commit ccb2de539dc33602f2b692dba72f7226873768b5
parent b0413b60f14520db759ffb89e8893f91e39ea81d
Author: Christian Grothoff <christian@grothoff.org>
Date: Wed, 13 Mar 2024 23:13:02 +0100
add logic to actually insert keys into DB, not just select...
Diffstat:
1 file changed, 111 insertions(+), 24 deletions(-)
diff --git a/src/donau/donau-httpd_keys.c b/src/donau/donau-httpd_keys.c
@@ -892,8 +892,7 @@ finish_keys_response (struct DH_KeyStateHandle *ksh)
if (0 == json_array_size (sctx.signkeys))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "No online signing keys available. Refusing to generate /keys response.\n")
- ;
+ "No online signing keys available. Refusing to generate /keys response.\n");
ret = GNUNET_NO;
goto CLEANUP;
}
@@ -1469,15 +1468,28 @@ helper_rsa_cb (
{
struct HelperState *hs = cls;
struct HelperDonationUnit *hd;
+ struct TALER_Amount value;
+ enum GNUNET_DB_QueryStatus qs;
+ if (GNUNET_OK !=
+ TALER_config_get_amount (DH_cfg,
+ section_name,
+ "value",
+ &value))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "RSA helper provided key for configuration section `%s' that has no `value' option set\n",
+ section_name);
+ return;
+ }
+ /* FIXME: could additionally sanity-check that this
+ section actually has CIPHER = RSA, etc. */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"RSA helper announces key %s for donation_unit type %s with validity %s\n",
GNUNET_h2s (&h_rsa->hash),
section_name,
GNUNET_STRINGS_relative_time_to_string (validity_duration,
- GNUNET_NO));
- key_generation++;
- DH_resume_keys_requests (false);
+ false));
hd = GNUNET_CONTAINER_multihashmap_get (hs->rsa_keys,
&h_rsa->hash);
if (NULL != hd)
@@ -1498,6 +1510,16 @@ helper_rsa_cb (
GNUNET_CRYPTO_bsign_pub_incref (bs_pub);
DONAU_donation_unit_pub_hash (&hd->donation_unit_pub,
&hd->h_donation_unit_pub);
+ qs = DH_plugin->insert_donation_unit (
+ DH_plugin->cls,
+ &hd->h_donation_unit_pub,
+ &hd->donation_unit_pub,
+ GNUNET_TIME_time_to_year (start_time.abs_time),
+ &value);
+ if (qs < 0)
+ {
+ // FIXME: error, probably should not proceed...
+ }
hd->section_name = GNUNET_strdup (section_name);
GNUNET_assert (
GNUNET_OK ==
@@ -1513,6 +1535,8 @@ helper_rsa_cb (
&hd->h_details.h_rsa.hash,
hd,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+ key_generation++;
+ DH_resume_keys_requests (false);
}
@@ -1544,6 +1568,22 @@ helper_cs_cb (
{
struct HelperState *hs = cls;
struct HelperDonationUnit *hd;
+ struct TALER_Amount value;
+ enum GNUNET_DB_QueryStatus qs;
+
+ if (GNUNET_OK !=
+ TALER_config_get_amount (DH_cfg,
+ section_name,
+ "value",
+ &value))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "CS helper provided key for configuration section `%s' that has no `value' option set\n",
+ section_name);
+ return;
+ }
+ /* FIXME: could additionally sanity-check that this
+ section actually has CIPHER = CS, etc. */
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"CS helper announces key %s for donation unit type %s with validity %s\n",
@@ -1551,8 +1591,7 @@ helper_cs_cb (
section_name,
GNUNET_STRINGS_relative_time_to_string (validity_duration,
GNUNET_NO));
- key_generation++;
- DH_resume_keys_requests (false);
+
hd = GNUNET_CONTAINER_multihashmap_get (hs->cs_keys,
&h_cs->hash);
if (NULL != hd)
@@ -1572,6 +1611,17 @@ helper_cs_cb (
= GNUNET_CRYPTO_bsign_pub_incref (bs_pub);
DONAU_donation_unit_pub_hash (&hd->donation_unit_pub,
&hd->h_donation_unit_pub);
+ qs = DH_plugin->insert_donation_unit (
+ DH_plugin->cls,
+ &hd->h_donation_unit_pub,
+ &hd->donation_unit_pub,
+ GNUNET_TIME_time_to_year (start_time.abs_time),
+ &value);
+ if (qs < 0)
+ {
+ // FIXME: error, probably should not proceed...
