exchangedb_lib.h (32197B)
1 /* 2 This file is part of TALER 3 Copyright (C) 2014-2020 Taler Systems SA 4 5 TALER is free software; you can redistribute it and/or modify it under the 6 terms of the GNU General Public License as published by the Free Software 7 Foundation; either version 3, or (at your option) any later version. 8 9 TALER is distributed in the hope that it will be useful, but WITHOUT ANY 10 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR 11 A PARTICULAR PURPOSE. See the GNU General Public License for more details. 12 13 You should have received a copy of the GNU General Public License along with 14 TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> 15 */ 16 /** 17 * @file include/exchangedb_lib.h 18 * @brief IO operations for the exchange's private keys 19 * @author Florian Dold 20 * @author Benedikt Mueller 21 * @author Christian Grothoff 22 */ 23 #ifndef TALER_EXCHANGEDB_LIB_H 24 #define TALER_EXCHANGEDB_LIB_H 25 26 #include <taler/taler_signatures.h> 27 #include <taler/taler_bank_service.h> 28 #include <taler/taler_kyclogic_lib.h> 29 #include <taler/taler_util.h> 30 31 32 /** 33 * Detailed status for persisting an AML program result. 34 */ 35 enum TALER_EXCHANGEDB_PersistProgramResultStatus 36 { 37 TALER_EXCHANGEDB_PPRS_OK = 0, 38 TALER_EXCHANGEDB_PPRS_BAD_OUTCOME = 1, 39 }; 40 41 42 /** 43 * Information about a denomination key. 44 */ 45 struct TALER_EXCHANGEDB_DenominationKeyInformation 46 { 47 48 /** 49 * Signature over this struct to affirm the validity of the key. 50 */ 51 struct TALER_MasterSignatureP signature; 52 53 /** 54 * Start time of the validity period for this key. 55 */ 56 struct GNUNET_TIME_Timestamp start; 57 58 /** 59 * The exchange will sign fresh coins between @e start and this time. 60 * @e expire_withdraw will be somewhat larger than @e start to 61 * ensure a sufficiently large anonymity set, while also allowing 62 * the Exchange to limit the financial damage in case of a key being 63 * compromised. Thus, exchanges with low volume are expected to have a 64 * longer withdraw period (@e expire_withdraw - @e start) than exchanges 65 * with high transaction volume. The period may also differ between 66 * types of coins. A exchange may also have a few denomination keys 67 * with the same value with overlapping validity periods, to address 68 * issues such as clock skew. 69 */ 70 struct GNUNET_TIME_Timestamp expire_withdraw; 71 72 /** 73 * Coins signed with the denomination key must be spent or refreshed 74 * between @e start and this expiration time. After this time, the 75 * exchange will refuse transactions involving this key as it will 76 * "drop" the table with double-spending information (shortly after) 77 * this time. Note that wallets should refresh coins significantly 78 * before this time to be on the safe side. @e expire_deposit must be 79 * significantly larger than @e expire_withdraw (by months or even 80 * years). 81 */ 82 struct GNUNET_TIME_Timestamp expire_deposit; 83 84 /** 85 * When do signatures with this denomination key become invalid? 86 * After this point, these signatures cannot be used in (legal) 87 * disputes anymore, as the Exchange is then allowed to destroy its side 88 * of the evidence. @e expire_legal is expected to be significantly 89 * larger than @e expire_deposit (by a year or more). 90 */ 91 struct GNUNET_TIME_Timestamp expire_legal; 92 93 /** 94 * The value of the coins signed with this denomination key. 95 */ 96 struct TALER_Amount value; 97 98 /** 99 * Fees for the coin. 100 */ 101 struct TALER_DenomFeeSet fees; 102 103 /** 104 * Hash code of the denomination public key. (Used to avoid having 105 * the variable-size RSA key in this struct.) 106 */ 107 struct TALER_DenominationHashP denom_hash; 108 109 /** 110 * If denomination was setup for age restriction, non-zero age mask. 111 * Note that the mask is not part of the signature. 112 */ 113 struct TALER_AgeMask age_mask; 114 }; 115 116 117 GNUNET_NETWORK_STRUCT_BEGIN 118 119 /** 120 * Events signalling that a coin deposit status 121 * changed. 122 */ 123 struct TALER_EXCHANGEDB_CoinDepositEventP 124 { 125 /** 126 * Of type #TALER_DBEVENT_EXCHANGE_DEPOSIT_STATUS_CHANGED. 127 */ 128 struct GNUNET_DB_EventHeaderP header; 129 130 /** 131 * Public key of the merchant. 