-major KYC update, fixes misc. issues

5 files changed, 168 insertions, 83 deletions

diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index dac20d06..9d83bdc7 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -2139,10 +2139,16 @@ struct TALER_EXCHANGE_WithdrawResponse
     struct
     {
       /**
-       * Payment target that the merchant should use
+       * Requirement row that the merchant should use
        * to check for its KYC status.
        */
-      uint64_t legitimization_uuid;
+      uint64_t requirement_row;
+
+      /**
+       * Hash of the payto-URI of the account to KYC;
+       */
+      struct TALER_PaytoHashP h_payto;
+
     } unavailable_for_legal_reasons;
 
     /**
@@ -2255,16 +2261,22 @@ struct TALER_EXCHANGE_BatchWithdrawResponse
     } success;
 
     /**
-     * Details if the status is #MHD_HTTP_ACCEPTED.
+     * Details if the status is #MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS.
      */
     struct
     {
+
       /**
-       * Payment target that the merchant should use
-       * to check for its KYC status.
+       * Hash of the payto-URI of the account to KYC;
        */
-      uint64_t legitimization_uuid;
-    } accepted;
+      struct TALER_PaytoHashP h_payto;
+
+      /**
+       * Legitimization requirement that the merchant should use
+       * to check for its KYC status, 0 if not known.
+       */
+      uint64_t requirement_row;
+    } unavailable_for_legal_reasons;
 
     /**
      * Details if the status is #MHD_HTTP_CONFLICT.
@@ -3073,11 +3085,6 @@ struct TALER_EXCHANGE_GetDepositResponse
        */
       struct TALER_Amount coin_contribution;
 
-      /**
-       * Payment target that the merchant should use
-       * to check for its KYC status.
-       */
-      uint64_t legitimization_uuid;
     } success;
 
     /**
@@ -3092,10 +3099,10 @@ struct TALER_EXCHANGE_GetDepositResponse
       struct GNUNET_TIME_Timestamp execution_time;
 
       /**
-       * Payment target that the merchant should use
-       * to check for its KYC status.
+       * KYC legitimization requirement that the merchant should use to check
+       * for its KYC status.
        */
-      uint64_t legitimization_uuid;
+      uint64_t requirement_row;
 
       /**
        * Set to 'true' if the KYC check is already finished and
@@ -3394,14 +3401,19 @@ struct TALER_EXCHANGE_KycStatus
        */
       struct TALER_ExchangeSignatureP exchange_sig;
 
-    } kyc_ok;
+    } success;
 
-    /**
-     * URL the user should open in a browser if
-     * the KYC process is to be run. Returned if
-     * @e http_status is #MHD_HTTP_ACCEPTED.
-     */
-    const char *kyc_url;
+    struct
+    {
+
+      /**
+       * URL the user should open in a browser if
+       * the KYC process is to be run. Returned if
+       * @e http_status is #MHD_HTTP_ACCEPTED.
+       */
+      const char *kyc_url;
+
+    } accepted;
 
   } details;
 
@@ -3424,7 +3436,7 @@ typedef void
  * of a merchant.
  *
  * @param eh exchange handle to use
- * @param legitimization_uuid number identifying the legitimization process
+ * @param requirement_row number identifying the KYC requirement
  * @param h_payto hash of the payto:// URI at @a payment_target
  * @param ut type of the entity performing the KYC check
  * @param timeout how long to wait for a positive KYC status
@@ -3434,7 +3446,7 @@ typedef void
  */
 struct TALER_EXCHANGE_KycCheckHandle *
 TALER_EXCHANGE_kyc_check (struct TALER_EXCHANGE_Handle *eh,
-                          uint64_t legitimization_uuid,
+                          uint64_t requirement_row,
                           const struct TALER_PaytoHashP *h_payto,
                           enum TALER_KYCLOGIC_KycUserType ut,
                           struct GNUNET_TIME_Relative timeout,
@@ -3553,10 +3565,29 @@ struct TALER_EXCHANGE_WalletKycResponse
   enum TALER_ErrorCode ec;
 
