commit cf373e704ec8eb79a1ba6dd5dd9100467614773a
parent da49bcc1c33ab09ad9f1a756b886a83c1ce147e1
Author: Casaburi Johannes <johannes.casaburi@students.bfh.ch>
Date: Wed, 13 Mar 2024 16:46:03 +0100
working on keys path, signing keys not found
Diffstat:
1 file changed, 81 insertions(+), 65 deletions(-)
diff --git a/src/donau/donau-httpd_keys.c b/src/donau/donau-httpd_keys.c
@@ -253,22 +253,33 @@ struct HelperDonationUnit
};
+
/**
- * Information about a signing key on offer by the sign helper.
+ * Information about a signing key on offer by the esign helper.
*/
struct HelperSignkey
{
/**
* When will the helper start to use this key for signing?
*/
- // struct GNUNET_TIME_Timestamp start_time;
- int year;
+ struct GNUNET_TIME_Timestamp start_time;
+
+ /**
+ * For how long will the helper allow signing? 0 if
+ * the key was revoked or purged.
+ */
+ struct GNUNET_TIME_Relative validity_duration;
/**
* The public key.
*/
struct DONAU_DonauPublicKeyP donau_pub;
+ /**
+ * Signature over this key from the security module's key.
+ */
+ struct TALER_SecurityModuleSignatureP sm_sig;
+
};
/**
@@ -517,23 +528,19 @@ add_sign_key_cb (void *cls,
sk->meta.valid_from.abs_time,
sk->meta.expire_sign.abs_time));
}
- GNUNET_assert (0 == json_array_append_new (ctx->signkeys, GNUNET_JSON_PACK (
- GNUNET_JSON_pack_timestamp (
- "stamp_start",
- sk->
- meta.valid_from),
- GNUNET_JSON_pack_timestamp (
- "stamp_expire",
- sk->
- meta.expire_sign),
- GNUNET_JSON_pack_timestamp (
- "stamp_end",
- sk->
- meta.expire_legal),
- GNUNET_JSON_pack_data_auto (
- "key",
- &sk->
- donau_pub))));
+ GNUNET_assert (
+ 0 ==
+ json_array_append_new (
+ ctx->signkeys,
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_timestamp ("stamp_start",
+ sk->meta.valid_from),
+ GNUNET_JSON_pack_timestamp ("stamp_expire",
+ sk->meta.expire_sign),
+ // GNUNET_JSON_pack_timestamp ("stamp_end",
+ // sk->meta.expire_legal),
+ GNUNET_JSON_pack_data_auto ("key",
+ &sk->donau_pub))));
return GNUNET_OK;
}
@@ -695,16 +702,16 @@ create_krd (struct DH_KeyStateHandle *ksh,
// }
// }
- // {
- // const struct SigningKey *sk;
-//
-// sk = GNUNET_CONTAINER_multipeermap_get (ksh->signkey_map,
-// (const struct GNUNET_PeerIdentity *)
-// &donau_pub);
-//
-// ksh->signature_expires = GNUNET_TIME_timestamp_min (sk->meta.expire_sign,
-// ksh->signature_expires);
-// }
+ {
+ const struct SigningKey *sk;
+
+ sk = GNUNET_CONTAINER_multipeermap_get (ksh->signkey_map,
+ (const struct GNUNET_PeerIdentity *)
+ &donau_pub);
+
+ ksh->signature_expires = GNUNET_TIME_timestamp_min (sk->meta.expire_sign,
+ ksh->signature_expires);
+ }
keys = GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("version",
@@ -713,8 +720,8 @@ create_krd (struct DH_KeyStateHandle *ksh,
DH_base_url),
GNUNET_JSON_pack_string ("currency",
DH_currency),
- // GNUNET_JSON_pack_array_incref ("signkeys",
- // signkeys),
+ GNUNET_JSON_pack_array_incref ("signkeys",
+ signkeys),
GNUNET_JSON_pack_array_incref ("donation_units",
grouped_donation_units),
GNUNET_JSON_pack_data_auto ("donau_pub",
@@ -877,8 +884,20 @@ finish_keys_response (struct DH_KeyStateHandle *ksh)
sctx.signkeys = json_array ();
GNUNET_assert (NULL != sctx.signkeys);
sctx.min_sk_frequency = GNUNET_TIME_UNIT_FOREVER_REL;
- GNUNET_CONTAINER_multipeermap_iterate (ksh->signkey_map, &add_sign_key_cb,
