implement /kyc-check, add skeleton for /kyc-proof

8 files changed, 436 insertions, 0 deletions

diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am
index a0fe1c201..d199e4bc2 100644
--- a/src/exchange/Makefile.am
+++ b/src/exchange/Makefile.am
@@ -83,6 +83,8 @@ taler_exchange_httpd_SOURCES = \
   taler-exchange-httpd_deposit.c taler-exchange-httpd_deposit.h \
   taler-exchange-httpd_deposits_get.c taler-exchange-httpd_deposits_get.h \
   taler-exchange-httpd_keys.c taler-exchange-httpd_keys.h \
+  taler-exchange-httpd_kyc-check.c taler-exchange-httpd_kyc-check.h \
+  taler-exchange-httpd_kyc-proof.c taler-exchange-httpd_kyc-proof.h \
   taler-exchange-httpd_kyc-wallet.c taler-exchange-httpd_kyc-wallet.h \
   taler-exchange-httpd_link.c taler-exchange-httpd_link.h \
   taler-exchange-httpd_management.h \
diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c
index 7386a8a45..194a2378a 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -33,6 +33,8 @@
 #include "taler-exchange-httpd_deposit.h"
 #include "taler-exchange-httpd_deposits_get.h"
 #include "taler-exchange-httpd_keys.h"
+#include "taler-exchange-httpd_kyc-check.h"
+#include "taler-exchange-httpd_kyc-proof.h"
 #include "taler-exchange-httpd_kyc-wallet.h"
 #include "taler-exchange-httpd_link.h"
 #include "taler-exchange-httpd_management.h"
diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c
new file mode 100644
index 000000000..1e29ba2c9
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_kyc-check.c
@@ -0,0 +1,168 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2021 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_kyc-check.c
+ * @brief Handle request for generic KYC check.
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_json_lib.h>
+#include <jansson.h>
+#include <microhttpd.h>
+#include <pthread.h>
+#include "taler_json_lib.h"
+#include "taler_mhd_lib.h"
+#include "taler_signatures.h"
+#include "taler-exchange-httpd_keys.h"
+#include "taler-exchange-httpd_kyc-wallet.h"
+#include "taler-exchange-httpd_responses.h"
+
+
+/**
+ * Context for the request.
+ */
+struct KycCheckContext
+{
+  /**
+   * UUID being checked.
+   */
+  uint64_t payment_target_uuid;
+
+  /**
+   * Current KYC status.
+   */
+  struct TALER_EXCHANGEDB_KycStatus kyc;
+
+  /**
+   * Hash of the payto:// URI we are confirming to
+   * have finished the KYC for.
+   */
+  struct GNUNET_HashCode h_payto;
+};
+
+
+/**
+ * Function implementing database transaction to check wallet's KYC status.
+ * Runs the transaction logic; IF it returns a non-error code, the transaction
+ * logic MUST NOT queue a MHD response.  IF it returns an hard error, the
+ * transaction logic MUST queue a MHD response and set @a mhd_ret.  IF it
+ * returns the soft error code, the function MAY be called again to retry and
+ * MUST not queue a MHD response.
+ *
+ * @param cls closure with a `struct KycCheckContext *`
+ * @param connection MHD request which triggered the transaction
+ * @param[out] mhd_ret set to MHD response status for @a connection,
+ *             if transaction failed (!)
