7 files changed, 225 insertions, 8 deletions

diff --git a/doc/Makefile.am b/doc/Makefile.am
index b3c527168..09793ddcf 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -4,6 +4,7 @@ SUBDIRS = .
 
 man_MANS = \
   taler-auditor.1 \
+  taler-auditor-exchange.1 \
   taler-auditor-sign.1 \
   taler-bank-transfer.1 \
   taler-config-generate.1 \
diff --git a/doc/taler-auditor-exchange.1 b/doc/taler-auditor-exchange.1
new file mode 100644
index 000000000..c26cad7de
--- /dev/null
+++ b/doc/taler-auditor-exchange.1
@@ -0,0 +1,34 @@
+.TH TALER\-AUDITOR\-EXCHANGE 1 "Nov 3, 2018" "GNU Taler"
+
+.SH NAME
+taler\-auditor\-exchange \- add or remove exchange from auditor's list
+
+.SH SYNOPSIS
+.B taler\-auditor\-exchange [--remove] -m EXCHANGE_KEY -u EXCHANGE_URL
+.RI [ options ]
+.br
+
+.SH DESCRIPTION
+\fBtaler\-auditor\-exchange\fP is a command line tool to be used by an auditor to add or remove an exchange from the list of exchange's audited by the auditor.  You must add an exchange to that list before signing denomination keys with taler\-auditor\-sign or trying to audit it with taler\-auditor or taler\-wire\-auditor.  Afterwards the exchange will be visible via the /exchanges API of the taler\-auditor\-httpd.
+
+.SH OPTIONS
+.B
+.IP "\-m MASTERKEY,  \-\-exchange-key=MASTERKEY"
+Public key of the exchange in Crockford base32 encoding, for example as generated by gnunet\-ecc \-p.
+.B
+.IP "\-h, \-\-help"
+Print short help on options.
+.B
+.IP "\-u URL,  \-\-auditor-url=URL"
+URL of the exchange. The exchange's HTTP API must be available at this address.
+.B
+.IP "\-r,  \-\-remove"
+Instead of adding the exchange, remove it. Note that this will drop ALL data associated with that exchange, including existing auditing information.  So use with extreme care!
+
+.SH BUGS
+We should optionally verify the correctness of this exchange's base URL and that it matches the master public key (note that the exchange may still be offline, so it should be possible to bypass such a verfication step).  Furthermore, if we do verification, as a (less secure) convenience option, we should make \-m optional and obtain it from the base URL.
+
+Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
+
+.SH "SEE ALSO"
+\fBtaler\-auditor\-sign\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5)
diff --git a/doc/taler-auditor-sign.1 b/doc/taler-auditor-sign.1
index f0f90a5b8..e5883dbc6 100644
--- a/doc/taler-auditor-sign.1
+++ b/doc/taler-auditor-sign.1
@@ -11,6 +11,8 @@ taler\-auditor\-sign \- Sign exchange denomination as auditor.
 .SH DESCRIPTION
 \fBtaler\-auditor\-sign\fP is a command line tool to be used by an auditor to sign that he is aware of certain keys being used by a exchange.  Using this signature, the auditor affirms that he will verify that the exchange is properly accounting for those coins.
 
+The exchange for which keys were signed must have been added to the auditor using taler\-auditor\-exchange first!
+
 .SH OPTIONS
 .B
 .IP "\-a FILE,  \-\-auditor-key=FILE"
@@ -35,4 +37,4 @@ File where the auditor should write the EdDSA signature.
 Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
 
 .SH "SEE ALSO"
-\fBtaler\-exchange\-keyup\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5)
+\fBtaler\-auditor\-exchange\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5)
diff --git a/src/auditor/.gitignore b/src/auditor/.gitignore
index d6cf77f83..d92c3a3fa 100644
--- a/src/auditor/.gitignore
+++ b/src/auditor/.gitignore
@@ -1 +1,2 @@
 taler-auditor-httpd
+taler-auditor-exchange
diff --git a/src/auditor/Makefile.am b/src/auditor/Makefile.am
index e98ffefb6..4da582970 100644
--- a/src/auditor/Makefile.am
+++ b/src/auditor/Makefile.am
@@ -13,6 +13,7 @@ pkgcfg_DATA = \
 
 bin_PROGRAMS = \
   taler-auditor \
+  taler-auditor-exchange \
   taler-auditor-httpd \
   taler-wire-auditor \
   taler-auditor-sign \
@@ -89,6 +90,15 @@ taler_auditor_sign_LDADD = \
   -lgnunetutil $(XLIB)
 
