taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove very obsolete tool and test

Browse Source
This commit is contained in:
Christian Grothoff 2020-12-14 17:17:14 +01:00
parent 04f2e9a4d5
commit 45926ec067
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
3 changed files with 0 additions and 495 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/exchange-tools/Makefile.am
View File

@ -15,7 +15,6 @@ endif
bin_PROGRAMS = \
taler-auditor-offline \
taler-exchange-keyup \
taler-exchange-keycheck \
taler-exchange-offline \
taler-exchange-wire \
taler-exchange-dbinit
@ -76,16 +75,6 @@ taler_exchange_wire_LDADD = \
$(XLIB)
taler_exchange_wire_LDFLAGS = $(POSTGRESQL_LDFLAGS)
taler_exchange_keycheck_SOURCES = \
taler-exchange-keycheck.c
taler_exchange_keycheck_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/exchangedb/libtalerexchangedb.la \
-lgnunetutil \
$(XLIB)
taler_exchange_keycheck_LDFLAGS = $(POSTGRESQL_LDFLAGS)
taler_exchange_dbinit_SOURCES = \
taler-exchange-dbinit.c
taler_exchange_dbinit_LDADD = \
@ -107,12 +96,6 @@ taler_exchange_dbinit_CPPFLAGS = \
AM_TESTS_ENVIRONMENT=export TALER_PREFIX=$${TALER_PREFIX:-@libdir@};export PATH=$${TALER_PREFIX:-@prefix@}/bin:$$PATH;
check_SCRIPTS = \
test_taler_exchange_keyup.sh
TESTS = \
$(check_SCRIPTS)
# Distribution
EXTRA_DIST = \

