more careful use of TALER_JSON_get_error_code(), limit to cases where we expect to get one

This commit is contained in:
Christian Grothoff 2020-03-10 18:51:08 +01:00
parent f32193aae2
commit 6e3765d852
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
8 changed files with 132 additions and 38 deletions

View File

@ -213,7 +213,7 @@ enum TALER_ErrorCode
TALER_EC_COINS_INVALID_COIN_PUB = 1050,
/**
* The public key of given to a /reserves/ handler was malformed.
* The reserve key of given to a /reserves/ handler was malformed.
*/
TALER_EC_RESERVES_INVALID_RESERVE_PUB = 1051,
@ -223,33 +223,37 @@ enum TALER_ErrorCode
TALER_EC_TRANSFERS_INVALID_WTID = 1052,
/**
* The hash of the wire details of given to a /deposits/ handler was
* malformed.
* The wire hash of given to a /deposits/ handler was malformed.
*/
TALER_EC_DEPOSITS_INVALID_H_WIRE = 1053,
/**
* The merchant public key given to a /deposits/ handler was
* malformed.
* The merchant key of given to a /deposits/ handler was malformed.
*/
TALER_EC_DEPOSITS_INVALID_MERCHANT_PUB = 1054,
/**
* The hash of the contract given to a /deposits/ handler was
* The hash of the contract terms given to a /deposits/ handler was
* malformed.
*/
TALER_EC_DEPOSITS_INVALID_H_CONTRACT_TERMS = 1055,
/**
* The coin public key given to a /deposits/ handler was malformed.
* The coin public key of given to a /deposits/ handler was malformed.
*/
TALER_EC_DEPOSITS_INVALID_COIN_PUB = 1056,
TALER_EC_DEPOSTIS_INVALID_COIN_PUB = 1056,
/**
* The hash of the refresh commitment given to a /refreshes/ handler
* was malformed.
* The body returned by the exchange for a /deposits/ request was
* malformed. Error created client-side.
*/
TALER_EC_REFRESHES_INVALID_RCH = 1057,
TALER_EC_DEPOSITS_INVALID_BODY_BY_EXCHANGE = 1057,
/**
* The signature returned by the exchange in a /deposits/ request was
* malformed. Error created client-side.
*/
TALER_EC_DEPOSITS_INVALID_SIGNATURE_BY_EXCHANGE = 1058,
/**
* The given reserve does not have sufficient funds to admit the
@ -511,6 +515,12 @@ enum TALER_ErrorCode
*/
TALER_EC_DEPOSIT_DENOMINATION_EXPIRED = 1220,
/**
* The signature provided by the exchange is not valid. Error created
* client-side.
*/
TALER_EC_DEPOSIT_INVALID_SIGNATURE_BY_EXCHANGE = 1221,
/**
* The respective coin did not have sufficient residual value for the
* /refresh/melt operation. The "history" in this response provdes
@ -584,6 +594,12 @@ enum TALER_ErrorCode
*/
TALER_EC_REFRESH_MELT_COIN_EXPIRED_NO_ZOMBIE = 1309,
/**
* The signature returned by the exchange in a melt request was
* malformed. Error created client-side.
*/
TALER_EC_MELT_INVALID_SIGNATURE_BY_EXCHANGE = 1310,
/**
* The exchange is unaware of the denomination key that was used to
* sign the melted zombie coin. This response is provided with HTTP
@ -709,6 +725,12 @@ enum TALER_ErrorCode
*/
TALER_EC_REFRESH_REVEAL_KEYS_MISSING = 1383,
/**
* The refresh session hash given to a /refreshes/ handler was
* malformed.
*/
TALER_EC_REFRESHES_INVALID_RCH = 1384,
/**
* The coin specified in the link request is unknown to the exchange.
* This response is provided with HTTP status code MHD_HTTP_NOT_FOUND.
@ -821,6 +843,12 @@ enum TALER_ErrorCode
*/
TALER_EC_REFUND_MERCHANT_SIGNING_FAILED = 1514,
/**
* The signature returned by the exchange in a refund request was
* malformed. Error created client-side.
*/
TALER_EC_REFUND_INVALID_SIGNATURE_BY_EXCHANGE = 1515,
/**
* The wire format specified in the "sender_account_details" is not
* understood or not supported by this exchange. Returned with an HTTP

View File

@ -87,43 +87,52 @@ handle_deposit_confirmation_finished (void *cls,
{
const json_t *json = djson;
struct TALER_AUDITOR_DepositConfirmationHandle *dh = cls;
enum TALER_ErrorCode ec;
dh->job = NULL;
switch (response_code)
{
case 0:
ec = TALER_EC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
ec = TALER_EC_NONE;
break;
case MHD_HTTP_BAD_REQUEST:
ec = TALER_JSON_get_error_code (json);
/* This should never happen, either us or the auditor is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_FORBIDDEN:
ec = TALER_JSON_get_error_code (json);
/* Nothing really to verify, auditor says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */
break;
case MHD_HTTP_NOT_FOUND:
ec = TALER_JSON_get_error_code (json);
/* Nothing really to verify, this should never
happen, we should pass the JSON reply to the application */
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
ec = TALER_JSON_get_error_code (json);
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
break;
default:
/* unexpected response code */
ec = TALER_JSON_get_error_code (json);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u\n",
(unsigned int) response_code);
"Unexpected response code %u/%d\n",
(unsigned int) response_code,
ec);
GNUNET_break (0);
response_code = 0;
break;
}
dh->cb (dh->cb_cls,
response_code,
TALER_JSON_get_error_code (json),
ec,
json);
TALER_AUDITOR_deposit_confirmation_cancel (dh);
}

