diff options
Diffstat (limited to 'src/mint/taler-mint-httpd_keystate.c')
| -rw-r--r-- | src/mint/taler-mint-httpd_keystate.c | 1011 |
1 files changed, 0 insertions, 1011 deletions
diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c deleted file mode 100644 index f1856e673..000000000 --- a/src/mint/taler-mint-httpd_keystate.c +++ /dev/null @@ -1,1011 +0,0 @@ -/* - This file is part of TALER - Copyright (C) 2014, 2015 GNUnet e.V. - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU Affero General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License along with - TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/> -*/ -/** - * @file taler-mint-httpd_keystate.c - * @brief management of our coin signing keys - * @author Florian Dold - * @author Benedikt Mueller - * @author Christian Grothoff - */ -#include "platform.h" -#include <pthread.h> -#include "taler-mint-httpd_keystate.h" -#include "taler-mint-httpd_responses.h" -#include "taler_mintdb_plugin.h" - - -/** - * Snapshot of the (coin and signing) keys (including private keys) of - * the mint. There can be multiple instances of this struct, as it is - * reference counted and only destroyed once the last user is done - * with it. The current instance is acquired using - * #TMH_KS_acquire(). Using this function increases the - * reference count. The contents of this structure (except for the - * reference counter) should be considered READ-ONLY until it is - * ultimately destroyed (as there can be many concurrent users). - */ -struct TMH_KS_StateHandle -{ - /** - * JSON array with denomination keys. (Currently not really used - * after initialization.) - */ - json_t *denom_keys_array; - - /** - * JSON array with signing keys. (Currently not really used - * after initialization.) - */ - json_t *sign_keys_array; - - /** - * JSON array with auditor information. (Currently not really used - * after initialization.) - */ - json_t *auditors_array; - - /** - * Cached JSON text that the mint will send for a "/keys" request. - * Includes our @e TMH_master_public_key public key, the signing and - * denomination keys as well as the @e reload_time. - */ - char *keys_json; - - /** - * Mapping from denomination keys to denomination key issue struct. - * Used to lookup the key by hash. - */ - struct GNUNET_CONTAINER_MultiHashMap *denomkey_map; - - /** - * Hash context we used to combine the hashes of all denomination - * keys into one big hash. - */ - struct GNUNET_HashContext *hash_context; - - /** - * When did we initiate the key reloading? - */ - struct GNUNET_TIME_Absolute reload_time; - - /** - * When is the next key invalid and we have to reload? (We also - * reload on SIGUSR1.) - */ - struct GNUNET_TIME_Absolute next_reload; - - /** - * Mint signing key that should be used currently. - */ - struct TALER_MINTDB_PrivateSigningKeyInformationP current_sign_key_issue; - - /** - * Reference count. The struct is released when the RC hits zero. - */ - unsigned int refcnt; -}; - - -/** - * Mint key state. Never use directly, instead access via - * #TMH_KS_acquire() and #TMH_KS_release(). - */ -static struct TMH_KS_StateHandle *internal_key_state; - -/** - * Mutex protecting access to #internal_key_state. - */ -static pthread_mutex_t internal_key_state_mutex = PTHREAD_MUTEX_INITIALIZER; - -/** - * Pipe used for signaling reloading of our key state. - */ -static int reload_pipe[2]; - - -/** - * Convert the public part of a denomination key issue to a JSON - * object. - * - * @param pk public key of the denomination key - * @param dki the denomination key issue - * @return a JSON object describing the denomination key isue (public part) - */ -static json_t * -denom_key_issue_to_json (const struct TALER_DenominationPublicKey *pk, - const struct TALER_MINTDB_DenominationKeyInformationP *dki) -{ - struct TALER_Amount value; - struct TALER_Amount fee_withdraw; - struct TALER_Amount fee_deposit; - struct TALER_Amount fee_refresh; - - TALER_amount_ntoh (&value, - &dki->properties.value); - TALER_amount_ntoh (&fee_withdraw, - &dki->properties.fee_withdraw); - TALER_amount_ntoh (&fee_deposit, - &dki->properties.fee_deposit); - TALER_amount_ntoh (&fee_refresh, - &dki->properties.fee_refresh); - return - json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o}", - "master_sig", - TALER_json_from_data (&dki->signature, - sizeof (struct GNUNET_CRYPTO_EddsaSignature)), - "stamp_start", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.start)), - "stamp_expire_withdraw", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_withdraw)), - "stamp_expire_deposit", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_spend)), - "stamp_expire_legal", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_legal)), - "denom_pub", - TALER_json_from_rsa_public_key (pk->rsa_public_key), - "value", - TALER_json_from_amount (&value), - "fee_withdraw", - TALER_json_from_amount (&fee_withdraw), - "fee_deposit", - TALER_json_from_amount (&fee_deposit), - "fee_refresh", - TALER_json_from_amount (&fee_refresh)); -} - - -/** - * Get the relative time value that describes how - * far in the future do we want to provide coin keys. - * - * @return the provide duration - */ -static struct GNUNET_TIME_Relative -TALER_MINT_conf_duration_provide () -{ - struct GNUNET_TIME_Relative rel; - - if (GNUNET_OK != - GNUNET_CONFIGURATION_get_value_time (cfg, - "mint_keys", - "lookahead_provide", - &rel)) - { - GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, - "mint_keys", - "lookahead_provide", - "time value required"); - GNUNET_assert (0); - } - return rel; -} - - -/** - * Iterator for (re)loading/initializing denomination keys. - * - * @param cls closure - * @param dki the denomination key issue - * @param alias coin alias - * @return #GNUNET_OK to continue to iterate, - * #GNUNET_NO to stop iteration with no error, - * #GNUNET_SYSERR to abort iteration with error! - */ -static int -reload_keys_denom_iter (void *cls, - const char *alias, - const struct TALER_MINTDB_DenominationKeyIssueInformation *dki) -{ - struct TMH_KS_StateHandle *ctx = cls; - struct GNUNET_TIME_Absolute now; - struct GNUNET_TIME_Absolute horizon; - struct GNUNET_HashCode denom_key_hash; - struct TALER_MINTDB_DenominationKeyIssueInformation *d2; - struct TALER_MINTDB_Session *session; - int res; - - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Loading denomination key `%s'\n", - alias); - horizon = GNUNET_TIME_relative_to_absolute (TALER_MINT_conf_duration_provide ()); - if (GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us > - horizon.abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Skipping future denomination key `%s'\n", - alias); - return GNUNET_OK; - } - now = GNUNET_TIME_absolute_get (); - if (GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us < - now.abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Skipping expired denomination key `%s'\n", - alias); - return GNUNET_OK; - } - - GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key, - &denom_key_hash); - GNUNET_CRYPTO_hash_context_read (ctx->hash_context, - &denom_key_hash, - sizeof (struct GNUNET_HashCode)); - session = TMH_plugin->get_session (TMH_plugin->cls, - TMH_test_mode); - if (NULL == session) - return GNUNET_SYSERR; - /* Try to insert DKI into DB until we succeed; note that if the DB - failure is persistent, this code may loop forever (as there is no - sane alternative, we cannot continue without the DKI being in the - DB). */ - res = GNUNET_SYSERR; - while (GNUNET_OK != res) - { - res = TMH_plugin->start (TMH_plugin->cls, - session); - if (GNUNET_OK != res) - { - /* Transaction start failed!? Very bad error, log and retry */ - GNUNET_break (0); - continue; - } - res = TMH_plugin->get_denomination_info (TMH_plugin->cls, - session, - &dki->denom_pub, - NULL); - if (GNUNET_SYSERR == res) - { - /* Fetch failed!? Very bad error, log and retry */ - GNUNET_break (0); - TMH_plugin->rollback (TMH_plugin->cls, - session); - continue; - } - if (GNUNET_OK == res) - { - /* Record