2015-01-28 20:10:59 +01:00
|
|
|
/*
|
|
|
|
This file is part of TALER
|
2015-03-15 17:13:19 +01:00
|
|
|
Copyright (C) 2014, 2015 GNUnet e.V.
|
2015-01-28 20:10:59 +01:00
|
|
|
|
|
|
|
TALER is free software; you can redistribute it and/or modify it under the
|
|
|
|
terms of the GNU Affero General Public License as published by the Free Software
|
|
|
|
Foundation; either version 3, or (at your option) any later version.
|
|
|
|
|
|
|
|
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Affero General Public License along with
|
|
|
|
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*/
|
|
|
|
/**
|
|
|
|
* @file taler-mint-httpd_keystate.c
|
|
|
|
* @brief management of our coin signing keys
|
|
|
|
* @author Florian Dold
|
|
|
|
* @author Benedikt Mueller
|
|
|
|
* @author Christian Grothoff
|
|
|
|
*/
|
|
|
|
#include "platform.h"
|
|
|
|
#include <pthread.h>
|
|
|
|
#include "taler-mint-httpd_keystate.h"
|
2015-06-12 10:46:42 +02:00
|
|
|
#include "taler_mintdb_plugin.h"
|
2015-01-28 20:10:59 +01:00
|
|
|
|
|
|
|
|
2015-03-15 15:40:07 +01:00
|
|
|
/**
|
2015-03-15 16:12:43 +01:00
|
|
|
* Snapshot of the (coin and signing) keys (including private keys) of
|
|
|
|
* the mint. There can be multiple instances of this struct, as it is
|
|
|
|
* reference counted and only destroyed once the last user is done
|
|
|
|
* with it. The current instance is acquired using
|
2015-03-27 19:58:40 +01:00
|
|
|
* #TMH_KS_acquire(). Using this function increases the
|
2015-03-15 16:12:43 +01:00
|
|
|
* reference count. The contents of this structure (except for the
|
|
|
|
* reference counter) should be considered READ-ONLY until it is
|
|
|
|
* ultimately destroyed (as there can be many concurrent users).
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle
|
2015-03-15 15:40:07 +01:00
|
|
|
{
|
|
|
|
/**
|
2015-03-15 16:12:43 +01:00
|
|
|
* JSON array with denomination keys. (Currently not really used
|
|
|
|
* after initialization.)
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
|
|
|
json_t *denom_keys_array;
|
|
|
|
|
|
|
|
/**
|
2015-03-15 16:12:43 +01:00
|
|
|
* JSON array with signing keys. (Currently not really used
|
|
|
|
* after initialization.)
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
|
|
|
json_t *sign_keys_array;
|
|
|
|
|
2015-09-17 16:10:30 +02:00
|
|
|
/**
|
|
|
|
* JSON array with auditor information. (Currently not really used
|
|
|
|
* after initialization.)
|
|
|
|
*/
|
|
|
|
json_t *auditors_array;
|
|
|
|
|
2015-03-15 15:40:07 +01:00
|
|
|
/**
|
2015-03-15 16:12:43 +01:00
|
|
|
* Cached JSON text that the mint will send for a "/keys" request.
|
2015-03-27 19:58:40 +01:00
|
|
|
* Includes our @e TMH_master_public_key public key, the signing and
|
2015-03-15 16:12:43 +01:00
|
|
|
* denomination keys as well as the @e reload_time.
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
|
|
|
char *keys_json;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Mapping from denomination keys to denomination key issue struct.
|
2015-03-15 16:12:43 +01:00
|
|
|
* Used to lookup the key by hash.
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
|
|
|
struct GNUNET_CONTAINER_MultiHashMap *denomkey_map;
|
|
|
|
|
2015-04-12 22:18:09 +02:00
|
|
|
/**
|
|
|
|
* Hash context we used to combine the hashes of all denomination
|
|
|
|
* keys into one big hash.
|
|
|
|
*/
|
|
|
|
struct GNUNET_HashContext *hash_context;
|
|
|
|
|
2015-03-15 15:40:07 +01:00
|
|
|
/**
|
|
|
|
* When did we initiate the key reloading?
|
|
|
|
*/
|
|
|
|
struct GNUNET_TIME_Absolute reload_time;
|
|
|
|
|
|
|
|
/**
|
2015-03-15 16:12:43 +01:00
|
|
|
* When is the next key invalid and we have to reload? (We also
|
|
|
|
* reload on SIGUSR1.)
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
|
|
|
struct GNUNET_TIME_Absolute next_reload;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Mint signing key that should be used currently.
|
|
|
|
*/
|
2015-03-28 12:29:35 +01:00
|
|
|
struct TALER_MINTDB_PrivateSigningKeyInformationP current_sign_key_issue;
|
2015-03-15 15:40:07 +01:00
|
|
|
|
|
|
|
/**
|
2015-03-15 16:12:43 +01:00
|
|
|
* Reference count. The struct is released when the RC hits zero.
|
2015-03-15 15:40:07 +01:00
|
|
|
*/
|
|
|
|
unsigned int refcnt;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2015-01-28 20:10:59 +01:00
|
|
|
/**
|
|
|
|
* Mint key state. Never use directly, instead access via
|
2015-03-27 19:58:40 +01:00
|
|
|
* #TMH_KS_acquire() and #TMH_KS_release().
|
2015-01-28 20:10:59 +01:00
|
|
|
*/
|
2015-03-27 19:58:40 +01:00
|
|
|
static struct TMH_KS_StateHandle *internal_key_state;
|
2015-01-28 20:10:59 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Mutex protecting access to #internal_key_state.
|
|
|
|
*/
|
|
|
|
static pthread_mutex_t internal_key_state_mutex = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Pipe used for signaling reloading of our key state.
|
|
|
|
*/
|
|
|
|
static int reload_pipe[2];
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2015-01-28 21:08:19 +01:00
|
|
|
* Convert the public part of a denomination key issue to a JSON
|
|
|
|
* object.
