7 files changed, 383 insertions, 166 deletions

diff --git a/src/include/taler_auditor_service.h b/src/include/taler_auditor_service.h
index 30d18e6e..c20b789c 100644
--- a/src/include/taler_auditor_service.h
+++ b/src/include/taler_auditor_service.h
@@ -233,7 +233,7 @@ typedef void
  *
  * @param auditor the auditor handle; the auditor must be ready to operate
  * @param h_wire hash of merchant wire details
- * @param h_extensions hash over the extensions, if any
+ * @param h_policy hash over the policy, if any
  * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the auditor)
  * @param exchange_timestamp timestamp when the contract was finalized, must not be too far in the future
  * @param wire_deadline date until which the exchange should wire the funds
@@ -257,7 +257,7 @@ struct TALER_AUDITOR_DepositConfirmationHandle *
 TALER_AUDITOR_deposit_confirmation (
   struct TALER_AUDITOR_Handle *auditor,
   const struct TALER_MerchantWireHashP *h_wire,
-  const struct TALER_ExtensionContractHashP *h_extensions,
+  const struct TALER_ExtensionPolicyHashP *h_policy,
   const struct TALER_PrivateContractHashP *h_contract_terms,
   struct GNUNET_TIME_Timestamp exchange_timestamp,
   struct GNUNET_TIME_Timestamp wire_deadline,
diff --git a/src/include/taler_auditordb_plugin.h b/src/include/taler_auditordb_plugin.h
index dff96700..3f7bc658 100644
--- a/src/include/taler_auditordb_plugin.h
+++ b/src/include/taler_auditordb_plugin.h
@@ -317,9 +317,9 @@ struct TALER_AUDITORDB_DepositConfirmation
   struct TALER_PrivateContractHashP h_contract_terms;
 
   /**
-   * Hash over the extensions for the deposit.
+   * Hash over the policy for the deposit.
    */
-  struct TALER_ExtensionContractHashP h_extensions;
+  struct TALER_ExtensionPolicyHashP h_policy;
 
   /**
    * Hash over the wiring information of the merchant.
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index a861563b..88aaf845 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -638,10 +638,10 @@ struct TALER_PrivateContractHashP
 
 
 /**
- * Hash used to represent the "public" extensions to
- * a contract that is shared with the exchange.
+ * Hash used to represent the policy to a contract that is shared with the
+ * exchange.
  */
-struct TALER_ExtensionContractHashP
+struct TALER_ExtensionPolicyHashP
 {
   /**
    * Actual hash value.
@@ -727,10 +727,10 @@ struct TALER_PickupIdentifierP
 
