taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added reserve_pub to kyc legitimization_processes

Browse Source 
Where applicable, the reserve_pub will be passed on to the
kcy-legitimization process and persisted along with h_payto.

This allows us to set a birthday on the reserve itself, once a
related kyc-process has provided one.
This commit is contained in:
Özgür Kesim 2023-07-23 12:48:07 +02:00
parent a56a903da3
commit d189fccd79
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
25 changed files with 140 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/exchange/taler-exchange-aggregator.c
View File

@ -522,6 +522,7 @@ kyc_satisfied (struct AggregationUnit *au_active)
db_plugin->cls, db_plugin->cls,
requirement, requirement,
&au_active->h_payto, &au_active->h_payto,
NULL, /* not a reserve */
&au_active->requirement_row); &au_active->requirement_row);
if (qs < 0) if (qs < 0)
{ {

1
src/exchange/taler-exchange-httpd_age-withdraw.c
View File

@ -727,6 +727,7 @@ age_withdraw_transaction (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
kyc_required, kyc_required,
&awc->h_payto, &awc->h_payto,
&awc->commitment.reserve_pub,
&awc->kyc.requirement_row); &awc->kyc.requirement_row);
} }
} }

1
src/exchange/taler-exchange-httpd_aml-decision.c
View File

@ -165,6 +165,7 @@ make_aml_decision (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
res, res,
&dc->h_payto, &dc->h_payto,
NULL, /* not a reserve */
&requirement_row); &requirement_row);
if (qs < 0) if (qs < 0)
{ {

1
src/exchange/taler-exchange-httpd_batch-withdraw.c
View File

@ -456,6 +456,7 @@ batch_withdraw_transaction (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
kyc_required, kyc_required,
&wc->h_payto, &wc->h_payto,
wc->reserve_pub,
&wc->kyc.requirement_row); &wc->kyc.requirement_row);
GNUNET_free (kyc_required); GNUNET_free (kyc_required);
if (qs < 0) if (qs < 0)

12
src/exchange/taler-exchange-httpd_kyc-check.c
View File

@ -301,6 +301,7 @@ kyc_check (void *cls,
struct TALER_KYCLOGIC_ProviderDetails *pd; struct TALER_KYCLOGIC_ProviderDetails *pd;
enum GNUNET_GenericReturnValue ret; enum GNUNET_GenericReturnValue ret;
struct TALER_PaytoHashP h_payto; struct TALER_PaytoHashP h_payto;
struct TALER_ReservePublicKeyP *reserve_pub;
char *requirements; char *requirements;
bool satisfied; bool satisfied;
@ -309,7 +310,8 @@ kyc_check (void *cls,
kyp->requirement_row, kyp->requirement_row,
&requirements, &requirements,
&kyp->aml_status, &kyp->aml_status,
&h_payto); &h_payto,
&reserve_pub);
if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs) if (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS == qs)
{ {
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
@ -335,6 +337,7 @@ kyc_check (void *cls,
TALER_EC_EXCHANGE_KYC_CHECK_AUTHORIZATION_FAILED, TALER_EC_EXCHANGE_KYC_CHECK_AUTHORIZATION_FAILED,
"h_payto"); "h_payto");
GNUNET_free (requirements); GNUNET_free (requirements);
GNUNET_free (reserve_pub);
return GNUNET_DB_STATUS_HARD_ERROR; return GNUNET_DB_STATUS_HARD_ERROR;
} }
qs = TALER_KYCLOGIC_check_satisfied ( qs = TALER_KYCLOGIC_check_satisfied (
@ -354,6 +357,7 @@ kyc_check (void *cls,
TALER_EC_GENERIC_DB_FETCH_FAILED, TALER_EC_GENERIC_DB_FETCH_FAILED,
"kyc_test_required"); "kyc_test_required");
GNUNET_free (requirements); GNUNET_free (requirements);
GNUNET_free (reserve_pub);
return GNUNET_DB_STATUS_HARD_ERROR; return GNUNET_DB_STATUS_HARD_ERROR;
} }
if (satisfied) if (satisfied)
@ -362,6 +366,7 @@ kyc_check (void *cls,
"KYC requirements `%s' already satisfied\n", "KYC requirements `%s' already satisfied\n",
requirements); requirements);
GNUNET_free (requirements); GNUNET_free (requirements);
GNUNET_free (reserve_pub);
return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
} }
@ -381,6 +386,7 @@ kyc_check (void *cls,
TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_GONE, TALER_EC_EXCHANGE_KYC_GENERIC_LOGIC_GONE,
requirements); requirements);
GNUNET_free (requirements); GNUNET_free (requirements);
GNUNET_free (reserve_pub);
return GNUNET_DB_STATUS_HARD_ERROR; return GNUNET_DB_STATUS_HARD_ERROR;
} }
GNUNET_free (requirements); GNUNET_free (requirements);
@ -394,7 +400,11 @@ kyc_check (void *cls,
kyp->section_name, kyp->section_name,
NULL, NULL,
NULL, NULL,
reserve_pub,
&kyp->process_row); &kyp->process_row);
GNUNET_free (reserve_pub);
if (qs < 0) if (qs < 0)
{ {
if (GNUNET_DB_STATUS_SOFT_ERROR == qs) if (GNUNET_DB_STATUS_SOFT_ERROR == qs)

