diff options
Diffstat (limited to 'src/exchange/taler-exchange-httpd_reserves_attest.c')
-rw-r--r-- | src/exchange/taler-exchange-httpd_reserves_attest.c | 151 |
1 files changed, 79 insertions, 72 deletions
diff --git a/src/exchange/taler-exchange-httpd_reserves_attest.c b/src/exchange/taler-exchange-httpd_reserves_attest.c index a740bb25a..7bbebaad7 100644 --- a/src/exchange/taler-exchange-httpd_reserves_attest.c +++ b/src/exchange/taler-exchange-httpd_reserves_attest.c @@ -48,7 +48,7 @@ struct ReserveAttestContext /** * Public key of the reserve the inquiry is about. */ - const struct TALER_ReservePublicKeyP *reserve_pub; + struct TALER_ReservePublicKeyP reserve_pub; /** * Hash of the payto URI of this reserve. @@ -68,7 +68,7 @@ struct ReserveAttestContext /** * List of requested details. */ - json_t *details; + const json_t *details; /** * Client signature approving the request. @@ -76,14 +76,14 @@ struct ReserveAttestContext struct TALER_ReserveSignatureP reserve_sig; /** - * Attributes we are affirming. + * Attributes we are affirming. JSON object. */ json_t *json_attest; /** - * Error code encountered in interaction with KYC provider. + * Database error codes encountered. */ - enum TALER_ErrorCode ec; + enum GNUNET_DB_QueryStatus qs; /** * Set to true if we did not find the reserve. @@ -122,7 +122,7 @@ reply_reserve_attest_success (struct MHD_Connection *connection, &TEH_keys_exchange_sign_, now, rhc->etime, - rhc->reserve_pub, + &rhc->reserve_pub, rhc->json_attest, &exchange_pub, &exchange_sig); @@ -140,8 +140,12 @@ reply_reserve_attest_success (struct MHD_Connection *connection, &exchange_sig), GNUNET_JSON_pack_data_auto ("exchange_pub", &exchange_pub), - GNUNET_JSON_pack_array_steal ("attest", - rhc->json_attest)); + GNUNET_JSON_pack_timestamp ("exchange_timestamp", + now), + GNUNET_JSON_pack_timestamp ("expiration_time", + rhc->etime), + GNUNET_JSON_pack_object_steal ("attributes", + rhc->json_attest)); } @@ -152,68 +156,68 @@ reply_reserve_attest_success (struct MHD_Connection *connection, * set based on the details requested by the client. * * @param cls our `struct ReserveAttestContext *` - * @param provider_section KYC provider configuration section - * @param provider_user_id UID at a provider (can be NULL) - * @param legi_id legitimization process ID (can be NULL) + * @param h_payto account for which the attribute data is stored + * @param provider_section provider that must be checked + * @param collection_time when was the data collected + * @param expiration_time when does the data expire + * @param enc_attributes_size number of bytes in @a enc_attributes + * @param enc_attributes encrypted attribute data */ static void kyc_process_cb (void *cls, + const struct TALER_PaytoHashP *h_payto, const char *provider_section, - const char *provider_user_id, - const char *legi_id) + struct GNUNET_TIME_Timestamp collection_time, + struct GNUNET_TIME_Timestamp expiration_time, + size_t enc_attributes_size, + const void *enc_attributes) { struct ReserveAttestContext *rsc = cls; - struct GNUNET_TIME_Timestamp etime; json_t *attrs; + json_t *val; + const char *name; bool match = false; - rsc->ec = TALER_KYCLOGIC_user_to_attributes (provider_section, - provider_user_id, - legi_id, - &etime, - &attrs); - if (TALER_EC_NONE != rsc->ec) - return; - if (GNUNET_TIME_absolute_is_past (etime.abs_time)) - { - json_decref (attrs); + if (GNUNET_TIME_absolute_is_past (expiration_time.abs_time)) return; - } + attrs = TALER_CRYPTO_kyc_attributes_decrypt (&TEH_attribute_key, + enc_attributes, + enc_attributes_size); + json_object_foreach (attrs, name, val) { - json_t *val; - const char *name; - - json_object_foreach (attrs, name, val) + bool requested = false; + size_t idx; + json_t *str; + + if (NULL != json_object_get (rsc->json_attest, + name)) + continue; /* duplicate */ + json_array_foreach (rsc->details, idx, str) { - bool requested = false; - size_t idx; - json_t *str; - - if (NULL != json_object_get (rsc->json_attest, - name)) - continue; /* duplicate */ - json_array_foreach (rsc->details, idx, str) + if (0 == strcmp (json_string_value (str), + name)) { - if (0 == strcmp (json_string_value (str), - name)) - { - requested = true; - break; - } + requested = true; + break; } - if (! requested) - continue; - match = true; - GNUNET_assert (0 == - json_object_set (rsc->json_attest, /* NOT set_new! */ - name, - val)); } + if (! requested) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Skipping attribute `%s': not requested\n", + name); + continue; + } + match = true; + GNUNET_assert (0 == + json_object_set (rsc->json_attest, /* NOT set_new! */ + name, + val)); } json_decref (attrs); if (! match) return; - rsc->etime = GNUNET_TIME_timestamp_min (etime, + rsc->etime = GNUNET_TIME_timestamp_min (expiration_time, rsc->etime); } @@ -241,9 +245,9 @@ reserve_attest_transaction (void *cls, struct ReserveAttestContext *rsc = cls; enum GNUNET_DB_QueryStatus qs; - rsc->json_attest = json_array (); + rsc->json_attest = json_object (); GNUNET_assert (NULL != rsc->json_attest); - qs = TEH_plugin->iterate_kyc_reference (TEH_plugin->cls, + qs = TEH_plugin->select_kyc_attributes (TEH_plugin->cls, &rsc->h_payto, &kyc_process_cb, rsc); @@ -255,7 +259,7 @@ reserve_attest_transaction (void *cls, = TALER_MHD_reply_with_error (connection, MHD_HTTP_INTERNAL_SERVER_ERROR, TALER_EC_GENERIC_DB_FETCH_FAILED, - "iterate_kyc_reference"); + "select_kyc_attributes"); return qs; case GNUNET_DB_STATUS_SOFT_ERROR: GNUNET_break (0); @@ -273,8 +277,8 @@ reserve_attest_transaction (void *cls, MHD_RESULT TEH_handler_reserves_attest (struct TEH_RequestContext *rc, - const struct TALER_ReservePublicKeyP *reserve_pub, - const json_t *root) + const json_t *root, + const char *const args[1]) { struct ReserveAttestContext rsc = { .etime = GNUNET_TIME_UNIT_FOREVER_TS @@ -283,15 +287,26 @@ TEH_handler_reserves_attest (struct TEH_RequestContext *rc, struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_timestamp ("request_timestamp", &rsc.timestamp), - GNUNET_JSON_spec_json ("details", - &rsc.details), + GNUNET_JSON_spec_array_const ("details", + &rsc.details), GNUNET_JSON_spec_fixed_auto ("reserve_sig", &rsc.reserve_sig), GNUNET_JSON_spec_end () }; struct GNUNET_TIME_Timestamp now; - rsc.reserve_pub = reserve_pub; + if (GNUNET_OK != + GNUNET_STRINGS_string_to_data (args[0], + strlen (args[0]), + &rsc.reserve_pub, + sizeof (rsc.reserve_pub))) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_GENERIC_RESERVE_PUB_MALFORMED, + args[0]); + } { enum GNUNET_GenericReturnValue res; @@ -324,7 +339,7 @@ TEH_handler_reserves_attest (struct TEH_RequestContext *rc, if (GNUNET_OK != TALER_wallet_reserve_attest_request_verify (rsc.timestamp, rsc.details, - reserve_pub, + &rsc.reserve_pub, &rsc.reserve_sig)) { GNUNET_break_op (0); @@ -338,7 +353,7 @@ TEH_handler_reserves_attest (struct TEH_RequestContext *rc, char *payto_uri; payto_uri = TALER_reserve_make_payto (TEH_base_url, - rsc.reserve_pub); + &rsc.reserve_pub); TALER_payto_hash (payto_uri, &rsc.h_payto); GNUNET_free (payto_uri); @@ -360,18 +375,10 @@ TEH_handler_reserves_attest (struct TEH_RequestContext *rc, return TALER_MHD_reply_with_error (rc->connection, MHD_HTTP_NOT_FOUND, TALER_EC_EXCHANGE_GENERIC_RESERVE_UNKNOWN, - NULL); - } - if (TALER_EC_NONE != rsc.ec) - { - json_decref (rsc.json_attest); - return TALER_MHD_reply_with_ec (rc->connection, - rsc.ec, - NULL); + args[0]); } - mhd_ret = reply_reserve_attest_success (rc->connection, - &rsc); - return mhd_ret; + return reply_reserve_attest_success (rc->connection, + &rsc); } |