implement logic to conditionally trigger AML review based on KYC attributes

2023-05-17 00:28:41 +02:00 · 2023-05-17 00:28:41 +02:00 · f7dc35e59e
commit f7dc35e59e
parent 755955de28
24 changed files with 249 additions and 263 deletions
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -24,6 +24,7 @@ man_MANS = \
  prebuilt/man/taler-exchange-drain.1  \
  prebuilt/man/taler-exchange-expire.1  \
  prebuilt/man/taler-exchange-httpd.1       \
  prebuilt/man/taler-exchange-kyc-aml-pep-trigger.1 \
  prebuilt/man/taler-exchange-kyc-tester.1       \
  prebuilt/man/taler-exchange-offline.1    \
  prebuilt/man/taler-exchange-router.1\
--- a/doc/prebuilt
+++ b/doc/prebuilt
@ -1 +1 @@
-Subproject commit 8452f991dd967328207fab52a99beb19e2cb4dff
+Subproject commit 5b8e06dc0a9d17b5b2646fdb1286a3b797ed019e
--- a/src/exchange/Makefile.am
+++ b/src/exchange/Makefile.am
@ -15,6 +15,8 @@ pkgcfg_DATA = \
  exchange.conf
 # Programs
 bin_SCRIPTS = \
  taler-exchange-kyc-aml-pep-trigger.sh
 bin_PROGRAMS = \
  taler-exchange-aggregator \
@ -228,4 +230,5 @@ EXTRA_DIST = \
  test_taler_exchange_httpd.get \
  test_taler_exchange_httpd.post \
  exchange.conf \
  $(bin_SCRIPTS) \
  $(check_SCRIPTS)
--- a/src/exchange/taler-exchange-httpd_aml-decision-get.c
+++ b/src/exchange/taler-exchange-httpd_aml-decision-get.c
@ -43,8 +43,6 @@
 * @param[in,out] cls closure with a `json_t *` array to update
 * @param h_payto account for which the attribute data is stored
 * @param provider_section provider that must be checked
 * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
 *        digits can be 0 if exact day, month or year are unknown
 * @param collection_time when was the data collected
 * @param expiration_time when does the data expire
 * @param enc_attributes_size number of bytes in @a enc_attributes
@ -55,7 +53,6 @@ kyc_attribute_cb (
  void *cls,
  const struct TALER_PaytoHashP *h_payto,
  const char *provider_section,
  const char *birthdate,
  struct GNUNET_TIME_Timestamp collection_time,
  struct GNUNET_TIME_Timestamp expiration_time,
  size_t enc_attributes_size,
--- a/src/exchange/taler-exchange-httpd_common_kyc.c
+++ b/src/exchange/taler-exchange-httpd_common_kyc.c
@ -114,6 +114,7 @@ kyc_aml_finished (void *cls,
  size_t eas;
  void *ea;
  const char *birthdate;
  unsigned int birthday;
  struct GNUNET_ShortHashCode kyc_prox;
  struct GNUNET_AsyncScopeSave old_scope;
@ -124,21 +125,27 @@ kyc_aml_finished (void *cls,
                                       &kyc_prox);
  birthdate = json_string_value (json_object_get (kat->attributes,
                                                  TALER_ATTRIBUTE_BIRTHDATE));
  birthday = 0; (void) birthdate;  // FIXME-Oec: calculate birthday here...
  // Convert 'birthdate' to time after 1970, then compute days.
  // Then compare against max age-restriction, and if before, set to 0.
  TALER_CRYPTO_kyc_attributes_encrypt (&TEH_attribute_key,
                                       kat->attributes,
                                       &ea,
                                       &eas);
  // FIXME: begin transaction (or move everything into one stored procedure?)