 
 /**
- * @brief Salted hash over the JSON object representing the configuration of an
- * extension.
+ * @brief Salted hash over the JSON object representing the manifests of
+ * extensions.
  */
-struct TALER_ExtensionConfigHashP
+struct TALER_ExtensionManifestsHashP
 {
   /**
    * Actual hash value.
@@ -3239,7 +3239,7 @@ TALER_wallet_reserve_attest_request_verify (
  * @param h_wire hash of the merchant’s account details
  * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange)
  * @param h_age_commitment hash over the age commitment, if applicable to the denomination (maybe NULL)
- * @param h_extensions hash over the extensions
+ * @param h_policy hash over the policy
  * @param h_denom_pub hash of the coin denomination's public key
  * @param coin_priv coin’s private key
  * @param wallet_timestamp timestamp when the contract was finalized, must not be too far in the future
@@ -3254,7 +3254,7 @@ TALER_wallet_deposit_sign (
   const struct TALER_MerchantWireHashP *h_wire,
   const struct TALER_PrivateContractHashP *h_contract_terms,
   const struct TALER_AgeCommitmentHash *h_age_commitment,
-  const struct TALER_ExtensionContractHashP *h_extensions,
+  const struct TALER_ExtensionPolicyHashP *h_policy,
   const struct TALER_DenominationHashP *h_denom_pub,
   struct GNUNET_TIME_Timestamp wallet_timestamp,
   const struct TALER_MerchantPublicKeyP *merchant_pub,
@@ -3271,7 +3271,7 @@ TALER_wallet_deposit_sign (
  * @param h_wire hash of the merchant’s account details
  * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange)
  * @param h_age_commitment hash over the age commitment (maybe all zeroes, if not applicable to the denomination)
- * @param h_extensions hash over the extensions
+ * @param h_policy hash over the policy
  * @param h_denom_pub hash of the coin denomination's public key
  * @param wallet_timestamp timestamp when the contract was finalized, must not be too far in the future
  * @param merchant_pub the public key of the merchant (used to identify the merchant for refund requests)
@@ -3287,7 +3287,7 @@ TALER_wallet_deposit_verify (
   const struct TALER_MerchantWireHashP *h_wire,
   const struct TALER_PrivateContractHashP *h_contract_terms,
   const struct TALER_AgeCommitmentHash *h_age_commitment,
-  const struct TALER_ExtensionContractHashP *h_extensions,
+  const struct TALER_ExtensionPolicyHashP *h_policy,
   const struct TALER_DenominationHashP *h_denom_pub,
   struct GNUNET_TIME_Timestamp wallet_timestamp,
   const struct TALER_MerchantPublicKeyP *merchant_pub,
@@ -3692,7 +3692,7 @@ typedef enum TALER_ErrorCode
  * @param scb function to call to create the signature
  * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange)
  * @param h_wire hash of the merchant’s account details
- * @param h_extensions hash over the extensions, can be NULL
+ * @param h_policy hash over the policy, can be NULL
  * @param exchange_timestamp timestamp when the contract was finalized, must not be too far off
  * @param wire_deadline date until which the exchange should wire the funds
  * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline
@@ -3708,7 +3708,7 @@ TALER_exchange_online_deposit_confirmation_sign (
   TALER_ExchangeSignCallback scb,
   const struct TALER_PrivateContractHashP *h_contract_terms,
   const struct TALER_MerchantWireHashP *h_wire,
-  const struct TALER_ExtensionContractHashP *h_extensions,
+  const struct TALER_ExtensionPolicyHashP *h_policy,
   struct GNUNET_TIME_Timestamp exchange_timestamp,
   struct GNUNET_TIME_Timestamp wire_deadline,
   struct GNUNET_TIME_Timestamp refund_deadline,
@@ -3724,7 +3724,7 @@ TALER_exchange_online_deposit_confirmation_sign (
  *
  * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the exchange)
  * @param h_wire hash of the merchant’s account details
- * @param h_extensions hash over the extensions, can be NULL
+ * @param h_policy hash over the policy, can be NULL
  * @param exchange_timestamp timestamp when the contract was finalized, must not be too far off
  * @param wire_deadline date until which the exchange should wire the funds
  * @param refund_deadline date until which the merchant can issue a refund to the customer via the exchange (can be zero if refunds are not allowed); must not be after the @a wire_deadline
@@ -3739,7 +3739,7 @@ enum GNUNET_GenericReturnValue
 TALER_exchange_online_deposit_confirmation_verify (
   const struct TALER_PrivateContractHashP *h_contract_terms,
   const struct TALER_MerchantWireHashP *h_wire,
-  const struct TALER_ExtensionContractHashP *h_extensions,
+  const struct TALER_ExtensionPolicyHashP *h_policy,
   struct GNUNET_TIME_Timestamp exchange_timestamp,
   struct GNUNET_TIME_Timestamp wire_deadline,
   struct GNUNET_TIME_Timestamp refund_deadline,
@@ -5242,31 +5242,31 @@ TALER_merchant_contract_sign (
 /* **************** /management/extensions offline signing **************** */
 
 /**
- * Create a signature for the hash of the configuration of an extension
+ * Create a signature for the hash of the manifests of extensions
  *
- * @param h_config hash of the JSON object representing the configuration
+ * @param h_manifests hash of the JSON object representing the manifests
  * @param master_priv private key to sign with
  * @param[out] master_sig where to write the signature
  */
 void
-TALER_exchange_offline_extension_config_hash_sign (
-  const struct TALER_ExtensionConfigHashP *h_config,
+TALER_exchange_offline_extension_manifests_hash_sign (
+  const struct TALER_ExtensionManifestsHashP *h_manifests,
   const struct TALER_MasterPrivateKeyP *master_priv,
   struct TALER_MasterSignatureP *master_sig);
 
