conclude taler-mint-keyup initial review

author: Christian Grothoff <christian@grothoff.org> 2015-03-17 14:45:31 +0100
committer: Christian Grothoff <christian@grothoff.org> 2015-03-17 14:45:31 +0100
commit: e0ae4e12905e247c8325ba50cd2e9d4f8231a54d (patch)
tree: 0f804eb84e56b392728b6f84df71f813c7200dbe
parent: b314f07431e28e4d44fac66f667ad3589f0a5dad (diff)
download: exchange-e0ae4e12905e247c8325ba50cd2e9d4f8231a54d.tar.gz
exchange-e0ae4e12905e247c8325ba50cd2e9d4f8231a54d.tar.bz2
exchange-e0ae4e12905e247c8325ba50cd2e9d4f8231a54d.zip
2 files changed, 69 insertions, 73 deletions
diff --git a/contrib/mint-template/config/mint-keyup.conf b/contrib/mint-template/config/mint-keyup.conf
index b96ae4b95..9091c6c97 100644
--- a/contrib/mint-template/config/mint-keyup.conf
+++ b/contrib/mint-template/config/mint-keyup.conf
@@ -11,11 +11,12 @@ lookahead_sign = 32 weeks 1 day
 # ahead of time?
 lookahead_provide = 4 weeks 1 day
 
-# what coin types do we have available?
-coin_types = default_eur_ct_10 default_eur_5 default_eur_10 default_eur_1000
 
-
-[default_eur_ct_10]
+# Coin definitions are detected because the section
+# name begins with "coin_".  The rest of the
+# name is free, but of course following the convention
+# of "coin_$CURRENCY[_$SUBUNIT]_$VALUE" make sense.
+[coin_eur_ct_10]
 value = EUR:0.10
 duration_overlap = 5 minutes
 duration_withdraw = 7 days
@@ -26,7 +27,7 @@ fee_refresh = EUR:0.01
 rsa_keysize = 1024
 kappa = 3
 
-[default_eur_5]
+[coin_eur_5]
 value = EUR:5
 duration_overlap = 5 minutes
 duration_withdraw = 7 days
@@ -37,7 +38,7 @@ fee_refresh = EUR:0.01
 rsa_keysize = 1024
 kappa = 3
 
-[default_eur_10]
+[coin_eur_10]
 value = EUR:10
 duration_overlap = 5 minutes
 duration_withdraw = 7 days
@@ -48,7 +49,7 @@ fee_refresh = EUR:0.01
 rsa_keysize = 1024
 kappa = 3
 
-[default_eur_1000]
+[coin_eur_1000]
 value = EUR:1000
 duration_overlap = 5 minutes
 duration_withdraw = 7 days
diff --git a/src/mint/taler-mint-keyup.c b/src/mint/taler-mint-keyup.c
index 222e0f4d7..33bb87249 100644
--- a/src/mint/taler-mint-keyup.c
+++ b/src/mint/taler-mint-keyup.c
@@ -707,99 +707,94 @@ create_denomkey_issue (const struct CoinTypeParams *params,
  * Generate new coin signing keys for the coin type of the given @a
  * coin_alias.
  *
+ * @param cls a `int *`, to be set to #GNUNET_SYSERR on failure
  * @param coin_alias name of the coin's section in the configuration
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure
  */
-static int
-mint_keys_update_cointype (const char *coin_alias)
+static void
+mint_keys_update_cointype (void *cls,
+                           const char *coin_alias)
 {
+  int *ret = cls;
   struct CoinTypeParams p;
-  const char *cointype_dir;
+  const char *dkf;
+  struct TALER_MINT_DenomKeyIssuePriv denomkey_issue;
 
-  if (GNUNET_OK != get_cointype_params (coin_alias, &p))
-    return GNUNET_SYSERR;
-
-  cointype_dir = get_cointype_dir (&p);
-  if (GNUNET_OK != GNUNET_DISK_directory_create (cointype_dir))
-    return GNUNET_SYSERR;
+  if (0 != strncasecmp (coin_alias,
+                        "coin_",
+                        strlen ("coin_")))
+    return; /* not a coin definition */
+  if (GNUNET_OK !=
+      get_cointype_params (coin_alias,
+                           &p))
+  {
+    *ret = GNUNET_SYSERR;
+    return;
+  }
+  if (GNUNET_OK !=
+      GNUNET_DISK_directory_create (get_cointype_dir (&p)))
+  {
+    *ret = GNUNET_SYSERR;
+    return;
+  }
 
