12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082 |
- /*
- This file is part of GNUnet.
- Copyright (C) 2012-2013 GNUnet e.V.
- GNUnet is free software: you can redistribute it and/or modify it
- under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License,
- or (at your option) any later version.
- GNUnet is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Affero General Public License for more details.
- You should have received a copy of the GNU Affero General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- SPDX-License-Identifier: AGPL3.0-or-later
- */
- /**
- * @file gnunet-abd.c
- * @brief command line tool to access command line Credential service
- * @author Martin Schanzenbach
- */
- #include "platform.h"
- #include <gnunet_util_lib.h>
- #include <gnunet_abd_service.h>
- #include <gnunet_gnsrecord_lib.h>
- #include <gnunet_namestore_service.h>
- #include "delegate_misc.h"
- #include "abd_serialization.h"
- /**
- * Configuration we are using.
- */
- static const struct GNUNET_CONFIGURATION_Handle *cfg;
- /**
- * Handle to the namestore.
- */
- static struct GNUNET_NAMESTORE_Handle *ns;
- /**
- * Private key for the our zone.
- */
- static struct GNUNET_CRYPTO_EcdsaPrivateKey zone_pkey;
- /**
- * EgoLookup
- */
- static struct GNUNET_IDENTITY_EgoLookup *el;
- /**
- * Handle to Credential service.
- */
- static struct GNUNET_ABD_Handle *abd;
- /**
- * Desired timeout for the lookup (default is no timeout).
- */
- static struct GNUNET_TIME_Relative timeout;
- /**
- * Handle to verify request
- */
- static struct GNUNET_ABD_Request *verify_request;
- /**
- * Handle to collect request
- */
- static struct GNUNET_ABD_Request *collect_request;
- /**
- * Task scheduled to handle timeout.
- */
- static struct GNUNET_SCHEDULER_Task *tt;
- /**
- * Return value of the commandline.
- */
- static int ret = 0;
- /**
- * Subject pubkey string
- */
- static char *subject;
- /**
- * Subject delegate string
- */
- static char *subject_delegate;
- /**
- * Credential TTL
- */
- static char *expiration;
- /**
- * Subject key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey subject_pkey;
- /**
- * Issuer key
- */
- struct GNUNET_CRYPTO_EcdsaPublicKey issuer_pkey;
- /**
- * Issuer pubkey string
- */
- static char *issuer_key;
- /**
- * ego
- */
- static char *ego_name;
- /**
- * Issuer attribute
- */
- static char *issuer_attr;
- /**
- * Verify mode
- */
- static int verify;
- /**
- * Collect mode
- */
- static int collect;
- /**
- * Create mode
- */
- static int create_is;
- /**
- * Create mode
- */
- static int create_ss;
- /**
- * Create mode
- */
- static int sign_ss;
- /**
- * Signed issue credentials
- */
- static char *import;
- /**
- * Is record private
- */
- static int is_private;
- /**
- * Search direction: forward
- */
- static int forward;
- /**
- * Search direction: backward
- */
- static int backward;
- /**
- * API enum, filled and passed for collect/verify
- */
- enum GNUNET_ABD_AlgoDirectionFlags direction = 0;
- /**
- * Queue entry for the 'add' operation.
- */
- static struct GNUNET_NAMESTORE_QueueEntry *add_qe;
- /**
- * Value in binary format.
- */
- static void *data;
- /**
- * Number of bytes in #data.
- */
- static size_t data_size;
- /**
- * Type string converted to DNS type value.
- */
- static uint32_t type;
- /**
- * Type of the record to add/remove, NULL to remove all.
- */
- static char *typestring;
- /**
- * Expiration string converted to numeric value.
- */
- static uint64_t etime;
- /**
- * Is expiration time relative or absolute time?
- */
- static int etime_is_rel = GNUNET_SYSERR;
- /**
- * Fixed size of the public/private keys
- */
- static const int key_length = 52;
- /**
- * Record label for storing delegations
- */
- static char *record_label;
- /**
- * Task run on shutdown. Cleans up everything.
