re-enable cherry picking test (kind-of passes, not finished)

2020-12-20 17:10:01 +01:00 · 2020-12-20 17:10:01 +01:00 · 6a73629aee
commit 6a73629aee
parent 8e7b0f5f27
10 changed files with 157 additions and 375 deletions
--- a/src/testing/Makefile.am
+++ b/src/testing/Makefile.am
@ -130,6 +130,7 @@ check_PROGRAMS = \
  test_bank_api_with_pybank \
  test_bank_api_with_nexus \
  test_exchange_api \
  test_exchange_api_keys_cherry_picking \
  test_exchange_api_revocation \
  test_exchange_api_overlapping_keys_bug \
  test_exchange_management_api \
@ -142,8 +143,6 @@ if HAVE_TWISTER
    test_bank_api_with_pybank_twisted
 endif
 # test_exchange_api_keys_cherry_picking disabled for now:
 # needs to be rewritten as we no longer support /keys timetravel!
 TESTS = \
@ -373,8 +372,6 @@ EXTRA_DIST = \
  test_exchange_api.conf \
  test_exchange_api_twisted.conf \
  test_exchange_api_keys_cherry_picking.conf \
  test_exchange_api_keys_cherry_picking_extended.conf \
  test_exchange_api_keys_cherry_picking_extended_2.conf \
  test_exchange_api_expire_reserve_now.conf \
  test-taler-exchange-aggregator-postgres.conf \
  test-taler-exchange-wirewatch-postgres.conf
--- a/src/testing/test-taler-exchange-aggregator-postgres.conf
+++ b/src/testing/test-taler-exchange-aggregator-postgres.conf
@ -21,8 +21,6 @@ MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG
 # the tracking API.
 BASE_URL = "http://localhost:8081/"
 SIGNKEY_LEGAL_DURATION = 2 years
 [auditor]
 BASE_URL = "http://auditor.example.com/"
--- a/src/testing/test-taler-exchange-wirewatch-postgres.conf
+++ b/src/testing/test-taler-exchange-wirewatch-postgres.conf
@ -20,8 +20,6 @@ MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG
 # Expected base URL of the exchange.
 BASE_URL = "http://localhost:8081/"
 signkey_legal_duration = 2 years
 [exchangedb]
 # After how long do we close idle reserves?  The exchange
 # and the auditor must agree on this value.  We currently
@ -51,7 +49,6 @@ PORT = 8083
 # What is the account URL?
 PAYTO_URI = "payto://x-taler-bank/localhost/2"
 WIRE_GATEWAY_URL = "http://localhost:8082/2/"
 WIRE_GATEWAY_AUTH_METHOD = basic
 USERNAME = Exchange
 PASSWORD = x
--- a/src/testing/test_auditor_api.conf
+++ b/src/testing/test_auditor_api.conf
@ -20,13 +20,6 @@ TINY_AMOUNT = EUR:0.01
 [exchange]
 # how long is one signkey valid?
 signkey_duration = 4 weeks
 # how long are the signatures with the signkey valid?
 legal_duration = 2 years
 signkey_legal_duration = 2 years
 # HTTP port the exchange listens to
 PORT = 8081
@ -40,9 +33,6 @@ DB = postgres
 # exchange (or the twister) is actually listening.
 BASE_URL = "http://localhost:8081/"
 # Keep it short so the test runs fast.
 LOOKAHEAD_SIGN = 12 h
 [exchangedb-postgres]
 CONFIG = "postgres:///talercheck"
@ -51,10 +41,7 @@ CONFIG = "postgres:///talercheck"
 # Sections starting with "exchange-account-" configure the bank accounts
 # of the exchange.  The "URL" specifies the account in
-# payto://-format, while the WIRE_JSON specifies the
+# payto://-format.
