taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix #7427

Browse Source
This commit is contained in:
Christian Grothoff 2022-11-06 22:29:51 +01:00
parent 6d59c19f36
commit f8e9241a3d
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
7 changed files with 79 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/exchange/taler-exchange-httpd_kyc-check.c
View File

@ -92,6 +92,11 @@ struct KycPoller
*/ */
struct GNUNET_TIME_Absolute timeout; struct GNUNET_TIME_Absolute timeout;
/**
* If the KYC complete, what kind of data was collected?
*/
json_t *kyc_details;
/** /**
* Set to starting URL of KYC process if KYC is required. * Set to starting URL of KYC process if KYC is required.
*/ */
@ -195,6 +200,7 @@ kyp_cleanup (struct TEH_RequestContext *rc)
kyp->ih_logic->initiate_cancel (kyp->ih); kyp->ih_logic->initiate_cancel (kyp->ih);
kyp->ih = NULL; kyp->ih = NULL;
} }
json_decref (kyp->kyc_details);
GNUNET_free (kyp->kyc_url); GNUNET_free (kyp->kyc_url);
GNUNET_free (kyp->hint); GNUNET_free (kyp->hint);
GNUNET_free (kyp); GNUNET_free (kyp);
@ -327,9 +333,16 @@ kyc_check (void *cls,
if (TALER_KYCLOGIC_check_satisfied ( if (TALER_KYCLOGIC_check_satisfied (
requirements, requirements,
&h_payto, &h_payto,
&kyp->kyc_details,
TEH_plugin->select_satisfied_kyc_processes, TEH_plugin->select_satisfied_kyc_processes,
TEH_plugin->cls)) TEH_plugin->cls))
{
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"KYC requirements `%s' already satisfied\n",
requirements);
GNUNET_free (requirements);
return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS; return GNUNET_DB_STATUS_SUCCESS_NO_RESULTS;
}
kyp->kyc_required = true; kyp->kyc_required = true;
ret = TALER_KYCLOGIC_requirements_to_logic (requirements, ret = TALER_KYCLOGIC_requirements_to_logic (requirements,
@ -610,6 +623,7 @@ TEH_handler_kyc_check (
(ec = TALER_exchange_online_account_setup_success_sign ( (ec = TALER_exchange_online_account_setup_success_sign (
&TEH_keys_exchange_sign_, &TEH_keys_exchange_sign_,
&kyp->h_payto, &kyp->h_payto,
kyp->kyc_details,
now, now,
&pub, &pub,
&sig))) &sig)))
@ -625,6 +639,8 @@ TEH_handler_kyc_check (
&sig), &sig),
GNUNET_JSON_pack_data_auto ("exchange_pub", GNUNET_JSON_pack_data_auto ("exchange_pub",
&pub), &pub),
GNUNET_JSON_pack_object_incref ("kyc_details",
kyp->kyc_details),
GNUNET_JSON_pack_timestamp ("now", GNUNET_JSON_pack_timestamp ("now",
now)); now));
} }

10
src/include/taler_crypto_lib.h
View File

@ -3891,10 +3891,12 @@ TALER_exchange_online_key_set_verify (
/** /**
* Create account setup success signature. * Create account KYC setup success signature.
* *
* @param scb function to call to create the signature * @param scb function to call to create the signature
* @param h_payto target of the KYC account * @param h_payto target of the KYC account
* @param kyc JSON data describing which KYC checks
* were satisfied
* @param timestamp time when the KYC was confirmed * @param timestamp time when the KYC was confirmed
* @param[out] pub where to write the public key * @param[out] pub where to write the public key
* @param[out] sig where to write the signature * @param[out] sig where to write the signature
@ -3904,15 +3906,18 @@ enum TALER_ErrorCode
TALER_exchange_online_account_setup_success_sign ( TALER_exchange_online_account_setup_success_sign (
TALER_ExchangeSignCallback scb, TALER_ExchangeSignCallback scb,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const json_t *kyc,
struct GNUNET_TIME_Timestamp timestamp, struct GNUNET_TIME_Timestamp timestamp,
struct TALER_ExchangePublicKeyP *pub, struct TALER_ExchangePublicKeyP *pub,
struct TALER_ExchangeSignatureP *sig); struct TALER_ExchangeSignatureP *sig);
/** /**
* Verify account setup success signature. * Verify account KYC setup success signature.
* *
* @param h_payto target of the KYC account * @param h_payto target of the KYC account
* @param kyc JSON data describing which KYC checks
* were satisfied
* @param timestamp time when the KYC was confirmed * @param timestamp time when the KYC was confirmed
* @param pub where to write the public key * @param pub where to write the public key
* @param sig where to write the signature * @param sig where to write the signature
@ -3921,6 +3926,7 @@ TALER_exchange_online_account_setup_success_sign (
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_exchange_online_account_setup_success_verify ( TALER_exchange_online_account_setup_success_verify (
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const json_t *kyc,
struct GNUNET_TIME_Timestamp timestamp, struct GNUNET_TIME_Timestamp timestamp,
const struct TALER_ExchangePublicKeyP *pub, const struct TALER_ExchangePublicKeyP *pub,
const struct TALER_ExchangeSignatureP *sig); const struct TALER_ExchangeSignatureP *sig);

