diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index 19017eac1..d1ce5a234 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -2561,7 +2561,8 @@ struct TALER_EXCHANGE_AuditorAddDenominationHandle;
* @param url HTTP base URL for the exchange
* @param h_denom_pub hash of the public key of the denomination
* @param auditor_pub public key of the auditor
- * @param auditor_sig signature of the auditor
+ * @param auditor_sig signature of the auditor, of
+ * purpose #TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS
* @param cb function to call with the exchange's result
* @param cb_cls closure for @a cb
* @return the request handle; NULL upon error
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 65df94945..f27938262 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -2051,6 +2051,45 @@ TALER_TESTING_cmd_auditor_del (const char *label,
bool bad_sig);
+/**
+ * Add affirmation that the auditor is auditing the given
+ * denomination.
+ * The information about the auditor is taken from the
+ * "[auditor]" section in the configuration file.
+ *
+ * @param label command label.
+ * @param expected_http_status expected HTTP status from exchange
+ * @param denom_ref reference to a command identifying a denomination key
+ * @param bad_sig should we use a bogus signature?
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_auditor_add_denom_sig (const char *label,
+ unsigned int expected_http_status,
+ const char *denom_ref,
+ bool bad_sig);
+
+/**
+ * Add statement about wire fees of the exchange. This is always
+ * done for a few hours around the current time (for the test).
+ *
+ * @param label command label.
+ * @param wire_method wire method to set wire fees for
+ * @param wire_fee the wire fee to affirm
+ * @param closing_fee the closing fee to affirm
+ * @param expected_http_status expected HTTP status from exchange
+ * @param bad_sig should we use a bogus signature?
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_set_wire_fee (const char *label,
+ const char *wire_method,
+ const char *wire_fee,
+ const char *closing_fee,
+ unsigned int expected_http_status,
+ bool bad_sig);
+
+
/**
* Add the given payto-URI bank account to the list of bank
* accounts used by the exchange.
diff --git a/src/testing/Makefile.am b/src/testing/Makefile.am
index 7539cecc3..4ba7fe74c 100644
--- a/src/testing/Makefile.am
+++ b/src/testing/Makefile.am
@@ -35,6 +35,7 @@ libtalertesting_la_LDFLAGS = \
-version-info 0:0:0 \
-no-undefined
libtalertesting_la_SOURCES = \
+ testing_api_cmd_auditor_add_denom_sig.c \
testing_api_cmd_auditor_add.c \
testing_api_cmd_auditor_del.c \
testing_api_cmd_auditor_deposit_confirmation.c \
diff --git a/src/testing/testing_api_cmd_auditor_add_denom_sig.c b/src/testing/testing_api_cmd_auditor_add_denom_sig.c
new file mode 100644
index 000000000..dc75221df
--- /dev/null
+++ b/src/testing/testing_api_cmd_auditor_add_denom_sig.c
@@ -0,0 +1,365 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2020 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public
+ License along with TALER; see the file COPYING. If not, see
+
+*/
+/**
+ * @file testing/testing_api_cmd_auditor_add_denom_sig.c
+ * @brief command for testing POST to /auditor/$AUDITOR_PUB/$H_DENOM_PUB
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_json_lib.h"
+#include
+#include "taler_testing_lib.h"
+#include "taler_signatures.h"
+#include "backoff.h"
+
+
+/**
+ * State for a "auditor_add" CMD.
+ */
+struct AuditorAddDenomSigState
+{
+
+ /**
+ * Auditor enable handle while operation is running.
+ */
+ struct TALER_EXCHANGE_AuditorAddDenominationHandle *dh;
+
+ /**
+ * Our interpreter.
+ */
+ struct TALER_TESTING_Interpreter *is;
+
+ /**
+ * Reference to command identifying denomination to add.
+ */
+ const char *denom_ref;
+
+ /**
+ * Expected HTTP response code.
+ */
+ unsigned int expected_response_code;
+
+ /**
+ * Should we make the request with a bad master_sig signature?