- *
- * @param cls unused
- */
- static void
- do_shutdown (void *cls)
- {
- if (NULL != verify_request)
- {
- GNUNET_ABD_request_cancel (verify_request);
- verify_request = NULL;
- }
- if (NULL != abd)
- {
- GNUNET_ABD_disconnect (abd);
- abd = NULL;
- }
- if (NULL != tt)
- {
- GNUNET_SCHEDULER_cancel (tt);
- tt = NULL;
- }
- if (NULL != el)
- {
- GNUNET_IDENTITY_ego_lookup_cancel (el);
- el = NULL;
- }
- if (NULL != add_qe)
- {
- GNUNET_NAMESTORE_cancel (add_qe);
- add_qe = NULL;
- }
- if (NULL != ns)
- {
- GNUNET_NAMESTORE_disconnect (ns);
- ns = NULL;
- }
- }
- /**
- * Task run on timeout. Triggers shutdown.
- *
- * @param cls unused
- */
- static void
- do_timeout (void *cls)
- {
- tt = NULL;
- GNUNET_SCHEDULER_shutdown ();
- }
- static void
- handle_intermediate_result (void *cls,
- struct GNUNET_ABD_Delegation *dd,
- bool is_bw)
- {
- char *prefix = "";
- if (is_bw)
- prefix = "Backward -";
- else
- prefix = "Forward -";
- printf ("%s Intermediate result: %s.%s <- %s.%s\n",
- prefix,
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&dd->issuer_key),
- dd->issuer_attribute,
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&dd->subject_key),
- dd->subject_attribute);
- }
- static void
- handle_collect_result (void *cls,
- unsigned int d_count,
- struct GNUNET_ABD_Delegation *dc,
- unsigned int c_count,
- struct GNUNET_ABD_Delegate *dele)
- {
- int i;
- char *line;
- verify_request = NULL;
- if (NULL != dele)
- {
- for (i = 0; i < c_count; i++)
- {
- line = GNUNET_ABD_delegate_to_string (&dele[i]);
- printf ("%s\n", line);
- GNUNET_free (line);
- }
- }
- else
- {
- printf ("Received NULL\n");
- }
- GNUNET_SCHEDULER_shutdown ();
- }
- static void
- handle_verify_result (void *cls,
- unsigned int d_count,
- struct GNUNET_ABD_Delegation *dc,
- unsigned int c_count,
- struct GNUNET_ABD_Delegate *dele)
- {
- int i;
- char *iss_key;
- char *sub_key;
- verify_request = NULL;
- if (NULL == dele)
- ret = 1;
- else
- {
- printf ("Delegation Chain:\n");
- for (i = 0; i < d_count; i++)
- {
- iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].issuer_key);
- sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dc[i].subject_key);
- if (0 != dc[i].subject_attribute_len)
- {
- printf ("(%d) %s.%s <- %s.%s\n",
- i,
- iss_key,
- dc[i].issuer_attribute,
- sub_key,
- dc[i].subject_attribute);
- }
- else
- {
- printf ("(%d) %s.%s <- %s\n",
- i,
- iss_key,
- dc[i].issuer_attribute,
- sub_key);
- }
- GNUNET_free (iss_key);
- GNUNET_free (sub_key);
- }
- printf ("\nDelegate(s):\n");
- for (i = 0; i < c_count; i++)
- {
- iss_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dele[i].issuer_key);
- sub_key = GNUNET_CRYPTO_ecdsa_public_key_to_string (&dele[i].subject_key);
- printf ("%s.%s <- %s\n", iss_key, dele[i].issuer_attribute, sub_key);
- GNUNET_free (iss_key);
- GNUNET_free (sub_key);
- }
- printf ("Successful.\n");
- }
- GNUNET_SCHEDULER_shutdown ();
- }
- /**
- * Callback invoked from identity service with ego information.
- * An @a ego of NULL means the ego was not found.
- *
- * @param cls closure with the configuration
- * @param ego an ego known to identity service, or NULL
- */
- static void
- identity_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
- {
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
- el = NULL;
- if (NULL == ego)
- {
- if (NULL != ego_name)
- {
- fprintf (stderr,
- _ ("Ego `%s' not known to identity service\n"),
- ego_name);
- }
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (GNUNET_YES == collect)
- {
- if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key,
- strlen (issuer_key),
- &issuer_pkey))
- {
- fprintf (stderr,
- _ ("Issuer public key `%s' is not well-formed\n"),
- issuer_key);
- GNUNET_SCHEDULER_shutdown ();
- }
- privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
- collect_request = GNUNET_ABD_collect (abd,
- &issuer_pkey,
- issuer_attr,
- privkey,
- direction,
- &handle_collect_result,
- NULL,
- &handle_intermediate_result,
- NULL);
- return;
- }
- GNUNET_SCHEDULER_shutdown ();
- }
- /**
- * Parse expiration time.
