draft for the AML GET decision endpoint

This commit is contained in:
Christian Grothoff 2023-02-02 12:03:55 +01:00
parent 915542e69c
commit eab95d0154
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
7 changed files with 304 additions and 27 deletions

View File

@ -124,6 +124,7 @@ taler_exchange_httpd_SOURCES = \
taler-exchange-httpd.c taler-exchange-httpd.h \ taler-exchange-httpd.c taler-exchange-httpd.h \
taler-exchange-httpd_auditors.c taler-exchange-httpd_auditors.h \ taler-exchange-httpd_auditors.c taler-exchange-httpd_auditors.h \
taler-exchange-httpd_aml-decision.c taler-exchange-httpd_aml-decision.h \ taler-exchange-httpd_aml-decision.c taler-exchange-httpd_aml-decision.h \
taler-exchange-httpd_aml-decision-get.c \
taler-exchange-httpd_aml-decisions-get.c \ taler-exchange-httpd_aml-decisions-get.c \
taler-exchange-httpd_batch-deposit.c taler-exchange-httpd_batch-deposit.h \ taler-exchange-httpd_batch-deposit.c taler-exchange-httpd_batch-deposit.h \
taler-exchange-httpd_batch-withdraw.c taler-exchange-httpd_batch-withdraw.h \ taler-exchange-httpd_batch-withdraw.c taler-exchange-httpd_batch-withdraw.h \

View File

@ -450,12 +450,10 @@ handle_get_aml (struct TEH_RequestContext *rc,
.op = "decisions", .op = "decisions",
.handler = &TEH_handler_aml_decisions_get .handler = &TEH_handler_aml_decisions_get
}, },
#if FIXME_AML_GET_DECISIONS_NOT_IMPLEMENTED
{ {
.op = "decision", .op = "decision",
.handler = &TEH_handler_aml_decision_get .handler = &TEH_handler_aml_decision_get
}, },
#endif
{ {
.op = NULL, .op = NULL,
.handler = NULL .handler = NULL