132 */ 133 struct TALER_MerchantPublicKeyP merchant_pub; 134 135 }; 136 137 /** 138 * Events signalling a reserve got funding. 139 */ 140 struct TALER_EXCHANGEDB_ReserveEventP 141 { 142 /** 143 * Of type #TALER_DBEVENT_EXCHANGE_RESERVE_INCOMING. 144 */ 145 struct GNUNET_DB_EventHeaderP header; 146 147 /** 148 * Public key of the reserve the event is about. 149 */ 150 struct TALER_ReservePublicKeyP reserve_pub; 151 }; 152 153 154 /** 155 * Signature of events signalling a purse changed its status. 156 */ 157 struct TALER_EXCHANGEDB_PurseEventP 158 { 159 /** 160 * Of type #TALER_DBEVENT_EXCHANGE_PURSE_MERGED or 161 * #TALER_DBEVENT_EXCHANGE_PURSE_DEPOSITED. 162 */ 163 struct GNUNET_DB_EventHeaderP header; 164 165 /** 166 * Public key of the purse the event is about. 167 */ 168 struct TALER_PurseContractPublicKeyP purse_pub; 169 }; 170 171 172 /** 173 * Signature of events signalling a KYC process was completed. 174 */ 175 struct TALER_EXCHANGEDB_KycCompletedEventP 176 { 177 /** 178 * Of type #TALER_DBEVENT_EXCHANGE_KYC_COMPLETED. 179 */ 180 struct GNUNET_DB_EventHeaderP header; 181 182 /** 183 * Hash of payto://-URI for which the KYC state changed. 184 */ 185 struct TALER_NormalizedPaytoHashP h_payto; 186 }; 187 188 189 GNUNET_NETWORK_STRUCT_END 190 191 /** 192 * Meta data about an exchange online signing key. 193 */ 194 struct TALER_EXCHANGEDB_SignkeyMetaData 195 { 196 /** 197 * Start time of the validity period for this key. 198 */ 199 struct GNUNET_TIME_Timestamp start; 200 201 /** 202 * The exchange will sign messages with this key between @e start and this time. 203 */ 204 struct GNUNET_TIME_Timestamp expire_sign; 205 206 /** 207 * When do signatures with this sign key become invalid? 208 * After this point, these signatures cannot be used in (legal) 209 * disputes anymore, as the Exchange is then allowed to destroy its side 210 * of the evidence. @e expire_legal is expected to be significantly 211 * larger than @e expire_sign (by a year or more). 212 */ 213 struct GNUNET_TIME_Timestamp expire_legal; 214 215 }; 216 217 218 /** 219 * @brief All information about a denomination key (which is used to 220 * sign coins into existence). 221 */ 222 struct TALER_EXCHANGEDB_DenominationKey 223 { 224 /** 225 * The private key of the denomination. Will be NULL if the private 226 * key is not available (this is the case after the key has expired 227 * for signing coins, but is still valid for depositing coins). 228 */ 229 struct TALER_DenominationPrivateKey denom_priv; 230 231 /** 232 * Decoded denomination public key (the hash of it is in 233 * @e issue, but we sometimes need the full public key as well). 234 */ 235 struct TALER_DenominationPublicKey denom_pub; 236 237 /** 238 * Signed public information about a denomination key. 239 */ 240 struct TALER_EXCHANGEDB_DenominationKeyInformation issue; 241 }; 242 243 244 /** 245 * @brief A summary of a Reserve 246 */ 247 struct TALER_EXCHANGEDB_Reserve 248 { 249 /** 250 * The reserve's public key. This uniquely identifies the reserve 251 */ 252 struct TALER_ReservePublicKeyP pub; 253 254 /** 255 * The balance amount existing in the reserve 256 */ 257 struct TALER_Amount balance; 258 259 /** 260 * The expiration date of this reserve; funds will be wired back 261 * at this time. 262 */ 263 struct GNUNET_TIME_Timestamp expiry; 264 265 /** 266 * The legal expiration date of this reserve; we will forget about 267 * it at this time. 268 */ 269 struct GNUNET_TIME_Timestamp gc; 270 }; 271 272 273 /** 274 * Public key to which a nonce is locked. 275 */ 276 union TALER_EXCHANGEDB_NonceLockTargetP 277 { 278 /** 279 * Nonce is locked to this coin key. 280 */ 281 struct TALER_CoinSpendPublicKeyP coin; 282 283 /** 284 * Nonce is locked to this reserve key. 285 */ 286 struct TALER_ReservePublicKeyP reserve; 287 }; 288 289 290 /** 291 * @brief Data about a coin for a deposit operation. 292 */ 293 struct TALER_EXCHANGEDB_CoinDepositInformation 294 { 295 /** 296 * Information about the coin that is being deposited. 297 */ 298 struct TALER_CoinPublicInfo coin; 299 300 /** 301 * ECDSA signature affirming that the customer intends 302 * this coin to be deposited at the merchant identified 303 * by @e h_wire in relation to the proposal data identified 304 * by @e h_contract_terms. 