taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

implement #6161

Browse Source
This commit is contained in:
Christian Grothoff 2020-12-26 15:55:34 +01:00
parent 32da815427
commit 57c9054784
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
6 changed files with 127 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/auditor/Makefile.am
View File

@ -148,6 +148,7 @@ taler_auditor_httpd_LDADD = \
$(top_builddir)/src/util/libtalerutil.la \ $(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \ $(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \ $(top_builddir)/src/auditordb/libtalerauditordb.la \
$(top_builddir)/src/exchangedb/libtalerexchangedb.la \
-lmicrohttpd \ -lmicrohttpd \
-ljansson \ -ljansson \
-lgnunetjson \ -lgnunetjson \

17
src/auditor/taler-auditor-httpd.c
View File

@ -29,6 +29,7 @@
#include <sys/resource.h> #include <sys/resource.h>
#include "taler_mhd_lib.h" #include "taler_mhd_lib.h"
#include "taler_auditordb_lib.h" #include "taler_auditordb_lib.h"
#include "taler_exchangedb_lib.h"
#include "taler-auditor-httpd_deposit-confirmation.h" #include "taler-auditor-httpd_deposit-confirmation.h"
#include "taler-auditor-httpd_exchanges.h" #include "taler-auditor-httpd_exchanges.h"
#include "taler-auditor-httpd_mhd.h" #include "taler-auditor-httpd_mhd.h"
@ -69,6 +70,11 @@ static struct GNUNET_CONFIGURATION_Handle *cfg;
*/ */
struct TALER_AUDITORDB_Plugin *TAH_plugin; struct TALER_AUDITORDB_Plugin *TAH_plugin;
/**
* Our DB plugin to talk to the *exchange* database.
*/
struct TALER_EXCHANGEDB_Plugin *TAH_eplugin;
/** /**
* Public key of this auditor. * Public key of this auditor.
*/ */
@ -434,7 +440,14 @@ auditor_serve_process_config (void)
(TAH_plugin = TALER_AUDITORDB_plugin_load (cfg))) (TAH_plugin = TALER_AUDITORDB_plugin_load (cfg)))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to initialize DB subsystem\n"); "Failed to initialize DB subsystem to interact with auditor database\n");
return GNUNET_SYSERR;
}
if (NULL ==
(TAH_eplugin = TALER_EXCHANGEDB_plugin_load (cfg)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to initialize DB subsystem to query exchange database\n");
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
if (GNUNET_OK != if (GNUNET_OK !=
@ -729,6 +742,8 @@ main (int argc,
} }
TALER_AUDITORDB_plugin_unload (TAH_plugin); TALER_AUDITORDB_plugin_unload (TAH_plugin);
TAH_plugin = NULL; TAH_plugin = NULL;
TALER_EXCHANGEDB_plugin_unload (TAH_eplugin);
TAH_eplugin = NULL;
TEAH_DEPOSIT_CONFIRMATION_done (); TEAH_DEPOSIT_CONFIRMATION_done ();
return (GNUNET_SYSERR == ret) ? 1 : 0; return (GNUNET_SYSERR == ret) ? 1 : 0;
} }

6
src/auditor/taler-auditor-httpd.h
View File

@ -25,6 +25,7 @@
#include <microhttpd.h> #include <microhttpd.h>
#include "taler_auditordb_plugin.h" #include "taler_auditordb_plugin.h"
#include "taler_exchangedb_plugin.h"
/** /**
@ -32,6 +33,11 @@
*/ */
extern struct TALER_AUDITORDB_Plugin *TAH_plugin; extern struct TALER_AUDITORDB_Plugin *TAH_plugin;
/**
* Our DB plugin to talk to the *exchange* database.
*/
extern struct TALER_EXCHANGEDB_Plugin *TAH_eplugin;
/** /**
* @brief Struct describing an URL and the handler for it. * @brief Struct describing an URL and the handler for it.

