summaryrefslogtreecommitdiff
path: root/src/lib/exchange_api_batch_withdraw2.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/exchange_api_batch_withdraw2.c')
-rw-r--r--src/lib/exchange_api_batch_withdraw2.c272
1 files changed, 76 insertions, 196 deletions
diff --git a/src/lib/exchange_api_batch_withdraw2.c b/src/lib/exchange_api_batch_withdraw2.c
index e9da21992..ff1496466 100644
--- a/src/lib/exchange_api_batch_withdraw2.c
+++ b/src/lib/exchange_api_batch_withdraw2.c
@@ -1,6 +1,6 @@
/*
This file is part of TALER
- Copyright (C) 2014-2022 Taler Systems SA
+ Copyright (C) 2014-2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
@@ -39,14 +39,14 @@ struct TALER_EXCHANGE_BatchWithdraw2Handle
{
/**
- * The connection to exchange this request handle will use
+ * The url for this request.
*/
- struct TALER_EXCHANGE_Handle *exchange;
+ char *url;
/**
- * The url for this request.
+ * The /keys material from the exchange
*/
- char *url;
+ const struct TALER_EXCHANGE_Keys *keys;
/**
* Handle for the request.
@@ -89,8 +89,8 @@ struct TALER_EXCHANGE_BatchWithdraw2Handle
/**
* We got a 200 OK response for the /reserves/$RESERVE_PUB/batch-withdraw operation.
* Extract the coin's signature and return it to the caller. The signature we
- * get from the exchange is for the blinded value. Thus, we first must
- * unblind it and then should verify its validity against our coin's hash.
+ * get from the exchange is for the blinded value. As we do not have the
+ * blinding factor, the signature CANNOT be verified.
*
* If everything checks out, we return the unblinded signature
* to the application via the callback.
@@ -103,14 +103,15 @@ static enum GNUNET_GenericReturnValue
reserve_batch_withdraw_ok (struct TALER_EXCHANGE_BatchWithdraw2Handle *wh,
const json_t *json)
{
- struct TALER_BlindedDenominationSignature blind_sigs[wh->num_coins];
+ struct TALER_BlindedDenominationSignature blind_sigs[GNUNET_NZL (
+ wh->num_coins)];
const json_t *ja = json_object_get (json,
"ev_sigs");
const json_t *j;
- unsigned int index;
- struct TALER_EXCHANGE_HttpResponse hr = {
- .reply = json,
- .http_status = MHD_HTTP_OK
+ size_t index;
+ struct TALER_EXCHANGE_BatchWithdraw2Response bwr = {
+ .hr.reply = json,
+ .hr.http_status = MHD_HTTP_OK
};
if ( (NULL == ja) ||
@@ -134,17 +135,17 @@ reserve_batch_withdraw_ok (struct TALER_EXCHANGE_BatchWithdraw2Handle *wh,
NULL, NULL))
{
GNUNET_break_op (0);
- for (unsigned int i = 0; i<index; i++)
+ for (size_t i = 0; i<index; i++)
TALER_blinded_denom_sig_free (&blind_sigs[i]);
return GNUNET_SYSERR;
}
}
/* signature is valid, return it to the application */
+ bwr.details.ok.blind_sigs = blind_sigs;
+ bwr.details.ok.blind_sigs_length = wh->num_coins;
wh->cb (wh->cb_cls,
- &hr,
- blind_sigs,
- wh->num_coins);
+ &bwr);
/* make sure callback isn't called again after return */
wh->cb = NULL;
for (unsigned int i = 0; i<wh->num_coins; i++)
@@ -155,101 +156,6 @@ reserve_batch_withdraw_ok (struct TALER_EXCHANGE_BatchWithdraw2Handle *wh,
/**
- * We got a 409 CONFLICT response for the /reserves/$RESERVE_PUB/batch-withdraw operation.
- * Check the signatures on the batch withdraw transactions in the provided
- * history and that the balances add up. We don't do anything directly
- * with the information, as the JSON will be returned to the application.
- * However, our job is ensuring that the exchange followed the protocol, and
- * this in particular means checking all of the signatures in the history.