13
src/exchange/taler-exchange-httpd_kyc-wallet.c
View File

@ -41,6 +41,11 @@ struct KycRequestContext
*/ */
struct TALER_PaytoHashP h_payto; struct TALER_PaytoHashP h_payto;
/**
* The reserve's public key
*/
struct TALER_ReservePublicKeyP reserve_pub;
/** /**
* KYC status, with row with the legitimization requirement. * KYC status, with row with the legitimization requirement.
*/ */
@ -141,6 +146,7 @@ wallet_kyc_check (void *cls,
qs = TEH_plugin->insert_kyc_requirement_for_account (TEH_plugin->cls, qs = TEH_plugin->insert_kyc_requirement_for_account (TEH_plugin->cls,
krc->required, krc->required,
&krc->h_payto, &krc->h_payto,
&krc->reserve_pub,
&krc->kyc.requirement_row); &krc->kyc.requirement_row);
if (qs < 0) if (qs < 0)
{ {
@ -170,12 +176,11 @@ TEH_handler_kyc_wallet (
{ {
struct TALER_ReserveSignatureP reserve_sig; struct TALER_ReserveSignatureP reserve_sig;
struct KycRequestContext krc; struct KycRequestContext krc;
struct TALER_ReservePublicKeyP reserve_pub;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("reserve_sig", GNUNET_JSON_spec_fixed_auto ("reserve_sig",
&reserve_sig), &reserve_sig),
GNUNET_JSON_spec_fixed_auto ("reserve_pub", GNUNET_JSON_spec_fixed_auto ("reserve_pub",
&reserve_pub), &krc.reserve_pub),
TALER_JSON_spec_amount ("balance", TALER_JSON_spec_amount ("balance",
TEH_currency, TEH_currency,
&krc.balance), &krc.balance),
@ -195,7 +200,7 @@ TEH_handler_kyc_wallet (
TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
if (GNUNET_OK != if (GNUNET_OK !=
TALER_wallet_account_setup_verify (&reserve_pub, TALER_wallet_account_setup_verify (&krc.reserve_pub,
&krc.balance, &krc.balance,
&reserve_sig)) &reserve_sig))
{ {
@ -210,7 +215,7 @@ TEH_handler_kyc_wallet (
char *payto_uri; char *payto_uri;
payto_uri = TALER_reserve_make_payto (TEH_base_url, payto_uri = TALER_reserve_make_payto (TEH_base_url,
&reserve_pub); &krc.reserve_pub);
TALER_payto_hash (payto_uri, TALER_payto_hash (payto_uri,
&krc.h_payto); &krc.h_payto);
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,

1
src/exchange/taler-exchange-httpd_purses_merge.c
View File

@ -308,6 +308,7 @@ merge_transaction (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
required, required,
&pcc->h_payto, &pcc->h_payto,
&pcc->reserve_pub,
&pcc->kyc.requirement_row); &pcc->kyc.requirement_row);
GNUNET_free (required); GNUNET_free (required);
if (GNUNET_DB_STATUS_HARD_ERROR == qs) if (GNUNET_DB_STATUS_HARD_ERROR == qs)

1
src/exchange/taler-exchange-httpd_reserves_close.c
View File

@ -272,6 +272,7 @@ reserve_close_transaction (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
kyc_needed, kyc_needed,
&rcc->kyc_payto, &rcc->kyc_payto,
rcc->reserve_pub,
&rcc->kyc.requirement_row); &rcc->kyc.requirement_row);
GNUNET_free (kyc_needed); GNUNET_free (kyc_needed);
if (GNUNET_DB_STATUS_HARD_ERROR == qs) if (GNUNET_DB_STATUS_HARD_ERROR == qs)