 
 /**
  * Verify the signature in @a master_sig of the given hash, taken over the JSON
- * blob representing the configuration of an extension
+ * blob representing the manifests of extensions
  *
- * @param h_config hash of the JSON blob of a configuration of an extension
+ * @param h_manifests hash of the JSON blob of a configuration of an extension
  * @param master_pub master public key of the exchange
  * @param master_sig signature of the exchange
  * @return #GNUNET_OK if signature is valid
  */
 enum GNUNET_GenericReturnValue
-TALER_exchange_offline_extension_config_hash_verify (
-  const struct TALER_ExtensionConfigHashP *h_config,
+TALER_exchange_offline_extension_manifests_hash_verify (
+  const struct TALER_ExtensionManifestsHashP *h_manifests,
   const struct TALER_MasterPublicKeyP *master_pub,
   const struct TALER_MasterSignatureP *master_sig
   );
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index a6b7a616..eee9b17f 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -1428,10 +1428,16 @@ struct TALER_EXCHANGEDB_Deposit
   char *receiver_wire_account;
 
   /**
-   * Additional details for extensions relevant for this
+   * Additional details for a policy relevant for this
    * deposit operation, possibly NULL!
    */
-  json_t *extension_details;
+  json_t *policy_details;
+  bool no_policy_details;
+
+  /**
+   * Hash over the @e policy_details.  Only filled if no_policy_details is false.
+   */
+  struct TALER_ExtensionPolicyHashP h_policy;
 
   /**
    * Time when this request was generated.  Used, for example, to
@@ -1505,6 +1511,12 @@ struct TALER_EXCHANGEDB_DepositListEntry
   struct TALER_PrivateContractHashP h_contract_terms;
 
   /**
+   * Hash over the poliy data for this deposit
+   * (remains unknown to the Exchange).
+   */
+  struct TALER_ExtensionPolicyHashP h_policy;
+
+  /**
    * Hash of the public denomination key used to sign the coin.
    */
   struct TALER_DenominationHashP h_denom_pub;
@@ -5223,23 +5235,23 @@ struct TALER_EXCHANGEDB_Plugin
 
 
   /**
-   * Function called to save the configuration of an extension
-   * (age-restriction, peer2peer, ...)
+   * Function called to save the manifest of an extension
+   * (age_restriction, policy_merchant_refund, ...)
    *
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param extension_name the name of the extension
-   * @param config JSON object of the configuration as string, maybe NULL (== disabled extension)
+   * @param manifest Manifest of the extension encoded as JSON object, maybe NULL (== disabled extension)
    * @return transaction status code
    */
   enum GNUNET_DB_QueryStatus
-  (*set_extension_config)(void *cls,
-                          const char *extension_name,
-                          const char *config);
+  (*set_extension_manifest)(void *cls,
+                            const char *extension_name,
+                            const char *config);
 
 
   /**
-   * Function called to retrieve the configuration of an extension
-   * (age-restriction, peer2peer, ...)
+   * Function called to retrieve the manifest of an extension
+   * (age_restriction, policy_merchant_refund, ...)
    *
    * @param cls the @e cls of this struct with the plugin-specific state
    * @param extension_name the name of the extension
@@ -5247,9 +5259,9 @@ struct TALER_EXCHANGEDB_Plugin
    * @return transaction status code
    */
   enum GNUNET_DB_QueryStatus
-  (*get_extension_config)(void *cls,
-                          const char *extension_name,
-                          char **config);
+  (*get_extension_manifest)(void *cls,
+                            const char *extension_name,
+                            char **manifest);
 
 
   /**
diff --git a/src/include/taler_extensions.h b/src/include/taler_extensions.h
index 8e1823cc..d76de25e 100644
--- a/src/include/taler_extensions.h
+++ b/src/include/taler_extensions.h
@@ -24,119 +24,254 @@
 #include <gnunet/gnunet_util_lib.h>
 #include "taler_crypto_lib.h"
 #include "taler_json_lib.h"
+#include "taler_mhd_lib.h"
+#include "taler_exchangedb_plugin.h"
 
