fix /test/rsa API to persist private RSA key and use it across requests and allow client to fetch it before requesting the signature

This commit is contained in:
Christian Grothoff 2015-06-30 21:25:16 +02:00
parent 28a10c22a6
commit c154e50148
3 changed files with 112 additions and 47 deletions

View File

@ -242,10 +242,17 @@ handle_mhd_request (void *cls,
"Only POST is allowed", 0,
&TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
{ "/test/rsa", MHD_HTTP_METHOD_POST, "application/json",
{ "/test/rsa/get", MHD_HTTP_METHOD_GET, "application/json",
NULL, 0,
&TMH_TEST_handler_test_rsa, MHD_HTTP_OK },
{ "/test/rsa", NULL, "text/plain",
&TMH_TEST_handler_test_rsa_get, MHD_HTTP_OK },
{ "/test/rsa/get", NULL, "text/plain",
"Only GET is allowed", 0,
&TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },
{ "/test/rsa/sign", MHD_HTTP_METHOD_POST, "application/json",
NULL, 0,
&TMH_TEST_handler_test_rsa_sign, MHD_HTTP_OK },
{ "/test/rsa/sign", NULL, "text/plain",
"Only POST is allowed", 0,
&TMH_MHD_handler_send_json_pack_error, MHD_HTTP_METHOD_NOT_ALLOWED },

View File

@ -29,6 +29,12 @@
#include "taler-mint-httpd_responses.h"
/**
* Private key the test module uses for signing.
*/
static struct GNUNET_CRYPTO_rsa_PrivateKey *rsa_pk;
/**
* Handle a "/test/base32" request. Parses the JSON in the post, runs
* the Crockford Base32 decoder on the "input" field in the JSON,
@ -384,9 +390,8 @@ TMH_TEST_handler_test_eddsa (struct TMH_RequestHandler *rh,
/**
* Handle a "/test/rsa" request. Parses the JSON in the post, which
* must contain an "blind_ev" blinded value. An RSA public key
* ("rsa_pub") and a blinded signature ("rsa_blind_sig") are returned.
* Handle a "/test/rsa/get" request. Returns the RSA public key
* ("rsa_pub") which is used for signing in "/test/rsa/sign".
*
* @param rh context of the handler
* @param connection the MHD connection to handle
@ -396,7 +401,54 @@ TMH_TEST_handler_test_eddsa (struct TMH_RequestHandler *rh,
* @return MHD result code
*/
int
TMH_TEST_handler_test_rsa (struct TMH_RequestHandler *rh,
TMH_TEST_handler_test_rsa_get (struct TMH_RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
size_t *upload_data_size)
{
int res;
struct GNUNET_CRYPTO_rsa_PublicKey *pub;
if (NULL == rsa_pk)
rsa_pk = GNUNET_CRYPTO_rsa_private_key_create (1024);
if (NULL == rsa_pk)
{
GNUNET_break (0);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to create RSA key");
}
pub = GNUNET_CRYPTO_rsa_private_key_get_public (rsa_pk);
if (NULL == pub)
{
GNUNET_break (0);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to get public RSA key");
}
res = TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:o}",
"rsa_pub",
TALER_json_from_rsa_public_key (pub));
GNUNET_CRYPTO_rsa_public_key_free (pub);
return res;
}
/**
* Handle a "/test/rsa/sign" request. Parses the JSON in the post, which
* must contain an "blind_ev" blinded value. A a blinded signature
* ("rsa_blind_sig") is returned.
*
* @param rh context of the handler
* @param connection the MHD connection to handle
* @param[in,out] connection_cls the connection's closure (can be updated)
* @param upload_data upload data
* @param[in,out] upload_data_size number of bytes (left) in @a upload_data
* @return MHD result code
*/
int
TMH_TEST_handler_test_rsa_sign (struct TMH_RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
@ -404,13 +456,11 @@ TMH_TEST_handler_test_rsa (struct TMH_RequestHandler *rh,
{
json_t *json;
int res;
struct GNUNET_CRYPTO_rsa_PublicKey *pub;
struct GNUNET_CRYPTO_rsa_Signature *sig;
struct TMH_PARSE_FieldSpecification spec[] = {
TMH_PARSE_MEMBER_VARIABLE ("blind_ev"),
TMH_PARSE_MEMBER_END
};
struct GNUNET_CRYPTO_rsa_PrivateKey *pk;
res = TMH_PARSE_post_json (connection,
connection_cls,
@ -427,44 +477,32 @@ TMH_TEST_handler_test_rsa (struct TMH_RequestHandler *rh,
json_decref (json);
if (GNUNET_YES != res)
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
pk = GNUNET_CRYPTO_rsa_private_key_create (1024);
if (NULL == pk)
if (NULL == rsa_pk)
rsa_pk = GNUNET_CRYPTO_rsa_private_key_create (1024);
if (NULL == rsa_pk)
{
GNUNET_break (0);
TMH_PARSE_release_data (spec);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to create RSA key");
}
sig = GNUNET_CRYPTO_rsa_sign (pk,
sig = GNUNET_CRYPTO_rsa_sign (rsa_pk,
spec[0].destination,
spec[0].destination_size_out);
if (NULL == sig)
{
GNUNET_break (0);
GNUNET_CRYPTO_rsa_private_key_free (pk);
TMH_PARSE_release_data (spec);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to RSA-sign");
}
TMH_PARSE_release_data (spec);
pub = GNUNET_CRYPTO_rsa_private_key_get_public (pk);
GNUNET_CRYPTO_rsa_private_key_free (pk);
if (NULL == pub)
{
GNUNET_break (0);
GNUNET_CRYPTO_rsa_signature_free (sig);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to get public RSA key");
}
res = TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:o, s:o}",
"rsa_pub",
TALER_json_from_rsa_public_key (pub),
"{s:o}",
"rsa_blind_sig",
TALER_json_from_rsa_signature (sig));
GNUNET_CRYPTO_rsa_signature_free (sig);
GNUNET_CRYPTO_rsa_public_key_free (pub);
return res;
}

View File

@ -143,10 +143,10 @@ TMH_TEST_handler_test_eddsa (struct TMH_RequestHandler *rh,
const char *upload_data,
size_t *upload_data_size);
/**
* Handle a "/test/rsa" request. Parses the JSON in the post, which
* must contain an "blind_ev" blinded value. An RSA public key
* ("rsa_pub") and a blinded signature ("rsa_blind_sig") are returned.
* Handle a "/test/rsa/get" request. Returns the RSA public key
* ("rsa_pub") which is used for signing in "/test/rsa/sign".
*
* @param rh context of the handler
* @param connection the MHD connection to handle
@ -156,7 +156,27 @@ TMH_TEST_handler_test_eddsa (struct TMH_RequestHandler *rh,
* @return MHD result code
*/
int
TMH_TEST_handler_test_rsa (struct TMH_RequestHandler *rh,
TMH_TEST_handler_test_rsa_get (struct TMH_RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
size_t *upload_data_size);
/**
* Handle a "/test/rsa/sign" request. Parses the JSON in the post, which
* must contain an "blind_ev" blinded value. A a blinded signature
* ("rsa_blind_sig") is returned.
*
* @param rh context of the handler
* @param connection the MHD connection to handle
* @param[in,out] connection_cls the connection's closure (can be updated)
* @param upload_data upload data
* @param[in,out] upload_data_size number of bytes (left) in @a upload_data
* @return MHD result code
*/
int
TMH_TEST_handler_test_rsa_sign (struct TMH_RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,