[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r36794 - gnunet/src/identity-token
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] r36794 - gnunet/src/identity-token |
|
Date: |
Thu, 7 Jan 2016 22:02:11 +0100 |
Author: schanzen
Date: 2016-01-07 22:02:11 +0100 (Thu, 07 Jan 2016)
New Revision: 36794
Modified:
gnunet/src/identity-token/Makefile.am
gnunet/src/identity-token/gnunet-service-identity-token.c
gnunet/src/identity-token/identity-token.c
gnunet/src/identity-token/identity-token.h
gnunet/src/identity-token/plugin_rest_identity_token.c
Log:
- Start commenting. Major refactor
Modified: gnunet/src/identity-token/Makefile.am
===================================================================
--- gnunet/src/identity-token/Makefile.am 2016-01-07 17:07:20 UTC (rev
36793)
+++ gnunet/src/identity-token/Makefile.am 2016-01-07 21:02:11 UTC (rev
36794)
@@ -19,10 +19,10 @@
pkgcfg_DATA = \
identity-token.conf
-if HAVE_REST
plugin_LTLIBRARIES = \
libgnunet_plugin_rest_identity_token.la
-endif
+lib_LTLIBRARIES = \
+ libgnunetidentityprovider.la
bin_PROGRAMS = \
gnunet-identity-token
@@ -31,9 +31,9 @@
gnunet-service-identity-token
gnunet_service_identity_token_SOURCES = \
- gnunet-service-identity-token.c \
- identity-token.c
+ gnunet-service-identity-token.c
gnunet_service_identity_token_LDADD = \
+ libgnunetidentityprovider.la \
$(top_builddir)/src/gnsrecord/libgnunetgnsrecord.la \
$(top_builddir)/src/util/libgnunetutil.la \
$(top_builddir)/src/namestore/libgnunetnamestore.la \
@@ -41,9 +41,14 @@
$(GN_LIBINTL) \
-ljansson
+libgnunetidentityprovider_la_SOURCES = \
+ identity-token.c
+libgnunetidentityprovider_la_LIBADD = \
+ $(top_builddir)/src/util/libgnunetutil.la $(XLIBS) \
+ $(LTLIBINTL) -ljansson
+
libgnunet_plugin_rest_identity_token_la_SOURCES = \
- plugin_rest_identity_token.c \
- identity-token.c
+ plugin_rest_identity_token.c
libgnunet_plugin_rest_identity_token_la_LIBADD = \
$(top_builddir)/src/identity/libgnunetidentity.la \
$(top_builddir)/src/rest/libgnunetrest.la \
Modified: gnunet/src/identity-token/gnunet-service-identity-token.c
===================================================================
--- gnunet/src/identity-token/gnunet-service-identity-token.c 2016-01-07
17:07:20 UTC (rev 36793)
+++ gnunet/src/identity-token/gnunet-service-identity-token.c 2016-01-07
21:02:11 UTC (rev 36794)
@@ -30,7 +30,7 @@
#include "gnunet_namestore_service.h"
#include <jansson.h>
#include "gnunet_signatures.h"
-#include "identity-token.h"
+#include "gnunet_identity_provider_lib.h"
/**
* First pass state
@@ -102,7 +102,7 @@
/**
* Currently processed token
*/
-static struct IdentityToken *token;
+static struct GNUNET_IDENTITY_PROVIDER_Token *token;
/**
* Label for currently processed token
@@ -201,9 +201,8 @@
char *write_ptr;
char *enc_token_str;
const char *key;
- const char *iss;
- const char *aud;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
struct GNUNET_CRYPTO_EcdhePrivateKey *new_ecdhe_privkey;
struct EgoEntry *ego_entry = cls;
struct GNUNET_GNSRECORD_Data token_record[2];
@@ -215,7 +214,7 @@
struct GNUNET_TIME_Absolute new_exp;
struct GNUNET_TIME_Absolute new_iat;
struct GNUNET_TIME_Absolute new_nbf;
- struct IdentityToken *new_token;
+ struct GNUNET_IDENTITY_PROVIDER_Token *new_token;
json_t *payload_json;
json_t *value;
json_t *cur_value;
@@ -224,6 +223,8 @@
size_t token_metadata_len;
priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+ GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
+ &pub_key);
//Note: We need the token expiration time here. Not the record expiration
//time.