 
 #define TALER_EXTENSION_SECTION_PREFIX "exchange-extension-"
 
 enum TALER_Extension_Type
 {
-  TALER_Extension_AgeRestriction = 0,
-  TALER_Extension_MaxPredefined = 1 // Must be last of the predefined
+  TALER_Extension_PolicyNull                 = 0,
+
+  TALER_Extension_AgeRestriction             = 1,
+  TALER_Extension_PolicyMerchantRefund       = 2,
+  TALER_Extension_PolicyBrandtVickeryAuction = 3,
+  TALER_Extension_PolicyEscrowedPayment      = 4,
+
+  TALER_Extension_MaxPredefined              = 5 // Must be last of the predefined
+};
+
+
+/*
+ * @brief simply linked list of extensions
+ */
+
+struct TALER_Extensions
+{
+  struct TALER_Extensions *next;
+  const struct TALER_Extension *extension;
+};
+
+/*
+ * @brief Serial ID under which the policy details to an deposit are stored in
+ * the policy_details table.
+ */
+struct TALER_ExtensionsPolicySerialID
+{
+  struct GNUNET_HashCode hash;
 };
 
 /*
  * @brief Represents the implementation of an extension.
  *
- * TODO: add documentation
+ * An "Extension" is an optional feature for the Exchange.
+ * There are only two types of extensions:
+ *
+ * a) Age restriction:  This is a special feature that directly interacts with
+ * denominations and coins, but is not define policies during deposits, see b).
+ * The implementation of this extension doesn't have to implement any of the
+ * http- or depost-handlers in the struct.
+ *
+ * b) Policies for deposits:  These are extensions that define policies (such
+ * as refund, escrow or auctions) for deposit requests.  These extensions have
+ * to implement at least the deposit- and post-http-handler in the struct to be
+ * functional.
+ *
+ * In addition to the handlers defined in this struct, an extension must also
+ * be a plugin in the GNUNET_Plugin sense.  That is, it must implement the
+ * functions
+ *    1: (void *ext)libtaler_extension_<name>_init(void *cfg)
+ * and
+ *    2: (void *)libtaler_extension_<name>_done(void *)
+ *
+ * In 1:, the input will be the GNUNET_CONFIGURATION_Handle to the TALER
+ * configuration and the output must be the struct TALER_Extension * on
+ * success, NULL otherwise.
+ *
+ * In 2:, no arguments are passed and NULL is expected to be returned.
  */
 struct TALER_Extension
 {
-  /* simple linked list */
-  struct TALER_Extension *next;
-
+  /**
+   * Type of the extension.  Only one extension of a type can be loaded
+   * at any time.
+   */
   enum TALER_Extension_Type type;
+
+  /**
+   * The name of the extension, must be unique among all loaded extensions.  It
+   * is used in URLs for /extension/$NAME as well.
+   */
   char *name;
+
+  /**
+   * Criticality of the extension.  It has the same semantics as "critical" has
+   * for extensions in X.509:
+   * - if "true", the client must "understand" the extension before proceeding,
+   * - if "false", clients can safely skip extensions they do not understand.
+   * (see https://datatracker.ietf.org/doc/html/rfc5280#section-4.2)
+   */
   bool critical;
+
+  /**
+   * Version of the extension must be provided in Taler's protocol verison ranges notation, see
+   * https://docs.taler.net/core/api-common.html#protocol-version-ranges
+   */
   char *version;
+
+  /**
+   * If the extension is marked as enabled, it will be listed in the
+   * "extensions" field in the "/keys" response.
+   */
+  bool enabled;
+
+  /**
+   * Opaque (public) configuration object, set by the extension.
+   */
   void *config;
-  json_t *config_json;
 
-  void (*disable)(struct TALER_Extension *ext);
 
-  enum GNUNET_GenericReturnValue (*test_json_config)(
-    const json_t *config);
+  /**
+   * @brief Handler to to disable the extension.
+   *
+   * @param ext The current extension object
+   */
+  void (*disable)(struct TALER_Extension *ext);
 
-  enum GNUNET_GenericReturnValue (*load_json_config)(
+  /**
+   * @brief Handler to read an extension-specific configuration in JSON
+   * encoding and enable the extension.  Must be implemented by the extension.
+   *
+   * @param ext The extension object. If NULL, the configuration will only be checked.
+   * @param config A JSON blob
+   * @return GNUNET_OK if the json was a valid configuration for the extension.
+   */
+  enum GNUNET_GenericReturnValue (*load_config)(
     struct TALER_Extension *ext,
     json_t *config);
 
