summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2017-10-17 14:32:35 +0200
committerChristian Grothoff <christian@grothoff.org>2017-10-17 19:53:44 +0200
commit0f67a9fca2626172ff0caec09603c5d8bae0f112 (patch)
tree3e055732ead3885dfaec6b74074c9b93fda0c4a0
parent1fae7a4f9ef3167dc1d47de2607fd5676d39722d (diff)
downloadexchange-0f67a9fca2626172ff0caec09603c5d8bae0f112.tar.gz
exchange-0f67a9fca2626172ff0caec09603c5d8bae0f112.tar.bz2
exchange-0f67a9fca2626172ff0caec09603c5d8bae0f112.zip
fix matching of auditor keys/denomination issues so that we return _all_ applicable auditor signatures, instead of a tiny subset
-rw-r--r--ChangeLog4
-rw-r--r--src/exchange/taler-exchange-httpd_keystate.c63
2 files changed, 53 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index 441cc805..9a5caa7e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Tue Oct 17 14:32:46 CEST 2017
+ Fix building of /keys response to include full auditor
+ signature set instead of partial map. -CG
+
Mon Oct 16 12:10:35 CEST 2017
Realize JSON-based report formats from auditor (#4963). -CG
diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c
index 17ba9da8..07ccd610 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -542,7 +542,6 @@ store_in_map (struct GNUNET_CONTAINER_MultiHashMap *map,
}
-
/**
* Closure for #add_revocations_transaction().
*/
@@ -671,8 +670,9 @@ reload_keys_denom_iter (void *cls,
int res;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Loading denomination key `%s'\n",
- alias);
+ "Loading denomination key `%s' (%s)\n",
+ alias,
+ GNUNET_h2s (&dki->issue.properties.denom_hash));
now = GNUNET_TIME_absolute_get ();
expire_deposit = GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_deposit);
if (expire_deposit.abs_value_us < now.abs_value_us)
@@ -697,8 +697,9 @@ reload_keys_denom_iter (void *cls,
struct AddRevocationContext arc;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Adding denomination key `%s' to revocation set\n",
- alias);
+ "Adding denomination key `%s' (%s) to revocation set\n",
+ alias,
+ GNUNET_h2s (&dki->issue.properties.denom_hash));
res = store_in_map (key_state->revoked_map,
dki);
if (GNUNET_NO == res)
@@ -729,8 +730,9 @@ reload_keys_denom_iter (void *cls,
if (start.abs_value_us > horizon.abs_value_us)
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
- "Skipping future denomination key `%s' (starts at %s)\n",
+ "Skipping future denomination key `%s' (%s), validity starts at %s\n",
alias,
+ GNUNET_h2s (&dki->issue.properties.denom_hash),
GNUNET_STRINGS_absolute_time_to_string (start));
return GNUNET_OK;
}
@@ -742,11 +744,16 @@ reload_keys_denom_iter (void *cls,
(void *) dki))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Could not persist denomination key in DB. Committing suicide via SIGTERM.\n");
+ "Could not persist denomination key %s in DB. Committing suicide via SIGTERM.\n",
+ GNUNET_h2s (&dki->issue.properties.denom_hash));
handle_signal (SIGTERM);
return GNUNET_SYSERR;
}
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Adding denomination key `%s' (%s) to active set\n",
+ alias,
+ GNUNET_h2s (&dki->issue.properties.denom_hash));
res = store_in_map (key_state->denomkey_map,
dki);
if (GNUNET_NO == res)
@@ -892,25 +899,42 @@ reload_auditor_iter (void *cls,
keys actually match the denomination keys that are active right now */
for (unsigned int i=0;i<dki_len;i++)
{
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Found auditor signature for DK `%s'\n",
- GNUNET_h2s (&dki[i].denom_hash));
+ int matched;
+
if (GNUNET_YES !=
GNUNET_CONTAINER_multihashmap_contains (key_state->denomkey_map,
&dki[i].denom_hash))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Found auditor signature for DK `%s', but key is not in active map\n",
+ GNUNET_h2s (&dki[i].denom_hash));
continue;
+ }
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Found auditor signature for DK `%s'\n",
+ GNUNET_h2s (&dki[i].denom_hash));
/* Note: the array is sorted, we could theoretically
speed this up using a binary search. */
+ matched = GNUNET_NO;
for (unsigned int j=0;j<rfc->denomkey_array_length;j++)
{
struct DenominationKeyEntry *dke = &rfc->denomkey_array[j];
struct AuditorSignature *as;
if (0 !=
- memcmp (dki,
- &dke->dki[i].issue.properties,
+ memcmp (&dki[i].denom_hash,
+ &dke->dki->issue.properties.denom_hash,
+ sizeof (struct GNUNET_HashCode)))
+ continue;
+ if (0 !=
+ memcmp (&dki[i],
+ &dke->dki->issue.properties,
sizeof (struct TALER_DenominationKeyValidityPS)))
+ {
+ /* if the hash is the same, the properties should also match! */
+ GNUNET_break (0);
continue;
+ }
as = GNUNET_malloc (sizeof (struct AuditorSignature) +
strlen (auditor_url) + 1);
as->asig = asigs[i];
@@ -922,6 +946,15 @@ reload_auditor_iter (void *cls,
GNUNET_CONTAINER_DLL_insert (dke->as_head,
dke->as_tail,
as);
+ matched = GNUNET_YES;
+ break;
+ }
+ if (GNUNET_NO == matched)
+ {
+ GNUNET_break (0);
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "DK `%s' is in active map, but not in array!?\n",
+ GNUNET_h2s (&dki[i].denom_hash));
}
}
return GNUNET_OK;
@@ -1459,10 +1492,12 @@ make_fresh_key_state ()
{
const struct DenominationKeyEntry *dke
= &rfc.denomkey_array[i];
+
if (NULL == dke->as_head)
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Denomination key `%s' not signed by any auditor!\n",
- GNUNET_h2s (&dke->denom_key_hash));
+ "Denomination key `%s' at %p not signed by any auditor!\n",
+ GNUNET_h2s (&dke->denom_key_hash),
+ dke);
}
/* Determine size of `krd_array` by counting number of discrete