 # (possibly offline) signed version to be returned in /wire.
 # WIRE_JSON is optional, as not all accounts must be
 # advertised in /wire.
 [exchange-account-1]
 # What is the URL of our account?
 PAYTO_URI = "payto://x-taler-bank/localhost/42"
--- a/src/testing/test_exchange_api.conf
+++ b/src/testing/test_exchange_api.conf
@ -24,17 +24,6 @@ PRIVACY_ETAG = 0
 TERMS_DIR = /home/grothoff/share/taler-exchange/tos/
 PRIVACY_DIR = /home/grothoff/share/taler-exchange/pp/
 # how long is one signkey valid?
 signkey_duration = 4 weeks
 # how long are the signatures with the signkey valid?
 legal_duration = 2 years
 signkey_legal_duration = 2 years
 # how long do we provide to clients denomination and signing keys
 # ahead of time?
 lookahead_provide = 4 weeks 1 day
 # HTTP port the exchange listens to
 PORT = 8081
@ -48,44 +37,29 @@ DB = postgres
 # exchange (or the twister) is actually listening.
 BASE_URL = "http://localhost:8081/"
 # Keep it short so the test runs fast.
 LOOKAHEAD_SIGN = 12 h
 [exchangedb-postgres]
 CONFIG = "postgres:///talercheck"
 [auditordb-postgres]
 CONFIG = "postgres:///talercheck"
 # Sections starting with "exchange-account-" configure the bank accounts
 # of the exchange.  The "URL" specifies the account in
-# payto://-format, while the WIRE_JSON specifies the
+# payto://-format.
 # (possibly offline) signed version to be returned in /wire.
 # WIRE_JSON is optional, as not all accounts must be
 # advertised in /wire.
 [exchange-account-1]
 # What is the URL of our account?
 PAYTO_URI = "payto://x-taler-bank/localhost/42"
 WIRE_GATEWAY_URL = "http://localhost:9081/42/"
 # ENABLE_CREDIT = YES
 [exchange-account-2]
 # What is the bank account (with the "Taler Bank" demo system)?
 PAYTO_URI = "payto://x-taler-bank/localhost/2"
 WIRE_GATEWAY_AUTH_METHOD = basic
 USERNAME = Exchange
 PASSWORD = x
 WIRE_GATEWAY_URL = "http://localhost:9081/2/"
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
 [bank]
--- a/src/testing/test_exchange_api_keys_cherry_picking.c
+++ b/src/testing/test_exchange_api_keys_cherry_picking.c
@ -1,6 +1,6 @@
 /*
  This file is part of TALER
-  Copyright (C) 2018 Taler Systems SA
+  Copyright (C) 2020 Taler Systems SA
  TALER is free software; you can redistribute it and/or modify it
  under the terms of the GNU General Public License as pub
@ -41,49 +41,6 @@ lished
 */
 #define CONFIG_FILE "test_exchange_api_keys_cherry_picking.conf"
 /**
 * Used to increase the number of denomination keys.
 */
 #define CONFIG_FILE_EXTENDED \
  "test_exchange_api_keys_cherry_picking_extended.conf"
 /**
 * Used to increase the number of denomination keys.
 */
 #define CONFIG_FILE_EXTENDED_2 \
  "test_exchange_api_keys_cherry_picking_extended_2.conf"
 #define NDKS_RIGHT_BEFORE_SERIALIZATION 40
 /**
 * Add seconds.
 *
 * @param base absolute time to add seconds to.
 * @param relative number of seconds to add.
 * @return a new absolute time, modified according to @e relative.
 */
 #define ADDSECS(base, secs) \
  GNUNET_TIME_absolute_add \
    (base, \
    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, \
                                   secs))
 /**
 * Subtract seconds.
 *
 * @param base absolute time to subtract seconds to.
 * @param secs relative number of _seconds_ to subtract.
 * @return a new absolute time, modified according to @e relative.
 */
 #define SUBSECS(base, secs) \
  GNUNET_TIME_absolute_subtract \
    (base, \
    GNUNET_TIME_relative_multiply (GNUNET_TIME_UNIT_SECONDS, \
                                   secs))
 #define JAN1971 "1971-01-01"
 #define JAN2030 "2030-01-01"
 /**
 * Exchange configuration data.
 */
@ -91,26 +48,7 @@ static struct TALER_TESTING_ExchangeConfiguration ec;
 /**
- * Wrapper around the time parser.
+ * Main function that will tell the interpreter what commands to run.
 *
 * @param str human-readable time string.
 * @return the parsed time from @a str.