exists, we're good, just exit */ - TMH_plugin->rollback (TMH_plugin->cls, - session); - break; - } - res = TMH_plugin->insert_denomination_info (TMH_plugin->cls, - session, - &dki->denom_pub, - &dki->issue); - if (GNUNET_OK != res) - { - /* Insert failed!? Very bad error, log and retry */ - GNUNET_break (0); - TMH_plugin->rollback (TMH_plugin->cls, - session); - continue; - } - res = TMH_plugin->commit (TMH_plugin->cls, - session); - /* If commit succeeded, we're done, otherwise we retry; this - time without logging, as theroetically commits can fail - in a transactional DB due to concurrent activities that - cannot be reconciled. This should be rare for DKIs, but - as it is possible we just retry until we succeed. */ - } - - d2 = GNUNET_new (struct TALER_MINTDB_DenominationKeyIssueInformation); - d2->issue = dki->issue; - d2->denom_priv.rsa_private_key - = GNUNET_CRYPTO_rsa_private_key_dup (dki->denom_priv.rsa_private_key); - d2->denom_pub.rsa_public_key - = GNUNET_CRYPTO_rsa_public_key_dup (dki->denom_pub.rsa_public_key); - res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map, - &denom_key_hash, - d2, - GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); - if (GNUNET_OK != res) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Duplicate denomination key `%s'\n", - alias); - GNUNET_CRYPTO_rsa_private_key_free (d2->denom_priv.rsa_private_key); - GNUNET_CRYPTO_rsa_public_key_free (d2->denom_pub.rsa_public_key); - GNUNET_free (d2); - return GNUNET_OK; - } - json_array_append_new (ctx->denom_keys_array, - denom_key_issue_to_json (&dki->denom_pub, - &dki->issue)); - return GNUNET_OK; -} - - -/** - * Convert the public part of a sign key issue to a JSON object. - * - * @param ski the sign key issue - * @return a JSON object describing the sign key issue (public part) - */ -static json_t * -sign_key_issue_to_json (const struct TALER_MintSigningKeyValidityPS *ski) -{ - return - json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}", - "stamp_start", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)), - "stamp_expire", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)), - "stamp_end", - TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->end)), - "master_pub", - TALER_json_from_data (&ski->master_public_key, - sizeof (struct TALER_MasterPublicKeyP)), - "master_sig", - TALER_json_from_data (&ski->signature, - sizeof (struct TALER_MasterSignatureP)), - "key", - TALER_json_from_data (&ski->signkey_pub, - sizeof (struct TALER_MintPublicKeyP))); -} - - -/** - * Iterator for sign keys. - * - * @param cls closure with the `struct TMH_KS_StateHandle *` - * @param filename name of the file the key came from - * @param ski the sign key issue - * @return #GNUNET_OK to continue to iterate, - * #GNUNET_NO to stop iteration with no error, - * #GNUNET_SYSERR to abort iteration with error! - */ -static int -reload_keys_sign_iter (void *cls, - const char *filename, - const struct TALER_MINTDB_PrivateSigningKeyInformationP *ski) -{ - struct TMH_KS_StateHandle *ctx = cls; - struct GNUNET_TIME_Absolute now; - struct GNUNET_TIME_Absolute horizon; - - horizon = GNUNET_TIME_relative_to_absolute (TALER_MINT_conf_duration_provide ()); - if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us > - horizon.abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Skipping future signing key `%s'\n", - filename); - return GNUNET_OK; - } - now = GNUNET_TIME_absolute_get (); - if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us < - now.abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Skipping expired signing key `%s'\n", - filename); - return GNUNET_OK; - } - - /* The signkey is valid at this time, check if it's more recent than - what we have so far! */ - if ( (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.issue.start).abs_value_us < - GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us) && - (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us < - now.abs_value_us) ) - { - /* We use the most recent one, if it