diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-10-14 11:47:45 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-10-14 11:47:45 +0200 |
| commit | 1b119edd6225567419add05e0a92170ebfa457df (patch) | |
| tree | be0ad631f6bfd03badcb945ae8c86735d69540d8 /src/exchange | |
| parent | acbadd5c6e98282c4c4d568942b4c36c825c3dad (diff) | |
| download | exchange-1b119edd6225567419add05e0a92170ebfa457df.tar.gz exchange-1b119edd6225567419add05e0a92170ebfa457df.tar.bz2 exchange-1b119edd6225567419add05e0a92170ebfa457df.zip | |
implement KYC options
Diffstat (limited to 'src/exchange')
| -rw-r--r-- | src/exchange/exchange.conf | 17 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd.c | 114 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd.h | 62 |
3 files changed, 192 insertions, 1 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index c41150427..2dd934f4e 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -77,9 +77,24 @@ TERMS_DIR = $DATADIR/exchange/tos/ # Etag / filename for the terms of service. TERMS_ETAG = 0 - # Directory with our privacy policy. PRIVACY_DIR = $DATADIR/exchange/pp/ # Etag / filename for the privacy policy. PRIVACY_ETAG = 0 + +# Set to NONE to disable KYC checks. +# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization. +KYC_MODE = NONE + + +[exchange-kyc-oauth2] + +# URL of the OAuth endpoint for KYC checks +# KYC_OAUTH2_URL = + +# KYC Oauth client ID. +# KYC_OAUTH2_CLIENT_ID = + +# KYC Client secret used to obtain access tokens. +# KYC_OAUTH2_CLIENT_SECRET = diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 57ca085a6..b7845f5aa 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -69,6 +69,11 @@ int TEH_allow_keys_timetravel; const struct GNUNET_CONFIGURATION_Handle *TEH_cfg; /** + * Our KYC configuration. + */ +struct TEH_KycOptions TEH_kyc_config; + +/** * How long is caching /keys allowed at most? (global) */ struct GNUNET_TIME_Relative TEH_max_keys_caching; @@ -1071,6 +1076,74 @@ handle_mhd_request (void *cls, /** + * Load OAuth2.0 configuration parameters for the exchange server into the + * #TEH_kyc_config variable. + * + * @return #GNUNET_OK on success + */ +static enum GNUNET_GenericReturnValue +parse_kyc_oauth_cfg (void) +{ + char *s; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange-kyc-oauth2", + "KYC_OAUTH2_URL", + &s)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_URL"); + return GNUNET_SYSERR; + } + if ( (! TALER_url_valid_charset (s)) || + ( (0 != strncasecmp (s, + "http://", + strlen ("http://"))) && + (0 != strncasecmp (s, + "https://", + strlen ("https://"))) ) ) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_URL", + "not a valid URL"); + GNUNET_free (s); + return GNUNET_SYSERR; + } + TEH_kyc_config.details.oauth2.url = s; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_ID", + &s)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_ID"); + return GNUNET_SYSERR; + } + TEH_kyc_config.details.oauth2.client_id = s; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_SECRET", + &s)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_SECRET"); + return GNUNET_SYSERR; + } + TEH_kyc_config.details.oauth2.client_secret = s; + return GNUNET_OK; +} + + +/** * Load configuration parameters for the exchange * server into the corresponding global variables. * @@ -1079,6 +1152,47 @@ handle_mhd_request (void *cls, static enum GNUNET_GenericReturnValue exchange_serve_process_config (void) { + { + char *kyc_mode; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange", + "KYC_MODE", + &kyc_mode)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "KYC_MODE"); + return GNUNET_SYSERR; + } + if (0 == strcasecmp (kyc_mode, + "NONE")) + { + TEH_kyc_config.mode = TEH_KYC_NONE; + } + else if (0 == strcasecmp (kyc_mode, + "OAUTH2")) + { + TEH_kyc_config.mode = TEH_KYC_OAUTH2; + if (GNUNET_OK != + parse_kyc_oauth_cfg ()) + { + GNUNET_free (kyc_mode); + return GNUNET_SYSERR; + } + } + else + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "KYC_MODE", + "Must be 'NONE' or 'OAUTH2'"); + GNUNET_free (kyc_mode); + return GNUNET_SYSERR; + } + GNUNET_free (kyc_mode); + } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (TEH_cfg, "exchange", diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index e43426488..bf41d227d 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -30,6 +30,68 @@ /** + * Enumeration for our KYC modes. + */ +enum TEH_KycMode +{ + /** + * KYC is disabled. + */ + TEH_KYC_NONE = 0, + + /** + * We use Oauth2.0. + */ + TEH_KYC_OAUTH2 = 1 +}; + + +/** + * Structure describing our KYC configuration. + */ +struct TEH_KycOptions +{ + /** + * What KYC mode are we in? + */ + enum TEH_KycMode mode; + + /** + * Details depending on @e mode. + */ + union + { + + /** + * Configuration details if @e mode is #TEH_KYC_OAUTH2. + */ + struct + { + + /** + * URL of tue OAuth2.0 endpoint for KYC checks. + */ + char *url; + + /** + * Our client ID for OAuth2.0. + */ + char *client_id; + + /** + * Our client secret for OAuth2.0. + */ + char *client_secret; + + } oauth2; + + } details; +}; + + +extern struct TEH_KycOptions TEH_kyc_config; + +/** * How long is caching /keys allowed at most? */ extern struct GNUNET_TIME_Relative TEH_max_keys_caching; |