From 6e3765d85253867fcc8cb6409ac65d0dd637c479 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 10 Mar 2020 18:51:08 +0100 Subject: [PATCH] more careful use of TALER_JSON_get_error_code(), limit to cases where we expect to get one --- src/include/taler_error_codes.h | 50 +++++++++++++++---- src/lib/auditor_api_deposit_confirmation.c | 15 ++++-- src/lib/exchange_api_deposit.c | 18 +++++-- src/lib/exchange_api_deposits_get.c | 14 +++++- src/lib/exchange_api_melt.c | 28 +++++++++-- src/lib/exchange_api_refund.c | 19 +++++-- .../test_exchange_api_keys_cherry_picking.c | 22 ++++---- ...ge_api_keys_cherry_picking_extended_2.conf | 4 +- 8 files changed, 132 insertions(+), 38 deletions(-) diff --git a/src/include/taler_error_codes.h b/src/include/taler_error_codes.h index 1c48fe333..446804449 100644 --- a/src/include/taler_error_codes.h +++ b/src/include/taler_error_codes.h @@ -213,7 +213,7 @@ enum TALER_ErrorCode TALER_EC_COINS_INVALID_COIN_PUB = 1050, /** - * The public key of given to a /reserves/ handler was malformed. + * The reserve key of given to a /reserves/ handler was malformed. */ TALER_EC_RESERVES_INVALID_RESERVE_PUB = 1051, @@ -223,33 +223,37 @@ enum TALER_ErrorCode TALER_EC_TRANSFERS_INVALID_WTID = 1052, /** - * The hash of the wire details of given to a /deposits/ handler was - * malformed. + * The wire hash of given to a /deposits/ handler was malformed. */ TALER_EC_DEPOSITS_INVALID_H_WIRE = 1053, /** - * The merchant public key given to a /deposits/ handler was - * malformed. + * The merchant key of given to a /deposits/ handler was malformed. */ TALER_EC_DEPOSITS_INVALID_MERCHANT_PUB = 1054, /** - * The hash of the contract given to a /deposits/ handler was + * The hash of the contract terms given to a /deposits/ handler was * malformed. */ TALER_EC_DEPOSITS_INVALID_H_CONTRACT_TERMS = 1055, /** - * The coin public key given to a /deposits/ handler was malformed. + * The coin public key of given to a /deposits/ handler was malformed. */ - TALER_EC_DEPOSITS_INVALID_COIN_PUB = 1056, + TALER_EC_DEPOSTIS_INVALID_COIN_PUB = 1056, /** - * The hash of the refresh commitment given to a /refreshes/ handler - * was malformed. + * The body returned by the exchange for a /deposits/ request was + * malformed. Error created client-side. */ - TALER_EC_REFRESHES_INVALID_RCH = 1057, + TALER_EC_DEPOSITS_INVALID_BODY_BY_EXCHANGE = 1057, + + /** + * The signature returned by the exchange in a /deposits/ request was + * malformed. Error created client-side. + */ + TALER_EC_DEPOSITS_INVALID_SIGNATURE_BY_EXCHANGE = 1058, /** * The given reserve does not have sufficient funds to admit the @@ -511,6 +515,12 @@ enum TALER_ErrorCode */ TALER_EC_DEPOSIT_DENOMINATION_EXPIRED = 1220, + /** + * The signature provided by the exchange is not valid. Error created + * client-side. + */ + TALER_EC_DEPOSIT_INVALID_SIGNATURE_BY_EXCHANGE = 1221, + /** * The respective coin did not have sufficient residual value for the * /refresh/melt operation. The "history" in this response provdes @@ -584,6 +594,12 @@ enum TALER_ErrorCode */ TALER_EC_REFRESH_MELT_COIN_EXPIRED_NO_ZOMBIE = 1309, + /** + * The signature returned by the exchange in a melt request was + * malformed. Error created client-side. + */ + TALER_EC_MELT_INVALID_SIGNATURE_BY_EXCHANGE = 1310, + /** * The exchange is unaware of the denomination key that was used to * sign the melted zombie coin. This response is provided with HTTP @@ -709,6 +725,12 @@ enum TALER_ErrorCode */ TALER_EC_REFRESH_REVEAL_KEYS_MISSING = 1383, + /** + * The refresh session hash given to a /refreshes/ handler was + * malformed. + */ + TALER_EC_REFRESHES_INVALID_RCH = 1384, + /** * The coin specified in the link request is unknown to the exchange. * This response is provided with HTTP status code MHD_HTTP_NOT_FOUND. @@ -821,6 +843,12 @@ enum TALER_ErrorCode */ TALER_EC_REFUND_MERCHANT_SIGNING_FAILED = 1514, + /** + * The signature returned by the exchange in a refund request was + * malformed. Error created client-side. + */ + TALER_EC_REFUND_INVALID_SIGNATURE_BY_EXCHANGE = 1515, + /** * The wire format specified in the "sender_account_details" is not * understood or not supported by this exchange. Returned with an HTTP diff --git a/src/lib/auditor_api_deposit_confirmation.c