Compare commits

...

648 Commits

Author SHA1 Message Date
e660a513fd
-fix url to gana submodule 2023-01-19 21:07:42 +01:00
Christian Grothoff
3a7045bfca
-fix warning 2023-01-18 14:26:25 +01:00
Christian Grothoff
999209518d
new AML APIs (libtalerexchange) 2023-01-18 14:26:15 +01:00
Christian Grothoff
cda751eaa5
eventually kick out /keys clients also if ksh exists but krd array is empty 2023-01-17 17:53:16 +01:00
Christian Grothoff
c60e6184fd
terminate taler-exchange-offline on invalid inputs 2023-01-17 17:52:39 +01:00
Christian Grothoff
abb692f02d
-run fetch-transactions in auditor test to avoid non-deterministic failure 2023-01-17 15:33:36 +01:00
Christian Grothoff
4e7d4aa4b2
bumping version to v0.9.1 2023-01-17 15:06:55 +01:00
Christian Grothoff
9091c32c0f
move state to inner URL 2023-01-16 18:59:28 +01:00
Christian Grothoff
190a1b68b0
fix #7594: skip test if DB not setup 2023-01-16 18:17:15 +01:00
Christian Grothoff
ab7c676f49
-typos 2023-01-16 17:47:16 +01:00
Christian Grothoff
faf3f57ce3
do not 500 on empty reserve history by not ignoring undecided purses that may have caused reserve to be created in the first place 2023-01-16 17:45:05 +01:00
Christian Grothoff
8563dcc845
log which subquery failed 2023-01-16 16:47:15 +01:00
Christian Grothoff
ce50b33fba
-fix args 2023-01-16 16:08:23 +01:00
Christian Grothoff
6596e6c723
fix for foreign key constraint problem for free purses on purse creation from reserve 2023-01-16 15:45:35 +01:00
Christian Grothoff
402ca17600
-fix warning 2023-01-16 11:28:13 +01:00
Christian Grothoff
d5619de525
fix test_kyc_api: adapt test logic to improved OAuth2.0 kyc API: 2023-01-16 11:25:18 +01:00
Christian Grothoff
6231c365fd
-fix KYC logic change to work for all plugins and not just OAuth2.0 2023-01-16 11:14:59 +01:00
Christian Grothoff
cbb021b6bf
-fix compiler warning: add missing prototype 2023-01-15 22:58:07 +01:00
MS
50a33389da
libeufin-based bank API test
Give Nexus and Sandbox one database each,
in order to reduce concurrent accesses to
the sqlite3 file.
2023-01-13 22:59:22 +01:00
Sebastian
f8ddd0b685
fix kyc-proof handle
1.- redirect_uri has an extra slash
2.- response_type=code is required https://www.rfc-editor.org/rfc/rfc6749#section-3.1.1
3.- add more info to "Unexpected response from KYC gateway"
4.- relax the requirements on the login response, marked as optional
5.- redirect_uri should be the same when exchanging the code for the access_token,
6.- remove legi and payto from kyc-proof path
7.- use state to transport h_payto https://www.rfc-editor.org/rfc/rfc6749#section-4.1.1
2023-01-13 12:16:44 -03:00
4374b1868e
gana 2023-01-13 13:12:58 +01:00
Christian Grothoff
f487cf43b3
-make LP delay configurable 2023-01-13 10:52:32 +01:00
Christian Grothoff
caaa90d3d8
-make LP delay configurable 2023-01-13 10:51:45 +01:00
Christian Grothoff
0ac0344d84
exchangedb: remove bogus foreign key constraint 2023-01-13 10:42:34 +01:00
Christian Grothoff
168fd80fbf
-do not include long delays in test mode, ever 2023-01-12 17:46:42 +01:00
Christian Grothoff
832097c144
-add missing library dependencies for clean build 2023-01-12 14:14:32 +01:00
Christian Grothoff
07289fd919
-remove duplicate definitions 2023-01-12 13:46:15 +01:00
MS
c6876bfb4f
tests: adjusting the bank URL for the wallet CLI.
The wallet CLI needs the bank URL to still end with
"/demobanks/default" to find the Access API endpoints,
as opposed to the latest libeufin-cli that builds those
from the "/"-only base URL.
2023-01-11 18:40:52 +01:00
Christian Grothoff
f2e444a6bb
Merge branch 'master' of git+ssh://git.taler.net/exchange 2023-01-11 17:33:01 +01:00
Christian Grothoff
30c6580c4e
-return EC as part of 451 KYC required replies 2023-01-11 17:32:56 +01:00
eafe3435e9
adjust partition and primary keys commitments and reveals in withdraw-age 2023-01-11 17:21:22 +01:00
Christian Grothoff
8992c30631
-typo 2023-01-11 17:06:59 +01:00
Christian Grothoff
af06ddc8e8
-add a few missing indices/foreign key constraints 2023-01-11 16:43:22 +01:00
Christian Grothoff
ce43a23ddd
-fix linker issue 2023-01-11 16:32:02 +01:00
Christian Grothoff
e2e04d8c8e
-purge libeufin DB before launch 2023-01-11 16:20:02 +01:00
Christian Grothoff
5a5e0c3723
remove demobanks/default everywhere in URLs, no longer needed 2023-01-11 16:04:04 +01:00
Christian Grothoff
cf7e0ccce6
-DCE 2023-01-11 15:54:12 +01:00
Christian Grothoff
b6f9f0040b
Merge branch 'master' of git+ssh://git.taler.net/exchange 2023-01-11 15:48:02 +01:00
Christian Grothoff
4dc7775ec4
-remove pybank remenants 2023-01-11 15:47:58 +01:00
e6929fd3ee
choose correct partition pivot and denormalization for withdraw-age related tables 2023-01-11 15:23:57 +01:00
Christian Grothoff
973c671679
-implement --help for taler-bank-manage-testing 2023-01-11 13:38:34 +01:00
Christian Grothoff
fe3192a13e
-implement --help for taler-bank-manage-testing 2023-01-11 13:38:10 +01:00
Christian Grothoff
e38f321793
-implement --help for taler-bank-manage-testing 2023-01-11 13:35:40 +01:00
Christian Grothoff
5ea311f9f6
-fix example KYC config options 2023-01-11 13:03:40 +01:00
Christian Grothoff
18515a2374
Merge branch 'master' of git+ssh://git.taler.net/exchange 2023-01-11 12:05:29 +01:00
Christian Grothoff
f85fe853ce
-no drop 2023-01-11 12:05:19 +01:00
Joseph
5de648b0f6
new functions for inserting into link_data ready_deposit refunds 2023-01-11 05:55:14 -05:00
23626c02c7
added schema for withdraw with age restriction 2023-01-10 21:56:56 +01:00
63e222d049
-fix multiple definitions of same variable in Makefile.am 2023-01-10 15:24:01 +01:00
Christian Grothoff
1df72de087
Merge branch 'master' of git+ssh://git.taler.net/exchange 2023-01-10 13:36:02 +01:00
Christian Grothoff
b41ffd1a1a
-more consistent naming of KYC_PERSONA options 2023-01-10 13:35:57 +01:00
Christian Grothoff
0cf46d8e59
-add index on shard 2023-01-09 19:35:16 +01:00
Christian Grothoff
d782dd7f54
wirewatch: ensure wirewatch doesn't busy-loop even if the server errors or ignores long-polling 2023-01-07 13:53:59 +01:00
Christian Grothoff
854e9fda1e
update md files 2023-01-06 22:23:44 +01:00
Christian Grothoff
6cb8b68bd0
support md in TOS 2023-01-06 22:22:21 +01:00
Joseph
28c3ae47de
try batch1 with cursor 2023-01-06 11:15:32 -05:00
Joseph
1a94db3d49
some changes to batchtest 2023-01-06 11:06:02 -05:00
Joseph
37f294b6ad
modifications to batch1 2023-01-06 11:06:02 -05:00
Christian Grothoff
ade221f974
-fix crash in wirewatch if badly configured 2023-01-06 15:26:10 +01:00
Christian Grothoff
62a6142a8d
-remove warning 2023-01-06 13:35:03 +01:00
Christian Grothoff
7ee7790ac4
use different sleep when idle vs. when conflicting in wirewatch 2023-01-06 13:34:01 +01:00
Christian Grothoff
463b3af4ea
-saner logging 2023-01-06 13:30:48 +01:00
Christian Grothoff
cea4e6ba61
add index on end row 2023-01-06 13:21:18 +01:00
Christian Grothoff
63db50b2b1
-log origin of serialization errors 2023-01-06 13:14:31 +01:00
Christian Grothoff
e58b96e203
Merge branch 'master' of git+ssh://git.taler.net/exchange 2023-01-06 13:12:25 +01:00
Christian Grothoff
4d00c34829
-log origin of serialization errors 2023-01-06 13:12:18 +01:00
Joseph
cc07a75424
some corrections applied to batch1 2023-01-06 07:07:14 -05:00
Joseph
865f3aca19
corrections applied to batch 1 2023-01-06 06:16:52 -05:00
Joseph
043c46c59d
modifications applied to batch test... 2023-01-05 09:22:16 -05:00
Joseph
d805c54052
modifications on batch test again 2023-01-05 07:55:07 -05:00
Joseph
7933815ce6
corrections applied to batch test 2023-01-05 06:07:20 -05:00
Joseph
d1491fb421
some modif 2023-01-04 10:14:12 -05:00
Joseph
069708205c
some modifications for batch_test 2023-01-04 09:43:47 -05:00
Joseph
2eb59d9135
some corrections to batch2 2023-01-04 07:44:34 -05:00
Joseph
6457ee56df
corrections applied to batch_test 2023-01-04 07:31:08 -05:00
Joseph
31fefec5dd
import correct header for batch test 2023-01-03 07:16:52 -05:00
Joseph
3ea5b7c52f
remove populate from Makefile 2023-01-03 05:46:36 -05:00
Joseph
b001046a1e
some modifications for batch update 2023-01-03 05:28:54 -05:00
Joseph
1c104ddf28
insert 2023-01-03 05:28:47 -05:00
2a4aa9ebae
-missed a file during last commit 2023-01-02 20:41:55 +01:00
8e6b086753
mark parameter as const; free correct object 2023-01-02 17:47:06 +01:00
Christian Grothoff
4f0d85935f
-crypto for AML decision signatures 2023-01-01 18:36:54 +01:00
Christian Grothoff
c5ad98da98
write KYC attribute encryption logic 2022-12-31 15:10:35 +01:00
Christian Grothoff
509141b600
-finish implementation of new DB functions 2022-12-31 01:15:40 +01:00
Christian Grothoff
b1d9745545
-work on new DB queries 2022-12-30 21:28:19 +01:00
Christian Grothoff
5754adc414
-implement lookup aml staff 2022-12-30 20:34:57 +01:00
Christian Grothoff
c5773ce206
-doxygen fixes 2022-12-30 14:44:24 +01:00
Christian Grothoff
94fbb1c211
-basic insert logic of new DB API 2022-12-30 14:41:16 +01:00
Christian Grothoff
c002f458ce
-C skeletions 2022-12-30 14:24:48 +01:00
Christian Grothoff
b7000379ed
-add prototypes 2022-12-30 13:45:36 +01:00
Christian Grothoff
5169abcdcd
-skeleton for new DB API functions 2022-12-30 13:40:07 +01:00
Christian Grothoff
26aa9d985e
expand DB API with AML functions, fix purse refund calculations in libtalerexchange 2022-12-29 11:48:57 +01:00
Christian Grothoff
fa840f7071
Merge branch 'master' of git+ssh://git.taler.net/exchange 2022-12-29 10:10:25 +01:00
Christian Grothoff
5828eead70
-fix SQL 2022-12-29 10:10:11 +01:00
Christian Grothoff
915d6ddfaa
-debug 2022-12-29 00:35:06 +01:00
Christian Grothoff
5df74558de
misc purse deletion fixes 2022-12-29 00:34:36 +01:00
Christian Grothoff
880c14909b
add notification logic on purse deletion 2022-12-28 23:44:17 +01:00
Christian Grothoff
5533bcbf65
add purse delete testing CMD 2022-12-28 22:55:48 +01:00
Christian Grothoff
f662313f79
add purse delete functions to libtalerexchange 2022-12-28 22:42:09 +01:00
Christian Grothoff
b554501621
integrate DELETE into dispatcher, remove legacy KYC code 2022-12-28 22:16:03 +01:00
Joseph
2f993d3ee3
populate denom-coin-dep 2022-12-28 09:37:47 -05:00
Christian Grothoff
f864d66d93
handle case where purse was already deleted on merge 2022-12-28 12:58:30 +01:00
Christian Grothoff
1e7e0058e8
handle idempotency on purse deletion 2022-12-28 12:41:49 +01:00
Christian Grothoff
7212cd12bc
add missing stored procedure 2022-12-28 12:37:48 +01:00
Joseph
b2fea7a559
Remove pop_table from Makefile 2022-12-28 05:48:37 -05:00
Joseph
a4886dc22d
Update batch insert 1 2022-12-28 05:40:31 -05:00
Christian Grothoff
aff9dc1848
-define purse deletion C API 2022-12-28 11:14:00 +01:00
Christian Grothoff
9facc2d381
-first sketch for purse delete handler 2022-12-27 22:01:48 +01:00
Christian Grothoff
787c56e7e9
-add do_purse_delete API 2022-12-27 21:18:12 +01:00
Christian Grothoff
26624bed95
-purse deletion SQL logic 2022-12-27 20:36:58 +01:00
Christian Grothoff
8d0bf81801
-new crypto functions 2022-12-27 11:49:41 +01:00
Christian Grothoff
704f791d0c
-typo 2022-12-27 11:03:08 +01:00
Christian Grothoff
66d78c73e4
-doxygen fixes 2022-12-27 09:13:48 +01:00
Christian Grothoff
5dcad73d29
-prepare for AML staff PKI 2022-12-27 09:05:45 +01:00
Christian Grothoff
871d010637
-expand tables 2022-12-27 03:31:13 +01:00
Christian Grothoff
42e2726f43
-work on v3 exchangedb schema 2022-12-27 02:25:45 +01:00
Joseph
0a40f48400
NULL value fixed in batch 1 test 2022-12-21 10:25:44 -05:00
Joseph
f2b1041925
fixing some bugs 2022-12-21 08:06:47 -05:00
Joseph
2030d64910
update of batch 2 test 2022-12-21 07:28:46 -05:00
Joseph
b90d25ecfc
Rollback in sqlcode 2022-12-21 05:29:47 -05:00
Joseph
802dbaefc9
add batch8 2022-12-21 05:29:47 -05:00
Christian Grothoff
287370b4cb
-improve logging 2022-12-20 13:26:38 +01:00
Christian Grothoff
443a0405e3
-improve logging 2022-12-20 13:00:00 +01:00
Christian Grothoff
39277c433a
-add missing return 2022-12-20 12:55:42 +01:00
Christian Grothoff
aa59b125f2
-add missing break 2022-12-20 12:45:16 +01:00
Christian Grothoff
55316ec9ff
-typo 2022-12-20 12:33:26 +01:00
Christian Grothoff
b0f746cf3e
-enable batch testing and no DB rest in bank benchmark 2022-12-20 12:32:42 +01:00
Joseph
4cf0d8580f
update of batch 1-2-4 test 2022-12-20 05:39:05 -05:00
Joseph
b0c106124c
new batch test and standard deviation 2022-12-20 05:00:38 -05:00
Joseph
48b7d45959
some modifications in sql code 2022-12-20 04:58:57 -05:00
Christian Grothoff
b6b80e61f4
refactor wirewatch to enable use of batch API 2022-12-19 21:41:32 +01:00
Christian Grothoff
709ca561d2
-try to fix wirewatch loop 2022-12-19 15:54:47 +01:00
Christian Grothoff
8f33fe5311
-try to fix wirewatch loop 2022-12-19 15:53:14 +01:00
Christian Grothoff
97f46a01cd
-try to fix wirewatch loop 2022-12-19 15:41:28 +01:00
Christian Grothoff
649619840b
-try to fix wirewatch loop 2022-12-19 15:41:11 +01:00
Christian Grothoff
c164863db8
-try to fix wirewatch loop 2022-12-19 15:03:40 +01:00
Christian Grothoff
91f7925324
-try to fix wirewatch hang 2022-12-19 14:58:49 +01:00
Christian Grothoff
017e6b97cf
-try to fix wirewatch hang 2022-12-19 14:56:49 +01:00
Christian Grothoff
d5c088b17c
-fix response code being reported incorrectly 2022-12-19 14:51:10 +01:00
Christian Grothoff
4513cde0df
-be more strict about 200 vs. 204 2022-12-19 14:49:49 +01:00
Christian Grothoff
373673352f
-simplify 200 vs. 204 in fakebank 2022-12-19 14:47:25 +01:00
Christian Grothoff
c4cc1ea13d
-fix 200 vs. 204 in fakebank 2022-12-19 14:41:27 +01:00
Christian Grothoff
80660f2d88
return 204 on empty transaction history, as per API 2022-12-19 14:13:55 +01:00
Christian Grothoff
d3a9160e0f
-fix error message 2022-12-19 14:08:26 +01:00
Christian Grothoff
e58ed916d6
-debug dbinit call 2022-12-19 14:03:25 +01:00
Christian Grothoff
5ead879726
-debug dbinit call 2022-12-19 14:01:03 +01:00
Christian Grothoff
93e8e6e0f7
-debug dbinit call 2022-12-19 14:00:28 +01:00
Christian Grothoff
ea140f783b
-debugging' 2022-12-19 13:53:42 +01:00
Christian Grothoff
5630deaca4
-fix includes in tests 2022-12-19 13:43:13 +01:00
Christian Grothoff
24c0969873
ensure Postgres CPPFLAGS are set before libgnunetpq check 2022-12-19 13:29:07 +01:00
Christian Grothoff
a03e4fa72f
-fix crash if dbinit is not found 2022-12-19 13:01:10 +01:00
Christian Grothoff
28dfae3e7c
expose templating API for in-memory data 2022-12-16 16:00:13 +01:00
Christian Grothoff
58983d7455
add asset_type to /keys response 2022-12-11 13:48:44 +01:00
Christian Grothoff
e682f4213e
-improve comment 2022-12-09 13:34:43 +01:00
Christian Grothoff
d1c160d1b9
properly handle GONE case on purse deposit 2022-12-09 13:33:57 +01:00
Christian Grothoff
f9cc76ad3c
Merge branch 'master' of git+ssh://git.taler.net/exchange 2022-12-08 14:20:33 +01:00
Christian Grothoff
329b7692ea
-improve postgres check 2022-12-08 14:20:22 +01:00
Joseph
db34b05a77
-ignore 2022-12-06 08:15:34 -05:00
Joseph
b3a8ad3c72
new files for experimental batch insert 2022-12-06 08:12:08 -05:00
Joseph
4b7cb13c32
some modifications 2022-12-06 08:12:07 -05:00
Joseph
a71893d5f2
plugin update 2022-12-06 08:11:14 -05:00
Joseph
6e3d1bdc91
some modifications for batch test 2022-12-06 08:09:45 -05:00
Joseph
b6476ac881
batch modifications 2022-12-06 08:07:14 -05:00
Christian Grothoff
87198f124c
refactor procedures.sql 2022-12-06 13:29:23 +01:00
Christian Grothoff
21959eebd2
fix FIXME: sign also over balance during account-setup 2022-12-06 13:02:54 +01:00
Christian Grothoff
9e4ac84b6e
force include of taler_util.h, not of taler_crypto_lib.h or taler_amount_lib.h 2022-12-05 14:03:43 +01:00
Christian Grothoff
597c9950a3
adapt build to latest GNUnet without gnunet/platform.h 2022-12-05 12:55:15 +01:00
Christian Grothoff
461dc8e36c
-fix crash if there is a conflict on inserting into the purse_decision table 2022-12-05 11:15:59 +01:00
Christian Grothoff
07b4b1aa3f
handle partner_serial_id being NULL 2022-11-27 22:06:59 +01:00
Christian Grothoff
1cdd999c96
-fix foreign key constraint issue 2022-11-27 22:00:24 +01:00
Christian Grothoff
68abe6d9fa
-constraint no longer holds 2022-11-27 21:52:03 +01:00
Christian Grothoff
0a75bcad23
-cleanup 2022-11-27 21:48:30 +01:00
Christian Grothoff
c86c92200c
-db tests pass again 2022-11-27 21:43:55 +01:00
Christian Grothoff
cf2e37cd87
more work on SQL refactoring 2022-11-27 21:21:04 +01:00
Christian Grothoff
f2ba02aab2
more sql refactoring 2022-11-27 18:40:44 +01:00
Christian Grothoff
bbf3e6fe03
more work on SQL refactoring 2022-11-27 15:33:29 +01:00
Christian Grothoff
2eff222c52
more work on SQL refactoring 2022-11-27 15:31:39 +01:00
Christian Grothoff
85ce53a49b
more work on SQL refactoring 2022-11-27 14:50:49 +01:00
Christian Grothoff
4f75bcdca3
more work on SQL refactoring 2022-11-27 14:45:01 +01:00
Christian Grothoff
a322770d29
more work on SQL refactoring 2022-11-27 14:05:47 +01:00
Christian Grothoff
be2c11a179
more sql refactoring 2022-11-27 02:00:38 +01:00
Christian Grothoff
9580dd19c2
intermediate step in major SQL refactoring (not done at all) 2022-11-27 00:16:00 +01:00
Christian Grothoff
746a8a0cdb
-remove shard support 2022-11-26 23:26:44 +01:00
Christian Grothoff
95149f345f
-draft for better sql 2022-11-24 16:20:08 +01:00
Christian Grothoff
c2bb6551cf
starting point for NG exchange DB schema 2022-11-24 12:23:55 +01:00
Christian Grothoff
0429b0cede
Merge branch 'master' of git+ssh://git.taler.net/exchange 2022-11-23 13:40:13 +01:00
Christian Grothoff
505ea0a043
-starting point for Joseph 2022-11-23 13:40:07 +01:00
Christian Grothoff
d3b46de9f8
-fix dist 2022-11-21 21:57:36 +01:00
Joseph
eba2a5d90c
new batch insertion code 2022-11-21 10:40:10 -05:00
Joseph
dbfd4e252a
batch test for reserves-in-insert 2022-11-21 10:40:10 -05:00
Joseph
b9ccfbd66b
some modifications, there is one error which display (no function matches the given name and argument types) 2022-11-21 10:40:10 -05:00
Joseph
f60e38077c
some modifications on batch_test for reserves_in 2022-11-21 10:40:08 -05:00
Christian Grothoff
9d43bf92c4
-doxygen 2022-11-21 14:56:46 +01:00
Christian Grothoff
3583885978
-typos 2022-11-21 14:44:09 +01:00
Christian Grothoff
0c94dcb79e
Merge branch 'master' of git+ssh://git.taler.net/exchange 2022-11-21 14:21:01 +01:00
Christian Grothoff
e82cbd05b6
-fix NPE 2022-11-21 00:53:03 +01:00
Christian Grothoff
a400aa0fc1
Merge branch 'bug-7276' 2022-11-20 21:55:12 +01:00
Christian Grothoff
e033f82dc0
-implement missing testing checks 2022-11-20 21:53:32 +01:00
496a13f35e
retry test after 2s sleep; workaround for #7445 2022-11-20 16:34:29 +01:00
8250d830b6
Call TEH_keys_update_state on extension config change
Fixes #7266