- *
- * @param expirationstring text to parse
- * @param etime_is_rel[out] set to #GNUNET_YES if time is relative
- * @param etime[out] set to expiration time (abs or rel)
- * @return #GNUNET_OK on success
- */
- static int
- parse_expiration (const char *expirationstring,
- int *etime_is_rel,
- uint64_t *etime)
- {
- // copied from namestore/gnunet-namestore.c
- struct GNUNET_TIME_Relative etime_rel;
- struct GNUNET_TIME_Absolute etime_abs;
- if (0 == strcmp (expirationstring, "never"))
- {
- *etime = GNUNET_TIME_UNIT_FOREVER_ABS.abs_value_us;
- *etime_is_rel = GNUNET_NO;
- return GNUNET_OK;
- }
- if (GNUNET_OK ==
- GNUNET_STRINGS_fancy_time_to_relative (expirationstring, &etime_rel))
- {
- *etime_is_rel = GNUNET_YES;
- *etime = etime_rel.rel_value_us;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Storing record with relative expiration time of %s\n",
- GNUNET_STRINGS_relative_time_to_string (etime_rel, GNUNET_NO));
- return GNUNET_OK;
- }
- if (GNUNET_OK ==
- GNUNET_STRINGS_fancy_time_to_absolute (expirationstring, &etime_abs))
- {
- *etime_is_rel = GNUNET_NO;
- *etime = etime_abs.abs_value_us;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Storing record with absolute expiration time of %s\n",
- GNUNET_STRINGS_absolute_time_to_string (etime_abs));
- return GNUNET_OK;
- }
- return GNUNET_SYSERR;
- }
- /**
- * Function called if lookup fails.
- */
- static void
- error_cb (void *cls)
- {
- fprintf (stderr, "Error occured during lookup, shutting down.\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- static void
- add_continuation (void *cls, int32_t success, const char *emsg)
- {
- struct GNUNET_NAMESTORE_QueueEntry **qe = cls;
- *qe = NULL;
- if (GNUNET_OK == success)
- printf ("Adding successful.\n");
- else
- fprintf (stderr, "Error occured during adding, shutting down.\n");
- GNUNET_SCHEDULER_shutdown ();
- }
- static void
- get_existing_record (void *cls,
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone_key,
- const char *rec_name,
- unsigned int rd_count,
- const struct GNUNET_GNSRECORD_Data *rd)
- {
- struct GNUNET_GNSRECORD_Data rdn[rd_count + 1];
- struct GNUNET_GNSRECORD_Data *rde;
- memset (rdn, 0, sizeof (struct GNUNET_GNSRECORD_Data));
- GNUNET_memcpy (&rdn[1], rd, rd_count * sizeof (struct GNUNET_GNSRECORD_Data));
- rde = &rdn[0];
- rde->data = data;
- rde->data_size = data_size;
- rde->record_type = type;
- // Set flags
- if (GNUNET_YES == is_private)
- rde->flags |= GNUNET_GNSRECORD_RF_PRIVATE;
- rde->expiration_time = etime;
- if (GNUNET_YES == etime_is_rel)
- rde->flags |= GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
- else if (GNUNET_NO != etime_is_rel)
- rde->expiration_time = GNUNET_TIME_UNIT_FOREVER_ABS.abs_value_us;
- GNUNET_assert (NULL != rec_name);
- add_qe = GNUNET_NAMESTORE_records_store (ns,
- &zone_pkey,
- rec_name,
- rd_count + 1,
- rde,
- &add_continuation,
- &add_qe);
- return;
- }
- static void
- store_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
- {
- const struct GNUNET_CONFIGURATION_Handle *cfg = cls;
- el = NULL;
- ns = GNUNET_NAMESTORE_connect (cfg);
- if (NULL == ns)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- _ ("Failed to connect to namestore\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Key handling
- zone_pkey = *GNUNET_IDENTITY_ego_get_private_key (ego);
- if (GNUNET_GNSRECORD_TYPE_DELEGATE == type)
- {
- // Parse import
- struct GNUNET_ABD_Delegate *cred;
- cred = GNUNET_ABD_delegate_from_string (import);
- // Get import subject public key string
- char *subject_pubkey_str =
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&cred->subject_key);
