From 1c1d4d9974d7a97bd157197adeb11cd759e2b931 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Thu, 26 Nov 2020 22:48:56 +0100 Subject: cmd to add auditor --- src/include/taler_crypto_lib.h | 12 ++ src/include/taler_signatures.h | 67 ++++++ src/include/taler_testing_lib.h | 116 ++++++++++- src/testing/Makefile.am | 1 + src/testing/testing_api_cmd_auditor_add.c | 335 ++++++++++++++++++++++++++++++ 5 files changed, 528 insertions(+), 3 deletions(-) create mode 100644 src/testing/testing_api_cmd_auditor_add.c (limited to 'src') diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index d6f19f449..8be0bad4a 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -222,6 +222,18 @@ struct TALER_MasterPublicKeyP }; +/** + * @brief Type of the private key used by the auditor. + */ +struct TALER_AuditorPrivateKeyP +{ + /** + * Taler uses EdDSA for the auditor's signing key. + */ + struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv; +}; + + /** * @brief Type of the public key used by the auditor. */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index d72dd11b9..e732f13b6 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -56,6 +56,16 @@ */ #define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025 +/** + * Add an auditor to the list of our auditors. + */ +#define TALER_SIGNATURE_MASTER_ADD_AUDITOR 1026 + +/** + * Remove an auditor from the list of our auditors. + */ +#define TALER_SIGNATURE_MASTER_DEL_AUDITOR 1027 + /** * Fees charged per (aggregate) wire transfer to the merchant. */ @@ -72,6 +82,7 @@ */ #define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030 + /*********************************************/ /* Exchange online signatures (with signing key) */ /*********************************************/ @@ -791,6 +802,62 @@ struct TALER_ExchangeKeySetPS }; +/** + * @brief Signature made by the exchange offline key over the information of + * an auditor to be added to the exchange's set of auditors. + */ +struct TALER_ExchangeAddAuditorPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MASTER_ADD_AUDITOR. Signed + * by a `struct TALER_MasterPublicKeyP` using EdDSA. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Time of the change. + */ + struct GNUNET_TIME_AbsoluteNBO start_date; + + /** + * Public key of the auditor. + */ + struct TALER_AuditorPublicKeyP auditor_pub; + + /** + * Hash over the auditor's URL. + */ + struct GNUNET_HashCode h_auditor_url GNUNET_PACKED; +}; + + +/** + * @brief Signature made by the exchange offline key over the information of + * an auditor to be removed to the exchange's set of auditors. + */ +struct TALER_ExchangeDelAuditorPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MASTER_DEL_AUDITOR. Signed + * by a `struct TALER_MasterPublicKeyP` using EdDSA. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Time of the change. + */ + struct GNUNET_TIME_AbsoluteNBO end_date; + + /** + * Public key of the auditor. + */ + struct TALER_AuditorPublicKeyP auditor_pub; + +}; + + /** * @brief Information about a denomination key. Denomination keys * are used to sign coins of a certain value into existence. diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h index 74148b8f5..61f1c50a6 100644 --- a/src/include/taler_testing_lib.h +++ b/src/include/taler_testing_lib.h @@ -417,7 +417,7 @@ struct TALER_TESTING_Interpreter struct GNUNET_OS_Process *exchanged; /** - * GNUNET_OK if key state should be reloaded. NOTE: this + * #GNUNET_OK if key state should be reloaded. NOTE: this * field can be removed because a new "send signal" command * has been introduced. */ @@ -1083,8 +1083,6 @@ struct TALER_TESTING_Command TALER_TESTING_cmd_exchanges_with_retry (struct TALER_TESTING_Command cmd); -/* ***** Commands ONLY for testing (/admin-API) **** */ - /** * Create /admin/add-incoming command. * @@ -2021,6 +2019,118 @@ struct TALER_TESTING_Command TALER_TESTING_cmd_stat (struct TALER_TESTING_Timer *timers); +/** + * Add the auditor to the exchange's list of auditors. + * The information about the auditor is taken from the + * "[auditor]" section in the configuration file. + * + * @param label command label. + * @param expected_http_status expected HTTP status from exchange + * @param bad_sig should we use a bogus signature? + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_auditor_add (const char *label, + unsigned int expected_http_status, + bool bad_sig); + + +/** + * Remove the auditor from the exchange's list of auditors. + * The information about the auditor is taken from the + * "[auditor]" section in the configuration file. + * + * @param label command label. + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_auditor_del (const char *label); + + +/** + * Add the given payto-URI bank account to the list of bank + * accounts used by the exchange. + * + * @param label command label. + * @param payto_uri URI identifying the bank account + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_wire_add (const char *label, + const char *payto_uri); + + +/** + * Remove the given payto-URI bank account from the list of bank + * accounts used by the exchange. + * + * @param label command label. + * @param payto_uri URI identifying the bank account + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_wire_del (const char *label, + const char *payto_uri); + + +/** + * Sign all exchange denomination and online signing keys + * with the "offline" key and provide those signatures to + * the exchange. (Downloads the keys, makes the signature + * and uploads the result, all in one.) + * + * @param label command label. + * @param config_filename configuration filename. + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_offline_sign_keys (const char *label, + const char *config_filename); + + +/** + * Revoke an exchange denomination key. + * + * @param label command label. + * @param denom_ref reference to a command that identifies + * a denomination key (i.e. because it was used to + * withdraw a coin). + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_revoke_denom_key (const char *label, + const char *denom_ref); + + +/** + * Have the auditor affirm that it is auditing the given + * denomination key and upload the auditor's signature to + * the exchange. + * + * @param label command label. + * @param denom_ref reference to a command that identifies + * a denomination key (i.e. because it was used to + * withdraw a coin). + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_auditor_add_denom_key (const char *denom_ref); + + +/** + * Revoke an exchange signing key. + * + * @param label command label. + * @param denom_ref reference to a command that identifies + * a signing key (i.e. because it was used to + * sign a deposit confirmation). + * @return the command + */ +struct TALER_TESTING_Command +TALER_TESTING_cmd_revoke_denom_key (const char *label, + const char *signkey_ref); + + /* *** Generic trait logic for implementing traits ********* */ /** diff --git a/src/testing/Makefile.am b/src/testing/Makefile.am index fc2f7f870..e1d01225c 100644 --- a/src/testing/Makefile.am +++ b/src/testing/Makefile.am @@ -35,6 +35,7 @@ libtalertesting_la_LDFLAGS = \ -version-info 0:0:0 \ -no-undefined libtalertesting_la_SOURCES = \ + testing_api_cmd_auditor_add.c \ testing_api_cmd_auditor_deposit_confirmation.c \ testing_api_cmd_auditor_exchanges.c \ testing_api_cmd_auditor_exec_auditor.c \ diff --git a/src/testing/testing_api_cmd_auditor_add.c b/src/testing/testing_api_cmd_auditor_add.c new file mode 100644 index 000000000..cfdcae15c --- /dev/null +++ b/src/testing/testing_api_cmd_auditor_add.c @@ -0,0 +1,335 @@ +/* + This file is part of TALER + Copyright (C) 2018-2020 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3, or (at your + option) any later version. + + TALER is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public + License along with TALER; see the file COPYING. If not, see + +*/ +/** + * @file testing/testing_api_cmd_auditor_add.c + * @brief command for testing /auditor_add. + * @author Marcello Stanisci + */ +#include "platform.h" +#include "taler_json_lib.h" +#include +#include "taler_testing_lib.h" +#include "taler_signatures.h" +#include "backoff.h" + + +/** + * State for a "auditor_add" CMD. + */ +struct AuditorAddState +{ + + /** + * Auditor enable handle while operation is running. + */ + struct TALER_EXCHANGE_ManagementAuditorEnableHandle *dh; + + /** + * Our interpreter. + */ + struct TALER_TESTING_Interpreter *is; + + /** + * Expected HTTP response code. + */ + unsigned int expected_response_code; + + /** + * Should we make the request with a bad master_sig signature? + */ + bool bad_sig; +}; + + +/** + * Callback to analyze the /management/auditors response, just used to check + * if the response code is acceptable. + * + * @param cls closure. + * @param hr HTTP response details + */ +static void +auditor_add_cb (void *cls, + const struct TALER_EXCHANGE_HttpResponse *hr) +{ + struct AuditorAddState *ds = cls; + + ds->dh = NULL; + if (ds->expected_response_code != hr->http_status) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unexpected response code %u to command %s in %s:%u\n", + hr->http_status, + ds->is->commands[ds->is->ip].label, + __FILE__, + __LINE__); + json_dumpf (hr->reply, + stderr, + 0); + TALER_TESTING_interpreter_fail (ds->is); + return; + } + TALER_TESTING_interpreter_next (ds->is); +} + + +/** + * Run the command. + * + * @param cls closure. + * @param cmd the command to execute. + * @param is the interpreter state. + */ +static void +auditor_add_run (void *cls, + const struct TALER_TESTING_Command *cmd, + struct TALER_TESTING_Interpreter *is) +{ + struct AuditorAddState *ds = cls; + struct TALER_AuditorPublicKeyP auditor_pub; + char *auditor_url; + char *exchange_url; + struct TALER_MasterSignatureP master_sig; + struct GNUNET_TIME_Absolute now; + + (void) cmd; + now = GNUNET_TIME_absolute_get (); + (void) GNUNET_TIME_round_abs (&now); + ds->is = is; + if (ds->bad_sig) + { + memset (&master_sig, + 42, + sizeof (master_sig)); + } + else + { + char *fn; + struct TALER_MasterPrivateKeyP master_priv; + struct TALER_AuditorPrivateKeyP auditor_priv; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (is->cfg, + "exchange-offline", + "MASTER_PRIV_FILE", + &fn)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange-offline", + "MASTER_PRIV_FILE"); + TALER_TESTING_interpreter_next (ds->is); + return; + } + if (GNUNET_SYSERR == + GNUNET_DISK_directory_create_for_file (fn)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not setup directory for master private key file `%s'\n", + fn); + GNUNET_free (fn); + TALER_TESTING_interpreter_next (ds->is); + return; + } + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_key_from_file (fn, + GNUNET_YES, + &master_priv.eddsa_priv)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not load master private key from `%s'\n", + fn); + GNUNET_free (fn); + TALER_TESTING_interpreter_next (ds->is); + return; + } + GNUNET_free (fn); + + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (is->cfg, + "auditor", + "AUDITOR_PRIV_FILE", + &fn)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "auditor", + "AUDITOR_PRIV_FILE"); + TALER_TESTING_interpreter_next (ds->is); + return; + } + if (GNUNET_SYSERR == + GNUNET_DISK_directory_create_for_file (fn)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not setup directory for auditor private key file `%s'\n", + fn); + GNUNET_free (fn); + TALER_TESTING_interpreter_next (ds->is); + return; + } + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_key_from_file (fn, + GNUNET_YES, + &auditor_priv.eddsa_priv)) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Could not load auditor private key from `%s'\n", + fn); + GNUNET_free (fn); + TALER_TESTING_interpreter_next (ds->is); + return; + } + GNUNET_free (fn); + GNUNET_CRYPTO_eddsa_key_get_public (&auditor_priv.eddsa_priv, + &auditor_pub.eddsa_pub); + + /* now sign */ + { + struct TALER_ExchangeAddAuditorPS kv = { + .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_AUDITOR), + .purpose.size = htonl (sizeof (kv)), + .start_date = GNUNET_TIME_absolute_hton (now), + .auditor_pub = auditor_pub, + }; + + GNUNET_CRYPTO_hash (auditor_url, + strlen (auditor_url) + 1, + &kv.h_auditor_url); + /* Finally sign ... */ + GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv, + &kv, + &master_sig.eddsa_signature); + } + } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_filename (is->cfg, + "auditor", + "BASE_URL", + &auditor_url)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "auditor", + "BASE_URL"); + TALER_TESTING_interpreter_next (ds->is); + return; + } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (is->cfg, + "exchange", + "BASE_URL", + &exchange_url)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "exchange", + "BASE_URL"); + GNUNET_free (auditor_url); + TALER_TESTING_interpreter_next (ds->is); + return; + } + ds->dh = TALER_EXCHANGE_management_enable_auditor ( + is->ctx, + exchange_url, + &auditor_pub, + auditor_url, + now, + &master_sig, + &auditor_add_cb, + ds); + GNUNET_free (exchange_url); + GNUNET_free (auditor_url); + if (NULL == ds->dh) + { + GNUNET_break (0); + TALER_TESTING_interpreter_fail (is); + return; + } +} + + +/** + * Free the state of a "auditor_add" CMD, and possibly cancel a + * pending operation thereof. + * + * @param cls closure, must be a `struct AuditorAddState`. + * @param cmd the command which is being cleaned up. + */ +static void +auditor_add_cleanup (void *cls, + const struct TALER_TESTING_Command *cmd) +{ + struct AuditorAddState *ds = cls; + + if (NULL != ds->dh) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Command %u (%s) did not complete\n", + ds->is->ip, + cmd->label); + TALER_EXCHANGE_management_enable_auditor_cancel (ds->dh); + ds->dh = NULL; + } + GNUNET_free (ds); +} + + +/** + * Offer internal data from a "auditor_add" CMD, to other commands. + * + * @param cls closure. + * @param[out] ret result. + * @param trait name of the trait. + * @param index index number of the object to offer. + * + * @return #GNUNET_OK on success. + */ +static int +auditor_add_traits (void *cls, + const void **ret, + const char *trait, + unsigned int index) +{ + return GNUNET_NO; +} + + +struct TALER_TESTING_Command +TALER_TESTING_cmd_auditor_add (const char *label, + unsigned int expected_http_status, + bool bad_sig) +{ + struct AuditorAddState *ds; + + ds = GNUNET_new (struct AuditorAddState); + ds->expected_response_code = expected_http_status; + ds->bad_sig = bad_sig; + { + struct TALER_TESTING_Command cmd = { + .cls = ds, + .label = label, + .run = &auditor_add_run, + .cleanup = &auditor_add_cleanup, + .traits = &auditor_add_traits + }; + + return cmd; + } +} + + +/* end of testing_api_cmd_auditor_add.c */ -- cgit v1.2.3