1
src/exchange/taler-exchange-httpd_reserves_purse.c
View File

@ -218,6 +218,7 @@ purse_transaction (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
required, required,
&rpc->h_payto, &rpc->h_payto,
rpc->reserve_pub,
&rpc->kyc.requirement_row); &rpc->kyc.requirement_row);
GNUNET_free (required); GNUNET_free (required);
if (GNUNET_DB_STATUS_HARD_ERROR == qs) if (GNUNET_DB_STATUS_HARD_ERROR == qs)

1
src/exchange/taler-exchange-httpd_withdraw.c
View File

@ -319,6 +319,7 @@ withdraw_transaction (void *cls,
TEH_plugin->cls, TEH_plugin->cls,
kyc_required, kyc_required,
&wc->h_account_payto, &wc->h_account_payto,
&wc->collectable.reserve_pub,
&wc->kyc.requirement_row); &wc->kyc.requirement_row);
GNUNET_free (kyc_required); GNUNET_free (kyc_required);
if (GNUNET_DB_STATUS_HARD_ERROR == qs) if (GNUNET_DB_STATUS_HARD_ERROR == qs)

14
src/exchangedb/0002-legitimization_processes.sql
View File

@ -29,6 +29,8 @@ BEGIN
',provider_section VARCHAR NOT NULL' ',provider_section VARCHAR NOT NULL'
',provider_user_id VARCHAR DEFAULT NULL' ',provider_user_id VARCHAR DEFAULT NULL'
',provider_legitimization_id VARCHAR DEFAULT NULL' ',provider_legitimization_id VARCHAR DEFAULT NULL'
',finished BOOLEAN DEFAULT (FALSE)'
',reserve_pub BYTEA'
',UNIQUE (h_payto, provider_section)' ',UNIQUE (h_payto, provider_section)'
') %s ;' ') %s ;'
,'legitimization_processes' ,'legitimization_processes'
@ -76,6 +78,18 @@ BEGIN
,'legitimization_processes' ,'legitimization_processes'
,shard_suffix ,shard_suffix
); );
PERFORM comment_partitioned_column(
'Set to TRUE when the specific legitimization process is finished.'
,'finished'
,'legitimization_processes'
,shard_suffix
);
PERFORM comment_partitioned_column(
'If h_payto refers to a reserve, this is its public key, otherwise NULL.'
,'reserve_pub'
,'legitimization_processes'
,shard_suffix
);
END END
$$; $$;

16
src/exchangedb/0003-kyc_attributes.sql
View File

@ -33,6 +33,7 @@ BEGIN
',collection_time INT8 NOT NULL' ',collection_time INT8 NOT NULL'
',expiration_time INT8 NOT NULL' ',expiration_time INT8 NOT NULL'
',encrypted_attributes BYTEA NOT NULL' ',encrypted_attributes BYTEA NOT NULL'
',legitimization_serial INT8 NOT NULL'
') %s ;' ') %s ;'
,table_name ,table_name
,'PARTITION BY HASH (h_payto)' ,'PARTITION BY HASH (h_payto)'
@ -85,6 +86,12 @@ BEGIN
,table_name ,table_name
,partition_suffix ,partition_suffix
); );
PERFORM comment_partitioned_column(
'Reference the legitimization process for which theses attributes are gathered for.'
,'legitimization_serial'
,table_name
,partition_suffix
);
END $$; END $$;
COMMENT ON FUNCTION create_table_kyc_attributes COMMENT ON FUNCTION create_table_kyc_attributes
@ -106,6 +113,15 @@ BEGIN
' ADD CONSTRAINT ' || table_name || '_serial_key ' ' ADD CONSTRAINT ' || table_name || '_serial_key '
'UNIQUE (kyc_attributes_serial_id)' 'UNIQUE (kyc_attributes_serial_id)'
); );
-- The legitimization_serial is a foreign key.
-- TODO: due to partitioning by h_payto, we can not simply reference
-- the serial id of the legitimization_processes
-- EXECUTE FORMAT (
-- 'ALTER TABLE ' || table_name ||
-- ' ADD CONSTRAINT ' || table_name || '_foreign_legitimization_processes'
-- ' FOREIGN KEY (legitimization_serial) '
-- ' REFERENCES legitimization_processes (legitimization_process_serial_id)' -- ON DELETE CASCADE
-- );
-- To search similar users (e.g. during AML checks) -- To search similar users (e.g. during AML checks)
EXECUTE FORMAT ( EXECUTE FORMAT (
'CREATE INDEX ' || table_name || '_similarity_index ' 'CREATE INDEX ' || table_name || '_similarity_index '

