From efbc411dea0d838d0067fc73dfd36a9741cfacc2 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 26 Dec 2020 16:23:22 +0100
Subject: new GANA code for revoked esign key

---
 contrib/gana                                           |  2 +-
 src/auditor/taler-auditor-httpd_deposit-confirmation.c | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/contrib/gana b/contrib/gana
index 912dc84dc..e2f247cf9 160000
--- a/contrib/gana
+++ b/contrib/gana
@@ -1 +1 @@
-Subproject commit 912dc84dc52a1291b635e19da32c7c824719f8d4
+Subproject commit e2f247cf9364ea0d441ae4c7b2f0aaa427e03dae
diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
index 61263888f..726e4de6d 100644
--- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
+++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
@@ -175,6 +175,17 @@ verify_and_execute_deposit_confirmation (
                                             GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
   GNUNET_assert (0 == pthread_mutex_unlock (&lock));
 
+  if (0 == strcmp (cached,
+                   "revoked"))
+  {
+    TALER_LOG_WARNING (
+      "Invalid signature on /deposit-confirmation request: key was revoked\n");
+    return TALER_MHD_reply_with_error (connection,
+                                       MHD_HTTP_GONE,
+                                       TALER_EC_AUDITOR_EXCHANGE_SIGNING_KEY_REVOKED,
+                                       "exchange signing key was revoked");
+  }
+
   /* check deposit confirmation signature */
   {
     struct TALER_DepositConfirmationPS dcs = {
-- 
cgit v1.2.3