taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

use CONFLICT for double spending to distinguish properly from FORBIDDEN for bad signatures

Browse Source
This commit is contained in:
Christian Grothoff 2019-11-23 22:21:47 +01:00
parent 51e54bbaa1
commit 7aae6c9045
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
20 changed files with 71 additions and 1210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/auditor/Makefile.am
View File

@ -52,9 +52,7 @@ taler_auditor_httpd_SOURCES = \
taler-auditor-httpd_db.c taler-auditor-httpd_db.h \
taler-auditor-httpd_deposit-confirmation.c taler-auditor-httpd_deposit-confirmation.h \
taler-auditor-httpd_exchanges.c taler-auditor-httpd_exchanges.h \
taler-auditor-httpd_mhd.c taler-auditor-httpd_mhd.h \
taler-auditor-httpd_parsing.c taler-auditor-httpd_parsing.h \
taler-auditor-httpd_responses.c taler-auditor-httpd_responses.h
taler-auditor-httpd_mhd.c taler-auditor-httpd_mhd.h
taler_auditor_httpd_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/mhd/libtalermhd.la \

8
src/auditor/taler-auditor-httpd.c
View File

@ -31,7 +31,6 @@
#include "taler_auditordb_lib.h"
#include "taler-auditor-httpd_deposit-confirmation.h"
#include "taler-auditor-httpd_exchanges.h"
#include "taler-auditor-httpd_parsing.h"
#include "taler-auditor-httpd_responses.h"
#include "taler-auditor-httpd_mhd.h"
#include "taler-auditor-httpd.h"
@ -292,7 +291,7 @@ handle_mhd_completion_callback (void *cls,
{
if (NULL == *con_cls)
return;
TAH_PARSE_post_cleanup_callback (*con_cls);
TALER_MHD_parse_post_cleanup_callback (*con_cls);
*con_cls = NULL;
}
@ -559,12 +558,17 @@ main (int argc,
const char *listen_pid;
const char *listen_fds;
int fh = -1;
enum TALER_MHD_GlobalOptions go;
if (0 >=
GNUNET_GETOPT_run ("taler-auditor-httpd",
options,
argc, argv))
return 1;
go = TALER_MHD_GO_NONE;
if (TAH_auditor_connection_close)
go |= TALER_MHD_GO_FORCE_CONNECTION_CLOSE;
TALER_MHD_setup (go);
GNUNET_assert (GNUNET_OK ==
GNUNET_log_setup ("taler-auditor-httpd",
(NULL == loglev) ? "INFO" : loglev,

52
src/auditor/taler-auditor-httpd_deposit-confirmation.c
View File

@ -27,10 +27,10 @@
#include <microhttpd.h>
#include <pthread.h>
#include "taler_json_lib.h"
#include "taler_mhd_lib.h"
#include "taler-auditor-httpd.h"
#include "taler-auditor-httpd_db.h"
#include "taler-auditor-httpd_deposit-confirmation.h"
#include "taler-auditor-httpd_parsing.h"
#include "taler-auditor-httpd_responses.h"
@ -43,10 +43,10 @@
static int
reply_deposit_confirmation_success (struct MHD_Connection *connection)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s}",
"status", "DEPOSIT_CONFIRMATION_OK");
return TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s}",
"status", "DEPOSIT_CONFIRMATION_OK");
}
@ -74,8 +74,10 @@ store_exchange_signing_key_transaction (void *cls,
if (GNUNET_DB_STATUS_HARD_ERROR == qs)
{
TALER_LOG_WARNING ("Failed to store exchange signing key in database\n");
*mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection,
TALER_EC_AUDITOR_EXCHANGE_STORE_DB_ERROR);
*mhd_ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_AUDITOR_EXCHANGE_STORE_DB_ERROR,
"failed to persist exchange signing key");
}
return qs;
}
@ -111,8 +113,10 @@ deposit_confirmation_transaction (void *cls,
{
TALER_LOG_WARNING (
"Failed to store /deposit-confirmation information in database\n");
*mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection,
TALER_EC_DEPOSIT_CONFIRMATION_STORE_DB_ERROR);
*mhd_ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_DEPOSIT_CONFIRMATION_STORE_DB_ERROR,
"failed to persist deposit-confirmation data");
}
return qs;
}
@ -155,9 +159,10 @@ verify_and_execute_deposit_confirmation (struct MHD_Connection *connection,
&es->master_public_key.eddsa_pub))
{
TALER_LOG_WARNING ("Invalid signature on exchange signing key\n");
return TAH_RESPONSE_reply_signature_invalid (connection,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"master_sig");
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_FORBIDDEN,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"master_sig");
}
/* execute transaction */
@ -187,9 +192,10 @@ verify_and_execute_deposit_confirmation (struct MHD_Connection *connection,
&dc->exchange_pub.eddsa_pub))
{
TALER_LOG_WARNING ("Invalid signature on /deposit-confirmation request\n");
return TAH_RESPONSE_reply_signature_invalid (connection,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"exchange_sig");
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_FORBIDDEN,
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
"exchange_sig");
}
/* execute transaction */
@ -248,19 +254,19 @@ TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
GNUNET_JSON_spec_end ()
};
res = TAH_PARSE_post_json (connection,
connection_cls,
upload_data,
upload_data_size,
&json);
res = TALER_MHD_parse_post_json (connection,
connection_cls,
upload_data,
upload_data_size,
&json);
if (GNUNET_SYSERR == res)
return MHD_NO;
if ( (GNUNET_NO == res) ||
(NULL == json) )
return MHD_YES;
res = TAH_PARSE_json_data (connection,
json,
spec);
res = TALER_MHD_parse_json_data (connection,
json,
spec);
json_decref (json);
es.exchange_pub = dc.exchange_pub; /* used twice! */
dc.master_public_key = es.master_public_key;