Also better API:
 - TEH_keys_get_state and
 - TEH_keys_get_state_for_management_only
2022-11-20 12:36:54 +01:00
Christian Grothoff
bf97de5472
add postgres to list of dependencies 2022-11-18 13:50:45 +01:00
Christian Grothoff
7d3ce9bb5d
Merge branch 'bug-7276' 2022-11-18 10:49:53 +01:00
Christian Grothoff
baeb59ee13
fix wirewatch 2022-11-18 10:46:00 +01:00
Christian Grothoff
30997afc7f
-more work on wirewatch revision 2022-11-17 21:50:20 +01:00
Christian Grothoff
a2371912ee
-fix build issues 2022-11-17 17:38:33 +01:00
Christian Grothoff
3d4baa9969
-code cleanup 2022-11-17 16:58:50 +01:00
Christian Grothoff
20afebe72a
-update testing cmd to new bank API 2022-11-17 13:43:26 +01:00
Christian Grothoff
2d9ff55964
-update testing cmd to new bank API 2022-11-17 13:40:14 +01:00
Christian Grothoff
741831e87b
bank API refactoring for #7276 (incomplete) 2022-11-17 13:28:15 +01:00
Christian Grothoff
8e0f06c86b
fix benchmark logic 2022-11-15 12:15:17 +01:00
Christian Grothoff
94a80b37d5
-first micro benchmark 2022-11-15 12:07:33 +01:00
Christian Grothoff
ffbc537fe7
-kill binary 2022-11-15 11:59:49 +01:00
Christian Grothoff
54ea631b26
-kill binary 2022-11-15 11:59:25 +01:00
Joseph
d6e834d8bb
some modifications by joseph 2022-11-15 05:58:26 -05:00
Joseph
5335e30dd1
some modifications 2022-11-15 05:55:43 -05:00
Joseph
656ec29d5e
new test 2022-11-15 05:46:26 -05:00
Joseph
6991ca011b
remove more functions 2022-11-14 07:35:56 -05:00
Christian Grothoff
41e3c1ecbf
implement batch operation in handlers 2022-11-14 06:43:21 +01:00
Christian Grothoff
8bfc6583e7
more refactoring towards #7272 2022-11-14 06:19:35 +01:00
Christian Grothoff
053faa252c
-refactoring in preparation of fixing #7272 2022-11-14 05:34:19 +01:00
Christian Grothoff
d876a95073
-remove old comment 2022-11-14 05:13:48 +01:00
Christian Grothoff
ddbdb0a742
resolve duplicate prepared statement 2022-11-14 05:13:27 +01:00
Christian Grothoff
4ea2e0c42a
-fix linker issues 2022-11-14 05:10:56 +01:00
Christian Grothoff
9db572706d
-fix compiler warnings 2022-11-14 05:08:11 +01:00
Christian Grothoff
231cdaf4f7
add test for batch CS derive/sign logic 2022-11-13 21:45:43 +01:00
Christian Grothoff
390d241019
implement CS batch operations in libtalerutil 2022-11-13 20:20:19 +01:00
Christian Grothoff
de2fdc2a9a
refactor CS derive API in preparation for batch API 2022-11-13 19:52:09 +01:00
Christian Grothoff
18aba0abbb
add batch logic to taler-exchange-secmod-cs 2022-11-13 19:03:52 +01:00
Christian Grothoff
9838e0fc33
API refactoring towards batch CS 2022-11-13 15:05:48 +01:00
Christian Grothoff
b93b9dd074
add support for batch signing in RSA 2022-11-13 14:46:43 +01:00
Christian Grothoff
f2eba7b8b7
implement TALER_CRYPTO_helper_rsa_batch_sign 2022-11-13 12:39:10 +01:00
Christian Grothoff
d8bbbb885a
-substitute 0 by %VERSION% as well 2022-11-13 11:16:16 +01:00
Christian Grothoff
5efea4db73
need htmlark, provide instruction 2022-11-13 11:15:30 +01:00
Christian Grothoff
42b7993141
generate ToS with inline CSS 2022-11-13 11:14:06 +01:00
Christian Grothoff
2a8b351822
exchange API change for #7336 2022-11-13 10:40:54 +01:00
Joseph
945821cbc8
move few more functions 2022-11-10 10:37:28 -05:00
Joseph
bd0e2aac92
move functions need to recheck insert_aggregation_tracking 2022-11-08 11:40:47 -05:00
Joseph
f51e8a7150
merge 2022-11-08 09:22:05 -05:00
Joseph
4394079a5e
move a few more functions 2022-11-08 09:21:01 -05:00
Christian Grothoff
0c32c48ac5
Merge branch 'master' of git+ssh://git.taler.net/exchange 2022-11-08 15:15:39 +01:00
Christian Grothoff
fe18c104d8
-fix #7428 2022-11-08 14:56:32 +01:00
Joseph
354bbfa1e5
move another function 2022-11-08 07:34:53 -05:00
Joseph
e43e2a9b29
-move two more functions 2022-11-08 07:28:17 -05:00
Joseph
55f1217a33
move functions into separate file 2022-11-07 10:35:34 -05:00
Christian Grothoff
04a45df4bf
-doxygen 2022-11-06 22:34:12 +01:00
Christian Grothoff
f8e9241a3d
fix #7427 2022-11-06 22:29:51 +01:00
6d59c19f36
fix sandbox auth in test 2022-11-04 15:16:22 +01:00
Christian Grothoff
576384b26e
return base url as part of /keys 2022-11-04 14:54:17 +01:00
bcaccec009
lower-case extension names before loading the plugin 2022-11-04 14:43:12 +01:00
81ee8f01d8
work around libeufin-cli bug 2022-11-04 14:23:23 +01:00
e4ba8151d0
Merge branch 'master' of ssh://git.taler.net/exchange 2022-11-04 14:00:49 +01:00
680ae81d86
added policy_details support into batch_deposit (#7270 related) 2022-11-04 14:00:43 +01:00
b4d4285aef
use --no-auth for libeufin sandbox 2022-11-04 13:36:51 +01:00
ac7e0daa2f
use correct policy related tables 2022-11-04 13:20:34 +01:00
224a7048c1
-typo 2022-11-04 13:20:05 +01:00
631ab71895
-typo 2022-11-04 13:04:37 +01:00
Christian Grothoff
22057732c7
add missing header 2022-11-04 12:59:34 +01:00
Christian Grothoff
0643ebff9e
-remove bogus index 2022-11-04 12:58:24 +01:00
a76556f0ca
-typos in arguments fixed 2022-11-04 12:58:03 +01:00
54c03a25b4
Merge branch 'master' of ssh://git.taler.net/exchange 2022-11-04 12:38:46 +01:00
Christian Grothoff
fb5e62cb41
-typo 2022-11-04 12:37:56 +01:00
5cfb9194a7
Merge branch 'master' of ssh://git.taler.net/exchange 2022-11-04 12:37:36 +01:00
035749952b
-extension_... -> policy_... 2022-11-04 12:37:29 +01:00
Christian Grothoff
e51c000e00
swap 2022-11-04 12:36:51 +01:00
752f102738
policy extensions and age restriction refactoring
- refactoring of extension-plugin-mechanism
- refactoring of age restriction extension
- added policy extensions plugin plumbing
- added DB schema and api
  - policy_details
  - policy_fulfillments
2022-11-04 12:18:16 +01:00
Christian Grothoff
c89bfa9026
-fix dist rule 2022-11-03 23:56:57 +01:00
Christian Grothoff
92153a7954
-fix SQL 2022-11-03 23:56:01 +01:00
Christian Grothoff
66ff1a29f0
-fix dist rules 2022-11-03 23:45:24 +01:00
Christian Grothoff
4498f28e13
-update prebuilt docs 2022-11-03 23:38:25 +01:00
Christian Grothoff
e37e32cdb8
-preps for v0.9.0 release 2022-11-03 23:35:54 +01:00
Christian Grothoff
d35dd38a6f
-fix 2022-11-03 22:24:26 +01:00
Christian Grothoff
a3dd7ad999
-ref bug 2022-11-03 22:19:41 +01:00
Christian Grothoff
77ebca5e9c
-ref bug 2022-11-03 22:14:46 +01:00
Christian Grothoff
3f1cfc9e14
also run purse helper 2022-11-02 22:00:29 +01:00
Christian Grothoff
dded43aafa
-fix wad_fee 2022-11-02 18:49:57 +01:00
Christian Grothoff
0d28637913
-doxygen 2022-11-02 18:04:44 +01:00
Christian Grothoff
789af40b5c
-add missing PREPARE 2022-11-02 17:54:25 +01:00
Christian Grothoff
a51517f64c
-implement missing functions 2022-11-02 17:51:42 +01:00
Christian Grothoff
5c0b8e3240
-doxygen 2022-11-02 14:58:11 +01:00
Christian Grothoff
2e3460b460
-doxygen 2022-11-02 14:42:56 +01:00
Christian Grothoff
ad3fff5155
-more logging 2022-11-02 14:32:14 +01:00
9169f4447e
age mask clarification 2022-11-02 12:36:28 +01:00
Christian Grothoff
34f46382f0
skeleton logic for new auditordb functions 2022-11-02 12:25:42 +01:00
Christian Grothoff
821c87ccbd
clean up exchange DB logic a bit, add missing function 2022-11-02 12:17:05 +01:00
Christian Grothoff
1d483e2e17
templating helper 2022-11-02 11:20:53 +01:00
Christian Grothoff
481ffc1a0a
remove wad fee, kyc fee and kyc-timeout 2022-11-01 16:43:59 +01:00
Christian Grothoff
22357678a0
purse auditor helper theoretically complete (but DB logic still missing) 2022-11-01 15:15:35 +01:00
Christian Grothoff
67d393549d
-reduce loglevel 2022-11-01 12:34:04 +01:00
Christian Grothoff
7cc7f81d8a
split up auditor db plugin into individual files per main query 2022-11-01 00:11:12 +01:00
Christian Grothoff
d97ef7fcf6
-fix FTBFS of new taler-helper-auditor-purses 2022-10-30 18:49:21 +01:00
Christian Grothoff
c0f6d89316
-doxygen 2022-10-30 18:06:47 +01:00
Christian Grothoff
2d55647f2a
add support for reserve open/close operations to auditor, begin to split off purse auditing logic 2022-10-30 17:36:57 +01:00
Christian Grothoff
38a078d543
-fix looping wirewatch (hopefully) 2022-10-26 23:06:28 +02:00
Christian Grothoff
889454aee5
-remove log statement 2022-10-26 15:19:15 +02:00
Christian Grothoff
9978bc9da3
-initialize final_balance even if audit failed hard 2022-10-26 15:17:46 +02:00
Christian Grothoff
0bd3b90d5d
-update gana 2022-10-26 15:04:31 +02:00
Christian Grothoff
042a8b677d
-fix testing/ FTBFS 2022-10-22 19:49:24 +02:00
Christian Grothoff
30971cd0e2
-fix testing/ FTBFS 2022-10-22 19:37:52 +02:00
Christian Grothoff
4565d92a9e
-disable help logic 2022-10-22 15:02:35 +02:00
Christian Grothoff
cedcde4939
fix taler-auditor-sync: needs two plugins running in parallel with their own prepare counters 2022-10-22 14:46:52 +02:00
Christian Grothoff
c4bbc4ac56
fix column name 2022-10-22 14:00:50 +02:00
Christian Grothoff
1435e5627e
-fix ftbfs 2022-10-22 13:38:04 +02:00
Christian Grothoff
3d1443d4e6
-fix bad method handling in kyc-tester 2022-10-22 13:21:09 +02:00
Christian Grothoff
dec5dc025a
-add FIXME 2022-10-22 00:30:53 +02:00
Christian Grothoff
4524180ada
-document why re-locking here is safe -- at least right now 2022-10-22 00:27:32 +02:00
Christian Grothoff
3b90f9cae2
-fix fb leak 2022-10-22 00:21:08 +02:00
Christian Grothoff
a2c99f173f
-DCE 2022-10-22 00:18:35 +02:00
Christian Grothoff
83ba13c8ee
implement missing UT filtering logic 2022-10-22 00:16:22 +02:00
Christian Grothoff
6e56693071
-add missing asserts, fix logic issue 2022-10-22 00:14:20 +02:00
Christian Grothoff
28969f415e
-remove bogus tests 2022-10-22 00:07:00 +02:00
Christian Grothoff
5c387b7d6e
-do not warn on normal stuff 2022-10-21 00:00:12 +02:00
Christian Grothoff
7e946580c2
-log TOS fn 2022-10-20 23:57:36 +02:00
Christian Grothoff
5487e141c1
include BFH ToS 2022-10-20 13:03:13 +02:00
Christian Grothoff
1ae01f75cd
-improve build logic 2022-10-20 13:02:56 +02:00
Christian Grothoff
35e505f6bf
add support for coin open-deposit and coin purse refunds to auditor logic 2022-10-16 16:38:21 +02:00
Christian Grothoff
745981c680
handle purse-refund and reserve-open-deposit events in coin history in libtalerexchange 2022-10-15 22:14:20 +02:00
Christian Grothoff
518c7009e7
handle reserve open/close responses in reserve history in libtalerexchange 2022-10-15 22:03:55 +02:00
Christian Grothoff
7421142bc1
update README 2022-10-15 21:26:30 +02:00
Christian Grothoff
a8dac27be8
return open/close requests in reserve history 2022-10-15 21:26:03 +02:00
Christian Grothoff
6180fa6d91
update README 2022-10-15 21:25:49 +02:00
Christian Grothoff
d70c93ce21
-doxygen 2022-10-15 19:23:51 +02:00
Christian Grothoff
2a852aaeba
-modify DB logic to return open/close requests in reserve history 2022-10-15 19:12:37 +02:00
Christian Grothoff
38876c503f
-refactor DB for reserve history/status routines 2022-10-15 16:19:14 +02:00
Christian Grothoff
eebc030f6c
add logic to return information about purse refunds in coin histories 2022-10-15 10:43:26 +02:00
Christian Grothoff
5f333f817c
add reserve-open-deposit transactions to coin histories 2022-10-14 00:30:52 +02:00
Christian Grothoff
1ee69f6f1d
-towards returning reserve open deposits in coin history 2022-10-13 22:43:22 +02:00
Christian Grothoff
97b4bd3b34
-update gana 2022-10-13 19:13:31 +02:00
Christian Grothoff
09310cc66e
-implement reserve closure in test 2022-10-13 19:07:25 +02:00
Christian Grothoff
4fc77b9dbf
-work on reserve control test 2022-10-13 15:58:49 +02:00
Christian Grothoff
d7ca9d3ecf
-work on reserve control tests 2022-10-12 22:18:10 +02:00
Christian Grothoff
4702b156dc
-work on reserve control tests 2022-10-12 22:16:40 +02:00
Christian Grothoff
3b34acdb72
-update to latest GNUNET_PQ_make_prepare() API 2022-10-12 14:48:56 +02:00
Christian Grothoff
3036c21283
fix cmd reserve close FTBFS 2022-10-12 11:32:58 +02:00
Christian Grothoff
5e2e71ec11
-testing... 2022-10-12 11:09:20 +02:00
Christian Grothoff
04565bcb9c
-missing 2022-10-10 12:15:47 +02:00
Christian Grothoff
8fc4a5f12a
-doxygen 2022-10-10 08:59:13 +02:00
Christian Grothoff
3a4515c029
-implement missing select_serial_by_table_ statements 2022-10-10 08:49:47 +02:00
Christian Grothoff
d0debc467e
-more db logic refactoring 2022-10-10 08:20:49 +02:00
Christian Grothoff
c1c02b8a3c
-implementing do_reserves_open logic 2022-10-09 23:23:14 +02:00
Christian Grothoff
ea11a9a0fd
-add missing SQL logic 2022-10-08 22:26:54 +02:00
Christian Grothoff
a9bea142cb
more db refactoring 2022-10-08 21:49:03 +02:00
Christian Grothoff
04cf1dc088
more db refactoring 2022-10-08 21:09:13 +02:00
Christian Grothoff
f2a3a28d46
-more plugin refactoring 2022-10-08 18:07:05 +02:00
Christian Grothoff
b8dada3403
-more db logic refactoring 2022-10-08 12:47:14 +02:00
Christian Grothoff
7e5c6a7e46
-insert routines 2022-10-05 16:38:29 +02:00
Christian Grothoff
67d6bbd736
-work on header towards taler-auditor-sync for new tables 2022-10-05 16:13:12 +02:00
787b5b4544
-syntax error fixed 2022-10-04 21:42:05 +02:00
Christian Grothoff
1cf6fbe8dc
-fix typos 2022-10-04 19:28:11 +02:00
Christian Grothoff
012249fc09
-fix typos 2022-10-04 19:23:01 +02:00
Christian Grothoff
f7b06e308f
-work on reserve_open DB API 2022-10-04 19:18:43 +02:00
Christian Grothoff
856b8e26c2
-more work on new DB logic 2022-10-03 23:54:12 +02:00
Christian Grothoff
4a487b179c
-implement sketch for pg_do_reserve_open.c 2022-10-03 19:34:11 +02:00
Christian Grothoff
2dbf8cefe0
-work on DB logic 2022-10-03 17:05:29 +02:00
Christian Grothoff
f4c8eb6a9c
-skeletons for new PG functions 2022-10-03 12:46:30 +02:00
Christian Grothoff
87ec6916c8
complete taler-exchange-httpd_reserves_attest.c logic (first pass, still without DB logic or tests) 2022-10-03 09:36:10 +02:00
Christian Grothoff
3bca75d6cf
complete taler-exchange-httpd_reserves_get_attest.c logic (first pass, still without DB logic or tests) 2022-10-02 23:57:09 +02:00
Christian Grothoff
1ce70b1dab
complete taler-exchange-httpd_reserves_close.c logic (first pass, still without DB logic or tests) 2022-10-02 23:19:48 +02:00
Christian Grothoff
4a36ed7fbf
complete taler-exchange-httpd_reserves_open.c logic (first pass, still without DB logic or tests) 2022-10-02 22:47:28 +02:00
Christian Grothoff
de657800a8
-get taler-exchange-httpd_reserves_attest.c to build (but not finished) 2022-10-02 13:34:51 +02:00
Christian Grothoff
2d9270a01d
-get taler-exchange-httpd_reserves_get_attest.c to build (but not finished) 2022-10-02 13:22:57 +02:00
Christian Grothoff
bd3741c1c1
-taler-exchange-httpd_reserves_close.c now builds (but not complete) 2022-10-02 12:41:37 +02:00
Christian Grothoff
4ea4f03aea
taler-exchange-httpd_reserves_open.c now builds (but not complete) 2022-10-02 12:28:40 +02:00
Christian Grothoff
2f1fb32e1c
-skeletons for reserve control endpoints 2022-10-01 23:06:24 +02:00
Christian Grothoff
7bf0f2a43d
-doxygen 2022-10-01 16:35:13 +02:00
Christian Grothoff
442b2116ed
-already done, remove finished FIXME 2022-10-01 16:32:58 +02:00
Christian Grothoff
9cba7d4c3e
-implement first draft of testing_api_cmd_reserve_attest.c 2022-10-01 16:30:22 +02:00
Christian Grothoff
538ab8753c
-implement first draft of testing_api_cmd_reserve_get_attestable.c 2022-10-01 16:25:06 +02:00
165b85ddd5
-make static, return json_null() 2022-09-29 12:52:33 +02:00
adfb7ffd0e
added benchmark tool for age restriction 2022-09-29 11:59:42 +02:00
Christian Grothoff
3f901571d5
implemented reserve_open testing CMD 2022-09-28 12:17:50 +02:00
Christian Grothoff
58e7e98657
-first sketch for reserve_open testing CMD 2022-09-28 12:12:53 +02:00
Christian Grothoff
58a5c0857b
exclude mustach from indentation requirements 2022-09-28 08:55:17 +02:00
Christian Grothoff
d645ea5c8e
skeleton for reserve control testing commands 2022-09-28 08:54:14 +02:00
Christian Grothoff
2635f2e0b8
implement exchange_api_reserves_attest.c 2022-09-27 16:10:00 +02:00
Christian Grothoff
33680940fe
implement libtalerexchange:reserve_get_attest API 2022-09-27 15:31:59 +02:00
Christian Grothoff
0de4db7755
implement libtalerexchange:reserve_close API 2022-09-27 15:21:51 +02:00
Christian Grothoff
7d8c49b3c7
implement libtalerexchange:reserve_open API 2022-09-27 14:15:05 +02:00
Christian Grothoff
326f99266e
-fix debian package 2022-09-26 19:58:22 +02:00
Christian Grothoff
f9c94efc7f
-fix changelog 2022-09-26 19:46:24 +02:00
Christian Grothoff
f7d6a67834
-update debian packages, improve descriptions 2022-09-26 19:17:38 +02:00
Christian Grothoff
071d1920d0
make dependency explicit 2022-09-24 19:44:19 +02:00
Christian Grothoff
f2217c0f01
-fix linker issues 2022-09-24 19:35:26 +02:00
Christian Grothoff
2961c9b3f6
-doxygen fixes 2022-09-24 14:21:03 +02:00
Christian Grothoff
205a48f613
tab 2022-09-24 14:14:10 +02:00
Christian Grothoff
7d40cd1904
-clean up scripts 2022-09-24 00:51:15 +02:00
Christian Grothoff
035e052c39
-fix test-revocation 2022-09-24 00:16:51 +02:00
Christian Grothoff
f05a3450e0
-less verbose 2022-09-23 16:21:52 +02:00
Christian Grothoff
7b40c38a02
-fix test-auditor.sh 2022-09-23 16:18:07 +02:00
Christian Grothoff
9fda23115a
-work on test-auditor.sh 2022-09-22 21:37:26 +02:00
Christian Grothoff
326fa9409d
-use new flag to avoid continuing after wallet failure 2022-09-20 23:19:46 +02:00
Christian Grothoff
a2c179373e
-fix issue on Florian's system 2022-09-20 23:18:46 +02:00
Christian Grothoff
bf85d6f3d1
-work on test-auditor.sh 2022-09-21 18:04:34 +02:00
Christian Grothoff
f365fc0730
-try to fix more of test-*.sh 2022-09-21 10:46:57 +02:00
Christian Grothoff
3fa9f3bb12
-wip 2022-09-19 19:32:22 +02:00
Christian Grothoff
230cfa4f93
-do not exit if not in PATH 2022-09-19 14:45:04 +02:00
Christian Grothoff
a566242bfd
-do not exit if not in PATH 2022-09-19 14:44:40 +02:00
Christian Grothoff
e7c431654d
-first design for reserve control 2022-09-19 14:33:24 +02:00
1aed3c1fd2
auditor tests: make initdb invocation more portable 2022-09-19 14:04:53 +02:00
Christian Grothoff
da69fd9c72
prepare tables for DD31 2022-09-18 18:04:41 +02:00
Christian Grothoff
18a2fae3b5
add new signature functions for DD31 2022-09-18 17:36:35 +02:00
Christian Grothoff
b4b857abea
-misc minor fixes 2022-09-17 23:27:29 +02:00
Christian Grothoff
b7bd457908
-cleanup 2022-09-13 15:51:38 +02:00
Christian Grothoff
47ab7c4c41
-fix test-sync 2022-09-13 15:29:04 +02:00
Christian Grothoff
1081f3edbf
-work on auditor tests 2022-09-13 13:22:26 +02:00
Christian Grothoff
bca7f21fdd
-work on auditor tests 2022-09-13 13:00:02 +02:00
Christian Grothoff
fed7102ad5
-fix test-auditor.sh 2022-09-13 12:20:10 +02:00
Christian Grothoff
0a618f77cd
-add missing license headers 2022-09-12 13:34:33 +02:00
Christian Grothoff
05cf62b397
-use private DB for tests 2022-09-12 11:33:56 +02:00
Thien-Thi Nguyen
27ee193e34
remove spurious ‘-n’
This is for consistency w/ the other echo(1) statements
in this and peer tests.
2022-09-11 01:44:14 -04:00
Thien-Thi Nguyen
aea3c6027b
remove reserved word ‘function’
This is a bashism; the definition works fine w/o it.
2022-09-09 20:23:21 -04:00
Christian Grothoff
b808ca04d6
-remove generated DB files from test logic 2022-09-09 22:26:11 +02:00
Thien-Thi Nguyen
e83191c421
fix typo: s/issattr/isattr/g (45 instances) 2022-09-07 13:23:39 -04:00
Thien-Thi Nguyen
96fae17b32
fix typo: s/denomnations/denominations/ 2022-09-07 01:56:18 -04:00
Thien-Thi Nguyen
996d59f2e8
fix typo: s/t/tt/ 2022-09-07 01:55:02 -04:00
Thien-Thi Nguyen
c1fe070830
fix typo: s/missbehavior/misbehavior/ 2022-09-07 01:52:51 -04:00
Thien-Thi Nguyen
a75d766dc3
fix typo: s/missbehaved/misbehaved/ 2022-09-07 01:51:39 -04:00
Thien-Thi Nguyen
b2e874c1ad
fix typo: s/siging/signing/ 2022-09-07 01:25:17 -04:00
Thien-Thi Nguyen
c681464b61
fix typo: s/singing/signing/ 2022-09-07 01:23:29 -04:00
Thien-Thi Nguyen
93a3f3a593
fix typo: s/singing/signing/ 2022-09-07 01:22:14 -04:00
Thien-Thi Nguyen
dbc4e5c5df
add 9th IN parameter to ‘exchange.exchange_do_purse_deposit’
* src/auditor/auditor-basedb.sql (exchange.exchange_do_purse_deposit):
  Add ‘in_reserve_expiration bigint’ as last non-OUT parameter.
2022-09-06 15:25:42 -04:00
57a53a016b
p2p payments: do not require attestation when min_age is 0 2022-09-05 13:48:34 +02:00
0c0c598612
set age mask before hashing age commitment 2022-09-05 13:45:08 +02:00
Christian Grothoff
57752ed36c
add payto URI as detail 2022-08-30 18:15:34 +02:00
Christian Grothoff
5e206e7c30
EC instead of SEGV 2022-08-25 20:32:50 +02:00
Christian Grothoff
ecae3c26dd
-enable signup bonus with fakebank 2022-08-25 19:52:53 +02:00
Christian Grothoff
8322527536
-proper conflict on /register for existing account with different pw 2022-08-25 19:43:16 +02:00
Christian Grothoff
485466f021
use correct EC 2022-08-25 19:39:27 +02:00
Christian Grothoff
cf74be0ac3
-handle case of GET purse status prior to deposit 2022-08-24 10:26:16 +02:00
Christian Grothoff
d37d9d9ded
-handle case of GET purse status prior to merge 2022-08-24 10:16:25 +02:00
Christian Grothoff
bc107b5958
-fix purse deposit when done against non-existing reserve 2022-08-24 09:55:18 +02:00
Christian Grothoff
4edb5050d9
-fix purse merge when done against non-existing reserve 2022-08-24 09:39:09 +02:00
Thien-Thi Nguyen
580c9b794b
fix typo: s/ULONG_LONG_MAX/ULLONG_MAX/
The latter is in the standard, while the former is an old GCC-ism.
2022-08-23 21:18:06 -04:00
Christian Grothoff
1339c6bf0b
-fix locking 2022-08-23 22:27:16 +02:00
Christian Grothoff
7585e86364
/withdrawals required 2022-08-23 22:16:35 +02:00
Christian Grothoff
5469970d11
payto URI malformed 2022-08-23 21:26:03 +02:00
Christian Grothoff
3c03c52c46
-fix URI construction 2022-08-23 21:14:34 +02:00
Christian Grothoff
783d06cad6
/config, not /version 2022-08-23 20:43:11 +02:00
Christian Grothoff
e96cf9ba66
-fix auditor tests (mostly) 2022-08-23 20:40:26 +02:00
Christian Grothoff
a8076ec01e
-actually, can be zero on refund... 2022-08-23 14:38:02 +02:00
Christian Grothoff
f9774ded37
enforce syntax of reserve_uri (typo) 2022-08-23 14:36:23 +02:00
Christian Grothoff
b231cc94df
enforce syntax of reserve_uri 2022-08-23 14:36:03 +02:00
Christian Grothoff
624c5fda98
-avoid double next 2022-08-23 14:29:39 +02:00
Christian Grothoff
758a149059
-fix report generation field name missmatch 2022-08-23 14:22:59 +02:00
Christian Grothoff
0ad509bd10
fix profit drain test, remove obsolete test 33 (aggregator now dies on inconsistency, before it looped); fixes #4960 2022-08-23 12:09:22 +02:00
MS
70a1c0d68c
retry when SQLite DB is locked 2022-08-23 10:40:53 +02:00
Thien-Thi Nguyen
6e33a685ac
fix typo: ‘s/(MHD_HTTP_UNPROCESSABLE)_CONTENT/\1_ENTITY/g’ 2022-08-22 21:14:08 -04:00
Christian Grothoff
9ed99558e2
-fix clang compiler warnings 2022-08-22 22:45:41 +02:00
Christian Grothoff
a199ba7fe6
-fix some clang warnings 2022-08-22 00:08:28 +02:00
Christian Grothoff
a5b9fce183
-remove obsolete options from config 2022-08-21 12:22:31 +02:00
Christian Grothoff
92a76baef6
-fix includes 2022-08-21 11:46:40 +02:00
Christian Grothoff
fa2e6f5909
typo 2022-08-20 23:02:51 +02:00
Christian Grothoff
2b4b52c8a8
-doxygen 2022-08-20 22:47:15 +02:00
Christian Grothoff
a046899b2c
-major KYC update, fixes misc. issues 2022-08-20 21:29:36 +02:00
MS
516d8e30ed
fix Sandbox/Nexus waiting (7293) 2022-08-19 12:25:41 +02:00
Christian Grothoff
2c4bd1e1d0
add user type to kyc-check 2022-08-19 09:31:51 +02:00
Christian Grothoff
9c1f1c76be
-work on FIXMEs 2022-08-18 22:30:00 +02:00
Christian Grothoff
62a7f9b711
-misc bugfixes for persona kyc logic 2022-08-18 21:10:37 +02:00
Christian Grothoff
f0cd54dc10
-doxygen 2022-08-18 15:43:10 +02:00
Christian Grothoff
3194ccabc1
untested draft of webhook logic for persona 2022-08-18 15:39:39 +02:00
Sebastian
cb27943f14
-fix make and check 2022-08-18 10:34:16 -03:00
Christian Grothoff
246d49b379
-work on kyc-proof persona plugin 2022-08-18 14:02:54 +02:00
Christian Grothoff
14a240f7cc
-first sketch of persona kyclogic 2022-08-17 21:35:30 +02:00
Christian Grothoff
9deca4a0c0
-fix ftbfs 2022-08-17 21:07:11 +02:00
Christian Grothoff
b2a67fcff9
-fix kycaid logic issues 2022-08-17 14:36:16 +02:00
Christian Grothoff
ba006cd61b
kycaid cleanup 2022-08-17 12:02:20 +02:00
Christian Grothoff
bb8eb61441
-doxygen 2022-08-17 10:02:27 +02:00
Christian Grothoff
c62792638b
work on kycaid plugin response generation logic 2022-08-16 21:04:51 +02:00
Thien-Thi Nguyen
af97071ad6
fix typo: ‘s/(MHD_HTTP_UNPROCESSABLE)_CONTENT/\1_ENTITY/g’ 2022-08-16 13:46:40 -04:00
Christian Grothoff
4385f8110e
no reserve origin implies P2P, not KYC 2022-08-16 16:54:48 +02:00
Christian Grothoff
8681a61957
-regenerate DBs 2022-08-16 14:57:47 +02:00
Christian Grothoff
059e1ae8c1
-no port 2022-08-16 14:49:58 +02:00
Christian Grothoff
68d2df88f2
allow merge into non-existent reserve if KYC is disabled 2022-08-16 14:36:23 +02:00
Christian Grothoff
94fa05ec2a
-move templating library into exchange.git 2022-08-16 13:57:26 +02:00
Christian Grothoff
d6f12190c0
-move templating library into exchange.git 2022-08-16 13:57:26 +02:00
1e2fdea5a9
do not use illegal '+' in payment target type 2022-08-16 13:55:17 +02:00
Christian Grothoff
ab7266fc1c
-implement exchange URL suggestion 2022-08-16 13:34:33 +02:00
Christian Grothoff
dfc3d89c5a
completed (but untested) fakebank support for the bank-access API 2022-08-16 10:39:51 +02:00
Christian Grothoff
ef7c20c42a
-more work on fakebank API extension 2022-08-15 21:29:25 +02:00
Christian Grothoff
be7c123a24
-more work on extended fakebank API 2022-08-15 20:30:37 +02:00
Christian Grothoff
b1050243eb
-more work on extended fakebank API 2022-08-15 20:26:03 +02:00
Christian Grothoff
f76f645732
-more work on extended fakebank API 2022-08-15 20:23:02 +02:00
Christian Grothoff
82e11b4d93
-more work on fakebank api-bank-access implementation 2022-08-15 18:26:36 +02:00
Christian Grothoff
96265412cd
(preliminary) work on kycaid plugin 2022-08-15 13:48:13 +02:00
Christian Grothoff
39640c3339
towards testing #4960 2022-08-15 00:01:45 +02:00
Christian Grothoff
a8ec6818bb
-doxygen 2022-08-14 19:23:40 +02:00
Christian Grothoff
522051ee9f
-fix SQL 2022-08-14 19:13:24 +02:00
Christian Grothoff
1a3793cb1c
-regenerate DBs 2022-08-14 19:10:19 +02:00
Christian Grothoff
f5b99b5282
-work on new KYC logic: remove old DB code 2022-08-14 19:03:30 +02:00
Christian Grothoff
3e6e873367
-start with DB cleanup 2022-08-14 18:59:48 +02:00
Christian Grothoff
74ba46db39
-work on new KYC logic: tests pass again 2022-08-14 18:04:09 +02:00
Christian Grothoff
913eacf506
-doxygen fixes 2022-08-13 15:06:53 +02:00
Christian Grothoff
1aad81632e
-draft test for p2p kyc 2022-08-13 14:39:01 +02:00
Christian Grothoff
f25a79e2eb
sketch of fakebank implementation of bank integration API 2022-08-12 11:37:09 +02:00
Christian Grothoff
6ee9984f7e
-fix typos 2022-08-11 23:53:25 +02:00
Christian Grothoff
66307ecc03
-doxygen fixes 2022-08-11 23:50:11 +02:00
Christian Grothoff
1009084e94
major rework of the KYC logic, making it more configurable, not complete, but tests pass again 2022-08-11 23:35:33 +02:00
Christian Grothoff
b061ea85c8
-address fIXMEs in kyc-tester 2022-08-09 15:06:53 +02:00
Christian Grothoff
d58334cf89
implement kyc-proof hook in kyc-tester 2022-08-09 13:00:58 +02:00
Christian Grothoff
f50a2e11b0
work on kyc-tester 2022-08-09 12:11:56 +02:00
Christian Grothoff
ff48ada7d5
move kyclogic into libtalerkyclogic 2022-08-08 15:22:45 +02:00
Christian Grothoff
d4fb0695ce
-start kyc-tester helper 2022-08-07 21:48:38 +02:00
Christian Grothoff
6e831da22a
-ignore 2022-08-07 16:04:52 +02:00
Christian Grothoff
3f99e4f3f8
-implement new kyc-webhook endpoint 2022-08-07 15:35:13 +02:00
Christian Grothoff
30b833232e
-regen DB (again) 2022-08-07 15:35:13 +02:00
Christian Grothoff
c676737f5f
-fix test-auditor.sh 2022-08-07 13:01:00 +02:00
Christian Grothoff
67a85e4f5f
-initialize expiration time 2022-08-07 12:09:40 +02:00
Christian Grothoff
d651f21fdb
-update DBs 2022-08-06 22:27:02 +02:00
Christian Grothoff
8800d0df9b
-fix schema use 2022-08-06 22:10:33 +02:00
Christian Grothoff
fb5037b8e3
-work on auditor tests 2022-08-06 21:51:39 +02:00
Christian Grothoff
36a6731a1a
-typo 2022-08-06 15:23:44 +02:00
Christian Grothoff
2e74c04dad
-initialize totals 2022-08-06 15:18:39 +02:00
Christian Grothoff
e0a55c4240
-regenerate pre-built DBs 2022-08-06 14:25:49 +02:00
Christian Grothoff
064659c8e9
notes on #7293 2022-08-06 13:56:26 +02:00
Christian Grothoff
c602e11a36
-merge eufin branch (manually) 2022-08-06 13:25:54 +02:00
Christian Grothoff
6834b1290f
-move main oauth2.0 logic into kyclogic plugin 2022-08-05 23:33:48 +02:00
Christian Grothoff
8c5807dc2a
-doxygen 2022-08-05 16:42:20 +02:00
Christian Grothoff
c362023d1b
-add oauth config parsing logic 2022-08-05 16:32:03 +02:00
Christian Grothoff
b533026632
adding kyclogic plugin template 2022-08-05 15:08:47 +02:00
Christian Grothoff
73b099cfd5
-add new KYC amount iteration DB functions 2022-08-05 14:22:08 +02:00
Christian Grothoff
4724867794
-first pass at new KYC DB API 2022-08-05 13:32:27 +02:00
Christian Grothoff
c78331b6c2
-fix FTBFS in taler-exchange-httpd_kyc.c 2022-08-04 12:52:30 +02:00
Christian Grothoff
61f39f0941
-more general KYC logic 2022-08-04 11:36:05 +02:00
Christian Grothoff
266068c96c
work on KYC configuration parsing logic 2022-08-02 12:05:57 +02:00
Christian Grothoff
0835669986
-very basic skeleton for KYC API 2022-08-01 18:09:06 +02:00
Christian Grothoff
9d2033872f
sketch test for #4960 2022-08-01 15:22:27 +02:00
Christian Grothoff
368194badd
implement auditor support for #4960 2022-08-01 13:10:53 +02:00
Christian Grothoff
7698f14d50
-log cause 2022-08-01 11:37:45 +02:00
Christian Grothoff
50f4f2cbbb
-fix log level 2022-08-01 11:13:30 +02:00
Christian Grothoff
6006b63c66
-set RD_ONLY flag 2022-08-01 11:02:25 +02:00
Christian Grothoff
31bfe5234e
-update auditor schema in preparation to fix #4960 2022-07-31 21:54:29 +02:00
Christian Grothoff
af6a9a9546
-implement DB functions for taler-exchange-drain 2022-07-30 23:13:15 +02:00
Christian Grothoff
150917694a
finish taler-exchange-drain implementation 2022-07-30 22:54:21 +02:00
Christian Grothoff
544fbd4fe9
-doxygen 2022-07-30 11:04:45 +02:00
Christian Grothoff
7d4ce3d022
skeleton for taler-exchange-drain command (#4960) 2022-07-30 10:53:36 +02:00
Christian Grothoff
2b160c1569
-fix typos 2022-07-30 10:36:19 +02:00
Christian Grothoff
033a5dc93b
implement taler-auditor-sync support for profit_drains table (#4960) 2022-07-30 10:29:24 +02:00
Christian Grothoff
75888adff2
setup drain_profits table (#4960) 2022-07-30 10:12:48 +02:00
Christian Grothoff
ba0ab58cdd
add /management/drain handler 2022-07-29 11:00:59 +02:00
Christian Grothoff
2056bc82f9
expand taler-exchange-offline and libtalerexchange with management-drain-profits implementation (#4960) 2022-07-29 09:57:10 +02:00
Christian Grothoff
c1b43de5b4
add offline signature to drain profits (#4960) 2022-07-29 09:21:38 +02:00
Christian Grothoff
dc26b2db4c
-ensure single transaction for exchange-0001.sql / shard-0001.sql 2022-07-28 22:27:23 +02:00
Christian Grothoff
5f1d8fc406
-fix prebuilt branch 2022-07-28 22:04:11 +02:00
Christian Grothoff
987f02d6d8
update gana 2022-07-28 22:02:57 +02:00
Christian Grothoff
0f5d6c9653
add search path for auditor restart 2022-07-28 22:00:24 +02:00
Christian Grothoff
4d4955e225
d_ms to d_us 2022-07-27 15:20:16 +02:00
Christian Grothoff
d2ec1bf3cf
move auditor database also into schema 2022-07-25 22:49:59 +02:00
Christian Grothoff
6d2e6d8061
-move everything into schema 2022-07-25 20:18:08 +02:00
Christian Grothoff
de83b055d5
-simplify table drop logic 2022-07-25 19:53:31 +02:00
Christian Grothoff
40858f0952
-unversion stored procedures, always load latest ones 2022-07-24 13:30:33 +02:00
Christian Grothoff
977ddd7bb9
-adapt to latest libgnunetpq 2022-07-24 11:32:52 +02:00
Christian Grothoff
9eaee4c803
-prebuilt branch update 2022-07-21 14:48:21 +02:00
Christian Grothoff
e3eccaeb11
-gana update 2022-07-21 14:47:10 +02:00
Christian Grothoff
e4f4a973f0
-log more on faiure 2022-07-21 12:32:34 +02:00
Christian Grothoff
93b45e62ee
add taler-exchange.slice for taler-exchange wide options (#7209) 2022-07-17 17:03:28 +02:00
Christian Grothoff
acb9cfec58
-remove FIXME, status code is fine 2022-07-11 18:36:34 +02:00
Christian Grothoff
7f7aaa0443
-gana update 2022-07-11 15:16:37 +02:00
Christian Grothoff
6d6ecd9271
-new ECs 2022-07-11 12:47:44 +02:00
Christian Grothoff
4e5193a21f
-fix full refund deposit fee computation in aggregator 2022-07-09 12:14:20 +02:00
Christian Grothoff
45f43fcde7
-remove resolved FIXMEs 2022-07-09 11:28:38 +02:00
Christian Grothoff
1628f0255c
-note fixme 2022-07-08 15:34:09 +02:00
Thien-Thi Nguyen
8c2ee80ae8
rename param
The new name now matches the documentation and the header file.