+ * @return transaction status
+ */
+static enum GNUNET_DB_QueryStatus
+kyc_check (void *cls,
+           struct MHD_Connection *connection,
+           MHD_RESULT *mhd_ret)
+{
+  struct KycCheckContext *kcc = cls;
+  enum GNUNET_DB_QueryStatus qs;
+
+  qs = TEH_plugin->select_kyc_status (TEH_plugin->cls,
+                                      kcc->payment_target_uuid,
+                                      &kcc->h_payto,
+                                      &kcc->kyc);
+  if (qs < 0)
+  {
+    if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
+      return qs;
+    GNUNET_break (0);
+    *mhd_ret = TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_INTERNAL_SERVER_ERROR,
+                                           TALER_EC_GENERIC_DB_FETCH_FAILED,
+                                           "inselect_wallet_status");
+    return qs;
+  }
+  return qs;
+}
+
+
+MHD_RESULT
+TEH_handler_kyc_check (
+  struct MHD_Connection *connection,
+  uint64_t payment_target_uuid)
+{
+  struct KycCheckContext kcc = {
+    .payment_target_uuid = payment_target_uuid
+  };
+  MHD_RESULT res;
+  enum GNUNET_GenericReturnValue ret;
+  struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
+
+  (void) GNUNET_TIME_round_abs (&now);
+  if (TEH_KYC_NONE == TEH_kyc_config.mode)
+    return TALER_MHD_reply_static (
+      connection,
+      MHD_HTTP_NO_CONTENT,
+      NULL,
+      NULL,
+      0);
+  ret = TEH_DB_run_transaction (connection,
+                                "kyc check",
+                                &res,
+                                &kyc_check,
+                                &kcc);
+  if (GNUNET_SYSERR == ret)
+    return res;
+  if (! kcc.kyc.ok)
+  {
+    GNUNET_assert (TEH_KYC_OAUTH2 == TEH_kyc_config.mode);
+    return TALER_MHD_REPLY_JSON_PACK (
+      connection,
+      MHD_HTTP_ACCEPTED,
+      GNUNET_JSON_pack_string ("kyc_url",
+                               TEH_kyc_config.details.oauth2.url));
+  }
+  {
+    struct TALER_ExchangePublicKeyP pub;
+    struct TALER_ExchangeSignatureP sig;
+    struct TALER_ExchangeAccountSetupSuccessPS as = {
+      .purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS),
+      .purpose.size = htonl (sizeof (as)),
+      .h_payto = kcc.h_payto,
+      .timestamp = GNUNET_TIME_absolute_hton (now)
+    };
+    enum TALER_ErrorCode ec;
+
+    if (TALER_EC_NONE !=
+        (ec = TEH_keys_exchange_sign (&as,
+                                      &pub,
+                                      &sig)))
+    {
+      return TALER_MHD_reply_with_ec (connection,
+                                      ec,
+                                      NULL);
+    }
+    return TALER_MHD_REPLY_JSON_PACK (
+      connection,
+      MHD_HTTP_OK,
+      GNUNET_JSON_pack_data_auto ("exchange_sig",
+                                  &sig),
+      GNUNET_JSON_pack_data_auto ("exchange_pub",
+                                  &pub),
+      GNUNET_JSON_pack_time_abs ("now",
+                                 now));
+  }
+}
+
+
+/* end of taler-exchange-httpd_kyc-check.c */
diff --git a/src/exchange/taler-exchange-httpd_kyc-check.h b/src/exchange/taler-exchange-httpd_kyc-check.h
new file mode 100644
index 000000000..12f24488b
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_kyc-check.h
@@ -0,0 +1,42 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2021 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_kyc-check.h
+ * @brief Handle /kyc-check requests
+ * @author Christian Grothoff
+ */
+#ifndef TALER_EXCHANGE_HTTPD_KYC_CHECK_H
+#define TALER_EXCHANGE_HTTPD_KYC_CHECK_H
+
+#include <microhttpd.h>
+#include "taler-exchange-httpd.h"
+
+
+/**
+ * Handle a "/kyc-check" request.  Checks the KYC
+ * status of the given account and returns it.
+ *
+ * @param connection request to handle
+ * @param payment_target_uuid which account are we to check
+ * @return MHD result code
+  */
+MHD_RESULT
+TEH_handler_kyc_check (
+  struct MHD_Connection *connection,
+  uint64_t payment_target_uuid);
+
+
+#endif
diff --git a/src/exchange/taler-exchange-httpd_kyc-proof.c b/src/exchange/taler-exchange-httpd_kyc-proof.c
new file mode 100644
index 000000000..cb3f00dde
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_kyc-proof.c
@@ -0,0 +1,99 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2021 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_kyc-proof.c
+ * @brief Handle request for proof for KYC check.
