add_now (destroy_channel, channel_ctx);
+ }
+}
+
+
+/**
+ * @brief Schedule the destruction of the given peer.
+ *
+ * Do so only if it was not already scheduled and not during shutdown.
+ *
+ * @param peer_ctx The context of the peer to destroy.
+ */
+static void
+schedule_peer_destruction (struct PeerContext *peer_ctx)
+{
+ GNUNET_assert (NULL != peer_ctx);
+ if (NULL != peer_ctx->destruction_task &&
+ GNUNET_NO == in_shutdown)
+ {
+ peer_ctx->destruction_task =
+ GNUNET_SCHEDULER_add_now (destroy_peer, peer_ctx);
+ }
+}
+
+
/**
* @brief Remove peer
*
Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
{
struct PeerContext *peer_ctx;
- uint32_t *channel_flag;
+
+ GNUNET_assert (NULL != peer_map);
if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (peer_map, peer))
{
GNUNET_i2s (&peer_ctx->peer_id));
Peers_unset_peer_flag (peer, Peers_ONLINE);
+ /* Clear list of pending operations */
+ // TODO this probably leaks memory
+ // ('only' the cls to the function. Not sure what to do with it)
GNUNET_array_grow (peer_ctx->pending_ops, peer_ctx->num_pending_ops, 0);
+
+ /* Remove all pending messages */
while (NULL != peer_ctx->pending_messages_head)
{
LOG (GNUNET_ERROR_TYPE_DEBUG,
peer_ctx->liveliness_check_pending,
sizeof (struct PendingMessage))) )
{
+ // TODO this may leak memory
peer_ctx->liveliness_check_pending = NULL;
}
remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES);
}
+
/* If we are still waiting for notification whether this peer is live
* cancel the according task */
if (NULL != peer_ctx->liveliness_check_pending)
remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES);
peer_ctx->liveliness_check_pending = NULL;
}
- channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
- if (NULL != peer_ctx->send_channel &&
- GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+
+
+ /* Do we still have to wait for destruction of channels
+ * or issue the destruction? */
+ if (NULL != peer_ctx->send_channel_ctx &&
+ NULL != peer_ctx->send_channel_ctx->destruction_task
+ )
{
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Destroying send channel\n");
- GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
- peer_ctx->send_channel = NULL;
- peer_ctx->mq = NULL;
+ schedule_peer_destruction (peer_ctx);
+ return GNUNET_NO;
}
- channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
- if (NULL != peer_ctx->recv_channel &&
- GNUNET_YES != Peers_check_channel_flag (channel_flag, Peers_CHANNEL_DESTROING))
+ if (NULL != peer_ctx->recv_channel_ctx &&
+ NULL != peer_ctx->recv_channel_ctx->destruction_task)
{
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Destroying recv channel\n");
- GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
- peer_ctx->recv_channel = NULL;
+ schedule_peer_destruction (peer_ctx);
+ return GNUNET_NO;
+ }
+ if (NULL != peer_ctx->recv_channel_ctx)
+ {
+ schedule_channel_destruction (peer_ctx->recv_channel_ctx);
+ schedule_peer_destruction (peer_ctx);
+ return GNUNET_NO;
+ }
+ if (NULL != peer_ctx->send_channel_ctx)
+ {
+ schedule_channel_destruction (peer_ctx->send_channel_ctx);
+ schedule_peer_destruction (peer_ctx);
+ return GNUNET_NO;
}
- GNUNET_free (peer_ctx->send_channel_flags);
- GNUNET_free (peer_ctx->recv_channel_flags);
+ if (NULL != peer_ctx->destruction_task)
+ {
+ GNUNET_SCHEDULER_cancel (peer_ctx->destruction_task);
+ }
if (GNUNET_YES != GNUNET_CONTAINER_multipeermap_remove_all (peer_map, &peer_ctx->peer_id))
{
return GNUNET_YES;
}
-
/**
* @brief set flags on a given peer.
*
return check_peer_flag_set (peer_ctx, flags);
}
-
-/**
- * @brief set flags on a given channel.
- *
- * @param channel the channel to set flags on
- * @param flags the flags
- */
-void
-Peers_set_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
- set_channel_flag (channel_flags, flags);
-}
-
-
-/**
- * @brief unset flags on a given channel.
- *
- * @param channel the channel to unset flags on
- * @param flags the flags
- */
-void
-Peers_unset_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
- unset_channel_flag (channel_flags, flags);
-}
-
-
-/**
- * @brief Check whether flags on a channel are set.
- *
- * @param channel the channel to check the flag of
- * @param flags the flags to check
- *
- * @return #GNUNET_YES if all given flags are set
- * #GNUNET_NO otherwise
- */
-int
-Peers_check_channel_flag (uint32_t *channel_flags, enum Peers_ChannelFlags flags)
-{
- return check_channel_flag_set (channel_flags, flags);
-}
-
-/**
- * @brief Get the flags for the channel in @a role for @a peer.
- *
- * @param peer Peer to get the channel flags for.
- * @param role Role of channel to get flags for
- *
- * @return The flags.
- */
-uint32_t *
-Peers_get_channel_flag (const struct GNUNET_PeerIdentity *peer,
- enum Peers_ChannelRole role)
-{
- const struct PeerContext *peer_ctx;
-
- peer_ctx = get_peer_ctx (peer);
- if (Peers_CHANNEL_ROLE_SENDING == role)
- {
- return peer_ctx->send_channel_flags;
- }
- else if (Peers_CHANNEL_ROLE_RECEIVING == role)
- {
- return peer_ctx->recv_channel_flags;
- }
- else
- {
- GNUNET_assert (0);
- }
-}
-
/**
* @brief Check whether we have information about the given peer.
*
const struct PeerContext *peer_ctx;
peer_ctx = get_peer_ctx (peer);
- if (NULL != peer_ctx->recv_channel)
+ if (NULL != peer_ctx->recv_channel_ctx)
{
return GNUNET_YES;
}
{
struct PeerContext *peer_ctx;
struct GNUNET_PeerIdentity *ctx_peer;
+ struct ChannelCtx *channel_ctx;
LOG (GNUNET_ERROR_TYPE_DEBUG,
"New channel was established to us (Peer %s).\n",
set_peer_live (peer_ctx);
ctx_peer = GNUNET_new (struct GNUNET_PeerIdentity);
*ctx_peer = *initiator;
+ channel_ctx = add_channel_ctx (peer_ctx);
+ channel_ctx->channel = channel;
/* We only accept one incoming channel per peer */
if (GNUNET_YES == Peers_check_peer_send_intention (initiator))
{
- set_channel_flag (peer_ctx->recv_channel_flags,
- Peers_CHANNEL_ESTABLISHED_TWICE);
- //GNUNET_CADET_channel_destroy (channel);
- GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
- peer_ctx->recv_channel = channel;
+ LOG (GNUNET_ERROR_TYPE_WARNING,
+ "Already got one receive channel. Destroying old one.\n");
+ GNUNET_break_op (0);
+ GNUNET_CADET_channel_destroy (peer_ctx->recv_channel_ctx->channel);
+ remove_channel_ctx (peer_ctx->recv_channel_ctx);
+ peer_ctx->recv_channel_ctx = channel_ctx;
/* return the channel context */
- return ctx_peer;
+ return channel_ctx;
}
- peer_ctx->recv_channel = channel;
- return ctx_peer;
+ peer_ctx->recv_channel_ctx = channel_ctx;
+ return channel_ctx;
}
return GNUNET_NO;
}
peer_ctx = get_peer_ctx (peer);
- if (NULL == peer_ctx->send_channel)
+ if (NULL == peer_ctx->send_channel_ctx)
{
return GNUNET_NO;
}
}
peer_ctx = get_peer_ctx (peer);
if ( (Peers_CHANNEL_ROLE_SENDING == role) &&
- (channel == peer_ctx->send_channel) )
+ (NULL != peer_ctx->send_channel_ctx) &&
+ (channel == peer_ctx->send_channel_ctx->channel) )
{
return GNUNET_YES;
}
if ( (Peers_CHANNEL_ROLE_RECEIVING == role) &&
- (channel == peer_ctx->recv_channel) )
+ (NULL != peer_ctx->recv_channel_ctx) &&
+ (channel == peer_ctx->recv_channel_ctx->channel) )
{
return GNUNET_YES;
}
return GNUNET_NO;
}
peer_ctx = get_peer_ctx (peer);
- if (NULL != peer_ctx->send_channel)
+ if (NULL != peer_ctx->send_channel_ctx)
{
- set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_CLEAN);
- GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
- peer_ctx->send_channel = NULL;
- peer_ctx->mq = NULL;
+ schedule_channel_destruction (peer_ctx->send_channel_ctx);
(void) Peers_check_connected (peer);
return GNUNET_YES;
}
return GNUNET_NO;
}
+/**
+ * @brief Callback for scheduler to destroy a channel
+ *
+ * @param cls Context of the channel
+ */
+static void
+destroy_channel (void *cls)
+{
+ struct ChannelCtx *channel_ctx = cls;
+ struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+
+ GNUNET_assert (channel_ctx == peer_ctx->send_channel_ctx ||
+ channel_ctx == peer_ctx->recv_channel_ctx);
+
+ channel_ctx->destruction_task = NULL;
+ GNUNET_CADET_channel_destroy (channel_ctx->channel);
+ remove_channel_ctx (peer_ctx->send_channel_ctx);
+}
+
/**
* This is called when a channel is destroyed.
*
Peers_cleanup_destroyed_channel (void *cls,
const struct GNUNET_CADET_Channel *channel)
{
- struct GNUNET_PeerIdentity *peer = cls;
- struct PeerContext *peer_ctx;
+ struct ChannelCtx *channel_ctx = cls;
+ const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
+ struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
if (GNUNET_NO == Peers_check_peer_known (peer))
{/* We don't want to implicitly create a context that we're about to kill */
- LOG (GNUNET_ERROR_TYPE_DEBUG,
+ LOG (GNUNET_ERROR_TYPE_WARNING,
"channel (%s) without associated context was destroyed\n",
GNUNET_i2s (peer));
return;
}
- peer_ctx = get_peer_ctx (peer);
/* If our peer issued the destruction of the channel, the #Peers_TO_DESTROY
* flag will be set. In this case simply make sure that the channels are
* cleaned. */
- /* FIXME This distinction seems to be redundant */
- if (Peers_check_peer_flag (peer, Peers_TO_DESTROY))
- {/* We initiatad the destruction of this particular peer */
+ /* The distinction seems to be redundant */
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Peer is NOT in the process of being destroyed\n");
+ if ( (NULL != peer_ctx->send_channel_ctx) &&
+ (channel == peer_ctx->send_channel_ctx->channel) )
+ { /* Something (but us) killd the channel - clean up peer */
LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Peer is in the process of being destroyed\n");
- if (channel == peer_ctx->send_channel)
- {
- peer_ctx->send_channel = NULL;
- peer_ctx->mq = NULL;
- }
- else if (channel == peer_ctx->recv_channel)
- {
- peer_ctx->recv_channel = NULL;
- }
-
- if (NULL != peer_ctx->send_channel)
- {
- GNUNET_CADET_channel_destroy (peer_ctx->send_channel);
- peer_ctx->send_channel = NULL;
- peer_ctx->mq = NULL;
- }
- if (NULL != peer_ctx->recv_channel)
- {
- GNUNET_CADET_channel_destroy (peer_ctx->recv_channel);
- peer_ctx->recv_channel = NULL;
- }
- /* Set the #Peers_ONLINE flag accordingly */
- (void) Peers_check_connected (peer);
- return;
+ "send channel (%s) was destroyed - cleaning up\n",
+ GNUNET_i2s (peer));
+ remove_channel_ctx (peer_ctx->send_channel_ctx);
}
-
- else
- { /* We did not initiate the destruction of this peer */
+ else if ( (NULL != peer_ctx->recv_channel_ctx) &&
+ (channel == peer_ctx->recv_channel_ctx->channel) )
+ { /* Other peer doesn't want to send us messages anymore */
LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Peer is NOT in the process of being destroyed\n");
- if (channel == peer_ctx->send_channel)
- { /* Something (but us) killd the channel - clean up peer */
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "send channel (%s) was destroyed - cleaning up\n",
- GNUNET_i2s (peer));
- peer_ctx->send_channel = NULL;
- peer_ctx->mq = NULL;
- }
- else if (channel == peer_ctx->recv_channel)
- { /* Other peer doesn't want to send us messages anymore */
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Peer %s destroyed recv channel - cleaning up channel\n",
- GNUNET_i2s (peer));
- peer_ctx->recv_channel = NULL;
- }
- else
- {
- LOG (GNUNET_ERROR_TYPE_WARNING,
- "unknown channel (%s) was destroyed\n",
- GNUNET_i2s (peer));
- }
+ "Peer %s destroyed recv channel - cleaning up channel\n",
+ GNUNET_i2s (peer));
+ remove_channel_ctx (peer_ctx->send_channel_ctx);
+ }
+ else
+ {
+ LOG (GNUNET_ERROR_TYPE_WARNING,
+ "unknown channel (%s) was destroyed\n",
+ GNUNET_i2s (peer));
}
(void) Peers_check_connected (peer);
}
struct PeerPendingOp pending_op;
struct PeerContext *peer_ctx;
- if (0 == GNUNET_CRYPTO_cmp_peer_identity (peer, &own_identity))
- {
- return GNUNET_NO;
- }
GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
//TODO if LIVE/ONLINE execute immediately
GNUNET_assert (GNUNET_YES == Peers_check_peer_known (peer));
peer_ctx = get_peer_ctx (peer);
- return peer_ctx->recv_channel;
+ return peer_ctx->recv_channel_ctx->channel;
}
/***********************************************************************
* /Old gnunet-service-rps_peers.c
Peers_send_message (peer_id, ev, "PULL REPLY");
GNUNET_STATISTICS_update(stats, "# pull reply send issued", 1, GNUNET_NO);
+ // TODO check with send intention: as send_channel is used/opened we indicate
+ // a sending intention without intending it.
