[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] 65/171: -add tokens for credentials
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] 65/171: -add tokens for credentials |
|
Date: |
Thu, 04 Jan 2018 16:09:33 +0100 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a commit to branch master
in repository gnunet.
commit baf9b5d76c4b40d6bd2869525656ad298ead7726
Author: Schanzenbach, Martin <address@hidden>
AuthorDate: Thu Dec 29 15:48:43 2016 +0100
-add tokens for credentials
---
src/credential/credential_serialization.c | 4 +-
src/credential/gnunet-service-credential.c | 30 +++-
src/identity-provider/Makefile.am | 1 +
.../gnunet-service-identity-provider.c | 182 ++++++++++++++++++++-
src/identity-provider/identity_provider.h | 5 +
src/identity-provider/identity_provider_api.c | 10 +-
src/identity-provider/identity_token.c | 56 ++++++-
src/identity-provider/identity_token.h | 47 +++---
.../plugin_rest_identity_provider.c | 45 +++--
src/include/gnunet_identity_provider_service.h | 1 +
10 files changed, 333 insertions(+), 48 deletions(-)
diff --git a/src/credential/credential_serialization.c
b/src/credential/credential_serialization.c
index 76bf491c9..1fc72c203 100644
--- a/src/credential/credential_serialization.c
+++ b/src/credential/credential_serialization.c
@@ -192,7 +192,7 @@ GNUNET_CREDENTIAL_credentials_serialize (unsigned int
c_count,
c_rec.signature = cd[i].signature;
c_rec.purpose.purpose = htonl (GNUNET_SIGNATURE_PURPOSE_CREDENTIAL);
c_rec.purpose.size = htonl ((sizeof (struct CredentialEntry) +
cd[i].issuer_attribute_len) - sizeof (struct GNUNET_CRYPTO_EcdsaSignature));
- c_rec.expiration = htonl ((uint32_t) cd[i].expiration.abs_value_us);
+ c_rec.expiration = GNUNET_htonll (cd[i].expiration.abs_value_us);
if (off + sizeof (c_rec) > dest_size)
return -1;
GNUNET_memcpy (&dest[off],
@@ -241,7 +241,7 @@ GNUNET_CREDENTIAL_credentials_deserialize (size_t len,
cd[i].issuer_key = c_rec.issuer_key;
cd[i].subject_key = c_rec.subject_key;
cd[i].signature = c_rec.signature;
- cd[i].expiration.abs_value_us = ntohl((uint32_t) c_rec.expiration);
+ cd[i].expiration.abs_value_us = GNUNET_ntohll(c_rec.expiration);
off += sizeof (c_rec);
if (off + cd[i].issuer_attribute_len > len)
return GNUNET_SYSERR;
diff --git a/src/credential/gnunet-service-credential.c
b/src/credential/gnunet-service-credential.c
index ec89da323..75ed6d5da 100644
--- a/src/credential/gnunet-service-credential.c
+++ b/src/credential/gnunet-service-credential.c
@@ -92,7 +92,11 @@ struct CredentialRecordEntry
* DLL
*/
struct CredentialRecordEntry *prev;
-
+
+ /**
+ * Number of references in delegation chains
+ */
+ uint32_t refcount;
/**
* Payload
@@ -485,6 +489,7 @@ send_lookup_response (struct VerifyRequestHandle *vrh)
struct GNUNET_CREDENTIAL_Delegation dd[vrh->delegation_chain_size];
struct GNUNET_CREDENTIAL_Credential cred[vrh->cred_chain_size];
struct CredentialRecordEntry *cd;
+ struct CredentialRecordEntry *tmp;
size_t size;
int i;
@@ -508,6 +513,26 @@ send_lookup_response (struct VerifyRequestHandle *vrh)
}
/**
+ * Remove all credentials not needed
+ */
+ for (cd = vrh->cred_chain_head; NULL != cd;)
+ {
+ if (cd->refcount > 0)
+ {
+ cd = cd->next;
+ continue;
+ }
+ tmp = cd;
+ cd = cd->next;
+ GNUNET_CONTAINER_DLL_remove (vrh->cred_chain_head,
+ vrh->cred_chain_tail,
+ tmp);
+ GNUNET_free (tmp->credential);
+ GNUNET_free (tmp);
+ vrh->cred_chain_size--;
+ }
+
+ /**
* Get serialized record data
* Append at the end of rmsg
*/