18
src/auditor/taler-auditor-httpd_exchanges.c
View File

@ -25,10 +25,10 @@
#include <microhttpd.h>
#include <pthread.h>
#include "taler_json_lib.h"
#include "taler_mhd_lib.h"
#include "taler-auditor-httpd.h"
#include "taler-auditor-httpd_db.h"
#include "taler-auditor-httpd_exchanges.h"
#include "taler-auditor-httpd_parsing.h"
#include "taler-auditor-httpd_responses.h"
@ -43,10 +43,10 @@ static int
reply_exchanges_success (struct MHD_Connection *connection,
json_t *ja)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:o}",
"exchanges", ja);
return TALER_MHD_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:o}",
"exchanges", ja);
}
@ -108,8 +108,10 @@ list_exchanges (void *cls,
if (GNUNET_DB_STATUS_HARD_ERROR == qs)
{
TALER_LOG_WARNING ("Failed to handle /exchanges in database\n");
*mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection,
TALER_EC_LIST_EXCHANGES_DB_ERROR);
*mhd_ret = TALER_MHD_reply_with_error (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_LIST_EXCHANGES_DB_ERROR,
"Could not fetch exchange list from database");
}
return qs;
}
@ -148,4 +150,4 @@ TAH_EXCHANGES_handler (struct TAH_RequestHandler *rh,
}
/* end of taler-auditor-httpd_deposit-confirmation.c */
/* end of taler-auditor-httpd_exchanges.c */