+ // -> clean peer afterwards?
}
CustomPeerMap_remove_peer (push_map, peer);
RPS_sampler_reinitialise_by_value (prot_sampler, peer);
RPS_sampler_reinitialise_by_value (client_sampler, peer);
- Peers_remove_peer (peer);
+ schedule_peer_destruction (get_peer_ctx (peer));
}
}
}
+/**
+ * @brief Allocate memory for a new channel context and insert it into DLL
+ *
+ * @param peer_ctx context of the according peer
+ *
+ * @return The channel context
+ */
+static struct ChannelCtx *
+add_channel_ctx (struct PeerContext *peer_ctx)
+{
+ struct ChannelCtx *channel_ctx;
+ channel_ctx = GNUNET_new (struct ChannelCtx);
+ channel_ctx->peer_ctx = peer_ctx;
+ return channel_ctx;
+}
+
+/**
+ * @brief Remove the channel context from the DLL and free the memory.
+ *
+ * @param channel_ctx The channel context.
+ */
+static void
+remove_channel_ctx (struct ChannelCtx *channel_ctx)
+{
+ struct PeerContext *peer_ctx = channel_ctx->peer_ctx;
+ if (NULL != channel_ctx->destruction_task)
+ {
+ GNUNET_SCHEDULER_cancel (channel_ctx->destruction_task);
+ }
+ GNUNET_free (channel_ctx);
+
+ if (channel_ctx == peer_ctx->send_channel_ctx)
+ {
+ peer_ctx->send_channel_ctx = NULL;
+ peer_ctx->mq = NULL;
+ }
+ else if (channel_ctx == peer_ctx->recv_channel_ctx)
+ {
+ peer_ctx->recv_channel_ctx = NULL;
+ }
+ else
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "Trying to remove channel_ctx that is not associated with a peer\n");
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "\trecv: %p\n", peer_ctx->recv_channel_ctx);
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "\tsend: %p\n", peer_ctx->send_channel_ctx);
+ GNUNET_assert (0);
+ }
+}
+
/**
* @brief This is called when a channel is destroyed.
*
cleanup_destroyed_channel (void *cls,
const struct GNUNET_CADET_Channel *channel)
{
- struct GNUNET_PeerIdentity *peer = cls;
- uint32_t *channel_flag;
+ struct ChannelCtx *channel_ctx = cls;
+ struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
struct PeerContext *peer_ctx;
GNUNET_assert (NULL != peer);
LOG (GNUNET_ERROR_TYPE_WARNING,
"channel (%s) without associated context was destroyed\n",
GNUNET_i2s (peer));
- GNUNET_free (peer);
+ remove_channel_ctx (channel_ctx);
return;
}
peer_ctx = get_peer_ctx (peer);
- if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
- {
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Callback on destruction of recv-channel was called (%s)\n",
- GNUNET_i2s (peer));
- set_channel_flag (peer_ctx->recv_channel_flags, Peers_CHANNEL_DESTROING);
- } else if (GNUNET_YES == Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
- {
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Callback on destruction of send-channel was called (%s)\n",
- GNUNET_i2s (peer));
- set_channel_flag (peer_ctx->send_channel_flags, Peers_CHANNEL_DESTROING);
- } else {
- LOG (GNUNET_ERROR_TYPE_ERROR,
- "Channel to be destroyed has is neither sending nor receiving role\n");
- }
- if (GNUNET_YES == Peers_check_peer_flag (peer, Peers_TO_DESTROY))
- { /* We are in the middle of removing that peer from our knowledge. In this
- case simply make sure that the channels are cleaned. */
- Peers_cleanup_destroyed_channel (cls, channel);
- to_file (file_name_view_log,
- "-%s\t(cleanup channel, ourself)",
- GNUNET_i2s_full (peer));
- GNUNET_free (peer);
- return;
- }
+ // What should be done here:
+ // * cleanup everything related to the channel
+ // * memory
+ // * remove peer if necessary
- if (GNUNET_YES ==
- Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_SENDING))
- { /* Channel used for sending was destroyed */
- /* Possible causes of channel destruction:
- * - ourselves -> cleaning send channel -> clean context
- * - other peer -> peer probably went down -> remove
- */
- channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
- if (GNUNET_YES == Peers_check_channel_flag (channel_flag, Peers_CHANNEL_CLEAN))
- { /* We are about to clean the sending channel. Clean the respective
- * context */
- Peers_cleanup_destroyed_channel (cls, channel);
- GNUNET_free (peer);
- return;
- }
- else
- { /* Other peer destroyed our sending channel that it is supposed to keep
- * open. It probably went down. Remove it from our knowledge. */
- Peers_cleanup_destroyed_channel (cls, channel);
- remove_peer (peer);
- GNUNET_free (peer);
- return;
- }
- }
- else if (GNUNET_YES ==
- Peers_check_channel_role (peer, channel, Peers_CHANNEL_ROLE_RECEIVING))
- { /* Channel used for receiving was destroyed */
- /* Possible causes of channel destruction:
- * - ourselves -> peer tried to establish channel twice -> clean context
- * - other peer -> peer doesn't want to send us data -> clean
- */
- channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_RECEIVING);
- if (GNUNET_YES ==
- Peers_check_channel_flag (channel_flag, Peers_CHANNEL_ESTABLISHED_TWICE))
- { /* Other peer tried to establish a channel to us twice. We do not accept
- * that. Clean the context. */
- Peers_cleanup_destroyed_channel (cls, channel);
- GNUNET_free (peer);
- return;
- }
- else
- { /* Other peer doesn't want to send us data anymore. We are free to clean
- * it. */
- Peers_cleanup_destroyed_channel (cls, channel);
- clean_peer (peer);
- GNUNET_free (peer);
- return;
- }
+ if (peer_ctx->recv_channel_ctx == channel_ctx)
+ {
+ remove_channel_ctx (channel_ctx);
}
- else
+ else if (peer_ctx->send_channel_ctx == channel_ctx)
{
- LOG (GNUNET_ERROR_TYPE_WARNING,
- "Destroyed channel is neither sending nor receiving channel\n");
+ remove_channel_ctx (channel_ctx);
+ remove_peer (&peer_ctx->peer_id);
}
- GNUNET_free (peer);
}
/***********************************************************************
num_peers = ntohl (msg->num_peers);
peers = (struct GNUNET_PeerIdentity *) &msg[1];
- //peers = GNUNET_new_array (num_peers, struct GNUNET_PeerIdentity);
- //GNUNET_memcpy (peers, &msg[1], num_peers * sizeof (struct GNUNET_PeerIdentity));
LOG (GNUNET_ERROR_TYPE_DEBUG,
"Client seeded peers:\n");
got_peer (&peers[i]);
}
-
- ////GNUNET_free (peers);
-
GNUNET_SERVICE_client_continue (cli_ctx->client);
}
handle_peer_check (void *cls,
const struct GNUNET_MessageHeader *msg)
{
- const struct GNUNET_PeerIdentity *peer = cls;
+ const struct ChannelCtx *channel_ctx = cls;
+ const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
LOG (GNUNET_ERROR_TYPE_DEBUG,
"Received CHECK_LIVE (%s)\n", GNUNET_i2s (peer));
- GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+ GNUNET_CADET_receive_done (channel_ctx->channel);
}
/**
handle_peer_push (void *cls,
const struct GNUNET_MessageHeader *msg)
{
- const struct GNUNET_PeerIdentity *peer = cls;
+ const struct ChannelCtx *channel_ctx = cls;
+ const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
// (check the proof of work (?))
CustomPeerMap_put (push_map, peer);
GNUNET_break_op (Peers_check_peer_known (peer));
- GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+ GNUNET_CADET_receive_done (channel_ctx->channel);
}
handle_peer_pull_request (void *cls,
const struct GNUNET_MessageHeader *msg)
{
- struct GNUNET_PeerIdentity *peer = cls;
+ const struct ChannelCtx *channel_ctx = cls;
+ const struct GNUNET_PeerIdentity *peer = &channel_ctx->peer_ctx->peer_id;
const struct GNUNET_PeerIdentity *view_array;
LOG (GNUNET_ERROR_TYPE_DEBUG, "Received PULL REQUEST (%s)\n", GNUNET_i2s (peer));
#endif /* ENABLE_MALICIOUS */
GNUNET_break_op (Peers_check_peer_known (peer));
- GNUNET_CADET_receive_done (Peers_get_recv_channel (peer));
+ GNUNET_CADET_receive_done (channel_ctx->channel);
view_array = View_get_as_array ();
send_pull_reply (peer, view_array, View_size ());
}
if (GNUNET_YES != Peers_check_peer_flag (sender, Peers_PULL_REPLY_PENDING))
{
LOG (GNUNET_ERROR_TYPE_WARNING,
- "Received a pull reply from a peer we didn't request one from!\n");
+ "Received a pull reply from a peer (%s) we didn't request one from!\n",
+ GNUNET_i2s (sender));
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
handle_peer_pull_reply (void *cls,
const struct GNUNET_RPS_P2P_PullReplyMessage *msg)
{
+ const struct ChannelCtx *channel_ctx = cls;
+ const struct GNUNET_PeerIdentity *sender = &channel_ctx->peer_ctx->peer_id;
const struct GNUNET_PeerIdentity *peers;
- struct GNUNET_PeerIdentity *sender = cls;
uint32_t i;
#ifdef ENABLE_MALICIOUS
struct AttackedPeer *tmp_att_peer;
if (GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (att_peer_set,
&peers[i])
&& GNUNET_NO == GNUNET_CONTAINER_multipeermap_contains (mal_peer_set,
- &peers[i])
- && 0 != GNUNET_CRYPTO_cmp_peer_identity (&peers[i],
- &own_identity))
+ &peers[i]))
{
tmp_att_peer = GNUNET_new (struct AttackedPeer);
tmp_att_peer->peer_id = peers[i];
continue;
}
#endif /* ENABLE_MALICIOUS */
- if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity,
- &peers[i]))
- {
- /* Make sure we 'know' about this peer */
- (void) Peers_insert_peer (&peers[i]);
+ /* Make sure we 'know' about this peer */
+ (void) Peers_insert_peer (&peers[i]);
- if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
- {
- CustomPeerMap_put (pull_map, &peers[i]);
- }
- else
- {
- Peers_schedule_operation (&peers[i], insert_in_pull_map);
- (void) Peers_issue_peer_liveliness_check (&peers[i]);
- }
+ if (GNUNET_YES == Peers_check_peer_valid (&peers[i]))
+ {
+ CustomPeerMap_put (pull_map, &peers[i]);
+ }
+ else
+ {
+ Peers_schedule_operation (&peers[i], insert_in_pull_map);
+ (void) Peers_issue_peer_liveliness_check (&peers[i]);
}
}
clean_peer (sender);
GNUNET_break_op (Peers_check_peer_known (sender));
- GNUNET_CADET_receive_done (Peers_get_recv_channel (sender));
+ GNUNET_CADET_receive_done (channel_ctx->channel);
}
for (i = 0; i < a_peers; i++)
{
peer = view_array[permut[i]];
- if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer)) // TODO
- { // FIXME if this fails schedule/loop this for later
- send_push (&peer);
- }
+ // FIXME if this fails schedule/loop this for later
+ send_push (&peer);
}
/* Send PULL requests */
for (i = first_border; i < second_border; i++)
{
peer = view_array[permut[i]];
- if (0 != GNUNET_CRYPTO_cmp_peer_identity (&own_identity, &peer) &&
- GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING)) // TODO
+ if ( GNUNET_NO == Peers_check_peer_flag (&peer, Peers_PULL_REPLY_PENDING))
{ // FIXME if this fails schedule/loop this for later
send_pull_request (&peer);
}
"-%s",
GNUNET_i2s_full (&peers_to_clean[i]));
clean_peer (&peers_to_clean[i]);
- //peer_destroy_channel_send (sender);
}
GNUNET_array_grow (peers_to_clean, peers_to_clean_size, 0);
GNUNET_i2s (update_peer));
insert_in_sampler (NULL, update_peer);
clean_peer (update_peer); /* This cleans only if it is not in the view */
- //peer_destroy_channel_send (sender);
}
for (i = 0; i < CustomPeerMap_size (pull_map); i++)
insert_in_sampler (NULL, CustomPeerMap_get_peer_by_index (pull_map, i));
/* This cleans only if it is not in the view */
clean_peer (CustomPeerMap_get_peer_by_index (pull_map, i));
- //peer_destroy_channel_send (sender);
}
struct ClientContext *client_ctx;
struct ReplyCls *reply_cls;
+ in_shutdown = GNUNET_YES;
+
LOG (GNUNET_ERROR_TYPE_DEBUG,
"RPS is going down\n");
NULL, /* WindowSize handler */
cleanup_destroyed_channel, /* Disconnect handler */
cadet_handlers);
+ if (NULL == cadet_port)
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "Cadet port `%s' is already in use.\n",
+ GNUNET_APPLICATION_PORT_RPS);
+ GNUNET_assert (0);
+ }
peerinfo_handle = GNUNET_PEERINFO_connect (cfg);
- Peers_initialise (fn_valid_peers, cadet_handle, &own_identity);
+ Peers_initialise (fn_valid_peers, cadet_handle);
GNUNET_free (fn_valid_peers);
/* Initialise sampler */
GNUNET_assert (NULL != last_index);
GNUNET_assert (CustomPeerMap_size (c_peer_map) == *last_index);
GNUNET_CONTAINER_multihashmap32_put (c_peer_map->hash_map, *index, last_p,
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_FAST);
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
GNUNET_CONTAINER_multihashmap32_remove_all (c_peer_map->hash_map, *last_index);
*last_index = *index;
}
#define LOG(kind, ...) GNUNET_log_from(kind,"rps-test_util",__VA_ARGS__)
+#define B2B_PAT "%c%c%c%c%c%c%c%c"
+#define B2B(byte) \
+ (byte & 0x80 ? '1' : '0'), \
+ (byte & 0x40 ? '1' : '0'), \
+ (byte & 0x20 ? '1' : '0'), \
+ (byte & 0x10 ? '1' : '0'), \
+ (byte & 0x08 ? '1' : '0'), \
+ (byte & 0x04 ? '1' : '0'), \
+ (byte & 0x02 ? '1' : '0'), \
+ (byte & 0x01 ? '1' : '0')
+
#ifndef TO_FILE
#define TO_FILE
#endif /* TO_FILE */
return;
}
+ LOG (GNUNET_ERROR_TYPE_WARNING,
+ "Wrote %u bytes raw.\n",
+ size_written);
if (GNUNET_YES != GNUNET_DISK_file_close (f))
LOG (GNUNET_ERROR_TYPE_WARNING,
"Unable to close file\n");
// num_bits_buf_unaligned = bits_needed % 8;
// return;
//}
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Was asked to write %u bits\n", bits_needed);
char buf_write[size_buf + 1];
const unsigned bytes_iter = (0 != bits_needed % 8?
