From 3d8abcc041aca59426fa92c1f164236f295ac847 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sat, 28 Nov 2020 17:18:22 +0100 Subject: more work on new endpoints --- src/exchange/taler-exchange-httpd_auditors.c | 255 +++++++++++++++++++++ .../taler-exchange-httpd_management_auditors.c | 8 +- ...exchange-httpd_management_auditors_AP_disable.c | 8 +- .../taler-exchange-httpd_management_post_keys.c | 28 ++- .../taler-exchange-httpd_management_wire.c | 8 +- 5 files changed, 284 insertions(+), 23 deletions(-) create mode 100644 src/exchange/taler-exchange-httpd_auditors.c (limited to 'src/exchange') diff --git a/src/exchange/taler-exchange-httpd_auditors.c b/src/exchange/taler-exchange-httpd_auditors.c new file mode 100644 index 000000000..954cb9983 --- /dev/null +++ b/src/exchange/taler-exchange-httpd_auditors.c @@ -0,0 +1,255 @@ +/* + This file is part of TALER + Copyright (C) 2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see +*/ +/** + * @file taler-exchange-httpd_auditors.c + * @brief Handle request to add auditor signature on a denomination. + * @author Christian Grothoff + */ +#include "platform.h" +#include +#include +#include +#include +#include +#include "taler_json_lib.h" +#include "taler_mhd_lib.h" +#include "taler-exchange-httpd_refund.h" +#include "taler-exchange-httpd_responses.h" +#include "taler-exchange-httpd_keystate.h" + +/** + * Closure for the #add_auditor_denom_sig transaction. + */ +struct AddAuditorDenomContext +{ + /** + * Auditor's signature affirming the AUDITORS XXX operation + * (includes timestamp). + */ + struct TALER_AuditorSignatureP auditor_sig; + + /** + * Denomination this is about. + */ + const struct GNUNET_HashCode *h_denom_pub; + + /** + * Auditor this is about. + */ + const struct TALER_AuditorPublicKeyP *auditor_pub; + +}; + + +/** + * Function implementing database transaction to add an auditors. Runs the + * transaction logic; IF it returns a non-error code, the transaction logic + * MUST NOT queue a MHD response. IF it returns an hard error, the + * transaction logic MUST queue a MHD response and set @a mhd_ret. IF it + * returns the soft error code, the function MAY be called again to retry and + * MUST not queue a MHD response. + * + * @param cls closure with a `struct AddAuditorDenomContext` + * @param connection MHD request which triggered the transaction + * @param session database session to use + * @param[out] mhd_ret set to MHD response status for @a connection, + * if transaction failed (!) + * @return transaction status + */ +static enum GNUNET_DB_QueryStatus +add_auditor_denom_sig (void *cls, + struct MHD_Connection *connection, + struct TALER_EXCHANGEDB_Session *session, + MHD_RESULT *mhd_ret) +{ + struct AddAuditorDenomContext *awc = cls; + struct TALER_EXCHANGEDB_DenominationKeyMetaData meta; + enum GNUNET_DB_QueryStatus qs; + bool enabled; + + qs = TEH_plugin->lookup_deomination_key ( + TEH_plugin->cls, + session, + aws->h_denom_pub, + &meta); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_LOOKUP_FAILED, + "lookup denomination key"); + return qs; + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_NOT_FOUND, + TALER_EC_XXX, + "denomination unkown"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + + qs = TEH_plugin->lookup_auditor_status ( + TEH_plugin->cls, + session, + aws->auditor_pub, + &enabled); + if (qs < 0) + { + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + GNUNET_break (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_LOOKUP_FAILED, + "lookup auditor"); + return qs; + } + if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_PRECONDITION_FAILED, + TALER_EC_EXCHANGE_XXX, + "auditor unkown"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + if (! enabled) + { + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_GONE, + TALER_EC_EXCHANGE_XXX, + "auditor no longer in use"); + return GNUNET_DB_STATUS_HARD_ERROR; + } + { + struct TALER_ExchangeKeyValidityPS kv = { + .