-  json_t *(*config_to_json)(
+  /**
+   * @brief Handler to return the manifest of the extension in JSON encoding.
+   *
+   * See
+   * https://docs.taler.net/design-documents/006-extensions.html#tsref-type-Extension
+   * for the definition.
+   *
+   * @param ext The extension object
+   * @return The JSON encoding of the extension, if enabled, NULL otherwise.
+   */
+  json_t *(*manifest)(
     const struct TALER_Extension *ext);
 
-  enum GNUNET_GenericReturnValue (*load_taler_config)(
-    struct TALER_Extension *ext,
-    const struct GNUNET_CONFIGURATION_Handle *cfg);
+  /* =========================
+   *  Policy related handlers
+   * =========================
+   */
+  /**
+   * @brief Handler to check a policy. Can be NULL;
+   *
+   * When a deposit request refers to this extension in its policy
+   * (see https://docs.taler.net/core/api-exchange.html#deposit), this handler
+   * will be called before the deposit transaction.
+   *
+   * @param[in] policy_details Details about the policy, provided by the client
+   * during a deposit request.
+   * @param[out] serial On success, will contain the serial-ID under which the
+   * exchange should save the policy_details in the deposit table.
+   * @param[out] deadline On sucess, set to the deadline until the policy must
+   * be fulfilled.  Might be "forever".  This value is used by an external
+   * mechanism to detect timeouts.
+   * @return GNUNET_OK if the data was accepted by the extension.
+   */
+  enum GNUNET_GenericReturnValue (*parse_policy_details)(
+    const json_t *policy_details,
+    struct TALER_ExtensionsPolicySerialID *serial,
+    struct GNUNET_TIME_Timestamp *deadline);
+
+  /**
+   * @brief Handler for POST-requests to the /policy/$name endpoint. Can be NULL.
+   *
+   * @param connection The current connection
+   * @param root The JSON body from the request
+   * @param args Additional query parameters of the request.
+   * @return MDH result
+   */
+  MHD_RESULT (*http_post_handler)(
+    struct MHD_Connection *connection,
+    const json_t *root,
+    const char *const args[]);
+
+  /**
+   * @brief Handler for GET-requests to the /policy/$name endpoint.  Can be NULL.
+   *
+   * @param connection The current connection
+   * @param root The JSON body from the request
+   * @param args Additional query parameters of the request.
+   * @return MDH result
+   */
+  MHD_RESULT (*http_get_handler)(
+    struct MHD_Connection *connection,
+    const char *const args[]);
 };
 
+
 /**
  * Generic functions for extensions
  */
 
 /*
- * @brief Sets the configuration of the extensions from the given TALER
- * configuration.
+ * @brief Loads the extensions as shared libraries, as specified in the given
+ * TALER configuration.
  *
  * @param cfg Handle to the TALER configuration
  * @return GNUNET_OK on success, GNUNET_SYSERR if unknown extensions were found
  *         or any particular configuration couldn't be parsed.
  */
 enum GNUNET_GenericReturnValue
-TALER_extensions_load_taler_config (
+TALER_extensions_init (
   const struct GNUNET_CONFIGURATION_Handle *cfg);
 
 /*
- * @brief Checks the given obj to be a valid extension object and fill the
- * fields accordingly.
+ * @brief Parses a given JSON object as an extension manifest.
  *
- * @param[in] obj Object to verify is a valid extension
+ * @param[in] obj JSON object to parse as an extension manifest
  * @param{out] critical will be set to 1 if the extension is critical according to obj
  * @param[out] version will be set to the version of the extension according to obj
  * @param[out] config will be set to the configuration of the extension according to obj
  * @return OK on success, Error otherwise
  */
 enum GNUNET_GenericReturnValue
-TALER_extensions_is_json_config (
+TALER_extensions_parse_manifest (
   json_t *obj,
   int *critical,
   const char **version,
   json_t **config);
 