  qs = TEH_plugin->insert_kyc_attributes (
    TEH_plugin->cls,
    kat->process_row,
    &kat->account_id,
    &kyc_prox,
    kat->provider_section,
-    birthdate,
+    birthday,
    GNUNET_TIME_timestamp_get (),
-    GNUNET_TIME_absolute_to_timestamp (kat->expiration),
+    kat->provider_user_id,
    kat->provider_legitimization_id,
    kat->expiration,
    eas,
-    ea);
+    ea,
    0 != code);
  GNUNET_free (ea);
  if (GNUNET_DB_STATUS_HARD_ERROR == qs)
  {
@ -147,36 +154,9 @@ kyc_aml_finished (void *cls,
      MHD_destroy_response (kat->response);
    kat->http_status = MHD_HTTP_INTERNAL_SERVER_ERROR;
    kat->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED,
-                                          "insert_kyc_attributes");
+                                          "do_insert_kyc_attributes");
    goto finish;
  }
  qs = TEH_plugin->update_kyc_process_by_row (TEH_plugin->cls,
                                              kat->process_row,
                                              kat->provider_section,
                                              &kat->account_id,
                                              kat->provider_user_id,
                                              kat->provider_legitimization_id,
                                              kat->expiration);
  if (GNUNET_DB_STATUS_HARD_ERROR == qs)
  {
    GNUNET_break (0);
    if (NULL != kat->response)
      MHD_destroy_response (kat->response);
    kat->http_status = MHD_HTTP_INTERNAL_SERVER_ERROR;
    kat->response = TALER_MHD_make_error (TALER_EC_GENERIC_DB_STORE_FAILED,
                                          "update_kyc_process_by_row");
    goto finish;
  }
  // FIXME: do DB work, possibly updating kat!
  if (0 != code)
  {
    // FIXME: trigger AML!
    GNUNET_break (0); // FIXME: not implemented
  }
  // FIXME: end transaction
  /* Finally, return result to main handler */
 finish:
  kat->cb (kat->cb_cls,
           kat->http_status,
           kat->response);
--- a/src/exchange/taler-exchange-httpd_reserves_attest.c
+++ b/src/exchange/taler-exchange-httpd_reserves_attest.c
@ -158,8 +158,6 @@ reply_reserve_attest_success (struct MHD_Connection *connection,
 * @param cls our `struct ReserveAttestContext *`
 * @param h_payto account for which the attribute data is stored
 * @param provider_section provider that must be checked
 * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
 *        digits can be 0 if exact day, month or year are unknown
 * @param collection_time when was the data collected
 * @param expiration_time when does the data expire
 * @param enc_attributes_size number of bytes in @a enc_attributes
@ -169,7 +167,6 @@ static void
 kyc_process_cb (void *cls,
                const struct TALER_PaytoHashP *h_payto,
                const char *provider_section,
                const char *birthdate,
                struct GNUNET_TIME_Timestamp collection_time,
                struct GNUNET_TIME_Timestamp expiration_time,
                size_t enc_attributes_size,
--- a/src/exchange/taler-exchange-httpd_reserves_get_attest.c
+++ b/src/exchange/taler-exchange-httpd_reserves_get_attest.c
@ -64,8 +64,6 @@ struct ReserveAttestContext
 * @param cls our `struct ReserveAttestContext *`
 * @param h_payto account for which the attribute data is stored
 * @param provider_section provider that must be checked
 * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
 *        digits can be 0 if exact day, month or year are unknown
 * @param collection_time when was the data collected
 * @param expiration_time when does the data expire
 * @param enc_attributes_size number of bytes in @a enc_attributes
@ -75,7 +73,6 @@ static void
 kyc_process_cb (void *cls,
                const struct TALER_PaytoHashP *h_payto,
                const char *provider_section,
                const char *birthdate,
                struct GNUNET_TIME_Timestamp collection_time,
                struct GNUNET_TIME_Timestamp expiration_time,
                size_t enc_attributes_size,
--- a/src/exchange/taler-exchange-kyc-aml-pep-trigger.sh
+++ b/src/exchange/taler-exchange-kyc-aml-pep-trigger.sh
@ -0,0 +1,7 @@
 #!/bin/sh
 # This file is in the public domain.
 # This is an example of how to trigger AML if the
 # KYC attributes include '{"pep":true}'
 #
 # To be used as a script for the KYC_AML_TRIGGER.
 test "false" = $(jq .pep -)
--- a/src/exchangedb/0002-reserves.sql
+++ b/src/exchangedb/0002-reserves.sql
@ -31,7 +31,7 @@ BEGIN
      ',current_balance_frac INT4 NOT NULL DEFAULT(0)'
      ',purses_active INT8 NOT NULL DEFAULT(0)'
      ',purses_allowed INT8 NOT NULL DEFAULT(0)'
-      ',max_age INT4 NOT NULL DEFAULT(120)'
+      ',max_age INT4 NOT NULL DEFAULT(0)'
      ',expiration_date INT8 NOT NULL'
      ',gc_date INT8 NOT NULL'
    ') %s ;'
@ -80,6 +80,12 @@ BEGIN
    ,table_name
    ,partition_suffix
  );
  PERFORM comment_partitioned_column(
     'Birthday of the user in days after 1970, or 0 if user is an adult and is not subject to age restrictions'
    ,'max_age'
    ,table_name
    ,partition_suffix
  );
 END
 $$;
--- a/src/exchangedb/0004-kyc_attributes.sql
+++ b/src/exchangedb/0004-kyc_attributes.sql
@ -0,0 +1,44 @@
 --
 -- This file is part of TALER
 -- Copyright (C) 2023 Taler Systems SA
 --
 -- TALER is free software; you can redistribute it and/or modify it under the
 -- terms of the GNU General Public License as published by the Free Software
 -- Foundation; either version 3, or (at your option) any later version.
