complete auditor httpd side of deposit confirmation handling (auditordb not yet ready, though)

This commit is contained in:
Christian Grothoff 2018-10-27 19:26:17 +02:00
parent 2956217b30
commit 2024ccd2f9
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
2 changed files with 126 additions and 25 deletions

View File

@ -50,6 +50,37 @@ reply_deposit_confirmation_success (struct MHD_Connection *connection)
} }
/**
* Store exchange's signing key information in the database.
*
* @param cls a `struct TALER_AUDITORDB_ExchangeSigningKey *`
* @param connection MHD request context
* @param session database session and transaction to use
* @param[out] mhd_ret set to MHD status on error
* @return transaction status
*/
static enum GNUNET_DB_QueryStatus
store_exchange_signing_key_transaction (void *cls,
struct MHD_Connection *connection,
struct TALER_AUDITORDB_Session *session,
int *mhd_ret)
{
const struct TALER_AUDITORDB_ExchangeSigningKey *es = cls;
enum GNUNET_DB_QueryStatus qs;
qs = TAH_plugin->insert_exchange_signkey (TAH_plugin->cls,
session,
es);
if (GNUNET_DB_STATUS_HARD_ERROR == qs)
{
TALER_LOG_WARNING ("Failed to store exchange signing key in database\n");
*mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection,
TALER_EC_DEPOSIT_CONFIRMATION_STORE_DB_ERROR);
}
return qs;
}
/** /**
* Execute database transaction for /deposit-confirmation. Runs the * Execute database transaction for /deposit-confirmation. Runs the
* transaction logic; IF it returns a non-error code, the transaction * transaction logic; IF it returns a non-error code, the transaction
@ -94,17 +125,48 @@ deposit_confirmation_transaction (void *cls,
* *
* @param connection the MHD connection to handle * @param connection the MHD connection to handle
* @param dc information about the deposit confirmation * @param dc information about the deposit confirmation
* @param es information about the exchange's signing key
* @return MHD result code * @return MHD result code
*/ */
static int static int
verify_and_execute_deposit_confirmation (struct MHD_Connection *connection, verify_and_execute_deposit_confirmation (struct MHD_Connection *connection,
const struct TALER_AUDITORDB_DepositConfirmation *dc) const struct TALER_AUDITORDB_DepositConfirmation *dc,
const struct TALER_AUDITORDB_ExchangeSigningKey *es)
{ {
struct TALER_ExchangeSigningKeyValidityPS skv; struct TALER_ExchangeSigningKeyValidityPS skv;
struct TALER_DepositConfirmationPS dcs; struct TALER_DepositConfirmationPS dcs;
int mhd_ret; int mhd_ret;
/* check signatures */ /* check exchange signing key signature */
skv.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
skv.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));
skv.master_public_key = es->master_public_key;
skv.start = GNUNET_TIME_absolute_hton (es->ep_start);
skv.expire = GNUNET_TIME_absolute_hton (es->ep_expire);
skv.end = GNUNET_TIME_absolute_hton (es->ep_end);
skv.signkey_pub = es->exchange_pub;
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&skv.purpose,
&es->master_sig.eddsa_signature,
&es->master_public_key.eddsa_pub))
{
TALER_LOG_WARNING ("Invalid signature on exchange signing key\n");
return TAH_RESPONSE_reply_signature_invalid (connection,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"master_sig");
}
/* execute transaction */
if (GNUNET_OK !=
TAH_DB_run_transaction (connection,
"persist exchange signing key",
&mhd_ret,
&store_exchange_signing_key_transaction,
(void *) es))
return mhd_ret;
/* check deposit confirmation signature */
dcs.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT); dcs.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT);
dcs.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS)); dcs.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS));
dcs.h_contract_terms = dc->h_contract_terms; dcs.h_contract_terms = dc->h_contract_terms;
@ -126,26 +188,6 @@ verify_and_execute_deposit_confirmation (struct MHD_Connection *connection,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID, TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"exchange_sig"); "exchange_sig");
} }
/* TODO: we should probably cache these, no need to verify the
exchange_sig's every time (wastes CPU) */
skv.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
skv.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));
skv.master_public_key = dc->master_public_key;
skv.start; // FIXME
skv.expire; // FIXME
skv.end; // FIXME
skv.signkey_pub = dc->exchange_pub;
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&skv.purpose,
&dc->master_sig.eddsa_signature,
&dc->master_public_key.eddsa_pub))
{
TALER_LOG_WARNING ("Invalid signature on /deposit-confirmation request\n");
return TAH_RESPONSE_reply_signature_invalid (connection,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"master_sig");
}
/* execute transaction */ /* execute transaction */
if (GNUNET_OK != if (GNUNET_OK !=
@ -183,6 +225,7 @@ TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
json_t *json; json_t *json;
int res; int res;
struct TALER_AUDITORDB_DepositConfirmation dc; struct TALER_AUDITORDB_DepositConfirmation dc;
struct TALER_AUDITORDB_ExchangeSigningKey es;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("h_contract_terms", &dc.h_contract_terms), GNUNET_JSON_spec_fixed_auto ("h_contract_terms", &dc.h_contract_terms),
GNUNET_JSON_spec_fixed_auto ("h_wire", &dc.h_wire), GNUNET_JSON_spec_fixed_auto ("h_wire", &dc.h_wire),
@ -193,8 +236,11 @@ TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
GNUNET_JSON_spec_fixed_auto ("merchant_pub", &dc.merchant), GNUNET_JSON_spec_fixed_auto ("merchant_pub", &dc.merchant),
GNUNET_JSON_spec_fixed_auto ("exchange_sig", &dc.exchange_sig), GNUNET_JSON_spec_fixed_auto ("exchange_sig", &dc.exchange_sig),
GNUNET_JSON_spec_fixed_auto ("exchange_pub", &dc.exchange_pub), GNUNET_JSON_spec_fixed_auto ("exchange_pub", &dc.exchange_pub),
GNUNET_JSON_spec_fixed_auto ("master_sig", &dc.master_sig), GNUNET_JSON_spec_fixed_auto ("master_pub", &es.master_public_key),
GNUNET_JSON_spec_fixed_auto ("master_public_key", &dc.master_public_key), GNUNET_JSON_spec_fixed_auto ("ep_start", &es.ep_start),
GNUNET_JSON_spec_fixed_auto ("ep_expire", &es.ep_expire),
GNUNET_JSON_spec_fixed_auto ("ep_end", &es.ep_end),
GNUNET_JSON_spec_fixed_auto ("master_sig", &es.master_sig),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
@ -212,12 +258,15 @@ TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
json, json,
spec); spec);
json_decref (json); json_decref (json);
es.exchange_pub = dc.exchange_pub; /* used twice! */
if (GNUNET_SYSERR == res) if (GNUNET_SYSERR == res)
return MHD_NO; /* hard failure */ return MHD_NO; /* hard failure */
if (GNUNET_NO == res) if (GNUNET_NO == res)
return MHD_YES; /* failure */ return MHD_YES; /* failure */
res = verify_and_execute_deposit_confirmation (connection, res = verify_and_execute_deposit_confirmation (connection,
&dc); &dc,
&es);
GNUNET_JSON_parse_free (spec); GNUNET_JSON_parse_free (spec);
return res; return res;
} }