- // Get zone public key string
- struct GNUNET_CRYPTO_EcdsaPublicKey zone_pubkey;
- GNUNET_IDENTITY_ego_get_public_key (ego, &zone_pubkey);
- char *zone_pubkey_str =
- GNUNET_CRYPTO_ecdsa_public_key_to_string (&zone_pubkey);
- // Check if the subject key in the signed import matches the zone's key it is issued to
- if (strcmp (zone_pubkey_str, subject_pubkey_str) != 0)
- {
- fprintf (stderr,
- "Import signed delegate does not match this ego's public key.\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Expiration
- etime = cred->expiration.abs_value_us;
- etime_is_rel = GNUNET_NO;
- // Prepare the data to be store in the record
- data_size = GNUNET_ABD_delegate_serialize (cred, (char **) &data);
- GNUNET_free (cred);
- }
- else
- {
- // For all other types e.g. GNUNET_GNSRECORD_TYPE_ATTRIBUTE
- if (GNUNET_OK !=
- GNUNET_GNSRECORD_string_to_value (type, subject, &data, &data_size))
- {
- fprintf (stderr,
- "Value `%s' invalid for record type `%s'\n",
- subject,
- typestring);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Take care of expiration
- if (NULL == expiration)
- {
- fprintf (stderr, "Missing option -e for operation 'create'\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (GNUNET_OK != parse_expiration (expiration, &etime_is_rel, &etime))
- {
- fprintf (stderr, "Invalid time format `%s'\n", expiration);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- }
- // Start lookup
- add_qe = GNUNET_NAMESTORE_records_lookup (ns,
- &zone_pkey,
- record_label,
- &error_cb,
- NULL,
- &get_existing_record,
- NULL);
- return;
- }
- static void
- sign_cb (void *cls, const struct GNUNET_IDENTITY_Ego *ego)
- {
- const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey;
- struct GNUNET_ABD_Delegate *dele;
- struct GNUNET_TIME_Absolute etime_abs;
- char *res;
- el = NULL;
- // work on expiration time
- if (NULL == expiration)
- {
- fprintf (stderr, "Please specify a TTL\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- else if (GNUNET_OK !=
- GNUNET_STRINGS_fancy_time_to_absolute (expiration, &etime_abs))
- {
- fprintf (stderr,
- "%s is not a valid ttl! Only absolute times are accepted!\n",
- expiration);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // If contains a space - split it by the first space only - assume first entry is subject followed by attribute(s)
- char *subject_pubkey_str;
- char *subject_attr = NULL;
- char *token;
- // Subject Public Key
- token = strtok (subject, " ");
- if (key_length == strlen (token))
- {
- subject_pubkey_str = token;
- }
- else
- {
- fprintf (stderr, "Key error, wrong length: %ld!\n", strlen (token));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Subject Attribute(s)
- token = strtok (NULL, " ");
- if (NULL != token)
- {
- subject_attr = token;
- }
- // work on keys
- privkey = GNUNET_IDENTITY_ego_get_private_key (ego);
- if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_public_key_from_string (subject_pubkey_str,
- strlen (subject_pubkey_str),
- &subject_pkey))
- {
- fprintf (stderr,
- "Subject public key `%s' is not well-formed\n",
- subject_pubkey_str);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Sign delegate
- dele = GNUNET_ABD_delegate_issue (privkey,
- &subject_pkey,
- issuer_attr,
- subject_attr,
- &etime_abs);
- res = GNUNET_ABD_delegate_to_string (dele);
- GNUNET_free (dele);
- printf ("%s\n", res);
- GNUNET_free_non_null (ego_name);
- ego_name = NULL;
- GNUNET_SCHEDULER_shutdown ();
- }
- /**
- * Main function that will be run.
- *
- * @param cls closure
- * @param args remaining command-line arguments
- * @param cfgfile name of the configuration file used (for saving, can be NULL!)
