exchange

test_exchange_api.conf (11801B)

---

 # This file is in the public domain.
 #
 
 [PATHS]
 TALER_TEST_HOME = test_exchange_api_home
 TALER_HOME = ${TALER_TEST_HOME:-${HOME:-${USERPROFILE}}}
 TALER_EXCHANGE_DATA_HOME = ${XDG_DATA_HOME:-${TALER_HOME}/.local/share}/taler-exchange/
 TALER_AUDITOR_DATA_HOME = ${XDG_DATA_HOME:-${TALER_HOME}/.local/share}/taler-auditor/
 TALER_EXCHANGE_CONFIG_HOME = ${XDG_CONFIG_HOME:-${TALER_HOME}/.config}/taler-exchange/
 TALER_AUDITOR_CONFIG_HOME = ${XDG_CONFIG_HOME:-${TALER_HOME}/.config}/taler-auditor/
 TALER_EXCHANGE_CACHE_HOME = ${XDG_CACHE_HOME:-${TALER_HOME}/.cache}/taler-exchange/
 TALER_AUDITOR_CACHE_HOME = ${XDG_CACHE_HOME:-${TALER_HOME}/.cache}/taler-auditor/
 TALER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/taler-runtime/
 
 [libeufin-bank]
 CURRENCY = EUR
 DEFAULT_CUSTOMER_DEBT_LIMIT = EUR:200
 DEFAULT_ADMIN_DEBT_LIMIT = EUR:2000
 REGISTRATION_BONUS_ENABLED = yes
 REGISTRATION_BONUS = EUR:100
 SUGGESTED_WITHDRAWAL_EXCHANGE = http://localhost:8081/
 WIRE_TYPE = x-taler-bank
 X_TALER_BANK_PAYTO_HOSTNAME = localhost
 ALLOW_REGISTRATION = YES
 IBAN_PAYTO_BIC = SANDBOXX
 SERVE = tcp
 PORT = 8082
 PWD_HASH_CONFIG = { "cost": 4 }
 PWD_AUTH_COMPAT = yes
 BASE_URL = http://localhost:8082/
 
 [libeufin-bankdb-postgres]
 CONFIG = postgresql:///talercheck
 
 [auditor]
 BASE_URL = "http://localhost:8083/"
 PORT = 8083
 PUBLIC_KEY = D9ZMEJCFV92GRQ29ES2MM31HEKHQXCFAACG3Q70G42X9FMWM7S50
 TINY_AMOUNT = EUR:0.01
 TALER_AUDITOR_SALT = "salt"
 DB = postgres
 
 # Where do we store the auditor's private key?
 AUDITOR_PRIV_FILE = ${TALER_AUDITOR_DATA_HOME}offline-keys/auditor.priv
 
 [auditordb-postgres]
 CONFIG = "postgres:///talercheck"
 SQL_DIR = ${DATADIR}sql/
 
 [bank]
 HTTP_PORT = 8082
 
 [exchange]
 CURRENCY = EUR
 CURRENCY_ROUND_UNIT = EUR:0.01
 TINY_AMOUNT = EUR:0.01
 TERMS_ETAG = exchange-tos-tops-v0
 PRIVACY_ETAG = 0
 PORT = 8081
 MASTER_PUBLIC_KEY = S2PF0H375EQC7C0SQ6T8VH09GA1EVFBDXKS5KRBQAW8XW5KBHT9G
 DB = postgres
 BASE_URL = "http://localhost:8081/"
 EXPIRE_SHARD_SIZE ="300 ms"
 EXPIRE_IDLE_SLEEP_INTERVAL ="1 s"
 STEFAN_ABS = EUR:0
 STEFAN_LOG = EUR:0.005
 ENABLE_KYC = YES
 DISABLE_DIRECT_DEPOSIT = NO
 DB = postgres
 BASE_URL = http://localhost:8081/
 AGE_RESTRICTION_ENABLED = YES
 #AGE_GROUPS = "8:10:12:14:16:18:21"
 
 [exchangedb-postgres]
 CONFIG = "postgres:///talercheck"
 SQL_DIR = ${DATADIR}sql/
 DEFAULT_PURSE_LIMIT = 1
 