* src/util/tv_age_restriction.c (age_mask_to_string):
  Rename param from ‘m’ to ‘mask’; update all references.
2022-07-08 00:08:05 -04:00
Thien-Thi Nguyen
15728dbd3e
rename param
The new name now matches the documentation and the header file.

* src/extensions/extension_age_restriction.c (TALER_age_mask_to_string):
  Rename param ‘m’ to ‘mask’; update all references.
2022-07-08 00:07:13 -04:00
38d7ca0871
-fixed doxygen errors 2022-07-07 11:59:06 +02:00
Christian Grothoff
282bbb0b62
-fix typos 2022-07-06 23:08:53 +02:00
Christian Grothoff
faea446c10
-update docs 2022-07-06 23:04:04 +02:00
Christian Grothoff
8220974328
-fix typos 2022-07-06 22:53:21 +02:00
Christian Grothoff
0ad84355d5
fix auditor refund fee calculations 2022-07-06 18:36:51 +02:00
Christian Grothoff
36a8ecd4c4
-implemented bounded history for reserve status requests 2022-07-05 14:25:30 +02:00
Christian Grothoff
bf9b7e168b
it is a POST, and information could change anytime, so caching isn't really a good idea 2022-07-05 13:37:13 +02:00
Christian Grothoff
43662fbb6a
-add safety checks against cmd type confusion 2022-07-05 13:19:09 +02:00
Christian Grothoff
822090e81e
-link to bug 2022-07-05 13:15:29 +02:00
Christian Grothoff
17fde9045d
-link to bug 2022-07-05 13:12:46 +02:00
Christian Grothoff
def8116dd3
-link to bug 2022-07-05 13:09:20 +02:00
Christian Grothoff
644f6014ae
-link to bug 2022-07-05 13:06:31 +02:00
Christian Grothoff
5659ba8675
-simply assert 2022-07-05 13:03:45 +02:00
Christian Grothoff
a01c1acc3c
-actually, incrementing on every error seems fine 2022-07-05 13:01:17 +02:00
Christian Grothoff
7201ce3166
-handle withdraw CS nonce reuse more nicely 2022-07-05 12:56:55 +02:00
Christian Grothoff
82cff16eea
handle idempotency/expiration check in purse_merge 2022-07-05 12:49:03 +02:00
Christian Grothoff
ad612623be
-run read-only transactions in proper read-only scope (at least some of them) 2022-07-05 12:13:58 +02:00
Christian Grothoff
3ff92b9bbc
-deduplicate purse creation confirmation logic 2022-07-05 12:07:27 +02:00
Christian Grothoff
9e5dc2a542
-remove dead argument 2022-07-05 11:50:20 +02:00
Christian Grothoff
75dbf20ced
-annotate bugs 2022-07-05 11:46:02 +02:00
Christian Grothoff
3453126eb7
-resolve minor FIXMEs 2022-07-05 11:17:47 +02:00
Christian Grothoff
615b4621e3
-implement DB logic for forcing reserve close 2022-07-04 23:40:49 +02:00
Christian Grothoff
e68206b1f9
-deduplicate logic 2022-07-04 23:25:51 +02:00
Christian Grothoff
84c78612f3
fix #7265: ensure Debian package cleans up nicely on purge 2022-07-03 13:44:40 +02:00
Thien-Thi Nguyen
dc17320a88
add libtalerexchange.la to _LDADD
* src/benchmark/Makefile.am (taler_bank_benchmark_LDADD): ...here.
2022-07-02 19:06:16 -04:00
Christian Grothoff
ff2eb4f3dd
-fix batch deposit uninit issue 2022-07-02 22:51:45 +02:00
Christian Grothoff
74cf7654e5
-fix batch deposit error handling rvalues 2022-07-02 21:31:36 +02:00
Christian Grothoff
cebf4f11b9
-add test for batch deposits 2022-07-01 15:42:48 +02:00
Christian Grothoff
182c618579
-implement batch deposit testing cmd 2022-07-01 12:05:41 +02:00
Christian Grothoff
9e3fb2302d
-gana merge 2022-07-01 07:22:39 +02:00
Christian Grothoff
085e40bc56
-exchange_api_batch_deposit.c compiles 2022-07-01 07:08:13 +02:00
Christian Grothoff
21551bb4c3
-also add public key for auditor for revoke-basedb.conf 2022-06-30 16:06:50 +02:00
Sebastian
636691e109
fix: /wire was replying double 'Access-Control-Allow-Origin' header and browsers complain 2022-06-30 09:17:46 -03:00
e0e69fd72e
-new error codes for purse deposit failures 2022-06-30 11:14:33 +02:00
aba04fe6be
-added comment with pointer to issue 7267 2022-06-30 10:34:18 +02:00
Thien-Thi Nguyen
4cf70435b2
fix portability bug: make sure destination file is writeable
Some shells let this go w/o comment, some don't.
Better to be sure.

(ensure): If "$dst" exists, make sure it is writeable.
2022-06-30 03:34:54 -04:00
Thien-Thi Nguyen
f377076174
refactor slightly
(ensure): Don't repeat "$src/$fn" and "$dst/$fn";
instead, compute them once as "$src" and "$dst", respectively.
2022-06-30 03:32:29 -04:00
Christian Grothoff
2805018da2
-reduce logging 2022-06-29 20:34:22 +02:00
Christian Grothoff
7fe8d89d75
-update deposit API in preparation for batch deposits 2022-06-29 19:30:12 +02:00
Christian Grothoff
46f4a0f9f2
-batch deposit compiles 2022-06-29 15:16:26 +02:00
Christian Grothoff
bdc4482ac6
first skeleton for batch deposits 2022-06-29 14:39:45 +02:00
Christian Grothoff
dc691eb596
-rename, as logic is purse deposit specific 2022-06-29 14:08:19 +02:00
Christian Grothoff
9902e88b2d
-fix leaks 2022-06-29 14:06:37 +02:00
Christian Grothoff
60a30b1c75
-deduplicate purse deposit logic 2022-06-29 14:01:02 +02:00
9b312aa0f8
version bump due to new /keys response 2022-06-29 13:34:26 +02:00
Christian Grothoff
d382adb2e3
-actually fix compatibility break from Oec 2022-06-29 11:24:14 +02:00
Christian Grothoff
70d9d0b94e
-trying to fix demo 2022-06-29 09:11:41 +02:00
Christian Grothoff
b4c330730d
-trying to fix demo 2022-06-29 09:08:14 +02:00
Christian Grothoff
3b091cd5de
-fix /keys initialization DB logic 2022-06-29 08:31:00 +02:00
Christian Grothoff
09479c5595
-style fix 2022-06-29 08:19:48 +02:00
Christian Grothoff
35f477819c
make sure Debian packages created on Ubuntu 21+ still work with Debian reprepro: force Debian standard compression algorithm 2022-06-28 21:32:03 +02:00
Christian Grothoff
ded7f9ca18
-fix issue with missing signature over denomination and age restriction hash in purse deposit 2022-06-28 20:25:45 +02:00
Christian Grothoff
379c580efc
-comment style 2022-06-28 18:01:19 +02:00
Christian Grothoff
cd583ec030
-add FIXME 2022-06-28 17:21:10 +02:00
Christian Grothoff
2dfcc080a1
-autoupdate 2022-06-28 16:35:27 +02:00
9d75b0745a
-fix typo 2022-06-28 12:29:42 +02:00
Sebastian
6e8be2a0b4
do not depend on umask bits 2022-06-27 16:59:32 -03:00
206c7ec705
-fixes in extension event handler 2022-06-27 18:06:44 +02:00
cddfaf007f
age commitment: json parser helper and support for purses added 2022-06-27 17:38:11 +02:00
87025cfd17
age restriction support in exchange_api_purse_create_with_deposit added 2022-06-27 14:11:46 +02:00
d2537de68c
added documenation to the age-restriction related structures 2022-06-27 11:56:18 +02:00
5633ad5a26
better api for parsing a denomination group 2022-06-27 10:36:13 +02:00
a6544069f9
[new /keys response] added proper hash verification
- Running XOR of all SHA-512 hashes of each denomination's public key is
  compared against the "hash" value in the JSON blob.

- Fixed a bug during creation of the running XOR.
2022-06-27 10:10:51 +02:00
a55fc45126
-fix valgrind complaints 2022-06-26 17:40:10 +02:00
9865febb17
Merge branch 'master' of ssh://git.taler.net/exchange 2022-06-26 17:10:41 +02:00
Christian Grothoff
372a103a80
-more doxygen 2022-06-26 17:09:33 +02:00
Christian Grothoff
2443ee672d
-more typos 2022-06-26 17:09:33 +02:00
Christian Grothoff
7b62174d00
-fix typos 2022-06-26 17:09:30 +02:00
Christian Grothoff
2508d4bb5c
-add missing comments 2022-06-26 17:08:17 +02:00
Christian Grothoff
fd9fc9f0cd
-fix misc doxygen warnings, code clean up 2022-06-26 17:08:17 +02:00
Christian Grothoff
646c410ace
-add auditor_priv_file 2022-06-26 17:08:16 +02:00
Christian Grothoff
5575194afd
-fix path 2022-06-26 17:08:16 +02:00
Christian Grothoff
ea21572b54
-fix path 2022-06-26 17:08:16 +02:00
Christian Grothoff
ce515a1f75
-make econtract optional as per design 2022-06-26 17:08:16 +02:00
31f74059e0
[new /keys response] create and parse denomination implemented
- /keys response now contains signed denomintations
	- hashes of denominations now XOR'ed per group into a single hash-code
	- final hash-code is now XOR of all group hash codes
	- final hash-code is signed

- lib/exchange_api_handle support for new "denominations" implemented
	- parses array of denomation groups
	- creates running xor of hashes
	- verifies signature at the end
	- previous diff/merge logic for keys remains intact.
2022-06-26 16:59:27 +02:00
b39febe36f
-fix/rename this -> new 2022-06-26 15:44:09 +02:00
Christian Grothoff
eb4c765e30
-more doxygen 2022-06-26 15:37:38 +02:00
Christian Grothoff
07be0fd21d
-more typos 2022-06-26 15:05:37 +02:00
Christian Grothoff
3b9e9eed11
-fix typos 2022-06-25 21:50:32 +02:00
Christian Grothoff
76ad5baec7
-add missing comments 2022-06-25 21:18:40 +02:00
Christian Grothoff
5b800f800a
-fix misc doxygen warnings, code clean up 2022-06-25 20:38:31 +02:00
Christian Grothoff
64ad01dba7
-add auditor_priv_file 2022-06-24 13:10:23 +02:00
Christian Grothoff
40856734e8
-fix path 2022-06-24 13:08:57 +02:00
Christian Grothoff
6dfa18c2c4
-fix path 2022-06-24 13:08:27 +02:00
140a54ed08
-cleanup comments 2022-06-24 11:49:28 +02:00
Christian Grothoff
b390d1a6e6
-make econtract optional as per design 2022-06-23 23:09:45 +02:00
1023 changed files with 104025 additions and 71953 deletions

6
.gitignore vendored
View File

@ -162,3 +162,9 @@ po/taler-exchange.pot
po/remove-potcdate.sed po/remove-potcdate.sed
src/include/taler_dbevents.h src/include/taler_dbevents.h
src/bank-lib/taler-exchange-wire-gateway-client src/bank-lib/taler-exchange-wire-gateway-client
src/exchange/taler-exchange-drain
src/kyclogic/taler-exchange-kyc-tester
src/auditor/exchange-httpd-drain.err
src/templating/libmustach.a
contrib/tos/conf.py
contrib/pp/conf.py

2
.gitmodules vendored
View File

@ -7,4 +7,4 @@
branch = prebuilt branch = prebuilt
[submodule "contrib/gana"] [submodule "contrib/gana"]
path = contrib/gana path = contrib/gana
url = https://git.gnunet.org/git/gana.git url = https://git.gnunet.org/gana.git

View File

@ -1,3 +1,9 @@
Sat Nov 5 11:32:45 AM CET 2022
Added support for P2P payments.
Added support for explicit reserve lifetime control.
Added support for age restrictions.
Releasing GNU Taler Exchange 0.9.0. -CG
Fri 03 Sep 2021 07:02:05 PM CEST Fri 03 Sep 2021 07:02:05 PM CEST
Add experimental aggregator sharding logic. -CG Add experimental aggregator sharding logic. -CG

100
README
View File

@ -13,15 +13,14 @@ spend their digital coins. Naturally, each Merchant is different, but
Taler includes code examples to help Merchants integrate Taler as a Taler includes code examples to help Merchants integrate Taler as a
payment system. payment system.
Taler is currently developed by a worldwide group of independent free Taler is currently developed by a worldwide group of independent free software
software developers and the DECENTRALISE team at Inria Rennes. Taler developers and Taler Systems SA. Taler is free software and an official GNU
is free software and a GNU package (https://www.gnu.org/). package (https://www.gnu.org/).
This is an alpha release with a few known bugs, lacking a few This is an alpha release with a few known bugs, lacking a few important
important features, documentation, testing, performance tuning and an features, documentation, testing, performance tuning and an external security
external security audit. However, you can run the code and it largely audit. However, you can run the code and it largely works fine. This package
works fine. that does not work yet. This package also only includes also only includes the Taler exchange, not the other components of the system.
the Taler exchange, not the other components of the system.
Documentation about Taler can be found at https://taler.net/. Documentation about Taler can be found at https://taler.net/.
Our bug tracker is at https://bugs.taler.net/. Our bug tracker is at https://bugs.taler.net/.
@ -63,7 +62,7 @@ src/pq/
-- Postgres-specific utility functions -- Postgres-specific utility functions
src/exchangedb/ src/exchangedb/
-- Exchange database backend (with DB-specific plugins) -- Exchange database backend (with database-specific plugins)
src/exchange/ src/exchange/
-- taler exchange server -- taler exchange server
@ -71,71 +70,50 @@ src/exchange/
src/exchange-tools/ src/exchange-tools/
-- taler exchange helper programs -- taler exchange helper programs
src/exchange-lib/ src/lib/
-- libtalerexchange: C API to issue HTTP requests to exchange -- libtalerexchange: C API to issue HTTP requests to exchange
src/auditor/ src/auditor/
-- tools to generate reports about financial performance and -- tools to generate reports about financial performance and
to validate that the exchange has been operating correctly to validate that the exchange has been operating correctly
src/auditordb/
-- database logic for the auditor component (with database-specific
plugins)
src/benchmark/ src/benchmark/
-- tool to run performance measurements -- tool to run performance measurements
src/templating/
-- logic to generate HTML pages from templates at runtime
src/kyclogic/
-- core logic and plugins to trigger and manage KYC processes
as required by banking regulation
src/bank-lib/
-- bank REST client logic and implementation of an in-memory
RTGS emulator ("fakebank") for testing.
src/extensions/
-- extensions to the core logic of an exchange
src/json/
-- helper functions for generating and parsing JSON
src/mhd/
-- helper functions for interacting with GNU libmicrohttpd
src/curl/
-- helper functions for interacting with libcurl
Getting Started Getting Started
=============== ===============
The following steps illustrate how to set up a exchange HTTP server. Please follow the exchange manual you can view after
They take as a stub for configuring the exchange the content of 'contrib/exchange-template/config/'. installing using
1) Create a 'test/' directory and copy the stubs in it: $ info taler-exchange
mkdir -p test/config/ or by visiting https://docs.taler.net/.
cp exchange/contrib/exchange-template/config/* test/config/
cd test/
2) Create the exchange's master with the tool 'gnunet-ecc':
gnunet-ecc -g1 master.priv
3) Edit config/exchange-common.conf by replacing the right value on the line with the
MASTER_PUBLIC_KEY entry with the fresh generated (ASCII version of) master.priv.
This ASCII version is obtained by issuing:
gnunet-ecc -p master.priv
4) Generate other exchange related keys ('denomination' and 'signing' keys), by issuing:
taler-exchange-keyup -m master.priv -o auditor.in
5) A exchange needs a database to operate, so the following instructions relate to
how to set up PostgreSQL. On debian, the two packages needed are:
* postgresql
* postgresql-client
For other operating systems, please refer to the relevant documentation.
In this settlement, the exchange will use a database called 'talercheck' and will
run under the username through which 'taler-exchange-httpd' is launched. Thus assuming
that this user is 'demo', we need to create a 'demo' role for postgresql and make
him the owner of 'talercheck' database.
To perform these administrative tasks we have to impersonate the 'postgres' (by default,
postgres installation assigns privileges to such a user) user, then connect to the running DBMS.
Issue the following:
su # give your root password
su - postgres
psql # this is the command-line client to the DMBS
# the following lines are SQL
CREATE USER demo;
CREATE DATABASE talercheck OWNER demo;
# quit with CTRL-D
7) If any previous step has been successful, it is now possbile to start up the
exchange web server (by default it will listen on port 4241); issue:
taler-exchange-httpd -d `pwd` # assuming we did not move outside of the 'test' directory

View File

@ -1,4 +1,5 @@
#!/bin/sh #!/bin/sh
# This file is in the public domain.
set -eu set -eu
@ -7,6 +8,12 @@ if ! git --version >/dev/null; then
exit 1 exit 1
fi fi
if ! htmlark --version >/dev/null; then
echo "htmlark not installed"
echo "Run 'pip install htmlark'"
exit 1
fi
echo "$0: Updating submodules" echo "$0: Updating submodules"
echo | git submodule update --init echo | git submodule update --init

View File

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script. # Process this file with autoconf to produce a configure script.
# #
# This file is part of TALER # This file is part of TALER
# Copyright (C) 2014-2021 Taler Systems SA # Copyright (C) 2014-2023 Taler Systems SA
# #
# TALER is free software; you can redistribute it and/or modify it under the # TALER is free software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the Free Software # terms of the GNU General Public License as published by the Free Software
@ -17,7 +17,7 @@
# #
# #
AC_PREREQ([2.69]) AC_PREREQ([2.69])
AC_INIT([taler-exchange], [0.8.5], [taler-bug@gnunet.org]) AC_INIT([taler-exchange],[0.9.1],[taler-bug@gnunet.org])
AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_SRCDIR([src/util/util.c]) AC_CONFIG_SRCDIR([src/util/util.c])
AC_CONFIG_HEADERS([taler_config.h]) AC_CONFIG_HEADERS([taler_config.h])
@ -33,8 +33,6 @@ AM_SILENT_RULES([yes])
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
AC_PROG_AWK AC_PROG_AWK
AC_PROG_CC AC_PROG_CC
# FIXME: AC_PROG_CC_C99 is obsolete, remove for autoconf 2.70
AC_PROG_CC_C99
AC_PROG_OBJC AC_PROG_OBJC
AC_PROG_INSTALL AC_PROG_INSTALL
AC_PROG_LN_S AC_PROG_LN_S
@ -65,6 +63,13 @@ AS_IF([test "x$doc_only" != xyes],[
# Force some CFLAGS # Force some CFLAGS
CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS" CFLAGS="-Wall -Wno-address-of-packed-member $CFLAGS"
TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
AC_SUBST(TALER_LIB_LDFLAGS)
AC_SUBST(TALER_PLUGIN_LDFLAGS)
# Checks for header files. # Checks for header files.
AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h sys/socket.h sys/un.h netinet/in.h netinet/ip.h]) AC_CHECK_HEADERS([stdint.h stdlib.h string.h unistd.h sys/socket.h sys/un.h netinet/in.h netinet/ip.h])
@ -78,6 +83,7 @@ AC_DEFINE_UNQUOTED([NEED_LIBGCRYPT_VERSION], ["$need_libgcrypt_version"],
AM_PATH_LIBGCRYPT([$need_libgcrypt_version]) AM_PATH_LIBGCRYPT([$need_libgcrypt_version])
# should expensive tests be run? # should expensive tests be run?
AC_MSG_CHECKING(whether to run expensive tests) AC_MSG_CHECKING(whether to run expensive tests)
AC_ARG_ENABLE([expensivetests], AC_ARG_ENABLE([expensivetests],
@ -135,20 +141,12 @@ AS_CASE([$with_gnunet],
[no], [AC_MSG_ERROR([--with-gnunet is required])], [no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS" [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"]) CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_util_lib.h], AC_CHECK_HEADERS([gnunet/gnunet_util_lib.h],
[AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)], [AC_CHECK_LIB([gnunetutil], [GNUNET_SCHEDULER_run], libgnunetutil=1)])
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif
#include <gnunet/gnunet_common.h>
#if GNUNET_UTIL_VERSION < 0x00A0104
#fail libgnunetutil is too old
#endif])
AS_IF([test $libgnunetutil != 1], AS_IF([test $libgnunetutil != 1],
[AC_MSG_ERROR([[ [AC_MSG_ERROR([[
*** ***
*** You need libgnunetutil > 0.14.0 to build this program. *** You need libgnunetutil >= 0.19.0 to build this program.
*** (Yes, ">", libgnunetutil 0.14.0 is NOT enough.)
*** This library is part of GNUnet, available at *** This library is part of GNUnet, available at
*** https://gnunet.org *** https://gnunet.org
*** ]])]) *** ]])])
@ -167,11 +165,8 @@ AS_CASE([$with_gnunet],
[no], [AC_MSG_ERROR([--with-gnunet is required])], [no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS" [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"]) CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_json_lib.h], AC_CHECK_HEADERS([gnunet/gnunet_json_lib.h],
[AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)], [AC_CHECK_LIB([gnunetjson], [GNUNET_JSON_parse], libgnunetjson=1)])
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AS_IF([test $libgnunetjson != 1], AS_IF([test $libgnunetjson != 1],
[AC_MSG_ERROR([[ [AC_MSG_ERROR([[
*** ***
@ -233,11 +228,8 @@ AS_CASE([$with_gnunet],
[no], [AC_MSG_ERROR([--with-gnunet is required])], [no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS" [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"]) CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_curl_lib.h], AC_CHECK_HEADERS([gnunet/gnunet_curl_lib.h],
[AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)], [AC_CHECK_LIB([gnunetcurl], [GNUNET_CURL_get_select_info], libgnunetcurl=1)])
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AS_IF([test $libgnunetcurl != 1], AS_IF([test $libgnunetcurl != 1],
[AC_MSG_ERROR([[ [AC_MSG_ERROR([[
*** ***
@ -252,6 +244,21 @@ CFLAGS=$CFLAGS_SAVE
LDFLAGS=$LDFLAGS_SAVE LDFLAGS=$LDFLAGS_SAVE
LIBS=$LIBS_SAVE LIBS=$LIBS_SAVE
# test for postgres
AX_LIB_POSTGRESQL([13.0])
AS_IF([test "x$found_postgresql" = "xyes"],
[SAVE_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$POSTGRES_CPPFLAGS $CPPFLAGS"
AC_CHECK_HEADERS([libpq-fe.h], [postgres=1], [postgres=0])])
AS_IF([test "x$postgres" != "x1"],
[AC_MSG_ERROR([[
***
*** You need libpq(-dev) >= 13.0 to build this program.
*** ]])])
AM_CONDITIONAL([HAVE_POSTGRESQL], [test "x$postgres" = "x1"])
AC_DEFINE_UNQUOTED([HAVE_POSTGRESQL], [$postgres],
[Define to 1 if Postgres is available])
# Check for GNUnet's libgnunetpq. # Check for GNUnet's libgnunetpq.
libgnunetpq=0 libgnunetpq=0
AC_MSG_CHECKING([for libgnunetpq]) AC_MSG_CHECKING([for libgnunetpq])
@ -264,12 +271,10 @@ AS_CASE([$with_gnunet],
[yes], [], [yes], [],
[no], [AC_MSG_ERROR([--with-gnunet is required])], [no], [AC_MSG_ERROR([--with-gnunet is required])],
[LDFLAGS="-L$with_gnunet/lib $LDFLAGS" [LDFLAGS="-L$with_gnunet/lib $LDFLAGS"
CPPFLAGS="-I$with_gnunet/include $CPPFLAGS"]) CPPFLAGS="-I$with_gnunet/include ${CPPFLAGS}"])
AC_CHECK_HEADERS([gnunet/platform.h gnunet/gnunet_pq_lib.h], CPPFLAGS="${CPPFLAGS} ${POSTGRESQL_CPPFLAGS}"
[AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)], AC_CHECK_HEADERS([gnunet/gnunet_pq_lib.h],
[], [#ifdef HAVE_GNUNET_PLATFORM_H [AC_CHECK_LIB([gnunetpq], [GNUNET_PQ_result_spec_string], libgnunetpq=1)])
#include <gnunet/platform.h>
#endif])
AS_IF([test $libgnunetpq != 1], AS_IF([test $libgnunetpq != 1],
[AC_MSG_ERROR([[ [AC_MSG_ERROR([[
*** ***
@ -279,15 +284,15 @@ AS_IF([test $libgnunetpq != 1],
*** is recent!) *** is recent!)
*** ]])]) *** ]])])
CFLAGS_SAVE=$CFLAGS
LDFLAGS_SAVE=$LDFLAGS
LIBS_SAVE="$LIBS"
# Check for GNUnet's libgnunetsq # Check for GNUnet's libgnunetsq
libgnunetsq=0 libgnunetsq=0
AC_MSG_CHECKING([for libgnunetsq]) AC_MSG_CHECKING([for libgnunetsq])
AC_CHECK_HEADERS([gnunet/gnunet_sq_lib.h], AC_CHECK_HEADERS([gnunet/gnunet_sq_lib.h],
[AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)], [AC_CHECK_LIB([gnunetsq], [GNUNET_SQ_result_spec_string], libgnunetsq=1)])
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
# check for libmicrohttpd # check for libmicrohttpd
@ -326,22 +331,6 @@ AS_IF([test $jansson = 0],
*** ]])]) *** ]])])
# test for postgres
AX_LIB_POSTGRESQL([13.0])
AS_IF([test "x$found_postgresql" = "xyes"],[postgres=true])
TALER_LIB_LDFLAGS="-export-dynamic -no-undefined"
TALER_PLUGIN_LDFLAGS="-export-dynamic -avoid-version -module -no-undefined"
AC_SUBST(TALER_LIB_LDFLAGS)
AC_SUBST(TALER_PLUGIN_LDFLAGS)
CFLAGS_SAVE=$CFLAGS
LDFLAGS_SAVE=$LDFLAGS
LIBS_SAVE="$LIBS"
AM_CONDITIONAL(HAVE_POSTGRESQL, test x$postgres = xtrue)
CFLAGS=$CFLAGS_SAVE CFLAGS=$CFLAGS_SAVE
LDFLAGS=$LDFLAGS_SAVE LDFLAGS=$LDFLAGS_SAVE
@ -391,10 +380,7 @@ AS_CASE([$with_twister],
CPPFLAGS="-I$with_twister/include $CPPFLAGS"]) CPPFLAGS="-I$with_twister/include $CPPFLAGS"])
AC_CHECK_HEADERS([taler/taler_twister_service.h], AC_CHECK_HEADERS([taler/taler_twister_service.h],
[AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)], [AC_CHECK_LIB([talertwister], [TALER_TWISTER_connect], talertwister=1)])
[], [#ifdef HAVE_GNUNET_PLATFORM_H
#include <gnunet/platform.h>
#endif])
AM_CONDITIONAL(HAVE_TWISTER, test x$talertwister = x1) AM_CONDITIONAL(HAVE_TWISTER, test x$talertwister = x1)
# should developer logic be compiled (not-for-production code)? # should developer logic be compiled (not-for-production code)?
@ -534,7 +520,9 @@ AC_CONFIG_FILES([Makefile
src/exchangedb/Makefile src/exchangedb/Makefile
src/exchange-tools/Makefile src/exchange-tools/Makefile
src/extensions/Makefile src/extensions/Makefile
src/extensions/age_restriction/Makefile
src/lib/Makefile src/lib/Makefile
src/kyclogic/Makefile
src/testing/Makefile src/testing/Makefile
src/benchmark/Makefile src/benchmark/Makefile
src/include/Makefile src/include/Makefile
@ -542,6 +530,7 @@ AC_CONFIG_FILES([Makefile
src/mhd/Makefile src/mhd/Makefile
src/pq/Makefile src/pq/Makefile
src/sq/Makefile src/sq/Makefile
src/templating/Makefile
src/util/Makefile src/util/Makefile
]) ])
AC_OUTPUT AC_OUTPUT

View File

@ -1,5 +1,21 @@
SUBDIRS = . SUBDIRS = .
tmplpkgdatadir = $(prefix)/share/taler/exchange/templates/
dist_tmplpkgdata_DATA = \
persona-exchange-unauthorized.en.must \
persona-load-failure.en.must \
persona-exchange-unpaid.en.must \
persona-logic-failure.en.must \
persona-invalid-response.en.must \
persona-network-timeout.en.must \
persona-kyc-failed.en.must \
persona-provider-failure.en.must
# %%.must: merchant-backoffice/%.html
# WTF: cp $< $@
# English (en) # English (en)
tosendir=$(datadir)/taler/exchange/tos/en tosendir=$(datadir)/taler/exchange/tos/en
@ -9,18 +25,20 @@ ppendir=$(datadir)/taler/exchange/pp/en
rdatadir=$(datadir)/taler/exchange rdatadir=$(datadir)/taler/exchange
tosen_DATA = \ tosen_DATA = \
tos/en/0.txt \ tos/en/*.txt \
tos/en/0.pdf \ tos/en/*.md \
tos/en/0.epub \ tos/en/*.pdf \
tos/en/0.xml \ tos/en/*.epub \
tos/en/0.html tos/en/*.xml \
tos/en/*.html
ppen_DATA = \ ppen_DATA = \
pp/en/0.txt \ pp/en/*.txt \
pp/en/0.pdf \ pp/en/*.md \
pp/en/0.epub \ pp/en/*.pdf \
pp/en/0.xml \ pp/en/*.epub \
pp/en/0.html pp/en/*.xml \
pp/en/*.html
rdata_DATA = \ rdata_DATA = \
auditor-report.tex.j2 auditor-report.tex.j2
@ -40,13 +58,14 @@ EXTRA_DIST = \
gana/gnu-taler-error-codes/Makefile \ gana/gnu-taler-error-codes/Makefile \
tos/Makefile \ tos/Makefile \
tos/README \ tos/README \
tos/tos.rst \ tos/bfh-v0.rst \
tos/conf.py \ tos/tos-v0.rst \
tos/conf.py.in \
tos/locale/de/LC_MESSAGES/tos.po \ tos/locale/de/LC_MESSAGES/tos.po \
pp/Makefile \ pp/Makefile \
pp/README \ pp/README \
pp/pp.rst \ pp/pp-v0.rst \
pp/conf.py \ pp/conf.py.in \
pp/locale/de/LC_MESSAGES/pp.po \ pp/locale/de/LC_MESSAGES/pp.po \
$(rdata_DATA) \ $(rdata_DATA) \
coverage.sh \ coverage.sh \
@ -59,10 +78,10 @@ TOS_LANGUAGES="en de"
PP_LANGUAGES="en de" PP_LANGUAGES="en de"
# Change the terms-of-service version (Etag) to generate here! # Change the terms-of-service version (Etag) to generate here!
# This value should be incremented whenever there is a substantive # This value should be modified whenever there is a substantive
# change in the original text (but not for the translations). # change in the original text (but not for the translations).
TOS_VERSION=0 TOS_VERSION=tos-v0
PP_VERSION=0 PP_VERSION=pp-v0
update-tos: update-tos:
VERSION=$(TOS_VERSION) ./update-tos.sh $(TOS_LANGUAGES) VERSION=$(TOS_VERSION) ./update-tos.sh $(TOS_LANGUAGES)

