/*
This file is part of TALER
Copyright (C) 2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, see
*/
/**
* @file taler-exchange-httpd_management_signkey_EP_revoke.c
* @brief Handle exchange online signing key revocation requests.
* @author Christian Grothoff
*/
#include "platform.h"
#include
#include
#include
#include
#include
#include "taler_json_lib.h"
#include "taler_mhd_lib.h"
#include "taler-exchange-httpd_responses.h"
#include "taler-exchange-httpd_keystate.h"
/**
* Handle a "/management/signkeys/$EP/revoke" request.
*
* @param connection the MHD connection to handle
* @param exchange_pub exchange online signing public key to revoke
* @param root uploaded JSON data
* @return MHD result code
*/
MHD_RESULT
TEH_handler_management_signkeys_EP_revoke (
struct MHD_Connection *connection,
const struct TALER_ExchangePublicKeyP *exchange_pub,
const json_t *root)
{
struct TALER_MasterSignatureP master_sig;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("master_sig",
&master_sig),
GNUNET_JSON_spec_end ()
};
enum GNUNET_DB_QueryStatus qs;
{
enum GNUNET_GenericReturnValue res;
res = TALER_MHD_parse_json_data (connection,
root,
spec);
if (GNUNET_SYSERR == res)
return MHD_NO; /* hard failure */
if (GNUNET_NO == res)
return MHD_YES; /* failure */
}
{
struct TALER_MasterSigningKeyRevocationPS rm = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.exchange_pub = *exchange_pub
};
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED,
&rm,
&master_sig.eddsa_signature,
&TEH_master_public_key.eddsa_pub))
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (
connection,
MHD_HTTP_FORBIDDEN,
TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID,
NULL);
}
}
qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls,
NULL,
exchange_pub,
&master_sig);
if (qs < 0)
{
GNUNET_break (0);
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_STORE_FAILED,
"signkey revocation");
}
// FIXME: also update our '/keys' replies! (signal all threads!?!?)
return TALER_MHD_reply_static (
connection,
MHD_HTTP_NO_CONTENT,
NULL,
NULL,
0);
}
/* end of taler-exchange-httpd_management_signkey_HDP_revoke.c */