diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-11-03 21:28:52 +0100 | 
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-11-03 21:28:52 +0100 | 
| commit | ebc8ae68bee955d8df658afac85c9a0cbea716d0 (patch) | |
| tree | 19c8aa82affcd5fe098d72226ab87b51728249eb | |
| parent | a57080651d9666c8d3d2acc8e872178b7022a7b0 (diff) | |
implement taler-auditor-exchange
| -rw-r--r-- | doc/Makefile.am | 1 | ||||
| -rw-r--r-- | doc/taler-auditor-exchange.1 | 34 | ||||
| -rw-r--r-- | doc/taler-auditor-sign.1 | 4 | ||||
| -rw-r--r-- | src/auditor/.gitignore | 1 | ||||
| -rw-r--r-- | src/auditor/Makefile.am | 10 | ||||
| -rw-r--r-- | src/auditor/taler-auditor-exchange.c | 169 | ||||
| -rw-r--r-- | src/auditor/taler-auditor-sign.c | 14 | 
7 files changed, 225 insertions, 8 deletions
| diff --git a/doc/Makefile.am b/doc/Makefile.am index b3c52716..09793ddc 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -4,6 +4,7 @@ SUBDIRS = .  man_MANS = \    taler-auditor.1 \ +  taler-auditor-exchange.1 \    taler-auditor-sign.1 \    taler-bank-transfer.1 \    taler-config-generate.1 \ diff --git a/doc/taler-auditor-exchange.1 b/doc/taler-auditor-exchange.1 new file mode 100644 index 00000000..c26cad7d --- /dev/null +++ b/doc/taler-auditor-exchange.1 @@ -0,0 +1,34 @@ +.TH TALER\-AUDITOR\-EXCHANGE 1 "Nov 3, 2018" "GNU Taler" + +.SH NAME +taler\-auditor\-exchange \- add or remove exchange from auditor's list + +.SH SYNOPSIS +.B taler\-auditor\-exchange [--remove] -m EXCHANGE_KEY -u EXCHANGE_URL +.RI [ options ] +.br + +.SH DESCRIPTION +\fBtaler\-auditor\-exchange\fP is a command line tool to be used by an auditor to add or remove an exchange from the list of exchange's audited by the auditor.  You must add an exchange to that list before signing denomination keys with taler\-auditor\-sign or trying to audit it with taler\-auditor or taler\-wire\-auditor.  Afterwards the exchange will be visible via the /exchanges API of the taler\-auditor\-httpd. + +.SH OPTIONS +.B +.IP "\-m MASTERKEY,  \-\-exchange-key=MASTERKEY" +Public key of the exchange in Crockford base32 encoding, for example as generated by gnunet\-ecc \-p. +.B +.IP "\-h, \-\-help" +Print short help on options. +.B +.IP "\-u URL,  \-\-auditor-url=URL" +URL of the exchange. The exchange's HTTP API must be available at this address. +.B +.IP "\-r,  \-\-remove" +Instead of adding the exchange, remove it. Note that this will drop ALL data associated with that exchange, including existing auditing information.  So use with extreme care! + +.SH BUGS +We should optionally verify the correctness of this exchange's base URL and that it matches the master public key (note that the exchange may still be offline, so it should be possible to bypass such a verfication step).  Furthermore, if we do verification, as a (less secure) convenience option, we should make \-m optional and obtain it from the base URL. + +Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org> + +.SH "SEE ALSO" +\fBtaler\-auditor\-sign\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5) diff --git a/doc/taler-auditor-sign.1 b/doc/taler-auditor-sign.1 index f0f90a5b..e5883dbc 100644 --- a/doc/taler-auditor-sign.1 +++ b/doc/taler-auditor-sign.1 @@ -11,6 +11,8 @@ taler\-auditor\-sign \- Sign exchange denomination as auditor.  .SH DESCRIPTION  \fBtaler\-auditor\-sign\fP is a command line tool to be used by an auditor to sign that he is aware of certain keys being used by a exchange.  Using this signature, the auditor affirms that he will verify that the exchange is properly accounting for those coins. +The exchange for which keys were signed must have been added to the auditor using taler\-auditor\-exchange first! +  .SH OPTIONS  .B  .IP "\-a FILE,  \-\-auditor-key=FILE" @@ -35,4 +37,4 @@ File where the auditor should write the EdDSA signature.  Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>  .SH "SEE ALSO" -\fBtaler\-exchange\-keyup\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5) +\fBtaler\-auditor\-exchange\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5) diff --git a/src/auditor/.gitignore b/src/auditor/.gitignore index d6cf77f8..d92c3a3f 100644 --- a/src/auditor/.gitignore +++ b/src/auditor/.gitignore @@ -1 +1,2 @@  taler-auditor-httpd +taler-auditor-exchange diff --git a/src/auditor/Makefile.am b/src/auditor/Makefile.am index e98ffefb..4da58297 100644 --- a/src/auditor/Makefile.am +++ b/src/auditor/Makefile.am @@ -13,6 +13,7 @@ pkgcfg_DATA = \  bin_PROGRAMS = \    taler-auditor \ +  taler-auditor-exchange \    taler-auditor-httpd \    taler-wire-auditor \    taler-auditor-sign \ @@ -89,6 +90,15 @@ taler_auditor_sign_LDADD = \    -lgnunetutil $(XLIB) +taler_auditor_exchange_SOURCES = \ +  taler-auditor-exchange.c +taler_auditor_exchange_LDADD = \ +  $(LIBGCRYPT_LIBS) \ +  $(top_builddir)/src/util/libtalerutil.la \ +  $(top_builddir)/src/auditordb/libtalerauditordb.la \ +  -lgnunetutil $(XLIB) + +  EXTRA_DIST = \    auditor.conf diff --git a/src/auditor/taler-auditor-exchange.c b/src/auditor/taler-auditor-exchange.c new file mode 100644 index 00000000..b316f602 --- /dev/null +++ b/src/auditor/taler-auditor-exchange.c @@ -0,0 +1,169 @@ +/* +  This file is part of TALER +  Copyright (C) 2014, 2015, 2018 GNUnet e.V. + +  TALER is free software; you can redistribute it and/or modify it under the +  terms of the GNU General Public License as published by the Free Software +  Foundation; either version 3, or (at your option) any later version. + +  TALER is distributed in the hope that it will be useful, but WITHOUT ANY +  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR +  A PARTICULAR PURPOSE.  See the GNU General Public License for more details. + +  You should have received a copy of the GNU General Public License along with +  TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-auditor-exchange.c + * @brief Tool used by the auditor to add or remove the exchange's master key + *        to its database. + * @author Christian Grothoff + */ +#include <platform.h> +#include "taler_exchangedb_lib.h" +#include "taler_auditordb_lib.h" + + +/** + * URL of the exchange. + */ +static char *exchange_url; + +/** + * Master public key of the exchange. + */ +static struct TALER_MasterPublicKeyP master_public_key; + +/** + * Our configuration. + */ +static struct GNUNET_CONFIGURATION_Handle *cfg; + +/** + * Handle to access the auditor's database. + */ +static struct TALER_AUDITORDB_Plugin *adb; + +/** + * -r option given. + */ +static int remove_flag; + + +/** + * The main function of the taler-auditor-exchange tool.  This tool is used + * to add (or remove) an exchange's master key and base URL to the auditor's + * database. + * + * @param argc number of arguments from the command line + * @param argv command line arguments + * @return 0 ok, 1 on error + */ +int +main (int argc, +      char *const *argv) +{ +  char *cfgfile = NULL; +  const struct GNUNET_GETOPT_CommandLineOption options[] = { +    GNUNET_GETOPT_option_cfgfile (&cfgfile), +    GNUNET_GETOPT_option_help ("Add or remove exchange to list of audited exchanges"), +    GNUNET_GETOPT_option_mandatory +    (GNUNET_GETOPT_option_base32_auto ('m', +                                       "exchange-key", +                                       "KEY", +                                       "public key of the exchange (Crockford base32 encoded)", +                                       &master_public_key)), +    GNUNET_GETOPT_option_mandatory +    (GNUNET_GETOPT_option_string ('u', +                                  "exchange-url", +                                  "URL", +                                  "base URL of the exchange", +                                  &exchange_url)), +    GNUNET_GETOPT_option_flag ('r', +                               "remove", +                               "remove the exchange's key (default is to add)", +                               &remove_flag), +    GNUNET_GETOPT_option_version (VERSION "-" VCS_VERSION), +    GNUNET_GETOPT_OPTION_END +  }; + +  GNUNET_assert (GNUNET_OK == +                 GNUNET_log_setup ("taler-auditor-exchange", +                                   "WARNING", +                                   NULL)); +  if (GNUNET_GETOPT_run ("taler-auditor-exchange", +                         options, +                         argc, argv) < 0) +    return 1; +  cfg = GNUNET_CONFIGURATION_create (); +  if (GNUNET_SYSERR == +      GNUNET_CONFIGURATION_load (cfg, +                                 cfgfile)) +  { +    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, +                _("Malformed configuration file `%s', exit ...