[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnunet] branch master updated (7fa39e49b -> 3eae3e43d)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnunet] branch master updated (7fa39e49b -> 3eae3e43d) |
|
Date: |
Tue, 10 Apr 2018 11:56:45 +0200 |
This is an automated email from the git hooks/post-receive script.
martin-schanzenbach pushed a change to branch master
in repository gnunet.
from 7fa39e49b rps profiler: fix probability computation
new b1af3dcf2 add attribute expiration
new 114d46af6 Merge branch 'master' of git+ssh://gnunet.org/gnunet
new 3eae3e43d fix some tests
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
src/identity-attribute/identity_attribute.h | 2 +-
src/identity-provider/gnunet-idp.c | 20 +++++-
.../gnunet-service-identity-provider.c | 73 +++++++++++++++++-----
src/identity-provider/identity_provider.h | 5 ++
src/identity-provider/identity_provider_api.c | 3 +
.../plugin_rest_identity_provider.c | 16 +++++
src/identity-provider/test_idp_revoke.sh | 7 ++-
src/include/gnunet_identity_provider_service.h | 2 +
8 files changed, 107 insertions(+), 21 deletions(-)
diff --git a/src/identity-attribute/identity_attribute.h
b/src/identity-attribute/identity_attribute.h
index 8dfc17521..da0cef1ca 100644
--- a/src/identity-attribute/identity_attribute.h
+++ b/src/identity-attribute/identity_attribute.h
@@ -39,7 +39,7 @@ struct Attribute
* Attribute version
*/
uint32_t attribute_version;
-
+
/**
* Name length
*/
diff --git a/src/identity-provider/gnunet-idp.c
b/src/identity-provider/gnunet-idp.c
index 995dd5775..1f1036d44 100644
--- a/src/identity-provider/gnunet-idp.c
+++ b/src/identity-provider/gnunet-idp.c
@@ -126,6 +126,11 @@ static struct GNUNET_IDENTITY_PROVIDER_Ticket ticket;
*/
static struct GNUNET_IDENTITY_ATTRIBUTE_ClaimList *attr_list;
+/**
+ * Attribute expiration interval
+ */
+static struct GNUNET_TIME_Relative exp_interval;
+
static void
do_cleanup(void *cls)
{
@@ -272,6 +277,7 @@ iter_finished (void *cls)
idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (idp_handle,
pkey,
claim,
+ &exp_interval,
&store_attr_cont,
NULL);
@@ -383,6 +389,7 @@ run (void *cls,
int
main(int argc, char *const argv[])
{
+ exp_interval = GNUNET_TIME_UNIT_HOURS;
struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_option_string ('a',
@@ -430,9 +437,18 @@ main(int argc, char *const argv[])
NULL,
gettext_noop ("Type of attribute"),
&type_str),
+ GNUNET_GETOPT_option_relative_time ('E',
+ "expiration",
+ NULL,
+ gettext_noop ("Expiration interval of
the attribute"),
+ &exp_interval),
+
GNUNET_GETOPT_OPTION_END
};
- return (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "ct",
+ if (GNUNET_OK == GNUNET_PROGRAM_run (argc, argv, "ct",
"ct", options,
- &run, NULL));
+ &run, NULL))
+ return 0;
+ else
+ return 1;
}
diff --git a/src/identity-provider/gnunet-service-identity-provider.c
b/src/identity-provider/gnunet-service-identity-provider.c
index 207923d5e..a518d00ae 100644
--- a/src/identity-provider/gnunet-service-identity-provider.c
+++ b/src/identity-provider/gnunet-service-identity-provider.c
@@ -364,6 +364,11 @@ struct AttributeStoreHandle
struct GNUNET_IDENTITY_ATTRIBUTE_Claim *claim;
/**
+ * The attribute expiration interval
+ */
+ struct GNUNET_TIME_Relative exp;
+
+ /**
* request id
*/
uint32_t r_id;
@@ -1308,12 +1313,29 @@ revocation_reissue_tickets (struct
TicketRevocationHandle *rh)
}
/**
- * Revoke next attribte by reencryption with
- * new ABE master
+ * Failed to check for attribute
*/
static void
-reenc_next_attribute (struct TicketRevocationHandle *rh)
+check_attr_error (void *cls)
+{
+ struct TicketRevocationHandle *rh = cls;
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unable to check for existing attribute\n");
+ send_revocation_finished (rh, GNUNET_SYSERR);
+ cleanup_revoke_ticket_handle (rh);
+}
+
+/**
+ * Check for existing attribute and overwrite
+ */
+static void
+check_attr_cb (void *cls,
+ const struct GNUNET_CRYPTO_EcdsaPrivateKey *zone,
+ const char *label,
+ unsigned int rd_count,
+ const struct GNUNET_GNSRECORD_Data *rd_old)
{
+ struct TicketRevocationHandle *rh = cls;
struct GNUNET_GNSRECORD_Data rd[1];
char* buf;
char* enc_buf;
@@ -1323,15 +1345,11 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