@@ -681,7 +706,7 @@ backward_resolution (void* cls,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Found issuer\n");
-
+ cred_pointer->refcount++;
//Backtrack
for (tmp_set = ds_entry;
NULL != tmp_set->parent_queue_entry;
@@ -796,6 +821,7 @@ delegation_chain_resolution_start (void* cls)
continue;
if (0 != strcmp (cr_entry->credential->issuer_attribute,
vrh->issuer_attribute))
continue;
+ cr_entry->refcount++;
//Found match prematurely
send_lookup_response (vrh);
return;
diff --git a/src/identity-provider/Makefile.am
b/src/identity-provider/Makefile.am
index 7c2bb9646..cc9692a9a 100644
--- a/src/identity-provider/Makefile.am
+++ b/src/identity-provider/Makefile.am
@@ -39,6 +39,7 @@ gnunet_service_identity_provider_LDADD = \
$(top_builddir)/src/namestore/libgnunetnamestore.la \
$(top_builddir)/src/identity/libgnunetidentity.la \
$(top_builddir)/src/statistics/libgnunetstatistics.la \
+ $(top_builddir)/src/credential/libgnunetcredential.la \
$(top_builddir)/src/gns/libgnunetgns.la \
$(GN_LIBINTL) \
-ljansson
diff --git a/src/identity-provider/gnunet-service-identity-provider.c
b/src/identity-provider/gnunet-service-identity-provider.c
index d72b92c0f..e8ea487f4 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -30,6 +30,7 @@
#include "gnunet_identity_service.h"
#include "gnunet_gnsrecord_lib.h"
#include "gnunet_namestore_service.h"
+#include "gnunet_credential_service.h"
#include "gnunet_statistics_service.h"
#include "gnunet_gns_service.h"
#include "gnunet_signatures.h"
@@ -93,6 +94,11 @@ static struct GNUNET_NAMESTORE_Handle *ns_handle;
static struct GNUNET_GNS_Handle *gns_handle;
/**
+ * Credential handle
+ */
+static struct GNUNET_CREDENTIAL_Handle *credential_handle;
+
+/**
* Namestore qe
*/
static struct GNUNET_NAMESTORE_QueueEntry *ns_qe;
@@ -153,6 +159,23 @@ static struct GNUNET_STATISTICS_Handle *stats;
*/
static const struct GNUNET_CONFIGURATION_Handle *cfg;
+struct VerifiedAttributeEntry
+{
+ /**
+ * DLL
+ */
+ struct VerifiedAttributeEntry *prev;
+
+ /**
+ * DLL
+ */
+ struct VerifiedAttributeEntry *next;
+
+ /**
+ * Attribute Name
+ */
+ char* name;
+};
struct ExchangeHandle
{
@@ -227,6 +250,16 @@ struct IssueHandle
char *scopes;
/**
+ * DLL
+ */
+ struct VerifiedAttributeEntry *v_attr_head;
+
+ /**
+ * DLL
+ */
+ struct VerifiedAttributeEntry *v_attr_tail;
+
+ /**
* nonce
*/
uint64_t nonce;
@@ -237,6 +270,11 @@ struct IssueHandle
struct GNUNET_NAMESTORE_ZoneIterator *ns_it;
/**
+ * Cred request
+ */
+ struct GNUNET_CREDENTIAL_Request *credential_request;
+
+ /**
* Attribute map
*/
struct GNUNET_CONTAINER_MultiHashMap *attr_map;
@@ -876,6 +914,8 @@ cleanup()
GNUNET_IDENTITY_disconnect (identity_handle);
if (NULL != gns_handle)
GNUNET_GNS_disconnect (gns_handle);
+ if (NULL != credential_handle)
+ GNUNET_CREDENTIAL_disconnect (credential_handle);
if (NULL != ns_it)
GNUNET_NAMESTORE_zone_iteration_stop (ns_it);
if (NULL != ns_qe)
@@ -1114,6 +1154,108 @@ sign_and_return_token (void *cls)
GNUNET_free (token_metadata);
}
+/**
+ * Credential to JSON
+ * @param cred the credential
+ * @return the resulting json, NULL if failed
+ */
+static json_t*
+credential_to_json (struct GNUNET_CREDENTIAL_Credential *cred)
+{
+ char *issuer;
+ char *subject;
+ char *signature;
+ char attribute[cred->issuer_attribute_len + 1];
+ json_t *cred_obj;
+
+ issuer = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->issuer_key);
+ if (NULL == issuer)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Issuer in credential malformed\n");
+ return NULL;
+ }
+ subject = GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key);