11
src/exchangedb/exchange_do_insert_kyc_attributes.sql
View File

@ -31,6 +31,8 @@ CREATE OR REPLACE FUNCTION exchange_do_insert_kyc_attributes(
OUT out_ok BOOLEAN) OUT out_ok BOOLEAN)
LANGUAGE plpgsql LANGUAGE plpgsql
AS $$ AS $$
DECLARE
orig_reserve_pub BYTEA;
BEGIN BEGIN
INSERT INTO exchange.kyc_attributes INSERT INTO exchange.kyc_attributes
@ -48,20 +50,17 @@ INSERT INTO exchange.kyc_attributes
,in_expiration_time_ts ,in_expiration_time_ts
,in_enc_attributes); ,in_enc_attributes);
-- FIXME-Oec: modify to 'return' the reserve_pub here
-- (requires of course to modify other code to store
-- the reserve pub in the right table in the first place)
UPDATE exchange.legitimization_processes UPDATE exchange.legitimization_processes
SET provider_user_id=in_provider_account_id SET provider_user_id=in_provider_account_id
,provider_legitimization_id=in_provider_legitimization_id ,provider_legitimization_id=in_provider_legitimization_id
,expiration_time=GREATEST(expiration_time,in_expiration_time) ,expiration_time=GREATEST(expiration_time,in_expiration_time)
WHERE h_payto=in_h_payto WHERE h_payto=in_h_payto
AND legitimization_process_serial_id=in_process_row AND legitimization_process_serial_id=in_process_row
AND provider_section=in_provider_section; AND provider_section=in_provider_section
RETURNING reserve_pub INTO orig_reserve_pub;
out_ok = FOUND; out_ok = FOUND;
-- FIXME-Oec: update exchange reserve table to store in_birthday here! UPDATE exchange.reserves SET birthday=in_birthday WHERE reserve_pub=orig_reserve_pub;
-- UPDATE exchange.reserves SET birthday=in_birthday WHERE reserve_pub=X;
IF in_require_aml IF in_require_aml
THEN THEN

7
src/exchangedb/pg_insert_kyc_requirement_for_account.c
View File

@ -30,11 +30,15 @@ TEH_PG_insert_kyc_requirement_for_account (
void *cls, void *cls,
const char *provider_section, const char *provider_section,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const struct TALER_ReservePublicKeyP *reserve_pub,
uint64_t *requirement_row) uint64_t *requirement_row)
{ {
struct PostgresClosure *pg = cls; struct PostgresClosure *pg = cls;
struct GNUNET_PQ_QueryParam params[] = { struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (h_payto), GNUNET_PQ_query_param_auto_from_type (h_payto),
(NULL == reserve_pub)
? GNUNET_PQ_query_param_null ()
: GNUNET_PQ_query_param_auto_from_type (reserve_pub),
GNUNET_PQ_query_param_string (provider_section), GNUNET_PQ_query_param_string (provider_section),
GNUNET_PQ_query_param_end GNUNET_PQ_query_param_end
}; };
@ -48,9 +52,10 @@ TEH_PG_insert_kyc_requirement_for_account (
"insert_legitimization_requirement", "insert_legitimization_requirement",
"INSERT INTO legitimization_requirements" "INSERT INTO legitimization_requirements"
" (h_payto" " (h_payto"
" ,reserve_pub"
" ,required_checks" " ,required_checks"
" ) VALUES " " ) VALUES "
" ($1, $2)" " ($1, $2, $3)"
" ON CONFLICT (h_payto,required_checks) " " ON CONFLICT (h_payto,required_checks) "
" DO UPDATE SET h_payto=$1" /* syntax requirement: dummy op */ " DO UPDATE SET h_payto=$1" /* syntax requirement: dummy op */
" RETURNING legitimization_requirement_serial_id"); " RETURNING legitimization_requirement_serial_id");

