towards implementing /wire replies

This commit is contained in:
Christian Grothoff 2015-08-11 14:40:09 +02:00
parent 655e6f17bd
commit 13619f425c
6 changed files with 347 additions and 10 deletions

41
doc/taler-mint-sepa.1 Normal file
View File

@ -0,0 +1,41 @@
.TH TALER\-MINT\-SEPA 1 "Apr 22, 2015" "GNU Taler"
.SH NAME
taler\-mint\-sepa \- Create the master-key signed response to /wire/sepa.
.SH SYNOPSIS
.B taler\-mint\-sepa
.RI [ options ]
.br
.SH DESCRIPTION
\fBtaler\-mint\-sepa\fP is used to create the mint's reply to a /wire/sepa request. It converts the bank details into the appropriate signed response. This needs to be done using the long-term offline master key.
.SH OPTIONS
.B
.IP "\-b BIC, \-\-bic=BIC"
Specifies the BIC code to use.
.B
.IP "\-i IBAN, \-\-iban=IBAN"
Specifies the IBAN to use.
.B
.IP "\-n NAME, \-\-name=NAME"
Specifies the name of the account holder.
.B
.IP "\-m MASTERKEYFILE, \-\-master=MASTERKEYFILE"
Specifies the name of the file containing the mint's master key.
.B
.IP "\-o FILENAME, \-\-output=FILENAME"
Where to write the SEPA_RESPONSE_FILE.
.B
.IP "\-h, \-\-help"
Print short help on options.
.B
.IP "\-v, \-\-version"
Print version information.
.SH BUGS
Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
.SH "SEE ALSO"
\fBtaler\-mint\-httpd\fP(1), \fBtaler.conf\fP(5)

View File

@ -1,4 +1,4 @@
.TH TALER.CONF 5 "Apr 22, 2015" "GNU Taler"
.TH TALER.CONF 5 "Aug 11, 2015" "GNU Taler"
.SH NAME
taler.conf \- Taler configuration file.
@ -25,6 +25,20 @@ The following options are from the "[mint]" section and used by most mint tools:
.IP MASTER_PUBLIC_KEY
Crockford Base32-encoded master public key, public version of the mint\'s long\-time offline signing key.
.SH WIRE transfer details
The following options must be in section "[mint-wire-test]":
.IP REDIRECT_URL
URL to redirect /wire/test to. Should contain a Web form the user can use to charge his wallet with coins in a "test" currency for testing. If this option is not provided, /wire/test will return "501 NOT IMPLEMENTED".
The following options must be in section "[mint-wire-sepa]":
.IP SEPA_RESPONSE_FILE
Filename with the JSON body for the /wire/sepa response, signed using the mint's long-term offline master key. If this option is not provided, /wire/test will return "501 NOT IMPLEMENTED". Use "taler-mint-sepa" to create the SEPA_RESPONSE_FILE.
.SH Postgres database options
The following options must be in section "[mintdb-postgres]":
@ -71,4 +85,5 @@ The following options are from the "[mint_keys]" section and used by most taler\
Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
.SH "SEE ALSO"
\fBtaler\-mint\-httpd\fP(1), \fBtaler\-mint\-keyup\fP(1), \fBtaler\-mint\-reservemod\fP(1), \fBtaler\-mint\-dbinit\fP(1)
\fBtaler\-mint\-httpd\fP(1), \fBtaler\-mint\-keyup\fP(1), \fBtaler\-mint\-reservemod\fP(1), \fBtaler\-mint\-dbinit\fP(1), \fBtaler\-mint\-sepa(1)