 --
 -- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
 -- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 -- A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 --
 -- You should have received a copy of the GNU General Public License along with
 -- TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 --
 CREATE OR REPLACE FUNCTION master_table_kyc_attributes_V2()
 RETURNS VOID
 LANGUAGE plpgsql
 AS $$
 DECLARE
  table_name VARCHAR DEFAULT 'kyc_attributes';
 BEGIN
  EXECUTE FORMAT (
   'ALTER TABLE ' || table_name ||
   ' DROP COLUMN birthdate;'
  );
 END $$;
 COMMENT ON FUNCTION master_table_kyc_attributes_V2
  IS 'Removes birthdate colum from the kyc_attributes table';
 INSERT INTO exchange_tables
    (name
    ,version
    ,action
    ,partitioned
    ,by_range)
  VALUES
    ('kyc_attributes_V2'
    ,'exchange-0004'
    ,'master'
    ,TRUE
    ,FALSE);
--- a/src/exchangedb/Makefile.am
+++ b/src/exchangedb/Makefile.am
@ -144,7 +144,6 @@ libtaler_plugin_exchangedb_postgres_la_SOURCES = \
  pg_aggregate.h pg_aggregate.c \
  pg_create_aggregation_transient.h pg_create_aggregation_transient.c \
  pg_insert_kyc_attributes.h pg_insert_kyc_attributes.c \
  pg_update_kyc_attributes.h pg_update_kyc_attributes.c \
  pg_select_similar_kyc_attributes.h pg_select_similar_kyc_attributes.c \
  pg_select_kyc_attributes.h pg_select_kyc_attributes.c \
  pg_insert_aml_officer.h pg_insert_aml_officer.c \
--- a/src/exchangedb/exchange-0004.sql.in
+++ b/src/exchangedb/exchange-0004.sql.in
@ -1,6 +1,6 @@
 --
 -- This file is part of TALER
-- Copyright (C) 2014--2023 Taler Systems SA
+-- Copyright (C) 2023 Taler Systems SA
 --
 -- TALER is free software; you can redistribute it and/or modify it under the
 -- terms of the GNU General Public License as published by the Free Software
@ -19,6 +19,7 @@ BEGIN;
 SELECT _v.register_patch('exchange-0004', NULL, NULL);
 SET search_path TO exchange;
 #include "0004-kyc_attributes.sql"
 #include "0004-wire_accounts.sql"
 COMMIT;
--- a/src/exchangedb/exchange_do_insert_kyc_attributes.sql
+++ b/src/exchangedb/exchange_do_insert_kyc_attributes.sql
@ -0,0 +1,92 @@
 --
 -- This file is part of TALER
 -- Copyright (C) 2023 Taler Systems SA
 --
 -- TALER is free software; you can redistribute it and/or modify it under the
 -- terms of the GNU General Public License as published by the Free Software
 -- Foundation; either version 3, or (at your option) any later version.
 --
 -- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
 -- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 -- A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
 --
 -- You should have received a copy of the GNU General Public License along with
 -- TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 --
 CREATE OR REPLACE FUNCTION exchange_do_insert_kyc_attributes(
  IN in_process_row INT8,
  IN in_h_payto BYTEA,
  IN in_kyc_prox BYTEA,
  IN in_provider_section VARCHAR,
  IN in_birthday INT4,
  IN in_provider_account_id VARCHAR,
  IN in_provider_legitimization_id VARCHAR,
  IN in_collection_time_ts INT8,
  IN in_expiration_time INT8,
  IN in_expiration_time_ts INT8,
  IN in_enc_attributes BYTEA,
  IN in_require_aml BOOLEAN,
  IN in_kyc_completed_notify_s VARCHAR,
  OUT out_ok BOOLEAN)
 LANGUAGE plpgsql
 AS $$
 BEGIN
 INSERT INTO exchange.kyc_attributes
  (h_payto
  ,kyc_prox
  ,provider
  ,collection_time
  ,expiration_time
  ,encrypted_attributes
 ) VALUES
  (in_h_payto
  ,in_kyc_prox
  ,in_provider_section
  ,in_collection_time_ts
  ,in_expiration_time_ts
  ,in_enc_attributes);
 -- FIXME-Oec: modify to 'return' the reserve_pub here
 -- (requires of course to modify other code to store
 -- the reserve pub in the right table in the first place)
 UPDATE exchange.legitimization_processes
  SET provider_user_id=in_provider_account_id
     ,provider_legitimization_id=in_provider_legitimization_id
     ,expiration_time=GREATEST(expiration_time,in_expiration_time)
 WHERE h_payto=in_h_payto
   AND legitimization_process_serial_id=in_process_row
   AND provider_section=in_provider_section;
 out_ok = FOUND;
 -- FIXME-Oec: update exchange reserve table to store in_birthday here!
