integrate auditor signature check logic with taler-helper-auditor-coins

src/auditor/report-lib.c

@@ -64,7 +64,12 @@ struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
 /**
  * Public key of the auditor.
  */
-static struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+
+/**
+ * REST API endpoint of the auditor.
+ */
+char *TALER_ARL_auditor_url;
 
 /**
  * At what time did the auditor process start?
@@ -177,62 +182,6 @@ add_denomination (
       GNUNET_CONTAINER_multihashmap_get (denominations,
                                          &issue->denom_hash))
     return; /* value already known */
-#if FIXME_IMPLEMENT
-  qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
-                                                TALER_ARL_esession,
-                                                &issue->denom_hash,
-                                                &TALER_ARL_auditor_pub,
-                                                &auditor_sig);
-  if (0 >= qs)
-  {
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
-                "Encountered denomination `%s' that this auditor is not auditing!\n",
-                GNUNET_h2s (&issue->denom_hash));
-    return; /* skip! */
-  }
-  {
-    // TODO: one of the auditor passes should really just do this
-    // add problems to JSON report (even if the implications are unclear),
-    // instead of doing it here!
-    struct TALER_Amount coin_value;
-    struct TALER_Amount fee_withdraw;
-    struct TALER_Amount fee_deposit;
-    struct TALER_Amount fee_refresh;
-    struct TALER_Amount fee_refund;
-
-    TALER_amount_hton (&coin_value,
-                       &issue->value);
-    TALER_amount_hton (&fee_withdraw,
-                       &issue->fee_withdraw);
-    TALER_amount_hton (&fee_deposit,
-                       &issue->fee_deposit);
-    TALER_amount_hton (&fee_refresh,
-                       &issue->fee_refresh);
-    TALER_amount_hton (&fee_refund,
-                       &issue->fee_refund);
-    if (GNUNET_OK !=
-        TALER_auditor_denom_validity_verify (
-          TALER_ARL_auditor_url,
-          &issue->denom_hash,
-          &TALER_ARL_master_pub,
-          GNUNET_TIME_absolute_ntoh (issue->start),
-          GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
-          GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
-          GNUNET_TIME_absolute_ntoh (issue->expire_legal),
-          &coin_value,
-          &fee_withdraw,
-          &fee_deposit,
-          &fee_refresh,
-          &fee_refund,
-          &TALER_ARL_auditor_pub,
-          &auditor_sig))
-    {
-      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                  "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n",
-                  GNUNET_h2s (&issue->denom_hash));
-    }
-  }
-#endif
 #if GNUNET_EXTRA_LOGGING >= 1
   {
     struct TALER_Amount value;
@@ -728,6 +677,18 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
 {
   TALER_ARL_cfg = c;
   start_time = GNUNET_TIME_absolute_get ();
+
+  if (GNUNET_OK !=
+      GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
+                                             "auditor",
+                                             "BASE_URL",
+                                             &TALER_ARL_auditor_url))
+  {
+    GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+                               "auditor",
+                               "BASE_URL");
+    return GNUNET_SYSERR;
+  }
   if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))
   {
     /* -m option not given, try configuration */
@@ -944,6 +905,7 @@ TALER_ARL_done (json_t *report)
                 JSON_INDENT (2));
     json_decref (report);
   }
+  GNUNET_free (TALER_ARL_auditor_url);
 }
 
 

src/auditor/report-lib.h

@@ -74,6 +74,16 @@ extern struct TALER_AUDITORDB_Session *TALER_ARL_asession;
  */
 extern struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
 
+/**
+ * Public key of the auditor.
+ */
+extern struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+
+/**
+ * REST API endpoint of the auditor.
+ */
+extern char *TALER_ARL_auditor_url;
+
 /**
  * At what time did the auditor process start?
  */

src/auditor/taler-helper-auditor-coins.c

@@ -2196,6 +2196,81 @@ recoup_refresh_cb (void *cls,
 }
 
 
+/**
+ * Function called with the results of iterate_denomination_info(),
+ * or directly (!).  Used to check that we correctly signed the
+ * denomination and to warn if there are denominations not approved
+ * by this auditor.
+ *
+ * @param cls closure, NULL
+ * @param denom_pub public key, sometimes NULL (!)
+ * @param validity issuing information with value, fees and other info about the denomination.
+ */
+static void
+check_denomination (
+  void *cls,
+  const struct TALER_DenominationPublicKey *denom_pub,
+  const struct TALER_EXCHANGEDB_DenominationKeyInformationP *validity)
+{
+  const struct TALER_DenominationKeyValidityPS *issue = &validity->properties;
+  enum GNUNET_DB_QueryStatus qs;
+  struct TALER_AuditorSignatureP auditor_sig;
+
+  qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
+                                                TALER_ARL_esession,
+                                                &issue->denom_hash,
+                                                &TALER_ARL_auditor_pub,
+                                                &auditor_sig);
+  if (0 >= qs)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "Encountered denomination `%s' that this auditor is not auditing!\n",
+                GNUNET_h2s (&issue->denom_hash));
+    return; /* skip! */
+  }
+  {
+    struct TALER_Amount coin_value;
+    struct TALER_Amount fee_withdraw;
+    struct TALER_Amount fee_deposit;
+    struct TALER_Amount fee_refresh;
+    struct TALER_Amount fee_refund;
+
+    TALER_amount_ntoh (&coin_value,
+                       &issue->value);
+    TALER_amount_ntoh (&fee_withdraw,
+                       &issue->fee_withdraw);
+    TALER_amount_ntoh (&fee_deposit,
+                       &issue->fee_deposit);
+    TALER_amount_ntoh (&fee_refresh,
+                       &issue->fee_refresh);
+    TALER_amount_ntoh (&fee_refund,
+                       &issue->fee_refund);
+    if (GNUNET_OK !=
+        TALER_auditor_denom_validity_verify (
+          TALER_ARL_auditor_url,
+          &issue->denom_hash,
+          &TALER_ARL_master_pub,
+          GNUNET_TIME_absolute_ntoh (issue->start),
+          GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
+          GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
+          GNUNET_TIME_absolute_ntoh (issue->expire_legal),
+          &coin_value,
+          &fee_withdraw,
+          &fee_deposit,
+          &fee_refresh,
+          &fee_refund,
+          &TALER_ARL_auditor_pub,
+          &auditor_sig))
+    {
+      // FIXME: add properly to audit report!
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n",
+                  GNUNET_h2s (&issue->denom_hash));
+    }
+  }
+}
+
+
 /**
  * Analyze the exchange's processing of coins.
  *
@@ -2211,6 +2286,17 @@ analyze_coins (void *cls)
   enum GNUNET_DB_QueryStatus qsp;
 