View File

@ -301,11 +301,13 @@ handle_deposit_finished (void *cls,
struct TALER_ExchangeSignatureP *es = NULL;
struct TALER_ExchangePublicKeyP *ep = NULL;
const json_t *j = response;
enum TALER_ErrorCode ec;
dh->job = NULL;
switch (response_code)
{
case 0:
ec = TALER_EC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
if (GNUNET_OK !=
@ -316,52 +318,62 @@ handle_deposit_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_DEPOSIT_INVALID_SIGNATURE_BY_EXCHANGE;
}
else
{
es = &exchange_sig;
ep = &exchange_pub;
ec = TALER_EC_NONE;
}
break;
case MHD_HTTP_BAD_REQUEST:
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_CONFLICT:
/* Double spending; check signatures on transaction history */
ec = TALER_JSON_get_error_code (j);
if (GNUNET_OK !=
verify_deposit_signature_forbidden (dh,
j))
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_DEPOSIT_INVALID_SIGNATURE_BY_EXCHANGE;
}
break;
case MHD_HTTP_FORBIDDEN:
ec = TALER_JSON_get_error_code (j);
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */
break;
case MHD_HTTP_NOT_FOUND:
ec = TALER_JSON_get_error_code (j);
/* Nothing really to verify, this should never
happen, we should pass the JSON reply to the application */
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
ec = TALER_JSON_get_error_code (j);
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
break;
default:
/* unexpected response code */
ec = TALER_JSON_get_error_code (j);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u\n",
(unsigned int) response_code);
"Unexpected response code %u/%d\n",
(unsigned int) response_code,
ec);
GNUNET_break (0);
response_code = 0;
break;
}
dh->cb (dh->cb_cls,
response_code,
TALER_JSON_get_error_code (j),
ec,
es,
ep,
j);

View File

@ -151,11 +151,13 @@ handle_deposit_wtid_finished (void *cls,
struct TALER_ExchangePublicKeyP exchange_pub;
struct TALER_ExchangePublicKeyP *ep = NULL;
const json_t *j = response;
enum TALER_ErrorCode ec;
dwh->job = NULL;
switch (response_code)
{
case 0:
ec = TALER_EC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
{
@ -173,6 +175,7 @@ handle_deposit_wtid_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_DEPOSITS_INVALID_BODY_BY_EXCHANGE;
break;
}
wtid = &dwh->depconf.wtid;
@ -187,10 +190,12 @@ handle_deposit_wtid_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_DEPOSITS_INVALID_SIGNATURE_BY_EXCHANGE;
}
else
{
ep = &exchange_pub;
ec = TALER_EC_NONE;
}
}
break;
@ -209,24 +214,30 @@ handle_deposit_wtid_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_DEPOSITS_INVALID_BODY_BY_EXCHANGE;
break;
}
ec = TALER_EC_NONE;
}
break;
case MHD_HTTP_BAD_REQUEST:
ec = TALER_JSON_get_error_code (j);
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_FORBIDDEN:
ec = TALER_JSON_get_error_code (j);
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */
break;
case MHD_HTTP_NOT_FOUND:
ec = TALER_JSON_get_error_code (j);
/* Exchange does not know about transaction;
we should pass the reply to the application */
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
ec = TALER_JSON_get_error_code (j);
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
break;
@ -236,12 +247,13 @@ handle_deposit_wtid_finished (void *cls,
"Unexpected response code %u\n",
(unsigned int) response_code);
GNUNET_break (0);
ec = TALER_JSON_get_error_code (j);
response_code = 0;
break;
}
dwh->cb (dwh->cb_cls,
response_code,
TALER_JSON_get_error_code (j),
ec,
ep,
j,
wtid,