284
src/auditor/taler-auditor-httpd_parsing.c
View File

@ -1,284 +0,0 @@
/*
This file is part of TALER
Copyright (C) 2014, 2015, 2016 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-auditor-httpd_parsing.c
* @brief functions to parse incoming requests (MHD arguments and JSON snippets)
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
*/
#include "platform.h"
#include <gnunet/gnunet_util_lib.h>
#include <gnunet/gnunet_json_lib.h>
#include "taler_json_lib.h"
#include "taler-auditor-httpd_parsing.h"
#include "taler-auditor-httpd_responses.h"
/**
* Maximum POST request size.
*/
#define REQUEST_BUFFER_MAX (1024 * 1024)
/**
* Process a POST request containing a JSON object. This function
* realizes an MHD POST processor that will (incrementally) process
* JSON data uploaded to the HTTP server. It will store the required
* state in the @a con_cls, which must be cleaned up using
* #TAH_PARSE_post_cleanup_callback().
*
* @param connection the MHD connection
* @param con_cls the closure (points to a `struct Buffer *`)
* @param upload_data the POST data
* @param upload_data_size number of bytes in @a upload_data
* @param json the JSON object for a completed request
* @return
* #GNUNET_YES if json object was parsed or at least
* may be parsed in the future (call again);
* `*json` will be NULL if we need to be called again,
* and non-NULL if we are done.
* #GNUNET_NO is request incomplete or invalid
* (error message was generated)
* #GNUNET_SYSERR on internal error
* (we could not even queue an error message,
* close HTTP session with MHD_NO)
*/
int
TAH_PARSE_post_json (struct MHD_Connection *connection,
void **con_cls,
const char *upload_data,
size_t *upload_data_size,
json_t **json)
{
enum GNUNET_JSON_PostResult pr;
pr = GNUNET_JSON_post_parser (REQUEST_BUFFER_MAX,
connection,
con_cls,
upload_data,
upload_data_size,
json);
switch (pr)
{
case GNUNET_JSON_PR_OUT_OF_MEMORY:
return (MHD_NO ==
TAH_RESPONSE_reply_internal_error (connection,
TALER_EC_PARSER_OUT_OF_MEMORY,
"out of memory"))
? GNUNET_SYSERR : GNUNET_NO;
case GNUNET_JSON_PR_CONTINUE:
return GNUNET_YES;
case GNUNET_JSON_PR_REQUEST_TOO_LARGE:
return (MHD_NO ==
TAH_RESPONSE_reply_request_too_large (connection))
? GNUNET_SYSERR : GNUNET_NO;
case GNUNET_JSON_PR_JSON_INVALID:
return (MHD_YES ==
TAH_RESPONSE_reply_invalid_json (connection))
? GNUNET_NO : GNUNET_SYSERR;
case GNUNET_JSON_PR_SUCCESS:
GNUNET_break (NULL != *json);
return GNUNET_YES;
}
/* this should never happen */
GNUNET_break (0);
return GNUNET_SYSERR;
}
/**
* Function called whenever we are done with a request
* to clean up our state.
*
* @param con_cls value as it was left by
* #TAH_PARSE_post_json(), to be cleaned up
*/
void
TAH_PARSE_post_cleanup_callback (void *con_cls)
{
GNUNET_JSON_post_parser_cleanup (con_cls);
}
/**
* Extract base32crockford encoded data from request.
*
* Queues an error response to the connection if the parameter is
* missing or invalid.
*
* @param connection the MHD connection
* @param param_name the name of the parameter with the key
* @param[out] out_data pointer to store the result
* @param out_size expected size of data
* @return
* #GNUNET_YES if the the argument is present
* #GNUNET_NO if the argument is absent or malformed
* #GNUNET_SYSERR on internal error (error response could not be sent)
*/
int
TAH_PARSE_mhd_request_arg_data (struct MHD_Connection *connection,
const char *param_name,
void *out_data,
size_t out_size)
{
const char *str;
str = MHD_lookup_connection_value (connection,
MHD_GET_ARGUMENT_KIND,
param_name);
if (NULL == str)
{
return (MHD_NO ==
TAH_RESPONSE_reply_arg_missing (connection,
TALER_EC_PARAMETER_MISSING,
param_name))
? GNUNET_SYSERR : GNUNET_NO;
}
if (GNUNET_OK !=
GNUNET_STRINGS_string_to_data (str,
strlen (str),
out_data,
out_size))
return (MHD_NO ==
TAH_RESPONSE_reply_arg_invalid (connection,
TALER_EC_PARAMETER_MALFORMED,
param_name))
? GNUNET_SYSERR : GNUNET_NO;
return GNUNET_OK;
}
/**
* Parse JSON object into components based on the given field
* specification. Generates error response on parse errors.
*
* @param connection the connection to send an error response to
* @param root the JSON node to start the navigation at.
* @param[in,out] spec field specification for the parser
* @return
* #GNUNET_YES if navigation was successful (caller is responsible
* for freeing allocated variable-size data using
* GNUNET_JSON_parse_free() when done)
* #GNUNET_NO if json is malformed, error response was generated
* #GNUNET_SYSERR on internal error
*/
int
TAH_PARSE_json_data (struct MHD_Connection *connection,
const json_t *root,
struct GNUNET_JSON_Specification *spec)
{
int ret;
const char *error_json_name;
unsigned int error_line;
ret = GNUNET_JSON_parse (root,
spec,
&error_json_name,
&error_line);
if (GNUNET_SYSERR == ret)
{
if (NULL == error_json_name)
error_json_name = "<no field>";
ret = (MHD_YES ==
TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:I, s:s, s:I}",
"error", "parse error",
"code",
(json_int_t)
TALER_EC_JSON_INVALID_WITH_DETAILS,
"field", error_json_name,
"line", (json_int_t) error_line))
? GNUNET_NO : GNUNET_SYSERR;
return ret;
}
return GNUNET_YES;
}
/**
* Parse JSON array into components based on the given field
* specification. Generates error response on parse errors.
*
* @param connection the connection to send an error response to
* @param root the JSON node to start the navigation at.
* @param[in,out] spec field specification for the parser
* @param ... -1-terminated list of array offsets of type 'int'
* @return
* #GNUNET_YES if navigation was successful (caller is responsible
* for freeing allocated variable-size data using
* GNUNET_JSON_parse_free() when done)
* #GNUNET_NO if json is malformed, error response was generated
* #GNUNET_SYSERR on internal error
*/
int
TAH_PARSE_json_array (struct MHD_Connection *connection,
const json_t *root,
struct GNUNET_JSON_Specification *spec,
...)
{
int ret;
const char *error_json_name;
unsigned int error_line;
va_list ap;
json_int_t dim;
va_start (ap, spec);
dim = 0;
while ( (-1 != (ret = va_arg (ap, int))) &&
(NULL != root) )
{
dim++;
root = json_array_get (root, ret);
}
va_end (ap);
if (NULL == root)
{
ret = (MHD_YES ==
TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:I}",
"error", "parse error",
"dimension", dim))
? GNUNET_NO : GNUNET_SYSERR;
return ret;
}
ret = GNUNET_JSON_parse (root,
spec,
&error_json_name,
&error_line);
if (GNUNET_SYSERR == ret)
{
if (NULL == error_json_name)
error_json_name = "<no field>";
ret = (MHD_YES ==
TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:s, s:I}",
"error", "parse error",
"field", error_json_name,
"line", (json_int_t) error_line))
? GNUNET_NO : GNUNET_SYSERR;
return ret;
}
return GNUNET_YES;
}
/* end of taler-auditor-httpd_parsing.c */