2
src/exchangedb/pg_insert_kyc_requirement_for_account.h
View File

@ -32,6 +32,7 @@
* @param cls closure * @param cls closure
* @param provider_section provider that must be checked * @param provider_section provider that must be checked
* @param h_payto account that must be KYC'ed * @param h_payto account that must be KYC'ed
* @param reserve_pub if the account is a reserve, its public key. Maybe NULL
* @param[out] requirement_row set to legitimization requirement row for this check * @param[out] requirement_row set to legitimization requirement row for this check
* @return database transaction status * @return database transaction status
*/ */
@ -40,6 +41,7 @@ TEH_PG_insert_kyc_requirement_for_account (
void *cls, void *cls,
const char *provider_section, const char *provider_section,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const struct TALER_ReservePublicKeyP *reserve_pub,
uint64_t *requirement_row); uint64_t *requirement_row);
#endif #endif

9
src/exchangedb/pg_insert_kyc_requirement_process.c
View File

@ -24,6 +24,7 @@
#include "taler_pq_lib.h" #include "taler_pq_lib.h"
#include "pg_insert_kyc_requirement_process.h" #include "pg_insert_kyc_requirement_process.h"
#include "pg_helper.h" #include "pg_helper.h"
#include <gnunet/gnunet_pq_lib.h>
enum GNUNET_DB_QueryStatus enum GNUNET_DB_QueryStatus
TEH_PG_insert_kyc_requirement_process ( TEH_PG_insert_kyc_requirement_process (
@ -32,6 +33,7 @@ TEH_PG_insert_kyc_requirement_process (
const char *provider_section, const char *provider_section,
const char *provider_account_id, const char *provider_account_id,
const char *provider_legitimization_id, const char *provider_legitimization_id,
const struct TALER_ReservePublicKeyP *reserve_pub,
uint64_t *process_row) uint64_t *process_row)
{ {
struct PostgresClosure *pg = cls; struct PostgresClosure *pg = cls;
@ -44,6 +46,9 @@ TEH_PG_insert_kyc_requirement_process (
(NULL != provider_legitimization_id) (NULL != provider_legitimization_id)
? GNUNET_PQ_query_param_string (provider_legitimization_id) ? GNUNET_PQ_query_param_string (provider_legitimization_id)
: GNUNET_PQ_query_param_null (), : GNUNET_PQ_query_param_null (),
(NULL != reserve_pub)
? GNUNET_PQ_query_param_auto_from_type (reserve_pub)
: GNUNET_PQ_query_param_null (),
GNUNET_PQ_query_param_end GNUNET_PQ_query_param_end
}; };
struct GNUNET_PQ_ResultSpec rs[] = { struct GNUNET_PQ_ResultSpec rs[] = {
@ -60,12 +65,14 @@ TEH_PG_insert_kyc_requirement_process (
" ,provider_section" " ,provider_section"
" ,provider_user_id" " ,provider_user_id"
" ,provider_legitimization_id" " ,provider_legitimization_id"
" ,reserve_pub"
" ) VALUES " " ) VALUES "
" ($1, $2, $3, $4)" " ($1, $2, $3, $4, $5)"
" ON CONFLICT (h_payto,provider_section) " " ON CONFLICT (h_payto,provider_section) "
" DO UPDATE SET" " DO UPDATE SET"
" provider_user_id=$3" " provider_user_id=$3"
" ,provider_legitimization_id=$4" " ,provider_legitimization_id=$4"
" ,reserve_pub=$5"
" RETURNING legitimization_process_serial_id"); " RETURNING legitimization_process_serial_id");
return GNUNET_PQ_eval_prepared_singleton_select ( return GNUNET_PQ_eval_prepared_singleton_select (
pg->conn, pg->conn,

2
src/exchangedb/pg_insert_kyc_requirement_process.h
View File

@ -34,6 +34,7 @@
* @param provider_section provider that must be checked * @param provider_section provider that must be checked
* @param provider_account_id provider account ID * @param provider_account_id provider account ID
* @param provider_legitimization_id provider legitimization ID * @param provider_legitimization_id provider legitimization ID
* @param reserve_pub if the processes is related to a reserve, the reserve's public key, NULL otherwise
* @param[out] process_row row the process is stored under * @param[out] process_row row the process is stored under
* @return database transaction status * @return database transaction status
*/ */
@ -44,6 +45,7 @@ TEH_PG_insert_kyc_requirement_process (
const char *provider_section, const char *provider_section,
const char *provider_account_id, const char *provider_account_id,
const char *provider_legitimization_id, const char *provider_legitimization_id,
const struct TALER_ReservePublicKeyP *reserve_pub,
uint64_t *process_row); uint64_t *process_row);
#endif #endif