@@ -262,9 +263,8 @@
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Token is expired. Create a new one\n");
- iss = json_string_value (json_object_get (payload_json, "iss"));
- aud = json_string_value (json_object_get (payload_json, "aud"));
- new_token = identity_token_create (iss, aud);
+ new_token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key,
+ &token->aud_key);
new_exp = GNUNET_TIME_relative_to_absolute (token_rel_exp);
new_nbf = GNUNET_TIME_absolute_get ();
new_iat = new_nbf;
@@ -272,15 +272,15 @@
json_object_foreach(payload_json, key, value) {
if (0 == strcmp (key, "exp"))
{
- identity_token_add_json (new_token, key, json_integer
(new_exp.abs_value_us));
+ GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer
(new_exp.abs_value_us));
}
else if (0 == strcmp (key, "nbf"))
{
- identity_token_add_json (new_token, key, json_integer
(new_nbf.abs_value_us));
+ GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer
(new_nbf.abs_value_us));
}
else if (0 == strcmp (key, "iat"))
{
- identity_token_add_json (new_token, key, json_integer
(new_iat.abs_value_us));
+ GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, json_integer
(new_iat.abs_value_us));
}
else if ((0 == strcmp (key, "iss"))
|| (0 == strcmp (key, "aud")))
@@ -290,7 +290,7 @@
else if ((0 == strcmp (key, "sub"))
|| (0 == strcmp (key, "rnl")))
{
- identity_token_add_json (new_token, key, value);
+ GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, value);
}
else {
GNUNET_CRYPTO_hash (key,
@@ -302,16 +302,16 @@
{
cur_value = GNUNET_CONTAINER_multihashmap_get (ego_entry->attr_map,
&key_hash);
- identity_token_add_json (new_token, key, cur_value);
+ GNUNET_IDENTITY_PROVIDER_token_add_json (new_token, key, cur_value);
}
}
}
// reassemble and set
- GNUNET_assert (identity_token_serialize (new_token,
- priv_key,
- &new_ecdhe_privkey,
- &enc_token_str));
+ GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (new_token,
+ priv_key,
+ &new_ecdhe_privkey,
+ &enc_token_str));
json_decref (payload_json);
@@ -347,10 +347,10 @@
&store_token_cont,
ego_entry);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, ">>> Updating Token w/ %s\n",
new_token);
- identity_token_destroy (new_token);
+ GNUNET_IDENTITY_PROVIDER_token_destroy (new_token);
+ GNUNET_IDENTITY_PROVIDER_token_destroy (token);
GNUNET_free (new_ecdhe_privkey);
GNUNET_free (enc_token_str);
- GNUNET_free (token);
token = NULL;
GNUNET_free (label);
label = NULL;
@@ -438,16 +438,16 @@
}
GNUNET_assert (token_metadata_record->record_type ==
GNUNET_GNSRECORD_TYPE_ID_TOKEN_METADATA);
GNUNET_assert (token_record->record_type == GNUNET_GNSRECORD_TYPE_ID_TOKEN);
-
+
//Get metadata and decrypt token
ecdhe_privkey = *((struct GNUNET_CRYPTO_EcdhePrivateKey
*)token_metadata_record->data);
aud_key = (struct GNUNET_CRYPTO_EcdsaPublicKey
*)&ecdhe_privkey+sizeof(struct GNUNET_CRYPTO_EcdhePrivateKey);
scopes = GNUNET_strdup ((char*) aud_key+sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
- identity_token_parse2 (token_record->data,
- &ecdhe_privkey,
- aud_key,
- &token);
+ GNUNET_IDENTITY_PROVIDER_token_parse2 (token_record->data,
+ &ecdhe_privkey,
+ aud_key,
+ &token);
//token = GNUNET_GNSRECORD_value_to_string (rd->record_type,
// rd->data,
Modified: gnunet/src/identity-token/identity-token.c
===================================================================
--- gnunet/src/identity-token/identity-token.c 2016-01-07 17:07:20 UTC (rev
36793)
+++ gnunet/src/identity-token/identity-token.c 2016-01-07 21:02:11 UTC (rev
36794)
@@ -26,7 +26,7 @@
#include "platform.h"
#include "gnunet_util_lib.h"
#include "gnunet_signatures.h"
-#include "identity-token.h"
+#include "gnunet_identity_provider_lib.h"
#include <jansson.h>
@@ -189,14 +189,23 @@
* @param id the JSON API resource id
* @return a new JSON API resource or NULL on error.
*/
-struct IdentityToken*
-identity_token_create (const char* issuer,
- const char* audience)
+struct GNUNET_IDENTITY_PROVIDER_Token*
+GNUNET_IDENTITY_PROVIDER_token_create (const struct
GNUNET_CRYPTO_EcdsaPublicKey* iss,
+ const struct
GNUNET_CRYPTO_EcdsaPublicKey* aud)
{
- struct IdentityToken *token;
+ struct GNUNET_IDENTITY_PROVIDER_Token *token;
+ char* audience;
+ char* issuer;
- token = GNUNET_malloc (sizeof (struct IdentityToken));
+ issuer = GNUNET_STRINGS_data_to_string_alloc (iss,
+ sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
+ audience = GNUNET_STRINGS_data_to_string_alloc (aud,
+ sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
+
+
+ token = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token));
+
token->header = json_object();
token->payload = json_object();
@@ -206,16 +215,14 @@
json_object_set_new (token->payload, "iss", json_string (issuer));
json_object_set_new (token->payload, "aud", json_string (audience));
- GNUNET_STRINGS_string_to_data (audience,
- strlen (audience),
- &token->aud_key,
- sizeof (struct
GNUNET_CRYPTO_EcdsaPublicKey));
-
+ token->aud_key = *aud;
+ GNUNET_free (issuer);
+ GNUNET_free (audience);
return token;
}
void
-identity_token_destroy (struct IdentityToken *token)
+GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token
*token)
{
json_decref (token->header);
json_decref (token->payload);
@@ -223,9 +230,9 @@
}
void
-identity_token_add_attr (const struct IdentityToken *token,
- const char* key,
- const char* value)
+GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
+ const char* key,
+ const char* value)
{
GNUNET_assert (NULL != token);
