summaryrefslogtreecommitdiff
path: root/src/auditor
diff options
context:
space:
mode:
Diffstat (limited to 'src/auditor')
-rw-r--r--src/auditor/Makefile.am1
-rw-r--r--src/auditor/taler-auditor-httpd.c17
-rw-r--r--src/auditor/taler-auditor-httpd.h6
-rw-r--r--src/auditor/taler-auditor-httpd_deposit-confirmation.c54
4 files changed, 62 insertions, 16 deletions
diff --git a/src/auditor/Makefile.am b/src/auditor/Makefile.am
index 935f8354..79da458f 100644
--- a/src/auditor/Makefile.am
+++ b/src/auditor/Makefile.am
@@ -148,6 +148,7 @@ taler_auditor_httpd_LDADD = \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \
+ $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
-lmicrohttpd \
-ljansson \
-lgnunetjson \
diff --git a/src/auditor/taler-auditor-httpd.c b/src/auditor/taler-auditor-httpd.c
index d1e3c2de..1f6413b2 100644
--- a/src/auditor/taler-auditor-httpd.c
+++ b/src/auditor/taler-auditor-httpd.c
@@ -29,6 +29,7 @@
#include <sys/resource.h>
#include "taler_mhd_lib.h"
#include "taler_auditordb_lib.h"
+#include "taler_exchangedb_lib.h"
#include "taler-auditor-httpd_deposit-confirmation.h"
#include "taler-auditor-httpd_exchanges.h"
#include "taler-auditor-httpd_mhd.h"
@@ -70,6 +71,11 @@ static struct GNUNET_CONFIGURATION_Handle *cfg;
struct TALER_AUDITORDB_Plugin *TAH_plugin;
/**
+ * Our DB plugin to talk to the *exchange* database.
+ */
+struct TALER_EXCHANGEDB_Plugin *TAH_eplugin;
+
+/**
* Public key of this auditor.
*/
static struct TALER_AuditorPublicKeyP auditor_pub;
@@ -434,7 +440,14 @@ auditor_serve_process_config (void)
(TAH_plugin = TALER_AUDITORDB_plugin_load (cfg)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to initialize DB subsystem\n");
+ "Failed to initialize DB subsystem to interact with auditor database\n");
+ return GNUNET_SYSERR;
+ }
+ if (NULL ==
+ (TAH_eplugin = TALER_EXCHANGEDB_plugin_load (cfg)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to initialize DB subsystem to query exchange database\n");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
@@ -729,6 +742,8 @@ main (int argc,
}
TALER_AUDITORDB_plugin_unload (TAH_plugin);
TAH_plugin = NULL;
+ TALER_EXCHANGEDB_plugin_unload (TAH_eplugin);
+ TAH_eplugin = NULL;
TEAH_DEPOSIT_CONFIRMATION_done ();
return (GNUNET_SYSERR == ret) ? 1 : 0;
}
diff --git a/src/auditor/taler-auditor-httpd.h b/src/auditor/taler-auditor-httpd.h
index 127c4dd8..25e37427 100644
--- a/src/auditor/taler-auditor-httpd.h
+++ b/src/auditor/taler-auditor-httpd.h
@@ -25,6 +25,7 @@
#include <microhttpd.h>
#include "taler_auditordb_plugin.h"
+#include "taler_exchangedb_plugin.h"
/**
@@ -32,6 +33,11 @@
*/
extern struct TALER_AUDITORDB_Plugin *TAH_plugin;
+/**
+ * Our DB plugin to talk to the *exchange* database.
+ */
+extern struct TALER_EXCHANGEDB_Plugin *TAH_eplugin;
+
/**
* @brief Struct describing an URL and the handler for it.
diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
index 08a781f3..61263888 100644
--- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
+++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
@@ -35,7 +35,7 @@
/**
* Cache of already verified exchange signing keys. Maps the hash of the
* `struct TALER_ExchangeSigningKeyValidityPS` to the (static) string
- * "verified". Access to this map is guarded by the #lock.
+ * "verified" or "revoked". Access to this map is guarded by the #lock.
*/
static struct GNUNET_CONTAINER_MultiHashMap *cache;
@@ -66,7 +66,7 @@ verify_and_execute_deposit_confirmation (
enum GNUNET_DB_QueryStatus qs;
struct GNUNET_TIME_Absolute now;
struct GNUNET_HashCode h;
- int cached;
+ const char *cached;
struct TALER_ExchangeSigningKeyValidityPS skv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)),
@@ -94,10 +94,9 @@ verify_and_execute_deposit_confirmation (
sizeof (skv),
&h);
GNUNET_assert (0 == pthread_mutex_lock (&lock));
- cached = GNUNET_CONTAINER_multihashmap_contains (cache,
- &h);
+ cached = GNUNET_CONTAINER_multihashmap_get (cache,
+ &h);
GNUNET_assert (0 == pthread_mutex_unlock (&lock));
-
session = TAH_plugin->get_session (TAH_plugin->cls);
if (NULL == session)
{
@@ -107,7 +106,7 @@ verify_and_execute_deposit_confirmation (
TALER_EC_GENERIC_DB_SETUP_FAILED,
NULL);
}
- if (! cached)
+ if (NULL == cached)
{
/* Not in cache, need to verify the signature, persist it, and possibly cache it */
if (GNUNET_OK !=
@@ -139,18 +138,43 @@ verify_and_execute_deposit_confirmation (
TALER_EC_GENERIC_DB_STORE_FAILED,
"exchange signing key");
}
+ cached = "verified";
+ }
+
+ if (0 == strcmp (cached,
+ "verified"))
+ {
+ struct TALER_MasterSignatureP master_sig;
- /* Cache it, due to concurreny it might already be in the cache,
- so we do not cache it twice but also don't insist on the 'put' to
- succeed. */
- GNUNET_assert (0 == pthread_mutex_lock (&lock));
- (void) GNUNET_CONTAINER_multihashmap_put (cache,
- &h,
- "verified",
- GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
- GNUNET_assert (0 == pthread_mutex_unlock (&lock));
+ /* check for revocation */
+ qs = TAH_eplugin->lookup_signkey_revocation (TAH_eplugin->cls,
+ NULL,
+ &es->exchange_pub,
+ &master_sig);
+ if (0 > qs)
+ {
+ GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
+ TALER_LOG_WARNING (
+ "Failed to check for signing key revocation in database\n");
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_DB_FETCH_FAILED,
+ "exchange signing key revocation");
+ }
+ if (0 < qs)
+ cached = "revoked";
}
+ /* Cache it, due to concurreny it might already be in the cache,
+ so we do not cache it twice but also don't insist on the 'put' to
+ succeed. */
+ GNUNET_assert (0 == pthread_mutex_lock (&lock));
+ (void) GNUNET_CONTAINER_multihashmap_put (cache,
+ &h,
+ (void *) cached,
+ GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
+ GNUNET_assert (0 == pthread_mutex_unlock (&lock));
+
/* check deposit confirmation signature */
{
struct TALER_DepositConfirmationPS dcs = {