taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

cmd to add auditor

Browse Source
This commit is contained in:
Christian Grothoff 2020-11-26 22:48:56 +01:00
parent 2c88cff283
commit 1c1d4d9974
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
5 changed files with 528 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/include/taler_crypto_lib.h
View File

@ -222,6 +222,18 @@ struct TALER_MasterPublicKeyP
}; };
/**
* @brief Type of the private key used by the auditor.
*/
struct TALER_AuditorPrivateKeyP
{
/**
* Taler uses EdDSA for the auditor's signing key.
*/
struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv;
};
/** /**
* @brief Type of the public key used by the auditor. * @brief Type of the public key used by the auditor.
*/ */

67
src/include/taler_signatures.h
View File

@ -56,6 +56,16 @@
*/ */
#define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025 #define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025
/**
* Add an auditor to the list of our auditors.
*/
#define TALER_SIGNATURE_MASTER_ADD_AUDITOR 1026
/**
* Remove an auditor from the list of our auditors.
*/
#define TALER_SIGNATURE_MASTER_DEL_AUDITOR 1027
/** /**
* Fees charged per (aggregate) wire transfer to the merchant. * Fees charged per (aggregate) wire transfer to the merchant.
*/ */
@ -72,6 +82,7 @@
*/ */
#define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030 #define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030
/*********************************************/ /*********************************************/
/* Exchange online signatures (with signing key) */ /* Exchange online signatures (with signing key) */
/*********************************************/ /*********************************************/
@ -791,6 +802,62 @@ struct TALER_ExchangeKeySetPS
}; };
/**
* @brief Signature made by the exchange offline key over the information of
* an auditor to be added to the exchange's set of auditors.
*/
struct TALER_ExchangeAddAuditorPS
{
/**
* Purpose is #TALER_SIGNATURE_MASTER_ADD_AUDITOR. Signed
* by a `struct TALER_MasterPublicKeyP` using EdDSA.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Time of the change.
*/
struct GNUNET_TIME_AbsoluteNBO start_date;
/**
* Public key of the auditor.
*/
struct TALER_AuditorPublicKeyP auditor_pub;
/**
* Hash over the auditor's URL.
*/
struct GNUNET_HashCode h_auditor_url GNUNET_PACKED;
};
/**
* @brief Signature made by the exchange offline key over the information of
* an auditor to be removed to the exchange's set of auditors.
*/
struct TALER_ExchangeDelAuditorPS
{
/**
* Purpose is #TALER_SIGNATURE_MASTER_DEL_AUDITOR. Signed
* by a `struct TALER_MasterPublicKeyP` using EdDSA.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Time of the change.
*/
struct GNUNET_TIME_AbsoluteNBO end_date;
/**
* Public key of the auditor.
*/
struct TALER_AuditorPublicKeyP auditor_pub;
};
/** /**
* @brief Information about a denomination key. Denomination keys * @brief Information about a denomination key. Denomination keys
* are used to sign coins of a certain value into existence. * are used to sign coins of a certain value into existence.

116
src/include/taler_testing_lib.h
View File

@ -417,7 +417,7 @@ struct TALER_TESTING_Interpreter
struct GNUNET_OS_Process *exchanged; struct GNUNET_OS_Process *exchanged;
/** /**
* GNUNET_OK if key state should be reloaded. NOTE: this * #GNUNET_OK if key state should be reloaded. NOTE: this
* field can be removed because a new "send signal" command * field can be removed because a new "send signal" command
* has been introduced. * has been introduced.
*/ */
@ -1083,8 +1083,6 @@ struct TALER_TESTING_Command
TALER_TESTING_cmd_exchanges_with_retry (struct TALER_TESTING_Command cmd); TALER_TESTING_cmd_exchanges_with_retry (struct TALER_TESTING_Command cmd);
/* ***** Commands ONLY for testing (/admin-API) **** */
/** /**
* Create /admin/add-incoming command. * Create /admin/add-incoming command.
* *
@ -2021,6 +2019,118 @@ struct TALER_TESTING_Command
TALER_TESTING_cmd_stat (struct TALER_TESTING_Timer *timers); TALER_TESTING_cmd_stat (struct TALER_TESTING_Timer *timers);
/**
* Add the auditor to the exchange's list of auditors.
* The information about the auditor is taken from the
* "[auditor]" section in the configuration file.
*
* @param label command label.
* @param expected_http_status expected HTTP status from exchange
* @param bad_sig should we use a bogus signature?
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_auditor_add (const char *label,
unsigned int expected_http_status,
bool bad_sig);
/**
* Remove the auditor from the exchange's list of auditors.
* The information about the auditor is taken from the
* "[auditor]" section in the configuration file.
*
* @param label command label.
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_auditor_del (const char *label);
/**
* Add the given payto-URI bank account to the list of bank
* accounts used by the exchange.
*
* @param label command label.
* @param payto_uri URI identifying the bank account
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_wire_add (const char *label,
const char *payto_uri);
/**
* Remove the given payto-URI bank account from the list of bank
* accounts used by the exchange.
*
* @param label command label.
* @param payto_uri URI identifying the bank account
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_wire_del (const char *label,
const char *payto_uri);
/**
* Sign all exchange denomination and online signing keys
* with the "offline" key and provide those signatures to
* the exchange. (Downloads the keys, makes the signature
* and uploads the result, all in one.)
*
* @param label command label.
* @param config_filename configuration filename.
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_offline_sign_keys (const char *label,
const char *config_filename);
/**
* Revoke an exchange denomination key.
*
* @param label command label.
* @param denom_ref reference to a command that identifies
* a denomination key (i.e. because it was used to
* withdraw a coin).
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_revoke_denom_key (const char *label,
const char *denom_ref);
/**
* Have the auditor affirm that it is auditing the given
* denomination key and upload the auditor's signature to
* the exchange.
*
* @param label command label.
* @param denom_ref reference to a command that identifies
* a denomination key (i.e. because it was used to
* withdraw a coin).
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_auditor_add_denom_key (const char *denom_ref);
/**
* Revoke an exchange signing key.
*
* @param label command label.
* @param denom_ref reference to a command that identifies
* a signing key (i.e. because it was used to
* sign a deposit confirmation).
* @return the command
*/
struct TALER_TESTING_Command
TALER_TESTING_cmd_revoke_denom_key (const char *label,
const char *signkey_ref);
/* *** Generic trait logic for implementing traits ********* */ /* *** Generic trait logic for implementing traits ********* */
/** /**

