commit 6466a9909e7de186cef7aa0b70694d3c75db2c79
parent 6f4486ffac5db888832e125ab4a9fbd673b69369
Author: Christian Blättler <blatc2@bfh.ch>
Date: Thu, 6 Jun 2024 15:03:44 +0200
check validity period of token issue key
Diffstat:
2 files changed, 57 insertions(+), 7 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_post-orders-ID-pay.c b/src/backend/taler-merchant-httpd_post-orders-ID-pay.c
@@ -2082,14 +2082,14 @@ phase_execute_pay_transaction (struct PayContext *pc)
"insert used token"));
return;
}
- else if (0 == qs)
+ else if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{
- /* UNIQUE constreaint violation --> Token already used. */
+ /* UNIQUE constraint violation, meaining this token was already used. */
pay_end (pc,
TALER_MHD_reply_with_error (pc->connection,
MHD_HTTP_CONFLICT,
TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_TOKEN_INVALID,
- "tokens"));
+ NULL));
return;
}
}
@@ -2468,10 +2468,11 @@ phase_validate_tokens (struct PayContext *pc)
selected = pc->choices[pc->choice_index];
/* 1. Iterate over inputs of selected choice:
- 1.1. Get public key for each input lookup_token_key (slug, valid_after).
- 1.2. Iterate over provided tokens and check if required number with matching h_issue are present.
- 1.3. Validate ub_sig with the issue public key, validate token_sig using the token_pub key of the request.
- 1.4. Sum up validated tokens and check if validated_len == tokens_cnt after loop. */
+ 1.1. Get key for each input.
+ 1.2. Check if token signed by this key are valid at the current time.
+ 1.3. Iterate over provided tokens and check if required number with matching h_issue are present.
+ 1.4. Validate ub_sig with the issue public key, validate token_sig using the token_pub key of the request.
+ 1.5. Sum up validated tokens and check if validated_len == tokens_cnt after loop. */
for (unsigned int i = 0; i<selected.inputs_len; i++)
{
struct TALER_MerchantContractInput input = selected.inputs[i];
@@ -2484,6 +2485,7 @@ phase_validate_tokens (struct PayContext *pc)
continue;
}
+ /* TODO: Replace this with ordering convention. */
if (GNUNET_OK != TMH_find_token_family_key (input.details.token.token_family_slug,
input.details.token.valid_after,
pc->token_families,
@@ -2502,6 +2504,26 @@ phase_validate_tokens (struct PayContext *pc)
return;
}
+ struct GNUNET_TIME_Timestamp now = GNUNET_TIME_timestamp_get ();
+
+ /* Ensure tokens signed by this key are valid at the current time. */
+ if (GNUNET_TIME_timestamp_cmp (key.valid_after, >, now) ||
+ GNUNET_TIME_timestamp_cmp (key.valid_before, <=, now))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Token family key validity period from %s to %s "
+ "is not valid at the current time\n",
+ GNUNET_TIME_timestamp2s (key.valid_after),
+ GNUNET_TIME_timestamp2s (key.valid_before));
+ GNUNET_break (0);
+ pay_end (pc,
+ TALER_MHD_reply_with_error (pc->connection,
+ MHD_HTTP_CONFLICT,
+ TALER_EC_MERCHANT_POST_ORDERS_ID_PAY_TOKEN_INVALID,
+ NULL));
+ return;
+ }
+
if (GNUNET_NO == find_valid_input_tokens (pc,
&key,
input.details.token.count))
diff --git a/src/testing/test_merchant_api.c b/src/testing/test_merchant_api.c
@@ -1682,6 +1682,34 @@ run (void *cls,
"EUR:5",
0,
MHD_HTTP_OK),
+ TALER_TESTING_cmd_merchant_post_tokenfamilies ("create-upcoming-tokenfamily",
+ merchant_url,
+ MHD_HTTP_NO_CONTENT,
+ "subscription-upcoming",
+ "Upcoming Subscription",
+ "An upcoming subscription that is not valid yet.",
+ NULL,
+ /* In one day */
+ GNUNET_TIME_absolute_to_timestamp(
+ GNUNET_TIME_absolute_add (
+ GNUNET_TIME_timestamp_get ().abs_time, GNUNET_TIME_UNIT_DAYS)),
+ /* In a year */
+ GNUNET_TIME_absolute_to_timestamp(
+ GNUNET_TIME_absolute_add (
+ GNUNET_TIME_timestamp_get ().abs_time, GNUNET_TIME_UNIT_YEARS)),
+ GNUNET_TIME_UNIT_MONTHS,
+ "subscription"),
+ TALER_TESTING_cmd_merchant_post_orders_choices ("create-order-with-upcoming-output",
+ cred.cfg,
+ merchant_url,
+ MHD_HTTP_CONFLICT,
+ "create-upcoming-tokenfamily",
+ 0,
+ 1,
+ "5-upcoming-output",
+ GNUNET_TIME_UNIT_ZERO_TS,
+ GNUNET_TIME_UNIT_FOREVER_TS,
+ "EUR:5.0"),
TALER_TESTING_cmd_merchant_post_tokenfamilies ("create-tokenfamily",
merchant_url,
MHD_HTTP_NO_CONTENT,