- *
- * @param wh operation handle
- * @param json reply from the exchange
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on errors
- */
-static enum GNUNET_GenericReturnValue
-reserve_batch_withdraw_payment_required (
- struct TALER_EXCHANGE_BatchWithdraw2Handle *wh,
- const json_t *json)
-{
- struct TALER_Amount balance;
- struct TALER_Amount total_in_from_history;
- struct TALER_Amount total_out_from_history;
- json_t *history;
- size_t len;
- struct GNUNET_JSON_Specification spec[] = {
- TALER_JSON_spec_amount_any ("balance",
- &balance),
- GNUNET_JSON_spec_end ()
- };
-
- if (GNUNET_OK !=
- GNUNET_JSON_parse (json,
- spec,
- NULL, NULL))
- {
- GNUNET_break_op (0);
- return GNUNET_SYSERR;
- }
- history = json_object_get (json,
- "history");
- if (NULL == history)
- {
- GNUNET_break_op (0);
- return GNUNET_SYSERR;
- }
-
- /* go over transaction history and compute
- total incoming and outgoing amounts */
- len = json_array_size (history);
- {
- struct TALER_EXCHANGE_ReserveHistoryEntry *rhistory;
-
- /* Use heap allocation as "len" may be very big and thus this may
- not fit on the stack. Use "GNUNET_malloc_large" as a malicious
- exchange may theoretically try to crash us by giving a history
- that does not fit into our memory. */
- rhistory = GNUNET_malloc_large (
- sizeof (struct TALER_EXCHANGE_ReserveHistoryEntry)
- * len);
- if (NULL == rhistory)
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
-
- if (GNUNET_OK !=
- TALER_EXCHANGE_parse_reserve_history (wh->exchange,
- history,
- &wh->reserve_pub,
- balance.currency,
- &total_in_from_history,
- &total_out_from_history,
- len,
- rhistory))
- {
- GNUNET_break_op (0);
- TALER_EXCHANGE_free_reserve_history (rhistory,
- len);
- return GNUNET_SYSERR;
- }
- TALER_EXCHANGE_free_reserve_history (rhistory,
- len);
- }
-
- /* Check that funds were really insufficient */
- if (0 >= TALER_amount_cmp (&wh->requested_amount,
- &balance))
- {
- /* Requested amount is smaller or equal to reported balance,
- so this should not have failed. */
- GNUNET_break_op (0);
- return GNUNET_SYSERR;
- }
- return GNUNET_OK;
-}
-
-
-/**
* Function called when we're done processing the
* HTTP /reserves/$RESERVE_PUB/batch-withdraw request.
*
@@ -264,16 +170,16 @@ handle_reserve_batch_withdraw_finished (void *cls,
{
struct TALER_EXCHANGE_BatchWithdraw2Handle *wh = cls;
const json_t *j = response;
- struct TALER_EXCHANGE_HttpResponse hr = {
- .reply = j,
- .http_status = (unsigned int) response_code
+ struct TALER_EXCHANGE_BatchWithdraw2Response bwr = {
+ .hr.reply = j,
+ .hr.http_status = (unsigned int) response_code
};
wh->job = NULL;
switch (response_code)
{
case 0:
- hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE;
+ bwr.hr.ec = TALER_EC_GENERIC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
if (GNUNET_OK !=
@@ -281,105 +187,91 @@ handle_reserve_batch_withdraw_finished (void *cls,
j))
{
GNUNET_break_op (0);
- hr.http_status = 0;
- hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
+ bwr.hr.http_status = 0;
+ bwr.hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
break;
}
GNUNET_assert (NULL == wh->cb);
TALER_EXCHANGE_batch_withdraw2_cancel (wh);
return;
- case MHD_HTTP_ACCEPTED:
- /* only validate reply is well-formed */
- {
- uint64_t ptu;
- struct GNUNET_JSON_Specification spec[] = {
- GNUNET_JSON_spec_uint64 ("payment_target_uuid",
- &ptu),
- GNUNET_JSON_spec_end ()
- };
-
- if (GNUNET_OK !=
- GNUNET_JSON_parse (j,
- spec,
- NULL, NULL))
- {
- GNUNET_break_op (0);
- hr.http_status = 0;
- hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
- break;
- }
- }
- break;
case MHD_HTTP_BAD_REQUEST:
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
break;
case MHD_HTTP_FORBIDDEN:
GNUNET_break_op (0);
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
break;
case MHD_HTTP_NOT_FOUND:
/* Nothing really to verify, the exchange basically just says
that it doesn't know this reserve. Can happen if we
query before the wire transfer went through.
We should simply pass the JSON reply to the application. */
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
break;
case MHD_HTTP_CONFLICT:
- /* The exchange says that the reserve has insufficient funds;
- check the signatures in the history... */
- if (GNUNET_OK !=
- reserve_batch_withdraw_payment_required (wh,
- j))
- {
- GNUNET_break_op (0);
- hr.http_status = 0;
- hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
- }
- else
- {
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
- }
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
break;
case MHD_HTTP_GONE:
/* could happen if denomination was revoked */
/* Note: one might want to check /keys for revocation
signature here, alas tricky in case our /keys
is outdated => left to clients */
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
break;
+ case MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS:
+ {
+ struct GNUNET_JSON_Specification spec[] = {
+ GNUNET_JSON_spec_fixed_auto (
+ "h_payto",
+ &bwr.details.unavailable_for_legal_reasons.h_payto),
+ GNUNET_JSON_spec_uint64 ("requirement_row",
+ &bwr.details.unavailable_for_legal_reasons.