305 */ 306 struct TALER_CoinSpendSignatureP csig; 307 308 /** 309 * Fraction of the coin's remaining value to be deposited, including 310 * depositing fee (if any). The coin is identified by @e coin_pub. 311 */ 312 struct TALER_Amount amount_with_fee; 313 314 }; 315 316 317 /** 318 * @brief Data from a batch deposit operation. 319 */ 320 struct TALER_EXCHANGEDB_BatchDeposit 321 { 322 323 /** 324 * Public key of the merchant. Enables later identification 325 * of the merchant in case of a need to rollback transactions. 326 */ 327 struct TALER_MerchantPublicKeyP merchant_pub; 328 329 /** 330 * Signature of the merchant over the contract, of purpose 331 * #TALER_SIGNATURE_MERCHANT_CONTRACT. 332 */ 333 struct TALER_MerchantSignatureP merchant_sig; 334 335 /** 336 * Hash over the proposal data between merchant and customer 337 * (remains unknown to the Exchange). 338 */ 339 struct TALER_PrivateContractHashP h_contract_terms; 340 341 /** 342 * Hash over additional inputs by the wallet. 343 */ 344 struct GNUNET_HashCode wallet_data_hash; 345 346 /** 347 * Unsalted hash over @e receiver_wire_account. 348 */ 349 struct TALER_FullPaytoHashP wire_target_h_payto; 350 351 /** 352 * Salt used by the merchant to compute "h_wire". 353 */ 354 struct TALER_WireSaltP wire_salt; 355 356 /** 357 * Time when this request was generated. Used, for example, to 358 * assess when (roughly) the income was achieved for tax purposes. 359 * Note that the Exchange will only check that the timestamp is not "too 360 * far" into the future (i.e. several days). The fact that the 361 * timestamp falls within the validity period of the coin's 362 * denomination key is irrelevant for the validity of the deposit 363 * request, as obviously the customer and merchant could conspire to 364 * set any timestamp. Also, the Exchange must accept very old deposit 365 * requests, as the merchant might have been unable to transmit the 366 * deposit request in a timely fashion (so back-dating is not 367 * prevented). 368 */ 369 struct GNUNET_TIME_Timestamp wallet_timestamp; 370 371 /** 372 * How much time does the merchant have to issue a refund request? 373 * Zero if refunds are not allowed. After this time, the coin 374 * cannot be refunded. 375 */ 376 struct GNUNET_TIME_Timestamp refund_deadline; 377 378 /** 379 * How much time does the merchant have to execute the wire transfer? 380 * This time is advisory for aggregating transactions, not a hard 381 * constraint (as the merchant can theoretically pick any time, 382 * including one in the past). 383 */ 384 struct GNUNET_TIME_Timestamp wire_deadline; 385 386 /** 387 * Row ID of the policy details; 0 if no policy applies. 388 */ 389 uint64_t policy_details_serial_id; 390 391 /** 392 * Information about the receiver for executing the transaction. URI in 393 * payto://-format. 394 */ 395 struct TALER_FullPayto receiver_wire_account; 396 397 /** 398 * Optional extra information to include in the wire transfer 399 * subject. 400 */ 401 const char *extra_wire_subject_metadata; 402 403 /** 404 * Array about the coins that are being deposited. 405 */ 406 const struct TALER_EXCHANGEDB_CoinDepositInformation *cdis; 407 408 /** 409 * Length of the @e cdis array. 410 */ 411 unsigned int num_cdis; 412 413 /** 414 * False if @e wallet_data_hash was provided 415 */ 416 bool no_wallet_data_hash; 417 418 /** 419 * True if further processing is blocked by policy. 420 */ 421 bool policy_blocked; 422 423 }; 424 425 426 /** 427 * @brief Data from a deposit operation. The combination of 428 * the coin's public key, the merchant's public key and the 429 * transaction ID must be unique. While a coin can (theoretically) be 430 * deposited at the same merchant twice (with partial spending), the 431 * merchant must either use a different public key or a different 432 * transaction ID for the two transactions. The same coin must not 433 * be used twice at the same merchant for the same transaction 434 * (as determined by transaction ID). 435 */ 436 struct TALER_EXCHANGEDB_Deposit 437 { 438 /** 439 * Information about the coin that is being deposited. 440 */ 441 struct TALER_CoinPublicInfo coin; 442 443 /** 444 * ECDSA signature affirming that the customer intends 445 * this coin to be deposited at the merchant identified 446 * by @e h_wire in relation to the proposal data identified 447 * by @e h_contract_terms. 