|
2015-01-28 20:10:59 +01:00
|
|
|
*
|
2015-03-15 18:27:32 +01:00
|
|
|
* @param pk public key of the denomination key
|
2015-01-28 20:10:59 +01:00
|
|
|
* @param dki the denomination key issue
|
|
|
|
* @return a JSON object describing the denomination key isue (public part)
|
|
|
|
*/
|
|
|
|
static json_t *
|
2015-03-22 22:14:30 +01:00
|
|
|
denom_key_issue_to_json (const struct TALER_DenominationPublicKey *pk,
|
2015-07-06 10:16:49 +02:00
|
|
|
const struct TALER_MINTDB_DenominationKeyInformationP *dki)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-18 18:55:41 +01:00
|
|
|
struct TALER_Amount value;
|
|
|
|
struct TALER_Amount fee_withdraw;
|
|
|
|
struct TALER_Amount fee_deposit;
|
|
|
|
struct TALER_Amount fee_refresh;
|
|
|
|
|
|
|
|
TALER_amount_ntoh (&value,
|
2015-07-06 10:16:49 +02:00
|
|
|
&dki->properties.value);
|
2015-03-18 18:55:41 +01:00
|
|
|
TALER_amount_ntoh (&fee_withdraw,
|
2015-07-06 10:16:49 +02:00
|
|
|
&dki->properties.fee_withdraw);
|
2015-03-18 18:55:41 +01:00
|
|
|
TALER_amount_ntoh (&fee_deposit,
|
2015-07-06 10:16:49 +02:00
|
|
|
&dki->properties.fee_deposit);
|
2015-03-18 18:55:41 +01:00
|
|
|
TALER_amount_ntoh (&fee_refresh,
|
2015-07-06 10:16:49 +02:00
|
|
|
&dki->properties.fee_refresh);
|
2015-03-15 16:44:53 +01:00
|
|
|
return
|
2015-06-19 22:19:31 +02:00
|
|
|
json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o, s:o}",
|
2015-03-15 16:44:53 +01:00
|
|
|
"master_sig",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_data (&dki->signature,
|
2015-03-15 16:44:53 +01:00
|
|
|
sizeof (struct GNUNET_CRYPTO_EddsaSignature)),
|
|
|
|
"stamp_start",
|
2015-07-06 10:16:49 +02:00
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.start)),
|
2015-03-15 16:44:53 +01:00
|
|
|
"stamp_expire_withdraw",
|
2015-07-06 10:16:49 +02:00
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_withdraw)),
|
2015-03-15 16:44:53 +01:00
|
|
|
"stamp_expire_deposit",
|
2015-07-06 10:16:49 +02:00
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_spend)),
|
2015-03-28 18:23:45 +01:00
|
|
|
"stamp_expire_legal",
|
2015-07-06 10:16:49 +02:00
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (dki->properties.expire_legal)),
|
2015-03-15 16:44:53 +01:00
|
|
|
"denom_pub",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_rsa_public_key (pk->rsa_public_key),
|
2015-03-15 16:44:53 +01:00
|
|
|
"value",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_amount (&value),
|
2015-03-15 16:44:53 +01:00
|
|
|
"fee_withdraw",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_amount (&fee_withdraw),
|
2015-03-15 16:44:53 +01:00
|
|
|
"fee_deposit",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_amount (&fee_deposit),
|
2015-03-15 16:44:53 +01:00
|
|
|
"fee_refresh",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_amount (&fee_refresh));
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Get the relative time value that describes how
|
|
|
|
* far in the future do we want to provide coin keys.
|
|
|
|
*
|
|
|
|
* @return the provide duration
|
|
|
|
*/
|
|
|
|
static struct GNUNET_TIME_Relative
|
|
|
|
TALER_MINT_conf_duration_provide ()
|
|
|
|
{
|
|
|
|
struct GNUNET_TIME_Relative rel;
|
|
|
|
|
|
|
|
if (GNUNET_OK !=
|
|
|
|
GNUNET_CONFIGURATION_get_value_time (cfg,
|
|
|
|
"mint_keys",
|
|
|
|
"lookahead_provide",
|
|
|
|
&rel))
|
|
|
|
{
|
2015-06-12 10:46:42 +02:00
|
|
|
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
|
|
|
|
"mint_keys",
|
|
|
|
"lookahead_provide",
|
|
|
|
"time value required");
|
2015-03-09 11:24:35 +01:00
|
|
|
GNUNET_assert (0);
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
return rel;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2015-03-15 16:05:48 +01:00
|
|
|
* Iterator for (re)loading/initializing denomination keys.
|
2015-01-28 20:10:59 +01:00
|
|
|
*
|
|
|
|
* @param cls closure
|
|
|
|
* @param dki the denomination key issue
|
|
|
|
* @param alias coin alias
|
|
|
|
* @return #GNUNET_OK to continue to iterate,
|
|
|
|
* #GNUNET_NO to stop iteration with no error,
|
|
|
|
* #GNUNET_SYSERR to abort iteration with error!
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
reload_keys_denom_iter (void *cls,
|
|
|
|
const char *alias,
|
2015-03-28 12:29:35 +01:00
|
|
|
const struct TALER_MINTDB_DenominationKeyIssueInformation *dki)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle *ctx = cls;
|
2015-03-15 17:08:12 +01:00
|
|
|
struct GNUNET_TIME_Absolute now;
|
|
|
|
struct GNUNET_TIME_Absolute horizon;
|
2015-01-28 20:10:59 +01:00
|
|
|
struct GNUNET_HashCode denom_key_hash;
|
2015-03-28 12:29:35 +01:00
|
|
|
struct TALER_MINTDB_DenominationKeyIssueInformation *d2;
|
2015-06-12 10:46:42 +02:00
|
|
|
struct TALER_MINTDB_Session *session;
|
2015-01-28 20:10:59 +01:00
|
|
|
int res;
|
|
|
|
|
2015-06-18 16:46:06 +02:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
|
|
|
|
"Loading denomination key `%s'\n",
|
|
|
|
alias);
|
2015-03-15 17:08:12 +01:00
|
|
|
horizon = GNUNET_TIME_relative_to_absolute (TALER_MINT_conf_duration_provide ());
|
2015-07-06 10:16:49 +02:00
|
|
|
if (GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us >
|
2015-03-15 17:08:12 +01:00
|
|
|
horizon.abs_value_us)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-15 16:52:19 +01:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
2015-03-15 17:08:12 +01:00
|
|
|
"Skipping future denomination key `%s'\n",
|
2015-03-15 16:52:19 +01:00
|
|
|
alias);
|
2015-01-28 20:10:59 +01:00
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
2015-03-15 17:08:12 +01:00
|
|
|
now = GNUNET_TIME_absolute_get ();
|
2015-07-06 10:16:49 +02:00
|
|
|
if (GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us <
|
2015-03-15 17:08:12 +01:00
|
|
|
now.abs_value_us)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-15 16:52:19 +01:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
2015-03-15 17:08:12 +01:00
|
|
|
"Skipping expired denomination key `%s'\n",
|
2015-03-15 16:52:19 +01:00