 */
 static struct GNUNET_TIME_Absolute
 TTH_parse_time (const char *str)
 {
  struct GNUNET_TIME_Absolute ret;
  GNUNET_assert
    (GNUNET_OK == GNUNET_STRINGS_fancy_time_to_absolute (str,
                                                         &ret));
  return ret;
 }
 /**
 * Main function that will tell the interpreter what commands to
 * run.
 *
 * @param cls closure
 * @param is[in,out] interpreter state
@ -119,92 +57,6 @@ static void
 run (void *cls,
     struct TALER_TESTING_Interpreter *is)
 {
  struct TALER_TESTING_Command keys_serialization[] = {
    TALER_TESTING_cmd_serialize_keys
      ("serialize-keys"),
    TALER_TESTING_cmd_connect_with_state
      ("reconnect-with-state",
      "serialize-keys"),
    /**
     * Make sure we have the same keys situation as
     * it was before the serialization.
     */
    TALER_TESTING_cmd_check_keys_with_now (
      "check-keys-after-deserialization",
      4,
      NDKS_RIGHT_BEFORE_SERIALIZATION,
      /**
       * Pretend 5 seconds passed.
       */
      ADDSECS (TTH_parse_time (JAN2030),
               5)),
    /**
     * Use one of the deserialized keys.
     */
    TALER_TESTING_cmd_wire
      ("verify-/wire-with-serialized-keys",
      "x-taler-bank",
      NULL,
      MHD_HTTP_OK),
    TALER_TESTING_cmd_end (),
  };
  struct TALER_TESTING_Command ordinary_cherry_pick[] = {
    /**
     * 1 DK with 80s withdraw duration, lookahead_sign is 60s
     * => expect 1 DK.
     */
    TALER_TESTING_cmd_check_keys ("check-keys-1",
                                  1, /* generation */
                                  1),
    /**
     * The far-future now will cause "keyup" to start a fresh
     * key set.  The new KS will have only one key, because the
     * current lookahead_sign == 60 seconds and the key's withdraw
     * duration is 80 seconds.
     *///
    TALER_TESTING_cmd_exec_keyup_with_now ("keyup-1",
                                           CONFIG_FILE,
                                           TTH_parse_time (JAN2030)),
    /**
     * Should return 1 new key, + the original one.  NOTE: the
     * original DK will never be 'cancelled' as for the current
     * libtalerexchange logic, so it must always be counted.
     *///
    TALER_TESTING_cmd_check_keys_with_now ("check-keys-2",
                                           2, /* generation */
                                           2,
                                           TTH_parse_time (JAN2030)),
    TALER_TESTING_cmd_exec_keyup_with_now
      ("keyup-3",
      CONFIG_FILE_EXTENDED_2,
      /* Taking care of not using a 'now' that equals the
       * last DK timestamp, otherwise it would get silently
       * overridden.  */
      ADDSECS (TTH_parse_time (JAN2030),
               10)),
    /**
     * Expected number of DK:
     *
     * 3000 (the lookahead_sign time frame, in seconds)
     * - 69 (how many seconds are covered by the latest DK, 79s - 10s already past)
     * ----
     * 2931
     * / 79 (how many seconds each DK will cover, 80-1)
     * ----
     *   38 (rounded up)
     *  + 2 (old DKs already stored locally: 1 from the
     *       very initial setup, and 1 from the 'keyup-1' CMD)
     * ----
     *   40
     *///
    TALER_TESTING_cmd_check_keys_with_now (
      "check-keys-3",
      3 /* generation */,
      NDKS_RIGHT_BEFORE_SERIALIZATION,
      TTH_parse_time (JAN2030)),
    TALER_TESTING_cmd_end ()
  };
  struct TALER_TESTING_Command commands[] = {
    TALER_TESTING_cmd_auditor_add ("add-auditor-OK",
                                   MHD_HTTP_NO_CONTENT,
@ -213,15 +65,37 @@ run (void *cls,