View File

@ -0,0 +1,258 @@
/*
This file is part of TALER
Copyright (C) 2023 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-exchange-httpd_aml-decision-get.c
* @brief Return summary information about AML decision
* @author Christian Grothoff
*/
#include "platform.h"
#include <gnunet/gnunet_util_lib.h>
#include <jansson.h>
#include <microhttpd.h>
#include <pthread.h>
#include "taler_json_lib.h"
#include "taler_mhd_lib.h"
#include "taler_signatures.h"
#include "taler-exchange-httpd.h"
#include "taler_exchangedb_plugin.h"
#include "taler-exchange-httpd_aml-decision.h"
#include "taler-exchange-httpd_metrics.h"
/**
* Maximum number of records we return per request.
*/
#define MAX_RECORDS 1024
/**
* Callback with KYC attributes about a particular user.
*
* @param[in,out] cls closure with a `json_t *` array to update
* @param h_payto account for which the attribute data is stored
* @param provider_section provider that must be checked
* @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
* digits can be 0 if exact day, month or year are unknown
* @param collection_time when was the data collected
* @param expiration_time when does the data expire
* @param enc_attributes_size number of bytes in @a enc_attributes
* @param enc_attributes encrypted attribute data
*/
static void
kyc_attribute_cb (
void *cls,
const struct TALER_PaytoHashP *h_payto,
const char *provider_section,
const char *birthdate,
struct GNUNET_TIME_Timestamp collection_time,
struct GNUNET_TIME_Timestamp expiration_time,
size_t enc_attributes_size,
const void *enc_attributes)
{
json_t *kyc_attributes = cls;
json_t *attributes;
attributes = NULL; // FIXME
GNUNET_assert (
0 ==
json_array_append (
kyc_attributes,
GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("provider_section",
provider_section),
GNUNET_JSON_pack_timestamp ("collection_time",
collection_time),
GNUNET_JSON_pack_timestamp ("expiration_time",
expiration_time),
GNUNET_JSON_pack_object_steal ("attributes",
attributes)
)));
}
/**
* Return historic AML decision(s).
*
* @param[in,out] cls closure with a `json_t *` array to update
* @param new_threshold new monthly threshold that would trigger an AML check
* @param new_status AML decision status
* @param decision_time when was the decision made
* @param justification human-readable text justifying the decision
* @param decider_pub public key of the staff member
* @param decider_sig signature of the staff member
*/
static void
aml_history_cb (
void *cls,
const struct TALER_Amount *new_threshold,
enum TALER_AmlDecisionState new_status,
struct GNUNET_TIME_Timestamp decision_time,
const char *justification,
const struct TALER_AmlOfficerPublicKeyP *decider_pub,
const struct TALER_AmlOfficerSignatureP *decider_sig)
{
json_t *aml_history = cls;
GNUNET_assert (
0 ==
json_array_append (
aml_history,
GNUNET_JSON_PACK (
GNUNET_JSON_pack_data_auto ("decider_pub",
decider_pub),
GNUNET_JSON_pack_string ("justification",
justification),
TALER_JSON_pack_amount ("new_threshold",
new_threshold),
GNUNET_JSON_pack_int64 ("new_status",
new_status),
GNUNET_JSON_pack_timestamp ("decision_time",
decision_time)
)));
}
MHD_RESULT
TEH_handler_aml_decision_get (
struct TEH_RequestContext *rc,
const struct TALER_AmlOfficerPublicKeyP *officer_pub,
const char *const args[])
{
struct TALER_AmlOfficerSignatureP officer_sig;
struct TALER_PaytoHashP h_payto;
if ( (NULL == args[0]) ||
(GNUNET_OK !=
GNUNET_STRINGS_string_to_data (args[0],
strlen (args[0]),
&h_payto,
sizeof (h_payto))) )
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
"h_payto");
}
if (NULL != args[1])
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_ENDPOINT_UNKNOWN,
args[1]);
}
{
const char *sig_hdr;
sig_hdr = MHD_lookup_connection_value (rc->connection,
MHD_HEADER_KIND,
TALER_AML_OFFICER_SIGNATURE_HEADER);
if ( (NULL == sig_hdr) ||
(GNUNET_OK !=
GNUNET_STRINGS_string_to_data (sig_hdr,
strlen (sig_hdr),
&officer_sig,
sizeof (officer_sig))) ||
(GNUNET_OK !=
TALER_officer_aml_query_verify (officer_pub,
&officer_sig)) )
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID,
sig_hdr);
}
TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
}
{
json_t *aml_history;
json_t *kyc_attributes;
enum GNUNET_DB_QueryStatus qs;
bool none;
aml_history = json_array ();
GNUNET_assert (NULL != aml_history);
qs = TEH_plugin->select_aml_history (TEH_plugin->cls,
&h_payto,
&aml_history_cb,
aml_history);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
case GNUNET_DB_STATUS_SOFT_ERROR:
json_decref (aml_history);
GNUNET_break (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
NULL);
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
none = true;
break;
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
none = false;
break;
}
kyc_attributes = json_array ();
GNUNET_assert (NULL != kyc_attributes);
qs = TEH_plugin->select_kyc_attributes (TEH_plugin->cls,
&h_payto,
&kyc_attribute_cb,
kyc_attributes);
switch (qs)
{
case GNUNET_DB_STATUS_HARD_ERROR:
case GNUNET_DB_STATUS_SOFT_ERROR:
json_decref (aml_history);
json_decref (kyc_attributes);
GNUNET_break (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_INTERNAL_SERVER_ERROR,
TALER_EC_GENERIC_DB_FETCH_FAILED,
NULL);
case GNUNET_DB_STATUS_SUCCESS_NO_RESULTS:
if (none)
{
json_decref (aml_history);
json_decref (kyc_attributes);
return TALER_MHD_reply_static (
rc->connection,
MHD_HTTP_NO_CONTENT,
NULL,
NULL,
0);
}
break;
case GNUNET_DB_STATUS_SUCCESS_ONE_RESULT:
break;
}
return TALER_MHD_REPLY_JSON_PACK (
rc->connection,
MHD_HTTP_OK,
GNUNET_JSON_pack_array_steal ("aml_history",
aml_history),
GNUNET_JSON_pack_array_steal ("kyc_attributes",
kyc_attributes));
}
}
/* end of taler-exchange-httpd_aml-decision_get.c */

View File

@ -58,4 +58,22 @@ TEH_handler_aml_decisions_get (
const struct TALER_AmlOfficerPublicKeyP *officer_pub, const struct TALER_AmlOfficerPublicKeyP *officer_pub,
const char *const args[]); const char *const args[]);
/**
* Handle a GET "/aml/$OFFICER_PUB/decision/$H_PAYTO" request. Parses the request
* details, checks the signatures and if appropriately authorized returns
* the AML history and KYC attributes for the account.
*
* @param rc request context
* @param officer_pub public key of the AML officer who made the request
* @param args GET arguments (should be one)
* @return MHD result code
*/
MHD_RESULT
TEH_handler_aml_decision_get (
struct TEH_RequestContext *rc,
const struct TALER_AmlOfficerPublicKeyP *officer_pub,
const char *const args[]);
#endif #endif