   /**
-   * Wallet's payment target UUID. Only valid if
-   * @e http_status is #MHD_HTTP_OK
+   * Variants depending on @e http_status.
    */
-  uint64_t legitimization_uuid;
+  union
+  {
+
+    /**
+     * In case @e http_status is #MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS.
+     */
+    struct
+    {
+      /**
+       * Wallet's KYC requirement row.
+       */
+      uint64_t requirement_row;
+
+      /**
+       * Hash of the payto-URI identifying the wallet to KYC.
+       */
+      struct TALER_PaytoHashP h_payto;
+
+    } unavailable_for_legal_reasons;
+
+  } details;
 
 };
 
@@ -4879,10 +4910,10 @@ struct TALER_EXCHANGE_AccountMergeResponse
     struct
     {
       /**
-       * Payment target that the merchant should use
+       * Requirement row target that the merchant should use
        * to check for its KYC status.
        */
-      uint64_t legitimization_uuid;
+      uint64_t requirement_row;
     } unavailable_for_legal_reasons;
 
 
@@ -4988,10 +5019,10 @@ struct TALER_EXCHANGE_PurseCreateMergeResponse
     struct
     {
       /**
-       * Payment target that the merchant should use
+       * Requirement row that the merchant should use
        * to check for its KYC status.
        */
-      uint64_t legitimization_uuid;
+      uint64_t requirement_row;
     } unavailable_for_legal_reasons;
 
   } details;
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index ab6158a5..58d319aa 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -2273,15 +2273,14 @@ struct TALER_EXCHANGEDB_CsRevealFreshCoinData
 
 /**
  * Generic KYC status for some operation.
- * @deprecated FIXME - remove with new KYC logic
  */
 struct TALER_EXCHANGEDB_KycStatus
 {
   /**
-   * Number that identifies the KYC target the operation
+   * Number that identifies the KYC requirement the operation
    * was about.
    */
-  uint64_t legitimization_uuid;
+  uint64_t requirement_row;
 
   /**
    * True if the KYC status is "satisfied".
@@ -3667,6 +3666,7 @@ struct TALER_EXCHANGEDB_Plugin
    * @param exchange_account_section exchange account to use
    * @param merchant_pub public key of the merchant
    * @param wtid the raw wire transfer identifier to be used
+   * @param kyc_requirement_row row in legitimization_requirements that need to be satisfied to continue, or 0 for none
    * @param total amount to be wired in the future
    * @return transaction status
    */
@@ -3677,6 +3677,7 @@ struct TALER_EXCHANGEDB_Plugin
     const char *exchange_account_section,
     const struct TALER_MerchantPublicKeyP *merchant_pub,
     const struct TALER_WireTransferIdentifierRawP *wtid,
+    uint64_t kyc_requirement_row,
     const struct TALER_Amount *total);
 
 
@@ -3725,6 +3726,7 @@ struct TALER_EXCHANGEDB_Plugin
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param h_payto destination of the wire transfer
    * @param wtid the raw wire transfer identifier to update
+   * @param kyc_requirement_row row in legitimization_requirements that need to be satisfied to continue, or 0 for none
    * @param total new total amount to be wired in the future
    * @return transaction status
    */
@@ -3733,6 +3735,7 @@ struct TALER_EXCHANGEDB_Plugin
     void *cls,
     const struct TALER_PaytoHashP *h_payto,
     const struct TALER_WireTransferIdentifierRawP *wtid,
+    uint64_t kyc_requirement_row,
     const struct TALER_Amount *total);
 
 
@@ -5583,36 +5586,57 @@ struct TALER_EXCHANGEDB_Plugin
    * Insert KYC requirement for @a h_payto account into table.
    *
    * @param cls closure
-   * @param provider_section provider that must be checked
+   * @param requirements requirements that must be checked
    * @param h_payto account that must be KYC'ed
-   * @param[out] legi_row set to legitimization row for this check
+   * @param[out] requirement_row set to legitimization requirement row for this check
    * @return database transaction status
    */
   enum GNUNET_DB_QueryStatus
   (*insert_kyc_requirement_for_account)(
     void *cls,
-    const char *provider_section,
+    const char *requirements,
     const struct TALER_PaytoHashP *h_payto,
-    uint64_t *legi_row);
+    uint64_t *requirement_row);
 