                                "payto://x-taler-bank/localhost/2",
                                MHD_HTTP_NO_CONTENT,
                                false),
    TALER_TESTING_cmd_exec_offline_sign_fees ("offline-sign-fees",
                                              CONFIG_FILE,
                                              "EUR:0.01",
                                              "EUR:0.01"),
    TALER_TESTING_cmd_exec_offline_sign_keys ("offline-sign-future-keys",
                                              CONFIG_FILE),
-    TALER_TESTING_cmd_check_keys_pull_all_keys ("refetch /keys",
+    TALER_TESTING_cmd_check_keys_pull_all_keys ("initial-/keys",
-                                                1,
+                                                1),
-                                                1 /* FIXME: wrong number... */),
+    TALER_TESTING_cmd_sleep ("sleep",
-    TALER_TESTING_cmd_batch ("ordinary-cherry-pick",
+                             6 /* seconds */),
-                             ordinary_cherry_pick),
+    TALER_TESTING_cmd_check_keys ("check-keys-1",
-    TALER_TESTING_cmd_batch ("keys-serialization",
+                                  2 /* generation */),
-                             keys_serialization),
+    TALER_TESTING_cmd_check_keys_with_last_denom ("check-keys-2",
                                                  3 /* generation */,
                                                  "check-keys-1"),
    TALER_TESTING_cmd_serialize_keys ("serialize-keys"),
    TALER_TESTING_cmd_connect_with_state ("reconnect-with-state",
                                          "serialize-keys"),
    /**
     * Make sure we have the same keys situation as
     * it was before the serialization.
     */
    TALER_TESTING_cmd_check_keys ("check-keys-after-deserialization",
                                  4),
    /**
     * Use one of the deserialized keys.
     */
    TALER_TESTING_cmd_wire ("wire-with-serialized-keys",
                            "x-taler-bank",
                            NULL,
                            MHD_HTTP_OK),
    TALER_TESTING_cmd_end ()
  };
--- a/src/testing/test_exchange_api_keys_cherry_picking.conf
+++ b/src/testing/test_exchange_api_keys_cherry_picking.conf
@ -24,25 +24,6 @@ BASE_URL = "http://localhost:8083/"
 PORT = 8083
 [exchange]
 # how long is one signkey valid?
 signkey_duration = 5 seconds
 # how long are the signatures with the signkey valid?
 legal_duration = 2 years
 signkey_legal_duration = 2 years
 # This value causes keys to be *RETURNED* in a /keys response.
 # It's a relative time that materializes always in now+itsvalue.
 # We keep it very high, so as to not introduce divergencies between
 # keys that have been created and keys that are returned along /keys.
 lookahead_provide = 10000 seconds
 # This value causes keys to be *CREATED*.  The rule is that
 # at any given time there are always N keys whose all the withdraw
 # durations sum up to a time window as big as lookahead_sign.
 lookahead_sign = 60 s
 # HTTP port the exchange listens to
 PORT = 8081
@ -63,48 +44,38 @@ CONFIG = "postgres:///talercheck"
 [auditordb-postgres]
 CONFIG = "postgres:///talercheck"
 [exchange-account-1]
 # This is the response we give out for the /wire request.  It provides
 # wallets with the bank information for transfers to the exchange.
 WIRE_RESPONSE = ${TALER_CONFIG_HOME}/iban.json
 # What is the URL of our bank account? Must match WIRE_RESPONSE above!
 PAYTO_URI = payto://x-taler-bank/localhost/42
 WIRE_GATEWAY_URL = "http://localhost:9082/42/"
 [exchange-account-2]
