- taler-offline-tool now handles extensions
- command "extensions" added with subcommands "show" and "sign"
- parses extensions from taler config
- shows and signs of extensions and their configurations
- creates signed set of configurations for upload
- added test for retrieval of extension config
- simplified signature verification for extensions
- remove per-extension signatures, also from DB schema
- adjust prepared statements accordingly
- adjust DB event handler for extensions
- allow NULL for config for extension in DB schema
- handler for /management/extensions adjusted to new datastructures
- changed test for TALER_denom_blind/TALER_denom_sign_blinded with and
without TALER_AgeHash
- minor updates and various fixes
The current "/recoup" API does not have clear idempotency semantics, as we've discussed on the phone. This is already bad by itself, as it makes it hard to write down what the API does other than "whatever the implementation does".
However, it actually breaks correctness in this (admittedly kinda contrived, but not impossible) case:
Say that we have a coin A obtained via withdrawal and a coin B obtained via refreshing coin A. Now the denominations of A gets revoked..
The wallet does a recoup of A for EUR:1.
Now the denomination of B also gets revoked. The wallet recoups B (incidentally also for EUR:1) and now A can be recouped again for EUR:1. But now the exchange is in a state where it will refuse a legitimate recoup request for A because the detection for an idempotent request kicks in.
This is IMHO bad API design, and the exchange should simply always recoup the maximum amount.
Furthermore, we usually follow the principle of "API calls that take up DB space are paid". With the current recoup API, I can do many tiny recoup requests which the exchange then has to store, right?
I guess it would not be a big change to remove the "amount" value from the recoup/recoup-refresh request bodies, right?
- Florian
More work towards support for extensions:
- Prepared statements and DB-plugin-functions for setting and retrieving
configurations from the database added.
- primitive "registry" of extensions for age restrictions and peer2peer
(stub)
- TALER_Extensions now with FP for parsing, setting and converting a
configuration.
- /management/extensions handler now verifies signature of the (opaque)
json object for all extensions.
- /management/extensions handler calls the FP in the corrensponding
TALER_Extension for parsing and setting the configuration of a
particular extension
More work towards age restriction:
- TALER_Extensions interfaces for config-parser, -setter and converter
implemented for age restriction
- DB event handler now retrieves config from database, parses it and
sets it (the age mask) in the global extension.
- load_age_mask now loads age mask from the global extension (and not
from the config file)
- add age_restricted_denoms to /keys response
More worke towards support for extensions and age restriction:
- taler-exchange-httpd_management_extensions.c almost completed
- handling of request implemented
- stub "set_extensions" for database transaction added
- utility functions added
- TALER_exchange_offline_extension_agemask_{sign,verify}
- TALER_agemask_parse_json
- taler-exchange-secmod-rsa
- extracts AGE_RESTRICTED per denomination from config
- propagates flag for each denomination to server
- if age restriction is set for a denomination,
age _mask_ is taken (for now!) from config
- remove redundant struct members for age commitment hash
- undo pre-mature implementation in taler-exchange-secmod-rsa.c
- carry through age restriction parameter for TALER_denom_blind
This change enables using multiple wire plugins at the same time.
Also, we now distinguish between the wire plugin (i.e. EBICS or
taler_bank) and the wire method (i.e. SEPA or x-taler-bank) that
the wire plugin is implementing. The "taler-bank" wire method
was renamed from "test" to "x-taler-bank".
This also changes the format of the /wire response of the exchange,
as we now need to return multiple accounts. Note that wire fees
are specified per wire method, not per wire account.
taler-exchange-keyup now automatically signs all of the /wire
responses in the location specified by the configuration.
Account identification in wire plugins was changed to use
payto://-URLs instead of method-specific JSON fields. Signing
and validation of /wire responses was moved from each wire
plugin to a generic validation method in libtalerutil (crypto)
or libtalerjson (for JSON-formatted inputs).
Convenience methods were added to generate JSON for wire accounts
(salting, signing).
Various section and option names were adjusted to streamline the
configuration and make it more consistent overall. Documentation
was updated as well.