 [exchangedb]
 IDLE_RESERVE_EXPIRATION_TIME = 4 weeks
 LEGAL_RESERVE_EXPIRATION_TIME = 7 years
 AGGREGATOR_SHIFT = 1 s
 DEFAULT_PURSE_LIMIT = 1
 MAX_AML_PROGRAM_RUNTIME = 60 s
 
 [taler-exchange-secmod-cs]
 LOOKAHEAD_SIGN = "24 days"
 
 [taler-exchange-secmod-rsa]
 LOOKAHEAD_SIGN = "24 days"
 
 [taler-exchange-secmod-eddsa]
 LOOKAHEAD_SIGN = "24 days"
 DURATION = "14 days"
 
 
 [exchange-account-1]
 PAYTO_URI = "payto://x-taler-bank/localhost/2?receiver-name=2"
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
 
 [exchange-accountcredentials-1]
 WIRE_GATEWAY_AUTH_METHOD = none
 WIRE_GATEWAY_URL = "http://localhost:8082/accounts/2/taler-wire-gateway/"
 
 [admin-accountcredentials-1]
 WIRE_GATEWAY_AUTH_METHOD = none
 WIRE_GATEWAY_URL = "http://localhost:8082/accounts/2/taler-wire-gateway/"
 
 [exchange-account-2]
 PAYTO_URI = "payto://x-taler-bank/localhost/2?receiver-name=2"
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
 
 [exchange-accountcredentials-2]
 WIRE_GATEWAY_AUTH_METHOD = basic
 USERNAME = Exchange
 PASSWORD = password
 WIRE_GATEWAY_URL = "http://localhost:8082/accounts/2/taler-wire-gateway/"
 CORE_BANK_URL = "http://localhost:8082/accounts/2/"
 
 [admin-accountcredentials-2]
 WIRE_GATEWAY_AUTH_METHOD = basic
 # For now, fakebank still checks against the Exchange account...
 USERNAME = Exchange
 PASSWORD = password
 WIRE_GATEWAY_URL = "http://localhost:8082/accounts/2/taler-wire-gateway/"
 
 [exchange-account-3]
 PAYTO_URI = "payto://x-taler-bank/localhost/exchange?receiver-name=Exchange"
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
 
 [exchange-accountcredentials-3]
 WIRE_GATEWAY_AUTH_METHOD = basic
 USERNAME = exchange
 PASSWORD = password
 WIRE_GATEWAY_URL = "http://localhost:8082/accounts/exchange/taler-wire-gateway/"
 CORE_BANK_URL = "http://localhost:8082/accounts/exchange/"
 
 [admin-accountcredentials-3]
 WIRE_GATEWAY_AUTH_METHOD = basic
 USERNAME = exchange
 PASSWORD = password
 WIRE_GATEWAY_URL = "http://localhost:8082/accounts/exchange/taler-wire-gateway/"
 
 
 [exchange-offline]
 
 # Where do we store the offline master private key of the exchange?
 MASTER_PRIV_FILE = ${TALER_EXCHANGE_DATA_HOME}offline/master.priv
 
 # Where do we store the TOFU key material?
 SECM_TOFU_FILE = ${TALER_EXCHANGE_DATA_HOME}offline/secm_tofus.pub
 
 # Base32-encoded public key of the RSA helper.
 # SECM_DENOM_PUBKEY =
 
 # Base32-encoded public key of the EdDSA helper.
 # SECM_ESIGN_PUBKEY =
 
 
 [taler-exchange-secmod-cs]
 
 # How long should generated coins overlap in their validity
 # periods. Should be long enough to avoid problems with
 # wallets picking one key and then due to network latency
 # another key being valid.  The DURATION_WITHDRAW period
 # must be longer than this value.
 OVERLAP_DURATION = 5 m
 
 # Where do we store the generated private keys.
 KEY_DIR = ${TALER_EXCHANGE_DATA_HOME}secmod-cs/keys
 
 # Where does the helper listen for requests?
 UNIXPATH = ${TALER_RUNTIME_DIR}secmod-cs/server.sock
 
 # Directory for clients.
 CLIENT_DIR = ${TALER_RUNTIME_DIR}secmod-cs/clients
 
 # Where should the security module store its own private key?
 SM_PRIV_KEY = ${TALER_EXCHANGE_DATA_HOME}secmod-cs/secmod-private-key
 