 
   /**
-   * Update KYC requirement check with provider-linkage and/or
-   * expiration data.
+   * Begin KYC requirement process.
    *
    * @param cls closure
-   * @param legi_row row to select by
-   * @param provider_section provider that must be checked
    * @param h_payto account that must be KYC'ed
+   * @param provider_section provider that must be checked
+   * @param provider_account_id provider account ID
+   * @param provider_legitimization_id provider legitimization ID
+   * @param[out] process_row row the process is stored under
+   * @return database transaction status
+   */
+  enum GNUNET_DB_QueryStatus
+  (*insert_kyc_requirement_process)(
+    void *cls,
+    const struct TALER_PaytoHashP *h_payto,
+    const char *provider_section,
+    const char *provider_account_id,
+    const char *provider_legitimization_id,
+    uint64_t *process_row);
+
+
+  /**
+   * Update KYC process with updated provider-linkage and/or
+   * expiration data.
+   *
+   * @param cls closure
+   * @param process_row row to select by
+   * @param provider_section provider that must be checked (technically redundant)
+   * @param h_payto account that must be KYC'ed (helps access by shard, otherwise also redundant)
    * @param provider_account_id provider account ID
    * @param provider_legitimization_id provider legitimization ID
    * @param expiration how long is this KYC check set to be valid (in the past if invalid)
    * @return database transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*update_kyc_requirement_by_row)(
+  (*update_kyc_process_by_row)(
     void *cls,
-    uint64_t legi_row,
+    uint64_t process_row,
     const char *provider_section,
     const struct TALER_PaytoHashP *h_payto,
     const char *provider_account_id,
@@ -5621,46 +5645,40 @@ struct TALER_EXCHANGEDB_Plugin
 
 
   /**
-   * Lookup KYC provider meta data.
+   * Lookup KYC requirement.
    *
    * @param cls closure
-   * @param legi_row legitimization row to lookup
-   * @param[out] provider_section provider that must be checked
+   * @param legi_row identifies requirement to look up
+   * @param[out] requirements space-separated list of requirements
    * @param[out] h_payto account that must be KYC'ed
-   * @param[out] expiration how long is this KYC check set to be valid (in the past if invalid)
-   * @param[out] provider_account_id provider account ID
-   * @param[out] provider_legitimization_id provider legitimization ID
    * @return database transaction status
    */
   enum GNUNET_DB_QueryStatus
   (*lookup_kyc_requirement_by_row)(
     void *cls,
-    uint64_t legi_row,
-    char **provider_section,
-    struct TALER_PaytoHashP *h_payto,
-    struct GNUNET_TIME_Absolute *expiration,
-    char **provider_account_id,
-    char **provider_legitimization_id);
+    uint64_t requirement_row,
+    char **requirements,
+    struct TALER_PaytoHashP *h_payto);
 
 
   /**
-   * Lookup KYC provider meta data.
+   * Lookup KYC process meta data.
    *
    * @param cls closure
    * @param provider_section provider that must be checked
    * @param h_payto account that must be KYC'ed
-   * @param[out] legi_row row with the legitimization data
+   * @param[out] process_row set to row with the legitimization data
    * @param[out] expiration how long is this KYC check set to be valid (in the past if invalid)
    * @param[out] provider_account_id provider account ID
    * @param[out] provider_legitimization_id provider legitimization ID
    * @return database transaction status
    */
   enum GNUNET_DB_QueryStatus
-  (*lookup_kyc_requirement_by_account)(
+  (*lookup_kyc_process_by_account)(
     void *cls,
     const char *provider_section,
     const struct TALER_PaytoHashP *h_payto,
-    uint64_t *legi_row,
+    uint64_t *process_row,
     struct GNUNET_TIME_Absolute *expiration,
     char **provider_account_id,
     char **provider_legitimization_id);
@@ -5674,7 +5692,7 @@ struct TALER_EXCHANGEDB_Plugin
    * @param provider_section
    * @param provider_legitimization_id legi to look up
    * @param[out] h_payto where to write the result
-   * @param[out] legi_row where to write the row of the entry
+   * @param[out] process_row identifies the legitimization process on our end
    * @return database transaction status
    */
   enum GNUNET_DB_QueryStatus
@@ -5683,7 +5701,7 @@ struct TALER_EXCHANGEDB_Plugin
     const char *provider_section,
     const char *provider_legitimization_id,
     struct TALER_PaytoHashP *h_payto,
-    uint64_t *legi_row);
+    uint64_t *process_row);
 