+ if (NULL == subject)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Subject in credential malformed\n");
+ GNUNET_free (issuer);
+ return NULL;
+ }
+ GNUNET_STRINGS_base64_encode ((char*)&cred->signature,
+ sizeof (struct GNUNET_CRYPTO_EcdsaSignature),
+ &signature);
+ memcpy (attribute,
+ cred->issuer_attribute,
+ cred->issuer_attribute_len);
+ attribute[cred->issuer_attribute_len] = '\0';
+ cred_obj = json_object ();
+ json_object_set_new (cred_obj, "issuer", json_string (issuer));
+ json_object_set_new (cred_obj, "subject", json_string (subject));
+ json_object_set_new (cred_obj, "attribute", json_string (attribute));
+ json_object_set_new (cred_obj, "signature", json_string (signature));
+ json_object_set_new (cred_obj, "expiration", json_integer
(cred->expiration.abs_value_us));
+ GNUNET_free (issuer);
+ GNUNET_free (subject);
+ GNUNET_free (signature);
+ return cred_obj;
+}
+
+
+static void
+handle_vattr_collection (void* cls,
+ unsigned int d_count,
+ struct GNUNET_CREDENTIAL_Delegation *dc,
+ unsigned int c_count,
+ struct GNUNET_CREDENTIAL_Credential *cred)
+{
+ struct IssueHandle *handle = cls;
+ struct VerifiedAttributeEntry *vattr;
+ json_t *cred_json;
+ json_t *cred_array;
+ int i;
+ handle->credential_request = NULL;
+
+ if (NULL == cred)
+ {
+ GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle);
+ return;
+ }
+ cred_array = json_array();
+ for (i=0;i<c_count;i++)
+ {
+ cred_json = credential_to_json (cred);
+ if (NULL == cred_json)
+ continue;
+ json_array_append (cred_array, cred_json);
+ token_add_attr_json (handle->token,
+ handle->v_attr_head->name,
+ cred_array);
+ }
+ json_decref (cred_array);
+ vattr = handle->v_attr_head;
+
+ GNUNET_CONTAINER_DLL_remove (handle->v_attr_head,
+ handle->v_attr_tail,
+ vattr);
+ GNUNET_free (vattr->name);
+ GNUNET_free (vattr);
+
+ if (NULL == handle->v_attr_head)
+ {
+ GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle);
+ return;
+ }
+ handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle,
+ &handle->aud_key,
+
handle->v_attr_head->name,
+ &handle->iss_key,
+
&handle_vattr_collection,
+ handle);
+
+}
+
static void
attr_collect_error (void *cls)
@@ -1133,10 +1275,19 @@ attr_collect_finished (void *cls)
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding attribute END: \n");
handle->ns_it = NULL;
- GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle);
-}
-
+ if (NULL == handle->v_attr_head)
+ {
+ GNUNET_SCHEDULER_add_now (&sign_and_return_token, handle);
+ return;
+ }
+ handle->credential_request = GNUNET_CREDENTIAL_collect (credential_handle,
+ &handle->aud_key,
+
handle->v_attr_head->name,
+ &handle->iss_key,
+
&handle_vattr_collection,
+ handle);
+}
/**
* Collect attributes for token
*/
@@ -1532,11 +1683,14 @@ handle_issue_message (void *cls,
const char *scopes;
char *scopes_tmp;
char *scope;
+ const char *v_attrs;
struct GNUNET_HashCode key;
struct IssueHandle *issue_handle;
+ struct VerifiedAttributeEntry *vattr_entry;
struct GNUNET_SERVICE_Client *client = cls;
scopes = (const char *) &im[1];
+ v_attrs = (const char *) &im[1] + ntohl(im->scope_len);
issue_handle = GNUNET_malloc (sizeof (struct IssueHandle));
issue_handle->attr_map = GNUNET_CONTAINER_multihashmap_create (5,
GNUNET_NO);
@@ -1553,6 +1707,22 @@ handle_issue_message (void *cls,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_REPLACE);
}
GNUNET_free (scopes_tmp);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "VATTRS: %s\n", v_attrs);