 -- UPDATE exchange.reserves SET max_age=in_birthday WHERE reserve_pub=X;
 IF in_require_aml
 THEN
  INSERT INTO exchange.aml_status
    (h_payto
    ,status)
   VALUES
    (in_h_payto
    ,1)
  ON CONFLICT (h_payto) DO
    UPDATE SET status=EXCLUDED.status | 1;
 END IF;
 -- Wake up everyone who might care...
 PERFORM pg_notify (in_kyc_completed_notify_s, NULL);
 INSERT INTO kyc_alerts
 (h_payto
 ,trigger_type)
 VALUES
 (in_h_payto,1);
 END $$;
 COMMENT ON FUNCTION exchange_do_insert_kyc_attributes(INT8, BYTEA, BYTEA, VARCHAR, INT4, VARCHAR, VARCHAR, INT8, INT8, INT8, BYTEA, BOOL, VARCHAR)
  IS 'Inserts new KYC attributes and updates the status of the legitimization process and the AML status for the account';
--- a/src/exchangedb/pg_insert_kyc_attributes.c
+++ b/src/exchangedb/pg_insert_kyc_attributes.c
@ -1,6 +1,6 @@
 /*
   This file is part of TALER
-   Copyright (C) 2022 Taler Systems SA
+   Copyright (C) 2022, 2023 Taler Systems SA
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU General Public License as published by the Free Software
@ -29,43 +29,72 @@
 enum GNUNET_DB_QueryStatus
 TEH_PG_insert_kyc_attributes (
  void *cls,
  uint64_t process_row,
  const struct TALER_PaytoHashP *h_payto,
  const struct GNUNET_ShortHashCode *kyc_prox,
  const char *provider_section,
-  const char *birthdate,
+  uint32_t birthday,
  struct GNUNET_TIME_Timestamp collection_time,
-  struct GNUNET_TIME_Timestamp expiration_time,
+  const char *provider_account_id,
  const char *provider_legitimization_id,
  struct GNUNET_TIME_Absolute expiration_time,
  size_t enc_attributes_size,
-  const void *enc_attributes)
+  const void *enc_attributes,
  bool require_aml)
 {
  struct PostgresClosure *pg = cls;
  struct GNUNET_TIME_Timestamp expiration
    = GNUNET_TIME_absolute_to_timestamp (expiration_time);
  struct TALER_KycCompletedEventP rep = {
    .header.size = htons (sizeof (rep)),
    .header.type = htons (TALER_DBEVENT_EXCHANGE_KYC_COMPLETED),
    .h_payto = *h_payto
  };
  char *kyc_completed_notify_s
    = GNUNET_PG_get_event_notify_channel (&rep.header);
  struct GNUNET_PQ_QueryParam params[] = {
    GNUNET_PQ_query_param_uint64 (&process_row),
    GNUNET_PQ_query_param_auto_from_type (h_payto),
    GNUNET_PQ_query_param_auto_from_type (kyc_prox),
    GNUNET_PQ_query_param_string (provider_section),
-    (NULL == birthdate)
+    GNUNET_PQ_query_param_uint32 (&birthday),
    (NULL == provider_account_id)
    ? GNUNET_PQ_query_param_null ()
-    : GNUNET_PQ_query_param_string (birthdate),
+    : GNUNET_PQ_query_param_string (provider_account_id),
    (NULL == provider_legitimization_id)
    ? GNUNET_PQ_query_param_null ()
    : GNUNET_PQ_query_param_string (provider_legitimization_id),
    GNUNET_PQ_query_param_timestamp (&collection_time),
-    GNUNET_PQ_query_param_timestamp (&expiration_time),
+    GNUNET_PQ_query_param_absolute_time (&expiration_time),
    GNUNET_PQ_query_param_timestamp (&expiration),
    GNUNET_PQ_query_param_fixed_size (enc_attributes,
                                      enc_attributes_size),
    GNUNET_PQ_query_param_bool (require_aml),
    GNUNET_PQ_query_param_string (kyc_completed_notify_s),
    GNUNET_PQ_query_param_end
  };
  bool ok;
  struct GNUNET_PQ_ResultSpec rs[] = {
    GNUNET_PQ_result_spec_bool ("out_ok",
                                &ok),
    GNUNET_PQ_result_spec_end
  };
  enum GNUNET_DB_QueryStatus qs;
  PREPARE (pg,
           "insert_kyc_attributes",
-           "INSERT INTO kyc_attributes "
+           "SELECT "
-           "(h_payto"
+           " out_ok"
-           ",kyc_prox"
+           " FROM exchange_do_insert_kyc_attributes "
-           ",provider"
+           "($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13);");