 
   /**
diff --git a/src/include/taler_kyclogic_lib.h b/src/include/taler_kyclogic_lib.h
index df547c3d..a95c56c7 100644
--- a/src/include/taler_kyclogic_lib.h
+++ b/src/include/taler_kyclogic_lib.h
@@ -194,9 +194,7 @@ typedef enum GNUNET_DB_QueryStatus
 
 
 /**
- * Check if KYC is provided for a particular operation. Returns the best
- * provider (configuration section name) that could perform the required
- * check.
+ * Check if KYC is provided for a particular operation. Returns the set of checks that still need to be satisfied.
  *
  * Called within a database transaction, so must
  * not start a new one.
@@ -211,7 +209,8 @@ typedef enum GNUNET_DB_QueryStatus
  *         amounts involved in this type of operation
  *         at the given account
  * @param ai_cls closure for @a ai
- * @return NULL if no check is needed
+ * @return NULL if no check is needed,
+ *   otherwise space-separated list of required checks
  */
 const char *
 TALER_KYCLOGIC_kyc_test_required (enum TALER_KYCLOGIC_KycTriggerEvent event,
@@ -223,6 +222,23 @@ TALER_KYCLOGIC_kyc_test_required (enum TALER_KYCLOGIC_KycTriggerEvent event,
 
 
 /**
+ * Check if the @a requirements are now satsified for
+ * @a h_payto account.
+ *
+ * @param requirements space-spearated list of requirements
+ * @param h_payto hash over the account
+ * @param ki iterator over satisfied providers
+ * @param ki_cls closure for @a ki
+ * @return true if the KYC check was satisfied
+ */
+bool
+TALER_KYCLOGIC_check_satisfied (const char *requirements,
+                                const struct TALER_PaytoHashP *h_payto,
+                                TALER_KYCLOGIC_KycSatisfiedIterator ki,
+                                void *ki_cls);
+
+
+/**
  * Iterate over all thresholds that are applicable
  * to a particular type of @a event
  *
@@ -269,17 +285,36 @@ TALER_KYCLOGIC_kyc_get_details (
 
 
 /**
- * Obtain the provider logic for a given @a provider_section_name.
+ * Obtain the provider logic for a given set of @a requirments.
+ *
+ * @param requirements space-separated list of required checks
+ * @param ut type of the entity performing the check
+ * @param[out] plugin set to the KYC logic API
+ * @param[out] pd set to the specific operation context
+ * @param[out] configuration_section set to the name of the KYC logic configuration section * @return #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+TALER_KYCLOGIC_requirements_to_logic (const char *requirements,
+                                      enum TALER_KYCLOGIC_KycUserType ut,
+                                      struct TALER_KYCLOGIC_Plugin **plugin,
+                                      struct TALER_KYCLOGIC_ProviderDetails **pd,
+                                      const char **configuration_section);
+
+
+/**
+ * Obtain the provider logic for a given @a name.
  *
- * @param provider_section_name identifies a KYC provider process
+ * @param name name of the logic or provider section
  * @param[out] plugin set to the KYC logic API
  * @param[out] pd set to the specific operation context
+ * @param[out] configuration_section set to the name of the KYC logic configuration section
  * @return #GNUNET_OK on success
  */
 enum GNUNET_GenericReturnValue
-TALER_KYCLOGIC_kyc_get_logic (const char *provider_section_name,
-                              struct TALER_KYCLOGIC_Plugin **plugin,
-                              struct TALER_KYCLOGIC_ProviderDetails **pd);
+TALER_KYCLOGIC_lookup_logic (const char *name,
+                             struct TALER_KYCLOGIC_Plugin **plugin,
+                             struct TALER_KYCLOGIC_ProviderDetails **pd,
+                             const char **configuration_section);
 
