implement taler-auditor-exchange

This commit is contained in:
Christian Grothoff 2018-11-03 21:28:52 +01:00
parent a57080651d
commit ebc8ae68be
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
7 changed files with 225 additions and 8 deletions

View File

@ -4,6 +4,7 @@ SUBDIRS = .
man_MANS = \ man_MANS = \
taler-auditor.1 \ taler-auditor.1 \
taler-auditor-exchange.1 \
taler-auditor-sign.1 \ taler-auditor-sign.1 \
taler-bank-transfer.1 \ taler-bank-transfer.1 \
taler-config-generate.1 \ taler-config-generate.1 \

View File

@ -0,0 +1,34 @@
.TH TALER\-AUDITOR\-EXCHANGE 1 "Nov 3, 2018" "GNU Taler"
.SH NAME
taler\-auditor\-exchange \- add or remove exchange from auditor's list
.SH SYNOPSIS
.B taler\-auditor\-exchange [--remove] -m EXCHANGE_KEY -u EXCHANGE_URL
.RI [ options ]
.br
.SH DESCRIPTION
\fBtaler\-auditor\-exchange\fP is a command line tool to be used by an auditor to add or remove an exchange from the list of exchange's audited by the auditor. You must add an exchange to that list before signing denomination keys with taler\-auditor\-sign or trying to audit it with taler\-auditor or taler\-wire\-auditor. Afterwards the exchange will be visible via the /exchanges API of the taler\-auditor\-httpd.
.SH OPTIONS
.B
.IP "\-m MASTERKEY, \-\-exchange-key=MASTERKEY"
Public key of the exchange in Crockford base32 encoding, for example as generated by gnunet\-ecc \-p.
.B
.IP "\-h, \-\-help"
Print short help on options.
.B
.IP "\-u URL, \-\-auditor-url=URL"
URL of the exchange. The exchange's HTTP API must be available at this address.
.B
.IP "\-r, \-\-remove"
Instead of adding the exchange, remove it. Note that this will drop ALL data associated with that exchange, including existing auditing information. So use with extreme care!
.SH BUGS
We should optionally verify the correctness of this exchange's base URL and that it matches the master public key (note that the exchange may still be offline, so it should be possible to bypass such a verfication step). Furthermore, if we do verification, as a (less secure) convenience option, we should make \-m optional and obtain it from the base URL.
Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
.SH "SEE ALSO"
\fBtaler\-auditor\-sign\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5)

View File

@ -11,6 +11,8 @@ taler\-auditor\-sign \- Sign exchange denomination as auditor.
.SH DESCRIPTION .SH DESCRIPTION
\fBtaler\-auditor\-sign\fP is a command line tool to be used by an auditor to sign that he is aware of certain keys being used by a exchange. Using this signature, the auditor affirms that he will verify that the exchange is properly accounting for those coins. \fBtaler\-auditor\-sign\fP is a command line tool to be used by an auditor to sign that he is aware of certain keys being used by a exchange. Using this signature, the auditor affirms that he will verify that the exchange is properly accounting for those coins.
The exchange for which keys were signed must have been added to the auditor using taler\-auditor\-exchange first!
.SH OPTIONS .SH OPTIONS
.B .B
.IP "\-a FILE, \-\-auditor-key=FILE" .IP "\-a FILE, \-\-auditor-key=FILE"
@ -35,4 +37,4 @@ File where the auditor should write the EdDSA signature.
Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org> Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org>
.SH "SEE ALSO" .SH "SEE ALSO"
\fBtaler\-exchange\-keyup\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5) \fBtaler\-auditor\-exchange\fP(1), \fBtaler\-exchange\-keyup\fP(1), \fBgnunet\-ecc\fP(1), \fBtaler.conf\fP(5)

View File

@ -1 +1,2 @@
taler-auditor-httpd taler-auditor-httpd
taler-auditor-exchange

View File

@ -13,6 +13,7 @@ pkgcfg_DATA = \
bin_PROGRAMS = \ bin_PROGRAMS = \
taler-auditor \ taler-auditor \
taler-auditor-exchange \
taler-auditor-httpd \ taler-auditor-httpd \
taler-wire-auditor \ taler-wire-auditor \
taler-auditor-sign \ taler-auditor-sign \
@ -89,6 +90,15 @@ taler_auditor_sign_LDADD = \
-lgnunetutil $(XLIB) -lgnunetutil $(XLIB)
taler_auditor_exchange_SOURCES = \
taler-auditor-exchange.c
taler_auditor_exchange_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \
-lgnunetutil $(XLIB)
EXTRA_DIST = \ EXTRA_DIST = \
auditor.conf auditor.conf