 
 [taler-exchange-secmod-rsa]
 
 # How long should generated coins overlap in their validity
 # periods. Should be long enough to avoid problems with
 # wallets picking one key and then due to network latency
 # another key being valid.  The DURATION_WITHDRAW period
 # must be longer than this value.
 OVERLAP_DURATION = 0 m
 
 # Where do we store the generated private keys.
 KEY_DIR = ${TALER_EXCHANGE_DATA_HOME}secmod-rsa/keys
 
 # Where does the helper listen for requests?
 UNIXPATH = ${TALER_RUNTIME_DIR}secmod-rsa/server.sock
 
 # Directory for clients.
 CLIENT_DIR = ${TALER_RUNTIME_DIR}secmod-rsa/clients
 
 # Where should the security module store its own private key?
 SM_PRIV_KEY = ${TALER_EXCHANGE_DATA_HOME}secmod-rsa/secmod-private-key
 
 # Round down anchor key start date to multiples of this time.
 ANCHOR_ROUND = 1 ms
 
 [taler-exchange-secmod-eddsa]
 
 # How long should generated coins overlap in their validity
 # periods. Should be long enough to avoid problems with
 # wallets picking one key and then due to network latency
 # another key being valid.  The DURATION_WITHDRAW period
 # must be longer than this value.
 OVERLAP_DURATION = 5m
 
 # Where do we store the private keys.
 KEY_DIR = ${TALER_EXCHANGE_DATA_HOME}secmod-eddsa/keys
 
 # Where does the helper listen for requests?
 UNIXPATH = ${TALER_RUNTIME_DIR}secmod-eddsa/server.sock
 
 # Directory for clients.
 CLIENT_DIR = ${TALER_RUNTIME_DIR}secmod-eddsa/clients
 
 # Where should the security module store its own private key?
 SM_PRIV_KEY = ${TALER_EXCHANGE_DATA_HOME}secmod-eddsa/secmod-private-key
 
 # For how long are signing keys valid?
 DURATION = 12 weeks
 
 [kyc-provider-test-oauth2]
 LOGIC = oauth2
 KYC_OAUTH2_VALIDITY = forever
 KYC_OAUTH2_TOKEN_URL = http://localhost:6666/oauth/v2/token
 KYC_OAUTH2_AUTHORIZE_URL = http://localhost:6666/oauth/v2/login
 KYC_OAUTH2_INFO_URL = http://localhost:6666/api/user/me
 KYC_OAUTH2_CLIENT_ID = taler-exchange
 KYC_OAUTH2_CLIENT_SECRET = exchange-secret
 KYC_OAUTH2_POST_URL = http://example.com/
 KYC_OAUTH2_CONVERTER_HELPER = taler-exchange-kyc-oauth2-test-converter.sh
 
 [kyc-check-oauth-test-id]
 VOLUNTARY = NO
 # We use an external provider
 TYPE = LINK
 DESCRIPTION = "Oauth2 dummy authentication"
 DESCRIPTION_I18N = {}
 # No context requirements
 REQUIRES =
 # Measure to execute if check failed.
 FALLBACK = manual-freeze
 # This check runs on oauth2
 PROVIDER_ID = test-oauth2
 # Outputs from this check
 OUTPUTS = FULL_NAME DATE_OF_BIRTH
 
 
 [kyc-check-test-form]
 VOLUNTARY = NO
 # We use an external provider
 TYPE = FORM
 DESCRIPTION = "Test form"
 DESCRIPTION_I18N = {}
 # No context requirements
 REQUIRES =
 # Measure to execute if check failed.
 FALLBACK = manual-freeze
 # This check runs on oauth2
 FORM_NAME = full_name_and_birthdate
 # Outputs from this check
 OUTPUTS = FULL_NAME DATE_OF_BIRTH
 
