distinguish active/old denomination keys (#3634)

src/mint/Makefile.am

@@ -17,7 +17,6 @@ taler_mint_httpd_SOURCES = \
 taler_mint_httpd_LDADD = \
   $(LIBGCRYPT_LIBS) \
   $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/pq/libtalerpq.la \
   $(top_builddir)/src/mintdb/libtalermintdb.la \
   -lmicrohttpd \
   -ljansson \

src/mint/taler-mint-httpd_db.c

@@ -136,7 +136,8 @@ TMH_DB_execute_deposit (struct MHD_Connection *connection,
   }
   mks = TMH_KS_acquire ();
   dki = TMH_KS_denomination_key_lookup (mks,
-                                        &deposit->coin.denom_pub);
+                                        &deposit->coin.denom_pub,
+					TMH_KS_DKU_DEPOSIT);
   TALER_amount_ntoh (&value,
                      &dki->issue.value);
   TMH_KS_release (mks);
@@ -320,7 +321,8 @@ TMH_DB_execute_withdraw_sign (struct MHD_Connection *connection,
   /* Check if balance is sufficient */
   key_state = TMH_KS_acquire ();
   dki = TMH_KS_denomination_key_lookup (key_state,
-                                        denomination_pub);
+                                        denomination_pub,
+					TMH_KS_DKU_WITHDRAW);
   if (NULL == dki)
   {
     TMH_KS_release (key_state);
@@ -392,7 +394,8 @@ TMH_DB_execute_withdraw_sign (struct MHD_Connection *connection,
       break;
     case TALER_MINTDB_RO_WITHDRAW_COIN:
       tdki = TMH_KS_denomination_key_lookup (key_state,
-                                             &pos->details.withdraw->denom_pub);
+                                             &pos->details.withdraw->denom_pub,
+					     TMH_KS_DKU_WITHDRAW);
       TALER_amount_ntoh (&value,
                          &tdki->issue.value);
       if (0 == (res & 2))
@@ -510,7 +513,8 @@ refresh_accept_melts (struct MHD_Connection *connection,
   int res;
 
   dki = &TMH_KS_denomination_key_lookup (key_state,
-                                         &coin_details->coin_info.denom_pub)->issue;
+                                         &coin_details->coin_info.denom_pub,
+					 TMH_KS_DKU_DEPOSIT)->issue;
 
   if (NULL == dki)
     return (MHD_YES ==
@@ -1023,7 +1027,8 @@ refresh_mint_coin (struct MHD_Connection *connection,
   struct TALER_DenominationSignature ev_sig;
 
   dki = TMH_KS_denomination_key_lookup (key_state,
-                                        denom_pub);
+                                        denom_pub,
+					TMH_KS_DKU_WITHDRAW);
   if (NULL == dki)
   {
     GNUNET_break (0);

src/mint/taler-mint-httpd_deposit.c

@@ -86,7 +86,8 @@ verify_and_execute_deposit (struct MHD_Connection *connection,
   /* check denomination exists and is valid */
   key_state = TMH_KS_acquire ();
   dki = TMH_KS_denomination_key_lookup (key_state,
-                                        &deposit->coin.denom_pub);
+                                        &deposit->coin.denom_pub,
+					TMH_KS_DKU_DEPOSIT);
   if (NULL == dki)
   {
     TMH_KS_release (key_state);
@@ -188,7 +189,8 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
   GNUNET_free (wire_enc);
   ks = TMH_KS_acquire ();
   dki = TMH_KS_denomination_key_lookup (ks,
-                                        &deposit.coin.denom_pub);
+                                        &deposit.coin.denom_pub,
+					TMH_KS_DKU_DEPOSIT);
   if (NULL == dki)
   {
     TMH_KS_release (ks);

src/mint/taler-mint-httpd_keystate.c

@@ -461,19 +461,56 @@ TMH_KS_acquire (void)
  *
  * @param key_state state to look in
  * @param denom_pub denomination public key
+ * @param use purpose for which the key is being located
  * @return the denomination key issue,
  *         or NULL if denom_pub could not be found
  */
 struct TALER_MINTDB_DenominationKeyIssueInformation *
 TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state,
-                                const struct TALER_DenominationPublicKey *denom_pub)
+                                const struct TALER_DenominationPublicKey *denom_pub,
+				enum TMH_KS_DenominationKeyUse use)
 {
   struct GNUNET_HashCode hc;
+  struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
+  struct GNUNET_TIME_Absolute now;
 
   GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key,
                                      &hc);
-  return GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map,
+  dki = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map,
 					   &hc);
+  if (now.abs_value_us <
+      GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+		"Not returning DKI for %s, as start time is in the future\n",
+		GNUNET_h2s (&hc));
+    return NULL;
+  }
+  now = GNUNET_TIME_absolute_get ();
+  switch (use)
+  {
+  case TMH_KS_DKU_WITHDRAW:
+    if (now.abs_value_us >
+	GNUNET_TIME_absolute_ntoh (dki->issue.expire_withdraw).abs_value_us)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+		  "Not returning DKI for %s, as time to create coins has passed\n",
+		  GNUNET_h2s (&hc));
+      return NULL;
+    }
+    break;
+  case TMH_KS_DKU_DEPOSIT:
+    if (now.abs_value_us >
+	GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us)
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+		  "Not returning DKI for %s, as time to spend coin has passed\n",
+		  GNUNET_h2s (&hc));
+      return NULL;
+    }
+    break;
+  }
+  return dki;
 }
 