+ kyc_requirement_id),
+ GNUNET_JSON_spec_end ()
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_JSON_parse (j,
+ spec,
+ NULL, NULL))
+ {
+ GNUNET_break_op (0);
+ bwr.hr.http_status = 0;
+ bwr.hr.ec = TALER_EC_GENERIC_REPLY_MALFORMED;
+ break;
+ }
+ }
case MHD_HTTP_INTERNAL_SERVER_ERROR:
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
break;
default:
/* unexpected response code */
GNUNET_break_op (0);
- hr.ec = TALER_JSON_get_error_code (j);
- hr.hint = TALER_JSON_get_error_hint (j);
+ bwr.hr.ec = TALER_JSON_get_error_code (j);
+ bwr.hr.hint = TALER_JSON_get_error_hint (j);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u/%d for exchange batch withdraw\n",
(unsigned int) response_code,
- (int) hr.ec);
+ (int) bwr.hr.ec);
break;
}
if (NULL != wh->cb)
{
wh->cb (wh->cb_cls,
- &hr,
- NULL,
- 0);
+ &bwr);
wh->cb = NULL;
}
TALER_EXCHANGE_batch_withdraw2_cancel (wh);
@@ -388,29 +280,25 @@ handle_reserve_batch_withdraw_finished (void *cls,
struct TALER_EXCHANGE_BatchWithdraw2Handle *
TALER_EXCHANGE_batch_withdraw2 (
- struct TALER_EXCHANGE_Handle *exchange,
+ struct GNUNET_CURL_Context *curl_ctx,
+ const char *exchange_url,
+ const struct TALER_EXCHANGE_Keys *keys,
const struct TALER_ReservePrivateKeyP *reserve_priv,
- const struct TALER_PlanchetDetail *pds,
unsigned int pds_length,
+ const struct TALER_PlanchetDetail pds[static pds_length],
TALER_EXCHANGE_BatchWithdraw2Callback res_cb,
void *res_cb_cls)
{
struct TALER_EXCHANGE_BatchWithdraw2Handle *wh;
- const struct TALER_EXCHANGE_Keys *keys;
const struct TALER_EXCHANGE_DenomPublicKey *dk;
struct TALER_ReserveSignatureP reserve_sig;
char arg_str[sizeof (struct TALER_ReservePublicKeyP) * 2 + 32];
struct TALER_BlindedCoinHashP bch;
json_t *jc;
- keys = TALER_EXCHANGE_get_keys (exchange);
- if (NULL == keys)
- {
- GNUNET_break (0);
- return NULL;
- }
+ GNUNET_assert (NULL != keys);
wh = GNUNET_new (struct TALER_EXCHANGE_BatchWithdraw2Handle);
- wh->exchange = exchange;
+ wh->keys = keys;
wh->cb = res_cb;
wh->cb_cls = res_cb_cls;
wh->num_coins = pds_length;
@@ -431,14 +319,15 @@ TALER_EXCHANGE_batch_withdraw2 (
*end = '\0';
GNUNET_snprintf (arg_str,
sizeof (arg_str),
- "/reserves/%s/batch-withdraw",
+ "reserves/%s/batch-withdraw",
pub_str);
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Attempting to batch-withdraw from reserve %s\n",
TALER_B2S (&wh->reserve_pub));
- wh->url = TEAH_path_to_url (exchange,
- arg_str);
+ wh->url = TALER_url_join (exchange_url,
+ arg_str,
+ NULL);
if (NULL == wh->url)
{
GNUNET_break (0);
@@ -485,16 +374,9 @@ TALER_EXCHANGE_batch_withdraw2 (
json_decref (jc);
return NULL;
}
- if (GNUNET_OK !=
- TALER_coin_ev_hash (&pd->blinded_planchet,
- &pd->denom_pub_hash,
- &bch))
- {
- GNUNET_break (0);
- TALER_EXCHANGE_batch_withdraw2_cancel (wh);
- json_decref (jc);
- return NULL;
- }
+ TALER_coin_ev_hash (&pd->blinded_planchet,
+ &pd->denom_pub_hash,
+ &bch);
TALER_wallet_withdraw_sign (&pd->denom_pub_hash,
&coin_total,
&bch,
@@ -514,13 +396,11 @@ TALER_EXCHANGE_batch_withdraw2 (
}
{
CURL *eh;
- struct GNUNET_CURL_Context *ctx;
json_t *req;
req = GNUNET_JSON_PACK (
GNUNET_JSON_pack_array_steal ("planchets",
jc));
- ctx = TEAH_handle_to_context (exchange);
eh = TALER_EXCHANGE_curl_easy_get_ (wh->url);
if ( (NULL == eh) ||
(GNUNET_OK !=
@@ -536,7 +416,7 @@ TALER_EXCHANGE_batch_withdraw2 (
return NULL;
}
json_decref (req);
- wh->job = GNUNET_CURL_job_add2 (ctx,
+ wh->job = GNUNET_CURL_job_add2 (curl_ctx,
eh,
wh->post_ctx.headers,
&handle_reserve_batch_withdraw_finished,