 
 # This is the "default" setting for an account if
 # it has not yet triggered anything.
 [kyc-check-default]
 VOLUNTARY = NO
 TYPE = INFO
 DESCRIPTION = "Your account is operating normally"
 DESCRIPTION_I18N = {}
 # No context requirements
 REQUIRES =
 # Measure to execute if check failed. Well,
 # this check cannot really fail, but the
 # conservative answer is to freeze.
 FALLBACK = manual-freeze
 
 # If this "check" is triggered, we merely inform
 # the user that their account has been frozen. The
 # user cannot proceed manually.
 [kyc-check-info-frozen]
 VOLUNTARY = NO
 TYPE = INFO
 DESCRIPTION = "Your account is frozen pending investigation"
 DESCRIPTION_I18N = {}
 # No context requirements
 REQUIRES =
 # Measure to execute if check failed. Well,
 # this check cannot really fail, but we stay
 # where we are: frozen.
 FALLBACK = manual-freeze
 
 [kyc-measure-info-frozen]
 CHECK_NAME = info-frozen
 # No context
 CONTEXT = {}
 # Command if INFO check will never be run.
 PROGRAM = none
 
 # If this "check" is triggered, we merely inform
 # the user that we got their oauth-test data on file.
 [kyc-check-info-oauth-test-passed]
 VOLUNTARY = NO
 TYPE = INFO
 DESCRIPTION = "You passed the OAuth2 check. Thank you."
 DESCRIPTION_I18N = {}
 # No context requirements
 REQUIRES =
 # Measure to execute if check failed. Well,
 # this check cannot really fail, but we stay
 # where we are: frozen.
 FALLBACK = manual-freeze
 
 
 [kyc-measure-info-oauth-test-passed]
 CHECK_NAME = info-oauth-test-passed
 # No context
 CONTEXT = {}
 # Command if INFO check will never be run.
 PROGRAM = none
 
 [aml-program-none]
 DESCRIPTION = "Dummy AML program used for INFO checks, always fails"
 COMMAND = taler-exchange-helper-measure-none
 FALLBACK = manual-freeze
 
 [aml-program-freeze]
 DESCRIPTION = "Freeze the account"
 COMMAND = taler-exchange-helper-measure-freeze
 FALLBACK = manual-freeze
 
 [aml-program-oauth-output-check]
 DESCRIPTION = "Validates the output from OAauth2 and then increases all limits to EUR:1000"
 # Command that runs on the output of the OAuth provider
 # to decide what rules should apply next.
 COMMAND = taler-exchange-helper-measure-test-oauth
 # What measure to take if the COMMAND failed.
 FALLBACK = manual-freeze
 
 
 [aml-program-test-form-check]
 DESCRIPTION = "Validates the output from the test-form and then increases all limits to EUR:1000"
 # Command that runs on the output of the form
 # to decide what rules should apply next.
 COMMAND = taler-exchange-helper-measure-test-form
 # What measure to take if the COMMAND failed.
 FALLBACK = manual-freeze
 
 
 [kyc-measure-run-oauth]
 # Get client ID via the OAuth test provider
 CHECK_NAME = oauth-test-id
 # AML program to run on the output of the OAuth provider
 # to decide what rules should apply next.
 PROGRAM = oauth-output-check
 # Context to provide for check and program; empty.
 CONTEXT = {}
 
 # This is a base-measure that is being triggered
 # whenever something goes wrong. We freeze the
 # account and ask AML staff to investigate.
 [kyc-measure-manual-freeze]
 CHECK_NAME = skip
 # AML program that freezes the account and flags
 # it for investigation.
 PROGRAM = freeze
 # Context to provide for check and program; empty.
 CONTEXT = {}
 
 # This rule requests that the users passes KYC
 # when closing the reserve.
 [kyc-rule-close]
 ENABLED = YES
 # This is a public rule.
 EXPOSED = YES
 # All checks listed must be done (well, there is only one...)
 IS_AND_COMBINATOR = YES
 # This happens if the reserve is closed.
 OPERATION_TYPE = CLOSE
 # Threshold is 0, so any amount.
 THRESHOLD = EUR:0
 # Timeframe doesn't exactly matter with a threshold of EUR:0.
 TIMEFRAME = 1d
 # If the rule is triggered, ask the user to provide
 # personal data via OAuth2
 NEXT_MEASURES = run-oauth