View File

@ -0,0 +1,169 @@
/*
This file is part of TALER
Copyright (C) 2014, 2015, 2018 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-auditor-exchange.c
* @brief Tool used by the auditor to add or remove the exchange's master key
* to its database.
* @author Christian Grothoff
*/
#include <platform.h>
#include "taler_exchangedb_lib.h"
#include "taler_auditordb_lib.h"
/**
* URL of the exchange.
*/
static char *exchange_url;
/**
* Master public key of the exchange.
*/
static struct TALER_MasterPublicKeyP master_public_key;
/**
* Our configuration.
*/
static struct GNUNET_CONFIGURATION_Handle *cfg;
/**
* Handle to access the auditor's database.
*/
static struct TALER_AUDITORDB_Plugin *adb;
/**
* -r option given.
*/
static int remove_flag;
/**
* The main function of the taler-auditor-exchange tool. This tool is used
* to add (or remove) an exchange's master key and base URL to the auditor's
* database.
*
* @param argc number of arguments from the command line
* @param argv command line arguments
* @return 0 ok, 1 on error
*/
int
main (int argc,
char *const *argv)
{
char *cfgfile = NULL;
const struct GNUNET_GETOPT_CommandLineOption options[] = {
GNUNET_GETOPT_option_cfgfile (&cfgfile),
GNUNET_GETOPT_option_help ("Add or remove exchange to list of audited exchanges"),
GNUNET_GETOPT_option_mandatory
(GNUNET_GETOPT_option_base32_auto ('m',
"exchange-key",
"KEY",
"public key of the exchange (Crockford base32 encoded)",
&master_public_key)),
GNUNET_GETOPT_option_mandatory
(GNUNET_GETOPT_option_string ('u',
"exchange-url",
"URL",
"base URL of the exchange",
&exchange_url)),
GNUNET_GETOPT_option_flag ('r',
"remove",
"remove the exchange's key (default is to add)",
&remove_flag),
GNUNET_GETOPT_option_version (VERSION "-" VCS_VERSION),
GNUNET_GETOPT_OPTION_END
};
GNUNET_assert (GNUNET_OK ==
GNUNET_log_setup ("taler-auditor-exchange",
"WARNING",
NULL));
if (GNUNET_GETOPT_run ("taler-auditor-exchange",
options,
argc, argv) < 0)
return 1;
cfg = GNUNET_CONFIGURATION_create ();
if (GNUNET_SYSERR ==
GNUNET_CONFIGURATION_load (cfg,
cfgfile))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
_("Malformed configuration file `%s', exit ...\n"),
cfgfile);
GNUNET_free_non_null (cfgfile);
return 1;
}
GNUNET_free_non_null (cfgfile);
if (NULL ==
(adb = TALER_AUDITORDB_plugin_load (cfg)))
{
fprintf (stderr,
"Failed to initialize auditor database plugin.\n");
return 3;
}
/* Create required tables */
if (GNUNET_OK !=
adb->create_tables (adb->cls))
{
fprintf (stderr,
"Failed to create tables in auditor's database\n");
TALER_AUDITORDB_plugin_unload (adb);
return 3;
}
/* Update DB */
{
enum GNUNET_DB_QueryStatus qs;
struct TALER_AUDITORDB_Session *session;
session = adb->get_session (adb->cls);
if (NULL == session)
{
fprintf (stderr,
"Failed to initialize database session\n");
TALER_AUDITORDB_plugin_unload (adb);
return 3;
}
if (remove_flag)
{
qs = adb->delete_exchange (adb->cls,
session,
&master_public_key);
}
else
{
qs = adb->insert_exchange (adb->cls,
session,
&master_public_key,
exchange_url);
}
if (0 > qs)
{
fprintf (stderr,
"Failed to update auditor DB (%d)\n",
qs);
TALER_AUDITORDB_plugin_unload (adb);
return 3;
}
}
TALER_AUDITORDB_plugin_unload (adb);
return 0;
}
/* end of taler-auditor-exchange.c */

View File

@ -1,6 +1,6 @@
/* /*
This file is part of TALER This file is part of TALER
Copyright (C) 2014, 2015 GNUnet e.V. Copyright (C) 2014, 2015, 2018 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software terms of the GNU General Public License as published by the Free Software
@ -151,13 +151,13 @@ main (int argc,
"file containing the private key of the auditor", "file containing the private key of the auditor",
&auditor_key_file), &auditor_key_file),
GNUNET_GETOPT_option_cfgfile (&cfgfile), GNUNET_GETOPT_option_cfgfile (&cfgfile),
GNUNET_GETOPT_option_help ("Private key of the auditor to use for signing"), GNUNET_GETOPT_option_help ("Sign denomination keys of an exchange"),
GNUNET_GETOPT_option_mandatory GNUNET_GETOPT_option_mandatory
(GNUNET_GETOPT_option_base32_auto ('m', (GNUNET_GETOPT_option_base32_auto ('m',
"exchange-key", "exchange-key",
"KEY", "KEY",
"public key of the exchange (Crockford base32 encoded)", "public key of the exchange (Crockford base32 encoded)",
&master_public_key)), &master_public_key)),
GNUNET_GETOPT_option_string ('u', GNUNET_GETOPT_option_string ('u',
"auditor-url", "auditor-url",
"URL", "URL",
@ -398,7 +398,7 @@ main (int argc,
if (0 > qs) if (0 > qs)
{ {
fprintf (stderr, fprintf (stderr,
"Failed to store key in auditor DB\n"); "Failed to store key in auditor DB (did you add the exchange first?)\n");
TALER_AUDITORDB_plugin_unload (adb); TALER_AUDITORDB_plugin_unload (adb);
GNUNET_free (dks); GNUNET_free (dks);
GNUNET_free (sigs); GNUNET_free (sigs);