[age restriction] progress 5/n
- taler-exchange-secmod-rsa - extracts AGE_RESTRICTED per denomination from config - propagates flag for each denomination to server - if age restriction is set for a denomination, age _mask_ is taken (for now!) from config
This commit is contained in:
parent
2d1a618d3d
commit
97bae4dd65
@ -26,6 +26,7 @@
|
||||
#include "taler-exchange-httpd_keys.h"
|
||||
#include "taler-exchange-httpd_responses.h"
|
||||
#include "taler_exchangedb_plugin.h"
|
||||
#include "taler_extensions.h"
|
||||
|
||||
|
||||
/**
|
||||
@ -687,6 +688,7 @@ destroy_key_helpers (struct HelperState *hs)
|
||||
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
|
||||
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
|
||||
* The signature was already verified against @a sm_pub.
|
||||
* @param age_restricted true, if denomination is age restricted
|
||||
*/
|
||||
static void
|
||||
helper_rsa_cb (
|
||||
@ -697,7 +699,8 @@ helper_rsa_cb (
|
||||
const struct TALER_RsaPubHashP *h_rsa,
|
||||
const struct TALER_DenominationPublicKey *denom_pub,
|
||||
const struct TALER_SecurityModulePublicKeyP *sm_pub,
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig)
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig,
|
||||
bool age_restricted)
|
||||
{
|
||||
struct HelperState *hs = cls;
|
||||
struct HelperDenomination *hd;
|
||||
@ -729,13 +732,17 @@ helper_rsa_cb (
|
||||
TALER_denom_pub_deep_copy (&hd->denom_pub,
|
||||
denom_pub);
|
||||
GNUNET_assert (TALER_DENOMINATION_RSA == hd->denom_pub.cipher);
|
||||
// FIXME-OEC: set AGE RESTRICTION (from 'global' variable,
|
||||
// that itself is set from /managmenet API!) HERE!
|
||||
// ISSUE: tricky to handle if configuration changes
|
||||
// between denominations (some with/without age
|
||||
// restrictions). For that, we probably need to look at
|
||||
// configuration [$section_name] (!?).
|
||||
|
||||
/* Set age restriction, if applicable */
|
||||
hd->denom_pub.age_mask.mask = 0;
|
||||
if (age_restricted)
|
||||
{
|
||||
/* FIXME-oec: get age mask from global */
|
||||
GNUNET_assert (TALER_EXTENSION_OK == TALER_get_age_mask (TEH_cfg,
|
||||
&hd->denom_pub.
|
||||
age_mask));
|
||||
}
|
||||
|
||||
TALER_denom_pub_hash (&hd->denom_pub,
|
||||
&hd->h_denom_pub);
|
||||
hd->section_name = GNUNET_strdup (section_name);
|
||||
|
@ -1362,6 +1362,7 @@ struct TALER_CRYPTO_RsaDenominationHelper;
|
||||
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
|
||||
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
|
||||
* The signature was already verified against @a sm_pub.
|
||||
* @param age_restricted true, if denomnation has age restriction set
|
||||
*/
|
||||
typedef void
|
||||
(*TALER_CRYPTO_RsaDenominationKeyStatusCallback)(
|
||||
@ -1372,7 +1373,8 @@ typedef void
|
||||
const struct TALER_RsaPubHashP *h_rsa,
|
||||
const struct TALER_DenominationPublicKey *denom_pub,
|
||||
const struct TALER_SecurityModulePublicKeyP *sm_pub,
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig);
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig,
|
||||
bool age_restricted);
|
||||
|
||||
|
||||
/**
|
||||
|
@ -629,6 +629,10 @@ struct TALER_EXCHANGEDB_DenominationKeyMetaData
|
||||
*/
|
||||
struct TALER_Amount fee_refund;
|
||||
|
||||
/**
|
||||
* Indication if age restriction is set for this denomination
|
||||
*/
|
||||
bool age_restricted;
|
||||
};
|
||||
|
||||
|
||||
|
@ -239,7 +239,8 @@ handle_mt_avail (struct TALER_CRYPTO_RsaDenominationHelper *dh,
|
||||
&h_rsa,
|
||||
&denom_pub,
|
||||
&kan->secm_pub,
|
||||
&kan->secm_sig);
|
||||
&kan->secm_sig,
|
||||
(&kan->age_restricted > 0));
|
||||
TALER_denom_pub_free (&denom_pub);
|
||||
}
|
||||
return GNUNET_OK;
|
||||
@ -275,7 +276,8 @@ handle_mt_purge (struct TALER_CRYPTO_RsaDenominationHelper *dh,
|
||||
&pn->h_rsa,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL);
|
||||
NULL,
|
||||
false);
|
||||
return GNUNET_OK;
|
||||
}
|
||||
|
||||
|
@ -156,6 +156,11 @@ struct Denomination
|
||||
* Length of (new) RSA keys (in bits).