+
+ GNUNET_CONTAINER_multipeermap_iterate (ksh->signkey_map,
+ &add_sign_key_cb,
&sctx);
+
+ if (0 == json_array_size (sctx.signkeys))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "No online signing keys available. Refusing to generate /keys response.\n")
+ ;
+ ret = GNUNET_NO;
+ goto CLEANUP;
+ }
+
heap = GNUNET_CONTAINER_heap_create (GNUNET_CONTAINER_HEAP_ORDER_MAX);
{
struct DonationUnitKeyCtx dkc = {
@@ -1113,7 +1132,8 @@ finish_keys_response (struct DH_KeyStateHandle *ksh)
CLEANUP:
json_decref (grouped_donation_units);
- json_decref (sctx.signkeys);
+ if (NULL != sctx.signkeys)
+ json_decref (sctx.signkeys);
return ret;
}
@@ -1395,26 +1415,15 @@ static void
destroy_key_state (struct DH_KeyStateHandle *ksh,
bool free_helper)
{
- // struct DH_GlobalFee *gf;
-
clear_response_cache (ksh);
- // while (NULL != (gf = ksh->gf_head))
- // {
- // GNUNET_CONTAINER_DLL_remove (ksh->gf_head,
- // ksh->gf_tail,
- // gf);
- // GNUNET_free (gf);
- // }
+
GNUNET_CONTAINER_multihashmap_iterate (ksh->donation_unit_map,
&clear_donation_unit_cb, ksh);
GNUNET_CONTAINER_multihashmap_destroy (ksh->donation_unit_map);
GNUNET_CONTAINER_multipeermap_iterate (ksh->signkey_map, &clear_signkey_cb,
ksh);
GNUNET_CONTAINER_multipeermap_destroy (ksh->signkey_map);
- // json_decref (ksh->auditors);
- // ksh->auditors = NULL;
- // json_decref (ksh->global_fees);
- // ksh->global_fees = NULL;
+
if (free_helper)
{
destroy_key_helpers (ksh->helpers);
@@ -1942,31 +1951,38 @@ add_signkey_cb (void *cls,
struct HelperSignkey *hsk = value;
struct SigningKey *sk;
- // struct GNUNET_TIME_Timestamp stamp_expire;
+ struct GNUNET_TIME_Timestamp stamp_expire;
// struct GNUNET_TIME_Timestamp legal_end;
- sk = GNUNET_CONTAINER_multipeermap_get (kbc->ksh->signkey_map, pid);
- if (NULL != sk)
- return GNUNET_OK; /* skip: this key is already active */
+ // sk = GNUNET_CONTAINER_multipeermap_get (kbc->ksh->signkey_map, pid);
+ // if (NULL != sk)
+ // return GNUNET_OK; /* skip: this key is already active */
+
// if (GNUNET_TIME_relative_is_zero (hsk->validity_duration))
// return GNUNET_OK; /* this key already expired! */
- // stamp_expire = GNUNET_TIME_absolute_to_timestamp (
- // GNUNET_TIME_absolute_add (hsk->start_time.abs_time,
- // hsk->validity_duration));
+
+ stamp_expire = GNUNET_TIME_absolute_to_timestamp (
+ GNUNET_TIME_absolute_add (hsk->start_time.abs_time,
+ hsk->validity_duration));
+
// legal_end = GNUNET_TIME_absolute_to_timestamp (
// GNUNET_TIME_absolute_add (stamp_expire.abs_time,
// signkey_legal_duration));
- GNUNET_assert (
- 0 == json_array_append_new (kbc->signkeys, GNUNET_JSON_PACK (
- GNUNET_JSON_pack_data_auto ("key",
- &hsk->donau_pub) // ,
- // GNUNET_JSON_pack_timestamp ("stamp_end",
- // legal_end),
- // GNUNET_JSON_pack_data_auto ("year",
- // &hsk->year) // ,
- // GNUNET_JSON_pack_data_auto ("signkey_secmod_sig",
- // &hsk->sm_sig)
- )));
+
+ GNUNET_assert (0 ==
+ json_array_append_new (
+ kbc->signkeys,
+ GNUNET_JSON_PACK (
+ GNUNET_JSON_pack_data_auto ("key",
+ &hsk->donau_pub),
+ GNUNET_JSON_pack_timestamp ("stamp_start",
+ hsk->start_time),
+ GNUNET_JSON_pack_timestamp ("stamp_expire",
+ stamp_expire),
+ // GNUNET_JSON_pack_timestamp ("stamp_end",
+ // legal_end),
+ GNUNET_JSON_pack_data_auto ("signkey_secmod_sig",
+ &hsk->sm_sig))));
return GNUNET_OK;
}