bits_needed/8);
// TODO what if no iteration happens?
unsigned size_buf_write = 0;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "num_bits_buf_unaligned: %u\n",
+ num_bits_buf_unaligned);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "ua args: size_buf: %u, bits_needed: %u -> iter: %u\n",
+ size_buf,
+ bits_needed,
+ bytes_iter);
buf_write[0] = buf_unaligned;
/* Iterate over input bytes */
for (unsigned i = 0; i < bytes_iter; i++)
{
num_bits_needed_iter = 8;
}
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "number of bits needed in this iteration: %u\n",
+ num_bits_needed_iter);
mask_bits_needed_iter = ((char) 1 << num_bits_needed_iter) - 1;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "mask needed bits (current iter): "B2B_PAT"\n",
+ B2B(mask_bits_needed_iter));
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Unaligned byte: "B2B_PAT" (%u bits)\n",
+ B2B(buf_unaligned),
+ num_bits_buf_unaligned);
byte_input = buf[i];
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "next whole input byte: "B2B_PAT"\n",
+ B2B(byte_input));
byte_input &= mask_bits_needed_iter;
num_bits_to_align = 8 - num_bits_buf_unaligned;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "input byte, needed bits: "B2B_PAT"\n",
+ B2B(byte_input));
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "number of bits needed to align unaligned bit: %u\n",
+ num_bits_to_align);
num_bits_to_move = min (num_bits_to_align, num_bits_needed_iter);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "number of bits of new byte to move: %u\n",
+ num_bits_to_move);
mask_input_to_move = ((char) 1 << num_bits_to_move) - 1;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "mask of bits of new byte to take for moving: "B2B_PAT"\n",
+ B2B(mask_input_to_move));
bits_to_move = byte_input & mask_input_to_move;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "masked bits of new byte to take for moving: "B2B_PAT"\n",
+ B2B(bits_to_move));
distance_shift_bits = num_bits_buf_unaligned;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "distance needed to shift bits to their correct spot: %u\n",
+ distance_shift_bits);
bits_moving = bits_to_move << distance_shift_bits;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "shifted, masked bits of new byte being moved: "B2B_PAT"\n",
+ B2B(bits_moving));
byte_to_fill = buf_unaligned | bits_moving;
- if (num_bits_buf_unaligned + num_bits_needed_iter > 8)
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "byte being filled: "B2B_PAT"\n",
+ B2B(byte_to_fill));
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "pending bytes: %u\n",
+ num_bits_buf_unaligned + num_bits_needed_iter);
+ if (num_bits_buf_unaligned + num_bits_needed_iter >= 8)
{
/* buf_unaligned was aligned by filling
* -> can be written to storage */
/* store the leftover, unaligned bits in buffer */
mask_input_leftover = mask_bits_needed_iter & (~ mask_input_to_move);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "mask of leftover bits of new byte: "B2B_PAT"\n",
+ B2B(mask_input_leftover));
byte_input_leftover = byte_input & mask_input_leftover;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "masked, leftover bits of new byte: "B2B_PAT"\n",
+ B2B(byte_input_leftover));
num_bits_leftover = num_bits_needed_iter - num_bits_to_move;
- num_bits_discard = 8 - num_bits_needed_iter;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "number of unaligned bits left: %u\n",
+ num_bits_leftover);
+ //num_bits_discard = 8 - num_bits_needed_iter;
byte_unaligned_new = byte_input_leftover >> num_bits_to_move;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "new unaligned byte: "B2B_PAT"\n",
+ B2B(byte_unaligned_new));
buf_unaligned = byte_unaligned_new;
num_bits_buf_unaligned = num_bits_leftover % 8;
}
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
*/
#include "platform.h"
#include "gnunet_util_lib.h"
+#include "gnunet_statistics_service.h"
#include "gnunet-service-set.h"
#include "gnunet_block_lib.h"
#include "gnunet-service-set_protocol.h"
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Sending removed element (size %u) to client\n",
element->size);
+ GNUNET_STATISTICS_update (_GSS_statistics,
+ "# Element removed messages sent",
+ 1,
+ GNUNET_NO);
GNUNET_assert (0 != op->client_request_id);
ev = GNUNET_MQ_msg_extra (rm,
element->size,
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Intersection operation failed\n");
+ GNUNET_STATISTICS_update (_GSS_statistics,
+ "# Intersection operations failed",
+ 1,
+ GNUNET_NO);
if (NULL != op->state->my_elements)
{
GNUNET_CONTAINER_multihashmap_destroy (op->state->my_elements);
op);
/* send our Bloom filter */
+ GNUNET_STATISTICS_update (_GSS_statistics,
+ "# Intersection Bloom filters sent",
+ 1,
+ GNUNET_NO);
chunk_size = 60 * 1024 - sizeof (struct BFMessage);
if (bf_size <= chunk_size)
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Intersection succeeded, sending DONE to local client\n");
+ GNUNET_STATISTICS_update (_GSS_statistics,
+ "# Intersection operations succeeded",
+ 1,
+ GNUNET_NO);
ev = GNUNET_MQ_msg (rm,
GNUNET_MESSAGE_TYPE_SET_RESULT);
rm->request_id = htonl (op->client_request_id);
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
*/
static int
send_full_element_iterator (void *cls,
- const struct GNUNET_HashCode *key,
- void *value)
+ const struct GNUNET_HashCode *key,
+ void *value)
{
struct Operation *op = cls;
struct GNUNET_SET_ElementMessage *emsg;
}
+/**
+ * Destroy remote channel.
+ *
+ * @param op operation
+ */
+static void
+destroy_channel (struct Operation *op)
+{
+ struct GNUNET_CADET_Channel *channel;
+
+ if (NULL != (channel = op->channel))
+ {
+ /* This will free op; called conditionally as this helper function
+ is also called from within the channel disconnect handler. */
+ op->channel = NULL;
+ GNUNET_CADET_channel_destroy (channel);
+ }
+}
+
+
/**
* Signal to the client that the operation has finished and
* destroy the operation.
struct GNUNET_MQ_Envelope *ev;
struct GNUNET_SET_ResultMessage *rm;
- if (GNUNET_YES == op->state->client_done_sent) {
+ if (GNUNET_YES == op->state->client_done_sent)
+ {
return;
}
if (PHASE_DONE != op->state->phase) {
LOG (GNUNET_ERROR_TYPE_WARNING,
- "union operation failed\n");
+ "Union operation failed\n");
+ GNUNET_STATISTICS_update (_GSS_statistics,
+ "# Union operations failed",
+ 1,
+ GNUNET_NO);
ev = GNUNET_MQ_msg (rm, GNUNET_MESSAGE_TYPE_SET_RESULT);
rm->result_status = htons (GNUNET_SET_STATUS_FAILURE);
rm->request_id = htonl (op->client_request_id);
op->state->client_done_sent = GNUNET_YES;
+ GNUNET_STATISTICS_update (_GSS_statistics,
+ "# Union operations succeeded",
+ 1,
+ GNUNET_NO);
LOG (GNUNET_ERROR_TYPE_INFO,
"Signalling client that union operation is done\n");
ev = GNUNET_MQ_msg (rm,
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
unsigned long long datarate;
delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+ if (0 == delta)
+ delta = 1;
datarate = (total_bytes_recv * 1000 * 1000) / delta;
FPRINTF (stderr,
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/* Calculcate statistics */
delta = GNUNET_TIME_absolute_get_duration (start_time).rel_value_us;
+ if (0 == delta)
+ delta = 1;
rate = (1000LL* 1000ll * total_bytes) / (1024 * delta);
FPRINTF (stderr,
"\nThroughput was %llu KiBytes/s\n",
perf_crypto_symmetric
perf_crypto_rsa
perf_crypto_ecc_dlog
+test_hexcoder
+test_regex
+test_tun
+gnunet-timeout
libexec_PROGRAMS = \
gnunet-service-resolver \
+ gnunet-timeout \
$(W32CONSOLEHELPER)
bin_SCRIPTS =\
endif
+if !MINGW
+gnunet_timeout_SOURCES = \
+ gnunet-timeout.c
+else
+gnunet_timeout_SOURCES = \
+ gnunet-timeout-w32.c
+endif
+
+
do_subst = $(SED) -e 's,[@]PYTHON[@],$(PYTHON),g'
gnunet-qr: gnunet-qr.py.in Makefile
test_tun_SOURCES = \
test_tun.c
test_tun_LDADD = \
- libgnunetutil.la
+ libgnunetutil.la
test_regex_SOURCES = \
test_regex.c
test_regex_LDADD = \
- libgnunetutil.la
+ libgnunetutil.la
test_os_start_process_SOURCES = \
test_os_start_process.c
test_resolver_api_data.conf \
test_service_data.conf \
test_speedup_data.conf \
- gnunet-qr.py.in
+ gnunet-qr.py.in
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
&unixpath)) &&
(0 < strlen (unixpath)))
ret = GNUNET_OK;
+ else if ((GNUNET_OK ==
+ GNUNET_CONFIGURATION_have_value (cfg,
+ service_name,
+ "UNIXPATH")))
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ service_name,
+ "UNIXPATH",
+ _("not a valid filename"));
+ return GNUNET_SYSERR; /* UNIXPATH specified but invalid! */
+ }
GNUNET_free_non_null (unixpath);
#endif
/**
* Calculate HMAC of a message (RFC 2104)
+ * TODO: Shouldn' this be the standard hmac function and
+ * the above be renamed?
*
* @param key secret key
+ * @param key_len secret key length
* @param plaintext input plaintext
* @param plaintext_len length of @a plaintext
* @param hmac where to store the hmac
*/
void
-GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+GNUNET_CRYPTO_hmac_raw (const void *key, size_t key_len,
const void *plaintext, size_t plaintext_len,
struct GNUNET_HashCode *hmac)
{
{
gcry_md_reset (md);
}
- gcry_md_setkey (md, key->key, sizeof (key->key));
+ gcry_md_setkey (md, key, key_len);
gcry_md_write (md, plaintext, plaintext_len);
mc = gcry_md_read (md, GCRY_MD_SHA512);
GNUNET_assert (NULL != mc);
}
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of @a plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
+ const void *plaintext, size_t plaintext_len,
+ struct GNUNET_HashCode *hmac)
+{
+ GNUNET_CRYPTO_hmac_raw ((void*) key->key, sizeof (key->key),
+ plaintext, plaintext_len,
+ hmac);
+}
+
+
/**
* Context for cummulative hashing.