char* policy;
uint32_t attr_ver;
- if (NULL == rh->attrs->list_head)
- {
- revocation_reissue_tickets (rh);
- return;
- }
+
buf_size = GNUNET_IDENTITY_ATTRIBUTE_serialize_get_size
(rh->attrs->list_head->claim);
buf = GNUNET_malloc (buf_size);
GNUNET_IDENTITY_ATTRIBUTE_serialize (rh->attrs->list_head->claim,
- buf);
+ buf);
rh->attrs->list_head->claim->version++;
GNUNET_asprintf (&policy, "%s_%lu",
rh->attrs->list_head->claim->name,
@@ -1342,10 +1360,10 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
* Encrypt the attribute value and store in namestore
*/
enc_size = GNUNET_ABE_cpabe_encrypt (buf,
- buf_size,
- policy, //Policy
- rh->abe_key,
- (void**)&enc_buf);
+ buf_size,
+ policy, //Policy
+ rh->abe_key,
+ (void**)&enc_buf);
GNUNET_free (buf);
if (GNUNET_SYSERR == enc_size)
{
@@ -1371,7 +1389,7 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
rd[0].data = rd_buf;
rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
- rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+ rd[0].expiration_time = rd_old[0].expiration_time;
rh->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
&rh->identity,
rh->attrs->list_head->claim->name,
@@ -1383,6 +1401,30 @@ reenc_next_attribute (struct TicketRevocationHandle *rh)
GNUNET_free (rd_buf);
}
+
+/**
+ * Revoke next attribte by reencryption with
+ * new ABE master
+ */
+static void
+reenc_next_attribute (struct TicketRevocationHandle *rh)
+{
+ if (NULL == rh->attrs->list_head)
+ {
+ revocation_reissue_tickets (rh);
+ return;
+ }
+ /* First check if attribute still exists */
+ rh->ns_qe = GNUNET_NAMESTORE_records_lookup (ns_handle,
+ &rh->identity,
+
rh->attrs->list_head->claim->name,
+ &check_attr_error,
+ rh,
+ &check_attr_cb,
+ rh);
+}
+
+
/**
* Namestore callback after revoked attribute
* is stored
@@ -1878,7 +1920,7 @@ attr_store_task (void *cls)
rd[0].data = rd_buf;
rd[0].record_type = GNUNET_GNSRECORD_TYPE_ID_ATTR;
rd[0].flags = GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
- rd[0].expiration_time = GNUNET_TIME_UNIT_HOURS.rel_value_us; //TODO sane?
+ rd[0].expiration_time = as_handle->exp.rel_value_us;
as_handle->ns_qe = GNUNET_NAMESTORE_records_store (ns_handle,
&as_handle->identity,
as_handle->claim->name,
@@ -1936,6 +1978,7 @@ handle_attribute_store_message (void *cls,
as_handle->r_id = ntohl (sam->id);
as_handle->identity = sam->identity;
+ as_handle->exp.rel_value_us = GNUNET_ntohll (sam->exp);
GNUNET_CRYPTO_ecdsa_key_get_public (&sam->identity,
&as_handle->identity_pkey);
diff --git a/src/identity-provider/identity_provider.h
b/src/identity-provider/identity_provider.h
index b1fe6e1fd..625b8f96d 100644
--- a/src/identity-provider/identity_provider.h
+++ b/src/identity-provider/identity_provider.h
@@ -54,6 +54,11 @@ struct AttributeStoreMessage
uint32_t attr_len GNUNET_PACKED;
/**
+ * The expiration interval of the attribute
+ */
+ uint64_t exp GNUNET_PACKED;
+
+ /**
* Identity
*/
struct GNUNET_CRYPTO_EcdsaPrivateKey identity;
diff --git a/src/identity-provider/identity_provider_api.c
b/src/identity-provider/identity_provider_api.c
index e993a1ac7..21ce6e3d6 100644
--- a/src/identity-provider/identity_provider_api.c
+++ b/src/identity-provider/identity_provider_api.c
@@ -908,6 +908,7 @@ GNUNET_IDENTITY_PROVIDER_disconnect (struct
GNUNET_IDENTITY_PROVIDER_Handle *h)
* @param h handle to the identity provider
* @param pkey private key of the identity
* @param attr the attribute value
+ * @param exp_interval the relative expiration interval for the attribute
* @param cont continuation to call when done
* @param cont_cls closure for @a cont
* @return handle to abort the request
@@ -916,6 +917,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation *
GNUNET_IDENTITY_PROVIDER_attribute_store (struct
GNUNET_IDENTITY_PROVIDER_Handle *h,
const struct
GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
const struct
GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+ const struct GNUNET_TIME_Relative
*exp_interval,
GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
void *cont_cls)
{
@@ -937,6 +939,7 @@ GNUNET_IDENTITY_PROVIDER_attribute_store (struct
GNUNET_IDENTITY_PROVIDER_Handle
GNUNET_MESSAGE_TYPE_IDENTITY_PROVIDER_ATTRIBUTE_STORE);
sam->identity = *pkey;
