[age restriction] progress 6/n
lift logic for detection of age restriction of a denomination out from taler-exchange-secmod-rsa.c to taler-exchange_httpd_keys.c
This commit is contained in:
parent
41aba39f0f
commit
54c62f3ab9
@ -12,7 +12,7 @@
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along with
|
||||
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
|
||||
*/
|
||||
*/
|
||||
/**
|
||||
* @file taler-exchange-httpd_keys.c
|
||||
* @brief management of our various keys
|
||||
@ -673,6 +673,60 @@ destroy_key_helpers (struct HelperState *hs)
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Looks up the AGE_RESTRICTED setting for a denomination in the config and
|
||||
* returns the age restriction (mask) accordingly.
|
||||
*
|
||||
* FIXME: The mask is currently taken from the config. However, It MUST come
|
||||
* from the database where it has been persisted after a signed call to the
|
||||
* /management/extension API (TODO).
|
||||
*
|
||||
* @param section_name Section in the configuration for the particular
|
||||
* denomination.
|
||||
*/
|
||||
static struct TALER_AgeMask
|
||||
load_age_mask (const char*section_name)
|
||||
{
|
||||
static const struct TALER_AgeMask null_mask = {0};
|
||||
struct TALER_AgeMask age_mask = {0};
|
||||
|
||||
/* FIXME-oec: get age_mask from database, not from config */
|
||||
if (TALER_EXTENSION_OK != TALER_get_age_mask (TEH_cfg, &age_mask))
|
||||
{
|
||||
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
|
||||
TALER_EXTENSION_SECTION_AGE_RESTRICTION,
|
||||
"AGE_GROUPS",
|
||||
"must be of form a:b:...:n:m, where 0<a<b<...<n<m<32\n");
|
||||
return null_mask;
|
||||
}
|
||||
|
||||
if (age_mask.mask == 0)
|
||||
{
|
||||
return null_mask;
|
||||
}
|
||||
|
||||
if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (
|
||||
TEH_cfg,
|
||||
section_name,
|
||||
"AGE_RESTRICTED")))
|
||||
{
|
||||
enum GNUNET_GenericReturnValue ret;
|
||||
if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (TEH_cfg,
|
||||
section_name,
|
||||
"AGE_RESTRICTED")))
|
||||
{
|
||||
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
|
||||
section_name,
|
||||
"AGE_RESTRICTED",
|
||||
"Value must be YES or NO\n");
|
||||
return null_mask;
|
||||
}
|
||||
}
|
||||
|
||||
return age_mask;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Function called with information about available keys for signing. Usually
|
||||
* only called once per key upon connect. Also called again in case a key is
|
||||
@ -690,7 +744,6 @@ destroy_key_helpers (struct HelperState *hs)
|
||||
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
|
||||
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
|
||||
* The signature was already verified against @a sm_pub.
|
||||
* @param age_restricted true, if denomination is age restricted
|
||||
*/
|
||||
static void
|
||||
helper_rsa_cb (
|
||||
@ -701,8 +754,7 @@ helper_rsa_cb (
|
||||
const struct TALER_RsaPubHashP *h_rsa,
|
||||
const struct TALER_DenominationPublicKey *denom_pub,
|
||||
const struct TALER_SecurityModulePublicKeyP *sm_pub,
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig,
|
||||
bool age_restricted)
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig)
|
||||
{
|
||||
struct HelperState *hs = cls;
|
||||
struct HelperDenomination *hd;
|
||||
@ -734,17 +786,8 @@ helper_rsa_cb (
|
||||
TALER_denom_pub_deep_copy (&hd->denom_pub,
|
||||
denom_pub);
|
||||
GNUNET_assert (TALER_DENOMINATION_RSA == hd->denom_pub.cipher);
|
||||
|
||||
/* Set age restriction, if applicable */
|
||||
hd->denom_pub.age_mask.mask = 0;
|
||||
if (age_restricted)
|
||||
{
|
||||
/* FIXME-oec: get age mask from global */
|
||||
GNUNET_assert (TALER_EXTENSION_OK == TALER_get_age_mask (TEH_cfg,
|
||||
&hd->denom_pub.
|
||||
age_mask));
|
||||
}
|
||||
|
||||
/* load the age mask for the denomination, if applicable */
|
||||
hd->denom_pub.age_mask = load_age_mask (section_name);
|
||||
TALER_denom_pub_hash (&hd->denom_pub,
|
||||
&hd->h_denom_pub);
|
||||
hd->section_name = GNUNET_strdup (section_name);
|
||||
@ -2285,16 +2328,17 @@ TEH_keys_get_handler (struct TEH_RequestContext *rc,
|
||||
|
||||
|
||||
/**
|
||||
* Load fees and expiration times (!) for the denomination type configured in
|
||||
* section @a section_name. Before calling this function, the `start` and
|
||||
* `validity_duration` times must already be initialized in @a meta.
|
||||
* Load extension data, like fees, expiration times (!) and age restriction
|
||||
* flags for the denomination type configured in section @a section_name.