+ scopes_tmp = GNUNET_strdup (v_attrs);
+
+ for (scope = strtok (scopes_tmp, ","); NULL != scope; scope = strtok (NULL,
","))
+ {
+ vattr_entry = GNUNET_new (struct VerifiedAttributeEntry);
+ vattr_entry->name = GNUNET_strdup (scope);
+ GNUNET_CONTAINER_DLL_insert (issue_handle->v_attr_head,
+ issue_handle->v_attr_tail,
+ vattr_entry);
+ }
+ GNUNET_free (scopes_tmp);
+
+
+
issue_handle->r_id = im->id;
issue_handle->aud_key = im->aud_key;
issue_handle->iss_key = im->iss_key;
@@ -1606,7 +1776,11 @@ run (void *cls,
{
GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to gns");
}
-
+ credential_handle = GNUNET_CREDENTIAL_connect (cfg);
+ if (NULL == credential_handle)
+ {
+ GNUNET_log_strerror (GNUNET_ERROR_TYPE_ERROR, "error connecting to
credential");
+ }
identity_handle = GNUNET_IDENTITY_connect (cfg,
&list_ego,
NULL);
diff --git a/src/identity-provider/identity_provider.h
b/src/identity-provider/identity_provider.h
index 6fe6102c8..9d2675c35 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -134,6 +134,11 @@ struct IssueMessage
uint64_t nonce;
/**
+ * Length of scopes
+ */
+ uint64_t scope_len;
+
+ /**
* Expiration of token in NBO.
*/
struct GNUNET_TIME_AbsoluteNBO expiration;
diff --git a/src/identity-provider/identity_provider_api.c
b/src/identity-provider/identity_provider_api.c
index 1d242f66a..abee41d17 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -430,6 +430,7 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct
GNUNET_IDENTITY_PROVIDER_Handle *id
const struct
GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
const struct
GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
const char* scopes,
+ const char* vattr,
struct GNUNET_TIME_Absolute expiration,
uint64_t nonce,
GNUNET_IDENTITY_PROVIDER_IssueCallback
cb,
@@ -440,6 +441,8 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct
GNUNET_IDENTITY_PROVIDER_Handle *id
size_t slen;
slen = strlen (scopes) + 1;
+ if (NULL != vattr)
+ slen += strlen (vattr) + 1;
if (slen >= GNUNET_SERVER_MAX_MESSAGE_SIZE - sizeof (struct IssueMessage))
{
GNUNET_break (0);
@@ -456,9 +459,14 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct
GNUNET_IDENTITY_PROVIDER_Handle *id
im->id = op->r_id;
im->iss_key = *iss_key;
im->aud_key = *aud_key;
+ im->scope_len = htonl (strlen(scopes)+1);
im->nonce = htonl (nonce);
im->expiration = GNUNET_TIME_absolute_hton (expiration);
- GNUNET_memcpy (&im[1], scopes, slen);
+ GNUNET_memcpy (&im[1], scopes, strlen(scopes));
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "VATTRAPI: %s\n", vattr);
+ if (NULL != vattr)
+ GNUNET_memcpy ((char*)&im[1]+strlen(scopes)+1, vattr, strlen(vattr));
GNUNET_CONTAINER_DLL_insert_tail (id->op_head,
id->op_tail,
op);
diff --git a/src/identity-provider/identity_token.c
b/src/identity-provider/identity_token.c
index 31249840b..6794e373c 100644
--- a/src/identity-provider/identity_token.c
+++ b/src/identity-provider/identity_token.c
@@ -257,6 +257,38 @@ token_destroy (struct IdentityToken *token)
}
void
+token_add_attr_json (struct IdentityToken *token,
+ const char* key,
+ json_t* value)
+{
+ struct TokenAttr *attr;
+ struct TokenAttrValue *new_val;
+ GNUNET_assert (NULL != token);
+
+ new_val = GNUNET_malloc (sizeof (struct TokenAttrValue));
+ new_val->json_value = value;
+ json_incref(value);
+ for (attr = token->attr_head; NULL != attr; attr = attr->next)
+ {
+ if (0 == strcmp (key, attr->name))
+ break;
+ }
+
+ if (NULL == attr)
+ {
+ attr = GNUNET_malloc (sizeof (struct TokenAttr));
+ attr->name = GNUNET_strdup (key);
