diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-12-10 11:49:20 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-12-10 11:49:20 +0100 |
commit | 35bec60894510a3833358183db02e0c1c9cc41a2 (patch) | |
tree | 5b9406863afc3b3d94c97d1e57a87944396f2035 /src/exchange | |
parent | 5a24334e83dabcb00e0e0f4292a678b6820ea370 (diff) | |
download | exchange-35bec60894510a3833358183db02e0c1c9cc41a2.tar.gz exchange-35bec60894510a3833358183db02e0c1c9cc41a2.tar.bz2 exchange-35bec60894510a3833358183db02e0c1c9cc41a2.zip |
implement POST /managment/keys
Diffstat (limited to 'src/exchange')
-rw-r--r-- | src/exchange/Makefile.am | 1 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keys.c | 27 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keys.h | 10 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_management_post_keys.c | 33 |
4 files changed, 39 insertions, 32 deletions
diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am index 246b174c7..bea212ede 100644 --- a/src/exchange/Makefile.am +++ b/src/exchange/Makefile.am @@ -89,6 +89,7 @@ taler_exchange_httpd_SOURCES = \ taler-exchange-httpd_management_auditors.c \ taler-exchange-httpd_management_auditors_AP_disable.c \ taler-exchange-httpd_management_denominations_HDP_revoke.c \ + taler-exchange-httpd_management_post_keys.c \ taler-exchange-httpd_management_signkey_EP_revoke.c \ taler-exchange-httpd_management_wire.c \ taler-exchange-httpd_management_wire_disable.c \ diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index d39af5933..5accf6e15 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -1924,10 +1924,12 @@ load_fees (const char *section_name, int TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub, + struct TALER_DenominationPublicKey *denom_pub, struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta) { struct KeyStateHandle *ksh; struct HelperDenomination *hd; + int ok; ksh = get_key_state (); if (NULL == ksh) @@ -1941,16 +1943,21 @@ TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub, meta->start = hd->start_time; meta->expire_withdraw = GNUNET_TIME_absolute_add (meta->start, hd->validity_duration); - return load_fees (hd->section_name, - meta); + ok = load_fees (hd->section_name, + meta); + if (GNUNET_OK == ok) + denom_pub->rsa_public_key + = GNUNET_CRYPTO_rsa_public_key_dup (hd->denom_pub.rsa_public_key); + else + denom_pub->rsa_public_key + = NULL; + return ok; } int TEH_keys_get_timing (const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute *start_sign, - struct GNUNET_TIME_Absolute *end_sign, - struct GNUNET_TIME_Absolute *end_legal) + struct TALER_EXCHANGEDB_SignkeyMetaData *meta) { struct KeyStateHandle *ksh; struct HelperSignkey *hsk; @@ -1966,11 +1973,11 @@ TEH_keys_get_timing (const struct TALER_ExchangePublicKeyP *exchange_pub, pid.public_key = exchange_pub->eddsa_pub; hsk = GNUNET_CONTAINER_multipeermap_get (ksh->helpers.esign_keys, &pid); - *start_sign = hsk->start_time; - *end_sign = GNUNET_TIME_absolute_add (*start_sign, - hsk->validity_duration); - *end_legal = GNUNET_TIME_absolute_add (*end_sign, - signkey_legal_duration); + meta->start = hsk->start_time; + meta->expire_sign = GNUNET_TIME_absolute_add (meta->start, + hsk->validity_duration); + meta->expire_legal = GNUNET_TIME_absolute_add (meta->expire_sign, + signkey_legal_duration); return GNUNET_OK; } diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h index dc78e0e54..e91b1e16c 100644 --- a/src/exchange/taler-exchange-httpd_keys.h +++ b/src/exchange/taler-exchange-httpd_keys.h @@ -248,11 +248,13 @@ TEH_keys_management_get_handler (const struct TEH_RequestHandler *rh, * * @param h_denom_pub hash of the denomination public key * to use to derive the section name of the configuration to use + * @param[out] denom_pub set to the denomination public key (to be freed by caller!) * @param[out] meta denomination