implement KYC options

src/exchange/exchange.conf

@@ -77,9 +77,24 @@ TERMS_DIR = $DATADIR/exchange/tos/
 # Etag / filename for the terms of service.
 TERMS_ETAG = 0
 
-
 # Directory with our privacy policy.
 PRIVACY_DIR = $DATADIR/exchange/pp/
 
 # Etag / filename for the privacy policy.
 PRIVACY_ETAG = 0
+
+# Set to NONE to disable KYC checks.
+# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization.
+KYC_MODE = NONE
+
+
+[exchange-kyc-oauth2]
+
+# URL of the OAuth endpoint for KYC checks
+# KYC_OAUTH2_URL =
+
+# KYC Oauth client ID.
+# KYC_OAUTH2_CLIENT_ID =
+
+# KYC Client secret used to obtain access tokens.
+# KYC_OAUTH2_CLIENT_SECRET =

src/exchange/taler-exchange-httpd.c

@@ -68,6 +68,11 @@ int TEH_allow_keys_timetravel;
  */
 const struct GNUNET_CONFIGURATION_Handle *TEH_cfg;
 
+/**
+ * Our KYC configuration.
+ */
+struct TEH_KycOptions TEH_kyc_config;
+
 /**
  * How long is caching /keys allowed at most? (global)
  */
@@ -1070,6 +1075,74 @@ handle_mhd_request (void *cls,
 }
 
 
+/**
+ * Load OAuth2.0 configuration parameters for the exchange server into the
+ * #TEH_kyc_config variable.
+ *
+ * @return #GNUNET_OK on success
+ */
+static enum GNUNET_GenericReturnValue
+parse_kyc_oauth_cfg (void)
+{
+  char *s;
+
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+                                             "exchange-kyc-oauth2",
+                                             "KYC_OAUTH2_URL",
+                                             &s))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange-kyc-oauth2",
+                               "KYC_OAUTH2_URL");
+    return GNUNET_SYSERR;
+  }
+  if ( (! TALER_url_valid_charset (s)) ||
+       ( (0 != strncasecmp (s,
+                            "http://",
+                            strlen ("http://"))) &&
+         (0 != strncasecmp (s,
+                            "https://",
+                            strlen ("https://"))) ) )
+  {
+    GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange-kyc-oauth2",
+                               "KYC_OAUTH2_URL",
+                               "not a valid URL");
+    GNUNET_free (s);
+    return GNUNET_SYSERR;
+  }
+  TEH_kyc_config.details.oauth2.url = s;
+
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+                                             "exchange-kyc-oauth2",
+                                             "KYC_OAUTH2_CLIENT_ID",
+                                             &s))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange-kyc-oauth2",
+                               "KYC_OAUTH2_CLIENT_ID");
+    return GNUNET_SYSERR;
+  }
+  TEH_kyc_config.details.oauth2.client_id = s;
+
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+                                             "exchange-kyc-oauth2",
+                                             "KYC_OAUTH2_CLIENT_SECRET",
+                                             &s))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "exchange-kyc-oauth2",
+                               "KYC_OAUTH2_CLIENT_SECRET");
+    return GNUNET_SYSERR;
+  }
+  TEH_kyc_config.details.oauth2.client_secret = s;
+  return GNUNET_OK;
+}
+
+
 /**
  * Load configuration parameters for the exchange
  * server into the corresponding global variables.
@@ -1079,6 +1152,47 @@ handle_mhd_request (void *cls,
 static enum GNUNET_GenericReturnValue
 exchange_serve_process_config (void)
 {
+  {
+    char *kyc_mode;
+
+    if (GNUNET_OK !=
+        GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+                                               "exchange",
+                                               "KYC_MODE",
+                                               &kyc_mode))
+    {
+      GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                                 "exchange",
+                                 "KYC_MODE");
+      return GNUNET_SYSERR;
+    }
+    if (0 == strcasecmp (kyc_mode,
+                         "NONE"))
+    {
+      TEH_kyc_config.mode = TEH_KYC_NONE;
+    }
+    else if (0 == strcasecmp (kyc_mode,
+                              "OAUTH2"))
+    {
+      TEH_kyc_config.mode = TEH_KYC_OAUTH2;
+      if (GNUNET_OK !=
+          parse_kyc_oauth_cfg ())
+      {
+        GNUNET_free (kyc_mode);
+        return GNUNET_SYSERR;
+      }
+    }
+    else
+    {
+      GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+                                 "exchange",
+                                 "KYC_MODE",
+                                 "Must be 'NONE' or 'OAUTH2'");
+      GNUNET_free (kyc_mode);
+      return GNUNET_SYSERR;
+    }
+    GNUNET_free (kyc_mode);
+  }
   if (GNUNET_OK !=
       GNUNET_CONFIGURATION_get_value_number (TEH_cfg,
                                              "exchange",

src/exchange/taler-exchange-httpd.h

@@ -29,6 +29,68 @@
 #include <gnunet/gnunet_mhd_compat.h>
 
 
+/**
+ * Enumeration for our KYC modes.
+ */
+enum TEH_KycMode
+{
+  /**
+   * KYC is disabled.
+   */
+  TEH_KYC_NONE = 0,
+
+  /**
+   * We use Oauth2.0.
+   */
+  TEH_KYC_OAUTH2 = 1
+};
+
+
+/**
+ * Structure describing our KYC configuration.
+ */
+struct TEH_KycOptions
+{
+  /**
+   * What KYC mode are we in?
+   */
+  enum TEH_KycMode mode;
+
+  /**
+   * Details depending on @e mode.
+   */
+  union
+  {
+
+    /**
+     * Configuration details if @e mode is #TEH_KYC_OAUTH2.
+     */
+    struct
+    {
+
+      /**
+       * URL of tue OAuth2.0 endpoint for KYC checks.
+       */
+      char *url;
+
+      /**
+       * Our client ID for OAuth2.0.
+       */
+      char *client_id;
+
+      /**
+       * Our client secret for OAuth2.0.
+       */
+      char *client_secret;
+
+    } oauth2;
+
+  } details;
+};
+
+
+extern struct TEH_KycOptions TEH_kyc_config;
+
 /**
  * How long is caching /keys allowed at most?
  */