View File

@ -139,6 +139,10 @@ In that time, the wire auditor processed the following table ranges:
{% endif %} {% endif %}
\end{center} \end{center}
The total credits to the exchange processed in
this audit run was {\bf {{ wire.total_wire_in }}}.
The total debits initiated by the exchange processed in
this audit run was {\bf {{ wire.total_wire_out }}}.
\section{Operations} \section{Operations}
@ -146,6 +150,16 @@ The balance of the escrow account should
be {\bf {{ coins.total_escrow_balance }}} (coins) be {\bf {{ coins.total_escrow_balance }}} (coins)
plus {\bf {{ reserves.total_escrow_balance }}} (reserves). plus {\bf {{ reserves.total_escrow_balance }}} (reserves).
\noindent
This should match the final balance computed from
ingoing and outgoing wire transfers, which is
{\bf {{ wire.final_balance}} }.
\noindent
A total of {\bf {{ wire.total_drained}} } in profits
were transferred (over the lifetime of the exchange)
to non-escrowed accounts.
\noindent \noindent
The active operational risk stands at The active operational risk stands at
{\bf {{ coins.total_active_risk }}}. {\bf {{ coins.total_active_risk }}}.
@ -155,9 +169,8 @@ Loss (actualized risk from recoups) is
{\bf {{ coins.total_recoup_loss }}}. {\bf {{ coins.total_recoup_loss }}}.
\noindent \noindent
Recoups of non-revoked coins are at Losses from irregular reserve operations are at
{\bf {{ coins.total_irregular_recoups }}} (coins) {\bf {{ reserves.total_irregular_loss }}} (reserves).
plus {\bf {{ reserves.total_irregular_recoups }}} (reserves).
\section{Income} \section{Income}
@ -304,8 +317,8 @@ confirmations to the auditor directly, so if the exchange is slow at
synchronizing its database with the auditor, some deposit synchronizing its database with the auditor, some deposit
confirmations may be known at the auditor only directly. However, any confirmations may be known at the auditor only directly. However, any
delta not accounted for by database synchronization delays is an delta not accounted for by database synchronization delays is an
indicator of a malicious exchange (or online singing key compromise) indicator of a malicious exchange (or online signing key compromise)
and should be answered by revoking the exchange's online siging keys. and should be answered by revoking the exchange's online signing keys.
% TODO: maybe reference PhD thesis on this? % TODO: maybe reference PhD thesis on this?
The total amount the exchange currently lags behind is The total amount the exchange currently lags behind is
@ -599,7 +612,7 @@ compromise resulting in proportional financial losses to the exchange.
\endfoot \endfoot
\hline \hline
{\bf Total loss} & {\bf Total loss} &
{{ reserves.total_loss_balance_insufficient }} \\ {{ reserves.total_irregular_loss }} \\
\caption{Reserves with withdrawals higher than reserve funding.} \caption{Reserves with withdrawals higher than reserve funding.}
\label{table:reserve:balance_insufficient} \label{table:reserve:balance_insufficient}
\endlastfoot \endlastfoot
@ -768,7 +781,7 @@ invalid and the amount involved should be considered lost.
\endfoot \endfoot
\hline \hline
\multicolumn{2}{l}{ {\bf Total losses} } & \multicolumn{2}{l}{ {\bf Total losses} } &
{\bf {{ coins.total_bad_sig_loss}} } \\ {\bf {{ coins.irregular_loss}} } \\
\caption{Losses from operations performed on coins without proper signatures.} \caption{Losses from operations performed on coins without proper signatures.}
\label{table:bad_signature_losses} \label{table:bad_signature_losses}
\endlastfoot \endlastfoot
@ -887,7 +900,7 @@ actually received in some reserves.
{% endif %} {% endif %}
\subsection{Missattributed incoming wire transfers} \subsection{Misattributed incoming wire transfers}
This section lists cases where the sender account record of an This section lists cases where the sender account record of an
incoming wire transfer differs between the exchange and the bank. incoming wire transfer differs between the exchange and the bank.
@ -897,7 +910,7 @@ account.
% Table generation tested by testcase #9 in test-auditor.sh % Table generation tested by testcase #9 in test-auditor.sh
{% if wire.missattribution_in_inconsistencies|length() == 0 %} {% if wire.misattribution_in_inconsistencies|length() == 0 %}
{\bf All incoming wire transfer sender accounts matched up.} {\bf All incoming wire transfer sender accounts matched up.}
{% else %} {% else %}
\begin{longtable}{p{8.5cm}|r} \begin{longtable}{p{8.5cm}|r}
@ -912,11 +925,11 @@ account.
\endfoot \endfoot
\hline \hline
{\bf Total amount} & {\bf Total amount} &
{{ wire.total_missattribution_in}} \\ {{ wire.total_misattribution_in}} \\
\caption{Incoming wire transfer sender accounts not matching up.} \caption{Incoming wire transfer sender accounts not matching up.}
\label{table:wire_in:sender_account_inconsistencies} \label{table:wire_in:sender_account_inconsistencies}
\endlastfoot \endlastfoot
{% for item in wire.missattribution_in_inconsistencies %} {% for item in wire.misattribution_in_inconsistencies %}
{\tt \small \truncate{8.3cm}{ {{ item.reserve_pub }} } } & {\tt \small \truncate{8.3cm}{ {{ item.reserve_pub }} } } &
{{ item.amount }} \\ \hline {{ item.amount }} \\ \hline
{% endfor %} {% endfor %}
@ -928,7 +941,7 @@ account.
\subsection{Actual outgoing wire transfers} \label{sec:wire_check_out} \subsection{Actual outgoing wire transfers} \label{sec:wire_check_out}
This section highlights cases where the exchange missbehaved This section highlights cases where the exchange misbehaved
with respect to outgoing wire transfers. with respect to outgoing wire transfers.
% Table generation tested by testcase #11 in test-auditor.sh % Table generation tested by testcase #11 in test-auditor.sh
@ -974,10 +987,10 @@ with respect to outgoing wire transfers.
\subsection{Denominations without auditor signature} \subsection{Denominations without auditor signature}
This section highlights denomination keys that lack a proper This section highlights denomination keys that lack a proper
signature from the {\t taler-auditor-offline} tool. This may be signature from the {\tt taler-auditor-offline} tool. This may be
legitimate, say in case where the auditor's involvement in the legitimate, say in case where the auditor's involvement in the
exchange business is ending and a new auditor is responsible for exchange business is ending and a new auditor is responsible for
future denomnations. So this must be read with a keen eye on the future denominations. So this must be read with a keen eye on the
business situation. business situation.
@ -1093,7 +1106,7 @@ have a clear financial impact.
{{ item.row }} & {{ item.row }} &
{{ item.diagnostic }} \\ {{ item.diagnostic }} \\
\nopagebreak \nopagebreak
\multicolumn{3}{l}{ {\tiny {\tt \truncate{\textwidth}{ {{ item.wire_offset_hash }} } } } } \\ \hline \multicolumn{3}{l}{ {\tiny {\tt \truncate{\textwidth}{ {{ item.id }} } } } } \\ \hline
{% endfor %} {% endfor %}
\end{longtable} \end{longtable}
{% endif %} {% endif %}

@ -1 +1 @@
Subproject commit 75c838e74c41bf9a6c02cdfe8109a444056bf26d Subproject commit 832685b6a942a6ebbec8e1e5b8c33b6b85b0a727

View File

@ -1,4 +1,6 @@
#!/bin/sh #!/bin/sh
# This file is in the public domain.
#
# Helper script to recompute error codes based on submodule # Helper script to recompute error codes based on submodule
# Run from exchange/ main directory. # Run from exchange/ main directory.
set -eu set -eu
@ -17,13 +19,14 @@ ensure ()
# $2 -- src dir under contrib/ # $2 -- src dir under contrib/
# $3 -- dst dir under ./ # $3 -- dst dir under ./
fn="$1" fn="$1"
src="contrib/$2" src="contrib/$2/$fn"
dst="./$3" dst="./$3/$fn"
if ! diff $src/$fn $dst/$fn > /dev/null if ! diff $src $dst > /dev/null
then then
cp $src/$fn $dst/$fn test ! -f $dst || chmod +w $dst
chmod -w $dst/$fn cp $src $dst
chmod -w $dst
fi fi
} }

View File

@ -22,6 +22,12 @@
<anchorfile>microhttpd.h</anchorfile> <anchorfile>microhttpd.h</anchorfile>
<arglist></arglist> <arglist></arglist>
</member> </member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_UNAVAILABLE_FOR_LEGAL_REASONS</name>
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define"> <member kind="define">
<type>#define</type> <type>#define</type>
<name>MHD_HTTP_BAD_REQUEST</name> <name>MHD_HTTP_BAD_REQUEST</name>
@ -64,6 +70,12 @@
<anchorfile>microhttpd.h</anchorfile> <anchorfile>microhttpd.h</anchorfile>
<arglist></arglist> <arglist></arglist>
</member> </member>
<member kind="define">
<type>#define</type>
<name>MHD_HTTP_NETWORK_AUTHENTICATION_REQUIRED</name>
<anchorfile>microhttpd.h</anchorfile>
<arglist></arglist>
</member>
<member kind="define"> <member kind="define">
<type>#define</type> <type>#define</type>
<name>MHD_HTTP_GONE</name> <name>MHD_HTTP_GONE</name>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC server refused access</title>
</head>
<body>
The KYC backend refused the authorization code used by the exchange operator. Please inform the exchange operator about this failure.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC credit exhausted</title>
</head>
<body>
The KYC backend refused the process as the exchange operator's credit balance at the KYC provider is insufficient. Please inform the exchange operator about this failure.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC provider returned unexpected response</title>
</head>
<body>
The KYC backend returned an unexpected response.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -0,0 +1,20 @@
<html>
<head>
<title>KYC authentication failed</title>
</head>
<body>
You failed the KYC check. See below for details.
<!-- {{kyc_logic}} indicates the type of KYC provider
which generated the reply; for now, only
"kycaid" is possible. Switch on the
{{kyc_logic}} to render results in a provider-specific
way. (or introduce new templates per provider?) -->
<!-- TODO: figure out exactly what the
format of 'verifications' is here
based on KYCAID documentation and parse
that here. -->
<pre>
{{ verifications }}
</pre>
</body>
</html>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC provider rate limit reached</title>
</head>
<body>
The KYC backend interaction ran into a rate limit.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC server interaction failed</title>
</head>
<body>
The KYC backend returned a response indicating a problem with the exchange logic. Please inform the exchange operator about this failure.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC provider timeout</title>
</head>
<body>
The KYC backend interaction ran into a timeout.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -0,0 +1,13 @@
<html>
<head>
<title>KYC provider had an internal error</title>
</head>
<body>
The KYC backend had an internal error.
<pre>
{{ kyc_http_status }}
{{ kyc_logic }}
{{ kyc_server_reply }}
</pre>
</body>
</html>

View File

@ -1,6 +1,6 @@
""" """
This file is part of GNU TALER. This file is part of GNU TALER.
Copyright (C) 2014-2020 Taler Systems SA Copyright (C) 2014-2022 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Lesser General Public License as published by the Free Software terms of the GNU Lesser General Public License as published by the Free Software
@ -68,20 +68,20 @@ source_suffix = {
#source_encoding = 'utf-8-sig' #source_encoding = 'utf-8-sig'
# The master toctree document. # The master toctree document.
master_doc = 'pp' master_doc = '%VERSION%'
# General information about the project. # General information about the project.
project = u'pp' project = u'%VERSION%'
copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)' copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
# The version info for the project you're documenting, acts as replacement for # The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the # |version| and |release|, also used in various other places throughout the
# built documents. # built documents.
# #
# The short X.Y version. # The short X.Y version.
version = '0' version = '%VERSION%'
# The full version, including alpha/beta/rc tags. # The full version, including alpha/beta/rc tags.
release = '0' release = '%VERSION%'
# The language for content autogenerated by Sphinx. Refer to documentation # The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages. # for a list of supported languages.
@ -192,7 +192,7 @@ html_short_title = "Privacy Policy"
#html_domain_indices = True #html_domain_indices = True
# If false, no index is generated. # If false, no index is generated.
#html_use_index = True html_use_index = True
# If true, the index is split into individual pages for each letter. # If true, the index is split into individual pages for each letter.
#html_split_index = False #html_split_index = False
@ -231,7 +231,7 @@ latex_elements = {
# (source start file, target name, title, # (source start file, target name, title,
# author, documentclass [howto, manual, or own class]). # author, documentclass [howto, manual, or own class]).
latex_documents = [ latex_documents = [
('pp', 'pp.tex', ('%VERSION%', '%VERSION%.tex',
'Privacy Policy', 'GNU Taler team', 'manual'), 'Privacy Policy', 'GNU Taler team', 'manual'),
] ]
@ -277,6 +277,6 @@ latex_documents = [
# -- Options for epub output ---------------------------- # -- Options for epub output ----------------------------
epub_basename = "pp" epub_basename = "%VERSION%"
epub_title = "Privacy Policy" epub_title = "Privacy Policy"

Binary file not shown.

View File

@ -1,211 +0,0 @@
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Privacy Policy &#8212; Taler Privacy Policy</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/epub.css" type="text/css" />
<script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/doctools.js"></script>
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="privacy-policy">
<h1>Privacy Policy<a class="headerlink" href="#privacy-policy" title="Permalink to this headline"></a></h1>
<p>Last Updated: 11.12.2019</p>
<p>This Privacy Policy describes the policies and procedures of Taler Systems SA
(“we,” “our,” or “us”) pertaining to the collection, use, and disclosure of
your information on our sites and related mobile applications and products we
offer (the “Services” or “Taler Wallet”). This Privacy Statement applies to
your personal data when you use our Services, and does not apply to online
websites or services that we do not own or control.</p>
<div class="section" id="overview">
<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline"></a></h2>
<p>Your privacy is important to us. We follow a few fundamental principles: We
dont ask you for personally identifiable information (defined below). That
being said, your contact information, such as your phone number, social media
handle, or email address (depending on how you contact us), may be collected
when you communicate with us, for example to report a bug or other error
related to the Taler Wallet. We dont share your information with third
parties except when strictly required to deliver you our Services and
products, or to comply with the law. If you have any questions or concerns
about this policy, please reach out to us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>.</p>
</div>
<div class="section" id="how-you-accept-this-policy">
<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline"></a></h2>
<p>By using our Services or visiting our sites, you agree to the use, disclosure,
and procedures outlined in this Privacy Policy.</p>
</div>
<div class="section" id="what-personal-information-do-we-collect-from-our-users">
<h2>What personal information do we collect from our users?<a class="headerlink" href="#what-personal-information-do-we-collect-from-our-users" title="Permalink to this headline"></a></h2>
<p>The information we collect from you falls into two categories: (i) personally
identifiable information (i.e., data that could potentially identify you as an
individual) (“Personal Information”), and (ii) non-personally identifiable
information (i.e., information that cannot be used to identify who you are)
(“Non-Personal Information”). This Privacy Policy covers both categories and
will tell you how we might collect and use each type.</p>
<p>We do our best to not collect any Personal Information from Taler Wallet
users. We believe that the Taler Wallet never transmits personal information
to our services without at least clear implied consent, and we only process
and retain information with a strict business need. That being said, when
using our Services, we inherently have to collect the following information:</p>
<blockquote>
<div><ul class="simple">
<li><p>Bank account details necessary when receiving funds from you to top-up your wallet or to transfer funds to you when you are being paid via Taler. At the current experimental stage, only the pseudonym and password you entered in the bank demonstrator is stored.</p></li>
<li><p>The amounts being withdrawn or deposited, with associated unique transaction identifiers and cryptographic signatures authorizing the transaction. Note that for purchases, we cannot identify the buyer from the collected data, so when you spend money, we only receive non-personal information.</p></li>
<li><p>When you contact us. We may collect certain information if you choose to contact us, for example to report a bug or other error with the Taler Wallet. This may include contact information such as your name, email address or phone number depending on the method you choose to contact us.</p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="how-we-collect-and-process-information">
<h2>How we collect and process information<a class="headerlink" href="#how-we-collect-and-process-information" title="Permalink to this headline"></a></h2>
<p>We may process your information for the following reasons:</p>
<blockquote>
<div><ul class="simple">
<li><p>to transfer money as specified by our users (Taler transactions);</p></li>
<li><p>to assist government entities in linking income to the underlying contract as required by law and local regulations</p></li>
<li><p>to support you using the Taler Wallet or to improve our Services</p></li>
</ul>
</div></blockquote>
</div>
<div class="section" id="how-we-share-and-use-the-information-we-gather">
<h2>How we share and use the information we gather<a class="headerlink" href="#how-we-share-and-use-the-information-we-gather" title="Permalink to this headline"></a></h2>
<p>We may share your Personal Data or other information about you only if you are
a merchant receiving income, with your bank, to the degree necessary to
execute the payment.</p>
<p>We retain Personal Data to transfer funds to the accounts designated by our
users. We may retain Personal Data only for as long as mandated by law and
required for the wire transfers.</p>
<p>We primarily use the limited information we receive directly from you to
enhance the Taler Wallet. Some ways we may use your Personal Information are
to: Contact you when necessary to respond to your comments, answer your
questions, or obtain additional information on issues related to bugs or
errors with the Taler Wallet that you reported.</p>
</div>
<div class="section" id="agents-or-third-party-partners">
<h2>Agents or third party partners<a class="headerlink" href="#agents-or-third-party-partners" title="Permalink to this headline"></a></h2>
<p>We may provide your Personal Information to our employees, contractors,
agents, service providers, and designees (“Agents”) to enable them to perform
certain services for us exclusively, including: improvement and maintenance of
our software and Services.</p>
</div>
<div class="section" id="protection-of-us-and-others">
<h2>Protection of us and others<a class="headerlink" href="#protection-of-us-and-others" title="Permalink to this headline"></a></h2>
<p>We reserve the right to access, read, preserve, and disclose any information
that we reasonably believe is necessary to comply with the law or a court
order.</p>
</div>
<div class="section" id="what-personal-information-can-i-access-or-change">
<h2>What personal information can I access or change?<a class="headerlink" href="#what-personal-information-can-i-access-or-change" title="Permalink to this headline"></a></h2>
<p>You can request access to the information we have collected from you. You can
do this by contacting us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a>. We will make sure to
provide you with a copy of the data we process about you. To comply with your
request, we may ask you to verify your identity. We will fulfill your request
by sending your copy electronically. For any subsequent access request, we may
charge you with an administrative fee. If you believe that the information we
have collected is incorrect, you are welcome to contact us so we can update it
and keep your data accurate. Any data that is no longer needed for purposes
specified in the “How We Use the Information We Gather” section will be
deleted after ninety (90) days.</p>
</div>
<div class="section" id="what-are-your-data-protection-rights">
<h2>What are your data protection rights?<a class="headerlink" href="#what-are-your-data-protection-rights" title="Permalink to this headline"></a></h2>
<p>Anastasis would like to make sure you are fully aware of all of your
data protection rights. Every user is entitled to the following:</p>
<dl class="simple">
<dt><strong>The right to access</strong>: You have the right to request Anastasis for</dt><dd><p>copies of your personal data. We may charge you a small fee for this
service.</p>
</dd>
</dl>
<p><strong>The right to rectification</strong>: You have the right to request that
Anastasis correct any information you believe is inaccurate. You also
have the right to request Anastasis to complete information you
believe is incomplete. The right to erasure - You have the right to
request that Anastasis erase your personal data, under certain
conditions.</p>
<dl class="simple">
<dt><strong>The right to restrict processing</strong>: You have the right to request</dt><dd><p>that Anastasis restrict the processing of your personal data, under
certain conditions.</p>
</dd>
<dt><strong>The right to object to processing</strong>: You have the right to object to</dt><dd><p>Anastasiss processing of your personal data, under certain
conditions.</p>
</dd>
<dt><strong>The right to data portability</strong>: You have the right to request that</dt><dd><p>Anastasis transfer the data that we have collected to another
organization, or directly to you, under certain conditions.</p>
</dd>
</dl>
<p>If you make a request, we have one month to respond to you. If you
would like to exercise any of these rights, please contact us at our
email: <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;com">privacy<span>&#64;</span>taler-systems<span>&#46;</span>com</a></p>
<p>You can always contact your local data protection authority to enforce
your rights.</p>
</div>
<div class="section" id="data-retention">
<h2>Data retention<a class="headerlink" href="#data-retention" title="Permalink to this headline"></a></h2>
<p>If you uninstall the Taler Wallet mobile applications from your device, or
request that your information be deleted, we still may retain some information
that you have provided to us to maintain the Taler Wallet or to comply with
relevant laws.</p>
</div>
<div class="section" id="data-security">
<h2>Data security<a class="headerlink" href="#data-security" title="Permalink to this headline"></a></h2>
<p>We are committed to making sure your information is protected. We employ
several physical and electronic safeguards to keep your information safe,
including encrypted user passwords, two factor verification and authentication
on passwords where possible, and securing connections with industry standard
transport layer security. You are also welcome to contact us using GnuPG
encrypted e-mail. Even with all these precautions, we cannot fully guarantee
against the access, disclosure, alteration, or deletion of data through
events, including but not limited to hardware or software failure or
unauthorized use. Any information that you provide to us is done so entirely
at your own risk.</p>
</div>
<div class="section" id="changes-and-updates-to-privacy-policy">
<h2>Changes and updates to privacy policy<a class="headerlink" href="#changes-and-updates-to-privacy-policy" title="Permalink to this headline"></a></h2>
<p>We reserve the right to update and revise this privacy policy at any time. We
occasionally review this Privacy Policy to make sure it complies with
applicable laws and conforms to changes in our business. We may need to update
this Privacy Policy, and we reserve the right to do so at any time. If we do
revise this Privacy Policy, we will update the “Effective Date” at the bottom
of this page so that you can tell if it has changed since your last visit. As
we generally do not collect contact information and also do not track your
visits, we will not be able to notify you directly. However, the Taler Wallet
may inform you about a change in the privacy policy once it detects that the
policy has changed. Please review this Privacy Policy regularly to ensure that
you are aware of its terms. Any use of our Services after an amendment to our
Privacy Policy constitutes your acceptance to the revised or amended
agreement.</p>
</div>
<div class="section" id="international-users-and-visitors">
<h2>International users and visitors<a class="headerlink" href="#international-users-and-visitors" title="Permalink to this headline"></a></h2>
<p>Our Services are hosted in Switzerland. If you are a user accessing the
Services from the European Union, Asia, US, or any other region with laws or
regulations governing personal data collection, use, and disclosure that
differ from Swiss laws, please be advised that through your continued use of
the Services, which is governed by Swiss law, you are transferring your
Personal Information to Switzerland and you consent to that transfer.</p>
</div>
<div class="section" id="questions">
<h2>Questions<a class="headerlink" href="#questions" title="Permalink to this headline"></a></h2>
<p>Please contact us at <a class="reference external" href="mailto:privacy&#37;&#52;&#48;taler-systems&#46;net">privacy<span>&#64;</span>taler-systems<span>&#46;</span>net</a> if you have questions about our
privacy practices that are not addressed in this Privacy Statement.</p>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>

BIN
contrib/pp/en/pp-v0.epub Normal file

Binary file not shown.

205
contrib/pp/en/pp-v0.html Normal file

File diff suppressed because one or more lines are too long

237
contrib/pp/en/pp-v0.txt Normal file
View File

@ -0,0 +1,237 @@
Privacy Policy
**************
Last Updated: 11.12.2019
This Privacy Policy describes the policies and procedures of Taler
Systems SA (“we,” “our,” or “us”) pertaining to the collection, use,
and disclosure of your information on our sites and related mobile
applications and products we offer (the “Services” or “Taler Wallet”).
This Privacy Statement applies to your personal data when you use our
Services, and does not apply to online websites or services that we do
not own or control.
Overview
========
Your privacy is important to us. We follow a few fundamental
principles: We dont ask you for personally identifiable information
(defined below). That being said, your contact information, such as
your phone number, social media handle, or email address (depending on
how you contact us), may be collected when you communicate with us,
for example to report a bug or other error related to the Taler
Wallet. We dont share your information with third parties except when
strictly required to deliver you our Services and products, or to
comply with the law. If you have any questions or concerns about this
policy, please reach out to us at privacy@taler-systems.net.
How you accept this policy
==========================
By using our Services or visiting our sites, you agree to the use,
disclosure, and procedures outlined in this Privacy Policy.
What personal information do we collect from our users?
=======================================================
The information we collect from you falls into two categories: (i)
personally identifiable information (i.e., data that could potentially
identify you as an individual) (“Personal Information”), and (ii) non-
personally identifiable information (i.e., information that cannot be
used to identify who you are) (“Non-Personal Information”). This
Privacy Policy covers both categories and will tell you how we might
collect and use each type.
We do our best to not collect any Personal Information from Taler
Wallet users. We believe that the Taler Wallet never transmits
personal information to our services without at least clear implied
consent, and we only process and retain information with a strict
business need. That being said, when using our Services, we inherently
have to collect the following information:
* Bank account details necessary when receiving funds from you to
top-up your wallet or to transfer funds to you when you are being
paid via Taler. At the current experimental stage, only the
pseudonym and password you entered in the bank demonstrator is
stored.
* The amounts being withdrawn or deposited, with associated unique
transaction identifiers and cryptographic signatures authorizing
the transaction. Note that for purchases, we cannot identify the
buyer from the collected data, so when you spend money, we only
receive non-personal information.
* When you contact us. We may collect certain information if you
choose to contact us, for example to report a bug or other error
with the Taler Wallet. This may include contact information such
as your name, email address or phone number depending on the
method you choose to contact us.
How we collect and process information
======================================
We may process your information for the following reasons:
* to transfer money as specified by our users (Taler transactions);
* to assist government entities in linking income to the underlying
contract as required by law and local regulations
* to support you using the Taler Wallet or to improve our Services
How we share and use the information we gather
==============================================
We may share your Personal Data or other information about you only if
you are a merchant receiving income, with your bank, to the degree
necessary to execute the payment.
We retain Personal Data to transfer funds to the accounts designated
by our users. We may retain Personal Data only for as long as mandated
by law and required for the wire transfers.
We primarily use the limited information we receive directly from you
to enhance the Taler Wallet. Some ways we may use your Personal
Information are to: Contact you when necessary to respond to your
comments, answer your questions, or obtain additional information on
issues related to bugs or errors with the Taler Wallet that you
reported.
Agents or third party partners
==============================
We may provide your Personal Information to our employees,
contractors, agents, service providers, and designees (“Agents”) to
enable them to perform certain services for us exclusively, including:
improvement and maintenance of our software and Services.
Protection of us and others
===========================
We reserve the right to access, read, preserve, and disclose any
information that we reasonably believe is necessary to comply with the
law or a court order.
What personal information can I access or change?
=================================================
You can request access to the information we have collected from you.
You can do this by contacting us at privacy@taler-systems.net. We will
make sure to provide you with a copy of the data we process about you.
To comply with your request, we may ask you to verify your identity.
We will fulfill your request by sending your copy electronically. For
any subsequent access request, we may charge you with an
administrative fee. If you believe that the information we have
collected is incorrect, you are welcome to contact us so we can update
it and keep your data accurate. Any data that is no longer needed for
purposes specified in the “How We Use the Information We Gather”
section will be deleted after ninety (90) days.
What are your data protection rights?
=====================================
Anastasis would like to make sure you are fully aware of all of your
data protection rights. Every user is entitled to the following:
**The right to access**: You have the right to request Anastasis for
copies of your personal data. We may charge you a small fee for
this service.
**The right to rectification**: You have the right to request that
Anastasis correct any information you believe is inaccurate. You also
have the right to request Anastasis to complete information you
believe is incomplete. The right to erasure - You have the right to
request that Anastasis erase your personal data, under certain
conditions.
**The right to restrict processing**: You have the right to request
that Anastasis restrict the processing of your personal data, under
certain conditions.
**The right to object to processing**: You have the right to object to
Anastasis's processing of your personal data, under certain
conditions.
**The right to data portability**: You have the right to request that
Anastasis transfer the data that we have collected to another
organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you
would like to exercise any of these rights, please contact us at our
email: privacy@taler-systems.com
You can always contact your local data protection authority to enforce
your rights.
Data retention
==============
If you uninstall the Taler Wallet mobile applications from your
device, or request that your information be deleted, we still may
retain some information that you have provided to us to maintain the
Taler Wallet or to comply with relevant laws.
Data security
=============
We are committed to making sure your information is protected. We
employ several physical and electronic safeguards to keep your
information safe, including encrypted user passwords, two factor
verification and authentication on passwords where possible, and
securing connections with industry standard transport layer security.
You are also welcome to contact us using GnuPG encrypted e-mail. Even
with all these precautions, we cannot fully guarantee against the
access, disclosure, alteration, or deletion of data through events,
including but not limited to hardware or software failure or
unauthorized use. Any information that you provide to us is done so
entirely at your own risk.
Changes and updates to privacy policy
=====================================
We reserve the right to update and revise this privacy policy at any
time. We occasionally review this Privacy Policy to make sure it
complies with applicable laws and conforms to changes in our business.
We may need to update this Privacy Policy, and we reserve the right to
do so at any time. If we do revise this Privacy Policy, we will update
the “Effective Date” at the bottom of this page so that you can tell
if it has changed since your last visit. As we generally do not
collect contact information and also do not track your visits, we will
not be able to notify you directly. However, the Taler Wallet may
inform you about a change in the privacy policy once it detects that
the policy has changed. Please review this Privacy Policy regularly to
ensure that you are aware of its terms. Any use of our Services after
an amendment to our Privacy Policy constitutes your acceptance to the
revised or amended agreement.
International users and visitors
================================
Our Services are hosted in Switzerland. If you are a user accessing
the Services from the European Union, Asia, US, or any other region
with laws or regulations governing personal data collection, use, and
disclosure that differ from Swiss laws, please be advised that through
your continued use of the Services, which is governed by Swiss law,
you are transferring your Personal Information to Switzerland and you
consent to that transfer.
Questions
=========
Please contact us at privacy@taler-systems.net if you have questions
about our privacy practices that are not addressed in this Privacy
Statement.

