[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36740 - in gnunet/src: identity-token namestore
From: |
gnunet |
Subject: |
[GNUnet-SVN] r36740 - in gnunet/src: identity-token namestore |
Date: |
Tue, 8 Dec 2015 15:25:00 +0100 |
Author: schanzen
Date: 2015-12-08 15:25:00 +0100 (Tue, 08 Dec 2015)
New Revision: 36740
Modified:
gnunet/src/identity-token/Makefile.am
gnunet/src/identity-token/plugin_rest_identity_token.c
gnunet/src/namestore/plugin_rest_namestore.c
Log:
-update
Modified: gnunet/src/identity-token/Makefile.am
===================================================================
--- gnunet/src/identity-token/Makefile.am 2015-12-08 11:19:17 UTC (rev
36739)
+++ gnunet/src/identity-token/Makefile.am 2015-12-08 14:25:00 UTC (rev
36740)
@@ -47,6 +47,7 @@
$(top_builddir)/src/identity/libgnunetidentity.la \
$(top_builddir)/src/rest/libgnunetrest.la \
$(top_builddir)/src/namestore/libgnunetnamestore.la \
+ $(top_builddir)/src/gns/libgnunetgns.la \
$(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
$(LTLIBINTL) -ljansson -lmicrohttpd
libgnunet_plugin_rest_identity_token_la_LDFLAGS = \
Modified: gnunet/src/identity-token/plugin_rest_identity_token.c
===================================================================
--- gnunet/src/identity-token/plugin_rest_identity_token.c 2015-12-08
11:19:17 UTC (rev 36739)
+++ gnunet/src/identity-token/plugin_rest_identity_token.c 2015-12-08
14:25:00 UTC (rev 36740)
@@ -27,6 +27,7 @@
#include "platform.h"
#include "gnunet_rest_plugin.h"
#include "gnunet_identity_service.h"
+#include "gnunet_gns_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_namestore_service.h"
#include "gnunet_rest_lib.h"
@@ -37,20 +38,35 @@
/**
* REST root namespace
*/
-#define GNUNET_REST_API_NS_IDENTITY_TOKEN "/token"
+#define GNUNET_REST_API_NS_IDENTITY_TOKEN "/gnuid"
/**
* Issue namespace
*/
-#define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/token/issue"
+#define GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE "/gnuid/issue"
/**
* Check namespace
*/
-#define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/token/check"
+#define GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK "/gnuid/check"
+/**
+ * OAuth2 namespace
+ */
+#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN "/gnuid/token"
/**
+ * OAuth2 namespace
+ */
+#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize"
+
+#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_CODE "code"
+
+#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE
"authorization_code"
+
+#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE "grant_type"
+
+/**
* State while collecting all egos
*/
#define ID_REST_STATE_INIT 0
@@ -194,6 +210,11 @@
struct GNUNET_NAMESTORE_Handle *ns_handle;
/**
+ * Handle to GNS service
+ */
+ struct GNUNET_GNS_Handle *gns_handle;
+
+ /**
* NS iterator
*/
struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
@@ -212,6 +233,11 @@
* ID of a task associated with the resolution process.
*/
struct GNUNET_SCHEDULER_Task * timeout_task;
+
+ /**
+ * GNS lookup
+ */
+ struct GNUNET_GNS_LookupRequest *lookup_request;
/**
* The plugin result processor
@@ -296,6 +322,8 @@
GNUNET_SCHEDULER_cancel (handle->timeout_task);
if (NULL != handle->identity_handle)
GNUNET_IDENTITY_disconnect (handle->identity_handle);
+ if (NULL != handle->gns_handle)
+ GNUNET_GNS_disconnect (handle->gns_handle);
if (NULL != handle->ns_it)
GNUNET_NAMESTORE_zone_iteration_stop (handle->ns_it);
if (NULL != handle->ns_qe)
@@ -407,9 +435,10 @@
char *token;
char *exp_str;
char *renew_str;
+ char *rnd_str;
uint64_t time;
uint64_t exp_time;
- uint64_t lbl;
+ uint64_t lbl_key;
json_t *token_str;
json_t *name_str;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
@@ -421,11 +450,66 @@
struct GNUNET_HashCode key;
struct GNUNET_TIME_Relative etime_rel;
int renew_token = GNUNET_NO;
+/*
+ //Token audience
+ audience = NULL;
+ if ( GNUNET_YES !=
+ GNUNET_CONTAINER_multihashmap_contains
(handle->conndata_handle->url_param_map,
+ &key) )
+ {
+ handle->emsg = GNUNET_strdup ("Audience missing!\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ audience = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
+ &key);
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n",