-           ",birthdate"
+  qs = GNUNET_PQ_eval_prepared_singleton_select (pg->conn,
-           ",collection_time"
+                                                 "insert_kyc_attributes",
-           ",expiration_time"
+                                                 params,
-           ",encrypted_attributes"
+                                                 rs);
-           ") VALUES "
+  GNUNET_free (kyc_completed_notify_s);
-           "($1, $2, $3, $4, $5, $6, $7);");
+  if (qs < 0)
-  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
+    return qs;
-                                             "insert_kyc_attributes",
+  if (! ok)
-                                             params);
+    return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
  return qs;
 }
--- a/src/exchangedb/pg_insert_kyc_attributes.h
+++ b/src/exchangedb/pg_insert_kyc_attributes.h
@ -27,30 +27,39 @@
 /**
- * Store KYC attribute data.
+ * Store KYC attribute data, update KYC process status and
 * AML status for the given account.
 *
 * @param cls closure
 * @param process_row KYC process row to update
 * @param h_payto account for which the attribute data is stored
 * @param kyc_prox key for similarity search
 * @param provider_section provider that must be checked
- * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
+ * @param provider_account_id provider account ID
- *        digits can be 0 if exact day, month or year are unknown
+ * @param provider_legitimization_id provider legitimization ID
 * @param birthday birthdate of user, in days after 1990, or 0 if unknown or definitively adult
 * @param collection_time when was the data collected
 * @param expiration_time when does the data expire
 * @param enc_attributes_size number of bytes in @a enc_attributes
 * @param enc_attributes encrypted attribute data
 * @param require_aml true to trigger AML
 * @return database transaction status
 */
 enum GNUNET_DB_QueryStatus
 TEH_PG_insert_kyc_attributes (
  void *cls,
  uint64_t process_row,
  const struct TALER_PaytoHashP *h_payto,
  const struct GNUNET_ShortHashCode *kyc_prox,
  const char *provider_section,
-  const char *birthdate,
+  uint32_t birthday,
  struct GNUNET_TIME_Timestamp collection_time,
-  struct GNUNET_TIME_Timestamp expiration_time,
+  const char *provider_account_id,
  const char *provider_legitimization_id,
  struct GNUNET_TIME_Absolute expiration_time,
  size_t enc_attributes_size,
-  const void *enc_attributes);
+  const void *enc_attributes,
  bool require_aml);
 #endif
--- a/src/exchangedb/pg_insert_records_by_table.c
+++ b/src/exchangedb/pg_insert_records_by_table.c
@ -1995,10 +1995,6 @@ irbt_cb_table_kyc_attributes (struct PostgresClosure *pg,
      &td->details.kyc_attributes.kyc_prox),
    GNUNET_PQ_query_param_string (
      td->details.kyc_attributes.provider),
    (NULL == td->details.kyc_attributes.birthdate)
    ? GNUNET_PQ_query_param_null ()
    : GNUNET_PQ_query_param_string (
      td->details.kyc_attributes.birthdate),
    GNUNET_PQ_query_param_timestamp (
      &td->details.kyc_attributes.collection_time),
    GNUNET_PQ_query_param_timestamp (
@ -2016,12 +2012,11 @@ irbt_cb_table_kyc_attributes (struct PostgresClosure *pg,
           ",h_payto"
           ",kyc_prox"
           ",provider"
           ",birthdate"
           ",collection_time"
           ",expiration_time"
           ",encrypted_attributes"
           ") VALUES "
-           "($1, $2, $3, $4, $5, $6, $7, $8);");
+           "($1, $2, $3, $4, $5, $6, $7);");
  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
                                             "insert_into_table_kyc_attributes",
                                             params);