View File

@ -67,6 +67,12 @@
*/
#define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025
/**
* Signature where the Mint confirms its SEPA details in
* the /wire/sepa response.
*/
#define TALER_SIGNATURE_MASTER_SEPA_DETAILS 1026
/*********************************************/
/* Mint online signatures (with signing key) */
@ -95,6 +101,11 @@
*/
#define TALER_SIGNATURE_MINT_KEY_SET 1035
/**
* Signature where the Mint confirms the /wire response.
*/
#define TALER_SIGNATURE_MINT_WIRE_TYPES 1036
/*********************/
/* Wallet signatures */
@ -520,7 +531,6 @@ struct TALER_MintKeySetPS
*/
struct GNUNET_TIME_AbsoluteNBO list_issue_date;
/**
* Hash over the various denomination signing keys returned.
*/
struct GNUNET_HashCode hc;
@ -673,6 +683,48 @@ struct TALER_RefreshCommitLinkP
};
/**
* @brief Information signed by the mint's master
* key affirming the SEPA details for the mint.
*/
struct TALER_MasterWireSepaDetailsPS
{
/**
* Purpose is #TALER_SIGNATURE_MASTER_SEPA_DETAILS.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the account holder's name, IBAN and BIC
* code (all as 0-terminated strings).
*/
struct GNUNET_HashCode h_sepa_details;
};
/**
* @brief Information signed by a mint's online signing key affirming
* the wire formats supported by the mint.
*/
struct TALER_MintWireSupportMethodsPS
{
/**
* Purpose is #TALER_SIGNATURE_MINT_WIRE_TYPES.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Hash over the various wire formats supported by this mint
* (all as 0-terminated strings).
*/
struct GNUNET_HashCode h_wire_types;
};
GNUNET_NETWORK_STRUCT_END
#endif

View File

@ -10,6 +10,7 @@ bin_PROGRAMS = \
taler-mint-keyup \
taler-mint-keycheck \
taler-mint-reservemod \
taler-mint-sepa \
taler-mint-dbinit
taler_mint_keyup_SOURCES = \
@ -24,9 +25,16 @@ taler_mint_keyup_LDADD = \
taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS)
taler_mint_sepa_SOURCES = \
taler-mint-sepa.c
taler_mint_sepa_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
-lgnunetutil $(XLIB)
taler_mint_sepa_LDFLAGS = $(POSTGRESQL_LDFLAGS)
taler_mint_keycheck_SOURCES = \
taler-mint-keycheck.c
taler_mint_keycheck_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \

View File

@ -0,0 +1,111 @@
/*
This file is part of TALER
Copyright (C) 2015 Christian Grothoff (and other contributing authors)
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-mint-sepa.c
* @brief Create signed response for /wire/sepa requests.
* @author Christian Grothoff
*/
#include <platform.h>
#include "taler_crypto_lib.h"
/**
* Filename of the master private key.
*/
static char *masterkeyfile;
/**
* Account holder name.
*/
static char *sepa_name;
/**
* IBAN number.
*/
static char *iban;
/**
* BIC number.
*/
static char *bic;
/**
* Where to write the result.
*/
static char *output_filename;
/**
* The main function of the taler-mint-sepa tool. This tool is used
* to sign the SEPA bank account details using the master key.
*
* @param argc number of arguments from the command line
* @param argv command line arguments
* @return 0 ok, 1 on error
*/
int
main (int argc,
char *const *argv)
{
static const struct GNUNET_GETOPT_CommandLineOption options[] = {
{'b', "bic", "BICCODE",
"bank BIC code", 1,
&GNUNET_GETOPT_set_string, &bic},
{'i', "iban", "IBAN",
"IBAN number of the account", 1,
&GNUNET_GETOPT_set_string, &iban},
{'m', "master-key", "FILE",
"master key file (private key)", 1,
&GNUNET_GETOPT_set_filename, &masterkeyfile},
{'n', "name", "NAME",
"name of the account holder", 1,
&GNUNET_GETOPT_set_string, &sepa_name},
{'o', "output", "FILE",
"where to write the result", 1,
&GNUNET_GETOPT_set_filename, &output_filename},
GNUNET_GETOPT_OPTION_VERSION (VERSION "-" VCS_VERSION),
GNUNET_GETOPT_OPTION_END
};
struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv;
GNUNET_assert (GNUNET_OK ==
GNUNET_log_setup ("taler-mint-sepa",
"WARNING",
NULL));
if (GNUNET_GETOPT_run ("taler-mint-sepa",
options,
argc, argv) < 0)
return 1;
if (NULL == masterkeyfile)
{
fprintf (stderr,
"Master key file not given\n");
return 1;
}
eddsa_priv = GNUNET_CRYPTO_eddsa_key_create_from_file (masterkeyfile);
if (NULL == eddsa_priv)
{
fprintf (stderr,
"Failed to initialize master key from file `%s'\n",
masterkeyfile);
return 1;
}
/* FIXME: do real work! */
GNUNET_free (eddsa_priv);
return 0;
}
/* end of taler-mint-sepa.c */