139
src/auditor/taler-auditor-httpd_parsing.h
View File

@ -1,139 +0,0 @@
/*
This file is part of TALER
Copyright (C) 2014, 2015, 2016 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-auditor-httpd_parsing.h
* @brief functions to parse incoming requests
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
*/
#ifndef TALER_AUDITOR_HTTPD_PARSING_H
#define TALER_AUDITOR_HTTPD_PARSING_H
#include <microhttpd.h>
#include <jansson.h>
#include "taler_util.h"
#include "taler_json_lib.h"
/**
* Process a POST request containing a JSON object. This
* function realizes an MHD POST processor that will
* (incrementally) process JSON data uploaded to the HTTP
* server. It will store the required state in the
* "connection_cls", which must be cleaned up using
* #TAH_PARSE_post_cleanup_callback().
*
* @param connection the MHD connection
* @param con_cls the closure (points to a `struct Buffer *`)
* @param upload_data the POST data
* @param upload_data_size number of bytes in @a upload_data
* @param json the JSON object for a completed request
* @return
* #GNUNET_YES if json object was parsed or at least
* may be parsed in the future (call again);
* `*json` will be NULL if we need to be called again,
* and non-NULL if we are done.
* #GNUNET_NO is request incomplete or invalid
* (error message was generated)
* #GNUNET_SYSERR on internal error
* (we could not even queue an error message,
* close HTTP session with MHD_NO)
*/
int
TAH_PARSE_post_json (struct MHD_Connection *connection,
void **con_cls,
const char *upload_data,
size_t *upload_data_size,
json_t **json);
/**
* Function called whenever we are done with a request
* to clean up our state.
*
* @param con_cls value as it was left by
* #TAH_PARSE_post_json(), to be cleaned up
*/
void
TAH_PARSE_post_cleanup_callback (void *con_cls);
/**
* Parse JSON object into components based on the given field
* specification.
*
* @param connection the connection to send an error response to
* @param root the JSON node to start the navigation at.
* @param spec field specification for the parser
* @return
* #GNUNET_YES if navigation was successful (caller is responsible
* for freeing allocated variable-size data using
* GNUNET_JSON_parse_free() when done)
* #GNUNET_NO if json is malformed, error response was generated
* #GNUNET_SYSERR on internal error
*/
int
TAH_PARSE_json_data (struct MHD_Connection *connection,
const json_t *root,
struct GNUNET_JSON_Specification *spec);
/**
* Parse JSON array into components based on the given field
* specification. Generates error response on parse errors.
*
* @param connection the connection to send an error response to
* @param root the JSON node to start the navigation at.
* @param[in,out] spec field specification for the parser
* @param ... -1-terminated list of array offsets of type 'int'
* @return
* #GNUNET_YES if navigation was successful (caller is responsible
* for freeing allocated variable-size data using
* GNUNET_JSON_parse_free() when done)
* #GNUNET_NO if json is malformed, error response was generated
* #GNUNET_SYSERR on internal error
*/
int
TAH_PARSE_json_array (struct MHD_Connection *connection,
const json_t *root,
struct GNUNET_JSON_Specification *spec,
...);
/**
* Extraxt fixed-size base32crockford encoded data from request.
*
* Queues an error response to the connection if the parameter is missing or
* invalid.
*
* @param connection the MHD connection
* @param param_name the name of the parameter with the key
* @param[out] out_data pointer to store the result
* @param out_size expected size of @a out_data
* @return
* #GNUNET_YES if the the argument is present
* #GNUNET_NO if the argument is absent or malformed
* #GNUNET_SYSERR on internal error (error response could not be sent)
*/
int
TAH_PARSE_mhd_request_arg_data (struct MHD_Connection *connection,
const char *param_name,
void *out_data,
size_t out_size);
#endif /* TALER_AUDITOR_HTTPD_PARSING_H */