448 */ 449 struct TALER_CoinSpendSignatureP csig; 450 451 /** 452 * Public key of the merchant. Enables later identification 453 * of the merchant in case of a need to rollback transactions. 454 */ 455 struct TALER_MerchantPublicKeyP merchant_pub; 456 457 /** 458 * Hash over the proposal data between merchant and customer 459 * (remains unknown to the Exchange). 460 */ 461 struct TALER_PrivateContractHashP h_contract_terms; 462 463 /** 464 * Salt used by the merchant to compute "h_wire". 465 */ 466 struct TALER_WireSaltP wire_salt; 467 468 /** 469 * Hash over inputs from the wallet to customize the contract. 470 */ 471 struct GNUNET_HashCode wallet_data_hash; 472 473 /** 474 * Hash over the policy data for this deposit (remains unknown to the 475 * Exchange). Needed for the verification of the deposit's signature 476 */ 477 struct TALER_ExtensionPolicyHashP h_policy; 478 479 /** 480 * Time when this request was generated. Used, for example, to 481 * assess when (roughly) the income was achieved for tax purposes. 482 * Note that the Exchange will only check that the timestamp is not "too 483 * far" into the future (i.e. several days). The fact that the 484 * timestamp falls within the validity period of the coin's 485 * denomination key is irrelevant for the validity of the deposit 486 * request, as obviously the customer and merchant could conspire to 487 * set any timestamp. Also, the Exchange must accept very old deposit 488 * requests, as the merchant might have been unable to transmit the 489 * deposit request in a timely fashion (so back-dating is not 490 * prevented). 491 */ 492 struct GNUNET_TIME_Timestamp timestamp; 493 494 /** 495 * How much time does the merchant have to issue a refund request? 496 * Zero if refunds are not allowed. After this time, the coin 497 * cannot be refunded. 498 */ 499 struct GNUNET_TIME_Timestamp refund_deadline; 500 501 /** 502 * How much time does the merchant have to execute the wire transfer? 503 * This time is advisory for aggregating transactions, not a hard 504 * constraint (as the merchant can theoretically pick any time, 505 * including one in the past). 506 */ 507 struct GNUNET_TIME_Timestamp wire_deadline; 508 509 /** 510 * Fraction of the coin's remaining value to be deposited, including 511 * depositing fee (if any). The coin is identified by @e coin_pub. 512 */ 513 struct TALER_Amount amount_with_fee; 514 515 /** 516 * Depositing fee. 517 */ 518 struct TALER_Amount deposit_fee; 519 520 /** 521 * Information about the receiver for executing the transaction. URI in 522 * payto://-format. 523 */ 524 struct TALER_FullPayto receiver_wire_account; 525 526 /** 527 * True if @e policy_json was provided 528 */ 529 bool has_policy; 530 531 /** 532 * True if @e wallet_data_hash is not in use. 533 */ 534 bool no_wallet_data_hash; 535 536 }; 537 538 539 /** 540 * @brief Specification for coin in a melt operation. 541 */ 542 struct TALER_EXCHANGEDB_Refresh 543 { 544 /** 545 * Information about the coin that is being melted. 546 */ 547 struct TALER_CoinPublicInfo coin; 548 549 /** 550 * Signature over the melting operation. 551 */ 552 struct TALER_CoinSpendSignatureP coin_sig; 553 554 /** 555 * Refresh commitment this coin is melted into. 556 */ 557 struct TALER_RefreshCommitmentP rc; 558 559 /** 560 * How much value is being melted? This amount includes the fees, 561 * so the final amount contributed to the melt is this value minus 562 * the fee for melting the coin. We include the fee in what is 563 * being signed so that we can verify a reserve's remaining total 564 * balance without needing to access the respective denomination key 565 * information each time. 566 */ 567 struct TALER_Amount amount_with_fee; 568 569 /** 570 * Index (smaller #TALER_CNC_KAPPA) which the exchange has chosen to not 571 * have revealed during cut and choose. 572 */ 573 uint32_t noreveal_index; 574 575 }; 576 577 578 /** 579 * Information about a /purses/$PID/deposit operation. 580 */ 581 struct TALER_EXCHANGEDB_PurseDeposit 582 { 583 584 /** 585 * Exchange hosting the purse, NULL for this exchange. 586 */ 587 char *exchange_base_url; 588 589 /** 590 * Public key of the purse. 591 */ 592 struct TALER_PurseContractPublicKeyP purse_pub; 593 594 /** 595 * Contribution of the coin to the purse, including 596 * deposit fee. 597 */ 598 struct TALER_Amount amount; 599 600 /** 601 * Depositing fee. 602 */ 603 struct TALER_Amount deposit_fee; 604 605 /** 606 * Signature by the coin affirming the deposit. 