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include <gnunet/gnunet_util_lib.h>
+#include <gnunet/gnunet_json_lib.h>
+#include <jansson.h>
+#include <microhttpd.h>
+#include <pthread.h>
+#include "taler_json_lib.h"
+#include "taler_mhd_lib.h"
+#include "taler-exchange-httpd_kyc-proof.h"
+#include "taler-exchange-httpd_responses.h"
+
+
+/**
+ * Context for the proof.
+ */
+struct KycProofContext
+{
+
+};
+
+
+/**
+ * Function implementing database transaction to check proof's KYC status.
+ * Runs the transaction logic; IF it returns a non-error code, the transaction
+ * logic MUST NOT queue a MHD response.  IF it returns an hard error, the
+ * transaction logic MUST queue a MHD response and set @a mhd_ret.  IF it
+ * returns the soft error code, the function MAY be called again to retry and
+ * MUST not queue a MHD response.
+ *
+ * @param cls closure with a `struct KycProofContext *`
+ * @param connection MHD proof which triggered the transaction
+ * @param[out] mhd_ret set to MHD response status for @a connection,
+ *             if transaction failed (!)
+ * @return transaction status
+ */
+static enum GNUNET_DB_QueryStatus
+proof_kyc_check (void *cls,
+                 struct MHD_Connection *connection,
+                 MHD_RESULT *mhd_ret)
+{
+  struct KycProofContext *kpc = cls;
+
+  (void) kpc; // FIXME: do work here!
+  return -2;
+}
+
+
+MHD_RESULT
+TEH_handler_kyc_proof (
+  struct MHD_Connection *connection,
+  ...)
+{
+  struct KycProofContext kpc;
+  MHD_RESULT res;
+  enum GNUNET_GenericReturnValue ret;
+
+  if (1 || (TEH_KYC_NONE == TEH_kyc_config.mode))
+    return TALER_MHD_reply_static (
+      connection,
+      MHD_HTTP_NO_CONTENT,
+      NULL,
+      NULL,
+      0);
+  ret = TEH_DB_run_transaction (connection,
+                                "check proof kyc",
+                                &res,
+                                &proof_kyc_check,
+                                &kpc);
+  if (GNUNET_SYSERR == ret)
+    return res;
+  return TALER_MHD_REPLY_JSON_PACK (
+    connection,
+    MHD_HTTP_OK,
+    GNUNET_JSON_pack_uint64 ("42",
+                             42));
+}
+
+
+/* end of taler-exchange-httpd_kyc-proof.c */
diff --git a/src/exchange/taler-exchange-httpd_kyc-proof.h b/src/exchange/taler-exchange-httpd_kyc-proof.h
new file mode 100644
index 000000000..1958a0043
--- /dev/null
+++ b/src/exchange/taler-exchange-httpd_kyc-proof.h
@@ -0,0 +1,40 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2021 Taler Systems SA
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU Affero General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
+
+  You should have received a copy of the GNU Affero General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-exchange-httpd_kyc-proof.h
+ * @brief Handle /kyc-proof requests
+ * @author Christian Grothoff
+ */
+#ifndef TALER_EXCHANGE_HTTPD_KYC_PROOF_H
+#define TALER_EXCHANGE_HTTPD_KYC_PROOF_H
+
+#include <microhttpd.h>
+#include "taler-exchange-httpd.h"
+
+
+/**
+ * Handle a "/kyc-proof" request.
+ *
+ * @param connection request to handle
+ * @return MHD result code
+  */
+MHD_RESULT
+TEH_handler_kyc_proof (
+  struct MHD_Connection *connection,
+  ...);
+
+
+#endif
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c
index b4738ef4a..0026829da 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -369,6 +369,15 @@ prepare_statements (struct PostgresClosure *pg)
                             " WHERE payto_uri=$1"
                             " LIMIT 1;",
                             1),
+    /* Used in #postgres_select_kyc_status() */
+    GNUNET_PQ_make_prepare ("select_kyc_status",
+                            "SELECT"
+                            ",kyc_ok"
+                            ",h_payto"
+                            " FROM wire_targets"
+                            " WHERE"
+                            " wire_target_serial_id=$1",
+                            1),
     /* Used in #postgres_inselect_wallet_kyc_status() */
     // FIXME: Note that this statement has not been debugged at all...