   while (p.anchor.abs_value_us < lookahead_sign_stamp.abs_value_us)
   {
-    const char *dkf;
-
-    dkf = get_cointype_file (&p, p.anchor);
-
-    if (GNUNET_YES != GNUNET_DISK_file_test (dkf))
+    dkf = get_cointype_file (&p,
+                             p.anchor);
+    GNUNET_break (GNUNET_YES != GNUNET_DISK_file_test (dkf));
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "Generating denomination key for type `%s', start %s at %s\n",
+                coin_alias,
+                GNUNET_STRINGS_absolute_time_to_string (p.anchor),
+                dkf);
+    create_denomkey_issue (&p,
+                           &denomkey_issue);
+    if (GNUNET_OK !=
+        TALER_MINT_write_denom_key (dkf,
+                                    &denomkey_issue))
     {
-      struct TALER_MINT_DenomKeyIssuePriv denomkey_issue;
-      int ret;
-
-      GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-                  "Generating denomination key for type '%s', start %s at %s\n",
-                  coin_alias,
-                  GNUNET_STRINGS_absolute_time_to_string (p.anchor),
-                  dkf);
-      create_denomkey_issue (&p,
-                             &denomkey_issue);
-      ret = TALER_MINT_write_denom_key (dkf,
-                                        &denomkey_issue);
+      fprintf (stderr,
+               "Failed to write denomination key information to file `%s'.\n",
+               dkf);
+      *ret = GNUNET_SYSERR;
       GNUNET_CRYPTO_rsa_private_key_free (denomkey_issue.denom_priv);
-      if (GNUNET_OK != ret)
-      {
-        fprintf (stderr,
-                 "Failed to write to file `%s'\n",
-                 dkf);
-        return GNUNET_SYSERR;
-      }
+      return;
     }
-    p.anchor = GNUNET_TIME_absolute_add (p.anchor, p.duration_spend);
-    p.anchor = GNUNET_TIME_absolute_subtract (p.anchor, p.duration_overlap);
+    GNUNET_CRYPTO_rsa_private_key_free (denomkey_issue.denom_priv);
+    p.anchor = GNUNET_TIME_absolute_add (p.anchor,
+                                         p.duration_spend);
+    p.anchor = GNUNET_TIME_absolute_subtract (p.anchor,
+                                              p.duration_overlap);
   }
-  return GNUNET_OK;
 }
 
 
 /**
- *
+ * Update all of the denomination keys of the mint.
  *
  * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
  */
 static int
 mint_keys_update_denomkeys ()
 {
-  char *coin_types;
-  char *ct;
-  char *tok_ctx;
-
-  if (GNUNET_OK !=
-      GNUNET_CONFIGURATION_get_value_string (kcfg,
-                                             "mint_keys",
-                                             "coin_types",
-                                             &coin_types))
-  {
-    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
-                               "mint_keys",
-                               "coin_types");
-    return GNUNET_SYSERR;
-  }
+  int ok;
 
-  for (ct = strtok_r (coin_types, " ", &tok_ctx);
-       ct != NULL;
-       ct = strtok_r (NULL, " ", &tok_ctx))
-  {
-    if (GNUNET_OK != mint_keys_update_cointype (ct))
-    {
-      GNUNET_free (coin_types);
-      return GNUNET_SYSERR;
-    }
-  }
-  GNUNET_free (coin_types);
-  return GNUNET_OK;
+  ok = GNUNET_OK;
+  GNUNET_CONFIGURATION_iterate_sections (kcfg,
+                                         &mint_keys_update_cointype,
+                                         &ok);
+  return ok;
 }
 
 
 /**
- * The main function of the keyup tool
+ * The main function of the taler-mint-keyup tool.  This tool is used
+ * to create the signing and denomination keys for the mint.  It uses
+ * the long-term offline private key and writes the (additional) key
+ * files to the respective mint directory (from where they can then be
+ * copied to the online server).  Note that we need (at least) the
+ * most recent generated previous keys so as to align the validity
+ * periods.
  *
  * @param argc number of arguments from the command line
  * @param argv command line arguments
author	Christian Grothoff <christian@grothoff.org>	2015-03-17 14:45:31 +0100
committer	Christian Grothoff <christian@grothoff.org>	2015-03-17 14:45:31 +0100
commit	e0ae4e12905e247c8325ba50cd2e9d4f8231a54d (patch)
tree	0f804eb84e56b392728b6f84df71f813c7200dbe
parent	b314f07431e28e4d44fac66f667ad3589f0a5dad (diff)
download	exchange-e0ae4e12905e247c8325ba50cd2e9d4f8231a54d.tar.gz exchange-e0ae4e12905e247c8325ba50cd2e9d4f8231a54d.tar.bz2 exchange-e0ae4e12905e247c8325ba50cd2e9d4f8231a54d.zip