View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd"> <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 --> <!-- Generated by Docutils 0.16 -->
<document source="/research/taler/exchange/contrib/pp/pp.rst"> <document source="/research/taler/exchange/contrib/pp/pp-v0.rst">
<section ids="privacy-policy" names="privacy\ policy"> <section ids="privacy-policy" names="privacy\ policy">
<title>Privacy Policy</title> <title>Privacy Policy</title>
<paragraph>Last Updated: 11.12.2019</paragraph> <paragraph>Last Updated: 11.12.2019</paragraph>

View File

@ -38,8 +38,8 @@
"value": 5, "value": 5,
"fraction": 1000000 "fraction": 1000000
}, },
"missattribution_in_inconsistencies": [], "misattribution_in_inconsistencies": [],
"total_missattribution_in": { "total_misattribution_in": {
"currency": "KUDOS", "currency": "KUDOS",
"value": 0, "value": 0,
"fraction": 0 "fraction": 0
@ -233,4 +233,4 @@
"fraction": 1000000 "fraction": 1000000
}, },
"lag_details": [] "lag_details": []
} }

View File

@ -27,6 +27,5 @@
#ifndef TALER_SIGNATURES_H #ifndef TALER_SIGNATURES_H
#define TALER_SIGNATURES_H #define TALER_SIGNATURES_H
#include <gnunet/gnunet_util_lib.h>
#include "taler_amount_lib.h"
#include "taler_crypto_lib.h"

View File

@ -1,27 +1,187 @@
#!/bin/sh #!/bin/sh
# This file is in the public domain # This file is in the public domain
# Wrapper around 'taler-bank-manage' to first configure the required # Wrapper around libeufin to first configure the required
# testing accounts before launching the bank properly. # testing accounts before launching the bank properly.
# #
# Takes 3 arguments: # Takes 4 arguments:
# $1: the configuration file name # $1: the Nexus port (Sandbox port prepends 1 to it)
# $2: the database name # $2: the database name
# $3: serve-http or serve-uwsgi # $3: exchange base URL (used to specify the default exchange)
# $4: config file (needs patch to specify exchange's PAYTO_URI)
set -eu set -eu
if [ "$#" -ne 3 ]; if [ "$1" = "--help" ];
then then
echo "illegal number of parameters" echo "This is a tool to launch a libeufin based bank for testing."
echo "Call using: Nexus port number, SQLite file path, exchange base URL, config file path."
exit 0
fi
if [ "$#" -ne 4 ];
then
echo "illegal number of parameters. \
Give: Nexus port number, SQLite file path, exchange base URL, config file path."
exit 1 exit 1
fi fi
# Ensure starting accounts exist # Must not terminate jobs here, as they are needed
taler-bank-manage -c $1 --with-db $2 django provide_accounts # by the script _importing_ this one. Those script
taler-bank-manage -c $1 --with-db $2 django add_bank_account 42 # will then manage the termination.
taler-bank-manage -c $1 --with-db $2 django add_bank_account 43 # trap cleanup EXIT
taler-bank-manage -c $1 --with-db $2 django changepassword_unsafe Exchange x export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:$2"
# Create the default demobank.
libeufin-sandbox config --currency TESTKUDOS default
export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
libeufin-sandbox serve --port "1$1" \
> libeufin-sandbox-stdout.log \
2> libeufin-sandbox-stderr.log &
echo $! > libeufin-sandbox.pid
export LIBEUFIN_SANDBOX_URL="http://localhost:1$1/"
set +e
echo -n "Waiting for Sandbox.."
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
$LIBEUFIN_SANDBOX_URL; then
break
fi
done
echo OK
# Now run Django for good register_sandbox_account() {
exec taler-bank-manage -c $1 --with-db $2 $3 export LIBEUFIN_SANDBOX_USERNAME=$1
export LIBEUFIN_SANDBOX_PASSWORD=$2
libeufin-cli sandbox \
demobank \
register --name "$3"
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
}
set -e
echo -n "Register the 'fortytwo' Sandbox user.."
register_sandbox_account fortytwo x "Forty Two"
echo OK
echo -n "Register the 'fortythree' Sandbox user.."
register_sandbox_account fortythree x "Forty Three"
echo OK
echo -n "Register 'exchange' Sandbox user.."
register_sandbox_account exchange x "Exchange Company"
echo OK
echo -n "Register 'tor' Sandbox user.."
register_sandbox_account tor x "Tor Project"
echo OK
echo -n "Register 'gnunet' Sandbox user.."
register_sandbox_account gnunet x "GNUnet"
echo OK
echo -n "Register 'tutorial' Sandbox user.."
register_sandbox_account tutorial x "Tutorial"
echo OK
echo -n "Register 'survey' Sandbox user.."
register_sandbox_account survey x "Survey"
echo OK
echo -n "Specify exchange's PAYTO_URI in the config ..."
export LIBEUFIN_SANDBOX_USERNAME=exchange
export LIBEUFIN_SANDBOX_PASSWORD=x
PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
taler-config -c $4 -s exchange-account-1 -o PAYTO_URI -V $PAYTO
echo " OK"
echo -n "Setting this exchange as the bank's default ..."
EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
libeufin-sandbox default-exchange "$3" "$EXCHANGE_PAYTO"
echo " OK"
# Prepare EBICS: create Ebics host and Exchange subscriber.
# Shortly becoming admin to setup Ebics.
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
echo -n "Create EBICS host at Sandbox.."
libeufin-cli sandbox \
--sandbox-url http://localhost:1$1 \
ebicshost create --host-id talerebics
echo OK
echo -n "Create exchange EBICS subscriber at Sandbox.."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id talerebics \
--user-id exchangeebics --partner-id talerpartner \
--bank-account exchange # that's a username _and_ a bank account name
echo OK
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
# Prepare Nexus, which is the side actually talking
# to the exchange.
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:$2"
# For convenience, username and password are
# identical to those used at the Sandbox.
echo -n Create exchange Nexus user..
libeufin-nexus superuser exchange --password x
echo OK
libeufin-nexus serve --port $1 \
2> libeufin-nexus-stderr.log \
> libeufin-nexus-stdout.log &
echo $! > libeufin-nexus.pid
export LIBEUFIN_NEXUS_URL=http://localhost:$1
echo -n Waiting for Nexus..
set +e
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
$LIBEUFIN_NEXUS_URL; then
break
fi
done
set -e
echo OK
export LIBEUFIN_NEXUS_USERNAME=exchange
export LIBEUFIN_NEXUS_PASSWORD=x
echo -n Creating a EBICS connection at Nexus..
libeufin-cli connections new-ebics-connection \
--ebics-url "http://localhost:1$1/ebicsweb" \
--host-id talerebics \
--partner-id talerpartner \
--ebics-user-id exchangeebics \
talerconn
echo OK
echo -n Setup EBICS keying..
libeufin-cli connections connect talerconn > /dev/null
echo OK
echo -n Download bank account name from Sandbox..
libeufin-cli connections download-bank-accounts talerconn
echo OK
echo -n Importing bank account info into Nexus..
libeufin-cli connections import-bank-account \
--offered-account-id exchange \
--nexus-bank-account-id exchange-nexus \
talerconn
echo OK
echo -n Setup payments submission task..
# Tries every second.
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name exchange-payments \
--task-cronspec "* * *" \
exchange-nexus
echo OK
# Tries every second. Ask C52
echo -n Setup history fetch task..
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name exchange-history \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
exchange-nexus
echo OK
# TBD: create Taler facade.
echo -n Create the Taler facade at Nexus..
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency TESTKUDOS --facade-name test-facade \
talerconn exchange-nexus
echo OK
# Facade schema: http://localhost:$1/facades/test-facade/taler-wire-gateway/

View File

@ -1,128 +1,115 @@
#!/usr/bin/env python3 #!/bin/bash
# This file is in the public domain.
from requests import get, post set -eu
from subprocess import call
import base64
# EBICS details # EBICS details
EBICS_URL = "http://localhost:5000/ebicsweb" EBICS_URL="http://localhost:5000/ebicsweb"
HOST_ID = "HOST01" HOST_ID="HOST01"
PARTNER_ID = "PARTNER1" PARTNER_ID="PARTNER1"
USER_ID = "USER1" USER_ID="USER1"
EBICS_VERSION = "H004"
SUBSCRIBER_IBAN = "ES9121000418450200051332" # This is used _both_ at Sandbox and at Nexus.
SUBSCRIBER_BIC = "BIC" # Basically, Nexus imports the offered bank account
SUBSCRIBER_NAME = "Exchange" # using the same name used by the Sandbox.
BANK_ACCOUNT_LABEL="my-bank-account"
BANK_ACCOUNT_LABEL = "my-bank-account" BANK_CONNECTION_LABEL="my-bank-connection"
BANK_CONNECTION_LABEL = "my-bank-connection"
FACADE_LABEL="my-facade" FACADE_LABEL="my-facade"
USERNAME="Exchange" export LIBEUFIN_SANDBOX_USERNAME=exchange
USER_AUTHORIZATION_HEADER = "basic {}".format( export LIBEUFIN_SANDBOX_PASSWORD=x
base64.b64encode(b"Exchange:x").decode("utf-8") export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
) libeufin-cli sandbox demobank register --name "Exchange Company"
def assertResponse(response): export LIBEUFIN_SANDBOX_USERNAME=fortytwo
if response.status_code != 200: export LIBEUFIN_SANDBOX_PASSWORD=x
print("Test failed on URL: {}".format(response.url)) export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
# stdout/stderr from both services is A LOT of text. libeufin-cli sandbox demobank register \
# Confusing to dump all that to console. --name User42 --iban FR7630006000011234567890189
print("Check nexus.log and sandbox.log, probably under /tmp")
exit(1)
# Allows for finer grained checks.
return response
# Create a nexus (super-) user export LIBEUFIN_SANDBOX_USERNAME=fortythree
check_call(["libeufin-nexus", export LIBEUFIN_SANDBOX_PASSWORD=x
"superuser", export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
"--db-name", "/tmp/nexus-exchange-test.sqlite3", libeufin-cli sandbox demobank register \
"Exchange", --name User43 --iban GB33BUKB20201555555555
"--password", "x"]
)
# Create a EBICS bank connection. export LIBEUFIN_SANDBOX_USERNAME=admin
assertResponse( export LIBEUFIN_SANDBOX_PASSWORD=secret
post( export LIBEUFIN_SANDBOX_URL=http://localhost:5000/
"http://localhost:5001/bank-connections", echo -n "Create EBICS host at Sandbox..."
json=dict( libeufin-cli sandbox \
name=BANK_CONNECTION_LABEL, --sandbox-url "http://localhost:5000" \
source="new", ebicshost create --host-id $HOST_ID
type="ebics", echo " OK"
data=dict(
ebicsURL=EBICS_URL, hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID
),
),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)
# Create a facade echo -n "Create exchange EBICS subscriber at Sandbox..."
assertResponse( libeufin-cli sandbox \
post( demobank new-ebicssubscriber --host-id $HOST_ID \
"http://localhost:5001/facades", --user-id $USER_ID --partner-id $PARTNER_ID \
json=dict( --bank-account exchange # that's a username _and_ a bank account name
name=FACADE_LABEL, echo " OK"
type="taler-wire-gateway", unset LIBEUFIN_SANDBOX_USERNAME
creator=USERNAME, unset LIBEUFIN_SANDBOX_PASSWORD
config=dict( unset LIBEUFIN_SANDBOX_URL
bankAccount=BANK_ACCOUNT_LABEL,
bankConnection=BANK_CONNECTION_LABEL,
reserveTransferLevel="UNUSED",
intervalIncremental="UNUSED"
)
),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)
# Create the EBICS host at the Sandbox. export LIBEUFIN_NEXUS_USERNAME=exchange
assertResponse( export LIBEUFIN_NEXUS_PASSWORD=x
post( export LIBEUFIN_NEXUS_URL=http://localhost:5001/
"http://localhost:5000/admin/ebics/host",
json=dict(hostID=HOST_ID, ebicsVersion=EBICS_VERSION),
)
)
# Create Exchange EBICS subscriber at the Sandbox. echo -n "Create the exchange (super)user at Nexus..."
assertResponse( libeufin-nexus superuser exchange --password x
post( echo " DONE"
"http://localhost:5000/admin/ebics/subscribers",
json=dict(hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID),
)
)
# Create a bank account associated to the Exchange's EBICS subscriber, echo -n "Creating a EBICS connection at Nexus..."
# again at the Sandbox. libeufin-cli connections new-ebics-connection \
assertResponse( --ebics-url $EBICS_URL \
post( --host-id $HOST_ID \
"http://localhost:5000/admin/ebics/bank-accounts", --partner-id $PARTNER_ID \
json=dict( --ebics-user-id $USER_ID \
subscriber=dict(hostID=HOST_ID, partnerID=PARTNER_ID, userID=USER_ID), $BANK_CONNECTION_LABEL
iban=SUBSCRIBER_IBAN, echo " OK"
bic=SUBSCRIBER_BIC,
name=SUBSCRIBER_NAME,
label=BANK_ACCOUNT_LABEL,
),
)
)
# 'connect' to the bank: upload+download keys. echo -n "Setup EBICS keying..."
assertResponse( libeufin-cli connections connect $BANK_CONNECTION_LABEL > /dev/null
post( echo " OK"
"http://localhost:5001/bank-connections/{}/connect".format(BANK_CONNECTION_LABEL),
json=dict(),
headers=dict(Authorization=USER_AUTHORIZATION_HEADER),
)
)
# Download bank accounts. echo -n "Download bank account name from Sandbox..."
assertResponse( libeufin-cli connections download-bank-accounts $BANK_CONNECTION_LABEL
post( echo " OK"
"http://localhost:5001/bank-connections/{}/ebics/import-accounts".format(BANK_CONNECTION_LABEL),
json=dict(), echo -n "Importing bank account info into Nexus..."
headers=dict(Authorization=USER_AUTHORIZATION_HEADER), libeufin-cli connections import-bank-account \
) --offered-account-id exchange \
) --nexus-bank-account-id $BANK_ACCOUNT_LABEL \
$BANK_CONNECTION_LABEL
echo " OK"
echo -n "Create the Taler facade at Nexus..."
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency KUDOS --facade-name $FACADE_LABEL \
$BANK_CONNECTION_LABEL $BANK_ACCOUNT_LABEL
echo " DONE"
echo -n Setup payments submission task..
# Tries every second.
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name exchange-payments \
--task-cronspec "* * *" \
$BANK_ACCOUNT_LABEL
echo OK
# Tries every second. Ask C52
echo -n Setup history fetch task..
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name exchange-history \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
$BANK_ACCOUNT_LABEL
echo OK
# unset, in case the script gets 'source'd.
unset LIBEUFIN_NEXUS_USERNAME
unset LIBEUFIN_NEXUS_PASSWORD
unset LIBEUFIN_NEXUS_URL

View File

@ -17,6 +17,7 @@
@author Benedikt Muller @author Benedikt Muller
@author Sree Harsha Totakura @author Sree Harsha Totakura
@author Marcello Stanisci @author Marcello Stanisci
@author Christian Grothoff
""" """
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# #
@ -68,20 +69,20 @@ source_suffix = {
#source_encoding = 'utf-8-sig' #source_encoding = 'utf-8-sig'
# The master toctree document. # The master toctree document.
master_doc = 'tos' master_doc = '%VERSION%'
# General information about the project. # General information about the project.
project = u'tos' project = u'%VERSION%'
copyright = u'2014-2020 Taler Systems SA (GPLv3+ or GFDL 1.3+)' copyright = u'2014-2022 Taler Systems SA (GPLv3+ or GFDL 1.3+)'
# The version info for the project you're documenting, acts as replacement for # The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the # |version| and |release|, also used in various other places throughout the
# built documents. # built documents.
# #
# The short X.Y version. # The short X.Y version.
version = '0' version = '%VERSION%'
# The full version, including alpha/beta/rc tags. # The full version, including alpha/beta/rc tags.
release = '0' release = '%VERSION%'
# The language for content autogenerated by Sphinx. Refer to documentation # The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages. # for a list of supported languages.
@ -149,7 +150,7 @@ html_theme_options = {
# The name for this set of Sphinx documents. If None, it defaults to # The name for this set of Sphinx documents. If None, it defaults to
# "<project> v<release> documentation". # "<project> v<release> documentation".
html_title = "Taler Terms of Service" html_title = "Taler Exchange Terms of Service"
# A shorter title for the navigation bar. Default is the same as html_title. # A shorter title for the navigation bar. Default is the same as html_title.
html_short_title = "Terms of Service" html_short_title = "Terms of Service"
@ -192,7 +193,7 @@ html_short_title = "Terms of Service"
#html_domain_indices = True #html_domain_indices = True
# If false, no index is generated. # If false, no index is generated.
#html_use_index = True html_use_index = True
# If true, the index is split into individual pages for each letter. # If true, the index is split into individual pages for each letter.
#html_split_index = False #html_split_index = False
@ -231,7 +232,7 @@ latex_elements = {
# (source start file, target name, title, # (source start file, target name, title,
# author, documentclass [howto, manual, or own class]). # author, documentclass [howto, manual, or own class]).
latex_documents = [ latex_documents = [
('tos', 'tos.tex', ('%VERSION%', '%VERSION%.tex',
'Terms of Service', 'GNU Taler team', 'manual'), 'Terms of Service', 'GNU Taler team', 'manual'),
] ]
@ -277,6 +278,6 @@ latex_documents = [
# -- Options for epub output ---------------------------- # -- Options for epub output ----------------------------
epub_basename = "tos" epub_basename = "%VERSION%"
epub_title = "Terms of Service" epub_title = "Terms of Service"

View File

@ -1,316 +0,0 @@
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Terms Of Service &#8212; Taler Terms of Service</title>
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="_static/epub.css" type="text/css" />
<script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
<script src="_static/jquery.js"></script>
<script src="_static/underscore.js"></script>
<script src="_static/doctools.js"></script>
</head><body>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="terms-of-service">
<h1>Terms Of Service<a class="headerlink" href="#terms-of-service" title="Permalink to this headline"></a></h1>
<p>Last Updated: 09.06.2022</p>
<p>Welcome! The ICE research center of the Bern University of Applied Sciences
in Switzerland (“we,” “our,” or “us”) provides an experimental payment service
through our Internet presence (collectively the “Services”). Before using our
Services, please read the Terms of Service (the “Terms” or the “Agreement”)
carefully.</p>
<div class="section" id="this-is-research">
<h2>This is research<a class="headerlink" href="#this-is-research" title="Permalink to this headline"></a></h2>
<p>This is a research experiment. Any funds wired to our Bitcoin address are
considered a donation to our research group. We may use them to enable
payments following the GNU Taler protocol, or simply keep them at our
discretion. The service is experimental and may also be discontinued at
any time, in which case all remaining funds will definitively be kept by
the research group.</p>
</div>
<div class="section" id="overview">
<h2>Overview<a class="headerlink" href="#overview" title="Permalink to this headline"></a></h2>
<p>This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are accepting
all of the terms and conditions and not just this section. We and possibly
other third parties provide Internet services which interact with the Taler
Wallets self-hosted personal payment application. When using the Taler Wallet
to interact with our Services, you are agreeing to our Terms, so please read
carefully.</p>
<div class="section" id="highlights">
<h3>Highlights:<a class="headerlink" href="#highlights" title="Permalink to this headline"></a></h3>
<blockquote>
<div><ul class="simple">
<li><p>You are responsible for keeping the data in your Taler Wallet at all times
under your control. Any losses arising from you not being in control of
your private information are your problem.</p></li>
<li><p>We may transfer funds we receive from our users to any legal
recipient to the best of our ability within the limitations of the law and
our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted.
Again, we stress this is a research experiment and technically all funds
held by the exchange are owned by the research group of the university.</p></li>
<li><p>For our Services, we may charge transaction fees. The specific fee structure
is provided based on the Taler protocol and should be shown to you when you
withdraw electronic coins using a Taler Wallet. You agree and understand
that the Taler protocol allows for the fee structure to change.</p></li>
<li><p>You agree to not intentionally overwhelm our systems with requests and
follow responsible disclosure if you find security issues in our services.</p></li>
<li><p>We cannot be held accountable for our Services not being available due to
any circumstances. If we modify or terminate our services,
we may give you the opportunity to recover your funds. However,
given the experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the Service
to small-scale experiments expecting total loss of all funds.</p></li>
</ul>
</div></blockquote>
<p>These terms outline approved uses of our Services. The Services and these
Terms are still at an experimental stage. If you have any questions or
comments related to this Agreement, please send us a message to
<a class="reference external" href="mailto:ice&#37;&#52;&#48;bfh&#46;ch">ice<span>&#64;</span>bfh<span>&#46;</span>ch</a>. If you do not agree to this Agreement, you must not
use our Services.</p>
</div>
</div>
<div class="section" id="how-you-accept-this-policy">
<h2>How you accept this policy<a class="headerlink" href="#how-you-accept-this-policy" title="Permalink to this headline"></a></h2>
<p>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
have read, understood, and agreed to these Terms. We reserve the right to
change these Terms at any time. If you disagree with the change, we may in the
future offer you with an easy option to recover your unspent funds. However,
in the current experimental period you acknowledge that this feature is not
yet available, resulting in your funds being lost unless you accept the new
Terms. If you continue to use our Services other than to recover your unspent
funds, your continued use of our Services following any such change will
signify your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes since you
have last reviewed these Terms.</p>
</div>
<div class="section" id="services">
<h2>Services<a class="headerlink" href="#services" title="Permalink to this headline"></a></h2>
<p>We will try to transfer funds that we receive from users to any legal
recipient to the best of our ability and within the limitations of the
law. However, the Services offered today are highly experimental and the set
of recipients of funds is severely restricted. The Taler Wallet can be loaded
by exchanging fiat or cryptocurrencies against electronic coins. We are
providing this exchange service. Once your Taler Wallet is loaded with
electronic coins they can be spent for purchases if the seller is accepting
Taler as a means of payment. We are not guaranteeing that any seller is
accepting Taler at all or a particular seller. The seller or recipient of
deposits of electronic coins must specify the target account, as per the
design of the Taler protocol. They are responsible for following the protocol
and specifying the correct bank account, and are solely liable for any losses
that may arise from specifying the wrong account. We may allow the government
to link wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may lead to
situations where we are unable to make transfers at all or lead to incorrect
transfers that cannot be reversed. We may refuse to execute transfers if the
transfers are prohibited by a competent legal authority and we are ordered to
do so.</p>
<p>When using our Services, you agree to not take any action that intentionally
imposes an unreasonable load on our infrastructure. If you find security
problems in our Services, you agree to first report them to
<a class="reference external" href="mailto:security&#37;&#52;&#48;taler-systems&#46;com">security<span>&#64;</span>taler-systems<span>&#46;</span>com</a> and grant us the right to publish your report. We
warrant that we will ourselves publicly disclose any issues reported within 3
months, and that we will not prosecute anyone reporting security issues if
they did not exploit the issue beyond a proof-of-concept, and followed the
above responsible disclosure practice.</p>
</div>
<div class="section" id="fees">
<h2>Fees<a class="headerlink" href="#fees" title="Permalink to this headline"></a></h2>
<p>You agree to pay the fees for exchanges and withdrawals completed via the
Taler Wallet (“Fees”) as defined by us, which we may change from time to
time. With the exception of wire transfer fees, Taler transaction fees are set
for any electronic coin at the time of withdrawal and fixed throughout the
validity period of the respective electronic coin. Your wallet should obtain
and display applicable fees when withdrawing funds. Fees for coins obtained as
change may differ from the fees applicable to the original coin. Wire transfer
fees that are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection with
deposits, exchanges and withdrawals following the rules of the Taler protocol.
We reserve the right to provide different types of rewards to users either in
the form of discount for our Services or in any other form at our discretion
and without prior notice to you.</p>
</div>
<div class="section" id="eligibility-and-financial-self-responsibility">
<h2>Eligibility and Financial self-responsibility<a class="headerlink" href="#eligibility-and-financial-self-responsibility" title="Permalink to this headline"></a></h2>
<p>To be eligible to use our Services, you must be able to form legally binding
contracts or have the permission of your legal guardian. By using our
Services, you represent and warrant that you meet all eligibility requirements
that we outline in these Terms.</p>
<p>You will be responsible for maintaining the availability, integrity and
confidentiality of the data stored in your wallet. When you setup a Taler
Wallet, you are strongly advised to follow the precautionary measures offered
by the software to minimize the chances to losse access to or control over
your Wallet data. We will not be liable for any loss or damage arising from
your failure to comply with this paragraph.</p>
</div>
<div class="section" id="copyrights-and-trademarks">
<h2>Copyrights and trademarks<a class="headerlink" href="#copyrights-and-trademarks" title="Permalink to this headline"></a></h2>
<p>The Taler Wallet is released under the terms of the GNU General Public License
(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
modified or unmodified form. However, the GPL is a strong copyleft license,
which means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you should
review the GNU GPLs full terms and conditions at
<a class="reference external" href="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</a>. “Taler” itself is a trademark
of Taler Systems SA. You are welcome to use the name in relation to processing
payments using the Taler protocol, assuming your use is compatible with an
official release from the GNU Project that is not older than two years.</p>
</div>
<div class="section" id="limitation-of-liability-disclaimer-of-warranties">
<h2>Limitation of liability &amp; disclaimer of warranties<a class="headerlink" href="#limitation-of-liability-disclaimer-of-warranties" title="Permalink to this headline"></a></h2>
<p>You understand and agree that we have no control over, and no duty to take any
action regarding: Failures, disruptions, errors, or delays in processing that
you may experience while using our Services; The risk of failure of hardware,
software, and Internet connections; The risk of malicious software being
introduced or found in the software underlying the Taler Wallet; The risk that
third parties may obtain unauthorized access to information stored within your
Taler Wallet, including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any losses,
damages, or claims arising from:</p>
<ol class="loweralpha simple">
<li><p>user error such as forgotten passwords, incorrectly constructed
transactions;</p></li>
<li><p>server failure or data loss;</p></li>
<li><p>unauthorized access to the Taler Wallet application;</p></li>
<li><p>bugs or other errors in the Taler Wallet software; and</p></li>
<li><p>any unauthorized third party activities, including, but not limited to,
the use of viruses, phishing, brute forcing, or other means of attack
against the Taler Wallet. We make no representations concerning any
Third Party Content contained in or accessed through our Services.</p></li>
</ol>
<p>Any other terms, conditions, warranties, or representations associated with
such content, are solely between you and such organizations and/or
individuals.</p>
<p>To the fullest extent permitted by applicable law, in no event will we or any
of our officers, directors, representatives, agents, servants, counsel,
employees, consultants, lawyers, and other personnel authorized to act,
acting, or purporting to act on our behalf (collectively the “Taler Parties”)
be liable to you under contract, tort, strict liability, negligence, or any
other legal or equitable theory, for:</p>
<ol class="loweralpha simple">
<li><p>any lost profits, data loss, cost of procurement of substitute goods or
services, or direct, indirect, incidental, special, punitive, compensatory,
or consequential damages of any kind whatsoever resulting from:</p></li>
</ol>
<blockquote>
<div><ol class="lowerroman simple">
<li><p>your use of, or conduct in connection with, our services;</p></li>
<li><p>any unauthorized use of your wallet and/or private key due to your
failure to maintain the confidentiality of your wallet;</p></li>
<li><p>any interruption or cessation of transmission to or from the services; or</p></li>
<li><p>any bugs, viruses, trojan horses, or the like that are found in the Taler
Wallet software or that may be transmitted to or through our services by
any third party (regardless of the source of origination), or</p></li>
</ol>
</div></blockquote>
<ol class="loweralpha simple" start="2">
<li><p>any direct damages.</p></li>
</ol>
<p>These limitations apply regardless of legal theory, whether based on tort,
strict liability, breach of contract, breach of warranty, or any other legal
theory, and whether or not we were advised of the possibility of such
damages. Some jurisdictions do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the above limitation may
not apply to you.</p>
<p>Our services are provided “as is” and without warranty of any kind. To the
maximum extent permitted by law, we disclaim all representations and
warranties, express or implied, relating to the services and underlying
software or any content on the services, whether provided or owned by us or by
any third party, including without limitation, warranties of merchantability,
fitness for a particular purpose, title, non-infringement, freedom from
computer virus, and any implied warranties arising from course of dealing,
course of performance, or usage in trade, all of which are expressly
disclaimed. In addition, we do not represent or warrant that the content
accessible via the services is accurate, complete, available, current, free of
viruses or other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer of
implied warranties, so the foregoing disclaimers may not apply to you. This
paragraph gives you specific legal rights and you may also have other legal
rights that vary from state to state.</p>
</div>
<div class="section" id="indemnity-and-time-limitation-on-claims-and-termination">
<h2>Indemnity and Time limitation on claims and Termination<a class="headerlink" href="#indemnity-and-time-limitation-on-claims-and-termination" title="Permalink to this headline"></a></h2>
<p>To the extent permitted by applicable law, you agree to defend, indemnify, and
hold harmless the Taler Parties from and against any and all claims, damages,
obligations, losses, liabilities, costs or debt, and expenses (including, but
not limited to, attorneys fees) arising from: (a) your use of and access to
the Services; (b) any feedback or submissions you provide to us concerning the
Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third party.</p>
<p>You agree that any claim you may have arising out of or related to your
relationship with us must be filed within one year after such claim arises,
otherwise, your claim in permanently barred.</p>
<p>In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.</p>
</div>
<div class="section" id="discontinuance-of-services-and-force-majeure">
<h2>Discontinuance of services and Force majeure<a class="headerlink" href="#discontinuance-of-services-and-force-majeure" title="Permalink to this headline"></a></h2>
<p>We may, in our sole discretion and without cost to you, with or without prior
notice, and at any time, modify or discontinue, temporarily or permanently,
any portion of our Services. We will use the Taler protocols provisions to
notify Wallets if our Services are to be discontinued. It is your
responsibility to ensure that the Taler Wallet is online at least once every
three months to observe these notifications. We shall not be held responsible
or liable for any loss of funds in the event that we discontinue or depreciate
the Services and your Taler Wallet fails to transfer out the coins within a
three months notification period.</p>
<p>We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.</p>
</div>
<div class="section" id="governing-law-waivers-severability-and-assignment">
<h2>Governing law, Waivers, Severability and Assignment<a class="headerlink" href="#governing-law-waivers-severability-and-assignment" title="Permalink to this headline"></a></h2>
<p>No matter where youre located, the laws of Switzerland will govern these
Terms. If any provisions of these Terms are inconsistent with any applicable
law, those provisions will be superseded or modified only to the extent such
provisions are inconsistent. The parties agree to submit to the ordinary
courts in Bern, Switzerland for exclusive jurisdiction of any dispute
arising out of or related to your use of the Services or your breach of these
Terms.</p>
<p>Our failure to exercise or delay in exercising any right, power, or privilege
under this Agreement shall not operate as a waiver; nor shall any single or
partial exercise of any right, power, or privilege preclude any other or
further exercise thereof.</p>
<p>You agree that we may assign any of our rights and/or transfer, sub-contract,
or delegate any of our obligations under these Terms.</p>
<p>If it turns out that any part of this Agreement is invalid, void, or for any
reason unenforceable, that term will be deemed severable and limited or
eliminated to the minimum extent necessary.</p>
<p>This Agreement sets forth the entire understanding and agreement as to the
subject matter hereof and supersedes any and all prior discussions,
agreements, and understandings of any kind (including, without limitation, any
prior versions of this Agreement) and every nature between us. Except as
provided for above, any modification to this Agreement must be in writing and
must be signed by both parties.</p>
</div>
<div class="section" id="questions-or-comments">
<h2>Questions or comments<a class="headerlink" href="#questions-or-comments" title="Permalink to this headline"></a></h2>
<p>We welcome comments, questions, concerns, or suggestions. Please send us a
message on our contact page at <a class="reference external" href="mailto:legal&#37;&#52;&#48;taler-systems&#46;com">legal<span>&#64;</span>taler-systems<span>&#46;</span>com</a>.</p>
</div>
</div>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="clearer"></div>
</div>
</body>
</html>

310
contrib/tos/en/bfh-v0.html Normal file

File diff suppressed because one or more lines are too long

View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd"> <!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 --> <!-- Generated by Docutils 0.16 -->
<document source="/home/grothoff/research/taler/exchange/contrib/tos/tos.rst"> <document source="/research/taler/exchange/contrib/tos/bfh-v0.rst">
<section ids="terms-of-service" names="terms\ of\ service"> <section ids="terms-of-service" names="terms\ of\ service">
<title>Terms Of Service</title> <title>Terms Of Service</title>
<paragraph>Last Updated: 09.06.2022</paragraph> <paragraph>Last Updated: 09.06.2022</paragraph>

BIN
contrib/tos/en/tos-v0.epub Normal file

Binary file not shown.