*/
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
}
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_Record *
+GNUNET_DNSPARSER_duplicate_record (const struct GNUNET_DNSPARSER_Record *r)
+{
+ struct GNUNET_DNSPARSER_Record *dup = GNUNET_memdup (r, sizeof (*r));
+
+ dup->name = GNUNET_strdup (r->name);
+ switch (r->type)
+ {
+ case GNUNET_DNSPARSER_TYPE_NS:
+ case GNUNET_DNSPARSER_TYPE_CNAME:
+ case GNUNET_DNSPARSER_TYPE_PTR:
+ {
+ dup->data.hostname = GNUNET_strdup (r->data.hostname);
+ break;
+ }
+ case GNUNET_DNSPARSER_TYPE_SOA:
+ {
+ dup->data.soa = GNUNET_DNSPARSER_duplicate_soa_record (r->data.soa);
+ break;
+ }
+ case GNUNET_DNSPARSER_TYPE_CERT:
+ {
+ dup->data.cert = GNUNET_DNSPARSER_duplicate_cert_record (r->data.cert);
+ break;
+ }
+ case GNUNET_DNSPARSER_TYPE_MX:
+ {
+ dup->data.mx = GNUNET_DNSPARSER_duplicate_mx_record (r->data.mx);
+ break;
+ }
+ case GNUNET_DNSPARSER_TYPE_SRV:
+ {
+ dup->data.srv = GNUNET_DNSPARSER_duplicate_srv_record (r->data.srv);
+ break;
+ }
+ default:
+ {
+ dup->data.raw.data = GNUNET_memdup (r->data.raw.data,
+ r->data.raw.data_len);
+ }
+ }
+ return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SoaRecord *
+GNUNET_DNSPARSER_duplicate_soa_record (const struct GNUNET_DNSPARSER_SoaRecord *r)
+{
+ struct GNUNET_DNSPARSER_SoaRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+ dup->mname = GNUNET_strdup (r->mname);
+ dup->rname = GNUNET_strdup (r->rname);
+ return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_duplicate_cert_record (const struct GNUNET_DNSPARSER_CertRecord *r)
+{
+ struct GNUNET_DNSPARSER_CertRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+ dup->certificate_data = GNUNET_strdup (r->certificate_data);
+ return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_MxRecord *
+GNUNET_DNSPARSER_duplicate_mx_record (const struct GNUNET_DNSPARSER_MxRecord *r)
+{
+ struct GNUNET_DNSPARSER_MxRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+ dup->mxhost = GNUNET_strdup (r->mxhost);
+ return dup;
+}
+
+
+/**
+ * Duplicate (deep-copy) the given DNS record
+ *
+ * @param r the record
+ * @return the newly allocated record
+ */
+struct GNUNET_DNSPARSER_SrvRecord *
+GNUNET_DNSPARSER_duplicate_srv_record (const struct GNUNET_DNSPARSER_SrvRecord *r)
+{
+ struct GNUNET_DNSPARSER_SrvRecord *dup = GNUNET_memdup (r, sizeof (*r));
+
+ dup->target = GNUNET_strdup (r->target);
+ return dup;
+}
+
+
/**
* Free memory taken by a packet.
*
len = dot - idna_name;
if ( (len >= 64) || (0 == len) )
{
- GNUNET_break (0);
- goto fail; /* segment too long or empty */
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Invalid DNS name `%s': label with %u characters encountered\n",
+ name,
+ (unsigned int) len);
+ goto fail; /* label too long or empty */
}
dst[pos++] = (char) (uint8_t) len;
GNUNET_memcpy (&dst[pos],
#include "gnunet_statistics_service.h"
#include "resolver.h"
+
+struct Record
+{
+ struct Record *next;
+
+ struct Record *prev;
+
+ struct GNUNET_DNSPARSER_Record *record;
+};
+
/**
- * A cached DNS lookup result (for reverse lookup).
+ * A cached DNS lookup result.
*/
-struct IPCache
+struct ResolveCache
{
/**
* This is a doubly linked list.
*/
- struct IPCache *next;
+ struct ResolveCache *next;
/**
* This is a doubly linked list.
*/
- struct IPCache *prev;
+ struct ResolveCache *prev;
/**
- * Hostname in human-readable form.
+ * type of queried DNS record
*/
- char *addr;
+ uint16_t record_type;
/**
- * Binary IP address, allocated at the end of this struct.
+ * a pointer to the request_id if a query for this hostname/record_type
+ * is currently pending, NULL otherwise.
*/
- const void *ip;
+ int16_t *request_id;
/**
- * Last time this entry was updated.
+ * The client that queried the records contained in this cache entry.
*/
- struct GNUNET_TIME_Absolute last_refresh;
+ struct GNUNET_SERVICE_Client *client;
/**
- * Last time this entry was requested.
+ * head of a double linked list containing the lookup results
*/
- struct GNUNET_TIME_Absolute last_request;
+ struct Record *records_head;
/**
- * Number of bytes in ip.
+ * tail of a double linked list containing the lookup results
*/
- size_t ip_len;
+ struct Record *records_tail;
/**
- * Address family of the IP.
+ * handle for cancelling a request
*/
- int af;
+ struct GNUNET_DNSSTUB_RequestSocket *resolve_handle;
+
+ /**
+ * handle for the resolution timeout task
+ */
+ struct GNUNET_SCHEDULER_Task *timeout_task;
+
};
/**
* Start of the linked list of cached DNS lookup results.
*/
-static struct IPCache *cache_head;
+static struct ResolveCache *cache_head;
/**
* Tail of the linked list of cached DNS lookup results.
*/
-static struct IPCache *cache_tail;
+static struct ResolveCache *cache_tail;
/**
- * Pipe for asynchronously notifying about resolve result
+ * context of dnsstub library
*/
-static struct GNUNET_DISK_PipeHandle *resolve_result_pipe;
+static struct GNUNET_DNSSTUB_Context *dnsstub_ctx;
-/**
- * Task for reading from resolve_result_pipe
- */
-static struct GNUNET_SCHEDULER_Task *resolve_result_pipe_task;
-
-#if HAVE_GETNAMEINFO
-/**
- * Resolve the given request using getnameinfo
- *
- * @param cache the request to resolve (and where to store the result)
- */
-static void
-getnameinfo_resolve (struct IPCache *cache)
+void free_cache_entry (struct ResolveCache *entry)
{
- char hostname[256];
- const struct sockaddr *sa;
- struct sockaddr_in v4;
- struct sockaddr_in6 v6;
- size_t salen;
- int ret;
-
- switch (cache->af)
+ struct Record *pos;
+ struct Record *next;
+
+ next = entry->records_head;
+ while (NULL != (pos = next))
{
- case AF_INET:
- GNUNET_assert (cache->ip_len == sizeof (struct in_addr));
- sa = (const struct sockaddr*) &v4;
- memset (&v4, 0, sizeof (v4));
- v4.sin_addr = * (const struct in_addr*) cache->ip;
- v4.sin_family = AF_INET;
-#if HAVE_SOCKADDR_IN_SIN_LEN
- v4.sin_len = sizeof (v4);
-#endif
- salen = sizeof (v4);
- break;
- case AF_INET6:
- GNUNET_assert (cache->ip_len == sizeof (struct in6_addr));
- sa = (const struct sockaddr*) &v6;
- memset (&v6, 0, sizeof (v6));
- v6.sin6_addr = * (const struct in6_addr*) cache->ip;
- v6.sin6_family = AF_INET6;
-#if HAVE_SOCKADDR_IN_SIN_LEN
- v6.sin6_len = sizeof (v6);
-#endif
- salen = sizeof (v6);
- break;
- default:
- GNUNET_assert (0);
+ next = pos->next;
+ GNUNET_CONTAINER_DLL_remove (entry->records_head,
+ entry->records_tail,
+ pos);
+ if (NULL != pos->record)
+ {
+ GNUNET_DNSPARSER_free_record (pos->record);
+ GNUNET_free (pos->record);
+ }
+ GNUNET_free (pos);
}
-
- if (0 ==
- (ret = getnameinfo (sa, salen,
- hostname, sizeof (hostname),
- NULL,
- 0, 0)))
+ if (NULL != entry->resolve_handle)
{
- cache->addr = GNUNET_strdup (hostname);
+ GNUNET_DNSSTUB_resolve_cancel (entry->resolve_handle);
+ entry->resolve_handle = NULL;
}
- else
+ if (NULL != entry->timeout_task)
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "getnameinfo failed: %s\n",
- gai_strerror (ret));
+ GNUNET_SCHEDULER_cancel (entry->timeout_task);
+ entry->timeout_task = NULL;
}
+ GNUNET_free_non_null (entry->request_id);
+ GNUNET_free (entry);
}
-#endif
-#if HAVE_GETHOSTBYADDR
+static char*
+extract_dns_server (const char* line, size_t line_len)
+{
+ if (0 == strncmp (line, "nameserver ", 11))
+ return GNUNET_strndup (line + 11, line_len - 11);
+ return NULL;
+}
+
+
/**
- * Resolve the given request using gethostbyaddr
+ * reads the list of nameservers from /etc/resolve.conf
*
- * @param cache the request to resolve (and where to store the result)
+ * @param server_addrs[out] a list of null-terminated server address strings
+ * @return the number of server addresses in @server_addrs, -1 on error
*/
-static void
-gethostbyaddr_resolve (struct IPCache *cache)
+static ssize_t
+lookup_dns_servers (char ***server_addrs)
{
- struct hostent *ent;
-
- ent = gethostbyaddr (cache->ip,
- cache->ip_len,
- cache->af);
- if (NULL != ent)
+ struct GNUNET_DISK_FileHandle *fh;
+ char buf[2048];
+ ssize_t bytes_read;
+ size_t read_offset = 0;
+ unsigned int num_dns_servers = 0;
+
+ fh = GNUNET_DISK_file_open ("/etc/resolv.conf",
+ GNUNET_DISK_OPEN_READ,
+ GNUNET_DISK_PERM_NONE);
+ if (NULL == fh)
{
- cache->addr = GNUNET_strdup (ent->h_name);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not open /etc/resolv.conf. "
+ "DNS resolution will not be possible.\n");
+ return -1;
}
- else
+ bytes_read = GNUNET_DISK_file_read (fh,
+ buf,
+ sizeof (buf));
+ *server_addrs = NULL;
+ while (read_offset < bytes_read)
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "gethostbyaddr failed: %s\n",
- hstrerror (h_errno));
+ char *newline;
+ size_t line_len;
+ char *dns_server;
+
+ newline = strchr (buf + read_offset, '\n');
+ if (NULL == newline)
+ {
+ break;
+ }
+ line_len = newline - buf - read_offset;
+ dns_server = extract_dns_server (buf + read_offset, line_len);
+ if (NULL != dns_server)
+ {
+ GNUNET_array_append (*server_addrs,
+ num_dns_servers,
+ dns_server);
+ }
+ read_offset += line_len + 1;
}
+ GNUNET_DISK_file_close (fh);
+ return num_dns_servers;
}
-#endif
-/**
- * Resolve the given request using the available methods.
- *
- * @param cache the request to resolve (and where to store the result)
- */
-static void
-cache_resolve (struct IPCache *cache)
+static char *
+make_reverse_hostname (const void *ip, int af)
{
-#if HAVE_GETNAMEINFO
- if (NULL == cache->addr)
- getnameinfo_resolve (cache);
-#endif
-#if HAVE_GETHOSTBYADDR
- if (NULL == cache->addr)
- gethostbyaddr_resolve (cache);
-#endif
+ char *buf = GNUNET_new_array (80, char);
+ int pos = 0;
+ if (AF_INET == af)
+ {
+ struct in_addr *addr = (struct in_addr *)ip;
+ uint32_t ip_int = addr->s_addr;
+ for (int i = 3; i >= 0; i--)
+ {
+ int n = GNUNET_snprintf (buf + pos,
+ 80 - pos,
+ "%u.",
+ ((uint8_t *)&ip_int)[i]);
+ if (n < 0)
+ {
+ GNUNET_free (buf);
+ return NULL;
+ }
+ pos += n;
+ }
+ pos += GNUNET_snprintf (buf + pos, 80 - pos, "in-addr.arpa");
+ }
+ else if (AF_INET6 == af)
+ {
+ struct in6_addr *addr = (struct in6_addr *)ip;
+ for (int i = 15; i >= 0; i--)
+ {
+ int n = GNUNET_snprintf (buf + pos, 80 - pos, "%x.", addr->s6_addr[i] & 0xf);
+ if (n < 0)
+ {
+ GNUNET_free (buf);
+ return NULL;
+ }
+ pos += n;
+ n = GNUNET_snprintf (buf + pos, 80 - pos, "%x.", addr->s6_addr[i] >> 4);
+ if (n < 0)
+ {
+ GNUNET_free (buf);
+ return NULL;
+ }
+ pos += n;
+ }
+ pos += GNUNET_snprintf (buf + pos, 80 - pos, "ip6.arpa");
+ }
+ buf[pos] = '\0';
+ return buf;
}
-/**
- * Function called after the replies for the request have all
- * been transmitted to the client, and we can now read the next
- * request from the client.
