aboutsummaryrefslogtreecommitdiff
path: root/src/mint/taler-mint-httpd_keys.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mint/taler-mint-httpd_keys.c')
-rw-r--r--src/mint/taler-mint-httpd_keys.c41
1 files changed, 22 insertions, 19 deletions
diff --git a/src/mint/taler-mint-httpd_keys.c b/src/mint/taler-mint-httpd_keys.c
index ce8bdf6e0..6d6e9468d 100644
--- a/src/mint/taler-mint-httpd_keys.c
+++ b/src/mint/taler-mint-httpd_keys.c
@@ -28,7 +28,6 @@
28#include <pthread.h> 28#include <pthread.h>
29#include "mint.h" 29#include "mint.h"
30#include "mint_db.h" 30#include "mint_db.h"
31#include "taler_types.h"
32#include "taler_signatures.h" 31#include "taler_signatures.h"
33#include "taler_rsa.h" 32#include "taler_rsa.h"
34#include "taler_json_lib.h" 33#include "taler_json_lib.h"
@@ -145,7 +144,7 @@ TALER_MINT_conf_duration_provide ()
145static int 144static int
146reload_keys_denom_iter (void *cls, 145reload_keys_denom_iter (void *cls,
147 const char *alias, 146 const char *alias,
148 const struct TALER_MINT_DenomKeyIssue *dki) 147 const struct TALER_MINT_DenomKeyIssuePriv *dki)
149{ 148{
150 struct MintKeyState *ctx = cls; 149 struct MintKeyState *ctx = cls;
151 struct GNUNET_TIME_Absolute stamp_provide; 150 struct GNUNET_TIME_Absolute stamp_provide;
@@ -155,28 +154,30 @@ reload_keys_denom_iter (void *cls,
155 stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, 154 stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time,
156 TALER_MINT_conf_duration_provide ()); 155 TALER_MINT_conf_duration_provide ());
157 156
158 if (GNUNET_TIME_absolute_ntoh (dki->expire_spend).abs_value_us < ctx->reload_time.abs_value_us) 157 if (GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us < ctx->reload_time.abs_value_us)
159 { 158 {
160 // this key is expired 159 // this key is expired
161 return GNUNET_OK; 160 return GNUNET_OK;
162 } 161 }
163 if (GNUNET_TIME_absolute_ntoh (dki->start).abs_value_us > stamp_provide.abs_value_us) 162 if (GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us > stamp_provide.abs_value_us)
164 { 163 {
165 // we are to early for this key 164 // we are to early for this key
166 return GNUNET_OK; 165 return GNUNET_OK;
167 } 166 }
168 167
169 GNUNET_CRYPTO_hash (&dki->denom_pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey), &denom_key_hash); 168 GNUNET_CRYPTO_hash (&dki->issue.denom_pub,
169 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey),
170 &denom_key_hash);
170 171
171 res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map, 172 res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map,
172 &denom_key_hash, 173 &denom_key_hash,
173 GNUNET_memdup (dki, sizeof (struct TALER_MINT_DenomKeyIssue)), 174 GNUNET_memdup (dki, sizeof (struct TALER_MINT_DenomKeyIssuePriv)),
174 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); 175 GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
175 if (GNUNET_OK != res) 176 if (GNUNET_OK != res)
176 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Duplicate denomination key\n"); 177 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Duplicate denomination key\n");
177 178
178 json_array_append_new (ctx->denom_keys_array, 179 json_array_append_new (ctx->denom_keys_array,
179 denom_key_issue_to_json (dki)); 180 denom_key_issue_to_json (&dki->issue));
180 181
181 return GNUNET_OK; 182 return GNUNET_OK;
182} 183}
@@ -193,20 +194,20 @@ reload_keys_denom_iter (void *cls,
193 */ 194 */
194static int 195static int
195reload_keys_sign_iter (void *cls, 196reload_keys_sign_iter (void *cls,
196 const struct TALER_MINT_SignKeyIssue *ski) 197 const struct TALER_MINT_SignKeyIssuePriv *ski)
197{ 198{
198 struct MintKeyState *ctx = cls; 199 struct MintKeyState *ctx = cls;
199 struct GNUNET_TIME_Absolute stamp_provide; 200 struct GNUNET_TIME_Absolute stamp_provide;
200 201
201 stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, TALER_MINT_conf_duration_provide (cfg)); 202 stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, TALER_MINT_conf_duration_provide (cfg));
202 203
203 if (GNUNET_TIME_absolute_ntoh (ski->expire).abs_value_us < ctx->reload_time.abs_value_us) 204 if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us < ctx->reload_time.abs_value_us)
204 { 205 {
205 // this key is expired 206 // this key is expired
206 return GNUNET_OK; 207 return GNUNET_OK;
207 } 208 }
208 209
209 if (GNUNET_TIME_absolute_ntoh (ski->start).abs_value_us > stamp_provide.abs_value_us) 210 if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us > stamp_provide.abs_value_us)
210 { 211 {
211 // we are to early for this key 212 // we are to early for this key
212 return GNUNET_OK; 213 return GNUNET_OK;
@@ -214,16 +215,16 @@ reload_keys_sign_iter (void *cls,
214 215
215 // the signkey is valid for now, check 216 // the signkey is valid for now, check
216 // if it's more recent than the current one! 217 // if it's more recent than the current one!