481
src/auditor/taler-auditor-httpd_responses.c
View File

@ -1,481 +0,0 @@
/*
This file is part of TALER
Copyright (C) 2014-2017 Inria & GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-auditor-httpd_responses.c
* @brief API for generating genric replies of the exchange; these
* functions are called TAH_RESPONSE_reply_ and they generate
* and queue MHD response objects for a given connection.
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
*/
#include "platform.h"
#include <zlib.h>
#include "taler_mhd_lib.h"
#include "taler-auditor-httpd_responses.h"
#include "taler_util.h"
#include "taler_json_lib.h"
/**
* Add headers we want to return in every response.
* Useful for testing, like if we want to always close
* connections.
*
* @param response response to modify
*/
void
TAH_RESPONSE_add_global_headers (struct MHD_Response *response)
{
if (TAH_auditor_connection_close)
GNUNET_break (MHD_YES ==
MHD_add_response_header (response,
MHD_HTTP_HEADER_CONNECTION,
"close"));
}
/**
* Is HTTP body deflate compression supported by the client?
*
* @param connection connection to check
* @return #MHD_YES if 'deflate' compression is allowed
*
* Note that right now we're ignoring q-values, which is technically
* not correct, and also do not support "*" anywhere but in a line by
* itself. This should eventually be fixed, see also
* https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
*/
int
TAH_RESPONSE_can_compress (struct MHD_Connection *connection)
{
const char *ae;
const char *de;
ae = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_ACCEPT_ENCODING);
if (NULL == ae)
return MHD_NO;
if (0 == strcmp (ae,
"*"))
return MHD_YES;
de = strstr (ae,
"deflate");
if (NULL == de)
return MHD_NO;
if ( ( (de == ae) ||
(de[-1] == ',') ||
(de[-1] == ' ') ) &&
( (de[strlen ("deflate")] == '\0') ||
(de[strlen ("deflate")] == ',') ||
(de[strlen ("deflate")] == ';') ) )
return MHD_YES;
return MHD_NO;
}
/**
* Try to compress a response body. Updates @a buf and @a buf_size.
*
* @param[in,out] buf pointer to body to compress
* @param[in,out] buf_size pointer to initial size of @a buf
* @return #MHD_YES if @a buf was compressed
*/
int
TAH_RESPONSE_body_compress (void **buf,
size_t *buf_size)
{
Bytef *cbuf;
uLongf cbuf_size;
int ret;
cbuf_size = compressBound (*buf_size);
cbuf = malloc (cbuf_size);
if (NULL == cbuf)
return MHD_NO;
ret = compress (cbuf,
&cbuf_size,
(const Bytef *) *buf,
*buf_size);
if ( (Z_OK != ret) ||
(cbuf_size >= *buf_size) )
{
/* compression failed */
free (cbuf);
return MHD_NO;
}
free (*buf);
*buf = (void *) cbuf;
*buf_size = (size_t) cbuf_size;
return MHD_YES;
}
/**
* Send JSON object as response.
*
* @param connection the MHD connection
* @param json the json object
* @param response_code the http response code
* @return MHD result code
*/
int
TAH_RESPONSE_reply_json (struct MHD_Connection *connection,
const json_t *json,
unsigned int response_code)
{
struct MHD_Response *resp;
void *json_str;
size_t json_len;
int ret;
int comp;
json_str = json_dumps (json,
JSON_INDENT (2));
if (NULL == json_str)
{
/**
* This log helps to figure out which
* function called this one and assert-failed.
*/
TALER_LOG_ERROR ("Aborting json-packing for HTTP code: %u\n",
response_code);
GNUNET_assert (0);
return MHD_NO;
}
json_len = strlen (json_str);
/* try to compress the body */
comp = MHD_NO;
if (MHD_YES ==
TAH_RESPONSE_can_compress (connection))
comp = TAH_RESPONSE_body_compress (&json_str,
&json_len);
resp = MHD_create_response_from_buffer (json_len,
json_str,
MHD_RESPMEM_MUST_FREE);
if (NULL == resp)
{
free (json_str);
GNUNET_break (0);
return MHD_NO;
}
TAH_RESPONSE_add_global_headers (resp);
(void) MHD_add_response_header (resp,
MHD_HTTP_HEADER_CONTENT_TYPE,
"application/json");
if (MHD_YES == comp)
{
/* Need to indicate to client that body is compressed */
if (MHD_NO ==
MHD_add_response_header (resp,
MHD_HTTP_HEADER_CONTENT_ENCODING,
"deflate"))
{
GNUNET_break (0);
MHD_destroy_response (resp);
return MHD_NO;
}
}
ret = MHD_queue_response (connection,
response_code,
resp);
MHD_destroy_response (resp);
return ret;
}
/**
* Function to call to handle the request by building a JSON
* reply from a format string and varargs.
*
* @param connection the MHD connection to handle
* @param response_code HTTP response code to use
* @param fmt format string for pack
* @param ... varargs
* @return MHD result code
*/
int
TAH_RESPONSE_reply_json_pack (struct MHD_Connection *connection,
unsigned int response_code,
const char *fmt,
...)
{
json_t *json;
va_list argp;
int ret;
json_error_t jerror;
va_start (argp, fmt);