- *
- * @param cls the `struct GNUNET_SERVICE_Client` to continue with
- */
static void
-notify_service_client_done (void *cls)
+send_reply (struct GNUNET_DNSPARSER_Record *record,
+ uint16_t request_id,
+ struct GNUNET_SERVICE_Client *client)
{
- struct GNUNET_SERVICE_Client *client = cls;
-
- GNUNET_SERVICE_client_continue (client);
-}
-
-
-/**
- * Get an IP address as a string (works for both IPv4 and IPv6). Note
- * that the resolution happens asynchronously and that the first call
- * may not immediately result in the FQN (but instead in a
- * human-readable IP address).
- *
- * @param client handle to the client making the request (for sending the reply)
- * @param af AF_INET or AF_INET6
- * @param ip `struct in_addr` or `struct in6_addr`
- */
-static void
-get_ip_as_string (struct GNUNET_SERVICE_Client *client,
- int af,
- const void *ip,
- uint32_t request_id)
-{
- struct IPCache *pos;
- struct IPCache *next;
- struct GNUNET_TIME_Absolute now;
- struct GNUNET_MQ_Envelope *env;
- struct GNUNET_MQ_Handle *mq;
struct GNUNET_RESOLVER_ResponseMessage *msg;
- size_t ip_len;
- struct in6_addr ix;
- size_t alen;
+ struct GNUNET_MQ_Envelope *env;
+ void *payload;
+ size_t payload_len;
- switch (af)
- {
- case AF_INET:
- ip_len = sizeof (struct in_addr);
- break;
- case AF_INET6:
- ip_len = sizeof (struct in6_addr);
- break;
- default:
- GNUNET_assert (0);
- }
- now = GNUNET_TIME_absolute_get ();
- next = cache_head;
- while ( (NULL != (pos = next)) &&
- ( (pos->af != af) ||
- (pos->ip_len != ip_len) ||
- (0 != memcmp (pos->ip, ip, ip_len))) )
+ switch (record->type)
{
- next = pos->next;
- if (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us <
- 60 * 60 * 1000 * 1000LL)
+ case GNUNET_DNSPARSER_TYPE_PTR:
{
- GNUNET_CONTAINER_DLL_remove (cache_head,
- cache_tail,
- pos);
- GNUNET_free_non_null (pos->addr);
- GNUNET_free (pos);
- continue;
+ char *hostname = record->data.hostname;
+ payload = hostname;
+ payload_len = strlen (hostname) + 1;
+ break;
}
- }
- if (NULL != pos)
- {
- if ( (1 == inet_pton (af,
- pos->ip,
- &ix)) &&
- (GNUNET_TIME_absolute_get_duration (pos->last_request).rel_value_us >
- 120 * 1000 * 1000LL) )
+ case GNUNET_DNSPARSER_TYPE_A:
+ case GNUNET_DNSPARSER_TYPE_AAAA:
{
- /* try again if still numeric AND 2 minutes have expired */
- GNUNET_free_non_null (pos->addr);
- pos->addr = NULL;
- cache_resolve (pos);
- pos->last_request = now;
+ payload = record->data.raw.data;
+ payload_len = record->data.raw.data_len;
+ break;
+ }
+ default:
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Cannot handle DNS response type: unimplemented\n");
+ return;
}
}
- else
- {
- pos = GNUNET_malloc (sizeof (struct IPCache) + ip_len);
- pos->ip = &pos[1];
- GNUNET_memcpy (&pos[1],
- ip,
- ip_len);
- pos->last_request = now;
- pos->last_refresh = now;
- pos->ip_len = ip_len;
- pos->af = af;
- GNUNET_CONTAINER_DLL_insert (cache_head,
- cache_tail,
- pos);
- cache_resolve (pos);
- }
- if (NULL != pos->addr)
- alen = strlen (pos->addr) + 1;
- else
- alen = 0;
- mq = GNUNET_SERVICE_client_get_mq (client);
env = GNUNET_MQ_msg_extra (msg,
- alen,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
+ payload_len,
+ GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
msg->id = request_id;
GNUNET_memcpy (&msg[1],
- pos->addr,
- alen);
- GNUNET_MQ_send (mq,
- env);
- // send end message
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_MQ_notify_sent (env,
- ¬ify_service_client_done,
- client);
- GNUNET_MQ_send (mq,
- env);
+ payload,
+ payload_len);
+ GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client),
+ env);
}
-#if HAVE_GETADDRINFO_A
-struct AsyncCls
-{
- struct gaicb *host;
- struct sigevent *sig;
- struct GNUNET_MQ_Handle *mq;
- uint32_t request_id;
-};
-
-
static void
-resolve_result_pipe_cb (void *cls)
+send_end_msg (uint16_t request_id,
+ struct GNUNET_SERVICE_Client *client)
{
- struct AsyncCls *async_cls;
- struct gaicb *host;
struct GNUNET_RESOLVER_ResponseMessage *msg;
struct GNUNET_MQ_Envelope *env;
- GNUNET_DISK_file_read (GNUNET_DISK_pipe_handle (resolve_result_pipe,
- GNUNET_DISK_PIPE_END_READ),
- &async_cls,
- sizeof (struct AsyncCls *));
- resolve_result_pipe_task =
- GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
- GNUNET_DISK_pipe_handle (resolve_result_pipe,
- GNUNET_DISK_PIPE_END_READ),
- &resolve_result_pipe_cb,
- NULL);
- host = async_cls->host;
- for (struct addrinfo *pos = host->ar_result; pos != NULL; pos = pos->ai_next)
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Sending end message\n");
+ env = GNUNET_MQ_msg (msg,
+ GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
+ msg->id = request_id;
+ GNUNET_MQ_send (GNUNET_SERVICE_client_get_mq (client),
+ env);
+}
+
+
+static void
+handle_resolve_result (void *cls,
+ const struct GNUNET_TUN_DnsHeader *dns,
+ size_t dns_len)
+{
+ struct ResolveCache *cache = cls;
+ struct GNUNET_DNSPARSER_Packet *parsed;
+ uint16_t request_id = *cache->request_id;
+ struct GNUNET_SERVICE_Client *client = cache->client;
+
+ parsed = GNUNET_DNSPARSER_parse ((const char *)dns,
+ dns_len);
+ if (NULL == parsed)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to parse DNS reply (request ID %u\n",
+ request_id);
+ return;
+ }
+ if (request_id != ntohs (parsed->id))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Request ID in DNS reply does not match\n");
+ return;
+ }
+ else if (0 == parsed->num_answers)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "DNS reply (request ID %u) contains no answers\n",
+ request_id);
+ GNUNET_CONTAINER_DLL_remove (cache_head,
+ cache_tail,
+ cache);
+ free_cache_entry (cache);
+ cache = NULL;
+ }
+ else
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Lookup result for hostname %s: %s (request ID %u)\n",
- host->ar_name,
- GNUNET_a2s (pos->ai_addr, pos->ai_addrlen),
- async_cls->request_id);
- switch (pos->ai_family)
+ "Got reply for request ID %u\n",
+ request_id);
+ for (unsigned int i = 0; i != parsed->num_answers; i++)
{
- case AF_INET:
- env = GNUNET_MQ_msg_extra (msg,
- sizeof (struct in_addr),
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = async_cls->request_id;
- GNUNET_memcpy (&msg[1],
- &((struct sockaddr_in*) pos->ai_addr)->sin_addr,
- sizeof (struct in_addr));
- GNUNET_MQ_send (async_cls->mq,
- env);
- break;
- case AF_INET6:
- env = GNUNET_MQ_msg_extra (msg,
- sizeof (struct in6_addr),
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = async_cls->request_id;
- GNUNET_memcpy (&msg[1],
- &((struct sockaddr_in6*) pos->ai_addr)->sin6_addr,
- sizeof (struct in6_addr));
- GNUNET_MQ_send (async_cls->mq,
- env);
- break;
- default:
- /* unsupported, skip */
- break;
+ struct Record *cache_entry = GNUNET_new (struct Record);
+ struct GNUNET_DNSPARSER_Record *record = &parsed->answers[i];
+ cache_entry->record = GNUNET_DNSPARSER_duplicate_record (record);
+ GNUNET_CONTAINER_DLL_insert (cache->records_head,
+ cache->records_tail,
+ cache_entry);
+ send_reply (cache_entry->record,
+ request_id,
+ cache->client);
}
+ GNUNET_free_non_null (cache->request_id);
+ cache->request_id = NULL;
}
- // send end message
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = async_cls->request_id;
- GNUNET_MQ_send (async_cls->mq,
- env);
- freeaddrinfo (host->ar_result);
- GNUNET_free ((struct gaicb *)host->ar_request); // free hints
- GNUNET_free (host);
- GNUNET_free (async_cls->sig);
- GNUNET_free (async_cls);
+ send_end_msg (request_id,
+ client);
+ if (NULL != cache)
+ cache->client = NULL;
+ if (NULL != cache)
+ {
+ if (NULL != cache->timeout_task)
+ {
+ GNUNET_SCHEDULER_cancel (cache->timeout_task);
+ cache->timeout_task = NULL;
+ }
+ if (NULL != cache->resolve_handle)
+ {
+ GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle);
+ cache->resolve_handle = NULL;
+ }
+ }
+ GNUNET_DNSPARSER_free_packet (parsed);
}
static void
-handle_async_result (union sigval val)
+handle_resolve_timeout (void *cls)
{
- GNUNET_DISK_file_write (GNUNET_DISK_pipe_handle (resolve_result_pipe,
- GNUNET_DISK_PIPE_END_WRITE),
- &val.sival_ptr,
- sizeof (val.sival_ptr));
+ struct ResolveCache *cache = cls;
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "timeout!\n");
+ if (NULL != cache->resolve_handle)
+ {
+ GNUNET_DNSSTUB_resolve_cancel (cache->resolve_handle);
+ cache->resolve_handle = NULL;
+ }
+ GNUNET_CONTAINER_DLL_remove (cache_head,
+ cache_tail,
+ cache);
+ free_cache_entry (cache);
}
static int
-getaddrinfo_a_resolve (struct GNUNET_MQ_Handle *mq,
- const char *hostname,
- int af,
- uint32_t request_id)
+resolve_and_cache (const char* hostname,
+ uint16_t record_type,
+ uint16_t request_id,
+ struct GNUNET_SERVICE_Client *client)
{
- int ret;
- struct gaicb *host;
- struct addrinfo *hints;
- struct sigevent *sig;
- struct AsyncCls *async_cls;
-
- host = GNUNET_new (struct gaicb);
- hints = GNUNET_new (struct addrinfo);
- sig = GNUNET_new (struct sigevent);
- async_cls = GNUNET_new (struct AsyncCls);
- memset (hints,
+ char *packet_buf;
+ size_t packet_size;
+ struct GNUNET_DNSPARSER_Query query;
+ struct GNUNET_DNSPARSER_Packet packet;
+ struct ResolveCache *cache;
+ struct GNUNET_TIME_Relative timeout =
+ GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, 5);
+
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "resolve_and_cache\n");
+ query.name = (char *)hostname;
+ query.type = record_type;
+ query.dns_traffic_class = GNUNET_TUN_DNS_CLASS_INTERNET;
+ memset (&packet,
0,
- sizeof (struct addrinfo));
- memset (sig,
- 0,
- sizeof (struct sigevent));
- hints->ai_family = af;
- hints->ai_socktype = SOCK_STREAM; /* go for TCP */
- host->ar_name = hostname;
- host->ar_service = NULL;
- host->ar_request = hints;
- host->ar_result = NULL;
- sig->sigev_notify = SIGEV_THREAD;
- sig->sigev_value.sival_ptr = async_cls;
- sig->sigev_notify_function = &handle_async_result;
- async_cls->host = host;
- async_cls->sig = sig;
