diff options
| -rw-r--r-- | doc/sphinx/reducer.rst | 12 | ||||
| -rw-r--r-- | src/authorization/anastasis_authorization_plugin_post.c | 2 | ||||
| -rw-r--r-- | src/reducer/anastasis_api_recovery_redux.c | 174 |
3 files changed, 114 insertions, 74 deletions
diff --git a/doc/sphinx/reducer.rst b/doc/sphinx/reducer.rst index 47bb98b..50fec42 100644 --- a/doc/sphinx/reducer.rst +++ b/doc/sphinx/reducer.rst @@ -1340,9 +1340,9 @@ providers to add, for example: } -**next**: +**select_version**: -Using the ``next`` transition in the ``SECRET_SELECTING`` state, +Using the ``select_version`` transition in the ``SECRET_SELECTING`` state, it is possible to trigger the download and decryption of a recovery policy document. Here, the arguments specify which provider, version and mask should be used to download the document: @@ -1350,9 +1350,11 @@ and mask should be used to download the document: .. code-block:: json { - "provider_url": "https://localhost:8088/", - "version": 0, - "mask": 0 + "providers" : [ { + "url": "https://localhost:8088/", + "version": 0 + } ], + "attribute_mask": 0 } The reducer will attempt to retrieve the specified recovery document diff --git a/src/authorization/anastasis_authorization_plugin_post.c b/src/authorization/anastasis_authorization_plugin_post.c index 1de2eee..1863279 100644 --- a/src/authorization/anastasis_authorization_plugin_post.c +++ b/src/authorization/anastasis_authorization_plugin_post.c @@ -248,7 +248,7 @@ post_validate (void *cls, json_decref (j); if (MHD_NO == TALER_MHD_reply_with_error (connection, - MHD_HTTP_CONFICT, + MHD_HTTP_CONFLICT, TALER_EC_ANASTASIS_POST_INVALID, "JSON lacked required address information")) return GNUNET_SYSERR; diff --git a/src/reducer/anastasis_api_recovery_redux.c b/src/reducer/anastasis_api_recovery_redux.c index a8083f2..17218a1 100644 --- a/src/reducer/anastasis_api_recovery_redux.c +++ b/src/reducer/anastasis_api_recovery_redux.c @@ -2626,15 +2626,12 @@ done_secret_selecting (json_t *state, void *cb_cls) { uint32_t mask; - uint64_t version; - const char *provider_url; + json_t *pa; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_uint64 ("version", - &version), - GNUNET_JSON_spec_uint32 ("mask", + GNUNET_JSON_spec_uint32 ("attribute_mask", &mask), - GNUNET_JSON_spec_string ("provider_url", - &provider_url), + GNUNET_JSON_spec_json ("providers", + &pa), GNUNET_JSON_spec_end () }; struct ANASTASIS_CRYPTO_ProviderSaltP salt; @@ -2674,70 +2671,111 @@ done_secret_selecting (json_t *state, "'authentication_providers' missing"); return NULL; } - p_cfg = json_object_get (providers, - provider_url); - if (MHD_HTTP_OK != - json_integer_value (json_object_get (p_cfg, - "http_status"))) - { - ANASTASIS_redux_fail_ (cb, - cb_cls, - TALER_EC_ANASTASIS_REDUCER_INPUT_INVALID, - "selected provider is not online"); - return NULL; - } - if (GNUNET_OK != - GNUNET_JSON_parse (p_cfg, - pspec, - NULL, NULL)) - { - GNUNET_break (0); /* should be impossible for well-formed state */ - ANASTASIS_redux_fail_ (cb, - cb_cls, - TALER_EC_ANASTASIS_REDUCER_STATE_INVALID, - "Salt unknown for selected provider"); - return NULL; - } - id_data = json_object_get (state, - "identity_attributes"); - if (NULL == id_data) - { - GNUNET_break (0); /* should be impossible for well-formed state */ - ANASTASIS_redux_fail_ (cb, - cb_cls, - TALER_EC_ANASTASIS_REDUCER_STATE_INVALID, - "'identity_attributes' missing"); - return NULL; - } + { - struct PolicyDownloadEntry *pd = GNUNET_new (struct PolicyDownloadEntry); - - pd->cb = cb; - pd->cb_cls = cb_cls; - pd->state = json_incref (state); - pd->backend_url = GNUNET_strdup (provider_url); - pd->recovery = ANASTASIS_recovery_begin (ANASTASIS_REDUX_ctx_, - id_data, - version, - pd->backend_url, - &salt, - &policy_lookup_cb, - pd, - &core_early_secret_cb, - pd); - if (NULL == pd->recovery) + size_t poff; + json_t *pe; + uint64_t version; + const char *provider_url; + + json_array_foreach (pa, poff, pe) { - GNUNET_break (0); - ANASTASIS_redux_fail_ (cb, - cb_cls, - TALER_EC_ANASTASIS_REDUCER_INTERNAL_ERROR, - NULL); - return NULL; + struct GNUNET_JSON_Specification ispec[] = { + GNUNET_JSON_spec_uint64 ("version", + &version), + GNUNET_JSON_spec_string ("url", + &provider_url), + GNUNET_JSON_spec_end () + }; + + if (GNUNET_OK != + GNUNET_JSON_parse (pe, + ispec, + NULL, NULL)) + { + GNUNET_break (0); + json_dumpf (pe, + stderr, + JSON_INDENT (2)); + ANASTASIS_redux_fail_ (cb, + cb_cls, + TALER_EC_ANASTASIS_REDUCER_INPUT_INVALID, + NULL); + return NULL; + } + + p_cfg = json_object_get (providers, + provider_url); + if (MHD_HTTP_OK != + json_integer_value (json_object_get (p_cfg, + "http_status"))) + continue; + if (GNUNET_OK != + GNUNET_JSON_parse (p_cfg, + pspec, + NULL, NULL)) + { + GNUNET_break (0); /* should be impossible for well-formed state */ + ANASTASIS_redux_fail_ (cb, + cb_cls, + TALER_EC_ANASTASIS_REDUCER_STATE_INVALID, + "Salt unknown for selected provider"); + return NULL; + } + id_data = json_object_get (state, + "identity_attributes"); + if (NULL == id_data) + { + GNUNET_break (0); /* should be impossible for well-formed state */ + ANASTASIS_redux_fail_ (cb, + cb_cls, + TALER_EC_ANASTASIS_REDUCER_STATE_INVALID, + "'identity_attributes' missing"); + return NULL; + } + { + struct PolicyDownloadEntry *pd + = GNUNET_new (struct PolicyDownloadEntry); + + pd->cb = cb; + pd->cb_cls = cb_cls; + pd->state = json_incref (state); + pd->backend_url = GNUNET_strdup (provider_url); + pd->recovery = ANASTASIS_recovery_begin (ANASTASIS_REDUX_ctx_, + id_data, + version, + pd->backend_url, + &salt, + &policy_lookup_cb, + pd, + &core_early_secret_cb, + pd); + if (NULL == pd->recovery) + { + GNUNET_break (0); + ANASTASIS_redux_fail_ (cb, + cb_cls, + TALER_EC_ANASTASIS_REDUCER_INTERNAL_ERROR, + NULL); + GNUNET_free (pd->backend_url); + json_decref (pd->state); + GNUNET_free (pd); + return NULL; + } + pd->ra.cleanup = &free_pd; + pd->ra.cleanup_cls = pd; + return &pd->ra; + } + } - pd->ra.cleanup = &free_pd; - pd->ra.cleanup_cls = pd; - return &pd->ra; } + + /* no provider worked */ + ANASTASIS_redux_fail_ (cb, + cb_cls, + TALER_EC_ANASTASIS_REDUCER_INPUT_INVALID, + "selected provider is not online"); + return NULL; } @@ -2822,7 +2860,7 @@ ANASTASIS_recovery_action_ (json_t *state, }, { ANASTASIS_RECOVERY_STATE_SECRET_SELECTING, - "next", + "select_version", &done_secret_selecting }, { |