 /*
- * @brief Sets the configuration of the extensions from a given JSON object.
+ * @brief Loads extensions according to the manifests.
  *
- * The JSON object must be of type ExchangeKeysResponse as described in
- * https://docs.taler.net/design-documents/006-extensions.html#exchange
+ * The JSON object must be of type ExtensionsManifestsResponse as described
+ * in https://docs.taler.net/design-documents/006-extensions.html#exchange
  *
- * @param cfg JSON object containing the configuration for all extensions
+ * @param cfg JSON object containing the manifests for all extensions
  * @return #GNUNET_OK on success, #GNUNET_SYSERR if unknown extensions were
  *  found or any particular configuration couldn't be parsed.
  */
 enum GNUNET_GenericReturnValue
-TALER_extensions_load_json_config (
-  json_t *cfg);
+TALER_extensions_load_manifests (
+  json_t *manifests);
 
 /*
  * @brief Returns the head of the linked list of extensions.
  */
-const struct TALER_Extension *
+const struct TALER_Extensions *
 TALER_extensions_get_head ();
 
-/*
- * @brief Adds an extension to the linked list of extensions.
- *
- * @param new_extension the new extension to be added
- * @return GNUNET_OK on success, GNUNET_SYSERR if the extension is invalid
- * (missing fields), GNUNET_NO if there is already an extension with that name
- * or type.
- */
-enum GNUNET_GenericReturnValue
-TALER_extensions_add (
-  struct TALER_Extension *new_extension);
-
 /**
  * @brief Finds and returns a supported extension by a given type.
  *
- * @param type type of the extension to lookup
+ * @param type of the extension to lookup
  * @return extension found, or NULL (should not happen!)
  */
 const struct TALER_Extension *
@@ -154,8 +289,6 @@ const struct TALER_Extension *
 TALER_extensions_get_by_name (
   const char *name);
 
-#define TALER_extensions_is_enabled(ext) (NULL != (ext)->config)
-
 /**
  * @brief Check if a given type of an extension is enabled
  *
@@ -166,12 +299,21 @@ bool
 TALER_extensions_is_enabled_type (
   enum TALER_Extension_Type type);
 
+/**
+ * @brief Check if an extension is enabled
+ *
+ * @param extension The extension handler.
+ * @return true enabled, false if not enabled, will assert if type is not found.
+ */
+bool
+TALER_extensions_is_enabled (
+  const struct TALER_Extension *extension);
 
 /*
  * Verify the signature of a given JSON object for extensions with the master
  * key of the exchange.
  *
- * The JSON object must be of type ExchangeKeysResponse as described in
+ * The JSON object must be of type ExtensionsManifestsResponse as described in
  * https://docs.taler.net/design-documents/006-extensions.html#exchange
  *
  * @param extensions JSON object with the extension configuration
@@ -181,14 +323,19 @@ TALER_extensions_is_enabled_type (
  * and GNUNET_NO if the signature couldn't be verified.
  */
 enum GNUNET_GenericReturnValue
-TALER_extensions_verify_json_config_signature (
-  json_t *extensions,
+TALER_extensions_verify_manifests_signature (
+  json_t *manifests,
   struct TALER_MasterSignatureP *extensions_sig,
   struct TALER_MasterPublicKeyP *master_pub);
 
 
 /*
  * TALER Age Restriction Extension
+ *
+ * This extension is special insofar as it directly interacts with coins and
+ * denominations.
+ *
+ * At the same time, it doesn't implement and http- or deposit-handlers.
  */
 
 #define TALER_EXTENSION_SECTION_AGE_RESTRICTION (TALER_EXTENSION_SECTION_PREFIX  \
@@ -204,102 +351,101 @@ TALER_extensions_verify_json_config_signature (
                                                           | 1 << 21)
 #define TALER_EXTENSION_AGE_RESTRICTION_DEFAULT_AGE_GROUPS "8:10:12:14:16:18:21"
 
-/**
- * @brief Registers the extension for age restriction to the list extensions
- */
-enum GNUNET_GenericReturnValue
-TALER_extension_age_restriction_register ();
 