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS), + .purpose.size = htonl (kv), + .master = TEH_master_public_key.eddsa_pub, + .start = meta->start, + .expire_withdraw = GNUNET_TIME_absolute_hton (meta.expire_withdraw), + .expire_deposit = GNUNET_TIME_absolute_hton (meta.expire_deposit), + .expire_legal = GNUNET_TIME_absolute_hton (meta.expire_legal), + .denom_hash = meta->denom_hash + }; + + TALER_amount_hton (&kv.value, + &meta.value); + TALER_amount_hton (&kv.fee_withdraw, + &meta.fee_withdraw); + TALER_amount_hton (&kv.fee_deposit, + &meta.fee_deposit); + TALER_amount_hton (&kv.fee_refresh, + &meta.fee_refresh); + TALER_amount_hton (&kv.fee_refund, + &meta.fee_refund); + GNUNET_CRYPTO_hash (auditor_url, + strlen (auditor_url) + 1, + &kv.auditor_url_hash); + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify ( + TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS, + &kv, + &master_sig.eddsa_sig, + &TEH_master_public_key.eddsa_pub)) + { + /* signature invalid */ + GNUNET_break_op (0); + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_XXX, + NULL); + return GNUNET_DB_STATUS_HARD_ERROR; + } + } + + qs = TEH_plugin->insert_auditor_denom_sig (TEH_plugin->cls, + session, + awc->h_denom_pub, + awc->auditor_pub, + &aws->auditor_sig); + if (qs < 0) + { + GNUNET_break (0); + if (GNUNET_DB_STATUS_SOFT_ERROR == qs) + return qs; + *mhd_ret = TALER_MHD_reply_with_error (connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_STORE_FAILED, + "add auditor signature"); + return qs; + } + return qs; +} + + +/** + * Handle a "/auditors/$AUDITOR_PUB/$H_DENOM_PUB" request. + * + * @param connection the MHD connection to handle + * @param root uploaded JSON data + * @return MHD result code + */ +MHD_RESULT +TEH_handler_management_denominations_auditors ( + struct MHD_Connection *connection, + const struct TALER_AuditorPublicKeyP *auditor_pub, + const struct GNUNET_HashCode *h_denom_pub, + const json_t *root) +{ + struct AddAuditorDenomContext awc = { + .auditor_pub = auditor_pub, + .h_denom_pub = h_denom_pub + }; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("auditor_sig", + &awc.auditor_sig), + GNUNET_JSON_spec_end () + }; + enum GNUNET_DB_QueryStatus qs; + + { + enum GNUNET_GenericReturnValue res; + + res = TALER_MHD_parse_json_data (connection, + root, + spec); + if (GNUNET_SYSERR == res) + return MHD_NO; /* hard failure */ + if (GNUNET_NO == res) + return MHD_YES; /* failure */ + } + + qs = TEH_DB_run_transaction (connection, + "add auditor denom sig", + &res, + &add_auditor_denom_sig, + &awc); + if (qs < 0) + return res; + return TALER_MHD_reply_static ( + connection, + MHD_HTTP_NO_CONTENT, + NULL, + NULL, + 0); +} + + +/* end of taler-exchange-httpd_management_auditors.c */ diff --git a/src/exchange/taler-exchange-httpd_management_auditors.c b/src/exchange/taler-exchange-httpd_management_auditors.c index a69e2788a..4d4d411e7 100644 --- a/src/exchange/taler-exchange-httpd_management_auditors.c +++ b/src/exchange/taler-exchange-httpd_management_auditors.c @@ -82,10 +82,10 @@ add_auditor (void *cls, struct AddAuditorContext *aac = cls; struct GNUNET_TIME_Absolute