implement /payback parsing and signature verification
This commit is contained in:
parent
8d9dc14227
commit
b38134ea4a
@ -37,6 +37,7 @@ taler_exchange_httpd_SOURCES = \
|
||||
taler-exchange-httpd_keystate.c taler-exchange-httpd_keystate.h \
|
||||
taler-exchange-httpd_mhd.c taler-exchange-httpd_mhd.h \
|
||||
taler-exchange-httpd_parsing.c taler-exchange-httpd_parsing.h \
|
||||
taler-exchange-httpd_payback.c taler-exchange-httpd_payback.h \
|
||||
taler-exchange-httpd_refresh.c taler-exchange-httpd_refresh.h \
|
||||
taler-exchange-httpd_refund.c taler-exchange-httpd_refund.h \
|
||||
taler-exchange-httpd_reserve.c taler-exchange-httpd_reserve.h \
|
||||
|
@ -2256,4 +2256,27 @@ TEH_DB_execute_track_transaction (struct MHD_Connection *connection,
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Execute a "/payback". The validity of the coin and signature have
|
||||
* already been checked. The database must now check that the coin is
|
||||
* not (double) spent, and execute the transaction (record details,
|
||||
* generate success or failure response).
|
||||
*
|
||||
* @param connection the MHD connection to handle
|
||||
* @param coin information about the coin
|
||||
* @param coin_bks blinding data of the coin (to be checked)
|
||||
* @param coin_sig signature of the coin
|
||||
* @return MHD result code
|
||||
*/
|
||||
int
|
||||
TEH_DB_execute_payback (struct MHD_Connection *connection,
|
||||
const struct TALER_CoinPublicInfo *coin,
|
||||
const struct TALER_DenominationBlindingKeyP *coin_bks,
|
||||
const struct TALER_CoinSpendSignatureP *coin_sig)
|
||||
{
|
||||
GNUNET_break (0); /* not implemented (#3887) */
|
||||
return MHD_NO;
|
||||
}
|
||||
|
||||
|
||||
/* end of taler-exchange-httpd_db.c */
|
||||
|
@ -236,5 +236,24 @@ TEH_DB_execute_track_transaction (struct MHD_Connection *connection,
|
||||
const struct TALER_MerchantPublicKeyP *merchant_pub);
|
||||
|
||||
|
||||
/**
|
||||
* Execute a "/payback". The validity of the coin and signature have
|
||||
* already been checked. The database must now check that the coin is
|
||||
* not (double) spent, and execute the transaction (record details,
|
||||
* generate success or failure response).
|
||||
*
|
||||
* @param connection the MHD connection to handle
|
||||
* @param coin information about the coin
|
||||
* @param coin_bks blinding data of the coin (to be checked)
|
||||
* @param coin_sig signature of the coin
|
||||
* @return MHD result code
|
||||
*/
|
||||
int
|
||||
TEH_DB_execute_payback (struct MHD_Connection *connection,
|
||||
const struct TALER_CoinPublicInfo *coin,
|
||||
const struct TALER_DenominationBlindingKeyP *coin_bks,
|
||||
const struct TALER_CoinSpendSignatureP *coin_sig);
|
||||
|
||||
|
||||
#endif
|
||||
/* TALER_EXCHANGE_HTTPD_DB_H */
|
||||
|
@ -806,6 +806,9 @@ TEH_KS_denomination_key_lookup (const struct TEH_KS_StateHandle *key_state,
|
||||
return NULL;
|
||||
}
|
||||
break;
|
||||
case TEH_KS_DKU_PAYBACK:
|
||||
GNUNET_break (0); /* not implemented (#3887) */
|
||||
return NULL;
|
||||
}
|
||||
return dki;
|
||||
}
|
||||
|
@ -92,9 +92,14 @@ enum TEH_KS_DenominationKeyUse {
|
||||
TEH_KS_DKU_WITHDRAW,
|
||||
|
||||
/**
|
||||
* The key is to be usd for a /deposit or /refresh (melt) operation.
|
||||
* The key is to be used for a /deposit or /refresh (melt) operation.