607 */ 608 struct TALER_CoinSpendSignatureP coin_sig; 609 610 /** 611 * Public key of the coin. 612 */ 613 struct TALER_CoinSpendPublicKeyP coin_pub; 614 615 /** 616 * Hash of the age commitment used to sign the coin, if age restriction was 617 * applicable to the denomination. May be all zeroes if no age restriction 618 * applies. 619 */ 620 struct TALER_AgeCommitmentHashP h_age_commitment; 621 622 /** 623 * Set to true if @e h_age_commitment is not available. 624 */ 625 bool no_age_commitment; 626 627 }; 628 629 630 /** 631 * Information about a melt operation since vDOLDPLUS of the protocol. 632 * This also includes the information for the reveal phase. 633 */ 634 struct TALER_EXCHANGEDB_Refresh_vDOLDPLUS 635 { 636 /** 637 * Information about the coin that is being melted. 638 */ 639 struct TALER_CoinPublicInfo coin; 640 641 /** 642 * Signature over the melting operation. 643 */ 644 struct TALER_CoinSpendSignatureP coin_sig; 645 646 /** 647 * Refresh commitment this coin is melted into. 648 */ 649 struct TALER_RefreshCommitmentP rc; 650 651 /** 652 * True if the client has successfully performed the reveal part 653 * of the refresh protocol, after the melt. 654 */ 655 bool is_revealed; 656 657 /** 658 * @since vDOLDPLUS 659 * Mark if we have a v27 Refresh object. 660 * That is, the @a refresh_seed refers to the vDOLDPLUS master_refresh_seed 661 * from the original request, AND the client has provided transfer public keys, 662 * see below, @a transfer_public_keys 663 */ 664 bool is_v27_refresh; 665 666 /** 667 * Public seed from which the refresh nonces (v27) or transfer secrets (vDOLDPLUS) 668 * per coin candidate were derived from. 669 */ 670 struct TALER_PublicRefreshMasterSeedP refresh_seed; 671 672 /** 673 * How much value is being melted? This amount includes the fees, 674 * so the final amount contributed to the melt is this value minus 675 * the fee for melting the coin. We include the fee in what is 676 * being signed so that we can verify a reserve's remaining total 677 * balance without needing to access the respective denomination key 678 * information each time. 679 */ 680 struct TALER_Amount amount_with_fee; 681 682 /** 683 * Number of coins to be refreshed into 684 */ 685 size_t num_coins; 686 687 /** 688 * The running hash over all kappa * @a num_coins blinded coin envelopes, provided by 689 * the client. 690 */ 691 struct TALER_HashBlindedPlanchetsP planchets_h; 692 693 /** 694 * The running hash over all chosen (noreveal_index) @a num_coins blinded coin envelopes. 695 */ 696 struct TALER_HashBlindedPlanchetsP selected_h; 697 698 /** 699 * Array of @a num_coins denomination signatures of the blinded coins. 700 */ 701 struct TALER_BlindedDenominationSignature *denom_sigs; 702 703 /** 704 * If @a is_v27_refresh is false, the client performed a vDOLDPLUS refresh, 705 * and has provided @a num_coins * kappa transfer public keys. 706 * This is the chosen (at index @a noreveal_index) array of @a num_coins transfer public keys. 707 */ 708 struct TALER_TransferPublicKeyP *transfer_pubs; 709 710 /** 711 * Array of @a num_coins serial id's of the denominations. 712 * If @e coin.no_age_commitment is false, the denominations 713 * MUST support age restriction. 714 */ 715 uint64_t *denom_serials; 716 717 /** 718 * Index (smaller #TALER_CNC_KAPPA) which the exchange chose to not 719 * to be revealed during cut and choose. 720 */ 721 uint32_t noreveal_index; 722 723 /** 724 * True, if the client has successfully performed the reveal step 725 */ 726 bool revealed; 727 728 /** 729 * If true, no @e blinding_seed is set and @e num_cs_r_values is 0. 730 */ 731 bool no_blinding_seed; 732 733 /** 734 * If @e no_blinding_seed is false, the blinding seed for the nonces needed for 735 * blind CS signatures. 736 */ 737 struct TALER_BlindingMasterSeedP blinding_seed; 738 739 /** 740 * Number of elements in @e cs_r_values. 741 */ 742 size_t num_cs_r_values; 743 744 /** 745 * Array @e num_cs_r_values of public R-values for CS that were generated from the 746 * @e blinding_seed, a coin's index and the denomination's private key during the 747 * the /melt request, to ensure idempotency in case of expiration of a denomination. 748 * NULL if @e num_cs_r_values is 0. 