- * @param c configuration
- */
- static void
- run (void *cls,
- char *const *args,
- const char *cfgfile,
- const struct GNUNET_CONFIGURATION_Handle *c)
- {
- cfg = c;
- tt = GNUNET_SCHEDULER_add_delayed (timeout, &do_timeout, NULL);
- GNUNET_SCHEDULER_add_shutdown (&do_shutdown, NULL);
- // Check relevant cmdline parameters
- if (GNUNET_YES == create_is)
- {
- if (NULL == ego_name)
- {
- fprintf (stderr, "Missing option '-ego'\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (NULL == issuer_attr)
- {
- fprintf (stderr, "Missing option '-attribute' for issuer attribute\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (NULL == subject)
- {
- fprintf (stderr, "Missing option -subject for operation 'create'.'\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Lookup ego, on success call store_cb and store as ATTRIBUTE type
- type = GNUNET_GNSRECORD_TYPE_ATTRIBUTE;
- record_label = issuer_attr;
- el = GNUNET_IDENTITY_ego_lookup (cfg, ego_name, &store_cb, (void *) cfg);
- return;
- }
- if (GNUNET_YES == create_ss)
- {
- // check if signed parameter has been passed in cmd line call
- if (NULL == import)
- {
- fprintf (stderr, "'import' required\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- type = GNUNET_GNSRECORD_TYPE_DELEGATE;
- record_label = GNUNET_GNS_EMPTY_LABEL_AT;
- // Store subject side
- el = GNUNET_IDENTITY_ego_lookup (cfg, ego_name, &store_cb, (void *) cfg);
- return;
- }
- if (GNUNET_YES == sign_ss)
- {
- if (NULL == ego_name)
- {
- fprintf (stderr, "ego required\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (NULL == subject)
- {
- fprintf (stderr, "Subject public key needed\n");
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // lookup ego and call function sign_cb on success
- el = GNUNET_IDENTITY_ego_lookup (cfg, ego_name, &sign_cb, (void *) cfg);
- return;
- }
- if ((GNUNET_NO == forward) && (GNUNET_NO == backward))
- {
- // set default: bidirectional
- forward = GNUNET_YES;
- backward = GNUNET_YES;
- }
- if (GNUNET_YES == forward)
- direction |= GNUNET_ABD_FLAG_FORWARD;
- if (GNUNET_YES == backward)
- direction |= GNUNET_ABD_FLAG_BACKWARD;
- if (GNUNET_YES == collect)
- {
- if (NULL == issuer_key)
- {
- fprintf (stderr, _ ("Issuer public key not well-formed\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- abd = GNUNET_ABD_connect (cfg);
- if (NULL == abd)
- {
- fprintf (stderr, _ ("Failed to connect to ABD\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (NULL == issuer_attr)
- {
- fprintf (stderr, _ ("You must provide issuer the attribute\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (NULL == ego_name)
- {
- fprintf (stderr, _ ("ego required\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- el = GNUNET_IDENTITY_ego_lookup (cfg, ego_name, &identity_cb, (void *) cfg);
- return;
- }
- if (NULL == subject)
- {
- fprintf (stderr, _ ("Subject public key needed\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (GNUNET_OK != GNUNET_CRYPTO_ecdsa_public_key_from_string (subject,
- strlen (subject),
- &subject_pkey))
- {
- fprintf (stderr,
- _ ("Subject public key `%s' is not well-formed\n"),
- subject);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (GNUNET_YES == verify)
- {
- if (NULL == issuer_key)
- {
- fprintf (stderr, _ ("Issuer public key not well-formed\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if (GNUNET_OK !=
- GNUNET_CRYPTO_ecdsa_public_key_from_string (issuer_key,
- strlen (issuer_key),
- &issuer_pkey))
- {
- fprintf (stderr,
- _ ("Issuer public key `%s' is not well-formed\n"),
- issuer_key);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- abd = GNUNET_ABD_connect (cfg);
- if (NULL == abd)
- {
- fprintf (stderr, _ ("Failed to connect to ABD\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- if ((NULL == issuer_attr) || (NULL == subject_delegate))
- {
- fprintf (stderr, _ ("You must provide issuer and subject attributes\n"));
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- // Subject credentials are comma separated
- char *tmp = GNUNET_strdup (subject_delegate);
- char *tok = strtok (tmp, ",");
- if (NULL == tok)
- {
- fprintf (stderr, "Invalid subject credentials\n");
- GNUNET_free (tmp);
- GNUNET_SCHEDULER_shutdown ();
- return;
- }
- int count = 1;
- int i;
- while (NULL != (tok = strtok (NULL, ",")))
- count++;
- struct GNUNET_ABD_Delegate delegates[count];
- struct GNUNET_ABD_Delegate *dele;
- GNUNET_free (tmp);
- tmp = GNUNET_strdup (subject_delegate);
- tok = strtok (tmp, ",");
- for (i = 0; i < count; i++)
- {
- dele = GNUNET_ABD_delegate_from_string (tok);
- GNUNET_memcpy (&delegates[i],
- dele,
- sizeof (struct GNUNET_ABD_Delegate));
- delegates[i].issuer_attribute = GNUNET_strdup (dele->issuer_attribute);
- tok = strtok (NULL, ",");
- GNUNET_free (dele);
- }
- verify_request = GNUNET_ABD_verify (abd,
- &issuer_pkey,
- issuer_attr,
- &subject_pkey,
- count,
- delegates,
- direction,
- &handle_verify_result,
- NULL,
- &handle_intermediate_result,
- NULL);
- for (i = 0; i < count; i++)
- {
- GNUNET_free ((char *) delegates[i].issuer_attribute);
- }
- GNUNET_free (tmp);
- }
- else
- {
- fprintf (stderr,
- _ (
- "Please specify name to lookup, subject key and issuer key!\n"));
- GNUNET_SCHEDULER_shutdown ();
- }
- return;
- }
- /**
- * The main function for gnunet-gns.