|
||||
* Before calling this function, the `start` and `validity_duration` times must
|
||||
* already be initialized in @a meta.
|
||||
*
|
||||
* @param section_name section in the configuration to use
|
||||
* @param[in,out] meta denomination type data to complete
|
||||
* @return #GNUNET_OK on success
|
||||
*/
|
||||
static enum GNUNET_GenericReturnValue
|
||||
load_fees (const char *section_name,
|
||||
load_extension_data (const char *section_name,
|
||||
struct TALER_EXCHANGEDB_DenominationKeyMetaData *meta)
|
||||
{
|
||||
struct GNUNET_TIME_Relative deposit_duration;
|
||||
@ -2408,6 +2452,7 @@ load_fees (const char *section_name,
|
||||
TEH_currency);
|
||||
return GNUNET_SYSERR;
|
||||
}
|
||||
meta->age_restrictions = load_age_mask (section_name);
|
||||
return GNUNET_OK;
|
||||
}
|
||||
|
||||
@ -2440,7 +2485,7 @@ TEH_keys_load_fees (const struct TALER_DenominationHash *h_denom_pub,
|
||||
meta->start = hd->start_time;
|
||||
meta->expire_withdraw = GNUNET_TIME_absolute_add (meta->start,
|
||||
hd->validity_duration);
|
||||
ok = load_fees (hd->section_name,
|
||||
ok = load_extension_data (hd->section_name,
|
||||
meta);
|
||||
if (GNUNET_OK == ok)
|
||||
{
|
||||
@ -2542,7 +2587,7 @@ add_future_denomkey_cb (void *cls,
|
||||
meta.expire_withdraw = GNUNET_TIME_absolute_add (meta.start,
|
||||
hd->validity_duration);
|
||||
if (GNUNET_OK !=
|
||||
load_fees (hd->section_name,
|
||||
load_extension_data (hd->section_name,
|
||||
&meta))
|
||||
{
|
||||
/* Woops, couldn't determine fee structure!? */
|
||||
|
@ -1362,7 +1362,6 @@ struct TALER_CRYPTO_RsaDenominationHelper;
|
||||
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
|
||||
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
|
||||
* The signature was already verified against @a sm_pub.
|
||||
* @param age_restricted true, if denomnation has age restriction set
|
||||
*/
|
||||
typedef void
|
||||
(*TALER_CRYPTO_RsaDenominationKeyStatusCallback)(
|
||||
@ -1373,8 +1372,7 @@ typedef void
|
||||
const struct TALER_RsaPubHashP *h_rsa,
|
||||
const struct TALER_DenominationPublicKey *denom_pub,
|
||||
const struct TALER_SecurityModulePublicKeyP *sm_pub,
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig,
|
||||
bool age_restricted);
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig);
|
||||
|
||||
|
||||
/**
|
||||
|
@ -630,9 +630,20 @@ struct TALER_EXCHANGEDB_DenominationKeyMetaData
|
||||
struct TALER_Amount fee_refund;
|
||||
|
||||
/**
|
||||
* Indication if age restriction is set for this denomination
|
||||
* Age restriction for the denomination. (can be zero). If not zero, the bits
|
||||
* set in the mask mark the edges at the beginning of a next age group. F.e.
|
||||
* for the age groups
|
||||
* 0-7, 8-9, 10-11, 12-14, 14-15, 16-17, 18-21, 21-*
|
||||
* the following bits are set:
|
||||
*
|
||||
* 31 24 16 8 0
|
||||
* | | | | |
|
||||
* oooooooo oo1oo1o1 o1o1o1o1 ooooooo1
|
||||
*
|
||||
* A value of 0 means that the denomination does not support the extension for
|
||||
* age-restriction.