298
contrib/tos/en/tos-v0.html Normal file

File diff suppressed because one or more lines are too long

337
contrib/tos/en/tos-v0.md Normal file
View File

@ -0,0 +1,337 @@
Terms Of Service
****************
Last Updated: 12.4.2019
Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
service through our Internet presence (collectively the “Services”).
Before using our Services, please read the Terms of Service (the
“Terms” or the “Agreement”) carefully.
Overview
========
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are
accepting all of the terms and conditions and not just this section.
We and possibly other third parties provide Internet services which
interact with the Taler Wallets self-hosted personal payment
application. When using the Taler Wallet to interact with our
Services, you are agreeing to our Terms, so please read carefully.
Highlights:
-----------
* You are responsible for keeping the data in your Taler Wallet at
all times under your control. Any losses arising from you not
being in control of your private information are your problem.
* We will try to transfer funds we hold in escrow for our users to
any legal recipient to the best of our ability within the
limitations of the law and our implementation. However, the
Services offered today are highly experimental and the set of
recipients of funds is severely restricted.
* For our Services, we may charge transaction fees. The specific
fee structure is provided based on the Taler protocol and should
be shown to you when you withdraw electronic coins using a Taler
Wallet. You agree and understand that the Taler protocol allows
for the fee structure to change.
* You agree to not intentionally overwhelm our systems with
requests and follow responsible disclosure if you find security
issues in our services.
* We cannot be held accountable for our Services not being
available due to circumstances beyond our control. If we modify
or terminate our services, we will try to give you the
opportunity to recover your funds. However, given the
experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the
Service to small-scale experiments expecting total loss of all
funds.
These terms outline approved uses of our Services. The Services and
these Terms are still at an experimental stage. If you have any
questions or comments related to this Agreement, please send us a
message to legal@taler-systems.com. If you do not agree to this
Agreement, you must not use our Services.
How you accept this policy
==========================
By sending funds to us (to top-up your Taler Wallet), you acknowledge
that you have read, understood, and agreed to these Terms. We reserve
the right to change these Terms at any time. If you disagree with the
change, we may in the future offer you with an easy option to recover
your unspent funds. However, in the current experimental period you
acknowledge that this feature is not yet available, resulting in your
funds being lost unless you accept the new Terms. If you continue to
use our Services other than to recover your unspent funds, your
continued use of our Services following any such change will signify
your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes
since you have last reviewed these Terms.
Services
========
We will try to transfer funds that we hold in escrow for our users to
any legal recipient to the best of our ability and within the
limitations of the law and our implementation. However, the Services
offered today are highly experimental and the set of recipients of
funds is severely restricted. The Taler Wallet can be loaded by
exchanging fiat currencies against electronic coins. We are providing
this exchange service. Once your Taler Wallet is loaded with
electronic coins they can be spent for purchases if the seller is
accepting Taler as a means of payment. We are not guaranteeing that
any seller is accepting Taler at all or a particular seller. The
seller or recipient of deposits of electronic coins must specify the
target account, as per the design of the Taler protocol. They are
responsible for following the protocol and specifying the correct bank
account, and are solely liable for any losses that may arise from
specifying the wrong account. We will allow the government to link
wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may
lead to situations where we are unable to make transfers at all or
lead to incorrect transfers that cannot be reversed. We will only
refuse to execute transfers if the transfers are prohibited by a
competent legal authority and we are ordered to do so.
When using our Services, you agree to not take any action that
intentionally imposes an unreasonable load on our infrastructure. If
you find security problems in our Services, you agree to first report
them to security@taler-systems.com and grant us the right to publish
your report. We warrant that we will ourselves publicly disclose any
issues reported within 3 months, and that we will not prosecute anyone
reporting security issues if they did not exploit the issue beyond a
proof-of-concept, and followed the above responsible disclosure
practice.
Fees
====
You agree to pay the fees for exchanges and withdrawals completed via
the Taler Wallet ("Fees") as defined by us, which we may change from
time to time. With the exception of wire transfer fees, Taler
transaction fees are set for any electronic coin at the time of
withdrawal and fixed throughout the validity period of the respective
electronic coin. Your wallet should obtain and display applicable fees
when withdrawing funds. Fees for coins obtained as change may differ
from the fees applicable to the original coin. Wire transfer fees that
are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection
with deposits, exchanges and withdrawals following the rules of the
Taler protocol. We reserve the right to provide different types of
rewards to users either in the form of discount for our Services or in
any other form at our discretion and without prior notice to you.
Eligibility and Financial self-responsibility
=============================================
To be eligible to use our Services, you must be able to form legally
binding contracts or have the permission of your legal guardian. By
using our Services, you represent and warrant that you meet all
eligibility requirements that we outline in these Terms.
You will be responsible for maintaining the availability, integrity
and confidentiality of the data stored in your wallet. When you setup
a Taler Wallet, you are strongly advised to follow the precautionary
measures offered by the software to minimize the chances to losse
access to or control over your Wallet data. We will not be liable for
any loss or damage arising from your failure to comply with this
paragraph.
Copyrights and trademarks
=========================
The Taler Wallet is released under the terms of the GNU General Public
License (GNU GPL). You have the right to access, use, and share the
Taler Wallet, in modified or unmodified form. However, the GPL is a
strong copyleft license, which means that any derivative works must be
distributed under the same license terms as the original software. If
you have any questions, you should review the GNU GPLs full terms and
conditions at https://www.gnu.org/licenses/gpl-3.0.en.html. “Taler”
itself is a trademark of Taler Systems SA. You are welcome to use the
name in relation to processing payments using the Taler protocol,
assuming your use is compatible with an official release from the GNU
Project that is not older than two years.
Limitation of liability & disclaimer of warranties
==================================================
You understand and agree that we have no control over, and no duty to
take any action regarding: Failures, disruptions, errors, or delays in
processing that you may experience while using our Services; The risk
of failure of hardware, software, and Internet connections; The risk
of malicious software being introduced or found in the software
underlying the Taler Wallet; The risk that third parties may obtain
unauthorized access to information stored within your Taler Wallet,
including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any
losses, damages, or claims arising from:
1. user error such as forgotten passwords, incorrectly constructed
transactions;
2. server failure or data loss;
3. unauthorized access to the Taler Wallet application;
4. bugs or other errors in the Taler Wallet software; and
5. any unauthorized third party activities, including, but not limited
to, the use of viruses, phishing, brute forcing, or other means of
attack against the Taler Wallet. We make no representations
concerning any Third Party Content contained in or accessed through
our Services.
Any other terms, conditions, warranties, or representations associated
with such content, are solely between you and such organizations
and/or individuals.
To the fullest extent permitted by applicable law, in no event will we
or any of our officers, directors, representatives, agents, servants,
counsel, employees, consultants, lawyers, and other personnel
authorized to act, acting, or purporting to act on our behalf
(collectively the “Taler Parties”) be liable to you under contract,
tort, strict liability, negligence, or any other legal or equitable
theory, for:
1. any lost profits, data loss, cost of procurement of substitute
goods or services, or direct, indirect, incidental, special,
punitive, compensatory, or consequential damages of any kind
whatsoever resulting from:
1. your use of, or conduct in connection with, our services;
2. any unauthorized use of your wallet and/or private key due to
your failure to maintain the confidentiality of your wallet;
3. any interruption or cessation of transmission to or from the
services; or
4. any bugs, viruses, trojan horses, or the like that are found in
the Taler Wallet software or that may be transmitted to or
through our services by any third party (regardless of the
source of origination), or
2. any direct damages.
These limitations apply regardless of legal theory, whether based on
tort, strict liability, breach of contract, breach of warranty, or any
other legal theory, and whether or not we were advised of the
possibility of such damages. Some jurisdictions do not allow the
exclusion or limitation of liability for consequential or incidental
damages, so the above limitation may not apply to you.
Our services are provided "as is" and without warranty of any kind. To
the maximum extent permitted by law, we disclaim all representations
and warranties, express or implied, relating to the services and
underlying software or any content on the services, whether provided
or owned by us or by any third party, including without limitation,
warranties of merchantability, fitness for a particular purpose,
title, non-infringement, freedom from computer virus, and any implied
warranties arising from course of dealing, course of performance, or
usage in trade, all of which are expressly disclaimed. In addition, we
do not represent or warrant that the content accessible via the
services is accurate, complete, available, current, free of viruses or
other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer
of implied warranties, so the foregoing disclaimers may not apply to
you. This paragraph gives you specific legal rights and you may also
have other legal rights that vary from state to state.
Indemnity and Time limitation on claims and Termination
=======================================================
To the extent permitted by applicable law, you agree to defend,
indemnify, and hold harmless the Taler Parties from and against any
and all claims, damages, obligations, losses, liabilities, costs or
debt, and expenses (including, but not limited to, attorneys fees)
arising from: (a) your use of and access to the Services; (b) any
feedback or submissions you provide to us concerning the Taler Wallet;
(c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third
party.
You agree that any claim you may have arising out of or related to
your relationship with us must be filed within one year after such
claim arises, otherwise, your claim in permanently barred.
In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.
Discontinuance of services and Force majeure
============================================
We may, in our sole discretion and without cost to you, with or
without prior notice, and at any time, modify or discontinue,
temporarily or permanently, any portion of our Services. We will use
the Taler protocols provisions to notify Wallets if our Services are
to be discontinued. It is your responsibility to ensure that the Taler
Wallet is online at least once every three months to observe these
notifications. We shall not be held responsible or liable for any loss
of funds in the event that we discontinue or depreciate the Services
and your Taler Wallet fails to transfer out the coins within a three
months notification period.
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any
cause or condition beyond our reasonable control, including but not
limited to: any delay or failure due to any act of God, act of civil
or military authorities, act of terrorism, civil disturbance, war,
strike or other labor dispute, fire, interruption in
telecommunications or Internet services or network provider services,
failure of equipment and/or software, other catastrophe, or any other
occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Governing law, Waivers, Severability and Assignment
===================================================
No matter where youre located, the laws of Switzerland will govern
these Terms. If any provisions of these Terms are inconsistent with
any applicable law, those provisions will be superseded or modified
only to the extent such provisions are inconsistent. The parties agree
to submit to the ordinary courts in Zurich, Switzerland for exclusive
jurisdiction of any dispute arising out of or related to your use of
the Services or your breach of these Terms.
Our failure to exercise or delay in exercising any right, power, or
privilege under this Agreement shall not operate as a waiver; nor
shall any single or partial exercise of any right, power, or privilege
preclude any other or further exercise thereof.
You agree that we may assign any of our rights and/or transfer, sub-
contract, or delegate any of our obligations under these Terms.
If it turns out that any part of this Agreement is invalid, void, or
for any reason unenforceable, that term will be deemed severable and
limited or eliminated to the minimum extent necessary.
This Agreement sets forth the entire understanding and agreement as to
the subject matter hereof and supersedes any and all prior
discussions, agreements, and understandings of any kind (including,
without limitation, any prior versions of this Agreement) and every
nature between us. Except as provided for above, any modification to
this Agreement must be in writing and must be signed by both parties.
Questions or comments
=====================
We welcome comments, questions, concerns, or suggestions. Please send
us a message on our contact page at legal@taler-systems.com.

BIN
contrib/tos/en/tos-v0.pdf Normal file

Binary file not shown.

337
contrib/tos/en/tos-v0.txt Normal file
View File

@ -0,0 +1,337 @@
Terms Of Service
****************
Last Updated: 12.4.2019
Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment
service through our Internet presence (collectively the “Services”).
Before using our Services, please read the Terms of Service (the
“Terms” or the “Agreement”) carefully.
Overview
========
This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are
accepting all of the terms and conditions and not just this section.
We and possibly other third parties provide Internet services which
interact with the Taler Wallets self-hosted personal payment
application. When using the Taler Wallet to interact with our
Services, you are agreeing to our Terms, so please read carefully.
Highlights:
-----------
* You are responsible for keeping the data in your Taler Wallet at
all times under your control. Any losses arising from you not
being in control of your private information are your problem.
* We will try to transfer funds we hold in escrow for our users to
any legal recipient to the best of our ability within the
limitations of the law and our implementation. However, the
Services offered today are highly experimental and the set of
recipients of funds is severely restricted.
* For our Services, we may charge transaction fees. The specific
fee structure is provided based on the Taler protocol and should
be shown to you when you withdraw electronic coins using a Taler
Wallet. You agree and understand that the Taler protocol allows
for the fee structure to change.
* You agree to not intentionally overwhelm our systems with
requests and follow responsible disclosure if you find security
issues in our services.
* We cannot be held accountable for our Services not being
available due to circumstances beyond our control. If we modify
or terminate our services, we will try to give you the
opportunity to recover your funds. However, given the
experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the
Service to small-scale experiments expecting total loss of all
funds.
These terms outline approved uses of our Services. The Services and
these Terms are still at an experimental stage. If you have any
questions or comments related to this Agreement, please send us a
message to legal@taler-systems.com. If you do not agree to this
Agreement, you must not use our Services.
How you accept this policy
==========================
By sending funds to us (to top-up your Taler Wallet), you acknowledge
that you have read, understood, and agreed to these Terms. We reserve
the right to change these Terms at any time. If you disagree with the
change, we may in the future offer you with an easy option to recover
your unspent funds. However, in the current experimental period you
acknowledge that this feature is not yet available, resulting in your
funds being lost unless you accept the new Terms. If you continue to
use our Services other than to recover your unspent funds, your
continued use of our Services following any such change will signify
your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes
since you have last reviewed these Terms.
Services
========
We will try to transfer funds that we hold in escrow for our users to
any legal recipient to the best of our ability and within the
limitations of the law and our implementation. However, the Services
offered today are highly experimental and the set of recipients of
funds is severely restricted. The Taler Wallet can be loaded by
exchanging fiat currencies against electronic coins. We are providing
this exchange service. Once your Taler Wallet is loaded with
electronic coins they can be spent for purchases if the seller is
accepting Taler as a means of payment. We are not guaranteeing that
any seller is accepting Taler at all or a particular seller. The
seller or recipient of deposits of electronic coins must specify the
target account, as per the design of the Taler protocol. They are
responsible for following the protocol and specifying the correct bank
account, and are solely liable for any losses that may arise from
specifying the wrong account. We will allow the government to link
wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may
lead to situations where we are unable to make transfers at all or
lead to incorrect transfers that cannot be reversed. We will only
refuse to execute transfers if the transfers are prohibited by a
competent legal authority and we are ordered to do so.
When using our Services, you agree to not take any action that
intentionally imposes an unreasonable load on our infrastructure. If
you find security problems in our Services, you agree to first report
them to security@taler-systems.com and grant us the right to publish
your report. We warrant that we will ourselves publicly disclose any
issues reported within 3 months, and that we will not prosecute anyone
reporting security issues if they did not exploit the issue beyond a
proof-of-concept, and followed the above responsible disclosure
practice.
Fees
====
You agree to pay the fees for exchanges and withdrawals completed via
the Taler Wallet ("Fees") as defined by us, which we may change from
time to time. With the exception of wire transfer fees, Taler
transaction fees are set for any electronic coin at the time of
withdrawal and fixed throughout the validity period of the respective
electronic coin. Your wallet should obtain and display applicable fees
when withdrawing funds. Fees for coins obtained as change may differ
from the fees applicable to the original coin. Wire transfer fees that
are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection
with deposits, exchanges and withdrawals following the rules of the
Taler protocol. We reserve the right to provide different types of
rewards to users either in the form of discount for our Services or in
any other form at our discretion and without prior notice to you.
Eligibility and Financial self-responsibility
=============================================
To be eligible to use our Services, you must be able to form legally
binding contracts or have the permission of your legal guardian. By
using our Services, you represent and warrant that you meet all
eligibility requirements that we outline in these Terms.
You will be responsible for maintaining the availability, integrity
and confidentiality of the data stored in your wallet. When you setup
a Taler Wallet, you are strongly advised to follow the precautionary
measures offered by the software to minimize the chances to losse
access to or control over your Wallet data. We will not be liable for
any loss or damage arising from your failure to comply with this
paragraph.
Copyrights and trademarks
=========================
The Taler Wallet is released under the terms of the GNU General Public
License (GNU GPL). You have the right to access, use, and share the
Taler Wallet, in modified or unmodified form. However, the GPL is a
strong copyleft license, which means that any derivative works must be
distributed under the same license terms as the original software. If
you have any questions, you should review the GNU GPLs full terms and
conditions at https://www.gnu.org/licenses/gpl-3.0.en.html. “Taler”
itself is a trademark of Taler Systems SA. You are welcome to use the
name in relation to processing payments using the Taler protocol,
assuming your use is compatible with an official release from the GNU
Project that is not older than two years.
Limitation of liability & disclaimer of warranties
==================================================
You understand and agree that we have no control over, and no duty to
take any action regarding: Failures, disruptions, errors, or delays in
processing that you may experience while using our Services; The risk
of failure of hardware, software, and Internet connections; The risk
of malicious software being introduced or found in the software
underlying the Taler Wallet; The risk that third parties may obtain
unauthorized access to information stored within your Taler Wallet,
including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any
losses, damages, or claims arising from:
1. user error such as forgotten passwords, incorrectly constructed
transactions;
2. server failure or data loss;
3. unauthorized access to the Taler Wallet application;
4. bugs or other errors in the Taler Wallet software; and
5. any unauthorized third party activities, including, but not limited
to, the use of viruses, phishing, brute forcing, or other means of
attack against the Taler Wallet. We make no representations
concerning any Third Party Content contained in or accessed through
our Services.
Any other terms, conditions, warranties, or representations associated
with such content, are solely between you and such organizations
and/or individuals.
To the fullest extent permitted by applicable law, in no event will we
or any of our officers, directors, representatives, agents, servants,
counsel, employees, consultants, lawyers, and other personnel
authorized to act, acting, or purporting to act on our behalf
(collectively the “Taler Parties”) be liable to you under contract,
tort, strict liability, negligence, or any other legal or equitable
theory, for:
1. any lost profits, data loss, cost of procurement of substitute
goods or services, or direct, indirect, incidental, special,
punitive, compensatory, or consequential damages of any kind
whatsoever resulting from:
1. your use of, or conduct in connection with, our services;
2. any unauthorized use of your wallet and/or private key due to
your failure to maintain the confidentiality of your wallet;
3. any interruption or cessation of transmission to or from the
services; or
4. any bugs, viruses, trojan horses, or the like that are found in
the Taler Wallet software or that may be transmitted to or
through our services by any third party (regardless of the
source of origination), or
2. any direct damages.
These limitations apply regardless of legal theory, whether based on
tort, strict liability, breach of contract, breach of warranty, or any
other legal theory, and whether or not we were advised of the
possibility of such damages. Some jurisdictions do not allow the
exclusion or limitation of liability for consequential or incidental
damages, so the above limitation may not apply to you.
Our services are provided "as is" and without warranty of any kind. To
the maximum extent permitted by law, we disclaim all representations
and warranties, express or implied, relating to the services and
underlying software or any content on the services, whether provided
or owned by us or by any third party, including without limitation,
warranties of merchantability, fitness for a particular purpose,
title, non-infringement, freedom from computer virus, and any implied
warranties arising from course of dealing, course of performance, or
usage in trade, all of which are expressly disclaimed. In addition, we
do not represent or warrant that the content accessible via the
services is accurate, complete, available, current, free of viruses or
other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer
of implied warranties, so the foregoing disclaimers may not apply to
you. This paragraph gives you specific legal rights and you may also
have other legal rights that vary from state to state.
Indemnity and Time limitation on claims and Termination
=======================================================
To the extent permitted by applicable law, you agree to defend,
indemnify, and hold harmless the Taler Parties from and against any
and all claims, damages, obligations, losses, liabilities, costs or
debt, and expenses (including, but not limited to, attorneys fees)
arising from: (a) your use of and access to the Services; (b) any
feedback or submissions you provide to us concerning the Taler Wallet;
(c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third
party.
You agree that any claim you may have arising out of or related to
your relationship with us must be filed within one year after such
claim arises, otherwise, your claim in permanently barred.
In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.
Discontinuance of services and Force majeure
============================================
We may, in our sole discretion and without cost to you, with or
without prior notice, and at any time, modify or discontinue,
temporarily or permanently, any portion of our Services. We will use
the Taler protocols provisions to notify Wallets if our Services are
to be discontinued. It is your responsibility to ensure that the Taler
Wallet is online at least once every three months to observe these
notifications. We shall not be held responsible or liable for any loss
of funds in the event that we discontinue or depreciate the Services
and your Taler Wallet fails to transfer out the coins within a three
months notification period.
We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any
cause or condition beyond our reasonable control, including but not
limited to: any delay or failure due to any act of God, act of civil
or military authorities, act of terrorism, civil disturbance, war,
strike or other labor dispute, fire, interruption in
telecommunications or Internet services or network provider services,
failure of equipment and/or software, other catastrophe, or any other
occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.
Governing law, Waivers, Severability and Assignment
===================================================
No matter where youre located, the laws of Switzerland will govern
these Terms. If any provisions of these Terms are inconsistent with
any applicable law, those provisions will be superseded or modified
only to the extent such provisions are inconsistent. The parties agree
to submit to the ordinary courts in Zurich, Switzerland for exclusive
jurisdiction of any dispute arising out of or related to your use of
the Services or your breach of these Terms.
Our failure to exercise or delay in exercising any right, power, or
privilege under this Agreement shall not operate as a waiver; nor
shall any single or partial exercise of any right, power, or privilege
preclude any other or further exercise thereof.
You agree that we may assign any of our rights and/or transfer, sub-
contract, or delegate any of our obligations under these Terms.
If it turns out that any part of this Agreement is invalid, void, or
for any reason unenforceable, that term will be deemed severable and
limited or eliminated to the minimum extent necessary.
This Agreement sets forth the entire understanding and agreement as to
the subject matter hereof and supersedes any and all prior
discussions, agreements, and understandings of any kind (including,
without limitation, any prior versions of this Agreement) and every
nature between us. Except as provided for above, any modification to
this Agreement must be in writing and must be signed by both parties.
Questions or comments
=====================
We welcome comments, questions, concerns, or suggestions. Please send
us a message on our contact page at legal@taler-systems.com.

311
contrib/tos/en/tos-v0.xml Normal file
View File

@ -0,0 +1,311 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE document PUBLIC "+//IDN docutils.sourceforge.net//DTD Docutils Generic//EN//XML" "http://docutils.sourceforge.net/docs/ref/docutils.dtd">
<!-- Generated by Docutils 0.16 -->
<document source="/research/taler/exchange/contrib/tos/tos-v0.rst">
<section ids="terms-of-service" names="terms\ of\ service">
<title>Terms Of Service</title>
<paragraph>Last Updated: 12.4.2019</paragraph>
<paragraph>Welcome! Taler Systems SA (“we,” “our,” or “us”) provides a payment service
through our Internet presence (collectively the “Services”). Before using our
Services, please read the Terms of Service (the “Terms” or the “Agreement”)
carefully.</paragraph>
<section ids="overview" names="overview">
<title>Overview</title>
<paragraph>This section provides a brief summary of the highlights of this
Agreement. Please note that when you accept this Agreement, you are accepting
all of the terms and conditions and not just this section. We and possibly
other third parties provide Internet services which interact with the Taler
Wallets self-hosted personal payment application. When using the Taler Wallet
to interact with our Services, you are agreeing to our Terms, so please read
carefully.</paragraph>
<section ids="highlights" names="highlights:">
<title>Highlights:</title>
<block_quote>
<bullet_list bullet="•">
<list_item>
<paragraph>You are responsible for keeping the data in your Taler Wallet at all times
under your control. Any losses arising from you not being in control of
your private information are your problem.</paragraph>
</list_item>
<list_item>
<paragraph>We will try to transfer funds we hold in escrow for our users to any legal
recipient to the best of our ability within the limitations of the law and
our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted.</paragraph>
</list_item>
<list_item>
<paragraph>For our Services, we may charge transaction fees. The specific fee structure
is provided based on the Taler protocol and should be shown to you when you
withdraw electronic coins using a Taler Wallet. You agree and understand
that the Taler protocol allows for the fee structure to change.</paragraph>
</list_item>
<list_item>
<paragraph>You agree to not intentionally overwhelm our systems with requests and
follow responsible disclosure if you find security issues in our services.</paragraph>
</list_item>
<list_item>
<paragraph>We cannot be held accountable for our Services not being available due to
circumstances beyond our control. If we modify or terminate our services,
we will try to give you the opportunity to recover your funds. However,
given the experimental state of the Services today, this may not be
possible. You are strongly advised to limit your use of the Service
to small-scale experiments expecting total loss of all funds.</paragraph>
</list_item>
</bullet_list>
</block_quote>
<paragraph>These terms outline approved uses of our Services. The Services and these
Terms are still at an experimental stage. If you have any questions or
comments related to this Agreement, please send us a message to
<reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>. If you do not agree to this Agreement, you must not
use our Services.</paragraph>
</section>
</section>
<section ids="how-you-accept-this-policy" names="how\ you\ accept\ this\ policy">
<title>How you accept this policy</title>
<paragraph>By sending funds to us (to top-up your Taler Wallet), you acknowledge that you
have read, understood, and agreed to these Terms. We reserve the right to
change these Terms at any time. If you disagree with the change, we may in the
future offer you with an easy option to recover your unspent funds. However,
in the current experimental period you acknowledge that this feature is not
yet available, resulting in your funds being lost unless you accept the new
Terms. If you continue to use our Services other than to recover your unspent
funds, your continued use of our Services following any such change will
signify your acceptance to be bound by the then current Terms. Please check
the effective date above to determine if there have been any changes since you
have last reviewed these Terms.</paragraph>
</section>
<section ids="services" names="services">
<title>Services</title>
<paragraph>We will try to transfer funds that we hold in escrow for our users to any
legal recipient to the best of our ability and within the limitations of the
law and our implementation. However, the Services offered today are highly
experimental and the set of recipients of funds is severely restricted. The
Taler Wallet can be loaded by exchanging fiat currencies against electronic
coins. We are providing this exchange service. Once your Taler Wallet is
loaded with electronic coins they can be spent for purchases if the seller is
accepting Taler as a means of payment. We are not guaranteeing that any seller
is accepting Taler at all or a particular seller. The seller or recipient of
deposits of electronic coins must specify the target account, as per the
design of the Taler protocol. They are responsible for following the protocol
and specifying the correct bank account, and are solely liable for any losses
that may arise from specifying the wrong account. We will allow the government
to link wire transfers to the underlying contract hash. It is the
responsibility of recipients to preserve the full contracts and to pay
whatever taxes and charges may be applicable. Technical issues may lead to
situations where we are unable to make transfers at all or lead to incorrect
transfers that cannot be reversed. We will only refuse to execute transfers if
the transfers are prohibited by a competent legal authority and we are ordered
to do so.</paragraph>
<paragraph>When using our Services, you agree to not take any action that intentionally
imposes an unreasonable load on our infrastructure. If you find security
problems in our Services, you agree to first report them to
<reference refuri="mailto:security@taler-systems.com">security@taler-systems.com</reference> and grant us the right to publish your report. We
warrant that we will ourselves publicly disclose any issues reported within 3
months, and that we will not prosecute anyone reporting security issues if
they did not exploit the issue beyond a proof-of-concept, and followed the
above responsible disclosure practice.</paragraph>
</section>
<section ids="fees" names="fees">
<title>Fees</title>
<paragraph>You agree to pay the fees for exchanges and withdrawals completed via the
Taler Wallet (“Fees”) as defined by us, which we may change from time to
time. With the exception of wire transfer fees, Taler transaction fees are set
for any electronic coin at the time of withdrawal and fixed throughout the
validity period of the respective electronic coin. Your wallet should obtain
and display applicable fees when withdrawing funds. Fees for coins obtained as
change may differ from the fees applicable to the original coin. Wire transfer
fees that are independent from electronic coins may change annually. You
authorize us to charge or deduct applicable fees owed in connection with
deposits, exchanges and withdrawals following the rules of the Taler protocol.
We reserve the right to provide different types of rewards to users either in
the form of discount for our Services or in any other form at our discretion
and without prior notice to you.</paragraph>
</section>
<section ids="eligibility-and-financial-self-responsibility" names="eligibility\ and\ financial\ self-responsibility">
<title>Eligibility and Financial self-responsibility</title>
<paragraph>To be eligible to use our Services, you must be able to form legally binding
contracts or have the permission of your legal guardian. By using our
Services, you represent and warrant that you meet all eligibility requirements
that we outline in these Terms.</paragraph>
<paragraph>You will be responsible for maintaining the availability, integrity and
confidentiality of the data stored in your wallet. When you setup a Taler
Wallet, you are strongly advised to follow the precautionary measures offered
by the software to minimize the chances to losse access to or control over
your Wallet data. We will not be liable for any loss or damage arising from
your failure to comply with this paragraph.</paragraph>
</section>
<section ids="copyrights-and-trademarks" names="copyrights\ and\ trademarks">
<title>Copyrights and trademarks</title>
<paragraph>The Taler Wallet is released under the terms of the GNU General Public License
(GNU GPL). You have the right to access, use, and share the Taler Wallet, in
modified or unmodified form. However, the GPL is a strong copyleft license,
which means that any derivative works must be distributed under the same
license terms as the original software. If you have any questions, you should
review the GNU GPLs full terms and conditions at
<reference refuri="https://www.gnu.org/licenses/gpl-3.0.en.html">https://www.gnu.org/licenses/gpl-3.0.en.html</reference>. “Taler” itself is a trademark
of Taler Systems SA. You are welcome to use the name in relation to processing
payments using the Taler protocol, assuming your use is compatible with an
official release from the GNU Project that is not older than two years.</paragraph>
</section>
<section ids="limitation-of-liability-disclaimer-of-warranties" names="limitation\ of\ liability\ &amp;\ disclaimer\ of\ warranties">
<title>Limitation of liability &amp; disclaimer of warranties</title>
<paragraph>You understand and agree that we have no control over, and no duty to take any
action regarding: Failures, disruptions, errors, or delays in processing that
you may experience while using our Services; The risk of failure of hardware,
software, and Internet connections; The risk of malicious software being
introduced or found in the software underlying the Taler Wallet; The risk that
third parties may obtain unauthorized access to information stored within your
Taler Wallet, including, but not limited to your Taler Wallet coins or backup
encryption keys. You release us from all liability related to any losses,
damages, or claims arising from:</paragraph>
<enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
<list_item>
<paragraph>user error such as forgotten passwords, incorrectly constructed
transactions;</paragraph>
</list_item>
<list_item>
<paragraph>server failure or data loss;</paragraph>
</list_item>
<list_item>
<paragraph>unauthorized access to the Taler Wallet application;</paragraph>
</list_item>
<list_item>
<paragraph>bugs or other errors in the Taler Wallet software; and</paragraph>
</list_item>
<list_item>
<paragraph>any unauthorized third party activities, including, but not limited to,
the use of viruses, phishing, brute forcing, or other means of attack
against the Taler Wallet. We make no representations concerning any
Third Party Content contained in or accessed through our Services.</paragraph>
</list_item>
</enumerated_list>
<paragraph>Any other terms, conditions, warranties, or representations associated with
such content, are solely between you and such organizations and/or
individuals.</paragraph>
<paragraph>To the fullest extent permitted by applicable law, in no event will we or any
of our officers, directors, representatives, agents, servants, counsel,
employees, consultants, lawyers, and other personnel authorized to act,
acting, or purporting to act on our behalf (collectively the “Taler Parties”)
be liable to you under contract, tort, strict liability, negligence, or any
other legal or equitable theory, for:</paragraph>
<enumerated_list enumtype="loweralpha" prefix="(" suffix=")">
<list_item>
<paragraph>any lost profits, data loss, cost of procurement of substitute goods or
services, or direct, indirect, incidental, special, punitive, compensatory,
or consequential damages of any kind whatsoever resulting from:</paragraph>
</list_item>
</enumerated_list>
<block_quote>
<enumerated_list enumtype="lowerroman" prefix="(" suffix=")">
<list_item>
<paragraph>your use of, or conduct in connection with, our services;</paragraph>
</list_item>
<list_item>
<paragraph>any unauthorized use of your wallet and/or private key due to your
failure to maintain the confidentiality of your wallet;</paragraph>
</list_item>
<list_item>
<paragraph>any interruption or cessation of transmission to or from the services; or</paragraph>
</list_item>
<list_item>
<paragraph>any bugs, viruses, trojan horses, or the like that are found in the Taler
Wallet software or that may be transmitted to or through our services by
any third party (regardless of the source of origination), or</paragraph>
</list_item>
</enumerated_list>
</block_quote>
<enumerated_list enumtype="loweralpha" prefix="(" start="2" suffix=")">
<list_item>
<paragraph>any direct damages.</paragraph>
</list_item>
</enumerated_list>
<paragraph>These limitations apply regardless of legal theory, whether based on tort,
strict liability, breach of contract, breach of warranty, or any other legal
theory, and whether or not we were advised of the possibility of such
damages. Some jurisdictions do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the above limitation may
not apply to you.</paragraph>
<paragraph>Our services are provided “as is” and without warranty of any kind. To the
maximum extent permitted by law, we disclaim all representations and
warranties, express or implied, relating to the services and underlying
software or any content on the services, whether provided or owned by us or by
any third party, including without limitation, warranties of merchantability,
fitness for a particular purpose, title, non-infringement, freedom from
computer virus, and any implied warranties arising from course of dealing,
course of performance, or usage in trade, all of which are expressly
disclaimed. In addition, we do not represent or warrant that the content
accessible via the services is accurate, complete, available, current, free of
viruses or other harmful components, or that the results of using the services
will meet your requirements. Some states do not allow the disclaimer of
implied warranties, so the foregoing disclaimers may not apply to you. This
paragraph gives you specific legal rights and you may also have other legal
rights that vary from state to state.</paragraph>
</section>
<section ids="indemnity-and-time-limitation-on-claims-and-termination" names="indemnity\ and\ time\ limitation\ on\ claims\ and\ termination">
<title>Indemnity and Time limitation on claims and Termination</title>
<paragraph>To the extent permitted by applicable law, you agree to defend, indemnify, and
hold harmless the Taler Parties from and against any and all claims, damages,
obligations, losses, liabilities, costs or debt, and expenses (including, but
not limited to, attorneys fees) arising from: (a) your use of and access to
the Services; (b) any feedback or submissions you provide to us concerning the
Taler Wallet; (c) your violation of any term of this Agreement; or (d) your
violation of any law, rule, or regulation, or the rights of any third party.</paragraph>
<paragraph>You agree that any claim you may have arising out of or related to your
relationship with us must be filed within one year after such claim arises,
otherwise, your claim in permanently barred.</paragraph>
<paragraph>In the event of termination concerning your use of our Services, your
obligations under this Agreement will still continue.</paragraph>
</section>
<section ids="discontinuance-of-services-and-force-majeure" names="discontinuance\ of\ services\ and\ force\ majeure">
<title>Discontinuance of services and Force majeure</title>
<paragraph>We may, in our sole discretion and without cost to you, with or without prior
notice, and at any time, modify or discontinue, temporarily or permanently,
any portion of our Services. We will use the Taler protocols provisions to
notify Wallets if our Services are to be discontinued. It is your
responsibility to ensure that the Taler Wallet is online at least once every
three months to observe these notifications. We shall not be held responsible
or liable for any loss of funds in the event that we discontinue or depreciate
the Services and your Taler Wallet fails to transfer out the coins within a
three months notification period.</paragraph>
<paragraph>We shall not be held liable for any delays, failure in performance, or
interruptions of service which result directly or indirectly from any cause or
condition beyond our reasonable control, including but not limited to: any
delay or failure due to any act of God, act of civil or military authorities,
act of terrorism, civil disturbance, war, strike or other labor dispute, fire,
interruption in telecommunications or Internet services or network provider
services, failure of equipment and/or software, other catastrophe, or any
other occurrence which is beyond our reasonable control and shall not affect
the validity and enforceability of any remaining provisions.</paragraph>
</section>
<section ids="governing-law-waivers-severability-and-assignment" names="governing\ law,\ waivers,\ severability\ and\ assignment">
<title>Governing law, Waivers, Severability and Assignment</title>
<paragraph>No matter where youre located, the laws of Switzerland will govern these
Terms. If any provisions of these Terms are inconsistent with any applicable
law, those provisions will be superseded or modified only to the extent such
provisions are inconsistent. The parties agree to submit to the ordinary
courts in Zurich, Switzerland for exclusive jurisdiction of any dispute
arising out of or related to your use of the Services or your breach of these
Terms.</paragraph>
<paragraph>Our failure to exercise or delay in exercising any right, power, or privilege
under this Agreement shall not operate as a waiver; nor shall any single or
partial exercise of any right, power, or privilege preclude any other or
further exercise thereof.</paragraph>
<paragraph>You agree that we may assign any of our rights and/or transfer, sub-contract,
or delegate any of our obligations under these Terms.</paragraph>
<paragraph>If it turns out that any part of this Agreement is invalid, void, or for any
reason unenforceable, that term will be deemed severable and limited or
eliminated to the minimum extent necessary.</paragraph>
<paragraph>This Agreement sets forth the entire understanding and agreement as to the
subject matter hereof and supersedes any and all prior discussions,
agreements, and understandings of any kind (including, without limitation, any
prior versions of this Agreement) and every nature between us. Except as
provided for above, any modification to this Agreement must be in writing and
must be signed by both parties.</paragraph>
</section>
<section ids="questions-or-comments" names="questions\ or\ comments">
<title>Questions or comments</title>
<paragraph>We welcome comments, questions, concerns, or suggestions. Please send us a
message on our contact page at <reference refuri="mailto:legal@taler-systems.com">legal@taler-systems.com</reference>.</paragraph>
</section>
</section>
</document>