|
|
|
alias);
|
2015-01-28 20:10:59 +01:00
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
2015-03-22 22:14:30 +01:00
|
|
|
GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key,
|
2015-03-15 18:27:32 +01:00
|
|
|
&denom_key_hash);
|
2015-04-12 22:18:09 +02:00
|
|
|
GNUNET_CRYPTO_hash_context_read (ctx->hash_context,
|
|
|
|
&denom_key_hash,
|
|
|
|
sizeof (struct GNUNET_HashCode));
|
2015-06-12 10:46:42 +02:00
|
|
|
session = TMH_plugin->get_session (TMH_plugin->cls,
|
2015-06-18 16:41:36 +02:00
|
|
|
TMH_test_mode);
|
|
|
|
if (NULL == session)
|
|
|
|
return GNUNET_SYSERR;
|
2015-06-12 10:46:42 +02:00
|
|
|
/* Try to insert DKI into DB until we succeed; note that if the DB
|
|
|
|
failure is persistent, this code may loop forever (as there is no
|
|
|
|
sane alternative, we cannot continue without the DKI being in the
|
|
|
|
DB). */
|
|
|
|
res = GNUNET_SYSERR;
|
|
|
|
while (GNUNET_OK != res)
|
|
|
|
{
|
|
|
|
res = TMH_plugin->start (TMH_plugin->cls,
|
|
|
|
session);
|
|
|
|
if (GNUNET_OK != res)
|
|
|
|
{
|
|
|
|
/* Transaction start failed!? Very bad error, log and retry */
|
|
|
|
GNUNET_break (0);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
res = TMH_plugin->get_denomination_info (TMH_plugin->cls,
|
|
|
|
session,
|
|
|
|
&dki->denom_pub,
|
|
|
|
NULL);
|
|
|
|
if (GNUNET_SYSERR == res)
|
|
|
|
{
|
|
|
|
/* Fetch failed!? Very bad error, log and retry */
|
|
|
|
GNUNET_break (0);
|
|
|
|
TMH_plugin->rollback (TMH_plugin->cls,
|
|
|
|
session);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (GNUNET_OK == res)
|
|
|
|
{
|
|
|
|
/* Record exists, we're good, just exit */
|
|
|
|
TMH_plugin->rollback (TMH_plugin->cls,
|
|
|
|
session);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
res = TMH_plugin->insert_denomination_info (TMH_plugin->cls,
|
|
|
|
session,
|
|
|
|
&dki->denom_pub,
|
|
|
|
&dki->issue);
|
|
|
|
if (GNUNET_OK != res)
|
|
|
|
{
|
|
|
|
/* Insert failed!? Very bad error, log and retry */
|
|
|
|
GNUNET_break (0);
|
|
|
|
TMH_plugin->rollback (TMH_plugin->cls,
|
|
|
|
session);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
res = TMH_plugin->commit (TMH_plugin->cls,
|
|
|
|
session);
|
|
|
|
/* If commit succeeded, we're done, otherwise we retry; this
|
|
|
|
time without logging, as theroetically commits can fail
|
|
|
|
in a transactional DB due to concurrent activities that
|
|
|
|
cannot be reconciled. This should be rare for DKIs, but
|
|
|
|
as it is possible we just retry until we succeed. */
|
|
|
|
}
|
2015-04-12 22:18:09 +02:00
|
|
|
|
2015-07-11 18:25:30 +02:00
|
|
|
d2 = GNUNET_new (struct TALER_MINTDB_DenominationKeyIssueInformation);
|
|
|
|
d2->issue = dki->issue;
|
|
|
|
d2->denom_priv.rsa_private_key
|
|
|
|
= GNUNET_CRYPTO_rsa_private_key_dup (dki->denom_priv.rsa_private_key);
|
|
|
|
d2->denom_pub.rsa_public_key
|
|
|
|
= GNUNET_CRYPTO_rsa_public_key_dup (dki->denom_pub.rsa_public_key);
|
2015-01-28 20:10:59 +01:00
|
|
|
res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map,
|
|
|
|
&denom_key_hash,
|
2015-03-15 16:52:19 +01:00
|
|
|
d2,
|
2015-01-28 20:10:59 +01:00
|
|
|
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
|
|
|
|
if (GNUNET_OK != res)
|
2015-03-15 16:52:19 +01:00
|
|
|
{
|
2015-01-28 20:10:59 +01:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
|
2015-03-15 16:52:19 +01:00
|
|
|
"Duplicate denomination key `%s'\n",
|
|
|
|
alias);
|
2015-07-11 18:25:30 +02:00
|
|
|
GNUNET_CRYPTO_rsa_private_key_free (d2->denom_priv.rsa_private_key);
|
|
|
|
GNUNET_CRYPTO_rsa_public_key_free (d2->denom_pub.rsa_public_key);
|
2015-03-15 16:52:19 +01:00
|
|
|
GNUNET_free (d2);
|
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
2015-01-28 20:10:59 +01:00
|
|
|
json_array_append_new (ctx->denom_keys_array,
|
2015-03-22 22:14:30 +01:00
|
|
|
denom_key_issue_to_json (&dki->denom_pub,
|
2015-03-15 18:27:32 +01:00
|
|
|
&dki->issue));
|
2015-01-28 20:10:59 +01:00
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-03-15 16:52:19 +01:00
|
|
|
/**
|
|
|
|
* Convert the public part of a sign key issue to a JSON object.
|
|
|
|
*
|
|
|
|
* @param ski the sign key issue
|
2015-09-17 16:10:30 +02:00
|
|
|
* @return a JSON object describing the sign key issue (public part)
|
2015-03-15 16:52:19 +01:00
|
|
|
*/
|
|
|
|
static json_t *
|
2015-03-27 19:58:40 +01:00
|
|
|
sign_key_issue_to_json (const struct TALER_MintSigningKeyValidityPS *ski)
|
2015-03-15 16:52:19 +01:00
|
|
|
{
|
|
|
|
return
|
2015-03-28 18:18:38 +01:00
|
|
|
json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}",
|
2015-03-15 16:52:19 +01:00
|
|
|
"stamp_start",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)),
|
2015-03-15 16:52:19 +01:00
|
|
|
"stamp_expire",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)),
|
2015-03-28 18:18:38 +01:00
|
|
|
"stamp_end",
|
|
|
|
TALER_json_from_abs (GNUNET_TIME_absolute_ntoh (ski->end)),
|
|
|
|
"master_pub",
|
|
|
|
TALER_json_from_data (&ski->master_public_key,
|
|
|
|
sizeof (struct TALER_MasterPublicKeyP)),
|
2015-03-15 16:52:19 +01:00
|
|
|
"master_sig",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_data (&ski->signature,
|
2015-03-28 18:18:38 +01:00
|
|
|
sizeof (struct TALER_MasterSignatureP)),
|
2015-03-15 16:52:19 +01:00
|
|
|
"key",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_data (&ski->signkey_pub,
|
2015-03-28 18:18:38 +01:00
|
|
|
sizeof (struct TALER_MintPublicKeyP)));
|
2015-03-15 16:52:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-28 20:10:59 +01:00
|
|
|
/**
|
|
|
|
* Iterator for sign keys.
|
|
|
|
*
|
2015-09-17 16:10:30 +02:00
|
|
|
* @param cls closure with the `struct TMH_KS_StateHandle *`
|
2015-03-15 16:52:19 +01:00
|
|
|
* @param filename name of the file the key came from
|
2015-01-28 20:10:59 +01:00
|
|
|
* @param ski the sign key issue
|
|
|
|
* @return #GNUNET_OK to continue to iterate,
|
|
|
|
* #GNUNET_NO to stop iteration with no error,
|
|
|
|
* #GNUNET_SYSERR to abort iteration with error!