5
src/include/taler_exchange_service.h
View File

@ -3454,6 +3454,11 @@ struct TALER_EXCHANGE_KycStatus
struct struct
{ {
/**
* Details about which KYC check(s) were passed.
*/
const json_t *kyc_details;
/** /**
* Time of the affirmation. * Time of the affirmation.
*/ */

3
src/include/taler_kyclogic_lib.h
View File

@ -232,6 +232,8 @@ TALER_KYCLOGIC_kyc_test_required (enum TALER_KYCLOGIC_KycTriggerEvent event,
* *
* @param requirements space-spearated list of requirements * @param requirements space-spearated list of requirements
* @param h_payto hash over the account * @param h_payto hash over the account
* @param[out] kyc_expire if satisfied, set to when the KYC
* check data expires
* @param ki iterator over satisfied providers * @param ki iterator over satisfied providers
* @param ki_cls closure for @a ki * @param ki_cls closure for @a ki
* @return true if the KYC check was satisfied * @return true if the KYC check was satisfied
@ -239,6 +241,7 @@ TALER_KYCLOGIC_kyc_test_required (enum TALER_KYCLOGIC_KycTriggerEvent event,
bool bool
TALER_KYCLOGIC_check_satisfied (const char *requirements, TALER_KYCLOGIC_check_satisfied (const char *requirements,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
json_t **kyc_details,
TALER_KYCLOGIC_KycSatisfiedIterator ki, TALER_KYCLOGIC_KycSatisfiedIterator ki,
void *ki_cls); void *ki_cls);

32
src/kyclogic/kyclogic_api.c
View File

@ -306,9 +306,8 @@ load_logic (const struct GNUNET_CONFIGURATION_Handle *cfg,
/** /**
* Add check type to global array of checks. * Add check type to global array of checks. First checks if the type already
* First checks if the type already exists, otherwise * exists, otherwise adds a new one.
* adds a new one.
* *
* @param check name of the check * @param check name of the check
* @return pointer into the global list * @return pointer into the global list
@ -934,6 +933,10 @@ struct RemoveContext
*/ */
unsigned int *needed_cnt; unsigned int *needed_cnt;
/**
* Object with information about collected KYC data.
*/
json_t *kyc_details;
}; };
@ -967,6 +970,14 @@ remove_satisfied (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Provider satisfies check `%s'\n", "Provider satisfies check `%s'\n",
kc->name); kc->name);
if (NULL != rc->kyc_details)
{
GNUNET_assert (0 ==
json_object_set_new (
rc->kyc_details,
kc->name,
json_object ()));
}
for (unsigned int k = 0; k<*rc->needed_cnt; k++) for (unsigned int k = 0; k<*rc->needed_cnt; k++)
if (kc == rc->needed[k]) if (kc == rc->needed[k])
{ {
@ -1136,6 +1147,7 @@ TALER_KYCLOGIC_kyc_get_details (
bool bool
TALER_KYCLOGIC_check_satisfied (const char *requirements, TALER_KYCLOGIC_check_satisfied (const char *requirements,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
json_t **kyc_details,
TALER_KYCLOGIC_KycSatisfiedIterator ki, TALER_KYCLOGIC_KycSatisfiedIterator ki,
void *ki_cls) void *ki_cls)
{ {
@ -1157,10 +1169,13 @@ TALER_KYCLOGIC_check_satisfied (const char *requirements,
{ {
struct RemoveContext rc = { struct RemoveContext rc = {
.needed = needed, .needed = needed,
.needed_cnt = &needed_cnt .needed_cnt = &needed_cnt,
}; };
enum GNUNET_DB_QueryStatus qs; enum GNUNET_DB_QueryStatus qs;
rc.kyc_details = json_object ();
GNUNET_assert (NULL != rc.kyc_details);
/* Check what provider checks are already satisfied for h_payto (with /* Check what provider checks are already satisfied for h_payto (with
database), remove those from the 'needed' array. */ database), remove those from the 'needed' array. */
qs = ki (ki_cls, qs = ki (ki_cls,
@ -1168,6 +1183,15 @@ TALER_KYCLOGIC_check_satisfied (const char *requirements,
&remove_satisfied, &remove_satisfied,
&rc); &rc);
GNUNET_break (qs >= 0); // FIXME: handle DB failure more nicely? GNUNET_break (qs >= 0); // FIXME: handle DB failure more nicely?
if (0 != needed_cnt)
{
json_decref (rc.kyc_details);
*kyc_details = NULL;
}
else
{
*kyc_details = rc.kyc_details;
}
} }
return (0 == needed_cnt); return (0 == needed_cnt);
} }