+ GNUNET_CONTAINER_DLL_insert (token->attr_head,
+ token->attr_tail,
+ attr);
+ }
+
+ GNUNET_CONTAINER_DLL_insert (attr->val_head,
+ attr->val_tail,
+ new_val);
+}
+
+void
token_add_attr (struct IdentityToken *token,
const char* key,
const char* value)
@@ -345,17 +377,23 @@ parse_json_payload(const char* payload_base64,
if (json_is_integer (arr_value))
token_add_attr_int (token, key,
json_integer_value (arr_value));
- else
+ else if (json_is_string (arr_value))
token_add_attr (token,
key,
json_string_value (arr_value));
+ else
+ token_add_attr_json (token,
+ key,
+ (json_t*)arr_value);
}
} else {
if (json_is_integer (value))
token_add_attr_int (token, key,
json_integer_value (value));
- else
+ else if (json_is_string (value))
token_add_attr (token, key, json_string_value (value));
+ else
+ token_add_attr_json (token, key, (json_t*)value);
}
}
@@ -424,7 +462,7 @@ token_parse (const char* raw_data,
GNUNET_asprintf (&tmp_buf, "%s", raw_data);
ecdh_pubkey_str = strtok (tmp_buf, ",");
enc_token_str = strtok (NULL, ",");
-
+
GNUNET_assert (NULL != ecdh_pubkey_str);
GNUNET_assert (NULL != enc_token_str);
@@ -476,7 +514,11 @@ create_json_payload (const struct IdentityToken *token)
json_object_set_new (root,
attr->name,
json_string (val->value));
- } else {
+ } else if (NULL != val->json_value) {
+ json_object_set (root,
+ attr->name,
+ val->json_value);
+ }else {
json_object_set_new (root,
attr->name,
json_integer (val->int_value));
@@ -715,8 +757,8 @@ ticket_serialize (struct TokenTicket *ticket,
purpose->purpose = htonl(GNUNET_SIGNATURE_PURPOSE_GNUID_TICKET);
write_ptr = (char*) &purpose[1];
GNUNET_memcpy (write_ptr,
- &ticket->ecdh_pubkey,
- sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
+ &ticket->ecdh_pubkey,
+ sizeof (struct GNUNET_CRYPTO_EcdhePublicKey));
write_ptr += sizeof (struct GNUNET_CRYPTO_EcdhePublicKey);
GNUNET_memcpy (write_ptr, enc_ticket_payload, strlen (code_payload_str));
GNUNET_assert (GNUNET_OK == GNUNET_CRYPTO_ecdsa_sign (priv_key,
@@ -825,7 +867,7 @@ ticket_payload_parse(const char *raw_data,
nonce_str = json_string_value (nonce_json);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Found nonce: %s\n", nonce_str);
-
+
GNUNET_assert (0 != sscanf (nonce_str, "%"SCNu64, &nonce));
*result = ticket_payload_create (nonce,
diff --git a/src/identity-provider/identity_token.h
b/src/identity-provider/identity_token.h
index 7ded6662e..5988bc668 100644
--- a/src/identity-provider/identity_token.h
+++ b/src/identity-provider/identity_token.h
@@ -103,6 +103,11 @@ struct TokenAttrValue
* used if NULL == value
*/
uint64_t int_value;
+
+ /**
+ * Json value
+ */
+ json_t *json_value;
};
struct TokenTicketPayload
@@ -213,10 +218,10 @@ token_add_attr_int (struct IdentityToken *token,
* @param value the value
*
*/
- void
- token_add_json (const struct IdentityToken *token,
- const char* key,
- json_t* value);
+void
+token_add_attr_json (struct IdentityToken *token,
+ const char* key,
+ json_t* value);
/**
* Serialize a token. The token will be signed and base64 according to the
@@ -234,11 +239,11 @@ token_add_attr_int (struct IdentityToken *token,
*
* @return GNUNET_OK on success
*/
- int
- token_serialize (const struct IdentityToken*token,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
- char **result);
+int
+token_serialize (const struct IdentityToken*token,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ struct GNUNET_CRYPTO_EcdhePrivateKey **ecdhe_privkey,
+ char **result);
/**
* Parses the serialized token and returns a token