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
reload_keys_sign_iter (void *cls,
|
2015-03-15 16:52:19 +01:00
|
|
|
const char *filename,
|
2015-03-28 12:29:35 +01:00
|
|
|
const struct TALER_MINTDB_PrivateSigningKeyInformationP *ski)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle *ctx = cls;
|
2015-03-15 17:08:12 +01:00
|
|
|
struct GNUNET_TIME_Absolute now;
|
|
|
|
struct GNUNET_TIME_Absolute horizon;
|
2015-01-28 20:10:59 +01:00
|
|
|
|
2015-03-15 17:08:12 +01:00
|
|
|
horizon = GNUNET_TIME_relative_to_absolute (TALER_MINT_conf_duration_provide ());
|
|
|
|
if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us >
|
|
|
|
horizon.abs_value_us)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-15 16:52:19 +01:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
2015-03-15 17:08:12 +01:00
|
|
|
"Skipping future signing key `%s'\n",
|
2015-03-15 16:52:19 +01:00
|
|
|
filename);
|
2015-01-28 20:10:59 +01:00
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
2015-03-15 17:08:12 +01:00
|
|
|
now = GNUNET_TIME_absolute_get ();
|
|
|
|
if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us <
|
|
|
|
now.abs_value_us)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-15 16:52:19 +01:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
2015-03-15 17:08:12 +01:00
|
|
|
"Skipping expired signing key `%s'\n",
|
2015-03-15 16:52:19 +01:00
|
|
|
filename);
|
2015-01-28 20:10:59 +01:00
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
2015-03-15 16:58:21 +01:00
|
|
|
/* The signkey is valid at this time, check if it's more recent than
|
|
|
|
what we have so far! */
|
2015-07-05 17:27:20 +02:00
|
|
|
if ( (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.issue.start).abs_value_us <
|
|
|
|
GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us) &&
|
|
|
|
(GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us <
|
|
|
|
now.abs_value_us) )
|
2015-03-15 16:58:21 +01:00
|
|
|
{
|
2015-07-05 17:27:20 +02:00
|
|
|
/* We use the most recent one, if it is valid now (not just in the near future) */
|
2015-01-28 20:10:59 +01:00
|
|
|
ctx->current_sign_key_issue = *ski;
|
2015-03-15 16:58:21 +01:00
|
|
|
}
|
2015-01-28 20:10:59 +01:00
|
|
|
json_array_append_new (ctx->sign_keys_array,
|
|
|
|
sign_key_issue_to_json (&ski->issue));
|
|
|
|
|
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-09-17 16:10:30 +02:00
|
|
|
/**
|
|
|
|
* Convert information from an auditor to a JSON object.
|
|
|
|
*
|
|
|
|
* @param apub the auditor's public key
|
2015-09-19 16:34:27 +02:00
|
|
|
* @param dki_len length of @a dki and @a asigs arrays
|
|
|
|
* @param asigs the auditor's signatures
|
2015-09-17 16:10:30 +02:00
|
|
|
* @param dki array of denomination coin data signed by the auditor
|
|
|
|
* @return a JSON object describing the auditor information and signature
|
|
|
|
*/
|
|
|
|
static json_t *
|
|
|
|
auditor_to_json (const struct TALER_AuditorPublicKeyP *apub,
|
|
|
|
unsigned int dki_len,
|
2015-09-19 16:34:27 +02:00
|
|
|
const struct TALER_AuditorSignatureP **asigs,
|
|
|
|
const struct TALER_DenominationKeyValidityPS **dki)
|
2015-09-17 16:10:30 +02:00
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
json_t *ja;
|
|
|
|
|
|
|
|
ja = json_array ();
|
|
|
|
for (i=0;i<dki_len;i++)
|
|
|
|
json_array_append_new (ja,
|
2015-09-19 16:34:27 +02:00
|
|
|
json_pack ("{s:o, s:o}",
|
2015-09-17 16:10:30 +02:00
|
|
|
"denom_pub_h",
|
2015-09-19 16:34:27 +02:00
|
|
|
TALER_json_from_data (&dki[i]->denom_hash,
|
|
|
|
sizeof (struct GNUNET_HashCode)),
|
|
|
|
"auditor_sig",
|
|
|
|
TALER_json_from_data (asigs[i],
|
|
|
|
sizeof (struct TALER_AuditorSignatureP))));
|
2015-09-17 16:10:30 +02:00
|
|
|
return
|
2015-09-19 16:34:27 +02:00
|
|
|
json_pack ("{s:o, s:o}",
|
2015-09-17 16:10:30 +02:00
|
|
|
"denomination_keys", ja,
|
|
|
|
"auditor_pub",
|
|
|
|
TALER_json_from_data (apub,
|
2015-09-19 16:34:27 +02:00
|
|
|
sizeof (struct TALER_AuditorPublicKeyP)));
|
2015-09-17 16:10:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-09-17 14:13:41 +02:00
|
|
|
/**
|
|
|
|
* @brief Iterator called with auditor information.
|
|
|
|
* Check that the @a mpub actually matches this mint, and then
|
|
|
|
* add the auditor information to our /keys response (if it is
|
|
|
|
* (still) applicable).
|
|
|
|
*
|
2015-09-17 16:10:30 +02:00
|
|
|
* @param cls closure with the `struct TMH_KS_StateHandle *`
|
2015-09-17 14:13:41 +02:00
|
|
|
* @param apub the auditor's public key
|
|
|
|
* @param mpub the mint's public key (as expected by the auditor)
|
2015-09-19 16:34:27 +02:00
|
|
|
* @param dki_len length of @a dki and @a asigs
|
|
|
|
* @param asigs array with the auditor's signatures, of length @a dki_len
|
2015-09-17 14:13:41 +02:00
|
|
|
* @param dki array of denomination coin data signed by the auditor
|
|
|
|
* @return #GNUNET_OK to continue to iterate,
|
|
|
|
* #GNUNET_NO to stop iteration with no error,
|
|
|
|
* #GNUNET_SYSERR to abort iteration with error!