|
||||
*/
|
||||
TEH_KS_DKU_DEPOSIT
|
||||
TEH_KS_DKU_DEPOSIT,
|
||||
|
||||
/**
|
||||
* The key is to be used for a /payback operation.
|
||||
*/
|
||||
TEH_KS_DKU_PAYBACK
|
||||
|
||||
};
|
||||
|
||||
|
180
src/exchange/taler-exchange-httpd_payback.c
Normal file
180
src/exchange/taler-exchange-httpd_payback.c
Normal file
@ -0,0 +1,180 @@
|
||||
/*
|
||||
This file is part of TALER
|
||||
Copyright (C) 2017 Inria and GNUnet e.V.
|
||||
|
||||
TALER is free software; you can redistribute it and/or modify it under the
|
||||
terms of the GNU Affero General Public License as published by the Free Software
|
||||
Foundation; either version 3, or (at your option) any later version.
|
||||
|
||||
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along with
|
||||
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
|
||||
*/
|
||||
/**
|
||||
* @file taler-exchange-httpd_payback.c
|
||||
* @brief Handle /payback requests; parses the POST and JSON and
|
||||
* verifies the coin signature before handing things off
|
||||
* to the database.
|
||||
* @author Christian Grothoff
|
||||
*/
|
||||
#include "platform.h"
|
||||
#include <gnunet/gnunet_util_lib.h>
|
||||
#include <gnunet/gnunet_json_lib.h>
|
||||
#include <jansson.h>
|
||||
#include <microhttpd.h>
|
||||
#include <pthread.h>
|
||||
#include "taler_json_lib.h"
|
||||
#include "taler-exchange-httpd_parsing.h"
|
||||
#include "taler-exchange-httpd_payback.h"
|
||||
#include "taler-exchange-httpd_responses.h"
|
||||
#include "taler-exchange-httpd_keystate.h"
|
||||
#include "taler-exchange-httpd_validation.h"
|
||||
|
||||
|
||||
/**
|
||||
* We have parsed the JSON information about the payback request. Do
|
||||
* some basic sanity checks (especially that the signature on the
|
||||
* request and coin is valid) and then execute the payback operation.
|
||||
* Note that we need the DB to check the fee structure, so this is not
|
||||
* done here.
|
||||
*
|
||||
* @param connection the MHD connection to handle
|
||||
* @param coin information about the coin
|
||||
* @param coin_bks blinding data of the coin (to be checked)
|
||||
* @param coin_sig signature of the coin
|
||||
* @return MHD result code
|
||||
*/
|
||||
static int
|
||||
verify_and_execute_payback (struct MHD_Connection *connection,
|
||||
const struct TALER_CoinPublicInfo *coin,
|
||||
const struct TALER_DenominationBlindingKeyP *coin_bks,
|
||||
const struct TALER_CoinSpendSignatureP *coin_sig)
|
||||
{
|
||||
struct TEH_KS_StateHandle *key_state;
|
||||
const struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki;
|
||||
struct TALER_PaybackRequestPS pr;
|
||||
|
||||
|
||||
/* check denomination exists and is in payback mode */
|
||||
key_state = TEH_KS_acquire ();
|
||||
dki = TEH_KS_denomination_key_lookup (key_state,
|
||||
&coin->denom_pub,
|
||||
TEH_KS_DKU_PAYBACK);
|
||||
if (NULL == dki)
|
||||
{
|
||||
TEH_KS_release (key_state);
|
||||
TALER_LOG_WARNING ("Denomination key in /payback request not in payback mode\n");
|
||||
return TEH_RESPONSE_reply_arg_unknown (connection,
|
||||
TALER_EC_PAYBACK_DENOMINATION_KEY_UNKNOWN,
|
||||
"denom_pub");
|
||||
}
|
||||
|
||||
/* check denomination signature */
|
||||
if (GNUNET_YES !=
|
||||
TALER_test_coin_valid (coin))
|
||||
{
|
||||
TALER_LOG_WARNING ("Invalid coin passed for /payback\n");
|
||||
TEH_KS_release (key_state);
|
||||
return TEH_RESPONSE_reply_signature_invalid (connection,
|
||||
TALER_EC_PAYBACK_DENOMINATION_SIGNATURE_INVALID,
|