GNUNET_assert (NULL != token->payload);
@@ -234,9 +241,9 @@
}
void
-identity_token_add_json (const struct IdentityToken *token,
- const char* key,
- json_t* value)
+GNUNET_IDENTITY_PROVIDER_token_add_json (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
+ const char* key,
+ json_t* value)
{
GNUNET_assert (NULL != token);
GNUNET_assert (NULL != token->payload);
@@ -246,10 +253,10 @@
int
-identity_token_parse2 (const char* raw_data,
- const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
- struct IdentityToken **result)
+GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* raw_data,
+ const struct
GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
+ const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
+ struct GNUNET_IDENTITY_PROVIDER_Token
**result)
{
char *enc_token_str;
char *tmp_buf;
@@ -292,7 +299,7 @@
//TODO signature
- *result = GNUNET_malloc (sizeof (struct IdentityToken));
+ *result = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token));
(*result)->aud_key = *aud_key;
(*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json);
(*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json);
@@ -305,9 +312,9 @@
}
int
-identity_token_parse (const char* raw_data,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- struct IdentityToken **result)
+GNUNET_IDENTITY_PROVIDER_token_parse (const char* raw_data,
+ const struct
GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ struct GNUNET_IDENTITY_PROVIDER_Token
**result)
{
char *ecdh_pubkey_str;
char *enc_token_str;
@@ -356,7 +363,7 @@
//TODO signature and aud key
- *result = GNUNET_malloc (sizeof (struct IdentityToken));
+ *result = GNUNET_malloc (sizeof (struct GNUNET_IDENTITY_PROVIDER_Token));
(*result)->header = json_loads (header, JSON_DECODE_ANY, &err_json);
(*result)->payload = json_loads (payload, JSON_DECODE_ANY, &err_json);
GNUNET_free (enc_token);
@@ -368,9 +375,9 @@
}
int
-identity_token_to_string (const struct IdentityToken *token,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- char **result)
+GNUNET_IDENTITY_PROVIDER_token_to_string (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
+ const struct
GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ char **result)
{
char *payload_str;
char *header_str;
@@ -436,10 +443,10 @@
}
int
-identity_token_serialize (const struct IdentityToken *token,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- struct GNUNET_CRYPTO_EcdhePrivateKey **ecdh_privkey,
- char **result)
+GNUNET_IDENTITY_PROVIDER_token_serialize (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
+ const struct
GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ struct GNUNET_CRYPTO_EcdhePrivateKey
**ecdh_privkey,
+ char **result)
{
char *token_str;
char *enc_token;
@@ -447,9 +454,9 @@
char *enc_token_base64;
struct GNUNET_CRYPTO_EcdhePublicKey ecdh_pubkey;
- GNUNET_assert (GNUNET_OK == identity_token_to_string (token,
- priv_key,
- &token_str));
+ GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string (token,
+
priv_key,
+
&token_str));
GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (token_str,
&token->aud_key,
@@ -469,14 +476,14 @@
return GNUNET_OK;
}
-struct IdentityTokenCodePayload*
-identity_token_code_payload_create (const char* nonce,
- const struct GNUNET_CRYPTO_EcdsaPublicKey*
identity_pkey,
- const char* lbl_str)
+struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload*
+GNUNET_IDENTITY_PROVIDER_ticket_payload_create (const char* nonce,
+ const struct
GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
+ const char* lbl_str)
{
- struct IdentityTokenCodePayload* payload;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* payload;
- payload = GNUNET_malloc (sizeof (struct IdentityTokenCodePayload));
+ payload = GNUNET_malloc (sizeof (struct
GNUNET_IDENTITY_PROVIDER_TokenTicketPayload));
GNUNET_asprintf (&payload->nonce, nonce, strlen (nonce));
payload->identity_key = *identity_pkey;
GNUNET_asprintf (&payload->label, lbl_str, strlen (lbl_str));
@@ -484,7 +491,7 @@
}
void
-identity_token_code_payload_destroy (struct IdentityTokenCodePayload* payload)
+GNUNET_IDENTITY_PROVIDER_ticket_payload_destroy (struct
GNUNET_IDENTITY_PROVIDER_TokenTicketPayload* payload)
{
GNUNET_free (payload->nonce);
GNUNET_free (payload->label);
@@ -492,8 +499,8 @@
}
void
-identity_token_code_payload_serialize (struct IdentityTokenCodePayload
*payload,
- char **result)
+GNUNET_IDENTITY_PROVIDER_ticket_payload_serialize (struct
GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload,
+ char **result)
{
char* identity_key_str;
@@ -512,46 +519,46 @@
* Create the token code
* The metadata is encrypted with a share ECDH derived secret using B (aud_key)
* and e (ecdh_privkey)
- * The token_code also contains E (ecdh_pubkey) and a signature over the
+ * The ticket also contains E (ecdh_pubkey) and a signature over the
* metadata and E
*/
-struct IdentityTokenCode*
-identity_token_code_create (const char* nonce_str,
- const struct GNUNET_CRYPTO_EcdsaPublicKey*
identity_pkey,
- const char* lbl_str,
- const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
+struct GNUNET_IDENTITY_PROVIDER_TokenTicket*
+GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str,
+ const struct
GNUNET_CRYPTO_EcdsaPublicKey* identity_pkey,
+ const char* lbl_str,
+ const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key)
{
- struct IdentityTokenCode *token_code;
- struct IdentityTokenCodePayload *code_payload;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *code_payload;
