From 1b119edd6225567419add05e0a92170ebfa457df Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 14 Oct 2021 11:47:45 +0200 Subject: implement KYC options --- src/exchange/exchange.conf | 17 +++++- src/exchange/taler-exchange-httpd.c | 114 ++++++++++++++++++++++++++++++++++++ src/exchange/taler-exchange-httpd.h | 62 ++++++++++++++++++++ 3 files changed, 192 insertions(+), 1 deletion(-) (limited to 'src/exchange') diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index c41150427..2dd934f4e 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -77,9 +77,24 @@ TERMS_DIR = $DATADIR/exchange/tos/ # Etag / filename for the terms of service. TERMS_ETAG = 0 - # Directory with our privacy policy. PRIVACY_DIR = $DATADIR/exchange/pp/ # Etag / filename for the privacy policy. PRIVACY_ETAG = 0 + +# Set to NONE to disable KYC checks. +# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization. +KYC_MODE = NONE + + +[exchange-kyc-oauth2] + +# URL of the OAuth endpoint for KYC checks +# KYC_OAUTH2_URL = + +# KYC Oauth client ID. +# KYC_OAUTH2_CLIENT_ID = + +# KYC Client secret used to obtain access tokens. +# KYC_OAUTH2_CLIENT_SECRET = diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 57ca085a6..b7845f5aa 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -68,6 +68,11 @@ int TEH_allow_keys_timetravel; */ const struct GNUNET_CONFIGURATION_Handle *TEH_cfg; +/** + * Our KYC configuration. + */ +struct TEH_KycOptions TEH_kyc_config; + /** * How long is caching /keys allowed at most? (global) */ @@ -1070,6 +1075,74 @@ handle_mhd_request (void *cls, } +/** + * Load OAuth2.0 configuration parameters for the exchange server into the + * #TEH_kyc_config variable. + * + * @return #GNUNET_OK on success + */ +static enum GNUNET_GenericReturnValue +parse_kyc_oauth_cfg (void) +{ + char *s; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange-kyc-oauth2", + "KYC_OAUTH2_URL", + &s)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_URL"); + return GNUNET_SYSERR; + } + if ( (! TALER_url_valid_charset (s)) || + ( (0 != strncasecmp (s, + "http://", + strlen ("http://"))) && + (0 != strncasecmp (s, + "https://", + strlen ("https://"))) ) ) + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_URL", + "not a valid URL"); + GNUNET_free (s); + return GNUNET_SYSERR; + } + TEH_kyc_config.details.oauth2.url = s; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_ID", + &s)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_ID"); + return GNUNET_SYSERR; + } + TEH_kyc_config.details.oauth2.client_id = s; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_SECRET", + &s)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-kyc-oauth2", + "KYC_OAUTH2_CLIENT_SECRET"); + return GNUNET_SYSERR; + } + TEH_kyc_config.details.oauth2.client_secret = s; + return GNUNET_OK; +} + + /** * Load configuration parameters for the exchange * server into the corresponding global variables. @@ -1079,6 +1152,47 @@ handle_mhd_request (void *cls, static enum GNUNET_GenericReturnValue exchange_serve_process_config (void) { + { + char *kyc_mode; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TEH_cfg, + "exchange", + "KYC_MODE", + &kyc_mode)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "KYC_MODE"); + return GNUNET_SYSERR; + } + if (0 == strcasecmp (kyc_mode, + "NONE")) + { + TEH_kyc_config.mode = TEH_KYC_NONE; + } + else if (0 == strcasecmp (kyc_mode, + "OAUTH2")) + { + TEH_kyc_config.mode = TEH_KYC_OAUTH2; + if (GNUNET_OK != + parse_kyc_oauth_cfg ()) + { + GNUNET_free (kyc_mode); + return GNUNET_SYSERR; + } + } + else + { + GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "KYC_MODE", + "Must be 'NONE' or 'OAUTH2'"); + GNUNET_free (kyc_mode); + return GNUNET_SYSERR; + } + GNUNET_free (kyc_mode); + } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_number (TEH_cfg, "exchange", diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index e43426488..bf41d227d 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -29,6 +29,68 @@ #include +/** + * Enumeration for our KYC modes. + */ +enum TEH_KycMode +{ + /** + * KYC is disabled. + */ + TEH_KYC_NONE = 0, + + /** + * We use Oauth2.0. + */ + TEH_KYC_OAUTH2 = 1 +}; + + +/** + * Structure describing our KYC configuration. + */ +struct TEH_KycOptions +{ + /** + * What KYC mode are we in? + */ + enum TEH_KycMode mode; + + /** + * Details depending on @e mode. + */ + union + { + + /** + * Configuration details if @e mode is #TEH_KYC_OAUTH2. + */ + struct + { + + /** + * URL of tue OAuth2.0 endpoint for KYC checks. + */ + char *url; + + /** + * Our client ID for OAuth2.0. + */ + char *client_id; + + /** + * Our client secret for OAuth2.0. + */ + char *client_secret; + + } oauth2; + + } details; +}; + + +extern struct TEH_KycOptions TEH_kyc_config; + /** * How long is caching /keys allowed at most? */ -- cgit v1.2.3