-/**
- * @brief Parses a string as a list of age groups.
- *
- * The string must consist of a colon-separated list of increasing integers
- * between 0 and 31.  Each entry represents the beginning of a new age group.
- * F.e. the string
- *
- *  "8:10:12:14:16:18:21"
- *
- * represents the following list of eight age groups:
- *
- * | Group |    Ages       |
- * | -----:|:------------- |
- * |    0  |  0, 1, ..., 7 |
- * |    1  |  8, 9         |
- * |    2  | 10, 11        |
- * |    3  | 12, 13        |
- * |    4  | 14, 15        |
- * |    5  | 16, 17        |
- * |    6  | 18, 19, 20    |
- * |    7  | 21, ...       |
- *
- * which is then encoded as a bit mask with the corresponding bits set:
- *
- *  31     24        16        8         0
- *  |      |         |         |         |
- *  oooooooo  oo1oo1o1  o1o1o1o1  ooooooo1
- *
- * @param groups String representation of age groups
- * @param[out] mask Mask representation for age restriction.
- * @return Error, if age groups were invalid, OK otherwise.
+/*
+ * @brief Configuration for Age Restriction
  */
-enum GNUNET_GenericReturnValue
-TALER_parse_age_group_string (
-  const char *groups,
-  struct TALER_AgeMask *mask);
+struct TALER_AgeRestrictionConfig
+{
+  struct TALER_AgeMask mask;
+  uint8_t num_groups;
+};
 
-/**
- * @brief Encodes the age mask into a string, like "8:10:12:14:16:18:21"
- *
- * @param mask Age mask
- * @return String representation of the age mask, allocated by GNUNET_malloc.
- *         Can be used as value in the TALER config.
- */
-char *
-TALER_age_mask_to_string (
-  const struct TALER_AgeMask *mask);
 
 /**
- * @brief Returns true when age restriction is configured and enabled.
+ * @brief Retrieve the age restriction configuration
+ *
+ * @return age restriction configuration if present, otherwise NULL.
  */
-bool
-TALER_extensions_age_restriction_is_enabled ();
+const struct TALER_AgeRestrictionConfig *
+TALER_extensions_get_age_restriction_config ();
 
 /**
- * @brief Returns true when age restriction is configured (might not be
- * _enabled_, though).
+ * @brief Check if age restriction is enabled
+ *
+ * @return true, if age restriction is loaded, configured and enabled; otherwise false.
  */
 bool
-TALER_extensions_age_restriction_is_configured ();
+TALER_extensions_is_age_restriction_enabled ();
 
 /**
- * @brief Returns the currently set age mask.  Note that even if age
- * restriction is not enabled, the age mask might be have a non-zero value.
+ * @brief Return the age mask for age restriction
+ *
+ * @return configured age mask, if age restriction is loaded, configured and enabled; otherwise zero mask.
  */
 struct TALER_AgeMask
-TALER_extensions_age_restriction_ageMask ();
+TALER_extensions_get_age_restriction_mask ();
 
 
-/**
- * @brief Returns the amount of age groups defined.  0 means no age restriction
- * enabled.
+/*
+ * ===================================
+ * Policy extensions related functions
+ * ===================================
  */
-size_t
-TALER_extensions_age_restriction_num_groups ();
 
-/**
- * @brief Parses a JSON object { "age_groups": "a:b:...y:z" }.
+/*
+ * @brief Finds the extension for a given policy
  *
- * @param root is the json object
- * @param[out] mask on success, will contain the age mask
- * @return #GNUNET_OK on success and #GNUNET_SYSERR on failure.
+ * @param[in]  policy_details JSON of the policy detail from a deposit request
+ * @param[out] extension On GNUNET_OK, the exentions handling the given policy
+ * @param[out] error_hint On GNUNET_SYSERR, will contain a hint for the reason why it failed
+ * @return GNUNET_OK on success, with *extension set to the correct extension.
+ * GNUNET_NO, when no extension was found. GNUNET_SYSERR when the JSON was
+ * invalid, with *error_hint maybe non-NULL.
  */
 enum GNUNET_GenericReturnValue
-TALER_JSON_parse_age_groups (const json_t *root,
-                             struct TALER_AgeMask *mask);
+TALER_extensions_from_policy_details (
+  const json_t *policy_details,
+  const struct TALER_Extension **extension,
+  char **error_hint);
 
+/*
+ * ================================
+ * Merchant refund policy
+ * ================================
+ */
+struct TALER_ExtensionPolicyMerchantRefundPolicyConfig
+{
+  struct GNUNET_TIME_Relative max_timeout;
+};
 