- token_code = GNUNET_malloc (sizeof (struct IdentityTokenCode));
- code_payload = identity_token_code_payload_create (nonce_str,
- identity_pkey,
- lbl_str);
- token_code->aud_key = *aud_key;
- token_code->payload = code_payload;
+ ticket = GNUNET_malloc (sizeof (struct
GNUNET_IDENTITY_PROVIDER_TokenTicket));
+ code_payload = GNUNET_IDENTITY_PROVIDER_ticket_payload_create (nonce_str,
+ identity_pkey,
+ lbl_str);
+ ticket->aud_key = *aud_key;
+ ticket->payload = code_payload;
- return token_code;
+ return ticket;
}
void
-identity_token_code_destroy (struct IdentityTokenCode *token_code)
+GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct
GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket)
{
- identity_token_code_payload_destroy (token_code->payload);
- GNUNET_free (token_code);
+ GNUNET_IDENTITY_PROVIDER_ticket_payload_destroy (ticket->payload);
+ GNUNET_free (ticket);
}
int
-identity_token_code_serialize (struct IdentityTokenCode *identity_token_code,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
- char **result)
+GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct
GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket,
+ const struct
GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ char **result)
{
char *code_payload_str;
- char *enc_token_code_payload;
- char *token_code_payload_str;
- char *token_code_sig_str;
- char *token_code_str;
+ char *enc_ticket_payload;
+ char *ticket_payload_str;
+ char *ticket_sig_str;
+ char *ticket_str;
char *dh_key_str;
char *write_ptr;
struct GNUNET_CRYPTO_EcdhePrivateKey *ecdhe_privkey;
@@ -558,14 +565,14 @@
struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
- identity_token_code_payload_serialize (identity_token_code->payload,
- &code_payload_str);
+ GNUNET_IDENTITY_PROVIDER_ticket_payload_serialize (ticket->payload,
+ &code_payload_str);
GNUNET_assert (GNUNET_OK == encrypt_str_ecdhe (code_payload_str,
- &identity_token_code->aud_key,
- &enc_token_code_payload,
+ &ticket->aud_key,
+ &enc_ticket_payload,
&ecdhe_privkey,
-
&identity_token_code->ecdh_pubkey));
+ &ticket->ecdh_pubkey));
GNUNET_free (ecdhe_privkey);
@@ -577,44 +584,44 @@
htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) +
strlen (code_payload_str));
- purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE);
+ purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET);
write_ptr = (char*) &purpose[1];
memcpy (write_ptr,
- &identity_token_code->ecdh_pubkey,
+ &ticket->ecdh_pubkey,
sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey);
- memcpy (write_ptr, enc_token_code_payload, strlen (code_payload_str));
+ memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str));
GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key,
purpose,
-
&identity_token_code->signature));
- GNUNET_STRINGS_base64_encode (enc_token_code_payload,
+ &ticket->signature));
+ GNUNET_STRINGS_base64_encode (enc_ticket_payload,
strlen (code_payload_str),
- &token_code_payload_str);
- token_code_sig_str = GNUNET_STRINGS_data_to_string_alloc
(&identity_token_code->signature,
- sizeof (struct
GNUNET_CRYPTO_EcdsaSignature));
+ &ticket_payload_str);
+ ticket_sig_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->signature,
+ sizeof (struct
GNUNET_CRYPTO_EcdsaSignature));
- dh_key_str = GNUNET_STRINGS_data_to_string_alloc
(&identity_token_code->ecdh_pubkey,
+ dh_key_str = GNUNET_STRINGS_data_to_string_alloc (&ticket->ecdh_pubkey,
sizeof (struct
GNUNET_CRYPTO_EcdhePublicKey));
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s to encrypt\n",
dh_key_str);
- GNUNET_asprintf (&token_code_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\",
\"signature\": \"%s\"}",
- token_code_payload_str, dh_key_str, token_code_sig_str);
- GNUNET_STRINGS_base64_encode (token_code_str, strlen (token_code_str),
result);
+ GNUNET_asprintf (&ticket_str, "{\"meta\": \"%s\", \"ecdh\": \"%s\",
\"signature\": \"%s\"}",
+ ticket_payload_str, dh_key_str, ticket_sig_str);
+ GNUNET_STRINGS_base64_encode (ticket_str, strlen (ticket_str), result);
GNUNET_free (dh_key_str);
GNUNET_free (purpose);
- GNUNET_free (token_code_str);
- GNUNET_free (token_code_sig_str);
+ GNUNET_free (ticket_str);
+ GNUNET_free (ticket_sig_str);
GNUNET_free (code_payload_str);
- GNUNET_free (enc_token_code_payload);
- GNUNET_free (token_code_payload_str);
+ GNUNET_free (enc_ticket_payload);
+ GNUNET_free (ticket_payload_str);
return GNUNET_OK;
}
int
-identity_token_code_payload_parse(const char *raw_data,
- ssize_t data_len,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
- const struct GNUNET_CRYPTO_EcdhePublicKey
*ecdhe_pkey,
- struct IdentityTokenCodePayload **result)
+GNUNET_IDENTITY_PROVIDER_ticket_payload_parse(const char *raw_data,
+ ssize_t data_len,
+ const struct
GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ const struct
GNUNET_CRYPTO_EcdhePublicKey *ecdhe_pkey,
+ struct
GNUNET_IDENTITY_PROVIDER_TokenTicketPayload **result)
{
const char* label_str;
const char* nonce_str;
@@ -690,9 +697,9 @@
nonce_str = json_string_value (nonce_json);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Found nonce: %s\n", nonce_str);
- *result = identity_token_code_payload_create (nonce_str,
- (const struct
GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
- label_str);
+ *result = GNUNET_IDENTITY_PROVIDER_ticket_payload_create (nonce_str,
+ (const struct
GNUNET_CRYPTO_EcdsaPublicKey*)&id_pkey,
+ label_str);
GNUNET_free (meta_str);
json_decref (root);
return GNUNET_OK;