View File

@ -79,8 +79,6 @@ TEH_handler_aml_decisions_get (
const struct TALER_AmlOfficerPublicKeyP *officer_pub, const struct TALER_AmlOfficerPublicKeyP *officer_pub,
const char *const args[]) const char *const args[])
{ {
enum GNUNET_GenericReturnValue res;
const char *sig_hdr;
struct TALER_AmlOfficerSignatureP officer_sig; struct TALER_AmlOfficerSignatureP officer_sig;
bool frozen = false; bool frozen = false;
bool pending = false; bool pending = false;
@ -96,26 +94,30 @@ TEH_handler_aml_decisions_get (
TALER_EC_GENERIC_ENDPOINT_UNKNOWN, TALER_EC_GENERIC_ENDPOINT_UNKNOWN,
args[0]); args[0]);
} }
sig_hdr = MHD_lookup_connection_value (rc->connection,
MHD_HEADER_KIND,
TALER_AML_OFFICER_SIGNATURE_HEADER);
if ( (NULL == sig_hdr) ||
(GNUNET_OK !=
GNUNET_STRINGS_string_to_data (sig_hdr,
strlen (sig_hdr),
&officer_sig,
sizeof (officer_sig))) ||
(GNUNET_OK !=
TALER_officer_aml_query_verify (officer_pub,
&officer_sig)) )
{ {
GNUNET_break_op (0); const char *sig_hdr;
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST, sig_hdr = MHD_lookup_connection_value (rc->connection,
TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID, MHD_HEADER_KIND,
sig_hdr); TALER_AML_OFFICER_SIGNATURE_HEADER);
if ( (NULL == sig_hdr) ||
(GNUNET_OK !=
GNUNET_STRINGS_string_to_data (sig_hdr,
strlen (sig_hdr),
&officer_sig,
sizeof (officer_sig))) ||
(GNUNET_OK !=
TALER_officer_aml_query_verify (officer_pub,
&officer_sig)) )
{
GNUNET_break_op (0);
return TALER_MHD_reply_with_error (rc->connection,
MHD_HTTP_BAD_REQUEST,
TALER_EC_EXCHANGE_GENERIC_AML_OFFICER_GET_SIGNATURE_INVALID,
sig_hdr);
}
TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
} }
TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++;
{ {
const char *p; const char *p;
@ -225,4 +227,4 @@ TEH_handler_aml_decisions_get (
} }
/* end of taler-exchange-httpd_deposits_get.c */ /* end of taler-exchange-httpd_aml-decisions_get.c */

View File

@ -74,7 +74,7 @@ handle_aml_result (void *cls,
{ {
struct TALER_Amount new_threshold; struct TALER_Amount new_threshold;
uint32_t ns; uint32_t ns;
struct GNUNET_TIME_Absolute decision_time; struct GNUNET_TIME_Timestamp decision_time;
char *justification; char *justification;
struct TALER_AmlOfficerPublicKeyP decider_pub; struct TALER_AmlOfficerPublicKeyP decider_pub;
struct TALER_AmlOfficerSignatureP decider_sig; struct TALER_AmlOfficerSignatureP decider_sig;
@ -83,8 +83,8 @@ handle_aml_result (void *cls,
&new_threshold), &new_threshold),
GNUNET_PQ_result_spec_uint32 ("new_status", GNUNET_PQ_result_spec_uint32 ("new_status",
&ns), &ns),
GNUNET_PQ_result_spec_absolute_time ("decision_time", GNUNET_PQ_result_spec_timestamp ("decision_time",
&decision_time), &decision_time),
GNUNET_PQ_result_spec_string ("justification", GNUNET_PQ_result_spec_string ("justification",
&justification), &justification),
GNUNET_PQ_result_spec_auto_from_type ("decider_pub", GNUNET_PQ_result_spec_auto_from_type ("decider_pub",

View File

@ -3159,7 +3159,7 @@ typedef void
void *cls, void *cls,
const struct TALER_Amount *new_threshold, const struct TALER_Amount *new_threshold,
enum TALER_AmlDecisionState new_status, enum TALER_AmlDecisionState new_status,
struct GNUNET_TIME_Absolute decision_time, struct GNUNET_TIME_Timestamp decision_time,
const char *justification, const char *justification,
const struct TALER_AmlOfficerPublicKeyP *decider_pub, const struct TALER_AmlOfficerPublicKeyP *decider_pub,
const struct TALER_AmlOfficerSignatureP *decider_sig); const struct TALER_AmlOfficerSignatureP *decider_sig);