b/src/lib/auditor_api_deposit_confirmation.c index ddaf9b7cd..0aa9ff731 100644 --- a/src/lib/auditor_api_deposit_confirmation.c +++ b/src/lib/auditor_api_deposit_confirmation.c @@ -87,43 +87,52 @@ handle_deposit_confirmation_finished (void *cls, { const json_t *json = djson; struct TALER_AUDITOR_DepositConfirmationHandle *dh = cls; + enum TALER_ErrorCode ec; dh->job = NULL; switch (response_code) { case 0: + ec = TALER_EC_INVALID_RESPONSE; break; case MHD_HTTP_OK: + ec = TALER_EC_NONE; break; case MHD_HTTP_BAD_REQUEST: + ec = TALER_JSON_get_error_code (json); /* This should never happen, either us or the auditor is buggy (or API version conflict); just pass JSON reply to the application */ break; case MHD_HTTP_FORBIDDEN: + ec = TALER_JSON_get_error_code (json); /* Nothing really to verify, auditor says one of the signatures is invalid; as we checked them, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_NOT_FOUND: + ec = TALER_JSON_get_error_code (json); /* Nothing really to verify, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_INTERNAL_SERVER_ERROR: + ec = TALER_JSON_get_error_code (json); /* Server had an internal issue; we should retry, but this API leaves this to the application */ break; default: /* unexpected response code */ + ec = TALER_JSON_get_error_code (json); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - (unsigned int) response_code); + "Unexpected response code %u/%d\n", + (unsigned int) response_code, + ec); GNUNET_break (0); response_code = 0; break; } dh->cb (dh->cb_cls, response_code, - TALER_JSON_get_error_code (json), + ec, json); TALER_AUDITOR_deposit_confirmation_cancel (dh); } diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c index 928a378b2..a47790f95 100644 --- a/src/lib/exchange_api_deposit.c +++ b/src/lib/exchange_api_deposit.c @@ -301,11 +301,13 @@ handle_deposit_finished (void *cls, struct TALER_ExchangeSignatureP *es = NULL; struct TALER_ExchangePublicKeyP *ep = NULL; const json_t *j = response; + enum TALER_ErrorCode ec; dh->job = NULL; switch (response_code) { case 0: + ec = TALER_EC_INVALID_RESPONSE; break; case MHD_HTTP_OK: if (GNUNET_OK != @@ -316,52 +318,62 @@ handle_deposit_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_DEPOSIT_INVALID_SIGNATURE_BY_EXCHANGE; } else { es = &exchange_sig; ep = &exchange_pub; + ec = TALER_EC_NONE; } break; case MHD_HTTP_BAD_REQUEST: /* This should never happen, either us or the exchange is buggy (or API version conflict); just pass JSON reply to the application */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_CONFLICT: /* Double spending; check signatures on transaction history */ + ec = TALER_JSON_get_error_code (j); if (GNUNET_OK != verify_deposit_signature_forbidden (dh, j)) { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_DEPOSIT_INVALID_SIGNATURE_BY_EXCHANGE; } break; case MHD_HTTP_FORBIDDEN: + ec = TALER_JSON_get_error_code (j); /* Nothing really to verify, exchange says one of the signatures is invalid; as we checked them, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_NOT_FOUND: + ec = TALER_JSON_get_error_code (j); /* Nothing really to verify, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_INTERNAL_SERVER_ERROR: + ec = TALER_JSON_get_error_code (j); /* Server had an internal issue; we should retry, but this API leaves this to the application */ break; default: /* unexpected response code */ + ec = TALER_JSON_get_error_code (j); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - (unsigned int) response_code); + "Unexpected response code %u/%d\n", + (unsigned int) response_code, + ec); GNUNET_break (0); response_code = 0; break; } dh->cb (dh->cb_cls, response_code, - TALER_JSON_get_error_code (j), + ec, es, ep, j); diff --git a/src/lib/exchange_api_deposits_get.c b/src/lib/exchange_api_deposits_get.c index bfacd1781..020250134 100644 --- a/src/lib/exchange_api_deposits_get.c +++ b/src/lib/exchange_api_deposits_get.c @@ -151,11 +151,13 @@ handle_deposit_wtid_finished (void *cls, struct TALER_ExchangePublicKeyP exchange_pub; struct TALER_ExchangePublicKeyP *ep = NULL; const json_t *j = response; + enum TALER_ErrorCode ec; dwh->job = NULL; switch (response_code) { case 0: + ec = TALER_EC_INVALID_RESPONSE; break; case