is valid now (not just in the near future) */ - ctx->current_sign_key_issue = *ski; - } - json_array_append_new (ctx->sign_keys_array, - sign_key_issue_to_json (&ski->issue)); - - return GNUNET_OK; -} - - -/** - * Convert information from an auditor to a JSON object. - * - * @param apub the auditor's public key - * @param dki_len length of @a dki and @a asigs arrays - * @param asigs the auditor's signatures - * @param dki array of denomination coin data signed by the auditor - * @return a JSON object describing the auditor information and signature - */ -static json_t * -auditor_to_json (const struct TALER_AuditorPublicKeyP *apub, - unsigned int dki_len, - const struct TALER_AuditorSignatureP **asigs, - const struct TALER_DenominationKeyValidityPS **dki) -{ - unsigned int i; - json_t *ja; - - ja = json_array (); - for (i=0;i<dki_len;i++) - json_array_append_new (ja, - json_pack ("{s:o, s:o}", - "denom_pub_h", - TALER_json_from_data (&dki[i]->denom_hash, - sizeof (struct GNUNET_HashCode)), - "auditor_sig", - TALER_json_from_data (asigs[i], - sizeof (struct TALER_AuditorSignatureP)))); - return - json_pack ("{s:o, s:o}", - "denomination_keys", ja, - "auditor_pub", - TALER_json_from_data (apub, - sizeof (struct TALER_AuditorPublicKeyP))); -} - - -/** - * @brief Iterator called with auditor information. - * Check that the @a mpub actually matches this mint, and then - * add the auditor information to our /keys response (if it is - * (still) applicable). - * - * @param cls closure with the `struct TMH_KS_StateHandle *` - * @param apub the auditor's public key - * @param mpub the mint's public key (as expected by the auditor) - * @param dki_len length of @a dki and @a asigs - * @param asigs array with the auditor's signatures, of length @a dki_len - * @param dki array of denomination coin data signed by the auditor - * @return #GNUNET_OK to continue to iterate, - * #GNUNET_NO to stop iteration with no error, - * #GNUNET_SYSERR to abort iteration with error! - */ -static int -reload_auditor_iter (void *cls, - const struct TALER_AuditorPublicKeyP *apub, - const struct TALER_MasterPublicKeyP *mpub, - unsigned int dki_len, - const struct TALER_AuditorSignatureP *asigs, - const struct TALER_DenominationKeyValidityPS *dki) -{ - struct TMH_KS_StateHandle *ctx = cls; - unsigned int i; - unsigned int keep; - const struct TALER_AuditorSignatureP *kept_asigs[dki_len]; - const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len]; - - /* Check if the signature is at least for this mint. */ - if (0 != memcmp (&mpub->eddsa_pub, - &TMH_master_public_key, - sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Auditing information provided for a different mint, ignored\n"); - return GNUNET_OK; - } - /* Filter the auditor information for those for which the - keys actually match the denomination keys that are active right now */ - keep = 0; - for (i=0;i<dki_len;i++) - { - if (GNUNET_YES == - GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map, - &dki[i].denom_hash)) - { - kept_asigs[keep] = &asigs[i]; - kept_dkis[keep] = &dki[i]; - keep++; - } - } - /* add auditor information to our /keys response */ - json_array_append_new (ctx->auditors_array, - auditor_to_json (apub, - keep, - kept_asigs, - kept_dkis)); - return GNUNET_OK; -} - - -/** - * Iterator for freeing denomination keys. - * - * @param cls closure with the `struct TMH_KS_StateHandle` - * @param key key for the denomination key - * @param value coin details - * @return #GNUNET_OK to continue to iterate, - * #GNUNET_NO to stop iteration with no error, - * #GNUNET_SYSERR to abort iteration with error! - */ -static int -free_denom_key (void *cls, - const struct GNUNET_HashCode *key, - void *value) -{ - struct TALER_MINTDB_DenominationKeyIssueInformation *dki = value; - - GNUNET_CRYPTO_rsa_private_key_free (dki->denom_priv.rsa_private_key); - GNUNET_CRYPTO_rsa_public_key_free (dki->denom_pub.rsa_public_key); - GNUNET_free (dki); - return GNUNET_OK; -} - - -/** - * Release key state, free