- async_cls->mq = mq;
- async_cls->request_id = request_id;
- ret = getaddrinfo_a (GAI_NOWAIT,
- &host,
- 1,
- sig);
- if (0 != ret)
+ sizeof (packet));
+ packet.num_queries = 1;
+ packet.queries = &query;
+ packet.id = htons (request_id);
+ packet.flags.recursion_desired = 1;
+ if (GNUNET_OK !=
+ GNUNET_DNSPARSER_pack (&packet,
+ UINT16_MAX,
+ &packet_buf,
+ &packet_size))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to pack query for hostname `%s'\n",
+ hostname);
return GNUNET_SYSERR;
+
+ }
+ cache = GNUNET_malloc (sizeof (struct ResolveCache));
+ cache->record_type = record_type;
+ cache->request_id = GNUNET_memdup (&request_id, sizeof (request_id));
+ cache->client = client;
+ cache->timeout_task = GNUNET_SCHEDULER_add_delayed (timeout,
+ &handle_resolve_timeout,
+ cache);
+ cache->resolve_handle =
+ GNUNET_DNSSTUB_resolve (dnsstub_ctx,
+ packet_buf,
+ packet_size,
+ &handle_resolve_result,
+ cache);
+ GNUNET_CONTAINER_DLL_insert (cache_head,
+ cache_tail,
+ cache);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "resolve %s, request_id = %u\n",
+ hostname,
+ request_id);
+ GNUNET_free (packet_buf);
return GNUNET_OK;
}
-#elif HAVE_GETADDRINFO
-static int
-getaddrinfo_resolve (struct GNUNET_MQ_Handle *mq,
- const char *hostname,
- int af,
- uint32_t request_id)
+static const char *
+get_hostname (struct ResolveCache *cache_entry)
{
- int s;
- struct addrinfo hints;
- struct addrinfo *result;
- struct addrinfo *pos;
- struct GNUNET_RESOLVER_ResponseMessage *msg;
- struct GNUNET_MQ_Envelope *env;
-
-#ifdef WINDOWS
- /* Due to a bug, getaddrinfo will not return a mix of different families */
- if (AF_UNSPEC == af)
+ if (NULL != cache_entry->records_head)
{
- int ret1;
- int ret2;
- ret1 = getaddrinfo_resolve (mq,
- hostname,
- AF_INET,
- request_id);
- ret2 = getaddrinfo_resolve (mq,
- hostname,
- AF_INET6,
- request_id);
- if ( (ret1 == GNUNET_OK) ||
- (ret2 == GNUNET_OK) )
- return GNUNET_OK;
- if ( (ret1 == GNUNET_SYSERR) ||
- (ret2 == GNUNET_SYSERR) )
- return GNUNET_SYSERR;
- return GNUNET_NO;
+ GNUNET_assert (NULL != cache_entry->records_head);
+ GNUNET_assert (NULL != cache_entry->records_head->record);
+ GNUNET_assert (NULL != cache_entry->records_head->record->name);
+ return cache_entry->records_head->record->name;
}
-#endif
-
- memset (&hints,
- 0,
- sizeof (struct addrinfo));
- hints.ai_family = af;
- hints.ai_socktype = SOCK_STREAM; /* go for TCP */
-
- if (0 != (s = getaddrinfo (hostname,
- NULL,
- &hints,
- &result)))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- _("Could not resolve `%s' (%s): %s\n"),
- hostname,
- (af ==
- AF_INET) ? "IPv4" : ((af == AF_INET6) ? "IPv6" : "any"),
- gai_strerror (s));
- if ( (s == EAI_BADFLAGS) ||
-#ifndef WINDOWS
- (s == EAI_SYSTEM) ||
-#endif
- (s == EAI_MEMORY) )
- return GNUNET_NO; /* other function may still succeed */
- return GNUNET_SYSERR;
- }
- if (NULL == result)
- return GNUNET_SYSERR;
- for (pos = result; pos != NULL; pos = pos->ai_next)
- {
- switch (pos->ai_family)
- {
- case AF_INET:
- env = GNUNET_MQ_msg_extra (msg,
- sizeof (struct in_addr),
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_memcpy (&msg[1],
- &((struct sockaddr_in*) pos->ai_addr)->sin_addr,
- sizeof (struct in_addr));
- GNUNET_MQ_send (mq,
- env);
- break;
- case AF_INET6:
- env = GNUNET_MQ_msg_extra (msg,
- sizeof (struct in6_addr),
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_memcpy (&msg[1],
- &((struct sockaddr_in6*) pos->ai_addr)->sin6_addr,
- sizeof (struct in6_addr));
- GNUNET_MQ_send (mq,
- env);
- break;
- default:
- /* unsupported, skip */
- break;
- }
- }
- freeaddrinfo (result);
- return GNUNET_OK;
+ return NULL;
}
-#elif HAVE_GETHOSTBYNAME2
-
-
-static int
-gethostbyname2_resolve (struct GNUNET_MQ_Handle *mq,
- const char *hostname,
- int af,
- uint32_t request_id)
+static const uint16_t *
+get_record_type (struct ResolveCache *cache_entry)
{
- struct hostent *hp;
- int ret1;
- int ret2;
- struct GNUNET_MQ_Envelope *env;
- struct GNUNET_RESOLVER_ResponseMessage *msg;
+ if (NULL != cache_entry->records_head)
+ return &cache_entry->record_type;
+ return NULL;
+}
-#ifdef WINDOWS
- /* gethostbyname2() in plibc is a compat dummy that calls gethostbyname(). */
- return GNUNET_NO;
-#endif
- if (af == AF_UNSPEC)
- {
- ret1 = gethostbyname2_resolve (mq,
- hostname,
- AF_INET,
- request_id);
- ret2 = gethostbyname2_resolve (mq,
- hostname,
- AF_INET6,
- request_id);
- if ( (ret1 == GNUNET_OK) ||
- (ret2 == GNUNET_OK) )
- return GNUNET_OK;
- if ( (ret1 == GNUNET_SYSERR) ||
- (ret2 == GNUNET_SYSERR) )
- return GNUNET_SYSERR;
- return GNUNET_NO;
- }
- hp = gethostbyname2 (hostname,
- af);
- if (hp == NULL)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- _("Could not find IP of host `%s': %s\n"),
- hostname,
- hstrerror (h_errno));
- return GNUNET_SYSERR;
- }
- GNUNET_assert (hp->h_addrtype == af);
- switch (af)
- {
- case AF_INET:
- GNUNET_assert (hp->h_length == sizeof (struct in_addr));
- env = GNUNET_MQ_msg_extra (msg,
- hp->h_length,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_memcpy (&msg[1],
- hp->h_addr_list[0],
- hp->h_length);
- GNUNET_MQ_send (mq,
- env);
- break;
- case AF_INET6:
- GNUNET_assert (hp->h_length == sizeof (struct in6_addr));
- env = GNUNET_MQ_msg_extra (msg,
- hp->h_length,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_memcpy (&msg[1],
- hp->h_addr_list[0],
- hp->h_length);
- GNUNET_MQ_send (mq,
- env);
- break;
- default:
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
+static const struct GNUNET_TIME_Absolute *
+get_expiration_time (struct ResolveCache *cache_entry)
+{
+ if (NULL != cache_entry->records_head)
+ return &cache_entry->records_head->record->expiration_time;
+ return NULL;
}
-#elif HAVE_GETHOSTBYNAME
-
static int
-gethostbyname_resolve (struct GNUNET_MQ_Handle *mq,
- const char *hostname,
- uint32_t request_id)
+remove_if_expired (struct ResolveCache *cache_entry)
{
- struct hostent *hp;
- struct GNUNET_RESOLVER_ResponseMessage *msg;
- struct GNUNET_MQ_Envelope *env;
+ struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
- hp = GETHOSTBYNAME (hostname);
- if (NULL == hp)
+ if ( (NULL != cache_entry->records_head) &&
+ (now.abs_value_us > get_expiration_time (cache_entry)->abs_value_us) )
{
- GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- _("Could not find IP of host `%s': %s\n"),
- hostname,
- hstrerror (h_errno));
- return GNUNET_SYSERR;
- }
- if (hp->h_addrtype != AF_INET)
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
+ GNUNET_CONTAINER_DLL_remove (cache_head,
+ cache_tail,
+ cache_entry);
+ free_cache_entry (cache_entry);
+ return GNUNET_YES;
}
- GNUNET_assert (hp->h_length == sizeof (struct in_addr));
- env = GNUNET_MQ_msg_extra (msg,
- hp->h_length,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_memcpy (&msg[1],
- hp->h_addr_list[0],
- hp->h_length);
- GNUNET_MQ_send (mq,
- env);
- return GNUNET_OK;
+ return GNUNET_NO;
}
-#endif
/**
- * Convert a string to an IP address.
+ * Get an IP address as a string (works for both IPv4 and IPv6). Note
+ * that the resolution happens asynchronously and that the first call
+ * may not immediately result in the FQN (but instead in a
+ * human-readable IP address).
*
- * @param client where to send the IP address
- * @param hostname the hostname to resolve
- * @param af AF_INET or AF_INET6; use AF_UNSPEC for "any"
+ * @param client handle to the client making the request (for sending the reply)
+ * @param af AF_INET or AF_INET6
+ * @param ip `struct in_addr` or `struct in6_addr`
*/
-static void
-get_ip_from_hostname (struct GNUNET_SERVICE_Client *client,
- const char *hostname,
- int af,
- uint32_t request_id)
+static int
+try_cache (const char *hostname,
+ uint16_t record_type,
+ uint16_t request_id,
+ struct GNUNET_SERVICE_Client *client)
{
- struct GNUNET_MQ_Envelope *env;
- struct GNUNET_RESOLVER_ResponseMessage *msg;
- struct GNUNET_MQ_Handle *mq;
-
- mq = GNUNET_SERVICE_client_get_mq (client);
-#if HAVE_GETADDRINFO_A
- getaddrinfo_a_resolve (mq,
- hostname,
- af,
- request_id);
- GNUNET_SERVICE_client_continue (client);
- return;
-#elif HAVE_GETADDRINFO
- getaddrinfo_resolve (mq,
- hostname,
- af,
- request_id);
-#elif HAVE_GETHOSTBYNAME2
- gethostbyname2_resolve (mq,
- hostname,
- af,
- request_id);
-#elif HAVE_GETHOSTBYNAME
- if ( ( (af == AF_UNSPEC) ||
- (af == PF_INET) ) )
- gethostbyname_resolve (mq,
- hostname,
- request_id);
-#endif
- // send end message
- env = GNUNET_MQ_msg (msg,
- GNUNET_MESSAGE_TYPE_RESOLVER_RESPONSE);
- msg->id = request_id;
- GNUNET_MQ_notify_sent (env,
- ¬ify_service_client_done,
- client);
- GNUNET_MQ_send (mq,
- env);
+ struct ResolveCache *pos;
+ struct ResolveCache *next;
+
+ next = cache_head;
+ while ( (NULL != (pos = next)) &&
+ ( (NULL == pos->records_head) ||
+ (0 != strcmp (get_hostname (pos), hostname)) ||
+ (*get_record_type (pos) != record_type) ) )
+ {
+ next = pos->next;
+ remove_if_expired (pos);
+ }
+ if (NULL != pos)
+ {
+ if (GNUNET_NO == remove_if_expired (pos))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "found cache entry for '%s', record type '%u'\n",
+ hostname,
+ record_type);
+ struct Record *cache_pos = pos->records_head;
+ while (NULL != cache_pos)
+ {
+ send_reply (cache_pos->record,
+ request_id,
+ client);
+ cache_pos = cache_pos->next;
+ }
+ send_end_msg (request_id,
+ client);
+ return GNUNET_YES;
+ }
+ }
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "no cache entry for '%s'\n",
+ hostname);
+ return GNUNET_NO;
}
}
+static void
+process_get (const char *hostname,
+ uint16_t record_type,
+ uint16_t request_id,
+ struct GNUNET_SERVICE_Client *client)
+{
+ if (GNUNET_NO == try_cache (hostname, record_type, request_id, client))
+ {
+ int result = resolve_and_cache (hostname,
+ record_type,
+ request_id,
+ client);
+ GNUNET_assert (GNUNET_OK == result);
+ }
+}
+
+
/**
* Handle GET-message.