+ */
+ bool bad_sig;
+};
+
+
+/**
+ * Callback to analyze the /management/auditor response, just used to check
+ * if the response code is acceptable.
+ *
+ * @param cls closure.
+ * @param hr HTTP response details
+ */
+static void
+denom_sig_add_cb (void *cls,
+ const struct TALER_EXCHANGE_HttpResponse *hr)
+{
+ struct AuditorAddDenomSigState *ds = cls;
+
+ ds->dh = NULL;
+ if (ds->expected_response_code != hr->http_status)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unexpected response code %u to command %s in %s:%u\n",
+ hr->http_status,
+ ds->is->commands[ds->is->ip].label,
+ __FILE__,
+ __LINE__);
+ json_dumpf (hr->reply,
+ stderr,
+ 0);
+ TALER_TESTING_interpreter_fail (ds->is);
+ return;
+ }
+ TALER_TESTING_interpreter_next (ds->is);
+}
+
+
+/**
+ * Run the command.
+ *
+ * @param cls closure.
+ * @param cmd the command to execute.
+ * @param is the interpreter state.
+ */
+static void
+auditor_add_run (void *cls,
+ const struct TALER_TESTING_Command *cmd,
+ struct TALER_TESTING_Interpreter *is)
+{
+ struct AuditorAddDenomSigState *ds = cls;
+ char *exchange_url;
+ struct TALER_AuditorPrivateKeyP auditor_priv;
+ struct TALER_AuditorPublicKeyP auditor_pub;
+ struct TALER_AuditorSignatureP auditor_sig;
+ struct GNUNET_HashCode h_denom_pub;
+ char *fn;
+ const struct TALER_EXCHANGE_DenomPublicKey *dk;
+
+ (void) cmd;
+ /* Get denom pub from trait */
+ {
+ const struct TALER_TESTING_Command *denom_cmd;
+
+ denom_cmd = TALER_TESTING_interpreter_lookup_command (is,
+ ds->denom_ref);
+
+ if (NULL == denom_cmd)
+ {
+ GNUNET_break (0);
+ TALER_TESTING_interpreter_fail (is);
+ return;
+ }
+ GNUNET_assert (GNUNET_OK ==
+ TALER_TESTING_get_trait_denom_pub (denom_cmd,
+ 0,
+ &dk));
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_DISK_directory_create_for_file (fn))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not setup directory for auditor private key file `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_key_from_file (fn,
+ GNUNET_YES,
+ &auditor_priv.eddsa_priv))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not load auditor private key from `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ GNUNET_free (fn);
+ GNUNET_CRYPTO_eddsa_key_get_public (&auditor_priv.eddsa_priv,
+ &auditor_pub.eddsa_pub);
+
+
+ ds->is = is;
+ if (ds->bad_sig)
+ {
+ memset (&auditor_sig,
+ 42,
+ sizeof (auditor_sig));
+ }
+ else
+ {
+ struct TALER_MasterPrivateKeyP master_priv;
+ char *auditor_url;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (is->cfg,
+ "exchange-offline",
+ "MASTER_PRIV_FILE",
+ &fn))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-offline",
+ "MASTER_PRIV_FILE");
+ TALER_TESTING_interpreter_next (ds->is);
+ GNUNET_free (auditor_url);
+ return;
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_DISK_directory_create_for_file (fn))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not setup directory for master private key file `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_key_from_file (fn,
+ GNUNET_YES,
+ &master_priv.eddsa_priv))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not load master private key from `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ GNUNET_free (fn);
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (is->cfg,
+ "auditor",
+ "BASE_URL",
+ &auditor_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "auditor",