||||
"denom_sig");
|
||||
}
|
||||
|
||||
/* check payback request signature */
|
||||
pr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_COIN_PAYBACK);
|
||||
pr.purpose.size = htonl (sizeof (struct TALER_PaybackRequestPS));
|
||||
pr.coin_pub = coin->coin_pub;
|
||||
pr.h_denom_pub = dki->issue.properties.denom_hash;
|
||||
pr.coin_blind = *coin_bks;
|
||||
|
||||
TEH_KS_release (key_state);
|
||||
|
||||
if (GNUNET_OK !=
|
||||
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_WALLET_COIN_PAYBACK,
|
||||
&pr.purpose,
|
||||
&coin_sig->eddsa_signature,
|
||||
&coin->coin_pub.eddsa_pub))
|
||||
{
|
||||
TALER_LOG_WARNING ("Invalid signature on /payback request\n");
|
||||
return TEH_RESPONSE_reply_signature_invalid (connection,
|
||||
TALER_EC_PAYBACK_SIGNATURE_INVALID,
|
||||
"coin_sig");
|
||||
}
|
||||
|
||||
return TEH_DB_execute_payback (connection,
|
||||
coin,
|
||||
coin_bks,
|
||||
coin_sig);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Handle a "/payback" request. Parses the JSON, and, if successful,
|
||||
* passes the JSON data to #parse_and_handle_payback_request() to
|
||||
* further check the details of the operation specified. If
|
||||
* everything checks out, this will ultimately lead to the "/refund"
|
||||
* being executed, or rejected.
|
||||
*
|
||||
* @param rh context of the handler
|
||||
* @param connection the MHD connection to handle
|
||||
* @param[in,out] connection_cls the connection's closure (can be updated)
|
||||
* @param upload_data upload data
|
||||
* @param[in,out] upload_data_size number of bytes (left) in @a upload_data
|
||||
* @return MHD result code
|
||||
*/
|
||||
int
|
||||
TEH_PAYBACK_handler_payback (struct TEH_RequestHandler *rh,
|
||||
struct MHD_Connection *connection,
|
||||
void **connection_cls,
|
||||
const char *upload_data,
|
||||
size_t *upload_data_size)
|
||||
{
|
||||
json_t *json;
|
||||
int res;
|
||||
struct TALER_CoinPublicInfo coin;
|
||||
struct TALER_DenominationBlindingKeyP coin_bks;
|
||||
struct TALER_CoinSpendSignatureP coin_sig;
|
||||
struct GNUNET_JSON_Specification spec[] = {
|
||||
TALER_JSON_spec_denomination_public_key ("denom_pub",
|
||||
&coin.denom_pub),
|
||||
TALER_JSON_spec_denomination_signature ("ub_sig",
|
||||
&coin.denom_sig),
|
||||
GNUNET_JSON_spec_fixed_auto ("coin_pub",
|
||||
&coin.coin_pub),
|
||||
GNUNET_JSON_spec_fixed_auto ("coin_blind_key_secret",
|
||||
&coin_bks),
|
||||
GNUNET_JSON_spec_fixed_auto ("coin_sig",
|
||||
&coin_sig),
|
||||
GNUNET_JSON_spec_end ()
|
||||
};
|
||||
|
||||
res = TEH_PARSE_post_json (connection,
|
||||
connection_cls,
|
||||
upload_data,
|
||||
upload_data_size,
|
||||
&json);
|
||||
if (GNUNET_SYSERR == res)
|
||||
return MHD_NO;
|
||||
if ( (GNUNET_NO == res) || (NULL == json) )
|
||||
return MHD_YES;
|
||||
res = TEH_PARSE_json_data (connection,
|
||||
json,
|
||||
spec);
|
||||
json_decref (json);
|
||||
if (GNUNET_SYSERR == res)
|
||||
return MHD_NO; /* hard failure */
|
||||
if (GNUNET_NO == res)
|
||||
return MHD_YES; /* failure */
|
||||
res = verify_and_execute_payback (connection,
|
||||
&coin,
|
||||
&coin_bks,
|
||||
&coin_sig);
|
||||
GNUNET_JSON_parse_free (spec);
|
||||
return res;
|
||||
}
|
||||
|
||||
|
||||
/* end of taler-exchange-httpd_payback.c */
|
51
src/exchange/taler-exchange-httpd_payback.h
Normal file
51
src/exchange/taler-exchange-httpd_payback.h
Normal file
@ -0,0 +1,51 @@
|
||||
/*
|
||||
This file is part of TALER
|
||||
Copyright (C) 2017 GNUnet e.V.
