diff --git a/src/mint/key_io.c b/src/mint/key_io.c index 6b70e980a..e02e0f563 100644 --- a/src/mint/key_io.c +++ b/src/mint/key_io.c @@ -55,10 +55,14 @@ signkeys_iterate_dir_iter (void *cls, sizeof (struct TALER_MINT_SignKeyIssuePriv)); if (nread != sizeof (struct TALER_MINT_SignKeyIssuePriv)) { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid signkey file: '%s'\n", filename); + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Invalid signkey file: '%s'\n", + filename); return GNUNET_OK; } - return skc->it (skc->it_cls, &issue); + return skc->it (skc->it_cls, + filename, + &issue); } diff --git a/src/mint/key_io.h b/src/mint/key_io.h index c9fd57625..bd7f95112 100644 --- a/src/mint/key_io.h +++ b/src/mint/key_io.h @@ -41,13 +41,21 @@ */ struct TALER_MINT_SignKeyIssuePriv { + /** + * FIXME. + */ struct GNUNET_CRYPTO_EddsaPrivateKey signkey_priv; + /** + * FIXME. + */ struct TALER_MINT_SignKeyIssue issue; }; - +/** + * FIXME. + */ struct TALER_MINT_DenomKeyIssuePriv { /** @@ -56,16 +64,18 @@ struct TALER_MINT_DenomKeyIssuePriv */ struct GNUNET_CRYPTO_rsa_PrivateKey *denom_priv; + /** + * FIXME. + */ struct TALER_MINT_DenomKeyIssue issue; }; - - /** * Iterator for sign keys. * * @param cls closure + * @param filename name of the file the key came from * @param ski the sign key issue * @return #GNUNET_OK to continue to iterate, * #GNUNET_NO to stop iteration with no error, @@ -73,8 +83,10 @@ struct TALER_MINT_DenomKeyIssuePriv */ typedef int (*TALER_MINT_SignkeyIterator)(void *cls, + const char *filename, const struct TALER_MINT_SignKeyIssuePriv *ski); + /** * Iterator for denomination keys. * @@ -97,7 +109,8 @@ typedef int */ int TALER_MINT_signkeys_iterate (const char *mint_base_dir, - TALER_MINT_SignkeyIterator it, void *cls); + TALER_MINT_SignkeyIterator it, + void *it_cls); /** @@ -105,7 +118,8 @@ TALER_MINT_signkeys_iterate (const char *mint_base_dir, */ int TALER_MINT_denomkeys_iterate (const char *mint_base_dir, - TALER_MINT_DenomkeyIterator it, void *cls); + TALER_MINT_DenomkeyIterator it, + void *it_cls); /** @@ -132,7 +146,4 @@ TALER_MINT_read_denom_key (const char *filename, struct TALER_MINT_DenomKeyIssuePriv *dki); - - - #endif diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c index 4be13a0bb..d5872d96d 100644 --- a/src/mint/taler-mint-httpd_keystate.c +++ b/src/mint/taler-mint-httpd_keystate.c @@ -140,30 +140,6 @@ denom_key_issue_to_json (const struct TALER_MINT_DenomKeyIssue *dki) } -/** - * Convert the public part of a sign key issue to a JSON object. - * - * @param ski the sign key issue - * @return a JSON object describing the sign key isue (public part) - */ -static json_t * -sign_key_issue_to_json (const struct TALER_MINT_SignKeyIssue *ski) -{ - return - json_pack ("{s:o, s:o, s:o, s:o}", - "stamp_start", - TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)), - "stamp_expire", - TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)), - "master_sig", - TALER_JSON_from_data (&ski->signature, - sizeof (struct GNUNET_CRYPTO_EddsaSignature)), - "key", - TALER_JSON_from_data (&ski->signkey_pub, - sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); -} - - /** * Get the relative time value that describes how * far in the future do we want to provide coin keys. @@ -207,6 +183,7 @@ reload_keys_denom_iter (void *cls, struct MintKeyState *ctx = cls; struct GNUNET_TIME_Absolute stamp_provide; struct GNUNET_HashCode denom_key_hash; + struct TALER_MINT_DenomKeyIssuePriv *d2; int res; stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, @@ -214,39 +191,71 @@ reload_keys_denom_iter (void *cls, if (GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us < ctx->reload_time.abs_value_us) { - // this key is expired + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Skipping expired denomination key `%s'\n", + alias); return GNUNET_OK; } if (GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us > stamp_provide.abs_value_us) { - // we are to early for this key + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Skipping future denomination key `%s'\n", + alias); return GNUNET_OK; } GNUNET_CRYPTO_hash (&dki->issue.denom_pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey), &denom_key_hash); - + d2 = GNUNET_memdup (dki, + sizeof (struct TALER_MINT_DenomKeyIssuePriv)); res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map, &denom_key_hash, - GNUNET_memdup (dki, - sizeof (struct TALER_MINT_DenomKeyIssuePriv)), + d2, GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY); if (GNUNET_OK != res) + { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Duplicate denomination key\n"); - + "Duplicate denomination key `%s'\n", + alias); + GNUNET_free (d2); + return GNUNET_OK; + } json_array_append_new (ctx->denom_keys_array, denom_key_issue_to_json (&dki->issue)); - return GNUNET_OK; } +/** + * Convert the public part of a sign key issue to a JSON object. + * + * @param ski the sign key issue + * @return a JSON object describing the sign key isue (public part) + */ +static json_t * +sign_key_issue_to_json (const struct TALER_MINT_SignKeyIssue *ski) +{ + return + json_pack ("{s:o, s:o, s:o, s:o}", + "stamp_start", + TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)), + "stamp_expire", + TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)), + "master_sig", + TALER_JSON_from_data (&ski->signature, + sizeof (struct GNUNET_CRYPTO_EddsaSignature)), + "key", + TALER_JSON_from_data (&ski->signkey_pub, + sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); +} + + /** * Iterator for sign keys. * * @param cls closure + * @param filename name of the file the key came from * @param ski the sign key issue * @return #GNUNET_OK to continue to iterate, * #GNUNET_NO to stop iteration with no error, @@ -254,6 +263,7 @@ reload_keys_denom_iter (void *cls, */ static int reload_keys_sign_iter (void *cls, + const char *filename, const struct TALER_MINT_SignKeyIssuePriv *ski) { struct MintKeyState *ctx = cls; @@ -264,13 +274,17 @@ reload_keys_sign_iter (void *cls, if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us < ctx->reload_time.abs_value_us) { - // this key is expired + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Skipping expired signing key `%s'\n", + filename); return GNUNET_OK; } if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us > stamp_provide.abs_value_us) { - // we are to early for this key + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Skipping future signing key `%s'\n", + filename); return GNUNET_OK; } diff --git a/src/mint/taler-mint-keycheck.c b/src/mint/taler-mint-keycheck.c index c934d08fa..b8f40c580 100644 --- a/src/mint/taler-mint-keycheck.c +++ b/src/mint/taler-mint-keycheck.c @@ -28,11 +28,14 @@ static char *mintdir; + static struct GNUNET_CONFIGURATION_Handle *kcfg; static int -signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssuePriv *ski) +signkeys_iter (void *cls, + const char *filename, + const struct TALER_MINT_SignKeyIssuePriv *ski) { struct GNUNET_TIME_Absolute start;