 # This is the response we give out for the /wire request.  It provides
 # wallets with the bank information for transfers to the exchange.
 WIRE_RESPONSE = ${TALER_CONFIG_HOME}/x-taler-bank.json
 # What is the URL of our bank account? Must match WIRE_RESPONSE above!
 PAYTO_URI = payto://x-taler-bank/localhost/2
 WIRE_GATEWAY_URL = "http://localhost:9082/2/"
 # Authentication information for basic authentication
 TALER_BANK_AUTH_METHOD = "basic"
 USERNAME = user
 PASSWORD = pass
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
 [bank]
 HTTP_PORT=8082
-[exchangedb]
+[taler-helper-crypto-rsa]
-duration_overlap = 1 s
+OVERLAP_DURATION = 1 s
 LOOKAHEAD_SIGN = 20 s
 [taler-helper-crypto-eddsa]
 OVERLAP_DURATION = 1 s
 DURATION = 30 s
 LOOKAHEAD_SIGN = 20 s
 [coin_eur_1]
 value = EUR:1
-duration_withdraw = 80 s
+duration_withdraw = 5 s
-duration_spend = 80 s
+duration_spend = 6 s
-duration_legal = 60 s
+duration_legal = 7 s
 fee_withdraw = EUR:0.01
 fee_deposit = EUR:0.01
 fee_refresh = EUR:0.03
--- a/src/testing/test_exchange_api_overlapping_keys_bug.c
+++ b/src/testing/test_exchange_api_overlapping_keys_bug.c
@ -87,7 +87,7 @@ run (void *cls,
    /* Causes GET /keys?last_denom_issue=0 */
    TALER_TESTING_cmd_check_keys_with_last_denom ("second-download",
                                                  1,
-                                                  GNUNET_TIME_UNIT_ZERO_ABS),
+                                                  "zero"),
    TALER_TESTING_cmd_end ()
  };
--- a/src/testing/test_exchange_api_twisted.conf
+++ b/src/testing/test_exchange_api_twisted.conf
@ -9,21 +9,6 @@ CURRENCY = EUR
 CURRENCY_ROUND_UNIT = EUR:0.01
 [exchange]
 # how long is one signkey valid?
 SIGNKEY_DURATION = 4 weeks
 # how long are the signatures with the signkey valid?
 LEGAL_DURATION = 2 years
 signkey_legal_duration = 2 years
 # how long do we provide to clients denomination and signing keys
 # ahead of time?
 LOOKAHEAD_PROVIDE = 4 weeks 1 day
 # Keep it short so the test runs fast.
 LOOKAHEAD_SIGN = 12 h
 # HTTP port the exchange listens to
 PORT = 8081
@ -40,29 +25,22 @@ DB = postgres
 # only seeks the exchange/BASE_URL URL to connect to the exchange.
 BASE_URL = "http://localhost:8888/"
 [exchangedb-postgres]
 CONFIG = "postgres:///talercheck"
 [auditor]
 BASE_URL = "http://localhost:8083/"
 PORT = 8083
 [auditordb-postgres]
 CONFIG = "postgres:///talercheck"
 [exchange-account-1]
 # What is the URL of our account?
 PAYTO_URI = "payto://x-taler-bank/localhost/42"
 # This is the response we give out for the /wire request.  It provides
 # wallets with the bank information for transfers to the exchange.
 WIRE_GATEWAY_URL = "http://localhost:9081/42/"
 WIRE_GATEWAY_AUTH_METHOD = NONE
 [exchange-account-2]
 PAYTO_URI = payto://x-taler-bank/localhost/2
 WIRE_GATEWAY_URL = "http://localhost:8082/2/"
@ -72,11 +50,9 @@ PASSWORD = pass
 ENABLE_DEBIT = YES
 ENABLE_CREDIT = YES
 [bank]
 HTTP_PORT = 8082
 [twister]
 # HTTP listen port for twister
 HTTP_PORT = 8888
--- a/src/testing/testing_api_cmd_check_keys.c
+++ b/src/testing/testing_api_cmd_check_keys.c
@ -1,6 +1,6 @@
 /*
  This file is part of TALER
-  (C) 2018 Taler Systems SA
+  (C) 2018, 2020 Taler Systems SA
  TALER is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as
@ -18,15 +18,9 @@
 */
 /**
 * @file testing/testing_api_cmd_check_keys.c
- * @brief Implementation of "check keys" test command.  XXX-NOTE:
+ * @brief Implementation of "check keys" test command.
 *        the number of 'expected keys' is NOT the number of the
 *        downloaded keys, but rather the number of keys that the
 *        libtalerutil library keeps locally.  As for the current
 *        design, keys are _never_ discarded by the library,
 *        therefore their (expected) number is monotonically
 *        ascending.
 *
 * @author Marcello Stanisci
 * @author Christian Grothoff
 */
 #include "platform.h"
 #include "taler_json_lib.h"
@ -47,37 +41,21 @@ struct CheckKeysState
  unsigned int generation;
  /**
-   * If this value is GNUNET_YES, then the "cherry
+   * If this value is true, then the "cherry
   * picking" facility is turned off; whole /keys is
   * downloaded.