 

src/mint/taler-mint-httpd_keystate.h

@@ -56,18 +56,42 @@ void
 TMH_KS_release (struct TMH_KS_StateHandle *key_state);
 
 
+/**
+ * Denomination key lookups can be for signing of fresh coins
+ * or to validate signatures on existing coins.  As the validity
+ * periods for a key differ, the caller must specify which
+ * use is relevant for the current operation.
+ */
+enum TMH_KS_DenominationKeyUse {
+
+  /**
+   * The key is to be used for a /withdraw/sign or /refresh (mint)
+   * operation.
+   */
+  TMH_KS_DKU_WITHDRAW,
+
+  /**
+   * The key is to be usd for a /deposit or /refresh (melt) operation.
+   */
+  TMH_KS_DKU_DEPOSIT
+  
+};
+
+
 /**
  * Look up the issue for a denom public key.  Note that the result
  * is only valid while the @a key_state is not released!
  *
  * @param key_state state to look in
  * @param denom_pub denomination public key
+ * @param use purpose for which the key is being located
  * @return the denomination key issue,
- *         or NULL if denom_pub could not be found
+ *         or NULL if denom_pub could not be found (or is not valid at this time for the given @a use)
  */
 struct TALER_MINTDB_DenominationKeyIssueInformation *
 TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state,
-                                const struct TALER_DenominationPublicKey *denom_pub);
+                                const struct TALER_DenominationPublicKey *denom_pub,
+				enum TMH_KS_DenominationKeyUse use);
 
 
 /**

src/mint/taler-mint-httpd_refresh.c

@@ -80,7 +80,8 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
   for (i=0;i<num_new_denoms;i++)
   {
     dki = &TMH_KS_denomination_key_lookup (key_state,
-                                           &denom_pubs[i])->issue;
+                                           &denom_pubs[i],
+					   TMH_KS_DKU_WITHDRAW)->issue;
     TALER_amount_ntoh (&value,
                        &dki->value);
     TALER_amount_ntoh (&fee_withdraw,
@@ -108,7 +109,8 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
     /* calculate contribution of the i-th melt by subtracting
        the fee; add the rest to the total_melt value */
     dki = &TMH_KS_denomination_key_lookup (key_state,
-                                           &coin_melt_details[i].coin_info.denom_pub)->issue;
+                                           &coin_melt_details[i].coin_info.denom_pub,
+					   TMH_KS_DKU_DEPOSIT)->issue;
     TALER_amount_ntoh (&fee_melt,
                        &dki->fee_refresh);
     if (GNUNET_OK !=
@@ -234,7 +236,8 @@ verify_coin_public_info (struct MHD_Connection *connection,
 
   key_state = TMH_KS_acquire ();
   dki = TMH_KS_denomination_key_lookup (key_state,
-                                        &melt_detail->coin_info.denom_pub);
+                                        &melt_detail->coin_info.denom_pub,
+					TMH_KS_DKU_DEPOSIT);
   if (NULL == dki)
   {
     TMH_KS_release (key_state);

src/mint/taler-mint-httpd_responses.c

@@ -468,8 +468,6 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
   json_t *transaction;
   int ret;
   const struct TALER_MINTDB_ReserveHistory *pos;
-  struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
-  struct TMH_KS_StateHandle *key_state;
   struct TALER_WithdrawRequestPS wr;
 
   json_history = json_array ();
@@ -502,7 +500,6 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
     }
   }
 
-  key_state = TMH_KS_acquire ();
   ret = 0;
   for (pos = rh; NULL != pos; pos = pos->next)
   {
@@ -511,29 +508,28 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
     case TALER_MINTDB_RO_BANK_TO_MINT:
       break;
     case TALER_MINTDB_RO_WITHDRAW_COIN:
-
+      value = pos->details.withdraw->amount_with_fee;
-      dki = TMH_KS_denomination_key_lookup (key_state,
-                                            &pos->details.withdraw->denom_pub);
-      TALER_amount_ntoh (&value,
-                         &dki->issue.value);
       if (0 == ret)
+      {
         withdraw_total = value;
+      }
       else
+      {
         if (GNUNET_OK !=
             TALER_amount_add (&withdraw_total,
                               &withdraw_total,
                               &value))
         {
-          TMH_KS_release (key_state);
           json_decref (json_history);
           return NULL;
         }
+      }
       ret = 1;
       wr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW);
       wr.purpose.size = htonl (sizeof (struct TALER_WithdrawRequestPS));
       wr.reserve_pub = pos->details.withdraw->reserve_pub;
       TALER_amount_hton (&wr.amount_with_fee,
-                         &pos->details.withdraw->amount_with_fee);
+                         &value);
       TALER_amount_hton (&wr.withdraw_fee,
                          &pos->details.withdraw->withdraw_fee);
       GNUNET_CRYPTO_rsa_public_key_hash (pos->details.withdraw->denom_pub.rsa_public_key,
@@ -552,7 +548,6 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
       break;
     }
   }
-  TMH_KS_release (key_state);
 
   if (GNUNET_SYSERR ==
       TALER_amount_subtract (balance,

src/mint/taler-mint-httpd_withdraw.c

@@ -128,7 +128,8 @@ TMH_WITHDRAW_handler_withdraw_sign (struct TMH_RequestHandler *rh,
   blinded_msg_len = spec[0].destination_size_out;
   ks = TMH_KS_acquire ();
   dki = TMH_KS_denomination_key_lookup (ks,
-                                        &denomination_pub);
+                                        &denomination_pub,
+					TMH_KS_DKU_WITHDRAW);
   if (NULL == dki)
   {
     TMH_PARSE_release_data (spec);