View File

@ -186,6 +186,43 @@ struct TALER_AUDITORDB_ProgressPoint
}; };
/**
* Information about a signing key of an exchange.
*/
struct TALER_AUDITORDB_ExchangeSigningKey
{
/**
* Public master key of the exchange that certified @e master_sig.
*/
struct TALER_MasterPublicKeyP master_public_key;
/**
* When does @e exchange_pub start to be used?
*/
struct GNUNET_TIME_Absolute ep_start;
/**
* When will the exchange stop signing with @e exchange_pub?
*/
struct GNUNET_TIME_Absolute ep_expire;
/**
* When does the signing key expire (for legal disputes)?
*/
struct GNUNET_TIME_Absolute ep_end;
/**
* What is the public offline signing key this is all about?
*/
struct TALER_ExchangePublicKeyP exchange_pub;
/**
* Signature by the offline master key affirming the above.
*/
struct TALER_MasterSignatureP master_sig;
};
/** /**
* Information about a deposit confirmation we received from * Information about a deposit confirmation we received from
* a merchant. * a merchant.
@ -366,6 +403,21 @@ struct TALER_AUDITORDB_Plugin
(*gc) (void *cls); (*gc) (void *cls);
/**
* Insert information about a signing key of the exchange.
*
* @param cls the @e cls of this struct with the plugin-specific state
* @param session connection to the database
* @param sk signing key information to store
* @return query result status
*/
enum GNUNET_DB_QueryStatus
(*insert_exchange_signkey) (void *cls,
struct TALER_AUDITORDB_Session *session,
const struct TALER_AUDITORDB_ExchangeSigningKey *sk);
// FIXME: above function is not yet implemented!
/** /**
* Insert information about a deposit confirmation into the database. * Insert information about a deposit confirmation into the database.
* *