type data to complete * @return #GNUNET_OK on success */ int TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub, + struct TALER_DenominationPublicKey *denom_pub, struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta); @@ -260,16 +262,12 @@ TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub, * Load expiration times for the given onling signing key. * * @param exchange_pub the online signing key - * @param[out] start_sign starting signing time - * @param[out] end_sign send signing time - * @param[out] end_legal legal expiration time + * @param[out] meta set to meta data about the key * @return #GNUNET_OK on success */ int TEH_keys_get_timing (const struct TALER_ExchangePublicKeyP *exchange_pub, - struct GNUNET_TIME_Absolute *start_sign, - struct GNUNET_TIME_Absolute *end_sign, - struct GNUNET_TIME_Absolute *end_legal); + struct TALER_EXCHANGEDB_SignkeyMetaData *meta); /** diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c index 0e4609e20..06750716e 100644 --- a/src/exchange/taler-exchange-httpd_management_post_keys.c +++ b/src/exchange/taler-exchange-httpd_management_post_keys.c @@ -27,6 +27,7 @@ #include "taler_json_lib.h" #include "taler_mhd_lib.h" #include "taler_signatures.h" +#include "taler-exchange-httpd_keys.h" #include "taler-exchange-httpd_management.h" #include "taler-exchange-httpd_responses.h" @@ -125,6 +126,7 @@ add_keys (void *cls, enum GNUNET_DB_QueryStatus qs; bool is_active = false; struct TALER_EXCHANGEDB_DenominationKeyMetaData meta; + struct TALER_DenominationPublicKey denom_pub; /* For idempotency, check if the key is already active */ qs = TEH_plugin->lookup_denomination_key ( @@ -147,6 +149,7 @@ add_keys (void *cls, { if (GNUNET_OK != TEH_keys_load_fees (&akc->d_sigs[i].h_denom_pub, + &denom_pub, &meta)) { *mhd_ret = TALER_MHD_reply_with_error ( @@ -159,13 +162,13 @@ add_keys (void *cls, } else { - active = true; + is_active = true; } /* check signature is valid */ { if (GNUNET_OK != - TALER_exchange_offline_denomkey_validity_verify ( + TALER_exchange_offline_denom_validity_verify ( &akc->d_sigs[i].h_denom_pub, meta.start, meta.expire_withdraw, @@ -189,12 +192,15 @@ add_keys (void *cls, } if (is_active) continue; /* skip, already known */ - qs = TEH_plugin->activate_denomination_key ( + qs = TEH_plugin->add_denomination_key ( TEH_plugin->cls, session, &akc->d_sigs[i].h_denom_pub, + &denom_pub, + &meta, &TEH_master_public_key, &akc->d_sigs[i].master_sig); + GNUNET_CRYPTO_rsa_public_key_free (denom_pub.rsa_public_key); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) @@ -214,17 +220,13 @@ add_keys (void *cls, { enum GNUNET_DB_QueryStatus qs; bool is_active = false; - struct GNUNET_TIME_Absolute start_sign; - struct GNUNET_TIME_Absolute end_sign; - struct GNUNET_TIME_Absolute end_legal; + struct TALER_EXCHANGEDB_SignkeyMetaData meta; qs = TEH_plugin->lookup_signing_key ( TEH_plugin->cls, session, &akc->s_sigs[i].exchange_pub, - &start_sign, - &end_sign, - &end_legal); + &meta); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) @@ -240,9 +242,7 @@ add_keys (void *cls, { if (GNUNET_OK != TEH_keys_get_timing (&akc->s_sigs[i].exchange_pub, - &start_sign, - &end_sign, - &end_legal)) + &meta)) { /* For idempotency, check if the key is already active */ *mhd_ret = TALER_MHD_reply_with_error ( @@ -263,9 +263,9 @@ add_keys (void *cls, if (GNUNET_OK != TALER_exchange_offline_signkey_validity_verify ( &akc->s_sigs[i].exchange_pub, - start_sign, - end_sign, - end_legal, + meta.start, + meta.expire_sign, + meta.expire_legal, &TEH_master_public_key, &akc->s_sigs[i].master_sig)) { @@ -282,7 +282,8 @@ add_keys (void *cls, qs = TEH_plugin->activate_signing_key ( TEH_plugin->cls, session, - &akc->s_sigs[i].exchange_pub, // FIXME: provision meta data!? + &akc->s_sigs[i].exchange_pub, + &meta, &akc->s_sigs[i].master_sig); if (qs < 0) { |