diff options
Diffstat (limited to 'src/mint/taler-mint-httpd_keys.c')
-rw-r--r-- | src/mint/taler-mint-httpd_keys.c | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/src/mint/taler-mint-httpd_keys.c b/src/mint/taler-mint-httpd_keys.c index ce8bdf6e0..6d6e9468d 100644 --- a/src/mint/taler-mint-httpd_keys.c +++ b/src/mint/taler-mint-httpd_keys.c | |||
@@ -28,7 +28,6 @@ | |||
28 | #include <pthread.h> | 28 | #include <pthread.h> |
29 | #include "mint.h" | 29 | #include "mint.h" |
30 | #include "mint_db.h" | 30 | #include "mint_db.h" |
31 | #include "taler_types.h" | ||
32 | #include "taler_signatures.h" | 31 | #include "taler_signatures.h" |
33 | #include "taler_rsa.h" | 32 | #include "taler_rsa.h" |
34 | #include "taler_json_lib.h" | 33 | #include "taler_json_lib.h" |
@@ -145,7 +144,7 @@ TALER_MINT_conf_duration_provide () | |||
145 | static int | 144 | static int |
146 | reload_keys_denom_iter (void *cls, | 145 | reload_keys_denom_iter (void *cls, |
147 | const char *alias, | 146 | const char *alias, |
148 | const struct TALER_MINT_DenomKeyIssue *dki) | 147 | const struct TALER_MINT_DenomKeyIssuePriv *dki) |
149 | { | 148 | { |
150 | struct MintKeyState *ctx = cls; | 149 | struct MintKeyState *ctx = cls; |
151 | struct GNUNET_TIME_Absolute stamp_provide; | 150 | struct GNUNET_TIME_Absolute stamp_provide; |
@@ -155,28 +154,30 @@ reload_keys_denom_iter (void *cls, | |||
155 | stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, | 154 | stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, |
156 | TALER_MINT_conf_duration_provide ()); | 155 | TALER_MINT_conf_duration_provide ()); |
157 | 156 | ||
158 | if (GNUNET_TIME_absolute_ntoh (dki->expire_spend).abs_value_us < ctx->reload_time.abs_value_us) | 157 | if (GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us < ctx->reload_time.abs_value_us) |
159 | { | 158 | { |
160 | // this key is expired | 159 | // this key is expired |
161 | return GNUNET_OK; | 160 | return GNUNET_OK; |
162 | } | 161 | } |
163 | if (GNUNET_TIME_absolute_ntoh (dki->start).abs_value_us > stamp_provide.abs_value_us) | 162 | if (GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us > stamp_provide.abs_value_us) |
164 | { | 163 | { |
165 | // we are to early for this key | 164 | // we are to early for this key |
166 | return GNUNET_OK; | 165 | return GNUNET_OK; |
167 | } | 166 | } |
168 | 167 | ||
169 | GNUNET_CRYPTO_hash (&dki->denom_pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey), &denom_key_hash); | 168 | GNUNET_CRYPTO_hash (&dki->issue.denom_pub, |
169 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey), | ||
170 | &denom_key_hash); | ||
170 | 171 | ||
171 | res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map, | 172 | res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map, |
172 | &denom_key_hash, | 173 | &denom_key_hash, |
173 | GNUNET_memdup (dki, sizeof (struct TALER_MINT_DenomKeyIssue)), | 174 | GNUNET_memdup (dki, sizeof (struct TALER_MINT_DenomKeyIssuePriv)), |
174 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); | 175 | GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); |
175 | if (GNUNET_OK != res) | 176 | if (GNUNET_OK != res) |
176 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Duplicate denomination key\n"); | 177 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Duplicate denomination key\n"); |
177 | 178 | ||
178 | json_array_append_new (ctx->denom_keys_array, | 179 | json_array_append_new (ctx->denom_keys_array, |
179 | denom_key_issue_to_json (dki)); | 180 | denom_key_issue_to_json (&dki->issue)); |
180 | 181 | ||
181 | return GNUNET_OK; | 182 | return GNUNET_OK; |
182 | } | 183 | } |
@@ -193,20 +194,20 @@ reload_keys_denom_iter (void *cls, | |||
193 | */ | 194 | */ |
194 | static int | 195 | static int |
195 | reload_keys_sign_iter (void *cls, | 196 | reload_keys_sign_iter (void *cls, |
196 | const struct TALER_MINT_SignKeyIssue *ski) | 197 | const struct TALER_MINT_SignKeyIssuePriv *ski) |
197 | { | 198 | { |
198 | struct MintKeyState *ctx = cls; | 199 | struct MintKeyState *ctx = cls; |
199 | struct GNUNET_TIME_Absolute stamp_provide; | 200 | struct GNUNET_TIME_Absolute stamp_provide; |
200 | 201 | ||
201 | stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, TALER_MINT_conf_duration_provide (cfg)); | 202 | stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, TALER_MINT_conf_duration_provide (cfg)); |
202 | 203 | ||