|
||||
*/
|
||||
uint32_t rsa_keysize;
|
||||
|
||||
/**
|
||||
* Is the denomination age restricted? 0 == false
|
||||
*/
|
||||
uint8_t age_restricted;
|
||||
};
|
||||
|
||||
|
||||
@ -258,6 +263,7 @@ notify_client_dk_add (struct TES_Client *client,
|
||||
an->section_name_len = htons ((uint16_t) nlen);
|
||||
an->anchor_time = GNUNET_TIME_absolute_hton (dk->anchor);
|
||||
an->duration_withdraw = GNUNET_TIME_relative_hton (denom->duration_withdraw);
|
||||
an->age_restricted = denom->age_restricted;
|
||||
TALER_exchange_secmod_rsa_sign (&dk->h_rsa,
|
||||
denom->section,
|
||||
dk->anchor,
|
||||
@ -1256,6 +1262,24 @@ parse_denomination_cfg (const struct GNUNET_CONFIGURATION_Handle *cfg,
|
||||
}
|
||||
denom->rsa_keysize = (unsigned int) rsa_keysize;
|
||||
denom->section = GNUNET_strdup (ct);
|
||||
if (GNUNET_OK == (GNUNET_CONFIGURATION_have_value (cfg,
|
||||
ct,
|
||||
"AGE_RESTRICTED")))
|
||||
{
|
||||
enum GNUNET_GenericReturnValue ret;
|
||||
if (GNUNET_SYSERR == (ret = GNUNET_CONFIGURATION_get_value_yesno (cfg,
|
||||
ct,
|
||||
"AGE_RESTRICTED")))
|
||||
{
|
||||
GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
|
||||
ct,
|
||||
"AGE_RESTRICTED",
|
||||
"Value must be YES or NO\n");
|
||||
return GNUNET_SYSERR;
|
||||
}
|
||||
denom->age_restricted = (ret == GNUNET_OK) ? 1 : 0;
|
||||
}
|
||||
|
||||
return GNUNET_OK;
|
||||
}
|
||||
|
||||
|
@ -77,6 +77,11 @@ struct TALER_CRYPTO_RsaKeyAvailableNotification
|
||||
*/
|
||||
struct TALER_SecurityModuleSignatureP secm_sig;
|
||||
|
||||
/**
|
||||
* Indicator for age restriction
|
||||
*/
|
||||
uint8_t age_restricted;
|
||||
|
||||
/* followed by @e pub_size bytes of the RSA public key */
|
||||
|
||||
/* followed by @e section_name bytes of the configuration section name
|
||||
|
@ -133,6 +133,7 @@ free_keys (void)
|
||||
* @param sm_pub public key of the security module, NULL if the key was revoked or purged
|
||||
* @param sm_sig signature from the security module, NULL if the key was revoked or purged
|
||||
* The signature was already verified against @a sm_pub.
|
||||
* @param age_restricted indication if denomination is age restricted
|
||||
*/
|
||||
static void
|
||||
key_cb (void *cls,
|
||||
@ -142,7 +143,8 @@ key_cb (void *cls,
|
||||
const struct TALER_RsaPubHashP *h_rsa,
|
||||
const struct TALER_DenominationPublicKey *denom_pub,
|
||||
const struct TALER_SecurityModulePublicKeyP *sm_pub,
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig)
|
||||
const struct TALER_SecurityModuleSignatureP *sm_sig,
|
||||
bool age_restricted)
|
||||
{
|
||||
(void) cls;
|
||||
(void) sm_pub;
|
||||
@ -186,6 +188,7 @@ key_cb (void *cls,
|
||||
keys[i].validity_duration = validity_duration;
|
||||
TALER_denom_pub_deep_copy (&keys[i].denom_pub,
|
||||
denom_pub);
|
||||
/* FIXME-oec: take age_restriction into account!? */
|
||||
num_keys++;
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user