From b0d888d235ad8f830fb38090e35f80d49a84ebbf Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Mon, 22 Aug 2016 14:25:59 -0700
Subject: [PATCH] Signing of Capability and Tag objects.

---
 controller/EmbeddedNetworkController.cpp | 36 +++++++++++++++++++++---
 node/Capability.hpp                      |  3 +-
 2 files changed, 33 insertions(+), 6 deletions(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 8d7e90c7f..1088b8528 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -548,8 +548,7 @@ NetworkController::ResultCode EmbeddedNetworkController::doNetworkConfigRequest(
 		for(unsigned long i=0;i<rules.size();++i) {
 			if (nc.ruleCount >= ZT_MAX_NETWORK_RULES)
 				break;
-			auto rule = rules[i];
-			if (_parseRule(rule,nc.rules[nc.ruleCount]))
+			if (_parseRule(rules[i],nc.rules[nc.ruleCount]))
 				++nc.ruleCount;
 		}
 	}
@@ -559,18 +558,47 @@ NetworkController::ResultCode EmbeddedNetworkController::doNetworkConfigRequest(
 		for(unsigned long i=0;i<capabilities.size();++i) {
 			auto cap = capabilities[i];
 			if (cap.is_object())
-				capsById[_jI(cap["id"],0ULL)] = cap;
+				capsById[_jI(cap["id"],0ULL) & 0xffffffffULL] = cap;
 		}
 
 		for(unsigned long i=0;i<memberCapabilities.size();++i) {
-			const uint64_t capId = _jI(memberCapabilities[i],0ULL);
+			const uint64_t capId = _jI(memberCapabilities[i],0ULL) & 0xffffffffULL;
 			json &cap = capsById[capId];
 			if ((cap.is_object())&&(cap.size() > 0)) {
+				ZT_VirtualNetworkRule capr[ZT_MAX_CAPABILITY_RULES];
+				unsigned int caprc = 0;
+				auto caprj = cap["rules"];
+				if ((caprj.is_array())&&(caprj.size() > 0)) {
+					for(unsigned long j=0;j<caprj.size();++j) {
+						if (caprc >= ZT_MAX_CAPABILITY_RULES)
+							break;
+						if (_parseRule(caprj[j],capr[caprc]))
+							++caprc;
+					}
+				}
+				nc.capabilities[nc.capabilityCount] = Capability((uint32_t)capId,nwid,now,now + ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA,1,capr,caprc);
+				if (nc.capabilities[nc.capabilityCount].sign(signingId,identity.address()))
+					++nc.capabilityCount;
+				if (nc.capabilityCount >= ZT_MAX_NETWORK_CAPABILITIES)
+					break;
 			}
 		}
 	}
 
 	if (memberTags.is_array()) {
+		std::map< uint32_t,uint32_t > tagsById;
+		for(unsigned long i=0;i<memberTags.size();++i) {
+			auto t = memberTags[i];
+			if ((t.is_array())&&(t.size() == 2))
+				tagsById[(uint32_t)(_jI(t[0],0ULL) & 0xffffffffULL)] = (uint32_t)(_jI(t[1],0ULL) & 0xffffffffULL);
+		}
+		for(std::map< uint32_t,uint32_t >::const_iterator t(tagsById.begin());t!=tagsById.end();++t) {
+			if (nc.tagCount >= ZT_MAX_NETWORK_TAGS)
+				break;
+			nc.tags[nc.tagCount] = Tag(nwid,now,now + ZT_NETWORK_COM_DEFAULT_REVISION_MAX_DELTA,identity.address(),t->first,t->second);
+			if (nc.tags[nc.tagCount].sign(signingId))
+				++nc.tagCount;
+		}
 	}
 
 	if (routes.is_array()) {
diff --git a/node/Capability.hpp b/node/Capability.hpp
index c129485d1..689a2c6ae 100644
--- a/node/Capability.hpp
+++ b/node/Capability.hpp
@@ -73,12 +73,11 @@ public:
 	 * @param nwid Network ID
 	 * @param ts Timestamp (at controller)
 	 * @param expiration Expiration relative to network config timestamp
-	 * @param name Capability short name (max strlen == ZT_MAX_CAPABILITY_NAME_LENGTH, overflow ignored)
 	 * @param mccl Maximum custody chain length (1 to create non-transferrable capability)
 	 * @param rules Network flow rules for this capability
 	 * @param ruleCount Number of flow rules
 	 */
-	Capability(uint32_t id,uint64_t nwid,uint64_t ts,uint64_t expiration,const char *name,unsigned int mccl,const ZT_VirtualNetworkRule *rules,unsigned int ruleCount)
+	Capability(uint32_t id,uint64_t nwid,uint64_t ts,uint64_t expiration,unsigned int mccl,const ZT_VirtualNetworkRule *rules,unsigned int ruleCount)
 	{
 		memset(this,0,sizeof(Capability));
 		_nwid = nwid;