MHD_HTTP_OK: { @@ -173,6 +175,7 @@ handle_deposit_wtid_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_DEPOSITS_INVALID_BODY_BY_EXCHANGE; break; } wtid = &dwh->depconf.wtid; @@ -187,10 +190,12 @@ handle_deposit_wtid_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_DEPOSITS_INVALID_SIGNATURE_BY_EXCHANGE; } else { ep = &exchange_pub; + ec = TALER_EC_NONE; } } break; @@ -209,24 +214,30 @@ handle_deposit_wtid_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_DEPOSITS_INVALID_BODY_BY_EXCHANGE; break; } + ec = TALER_EC_NONE; } break; case MHD_HTTP_BAD_REQUEST: + ec = TALER_JSON_get_error_code (j); /* This should never happen, either us or the exchange is buggy (or API version conflict); just pass JSON reply to the application */ break; case MHD_HTTP_FORBIDDEN: + ec = TALER_JSON_get_error_code (j); /* Nothing really to verify, exchange says one of the signatures is invalid; as we checked them, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_NOT_FOUND: + ec = TALER_JSON_get_error_code (j); /* Exchange does not know about transaction; we should pass the reply to the application */ break; case MHD_HTTP_INTERNAL_SERVER_ERROR: + ec = TALER_JSON_get_error_code (j); /* Server had an internal issue; we should retry, but this API leaves this to the application */ break; @@ -236,12 +247,13 @@ handle_deposit_wtid_finished (void *cls, "Unexpected response code %u\n", (unsigned int) response_code); GNUNET_break (0); + ec = TALER_JSON_get_error_code (j); response_code = 0; break; } dwh->cb (dwh->cb_cls, response_code, - TALER_JSON_get_error_code (j), + ec, ep, j, wtid, diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c index 39d9d4e03..621e9e1df 100644 --- a/src/lib/exchange_api_melt.c +++ b/src/lib/exchange_api_melt.c @@ -267,11 +267,13 @@ handle_melt_finished (void *cls, uint32_t noreveal_index = TALER_CNC_KAPPA; /* invalid value */ struct TALER_ExchangePublicKeyP exchange_pub; const json_t *j = response; + enum TALER_ErrorCode ec; mh->job = NULL; switch (response_code) { case 0: + ec = TALER_EC_INVALID_RESPONSE; break; case MHD_HTTP_OK: if (GNUNET_OK != @@ -282,19 +284,27 @@ handle_melt_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_MELT_INVALID_SIGNATURE_BY_EXCHANGE; + } + else + { + ec = TALER_EC_NONE; } if (NULL != mh->melt_cb) { mh->melt_cb (mh->melt_cb_cls, response_code, - TALER_JSON_get_error_code (j), + ec, noreveal_index, - (0 == response_code) ? NULL : &exchange_pub, + (0 == response_code) + ? NULL + : &exchange_pub, j); mh->melt_cb = NULL; } break; case MHD_HTTP_BAD_REQUEST: + ec = TALER_JSON_get_error_code (j); /* This should never happen, either us or the exchange is buggy (or API version conflict); just pass JSON reply to the application */ break; @@ -306,26 +316,34 @@ handle_melt_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_MELT_INVALID_SIGNATURE_BY_EXCHANGE; } + else + ec = TALER_EC_NONE; break; case MHD_HTTP_FORBIDDEN: + ec = TALER_JSON_get_error_code (j); /* Nothing really to verify, exchange says one of the signatures is invalid; assuming we checked them, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_NOT_FOUND: + ec = TALER_JSON_get_error_code (j); /* Nothing really to verify, this should never happen, we should pass the JSON reply to the application */ break; case MHD_HTTP_INTERNAL_SERVER_ERROR: + ec = TALER_JSON_get_error_code (j); /* Server had an internal issue; we should retry, but this API leaves this to the application */ break; default: /* unexpected response code */ + ec = TALER_JSON_get_error_code (j); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - (unsigned int) response_code); + "Unexpected response code %u/%d\n", + (unsigned int) response_code, + ec); GNUNET_break (0); response_code = 0; break; @@ -333,7 +351,7 @@ handle_melt_finished (void *cls, if (NULL != mh->melt_cb) mh->melt_cb (mh->melt_cb_cls, response_code, - TALER_JSON_get_error_code (j), + ec, UINT32_MAX, NULL, j); diff --git a/src/lib/exchange_api_refund.c b/src/lib/exchange_api_refund.c index d14481e7b..826c39b17 100644 --- a/src/lib/exchange_api_refund.c +++ b/src/lib/exchange_api_refund.c @@ -145,11 +145,13 @@ handle_refund_finished (void *cls, struct TALER_ExchangePublicKeyP exchange_pub; struct TALER_ExchangePublicKeyP *ep = NULL; const