@@ -249,10 +254,10 @@ token_add_attr_int (struct IdentityToken *token,
*
* @return GNUNET_OK on success
*/
- int
- token_parse (const char* data,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey
*priv_key,
- struct IdentityToken **result);
+int
+token_parse (const char* data,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ struct IdentityToken **result);
/**
* Parses the serialized token and returns a token
@@ -283,10 +288,10 @@ token_parse2 (const char* data,
*
* @return GNUNET_OK on success
*/
- int
- token_to_string (const struct IdentityToken *token,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- char **result);
+int
+token_to_string (const struct IdentityToken *token,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ char **result);
/**
*
@@ -316,10 +321,10 @@ ticket_create (uint64_t nonce,
*
* @return GNUNET_OK on success
*/
- int
- ticket_serialize (struct TokenTicket *ticket,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
- char **result);
+int
+ticket_serialize (struct TokenTicket *ticket,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv_key,
+ char **result);
/**
* Destroys a ticket
diff --git a/src/identity-provider/plugin_rest_identity_provider.c
b/src/identity-provider/plugin_rest_identity_provider.c
index e03f502ad..cd0c76989 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -110,6 +110,12 @@
#define GNUNET_IDENTITY_TOKEN_ATTR_LIST "requested_attrs"
/**
+ * Attributes passed to issue request
+ */
+#define GNUNET_IDENTITY_TOKEN_V_ATTR_LIST "requested_verified_attrs"
+
+
+/**
* Token expiration string
*/
#define GNUNET_IDENTITY_TOKEN_EXP_STRING "expiration"
@@ -460,6 +466,7 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con,
char *exp_str;
char *nonce_str;
char *scopes;
+ char *vattrs;
uint64_t time;
uint64_t nonce;
@@ -536,6 +543,21 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con,
scopes = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
&key);
+ //vattrs
+ GNUNET_CRYPTO_hash (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST,
+ strlen (GNUNET_IDENTITY_TOKEN_V_ATTR_LIST),
+ &key);
+
+ vattrs = NULL;
+ if ( GNUNET_YES ==
+ GNUNET_CONTAINER_multihashmap_contains
(handle->conndata_handle->url_param_map,
+ &key) )
+ {
+ vattrs = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
+ &key);
+ }
+
+
//Token audience
GNUNET_CRYPTO_hash (GNUNET_REST_JSONAPI_IDENTITY_AUD_REQUEST,
@@ -547,15 +569,15 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con,
&key) )
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Audience missing!\n");
+ "Audience missing!\n");
GNUNET_SCHEDULER_add_now (&do_error, handle);
return;
}
audience = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
&key);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Audience to issue token for: %s\n",
- audience);
+ "Audience to issue token for: %s\n",
+ audience);
priv_key = GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego);
GNUNET_IDENTITY_ego_get_public_key (ego_entry->ego,
@@ -581,8 +603,8 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con,
nonce_str = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
&key);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Request nonce: %s\n",
- nonce_str);
+ "Request nonce: %s\n",
+ nonce_str);
GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &nonce));
//Get expiration for token from URL parameter
@@ -619,6 +641,7 @@ issue_token_cont (struct GNUNET_REST_RequestHandle *con,
priv_key,
&aud_key,
scopes,
+ vattrs,
exp_time,
nonce,
&token_creat_cont,