|
||||
|
||||
TALER is free software; you can redistribute it and/or modify it under the
|
||||
terms of the GNU Affero General Public License as published by the Free Software
|
||||
Foundation; either version 3, or (at your option) any later version.
|
||||
|
||||
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
||||
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License along with
|
||||
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
|
||||
*/
|
||||
/**
|
||||
* @file taler-exchange-httpd_payback.h
|
||||
* @brief Handle /payback requests
|
||||
* @author Christian Grothoff
|
||||
*/
|
||||
#ifndef TALER_EXCHANGE_HTTPD_PAYBACK_H
|
||||
#define TALER_EXCHANGE_HTTPD_PAYBACK_H
|
||||
|
||||
#include <gnunet/gnunet_util_lib.h>
|
||||
#include <microhttpd.h>
|
||||
#include "taler-exchange-httpd.h"
|
||||
|
||||
|
||||
/**
|
||||
* Handle a "/payback" request. Parses the JSON, and, if successful,
|
||||
* passes the JSON data to #parse_and_handle_payback_request() to
|
||||
* further check the details of the operation specified. If
|
||||
* everything checks out, this will ultimately lead to the "/refund"
|
||||
* being executed, or rejected.
|
||||
*
|
||||
* @param rh context of the handler
|
||||
* @param connection the MHD connection to handle
|
||||
* @param[in,out] connection_cls the connection's closure (can be updated)
|
||||
* @param upload_data upload data
|
||||
* @param[in,out] upload_data_size number of bytes (left) in @a upload_data
|
||||
* @return MHD result code
|
||||
*/
|
||||
int
|
||||
TEH_PAYBACK_handler_payback (struct TEH_RequestHandler *rh,
|
||||
struct MHD_Connection *connection,
|
||||
void **connection_cls,
|
||||
const char *upload_data,
|
||||
size_t *upload_data_size);
|
||||
|
||||
|
||||
#endif
|
@ -831,6 +831,27 @@ enum TALER_ErrorCode
|
||||
*/
|
||||
TALER_EC_TRACK_TRANSACTION_MERCHANT_SIGNATURE_INVALID = 1804,
|
||||
|
||||
/**
|
||||
* The given denomination key is not in the "payback" set of the
|
||||
* exchange right now. This response is provided with an
|
||||
* HTTP status code of MHD_HTTP_NOT_FOUND.
|
||||
*/
|
||||
TALER_EC_PAYBACK_DENOMINATION_KEY_UNKNOWN = 1850,
|
||||
|
||||
/**
|
||||
* The given coin signature is invalid for the request.
|
||||
* This response is provided with an
|
||||
* HTTP status code of MHD_HTTP_UNAUTHORIZED.
|
||||
*/
|
||||
TALER_EC_PAYBACK_SIGNATURE_INVALID = 1851,
|
||||
|
||||
/**
|
||||
* The signature of the denomination key over the coin is not valid.
|
||||
* This response is provided with HTTP status code
|
||||
* MHD_HTTP_BAD_REQUEST.
|
||||
*/
|
||||
TALER_EC_PAYBACK_DENOMINATION_SIGNATURE_INVALID = 1852,
|
||||
|
||||
|
||||
/* *********** Merchant backend error codes ********* */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user