diff options
| author | Özgür Kesim <oec-taler@kesim.org> | 2022-06-27 17:38:11 +0200 | 
|---|---|---|
| committer | Özgür Kesim <oec-taler@kesim.org> | 2022-06-27 17:38:11 +0200 | 
| commit | cddfaf007f4ac22e224f3df5f0151a0d620fb131 (patch) | |
| tree | 691801af8cce13e8c4fd1adb3c53606a5e7c57fb /src/exchange/taler-exchange-httpd_purses_create.c | |
| parent | 87025cfd178780f2e928019163ce81c1b7675c57 (diff) | |
age commitment: json parser helper and support for purses added
Diffstat (limited to 'src/exchange/taler-exchange-httpd_purses_create.c')
| -rw-r--r-- | src/exchange/taler-exchange-httpd_purses_create.c | 57 | 
1 files changed, 53 insertions, 4 deletions
| diff --git a/src/exchange/taler-exchange-httpd_purses_create.c b/src/exchange/taler-exchange-httpd_purses_create.c index a981ba58..2c803234 100644 --- a/src/exchange/taler-exchange-httpd_purses_create.c +++ b/src/exchange/taler-exchange-httpd_purses_create.c @@ -456,6 +456,10 @@ parse_coin (struct MHD_Connection *connection,              struct Coin *coin,              const json_t *jcoin)  { +  struct TALER_AgeAttestation attest = {0}; +  bool no_attest = true; +  struct TALER_AgeCommitment age_commitment = {0}; +  bool no_age_commitment = true;    struct GNUNET_JSON_Specification spec[] = {      TALER_JSON_spec_amount ("amount",                              TEH_currency, @@ -465,10 +469,13 @@ parse_coin (struct MHD_Connection *connection,      TALER_JSON_spec_denom_sig ("ub_sig",                                 &coin->cpi.denom_sig),      GNUNET_JSON_spec_mark_optional ( -      GNUNET_JSON_spec_fixed_auto ("h_age_commitment", -                                   &coin->cpi.h_age_commitment), -      &coin->cpi.no_age_commitment), -    // FIXME-Oec: proof of age is missing. +      GNUNET_JSON_spec_fixed_auto ("attest", +                                   &attest), +      &no_attest), +    GNUNET_JSON_spec_mark_optional ( +      TALER_JSON_spec_age_commitment ("age_commitment", +                                      &age_commitment), +      &no_age_commitment),      GNUNET_JSON_spec_fixed_auto ("coin_sig",                                   &coin->coin_sig),      GNUNET_JSON_spec_fixed_auto ("coin_pub", @@ -591,6 +598,48 @@ parse_coin (struct MHD_Connection *connection,                     TALER_amount_subtract (&coin->amount_minus_fee,                                            &coin->amount,                                            &coin->deposit_fee)); + +    // Check and verify the age restriction.  Needs to happen before +    // coin-signature check, because we set the h_age_commitment here. +    { +      if (no_attest != no_age_commitment) + +      { +        GNUNET_break (0); +        return TALER_MHD_reply_with_error (connection, +                                           MHD_HTTP_BAD_REQUEST, +                                           /* FIXME: other error code? */ +                                           TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_AGE_HASH, +                                           "mismatch of attest and age_commitment"); +      } + +      if (! no_age_commitment) +      { +        // attestation must be valid. +        if (GNUNET_OK != +            TALER_age_commitment_verify ( +              &age_commitment, +              pcc->min_age, +              &attest)) +        { +          GNUNET_break (0); +          return TALER_MHD_reply_with_error (connection, +                                             MHD_HTTP_BAD_REQUEST, +                                             /* FIXME: other error code? */ +                                             TALER_EC_EXCHANGE_GENERIC_COIN_CONFLICTING_AGE_HASH, +                                             "invalid attest for minimum age"); +        } + +        // Save the hash of the age commitment in the coin's public info, so we +        // can verify the signature later. +        TALER_age_commitment_hash (&age_commitment, +                                   &coin->cpi.h_age_commitment); +        coin->cpi.no_age_commitment = false; + +      } +    } + +      /* check coin signature */      switch (dk->denom_pub.cipher)      { | 
