implement #4074

5 files changed, 51 insertions, 16 deletions

diff --git a/src/backend/taler-merchant-httpd_auditors.c b/src/backend/taler-merchant-httpd_auditors.c
index ac112166..7efc7078 100644
--- a/src/backend/taler-merchant-httpd_auditors.c
+++ b/src/backend/taler-merchant-httpd_auditors.c
@@ -68,20 +68,46 @@ json_t *j_auditors;
  *
  * @param mh mint issuing @a dk
  * @param dk a denomination issued by @a mh
+ * @param mint_trusted #GNUNET_YES if the mint of @a dk is trusted by config
  * @return #GNUNET_OK if we accept this denomination
  */
 int
 TMH_AUDITORS_check_dk (struct TALER_MINT_Handle *mh,
-                       const struct TALER_MINT_DenomPublicKey *dk)
+                       const struct TALER_MINT_DenomPublicKey *dk,
+                       int mint_trusted)
 {
-  // First, we should probably check to see if dk is expired.
-  //
-  // We should find out which auditors have signed off on this
-  // dk, and if there is any overlap with the auditors we accept;
-  // alternatively, if the given mint is flagged as trusted, we
-  // also accept this.
-  GNUNET_break (0); // NOT IMPLEMENTED, warn! #4074
-  return GNUNET_OK; /* stop-gap for now */
+  const struct TALER_MINT_Keys *keys;
+  const struct TALER_MINT_AuditorInformation *ai;
+  unsigned int i;
+  unsigned int j;
+
+  if (0 == GNUNET_TIME_absolute_get_remaining (dk->deposit_valid_until).rel_value_us)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "Denomination key offered by client has expired for deposits\n");
+    return GNUNET_SYSERR; /* expired */
+  }
+  if (GNUNET_YES == mint_trusted)
+    return GNUNET_OK;
+  keys = TALER_MINT_get_keys (mh);
+  if (NULL == keys)
+  {
+    /* this should never happen, keys should have been successfully
+       obtained before we even got into this function */
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  for (i=0;i<keys->num_auditors;i++)
+  {
+    ai = &keys->auditors[i];
+    for (j=0;j<ai->num_denom_keys;j++)
+      if (ai->denom_keys[j] == dk)
+        return GNUNET_OK;
+  }
+  GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+              "Denomination key %s offered by client not audited by accepted auditor\n",
+              GNUNET_h2s (&dk->h_key));
+  return GNUNET_NO;
 }
 
 
diff --git a/src/backend/taler-merchant-httpd_auditors.h b/src/backend/taler-merchant-httpd_auditors.h
index a0323941..1a05a78d 100644
--- a/src/backend/taler-merchant-httpd_auditors.h
+++ b/src/backend/taler-merchant-httpd_auditors.h
@@ -53,11 +53,13 @@ TMH_AUDITORS_init (const struct GNUNET_CONFIGURATION_Handle *cfg);
  *
  * @param mh mint issuing @a dk
  * @param dk a denomination issued by @a mh
+ * @param mint_trusted #GNUNET_YES if the mint of @a dk is trusted by config
  * @return #GNUNET_OK if we accept this denomination
  */
 int
 TMH_AUDITORS_check_dk (struct TALER_MINT_Handle *mh,
-                       const struct TALER_MINT_DenomPublicKey *dk);
+                       const struct TALER_MINT_DenomPublicKey *dk,
+                       int mint_trusted);
 
 
 /**
diff --git a/src/backend/taler-merchant-httpd_mints.c b/src/backend/taler-merchant-httpd_mints.c
index aecca780..caf39774 100644
--- a/src/backend/taler-merchant-httpd_mints.c
+++ b/src/backend/taler-merchant-httpd_mints.c
@@ -204,7 +204,8 @@ keys_mgmt_cb (void *cls,
                                  mint->fo_tail,
                                  fo);
     fo->fc (fo->fc_cls,
-            (NULL != keys) ? mint->conn : NULL);
+            (NULL != keys) ? mint->conn : NULL,
+            mint->trusted);
     GNUNET_free (fo);
   }
 }
@@ -286,7 +287,8 @@ return_result (void *cls,
                                mint->fo_tail,
                                fo);
   fo->fc (fo->fc_cls,
-          (GNUNET_SYSERR == mint->pending) ? NULL : mint->conn);
+          (GNUNET_SYSERR == mint->pending) ? NULL : mint->conn,
+          mint->trusted);
   GNUNET_free (fo);
   GNUNET_SCHEDULER_cancel (poller_task);
   GNUNET_SCHEDULER_add_now (&context_task,
diff --git a/src/backend/taler-merchant-httpd_mints.h b/src/backend/taler-merchant-httpd_mints.h
index 0892a0a5..f546b826 100644
--- a/src/backend/taler-merchant-httpd_mints.h
+++ b/src/backend/taler-merchant-httpd_mints.h
@@ -59,12 +59,13 @@ TMH_MINTS_done (void);
  * operation.
  *
  * @param cls closure
- * @param mint handle to the mint
  * @param mh handle to the mint context
+ * @param mint_trusted #GNUNET_YES if this mint is trusted by config
  */
 typedef void
 (*TMH_MINTS_FindContinuation)(void *cls,
-                              struct TALER_MINT_Handle *mh);
+                              struct TALER_MINT_Handle *mh,
+                              int mint_trusted);
 
 
 /**
@@ -100,4 +101,5 @@ TMH_MINTS_find_mint (const char *chosen_mint,
 void
 TMH_MINTS_find_mint_cancel (struct TMH_MINTS_FindOperation *fo);
 
+
 #endif
diff --git a/src/backend/taler-merchant-httpd_pay.c b/src/backend/taler-merchant-httpd_pay.c
index b287bdd1..f6423fce 100644
--- a/src/backend/taler-merchant-httpd_pay.c
+++ b/src/backend/taler-merchant-httpd_pay.c
@@ -327,10 +327,12 @@ pay_context_cleanup (struct TM_HandlerContext *hc)
  *
  * @param cls the `struct PayContext`
  * @param mh NULL if mint was not found to be acceptable
+ * @param mint_trusted #GNUNET_YES if this mint is trusted by config
  */
 static void
 process_pay_with_mint (void *cls,
-                       struct TALER_MINT_Handle *mh)
+                       struct TALER_MINT_Handle *mh,
+                       int mint_trusted)
 {
   struct PayContext *pc = cls;
   struct TALER_Amount acc_fee;
@@ -379,7 +381,8 @@ process_pay_with_mint (void *cls,
     }
     if (GNUNET_OK !=
         TMH_AUDITORS_check_dk (mh,
-                               denom_details))
+                               denom_details,
+                               mint_trusted))
     {
       resume_pay_with_response (pc,
                                 MHD_HTTP_BAD_REQUEST,