if necessary (if reference count gets to zero). - * Internal method used when the mutex is already held. - * - * @param key_state the key state to release - */ -static void -ks_release_ (struct TMH_KS_StateHandle *key_state) -{ - GNUNET_assert (0 < key_state->refcnt); - key_state->refcnt--; - if (0 == key_state->refcnt) - { - if (NULL != key_state->denom_keys_array) - { - json_decref (key_state->denom_keys_array); - key_state->denom_keys_array = NULL; - } - if (NULL != key_state->sign_keys_array) - { - json_decref (key_state->sign_keys_array); - key_state->sign_keys_array = NULL; - } - if (NULL != key_state->denomkey_map) - { - GNUNET_CONTAINER_multihashmap_iterate (key_state->denomkey_map, - &free_denom_key, - key_state); - GNUNET_CONTAINER_multihashmap_destroy (key_state->denomkey_map); - key_state->denomkey_map = NULL; - } - GNUNET_free_non_null (key_state->keys_json); - GNUNET_free (key_state); - } -} - - -/** - * Release key state, free if necessary (if reference count gets to zero). - * - * @param location name of the function in which the lock is acquired - * @param key_state the key state to release - */ -void -TMH_KS_release_ (const char *location, - struct TMH_KS_StateHandle *key_state) -{ - GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex)); - ks_release_ (key_state); - GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex)); -} - - -/** - * Acquire the key state of the mint. Updates keys if necessary. - * For every call to #TMH_KS_acquire(), a matching call - * to #TMH_KS_release() must be made. - * - * @param location name of the function in which the lock is acquired - * @return the key state - */ -struct TMH_KS_StateHandle * -TMH_KS_acquire_ (const char *location) -{ - struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); - struct TMH_KS_StateHandle *key_state; - json_t *keys; - struct TALER_MintKeySetPS ks; - struct TALER_MintSignatureP sig; - - GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex)); - if ( (NULL != internal_key_state) && - (internal_key_state->next_reload.abs_value_us <= now.abs_value_us) ) - { - ks_release_ (internal_key_state); - internal_key_state = NULL; - } - if (NULL == internal_key_state) - { - key_state = GNUNET_new (struct TMH_KS_StateHandle); - key_state->hash_context = GNUNET_CRYPTO_hash_context_start (); - - - key_state->denom_keys_array = json_array (); - GNUNET_assert (NULL != key_state->denom_keys_array); - - key_state->sign_keys_array = json_array (); - GNUNET_assert (NULL != key_state->sign_keys_array); - - key_state->auditors_array = json_array (); - GNUNET_assert (NULL != key_state->auditors_array); - - key_state->denomkey_map = GNUNET_CONTAINER_multihashmap_create (32, - GNUNET_NO); - key_state->reload_time = GNUNET_TIME_absolute_get (); - TALER_round_abs_time (&key_state->reload_time); - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Loading keys from `%s'\n", - TMH_mint_directory); - TALER_MINTDB_denomination_keys_iterate (TMH_mint_directory, - &reload_keys_denom_iter, - key_state); - TALER_MINTDB_signing_keys_iterate (TMH_mint_directory, - &reload_keys_sign_iter, - key_state); - TALER_MINTDB_auditor_iterate (TMH_mint_directory, - &reload_auditor_iter, - key_state); - ks.purpose.size = htonl (sizeof (ks)); - ks.purpose.purpose = htonl (TALER_SIGNATURE_MINT_KEY_SET); - ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time); - GNUNET_CRYPTO_hash_context_finish (key_state->hash_context, - &ks.hc); - key_state->hash_context = NULL; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv, - &ks.purpose, - &sig.eddsa_signature)); - key_state->next_reload = GNUNET_TIME_absolute_ntoh (key_state->current_sign_key_issue.issue.expire); - if (0 == key_state->next_reload.abs_value_us) - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "No valid signing key found!