\n"), +                cfgfile); +    GNUNET_free_non_null (cfgfile); +    return 1; +  } +  GNUNET_free_non_null (cfgfile); + +  if (NULL == +      (adb = TALER_AUDITORDB_plugin_load (cfg))) +  { +    fprintf (stderr, +             "Failed to initialize auditor database plugin.\n"); +    return 3; +  } + +  /* Create required tables */ +  if (GNUNET_OK != +      adb->create_tables (adb->cls)) +  { +    fprintf (stderr, +             "Failed to create tables in auditor's database\n"); +    TALER_AUDITORDB_plugin_unload (adb); +    return 3; +  } + +  /* Update DB */ +  { +    enum GNUNET_DB_QueryStatus qs; +    struct TALER_AUDITORDB_Session *session; + +    session = adb->get_session (adb->cls); +    if (NULL == session) +    { +      fprintf (stderr, +	       "Failed to initialize database session\n"); +      TALER_AUDITORDB_plugin_unload (adb); +      return 3; +    } + +    if (remove_flag) +    { +      qs = adb->delete_exchange (adb->cls, +                                 session, +                                 &master_public_key); +    } +    else +    { +      qs = adb->insert_exchange (adb->cls, +                                 session, +                                 &master_public_key, +                                 exchange_url); +    } +    if (0 > qs) +    { +      fprintf (stderr, +               "Failed to update auditor DB (%d)\n", +               qs); +      TALER_AUDITORDB_plugin_unload (adb); +      return 3; +    } +  } +  TALER_AUDITORDB_plugin_unload (adb); +  return 0; +} + +/* end of taler-auditor-exchange.c */ diff --git a/src/auditor/taler-auditor-sign.c b/src/auditor/taler-auditor-sign.c index 964480a6..e3453713 100644 --- a/src/auditor/taler-auditor-sign.c +++ b/src/auditor/taler-auditor-sign.c @@ -1,6 +1,6 @@  /*    This file is part of TALER -  Copyright (C) 2014, 2015 GNUnet e.V. +  Copyright (C) 2014, 2015, 2018 GNUnet e.V.    TALER is free software; you can redistribute it and/or modify it under the    terms of the GNU General Public License as published by the Free Software @@ -151,13 +151,13 @@ main (int argc,                                     "file containing the private key of the auditor",                                     &auditor_key_file),      GNUNET_GETOPT_option_cfgfile (&cfgfile), -    GNUNET_GETOPT_option_help ("Private key of the auditor to use for signing"), +    GNUNET_GETOPT_option_help ("Sign denomination keys of an exchange"),      GNUNET_GETOPT_option_mandatory      (GNUNET_GETOPT_option_base32_auto ('m', -                                           "exchange-key", -                                           "KEY", -                                           "public key of the exchange (Crockford base32 encoded)", -                                           &master_public_key)), +                                       "exchange-key", +                                       "KEY", +                                       "public key of the exchange (Crockford base32 encoded)", +                                       &master_public_key)),      GNUNET_GETOPT_option_string ('u',                                   "auditor-url",                                   "URL", @@ -398,7 +398,7 @@ main (int argc,        if (0 > qs)        {  	fprintf (stderr, -		 "Failed to store key in auditor DB\n"); +		 "Failed to store key in auditor DB (did you add the exchange first?)\n");  	TALER_AUDITORDB_plugin_unload (adb);  	GNUNET_free (dks);  	GNUNET_free (sigs); | 