View File

@ -1,11 +1,10 @@
#!/bin/sh #!/bin/sh
# use as .git/hooks/pre-commit # use as .git/hooks/pre-commit
exec 1>&2 exec 1>&2
RET=0 RET=0
changed=$(git diff --cached --name-only) changed=$(git diff --cached --name-only | grep -v mustach)
crustified="" crustified=""
for f in $changed; for f in $changed;

View File

@ -14,7 +14,8 @@ cd pp
for l in $@ for l in $@
do do
mkdir -p $l mkdir -p $l
echo Generating PP for language $l echo "Generating PP for language $l"
cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
# 'f' is for the supported formats, note that the 'make' target # 'f' is for the supported formats, note that the 'make' target
# MUST match the file extension. # MUST match the file extension.
for f in html txt pdf epub xml for f in html txt pdf epub xml
@ -22,7 +23,16 @@ do
rm -rf _build rm -rf _build
echo " Generating format $f" echo " Generating format $f"
make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
mv _build/$f/pp.$f $l/${VERSION}.$f if test $f = "html"
then
htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
else
mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
fi
if test $f = "txt"
then
cp $l/${VERSION}.$f $l/${VERSION}.md
fi
done done
done done
cd .. cd ..

View File

@ -14,7 +14,8 @@ cd tos
for l in $@ for l in $@
do do
mkdir -p $l mkdir -p $l
echo Generating TOS for language $l echo "Generating TOS for language $l"
cat conf.py.in | sed -e "s/%VERSION%/$VERSION/g" > conf.py
# 'f' is for the supported formats, note that the 'make' target # 'f' is for the supported formats, note that the 'make' target
# MUST match the file extension. # MUST match the file extension.
for f in html txt pdf epub xml for f in html txt pdf epub xml
@ -22,7 +23,17 @@ do
rm -rf _build rm -rf _build
echo " Generating format $f" echo " Generating format $f"
make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null make -e SPHINXOPTS="-D language='$l'" $f >>sphinx.log 2>>sphinx.err < /dev/null
mv _build/$f/tos.$f $l/${VERSION}.$f if test $f = "html"
then
htmlark -o $l/${VERSION}.$f _build/$f/${VERSION}.$f
else
mv _build/$f/${VERSION}.$f $l/${VERSION}.$f
fi
if test $f = "txt"
then
cp $l/${VERSION}.$f $l/${VERSION}.md
fi
done done
done done
cd .. cd ..
echo "Success"

18
debian/changelog vendored
View File

@ -1,3 +1,21 @@
taler-exchange (0.9.1) unstable; urgency=low
* Packaging latest release.
-- Christian Grothoff <grothoff@gnu.org> Tue, 17 Jan 2023 11:50:12 +0200
taler-exchange (0.9.0) unstable; urgency=low
* Packaging latest release.
-- Christian Grothoff <grothoff@gnu.org> Sat, 5 Nov 2022 11:50:12 +0200
taler-exchange (0.8.99-2) unstable; urgency=low
* Packaging latest pre-release from Git.
-- Christian Grothoff <grothoff@gnu.org> Mon, 26 Sep 2022 09:50:12 +0200
taler-exchange (0.8.99-1) unstable; urgency=low taler-exchange (0.8.99-1) unstable; urgency=low
* Updating to latest pre-release from Git. * Updating to latest pre-release from Git.

48
debian/control vendored
View File

@ -39,7 +39,12 @@ Depends:
netbase, netbase,
${misc:Depends}, ${misc:Depends},
${shlibs:Depends} ${shlibs:Depends}
Description: libraries to talk to a GNU Taler exchange Description: Libraries to talk to a GNU Taler exchange.
The package also contains various files fundamental
to all GNU Taler installations, such as the
taler-config configuration command-line tool,
various base configuration files and associated
documentation.
Package: taler-exchange-database Package: taler-exchange-database
Architecture: any Architecture: any
@ -50,7 +55,10 @@ Depends:
netbase, netbase,
${misc:Depends}, ${misc:Depends},
${shlibs:Depends} ${shlibs:Depends}
Description: programs and libraries to manage a GNU Taler exchange database Description: Programs and libraries to manage a GNU Taler exchange database.
This package contains only the code to setup the
(Postgresql) database interaction (taler-exchange-dbinit
and associated resource files).
Package: taler-exchange Package: taler-exchange
Architecture: any Architecture: any
@ -69,7 +77,22 @@ Depends:
Recommends: Recommends:
taler-exchange-offline (= ${binary:Version}), taler-exchange-offline (= ${binary:Version}),
postgresql (>=13.0) postgresql (>=13.0)
Description: GNU's payment system operator Description: GNU's payment system operator.
GNU Taler is the privacy-preserving digital payment
system from the GNU project. This package contains the
core logic that must be run by the payment service
provider or bank to offer payments to consumers and
merchants. At least one exchange must be operated
per currency.
In addition to the core logic, an exchange operator
must also have a system running the "offline" logic
which is packaged as taler-exchange-offline. It is
recommended to keep the "offline" logic on a system
that is never connected to the Internet. However, it
is also possible to run the "offline" logic directly
on the production system, especially for testing.
Finally, an exchange operator should also be prepared
to run a taler-auditor.
Package: taler-exchange-offline Package: taler-exchange-offline
Architecture: any Architecture: any
@ -82,7 +105,14 @@ Depends:
netbase, netbase,
${misc:Depends}, ${misc:Depends},
${shlibs:Depends} ${shlibs:Depends}
Description: tools for managing the GNU Taler exchange offline keys Description: Tools for managing the GNU Taler exchange offline keys.
A GNU Taler exchange uses an offline key to sign its online
keys, fee structure, bank routing information and other meta
data. The offline signing key is the root of the Taler PKI
that is then embedded in consumer wallets and merchant backends.
This package includes the tool to download material to sign
from the exchange, create signatures, and upload the resulting
signatures to the exchange.
Package: taler-auditor Package: taler-auditor
Architecture: any Architecture: any
@ -98,7 +128,15 @@ Depends:
python3-jinja2, python3-jinja2,
${misc:Depends}, ${misc:Depends},
${shlibs:Depends} ${shlibs:Depends}
Description: GNU's payment system auditor Description: GNU's payment system auditor.
GNU Taler is the privacy-preserving digital payment
system from the GNU project. This package contains the
auditor logic. It verifies that the taler-exchange run
by a payment service provider is correctly performing
its bank transactions and thus has the correct balance
in its escrow account. Each exchange operator is
expected to make use of one or more auditors as part
of its regulatory compliance.
Package: libtalerexchange-dev Package: libtalerexchange-dev
Section: libdevel Section: libdevel

View File

@ -3,12 +3,17 @@ usr/bin/taler-aggregator-benchmark
usr/bin/taler-exchange-benchmark usr/bin/taler-exchange-benchmark
usr/bin/taler-fakebank-run usr/bin/taler-fakebank-run
usr/bin/taler-bank-benchmark usr/bin/taler-bank-benchmark
usr/bin/taler-exchange-kyc-tester
# Only used in test cases. Maybe these # Only used in test cases. Maybe these
# shouldn't even be installed? # shouldn't even be installed?
usr/bin/taler-nexus-prepare usr/bin/taler-nexus-prepare
usr/bin/taler-bank-manage-testing usr/bin/taler-bank-manage-testing
# Man pages
usr/share/man/man1/taler-exchange-kyc-tester*
# Headers # Headers
usr/include/taler/* usr/include/taler/*

3
debian/rules vendored
View File

@ -7,6 +7,9 @@ include /usr/share/dpkg/architecture.mk
%: %:
dh ${@} dh ${@}
override_dh_builddeb:
dh_builddeb -- -Zgzip
override_dh_auto_configure-arch: override_dh_auto_configure-arch:
dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure) dh_auto_configure -- --disable-rpath --with-microhttpd=yes $(shell dpkg-buildflags --export=configure)

View File

@ -1,6 +1,7 @@
usr/bin/taler-exchange-aggregator usr/bin/taler-exchange-aggregator
usr/bin/taler-exchange-closer usr/bin/taler-exchange-closer
usr/bin/taler-exchange-dbinit usr/bin/taler-exchange-dbinit
usr/bin/taler-exchange-drain
usr/bin/taler-exchange-expire usr/bin/taler-exchange-expire
usr/bin/taler-exchange-httpd usr/bin/taler-exchange-httpd
usr/bin/taler-exchange-router usr/bin/taler-exchange-router
@ -10,9 +11,12 @@ usr/bin/taler-exchange-secmod-rsa
usr/bin/taler-exchange-transfer usr/bin/taler-exchange-transfer
usr/bin/taler-exchange-wirewatch usr/bin/taler-exchange-wirewatch
usr/bin/taler-exchange-wire-gateway-client usr/bin/taler-exchange-wire-gateway-client
usr/lib/*/taler/libtaler_plugin_kyclogic_*.so
usr/lib/*/taler/libtaler_extension_*.so
usr/share/man/man1/taler-exchange-aggregator* usr/share/man/man1/taler-exchange-aggregator*
usr/share/man/man1/taler-exchange-closer* usr/share/man/man1/taler-exchange-closer*
usr/share/man/man1/taler-exchange-dbinit* usr/share/man/man1/taler-exchange-dbinit*
usr/share/man/man1/taler-exchange-drain*
usr/share/man/man1/taler-exchange-expire* usr/share/man/man1/taler-exchange-expire*
usr/share/man/man1/taler-exchange-httpd* usr/share/man/man1/taler-exchange-httpd*
usr/share/man/man1/taler-exchange-router* usr/share/man/man1/taler-exchange-router*
@ -26,6 +30,7 @@ usr/share/man/man1/taler-exchange-wire-gateway-client*
usr/share/info/taler-bank* usr/share/info/taler-bank*
usr/share/info/taler-exchange* usr/share/info/taler-exchange*
usr/share/taler/config.d/* usr/share/taler/config.d/*
usr/share/taler/exchange/templates/*.must
# configuration files in /etc/taler # configuration files in /etc/taler
debian/etc-taler-exchange/* etc/ debian/etc-taler-exchange/* etc/

View File

@ -7,13 +7,16 @@ if [ -f /usr/share/debconf/confmodule ]; then
fi fi
case "${1}" in case "${1}" in
purge) ;; purge)
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear) ;; rm -rf /var/lib/taler/exchange-offline /var/lib/taler/exchange-secmod-*
;;
remove | upgrade | failed-upgrade | abort-install | abort-upgrade | disappear)
;;
*) *)
echo "postrm called with unknown argument \`${1}'" >&2 echo "postrm called with unknown argument \`${1}'" >&2
exit 1 exit 1
;; ;;
esac esac
#DEBHELPER# #DEBHELPER#

View File

@ -1,6 +1,7 @@
[Unit] [Unit]
Description=GNU Taler payment system exchange aggregator service Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target PartOf=taler-exchange.target
After=postgres.service
[Service] [Service]
User=taler-exchange-aggregator User=taler-exchange-aggregator
@ -13,3 +14,4 @@ StandardError=journal
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -0,0 +1,16 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-aggregator
Type=simple
Restart=always
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -1,6 +1,7 @@
[Unit] [Unit]
Description=GNU Taler payment system exchange closer service Description=GNU Taler payment system exchange closer service
PartOf=taler-exchange.target PartOf=taler-exchange.target
After=network.target postgres.service
[Service] [Service]
User=taler-exchange-closer User=taler-exchange-closer
@ -13,3 +14,4 @@ StandardError=journal
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -1,6 +1,7 @@
[Unit] [Unit]
Description=GNU Taler payment system exchange expire service Description=GNU Taler payment system exchange expire service
PartOf=taler-exchange.target PartOf=taler-exchange.target
After=postgres.service
[Service] [Service]
User=taler-exchange-expire User=taler-exchange-expire
@ -13,3 +14,4 @@ StandardError=journal
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -19,6 +19,7 @@ StandardError=journal
PrivateTmp=no PrivateTmp=no
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -21,6 +21,7 @@ StandardError=journal
PrivateTmp=no PrivateTmp=no
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -14,3 +14,5 @@ StandardError=journal
PrivateTmp=no PrivateTmp=no
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

View File

@ -14,3 +14,6 @@ StandardError=journal
PrivateTmp=no PrivateTmp=no
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

View File

@ -14,3 +14,5 @@ StandardError=journal
PrivateTmp=no PrivateTmp=no
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

View File

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=Taler Exchange Transfer Service Description=Taler Exchange Transfer Service
After=network.target After=network.target postgres.service
PartOf=taler-exchange.target PartOf=taler-exchange.target
[Service] [Service]
@ -14,3 +14,4 @@ StandardError=journal
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -1,6 +1,6 @@
[Unit] [Unit]
Description=GNU Taler payment system exchange wirewatch service Description=GNU Taler payment system exchange wirewatch service
After=network.target After=network.target postgres.service
PartOf=taler-exchange.target PartOf=taler-exchange.target
[Service] [Service]
@ -14,3 +14,4 @@ StandardError=journal
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -14,3 +14,4 @@ StandardError=journal
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectSystem=full ProtectSystem=full
Slice=taler-exchange.slice

View File

@ -0,0 +1,7 @@
[Unit]
Description=Slice for GNU taler exchange processes
Before=slices.target
[Slice]
# Add settings that should affect all GNU Taler exchange
# components here.

View File

@ -21,19 +21,22 @@ man_MANS = \
prebuilt/man/taler-exchange-benchmark.1 \ prebuilt/man/taler-exchange-benchmark.1 \
prebuilt/man/taler-exchange-closer.1 \ prebuilt/man/taler-exchange-closer.1 \
prebuilt/man/taler-exchange-dbinit.1 \ prebuilt/man/taler-exchange-dbinit.1 \
prebuilt/man/taler-exchange-drain.1 \
prebuilt/man/taler-exchange-expire.1 \ prebuilt/man/taler-exchange-expire.1 \
prebuilt/man/taler-exchange-httpd.1 \ prebuilt/man/taler-exchange-httpd.1 \
prebuilt/man/taler-exchange-kyc-tester.1 \
prebuilt/man/taler-exchange-offline.1 \ prebuilt/man/taler-exchange-offline.1 \
prebuilt/man/taler-exchange-router.1\
prebuilt/man/taler-exchange-secmod-cs.1\ prebuilt/man/taler-exchange-secmod-cs.1\
prebuilt/man/taler-exchange-secmod-eddsa.1\ prebuilt/man/taler-exchange-secmod-eddsa.1\
prebuilt/man/taler-exchange-secmod-rsa.1 \ prebuilt/man/taler-exchange-secmod-rsa.1 \
prebuilt/man/taler-exchange-router.1\
prebuilt/man/taler-exchange-transfer.1\ prebuilt/man/taler-exchange-transfer.1\
prebuilt/man/taler-exchange-wirewatch.1 \
prebuilt/man/taler-exchange-wire-gateway-client.1\ prebuilt/man/taler-exchange-wire-gateway-client.1\
prebuilt/man/taler-exchange-wirewatch.1 \
prebuilt/man/taler-helper-auditor-aggregation.1 \ prebuilt/man/taler-helper-auditor-aggregation.1 \
prebuilt/man/taler-helper-auditor-coins.1\ prebuilt/man/taler-helper-auditor-coins.1\
prebuilt/man/taler-helper-auditor-deposits.1\ prebuilt/man/taler-helper-auditor-deposits.1\
prebuilt/man/taler-helper-auditor-purses.1\
prebuilt/man/taler-helper-auditor-reserves.1\ prebuilt/man/taler-helper-auditor-reserves.1\
prebuilt/man/taler-helper-auditor-wire.1 prebuilt/man/taler-helper-auditor-wire.1

View File

@ -1,12 +1,12 @@
%!TEX root = ../thesis.tex %!TEX root = ../thesis.tex
% %
% vorher in Konsole folgendes aufrufen: % vorher in Konsole folgendes aufrufen:
% makeglossaries makeglossaries dokumentation.acn && makeglossaries dokumentation.glo % makeglossaries makeglossaries dokumentation.acn && makeglossaries dokumentation.glo
% %
% %
% Glossareintraege --> referenz, name, beschreibung % Glossareintraege --> reference, name, beschreibung
% Aufruf mit \gls{...} % Aufruf mit \gls{...}
% %
% \newglossaryentry{non-repudiation}{name={non-repudiation},plural={non-repudiation},description={After a message is signed, one can not dispute that a message was signed}} % \newglossaryentry{non-repudiation}{name={non-repudiation},plural={non-repudiation},description={After a message is signed, one can not dispute that a message was signed}}
@ -18,36 +18,36 @@
} }
\newglossaryentry{25519}{ \newglossaryentry{25519}{
name = {Curve25519}, name = {Curve25519},
description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}} description = {A popular elliptic curve used in many cryptographic systems based on elliptic curve cryptography. See section \ref{par:curve25519}}
} }
\newglossaryentry{fdh}{ \newglossaryentry{fdh}{
name = {FDH}, name = {FDH},
description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}. description = {A Full-Domain Hash is a hash function with an image size equal to the original gorup. See section \ref{sec:rsa-fdh}}.
} }
\newglossaryentry{idempotence}{ \newglossaryentry{idempotence}{
name = {idempotence}, name = {idempotence},
description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}} description = {Idempotence in the context of computer science is a property to ensure that the state of system will not change, no matter how many times the same request was made. See section \ref{abort-idempotency}}
} }
\newglossaryentry{abort-idempotency}{ \newglossaryentry{abort-idempotency}{
name = {abort-idempotency}, name = {abort-idempotency},
description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}} description = {Abort-idempotency is a special case of \gls{idempotence}. On every step in a protocol it needs to be ensured that even on an abort, the same request always receives the same response. See section \ref{abort-idempotency}}
} }
\newglossaryentry{RSABS}{ \newglossaryentry{RSABS}{
name = {RSA Blind Signatures}, name = {RSA Blind Signatures},
description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}} description = {Chaums Blind Signature Scheme based on RSA. See section \ref{sec:blind-rsa-sign}}
} }
\newglossaryentry{CSBS}{ \newglossaryentry{CSBS}{
name = {Clause Blind Schnorr Signatures}, name = {Clause Blind Schnorr Signatures},
description = {A secure variant of Blind Schnorr Signature Schemes introduced in section \ref{sec:clause-blind-schnorr-sig}} description = {A secure variant of Blind Schnorr Signature Schemes introduced in section \ref{sec:clause-blind-schnorr-sig}}
} }
% \newglossaryentry{25519}{ % \newglossaryentry{25519}{
% name = {}, % name = {},
% description = {} % description = {}
% } % }

View File

@ -51,7 +51,7 @@ In scope are all necessary changes on the protocol(s) and components for the fol
\item design and implement a protocol where the user proves to the exchange the knowledge of the coin that is to be signed (optional) \item design and implement a protocol where the user proves to the exchange the knowledge of the coin that is to be signed (optional)
\end{itemize} \end{itemize}
Out of scope is production readyness of the implementation. Out of scope is production readiness of the implementation.
This is because changes in the protocos and code need to be thoroughly vetted to ensure that no weaknesses or security vulnerabilities were introduced. This is because changes in the protocos and code need to be thoroughly vetted to ensure that no weaknesses or security vulnerabilities were introduced.
Such an audit is out of scope for the thesis and is recommended to be performed in the future. Such an audit is out of scope for the thesis and is recommended to be performed in the future.
The iOS wallet will not be considered in this work. The iOS wallet will not be considered in this work.
@ -69,4 +69,4 @@ Scope changes during the project:
\item \textbf{Adjusted: } Focus is on the implementation of the exchange protocols (Withdraw, Spend, Refresh and cryptographic utilities) \item \textbf{Adjusted: } Focus is on the implementation of the exchange protocols (Withdraw, Spend, Refresh and cryptographic utilities)
\item \textbf{Adjusted: } Implementation of the refresh protocol and wallet-core are nice-to-have goals \item \textbf{Adjusted: } Implementation of the refresh protocol and wallet-core are nice-to-have goals
\item \textbf{Removed: } The Merchant and the android wallet implementations are out of scope \item \textbf{Removed: } The Merchant and the android wallet implementations are out of scope
\end{itemize} \end{itemize}

View File

@ -141,7 +141,6 @@ This can be used to detect compromised signing keys or a malicious exchange.
\subsection{Properties} \subsection{Properties}
\label{sec:taler-properties} \label{sec:taler-properties}
%Alle Taler Eigenschaften die wir angreifen wollen auflisten und bezug nehmen wie diese erreicht werden
This section describes Taler's properties. This section describes Taler's properties.
\subsubsection{Free Software} \subsubsection{Free Software}
@ -299,7 +298,7 @@ If verification is successful, only Alice knows her private key and Bob uses Ali
A digital signature scheme has a message space M, a signature space S and three algorithms: A digital signature scheme has a message space M, a signature space S and three algorithms:
\begin{itemize} \begin{itemize}
\item Key generation: $(pk,sk) \gets keyGen()$ \item Key generation: $(pk,sk) \gets keyGen()$
\item Signatue generation: $s \gets $sign$_sk(m)$ \item Signature generation: $s \gets $sign$_sk(m)$
\item Verification: $ v \gets $verify$_pk(m,s)$ where $v \in {0,1}$ \item Verification: $ v \gets $verify$_pk(m,s)$ where $v \in {0,1}$
\end{itemize} \end{itemize}
If the result of the verification algorithm equals 1, a signature for m is called valid. If the result of the verification algorithm equals 1, a signature for m is called valid.
@ -783,7 +782,7 @@ A good introduction to cut and choose protocols gives the Paper from Claude Cré
The expression cut-and-choose was later introduced by David Chaum in analogy to a popular cake sharing problem: The expression cut-and-choose was later introduced by David Chaum in analogy to a popular cake sharing problem:
Given a complete cake to be shared among two parties distrusting of each other (for reasons of serious appetite). Given a complete cake to be shared among two parties distrusting of each other (for reasons of serious appetite).
A fair way for them to share the cake is to have one of them cut the cake in two equals hares, and let the other one choose his favourite share. A fair way for them to share the cake is to have one of them cut the cake in two equals hares, and let the other one choose his favourite share.
This solution guarantes that it is in the formers best interest to cut the shares as evenly as possible." This solution guarantees that it is in the formers best interest to cut the shares as evenly as possible."
} }
\end{center} \end{center}
@ -870,10 +869,10 @@ Figure \ref{fig:withdraw-loophole-exploit} explains how such a payment would wor
Note that we omitted the parts leading up to the coin creation (contract, agreement of price, number of coins and their denominations). Note that we omitted the parts leading up to the coin creation (contract, agreement of price, number of coins and their denominations).
This is how it works on a high level: This is how it works on a high level:
\begin{enumerate} \begin{enumerate}
\item The malicous merchant generates and blinds coins, which are then transmitted to the customer \item The malicious merchant generates and blinds coins, which are then transmitted to the customer
\item The customer authorizes the withdraw from his reserve by signing the blinded coins with the private key of his reserve, thus generating withdraw confirmations. \item The customer authorizes the withdraw from his reserve by signing the blinded coins with the private key of his reserve, thus generating withdraw confirmations.
\item The withdraw confirmations are transmitted to the exchange, which generates the signatures and returns them to the malicous merchant. \item The withdraw confirmations are transmitted to the exchange, which generates the signatures and returns them to the malicious merchant.
\item The malicous merchant unblinds the signatures. \item The malicious merchant unblinds the signatures.
He is now in possession of the coin, thus the payment is completed. He is now in possession of the coin, thus the payment is completed.
\end{enumerate} \end{enumerate}
@ -882,7 +881,7 @@ This is how it works on a high level:
\resizebox{1.0\textwidth}{!}{$\displaystyle \resizebox{1.0\textwidth}{!}{$\displaystyle
\begin{array}{ l c l} \begin{array}{ l c l}
% preliminaries % preliminaries
\textbf{Customer} & & \textbf{malicous Merchant} \textbf{Customer} & & \textbf{malicious Merchant}
\\ \text{knows:} & & \text{knows:} \\ \text{knows:} & & \text{knows:}
\\ \text{reserve keys } w_s, W_p \\ \text{reserve keys } w_s, W_p
\\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination public key } D_p = \langle e, N \rangle \\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination public key } D_p = \langle e, N \rangle
@ -903,7 +902,7 @@ This is how it works on a high level:
\\ \\
\hline \hline
\\ \\
\textbf{malicous Merchant} & & \textbf{Exchange} \textbf{malicious Merchant} & & \textbf{Exchange}
\\\text{knows:} & & \text{knows:} \\\text{knows:} & & \text{knows:}
\\& & \text{reserve public key } W_p \\& & \text{reserve public key } W_p
\\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination keys } d_s, D_p \\ \text{denomination public key } D_p = \langle e, N \rangle & & \text{denomination keys } d_s, D_p
@ -949,7 +948,6 @@ Chapter 4.1.4 describes more general aspects as well as the contract header and
\subsubsection{Spend Protocol} \subsubsection{Spend Protocol}
The payment process begins when a customer submits a shopping cart (one or more items to buy) and commits his intent to buy them. The payment process begins when a customer submits a shopping cart (one or more items to buy) and commits his intent to buy them.
The merchant has a key pair skM, pkM of which the customer knows the public key. The merchant has a key pair skM, pkM of which the customer knows the public key.
% besseres Wort als commit?
Note that certain details contained in contract header or deposit permission like merchant \ac{KYC} information, deposit and refund deadlines and fees are left out. Note that certain details contained in contract header or deposit permission like merchant \ac{KYC} information, deposit and refund deadlines and fees are left out.
The deposit state machine can be seen in figure \ref{fig:deposit:states}. The deposit state machine can be seen in figure \ref{fig:deposit:states}.
\begin{figure}[htp] \begin{figure}[htp]
@ -1033,7 +1031,7 @@ In cases where there are multiple deposit permissions (meaning that multiple coi
\item Is the signature of the coin valid? \item Is the signature of the coin valid?
\item Is $ f $ (the value to be spent) smaller or equal the residual value of the coin (check for overspending attempt)? \item Is $ f $ (the value to be spent) smaller or equal the residual value of the coin (check for overspending attempt)?
\end{itemize} \end{itemize}
If all checks are successful, the exchange saves the deposit record containing the deposit permission and its signature in a database, substracts the spent value from the residual value of the coin and schedules the money transfer to the merchant's account $ A_m $ (grouping payments is done to reduce payment fees). If all checks are successful, the exchange saves the deposit record containing the deposit permission and its signature in a database, subtracts the spent value from the residual value of the coin and schedules the money transfer to the merchant's account $ A_m $ (grouping payments is done to reduce payment fees).
\\The exchange calculates a deposit confirmation signature $ \sigma_{DC} $ for the deposit permission with the exchange signing private key and returns them to the merchant. \\The exchange calculates a deposit confirmation signature $ \sigma_{DC} $ for the deposit permission with the exchange signing private key and returns them to the merchant.
\\This signature is also used to prove that a merchant was the first to receive payment from a certain coin. \\This signature is also used to prove that a merchant was the first to receive payment from a certain coin.
Without this, an evil exchange could later deny confirming a payment and claim double spending. Without this, an evil exchange could later deny confirming a payment and claim double spending.
@ -1180,7 +1178,7 @@ The customer, which holds the old partially spend coin and knows \\$C_{old} = \t
On the exchange's side various checks are done to validate the request. On the exchange's side various checks are done to validate the request.
Detailed steps of the commit phase are shown in figure \ref{fig:refresh-part1}. Detailed steps of the commit phase are shown in figure \ref{fig:refresh-part1}.
\begin{figure} \begin{figure}
\begin{equation*} \begin{equation*}
\resizebox{1.0\textwidth}{!}{$\displaystyle \resizebox{1.0\textwidth}{!}{$\displaystyle
@ -1464,4 +1462,4 @@ When the list of trusted auditor certs of a customer/merchant somehow can be man
One attack scenario would be to attack customers/merchants with a supply-chain attack on the wallets or merchant backends' implementation. One attack scenario would be to attack customers/merchants with a supply-chain attack on the wallets or merchant backends' implementation.
With software supply-chain attacks on the rise in 2020/21 (although the concept is not new) such an attack could have a big impact. \\ With software supply-chain attacks on the rise in 2020/21 (although the concept is not new) such an attack could have a big impact. \\
Since auditor certs are coupled with the wallet (or merchant) implementation, a bank, country, central bank or auditor will most likely publish a wallet and a merchant implementation for the corresponding Taler ecosystem. Since auditor certs are coupled with the wallet (or merchant) implementation, a bank, country, central bank or auditor will most likely publish a wallet and a merchant implementation for the corresponding Taler ecosystem.
%This would make it possible for the publisher to make changes on the Taler protocol for this specific implementation. %This would make it possible for the publisher to make changes on the Taler protocol for this specific implementation.