749 */ 750 struct GNUNET_CRYPTO_CSPublicRPairP *cs_r_values; 751 752 /** 753 * If @e num_cs_r_values is not 0, the bitvector of choices for the pairs 754 * in @e cs_r_values that was made by the exchange. The vector is in NBO 755 * and the lowest bit represents the choice for the pair at index 0 into @e cs_r_values; 756 */ 757 uint64_t cs_r_choices; 758 759 /** 760 * [out]-Array of @a num_coins hashes of the public keys of the denominations 761 * identified by @e denom_serials. This field is set when calling 762 * get_refresh 763 */ 764 struct TALER_DenominationHashP *denom_pub_hashes; 765 }; 766 767 768 /** 769 * Generic KYC status for some operation. 770 */ 771 struct TALER_EXCHANGEDB_KycStatus 772 { 773 774 /** 775 * Account public key that is currently associated 776 * with the account. Only set if @e have_account_pub 777 * is true. 778 */ 779 union TALER_AccountPublicKeyP account_pub; 780 781 /** 782 * Number that identifies the KYC requirement the operation 783 * was about. 784 */ 785 uint64_t requirement_row; 786 787 /** 788 * True if @e account_pub is set. 789 */ 790 bool have_account_pub; 791 792 /** 793 * True if the KYC status is "satisfied". 794 */ 795 bool ok; 796 797 }; 798 799 800 /** 801 * Function called with details about incoming wire transfers. 802 * 803 * @param cls closure 804 * @param rowid unique serial ID for the refresh session in our DB 805 * @param reserve_pub public key of the reserve (also the wire subject) 806 * @param credit amount that was received 807 * @param sender_account_details information about the sender's bank account, in payto://-format 808 * @param wire_reference unique identifier for the wire transfer 809 * @param execution_date when did we receive the funds 810 * @return #GNUNET_OK to continue to iterate, #GNUNET_SYSERR to stop 811 */ 812 #ifndef TALER_EXCHANGEDB_RESERVE_IN_RESULT_CLOSURE 813 #define TALER_EXCHANGEDB_RESERVE_IN_RESULT_CLOSURE void 814 #endif 815 typedef enum GNUNET_GenericReturnValue 816 (*TALER_EXCHANGEDB_ReserveInCallback)( 817 TALER_EXCHANGEDB_RESERVE_IN_RESULT_CLOSURE *cls, 818 uint64_t rowid, 819 const struct TALER_ReservePublicKeyP *reserve_pub, 820 const struct TALER_Amount *credit, 821 const struct TALER_FullPayto sender_account_details, 822 uint64_t wire_reference, 823 struct GNUNET_TIME_Timestamp execution_date); 824 825 826 /** 827 * Function called with the results of the lookup of the 828 * wire transfer data of the exchange. 829 * 830 * @param cls closure 831 * @param rowid identifier of the respective row in the database 832 * @param date timestamp of the wire transfer (roughly) 833 * @param wtid wire transfer subject 834 * @param payto_uri details of the receiver, URI in payto://-format 835 * @param amount amount that was wired 836 * @return #GNUNET_OK to continue, #GNUNET_SYSERR to stop iteration 837 */ 838 #ifndef TALER_EXCHANGEDB_WIRE_TRANSFER_OUT_RESULT_CLOSURE 839 #define TALER_EXCHANGEDB_WIRE_TRANSFER_OUT_RESULT_CLOSURE void 840 #endif 841 typedef enum GNUNET_GenericReturnValue 842 (*TALER_EXCHANGEDB_WireTransferOutCallback)( 843 TALER_EXCHANGEDB_WIRE_TRANSFER_OUT_RESULT_CLOSURE *cls, 844 uint64_t rowid, 845 struct GNUNET_TIME_Timestamp date, 846 const struct TALER_WireTransferIdentifierRawP *wtid, 847 const struct TALER_FullPayto payto_uri, 848 const struct TALER_Amount *amount); 849 850 851 /** 852 * Function called with details about expired reserves. 853 * 854 * @param cls closure 855 * @param reserve_pub public key of the reserve 856 * @param left amount left in the reserve 857 * @param account_details information about the reserve's bank account, in payto://-format 858 * @param expiration_date when did the reserve expire 859 * @param close_request_row row that caused the reserve 860 * to be closed, 0 if it expired without request 861 * @return #GNUNET_OK on success, 862 * #GNUNET_NO to retry 863 * #GNUNET_SYSERR on hard failures (exit) 864 */ 865 #ifndef TALER_EXCHANGEDB_RESERVE_EXPIRED_RESULT_CLOSURE 866 #define TALER_EXCHANGEDB_RESERVE_EXPIRED_RESULT_CLOSURE void 867 #endif 868 typedef enum GNUNET_GenericReturnValue 869 (*TALER_EXCHANGEDB_ReserveExpiredCallback)( 870 TALER_EXCHANGEDB_RESERVE_EXPIRED_RESULT_CLOSURE *cls, 871 const struct TALER_ReservePublicKeyP *reserve_pub, 872 const struct TALER_Amount *left, 873 const struct TALER_FullPayto