336
src/exchange-tools/taler-exchange-keycheck.c
View File

@ -1,336 +0,0 @@
/*
This file is part of TALER
Copyright (C) 2014, 2015, 2016 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-exchange-keycheck.c
* @brief Check exchange keys for validity. Reads the signing and denomination
* keys from the exchange directory and checks to make sure they are
* well-formed. This is purely a diagnostic tool.
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
*/
#include <platform.h>
#include <gnunet/gnunet_util_lib.h>
#include "taler_exchangedb_lib.h"
/**
* Exchange directory with the keys.
*/
static char *exchange_directory;
/**
* Our configuration.
*/
static const struct GNUNET_CONFIGURATION_Handle *kcfg;
/**
* Return value from main().
*/
static int global_ret;
/**
* Option -i used to print full denomination key hashes for
* denominations of certain amounts.
*/
static struct TALER_Amount print_dk_amount;
/**
* Function called on each signing key.
*
* @param cls closure (NULL)
* @param filename name of the file the key came from
* @param ski the sign key
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
*/
static int
signkeys_iter (void *cls,
const char *filename,
const struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP *ski)
{
(void) cls;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Iterating over key `%s' for start time %s\n",
filename,
GNUNET_STRINGS_absolute_time_to_string
(GNUNET_TIME_absolute_ntoh (ski->issue.start)));
if (ntohl (ski->issue.purpose.size) !=
(sizeof (struct TALER_ExchangeSigningKeyValidityPS)))
{
fprintf (stderr,
"Signing key `%s' has invalid purpose size\n",
filename);
return GNUNET_SYSERR;
}
if ( (0 != GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us
% 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us
% 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (ski->issue.end).abs_value_us
% 1000000) )
{
fprintf (stderr,
"Timestamps are not multiples of a round second\n");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&ski->issue,
&ski->master_sig.eddsa_signature,
&ski->issue.master_public_key.eddsa_pub))
{
fprintf (stderr,
"Signing key `%s' has invalid signature\n",
filename);
return GNUNET_SYSERR;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Signing key `%s' valid\n",
filename);
return GNUNET_OK;
}
/**
* Check signing keys.
*
* @return #GNUNET_OK if the keys are OK
* #GNUNET_NO if not
*/
static int
exchange_signkeys_check ()
{
if (0 > TALER_EXCHANGEDB_signing_keys_iterate (exchange_directory,
&signkeys_iter,
NULL))
return GNUNET_NO;
return GNUNET_OK;
}
/**
* Function called on each denomination key.
*
* @param cls closure (NULL)
* @param dki the denomination key
* @param alias coin alias
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error!
*/
static int
denomkeys_iter (void *cls,
const char *alias,
const struct
TALER_EXCHANGEDB_DenominationKey *dki)
{
struct GNUNET_HashCode hc;
struct TALER_Amount value;
(void) cls;
if (ntohl (dki->issue.properties.purpose.size) !=
sizeof (struct TALER_DenominationKeyValidityPS))
{
fprintf (stderr,
"Denomination key for `%s' has invalid purpose size\n",
alias);
return GNUNET_SYSERR;
}
if ( (0 != GNUNET_TIME_absolute_ntoh (
dki->issue.properties.start).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (
dki->issue.properties.expire_withdraw).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (
dki->issue.properties.expire_legal).abs_value_us % 1000000) ||
(0 != GNUNET_TIME_absolute_ntoh (
dki->issue.properties.expire_deposit).abs_value_us % 1000000) )
{
fprintf (stderr,
"Timestamps are not multiples of a round second\n");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY,
&dki->issue.properties,
&dki->issue.signature.eddsa_signature,
&dki->issue.properties.master.eddsa_pub))
{
fprintf (stderr,
"Denomination key for `%s' has invalid signature\n",
alias);
return GNUNET_SYSERR;
}
GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key,
&hc);
if (0 != GNUNET_memcmp (&hc,
&dki->issue.properties.denom_hash))
{
fprintf (stderr,
"Public key for `%s' does not match signature\n",
alias);
return GNUNET_SYSERR;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Denomination key `%s' (%s) is valid\n",
alias,
GNUNET_h2s (&hc));
TALER_amount_ntoh (&value,
&dki->issue.properties.value);
if ( (GNUNET_OK ==
TALER_amount_cmp_currency (&print_dk_amount,
&value)) &&
(0 ==
TALER_amount_cmp (&print_dk_amount,
&value)) )
{
char *dh;
struct GNUNET_TIME_Absolute start;
start = GNUNET_TIME_absolute_ntoh (dki->issue.properties.start);
dh = GNUNET_STRINGS_data_to_string_alloc (&dki->issue.properties.denom_hash,
sizeof (struct GNUNET_HashCode));
/* output start time first for easy numeric sorting, then
the denomination hash, and finally the human-readable start time */
printf ("%020llu %s %s\n",
(unsigned long long) start.abs_value_us,
dh,
GNUNET_STRINGS_absolute_time_to_string (start));
GNUNET_free (dh);
}
return GNUNET_OK;
}
/**
* Check denomination keys.
*
* @return #GNUNET_OK if the keys are OK
* #GNUNET_NO if not
*/
static int
exchange_denomkeys_check ()
{
struct TALER_MasterPublicKeyP master_public_key_from_cfg;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_data (kcfg,
"exchange",
"master_public_key",
&master_public_key_from_cfg,
sizeof (struct
GNUNET_CRYPTO_EddsaPublicKey)))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"master_public_key");
return GNUNET_NO;
}
if (0 > TALER_EXCHANGEDB_denomination_keys_iterate (exchange_directory,
&denomkeys_iter,
NULL))
return GNUNET_NO;
return GNUNET_OK;
}
/**
* Main function that will be run.
*
* @param cls closure
* @param args remaining command-line arguments
* @param cfgfile name of the configuration file used (for saving, can be NULL!)
* @param cfg configuration
*/
static void
run (void *cls,
char *const *args,
const char *cfgfile,
const struct GNUNET_CONFIGURATION_Handle *cfg)
{
(void) cls;
(void) args;
(void) cfgfile;
kcfg = cfg;
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_filename (kcfg,
"exchange",
"KEYDIR",
&exchange_directory))
{
GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
"exchange",
"KEYDIR");
global_ret = 1;
return;
}
if ( (GNUNET_OK != exchange_signkeys_check ()) ||
(GNUNET_OK != exchange_denomkeys_check ()) )
{
global_ret = 1;
return;
}
}
/**
* The main function of the keyup tool
*
* @param argc number of arguments from the command line
* @param argv command line arguments
* @return 0 ok, 1 on error
*/
int
main (int argc,
char *const *argv)
{
const struct GNUNET_GETOPT_CommandLineOption options[] = {
TALER_getopt_get_amount ('i',
"denomination-info-hash",
"AMOUNT",
"print full denomination hashes of all denominations with the given AMOUNT value",
&print_dk_amount),
GNUNET_GETOPT_OPTION_END
};
/* force linker to link against libtalerutil; if we do
not do this, the linker may "optimize" libtalerutil
away and skip #TALER_OS_init(), which we do need */
(void) TALER_project_data_default ();
GNUNET_assert (GNUNET_OK ==
GNUNET_log_setup ("taler-exchange-keycheck",
"WARNING",
NULL));
if (GNUNET_OK !=
GNUNET_PROGRAM_run (argc, argv,
"taler-exchange-keycheck",
"Check keys of the exchange for validity",
options,
&run, NULL))
return 1;
return global_ret;
}
/* end of taler-exchange-keycheck.c */