38
src/auditor/taler-auditor-httpd_deposit-confirmation.c
View File

@ -35,7 +35,7 @@
/** /**
* Cache of already verified exchange signing keys. Maps the hash of the * Cache of already verified exchange signing keys. Maps the hash of the
* `struct TALER_ExchangeSigningKeyValidityPS` to the (static) string * `struct TALER_ExchangeSigningKeyValidityPS` to the (static) string
* "verified". Access to this map is guarded by the #lock. * "verified" or "revoked". Access to this map is guarded by the #lock.
*/ */
static struct GNUNET_CONTAINER_MultiHashMap *cache; static struct GNUNET_CONTAINER_MultiHashMap *cache;
@ -66,7 +66,7 @@ verify_and_execute_deposit_confirmation (
enum GNUNET_DB_QueryStatus qs; enum GNUNET_DB_QueryStatus qs;
struct GNUNET_TIME_Absolute now; struct GNUNET_TIME_Absolute now;
struct GNUNET_HashCode h; struct GNUNET_HashCode h;
int cached; const char *cached;
struct TALER_ExchangeSigningKeyValidityPS skv = { struct TALER_ExchangeSigningKeyValidityPS skv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY), .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)), .purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)),
@ -94,10 +94,9 @@ verify_and_execute_deposit_confirmation (
sizeof (skv), sizeof (skv),
&h); &h);
GNUNET_assert (0 == pthread_mutex_lock (&lock)); GNUNET_assert (0 == pthread_mutex_lock (&lock));
cached = GNUNET_CONTAINER_multihashmap_contains (cache, cached = GNUNET_CONTAINER_multihashmap_get (cache,
&h); &h);
GNUNET_assert (0 == pthread_mutex_unlock (&lock)); GNUNET_assert (0 == pthread_mutex_unlock (&lock));
session = TAH_plugin->get_session (TAH_plugin->cls); session = TAH_plugin->get_session (TAH_plugin->cls);
if (NULL == session) if (NULL == session)
{ {
@ -107,7 +106,7 @@ verify_and_execute_deposit_confirmation (
TALER_EC_GENERIC_DB_SETUP_FAILED, TALER_EC_GENERIC_DB_SETUP_FAILED,
NULL); NULL);
} }
if (! cached) if (NULL == cached)
{ {
/* Not in cache, need to verify the signature, persist it, and possibly cache it */ /* Not in cache, need to verify the signature, persist it, and possibly cache it */
if (GNUNET_OK != if (GNUNET_OK !=
@ -139,6 +138,32 @@ verify_and_execute_deposit_confirmation (
TALER_EC_GENERIC_DB_STORE_FAILED, TALER_EC_GENERIC_DB_STORE_FAILED,
"exchange signing key"); "exchange signing key");
} }
cached = "verified";
}
if (0 == strcmp (cached,
"verified"))
{
struct TALER_MasterSignatureP master_sig;
/* check for revocation */
qs = TAH_eplugin->lookup_signkey_revocation (TAH_eplugin->cls,
NULL,
&es->exchange_pub,
&master_sig);
if (0 > qs)
{
GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
TALER_LOG_WARNING (
"Failed to check for signing key revocation in database\n");
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
"exchange signing key revocation");
}
if (0 < qs)
cached = "revoked";
}
/* Cache it, due to concurreny it might already be in the cache, /* Cache it, due to concurreny it might already be in the cache,
so we do not cache it twice but also don't insist on the 'put' to so we do not cache it twice but also don't insist on the 'put' to
@ -146,10 +171,9 @@ verify_and_execute_deposit_confirmation (
GNUNET_assert (0 == pthread_mutex_lock (&lock)); GNUNET_assert (0 == pthread_mutex_lock (&lock));
(void) GNUNET_CONTAINER_multihashmap_put (cache, (void) GNUNET_CONTAINER_multihashmap_put (cache,
&h, &h,
"verified", (void *) cached,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
GNUNET_assert (0 == pthread_mutex_unlock (&lock)); GNUNET_assert (0 == pthread_mutex_unlock (&lock));
}
/* check deposit confirmation signature */ /* check deposit confirmation signature */
{ {

47
src/exchangedb/plugin_exchangedb_postgres.c
View File

@ -1555,6 +1555,13 @@ postgres_get_session (void *cls)
") VALUES " ") VALUES "
"($1, $2);", "($1, $2);",
2), 2),
/* used in #postgres_insert_signkey_revocation() */
GNUNET_PQ_make_prepare ("lookup_signkey_revocation",
"SELECT "
" master_sig"
" FROM signkey_revocations"
" WHERE exchange_pub=$1;",
1),
/* used in #postgres_insert_signkey() */ /* used in #postgres_insert_signkey() */
GNUNET_PQ_make_prepare ("insert_signkey", GNUNET_PQ_make_prepare ("insert_signkey",
"INSERT INTO exchange_sign_keys " "INSERT INTO exchange_sign_keys "
@ -8491,6 +8498,46 @@ postgres_insert_signkey_revocation (
} }
/**
* Obtain information about a revoked online signing key.
*
* @param cls closure
* @param session a session (can be NULL)
* @param exchange_pub exchange online signing key
* @param[out] master_sig set to signature affirming the revocation (if revoked)
* @return transaction status code
*/
static enum GNUNET_DB_QueryStatus
postgres_lookup_signkey_revocation (
void *cls,
struct TALER_EXCHANGEDB_Session *session,
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct TALER_MasterSignatureP *master_sig)
{
struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (exchange_pub),
GNUNET_PQ_query_param_end
};
struct GNUNET_PQ_ResultSpec rs[] = {
TALER_PQ_result_spec_auto_from_type ("master_sig",
master_sig),
GNUNET_PQ_result_spec_end
};
(void) cls;
if (NULL == session)
session = postgres_get_session (pg);
if (NULL == session)
return GNUNET_DB_STATUS_HARD_ERROR;
return GNUNET_PQ_eval_prepared_singleton_select (session->conn,
"lookup_signkey_revocation",
params,
rs);
}
/** /**
* Lookup information about current denomination key. * Lookup information about current denomination key.
* *

17
src/include/taler_exchangedb_plugin.h
View File

@ -3340,6 +3340,23 @@ struct TALER_EXCHANGEDB_Plugin
const struct TALER_MasterSignatureP *master_sig); const struct TALER_MasterSignatureP *master_sig);
/**
* Obtain information about a revoked online signing key.
*
* @param cls closure
* @param session a session (can be NULL)
* @param exchange_pub exchange online signing key that was revoked
* @param[out] master_sig signature affirming the revocation
* @return transaction status code
*/
enum GNUNET_DB_QueryStatus
(*lookup_signkey_revocation)(
void *cls,
struct TALER_EXCHANGEDB_Session *session,
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct TALER_MasterSignatureP *master_sig);
/** /**
* Lookup information about current denomination key. * Lookup information about current denomination key.
* *