- *
- * @param argc number of arguments from the command line
- * @param argv command line arguments
- * @return 0 ok, 1 on error
- */
- int
- main (int argc, char *const *argv)
- {
- struct GNUNET_GETOPT_CommandLineOption options[] =
- {GNUNET_GETOPT_option_flag ('V',
- "verify",
- gettext_noop (
- "verify credential against attribute"),
- &verify),
- GNUNET_GETOPT_option_string (
- 's',
- "subject",
- "PKEY",
- gettext_noop (
- "The public key of the subject to lookup the"
- "credential for, or for issuer side storage: subject and its attributes"),
- &subject),
- GNUNET_GETOPT_option_string (
- 'd',
- "delegate",
- "DELE",
- gettext_noop ("The private, signed delegate presented by the subject"),
- &subject_delegate),
- GNUNET_GETOPT_option_string (
- 'i',
- "issuer",
- "PKEY",
- gettext_noop (
- "The public key of the authority to verify the credential against"),
- &issuer_key),
- GNUNET_GETOPT_option_string ('e',
- "ego",
- "EGO",
- gettext_noop ("The ego/zone name to use"),
- &ego_name),
- GNUNET_GETOPT_option_string (
- 'a',
- "attribute",
- "ATTR",
- gettext_noop ("The issuer attribute to verify against or to issue"),
- &issuer_attr),
- GNUNET_GETOPT_option_string ('T',
- "ttl",
- "EXP",
- gettext_noop (
- "The time to live for the credential."
- "e.g. 5m, 6h, \"1990-12-30 12:00:00\""),
- &expiration),
- GNUNET_GETOPT_option_flag ('g',
- "collect",
- gettext_noop ("collect credentials"),
- &collect),
- GNUNET_GETOPT_option_flag ('U',
- "createIssuerSide",
- gettext_noop (
- "Create and issue a credential issuer side."),
- &create_is),
- GNUNET_GETOPT_option_flag ('C',
- "createSubjectSide",
- gettext_noop (
- "Issue a credential subject side."),
- &create_ss),
- GNUNET_GETOPT_option_flag (
- 'S',
- "signSubjectSide",
- gettext_noop ("Create, sign and return a credential subject side."),
- &sign_ss),
- GNUNET_GETOPT_option_string (
- 'x',
- "import",
- "IMP",
- gettext_noop (
- "Import signed credentials that should be issued to a zone/ego"),
- &import),
- GNUNET_GETOPT_option_flag ('P',
- "private",
- gettext_noop ("Create private record entry."),
- &is_private),
- GNUNET_GETOPT_option_flag (
- 'F',
- "forward",
- gettext_noop (
- "Indicates that the collect/verify process is done via forward search."),
- &forward),
- GNUNET_GETOPT_option_flag (
- 'B',
- "backward",
- gettext_noop (
- "Indicates that the collect/verify process is done via forward search."),
- &backward),
- GNUNET_GETOPT_OPTION_END};
- timeout = GNUNET_TIME_UNIT_FOREVER_REL;
- if (GNUNET_OK != GNUNET_STRINGS_get_utf8_args (argc, argv, &argc, &argv))
- return 2;
- GNUNET_log_setup ("gnunet-abd", "WARNING", NULL);
- if (GNUNET_OK != GNUNET_PROGRAM_run (argc,
- argv,
- "gnunet-abd",
- _ ("GNUnet abd resolver tool"),
- options,
- &run,
- NULL))
- ret = 1;
- GNUNET_free ((void *) argv);
- return ret;
- }
- /* end of gnunet-abd.c */
|