json = json_vpack_ex (&jerror, 0, fmt, argp);
va_end (argp);
if (NULL == json)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Failed to pack JSON with format `%s': %s\n",
fmt,
jerror.text);
GNUNET_break (0);
return MHD_NO;
}
ret = TAH_RESPONSE_reply_json (connection,
json,
response_code);
json_decref (json);
return ret;
}
/**
* Send a response indicating an invalid argument.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is invalid
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_arg_invalid (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:I, s:s}",
"error", "invalid parameter",
"code", (json_int_t) ec,
"parameter", param_name);
}
/**
* Send a response indicating an argument refering to a
* resource unknown to the auditor (i.e. unknown reserve or
* denomination key).
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is invalid
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_arg_unknown (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_NOT_FOUND,
"{s:s, s:I, s:s}",
"error", "unknown entity referenced",
"code", (json_int_t) ec,
"parameter", param_name);
}
/**
* Send a response indicating an invalid signature.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is invalid
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_signature_invalid (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_UNAUTHORIZED,
"{s:s, s:I, s:s}",
"error", "invalid signature",
"code", (json_int_t) ec,
"parameter", param_name);
}
/**
* Send a response indicating a missing argument.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is missing
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_arg_missing (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:I, s:s}",
"error", "missing parameter",
"code", (json_int_t) ec,
"parameter", param_name);
}
/**
* Send a response indicating permission denied.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param hint hint about why access was denied
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_permission_denied (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *hint)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_FORBIDDEN,
"{s:s, s:I, s:s}",
"error", "permission denied",
"code", (json_int_t) ec,
"hint", hint);
}
/**
* Send a response indicating an internal error.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param hint hint about the internal error's nature
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_internal_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *hint)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
"{s:s, s:I, s:s}",
"error", "internal error",
"code", (json_int_t) ec,
"hint", hint);
}
/**
* Send a response indicating an external error.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param hint hint about the error's nature
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_external_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *hint)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:I, s:s}",
"error", "client error",
"code", (json_int_t) ec,
"hint", hint);
}
/**
* Send a response indicating an error committing a
* transaction (concurrent interference).
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_commit_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
"{s:s, s:I}",
"error", "commit failure",
"code", (json_int_t) ec);
}
/**
* Send a response indicating a failure to talk to the Auditor's
* database.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_internal_db_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec)
{
return TAH_RESPONSE_reply_internal_error (connection,
ec,
"Failure in database interaction");
}
/**
* Send a response indicating that the request was too big.
*
* @param connection the MHD connection to use
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_request_too_large (struct MHD_Connection *connection)
{
struct MHD_Response *resp;
int ret;
resp = MHD_create_response_from_buffer (0,
NULL,
MHD_RESPMEM_PERSISTENT);
if (NULL == resp)
return MHD_NO;
TAH_RESPONSE_add_global_headers (resp);
ret = MHD_queue_response (connection,
MHD_HTTP_REQUEST_ENTITY_TOO_LARGE,
resp);
MHD_destroy_response (resp);
return ret;
}
/**
* Send a response indicating that the JSON was malformed.
*
* @param connection the MHD connection to use
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_invalid_json (struct MHD_Connection *connection)
{
return TAH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_BAD_REQUEST,
"{s:s, s:I}",
"error", "invalid json",
"code",
(json_int_t) TALER_EC_JSON_INVALID);
}
/* end of taler-auditor-httpd_responses.c */