account_details, 874 struct GNUNET_TIME_Timestamp expiration_date, 875 uint64_t close_request_row); 876 877 878 /** 879 * Callback that is given AML-relevant transfer data. 880 * 881 * @param cls closure 882 * @param row_id current row in AML status table 883 * @param payto_uri account involved with the wire transfer 884 * @param execution_time when was the transfer made 885 * @param amount wire amount of the transfer 886 */ 887 #ifndef TALER_EXCHANGEDB_AML_TRANSFER_RESULT_CLOSURE 888 #define TALER_EXCHANGEDB_AML_TRANSFER_RESULT_CLOSURE void 889 #endif 890 typedef void 891 (*TALER_EXCHANGEDB_AmlTransferCallback)( 892 TALER_EXCHANGEDB_AML_TRANSFER_RESULT_CLOSURE *cls, 893 uint64_t row_id, 894 const char *payto_uri, 895 struct GNUNET_TIME_Absolute execution_time, 896 const struct TALER_Amount *amount); 897 898 899 /** 900 * Initialize the database connection. 901 * 902 * @param cfg configuration to use 903 * @return NULL on failure 904 */ 905 struct TALER_EXCHANGEDB_PostgresContext * 906 TALER_EXCHANGEDB_connect ( 907 const struct GNUNET_CONFIGURATION_Handle *cfg); 908 909 910 /** 911 * Initialize the database connection for administration. 912 * Disables the check that the database schema is current. 913 * 914 * @param cfg configuration to use 915 * @return NULL on failure 916 */ 917 struct TALER_EXCHANGEDB_PostgresContext * 918 TALER_EXCHANGEDB_connect_admin ( 919 const struct GNUNET_CONFIGURATION_Handle *cfg); 920 921 922 /** 923 * Shutdown the database connection. 924 * 925 * @param[in] pg connection to drop 926 */ 927 void 928 TALER_EXCHANGEDB_disconnect (struct TALER_EXCHANGEDB_PostgresContext *pg); 929 930 931 /** 932 * Meta data about a denomination public key. 933 * If this is changed, you must also adjust 934 * taler-exchange-httpd-post-management-keys.c::denomination_meta_cmp(). 935 */ 936 struct TALER_EXCHANGEDB_DenominationKeyMetaData 937 { 938 /** 939 * Serial of the denomination key as in the DB. 940 * Can be used calls to stored procedures in order to spare 941 * additional lookups. 942 */ 943 uint64_t serial; 944 945 /** 946 * Start time of the validity period for this key. 947 */ 948 struct GNUNET_TIME_Timestamp start; 949 950 /** 951 * The exchange will sign fresh coins between @e start and this time. 952 * @e expire_withdraw will be somewhat larger than @e start to 953 * ensure a sufficiently large anonymity set, while also allowing 954 * the Exchange to limit the financial damage in case of a key being 955 * compromised. Thus, exchanges with low volume are expected to have a 956 * longer withdraw period (@e expire_withdraw - @e start) than exchanges 957 * with high transaction volume. The period may also differ between 958 * types of coins. A exchange may also have a few denomination keys 959 * with the same value with overlapping validity periods, to address 960 * issues such as clock skew. 961 */ 962 struct GNUNET_TIME_Timestamp expire_withdraw; 963 964 /** 965 * Coins signed with the denomination key must be spent or refreshed 966 * between @e start and this expiration time. After this time, the 967 * exchange will refuse transactions involving this key as it will 968 * "drop" the table with double-spending information (shortly after) 969 * this time. Note that wallets should refresh coins significantly 970 * before this time to be on the safe side. @e expire_deposit must be 971 * significantly larger than @e expire_withdraw (by months or even 972 * years). 973 */ 974 struct GNUNET_TIME_Timestamp expire_deposit; 975 976 /** 977 * When do signatures with this denomination key become invalid? 978 * After this point, these signatures cannot be used in (legal) 979 * disputes anymore, as the Exchange is then allowed to destroy its side 980 * of the evidence. @e expire_legal is expected to be significantly 981 * larger than @e expire_deposit (by a year or more). 982 */ 983 struct GNUNET_TIME_Timestamp expire_legal; 984 985 /** 986 * The value of the coins signed with this denomination key. 987 */ 988 struct TALER_Amount value; 989 990 /** 991 * The fees the exchange charges for operations with 992 * coins of this denomination. 