diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-04-02 14:24:45 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-04-02 14:29:44 +0200 |
| commit | cb55c1a3af9f56a6da38e5589e72df0b70d355b1 (patch) | |
| tree | 5f9a3af7d9073249f77ce56c690844a6cb27c3e7 /src/exchange-tools | |
| parent | 7a20062bafed42f937c5388aed09042aad7014c0 (diff) | |
| download | exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.tar.gz exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.tar.bz2 exchange-cb55c1a3af9f56a6da38e5589e72df0b70d355b1.zip | |
Changing configuration structure to enable multiple accounts.
This change enables using multiple wire plugins at the same time.
Also, we now distinguish between the wire plugin (i.e. EBICS or
taler_bank) and the wire method (i.e. SEPA or x-taler-bank) that
the wire plugin is implementing. The "taler-bank" wire method
was renamed from "test" to "x-taler-bank".
This also changes the format of the /wire response of the exchange,
as we now need to return multiple accounts. Note that wire fees
are specified per wire method, not per wire account.
taler-exchange-keyup now automatically signs all of the /wire
responses in the location specified by the configuration.
Account identification in wire plugins was changed to use
payto://-URLs instead of method-specific JSON fields. Signing
and validation of /wire responses was moved from each wire
plugin to a generic validation method in libtalerutil (crypto)
or libtalerjson (for JSON-formatted inputs).
Convenience methods were added to generate JSON for wire accounts
(salting, signing).
Various section and option names were adjusted to streamline the
configuration and make it more consistent overall. Documentation
was updated as well.
Diffstat (limited to 'src/exchange-tools')
| -rw-r--r-- | src/exchange-tools/Makefile.am | 3 | ||||
| -rw-r--r-- | src/exchange-tools/exchange-signkeys.conf | 16 | ||||
| -rw-r--r-- | src/exchange-tools/taler-exchange-keyup.c | 66 | ||||
| -rw-r--r-- | src/exchange-tools/taler-exchange-wire.c | 182 |
4 files changed, 114 insertions, 153 deletions
diff --git a/src/exchange-tools/Makefile.am b/src/exchange-tools/Makefile.am index 8d00415c8..2c1ff0f4d 100644 --- a/src/exchange-tools/Makefile.am +++ b/src/exchange-tools/Makefile.am @@ -4,7 +4,6 @@ AM_CPPFLAGS = -I$(top_srcdir)/src/include pkgcfgdir = $(prefix)/share/taler/config.d/ pkgcfg_DATA = \ - exchange-signkeys.conf \ coins.conf if USE_COVERAGE @@ -34,6 +33,8 @@ taler_exchange_wire_SOURCES = \ taler-exchange-wire.c taler_exchange_wire_LDADD = \ $(LIBGCRYPT_LIBS) \ + $(top_builddir)/src/json/libtalerjson.la \ + $(top_builddir)/src/exchangedb/libtalerexchangedb.la \ $(top_builddir)/src/wire/libtalerwire.la \ $(top_builddir)/src/util/libtalerutil.la \ -lgnunetjson \ diff --git a/src/exchange-tools/exchange-signkeys.conf b/src/exchange-tools/exchange-signkeys.conf deleted file mode 100644 index 3146f09b2..000000000 --- a/src/exchange-tools/exchange-signkeys.conf +++ /dev/null @@ -1,16 +0,0 @@ -# General data for signing keys. -[exchange_keys] - -# how long is one signkey valid? -signkey_duration = 4 weeks - -# how long are the signatures with the signkey valid? -legal_duration = 2 years - -# how long do we generate denomination and signing keys -# ahead of time? -lookahead_sign = 32 weeks 1 day - -# how long do we provide to clients denomination and signing keys -# ahead of time? -lookahead_provide = 4 weeks 1 day diff --git a/src/exchange-tools/taler-exchange-keyup.c b/src/exchange-tools/taler-exchange-keyup.c index 5e069af5b..9842a37a8 100644 --- a/src/exchange-tools/taler-exchange-keyup.c +++ b/src/exchange-tools/taler-exchange-keyup.