142
src/exchange-tools/test_taler_exchange_keyup.sh
View File

@ -1,142 +0,0 @@
#!/bin/bash
#
# This file is part of TALER
# Copyright (C) 2015-2020 Taler Systems SA
#
# TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU Affero General Public License as published by the Free Software
# Foundation; either version 3, or (at your option) any later version.
#
# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License along with
# TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
#
#
# This script uses 'curl' to POST various ill-formed requests to the
# taler-exchange-httpd. Basically, the goal is to make sure that the
# HTTP server survives (and produces the 'correct' error code).
#
#
# Clear environment from variables that override config.
unset XDG_DATA_HOME
unset XDG_CONFIG_HOME
#
# Exit, with status code "skip" (no 'real' failure)
function exit_skip() {
echo $1
exit 77
}
# test required commands exist
echo -n "Testing for jq ..."
jq -h > /dev/null || exit_skip "jq required"
echo " OK"
CONF="-c test_taler_exchange_httpd.conf"
echo -n "Launching exchange ..."
PREFIX=
# Uncomment this line to run with valgrind...
# PREFIX="valgrind --leak-check=yes --track-fds=yes --error-exitcode=1 --log-file=valgrind.%p"
# Setup database
taler-exchange-dbinit $CONF &> /dev/null
# Setup keys.
taler-exchange-keyup $CONF &> /dev/null || exit 1
# Setup wire accounts.
taler-exchange-wire $CONF > /dev/null || exit 1
# Run Exchange HTTPD (in background)
$PREFIX taler-exchange-httpd $CONF 2> test-exchange.log &
# Give HTTP time to start
for n in `seq 1 100`
do
echo -n "."
sleep 0.1
OK=1
wget http://localhost:8081/ -o /dev/null -O /dev/null >/dev/null && break
OK=0
done
if [ 1 != $OK ]
then
echo "Failed to launch exchange"
kill -TERM $!
wait $!
echo Process status: $?
exit 77
fi
echo " DONE"
# Finally run test...
echo -n "Running tests ... "
# Revoke active denomination key
REVOKE_DENOM_HASH=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $2}'`
REVOKE_DENOM_TIME=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $1}'`
taler-exchange-keyup $CONF -r "$REVOKE_DENOM_HASH" -k 1024
# check revocation file exists
RDIR=`taler-config $CONF -f -s exchange -o REVOCATION_DIR`
if [ -f "$RDIR"/$REVOKE_DENOM_HASH.rev ]
then
echo -n "REV-OK "
else
echo -n "REV-FAIL ($RDIR) "
RET=1
fi
# Check we now have two keys for that timestamp
CNT=`taler-exchange-keycheck $CONF -i EUR:1 | awk '{print $1}' | grep -- "$REVOKE_DENOM_TIME" | wc -l`
if [ x2 != x${CNT} ]
then
echo -n "CNT-FAIL (${CNT}) "
RET=1
else
echo -n "CNT-OK "
fi
# Reload keys (and revocation data) at the exchange
kill -SIGUSR1 $!
# Give exchange chance to parse and reload keys
sleep 5
# Download (updated) keys
wget http://localhost:8081/keys -O keys.json -o /dev/null >/dev/null
RK=`jq -er .recoup[0].h_denom_pub < keys.json`
if [ x$RK != x$REVOKE_DENOM_HASH ]
then
echo -n "KEYS-FAIL ($RK vs $REVOKE_DENOM_HASH)"
RET=1
else
echo -n "KEYS-OK"
fi
echo " DONE"
# $! is the last backgrounded process, hence the exchange
kill -TERM $!
wait $!
if [ 0 != $? ]
then
RET=4
fi
echo "Final cleanup"
# Can't leave revocations around, would mess up next test run
rm -r "$RDIR"
# Also cleaning up live keys, as otherwise we have two for the revoked denomination type next time
KDIR=`taler-config $CONF -f -s exchange -o KEYDIR`
rm -r "$KDIR"
# Clean up our temporary file
rm keys.json
exit $RET