245
src/auditor/taler-auditor-httpd_responses.h
View File

@ -1,245 +0,0 @@
/*
This file is part of TALER
Copyright (C) 2014 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-auditor-httpd_responses.h
* @brief API for generating generic replies of the auditor; these
* functions are called TAH_RESPONSE_reply_ and they generate
* and queue MHD response objects for a given connection.
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
*/
#ifndef TALER_AUDITOR_HTTPD_RESPONSES_H
#define TALER_AUDITOR_HTTPD_RESPONSES_H
#include <gnunet/gnunet_util_lib.h>
#include <jansson.h>
#include <microhttpd.h>
#include <pthread.h>
#include "taler_error_codes.h"
#include "taler-auditor-httpd.h"
/**
* Add headers we want to return in every response.
* Useful for testing, like if we want to always close
* connections.
*
* @param response response to modify
*/
void
TAH_RESPONSE_add_global_headers (struct MHD_Response *response);
/**
* Try to compress a response body. Updates @a buf and @a buf_size.
*
* @param[in,out] buf pointer to body to compress
* @param[in,out] buf_size pointer to initial size of @a buf
* @return #MHD_YES if @a buf was compressed
*/
int
TAH_RESPONSE_body_compress (void **buf,
size_t *buf_size);
/**
* Is HTTP body deflate compression supported by the client?
*
* @param connection connection to check
* @return #MHD_YES if 'deflate' compression is allowed
*/
int
TAH_RESPONSE_can_compress (struct MHD_Connection *connection);
/**
* Send JSON object as response.
*
* @param connection the MHD connection
* @param json the json object
* @param response_code the http response code
* @return MHD result code
*/
int
TAH_RESPONSE_reply_json (struct MHD_Connection *connection,
const json_t *json,
unsigned int response_code);
/**
* Function to call to handle the request by building a JSON
* reply from a format string and varargs.
*
* @param connection the MHD connection to handle
* @param response_code HTTP response code to use
* @param fmt format string for pack
* @param ... varargs
* @return MHD result code
*/
int
TAH_RESPONSE_reply_json_pack (struct MHD_Connection *connection,
unsigned int response_code,
const char *fmt,
...);
/**
* Send a response indicating an invalid signature.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is invalid
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_signature_invalid (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name);
/**
* Send a response indicating an invalid argument.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is invalid
* @return MHD result code
*/
int
TAH_RESPONSE_reply_arg_invalid (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name);
/**
* Send a response indicating an argument refering to a
* resource unknown to the auditor (i.e. unknown reserve or
* denomination key).
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is invalid
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_arg_unknown (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name);
/**
* Send a response indicating a missing argument.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param param_name the parameter that is missing
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_arg_missing (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *param_name);
/**
* Send a response indicating permission denied.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param hint hint about why access was denied
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_permission_denied (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *hint);
/**
* Send a response indicating an internal error.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param hint hint about the internal error's nature
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_internal_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *hint);
/**
* Send a response indicating an external error.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @param hint hint about the error's nature
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_external_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec,
const char *hint);
/**
* Send a response indicating an error committing a
* transaction (concurrent interference).
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_commit_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec);
/**
* Send a response indicating a failure to talk to the Auditor's
* database.
*
* @param connection the MHD connection to use
* @param ec error code uniquely identifying the error
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_internal_db_error (struct MHD_Connection *connection,
enum TALER_ErrorCode ec);
/**
* Send a response indicating that the request was too big.
*
* @param connection the MHD connection to use
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_request_too_large (struct MHD_Connection *connection);
/**
* Send a response indicating that the JSON was malformed.
*
* @param connection the MHD connection to use
* @return a MHD result code
*/
int
TAH_RESPONSE_reply_invalid_json (struct MHD_Connection *connectionx);
#endif

2
src/exchange/taler-exchange-httpd_refresh_melt.c
View File

@ -66,7 +66,7 @@ reply_refresh_melt_insufficient_funds (struct MHD_Connection *connection,
TALER_EC_REFRESH_MELT_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS,
"Failed to compile transaction history");
return TALER_MHD_reply_json_pack (connection,
MHD_HTTP_FORBIDDEN,
MHD_HTTP_CONFLICT,
"{s:s, s:I, s:o, s:o, s:o, s:o, s:o}",
"error",
"insufficient funds",

2
src/exchange/taler-exchange-httpd_reserve_withdraw.c
View File

@ -72,7 +72,7 @@ reply_reserve_withdraw_insufficient_funds (struct MHD_Connection *connection,
json_balance = TALER_JSON_from_amount (&balance);
return TALER_MHD_reply_json_pack (connection,
MHD_HTTP_FORBIDDEN,
MHD_HTTP_CONFLICT,
"{s:s, s:I, s:o, s:o}",
"error", "Insufficient funds",
"code",

2
src/exchange/taler-exchange-httpd_responses.c
View File

@ -880,7 +880,7 @@ TEH_RESPONSE_reply_coin_insufficient_funds (struct MHD_Connection *connection,
TALER_EC_COIN_HISTORY_DB_ERROR_INSUFFICIENT_FUNDS,
"failed to convert transaction history to JSON");
return TALER_MHD_reply_json_pack (connection,
MHD_HTTP_FORBIDDEN,
MHD_HTTP_CONFLICT,
"{s:s, s:I, s:o}",
"error", "insufficient funds",
"code", (json_int_t) ec,

6
src/include/taler_error_codes.h
View File

@ -188,7 +188,7 @@ enum TALER_ErrorCode
* requested withdraw operation at this time. The response includes
* the current "balance" of the reserve as well as the transaction
* "history" that lead to this balance. This response is provided
* with HTTP status code MHD_HTTP_FORBIDDEN.
* with HTTP status code MHD_HTTP_CONFLICT.
*/
TALER_EC_WITHDRAW_INSUFFICIENT_FUNDS = 1100,
@ -340,7 +340,7 @@ enum TALER_ErrorCode
* for the /deposit operation (i.e. due to double spending).
* The "history" in the respose provides the transaction history
* of the coin proving this fact. This response is provided
* with HTTP status code MHD_HTTP_FORBIDDEN.
* with HTTP status code MHD_HTTP_CONFLICT.
*/
TALER_EC_DEPOSIT_INSUFFICIENT_FUNDS = 1200,
@ -496,7 +496,7 @@ enum TALER_ErrorCode
* for the /refresh/melt operation. The "history" in this
* response provdes the "residual_value" of the coin, which may
* be less than its "original_value". This response is provided
* with HTTP status code MHD_HTTP_FORBIDDEN.
* with HTTP status code MHD_HTTP_CONFLICT.
*/
TALER_EC_REFRESH_MELT_INSUFFICIENT_FUNDS = 1300,