   */
-  unsigned int pull_all_keys;
+  bool pull_all_keys;
  /**
-   * If GNUNET_YES, then the user must specify the
+   * Label of a command to use to derive the "last_denom_issue" date to use.
   * last_denom_issue_date manually.  This way, it is possible
   * to force whatever X value here (including 0): /keys?last_denom_issue=X.
   */
-  unsigned int set_last_denom;
+  const char *last_denom_date_ref;
  /**
-   * Value X to set as the URL parameter:
+   * Last denomination date we received when doing this request.
   * "/keys?last_denom_issue=X" is used only when `set_last_denom'
   * equals #GNUNET_YES.
   */
-  struct GNUNET_TIME_Absolute last_denom_date;
+  struct GNUNET_TIME_Absolute my_denom_date;
  /**
   * If #GNUNET_YES, then we'll provide the "/keys" request.
   * with the "now" argument.
   */
  int with_now;
  /**
   * Fake now as passed by the user.
   */
  struct GNUNET_TIME_Absolute now;
 };
@ -100,58 +78,74 @@ check_keys_run (void *cls,
              cmd->label,
              is->ip,
              is->key_generation);
  if (is->key_generation < cks->generation)
  {
    struct GNUNET_TIME_Absolute rdate;
    is->working = GNUNET_NO;
    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
                "Triggering GET /keys, cmd `%s'\n",
                cmd->label);
-
+    if (NULL != cks->last_denom_date_ref)
    if (GNUNET_YES == cks->set_last_denom)
    {
-      TALER_LOG_DEBUG ("Forcing last_denom_date URL argument\n");
+      if (0 == strcmp ("zero",
                       cks->last_denom_date_ref))
      {
        TALER_LOG_DEBUG ("Forcing last_denom_date URL argument set to zero\n");
        TALER_EXCHANGE_set_last_denom (is->exchange,
-                                     cks->last_denom_date);
+                                       GNUNET_TIME_UNIT_ZERO_ABS);
      }
-
+      else
-    if (GNUNET_YES == cks->with_now)
+      {
-      TALER_EXCHANGE_set_now (is->exchange,
+        const struct GNUNET_TIME_Absolute *last_denom_date;
-                              cks->now);
+        const struct TALER_TESTING_Command *ref;
-    /* Redownload /keys.  */
+
-    GNUNET_break
+        ref = TALER_TESTING_interpreter_lookup_command (is,
-      (0 == TALER_EXCHANGE_check_keys_current
+                                                        cks->last_denom_date_ref);
-        (is->exchange,
+        if (NULL == ref)
        cks->pull_all_keys
        ? TALER_EXCHANGE_CKF_FORCE_ALL_NOW
        : TALER_EXCHANGE_CKF_FORCE_DOWNLOAD).abs_value_us);
    return;
  }
 #if 0
  /**
   * Not sure this check makes sense: GET /keys is performed on
   * a "maybe" basis, so it can get quite hard to track /keys
   * request.  Rather, this CMD should just check if /keys was
   * requested AT LEAST n times before going ahead with checks.