5
src/lib/exchange_api_kyc_check.c
View File

@ -96,6 +96,7 @@ handle_kyc_check_finished (void *cls,
break; break;
case MHD_HTTP_OK: case MHD_HTTP_OK:
{ {
json_t *kyc_details;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("exchange_sig", GNUNET_JSON_spec_fixed_auto ("exchange_sig",
&ks.details.success.exchange_sig), &ks.details.success.exchange_sig),
@ -103,6 +104,8 @@ handle_kyc_check_finished (void *cls,
&ks.details.success.exchange_pub), &ks.details.success.exchange_pub),
GNUNET_JSON_spec_timestamp ("now", GNUNET_JSON_spec_timestamp ("now",
&ks.details.success.timestamp), &ks.details.success.timestamp),
GNUNET_JSON_spec_json ("kyc_details",
&kyc_details),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
const struct TALER_EXCHANGE_Keys *key_state; const struct TALER_EXCHANGE_Keys *key_state;
@ -117,6 +120,7 @@ handle_kyc_check_finished (void *cls,
ks.ec = TALER_EC_GENERIC_INVALID_RESPONSE; ks.ec = TALER_EC_GENERIC_INVALID_RESPONSE;
break; break;
} }
ks.details.success.kyc_details = kyc_details;
key_state = TALER_EXCHANGE_get_keys (kch->exchange); key_state = TALER_EXCHANGE_get_keys (kch->exchange);
if (GNUNET_OK != if (GNUNET_OK !=
TALER_EXCHANGE_test_signing_key (key_state, TALER_EXCHANGE_test_signing_key (key_state,
@ -132,6 +136,7 @@ handle_kyc_check_finished (void *cls,
if (GNUNET_OK != if (GNUNET_OK !=
TALER_exchange_online_account_setup_success_verify ( TALER_exchange_online_account_setup_success_verify (
&kch->h_payto, &kch->h_payto,
ks.details.success.kyc_details,
ks.details.success.timestamp, ks.details.success.timestamp,
&ks.details.success.exchange_pub, &ks.details.success.exchange_pub,
&ks.details.success.exchange_sig)) &ks.details.success.exchange_sig))

22
src/util/exchange_signatures.c
View File

@ -449,18 +449,20 @@ struct TALER_ExchangeAccountSetupSuccessPS
struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/** /**
* Hash over the payto for which the signature was * Hash over the payto for which the signature was made.
* made.
*/ */
struct TALER_PaytoHashP h_payto; struct TALER_PaytoHashP h_payto;
/* FIXME: include details on *which* KYC process was satisfied! #7427 */ /**
* Hash over details on *which* KYC obligations were discharged!
*/
struct GNUNET_HashCode h_kyc;
/** /**
* When was the signature made. * When was the signature made.
* FIXME: replace by *expiration* time! #7427
*/ */
struct GNUNET_TIME_TimestampNBO timestamp; struct GNUNET_TIME_TimestampNBO timestamp;
}; };
GNUNET_NETWORK_STRUCT_END GNUNET_NETWORK_STRUCT_END
@ -470,6 +472,7 @@ enum TALER_ErrorCode
TALER_exchange_online_account_setup_success_sign ( TALER_exchange_online_account_setup_success_sign (
TALER_ExchangeSignCallback scb, TALER_ExchangeSignCallback scb,
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const json_t *kyc,
struct GNUNET_TIME_Timestamp timestamp, struct GNUNET_TIME_Timestamp timestamp,
struct TALER_ExchangePublicKeyP *pub, struct TALER_ExchangePublicKeyP *pub,
struct TALER_ExchangeSignatureP *sig) struct TALER_ExchangeSignatureP *sig)
@ -479,10 +482,11 @@ TALER_exchange_online_account_setup_success_sign (
.purpose.purpose = htonl ( .purpose.purpose = htonl (
TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS), TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS),
.h_payto = *h_payto, .h_payto = *h_payto,
.timestamp = GNUNET_TIME_timestamp_hton ( .timestamp = GNUNET_TIME_timestamp_hton (timestamp)
timestamp)
}; };
TALER_json_hash (kyc,
&kyc_purpose.h_kyc);
return scb (&kyc_purpose.purpose, return scb (&kyc_purpose.purpose,
pub, pub,
sig); sig);
@ -492,6 +496,7 @@ TALER_exchange_online_account_setup_success_sign (
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_exchange_online_account_setup_success_verify ( TALER_exchange_online_account_setup_success_verify (
const struct TALER_PaytoHashP *h_payto, const struct TALER_PaytoHashP *h_payto,
const json_t *kyc,
struct GNUNET_TIME_Timestamp timestamp, struct GNUNET_TIME_Timestamp timestamp,
const struct TALER_ExchangePublicKeyP *pub, const struct TALER_ExchangePublicKeyP *pub,
const struct TALER_ExchangeSignatureP *sig) const struct TALER_ExchangeSignatureP *sig)
@ -501,10 +506,11 @@ TALER_exchange_online_account_setup_success_verify (
.purpose.purpose = htonl ( .purpose.purpose = htonl (
TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS), TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS),
.h_payto = *h_payto, .h_payto = *h_payto,
.timestamp = GNUNET_TIME_timestamp_hton ( .timestamp = GNUNET_TIME_timestamp_hton (timestamp)
timestamp)
}; };
TALER_json_hash (kyc,
&kyc_purpose.h_kyc);
return return
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_EXCHANGE_ACCOUNT_SETUP_SUCCESS,
&kyc_purpose, &kyc_purpose,