+ "BASE_URL");
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+
+ /* now sign */
+ {
+ struct TALER_ExchangeKeyValidityPS kv = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS),
+ .purpose.size = htonl (sizeof (struct TALER_ExchangeKeyValidityPS)),
+ .start = GNUNET_TIME_absolute_hton (dk->valid_from),
+ .expire_withdraw = GNUNET_TIME_absolute_hton (
+ dk->withdraw_valid_until),
+ .expire_deposit = GNUNET_TIME_absolute_hton (dk->expire_deposit),
+ .expire_legal = GNUNET_TIME_absolute_hton (dk->expire_legal),
+ .denom_hash = dk->h_key
+ };
+
+ TALER_amount_hton (&kv.value,
+ &dk->value);
+ TALER_amount_hton (&kv.fee_withdraw,
+ &dk->fee_withdraw);
+ TALER_amount_hton (&kv.fee_deposit,
+ &dk->fee_deposit);
+ TALER_amount_hton (&kv.fee_refresh,
+ &dk->fee_refresh);
+ TALER_amount_hton (&kv.fee_refund,
+ &dk->fee_refund);
+ GNUNET_CRYPTO_eddsa_key_get_public (&master_priv.eddsa_priv,
+ &kv.master.eddsa_pub);
+ GNUNET_CRYPTO_hash (auditor_url,
+ strlen (auditor_url) + 1,
+ &kv.auditor_url_hash);
+ /* Finally sign ... */
+ GNUNET_CRYPTO_eddsa_sign (&auditor_priv.eddsa_priv,
+ &kv,
+ &auditor_sig.eddsa_sig);
+ }
+ GNUNET_free (auditor_url);
+ }
+
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (is->cfg,
+ "exchange",
+ "BASE_URL",
+ &exchange_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "BASE_URL");
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ ds->dh = TALER_EXCHANGE_add_auditor_denomination (
+ is->ctx,
+ exchange_url,
+ &h_denom_pub,
+ &auditor_pub,
+ &auditor_sig,
+ &denom_sig_add_cb,
+ ds);
+ GNUNET_free (exchange_url);
+ if (NULL == ds->dh)
+ {
+ GNUNET_break (0);
+ TALER_TESTING_interpreter_fail (is);
+ return;
+ }
+}
+
+
+/**
+ * Free the state of a "auditor_add" CMD, and possibly cancel a
+ * pending operation thereof.
+ *
+ * @param cls closure, must be a `struct AuditorAddDenomSigState`.
+ * @param cmd the command which is being cleaned up.
+ */
+static void
+auditor_add_cleanup (void *cls,
+ const struct TALER_TESTING_Command *cmd)
+{
+ struct AuditorAddDenomSigState *ds = cls;
+
+ if (NULL != ds->dh)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Command %u (%s) did not complete\n",
+ ds->is->ip,
+ cmd->label);
+ TALER_EXCHANGE_add_auditor_denomination_cancel (ds->dh);
+ ds->dh = NULL;
+ }
+ GNUNET_free (ds);
+}
+
+
+/**
+ * Offer internal data from a "auditor_add" CMD, to other commands.
+ *
+ * @param cls closure.
+ * @param[out] ret result.
+ * @param trait name of the trait.
+ * @param index index number of the object to offer.
+ *
+ * @return #GNUNET_OK on success.
+ */
+static int
+auditor_add_traits (void *cls,
+ const void **ret,
+ const char *trait,
+ unsigned int index)
+{
+ return GNUNET_NO;
+}
+
+
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_auditor_add_denom_sig (const char *label,
+ unsigned int expected_http_status,
+ const char *denom_ref,
+ bool bad_sig)
+{
+ struct AuditorAddDenomSigState *ds;
+
+ ds = GNUNET_new (struct AuditorAddDenomSigState);
+ ds->expected_response_code = expected_http_status;
+ ds->bad_sig = bad_sig;
+ ds->denom_ref = denom_ref;
+ {
+ struct TALER_TESTING_Command cmd = {
+ .cls = ds,
+ .label = label,
+ .run = &auditor_add_run,
+ .cleanup = &auditor_add_cleanup,
+ .traits = &auditor_add_traits
+ };
+
+ return cmd;
+ }
+}
+
+
+/* end of testing_api_cmd_auditor_add_denom_sig.c */