1 files changed, 130 insertions, 41 deletions

diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
index 3491554..8881134 100755
--- a/netzbon/setup-exchange.sh
+++ b/netzbon/setup-exchange.sh
@@ -10,104 +10,193 @@ source config/internal.conf
 #
 # - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus)
 # - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus)
+# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus)
 # - EXCHANGE_IBAN (exchange account IBAN)
 # - EXCHANGE_PAYTO (exchange account PAYTO)
 # - ENABLE_TLS (http or https?)
 
-check_nexus_exchange "LIBEUFIN_NEXUS_USERNAME"
-check_nexus_exchange "NEXUS_EXCHANGE_PASSWORD"
-
-check_nexus_exchange "EXCHANGE_IBAN"
-check_nexus_exchange "EXCHANGE_PAYTO"
+if test -z ${LIBEUFIN_NEXUS_USERNAME:-}
+then
+    say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
+    exit 1
+fi
+if test -z ${NEXUS_EXCHANGE_PASSWORD:-}
+then
+    say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
+    exit 1
+fi
+if test -z ${EXCHANGE_IBAN:-}
+then
+    say "Failure: EXCHANGE_IBAN not set"
+    exit 1
+fi
+if test -z ${WIRE_GATEWAY_URL:-}
+then
+    say "Failure: WIRE_GATEWAY_URL not set"
+    exit 1
+fi
+if test -z ${EXCHANGE_PAYTO:-}
+then
+    say "Failure: EXCHANGE_PAYTO not set"
+    exit 1
+fi
 
-# Create master key as root *unless* user already
+# Create master key as taler-exchange-offline *unless* user already
 # set the MASTER_PUBLIC_KEY to some value we can use.
-
+export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys
+export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv
+export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub
 if test -z ${MASTER_PUBLIC_KEY:-}
 then
+    if test ${DO_OFFLINE:-y} == n
+    then
+        say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO"
+        exit 1
+    fi
     say "Setting up offline key"
-    mkdir -p ~/.local/share/taler/exchange/offline-keys
-    MASTER_PRIV_FILE=~/.local/share/taler/exchange/offline-keys/master.priv
-    gnunet-ecc -g1 ${MASTER_PRIV_FILE}
-    MASTER_PUBLIC_KEY=`gnunet-ecc -p ~/.local/share/taler/exchange/offline-keys/master.priv`
+    MASTER_PUBLIC_KEY=`sudo -i -u taler-exchange-offline taler-exchange-offline setup`
+    echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/user.conf
+    if test -z ${DO_OFFLINE:-}
+    then
+        # Set 'DO_OFFLINE'
+        DO_OFFLINE=y
+        echo "DO_OFFLINE=y" >> config/user.conf
+    fi
 fi
 
 export MASTER_PUBLIC_KEY
-echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/taler-internal.conf
+
+
+say "Setting up exchange database"
+EXCHANGE_DB=talerexchange
+# Use "|| true" to continue if these already exist.
+sudo -i -u postgres createuser -d taler-exchange-httpd || true
+sudo -i -u postgres createuser taler-exchange-wire || true
+sudo -i -u postgres createuser taler-exchange-closer || true
+sudo -i -u postgres createuser taler-exchange-aggregator || true
+sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true
+
+echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
 
 say "Configuring exchange"
 
 if test ${ENABLE_TLS} = "y"
 then
-    export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}"
+    export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}/"
 else
-    export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}"
+    export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}/"
 fi
-# Generate /etc/taler/conf.d/setup.conf
 