 
 #endif
diff --git a/src/include/taler_kyclogic_plugin.h b/src/include/taler_kyclogic_plugin.h
index a4c166ab..8d86078d 100644
--- a/src/include/taler_kyclogic_plugin.h
+++ b/src/include/taler_kyclogic_plugin.h
@@ -180,8 +180,9 @@ typedef void
  * MUST NOT be done by the plugin!
  *
  * @param cls closure
- * @param legi_row legitimization request the webhook was about
+ * @param process_row legitimization process the webhook was about
  * @param account_id account the webhook was about
+ * @param provider_section name of the configuration section of the logic that was run
  * @param provider_user_id set to user ID at the provider, or NULL if not supported or unknown
  * @param provider_legitimization_id set to legitimization process ID at the provider, or NULL if not supported or unknown
  * @param status KYC status
@@ -192,8 +193,9 @@ typedef void
 typedef void
 (*TALER_KYCLOGIC_WebhookCallback)(
   void *cls,
-  uint64_t legi_row,
+  uint64_t process_row,
   const struct TALER_PaytoHashP *account_id,
+  const char *provider_section,
   const char *provider_user_id,
   const char *provider_legitimization_id,
   enum TALER_KYCLOGIC_KycStatus status,
@@ -203,16 +205,15 @@ typedef void
 
 
 /**
- * Function the plugin can use to lookup an
- * @a h_payto by @a provider_legitimization_id.
- * Must match the `kyc_provider_account_lookup`
+ * Function the plugin can use to lookup an @a h_payto by @a
+ * provider_legitimization_id.  Must match the `kyc_provider_account_lookup`
  * of the exchange's database plugin.
  *
  * @param cls closure
  * @param provider_section
  * @param provider_legitimization_id legi to look up
  * @param[out] h_payto where to write the result
- * @param[out] legi_row where to write the row of the entry
+ * @param[out] process_row where to write the row of the entry
  * @return database transaction status
  */
 typedef enum GNUNET_DB_QueryStatus
@@ -221,7 +222,7 @@ typedef enum GNUNET_DB_QueryStatus
   const char *provider_section,
   const char *provider_legitimization_id,
   struct TALER_PaytoHashP *h_payto,
-  uint64_t *legi_row);
+  uint64_t *process_row);
 
 
 /**
@@ -274,7 +275,7 @@ struct TALER_KYCLOGIC_Plugin
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param pd provider configuration details
    * @param account_id which account to trigger process for
-   * @param legitimization_uuid unique ID for the legitimization process
+   * @param process_row unique ID for the legitimization process
    * @param cb function to call with the result
    * @param cb_cls closure for @a cb
    * @return handle to cancel operation early
@@ -283,7 +284,7 @@ struct TALER_KYCLOGIC_Plugin
   (*initiate)(void *cls,
               const struct TALER_KYCLOGIC_ProviderDetails *pd,
               const struct TALER_PaytoHashP *account_id,
-              uint64_t legitimization_uuid,
+              uint64_t process_row,
               TALER_KYCLOGIC_InitiateCallback cb,
               void *cb_cls);
 
@@ -305,7 +306,7 @@ struct TALER_KYCLOGIC_Plugin
    * @param url_path rest of the URL after `/kyc-webhook/$H_PAYTO/$LOGIC`
    * @param connection MHD connection object (for HTTP headers)
    * @param account_id which account to trigger process for
-   * @param legi_row row in the table the legitimization is for
+   * @param process_row row in the legitimization processes table the legitimization is for
    * @param provider_user_id user ID (or NULL) the proof is for
    * @param provider_legitimization_id legitimization ID the proof is for
    * @param cb function to call with the result
@@ -318,7 +319,7 @@ struct TALER_KYCLOGIC_Plugin
            const char *const url_path[],
            struct MHD_Connection *connection,
            const struct TALER_PaytoHashP *account_id,
-           uint64_t legi_row,
+           uint64_t process_row,
            const char *provider_user_id,
            const char *provider_legitimization_id,
            TALER_KYCLOGIC_ProofCallback cb,
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 46338d2b..8137ecc5 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -2796,7 +2796,7 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits,
   op (kyc_url, const char *)                                       \
   op (web_url, const char *)                                       \
   op (row, const uint64_t)                                         \
-  op (legitimization_uuid, const uint64_t)                         \
+  op (legi_requirement_row, const uint64_t)                         \
   op (array_length, const unsigned int)                            \
   op (credit_payto_uri, const char *)                              \
   op (debit_payto_uri, const char *)                               \