 
+taler_auditor_exchange_SOURCES = \
+  taler-auditor-exchange.c
+taler_auditor_exchange_LDADD = \
+  $(LIBGCRYPT_LIBS) \
+  $(top_builddir)/src/util/libtalerutil.la \
+  $(top_builddir)/src/auditordb/libtalerauditordb.la \
+  -lgnunetutil $(XLIB)
+
+
 
 EXTRA_DIST = \
   auditor.conf
diff --git a/src/auditor/taler-auditor-exchange.c b/src/auditor/taler-auditor-exchange.c
new file mode 100644
index 000000000..b316f6026
--- /dev/null
+++ b/src/auditor/taler-auditor-exchange.c
@@ -0,0 +1,169 @@
+/*
+  This file is part of TALER
+  Copyright (C) 2014, 2015, 2018 GNUnet e.V.
+
+  TALER is free software; you can redistribute it and/or modify it under the
+  terms of the GNU General Public License as published by the Free Software
+  Foundation; either version 3, or (at your option) any later version.
+
+  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along with
+  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file taler-auditor-exchange.c
+ * @brief Tool used by the auditor to add or remove the exchange's master key
+ *        to its database.
+ * @author Christian Grothoff
+ */
+#include <platform.h>
+#include "taler_exchangedb_lib.h"
+#include "taler_auditordb_lib.h"
+
+
+/**
+ * URL of the exchange.
+ */
+static char *exchange_url;
+
+/**
+ * Master public key of the exchange.
+ */
+static struct TALER_MasterPublicKeyP master_public_key;
+
+/**
+ * Our configuration.
+ */
+static struct GNUNET_CONFIGURATION_Handle *cfg;
+
+/**
+ * Handle to access the auditor's database.
+ */
+static struct TALER_AUDITORDB_Plugin *adb;
+
+/**
+ * -r option given.
+ */
+static int remove_flag;
+
+
+/**
+ * The main function of the taler-auditor-exchange tool.  This tool is used
+ * to add (or remove) an exchange's master key and base URL to the auditor's
+ * database.
+ *
+ * @param argc number of arguments from the command line
+ * @param argv command line arguments
+ * @return 0 ok, 1 on error
+ */
+int
+main (int argc,
+      char *const *argv)
+{
+  char *cfgfile = NULL;
+  const struct GNUNET_GETOPT_CommandLineOption options[] = {
+    GNUNET_GETOPT_option_cfgfile (&cfgfile),
+    GNUNET_GETOPT_option_help ("Add or remove exchange to list of audited exchanges"),
+    GNUNET_GETOPT_option_mandatory
+    (GNUNET_GETOPT_option_base32_auto ('m',
+                                       "exchange-key",
+                                       "KEY",
+                                       "public key of the exchange (Crockford base32 encoded)",
+                                       &master_public_key)),
+    GNUNET_GETOPT_option_mandatory
+    (GNUNET_GETOPT_option_string ('u',
+                                  "exchange-url",
+                                  "URL",
+                                  "base URL of the exchange",
+                                  &exchange_url)),
+    GNUNET_GETOPT_option_flag ('r',
+                               "remove",
+                               "remove the exchange's key (default is to add)",
+                               &remove_flag),
+    GNUNET_GETOPT_option_version (VERSION "-" VCS_VERSION),
+    GNUNET_GETOPT_OPTION_END
+  };
+
+  GNUNET_assert (GNUNET_OK ==
+                 GNUNET_log_setup ("taler-auditor-exchange",
+                                   "WARNING",
+                                   NULL));
+  if (GNUNET_GETOPT_run ("taler-auditor-exchange",
+                         options,
+                         argc, argv) < 0)
+    return 1;
+  cfg = GNUNET_CONFIGURATION_create ();
+  if (GNUNET_SYSERR ==
+      GNUNET_CONFIGURATION_load (cfg,
