summaryrefslogtreecommitdiff
path: root/src/exchange
diff options
context:
space:
mode:
Diffstat (limited to 'src/exchange')
-rw-r--r--src/exchange/exchange.conf14
-rw-r--r--src/exchange/taler-exchange-httpd_keys.c24
-rw-r--r--src/exchange/taler-exchange-httpd_keys.h14
-rw-r--r--src/exchange/taler-exchange-httpd_refreshes_reveal.c2
-rw-r--r--src/exchange/taler-exchange-httpd_wire.h2
5 files changed, 22 insertions, 34 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf
index 3abd8efd9..f4bdc4ed9 100644
--- a/src/exchange/exchange.conf
+++ b/src/exchange/exchange.conf
@@ -63,20 +63,8 @@ AGGREGATOR_IDLE_SLEEP_INTERVAL = 60 s
# super fast.)
WIREWATCH_IDLE_SLEEP_INTERVAL = 1 s
-# how long is one signkey valid?
-SIGNKEY_DURATION = 4 weeks
-
# how long are the signatures with the signkey valid?
-LEGAL_DURATION = 2 years
-
-# how long do we generate denomination and signing keys
-# ahead of time?
-LOOKAHEAD_SIGN = 32 weeks 1 day
-
-# how long do we provide to clients denomination and signing keys
-# ahead of time?
-LOOKAHEAD_PROVIDE = 4 weeks 1 day
-
+SIGNKEY_LEGAL_DURATION = 2 years
# Directory with our terms of service.
# TERMS_DIR =
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c
index e955cd953..87dd5467d 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -147,7 +147,7 @@ struct HelperSignkey
* State associated with the crypto helpers / security modules.
* Created per-thread, but NOT updated when the #key_generation
* is updated (instead constantly kept in sync whenever
- * #TEH_get_key_state() is called).
+ * #TEH_keys_get_state() is called).
*/
struct HelperState
{
@@ -335,8 +335,8 @@ static pthread_key_t key_state;
* Counter incremented whenever we have a reason to re-build the keys because
* something external changed (in another thread). The counter is manipulated
* using an atomic update, and thus to ensure that threads notice when it
- * changes, the variable MUST be volatile. See #TEH_get_key_state() and
- * #TEH_update_key_state() for uses of this variable.
+ * changes, the variable MUST be volatile. See #TEH_keys_get_state() and
+ * #TEH_keys_update_states() for uses of this variable.
*/
static volatile uint64_t key_generation;
@@ -816,7 +816,7 @@ clear_denomination_cb (void *cls,
* Free denomination key data.
*
* @param cls a `struct TEH_KeyStateHandle`, unused
- * @param h_denom_pub hash of the denomination public key, unused
+ * @param pid the online signing key (type-disguised), unused
* @param value a `struct SigningKey` to free
* @return #GNUNET_OK (continue to iterate)
*/
@@ -1729,7 +1729,7 @@ TEH_keys_update_states ()
/**
* Obtain the key state for the current thread. Should ONLY be used
- * directly if @a management_only is true. Otherwise use #TEH_get_key_state().
+ * directly if @a management_only is true. Otherwise use #TEH_keys_get_state().
*
* @param management_only if we should NOT run 'finish_keys_response()'
* because we only need the state for the /management/keys API
@@ -1787,7 +1787,7 @@ get_key_state (bool management_only)
struct TEH_KeyStateHandle *
-TEH_get_key_state (void)
+TEH_keys_get_state (void)
{
struct TEH_KeyStateHandle *ksh;
@@ -1811,7 +1811,7 @@ TEH_keys_denomination_by_hash (const struct GNUNET_HashCode *h_denom_pub,
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
*hc = MHD_HTTP_INTERNAL_SERVER_ERROR;
@@ -1854,7 +1854,7 @@ TEH_keys_denomination_sign (const struct GNUNET_HashCode *h_denom_pub,
struct TEH_KeyStateHandle *ksh;
struct TALER_DenominationSignature none = { NULL };
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
*ec = TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING;
@@ -1873,7 +1873,7 @@ TEH_keys_denomination_revoke (const struct GNUNET_HashCode *h_denom_pub)
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
GNUNET_break (0);
@@ -1893,7 +1893,7 @@ TEH_keys_exchange_sign_ (
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
/* This *can* happen if the exchange's crypto helper is not running
@@ -1956,7 +1956,7 @@ TEH_keys_exchange_revoke (const struct TALER_ExchangePublicKeyP *exchange_pub)
{
struct TEH_KeyStateHandle *ksh;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
GNUNET_break (0);
@@ -2037,7 +2037,7 @@ TEH_keys_get_handler (const struct TEH_RequestHandler *rh,
struct TEH_KeyStateHandle *ksh;
const struct KeysResponseData *krd;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
return suspend_request (connection);
diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h
index 54dc8c73e..3a72c1c2a 100644
--- a/src/exchange/taler-exchange-httpd_keys.h
+++ b/src/exchange/taler-exchange-httpd_keys.h
@@ -101,13 +101,13 @@ struct TEH_KeyStateHandle;
* state if we have reason to believe that something changed.