*
const struct GNUNET_RESOLVER_GetMessage *msg)
{
struct GNUNET_SERVICE_Client *client = cls;
- const void *ip;
int direction;
int af;
- uint32_t id;
+ uint16_t request_id;
+ const char *hostname;
direction = ntohl (msg->direction);
af = ntohl (msg->af);
- id = ntohl (msg->id);
+ request_id = ntohs (msg->id);
if (GNUNET_NO == direction)
{
/* IP from hostname */
- const char *hostname;
-
- hostname = (const char *) &msg[1];
- get_ip_from_hostname (client,
- hostname,
- af,
- id);
- return;
+ hostname = GNUNET_strdup ((const char *) &msg[1]);
+ switch (af)
+ {
+ case AF_UNSPEC:
+ {
+ process_get (hostname, GNUNET_DNSPARSER_TYPE_ALL, request_id, client);
+ break;
+ }
+ case AF_INET:
+ {
+ process_get (hostname, GNUNET_DNSPARSER_TYPE_A, request_id, client);
+ break;
+ }
+ case AF_INET6:
+ {
+ process_get (hostname, GNUNET_DNSPARSER_TYPE_AAAA, request_id, client);
+ break;
+ }
+ default:
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "got invalid af: %d\n",
+ af);
+ GNUNET_assert (0);
+ }
+ }
+ }
+ else
+ {
+ /* hostname from IP */
+ hostname = make_reverse_hostname (&msg[1], af);
+ process_get (hostname, GNUNET_DNSPARSER_TYPE_PTR, request_id, client);
}
- ip = &msg[1];
+ GNUNET_free_non_null ((char *)hostname);
+ GNUNET_SERVICE_client_continue (client);
+}
-#if !defined(GNUNET_CULL_LOGGING)
+
+static void
+shutdown_task (void *cls)
+{
+ (void) cls;
+ struct ResolveCache *pos;
+
+ while (NULL != (pos = cache_head))
{
- char buf[INET6_ADDRSTRLEN];
+ GNUNET_CONTAINER_DLL_remove (cache_head,
+ cache_tail,
+ pos);
+ free_cache_entry (pos);
+ }
+ GNUNET_DNSSTUB_stop (dnsstub_ctx);
+}
+
+static void
+init_cb (void *cls,
+ const struct GNUNET_CONFIGURATION_Handle *cfg,
+ struct GNUNET_SERVICE_Handle *sh)
+{
+ (void) cfg;
+ (void) sh;
+
+ GNUNET_SCHEDULER_add_shutdown (&shutdown_task,
+ cls);
+ dnsstub_ctx = GNUNET_DNSSTUB_start (128);
+ char **dns_servers;
+ ssize_t num_dns_servers = lookup_dns_servers (&dns_servers);
+ if (0 == num_dns_servers)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "no DNS server available. DNS resolution will not be possible.\n");
+ }
+ for (int i = 0; i != num_dns_servers; i++)
+ {
+ int result = GNUNET_DNSSTUB_add_dns_ip (dnsstub_ctx, dns_servers[i]);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Resolver asked to look up IP address `%s (request ID %u)'.\n",
- inet_ntop (af,
- ip,
- buf,
- sizeof (buf)),
- id);
+ "Adding DNS server '%s': %s\n",
+ dns_servers[i],
+ GNUNET_OK == result ? "success" : "failure");
+ GNUNET_free (dns_servers[i]);
}
-#endif
- get_ip_as_string (client,
- af,
- ip,
- id);
+ GNUNET_free_non_null (dns_servers);
}
(void) cls;
(void) mq;
-#if HAVE_GETADDRINFO_A
- resolve_result_pipe = GNUNET_DISK_pipe (GNUNET_NO,
- GNUNET_NO,
- GNUNET_NO,
- GNUNET_NO);
- GNUNET_assert (NULL != resolve_result_pipe);
- resolve_result_pipe_task =
- GNUNET_SCHEDULER_add_read_file (GNUNET_TIME_UNIT_FOREVER_REL,
- GNUNET_DISK_pipe_handle (resolve_result_pipe,
- GNUNET_DISK_PIPE_END_READ),
- &resolve_result_pipe_cb,
- NULL);
-#endif
return c;
}
void *internal_cls)
{
(void) cls;
+ struct ResolveCache *pos = cache_head;
-#if HAVE_GETADDRINFO_A
- if (NULL != resolve_result_pipe_task)
- {
- GNUNET_SCHEDULER_cancel (resolve_result_pipe_task);
- resolve_result_pipe_task = NULL;
- }
- if (NULL != resolve_result_pipe)
+ while (NULL != pos)
{
- GNUNET_DISK_pipe_close (resolve_result_pipe);
- resolve_result_pipe = NULL;
+ if (pos->client == c)
+ {
+ pos->client = NULL;
+ }
+ pos = pos->next;
}
-#endif
GNUNET_assert (c == internal_cls);
}
GNUNET_SERVICE_MAIN
("resolver",
GNUNET_SERVICE_OPTION_NONE,
- NULL,
+ &init_cb,
&connect_cb,
&disconnect_cb,
NULL,
#endif
-/**
- * Free globals on exit.
- */
-void __attribute__ ((destructor))
-GNUNET_RESOLVER_memory_done ()
-{
- struct IPCache *pos;
-
- while (NULL != (pos = cache_head))
- {
- GNUNET_CONTAINER_DLL_remove (cache_head,
- cache_tail,
- pos);
- GNUNET_free_non_null (pos->addr);
- GNUNET_free (pos);
- }
-}
-
-
/* end of gnunet-service-resolver.c */
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2010 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file src/util/gnunet-timeout-w32.c
+ * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period
+ * @author LRN
+ */
+
+#include <windows.h>
+#include <sys/types.h>
+#include <stdio.h>
+
+int
+main (int argc, char *argv[])
+{
+ int i;
+ DWORD wait_result;
+ wchar_t *commandline;
+ wchar_t **wargv;
+ wchar_t *arg;
+ unsigned int cmdlen;
+ STARTUPINFOW start;
+ PROCESS_INFORMATION proc;
+
+ wchar_t wpath[MAX_PATH + 1];
+
+ wchar_t *pathbuf;
+ DWORD pathbuf_len, alloc_len;
+ wchar_t *ptr;
+ wchar_t *non_const_filename;
+ wchar_t *wcmd;
+ int wargc;
+ int timeout = 0;
+ ssize_t wrote;
+
+ HANDLE job;
+
+ if (argc < 3)
+ {
+ printf
+ ("arg 1: timeout in sec., arg 2: executable, arg<n> arguments\n");
+ exit (1);
+ }
+
+ timeout = atoi (argv[1]);
+
+ if (timeout == 0)
+ timeout = 600;
+
+ commandline = GetCommandLineW ();
+ if (commandline == NULL)
+ {
+ printf ("Failed to get commandline: %lu\n", GetLastError ());
+ exit (2);
+ }
+
+ wargv = CommandLineToArgvW (commandline, &wargc);
+ if (wargv == NULL || wargc <= 1)
+ {
+ printf ("Failed to get parse commandline: %lu\n", GetLastError ());
+ exit (3);
+ }
+
+ job = CreateJobObject (NULL, NULL);
+ if (job == NULL)
+ {
+ printf ("Failed to create a job: %lu\n", GetLastError ());
+ exit (4);
+ }
+
+ pathbuf_len = GetEnvironmentVariableW (L"PATH", (wchar_t *) &pathbuf, 0);
+
+ alloc_len = pathbuf_len + 1;
+
+ pathbuf = malloc (alloc_len * sizeof (wchar_t));
+
+ ptr = pathbuf;
+
+ alloc_len = GetEnvironmentVariableW (L"PATH", ptr, pathbuf_len);
+
+ cmdlen = wcslen (wargv[2]);
+ if (cmdlen < 5 || wcscmp (&wargv[2][cmdlen - 4], L".exe") != 0)
+ {
+ non_const_filename = malloc (sizeof (wchar_t) * (cmdlen + 5));
+ swprintf (non_const_filename, cmdlen + 5, L"%S.exe", wargv[2]);
+ }
+ else
+ {
+ non_const_filename = wcsdup (wargv[2]);
+ }
+
+ /* Check that this is the full path. If it isn't, search. */
+ if (non_const_filename[1] == L':')
+ swprintf (wpath, sizeof (wpath) / sizeof (wchar_t), L"%S", non_const_filename);
+ else if (!SearchPathW
+ (pathbuf, non_const_filename, NULL, sizeof (wpath) / sizeof (wchar_t),
+ wpath, NULL))
+ {
+ printf ("Failed to get find executable: %lu\n", GetLastError ());
+ exit (5);
+ }
+ free (pathbuf);
+ free (non_const_filename);
+
+ cmdlen = wcslen (wpath) + 4;
+ i = 3;
+ while (NULL != (arg = wargv[i++]))
+ cmdlen += wcslen (arg) + 4;
+
+ wcmd = malloc (sizeof (wchar_t) * (cmdlen + 1));
+ wrote = 0;
+ i = 2;
+ while (NULL != (arg = wargv[i++]))
+ {
+ /* This is to escape trailing slash */
+ wchar_t arg_lastchar = arg[wcslen (arg) - 1];
+ if (wrote == 0)
+ {
+ wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\" ", wpath,
+ arg_lastchar == L'\\' ? L"\\" : L"");
+ }
+ else
+ {
+ if (wcschr (arg, L' ') != NULL)
+ wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"\"%S%S\"%S", arg,
+ arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" ");
+ else
+ wrote += swprintf (&wcmd[wrote], cmdlen + 1 - wrote, L"%S%S%S", arg,
+ arg_lastchar == L'\\' ? L"\\" : L"", i == wargc ? L"" : L" ");
+ }
+ }
+
+ LocalFree (wargv);
+
+ memset (&start, 0, sizeof (start));
+ start.cb = sizeof (start);
+
+ if (!CreateProcessW (wpath, wcmd, NULL, NULL, TRUE, CREATE_SUSPENDED,
+ NULL, NULL, &start, &proc))
+ {
+ wprintf (L"Failed to get spawn process `%S' with arguments `%S': %lu\n", wpath, wcmd, GetLastError ());
+ exit (6);
+ }
+
+ AssignProcessToJobObject (job, proc.hProcess);
+
+ ResumeThread (proc.hThread);
+ CloseHandle (proc.hThread);
+
+ free (wcmd);
+
+ wait_result = WaitForSingleObject (proc.hProcess, timeout * 1000);
+ if (wait_result == WAIT_OBJECT_0)
+ {
+ DWORD status;
+ wait_result = GetExitCodeProcess (proc.hProcess, &status);
+ CloseHandle (proc.hProcess);
+ if (wait_result != 0)
+ {
+ printf ("Test process exited with result %lu\n", status);
+ TerminateJobObject (job, status);
+ exit (status);
+ }
+ printf ("Test process exited (failed to obtain exit status)\n");
+ TerminateJobObject (job, 0);
+ exit (0);
+ }
+ printf ("Child processes were killed after timeout of %u seconds\n",
+ timeout);
+ TerminateJobObject (job, 1);
+ CloseHandle (proc.hProcess);
+ exit (1);
+}
+
+/* end of timeout_watchdog_w32.c */
--- /dev/null
+/*
+ This file is part of GNUnet
+ Copyright (C) 2010 GNUnet e.V.
+
+ GNUnet is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @file src/util/gnunet-timeout.c
+ * @brief small tool starting a child process, waiting that it terminates or killing it after a given timeout period
+ * @author Matthias Wachs
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+static pid_t child;
+
+
+static void
+sigchld_handler (int val)
+{
+ int status = 0;
+ int ret = 0;
+
+ (void) val;
+ waitpid (child,
+ &status,
+ 0);
+ if (WIFEXITED (status) != 0)
+ {
+ ret = WEXITSTATUS (status);
+ fprintf (stderr,
+ "Process exited with result %u\n",
+ ret);
+ exit (ret); /* return same status code */
+ }
+ if (WIFSIGNALED (status) != 0)
+ {
+ ret = WTERMSIG (status);
+ fprintf (stderr,
+ "Process received signal %u\n",
+ ret);
+ kill (getpid (),
+ ret); /* kill self with the same signal */
+ }
+ exit (-1);
+}
+
+
+static void
+sigint_handler (int val)
+{
+ kill (0,
+ val);
+ exit (val);
+}
+
+
+int
+main (int argc,
+ char *argv[])
+{
+ int timeout = 0;
+ pid_t gpid = 0;
+
+ if (argc < 3)
+ {
+ fprintf (stderr,
+ "arg 1: timeout in sec., arg 2: executable, arg<n> arguments\n");
+ exit (-1);
+ }
+
+ timeout = atoi (argv[1]);
+
+ if (timeout == 0)
+ timeout = 600;
+
+ /* with getpgid() it does not compile, but getpgrp is the BSD version and working */
+ gpid = getpgrp ();
+
+ signal (SIGCHLD, sigchld_handler);
+ signal (SIGABRT, sigint_handler);
+ signal (SIGFPE, sigint_handler);
+ signal (SIGILL, sigint_handler);
+ signal (SIGINT, sigint_handler);
+ signal (SIGSEGV, sigint_handler);
+ signal (SIGTERM, sigint_handler);
+
+ child = fork ();
+ if (child == 0)
+ {
+ /* int setpgrp(pid_t pid, pid_t pgid); is not working on this machine */
+ //setpgrp (0, pid_t gpid);
+ if (-1 != gpid)
+ setpgid (0, gpid);
+ execvp (argv[2],
+ &argv[2]);
+ exit (-1);
+ }
+ if (child > 0)
+ {
+ sleep (timeout);
+ printf ("Child processes were killed after timeout of %u seconds\n",
+ timeout);
+ kill (0,
+ SIGTERM);
+ exit (3);
+ }
+ exit (-1);
+}
+
+/* end of timeout_watchdog.c */
* identifies the request and is contained in the response message. The
* client has to match response to request by this identifier.
*/
- uint32_t id GNUNET_PACKED;
+ uint16_t id GNUNET_PACKED;
/* followed by 0-terminated string for A/AAAA-lookup or
by 'struct in_addr' / 'struct in6_addr' for reverse lookup */
* identifies the request this message responds to. The client
* has to match response to request by this identifier.
*/
- uint32_t id GNUNET_PACKED;
+ uint16_t id GNUNET_PACKED;
/* followed by 0-terminated string for response to a reverse lookup
* or by 'struct in_addr' / 'struct in6_addr' for response to
*/
static struct GNUNET_RESOLVER_RequestHandle *req_tail;
-/**
- * ID of the last request we sent to the service
- */
-static uint32_t last_request_id;
+///**
+// * ID of the last request we sent to the service
+// */
+//static uint16_t last_request_id;
/**
* How long should we wait to reconnect?