17
src/exchangedb/pg_lookup_kyc_requirement_by_row.c
View File

@ -31,7 +31,8 @@ TEH_PG_lookup_kyc_requirement_by_row (
uint64_t requirement_row, uint64_t requirement_row,
char **requirements, char **requirements,
enum TALER_AmlDecisionState *aml_status, enum TALER_AmlDecisionState *aml_status,
struct TALER_PaytoHashP *h_payto) struct TALER_PaytoHashP *h_payto,
struct TALER_ReservePublicKeyP **reserve_pub)
{ {
struct PostgresClosure *pg = cls; struct PostgresClosure *pg = cls;
uint32_t status = TALER_AML_NORMAL; uint32_t status = TALER_AML_NORMAL;
@ -39,11 +40,18 @@ TEH_PG_lookup_kyc_requirement_by_row (
GNUNET_PQ_query_param_uint64 (&requirement_row), GNUNET_PQ_query_param_uint64 (&requirement_row),
GNUNET_PQ_query_param_end GNUNET_PQ_query_param_end
}; };
bool no_reserve_pub;
struct TALER_ReservePublicKeyP *rp =
GNUNET_new (struct TALER_ReservePublicKeyP);
struct GNUNET_PQ_ResultSpec rs[] = { struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_string ("required_checks", GNUNET_PQ_result_spec_string ("required_checks",
requirements), requirements),
GNUNET_PQ_result_spec_auto_from_type ("h_payto", GNUNET_PQ_result_spec_auto_from_type ("h_payto",
h_payto), h_payto),
GNUNET_PQ_result_spec_allow_null (
GNUNET_PQ_result_spec_auto_from_type ("reserve_pub",
rp),
&no_reserve_pub),
GNUNET_PQ_result_spec_allow_null ( GNUNET_PQ_result_spec_allow_null (
GNUNET_PQ_result_spec_uint32 ("status", GNUNET_PQ_result_spec_uint32 ("status",
&status), &status),
@ -57,6 +65,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
"SELECT " "SELECT "
" lr.required_checks" " lr.required_checks"
",lr.h_payto" ",lr.h_payto"
",lr.reserve_pub"
",aml.status" ",aml.status"
" FROM legitimization_requirements lr" " FROM legitimization_requirements lr"
" LEFT JOIN aml_status aml USING (h_payto)" " LEFT JOIN aml_status aml USING (h_payto)"
@ -67,5 +76,11 @@ TEH_PG_lookup_kyc_requirement_by_row (
params, params,
rs); rs);
*aml_status = (enum TALER_AmlDecisionState) status; *aml_status = (enum TALER_AmlDecisionState) status;
if (no_reserve_pub)
{
GNUNET_free (rp);
rp = NULL;
}
*reserve_pub = rp;
return qs; return qs;
} }

4
src/exchangedb/pg_lookup_kyc_requirement_by_row.h
View File

@ -34,6 +34,7 @@
* @param[out] requirements provider that must be checked * @param[out] requirements provider that must be checked
* @param[out] aml_status set to the AML status of the account * @param[out] aml_status set to the AML status of the account
* @param[out] h_payto account that must be KYC'ed * @param[out] h_payto account that must be KYC'ed
* @param[out] reserve_pub if account is a reserve, its public key, NULL otherwise. Must be freed by caller
* @return database transaction status * @return database transaction status
*/ */
enum GNUNET_DB_QueryStatus enum GNUNET_DB_QueryStatus
@ -42,6 +43,7 @@ TEH_PG_lookup_kyc_requirement_by_row (
uint64_t requirement_row, uint64_t requirement_row,
char **requirements, char **requirements,
enum TALER_AmlDecisionState *aml_status, enum TALER_AmlDecisionState *aml_status,
struct TALER_PaytoHashP *h_payto); struct TALER_PaytoHashP *h_payto,
struct TALER_ReservePublicKeyP **reserve_pub);
#endif #endif