 /*
- * TODO: Add Peer2Peer Extension
+ * ================================
+ * Brandt-Vickrey Auctions policy
+ * ================================
+ */
+/*
+ * @brief Configuration for Brandt-Vickrey auctions policy
  */
+struct TALER_ExtensionPolicyBrandtVickreyAuctionConfig
+{
+  uint16_t max_bidders;
+  uint16_t max_prices;
+  struct TALER_Amount auction_fee;
+};
+
+
+/*
+ * ================================
+ * Escrowed Payments policy
+ * ================================
+ */
+/*
+ * @brief Configuration for escrowed payments policy
+ */
+struct TALER_ExtensionPolicyEscrowedPaymentsConfig
+{
+  struct GNUNET_TIME_Relative max_timeout;
+};
 
 #endif
diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h
index 443cbdb7..123fe63a 100644
--- a/src/include/taler_json_lib.h
+++ b/src/include/taler_json_lib.h
@@ -767,25 +767,25 @@ TALER_JSON_wire_to_payto (const json_t *wire_s);
 
 
 /**
- * Hash @a extensions in deposits.
+ * Hash @a policy in deposits.
  *
- * @param extensions contract extensions to hash
- * @param[out] ech where to write the extension hash
+ * @param policy contract policy to hash
+ * @param[out] ech where to write the policy hash
  */
 void
-TALER_deposit_extension_hash (const json_t *extensions,
-                              struct TALER_ExtensionContractHashP *ech);
+TALER_deposit_policy_hash (const json_t *policy,
+                           struct TALER_ExtensionPolicyHashP *ech);
 
 /**
  * Hash the @a config of an extension, given as JSON
  *
- * @param config configuration of the extension
+ * @param manifests manifests of extensions
  * @param[out] eh where to write the extension hash
  * @return GNUNET_OK on success, GNUNET_SYSERR on failure
  */
 enum GNUNET_GenericReturnValue
-TALER_JSON_extensions_config_hash (const json_t *config,
-                                   struct TALER_ExtensionConfigHashP *eh);
+TALER_JSON_extensions_manifests_hash (const json_t *manifests,
+                                      struct TALER_ExtensionManifestsHashP *eh);
 
 /**
  * Canonicalize a JSON input to a string according to RFC 8785.
diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index 079f72ed..e821fc19 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -492,5 +492,64 @@ char *strchrnul (const char *s, int c);
 
 #endif
 
+/**
+ * @brief Parses a string as a list of age groups.
+ *
+ * The string must consist of a colon-separated list of increasing integers
+ * between 0 and 31.  Each entry represents the beginning of a new age group.
+ * F.e. the string
+ *
+ *  "8:10:12:14:16:18:21"
+ *
+ * represents the following list of eight age groups:
+ *
+ * | Group |    Ages       |
+ * | -----:|:------------- |
+ * |    0  |  0, 1, ..., 7 |
+ * |    1  |  8, 9         |
+ * |    2  | 10, 11        |
+ * |    3  | 12, 13        |
+ * |    4  | 14, 15        |
+ * |    5  | 16, 17        |
+ * |    6  | 18, 19, 20    |
+ * |    7  | 21, ...       |
+ *
+ * which is then encoded as a bit mask with the corresponding bits set:
+ *
+ *  31     24        16        8         0
+ *  |      |         |         |         |
+ *  oooooooo  oo1oo1o1  o1o1o1o1  ooooooo1
+ *
+ * @param groups String representation of age groups
+ * @param[out] mask Mask representation for age restriction.
+ * @return Error, if age groups were invalid, OK otherwise.
+ */
+enum GNUNET_GenericReturnValue
+TALER_parse_age_group_string (
+  const char *groups,
+  struct TALER_AgeMask *mask);
+
+/**
+ * @brief Encodes the age mask into a string, like "8:10:12:14:16:18:21"
+ *
+ * @param mask Age mask
+ * @return String representation of the age mask, allocated by GNUNET_malloc.
+ *         Can be used as value in the TALER config.
+ */
+char *
+TALER_age_mask_to_string (
+  const struct TALER_AgeMask *mask);
+
+/**
+ * @brief Parses a JSON object { "age_groups": "a:b:...y:z" }.
+ *
+ * @param root is the json object
+ * @param[out] mask on success, will contain the age mask
+ * @return #GNUNET_OK on success and #GNUNET_SYSERR on failure.
+ */
+enum GNUNET_GenericReturnValue
+TALER_JSON_parse_age_groups (const json_t *root,
+                             struct TALER_AgeMask *mask);
+
 
 #endif