   *///
  if (is->key_generation > cks->generation)
        {
    /* We got /keys too often, strange. Fatal. May theoretically
       happen if somehow we were really unlucky and /keys expired
       "naturally", but obviously with a sane configuration this
       should also not be. */
          GNUNET_break (0);
    TALER_LOG_ERROR ("Acutal- vs expected key"
                     " generation: %u vs %u\n",
                     is->key_generation,
                     cks->generation);
          TALER_TESTING_interpreter_fail (is);
          return;
        }
-#endif
+        if (GNUNET_OK !=
-  /* Let's unset the fake now before moving on.  */
+            TALER_TESTING_get_trait_absolute_time (ref,
-  TALER_EXCHANGE_unset_now (is->exchange);
+                                                   0,
                                                   &last_denom_date))
        {
          GNUNET_break (0);
          TALER_TESTING_interpreter_fail (is);
          return;
        }
        TALER_LOG_DEBUG ("Forcing last_denom_date URL argument\n");
        TALER_EXCHANGE_set_last_denom (is->exchange,
                                       *last_denom_date);
      }
    }
    rdate = TALER_EXCHANGE_check_keys_current (
      is->exchange,
      cks->pull_all_keys
      ? TALER_EXCHANGE_CKF_FORCE_ALL_NOW
      : TALER_EXCHANGE_CKF_FORCE_DOWNLOAD);
    /* Redownload /keys.  */
    GNUNET_break (0 ==
                  rdate.abs_value_us);
    return;
  }
  {
    const struct TALER_EXCHANGE_Keys *keys;
    keys = TALER_EXCHANGE_get_keys (is->exchange);
    if (NULL == keys)
    {
      GNUNET_break (0);
      TALER_TESTING_interpreter_fail (is);
      return;
    }
    cks->my_denom_date = keys->last_denom_issue_date;
  }
  TALER_TESTING_interpreter_next (is);
 }
@ -173,28 +167,34 @@ check_keys_cleanup (void *cls,
 }
-struct TALER_TESTING_Command
+/**
-TALER_TESTING_cmd_check_keys_with_last_denom (
+ * Offer internal data to a "check_keys" CMD state to other
-  const char *label,
+ * commands.
-  unsigned int generation,
+ *
-  struct GNUNET_TIME_Absolute last_denom_date)
+ * @param cls closure
 * @param[out] ret result (could be anything)
 * @param trait name of the trait
 * @param index index number of the object to offer.
 * @return #GNUNET_OK on success
 */
 static int
 check_keys_traits (void *cls,
                   const void **ret,
                   const char *trait,
                   unsigned int index)
 {
-  struct CheckKeysState *cks;
+  struct CheckKeysState *cks = cls;
-
+  struct TALER_TESTING_Trait traits[] = {
-  cks = GNUNET_new (struct CheckKeysState);
+    /* history entry MUST be first due to response code logic below! */
-  cks->generation = generation;
+    TALER_TESTING_make_trait_absolute_time (0,
-  cks->set_last_denom = GNUNET_YES;
+                                            &cks->my_denom_date),
-  cks->last_denom_date = last_denom_date;
+    TALER_TESTING_trait_end ()
  {
    struct TALER_TESTING_Command cmd = {
      .cls = cks,
      .label = label,
      .run = &check_keys_run,
      .cleanup = &check_keys_cleanup
  };
-    return cmd;
+  return TALER_TESTING_get_trait (traits,
-  }
+                                  ret,
                                  trait,
                                  index);
 }
@ -211,7 +211,8 @@ TALER_TESTING_cmd_check_keys (const char *label,
      .cls = cks,
      .label = label,
      .run = &check_keys_run,
-      .cleanup = &check_keys_cleanup
+      .cleanup = &check_keys_cleanup,
      .traits = &check_keys_traits
    };
    return cmd;
@ -223,21 +224,28 @@ struct TALER_TESTING_Command
 TALER_TESTING_cmd_check_keys_pull_all_keys (const char *label,
                                            unsigned int generation)
 {
-  struct CheckKeysState *cks;
+  struct TALER_TESTING_Command cmd
-
+    = TALER_TESTING_cmd_check_keys (label,
-  cks = GNUNET_new (struct CheckKeysState);
+                                    generation);
-  cks->generation = generation;
+  struct CheckKeysState *cks = cmd.cls;
  cks->pull_all_keys = GNUNET_YES;
  {
    struct TALER_TESTING_Command cmd = {
      .cls = cks,
      .label = label,
      .run = &check_keys_run,
      .cleanup = &check_keys_cleanup
    };
  cks->pull_all_keys = true;
  return cmd;
 }
 struct TALER_TESTING_Command
 TALER_TESTING_cmd_check_keys_with_last_denom (
  const char *label,
  unsigned int generation,
  const char *last_denom_date_ref)
 {
  struct TALER_TESTING_Command cmd
    = TALER_TESTING_cmd_check_keys (label,
                                    generation);
  struct CheckKeysState *cks = cmd.cls;
  cks->last_denom_date_ref = last_denom_date_ref;
  return cmd;
  }
 }