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
reload_auditor_iter (void *cls,
|
|
|
|
const struct TALER_AuditorPublicKeyP *apub,
|
|
|
|
const struct TALER_MasterPublicKeyP *mpub,
|
|
|
|
unsigned int dki_len,
|
2015-09-19 16:34:27 +02:00
|
|
|
const struct TALER_AuditorSignatureP *asigs,
|
2015-09-17 14:13:41 +02:00
|
|
|
const struct TALER_DenominationKeyValidityPS *dki)
|
|
|
|
{
|
2015-09-17 16:10:30 +02:00
|
|
|
struct TMH_KS_StateHandle *ctx = cls;
|
2015-09-18 15:37:15 +02:00
|
|
|
unsigned int i;
|
2015-09-19 16:34:27 +02:00
|
|
|
unsigned int keep;
|
|
|
|
const struct TALER_AuditorSignatureP *kept_asigs[dki_len];
|
|
|
|
const struct TALER_DenominationKeyValidityPS *kept_dkis[dki_len];
|
2015-09-17 16:10:30 +02:00
|
|
|
|
2015-09-18 15:37:15 +02:00
|
|
|
/* Check if the signature is at least for this mint. */
|
|
|
|
if (0 != memcmp (&mpub->eddsa_pub,
|
|
|
|
&TMH_master_public_key,
|
|
|
|
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)))
|
|
|
|
{
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
|
|
|
|
"Auditing information provided for a different mint, ignored\n");
|
|
|
|
return GNUNET_OK;
|
|
|
|
}
|
2015-09-19 16:34:27 +02:00
|
|
|
/* Filter the auditor information for those for which the
|
|
|
|
keys actually match the denomination keys that are active right now */
|
|
|
|
keep = 0;
|
2015-09-18 15:37:15 +02:00
|
|
|
for (i=0;i<dki_len;i++)
|
|
|
|
{
|
|
|
|
if (GNUNET_YES ==
|
|
|
|
GNUNET_CONTAINER_multihashmap_contains (ctx->denomkey_map,
|
|
|
|
&dki[i].denom_hash))
|
|
|
|
{
|
2015-09-19 16:34:27 +02:00
|
|
|
kept_asigs[keep] = &asigs[i];
|
|
|
|
kept_dkis[keep] = &dki[i];
|
|
|
|
keep++;
|
2015-09-18 15:37:15 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
/* add auditor information to our /keys response */
|
2015-09-17 16:10:30 +02:00
|
|
|
json_array_append_new (ctx->auditors_array,
|
|
|
|
auditor_to_json (apub,
|
2015-09-19 16:34:27 +02:00
|
|
|
keep,
|
|
|
|
kept_asigs,
|
|
|
|
kept_dkis));
|
2015-09-18 15:37:15 +02:00
|
|
|
return GNUNET_OK;
|
2015-09-17 14:13:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-28 20:10:59 +01:00
|
|
|
/**
|
2015-03-15 16:05:48 +01:00
|
|
|
* Iterator for freeing denomination keys.
|
2015-01-28 20:10:59 +01:00
|
|
|
*
|
2015-03-27 19:58:40 +01:00
|
|
|
* @param cls closure with the `struct TMH_KS_StateHandle`
|
2015-03-15 16:05:48 +01:00
|
|
|
* @param key key for the denomination key
|
2015-03-28 15:42:07 +01:00
|
|
|
* @param value coin details
|
2015-03-15 16:05:48 +01:00
|
|
|
* @return #GNUNET_OK to continue to iterate,
|
|
|
|
* #GNUNET_NO to stop iteration with no error,
|
|
|
|
* #GNUNET_SYSERR to abort iteration with error!
|
2015-01-28 20:10:59 +01:00
|
|
|
*/
|
2015-03-15 16:05:48 +01:00
|
|
|
static int
|
|
|
|
free_denom_key (void *cls,
|
|
|
|
const struct GNUNET_HashCode *key,
|
|
|
|
void *value)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-28 12:29:35 +01:00
|
|
|
struct TALER_MINTDB_DenominationKeyIssueInformation *dki = value;
|
2015-01-28 20:10:59 +01:00
|
|
|
|
2015-07-09 22:10:14 +02:00
|
|
|
GNUNET_CRYPTO_rsa_private_key_free (dki->denom_priv.rsa_private_key);
|
|
|
|
GNUNET_CRYPTO_rsa_public_key_free (dki->denom_pub.rsa_public_key);
|
2015-03-15 16:05:48 +01:00
|
|
|
GNUNET_free (dki);
|
|
|
|
return GNUNET_OK;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Release key state, free if necessary (if reference count gets to zero).
|
2015-06-18 13:44:58 +02:00
|
|
|
* Internal method used when the mutex is already held.
|
2015-01-28 20:10:59 +01:00
|
|
|
*
|
|
|
|
* @param key_state the key state to release
|
|
|
|
*/
|
2015-06-18 13:45:15 +02:00
|
|
|
static void
|
2015-06-18 13:44:58 +02:00
|
|
|
TMH_KS_release_ (struct TMH_KS_StateHandle *key_state)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-01-28 21:08:19 +01:00
|
|
|
GNUNET_assert (0 < key_state->refcnt);
|
|
|
|
key_state->refcnt--;
|
|
|
|
if (0 == key_state->refcnt)
|
|
|
|
{
|
2015-07-09 22:10:14 +02:00
|
|
|
if (NULL != key_state->denom_keys_array)
|
|
|
|
{
|
|
|
|
json_decref (key_state->denom_keys_array);
|
|
|
|
key_state->denom_keys_array = NULL;
|
|
|
|
}
|
|
|
|
if (NULL != key_state->sign_keys_array)
|
|
|
|
{
|
|
|
|
json_decref (key_state->sign_keys_array);
|
|
|
|
key_state->sign_keys_array = NULL;
|
|
|
|
}
|
|
|
|
if (NULL != key_state->denomkey_map)
|
|
|
|
{
|
|
|
|
GNUNET_CONTAINER_multihashmap_iterate (key_state->denomkey_map,
|
|
|
|
&free_denom_key,
|
|
|
|
key_state);
|
|
|
|
GNUNET_CONTAINER_multihashmap_destroy (key_state->denomkey_map);
|
|
|
|
key_state->denomkey_map = NULL;
|
|
|
|
}
|
|
|
|
GNUNET_free_non_null (key_state->keys_json);
|
2015-01-28 20:10:59 +01:00
|
|
|
GNUNET_free (key_state);
|
|
|
|
}
|
2015-06-18 13:44:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Release key state, free if necessary (if reference count gets to zero).
|
|
|
|
*
|
|
|
|
* @param key_state the key state to release
|
|
|
|
*/
|
|
|
|
void
|
|
|
|
TMH_KS_release (struct TMH_KS_StateHandle *key_state)
|
|
|
|
{
|
|
|
|
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
|
|
|
|
TMH_KS_release_ (key_state);
|
2015-01-28 20:10:59 +01:00
|
|
|
GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Acquire the key state of the mint. Updates keys if necessary.