|
||||
*/
|
||||
bool age_restricted;
|
||||
struct TALER_AgeMask age_restrictions;
|
||||
};
|
||||
|
||||
|
||||
|
@ -39,8 +39,8 @@ enum TALER_EXTENSION_ReturnValue
|
||||
* TALER Age Restriction Extensions
|
||||
*/
|
||||
|
||||
#define TALER_EXTENSION_SECTION_AGE_RESTRICTION TALER_EXTENSION_SECTION_PREFIX \
|
||||
"agerestriction"
|
||||
#define TALER_EXTENSION_SECTION_AGE_RESTRICTION (TALER_EXTENSION_SECTION_PREFIX \
|
||||
"agerestriction")
|
||||
|
||||
/**
|
||||
* The default age mask represents the age groups
|
||||
|
@ -13,7 +13,7 @@
|
||||
You should have received a copy of the GNU General Public License along with
|
||||
TALER; see the file COPYING. If not, see
|
||||
<http://www.gnu.org/licenses/>
|
||||
*/
|
||||
*/
|
||||
/**
|
||||
* @file lib/exchange_api_deposit.c
|
||||
* @brief Implementation of the /deposit request of the exchange's HTTP API
|
||||
@ -514,7 +514,7 @@ verify_signatures (const struct TALER_EXCHANGE_DenomPublicKey *dki,
|
||||
.coin_pub = *coin_pub,
|
||||
.denom_pub_hash = *denom_pub_hash,
|
||||
.denom_sig = *denom_sig,
|
||||
.age_commitment_hash = { 0 } /* FIXME-Oec */
|
||||
.age_commitment_hash = {{{0}}} /* FIXME-Oec */
|
||||
};
|
||||
|
||||
if (GNUNET_YES !=
|
||||
|
@ -239,8 +239,7 @@ handle_mt_avail (struct TALER_CRYPTO_RsaDenominationHelper *dh,
|
||||
&h_rsa,
|
||||
&denom_pub,
|
||||
&kan->secm_pub,
|
||||
&kan->secm_sig,
|
||||
(kan->age_restricted > 0));
|
||||
&kan->secm_sig);
|
||||
TALER_denom_pub_free (&denom_pub);
|
||||
}
|
||||
return GNUNET_OK;
|
||||
@ -276,8 +275,7 @@ handle_mt_purge (struct TALER_CRYPTO_RsaDenominationHelper *dh,
|
||||
&pn->h_rsa,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
false);
|
||||
NULL);
|
||||
return GNUNET_OK;
|
||||
}
|
||||
|
||||
|
@ -12,7 +12,7 @@
|
||||
|
||||
You should have received a copy of the GNU General Public License along with
|
||||
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
|
||||
*/
|
||||
*/
|
||||
/**
|
||||
* @file util/taler-exchange-secmod-rsa.c
|
||||
* @brief Standalone process to perform private key RSA operations
|
||||
@ -156,11 +156,6 @@ struct Denomination
|
||||
* Length of (new) RSA keys (in bits).
|
||||
*/
|
||||
uint32_t rsa_keysize;
|
||||
|
||||
/**
|
||||
* Is the denomination age restricted? 0 == false
|
||||
*/
|
||||
uint8_t age_restricted;
|
||||
};
|
||||
|
||||
|
||||
@ -263,7 +258,6 @@ notify_client_dk_add (struct TES_Client *client,
|
||||
an->section_name_len = htons ((uint16_t) nlen);
|
||||
an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
|
||||
an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
|
||||
an->age_restricted = denom->age_restricted;
|
||||
TALER_exchange_secmod_rsa_sign (&dk->h_rsa,
|
||||
denom->section,
|
||||
dk->anchor,
|
||||
@ -1262,24 +1256,6 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg,
|
||||
}
|
||||
denom->rsa_keysize = (unsigned int) rsa_keysize;
|
||||
denom->section = GNUNET_strdup (ct);
|
||||
if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (cfg,
|
||||
ct,
|
||||
"AGE_RESTRICTED")))
|
||||
{
|
||||
enum GNUNET_GenericReturnValue ret;
|
||||
if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (cfg,
|
||||
ct,
|
||||
"AGE_RESTRICTED")))
|
||||
{
|
||||
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
|
||||
ct,
|
||||
"AGE_RESTRICTED",
|
||||
"Value must be YES or NO\n");
|
||||
return GNUNET_SYSERR;
|
||||
}
|
||||
denom->age_restricted = (ret == GNUNET_OK) ? 1 : 0;
|
||||
}
|
||||
|
||||
return GNUNET_OK;
|
||||
}
|
||||
|
||||
|
@ -77,11 +77,6 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification
|
||||
*/
|
||||
struct TALER_SecurityModuleSignatureP secm_sig;
|
||||
|
||||
/**
|
||||
* Indicator for age restriction
|
||||
*/
|
||||
uint8_t age_restricted;
|
||||
|
||||
/* followed by @e pub_size bytes of the RSA public key */
|
||||
|
||||
/* followed by @e section_name bytes of the configuration section name
|
||||
|
@ -133,7 +133,6 @@ free_keys (void)
|
||||
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
|
||||
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
|
||||
* The signature was already verified against @a sm_pub.
|
||||
* @param age_restricted indication if denomination is age restricted
|
||||
*/
|
||||
static void
|
||||
key_cb (void *cls,
|
||||
@ -143,13 +142,11 @@ key_cb (void *cls,
|
||||
const struct TALER_RsaPubHashP *h_rsa,
|
||||
const struct TALER_DenominationPublicKey *denom_pub,
|
||||
const struct TALER_SecurityModulePublicKeyP *sm_pub,
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig,
|
||||
bool age_restricted)
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig)
|
||||
{
|
||||
(void) cls;
|
||||
(void) sm_pub;
|
||||
(void) sm_sig;
|
||||
(void) age_restricted;
|
||||
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
|
||||
"Key notification about key %s in `%s'\n",
|
||||
GNUNET_h2s (&h_rsa->hash),
|
||||
@ -189,7 +186,6 @@ key_cb (void *cls,
|
||||
keys[i].validity_duration = validity_duration;
|
||||
TALER_denom_pub_deep_copy (&keys[i].denom_pub,
|
||||
denom_pub);
|
||||
/* FIXME-oec: take age_restriction into account!? */
|
||||
num_keys++;
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user