203 | if (GNUNET_TIME_absolute_ntoh (ski->expire).abs_value_us < ctx->reload_time.abs_value_us) | 204 | if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us < ctx->reload_time.abs_value_us) |
204 | { | 205 | { |
205 | // this key is expired | 206 | // this key is expired |
206 | return GNUNET_OK; | 207 | return GNUNET_OK; |
207 | } | 208 | } |
208 | 209 | ||
209 | if (GNUNET_TIME_absolute_ntoh (ski->start).abs_value_us > stamp_provide.abs_value_us) | 210 | if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us > stamp_provide.abs_value_us) |
210 | { | 211 | { |
211 | // we are to early for this key | 212 | // we are to early for this key |
212 | return GNUNET_OK; | 213 | return GNUNET_OK; |
@@ -214,16 +215,16 @@ reload_keys_sign_iter (void *cls, | |||
214 | 215 | ||
215 | // the signkey is valid for now, check | 216 | // the signkey is valid for now, check |
216 | // if it's more recent than the current one! | 217 | // if it's more recent than the current one! |
217 | if (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.start).abs_value_us > | 218 | if (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.issue.start).abs_value_us > |
218 | GNUNET_TIME_absolute_ntoh (ski->start).abs_value_us) | 219 | GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us) |
219 | ctx->current_sign_key_issue = *ski; | 220 | ctx->current_sign_key_issue = *ski; |
220 | 221 | ||
221 | 222 | ||
222 | ctx->next_reload = GNUNET_TIME_absolute_min (ctx->next_reload, | 223 | ctx->next_reload = GNUNET_TIME_absolute_min (ctx->next_reload, |
223 | GNUNET_TIME_absolute_ntoh (ski->expire)); | 224 | GNUNET_TIME_absolute_ntoh (ski->issue.expire)); |
224 | 225 | ||
225 | json_array_append_new (ctx->sign_keys_array, | 226 | json_array_append_new (ctx->sign_keys_array, |
226 | sign_key_issue_to_json (ski)); | 227 | sign_key_issue_to_json (&ski->issue)); |
227 | 228 | ||
228 | return GNUNET_OK; | 229 | return GNUNET_OK; |
229 | } | 230 | } |
@@ -334,14 +335,16 @@ TALER_MINT_key_state_acquire (void) | |||
334 | * @return the denomination key issue, | 335 | * @return the denomination key issue, |
335 | * or NULL if denom_pub could not be found | 336 | * or NULL if denom_pub could not be found |
336 | */ | 337 | */ |
337 | struct TALER_MINT_DenomKeyIssue * | 338 | struct TALER_MINT_DenomKeyIssuePriv * |
338 | TALER_MINT_get_denom_key (const struct MintKeyState *key_state, | 339 | TALER_MINT_get_denom_key (const struct MintKeyState *key_state, |
339 | const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) | 340 | const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) |
340 | { | 341 | { |
341 | struct TALER_MINT_DenomKeyIssue *issue; | 342 | struct TALER_MINT_DenomKeyIssuePriv *issue; |
342 | struct GNUNET_HashCode hash; | 343 | struct GNUNET_HashCode hash; |
343 | 344 | ||
344 | GNUNET_CRYPTO_hash (denom_pub, sizeof (struct TALER_RSA_PublicKeyBinaryEncoded), &hash); | 345 | GNUNET_CRYPTO_hash (denom_pub, |
346 | sizeof (struct TALER_RSA_PublicKeyBinaryEncoded), | ||
347 | &hash); | ||
345 | issue = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, &hash); | 348 | issue = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, &hash); |
346 | return issue; | 349 | return issue; |
347 | } | 350 | } |
@@ -361,7 +364,7 @@ int | |||
361 | TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, | 364 | TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, |
362 | struct TALER_CoinPublicInfo *coin_public_info) | 365 | struct TALER_CoinPublicInfo *coin_public_info) |
363 | { | 366 | { |
364 | struct TALER_MINT_DenomKeyIssue *dki; | 367 | struct TALER_MINT_DenomKeyIssuePriv *dki; |
365 | 368 | ||
366 | dki = TALER_MINT_get_denom_key (key_state, &coin_public_info->denom_pub); | 369 | dki = TALER_MINT_get_denom_key (key_state, &coin_public_info->denom_pub); |
367 | if (NULL == dki) | 370 | if (NULL == dki) |
@@ -369,7 +372,7 @@ TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, | |||
369 | if (GNUNET_OK != TALER_RSA_verify (&coin_public_info->coin_pub, | 372 | if (GNUNET_OK != TALER_RSA_verify (&coin_public_info->coin_pub, |
370 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), | 373 | sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), |
371 | &coin_public_info->denom_sig, | 374 | &coin_public_info->denom_sig, |
372 | &dki->denom_pub)) | 375 | &dki->issue.denom_pub)) |
373 | { | 376 | { |
374 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, | 377 | GNUNET_log (GNUNET_ERROR_TYPE_WARNING, |
375 | "coin signature is invalid\n"); | 378 | "coin signature is invalid\n"); |