--- a/src/exchangedb/pg_lookup_records_by_table.c
+++ b/src/exchangedb/pg_lookup_records_by_table.c
@ -2684,11 +2684,6 @@ lrbt_cb_table_kyc_attributes (void *cls,
      GNUNET_PQ_result_spec_string (
        "provider",
        &td.details.kyc_attributes.provider),
      GNUNET_PQ_result_spec_allow_null (
        GNUNET_PQ_result_spec_string (
          "birthdate",
          &td.details.kyc_attributes.birthdate),
        NULL),
      GNUNET_PQ_result_spec_timestamp (
        "collection_time",
        &td.details.kyc_attributes.collection_time),
@ -3577,7 +3572,6 @@ TEH_PG_lookup_records_by_table (void *cls,
              ",h_payto"
              ",kyc_prox"
              ",provider"
              ",birthdate"
              ",collection_time"
              ",expiration_time"
              ",encrypted_attributes"
--- a/src/exchangedb/pg_select_kyc_attributes.c
+++ b/src/exchangedb/pg_select_kyc_attributes.c
@ -80,14 +80,9 @@ get_attributes_cb (void *cls,
    size_t enc_attributes_size;
    void *enc_attributes;
    char *provider;
    char *birthdate = NULL;
    struct GNUNET_PQ_ResultSpec rs[] = {
      GNUNET_PQ_result_spec_string ("provider",
                                    &provider),
      GNUNET_PQ_result_spec_allow_null (
        GNUNET_PQ_result_spec_string ("birthdate",
                                      &birthdate),
        NULL),
      GNUNET_PQ_result_spec_timestamp ("collection_time",
                                       &collection_time),
      GNUNET_PQ_result_spec_timestamp ("expiration_time",
@ -110,7 +105,6 @@ get_attributes_cb (void *cls,
    ctx->cb (ctx->cb_cls,
             ctx->h_payto,
             provider,
             birthdate,
             collection_time,
             expiration_time,
             enc_attributes_size,
@ -145,7 +139,6 @@ TEH_PG_select_kyc_attributes (
           "select_kyc_attributes",
           "SELECT "
           " provider"
           ",birthdate"
           ",collection_time"
           ",expiration_time"
           ",encrypted_attributes"
--- a/src/exchangedb/pg_select_similar_kyc_attributes.c
+++ b/src/exchangedb/pg_select_similar_kyc_attributes.c
@ -76,16 +76,11 @@ get_attributes_cb (void *cls,
    size_t enc_attributes_size;
    void *enc_attributes;
    char *provider;
    char *birthdate = NULL;
    struct GNUNET_PQ_ResultSpec rs[] = {
      GNUNET_PQ_result_spec_auto_from_type ("h_payto",
                                            &h_payto),
      GNUNET_PQ_result_spec_string ("provider",
                                    &provider),
      GNUNET_PQ_result_spec_allow_null (
        GNUNET_PQ_result_spec_string ("birthdate",
                                      &birthdate),
        NULL),
      GNUNET_PQ_result_spec_timestamp ("collection_time",
                                       &collection_time),
      GNUNET_PQ_result_spec_timestamp ("expiration_time",
@ -108,7 +103,6 @@ get_attributes_cb (void *cls,
    ctx->cb (ctx->cb_cls,
             &h_payto,
             provider,
             birthdate,
             collection_time,
             expiration_time,
             enc_attributes_size,
@ -143,7 +137,6 @@ TEH_PG_select_similar_kyc_attributes (
           "SELECT "
           " h_payto"
           ",provider"
           ",birthdate"
           ",collection_time"
           ",expiration_time"
           ",encrypted_attributes"
--- a/src/exchangedb/pg_update_kyc_attributes.c
+++ b/src/exchangedb/pg_update_kyc_attributes.c
@ -1,68 +0,0 @@
 /*
   This file is part of TALER
   Copyright (C) 2022 Taler Systems SA
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU General Public License as published by the Free Software
   Foundation; either version 3, or (at your option) any later version.
