diff options
Diffstat (limited to 'src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c')
| -rw-r--r-- | src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c new file mode 100644 index 000000000..4fc190b38 --- /dev/null +++ b/src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c @@ -0,0 +1,111 @@ +/* + This file is part of TALER + Copyright (C) 2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-exchange-httpd_management_signkey_EP_revoke.c + * @brief Handle exchange online signing key revocation requests. + * @author Christian Grothoff + */ +#include "platform.h" +#include <gnunet/gnunet_util_lib.h> +#include <gnunet/gnunet_json_lib.h> +#include <jansson.h> +#include <microhttpd.h> +#include <pthread.h> +#include "taler_json_lib.h" +#include "taler_mhd_lib.h" +#include "taler-exchange-httpd_responses.h" +#include "taler-exchange-httpd_keystate.h" + + +/** + * Handle a "/management/signkeys/$EP/revoke" request. + * + * @param connection the MHD connection to handle + * @param exchange_pub exchange online signing public key to revoke + * @param root uploaded JSON data + * @return MHD result code + */ +MHD_RESULT +TEH_handler_management_signkeys_EP_revoke ( + struct MHD_Connection *connection, + const struct TALER_ExchangePublicKeyP *exchange_pub, + const json_t *root) +{ + struct TALER_MasterSignatureP master_sig; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("master_sig", + &master_sig), + GNUNET_JSON_spec_end () + }; + enum GNUNET_DB_QueryStatus qs; + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (connection, + root, + spec); + if (GNUNET_SYSERR == res) + return MHD_NO; /* hard failure */ + if (GNUNET_NO == res) + return MHD_YES; /* failure */ + } + { + struct TALER_MasterDenominationKeyRevocationPS rm = { + .purpose.purpose = htonl ( + TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED), + .purpose.size = htonl (sizeof (rm)), + .exchange_pub = *exchange_pub + }; + + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify ( + TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED, + &rm, + &master_sig.eddsa_sig, + &TEH_master_public_key.eddsa_pub)) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error ( + connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_SIGNKEY_REVOKE_SIGNATURE_INVALID, + NULL); + } + } + qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls, + NULL, + exchange_pub, + &master_sig); + if (qs < 0) + { + GNUNET_break (0); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_STORE_FAILED, + "signkey revocation"); + } + // FIXME: also update our '/keys' replies! (signal all threads!?!?) + return TALER_MHD_reply_static ( + connection, + MHD_HTTP_NO_CONTENT, + NULL, + NULL, + 0); +} + + +/* end of taler-exchange-httpd_management_signkey_HDP_revoke.c */ |