summaryrefslogtreecommitdiff
path: root/src/exchange
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-12-10 11:49:20 +0100
committerChristian Grothoff <christian@grothoff.org>2020-12-10 11:49:20 +0100
commit35bec60894510a3833358183db02e0c1c9cc41a2 (patch)
tree5b9406863afc3b3d94c97d1e57a87944396f2035 /src/exchange
parent5a24334e83dabcb00e0e0f4292a678b6820ea370 (diff)
downloadexchange-35bec60894510a3833358183db02e0c1c9cc41a2.tar.gz
exchange-35bec60894510a3833358183db02e0c1c9cc41a2.tar.bz2
exchange-35bec60894510a3833358183db02e0c1c9cc41a2.zip
implement POST /managment/keys
Diffstat (limited to 'src/exchange')
-rw-r--r--src/exchange/Makefile.am1
-rw-r--r--src/exchange/taler-exchange-httpd_keys.c27
-rw-r--r--src/exchange/taler-exchange-httpd_keys.h10
-rw-r--r--src/exchange/taler-exchange-httpd_management_post_keys.c33
4 files changed, 39 insertions, 32 deletions
diff --git a/src/exchange/Makefile.am b/src/exchange/Makefile.am
index 246b174c..bea212ed 100644
--- a/src/exchange/Makefile.am
+++ b/src/exchange/Makefile.am
@@ -89,6 +89,7 @@ taler_exchange_httpd_SOURCES = \
taler-exchange-httpd_management_auditors.c \
taler-exchange-httpd_management_auditors_AP_disable.c \
taler-exchange-httpd_management_denominations_HDP_revoke.c \
+ taler-exchange-httpd_management_post_keys.c \
taler-exchange-httpd_management_signkey_EP_revoke.c \
taler-exchange-httpd_management_wire.c \
taler-exchange-httpd_management_wire_disable.c \
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index d39af593..5accf6e1 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -1924,10 +1924,12 @@ load_fees (const char *section_name,
int
TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub,
+ struct TALER_DenominationPublicKey *denom_pub,
struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta)
{
struct KeyStateHandle *ksh;
struct HelperDenomination *hd;
+ int ok;
ksh = get_key_state ();
if (NULL == ksh)
@@ -1941,16 +1943,21 @@ TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub,
meta->start = hd->start_time;
meta->expire_withdraw = GNUNET_TIME_absolute_add (meta->start,
hd->validity_duration);
- return load_fees (hd->section_name,
- meta);
+ ok = load_fees (hd->section_name,
+ meta);
+ if (GNUNET_OK == ok)
+ denom_pub->rsa_public_key
+ = GNUNET_CRYPTO_rsa_public_key_dup (hd->denom_pub.rsa_public_key);
+ else
+ denom_pub->rsa_public_key
+ = NULL;
+ return ok;
}
int
TEH_keys_get_timing (const struct TALER_ExchangePublicKeyP *exchange_pub,
- struct GNUNET_TIME_Absolute *start_sign,
- struct GNUNET_TIME_Absolute *end_sign,
- struct GNUNET_TIME_Absolute *end_legal)
+ struct TALER_EXCHANGEDB_SignkeyMetaData *meta)
{
struct KeyStateHandle *ksh;
struct HelperSignkey *hsk;
@@ -1966,11 +1973,11 @@ TEH_keys_get_timing (const struct TALER_ExchangePublicKeyP *exchange_pub,
pid.public_key = exchange_pub->eddsa_pub;
hsk = GNUNET_CONTAINER_multipeermap_get (ksh->helpers.esign_keys,
&pid);
- *start_sign = hsk->start_time;
- *end_sign = GNUNET_TIME_absolute_add (*start_sign,
- hsk->validity_duration);
- *end_legal = GNUNET_TIME_absolute_add (*end_sign,
- signkey_legal_duration);
+ meta->start = hsk->start_time;
+ meta->expire_sign = GNUNET_TIME_absolute_add (meta->start,
+ hsk->validity_duration);
+ meta->expire_legal = GNUNET_TIME_absolute_add (meta->expire_sign,
+ signkey_legal_duration);
return GNUNET_OK;
}
diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h
index dc78e0e5..e91b1e16 100644
--- a/src/exchange/taler-exchange-httpd_keys.h
+++ b/src/exchange/taler-exchange-httpd_keys.h
@@ -248,11 +248,13 @@ TEH_keys_management_get_handler (const struct TEH_RequestHandler *rh,
*
* @param h_denom_pub hash of the denomination public key
* to use to derive the section name of the configuration to use
+ * @param[out] denom_pub set to the denomination public key (to be freed by caller!)