+# Generate /etc/taler/conf.d/setup.conf
 echo -e "[taler]\n"\
         "CURRENCY=${CURRENCY}\n"\
         "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\
         "AML_THRESHOLD=${CURRENCY}:1000000\n"\
-        "\n"\
-        "[exchange]\n"\
+        "\n[exchange]\n"\
         "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\
-        "MASTER_PRIV_FILE=${MASTER_PUBLIC_KEY}\n"\
         "BASE_URL=${EXCHANGE_BASE_URL}\n"\
-        "\n"\
-        "[merchant-exchange-${DOMAIN_NAME}]\n"\
+        "\n[exchange-offline]\n"\
+        "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\
+        "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\
+        "\n[merchant-exchange-${DOMAIN_NAME}]\n"\
         "MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\
         "CURRENCY=${CURRENCY}\n"\
         "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\
-        "\n"\
-        "[exchange-account-default]\n"\
+        "\n[exchange-account-default]\n"\
         "PAYTO_URI=${EXCHANGE_PAYTO}\n"\
         "ENABLE_DEBIT=YES\n"\
         "ENABLE_CREDIT=YES\n"\
-        "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n"
+        "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \
      > /etc/taler/conf.d/setup.conf
 
+echo -e "[exchangedb-postgres]\n"\
+        "CONFIG=postgres:///${EXCHANGE_DB}\n"\
+        > /etc/taler/secrets/exchange-db.secret.conf
+chmod 440 /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+
 echo -e "[exchange-accountcredentials-default]\n"\
-        "WIRE_GATEWAY_URL=${CURRENCY}\n"\
+        "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n"\
         "WIRE_GATEWAY_AUTH_METHOD=basic\n"\
         "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n"\
         "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n"\
      > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
 
 taler-harness deployment gen-coin-config \
               --min-amount ${CURRENCY}:0.01 \
               --max-amount ${CURRENCY}:100 \
     | sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \
-    > /etc/taler/conf.d/${CURRENCY}-coins.conf
+          > /etc/taler/conf.d/${CURRENCY}-coins.conf
+
+
+# FIXME-DOLD: this belongs with taler-harness
+for SEC in `taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -S | grep COIN-`
+do
+    taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -s $SEC -o CIPHER -V "RSA"
+done
+
+say "Initializing exchange database"
+sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
 
 say "Launching exchange"
-systemctl enable --now taler-exchange
+systemctl enable --now taler-exchange.target
 
 
-echo -n "Waiting for exchange..."
+say "Waiting for exchange HTTP service (/config)..."
 curl --max-time 2 \
      --retry-connrefused \
      --retry-delay 1 \
      --retry 10 \
-     ${EXCHANGE_BASE_URL}/config &> /dev/null
-echo "DONE"
+     ${EXCHANGE_BASE_URL}config &> /dev/null
+say "DONE"
 
-say "Offline interaction..."
+say "Waiting for exchange management keys (this may take a while)..."
+curl --max-time 30 \
+     --retry-delay 1 \
+     --retry 60 \
+     ${EXCHANGE_BASE_URL}management/keys &> /dev/null
+say "DONE"
 
-taler-exchange-offline \
-    -c /etc/taler/taler.conf \
-    download \
-    sign \
-    enable-account ${EXCHANGE_PAYTO} \
-    wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \
-    global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6y 0 \
-    upload
+say "Offline interaction..."
 
+if test ${DO_OFFLINE} == y
+then
+    sudo -i -u taler-exchange-offline \
+      taler-exchange-offline \
+        -c /etc/taler/taler.conf \
+       download \
+       sign \
+       upload
+
+    sudo -i -u taler-exchange-offline \
+       taler-exchange-offline \
+       enable-account ${EXCHANGE_PAYTO} \
+       wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \
+       global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6a 0 \
+       upload
+fi
 
-echo -n "Waiting for exchange /keys..."
+say "Waiting for exchange /keys..."
 curl --max-time 2 \
      --retry-connrefused \
      --retry-delay 1 \
      --retry 10 \
-     ${EXCHANGE_BASE_URL}/keys &> /dev/null
-echo "DONE"
+     ${EXCHANGE_BASE_URL}keys &> /dev/null
+say "DONE"
+
+say "Exchange setup finished"