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2014-2017 GNUnet e.V. + Copyright (C) 2014-2018 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -499,23 +499,23 @@ exchange_keys_update_signkeys () if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (kcfg, - "exchange_keys", + "exchange", "signkey_duration", &signkey_duration)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange_keys", + "exchange", "signkey_duration"); return GNUNET_SYSERR; } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (kcfg, - "exchange_keys", + "exchange", "legal_duration", &legal_duration)) { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange_keys", + "exchange", "legal_duration", "fails to specify valid timeframe"); return GNUNET_SYSERR; @@ -523,7 +523,7 @@ exchange_keys_update_signkeys () if (signkey_duration.rel_value_us > legal_duration.rel_value_us) { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange_keys", + "exchange", "legal_duration", "must be longer than signkey_duration"); return GNUNET_SYSERR; @@ -926,10 +926,13 @@ create_wire_fee_for_method (void *cls, if (GNUNET_OK != *ret) return; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Setting up wire fees for `%s'\n", + wiremethod); last_date = GNUNET_TIME_absolute_add (lookahead_sign_stamp, max_duration_spend); GNUNET_asprintf (§ion, - "exchange-wire-%s", + "fees-%s", wiremethod); GNUNET_asprintf (&fn, "%s%s.fee", @@ -1049,6 +1052,43 @@ create_wire_fee_for_method (void *cls, * Output the wire fee structure. Must be run after #max_duration_spend * was initialized. * + * @param cls pointer to `int`, set to #GNUNET_SYSERR on error + * @param ai information about enabled accounts + */ +static void +create_wire_fee_by_account (void *cls, + const struct TALER_EXCHANGEDB_AccountInfo *ai) +{ + int *ret = cls; + struct TALER_WIRE_Plugin *plugin; + + if (GNUNET_NO == ai->credit_enabled) + return; + plugin = TALER_WIRE_plugin_load (kcfg, + ai->plugin_name); + if (NULL == plugin) + { + fprintf (stderr, + "Failed to load wire plugin `%s' configured for account `%s'\n", + ai->plugin_name, + ai->section_name); + *ret = GNUNET_SYSERR; + return; + } + /* We may call this function repeatedly for the same method + if there are multiple accounts with plugins using the + same method, but except for some minor performance loss, + this is harmless. */ + create_wire_fee_for_method (ret, + plugin->method); + TALER_WIRE_plugin_unload (plugin); +} + + +/** + * Output the wire fee structure. Must be run after #max_duration_spend + * was initialized. + * * @return #GNUNET_OK on success, #GNUNET_SYSERR on error */ static int @@ -1057,9 +1097,9 @@ create_wire_fees () int ret; ret = GNUNET_OK; - TALER_WIRE_find_enabled (kcfg, - &create_wire_fee_for_method, - &ret); + TALER_EXCHANGEDB_find_accounts (kcfg, + &create_wire_fee_by_account, + &ret); return ret; } @@ -1305,12 +1345,12 @@ run (void *cls, if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_time (kcfg, - "exchange_keys", + "exchange", "lookahead_sign", &lookahead_sign)) { GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, - "exchange_keys", + "exchange", "lookahead_sign"); global_ret = 1; return; @@ -1318,7 +1358,7 @@ run (void *cls, if (0 == lookahead_sign.rel_value_us) { GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "exchange_keys", + "exchange", "lookahead_sign", _("must not be zero")); global_ret = 1; diff --git a/src/exchange-tools/taler-exchange-wire.c b/src/exchange-tools/taler-exchange-wire.c index 60244f154..390c0e5e3 100644 --- a/src/exchange-tools/taler-exchange-wire.c +++ b/src/exchange-tools/taler-exchange-wire.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2015, 2016, 2017 Inria + Copyright (C) 2015-2018 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -24,6 +24,8 @@ #include "taler_crypto_lib.h" #include "taler_util.h" #include "taler_wire_lib.h" +#include "taler_json_lib.h" +#include "taler_exchangedb_lib.h" #include "taler_signatures.h" @@ -33,24 +35,64 @@ static char *masterkeyfile; /** - * Account holder information in JSON format. + * Private key for signing. */ -static json_t *account_holder; +static struct TALER_MasterPrivateKeyP master_priv; /** - * Which wire method is this for? + * Return value from main(). */ -static char *method; +static int global_ret; -/** - * Where to write the result. - */ -static char *output_filename; /** - * Return value from main(). + * Function called with information about a wire account. Signs + * the account's wire details and writes out the JSON file to disk. + * + * @param cls closure + * @param ai account information */ -static int global_ret; +static void +sign_account_data (void *cls, + const struct TALER_EXCHANGEDB_AccountInfo *ai) +{ + json_t *wire; + char *json_out; + FILE *out; + + if (GNUNET_NO == ai->credit_enabled) + return; + if (NULL == ai->wire_response_filename) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + ai->section_name, + "WIRE_RESPONSE"); + global_ret = 1; + return; + } + wire = TALER_JSON_wire_signature_make (ai->payto_url, + &master_priv); + json_out = json_dumps (wire, + JSON_INDENT(2)); + json_decref (wire); + GNUNET_assert (NULL != json_out); + + out = fopen (ai->wire_response_filename, + "w+"); + if (NULL == out) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "fopen", + ai->wire_response_filename); + global_ret = 1; + return; + } + fprintf (out, + "%s", + json_out); + fclose (out); + free (json_out); +} /** @@ -68,11 +110,6 @@ run (void *cls, const struct GNUNET_CONFIGURATION_Handle *cfg) { struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv; - struct TALER_MasterPrivateKeyP key; - struct TALER_MasterSignatureP sig; - char *json_out; - struct GNUNET_HashCode salt; - struct TALER_WIRE_Plugin *plugin; if ( (NULL == masterkeyfile) && (GNUNET_OK != @@ -86,7 +123,8 @@ run (void *cls, global_ret = 1; return; } - if (GNUNET_YES != GNUNET_DISK_file_test (masterkeyfile)) + if (GNUNET_YES != + GNUNET_DISK_file_test (masterkeyfile)) GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Exchange master private key `%s' does not exist yet, creating it!\n", masterkeyfile); @@ -99,97 +137,11 @@ run (void *cls, global_ret = 1; return; } - if (NULL == method) - { - json_t *test; - const char *m; - - test = json_object_get(account_holder, - "type"); - if ( (NULL == test) || - (NULL == (m = json_string_value (test)))) - { - fprintf (stderr, - "Required -t argument missing\n"); - global_ret = 1; - return; - } - method = GNUNET_strdup (m); - } - else - { - json_object_set_new (account_holder, - "type", - json_string (method)); - } - key.eddsa_priv = *eddsa_priv; - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, - &salt, - sizeof (salt)); - plugin = TALER_WIRE_plugin_load (cfg, - method); - if (NULL == plugin) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Wire transfer method `%s' not supported\n", - method); - GNUNET_free (method); - global_ret = 1; - return; - } - GNUNET_free (method); - if (GNUNET_OK != - plugin->sign_wire_details (plugin->cls, - account_holder, - &key, - &salt, - &sig)) - { - /* sign function should have logged applicable errors */ - json_decref (account_holder); - TALER_WIRE_plugin_unload (plugin); - global_ret = 1; - return; - } - TALER_WIRE_plugin_unload (plugin); + master_priv.eddsa_priv = *eddsa_priv; + TALER_EXCHANGEDB_find_accounts (cfg, + &sign_account_data, + NULL); GNUNET_free (eddsa_priv); - - /* add signature and salt to JSON message */ - json_object_set_new (account_holder, - "salt", - GNUNET_JSON_from_data (&salt, - sizeof (salt))); - json_object_set_new (account_holder, - "sig", - GNUNET_JSON_from_data (&sig, - sizeof (sig))); - - /* dump result to stdout */ - json_out = json_dumps (account_holder, - JSON_INDENT(2)); - json_decref (account_holder); - GNUNET_assert (NULL != json_out); - - if (NULL != output_filename) - { - if (NULL != stdout) - fclose (stdout); - stdout = fopen (output_filename, - "w+"); - if (NULL == stdout) - { - fprintf (stderr, - "Failed to open `%s': %s\n", - output_filename, - STRERROR (errno)); - return; - } - } - fprintf (stdout, - "%s", - json_out); - fflush (stdout); - free (json_out); } @@ -206,27 +158,11 @@ main (int argc, char *const *argv) { const struct GNUNET_GETOPT_CommandLineOption options[] = { - GNUNET_GETOPT_option_mandatory - (GNUNET_JSON_getopt ('j', - "json", - "JSON", - "account information in JSON format", - &account_holder)), GNUNET_GETOPT_option_filename ('m', "master-key", "FILENAME", "master key file (private key)", &masterkeyfile), - GNUNET_GETOPT_option_string ('t', - "type", - "METHOD", - "which wire transfer method (i.e. 'test' or 'sepa') is this for?", - &method), - GNUNET_GETOPT_option_filename ('o', - "output", - "FILENAME", - "where to write the result", - &output_filename), GNUNET_GETOPT_OPTION_END }; |