|
2015-03-27 19:58:40 +01:00
|
|
|
* For every call to #TMH_KS_acquire(), a matching call
|
|
|
|
* to #TMH_KS_release() must be made.
|
2015-01-28 20:10:59 +01:00
|
|
|
*
|
|
|
|
* @return the key state
|
|
|
|
*/
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle *
|
|
|
|
TMH_KS_acquire (void)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
|
|
|
struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle *key_state;
|
2015-03-15 16:05:48 +01:00
|
|
|
json_t *keys;
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TALER_MintKeySetPS ks;
|
|
|
|
struct TALER_MintSignatureP sig;
|
2015-01-28 20:10:59 +01:00
|
|
|
|
|
|
|
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
|
2015-04-19 23:31:24 +02:00
|
|
|
if ( (NULL != internal_key_state) &&
|
|
|
|
(internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-06-18 13:44:58 +02:00
|
|
|
TMH_KS_release_ (internal_key_state);
|
2015-03-15 16:05:48 +01:00
|
|
|
internal_key_state = NULL;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
2015-03-15 16:05:48 +01:00
|
|
|
if (NULL == internal_key_state)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-27 19:58:40 +01:00
|
|
|
key_state = GNUNET_new (struct TMH_KS_StateHandle);
|
2015-04-12 22:18:09 +02:00
|
|
|
key_state->hash_context = GNUNET_CRYPTO_hash_context_start ();
|
2015-03-15 16:05:48 +01:00
|
|
|
key_state->denom_keys_array = json_array ();
|
|
|
|
GNUNET_assert (NULL != key_state->denom_keys_array);
|
|
|
|
key_state->sign_keys_array = json_array ();
|
|
|
|
GNUNET_assert (NULL != key_state->sign_keys_array);
|
2015-09-17 16:10:30 +02:00
|
|
|
key_state->auditors_array = json_array ();
|
|
|
|
GNUNET_assert (NULL != key_state->auditors_array);
|
2015-03-15 16:05:48 +01:00
|
|
|
key_state->denomkey_map = GNUNET_CONTAINER_multihashmap_create (32,
|
|
|
|
GNUNET_NO);
|
|
|
|
key_state->reload_time = GNUNET_TIME_absolute_get ();
|
2015-07-05 16:55:01 +02:00
|
|
|
TALER_round_abs_time (&key_state->reload_time);
|
2015-06-19 11:24:34 +02:00
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
|
|
|
"Loading keys from `%s'\n",
|
|
|
|
TMH_mint_directory);
|
2015-03-28 12:29:35 +01:00
|
|
|
TALER_MINTDB_denomination_keys_iterate (TMH_mint_directory,
|
2015-04-08 22:28:52 +02:00
|
|
|
&reload_keys_denom_iter,
|
|
|
|
key_state);
|
2015-03-28 12:29:35 +01:00
|
|
|
TALER_MINTDB_signing_keys_iterate (TMH_mint_directory,
|
2015-04-08 22:28:52 +02:00
|
|
|
&reload_keys_sign_iter,
|
|
|
|
key_state);
|
2015-09-17 14:13:41 +02:00
|
|
|
TALER_MINTDB_auditor_iterate (TMH_mint_directory,
|
|
|
|
&reload_auditor_iter,
|
|
|
|
key_state);
|
2015-04-12 22:18:09 +02:00
|
|
|
ks.purpose.size = htonl (sizeof (ks));
|
|
|
|
ks.purpose.purpose = htonl (TALER_SIGNATURE_MINT_KEY_SET);
|
|
|
|
ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time);
|
|
|
|
GNUNET_CRYPTO_hash_context_finish (key_state->hash_context,
|
|
|
|
&ks.hc);
|
|
|
|
key_state->hash_context = NULL;
|
2015-06-18 13:44:58 +02:00
|
|
|
GNUNET_assert (GNUNET_OK ==
|
|
|
|
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
|
|
|
|
&ks.purpose,
|
|
|
|
&sig.eddsa_signature));
|
2015-03-15 16:58:21 +01:00
|
|
|
key_state->next_reload = GNUNET_TIME_absolute_ntoh (key_state->current_sign_key_issue.issue.expire);
|
|
|
|
if (0 == key_state->next_reload.abs_value_us)
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
|
|
|
|
"No valid signing key found!\n");
|
|
|
|
|
2015-09-17 16:10:30 +02:00
|
|
|
keys = json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o, s:o}",
|
2015-04-08 22:28:52 +02:00
|
|
|
"master_public_key",
|
2015-03-27 19:58:40 +01:00
|
|
|
TALER_json_from_data (&TMH_master_public_key,
|
2015-03-15 16:05:48 +01:00
|
|
|
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)),
|
|
|
|
"signkeys", key_state->sign_keys_array,
|
|
|
|
"denoms", key_state->denom_keys_array,
|
2015-09-17 16:10:30 +02:00
|
|
|
"auditors", key_state->auditors_array,
|
2015-04-12 22:18:09 +02:00
|
|
|
"list_issue_date", TALER_json_from_abs (key_state->reload_time),
|
2015-07-05 17:15:37 +02:00
|
|
|
"eddsa_pub", TALER_json_from_data (&key_state->current_sign_key_issue.issue.signkey_pub,
|
|
|
|
sizeof (struct TALER_MintPublicKeyP)),
|
2015-06-20 23:19:21 +02:00
|
|
|
"eddsa_sig", TALER_json_from_data (&sig,
|
|
|
|
sizeof (struct TALER_MintSignatureP)));
|
2015-09-17 16:10:30 +02:00
|
|
|
key_state->auditors_array = NULL;
|
2015-07-09 22:10:14 +02:00
|
|
|
key_state->sign_keys_array = NULL;
|
|
|
|
key_state->denom_keys_array = NULL;
|
2015-03-15 16:05:48 +01:00
|
|
|
key_state->keys_json = json_dumps (keys,
|
2015-03-24 17:53:13 +01:00
|
|
|
JSON_INDENT (2));
|
|
|
|
json_decref (keys);
|
2015-03-15 16:05:48 +01:00
|
|
|
internal_key_state = key_state;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
key_state = internal_key_state;
|
2015-01-28 21:08:19 +01:00
|
|
|
key_state->refcnt++;
|
2015-01-28 20:10:59 +01:00
|
|
|
GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex));
|
|
|
|
|
|
|
|
return key_state;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Look up the issue for a denom public key.
