diff options
Diffstat (limited to 'src/exchange')
| -rw-r--r-- | src/exchange/taler-exchange-httpd.c | 54 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decision-get.c | 31 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decision.c | 3 | ||||
| -rw-r--r-- | src/exchange/taler-exchange-httpd_aml-decisions-get.c | 25 |
4 files changed, 54 insertions, 59 deletions
diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index 7d83e70c..62bd9a9d 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -488,13 +488,55 @@ handle_get_aml (struct TEH_RequestContext *rc, TALER_EC_EXCHANGE_GENERIC_WRONG_NUMBER_OF_SEGMENTS, "AML GET operations must specify an operation identifier"); } - if (1) // FIXME: check AML officer GET signature! { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_FORBIDDEN, - TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID, - NULL); + const char *sig_hdr; + struct TALER_AmlOfficerSignatureP officer_sig; + + sig_hdr = MHD_lookup_connection_value (rc->connection, + MHD_HEADER_KIND, + TALER_AML_OFFICER_SIGNATURE_HEADER); + if ( (NULL == sig_hdr) || + (GNUNET_OK != + GNUNET_STRINGS_string_to_data (sig_hdr, + strlen (sig_hdr), + &officer_sig, + sizeof (officer_sig))) || + (GNUNET_OK != + TALER_officer_aml_query_verify (&officer_pub, + &officer_sig)) ) + { + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_BAD_REQUEST, + TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID, + sig_hdr); + } + TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; + } + + { + enum GNUNET_DB_QueryStatus qs; + + qs = TEH_plugin->test_aml_officer (TEH_plugin->cls, + &officer_pub); + switch (qs) + { + case GNUNET_DB_STATUS_HARD_ERROR: + case GNUNET_DB_STATUS_SOFT_ERROR: + GNUNET_break (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_INTERNAL_SERVER_ERROR, + TALER_EC_GENERIC_DB_FETCH_FAILED, + NULL); + case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS: + GNUNET_break_op (0); + return TALER_MHD_reply_with_error (rc->connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_ACCESS_DENIED, + NULL); + case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT: + break; + } } for (unsigned int i = 0; NULL != h[i].op; i++) if (0 == strcmp (h[i].op, diff --git a/src/exchange/taler-exchange-httpd_aml-decision-get.c b/src/exchange/taler-exchange-httpd_aml-decision-get.c index 09f9c8e8..e0252c61 100644 --- a/src/exchange/taler-exchange-httpd_aml-decision-get.c +++ b/src/exchange/taler-exchange-httpd_aml-decision-get.c @@ -101,7 +101,7 @@ static void aml_history_cb ( void *cls, const struct TALER_Amount *new_threshold, - enum TALER_AmlDecisionState new_status, + enum TALER_AmlDecisionState new_state, struct GNUNET_TIME_Timestamp decision_time, const char *justification, const struct TALER_AmlOfficerPublicKeyP *decider_pub, @@ -120,8 +120,8 @@ aml_history_cb ( justification), TALER_JSON_pack_amount ("new_threshold", new_threshold), - GNUNET_JSON_pack_int64 ("new_status", - new_status), + GNUNET_JSON_pack_int64 ("new_state", + new_state), GNUNET_JSON_pack_timestamp ("decision_time", decision_time) ))); @@ -134,7 +134,6 @@ TEH_handler_aml_decision_get ( const struct TALER_AmlOfficerPublicKeyP *officer_pub, const char *const args[]) { - struct TALER_AmlOfficerSignatureP officer_sig; struct TALER_PaytoHashP h_payto; if ( (NULL == args[0]) || @@ -159,30 +158,6 @@ TEH_handler_aml_decision_get ( TALER_EC_GENERIC_ENDPOINT_UNKNOWN, args[1]); } - { - const char *sig_hdr; - - sig_hdr = MHD_lookup_connection_value (rc->connection, - MHD_HEADER_KIND, - TALER_AML_OFFICER_SIGNATURE_HEADER); - if ( (NULL == sig_hdr) || - (GNUNET_OK != - GNUNET_STRINGS_string_to_data (sig_hdr, - strlen (sig_hdr), - &officer_sig, - sizeof (officer_sig))) || - (GNUNET_OK != - TALER_officer_aml_query_verify (officer_pub, - &officer_sig)) ) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID, - sig_hdr); - } - TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; - } { json_t *aml_history; diff --git a/src/exchange/taler-exchange-httpd_aml-decision.c b/src/exchange/taler-exchange-httpd_aml-decision.c index ae2667c1..16dc0d96 100644 --- a/src/exchange/taler-exchange-httpd_aml-decision.c +++ b/src/exchange/taler-exchange-httpd_aml-decision.c @@ -76,7 +76,10 @@ TEH_handler_post_aml_decision ( if (GNUNET_SYSERR == res) return MHD_NO; /* hard failure */ if (GNUNET_NO == res) + { + GNUNET_break_op (0); return MHD_YES; /* failure */ + } } new_state = (enum TALER_AmlDecisionState) new_state32; TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; diff --git a/src/exchange/taler-exchange-httpd_aml-decisions-get.c b/src/exchange/taler-exchange-httpd_aml-decisions-get.c index 7c4a137d..ad160b82 100644 --- a/src/exchange/taler-exchange-httpd_aml-decisions-get.c +++ b/src/exchange/taler-exchange-httpd_aml-decisions-get.c @@ -79,7 +79,6 @@ TEH_handler_aml_decisions_get ( const struct TALER_AmlOfficerPublicKeyP *officer_pub, const char *const args[]) { - struct TALER_AmlOfficerSignatureP officer_sig; enum TALER_AmlDecisionState decision; int delta = -20; unsigned long long start = INT64_MAX; @@ -118,30 +117,6 @@ TEH_handler_aml_decisions_get ( TALER_EC_GENERIC_ENDPOINT_UNKNOWN, args[1]); } - { - const char *sig_hdr; - - sig_hdr = MHD_lookup_connection_value (rc->connection, - MHD_HEADER_KIND, - TALER_AML_OFFICER_SIGNATURE_HEADER); - if ( (NULL == sig_hdr) || - (GNUNET_OK != - GNUNET_STRINGS_string_to_data (sig_hdr, - strlen (sig_hdr), - &officer_sig, - sizeof (officer_sig))) || - (GNUNET_OK != - TALER_officer_aml_query_verify (officer_pub, - &officer_sig)) ) - { - GNUNET_break_op (0); - return TALER_MHD_reply_with_error (rc->connection, - MHD_HTTP_BAD_REQUEST, - TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID, - sig_hdr); - } - TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; - } { const char *p; |