1 files changed, 45 insertions, 14 deletions

diff --git a/cmd/taler-auditor-offline-signing/main.go b/cmd/taler-auditor-offline-signing/main.go
index fdb632a..b4e0384 100644
--- a/cmd/taler-auditor-offline-signing/main.go
+++ b/cmd/taler-auditor-offline-signing/main.go
@@ -86,19 +86,35 @@ type Auditor struct {
 	} `json:"denomination_keys"`
 }
 
-func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (e error) {
+var zeroes = [32]byte{0}
 
-	for _, au := range in.Arguments.Auditors {
+func (in *Input) checkAuditor(url string, local EdDSAPublicKey) (skip map[SHA512Hash]bool, e error) {
+	var idx = -1
+
+	for i, au := range in.Arguments.Auditors {
 		if au.AuditorUrl == url && au.AuditorPub.Equal(ed25519.PublicKey(local)) {
-			return nil
+			idx = i
+			break
 		} else if au.AuditorUrl == url {
-			return fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub)
+			return nil, fmt.Errorf("Public key mismatch for auditor %q! Local: %s, JSON: %s\n", url, local, au.AuditorPub)
 		} else if au.AuditorPub.Equal(ed25519.PublicKey(local)) {
-			return fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl)
+			return nil, fmt.Errorf("URL mismatch auditor with pub-key %s! Local: %v, JSON: %v\n", au.AuditorPub, url, au.AuditorUrl)
+		}
+	}
+
+	if idx == -1 {
+		return nil, fmt.Errorf("No such auditor found!  URL: %q, PubKey: %v\n", url, local)
+	}
+
+	skip = make(map[SHA512Hash]bool)
+	for _, key := range in.Arguments.Auditors[idx].DenominationKeys {
+		if !bytes.Equal(zeroes[:], key.AuditorSig.R) {
+			// ignore this denom in output, as it has been signed already.
+			skip[key.DenomPubH] = true
 		}
 	}
 
-	return fmt.Errorf("No such auditor found!  URL: %q, PubKey: %v\n", url, local)
+	return skip, nil
 }
 
 type AbsoluteTime struct {
@@ -505,6 +521,14 @@ func (h *SHA512Hash) MarshalJSON() ([]byte, error) {
 	return b, nil
 }
 
+func (h SHA512Hash) String() string {
+	enc, err := crockfordEncode(h[:])
+	if err != nil {
+		fmt.Sprintf("[error encoding: %e] %v", err, h[:])
+	}
+	return string(enc)
+}
+
 func Verify(denom *DenomKey, master *EdDSAPublicKey, sig []byte) bool {
 	const TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY = 1025
 	/*
@@ -645,18 +669,24 @@ func SignDenom(denom *DenomKey, ahash SHA512Hash, master *EdDSAPublicKey, pk *ed
 	return hash, EdDSASignature{R: sig[:32], S: sig[32:]}
 }
 
-func Sign(input *Input, url string, pk ed25519.PrivateKey) ([]SignOperation, error) {
+func Sign(input *Input, skip map[SHA512Hash]bool, url string, pk ed25519.PrivateKey) ([]SignOperation, error) {
 
-	output := make([]SignOperation, len(input.Arguments.Denoms))
+	output := []SignOperation{}
 	for i, denom := range input.Arguments.Denoms {
 		if !Verify(&denom, &input.Arguments.MasterPublicKey, denom.MasterSig.BinaryMarshal()) {
 			return nil, fmt.Errorf("couldn verify denomination no. %d: %v", i+1, denom.DenomPub)
 		}
-		output[i].Operation = "auditor-sign-denomination-0"
-
 		hash, sig := SignDenom(&denom, sha512.Sum512(append([]byte(url), 0)), &input.Arguments.MasterPublicKey, &pk)
-		output[i].Arguments.HDenomPub = hash
-		output[i].Arguments.AuditorSig = sig
+
+		if skip[hash] {
+			log.Printf("Skipping denom_pub_h %q as it has been already signed\n", hash)
+			continue
+		}
+
+		o := SignOperation{Operation: "auditor-sign-denomination-0"}
+		o.Arguments.HDenomPub = hash
+		o.Arguments.AuditorSig = sig
+		output = append(output, o)
 	}
 
 	return output, nil
@@ -719,12 +749,13 @@ func main() {
 			log.Fatal(e)
 		}
 
-		e = input.checkAuditor(*url, EdDSAPublicKey(pub))
+		var skip map[SHA512Hash]bool
+		skip, e = input.checkAuditor(*url, EdDSAPublicKey(pub))
 		if e != nil {
 			log.Fatal(e)
 		}
 
-		output, err := Sign(input, *url, pk)
+		output, err := Sign(input, skip, *url, pk)
 		if err != nil {
 			log.Fatalf("error signing: %v", err)
 		}