@@ -700,9 +707,9 @@
}
int
-identity_token_code_parse (const char *raw_data,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
- struct IdentityTokenCode **result)
+GNUNET_IDENTITY_PROVIDER_ticket_parse (const char *raw_data,
+ const struct
GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ struct
GNUNET_IDENTITY_PROVIDER_TokenTicket **result)
{
const char* enc_meta_str;
const char* ecdh_enc_str;
@@ -714,17 +721,17 @@
json_t *enc_meta_json;
json_error_t err_json;
char* enc_meta;
- char* token_code_decoded;
+ char* ticket_decoded;
char* write_ptr;
size_t enc_meta_len;
struct GNUNET_CRYPTO_EccSignaturePurpose *purpose;
- struct IdentityTokenCode *token_code;
- struct IdentityTokenCodePayload *token_code_payload;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *ticket_payload;
- token_code_decoded = NULL;
- GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data),
&token_code_decoded);
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Token Code: %s\n", token_code_decoded);
- root = json_loads (token_code_decoded, JSON_DECODE_ANY, &err_json);
+ ticket_decoded = NULL;
+ GNUNET_STRINGS_base64_decode (raw_data, strlen (raw_data), &ticket_decoded);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Token Code: %s\n", ticket_decoded);
+ root = json_loads (ticket_decoded, JSON_DECODE_ANY, &err_json);
if (!root)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -740,27 +747,27 @@
ecdh_enc_str = json_string_value (ecdh_json);
enc_meta_str = json_string_value (enc_meta_json);
- token_code = GNUNET_malloc (sizeof (struct IdentityTokenCode));
+ ticket = GNUNET_malloc (sizeof (struct
GNUNET_IDENTITY_PROVIDER_TokenTicket));
if (GNUNET_OK != GNUNET_STRINGS_string_to_data (ecdh_enc_str,
strlen (ecdh_enc_str),
- &token_code->ecdh_pubkey,
+ &ticket->ecdh_pubkey,
sizeof (struct
GNUNET_CRYPTO_EcdhePublicKey)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH PKEY %s invalid in metadata\n",
ecdh_enc_str);
json_decref (root);
- GNUNET_free (token_code);
+ GNUNET_free (ticket);
return GNUNET_SYSERR;
}
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Using ECDH pubkey %s for metadata
decryption\n", ecdh_enc_str);
if (GNUNET_OK != GNUNET_STRINGS_string_to_data (signature_enc_str,
strlen (signature_enc_str),
- &token_code->signature,
+ &ticket->signature,
sizeof (struct
GNUNET_CRYPTO_EcdsaSignature)))
{
json_decref (root);
- GNUNET_free (token_code_decoded);
- GNUNET_free (token_code);
+ GNUNET_free (ticket_decoded);
+ GNUNET_free (ticket);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "ECDH signature invalid in
metadata\n");
return GNUNET_SYSERR;
}
@@ -770,13 +777,13 @@
&enc_meta);
- identity_token_code_payload_parse (enc_meta,
- enc_meta_len,
- priv_key,
- (const struct
GNUNET_CRYPTO_EcdhePublicKey*)&token_code->ecdh_pubkey,
- &token_code_payload);
+ GNUNET_IDENTITY_PROVIDER_ticket_payload_parse (enc_meta,
+ enc_meta_len,
+ priv_key,
+ (const struct
GNUNET_CRYPTO_EcdhePublicKey*)&ticket->ecdh_pubkey,
+ &ticket_payload);
- token_code->payload = token_code_payload;
+ ticket->payload = ticket_payload;
//TODO: check signature here
purpose =
GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
@@ -786,19 +793,19 @@
htonl (sizeof (struct GNUNET_CRYPTO_EccSignaturePurpose) +
sizeof (struct GNUNET_CRYPTO_EcdhePublicKey) +
enc_meta_len);
- purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE);
+ purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET);
write_ptr = (char*) &purpose[1];
- memcpy (write_ptr, &token_code->ecdh_pubkey, sizeof (struct
GNUNET_CRYPTO_EcdhePublicKey));
+ memcpy (write_ptr, &ticket->ecdh_pubkey, sizeof (struct
GNUNET_CRYPTO_EcdhePublicKey));
write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey);
memcpy (write_ptr, enc_meta, enc_meta_len);
- if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify
(GNUNET_SIGNATURE_PURPOSE_GNUID_TOKEN_CODE,
+ if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_verify
(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET,
purpose,
- &token_code->signature,
-
&token_code_payload->identity_key))
+ &ticket->signature,
+ &ticket_payload->identity_key))
{
- identity_token_code_destroy (token_code);
- GNUNET_free (token_code_decoded);
+ GNUNET_IDENTITY_PROVIDER_ticket_destroy (ticket);
+ GNUNET_free (ticket_decoded);
json_decref (root);
GNUNET_free (purpose);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -805,11 +812,11 @@
"Error verifying signature for token code\n");
return GNUNET_SYSERR;
}
- *result = token_code;
+ *result = ticket;
GNUNET_free (purpose);
GNUNET_free (enc_meta);
- GNUNET_free (token_code_decoded);
+ GNUNET_free (ticket_decoded);
json_decref (root);
return GNUNET_OK;
Modified: gnunet/src/identity-token/identity-token.h
===================================================================
--- gnunet/src/identity-token/identity-token.h 2016-01-07 17:07:20 UTC (rev
36793)
+++ gnunet/src/identity-token/identity-token.h 2016-01-07 21:02:11 UTC (rev
36794)
@@ -1,13 +1,35 @@
+/*
+ This file is part of GNUnet.
+ Copyright (C) 2012-2015 Christian Grothoff (and other contributing authors)
-#ifndef GNUNET_IDENTITY_TOKEN_H
-#define GNUNET_IDENTITY_TOKEN_H
+ GNUnet is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published
+ by the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+ GNUnet is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+ You should have received a copy of the GNU General Public License
+ along with GNUnet; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA.