GNUNET_MESSAGE_TYPE_RESOLVER_REQUEST);
msg->direction = htonl (rh->direction);
msg->af = htonl (rh->af);
- msg->id = htonl (rh->id);
+ msg->id = htons (rh->id);
GNUNET_memcpy (&msg[1],
&rh[1],
rh->data_len);
struct GNUNET_RESOLVER_RequestHandle *rh = req_head;
uint16_t size;
char *nret;
- uint32_t request_id = msg->id;
+ uint16_t request_id = msg->id;
for (; rh != NULL; rh = rh->next)
{
}
+static uint16_t
+get_request_id ()
+{
+ return (uint16_t) GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_NONCE,
+ UINT16_MAX);
+}
+
+
/**
* Convert a string to one or more IP addresses.
*
hostname);
rh = GNUNET_malloc (sizeof (struct GNUNET_RESOLVER_RequestHandle) + slen);
rh->af = af;
- rh->id = ++last_request_id;
+ //rh->id = ++last_request_id;
+ rh->id = get_request_id ();
rh->addr_callback = callback;
rh->cls = callback_cls;
GNUNET_memcpy (&rh[1],
rh->name_callback = callback;
rh->cls = cls;
rh->af = sa->sa_family;
- rh->id = ++last_request_id;
+ //rh->id = ++last_request_id;
+ rh->id = get_request_id ();
rh->timeout = GNUNET_TIME_relative_to_absolute (timeout);
GNUNET_memcpy (&rh[1],
ip,
/* scheduler must be running */
GNUNET_assert (NULL != scheduler_driver);
- GNUNET_assert ( (NULL != active_task) ||
- (GNUNET_NO == task->lifeness) );
is_fd_task = (NULL != task->fds);
if (is_fd_task)
{
{
struct GNUNET_SCHEDULER_Task *t;
+ /* scheduler must be running */
+ GNUNET_assert (NULL != scheduler_driver);
GNUNET_assert (NULL != task);
- GNUNET_assert ((NULL != active_task) ||
- (GNUNET_SCHEDULER_REASON_STARTUP == reason));
t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
t->read_fd = -1;
t->write_fd = -1;
struct GNUNET_SCHEDULER_Task *pos;
struct GNUNET_SCHEDULER_Task *prev;
- GNUNET_assert (NULL != active_task);
+ /* scheduler must be running */
+ GNUNET_assert (NULL != scheduler_driver);
GNUNET_assert (NULL != task);
t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
t->callback = task;
{
struct GNUNET_SCHEDULER_Task *t;
- GNUNET_assert (NULL != active_task);
+ /* scheduler must be running */
+ GNUNET_assert (NULL != scheduler_driver);
GNUNET_assert (NULL != task);
t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
t->callback = task;
{
struct GNUNET_SCHEDULER_Task *t;
- GNUNET_assert (NULL != active_task);
+ /* scheduler must be running */
+ GNUNET_assert (NULL != scheduler_driver);
GNUNET_assert (NULL != task);
t = GNUNET_new (struct GNUNET_SCHEDULER_Task);
init_fd_info (t,
/* scheduler must be running */
GNUNET_assert (NULL != scheduler_driver);
- GNUNET_assert (NULL != active_task);
GNUNET_assert (NULL != task);
int no_rs = (NULL == rs);
int no_ws = (NULL == ws);
if (timeout.abs_value_us > now.abs_value_us)
{
/**
- * The driver called this function before the current timeout was
- * reached (and no FD tasks are ready). This can happen in the
- * rare case when the system time is changed while the driver is
- * waiting for the timeout, so we handle this gracefully. It might
- * also be a programming error in the driver though.
+ * The event loop called this function before the current timeout was
+ * reached (and no FD tasks are ready). This is acceptable if
+ *
+ * - the system time was changed while the driver was waiting for
+ * the timeout
+ * - an external event loop called GNUnet API functions outside of
+ * the callbacks called in GNUNET_SCHEDULER_do_work and thus
+ * wasn't notified about the new timeout
+ *
+ * It might also mean we are busy-waiting because of a programming
+ * error in the external event loop.
*/
LOG (GNUNET_ERROR_TYPE_DEBUG,
"GNUNET_SCHEDULER_do_work did not find any ready "
"tasks and timeout has not been reached yet.\n");
- return GNUNET_NO;
}
- /**
- * the current timeout was reached but no ready tasks were found,
- * internal scheduler error!
- */
- GNUNET_assert (0);
- }
-
- /* find out which task priority level we are going to
- process this time */
- max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
- GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
- /* yes, p>0 is correct, 0 is "KEEP" which should
- * always be an empty queue (see assertion)! */
- for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
- {
- pos = ready_head[p];
- if (NULL != pos)
- break;
+ else
+ {
+ /**
+ * the current timeout was reached but no ready tasks were found,
+ * internal scheduler error!
+ */
+ GNUNET_assert (0);
+ }
}
- GNUNET_assert (NULL != pos); /* ready_count wrong? */
-
- /* process all tasks at this priority level, then yield */
- while (NULL != (pos = ready_head[p]))
+ else
{
- GNUNET_CONTAINER_DLL_remove (ready_head[p],
- ready_tail[p],
- pos);
- ready_count--;
- current_priority = pos->priority;
- current_lifeness = pos->lifeness;
- active_task = pos;
-#if PROFILE_DELAYS
- if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
- DELAY_THRESHOLD.rel_value_us)
+ /* find out which task priority level we are going to
+ process this time */
+ max_priority_added = GNUNET_SCHEDULER_PRIORITY_KEEP;
+ GNUNET_assert (NULL == ready_head[GNUNET_SCHEDULER_PRIORITY_KEEP]);
+ /* yes, p>0 is correct, 0 is "KEEP" which should
+ * always be an empty queue (see assertion)! */
+ for (p = GNUNET_SCHEDULER_PRIORITY_COUNT - 1; p > 0; p--)
{
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Task %p took %s to be scheduled\n",
- pos,
- GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
- GNUNET_YES));
+ pos = ready_head[p];
+ if (NULL != pos)
+ break;
}
-#endif
- tc.reason = pos->reason;
- GNUNET_NETWORK_fdset_zero (sh->rs);
- GNUNET_NETWORK_fdset_zero (sh->ws);
- // FIXME: do we have to remove FdInfos from fds if they are not ready?
- tc.fds_len = pos->fds_len;
- tc.fds = pos->fds;
- for (unsigned int i = 0; i != pos->fds_len; ++i)
+ GNUNET_assert (NULL != pos); /* ready_count wrong? */
+
+ /* process all tasks at this priority level, then yield */
+ while (NULL != (pos = ready_head[p]))
{
- struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
- if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+ GNUNET_CONTAINER_DLL_remove (ready_head[p],
+ ready_tail[p],
+ pos);
+ ready_count--;
+ current_priority = pos->priority;
+ current_lifeness = pos->lifeness;
+ active_task = pos;
+#if PROFILE_DELAYS
+ if (GNUNET_TIME_absolute_get_duration (pos->start_time).rel_value_us >
+ DELAY_THRESHOLD.rel_value_us)
{
- GNUNET_NETWORK_fdset_set_native (sh->rs,
- fdi->sock);
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Task %p took %s to be scheduled\n",
+ pos,
+ GNUNET_STRINGS_relative_time_to_string (GNUNET_TIME_absolute_get_duration (pos->start_time),
+ GNUNET_YES));
}
- if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+#endif
+ tc.reason = pos->reason;
+ GNUNET_NETWORK_fdset_zero (sh->rs);
+ GNUNET_NETWORK_fdset_zero (sh->ws);
+ // FIXME: do we have to remove FdInfos from fds if they are not ready?
+ tc.fds_len = pos->fds_len;
+ tc.fds = pos->fds;
+ for (unsigned int i = 0; i != pos->fds_len; ++i)
{
- GNUNET_NETWORK_fdset_set_native (sh->ws,
- fdi->sock);
+ struct GNUNET_SCHEDULER_FdInfo *fdi = &pos->fds[i];
+ if (0 != (GNUNET_SCHEDULER_ET_IN & fdi->et))
+ {
+ GNUNET_NETWORK_fdset_set_native (sh->rs,
+ fdi->sock);
+ }
+ if (0 != (GNUNET_SCHEDULER_ET_OUT & fdi->et))
+ {
+ GNUNET_NETWORK_fdset_set_native (sh->ws,
+ fdi->sock);
+ }
}
- }
- tc.read_ready = sh->rs;
- tc.write_ready = sh->ws;
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- "Running task %p\n",
- pos);
- GNUNET_assert (NULL != pos->callback);
- pos->callback (pos->callback_cls);
- if (NULL != pos->fds)
- {
- int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
- if (GNUNET_OK != del_result)
+ tc.read_ready = sh->rs;
+ tc.write_ready = sh->ws;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ "Running task %p\n",
+ pos);
+ GNUNET_assert (NULL != pos->callback);
+ pos->callback (pos->callback_cls);
+ if (NULL != pos->fds)
{
- LOG (GNUNET_ERROR_TYPE_ERROR,
- "driver could not delete task %p\n", pos);
- GNUNET_assert (0);
+ int del_result = scheduler_driver->del (scheduler_driver->cls, pos);
+ if (GNUNET_OK != del_result)
+ {
+ LOG (GNUNET_ERROR_TYPE_ERROR,
+ "driver could not delete task %p\n", pos);
+ GNUNET_assert (0);
+ }
}
+ active_task = NULL;
+ dump_backtrace (pos);
+ destroy_task (pos);
}
- active_task = NULL;
- dump_backtrace (pos);
- destroy_task (pos);
}
shutdown_if_no_lifeness ();
if (0 == ready_count)
GNUNET_SCHEDULER_driver_init (const struct GNUNET_SCHEDULER_Driver *driver)
{
struct GNUNET_SCHEDULER_Handle *sh;
- struct GNUNET_SCHEDULER_Task tsk;
const struct GNUNET_DISK_FileHandle *pr;
- /* general set-up */
- GNUNET_assert (NULL == active_task);
+ /* scheduler must not be running */
+ GNUNET_assert (NULL == scheduler_driver);
GNUNET_assert (NULL == shutdown_pipe_handle);
+ /* general set-up */
sh = GNUNET_new (struct GNUNET_SCHEDULER_Handle);
shutdown_pipe_handle = GNUNET_DISK_pipe (GNUNET_NO,
GNUNET_NO,
/* Setup initial tasks */
current_priority = GNUNET_SCHEDULER_PRIORITY_DEFAULT;
current_lifeness = GNUNET_NO;
- memset (&tsk,
- 0,
- sizeof (tsk));
- active_task = &tsk;
install_parent_control_task =
GNUNET_SCHEDULER_add_now (&install_parent_control_handler,
NULL);
&shutdown_pipe_cb,
NULL);
current_lifeness = GNUNET_YES;
- active_task = NULL;
scheduler_driver->set_wakeup (scheduler_driver->cls,
get_timeout ());
/* begin main event loop */
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Encode into Base64.
*
- * @param data the data to encode
+ * @param in the data to encode
* @param len the length of the input
* @param output where to write the output (*output should be NULL,
* is allocated)
* @return the size of the output
*/
size_t
-GNUNET_STRINGS_base64_encode (const char *data,
+GNUNET_STRINGS_base64_encode (const void *in,
size_t len,
char **output)
{
- size_t i;
- char c;
+ const char *data = in;
size_t ret;
char *opt;
ret = 0;
opt = GNUNET_malloc (2 + (len * 4 / 3) + 8);
- *output = opt;
- for (i = 0; i < len; ++i)
+ for (size_t i = 0; i < len; ++i)
{
+ char c;
+
c = (data[i] >> 2) & 0x3f;
opt[ret++] = cvt[(int) c];
c = (data[i] << 4) & 0x3f;
}
}
opt[ret++] = FILLCHAR;
+ *output = opt;
return ret;
}
*/
size_t
GNUNET_STRINGS_base64_decode (const char *data,
- size_t len, char **output)
+ size_t len,
+ void **out)
{
- size_t i;
- char c;
- char c1;
+ char *output;
size_t ret = 0;
#define CHECK_CRLF while (data[i] == '\r' || data[i] == '\n') {\
if (i >= len) goto END; \
}
- *output = GNUNET_malloc ((len * 3 / 4) + 8);
+ output = GNUNET_malloc ((len * 3 / 4) + 8);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"base64_decode decoding len=%d\n",
(int) len);
- for (i = 0; i < len; ++i)
+ for (size_t i = 0; i < len; ++i)
{
+ char c;
+ char c1;
+
CHECK_CRLF;
if (FILLCHAR == data[i])
break;
CHECK_CRLF;
c1 = (char) cvtfind (data[i]);
c = (c << 2) | ((c1 >> 4) & 0x3);
- (*output)[ret++] = c;
+ output[ret++] = c;
if (++i < len)
{
CHECK_CRLF;
break;
c = (char) cvtfind (c);
c1 = ((c1 << 4) & 0xf0) | ((c >> 2) & 0xf);
- (*output)[ret++] = c1;
+ output[ret++] = c1;
}
if (++i < len)
{
c1 = (char) cvtfind (c1);
c = ((c << 6) & 0xc0) | c1;
- (*output)[ret++] = c;
+ output[ret++] = c;
}
}
END:
+ *out = output;
return ret;
}
-
-
-
/* end of strings.c */
projects / oweals / gnunet.git / commitdiff