audience);
+ //Create label for audience
+ if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (audience,
+ strlen
(audience),
+ &aud_pkey))
+ {
+ handle->emsg = GNUNET_strdup ("Client PKEY invalid!\n");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ new_privkey = GNUNET_CRYPTO_ecdhe_key_create();
+
+ GNUNET_CRYPTO_ecdh_ecdsa (new_privkey,
+ &aud_pkey,
+ &new_key_hash);
+
+ GNUNET_CRYPTO_ecdhe_key_get_public (new_privkey,
+ new_pubkey);
+ static const char ctx_key[] = "gnuid-aes-ctx-key";
+ GNUNET_CRYPTO_kdf (&skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
+ new_pubkey, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
+ ctx_key, strlen (ctx_key),
+ NULL, 0);
+ static const char ctx_iv[] = "gnuid-aes-ctx-iv";
+ GNUNET_CRYPTO_kdf (&iv, sizeof (struct
GNUNET_CRYPTO_SymmetricInitializationVector),
+ new_pubkey, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
+ ctx_iv, strlen (ctx_iv),
+ NULL, 0);
+*/
+ //TODO: Encrypt the label
time = GNUNET_TIME_absolute_get().abs_value_us;
- lbl = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG, UINT64_MAX);
- GNUNET_STRINGS_base64_encode ((char*)&lbl, sizeof (uint64_t), &lbl_str);
+ lbl_key = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_STRONG,
UINT64_MAX);
+ GNUNET_asprintf (&rnd_str,
+ "{\"nonce\": \"%uul\",\"identity\": \"%s\"}",
+ lbl_key, handle->ego_entry->keystring);
+ GNUNET_STRINGS_base64_encode (rnd_str, strlen (rnd_str), &lbl_str);
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST,
+ strlen (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST),
+ &key);
+/*
+ GNUNET_CRYPTO_symmetric_encrypt (handle->ego_entry->keystring, strlen
(handle->ego_entry->keystring),
+ &skey, &iv,
+ &block[1]);
+
+*/
GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_EXP_STRING,
strlen (GNUNET_IDENTITY_TOKEN_EXP_STRING),
&key);
@@ -436,9 +520,11 @@
&key))
{
exp_str = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
- &key);
+ &key);
}
+
+
if (NULL == exp_str) {
handle->emsg = GNUNET_strdup ("No expiration given!\n");
GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -446,8 +532,8 @@
}
if (GNUNET_OK !=
- GNUNET_STRINGS_fancy_time_to_relative (exp_str,
- &etime_rel))
+ GNUNET_STRINGS_fancy_time_to_relative (exp_str,
+ &etime_rel))
{
handle->emsg = GNUNET_strdup ("Expiration invalid!\n");
GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -454,7 +540,7 @@
return;
}
exp_time = time + etime_rel.rel_value_us;
-
+
//Get renewal policy for token
GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_RENEW_TOKEN,
strlen (GNUNET_IDENTITY_TOKEN_RENEW_TOKEN),
@@ -510,8 +596,9 @@
&sig))
GNUNET_break(0);
GNUNET_free (token);
- sig_str = GNUNET_STRINGS_data_to_string_alloc (&sig,
- sizeof (struct
GNUNET_CRYPTO_EcdsaSignature));
+ GNUNET_STRINGS_base64_encode ((const char*)&sig,
+ sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
+ &sig_str);
GNUNET_asprintf (&token, "%s.%s.%s",
header_base64, payload_base64, sig_str);
GNUNET_free (sig_str);
@@ -912,8 +999,154 @@
}
+static void
+process_lookup_result (void *cls, uint32_t rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct RequestHandle *handle = cls;
+ json_t *root;
+ struct MHD_Response *resp;
+ char *result;
+ char* token_str;
+ handle->lookup_request = NULL;
+ if (1 != rd_count)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Number of tokens %d != 1.",
+ rd_count);
+ handle->emsg = GNUNET_strdup ("Number of tokens != 1.");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ root = json_object();
+ token_str =
+ GNUNET_GNSRECORD_value_to_string (GNUNET_GNSRECORD_TYPE_ID_TOKEN,
+ rd->data,
+ rd->data_size);
+ json_object_set_new (root, "access_token", json_string (token_str));
+ json_object_set_new (root, "token_type", json_string ("gnuid"));
+ GNUNET_free (token_str);
+
+ result = json_dumps (root, JSON_INDENT(1));
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "%s\n", result);
+ resp = GNUNET_REST_create_json_response (result);
+ GNUNET_free (result);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ cleanup_handle (handle);
+ json_decref (root);
+}
+
+static void
+identity_master_cb (void *cls,
+ struct GNUNET_IDENTITY_Ego *ego,
+ void **ctx,
+ const char *name)
+{
+ struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode key;
+ json_t *root;
+ json_t *pkey_json;
+ json_error_t err_json;
+ const char* pkey_str;
+ char* code;
+ char* code_decoded;
+ char * lookup_query;
+
+ handle->op = NULL;
+
+ if (NULL == ego)
+ {
+ handle->emsg = GNUNET_strdup ("No GNS identity found.");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_CODE,
+ strlen (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_CODE),
+ &key);
+
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains
(handle->conndata_handle->url_param_map,
+ &key) )
+ {
+ handle->emsg = GNUNET_strdup ("No code given.");
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ code = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
+ &key);
+ GNUNET_STRINGS_base64_decode (code,
+ strlen (code),
+ &code_decoded);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "%s\n", code_decoded);
+ root = json_loads (code_decoded, JSON_DECODE_ANY, &err_json);
+ if (!root)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "%s\n", err_json.text);
+ }
+ pkey_json = json_object_get (root, "identity");
+ pkey_str = json_string_value (pkey_json);
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (pkey_str,
+ strlen (pkey_str),
+ &pkey);
+ json_decref (root);
+ handle->gns_handle = GNUNET_GNS_connect (cfg);
+ GNUNET_asprintf (&lookup_query, "%s.gnu", code);
+
+ handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle,
+ lookup_query,
+ &pkey,
+ GNUNET_GNSRECORD_TYPE_ID_TOKEN,
+ GNUNET_GNS_LO_LOCAL_MASTER,
+ NULL,
+ &process_lookup_result,
+ handle);
+ GNUNET_free (lookup_query);
+}
+
/**
+ * Respond to OAuth2 /token request
+ *
+ * @param con_handle the connection handle
+ * @param url the url
+ * @param cls the RequestHandle
+ */
+static void
+oauth_token_cont (struct RestConnectionDataHandle *con_handle,
+ const char* url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+ char* grant_type;
+ struct GNUNET_HashCode key;
+
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE,
+ strlen (GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE),
+ &key);
+
+ if ( GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_contains
(handle->conndata_handle->url_param_map,
+ &key) )
+ {
+ grant_type = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
+ &key);
+ }
+
+ if (0 == strcmp ("authorization_code", grant_type)) {
+ //Get token from GNS
+ handle->op = GNUNET_IDENTITY_get (handle->identity_handle,
+ "gns-master",
+ &identity_master_cb,
+ handle);
+ }
+}
+
+/**
* Respond to OPTIONS request
*
* @param con_handle the connection handle
@@ -951,6 +1184,7 @@
//{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK,
&check_token_cont},
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont},
{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN,
&options_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN,
&oauth_token_cont},
GNUNET_REST_HANDLER_END
};
Modified: gnunet/src/namestore/plugin_rest_namestore.c
===================================================================
--- gnunet/src/namestore/plugin_rest_namestore.c 2015-12-08 11:19:17 UTC
(rev 36739)
+++ gnunet/src/namestore/plugin_rest_namestore.c 2015-12-08 14:25:00 UTC
(rev 36740)
@@ -34,8 +34,14 @@
#define GNUNET_REST_API_NS_NAMESTORE "/names"
+#define GNUNET_REST_API_NS_NAMESTORE_ZKEY "/names/zkey"
+
#define GNUNET_REST_JSONAPI_NAMESTORE_TYPEINFO "record"
+#define GNUNET_REST_JSONAPI_NAMESTORE_NAME "name"
+
+#define GNUNET_REST_JSONAPI_NAMESTORE_REVINFO "revinfo"
+
#define GNUNET_REST_JSONAPI_NAMESTORE_RECORD
GNUNET_REST_JSONAPI_NAMESTORE_TYPEINFO
#define GNUNET_REST_JSONAPI_NAMESTORE_RECORD_TYPE "record_type"
@@ -48,6 +54,8 @@
#define GNUNET_REST_JSONAPI_NAMESTORE_PKEY "pkey"
+#define GNUNET_REST_JSONAPI_NAMESTORE_ZKEY "zkey"
+
#define GNUNET_REST_JSONAPI_NAMESTORE_EXPIRATION "expiration"
#define GNUNET_REST_JSONAPI_NAMESTORE_EGO "ego"
@@ -160,6 +168,11 @@
char *value;
/**
+ * Zkey string
+ */
+ const char* zkey_str;
+
+ /**
* record type
*/
uint32_t type;
@@ -174,12 +187,17 @@
*/
unsigned int rd_count;
- /**
+ /**
* NAMESTORE Operation
*/
struct GNUNET_NAMESTORE_QueueEntry *add_qe;
/**
+ * NAMESTORE Operation
+ */
+ struct GNUNET_NAMESTORE_QueueEntry *reverse_qe;
+
+ /**
* Desired timeout for the lookup (default is no timeout).