\n"); - - keys = json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o, s:o}", - "master_public_key", - TALER_json_from_data (&TMH_master_public_key, - sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)), - "signkeys", key_state->sign_keys_array, - "denoms", key_state->denom_keys_array, - "auditors", key_state->auditors_array, - "list_issue_date", TALER_json_from_abs (key_state->reload_time), - "eddsa_pub", TALER_json_from_data (&key_state->current_sign_key_issue.issue.signkey_pub, - sizeof (struct TALER_MintPublicKeyP)), - "eddsa_sig", TALER_json_from_data (&sig, - sizeof (struct TALER_MintSignatureP))); - key_state->auditors_array = NULL; - key_state->sign_keys_array = NULL; - key_state->denom_keys_array = NULL; - key_state->keys_json = json_dumps (keys, - JSON_INDENT (2)); - json_decref (keys); - internal_key_state = key_state; - } - key_state = internal_key_state; - key_state->refcnt++; - GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex)); - - return key_state; -} - - -/** - * Look up the issue for a denom public key. - * - * @param key_state state to look in - * @param denom_pub denomination public key - * @param use purpose for which the key is being located - * @return the denomination key issue, - * or NULL if denom_pub could not be found - */ -struct TALER_MINTDB_DenominationKeyIssueInformation * -TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state, - const struct TALER_DenominationPublicKey *denom_pub, - enum TMH_KS_DenominationKeyUse use) -{ - struct GNUNET_HashCode hc; - struct TALER_MINTDB_DenominationKeyIssueInformation *dki; - struct GNUNET_TIME_Absolute now; - - GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key, - &hc); - dki = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, - &hc); - if (NULL == dki) - return NULL; - now = GNUNET_TIME_absolute_get (); - if (now.abs_value_us < - GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Not returning DKI for %s, as start time is in the future\n", - GNUNET_h2s (&hc)); - return NULL; - } - now = GNUNET_TIME_absolute_get (); - switch (use) - { - case TMH_KS_DKU_WITHDRAW: - if (now.abs_value_us > - GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_withdraw).abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Not returning DKI for %s, as time to create coins has passed\n", - GNUNET_h2s (&hc)); - return NULL; - } - break; - case TMH_KS_DKU_DEPOSIT: - if (now.abs_value_us > - GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us) - { - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Not returning DKI for %s, as time to spend coin has passed\n", - GNUNET_h2s (&hc)); - return NULL; - } - break; - } - return dki; -} - - -/** - * Handle a signal, writing relevant signal numbers to the pipe. - * - * @param signal_number the signal number - */ -static void -handle_signal (int signal_number) -{ - ssize_t res; - char c = signal_number; - - res = write (reload_pipe[1], - &c, - 1); - if ( (res < 0) && - (EINTR != errno) ) - { - GNUNET_break (0); - return; - } - if (0 == res) - { - GNUNET_break (0); - return; - } -} - - -/** - * Call #handle_signal() to pass the received signal via - * the control pipe. - */ -static void -handle_sigusr1 () -{ - handle_signal (SIGUSR1); -} - - -/** - * Call #handle_signal() to pass the received signal via - * the control pipe. - */ -static void -handle_sigint () -{ - handle_signal (SIGINT); -} - - -/** - * Call #handle_signal() to pass the received signal via - * the control pipe. - */ -static void -handle_sigterm () -{ - handle_signal (SIGTERM); -} - - -/** - * Call #handle_signal() to pass the received signal via - * the control pipe. - */ -static void -handle_sighup () -{ - handle_signal (SIGHUP); -} - - -/** - * Call #handle_signal() to pass the received signal via - * the control pipe. - */ -static void -handle_sigchld () -{ - handle_signal (SIGCHLD); -} - - -/** - * Read signals from a pipe in a loop, and reload keys from disk if - * SIGUSR1 is received, terminate if SIGTERM/SIGINT is received, and - * restart if SIGHUP is received. - * - * @return #GNUNET_SYSERR on errors, - * #GNUNET_OK to terminate normally - * #GNUNET_NO to restart an update version of the binary - */ -int -TMH_KS_loop (void) -{ - struct GNUNET_SIGNAL_Context *sigusr1; - struct GNUNET_SIGNAL_Context *sigterm; - struct GNUNET_SIGNAL_Context *sigint; - struct GNUNET_SIGNAL_Context *sighup; - struct GNUNET_SIGNAL_Context *sigchld; - int ret; - - if (0 != pipe (reload_pipe)) - { - fprintf (stderr, - "Failed to create pipe.