last_date; - qs = TEH_plugin->lookup_auditor (TEH_plugin->cls, - session, - &aac->auditor_pub, - &last_date); + qs = TEH_plugin->lookup_auditor_timestamp (TEH_plugin->cls, + session, + &aac->auditor_pub, + &last_date); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c b/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c index 374a92036..043482bef 100644 --- a/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c +++ b/src/exchange/taler-exchange-httpd_management_auditors_AP_disable.c @@ -82,10 +82,10 @@ del_auditor (void *cls, struct DelAuditorContext *dac = cls; struct GNUNET_TIME_Absolute last_date; - qs = TEH_plugin->lookup_auditor (TEH_plugin->cls, - session, - &dac->auditor_pub, - &last_date); + qs = TEH_plugin->lookup_auditor_timestamp (TEH_plugin->cls, + session, + &dac->auditor_pub, + &last_date); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) diff --git a/src/exchange/taler-exchange-httpd_management_post_keys.c b/src/exchange/taler-exchange-httpd_management_post_keys.c index 9f7d56335..ab7afd34b 100644 --- a/src/exchange/taler-exchange-httpd_management_post_keys.c +++ b/src/exchange/taler-exchange-httpd_management_post_keys.c @@ -124,12 +124,13 @@ add_keys (void *cls, { enum GNUNET_DB_QueryStatus qs; bool is_active = false; + struct TALER_EXCHANGEDB_DenominationKeyMetaData meta; qs = TEH_plugin->lookup_future_deomination_key ( TEH_plugin->cls, session, &akc->d_sigs[i].h_denom_pub, - &META); + &meta); if (0 == qs) { /* For idempotency, check if the key is already active */ @@ -137,7 +138,7 @@ add_keys (void *cls, TEH_plugin->cls, session, &akc->d_sigs[i].h_denom_pub, - &META); + &meta); is_active = true; /* if we pass, it's active! */ } if (qs < 0) @@ -168,18 +169,23 @@ add_keys (void *cls, TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY), .purpose.size = htonl (sizeof (dkv)), .master = TEH_master_public_key, - .start = META.start, - .expire_withdraw = META.expire_withdraw, - .expire_deposit = META.expire_deposit, - .expire_legal = META.expire_legal, - .value = META.value, - .fee_withdraw = META.fee_withdraw, - .fee_deposit = META.fee_deposit, - .fee_refresh = META.fee_refresh, - .fee_refund = META.fee_refund, + .start = GNUNET_TIME_absolute_hton (meta.start), + .expire_withdraw = GNUNET_TIME_absolute_hton (meta.expire_withdraw), + .expire_deposit = GNUNET_TIME_absolute_hton (meta.expire_deposit), + .expire_legal = GNUNET_TIME_absolute_hton (meta.expire_legal), .denom_hash = akc->d_sigs[i].h_denom_pub }; + TALER_amount_hton (&dkv.value, + &meta.value); + TALER_amount_hton (&dkv.fee_withdraw, + &meta.fee_withdraw); + TALER_amount_hton (&dkv.fee_deposit, + &meta.fee_deposit); + TALER_amount_hton (&dkv.fee_refresh, + &meta.fee_refresh); + TALER_amount_hton (&dkv.fee_refund, + &meta.fee_refund); if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify ( TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY, diff --git a/src/exchange/taler-exchange-httpd_management_wire.c b/src/exchange/taler-exchange-httpd_management_wire.c index 8a13d6cfe..a841a1e67 100644 --- a/src/exchange/taler-exchange-httpd_management_wire.c +++ b/src/exchange/taler-exchange-httpd_management_wire.c @@ -84,10 +84,10 @@ add_wire (void *cls, struct AddWireContext *awc = cls; struct GNUNET_TIME_Absolute last_date; - qs = TEH_plugin->lookup_wire (TEH_plugin->cls, - session, - awc->payto_uri, - &last_date); + qs = TEH_plugin->lookup_wire_timestamp (TEH_plugin->cls, + session, + awc->payto_uri, + &last_date); if (qs < 0) { if (GNUNET_DB_STATUS_SOFT_ERROR == qs) -- cgit v1.2.3