+ */
+/**
+ * @author Martin Schanzenbach
+ * @file include/gnunet_identity_provider_lib.h
+ * @brief GNUnet Identity Provider library
+ *
+ */
+#ifndef GNUNET_IDENTITY_PROVIDER_LIB_H
+#define GNUNET_IDENTITY_PROVIDER_LIB_H
#include "gnunet_crypto_lib.h"
#include <jansson.h>
-struct IdentityToken
+struct GNUNET_IDENTITY_PROVIDER_Token
{
/**
* JSON header
@@ -30,7 +52,7 @@
struct GNUNET_CRYPTO_EcdsaPublicKey aud_key;
};
-struct IdentityTokenCodePayload
+struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload
{
/**
* Nonce
@@ -49,12 +71,12 @@
};
-struct IdentityTokenCode
+struct GNUNET_IDENTITY_PROVIDER_TokenTicket
{
/**
* Meta info
*/
- struct IdentityTokenCodePayload *payload;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicketPayload *payload;
/**
* ECDH Pubkey
@@ -74,62 +96,174 @@
-struct IdentityToken*
-identity_token_create (const char* issuer,
- const char* audience);
+/**
+ * Create an identity token
+ *
+ * @param iss the issuer string for the token
+ * @param aud the audience of the token
+ *
+ * @return a new token
+ */
+struct GNUNET_IDENTITY_PROVIDER_Token*
+GNUNET_IDENTITY_PROVIDER_token_create (const struct
GNUNET_CRYPTO_EcdsaPublicKey *iss,
+ const struct
GNUNET_CRYPTO_EcdsaPublicKey* aud);
+/**
+ * Destroy an identity token
+ *
+ * @param token the token to destroy
+ */
void
-identity_token_destroy (struct IdentityToken *token);
+GNUNET_IDENTITY_PROVIDER_token_destroy (struct GNUNET_IDENTITY_PROVIDER_Token
*token);
+/**
+ * Add a new key value pair to the token
+ *
+ * @param token the token to modify
+ * @param key the key
+ * @param value the value
+ */
void
-identity_token_add_attr (const struct IdentityToken *token,
- const char* key,
- const char* value);
+GNUNET_IDENTITY_PROVIDER_token_add_attr (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
+ const char* key,
+ const char* value);
+
+/**
+ * Add a new key value pair to the token with the value as json
+ *
+ * @param the token to modify
+ * @param key the key
+ * @param value the value
+ *
+ */
void
-identity_token_add_json (const struct IdentityToken *token,
+GNUNET_IDENTITY_PROVIDER_token_add_json (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
const char* key,
json_t* value);
+/**
+ * Serialize a token. The token will be signed and base64 according to the
+ * JWT format. The signature is base32-encoded ECDSA.
+ * The resulting JWT is encrypted using
+ * ECDHE for the audience and Base64
+ * encoded in result. The audience requires the ECDHE public key P
+ * to decrypt the token T. The key P is included in the result and prepended
+ * before the token
+ *
+ * @param token the token to serialize
+ * @param priv_key the private key used to sign the token
+ * @param ecdhe_privkey the ECDHE private key used to encrypt the token
+ * @param result P,Base64(E(T))
+ *
+ * @return GNUNET_OK on success
+ */
int
-identity_token_serialize (const struct IdentityToken *token,
+GNUNET_IDENTITY_PROVIDER_token_serialize (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
char **result);
+/**
+ * Parses the serialized token and returns a token
+ *
+ * @param data the serialized token
+ * @param priv_key the private key of the audience
+ * @param result the token
+ *
+ * @return GNUNET_OK on success
+ */
int
-identity_token_parse (const char* raw_data,
+GNUNET_IDENTITY_PROVIDER_token_parse (const char* data,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- struct IdentityToken **result);
+ struct GNUNET_IDENTITY_PROVIDER_Token **result);
+/**
+ * Parses the serialized token and returns a token
+ * This variant is intended for the party that issued the token and also
+ * wants to decrypt the serialized token.
+ *
+ * @param data the serialized token
+ * @param priv_key the private (!) ECDHE key
+ * @param aud_key the identity of the audience
+ * @param result the token
+ *
+ * @return GNUNET_OK on success
+ */
int
-identity_token_parse2 (const char* raw_data,
+GNUNET_IDENTITY_PROVIDER_token_parse2 (const char* data,
const struct GNUNET_CRYPTO_EcdhePrivateKey *priv_key,
const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
- struct IdentityToken **result);
+ struct GNUNET_IDENTITY_PROVIDER_Token **result);
+
+/**
+ *
+ * Returns a JWT-string representation of the token
+ *
+ * @param token the token
+ * @param priv_key the private key used to sign the JWT
+ * @param result the JWT
+ *
+ * @return GNUNET_OK on success
+ */
int
-identity_token_to_string (const struct IdentityToken *token,
+GNUNET_IDENTITY_PROVIDER_token_to_string (const struct
GNUNET_IDENTITY_PROVIDER_Token *token,
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
char **result);
-struct IdentityTokenCode*
-identity_token_code_create (const char* nonce_str,
- const struct GNUNET_CRYPTO_EcdsaPublicKey*
identity_pkey,
+/**
+ *
+ * Creates a ticket that can be exchanged by the audience for
+ * the token. The token must be placed under the label
+ *
+ * @param nonce_str nonce provided by the audience that requested the ticket
+ * @param iss_pkey the issuer pubkey used to sign the ticket
+ * @param label the label encoded in the ticket
+ * @param aud_ley the audience pubkey used to encrypt the ticket payload
+ *
+ * @return the ticket
+ */
+struct GNUNET_IDENTITY_PROVIDER_TokenTicket*
+GNUNET_IDENTITY_PROVIDER_ticket_create (const char* nonce_str,
+ const struct GNUNET_CRYPTO_EcdsaPublicKey*
iss_pkey,
const char* lbl_str,
const struct GNUNET_CRYPTO_EcdsaPublicKey
*aud_key);
+/**
+ * Serialize a ticket. Returns the Base64 representation of the ticket.
