document application ID support (-A command-line option)

3 files changed, 49 insertions, 8 deletions

diff --git a/doc/sphinx/manpages/anastasis-gtk.1.rst b/doc/sphinx/manpages/anastasis-gtk.1.rst
index f387645..b039fbf 100644
--- a/doc/sphinx/manpages/anastasis-gtk.1.rst
+++ b/doc/sphinx/manpages/anastasis-gtk.1.rst
@@ -12,6 +12,7 @@ Synopsis
 ========
 
 **anastasis-gtk**
+[**-A**_*ID*_|_**--application=**\ \ *ID*]
 [**-c** *FILENAME* | **––config=**\ ‌\ *FILENAME*]
 [**-h** | **––help**]
 [**-L** *LOGLEVEL* | **––loglevel=**\ ‌\ *LOGLEVEL*]
@@ -26,7 +27,7 @@ Description
 key recover and backup operations.
 
 
-**-a** *ID* \| **--application=**\ \ *ID*
+**-A** *ID* \| **--application=**\ \ *ID*
    Set the application ID to *ID*. Default is ``anastasis-gtk``. Used
    to store different types of secrets from different applications
    while using the same user attributes. Basically the application ID
diff --git a/doc/sphinx/manpages/anastasis-reducer.1.rst b/doc/sphinx/manpages/anastasis-reducer.1.rst
index 859dc49..9884b18 100644
--- a/doc/sphinx/manpages/anastasis-reducer.1.rst
+++ b/doc/sphinx/manpages/anastasis-reducer.1.rst
@@ -12,6 +12,7 @@ Synopsis
 ========
 
 **anastasis-reducer**
+[**-A**_*ID*_|_**--application=**\ \ *ID*]
 [**-a**_*JSON*_|_**--arguments=\ \ *JSON*]
 [**-b**_|_**--backup]
 [**-c** *FILENAME* | **––config=**\ ‌\ *FILENAME*]
@@ -37,6 +38,19 @@ chapter.
 **-a** *JSON* \| **––arguments=**\ \ *JSON*
    Provide JSON inputs for the given command.
 
+**-A** *ID* \| **--application=**\ \ *ID*
+   Set the application ID to *ID*. Default is empty, which means the application-id must be explicitly provided
+   as part of the JSON inputs or it will be omitted.
+   The **-A** option overrides any application ID that
+   may be given in the **-a** arguments. Application IDs
+   are used to store different types of secrets from different applications
+   while using the same user attributes. Basically the application ID
+   is included in the user attributes. Applications that
+   tightly integrate Anastasis should set the application ID to their
+   respective unique name, for example the GNU Taler wallet may use
+   ``gnu-taler-wallet`` for the application ID.
+   Forgetting the application ID makes the secrets irrecoverable.
+
 **-b** \| **--backup**
    Begin fresh reducer operation for a back up operation.
 
diff --git a/src/cli/anastasis-cli-redux.c b/src/cli/anastasis-cli-redux.c
index 0e6e54b..e2d2e1d 100644
--- a/src/cli/anastasis-cli-redux.c
+++ b/src/cli/anastasis-cli-redux.c
@@ -1,6 +1,6 @@
 /*
   This file is part of Anastasis
-  Copyright (C) 2020,2021 Anastasis SARL
+  Copyright (C) 2020,2021,2022 Anastasis SARL
 
   Anastasis is free software; you can redistribute it and/or modify it under the
   terms of the GNU Lesser General Public License as published by the Free Software
@@ -41,6 +41,12 @@ static struct GNUNET_CURL_RescheduleContext *rc;
 static struct GNUNET_CURL_Context *ctx;
 
 /**
+ * Application ID to include in the user attributes.
+ * (-a option).
+ */
+char *application_id;
+
+/**
  * -b option given.
  */
 static int b_flag;
@@ -312,6 +318,21 @@ run (void *cls,
                             &rc);
     rc = GNUNET_CURL_gnunet_rc_create (ctx);
     ANASTASIS_redux_init (ctx);
+    /* Expand identity_attributes if -a is given explicitly and we
+       are at the respective step of the reduction */
+    if ( (0 == strcasecmp (action,
+                           "enter_user_attributes")) &&
+         (NULL != application_id) &&
+         (NULL != arguments) )
+    {
+      json_t *attr = json_object_get (arguments,
+                                      "identity_attributes");
+      if (NULL != attr)
+        GNUNET_assert (0 ==
+                       json_object_set_new (attr,
+                                            "application-id",
+                                            json_string (application_id)));
+    }
     ra = ANASTASIS_redux_action (prev_state,
                                  action,
                                  arguments,
@@ -327,6 +348,16 @@ main (int argc,
 {
   /* the available command line options */
   struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_option_string ('A',
+                                 "application",
+                                 "ID",
+                                 "set the application ID",
+                                 &application_id),
+    GNUNET_GETOPT_option_string ('a',
+                                 "arguments",
+                                 "JSON",
+                                 "pass a JSON string containing arguments to reducer",
+                                 &input),
     GNUNET_GETOPT_option_flag ('b',
                                "backup",
                                "use reducer to handle states for backup process",
@@ -335,12 +366,6 @@ main (int argc,
                                "restore",
                                "use reducer to handle states for restore process",
                                &r_flag),
-    GNUNET_GETOPT_option_string ('a',
-                                 "arguments",
-                                 "JSON",
-                                 "pass a JSON string containing arguments to reducer",
-                                 &input),
-
     GNUNET_GETOPT_OPTION_END
   };
   enum GNUNET_GenericReturnValue ret;
@@ -357,6 +382,7 @@ main (int argc,
                             options,
                             &run,
                             NULL);
+  GNUNET_free (application_id);
   if (GNUNET_SYSERR == ret)
     return 3;
   if (GNUNET_NO == ret)