8
src/include/taler_exchangedb_plugin.h
View File

@ -6536,6 +6536,7 @@ struct TALER_EXCHANGEDB_Plugin
* @param cls closure * @param cls closure
* @param requirements requirements that must be checked * @param requirements requirements that must be checked
* @param h_payto account that must be KYC'ed * @param h_payto account that must be KYC'ed
* @þaram reserve_pub if the account is a reserve, its public key, NULL otherwise
* @param[out] requirement_row set to legitimization requirement row for this check * @param[out] requirement_row set to legitimization requirement row for this check
* @return database transaction status * @return database transaction status
*/ */
@ -6544,6 +6545,7 @@ struct TALER_EXCHANGEDB_Plugin
void *cls, void *cls,
const char *requirements, const char *requirements,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const struct TALER_ReservePublicKeyP *reserve_pub,
uint64_t *requirement_row); uint64_t *requirement_row);
@ -6555,6 +6557,7 @@ struct TALER_EXCHANGEDB_Plugin
* @param provider_section provider that must be checked * @param provider_section provider that must be checked
* @param provider_account_id provider account ID * @param provider_account_id provider account ID
* @param provider_legitimization_id provider legitimization ID * @param provider_legitimization_id provider legitimization ID
* @param reserve_pub if the KYC process is related to a reserve, its public key, NULL otherwise
* @param[out] process_row row the process is stored under * @param[out] process_row row the process is stored under
* @return database transaction status * @return database transaction status
*/ */
@ -6565,6 +6568,7 @@ struct TALER_EXCHANGEDB_Plugin
const char *provider_section, const char *provider_section,
const char *provider_account_id, const char *provider_account_id,
const char *provider_legitimization_id, const char *provider_legitimization_id,
const struct TALER_ReservePublicKeyP *reserve_pub,
uint64_t *process_row); uint64_t *process_row);
@ -6600,6 +6604,7 @@ struct TALER_EXCHANGEDB_Plugin
* @param[out] requirements space-separated list of requirements * @param[out] requirements space-separated list of requirements
* @param[out] aml_status set to the AML status of the account * @param[out] aml_status set to the AML status of the account
* @param[out] h_payto account that must be KYC'ed * @param[out] h_payto account that must be KYC'ed
* @param[out] reserve_pub if the account is a reserve, its public key, NULL otherwise. Must be freed by caller.
* @return database transaction status * @return database transaction status
*/ */
enum GNUNET_DB_QueryStatus enum GNUNET_DB_QueryStatus
@ -6608,7 +6613,8 @@ struct TALER_EXCHANGEDB_Plugin
uint64_t requirement_row, uint64_t requirement_row,
char **requirements, char **requirements,
enum TALER_AmlDecisionState *aml_status, enum TALER_AmlDecisionState *aml_status,
struct TALER_PaytoHashP *h_payto); struct TALER_PaytoHashP *h_payto,
struct TALER_ReservePublicKeyP **reserve_pub);
/** /**

3
src/kyclogic/plugin_kyclogic_oauth2.c
View File

@ -922,6 +922,9 @@ data2attributes (const struct TALER_KYCLOGIC_ProviderDetails *pd,
JSON_INDENT (2)); JSON_INDENT (2));
return NULL; return NULL;
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"XXXXXXXX plugin_kyc_logic SETTING ATTERIBUTES TO\n\t%s\n",
json_dumps (data, JSON_INDENT (2)));
ret = json_loadb (attr_data, ret = json_loadb (attr_data,
attr_size, attr_size,
JSON_REJECT_DUPLICATES, JSON_REJECT_DUPLICATES,

20
src/testing/test_exchange_api_age_restriction.c
View File

@ -257,18 +257,18 @@ run (void *cls,
* Test with age-withdraw, after kyc process has set a birthdate * Test with age-withdraw, after kyc process has set a birthdate
*/ */
struct TALER_TESTING_Command age_withdraw[] = { struct TALER_TESTING_Command age_withdraw[] = {
CMD_TRANSFER_TO_EXCHANGE ("create-reserve-1", CMD_TRANSFER_TO_EXCHANGE ("create-reserve-kyc-1",
"EUR:20.02"), "EUR:20.02"),
TALER_TESTING_cmd_check_bank_admin_transfer ( TALER_TESTING_cmd_check_bank_admin_transfer (
"check-create-reserve-1", "check-create-reserve-1",
"EUR:20.02", "EUR:20.02",
cred.user42_payto, cred.user42_payto,
cred.exchange_payto, cred.exchange_payto,
"create-reserve-1"), "create-reserve-kyc-1"),
CMD_EXEC_WIREWATCH ("wirewatch-age-withdraw-1"), CMD_EXEC_WIREWATCH ("wirewatch-age-withdraw-1"),
TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-lacking-kyc", TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-lacking-kyc",
"create-reserve-1", "create-reserve-kyc-1",
"EUR:5", "EUR:10",
0, /* age restriction off */ 0, /* age restriction off */
MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS), MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS),
TALER_TESTING_cmd_check_kyc_get ("check-kyc-withdraw", TALER_TESTING_cmd_check_kyc_get ("check-kyc-withdraw",
@ -280,16 +280,10 @@ run (void *cls,
"pass", "pass",
MHD_HTTP_SEE_OTHER), MHD_HTTP_SEE_OTHER),
TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-with-kyc", TALER_TESTING_cmd_withdraw_amount ("withdraw-coin-1-with-kyc",
"create-reserve-1", "create-reserve-kyc-1",
"EUR:5", "EUR:10",
0, /* age restriction off */ 0, /* age restriction off */
MHD_HTTP_OK), MHD_HTTP_CONFLICT),
/* Attestations above are bound to the originating *bank* account,
not to the reserve (!). Hence, they are NOT found here! */
TALER_TESTING_cmd_reserve_get_attestable ("reserve-get-attestable",
"create-reserve-1",
MHD_HTTP_NOT_FOUND,
NULL),
TALER_TESTING_cmd_end (), TALER_TESTING_cmd_end (),
}; };