+ * Format: Base64( { payload: E(Payload), ecdhe: K, signature: signature } )
+ *
+ * @param ticket the ticket to serialize
+ * @param priv_key the issuer private key to sign the ticket payload
+ * @param result the serialized ticket
+ *
+ * @return GNUNET_OK on success
+ */
int
-identity_token_code_serialize (struct IdentityTokenCode *identity_token_code,
+GNUNET_IDENTITY_PROVIDER_ticket_serialize (struct
GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket,
const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
char **result);
+/**
+ * Destroys a ticket
+ *
+ * @param the ticket to destroy
+ */
void
-identity_token_code_destroy (struct IdentityTokenCode *token_code);
+GNUNET_IDENTITY_PROVIDER_ticket_destroy (struct
GNUNET_IDENTITY_PROVIDER_TokenTicket *ticket);
-
+/**
+ * Parses a serialized ticket
+ *
+ * @param data the serialized ticket
+ * @param priv_key the audience private key
+ * @param ticket the ticket
+ *
+ * @return GNUNET_OK on success
+ */
int
-identity_token_code_parse (const char* raw_data,
+GNUNET_IDENTITY_PROVIDER_ticket_parse (const char* raw_data,
const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
- struct IdentityTokenCode **result);
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicket
**ticket);
#endif
Modified: gnunet/src/identity-token/plugin_rest_identity_token.c
===================================================================
--- gnunet/src/identity-token/plugin_rest_identity_token.c 2016-01-07
17:07:20 UTC (rev 36793)
+++ gnunet/src/identity-token/plugin_rest_identity_token.c 2016-01-07
21:02:11 UTC (rev 36794)
@@ -34,7 +34,7 @@
#include "microhttpd.h"
#include <jansson.h>
#include "gnunet_signatures.h"
-#include "identity-token.h"
+#include "gnunet_identity_provider_lib.h"
/**
* REST root namespace
@@ -61,7 +61,7 @@
*/
#define GNUNET_REST_API_NS_IDENTITY_OAUTH2_AUTHORIZE "/gnuid/authorize"
-#define GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE "code"
+#define GNUNET_REST_JSONAPI_IDENTITY_token_ticket "code"
#define GNUNET_REST_JSONAPI_IDENTITY_OAUTH2_GRANT_TYPE_CODE
"authorization_code"
@@ -290,12 +290,12 @@
/**
* Identity Token
*/
- struct IdentityToken *token;
+ struct GNUNET_IDENTITY_PROVIDER_Token *token;
/**
* Identity Token Code
*/
- struct IdentityTokenCode *token_code;
+ struct GNUNET_IDENTITY_PROVIDER_TokenTicket *token_ticket;
/**
* Response object
@@ -341,9 +341,9 @@
if (NULL != handle->attr_map)
GNUNET_CONTAINER_multihashmap_destroy (handle->attr_map);
if (NULL != handle->token)
- identity_token_destroy (handle->token);
- if (NULL != handle->token_code)
- identity_token_code_destroy (handle->token_code);
+ GNUNET_IDENTITY_PROVIDER_token_destroy (handle->token);
+ if (NULL != handle->token_ticket)
+ GNUNET_IDENTITY_PROVIDER_ticket_destroy (handle->token_ticket);
if (NULL != handle->url)
GNUNET_free (handle->url);
if (NULL != handle->emsg)
@@ -455,10 +455,10 @@
struct GNUNET_TIME_Relative etime_rel;
json_t *token_str;
json_t *name_str;
- json_t *token_code_json;
+ json_t *token_ticket_json;
char *lbl_str;
char *exp_str;
- char *token_code_str;
+ char *token_ticket_str;
char *audience;
char *nonce_str;
char *enc_token_str;
@@ -520,14 +520,14 @@
GNUNET_CRYPTO_ecdsa_key_get_public (priv_key,
&pub_key);
- handle->token_code = identity_token_code_create (nonce_str,
+ handle->token_ticket = GNUNET_IDENTITY_PROVIDER_ticket_create (nonce_str,
&pub_key,
lbl_str,
&aud_pkey);
- if (GNUNET_OK != identity_token_code_serialize (handle->token_code,
+ if (GNUNET_OK != GNUNET_IDENTITY_PROVIDER_ticket_serialize
(handle->token_ticket,
priv_key,
- &token_code_str))
+ &token_ticket_str))
{
handle->emsg = GNUNET_strdup ("Unable to create ref token!\n");
GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -563,11 +563,11 @@
exp_time = time + etime_rel.rel_value_us;
//json_object_set_new (handle->payload, "lbl", json_string (lbl_str));
- identity_token_add_attr (handle->token, "sub",
handle->ego_entry->identifier);
- identity_token_add_json (handle->token, "nbf", json_integer (time));
- identity_token_add_json (handle->token, "iat", json_integer (time));
- identity_token_add_json (handle->token, "exp", json_integer (exp_time));
- identity_token_add_attr (handle->token, "nonce", nonce_str);
+ GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "sub",
handle->ego_entry->identifier);
+ GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "nbf", json_integer
(time));
+ GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "iat", json_integer
(time));
+ GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, "exp", json_integer
(exp_time));
+ GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, "nonce", nonce_str);
handle->resp_object = GNUNET_REST_jsonapi_object_new ();
@@ -583,18 +583,18 @@
GNUNET_REST_jsonapi_resource_add_attr (json_resource,
GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
token_str);
- token_code_json = json_string (token_code_str);
+ token_ticket_json = json_string (token_ticket_str);
GNUNET_REST_jsonapi_resource_add_attr (json_resource,
-
GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE,
- token_code_json);
- GNUNET_free (token_code_str);
- json_decref (token_code_json);
+
GNUNET_REST_JSONAPI_IDENTITY_token_ticket,
+ token_ticket_json);
+ GNUNET_free (token_ticket_str);
+ json_decref (token_ticket_json);
GNUNET_REST_jsonapi_object_resource_add (handle->resp_object, json_resource);