|
|
|
|
*
|
2015-03-28 15:42:07 +01:00
|
|
|
* @param key_state state to look in
|
2015-01-28 20:10:59 +01:00
|
|
|
* @param denom_pub denomination public key
|
2015-04-13 13:11:54 +02:00
|
|
|
* @param use purpose for which the key is being located
|
2015-01-28 20:10:59 +01:00
|
|
|
* @return the denomination key issue,
|
|
|
|
* or NULL if denom_pub could not be found
|
|
|
|
*/
|
2015-03-28 12:29:35 +01:00
|
|
|
struct TALER_MINTDB_DenominationKeyIssueInformation *
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state,
|
2015-04-13 13:11:54 +02:00
|
|
|
const struct TALER_DenominationPublicKey *denom_pub,
|
|
|
|
enum TMH_KS_DenominationKeyUse use)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-03-15 17:10:15 +01:00
|
|
|
struct GNUNET_HashCode hc;
|
2015-04-13 13:11:54 +02:00
|
|
|
struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
|
|
|
|
struct GNUNET_TIME_Absolute now;
|
2015-03-15 17:10:15 +01:00
|
|
|
|
2015-03-22 22:14:30 +01:00
|
|
|
GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key,
|
2015-03-15 17:10:15 +01:00
|
|
|
&hc);
|
2015-04-13 13:11:54 +02:00
|
|
|
dki = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map,
|
|
|
|
&hc);
|
2015-07-14 16:55:59 +02:00
|
|
|
if (NULL == dki)
|
|
|
|
return NULL;
|
2015-05-01 10:02:09 +02:00
|
|
|
now = GNUNET_TIME_absolute_get ();
|
2015-04-13 13:11:54 +02:00
|
|
|
if (now.abs_value_us <
|
2015-07-06 10:16:49 +02:00
|
|
|
GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us)
|
2015-04-13 13:11:54 +02:00
|
|
|
{
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
|
|
|
"Not returning DKI for %s, as start time is in the future\n",
|
|
|
|
GNUNET_h2s (&hc));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
now = GNUNET_TIME_absolute_get ();
|
|
|
|
switch (use)
|
|
|
|
{
|
|
|
|
case TMH_KS_DKU_WITHDRAW:
|
|
|
|
if (now.abs_value_us >
|
2015-07-06 10:16:49 +02:00
|
|
|
GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_withdraw).abs_value_us)
|
2015-04-13 13:11:54 +02:00
|
|
|
{
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
|
|
|
"Not returning DKI for %s, as time to create coins has passed\n",
|
|
|
|
GNUNET_h2s (&hc));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case TMH_KS_DKU_DEPOSIT:
|
|
|
|
if (now.abs_value_us >
|
2015-07-06 10:16:49 +02:00
|
|
|
GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_spend).abs_value_us)
|
2015-04-13 13:11:54 +02:00
|
|
|
{
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
|
|
|
"Not returning DKI for %s, as time to spend coin has passed\n",
|
|
|
|
GNUNET_h2s (&hc));
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
return dki;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2015-07-09 22:10:14 +02:00
|
|
|
* Handle a signal, writing relevant signal numbers to the pipe.
|
2015-01-28 20:10:59 +01:00
|
|
|
*
|
|
|
|
* @param signal_number the signal number
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
handle_signal (int signal_number)
|
|
|
|
{
|
2015-01-30 14:07:27 +01:00
|
|
|
ssize_t res;
|
2015-01-28 20:10:59 +01:00
|
|
|
char c = signal_number;
|
|
|
|
|
2015-07-09 22:10:14 +02:00
|
|
|
res = write (reload_pipe[1],
|
|
|
|
&c,
|
|
|
|
1);
|
|
|
|
if ( (res < 0) &&
|
|
|
|
(EINTR != errno) )
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-07-09 22:10:14 +02:00
|
|
|
GNUNET_break (0);
|
|
|
|
return;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
2015-07-09 22:10:14 +02:00
|
|
|
if (0 == res)
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Call #handle_signal() to pass the received signal via
|
|
|
|
* the control pipe.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
handle_sigusr1 ()
|
|
|
|
{
|
|
|
|
handle_signal (SIGUSR1);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Call #handle_signal() to pass the received signal via
|
|
|
|
* the control pipe.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
handle_sigint ()
|
|
|
|
{
|
|
|
|
handle_signal (SIGINT);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Call #handle_signal() to pass the received signal via
|
|
|
|
* the control pipe.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
handle_sigterm ()
|
|
|
|
{
|
|
|
|
handle_signal (SIGTERM);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Call #handle_signal() to pass the received signal via
|
|
|
|
* the control pipe.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
handle_sighup ()
|
|
|
|
{
|
|
|
|
handle_signal (SIGHUP);
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Read signals from a pipe in a loop, and reload keys from disk if
|
2015-07-09 22:10:14 +02:00
|
|
|
* SIGUSR1 is received, terminate if SIGTERM/SIGINT is received, and
|
|
|
|
* restart if SIGHUP is received.
|
2015-03-15 16:05:48 +01:00
|
|
|
*
|
2015-07-09 22:10:14 +02:00
|
|
|
* @return #GNUNET_SYSERR on errors,
|
|
|
|
* #GNUNET_OK to terminate normally
|
|
|
|
* #GNUNET_NO to restart an update version of the binary
|
2015-01-28 20:10:59 +01:00
|
|
|
*/
|
|
|
|
int
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_loop (void)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
2015-07-09 22:10:14 +02:00
|
|
|
struct GNUNET_SIGNAL_Context *sigusr1;
|
|
|
|
struct GNUNET_SIGNAL_Context *sigterm;
|
|
|
|
struct GNUNET_SIGNAL_Context *sigint;
|
|
|
|
struct GNUNET_SIGNAL_Context *sighup;
|
2015-03-15 17:14:11 +01:00
|
|
|
int ret;
|
2015-01-28 20:10:59 +01:00
|
|
|
|
|
|
|
if (0 != pipe (reload_pipe))
|
|
|
|
{
|
|
|
|
fprintf (stderr,
|
|
|
|
"Failed to create pipe.\n");
|
|
|
|
return GNUNET_SYSERR;
|
|
|
|
}
|
2015-07-09 22:10:14 +02:00
|
|
|
sigusr1 = GNUNET_SIGNAL_handler_install (SIGUSR1,
|
|
|
|
&handle_sigusr1);
|
|
|
|
sigterm = GNUNET_SIGNAL_handler_install (SIGTERM,
