wallet/src/commonMain/kotlin/net/taler/wallet/kotlin/crypto/Recoup.kt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

/*
 * This file is part of GNU Taler
 * (C) 2020 Taler Systems S.A.
 *
 * GNU Taler is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 3, or (at your option) any later version.
 *
 * GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 * A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */

package net.taler.wallet.kotlin.crypto

import net.taler.wallet.kotlin.Base32Crockford
import net.taler.wallet.kotlin.CoinRecord
import net.taler.wallet.kotlin.CoinSourceType.REFRESH
import net.taler.wallet.kotlin.crypto.Signature.Companion.WALLET_COIN_RECOUP

internal class Recoup(private val crypto: Crypto) {

    /**
     * Request that we send to the exchange to get a payback.
     */
    data class Request(
        /**
         * Hashed denomination public key of the coin we want to get
         * paid back.
         */
        val denomPubHash: String,

        /**
         * Signature over the coin public key by the denomination.
         */
        val denomSig: String,

        /**
         * Coin public key of the coin we want to refund.
         */
        val coinPub: String,

        /**
         * Blinding key that was used during withdraw,
         * used to prove that we were actually withdrawing the coin.
         */
        val coinBlindKeySecret: String,

        /**
         * Signature made by the coin, authorizing the payback.
         */
        val coinSig: String,

        /**
         * Was the coin refreshed (and thus the recoup should go to the old coin)?
         */
        val refreshed: Boolean
    )

    /**
     * Create and sign a message to recoup a coin.
     */
    fun createRequest(coin: CoinRecord): Request {
        val p = Signature.PurposeBuilder(WALLET_COIN_RECOUP)
            .put(Base32Crockford.decode(coin.coinPub))
            .put(Base32Crockford.decode(coin.denomPubHash))
            .put(Base32Crockford.decode(coin.blindingKey))
            .build()
        val coinSig = crypto.eddsaSign(p, Base32Crockford.decode(coin.coinPriv))
        return Request(
            coinBlindKeySecret = coin.blindingKey,
            coinPub = coin.coinPub,
            coinSig = Base32Crockford.encode(coinSig),
            denomPubHash = coin.denomPubHash,
            denomSig = coin.denomSig,
            refreshed = coin.coinSource === REFRESH
        )
    }

}