sam->id = htonl (op->r_id);
+ sam->exp = GNUNET_htonll (exp_interval->rel_value_us);
GNUNET_IDENTITY_ATTRIBUTE_serialize (attr,
(char*)&sam[1]);
diff --git a/src/identity-provider/plugin_rest_identity_provider.c
b/src/identity-provider/plugin_rest_identity_provider.c
index 398d09cd2..03279983b 100644
--- a/src/identity-provider/plugin_rest_identity_provider.c
+++ b/src/identity-provider/plugin_rest_identity_provider.c
@@ -546,6 +546,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle
*con_handle,
const char* identity;
const char* name_str;
const char* value_str;
+ const char* exp_str;
struct RequestHandle *handle = cls;
struct EgoEntry *ego_entry;
@@ -553,9 +554,11 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle
*con_handle,
struct GNUNET_IDENTITY_ATTRIBUTE_Claim *attribute;
struct GNUNET_JSONAPI_Document *json_obj;
struct GNUNET_JSONAPI_Resource *json_res;
+ struct GNUNET_TIME_Relative exp;
char term_data[handle->rest_handle->data_size+1];
json_t *value_json;
json_t *data_json;
+ json_t *exp_json;
json_error_t err;
struct GNUNET_JSON_Specification docspec[] = {
GNUNET_JSON_spec_jsonapi_document (&json_obj),
@@ -635,6 +638,18 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle
*con_handle,
return;
}
name_str = GNUNET_JSONAPI_resource_get_id (json_res);
+ exp_json = GNUNET_JSONAPI_resource_read_attr (json_res,
+ "exp");
+ exp_str = json_string_value (exp_json);
+ if (NULL == exp_str) {
+ exp = GNUNET_TIME_UNIT_HOURS;
+ } else {
+ if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_relative (exp_str,
+ &exp)) {
+ exp = GNUNET_TIME_UNIT_HOURS;
+ }
+ }
+
value_json = GNUNET_JSONAPI_resource_read_attr (json_res,
"value");
value_str = json_string_value (value_json);
@@ -646,6 +661,7 @@ add_attribute_cont (struct GNUNET_REST_RequestHandle
*con_handle,
handle->idp_op = GNUNET_IDENTITY_PROVIDER_attribute_store (handle->idp,
identity_priv,
attribute,
+ &exp,
&finished_cont,
handle);
GNUNET_free (attribute);
diff --git a/src/identity-provider/test_idp_revoke.sh
b/src/identity-provider/test_idp_revoke.sh
index d5c2c3f77..6943fcf4f 100755
--- a/src/identity-provider/test_idp_revoke.sh
+++ b/src/identity-provider/test_idp_revoke.sh
@@ -31,17 +31,18 @@ ALICE_KEY=$(gnunet-identity -d -c test_idp.conf | grep
alice | awk '{print $3}')
BOB_KEY=$(gnunet-identity -d -c test_idp.conf | grep bob | awk '{print $3}')
EVE_KEY=$(gnunet-identity -d -c test_idp.conf | grep eve | awk '{print $3}')
-gnunet-idp -e alice -a email -V address@hidden -c test_idp.conf
-gnunet-idp -e alice -a name -V John -c test_idp.conf
+gnunet-idp -e alice -E 1s -a email -V address@hidden -c test_idp.conf
+gnunet-idp -e alice -E 1s -a name -V John -c test_idp.conf
TICKET_BOB=$(gnunet-idp -e alice -i "email,name" -r $BOB_KEY -c test_idp.conf
| awk '{print $1}')
#gnunet-idp -e bob -C $TICKET_BOB -c test_idp.conf
TICKET_EVE=$(gnunet-idp -e alice -i "email" -r $EVE_KEY -c test_idp.conf | awk
'{print $1}')
-
#echo "Consuming $TICKET"
#gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf
gnunet-idp -e alice -R $TICKET_EVE -c test_idp.conf
+sleep 2
+
gnunet-idp -e eve -C $TICKET_EVE -c test_idp.conf > /dev/null 2>&1
if test $? == 0
then
diff --git a/src/include/gnunet_identity_provider_service.h
b/src/include/gnunet_identity_provider_service.h
index be935e898..bc666a216 100644
--- a/src/include/gnunet_identity_provider_service.h
+++ b/src/include/gnunet_identity_provider_service.h
@@ -115,6 +115,7 @@ typedef void
* @param h handle to the identity provider
* @param pkey private key of the identity
* @param attr the attribute
+ * @param exp_interval the relative expiration interval for the attribute
* @param cont continuation to call when done
* @param cont_cls closure for @a cont
* @return handle to abort the request
@@ -123,6 +124,7 @@ struct GNUNET_IDENTITY_PROVIDER_Operation *
GNUNET_IDENTITY_PROVIDER_attribute_store (struct
GNUNET_IDENTITY_PROVIDER_Handle *h,
const struct
GNUNET_CRYPTO_EcdsaPrivateKey *pkey,
const struct
GNUNET_IDENTITY_ATTRIBUTE_Claim *attr,
+ const struct GNUNET_TIME_Relative
*exp_interval,
GNUNET_IDENTITY_PROVIDER_ContinuationWithStatus cont,
void *cont_cls);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnunet] branch master updated (7fa39e49b -> 3eae3e43d),
gnunet <=