1
src/testing/Makefile.am
View File

@ -35,6 +35,7 @@ libtalertesting_la_LDFLAGS = \
-version-info 0:0:0 \ -version-info 0:0:0 \
-no-undefined -no-undefined
libtalertesting_la_SOURCES = \ libtalertesting_la_SOURCES = \
testing_api_cmd_auditor_add.c \
testing_api_cmd_auditor_deposit_confirmation.c \ testing_api_cmd_auditor_deposit_confirmation.c \
testing_api_cmd_auditor_exchanges.c \ testing_api_cmd_auditor_exchanges.c \
testing_api_cmd_auditor_exec_auditor.c \ testing_api_cmd_auditor_exec_auditor.c \

335
src/testing/testing_api_cmd_auditor_add.c Normal file
View File

@ -0,0 +1,335 @@
/*
This file is part of TALER
Copyright (C) 2018-2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your
option) any later version.
TALER is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public
License along with TALER; see the file COPYING. If not, see
<http://www.gnu.org/licenses/>
*/
/**
* @file testing/testing_api_cmd_auditor_add.c
* @brief command for testing /auditor_add.
* @author Marcello Stanisci
*/
#include "platform.h"
#include "taler_json_lib.h"
#include <gnunet/gnunet_curl_lib.h>
#include "taler_testing_lib.h"
#include "taler_signatures.h"
#include "backoff.h"
/**
* State for a "auditor_add" CMD.
*/
struct AuditorAddState
{
/**
* Auditor enable handle while operation is running.
*/
struct TALER_EXCHANGE_ManagementAuditorEnableHandle *dh;
/**
* Our interpreter.
*/
struct TALER_TESTING_Interpreter *is;
/**
* Expected HTTP response code.
*/
unsigned int expected_response_code;
/**
* Should we make the request with a bad master_sig signature?
*/
bool bad_sig;
};
/**
* Callback to analyze the /management/auditors response, just used to check
* if the response code is acceptable.
*
* @param cls closure.
* @param hr HTTP response details
*/
static void
auditor_add_cb (void *cls,
const struct TALER_EXCHANGE_HttpResponse *hr)
{
struct AuditorAddState *ds = cls;
ds->dh = NULL;
if (ds->expected_response_code != hr->http_status)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u to command %s in %s:%u\n",
hr->http_status,
ds->is->commands[ds->is->ip].label,
__FILE__,
__LINE__);
json_dumpf (hr->reply,
stderr,
0);
TALER_TESTING_interpreter_fail (ds->is);
return;
}
TALER_TESTING_interpreter_next (ds->is);
}
/**
* Run the command.
*
* @param cls closure.
* @param cmd the command to execute.
* @param is the interpreter state.
*/
static void
auditor_add_run (void *cls,
const struct TALER_TESTING_Command *cmd,
struct TALER_TESTING_Interpreter *is)
{
struct AuditorAddState *ds = cls;
struct TALER_AuditorPublicKeyP auditor_pub;
char *auditor_url;
char *exchange_url;
struct TALER_MasterSignatureP master_sig;
struct GNUNET_TIME_Absolute now;
(void) cmd;
now = GNUNET_TIME_absolute_get ();
(void) GNUNET_TIME_round_abs (&now);
ds->is = is;
if (ds->bad_sig)
{
memset (&master_sig,
42,
sizeof (master_sig));
}
else
{
char *fn;
struct TALER_MasterPrivateKeyP master_priv;
struct TALER_AuditorPrivateKeyP auditor_priv;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (is->cfg,
"exchange-offline",
"MASTER_PRIV_FILE",
&fn))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange-offline",
"MASTER_PRIV_FILE");
TALER_TESTING_interpreter_next (ds->is);
return;
}
if (GNUNET_SYSERR ==
GNUNET_DISK_directory_create_for_file (fn))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Could not setup directory for master private key file `%s'\n",
fn);
GNUNET_free (fn);
TALER_TESTING_interpreter_next (ds->is);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_key_from_file (fn,
GNUNET_YES,
&master_priv.eddsa_priv))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Could not load master private key from `%s'\n",