*/
struct GNUNET_TIME_Relative timeout;
@@ -213,7 +231,7 @@
* the length of the REST data
*/
size_t data_size;
-
+
/**
* Cfg
*/
@@ -416,7 +434,7 @@
json_array_append (result_array, record_obj);
json_decref (record_obj);
}
-
+
if (0 < json_array_size(result_array))
{
json_resource = GNUNET_REST_jsonapi_resource_new
(GNUNET_REST_JSONAPI_NAMESTORE_TYPEINFO,
@@ -774,10 +792,88 @@
&create_new_record_cont,
handle );
}
+static void
+namestore_zkey_response (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd)
+{
+ struct RequestHandle *handle = cls;
+ struct MHD_Response *resp;
+ struct JsonApiObject *json_obj;
+ struct JsonApiResource *json_res;
+ json_t *name_json;
+ char* result;
+ handle->reverse_qe = NULL;
+ json_obj = GNUNET_REST_jsonapi_object_new ();
+ if (NULL != label)
+ {
+ name_json = json_string (label);
+ json_res = GNUNET_REST_jsonapi_resource_new
(GNUNET_REST_JSONAPI_NAMESTORE_REVINFO,
+ handle->zkey_str);
+ GNUNET_REST_jsonapi_resource_add_attr (json_res,
+ GNUNET_REST_JSONAPI_NAMESTORE_NAME,
+ name_json);
+ GNUNET_REST_jsonapi_object_resource_add (json_obj, json_res);
+ json_decref (name_json);
+ }
+ //Handle response
+ if (GNUNET_SYSERR == GNUNET_REST_jsonapi_data_serialize (json_obj, &result))
+ {
+ GNUNET_REST_jsonapi_object_delete (json_obj);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ resp = GNUNET_REST_create_json_response (result);
+ handle->proc (handle->proc_cls, resp, MHD_HTTP_OK);
+ GNUNET_free (result);
+ GNUNET_SCHEDULER_add_now (&cleanup_handle_delayed, handle);
+ return;
+}
+static void
+namestore_zkey_cont (struct RestConnectionDataHandle *con,
+ const char *url,
+ void *cls)
+{
+ struct RequestHandle *handle = cls;
+ struct GNUNET_HashCode key;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pubkey;
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_NAMESTORE_ZKEY,
+ strlen (GNUNET_REST_JSONAPI_NAMESTORE_ZKEY),
+ &key);
+ if ( GNUNET_NO ==
+ GNUNET_CONTAINER_multihashmap_contains
(handle->conndata_handle->url_param_map,
+ &key) )
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "No zkey given %s\n", handle->url);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->zkey_str = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
+ &key);
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_ecdsa_public_key_from_string (handle->zkey_str,
+ strlen (handle->zkey_str),
+ &pubkey))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Zkey invalid %s\n", handle->zkey_str);
+ GNUNET_SCHEDULER_add_now (&do_error, handle);
+ return;
+ }
+ handle->reverse_qe = GNUNET_NAMESTORE_zone_to_name (handle->ns_handle,
+ &handle->zone_pkey,
+ &pubkey,
+ &namestore_zkey_response,
+ handle);
+}
+
static void
namestore_info_cont (struct RestConnectionDataHandle *con,
const char *url,
@@ -837,6 +933,7 @@
{
struct RequestHandle *handle = cls;
static const struct GNUNET_REST_RestConnectionHandler handlers[] = {
+ {MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_NAMESTORE_ZKEY,
&namestore_zkey_cont}, //reverse
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_NAMESTORE, &namestore_info_cont},
//list
{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_NAMESTORE,
&namestore_create_cont}, //create
// {MHD_HTTP_METHOD_PUT, GNUNET_REST_API_NS_NAMESTORE,
&namestore_edit_cont}, //update. TODO this shoul be PATCH
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36740 - in gnunet/src: identity-token namestore,
gnunet <=