//Token in a serialized encrypted format
- GNUNET_assert (identity_token_serialize (handle->token,
- priv_key,
- &ecdhe_privkey,
- &enc_token_str));
+ GNUNET_assert (GNUNET_IDENTITY_PROVIDER_token_serialize (handle->token,
+ priv_key,
+ &ecdhe_privkey,
+ &enc_token_str));
//Token record E,E_K (Token)
token_record[0].data = enc_token_str;
@@ -703,7 +703,7 @@
rd->data,
rd->data_size);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding value: %s\n", data);
- identity_token_add_attr (handle->token, label, data);
+ GNUNET_IDENTITY_PROVIDER_token_add_attr (handle->token, label, data);
GNUNET_free (data);
}
GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
@@ -727,7 +727,7 @@
if (0 < json_array_size (attr_arr))
{
- identity_token_add_json (handle->token, label, attr_arr);
+ GNUNET_IDENTITY_PROVIDER_token_add_json (handle->token, label, attr_arr);
}
json_decref (attr_arr);
GNUNET_NAMESTORE_zone_iterator_next (handle->ns_it);
@@ -754,6 +754,8 @@
struct GNUNET_HashCode key;
struct MHD_Response *resp;
const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key;
+ struct GNUNET_CRYPTO_EcdsaPublicKey pub_key;
+ struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key;
if (GNUNET_NO == GNUNET_REST_namespace_match (handle->url,
GNUNET_REST_API_NS_IDENTITY_TOKEN_ISSUE))
@@ -820,13 +822,20 @@
&key);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Audience to issue token for: %s\n",
audience);
- handle->token = identity_token_create (ego_entry->keystring,
- audience);
+ priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
+ GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
+ &pub_key);
+ GNUNET_STRINGS_string_to_data (audience,
+ strlen (audience),
+ &aud_key,
+ sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey));
+ handle->token = GNUNET_IDENTITY_PROVIDER_token_create (&pub_key,
+ aud_key);
+ GNUNET_free (aud_key);
//Get identity attributes
handle->ns_handle = GNUNET_NAMESTORE_connect (cfg);
- priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
handle->ego_entry = ego_entry;
handle->ns_it = GNUNET_NAMESTORE_zone_iteration_start (handle->ns_handle,
priv_key,
@@ -1033,14 +1042,14 @@
rd->data_size);
//Decrypt and parse
- GNUNET_assert (GNUNET_OK == identity_token_parse (record_str,
- handle->priv_key,
- &handle->token));
+ GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_parse
(record_str,
+
handle->priv_key,
+
&handle->token));
//Readable
- GNUNET_assert (GNUNET_OK == identity_token_to_string (handle->token,
- handle->priv_key,
- &token_str));
+ GNUNET_assert (GNUNET_OK == GNUNET_IDENTITY_PROVIDER_token_to_string
(handle->token,
+
handle->priv_key,
+
&token_str));
json_object_set_new (root, "access_token", json_string (token_str));
json_object_set_new (root, "token_type", json_string ("gnuid"));
@@ -1058,7 +1067,7 @@
static void
-exchange_token_code_cb (void *cls,
+exchange_token_ticket_cb (void *cls,
struct GNUNET_IDENTITY_Ego *ego,
void **ctx,
const char *name)
@@ -1077,8 +1086,8 @@
return;
}
- GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE,
- strlen (GNUNET_REST_JSONAPI_IDENTITY_TOKEN_CODE),
+ GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_token_ticket,
+ strlen (GNUNET_REST_JSONAPI_IDENTITY_token_ticket),
&key);
if ( GNUNET_NO ==
@@ -1094,9 +1103,9 @@
handle->priv_key = GNUNET_IDENTITY_ego_get_private_key (ego);
- if (GNUNET_SYSERR == identity_token_code_parse (code,
- handle->priv_key,
- &handle->token_code))
+ if (GNUNET_SYSERR == GNUNET_IDENTITY_PROVIDER_ticket_parse (code,
+ handle->priv_key,
+
&handle->token_ticket))
{
handle->emsg = GNUNET_strdup ("Error extracting values from token code.");
GNUNET_SCHEDULER_add_now (&do_error, handle);
@@ -1103,12 +1112,12 @@
return;
}
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Looking for token under %s\n",
- handle->token_code->payload->label);
+ handle->token_ticket->payload->label);
handle->gns_handle = GNUNET_GNS_connect (cfg);
- GNUNET_asprintf (&lookup_query, "%s.gnu",
handle->token_code->payload->label);
+ GNUNET_asprintf (&lookup_query, "%s.gnu",
handle->token_ticket->payload->label);
handle->lookup_request = GNUNET_GNS_lookup (handle->gns_handle,
lookup_query,
-
&handle->token_code->payload->identity_key,
+
&handle->token_ticket->payload->identity_key,
GNUNET_GNSRECORD_TYPE_ID_TOKEN,
GNUNET_GNS_LO_LOCAL_MASTER,
NULL,
@@ -1125,7 +1134,7 @@
* @param cls the RequestHandle
*/
static void
-exchange_token_code_cont (struct RestConnectionDataHandle *con_handle,
+exchange_token_ticket_cont (struct RestConnectionDataHandle *con_handle,
const char* url,
void *cls)
{
@@ -1149,7 +1158,7 @@
//Get token from GNS
handle->op = GNUNET_IDENTITY_get (handle->identity_handle,
"gns-master",
- &exchange_token_code_cb,
+ &exchange_token_ticket_cb,
handle);
}
@@ -1194,7 +1203,7 @@
//{MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_TOKEN_CHECK,
&check_token_cont},
{MHD_HTTP_METHOD_GET, GNUNET_REST_API_NS_IDENTITY_TOKEN, &list_token_cont},
{MHD_HTTP_METHOD_OPTIONS, GNUNET_REST_API_NS_IDENTITY_TOKEN,
&options_cont},
- {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN,
&exchange_token_code_cont},
+ {MHD_HTTP_METHOD_POST, GNUNET_REST_API_NS_IDENTITY_OAUTH2_TOKEN,
&exchange_token_ticket_cont},
GNUNET_REST_HANDLER_END
};
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r36794 - gnunet/src/identity-token,
gnunet <=