@@ -739,16 +762,16 @@ token_collect (void *cls,
rd[i].data_size);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Adding token: %s\n", data);
json_resource = GNUNET_JSONAPI_resource_new
(GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
- label);
+ label);
issuer = json_string (handle->ego_head->identifier);
GNUNET_JSONAPI_resource_add_attr (json_resource,
-
GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST,
- issuer);
+
GNUNET_REST_JSONAPI_IDENTITY_ISS_REQUEST,
+ issuer);
json_decref (issuer);
token = json_string (data);
GNUNET_JSONAPI_resource_add_attr (json_resource,
-
GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
- token);
+ GNUNET_REST_JSONAPI_IDENTITY_TOKEN,
+ token);
json_decref (token);
GNUNET_JSONAPI_document_resource_add (handle->resp_object,
json_resource);
@@ -865,7 +888,7 @@ exchange_cont (void *cls,
return;
}
nonce_str = GNUNET_CONTAINER_multihashmap_get
(handle->conndata_handle->url_param_map,
- &key);
+ &key);
GNUNET_assert (1 == sscanf (nonce_str, "%"SCNu64, &expected_nonce));
if (ticket_nonce != expected_nonce)
diff --git a/src/include/gnunet_identity_provider_service.h
b/src/include/gnunet_identity_provider_service.h
index e533f6f8c..ba727eb92 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_identity_provider_service.h
@@ -126,6 +126,7 @@ GNUNET_IDENTITY_PROVIDER_issue_token (struct
GNUNET_IDENTITY_PROVIDER_Handle *id
const struct GNUNET_CRYPTO_EcdsaPrivateKey *iss_key,
const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
const char* scope,
+ const char* vattr,
struct GNUNET_TIME_Absolute expiration,
uint64_t nonce,
GNUNET_IDENTITY_PROVIDER_IssueCallback cb,
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] 50/171: -fix, (continued)
- [GNUnet-SVN] [gnunet] 50/171: -fix, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 66/171: -fix, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 54/171: -fix rest; prelim test;, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 61/171: Merge remote-tracking branch 'origin/master' into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 56/171: -refactoring, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 67/171: Merge remote-tracking branch 'origin/master' into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 49/171: -fix gns mq; fix serializer, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 63/171: -update rest, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 64/171: -add collect rest; fixes, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 69/171: Merge remote-tracking branch 'origin/master' into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 65/171: -add tokens for credentials,
gnunet <=
- [GNUnet-SVN] [gnunet] 73/171: -fix, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 52/171: -fixes, prettify, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 80/171: Merge remote-tracking branch 'origin/master' into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 48/171: -add serializer, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 84/171: Merge remote-tracking branch 'origin/master' into credentials, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 81/171: -fix 0-term, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 86/171: Merge branch 'abe' into identity_abe, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 74/171: -fix, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 83/171: -fix DEBUG output, gnunet, 2018/01/04
- [GNUnet-SVN] [gnunet] 51/171: -towards type4, gnunet, 2018/01/04