* @param[out] meta denomination type data to complete
* @return #GNUNET_OK on success
*/
int
TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub,
+ struct TALER_DenominationPublicKey *denom_pub,
struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta);
@@ -260,16 +262,12 @@ TEH_keys_load_fees (const struct GNUNET_HashCode *h_denom_pub,
* Load expiration times for the given onling signing key.
*
* @param exchange_pub the online signing key
- * @param[out] start_sign starting signing time
- * @param[out] end_sign send signing time
- * @param[out] end_legal legal expiration time
+ * @param[out] meta set to meta data about the key
* @return #GNUNET_OK on success
*/
int
TEH_keys_get_timing (const struct TALER_ExchangePublicKeyP *exchange_pub,
- struct GNUNET_TIME_Absolute *start_sign,
- struct GNUNET_TIME_Absolute *end_sign,
- struct GNUNET_TIME_Absolute *end_legal);
+ struct TALER_EXCHANGEDB_SignkeyMetaData *meta);
/**
diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c
index 0e4609e2..06750716 100644
--- a/src/exchange/taler-exchange-httpd_management_post_keys.c
+++ b/src/exchange/taler-exchange-httpd_management_post_keys.c
@@ -27,6 +27,7 @@
#include "taler_json_lib.h"
#include "taler_mhd_lib.h"
#include "taler_signatures.h"
+#include "taler-exchange-httpd_keys.h"
#include "taler-exchange-httpd_management.h"
#include "taler-exchange-httpd_responses.h"
@@ -125,6 +126,7 @@ add_keys (void *cls,
enum GNUNET_DB_QueryStatus qs;
bool is_active = false;
struct TALER_EXCHANGEDB_DenominationKeyMetaData meta;
+ struct TALER_DenominationPublicKey denom_pub;
/* For idempotency, check if the key is already active */
qs = TEH_plugin->lookup_denomination_key (
@@ -147,6 +149,7 @@ add_keys (void *cls,
{
if (GNUNET_OK !=
TEH_keys_load_fees (&akc->d_sigs[i].h_denom_pub,
+ &denom_pub,
&meta))
{
*mhd_ret = TALER_MHD_reply_with_error (
@@ -159,13 +162,13 @@ add_keys (void *cls,
}
else
{
- active = true;
+ is_active = true;
}
/* check signature is valid */
{
if (GNUNET_OK !=
- TALER_exchange_offline_denomkey_validity_verify (
+ TALER_exchange_offline_denom_validity_verify (
&akc->d_sigs[i].h_denom_pub,
meta.start,
meta.expire_withdraw,
@@ -189,12 +192,15 @@ add_keys (void *cls,
}
if (is_active)
continue; /* skip, already known */
- qs = TEH_plugin->activate_denomination_key (
+ qs = TEH_plugin->add_denomination_key (
TEH_plugin->cls,
session,
&akc->d_sigs[i].h_denom_pub,
+ &denom_pub,
+ &meta,
&TEH_master_public_key,
&akc->d_sigs[i].master_sig);
+ GNUNET_CRYPTO_rsa_public_key_free (denom_pub.rsa_public_key);
if (qs < 0)
{
if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
@@ -214,17 +220,13 @@ add_keys (void *cls,
{
enum GNUNET_DB_QueryStatus qs;
bool is_active = false;
- struct GNUNET_TIME_Absolute start_sign;
- struct GNUNET_TIME_Absolute end_sign;
- struct GNUNET_TIME_Absolute end_legal;
+ struct TALER_EXCHANGEDB_SignkeyMetaData meta;
qs = TEH_plugin->lookup_signing_key (
TEH_plugin->cls,
session,
&akc->s_sigs[i].exchange_pub,
- &start_sign,
- &end_sign,
- &end_legal);
+ &meta);
if (qs < 0)
{
if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
@@ -240,9 +242,7 @@ add_keys (void *cls,
{
if (GNUNET_OK !=
TEH_keys_get_timing (&akc->s_sigs[i].exchange_pub,
- &start_sign,
- &end_sign,
- &end_legal))
+ &meta))
{
/* For idempotency, check if the key is already active */
*mhd_ret = TALER_MHD_reply_with_error (
@@ -263,9 +263,9 @@ add_keys (void *cls,
if (GNUNET_OK !=
TALER_exchange_offline_signkey_validity_verify (
&akc->s_sigs[i].exchange_pub,
- start_sign,
- end_sign,
- end_legal,
+ meta.start,
+ meta.expire_sign,
+ meta.expire_legal,
&TEH_master_public_key,
&akc->s_sigs[i].master_sig))
{
@@ -282,7 +282,8 @@ add_keys (void *cls,
qs = TEH_plugin->activate_signing_key (
TEH_plugin->cls,
session,
- &akc->s_sigs[i].exchange_pub, // FIXME: provision meta data!?
+ &akc->s_sigs[i].exchange_pub,
+ &meta,
&akc->s_sigs[i].master_sig);
if (qs < 0)
{