+                                 cfgfile))
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                _("Malformed configuration file `%s', exit ...\n"),
+                cfgfile);
+    GNUNET_free_non_null (cfgfile);
+    return 1;
+  }
+  GNUNET_free_non_null (cfgfile);
+
+  if (NULL ==
+      (adb = TALER_AUDITORDB_plugin_load (cfg)))
+  {
+    fprintf (stderr,
+             "Failed to initialize auditor database plugin.\n");
+    return 3;
+  }
+
+  /* Create required tables */
+  if (GNUNET_OK !=
+      adb->create_tables (adb->cls))
+  {
+    fprintf (stderr,
+             "Failed to create tables in auditor's database\n");
+    TALER_AUDITORDB_plugin_unload (adb);
+    return 3;
+  }
+
+  /* Update DB */
+  {
+    enum GNUNET_DB_QueryStatus qs;
+    struct TALER_AUDITORDB_Session *session;
+
+    session = adb->get_session (adb->cls);
+    if (NULL == session)
+    {
+      fprintf (stderr,
+	       "Failed to initialize database session\n");
+      TALER_AUDITORDB_plugin_unload (adb);
+      return 3;
+    }
+
+    if (remove_flag)
+    {
+      qs = adb->delete_exchange (adb->cls,
+                                 session,
+                                 &master_public_key);
+    }
+    else
+    {
+      qs = adb->insert_exchange (adb->cls,
+                                 session,
+                                 &master_public_key,
+                                 exchange_url);
+    }
+    if (0 > qs)
+    {
+      fprintf (stderr,
+               "Failed to update auditor DB (%d)\n",
+               qs);
+      TALER_AUDITORDB_plugin_unload (adb);
+      return 3;
+    }
+  }
+  TALER_AUDITORDB_plugin_unload (adb);
+  return 0;
+}
+
+/* end of taler-auditor-exchange.c */
diff --git a/src/auditor/taler-auditor-sign.c b/src/auditor/taler-auditor-sign.c
index 964480a6d..e34537137 100644
--- a/src/auditor/taler-auditor-sign.c
+++ b/src/auditor/taler-auditor-sign.c
@@ -1,6 +1,6 @@
 /*
   This file is part of TALER
-  Copyright (C) 2014, 2015 GNUnet e.V.
+  Copyright (C) 2014, 2015, 2018 GNUnet e.V.
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU General Public License as published by the Free Software
@@ -151,13 +151,13 @@ main (int argc,
                                    "file containing the private key of the auditor",
                                    &auditor_key_file),
     GNUNET_GETOPT_option_cfgfile (&cfgfile),
-    GNUNET_GETOPT_option_help ("Private key of the auditor to use for signing"),
+    GNUNET_GETOPT_option_help ("Sign denomination keys of an exchange"),
     GNUNET_GETOPT_option_mandatory
     (GNUNET_GETOPT_option_base32_auto ('m',
-                                           "exchange-key",
-                                           "KEY",
-                                           "public key of the exchange (Crockford base32 encoded)",
-                                           &master_public_key)),
+                                       "exchange-key",
+                                       "KEY",
+                                       "public key of the exchange (Crockford base32 encoded)",
+                                       &master_public_key)),
     GNUNET_GETOPT_option_string ('u',
                                  "auditor-url",
                                  "URL",
@@ -398,7 +398,7 @@ main (int argc,
       if (0 > qs)
       {
 	fprintf (stderr,
-		 "Failed to store key in auditor DB\n");
+		 "Failed to store key in auditor DB (did you add the exchange first?)\n");
 	TALER_AUDITORDB_plugin_unload (adb);
 	GNUNET_free (dks);
 	GNUNET_free (sigs);