fn);
GNUNET_free (fn);
TALER_TESTING_interpreter_next (ds->is);
return;
}
GNUNET_free (fn);
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (is->cfg,
"auditor",
"AUDITOR_PRIV_FILE",
&fn))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"auditor",
"AUDITOR_PRIV_FILE");
TALER_TESTING_interpreter_next (ds->is);
return;
}
if (GNUNET_SYSERR ==
GNUNET_DISK_directory_create_for_file (fn))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Could not setup directory for auditor private key file `%s'\n",
fn);
GNUNET_free (fn);
TALER_TESTING_interpreter_next (ds->is);
return;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_key_from_file (fn,
GNUNET_YES,
&auditor_priv.eddsa_priv))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Could not load auditor private key from `%s'\n",
fn);
GNUNET_free (fn);
TALER_TESTING_interpreter_next (ds->is);
return;
}
GNUNET_free (fn);
GNUNET_CRYPTO_eddsa_key_get_public (&auditor_priv.eddsa_priv,
&auditor_pub.eddsa_pub);
/* now sign */
{
struct TALER_ExchangeAddAuditorPS kv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_AUDITOR),
.purpose.size = htonl (sizeof (kv)),
.start_date = GNUNET_TIME_absolute_hton (now),
.auditor_pub = auditor_pub,
};
GNUNET_CRYPTO_hash (auditor_url,
strlen (auditor_url) + 1,
&kv.h_auditor_url);
/* Finally sign ... */
GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv,
&kv,
&master_sig.eddsa_signature);
}
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (is->cfg,
"auditor",
"BASE_URL",
&auditor_url))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"auditor",
"BASE_URL");
TALER_TESTING_interpreter_next (ds->is);
return;
}
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_string (is->cfg,
"exchange",
"BASE_URL",
&exchange_url))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"BASE_URL");
GNUNET_free (auditor_url);
TALER_TESTING_interpreter_next (ds->is);
return;
}
ds->dh = TALER_EXCHANGE_management_enable_auditor (
is->ctx,
exchange_url,
&auditor_pub,
auditor_url,
now,
&master_sig,
&auditor_add_cb,
ds);
GNUNET_free (exchange_url);
GNUNET_free (auditor_url);
if (NULL == ds->dh)
{
GNUNET_break (0);
TALER_TESTING_interpreter_fail (is);
return;
}
}
/**
* Free the state of a "auditor_add" CMD, and possibly cancel a
* pending operation thereof.
*
* @param cls closure, must be a `struct AuditorAddState`.
* @param cmd the command which is being cleaned up.
*/
static void
auditor_add_cleanup (void *cls,
const struct TALER_TESTING_Command *cmd)
{
struct AuditorAddState *ds = cls;
if (NULL != ds->dh)
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Command %u (%s) did not complete\n",
ds->is->ip,
cmd->label);
TALER_EXCHANGE_management_enable_auditor_cancel (ds->dh);
ds->dh = NULL;
}
GNUNET_free (ds);
}
/**
* Offer internal data from a "auditor_add" CMD, to other commands.
*
* @param cls closure.
* @param[out] ret result.
* @param trait name of the trait.
* @param index index number of the object to offer.
*
* @return #GNUNET_OK on success.
*/
static int
auditor_add_traits (void *cls,
const void **ret,
const char *trait,
unsigned int index)
{
return GNUNET_NO;
}
struct TALER_TESTING_Command
TALER_TESTING_cmd_auditor_add (const char *label,
unsigned int expected_http_status,
bool bad_sig)
{
struct AuditorAddState *ds;
ds = GNUNET_new (struct AuditorAddState);
ds->expected_response_code = expected_http_status;
ds->bad_sig = bad_sig;
{
struct TALER_TESTING_Command cmd = {
.cls = ds,
.label = label,
.run = &auditor_add_run,
.cleanup = &auditor_add_cleanup,
.traits = &auditor_add_traits
};
return cmd;
}
}
/* end of testing_api_cmd_auditor_add.c */