json_t *j = response; + enum TALER_ErrorCode ec; rh->job = NULL; switch (response_code) { case 0: + ec = TALER_EC_INVALID_RESPONSE; break; case MHD_HTTP_OK: if (GNUNET_OK != @@ -159,53 +161,64 @@ handle_refund_finished (void *cls, { GNUNET_break_op (0); response_code = 0; + ec = TALER_EC_REFUND_INVALID_SIGNATURE_BY_EXCHANGE; } else { ep = &exchange_pub; + ec = TALER_EC_NONE; } break; case MHD_HTTP_BAD_REQUEST: /* This should never happen, either us or the exchange is buggy (or API version conflict); just pass JSON reply to the application */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_FORBIDDEN: /* Nothing really to verify, exchange says one of the signatures is invalid; as we checked them, this should never happen, we should pass the JSON reply to the application */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_NOT_FOUND: /* Nothing really to verify, this should never happen, we should pass the JSON reply to the application */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_GONE: /* Kind of normal: the money was already sent to the merchant (it was too late for the refund). */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_PRECONDITION_FAILED: /* Client request was inconsistent; might be a currency mismatch problem. */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_CONFLICT: /* Two refund requests were made about the same deposit, but carrying different refund transaction ids. */ + ec = TALER_JSON_get_error_code (j); break; case MHD_HTTP_INTERNAL_SERVER_ERROR: /* Server had an internal issue; we should retry, but this API leaves this to the application */ + ec = TALER_JSON_get_error_code (j); break; default: /* unexpected response code */ + ec = TALER_JSON_get_error_code (j); GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Unexpected response code %u\n", - (unsigned int) response_code); + "Unexpected response code %u/%d\n", + (unsigned int) response_code, + ec); GNUNET_break (0); response_code = 0; break; } rh->cb (rh->cb_cls, response_code, - TALER_JSON_get_error_code (j), + ec, ep, j); TALER_EXCHANGE_refund_cancel (rh); diff --git a/src/testing/test_exchange_api_keys_cherry_picking.c b/src/testing/test_exchange_api_keys_cherry_picking.c index a9f6e3d89..47a6472a0 100644 --- a/src/testing/test_exchange_api_keys_cherry_picking.c +++ b/src/testing/test_exchange_api_keys_cherry_picking.c @@ -3,7 +3,8 @@ Copyright (C) 2018 Taler Systems SA TALER is free software; you can redistribute it and/or modify it - under the terms of the GNU General Public License as published + under the terms of the GNU General Public License as pub +lished by the Free Software Foundation; either version 3, or (at your option) any later version. @@ -53,7 +54,7 @@ "test_exchange_api_keys_cherry_picking_extended_2.conf" -#define NDKS_RIGHT_BEFORE_SERIALIZATION 46 +#define NDKS_RIGHT_BEFORE_SERIALIZATION 40 /** * Add seconds. @@ -187,20 +188,21 @@ run (void *cls, /** * Expected number of DK: * - * 3500 (the lookahead_sign time frame, in seconds) - * - 69 (how many seconds are covered by the latest DK) + * 3000 (the lookahead_sign time frame, in seconds) + * - 69 (how many seconds are covered by the latest DK, 79s - 10s already past) * ---- - * 3431 - * / 79 (how many seconds each DK will cover) + * 2931 + * / 79 (how many seconds each DK will cover, 80-1) * ---- - * 44 (rounded up) + * 38 (rounded up) * + 2 (old DKs already stored locally: 1 from the * very initial setup, and 1 from the 'keyup-1' CMD) * ---- - * 46 - */TALER_TESTING_cmd_check_keys_with_now + * 40 + */// + TALER_TESTING_cmd_check_keys_with_now ("check-keys-3", - 3, + 3 /* generation */, NDKS_RIGHT_BEFORE_SERIALIZATION, TTH_parse_time (JAN2030)), diff --git a/src/testing/test_exchange_api_keys_cherry_picking_extended_2.conf b/src/testing/test_exchange_api_keys_cherry_picking_extended_2.conf index 8097a6cda..9ba5c6181 100644 --- a/src/testing/test_exchange_api_keys_cherry_picking_extended_2.conf +++ b/src/testing/test_exchange_api_keys_cherry_picking_extended_2.conf @@ -1,5 +1,5 @@ @INLINE@ test_exchange_api_keys_cherry_picking_extended.conf [exchange] -# Lengthen over firstly extended value (100 s) -LOOKAHEAD_SIGN = 3500 s +# Lengthen over firstly extended value (90 s) +LOOKAHEAD_SIGN = 3000 s