View File

@ -19,6 +19,8 @@
* @author Christian Grothoff
*/
#include "platform.h"
#include "taler-mint-httpd_keystate.h"
#include "taler-mint-httpd_responses.h"
#include "taler-mint-httpd_wire.h"
@ -39,8 +41,27 @@ TMH_WIRE_handler_wire (struct TMH_RequestHandler *rh,
const char *upload_data,
size_t *upload_data_size)
{
GNUNET_break (0); // FIXME: not implemented (#3477)
return MHD_NO;
struct TALER_MintWireSupportMethodsPS wsm;
struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig;
wsm.purpose.size = htonl (sizeof (wsm));
wsm.purpose.purpose = htonl (TALER_SIGNATURE_MINT_WIRE_TYPES);
GNUNET_CRYPTO_hash (TMH_expected_wire_format,
strlen (TMH_expected_wire_format) + 1,
&wsm.h_wire_types);
TMH_KS_sign (&wsm.purpose,
&pub,
&sig);
/* FIXME: check against spec! */
return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s, s:o, s:o}",
"wire", TMH_expected_wire_format,
"sig", TALER_json_from_data (&sig,
sizeof (sig)),
"pub", TALER_json_from_data (&pub,
sizeof (pub)));
}
@ -61,8 +82,42 @@ TMH_WIRE_handler_wire_test (struct TMH_RequestHandler *rh,
const char *upload_data,
size_t *upload_data_size)
{
GNUNET_break (0); // FIXME: not implemented (#3477)
struct MHD_Response *response;
int ret;
char *wire_test_redirect;
response = MHD_create_response_from_buffer (0, NULL,
MHD_RESPMEM_PERSISTENT);
if (NULL == response)
{
GNUNET_break (0);
return MHD_NO;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (cfg,
"mint-wire-test",
"REDIRECT_URL",
&wire_test_redirect))
{
ret = MHD_queue_response (connection,
MHD_HTTP_NOT_IMPLEMENTED,
response);
MHD_destroy_response (response);
return ret;
}
MHD_add_response_header (response,
MHD_HTTP_HEADER_LOCATION,
wire_test_redirect);
GNUNET_free (wire_test_redirect);
if (NULL != rh->mime_type)
(void) MHD_add_response_header (response,
MHD_HTTP_HEADER_CONTENT_TYPE,
rh->mime_type);
ret = MHD_queue_response (connection,
rh->response_code,
response);
MHD_destroy_response (response);
return ret;
}
@ -83,8 +138,63 @@ TMH_WIRE_handler_wire_sepa (struct TMH_RequestHandler *rh,
const char *upload_data,
size_t *upload_data_size)
{
GNUNET_break (0); // FIXME: not implemented (#3477)
struct MHD_Response *response;
int ret;
char *sepa_wire_file;
int fd;
struct stat sbuf;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (cfg,
"mint-wire-sepa",
"SEPA_RESPONSE_FILE",
&sepa_wire_file))
{
ret = MHD_queue_response (connection,
MHD_HTTP_NOT_IMPLEMENTED,
response);
MHD_destroy_response (response);
return ret;
}
fd = open (sepa_wire_file,
O_RDONLY);
if (-1 == fd)
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
"open",
sepa_wire_file);
GNUNET_free (sepa_wire_file);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to open SEPA_RESPONSE_FILE");
}
if (0 != fstat (fd, &sbuf))
{
GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR,
"fstat",
sepa_wire_file);
(void) close (fd);
GNUNET_free (sepa_wire_file);
return TMH_RESPONSE_reply_internal_error (connection,
"Failed to open SEPA_RESPONSE_FILE");
}
response = MHD_create_response_from_fd ((size_t) sbuf.st_size,
fd);
GNUNET_free (sepa_wire_file);
if (NULL == response)
{
(void) close (fd);
GNUNET_break (0);
return MHD_NO;
}
if (NULL != rh->mime_type)
(void) MHD_add_response_header (response,
MHD_HTTP_HEADER_CONTENT_TYPE,
rh->mime_type);
ret = MHD_queue_response (connection,
rh->response_code,
response);
MHD_destroy_response (response);
return ret;
}
/* end of taler-mint-httpd_wire.c */