|
|
|
|
&handle_sigterm);
|
|
|
|
sigint = GNUNET_SIGNAL_handler_install (SIGINT,
|
|
|
|
&handle_sigint);
|
|
|
|
sighup = GNUNET_SIGNAL_handler_install (SIGHUP,
|
|
|
|
&handle_sighup);
|
|
|
|
|
|
|
|
ret = 0;
|
|
|
|
while (0 == ret)
|
2015-01-28 20:10:59 +01:00
|
|
|
{
|
|
|
|
char c;
|
|
|
|
ssize_t res;
|
|
|
|
|
|
|
|
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
|
|
|
"(re-)loading keys\n");
|
|
|
|
if (NULL != internal_key_state)
|
|
|
|
{
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_release (internal_key_state);
|
2015-03-15 16:12:43 +01:00
|
|
|
internal_key_state = NULL;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
2015-03-15 16:05:48 +01:00
|
|
|
/* This will re-initialize 'internal_key_state' with
|
|
|
|
an initial refcnt of 1 */
|
2015-03-27 19:58:40 +01:00
|
|
|
(void) TMH_KS_acquire ();
|
2015-03-15 16:05:48 +01:00
|
|
|
|
2015-01-28 20:10:59 +01:00
|
|
|
read_again:
|
|
|
|
errno = 0;
|
2015-03-15 17:14:11 +01:00
|
|
|
res = read (reload_pipe[0],
|
|
|
|
&c,
|
|
|
|
1);
|
2015-01-28 20:10:59 +01:00
|
|
|
if ((res < 0) && (EINTR != errno))
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
2015-03-15 17:14:11 +01:00
|
|
|
ret = GNUNET_SYSERR;
|
|
|
|
break;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
if (EINTR == errno)
|
|
|
|
goto read_again;
|
2015-07-09 22:10:14 +02:00
|
|
|
switch (c)
|
|
|
|
{
|
|
|
|
case SIGUSR1:
|
|
|
|
/* reload internal key state, we do this in the loop */
|
|
|
|
break;
|
|
|
|
case SIGTERM:
|
|
|
|
case SIGINT:
|
|
|
|
/* terminate */
|
|
|
|
ret = GNUNET_OK;
|
|
|
|
break;
|
|
|
|
case SIGHUP:
|
|
|
|
/* restart updated binary */
|
|
|
|
ret = GNUNET_NO;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* unexpected character */
|
|
|
|
GNUNET_break (0);
|
|
|
|
break;
|
|
|
|
}
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
2015-07-09 22:10:14 +02:00
|
|
|
if (NULL != internal_key_state)
|
2015-03-15 17:13:19 +01:00
|
|
|
{
|
2015-07-09 22:10:14 +02:00
|
|
|
TMH_KS_release (internal_key_state);
|
|
|
|
internal_key_state = NULL;
|
2015-03-15 17:13:19 +01:00
|
|
|
}
|
2015-07-09 22:10:14 +02:00
|
|
|
GNUNET_SIGNAL_handler_uninstall (sigusr1);
|
|
|
|
GNUNET_SIGNAL_handler_uninstall (sigterm);
|
|
|
|
GNUNET_SIGNAL_handler_uninstall (sigint);
|
|
|
|
GNUNET_SIGNAL_handler_uninstall (sighup);
|
2015-03-15 17:14:11 +01:00
|
|
|
return ret;
|
2015-01-28 20:10:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-28 20:59:39 +01:00
|
|
|
/**
|
2015-03-15 16:05:48 +01:00
|
|
|
* Sign the message in @a purpose with the mint's signing key.
|
2015-01-28 20:59:39 +01:00
|
|
|
*
|
|
|
|
* @param purpose the message to sign
|
2015-07-05 17:15:37 +02:00
|
|
|
* @param[out] pub set to the current public signing key of the mint
|
2015-03-28 15:42:07 +01:00
|
|
|
* @param[out] sig signature over purpose using current signing key
|
2015-01-28 20:59:39 +01:00
|
|
|
*/
|
|
|
|
void
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
|
2015-07-05 17:15:37 +02:00
|
|
|
struct TALER_MintPublicKeyP *pub,
|
|
|
|
struct TALER_MintSignatureP *sig)
|
2015-01-28 20:59:39 +01:00
|
|
|
|
|
|
|
{
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle *key_state;
|
2015-01-28 20:59:39 +01:00
|
|
|
|
2015-03-27 19:58:40 +01:00
|
|
|
key_state = TMH_KS_acquire ();
|
2015-07-05 17:15:37 +02:00
|
|
|
*pub = key_state->current_sign_key_issue.issue.signkey_pub;
|
2015-01-28 20:59:39 +01:00
|
|
|
GNUNET_assert (GNUNET_OK ==
|
2015-03-22 22:14:30 +01:00
|
|
|
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
|
2015-01-28 20:59:39 +01:00
|
|
|
purpose,
|
2015-03-22 22:14:30 +01:00
|
|
|
&sig->eddsa_signature));
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_release (key_state);
|
2015-01-28 20:59:39 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-03-15 15:40:07 +01:00
|
|
|
/**
|
|
|
|
* Function to call to handle the request by sending
|
|
|
|
* back static data from the @a rh.
|
|
|
|
*
|
|
|
|
* @param rh context of the handler
|
|
|
|
* @param connection the MHD connection to handle
|
2015-03-28 15:42:07 +01:00
|
|
|
* @param[in,out] connection_cls the connection's closure (can be updated)
|
2015-03-15 15:40:07 +01:00
|
|
|
* @param upload_data upload data
|
2015-03-28 15:42:07 +01:00
|
|
|
* @param[in,out] upload_data_size number of bytes (left) in @a upload_data
|
2015-03-15 15:40:07 +01:00
|
|
|
* @return MHD result code
|
|
|
|
*/
|
|
|
|
int
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_handler_keys (struct TMH_RequestHandler *rh,
|
2015-03-28 15:42:07 +01:00
|
|
|
struct MHD_Connection *connection,
|
|
|
|
void **connection_cls,
|
|
|
|
const char *upload_data,
|
|
|
|
size_t *upload_data_size)
|
2015-03-15 15:40:07 +01:00
|
|
|
{
|
2015-03-27 19:58:40 +01:00
|
|
|
struct TMH_KS_StateHandle *key_state;
|
2015-03-15 15:40:07 +01:00
|
|
|
struct MHD_Response *response;
|
|
|
|
int ret;
|
|
|
|
|
2015-03-27 19:58:40 +01:00
|
|
|
key_state = TMH_KS_acquire ();
|
2015-03-15 15:40:07 +01:00
|
|
|
response = MHD_create_response_from_buffer (strlen (key_state->keys_json),
|
|
|
|
key_state->keys_json,
|
|
|
|
MHD_RESPMEM_MUST_COPY);
|
2015-03-27 19:58:40 +01:00
|
|
|
TMH_KS_release (key_state);
|
2015-03-15 15:40:07 +01:00
|
|
|
if (NULL == response)
|
|
|
|
{
|
|
|
|
GNUNET_break (0);
|
|
|
|
return MHD_NO;
|
|
|
|
}
|
|
|
|
(void) MHD_add_response_header (response,
|
|
|
|
"Content-Type",
|
|
|
|
rh->mime_type);
|
|
|
|
ret = MHD_queue_response (connection,
|
|
|
|
rh->response_code,
|
|
|
|
response);
|
|
|
|
MHD_destroy_response (response);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-01-28 20:10:59 +01:00
|
|
|
/* end of taler-mint-httpd_keystate.c */
|