   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
   You should have received a copy of the GNU General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */
 /**
 * @file exchangedb/pg_update_kyc_attributes.c
 * @brief Implementation of the update_kyc_attributes function for Postgres
 * @author Christian Grothoff
 */
 #include "platform.h"
 #include "taler_error_codes.h"
 #include "taler_dbevents.h"
 #include "taler_pq_lib.h"
 #include "pg_update_kyc_attributes.h"
 #include "pg_helper.h"
 enum GNUNET_DB_QueryStatus
 TEH_PG_update_kyc_attributes (
  void *cls,
  const struct TALER_PaytoHashP *h_payto,
  const struct GNUNET_ShortHashCode *kyc_prox,
  const char *provider_section,
  const char *birthdate,
  struct GNUNET_TIME_Timestamp collection_time,
  struct GNUNET_TIME_Timestamp expiration_time,
  size_t enc_attributes_size,
  const void *enc_attributes)
 {
  struct PostgresClosure *pg = cls;
  struct GNUNET_PQ_QueryParam params[] = {
    GNUNET_PQ_query_param_auto_from_type (h_payto),
    GNUNET_PQ_query_param_auto_from_type (kyc_prox),
    GNUNET_PQ_query_param_string (provider_section),
    (NULL == birthdate)
    ? GNUNET_PQ_query_param_null ()
    : GNUNET_PQ_query_param_string (birthdate),
    GNUNET_PQ_query_param_timestamp (&collection_time),
    GNUNET_PQ_query_param_timestamp (&expiration_time),
    GNUNET_PQ_query_param_fixed_size (enc_attributes,
                                      enc_attributes_size),
    GNUNET_PQ_query_param_end
  };
  PREPARE (pg,
           "update_kyc_attributes",
           "UPDATE kyc_attributes SET "
           " kyc_prox=$2"
           ",birthdate=$4"
           ",collection_time=$5"
           ",expiration_time=$6"
           ",encrypted_attributes=$7"
           " WHERE h_payto=$1 AND provider_section=$3;");
  return GNUNET_PQ_eval_prepared_non_select (pg->conn,
                                             "update_kyc_attributes",
                                             params);
 }
--- a/src/exchangedb/pg_update_kyc_attributes.h
+++ b/src/exchangedb/pg_update_kyc_attributes.h
@ -1,57 +0,0 @@
 /*
   This file is part of TALER
   Copyright (C) 2022 Taler Systems SA
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU General Public License as published by the Free Software
   Foundation; either version 3, or (at your option) any later version.
   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
   You should have received a copy of the GNU General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */
 /**
 * @file exchangedb/pg_update_kyc_attributes.h
 * @brief implementation of the update_kyc_attributes function for Postgres
 * @author Christian Grothoff
 */
 #ifndef PG_UPDATE_KYC_ATTRIBUTES_H
 #define PG_UPDATE_KYC_ATTRIBUTES_H
 #include "taler_util.h"
 #include "taler_json_lib.h"
 #include "taler_exchangedb_plugin.h"
 /**
 * Update KYC attribute data.
 *
 * @param cls closure
 * @param h_payto account for which the attribute data is stored
 * @param kyc_prox key for similarity search
 * @param provider_section provider that must be checked
 * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
 *        digits can be 0 if exact day, month or year are unknown
 * @param collection_time when was the data collected
 * @param expiration_time when does the data expire
 * @param enc_attributes_size number of bytes in @a enc_attributes
 * @param enc_attributes encrypted attribute data
 * @return database transaction status
 */
 enum GNUNET_DB_QueryStatus
 TEH_PG_update_kyc_attributes (
  void *cls,
  const struct TALER_PaytoHashP *h_payto,
  const struct GNUNET_ShortHashCode *kyc_prox,
  const char *provider_section,
  const char *birthdate,
  struct GNUNET_TIME_Timestamp collection_time,
  struct GNUNET_TIME_Timestamp expiration_time,
  size_t enc_attributes_size,
  const void *enc_attributes);
 #endif
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@ -207,7 +207,6 @@
 #include "pg_setup_wire_target.h"
 #include "pg_compute_shard.h"
 #include "pg_insert_kyc_attributes.h"
 #include "pg_update_kyc_attributes.h"
 #include "pg_select_similar_kyc_attributes.h"
 #include "pg_select_kyc_attributes.h"
 #include "pg_insert_aml_officer.h"
@ -754,8 +753,6 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
    = &TEH_PG_set_purse_balance;
  plugin->insert_kyc_attributes
    = &TEH_PG_insert_kyc_attributes;
  plugin->update_kyc_attributes
    = &TEH_PG_update_kyc_attributes;
  plugin->select_similar_kyc_attributes
    = &TEH_PG_select_similar_kyc_attributes;
  plugin->select_kyc_attributes