     // It just represents the _idea_.
@@ -3595,6 +3604,56 @@ postgres_get_kyc_status (void *cls,
 
 
 /**
+ * Get the @a kyc status and @a h_payto by UUID.
+ *
+ * @param cls the @e cls of this struct with the plugin-specific state
+ * @param payment_target_uuid which account to get the KYC status for
+ * @param[out] h_payto set to the hash of the account's payto URI (unsalted)
+ * @param[out] kyc set to the KYC status of the account
+ * @return transaction status
+ */
+static enum GNUNET_DB_QueryStatus
+postgres_select_kyc_status (void *cls,
+                            uint64_t payment_target_uuid,
+                            struct GNUNET_HashCode *h_payto,
+                            struct TALER_EXCHANGEDB_KycStatus *kyc)
+{
+#if FIXME_DD23
+  struct PostgresClosure *pg = cls;
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_uint64 (payment_target_uuid),
+    GNUNET_PQ_query_param_end
+  };
+#endif
+  uint8_t ok8;
+#if FIXME_DD23
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_auto_from_type ("h_payto",
+                                          h_payto),
+    GNUNET_PQ_result_spec_auto_from_type ("kyc_ok",
+                                          &ok8),
+    GNUNET_PQ_result_spec_end
+  };
+#endif
+  enum GNUNET_DB_QueryStatus qs;
+
+#if FIXME_DD23
+  qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
+                                                 "select_kyc_status",
+                                                 params,
+                                                 rs);
+#else
+  qs = 1;
+  ok8 = 0;
+#endif
+  kyc->type = TALER_EXCHANGEDB_KYC_UNKNOWN;
+  kyc->ok = (0 != ok8);
+  kyc->payment_target_uuid = payment_target_uuid;
+  return qs;
+}
+
+
+/**
  * Get the KYC status for a wallet. If the status is unknown,
  * inserts a new status record (hence INsertSELECT).
  *
@@ -11203,6 +11262,7 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
     &postgres_iterate_auditor_denominations;
   plugin->reserves_get = &postgres_reserves_get;
   plugin->get_kyc_status = &postgres_get_kyc_status;
+  plugin->select_kyc_status = &postgres_select_kyc_status;
   plugin->inselect_wallet_kyc_status = &postgres_inselect_wallet_kyc_status;
   plugin->reserves_in_insert = &postgres_reserves_in_insert;
   plugin->get_latest_reserve_in_reference =
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index 4b90396bb..b8c504063 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -1630,6 +1630,13 @@ struct TALER_EXCHANGEDB_RefreshRevealedCoin
  */
 enum TALER_EXCHANGEDB_KycType
 {
+
+  /**
+   * It is unclear for which type of KYC operation
+   * this information is.
+   */
+  TALER_EXCHANGEDB_KYC_UNKNOWN = 0,
+
   /**
    * KYC to be applied for simple withdraws without
    * the involvement of wallet-to-wallet payments.
@@ -2368,6 +2375,22 @@ struct TALER_EXCHANGEDB_Plugin
 
 
   /**
+   * Get the @a kyc status and @a h_payto by UUID.
+   *
+   * @param cls the @e cls of this struct with the plugin-specific state
+   * @param payment_target_uuid which account to get the KYC status for
+   * @param[out] h_payto set to the hash of the account's payto URI (unsalted)
+   * @param[out] kyc set to the KYC status of the account
+   * @return transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+  (*select_kyc_status)(void *cls,
+                       uint64_t payment_target_uuid,
+                       struct GNUNET_HashCode *h_payto,
+                       struct TALER_EXCHANGEDB_KycStatus *kyc);
+
+
+  /**
    * Get the KYC status for a wallet. If the status is unknown,
    * inserts a new status record (hence INsertSELECT).
    *