993 */ 994 struct TALER_DenomFeeSet fees; 995 996 /** 997 * Age restriction for the denomination. (can be zero). If not zero, the bits 998 * set in the mask mark the edges at the beginning of a next age group. F.e. 999 * for the age groups 1000 * 0-7, 8-9, 10-11, 12-14, 14-15, 16-17, 18-21, 21-* 1001 * the following bits are set: 1002 * 1003 * 31 24 16 8 0 1004 * | | | | | 1005 * oooooooo oo1oo1o1 o1o1o1o1 ooooooo1 1006 * 1007 * A value of 0 means that the denomination does not support the extension for 1008 * age-restriction. 1009 */ 1010 struct TALER_AgeMask age_mask; 1011 }; 1012 1013 1014 /** 1015 * Information about an account from the configuration. 1016 */ 1017 struct TALER_EXCHANGEDB_AccountInfo 1018 { 1019 /** 1020 * Authentication data. Only parsed if 1021 * #TALER_EXCHANGEDB_ALO_AUTHDATA was set. 1022 */ 1023 const struct TALER_BANK_AuthenticationData *auth; 1024 1025 /** 1026 * Section in the configuration file that specifies the 1027 * account. Must start with "exchange-account-". 1028 */ 1029 const char *section_name; 1030 1031 /** 1032 * Name of the wire method used by this account. 1033 */ 1034 const char *method; 1035 1036 /** 1037 * Full payto://-URI of the account. Do not free(), aliased 1038 * with the underlying `struct WireAccount`. 1039 */ 1040 struct TALER_FullPayto payto_uri; 1041 1042 /** 1043 * true if this account is enabled to be debited 1044 * by the taler-exchange-aggregator. 1045 */ 1046 bool debit_enabled; 1047 1048 /** 1049 * true if this account is enabled to be credited by wallets 1050 * and needs to be watched by the taler-exchange-wirewatch. 1051 * Also, the account will only be included in /wire if credit 1052 * is enabled. 1053 */ 1054 bool credit_enabled; 1055 }; 1056 1057 1058 /** 1059 * Function called with information about a wire account. 1060 * 1061 * @param cls closure 1062 * @param ai account information 1063 */ 1064 #ifndef TALER_EXCHANGEDB_ACCOUNT_RESULT_CLOSURE 1065 #define TALER_EXCHANGEDB_ACCOUNT_RESULT_CLOSURE void 1066 #endif 1067 typedef void 1068 (*TALER_EXCHANGEDB_AccountCallback)( 1069 TALER_EXCHANGEDB_ACCOUNT_RESULT_CLOSURE *cls, 1070 const struct TALER_EXCHANGEDB_AccountInfo *ai); 1071 1072 1073 /** 1074 * Return information about all accounts that 1075 * were loaded by #TALER_EXCHANGEDB_load_accounts(). 1076 * 1077 * @param cb callback to invoke 1078 * @param cb_cls closure for @a cb 1079 */ 1080 void 1081 TALER_EXCHANGEDB_find_accounts (TALER_EXCHANGEDB_AccountCallback cb, 1082 TALER_EXCHANGEDB_ACCOUNT_RESULT_CLOSURE *cb_cls) 1083 ; 1084 1085 1086 /** 1087 * Find the wire plugin for the given payto:// URL. 1088 * Only useful after the accounts have been loaded 1089 * using #TALER_EXCHANGEDB_load_accounts(). 1090 * 1091 * @param method wire method we need an account for 1092 * @return NULL on error 1093 */ 1094 const struct TALER_EXCHANGEDB_AccountInfo * 1095 TALER_EXCHANGEDB_find_account_by_method (const char *method); 1096 1097 1098 /** 1099 * Find the wire plugin for the given payto:// URL 1100 * Only useful after the accounts have been loaded 1101 * using #TALER_EXCHANGEDB_load_accounts(). 1102 * 1103 * @param url wire address we need an account for 1104 * @return NULL on error 1105 */ 1106 const struct TALER_EXCHANGEDB_AccountInfo * 1107 TALER_EXCHANGEDB_find_account_by_payto_uri ( 1108 const struct TALER_FullPayto url); 1109 1110 1111 /** 1112 * Options for #TALER_EXCHANGEDB_load_accounts() 1113 */ 1114 enum TALER_EXCHANGEDB_AccountLoaderOptions 1115 { 1116 TALER_EXCHANGEDB_ALO_NONE = 0, 1117 1118 /** 1119 * Load accounts enabled for DEBITs. 1120 */ 1121 TALER_EXCHANGEDB_ALO_DEBIT = 1, 1122 1123 /** 1124 * Load accounts enabled for CREDITs. 1125 */ 1126 TALER_EXCHANGEDB_ALO_CREDIT = 2, 1127 1128 /** 1129 * Load authentication data from the 1130 * "taler-accountcredentials-" section 1131 * to access the account at the bank. 1132 */ 1133 TALER_EXCHANGEDB_ALO_AUTHDATA = 4 1134 }; 1135 1136 1137 /** 1138 * Load account information op the exchange from @a cfg. 1139 * 1140 * @param cfg configuration to load from 1141 * @param options loader options 1142 * @return #GNUNET_OK on success, #GNUNET_NO if no accounts are configured 1143 */ 1144 enum GNUNET_GenericReturnValue 1145 TALER_EXCHANGEDB_load_accounts ( 1146 const struct GNUNET_CONFIGURATION_Handle *cfg, 1147 enum TALER_EXCHANGEDB_AccountLoaderOptions options); 1148 1149 1150 /** 1151 * Free resources allocated by 1152 * #TALER_EXCHANGEDB_load_accounts(). 1153 */ 1154 void 1155 TALER_EXCHANGEDB_unload_accounts (void); 1156 1157 1158 #endif