View File

@ -267,11 +267,13 @@ handle_melt_finished (void *cls,
uint32_t noreveal_index = TALER_CNC_KAPPA; /* invalid value */
struct TALER_ExchangePublicKeyP exchange_pub;
const json_t *j = response;
enum TALER_ErrorCode ec;
mh->job = NULL;
switch (response_code)
{
case 0:
ec = TALER_EC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
if (GNUNET_OK !=
@ -282,19 +284,27 @@ handle_melt_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_MELT_INVALID_SIGNATURE_BY_EXCHANGE;
}
else
{
ec = TALER_EC_NONE;
}
if (NULL != mh->melt_cb)
{
mh->melt_cb (mh->melt_cb_cls,
response_code,
TALER_JSON_get_error_code (j),
ec,
noreveal_index,
(0 == response_code) ? NULL : &exchange_pub,
(0 == response_code)
? NULL
: &exchange_pub,
j);
mh->melt_cb = NULL;
}
break;
case MHD_HTTP_BAD_REQUEST:
ec = TALER_JSON_get_error_code (j);
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
@ -306,26 +316,34 @@ handle_melt_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_MELT_INVALID_SIGNATURE_BY_EXCHANGE;
}
else
ec = TALER_EC_NONE;
break;
case MHD_HTTP_FORBIDDEN:
ec = TALER_JSON_get_error_code (j);
/* Nothing really to verify, exchange says one of the signatures is
invalid; assuming we checked them, this should never happen, we
should pass the JSON reply to the application */
break;
case MHD_HTTP_NOT_FOUND:
ec = TALER_JSON_get_error_code (j);
/* Nothing really to verify, this should never
happen, we should pass the JSON reply to the application */
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
ec = TALER_JSON_get_error_code (j);
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
break;
default:
/* unexpected response code */
ec = TALER_JSON_get_error_code (j);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u\n",
(unsigned int) response_code);
"Unexpected response code %u/%d\n",
(unsigned int) response_code,
ec);
GNUNET_break (0);
response_code = 0;
break;
@ -333,7 +351,7 @@ handle_melt_finished (void *cls,
if (NULL != mh->melt_cb)
mh->melt_cb (mh->melt_cb_cls,
response_code,
TALER_JSON_get_error_code (j),
ec,
UINT32_MAX,
NULL,
j);

View File

@ -145,11 +145,13 @@ handle_refund_finished (void *cls,
struct TALER_ExchangePublicKeyP exchange_pub;
struct TALER_ExchangePublicKeyP *ep = NULL;
const json_t *j = response;
enum TALER_ErrorCode ec;
rh->job = NULL;
switch (response_code)
{
case 0:
ec = TALER_EC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
if (GNUNET_OK !=
@ -159,53 +161,64 @@ handle_refund_finished (void *cls,
{
GNUNET_break_op (0);
response_code = 0;
ec = TALER_EC_REFUND_INVALID_SIGNATURE_BY_EXCHANGE;
}
else
{
ep = &exchange_pub;
ec = TALER_EC_NONE;
}
break;
case MHD_HTTP_BAD_REQUEST:
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_NOT_FOUND:
/* Nothing really to verify, this should never
happen, we should pass the JSON reply to the application */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_GONE:
/* Kind of normal: the money was already sent to the merchant
(it was too late for the refund). */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_PRECONDITION_FAILED:
/* Client request was inconsistent; might be a currency mismatch
problem. */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_CONFLICT:
/* Two refund requests were made about the same deposit, but
carrying different refund transaction ids. */
ec = TALER_JSON_get_error_code (j);
break;
case MHD_HTTP_INTERNAL_SERVER_ERROR:
/* Server had an internal issue; we should retry, but this API
leaves this to the application */
ec = TALER_JSON_get_error_code (j);
break;
default:
/* unexpected response code */
ec = TALER_JSON_get_error_code (j);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected response code %u\n",
(unsigned int) response_code);
"Unexpected response code %u/%d\n",
(unsigned int) response_code,
ec);
GNUNET_break (0);
response_code = 0;
break;
}
rh->cb (rh->cb_cls,
response_code,
TALER_JSON_get_error_code (j),
ec,
ep,
j);
TALER_EXCHANGE_refund_cancel (rh);

View File

@ -3,7 +3,8 @@
Copyright (C) 2018 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published
under the terms of the GNU General Public License as pub
lished
by the Free Software Foundation; either version 3, or (at your
option) any later version.
@ -53,7 +54,7 @@
"test_exchange_api_keys_cherry_picking_extended_2.conf"
#define NDKS_RIGHT_BEFORE_SERIALIZATION 46
#define NDKS_RIGHT_BEFORE_SERIALIZATION 40
/**
* Add seconds.
@ -187,20 +188,21 @@ run (void *cls,
/**
* Expected number of DK:
*
* 3500 (the lookahead_sign time frame, in seconds)
* - 69 (how many seconds are covered by the latest DK)
* 3000 (the lookahead_sign time frame, in seconds)
* - 69 (how many seconds are covered by the latest DK, 79s - 10s already past)
* ----
* 3431
* / 79 (how many seconds each DK will cover)
* 2931
* / 79 (how many seconds each DK will cover, 80-1)
* ----
* 44 (rounded up)
* 38 (rounded up)
* + 2 (old DKs already stored locally: 1 from the
* very initial setup, and 1 from the 'keyup-1' CMD)
* ----
* 46
*/TALER_TESTING_cmd_check_keys_with_now
* 40
*///
TALER_TESTING_cmd_check_keys_with_now
("check-keys-3",
3,
3 /* generation */,
NDKS_RIGHT_BEFORE_SERIALIZATION,
TTH_parse_time (JAN2030)),

View File

@ -1,5 +1,5 @@
@INLINE@ test_exchange_api_keys_cherry_picking_extended.conf
[exchange]
# Lengthen over firstly extended value (100 s)
LOOKAHEAD_SIGN = 3500 s
# Lengthen over firstly extended value (90 s)
LOOKAHEAD_SIGN = 3000 s