19
src/testing/test_exchange_api_age_restriction.conf
View File

@ -23,7 +23,7 @@ HTTP_PORT = 8082
[exchange] [exchange]
TERMS_ETAG = tos TERMS_ETAG = tos
PRIVACY_ETAG = 0 PRIVACY_ETAG = 0
AML_THRESHOLD = EUR:1000000 AML_THRESHOLD = EUR:10
PORT = 8081 PORT = 8081
MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG MASTER_PUBLIC_KEY = 98NJW3CQHZQGQXTY3K85K531XKPAPAVV4Q5V8PYYRR00NJGZWNVG
DB = postgres DB = postgres
@ -80,12 +80,29 @@ KYC_OAUTH2_CLIENT_SECRET = exchange-secret
KYC_OAUTH2_POST_URL = http://example.com/ KYC_OAUTH2_POST_URL = http://example.com/
KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"full_name":"{{last_name}}, {{first_name}}","birthdate":"{{birthdate}}"}" KYC_OAUTH2_ATTRIBUTE_TEMPLATE = "{"full_name":"{{last_name}}, {{first_name}}","birthdate":"{{birthdate}}"}"
[kyc-legitimization-balance-high]
OPERATION_TYPE = BALANCE
REQUIRED_CHECKS = DUMMY
THRESHOLD = EUR:20
[kyc-legitimization-deposit-any]
OPERATION_TYPE = DEPOSIT
REQUIRED_CHECKS = DUMMY
THRESHOLD = EUR:10
TIMEFRAME = 1d
[kyc-legitimization-withdraw] [kyc-legitimization-withdraw]
OPERATION_TYPE = WITHDRAW OPERATION_TYPE = WITHDRAW
REQUIRED_CHECKS = DUMMY REQUIRED_CHECKS = DUMMY
THRESHOLD = EUR:15 THRESHOLD = EUR:15
TIMEFRAME = 1d TIMEFRAME = 1d
[kyc-legitimization-merge]
OPERATION_TYPE = MERGE
REQUIRED_CHECKS = DUMMY
THRESHOLD = EUR:15
TIMEFRAME = 1d
[exchange-extension-age_restriction] [exchange-extension-age_restriction]
ENABLED = YES ENABLED = YES

2
src/testing/test_kyc_api.conf
View File

@ -31,7 +31,7 @@ TIMEFRAME = 1d
[kyc-legitimization-withdraw] [kyc-legitimization-withdraw]
OPERATION_TYPE = WITHDRAW OPERATION_TYPE = WITHDRAW
REQUIRED_CHECKS = DUMMY REQUIRED_CHECKS = DUMMY
THRESHOLD = EUR:8 THRESHOLD = EUR:10
TIMEFRAME = 1d TIMEFRAME = 1d
[kyc-legitimization-merge] [kyc-legitimization-merge]

7
src/testing/testing_api_cmd_withdraw.c
View File

@ -283,9 +283,10 @@ reserve_withdraw_cb (void *cls,
return; return;
} }
} }
TALER_TESTING_unexpected_status (is, TALER_TESTING_unexpected_status_with_body (is,
wr->hr.http_status, wr->hr.http_status,
ws->expected_response_code); ws->expected_response_code,
wr->hr.reply);
return; return;
} }
switch (wr->hr.http_status) switch (wr->hr.http_status)