   (void) cls;
+  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+              "Checking denominations...\n");
+  qs = TALER_ARL_edb->iterate_denomination_info (TALER_ARL_edb->cls,
+                                                 TALER_ARL_esession,
+                                                 &check_denomination,
+                                                 NULL);
+  if (0 > qs)
+  {
+    GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+    return qs;
+  }
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Analyzing coins\n");
   qsp = TALER_ARL_adb->get_auditor_progress_coin (TALER_ARL_adb->cls,

src/exchangedb/plugin_exchangedb_postgres.c

@@ -1597,6 +1597,14 @@ postgres_get_session (void *cls)
                               ") VALUES "
                               "($1, $2, $3);",
                               3),
+      /* used in #postgres_select_auditor_denom_sig() */
+      GNUNET_PQ_make_prepare ("select_auditor_denom_sig",
+                              "SELECT"
+                              " auditor_sig"
+                              " FROM auditor_denom_sigs"
+                              " WHERE auditor_pub=$1"
+                              " AND denom_pub_hash=$2",
+                              2),
       /* used in #postgres_lookup_wire_fee_by_time() */
       GNUNET_PQ_make_prepare ("lookup_wire_fee_by_time",
                               "SELECT"
@@ -8695,6 +8703,43 @@ postgres_insert_auditor_denom_sig (
 }
 
 
+/**
+ * Select information about an auditor auditing a denomination key.
+ *
+ * @param cls closure
+ * @param session a session
+ * @param h_denom_pub the audited denomination
+ * @param auditor_pub the auditor's key
+ * @param[out] auditor_sig set to signature affirming the auditor's audit activity
+ * @return transaction status code
+ */
+static enum GNUNET_DB_QueryStatus
+postgres_select_auditor_denom_sig (
+  void *cls,
+  struct TALER_EXCHANGEDB_Session *session,
+  const struct GNUNET_HashCode *h_denom_pub,
+  const struct TALER_AuditorPublicKeyP *auditor_pub,
+  struct TALER_AuditorSignatureP *auditor_sig)
+{
+  struct GNUNET_PQ_QueryParam params[] = {
+    GNUNET_PQ_query_param_auto_from_type (auditor_pub),
+    GNUNET_PQ_query_param_auto_from_type (h_denom_pub),
+    GNUNET_PQ_query_param_end
+  };
+  struct GNUNET_PQ_ResultSpec rs[] = {
+    GNUNET_PQ_result_spec_auto_from_type ("auditor_sig",
+                                          auditor_sig),
+    GNUNET_PQ_result_spec_end
+  };
+
+  (void) cls;
+  return GNUNET_PQ_eval_prepared_singleton_select (session->conn,
+                                                   "select_auditor_denom_sig",
+                                                   params,
+                                                   rs);
+}
+
+
 /**
  * Closure for #wire_fee_by_time_helper()
  */
@@ -9036,6 +9081,8 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
     = &postgres_lookup_denomination_key;
   plugin->insert_auditor_denom_sig
     = &postgres_insert_auditor_denom_sig;
+  plugin->select_auditor_denom_sig
+    = &postgres_select_auditor_denom_sig;
   plugin->lookup_wire_fee_by_time
     = &postgres_lookup_wire_fee_by_time;
   plugin->add_denomination_key

src/include/taler_exchangedb_plugin.h

@@ -3436,6 +3436,25 @@ struct TALER_EXCHANGEDB_Plugin
     const struct TALER_AuditorSignatureP *auditor_sig);
 
 
+  /**
+   * Obtain information about an auditor auditing a denomination key.
+   *
+   * @param cls closure
+   * @param session a session
+   * @param h_denom_pub the audited denomination
+   * @param auditor_pub the auditor's key
+   * @param[out] auditor_sig set to signature affirming the auditor's audit activity
+   * @return transaction status code
+   */
+  enum GNUNET_DB_QueryStatus
+  (*select_auditor_denom_sig)(
+    void *cls,
+    struct TALER_EXCHANGEDB_Session *session,
+    const struct GNUNET_HashCode *h_denom_pub,
+    const struct TALER_AuditorPublicKeyP *auditor_pub,
+    struct TALER_AuditorSignatureP *auditor_sig);
+
+
   /**
    * Lookup information about known wire fees.
    *