+ }
+
hd->section_name = GNUNET_strdup (section_name);
GNUNET_assert (
GNUNET_OK ==
@@ -1587,6 +1637,8 @@ helper_cs_cb (
&hd->h_details.h_cs.hash,
hd,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+ key_generation++;
+ DH_resume_keys_requests (false);
}
@@ -1617,33 +1669,59 @@ helper_esign_cb (
struct HelperState *hs = cls;
struct HelperSignkey *hsk;
struct GNUNET_PeerIdentity pid;
+ /* need to "cast" because secmod works with TALER_ExchangePublicKeyP */
+ struct DONAU_DonauPublicKeyP donau_pubkey = {
+ .eddsa_pub = donau_pub->eddsa_pub
+ };
+ enum GNUNET_DB_QueryStatus qs;
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"EdDSA helper announces signing key %s with validity %s\n",
TALER_B2S (donau_pub),
GNUNET_STRINGS_relative_time_to_string (validity_duration,
GNUNET_NO));
- key_generation++;
- DH_resume_keys_requests (false);
+
pid.public_key = donau_pub->eddsa_pub;
hsk = GNUNET_CONTAINER_multipeermap_get (hs->esign_keys,
&pid);
-// if (NULL != hsk)
-// {
-// /* should be just an update (revocation!), so update existing entry */
-// hsk->validity_duration = validity_duration;
-// return;
-// }
+ if (NULL != hsk)
+ {
+ GNUNET_break (0); // revocation not supported
+ /* should be just an update (revocation!), so update existing entry */
+ // hsk->validity_duration = validity_duration;
+ return;
+ }
GNUNET_assert (NULL != sm_pub);
check_esign_sm_pub (sm_pub);
hsk = GNUNET_new (struct HelperSignkey);
-// hsk->start_time = start_time;
-// hsk->validity_duration = validity_duration;
-
- // need to cast because secmod works with TALER_ExchangePublicKeyP
- struct DONAU_DonauPublicKeyP donau_pubkey = {.eddsa_pub =
- donau_pub->eddsa_pub};
+ hsk->start_time = start_time;
+ hsk->validity_duration = validity_duration;
hsk->donau_pub = donau_pubkey;
+ {
+ struct DONAUDB_SignkeyMetaData meta = {
+ .valid_from = start_time,
+ .expire_sign
+ = GNUNET_TIME_absolute_to_timestamp (
+ GNUNET_TIME_absolute_add (start_time.abs_time,
+ validity_duration)),
+ .expire_legal
+ /* FIXME: make this configurable, not fixed to 10 years */
+ = GNUNET_TIME_absolute_to_timestamp (
+ GNUNET_TIME_absolute_add (start_time.abs_time,
+ GNUNET_TIME_relative_multiply (
+ GNUNET_TIME_UNIT_YEARS,
+ 10))),
+ };
+
+ qs = DH_plugin->insert_signing_key (
+ DH_plugin->cls,
+ &donau_pubkey,
+ &meta);
+ }
+ if (qs < 0)
+ {
+ // ...
+ }
GNUNET_assert (
GNUNET_OK ==
GNUNET_CONTAINER_multipeermap_put (
@@ -1651,6 +1729,8 @@ helper_esign_cb (
&pid,
hsk,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY));
+ key_generation++;
+ DH_resume_keys_requests (false);
}
@@ -1843,7 +1923,6 @@ build_key_state (struct HelperState *hs)
/* NOTE: fetches master-signed signkeys, but ALSO those that were revoked! */
GNUNET_break (GNUNET_OK ==
DH_plugin->preflight (DH_plugin->cls));
-
qs = DH_plugin->iterate_donation_units (DH_plugin->cls,
&donation_unit_info_cb,
ksh);
@@ -1856,9 +1935,15 @@ build_key_state (struct HelperState *hs)
return NULL;
}
/* NOTE: ONLY fetches active signkeys! */
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Fetching active signing keys from DB\n");
+
qs = DH_plugin->iterate_active_signing_keys (DH_plugin->cls,
&iterate_active_signing_keys_cb,
ksh);
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Fetched %d active signing keys from DB\n",
+ qs);
if (qs < 0)
{
GNUNET_break (0);
@@ -1889,7 +1974,8 @@ DH_keys_update_states ()
// .type = htons (TALER_DBEVENT_DONAU_KEYS_UPDATED),
};
- DH_plugin->event_notify (DH_plugin->cls, &es,
+ DH_plugin->event_notify (DH_plugin->cls,
+ &es,
NULL,
0);
key_generation++;
@@ -2037,7 +2123,8 @@ DH_handler_keys (struct DH_RequestContext *rc,
&insert_donation_unit_cb,
&kbc);
GNUNET_CONTAINER_multipeermap_iterate (ksh->helpers->esign_keys,
- &add_signkey_cb, &kbc);
+ &add_signkey_cb,
+ &kbc);
reply = GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("version",
DONAU_PROTOCOL_VERSION),