\n"); - return GNUNET_SYSERR; - } - sigusr1 = GNUNET_SIGNAL_handler_install (SIGUSR1, - &handle_sigusr1); - sigterm = GNUNET_SIGNAL_handler_install (SIGTERM, - &handle_sigterm); - sigint = GNUNET_SIGNAL_handler_install (SIGINT, - &handle_sigint); - sighup = GNUNET_SIGNAL_handler_install (SIGHUP, - &handle_sighup); - sigchld = GNUNET_SIGNAL_handler_install (SIGCHLD, - &handle_sigchld); - - ret = 0; - while (0 == ret) - { - char c; - ssize_t res; - - GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "(re-)loading keys\n"); - if (NULL != internal_key_state) - { - TMH_KS_release (internal_key_state); - internal_key_state = NULL; - } - /* This will re-initialize 'internal_key_state' with - an initial refcnt of 1 */ - (void) TMH_KS_acquire (); - -read_again: - errno = 0; - res = read (reload_pipe[0], - &c, - 1); - if ((res < 0) && (EINTR != errno)) - { - GNUNET_break (0); - ret = GNUNET_SYSERR; - break; - } - if (EINTR == errno) - goto read_again; - switch (c) - { - case SIGUSR1: - /* reload internal key state, we do this in the loop */ - break; - case SIGTERM: - case SIGINT: - /* terminate */ - ret = GNUNET_OK; - break; - case SIGHUP: - /* restart updated binary */ - ret = GNUNET_NO; - break; -#if HAVE_DEVELOPER - case SIGCHLD: - /* running in test-mode, test finished, terminate */ - ret = GNUNET_OK; - break; -#endif - default: - /* unexpected character */ - GNUNET_break (0); - break; - } - } - if (NULL != internal_key_state) - { - TMH_KS_release (internal_key_state); - internal_key_state = NULL; - } - GNUNET_SIGNAL_handler_uninstall (sigusr1); - GNUNET_SIGNAL_handler_uninstall (sigterm); - GNUNET_SIGNAL_handler_uninstall (sigint); - GNUNET_SIGNAL_handler_uninstall (sighup); - GNUNET_SIGNAL_handler_uninstall (sigchld); - return ret; -} - - -/** - * Sign the message in @a purpose with the mint's signing key. - * - * @param purpose the message to sign - * @param[out] pub set to the current public signing key of the mint - * @param[out] sig signature over purpose using current signing key - */ -void -TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, - struct TALER_MintPublicKeyP *pub, - struct TALER_MintSignatureP *sig) - -{ - struct TMH_KS_StateHandle *key_state; - - key_state = TMH_KS_acquire (); - *pub = key_state->current_sign_key_issue.issue.signkey_pub; - GNUNET_assert (GNUNET_OK == - GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv, - purpose, - &sig->eddsa_signature)); - TMH_KS_release (key_state); -} - - -/** - * Function to call to handle the request by sending - * back static data from the @a rh. - * - * @param rh context of the handler - * @param connection the MHD connection to handle - * @param[in,out] connection_cls the connection's closure (can be updated) - * @param upload_data upload data - * @param[in,out] upload_data_size number of bytes (left) in @a upload_data - * @return MHD result code - */ -int -TMH_KS_handler_keys (struct TMH_RequestHandler *rh, - struct MHD_Connection *connection, - void **connection_cls, - const char *upload_data, - size_t *upload_data_size) -{ - struct TMH_KS_StateHandle *key_state; - struct MHD_Response *response; - int ret; - - key_state = TMH_KS_acquire (); - response = MHD_create_response_from_buffer (strlen (key_state->keys_json), - key_state->keys_json, - MHD_RESPMEM_MUST_COPY); - TMH_KS_release (key_state); - if (NULL == response) - { - GNUNET_break (0); - return MHD_NO; - } - TMH_RESPONSE_add_global_headers (response); - (void) MHD_add_response_header (response, - "Content-Type", - rh->mime_type); - ret = MHD_queue_response (connection, - rh->response_code, - response); - MHD_destroy_response (response); - return ret; -} - - -/* end of taler-mint-httpd_keystate.c */ |