--- a/src/exchangedb/procedures.sql.in
+++ b/src/exchangedb/procedures.sql.in
@ -39,6 +39,7 @@ SET search_path TO exchange;
 #include "exchange_do_insert_or_update_policy_details.sql"
 #include "exchange_do_insert_aml_decision.sql"
 #include "exchange_do_insert_aml_officer.sql"
 #include "exchange_do_insert_kyc_attributes.sql"
 #include "exchange_do_reserves_in_insert.sql"
 #include "exchange_do_batch_reserves_update.sql"
 #include "exchange_do_refund_by_coin.sql"
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@ -756,7 +756,6 @@ struct TALER_EXCHANGEDB_TableData
      struct TALER_PaytoHashP h_payto;
      struct GNUNET_ShortHashCode kyc_prox;
      char *provider;
      char *birthdate; /* NULL allowed! */
      struct GNUNET_TIME_Timestamp collection_time;
      struct GNUNET_TIME_Timestamp expiration_time;
      void *encrypted_attributes;
@ -2429,8 +2428,6 @@ typedef void
 * @param cls closure
 * @param h_payto account for which the attribute data is stored
 * @param provider_section provider that must be checked
 * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
 *        digits can be 0 if exact day, month or year are unknown
 * @param collection_time when was the data collected
 * @param expiration_time when does the data expire
 * @param enc_attributes_size number of bytes in @a enc_attributes
@ -2441,7 +2438,6 @@ typedef void
  void *cls,
  const struct TALER_PaytoHashP *h_payto,
  const char *provider_section,
  const char *birthdate,
  struct GNUNET_TIME_Timestamp collection_time,
  struct GNUNET_TIME_Timestamp expiration_time,
  size_t enc_attributes_size,
@ -6765,59 +6761,39 @@ struct TALER_EXCHANGEDB_Plugin
  /**
-   * Store KYC attribute data.
+   * Store KYC attribute data, update KYC process status and
   * AML status for the given account.
   *
   * @param cls closure
   * @param process_row KYC process row to update
   * @param h_payto account for which the attribute data is stored
   * @param kyc_prox key for similarity search
   * @param provider_section provider that must be checked
-   * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
+   * @param provider_account_id provider account ID
-   *        digits can be 0 if exact day, month or year are unknown
+   * @param provider_legitimization_id provider legitimization ID
   * @param birthday birthdate of user, in days after 1990, or 0 if unknown or definitively adult
   * @param collection_time when was the data collected
   * @param expiration_time when does the data expire
   * @param enc_attributes_size number of bytes in @a enc_attributes
   * @param enc_attributes encrypted attribute data
   * @param require_aml true to trigger AML
   * @return database transaction status
   */
  enum GNUNET_DB_QueryStatus
  (*insert_kyc_attributes)(
    void *cls,
    uint64_t process_row,
    const struct TALER_PaytoHashP *h_payto,
    const struct GNUNET_ShortHashCode *kyc_prox,
    const char *provider_section,
-    const char *birthdate,
+    uint32_t birthday,
    struct GNUNET_TIME_Timestamp collection_time,
-    struct GNUNET_TIME_Timestamp expiration_time,
+    const char *provider_account_id,
    const char *provider_legitimization_id,
    struct GNUNET_TIME_Absolute expiration_time,
    size_t enc_attributes_size,
-    const void *enc_attributes);
+    const void *enc_attributes,
-
+    bool require_aml);
  /**
   * Update KYC attribute data.
   *
   * @param cls closure
   * @param h_payto account for which the attribute data is stored
   * @param kyc_prox key for similarity search
   * @param provider_section provider that must be checked
   * @param birthdate birthdate of user, in format YYYY-MM-DD; can be NULL;
   *        digits can be 0 if exact day, month or year are unknown
   * @param collection_time when was the data collected
   * @param expiration_time when does the data expire
   * @param enc_attributes_size number of bytes in @a enc_attributes
   * @param enc_attributes encrypted attribute data
   * @return database transaction status
   */
  enum GNUNET_DB_QueryStatus
  (*update_kyc_attributes)(
    void *cls,
    const struct TALER_PaytoHashP *h_payto,
    const struct GNUNET_ShortHashCode *kyc_prox,
    const char *provider_section,
    const char *birthdate,
    struct GNUNET_TIME_Timestamp collection_time,
    struct GNUNET_TIME_Timestamp expiration_time,
    size_t enc_attributes_size,
    const void *enc_attributes);
  /**
		`@ -1 +1 @@`
			`Subproject commit 8452f991dd967328207fab52a99beb19e2cb4dff`				`Subproject commit 5b8e06dc0a9d17b5b2646fdb1286a3b797ed019e`