*
* The result is ONLY valid until the next call to
- * #TEH_keys_denomination_by_hash() or #TEH_get_key_state()
+ * #TEH_keys_denomination_by_hash() or #TEH_keys_get_state()
* or #TEH_keys_exchange_sign().
*
* @return NULL on error
*/
struct TEH_KeyStateHandle *
-TEH_get_key_state (void);
+TEH_keys_get_state (void);
/**
@@ -117,7 +117,7 @@ TEH_get_key_state (void);
*
* (We do not do so immediately, but merely signal to all threads that they
* need to rebuild their key state upon the next call to
- * #TEH_get_key_state()).
+ * #TEH_keys_get_state()).
*/
void
TEH_keys_update_states (void);
@@ -128,7 +128,6 @@ TEH_keys_update_states (void);
* must only be used in this thread and only until another key or
* key state is resolved.
*
- * @param key_state state to look in
* @param h_denom_pub hash of denomination public key
* @param[out] ec set to the error code, in case the operation failed
* @param[out] hc set to the HTTP status code to use
@@ -145,9 +144,9 @@ TEH_keys_denomination_by_hash (const struct GNUNET_HashCode *h_denom_pub,
* Look up the issue for a denom public key using a given @a ksh. This allows
* requesting multiple denominations with the same @a ksh which thus will
* remain valid until the next call to #TEH_keys_denomination_by_hash() or
- * #TEH_get_key_state() or #TEH_keys_exchange_sign().
+ * #TEH_keys_get_state() or #TEH_keys_exchange_sign().
*
- * @param key_state state to look in
+ * @param ksh key state state to look in
* @param h_denom_pub hash of denomination public key
* @param[out] ec set to the error code, in case the operation failed
* @param[out] hc set to the HTTP status code to use
@@ -231,6 +230,7 @@ TEH_keys_exchange_sign_ (
* number of bytes of the data structure, including its header. Use
* #TEH_keys_exchange_sign() instead of calling this function directly!
*
+ * @param ksh key state state to look in
* @param purpose the message to sign
* @param[out] pub set to the current public signing key of the exchange
* @param[out] sig signature over purpose using current signing key
@@ -281,7 +281,7 @@ TEH_keys_exchange_sign2_ (
*
* This allows requesting multiple denominations with the same @a ksh which
* thus will remain valid until the next call to
- * #TEH_keys_denomination_by_hash() or #TEH_get_key_state() or
+ * #TEH_keys_denomination_by_hash() or #TEH_keys_get_state() or
* #TEH_keys_exchange_sign().
*
* @param ksh key state to use
diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
index 9533ad532..930de0820 100644
--- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
@@ -548,7 +548,7 @@ resolve_refreshes_reveal_denominations (struct MHD_Connection *connection,
struct TEH_KeyStateHandle *ksh;
struct GNUNET_TIME_Absolute now;
- ksh = TEH_get_key_state ();
+ ksh = TEH_keys_get_state ();
if (NULL == ksh)
{
return TALER_MHD_reply_with_error (connection,
diff --git a/src/exchange/taler-exchange-httpd_wire.h b/src/exchange/taler-exchange-httpd_wire.h
index b07bfcfb2..75094f5ac 100644
--- a/src/exchange/taler-exchange-httpd_wire.h
+++ b/src/exchange/taler-exchange-httpd_wire.h
@@ -49,7 +49,7 @@ TEH_WIRE_done (void);
*
* (We do not do so immediately, but merely signal to all threads that they
* need to rebuild their wire state upon the next call to
- * #wire_get_state()).
+ * #TEH_handler_wire()).
*/
void
TEH_wire_update_state (void);