217 if (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.start).abs_value_us > 218 if (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.issue.start).abs_value_us >
218 GNUNET_TIME_absolute_ntoh (ski->start).abs_value_us) 219 GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us)
219 ctx->current_sign_key_issue = *ski; 220 ctx->current_sign_key_issue = *ski;
220 221
221 222
222 ctx->next_reload = GNUNET_TIME_absolute_min (ctx->next_reload, 223 ctx->next_reload = GNUNET_TIME_absolute_min (ctx->next_reload,
223 GNUNET_TIME_absolute_ntoh (ski->expire)); 224 GNUNET_TIME_absolute_ntoh (ski->issue.expire));
224 225
225 json_array_append_new (ctx->sign_keys_array, 226 json_array_append_new (ctx->sign_keys_array,
226 sign_key_issue_to_json (ski)); 227 sign_key_issue_to_json (&ski->issue));
227 228
228 return GNUNET_OK; 229 return GNUNET_OK;
229} 230}
@@ -334,14 +335,16 @@ TALER_MINT_key_state_acquire (void)
334 * @return the denomination key issue, 335 * @return the denomination key issue,
335 * or NULL if denom_pub could not be found 336 * or NULL if denom_pub could not be found
336 */ 337 */
337struct TALER_MINT_DenomKeyIssue * 338struct TALER_MINT_DenomKeyIssuePriv *
338TALER_MINT_get_denom_key (const struct MintKeyState *key_state, 339TALER_MINT_get_denom_key (const struct MintKeyState *key_state,
339 const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub) 340 const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub)
340{ 341{
341 struct TALER_MINT_DenomKeyIssue *issue; 342 struct TALER_MINT_DenomKeyIssuePriv *issue;
342 struct GNUNET_HashCode hash; 343 struct GNUNET_HashCode hash;
343 344
344 GNUNET_CRYPTO_hash (denom_pub, sizeof (struct TALER_RSA_PublicKeyBinaryEncoded), &hash); 345 GNUNET_CRYPTO_hash (denom_pub,
346 sizeof (struct TALER_RSA_PublicKeyBinaryEncoded),
347 &hash);
345 issue = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, &hash); 348 issue = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, &hash);
346 return issue; 349 return issue;
347} 350}
@@ -361,7 +364,7 @@ int
361TALER_MINT_test_coin_valid (const struct MintKeyState *key_state, 364TALER_MINT_test_coin_valid (const struct MintKeyState *key_state,
362 struct TALER_CoinPublicInfo *coin_public_info) 365 struct TALER_CoinPublicInfo *coin_public_info)
363{ 366{
364 struct TALER_MINT_DenomKeyIssue *dki; 367 struct TALER_MINT_DenomKeyIssuePriv *dki;
365 368
366 dki = TALER_MINT_get_denom_key (key_state, &coin_public_info->denom_pub); 369 dki = TALER_MINT_get_denom_key (key_state, &coin_public_info->denom_pub);
367 if (NULL == dki) 370 if (NULL == dki)
@@ -369,7 +372,7 @@ TALER_MINT_test_coin_valid (const struct MintKeyState *key_state,
369 if (GNUNET_OK != TALER_RSA_verify (&coin_public_info->coin_pub, 372 if (GNUNET_OK != TALER_RSA_verify (&coin_public_info->coin_pub,
370 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), 373 sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
371 &coin_public_info->denom_sig, 374 &coin_public_info->denom_sig,
372 &dki->denom_pub)) 375 &dki->issue.denom_pub))
373 { 376 {
374 GNUNET_log (GNUNET_ERROR_TYPE_WARNING, 377 GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
375 "coin signature is invalid\n"); 378 "coin signature is invalid\n");