2
src/lib/auditor_api_deposit_confirmation.c
View File

@ -99,7 +99,7 @@ handle_deposit_confirmation_finished (void *cls,
/* This should never happen, either us or the auditor is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, auditor says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */

4
src/lib/exchange_api_deposit.c
View File

@ -325,7 +325,7 @@ handle_deposit_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_FORBIDDEN:
case MHD_HTTP_CONFLICT:
/* Double spending; check signatures on transaction history */
if (GNUNET_OK !=
verify_deposit_signature_forbidden (dh,
@ -335,7 +335,7 @@ handle_deposit_finished (void *cls,
response_code = 0;
}
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */

4
src/lib/exchange_api_payback.c
View File

@ -226,7 +226,7 @@ handle_payback_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_FORBIDDEN:
case MHD_HTTP_CONFLICT:
{
/* Insufficient funds, proof attached */
json_t *history;
@ -256,7 +256,7 @@ handle_payback_finished (void *cls,
TALER_EXCHANGE_payback_cancel (ph);
return;
}
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */

16
src/lib/exchange_api_refresh.c
View File

@ -939,7 +939,7 @@ verify_refresh_melt_signature_ok (struct TALER_EXCHANGE_RefreshMeltHandle *rmh,
/**
* Verify that the signatures on the "403 FORBIDDEN" response from the
* Verify that the signatures on the "409 CONFLICT" response from the
* exchange demonstrating customer double-spending are valid.
*
* @param rmh melt handle
@ -947,9 +947,9 @@ verify_refresh_melt_signature_ok (struct TALER_EXCHANGE_RefreshMeltHandle *rmh,
* @return #GNUNET_OK if the signature(s) is valid, #GNUNET_SYSERR if not
*/
static int
verify_refresh_melt_signature_forbidden (struct
TALER_EXCHANGE_RefreshMeltHandle *rmh,
const json_t *json)
verify_refresh_melt_signature_conflict (struct
TALER_EXCHANGE_RefreshMeltHandle *rmh,
const json_t *json)
{
json_t *history;
struct TALER_Amount original_value;
@ -1083,17 +1083,17 @@ handle_refresh_melt_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_FORBIDDEN:
case MHD_HTTP_CONFLICT:
/* Double spending; check signatures on transaction history */
if (GNUNET_OK !=
verify_refresh_melt_signature_forbidden (rmh,
j))
verify_refresh_melt_signature_conflict (rmh,
j))
{
GNUNET_break_op (0);
response_code = 0;
}
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; assuming we checked them, this should never happen, we
should pass the JSON reply to the application */

2
src/lib/exchange_api_refund.c
View File

@ -169,7 +169,7 @@ handle_refund_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */

6
src/lib/exchange_api_reserve.c
View File

@ -797,7 +797,7 @@ reserve_withdraw_ok (struct TALER_EXCHANGE_ReserveWithdrawHandle *wsh,
/**
* We got a 403 FORBIDDEN response for the /reserve/withdraw operation.
* We got a 409 CONFLICT response for the /reserve/withdraw operation.
* Check the signatures on the withdraw transactions in the provided
* history and that the balances add up. We don't do anything directly
* with the information, as the JSON will be returned to the application.
@ -941,7 +941,7 @@ handle_reserve_withdraw_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_FORBIDDEN:
case MHD_HTTP_CONFLICT:
/* The exchange says that the reserve has insufficient funds;
check the signatures in the history... */
if (GNUNET_OK !=
@ -952,7 +952,7 @@ handle_reserve_withdraw_finished (void *cls,
response_code = 0;
}
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
GNUNET_break (0);
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we

2
src/lib/exchange_api_track_transaction.c
View File

@ -217,7 +217,7 @@ handle_deposit_wtid_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */

2
src/lib/exchange_api_track_transfer.c
View File

@ -279,7 +279,7 @@ handle_track_transfer_finished (void *cls,
/* This should never happen, either us or the exchange is buggy
(or API version conflict); just pass JSON reply to the application */
break;
case MHD_HTTP_UNAUTHORIZED:
case MHD_HTTP_FORBIDDEN:
/* Nothing really to verify, exchange says one of the signatures is
invalid; as we checked them, this should never happen, we
should pass the JSON reply to the application */