View File

@ -256,7 +256,7 @@ Further, the API ensures that a caller must generate two secret $r$ as in the Cl
* To ensure unpredictability a new nonce should be used when a new r needs to be derived. * To ensure unpredictability a new nonce should be used when a new r needs to be derived.
* Uses HKDF internally. * Uses HKDF internally.
* Comment: Can be done in one HKDF shot and split output. * Comment: Can be done in one HKDF shot and split output.
* *
* @param nonce is a random nonce * @param nonce is a random nonce
* @param lts is a long-term-secret in form of a private key * @param lts is a long-term-secret in form of a private key
* @param[out] r array containing derived secrets r0 and r1 * @param[out] r array containing derived secrets r0 and r1
@ -265,8 +265,8 @@ Further, the API ensures that a caller must generate two secret $r$ as in the Cl
GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce, GNUNET_CRYPTO_cs_r_derive (const struct GNUNET_CRYPTO_CsNonce *nonce,
const struct GNUNET_CRYPTO_CsPrivateKey *lts, const struct GNUNET_CRYPTO_CsPrivateKey *lts,
struct GNUNET_CRYPTO_CsRSecret r[2]); struct GNUNET_CRYPTO_CsRSecret r[2]);
/** /**
* Extract the public R of the given secret r. * Extract the public R of the given secret r.
* *
@ -289,7 +289,7 @@ The blinding secrets are generated by a client who provides a secret as seed to
* To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE * To provide abort-idempotency, blinding factors need to be derived but still need to be UNPREDICTABLE
* To ensure unpredictability a new nonce has to be used. * To ensure unpredictability a new nonce has to be used.
* Uses HKDF internally * Uses HKDF internally
* *
* @param secret is secret to derive blinding factors * @param secret is secret to derive blinding factors
* @param secret_len secret length * @param secret_len secret length
* @param[out] bs array containing the two derivedGNUNET_CRYPTO_CsBlindingSecret * @param[out] bs array containing the two derivedGNUNET_CRYPTO_CsBlindingSecret
@ -306,7 +306,7 @@ Further the Clause Blind Schnorr API provides an API to calculate the two blinde
/** /**
* Calculate two blinded c's * Calculate two blinded c's
* Comment: One would be insecure due to Wagner's algorithm solving ROS * Comment: One would be insecure due to Wagner's algorithm solving ROS
* *
* @param bs array of the two blinding factor structs each containing alpha and beta * @param bs array of the two blinding factor structs each containing alpha and beta
* @param r_pub array of the two signer's nonce R * @param r_pub array of the two signer's nonce R
* @param pub the public key of the signer * @param pub the public key of the signer
@ -336,7 +336,7 @@ See listing \ref{lst:crypto-sign-api}.
* To ensure unpredictability a new nonce has to be used for every signature * To ensure unpredictability a new nonce has to be used for every signature
* HKDF is used internally for derivation * HKDF is used internally for derivation
* r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive * r0 and r1 can be derived prior by using GNUNET_CRYPTO_cs_r_derive
* *
* @param priv private key to use for the signing and as LTS in HKDF * @param priv private key to use for the signing and as LTS in HKDF
* @param r array of the two secret nonce from the signer * @param r array of the two secret nonce from the signer
* @param c array of the two blinded c to sign c_b * @param c array of the two blinded c to sign c_b
@ -370,7 +370,7 @@ GNUNET_CRYPTO_cs_unblind (
struct GNUNET_CRYPTO_CsS *signature_scalar); struct GNUNET_CRYPTO_CsS *signature_scalar);
\end{lstlisting} \end{lstlisting}
The verify API takes the message and its signature with the public key and returns GNUNET\_OK for a valid signature and GNUNET\_SYSERR otherwhise. The verify API takes the message and its signature with the public key and returns GNUNET\_OK for a valid signature and GNUNET\_SYSERR otherwise.
See listing \ref{lst:crypto-verify-api}. See listing \ref{lst:crypto-verify-api}.
\begin{lstlisting}[style=bfh-c,language=C,, caption={GNUnet verify API}, label={lst:crypto-verify-api}] \begin{lstlisting}[style=bfh-c,language=C,, caption={GNUnet verify API}, label={lst:crypto-verify-api}]
@ -411,7 +411,7 @@ In crypto.c many utility functions are provided to create planchets (for planche
One difference between \gls{RSABS} and \gls{CSBS} is, that the coin private key and RSA blinding secret can be created at the same point in time, since the RSA blinding secret is created randomly. One difference between \gls{RSABS} and \gls{CSBS} is, that the coin private key and RSA blinding secret can be created at the same point in time, since the RSA blinding secret is created randomly.
However, for Clause Blind Schnorr secrets an additional step is needed, the public $R_0$ and $R_1$ are required to calculate the blinding seed to derive the secrets. However, for Clause Blind Schnorr secrets an additional step is needed, the public $R_0$ and $R_1$ are required to calculate the blinding seed to derive the secrets.
A planchet in the Clause Blind Schnorr Signature Scheme can be created as followed (implementation details ommited). A planchet in the Clause Blind Schnorr Signature Scheme can be created as followed (implementation details omitted).
\begin{enumerate} \begin{enumerate}
\item Create planchet with new \ac{EdDSA} private key \item Create planchet with new \ac{EdDSA} private key
@ -467,7 +467,7 @@ The exchange offline signer requests the future, not yet signed keys by calling
master\_pub & Exchange's master public key \\ master\_pub & Exchange's master public key \\
denom\_secmod\_public\_key & RSA security module public key \\ denom\_secmod\_public\_key & RSA security module public key \\
denom\_secmod\_cs\_public\_key & \gls{CSBS} security module public key \\ denom\_secmod\_cs\_public\_key & \gls{CSBS} security module public key \\
signkey\_secmod\_public\_key & Online singing security module public key \\ signkey\_secmod\_public\_key & Online signing security module public key \\
\end{tabular} \end{tabular}
\caption{GET \url{/management/keys} response data} \caption{GET \url{/management/keys} response data}
\label{tab:management-keys-get} \label{tab:management-keys-get}

View File

@ -94,8 +94,8 @@ The corresponding crypto helper, that talks with the security module, and its te
\item \texttt{src/util/test\_helper\_cs.c}: Tests and benchmarks for the \gls{CSBS} crypto helper \item \texttt{src/util/test\_helper\_cs.c}: Tests and benchmarks for the \gls{CSBS} crypto helper
\end{itemize} \end{itemize}
% Crypto API offene Punkte: % Crypto API offene Punkte:
%Input-Validierung von Punkten und Skalar %Input-validation of points and scalars:
% Clamping beschreiben: https://neilmadden.blog/2020/05/28/whats-the-curve25519-clamping-all-about/ % describe clamping: https://neilmadden.blog/2020/05/28/whats-the-curve25519-clamping-all-about/
% Testing: inverse operations, blinded signature test % Testing: inverse operations, blinded signature test
@ -219,7 +219,7 @@ Tests for deposit are implemented here:
\begin{itemize} \begin{itemize}
\item \url{/src/testing/test_exchange_api.c}: Add tests (see "struct TALER\_TESTING\_Command\ spend\_cs[]") that spend \gls{CSBS} coins withdrawn in tests added for withdrawal \item \url{/src/testing/test_exchange_api.c}: Add tests (see "struct TALER\_TESTING\_Command\ spend\_cs[]") that spend \gls{CSBS} coins withdrawn in tests added for withdrawal
\item \url{/src/json/json_pack.c}: Implement \gls{CSBS} case in function TALER\_JSON\_pack\_denom\_sig \item \url{/src/json/json_pack.c}: Implement \gls{CSBS} case in function TALER\_JSON\_pack\_denom\_sig
\end{itemize} \end{itemize}
\section{Fixing a Minor Security Issue in Taler's RSA Blind Signature Protocols} \section{Fixing a Minor Security Issue in Taler's RSA Blind Signature Protocols}
\label{sec:taler-vuln} \label{sec:taler-vuln}
@ -230,7 +230,7 @@ The issue was only in the implementation of the current RSA Blind Signature prot
\label{sec:taler-vuln-desc} \label{sec:taler-vuln-desc}
The redesigned \gls{CSBS} protocols already include the denomination key in the nonce check, which fixes this issue (see \ref{sec:withdraw-protocol-schnorr}). The redesigned \gls{CSBS} protocols already include the denomination key in the nonce check, which fixes this issue (see \ref{sec:withdraw-protocol-schnorr}).
In the case of \gls{RSABS}, the current protocol includes an \gls{idempotence} check by persisting the hash value of the blinded coin $m'$. In the case of \gls{RSABS}, the current protocol includes an \gls{idempotence} check by persisting the hash value of the blinded coin $m'$.
On a withdrawal/refresh the \gls{idempotence} check compares if the hash value of $m'$ was seen in the past and returns the 'old' signature on a match. On a withdrawal/refresh the \gls{idempotence} check compares if the hash value of $m'$ was seen in the past and returns the 'old' signature on a match.
This could lead to the following scenario: This could lead to the following scenario:
@ -277,7 +277,7 @@ After discussing this issue with Christian Grothoff, the conclusion was to inclu
return GNUNET_OK; return GNUNET_OK;
case TALER_DENOMINATION_CS: case TALER_DENOMINATION_CS:
... ...
\end{lstlisting} \end{lstlisting}
The issue is fixed by adding a hash of the current denomination key into the calculation of the hash used in the \gls{idempotence} check. The issue is fixed by adding a hash of the current denomination key into the calculation of the hash used in the \gls{idempotence} check.
@ -295,7 +295,7 @@ The applied fix can be seen in listing \ref{lst:fixed-idempotence}.
{ {
struct GNUNET_HashContext *hash_context; struct GNUNET_HashContext *hash_context;
hash_context = GNUNET_CRYPTO_hash_context_start (); hash_context = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CRYPTO_hash_context_read (hash_context, GNUNET_CRYPTO_hash_context_read (hash_context,
&denom_hash->hash, &denom_hash->hash,
sizeof(denom_hash->hash)); sizeof(denom_hash->hash));
@ -312,7 +312,7 @@ The applied fix can be seen in listing \ref{lst:fixed-idempotence}.
{ {
struct GNUNET_HashContext *hash_context; struct GNUNET_HashContext *hash_context;
hash_context = GNUNET_CRYPTO_hash_context_start (); hash_context = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CRYPTO_hash_context_read (hash_context, GNUNET_CRYPTO_hash_context_read (hash_context,
&denom_hash->hash, &denom_hash->hash,
sizeof(denom_hash->hash)); sizeof(denom_hash->hash));

View File

@ -57,7 +57,7 @@ This section compares how the two schemes perform regarding CPU usage, latency,
Clause Schnorr has fixed key sizes with 256 bits (32 bytes), which we compare against different RSA key sizes (1024, 2048, 3072 and 4096 bits). Clause Schnorr has fixed key sizes with 256 bits (32 bytes), which we compare against different RSA key sizes (1024, 2048, 3072 and 4096 bits).
In terms of security, \gls{CSBS} 256 bit keys could be compared to 3072 bit RSA keys (see \url{https://www.keylength.com/} for more information). In terms of security, \gls{CSBS} 256 bit keys could be compared to 3072 bit RSA keys (see \url{https://www.keylength.com/} for more information).
\subsection{CPU Usage} \subsection{CPU Usage}
Various benchmarks were made on different CPU architectures. Various benchmarks were made on different CPU architectures.
This section discusses the main results, detailed information about the performance comparison can be found in appendix \ref{chap:app-perf}. This section discusses the main results, detailed information about the performance comparison can be found in appendix \ref{chap:app-perf}.
We thank the Taler team for providing measurements from additional systems and architectures. We thank the Taler team for providing measurements from additional systems and architectures.
@ -75,7 +75,7 @@ Signing and blinding operations are much faster in \gls{CSBS}, also \gls{CSBS} s
\begin{bfhBox}[BFH-MediumBlue]{Setup} \begin{bfhBox}[BFH-MediumBlue]{Setup}
CPU: 8-core AMD Ryzen 7 PRO 5850U \\ CPU: 8-core AMD Ryzen 7 PRO 5850U \\
OS: Ubuntu 21.10 Linux 5.13.0-25-generic \#26-Ubuntu SMP Fri Jan 7 15:48:31 UTC 2022 x86\_64 x86\_64 x86\_64 GNU/Linux \\ OS: Ubuntu 21.10 Linux 5.13.0-25-generic \#26-Ubuntu SMP Fri Jan 7 15:48:31 UTC 2022 x86\_64 x86\_64 x86\_64 GNU/Linux \\
libsodium version: 1.0.18-1build1 \\ libsodium version: 1.0.18-1build1 \\
libgcrypt version: 1.8.7-5ubuntu2 \\\\ libgcrypt version: 1.8.7-5ubuntu2 \\\\
Benchmarks with other hardware setups can be found in appendix \ref{chap:app-perf}. Benchmarks with other hardware setups can be found in appendix \ref{chap:app-perf}.
\end{bfhBox} \end{bfhBox}
@ -112,7 +112,7 @@ RSA 1024 is in some situations faster than the \gls{CSBS} implementation.
Note that 1024 bit keys are not recommended for many use cases, but the highest currently known RSA factorization done is 829 bits \cite{enwiki:1055393696}. Note that 1024 bit keys are not recommended for many use cases, but the highest currently known RSA factorization done is 829 bits \cite{enwiki:1055393696}.
The following section \ref{sec:disc-risk} explains the risk running RSA 1024 or \gls{CSBS} denominations further.\\ The following section \ref{sec:disc-risk} explains the risk running RSA 1024 or \gls{CSBS} denominations further.\\
The blind and unblind operations are running in a wallet implementation, therefore the comparison with RSA 1024 is very interesting for devices with less CPU power. The blind and unblind operations are running in a wallet implementation, therefore the comparison with RSA 1024 is very interesting for devices with less CPU power.
Comparison of such hardware can be found in appendix \ref{chap:app-perf}, these comparison results come to the same conlcusion.\\ Comparison of such hardware can be found in appendix \ref{chap:app-perf}, these comparison results come to the same conclusion.\\
Although RSA 1024 bit is much faster in the blinding operation, \gls{CSBS} still perform better when calculating the blinding and unblinding operations together. Although RSA 1024 bit is much faster in the blinding operation, \gls{CSBS} still perform better when calculating the blinding and unblinding operations together.
\gls{CSBS} unblinding computes only an addition of two scalars $s + \alpha \mod p$, while RSA computes $s * r^{-1}$. \gls{CSBS} unblinding computes only an addition of two scalars $s + \alpha \mod p$, while RSA computes $s * r^{-1}$.
To conclude, \gls{CSBS} are faster than RSA 1024 bit and provide a better level of security. To conclude, \gls{CSBS} are faster than RSA 1024 bit and provide a better level of security.
@ -205,7 +205,7 @@ The disk space comparison for a wallet can be found in \ref{tab:comp-wallet-spac
These are theoretical calculations, implementations may choose to persist additional values. These are theoretical calculations, implementations may choose to persist additional values.
\end{bfhWarnBox} \end{bfhWarnBox}
The reasons that \gls{CSBS} use less bandwidth is mostly because the signature/key sizes are much smaller. The reasons that \gls{CSBS} use less bandwidth is mostly because the signature/key sizes are much smaller.
The bandwith improvements for the \texttt{/keys} API is the same as specified in the table with disk space comparison \ref{tab:comp-sign-space}. The bandwidth improvements for the \texttt{/keys} API is the same as specified in the table with disk space comparison \ref{tab:comp-sign-space}.
For \gls{CSBS} many calculations are performed twice, therefore also two values are submitted. For \gls{CSBS} many calculations are performed twice, therefore also two values are submitted.
Table \ref{tab:comp-band-withd} compares the bandwidth used in a withdrawal. Table \ref{tab:comp-band-withd} compares the bandwidth used in a withdrawal.
The 32 byte values $2 * n_w, 2 * D_p, R_0, R_1, s,W_p, c_0, c_1, \sigma_W$ as well as an integer $b$ are transmitted for \gls{CSBS}.\\ The 32 byte values $2 * n_w, 2 * D_p, R_0, R_1, s,W_p, c_0, c_1, \sigma_W$ as well as an integer $b$ are transmitted for \gls{CSBS}.\\
@ -222,14 +222,14 @@ Depending on the hash size another 32 byte (or 64 byte) value is transmitted.
\setupBfhTabular \setupBfhTabular
\begin{tabular}{lccr} \begin{tabular}{lccr}
\rowcolor{BFH-tablehead} \rowcolor{BFH-tablehead}
\textbf{Signature Scheme} & \textbf{Bandwith used} & \textbf{Factor} & \textbf{1M coins}\\\hline \textbf{Signature Scheme} & \textbf{Bandwidth used} & \textbf{Factor} & \textbf{1M coins}\\\hline
CS 256 bits & 356 bytes & 1x & 324 MB\\\hline CS 256 bits & 356 bytes & 1x & 324 MB\\\hline
RSA 1024 bit & 448 bytes & 1.3x & 448 MB \\\hline RSA 1024 bit & 448 bytes & 1.3x & 448 MB \\\hline
RSA 2048 bit & 832 bytes & 2.5x & 832 MB\\\hline RSA 2048 bit & 832 bytes & 2.5x & 832 MB\\\hline
RSA 3072 bit & 1216 bytes & 3.75x & 1216 MB\\\hline RSA 3072 bit & 1216 bytes & 3.75x & 1216 MB\\\hline
RSA 4096 bit & 1600 bytes & 4.9x & 1600 MB\\\hline RSA 4096 bit & 1600 bytes & 4.9x & 1600 MB\\\hline
\end{tabular} \end{tabular}
\caption{Bandwith comparison withdrawal} \caption{Bandwidth comparison withdrawal}
\label{tab:comp-band-withd} \label{tab:comp-band-withd}
\end{table} \end{table}

View File

@ -25,8 +25,8 @@ The thesis provides several results to add support for Schnorr's blind signature
\end{itemize} \end{itemize}
\item Comparison and Analysis \item Comparison and Analysis
\begin{itemize} \begin{itemize}
\item Performance (speed, space, latency \& bandwith) \item Performance (speed, space, latency \& bandwidth)
\item Security \item Security
\item Scheme Comparison \item Scheme Comparison
\end{itemize} \end{itemize}
\item Fixing a minor security issue in Taler's current protocols \item Fixing a minor security issue in Taler's current protocols
@ -47,7 +47,7 @@ This section provides an outlook on what can be done in future work.
\item Evaluating \& implementing \gls{CSBS} on other curves \item Evaluating \& implementing \gls{CSBS} on other curves
\end{itemize} \end{itemize}
There are some remaining protocols to implement, which were out of scope for this thesis. There are some remaining protocols to implement, which were out of scope for this thesis.
To run \gls{CSBS} in production, these protocols have to be implemented too. To run \gls{CSBS} in production, these protocols have to be implemented too.
Further, the merchant needs to support \gls{CSBS} too. Further, the merchant needs to support \gls{CSBS} too.
The merchant implementation can be done fast, as the merchant only verifies denomination signatures in most cases. \\ The merchant implementation can be done fast, as the merchant only verifies denomination signatures in most cases. \\
@ -58,7 +58,7 @@ A security audit should always be made when implementing big changes like these.
As mentioned in the scope section, the optional goal to find and implement a good solution for the withdraw loophole was dropped. As mentioned in the scope section, the optional goal to find and implement a good solution for the withdraw loophole was dropped.
This was due to the scope shift and because the analysis of the problem showed that finding a good solution needs more research and is a whole project in itself (see \ref{sec:scope} for more information).\\ This was due to the scope shift and because the analysis of the problem showed that finding a good solution needs more research and is a whole project in itself (see \ref{sec:scope} for more information).\\
Furthermore, \gls{CSBS} could be implemented on other curves. Furthermore, \gls{CSBS} could be implemented on other curves.
For example Curve448 \cite{cryptoeprint:2015:625} could be used, as it provides 224 bits of security, wheras \gls{25519} \cite{bern:curve25519} provides about 128 bits of security. For example Curve448 \cite{cryptoeprint:2015:625} could be used, as it provides 224 bits of security, whereas \gls{25519} \cite{bern:curve25519} provides about 128 bits of security.
Curve secp256k1 could further improve \gls{CSBS} performance. Curve secp256k1 could further improve \gls{CSBS} performance.
While providing support for Curve448 should not be problematic, a potential implementation for secp256k1 needs further analysis (see \cite{bernlange:safecurves} and \cite{bip:schnorr-bitc} for more information). While providing support for Curve448 should not be problematic, a potential implementation for secp256k1 needs further analysis (see \cite{bernlange:safecurves} and \cite{bip:schnorr-bitc} for more information).
@ -67,4 +67,4 @@ This thesis includes understanding, analyzing, integrating and implementing a re
Furthermore, the implementation is done in Taler, an intuitive and modern solution for a social responsible payment system with high ethical standards. Furthermore, the implementation is done in Taler, an intuitive and modern solution for a social responsible payment system with high ethical standards.
Although there was a lot of work, we enjoyed working on such a modern and very interesting topic. Although there was a lot of work, we enjoyed working on such a modern and very interesting topic.
Especially the first successful signature verification and the signature scheme performance benchmarks motivated us to push the implementation and integration into Taler forward.\\ Especially the first successful signature verification and the signature scheme performance benchmarks motivated us to push the implementation and integration into Taler forward.\\
We are happy to provide an implementation of a modern scheme and making it available as free software. We are happy to provide an implementation of a modern scheme and making it available as free software.

View File

@ -153,7 +153,8 @@ EXCLUDE_PATTERNS = */test_* \
*/.git/* \ */.git/* \
*/perf_* .* \ */perf_* .* \
.* \ .* \
*/gnu-taler-error-codes/* */gnu-taler-error-codes/* \
*/src/templating/mustach*
EXCLUDE_SYMBOLS = EXCLUDE_SYMBOLS =
EXAMPLE_PATH = EXAMPLE_PATH =
EXAMPLE_PATTERNS = * EXAMPLE_PATTERNS = *

@ -1 +1 @@
Subproject commit 1ed97b23f19c80fa84b21a5eb0c686d5491e8ec6 Subproject commit 8452f991dd967328207fab52a99beb19e2cb4dff

View File

@ -1179,7 +1179,7 @@ Section~\ref{sec:compromised-signing-key-detection}.
In the future, we plan for the auditor to expose additional endpoints where In the future, we plan for the auditor to expose additional endpoints where
wallets and merchant backends can submit (cryptographic) proofs of wallets and merchant backends can submit (cryptographic) proofs of
missbehavior from an exchange. The goal would be to automatically verify the misbehavior from an exchange. The goal would be to automatically verify the
proofs, take corrective action by including the information in the audit proofs, take corrective action by including the information in the audit
report and possibly even compensating the victim. report and possibly even compensating the victim.

View File

@ -23,12 +23,15 @@ SUBDIRS = \
$(PQ_DIR) \ $(PQ_DIR) \
$(SQ_DIR) \ $(SQ_DIR) \
mhd \ mhd \
templating \
bank-lib \ bank-lib \
exchangedb \ exchangedb \
kyclogic \
exchange \ exchange \
auditordb \ auditordb \
auditor \ auditor \
lib \ lib \
exchange-tools \ exchange-tools \
extensions/age_restriction \
testing \ testing \
benchmark benchmark

View File

@ -19,3 +19,8 @@ generate-auditor-basedb-revocation.conf
revocation-tmp-* revocation-tmp-*
auditor-basedb.wdb auditor-basedb.wdb
taler-auditor-sync taler-auditor-sync
auditor-basedb.sqlite3
taler-auditor-test.sqlite3
libeufin-nexus.pid
libeufin-sandbox.pid
taler-helper-auditor-purses

View File

@ -22,6 +22,7 @@ bin_PROGRAMS = \
taler-helper-auditor-aggregation \ taler-helper-auditor-aggregation \
taler-helper-auditor-coins \ taler-helper-auditor-coins \
taler-helper-auditor-deposits \ taler-helper-auditor-deposits \
taler-helper-auditor-purses \
taler-helper-auditor-reserves \ taler-helper-auditor-reserves \
taler-helper-auditor-wire taler-helper-auditor-wire
@ -65,21 +66,6 @@ taler_auditor_dbinit_CPPFLAGS = \
-I$(top_srcdir)/src/pq/ \ -I$(top_srcdir)/src/pq/ \
$(POSTGRESQL_CPPFLAGS) $(POSTGRESQL_CPPFLAGS)
taler_helper_auditor_reserves_SOURCES = \
taler-helper-auditor-reserves.c
taler_helper_auditor_reserves_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/bank-lib/libtalerbank.la \
$(top_builddir)/src/exchangedb/libtalerexchangedb.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \
libauditorreport.la \
-ljansson \
-lgnunetjson \
-lgnunetutil \
$(XLIB)
taler_helper_auditor_coins_SOURCES = \ taler_helper_auditor_coins_SOURCES = \
taler-helper-auditor-coins.c taler-helper-auditor-coins.c
taler_helper_auditor_coins_LDADD = \ taler_helper_auditor_coins_LDADD = \
@ -125,6 +111,38 @@ taler_helper_auditor_deposits_LDADD = \
-lgnunetutil \ -lgnunetutil \
$(XLIB) $(XLIB)
taler_helper_auditor_purses_SOURCES = \
taler-helper-auditor-purses.c
taler_helper_auditor_purses_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/bank-lib/libtalerbank.la \
$(top_builddir)/src/exchangedb/libtalerexchangedb.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \
libauditorreport.la \
-ljansson \
-lgnunetjson \
-lgnunetutil \
$(XLIB)
taler_helper_auditor_reserves_SOURCES = \
taler-helper-auditor-reserves.c
taler_helper_auditor_reserves_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/bank-lib/libtalerbank.la \
$(top_builddir)/src/exchangedb/libtalerexchangedb.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \
libauditorreport.la \
-ljansson \
-lgnunetjson \
-lgnunetutil \
$(XLIB)
taler_helper_auditor_wire_SOURCES = \ taler_helper_auditor_wire_SOURCES = \
taler-helper-auditor-wire.c taler-helper-auditor-wire.c
taler_helper_auditor_wire_LDADD = \ taler_helper_auditor_wire_LDADD = \
@ -203,15 +221,6 @@ EXTRA_DIST = \
test-sync-in.conf \ test-sync-in.conf \
test-sync-out.conf \ test-sync-out.conf \
generate-auditor-basedb.sh \ generate-auditor-basedb.sh \
generate-revoke-basedb.sh \
generate-auditor-basedb.conf \ generate-auditor-basedb.conf \
generate-auditor-basedb-template.conf \ generate-revoke-basedb.sh \
$(check_SCRIPTS) \ $(check_SCRIPTS)
auditor-basedb.age \
auditor-basedb.conf \
auditor-basedb.sql \
auditor-basedb.mpub \
revoke-basedb.age \
revoke-basedb.conf \
revoke-basedb.sql \
revoke-basedb.mpub

View File

@ -1 +0,0 @@
1655640402

View File

@ -1,187 +0,0 @@
[arm]
CONFIG = /research/taler/exchange/src/auditor/auditor-basedb.conf
[benchmark]
MERCHANT_DETAILS = merchant_details.json
BANK_DETAILS = bank_details.json
[coin_kudos_10]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.03
fee_deposit = TESTKUDOS:0.01
fee_withdraw = TESTKUDOS:0.01
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:10
[coin_kudos_8]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.04
fee_refresh = TESTKUDOS:0.03
fee_deposit = TESTKUDOS:0.02
fee_withdraw = TESTKUDOS:0.05
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:8
[coin_kudos_5]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.03
fee_deposit = TESTKUDOS:0.01
fee_withdraw = TESTKUDOS:0.01
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:5
[coin_kudos_4]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.02
fee_refresh = TESTKUDOS:0.04
fee_deposit = TESTKUDOS:0.03
fee_withdraw = TESTKUDOS:0.03
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:4
[coin_kudos_2]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.02
fee_refresh = TESTKUDOS:0.04
fee_deposit = TESTKUDOS:0.03
fee_withdraw = TESTKUDOS:0.03
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:2
[coin_kudos_1]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.03
fee_deposit = TESTKUDOS:0.02
fee_withdraw = TESTKUDOS:0.02
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:1
[coin_kudos_ct_10]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.03
fee_deposit = TESTKUDOS:0.01
fee_withdraw = TESTKUDOS:0.01
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:0.10
[coin_kudos_ct_1]
rsa_keysize = 1024
CIPHER = RSA
fee_refund = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.01
fee_deposit = TESTKUDOS:0.01
fee_withdraw = TESTKUDOS:0.01
duration_legal = 3 years
duration_spend = 2 years
duration_withdraw = 7 days
value = TESTKUDOS:0.01
[payments-generator]
exchange = http://localhost:8081/
exchange-admin = http://localhost:18080/
exchange_admin = http://localhost:18080/
merchant = http://localhost:9966/
bank = http://localhost:8082/
instance = default
currency = TESTKUDOS
[merchant-exchange-default]
CURRENCY = TESTKUDOS
EXCHANGE_BASE_URL = http://localhost:8081/
MASTER_KEY = JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0
[merchant-account-merchant]
ACTIVE_default = YES
HONOR_default = YES
PAYTO_URI = payto://x-taler-bank/localhost/42
[exchange-accountcredentials-1]
PASSWORD = x
USERNAME = Exchange
WIRE_GATEWAY_AUTH_METHOD = basic
WIRE_GATEWAY_URL = http://localhost:8082/taler-wire-gateway/Exchange/
[exchange-account-1]
enable_credit = yes
enable_debit = yes
PAYTO_URI = payto://x-taler-bank/localhost/Exchange
[instance-default]
NAME = Merchant Inc.
KEYFILE = ${TALER_DATA_HOME}/merchant/default.priv
[taler]
CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
CURRENCY = TESTKUDOS
[merchantdb-postgres]
CONFIG = postgres:///auditor-basedb
[merchant]
DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
WIREFORMAT = default
WIRE_TRANSFER_DELAY = 1 minute
FORCE_AUDIT = YES
UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
[exchangedb-postgres]
CONFIG = postgres:///auditor-basedb
[exchange]
LOOKAHEAD_SIGN = 32 weeks 1 day
SIGNKEY_DURATION = 4 weeks
MASTER_PUBLIC_KEY = JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0
SIGNKEY_LEGAL_DURATION = 4 weeks
UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
[bank]
SERVE = http
ALLOW_REGISTRATIONS = YES
SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
SUGGESTED_EXCHANGE = http://localhost:8081/
HTTP_PORT = 8082
MAX_DEBT_BANK = TESTKUDOS:100000.0
MAX_DEBT = TESTKUDOS:50.0
DATABASE = postgres:///auditor-basedb
[auditordb-postgres]
CONFIG = postgres:///auditor-basedb
[auditor]
PUBLIC_KEY = 73NJKBP4MHJF8274K88F4WFWKNYMK8T6MTSE6HHYS6WC01H9YH7G
TINY_AMOUNT = TESTKUDOS:0.01
BASE_URL = http://localhost:8083/
[PATHS]
TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
TALER_HOME = ${PWD}/generate_auditordb_home/

Binary file not shown.

View File

@ -1 +0,0 @@
JM0NJXHM6Y6HYAPK2WDFH3HDJ2E9KZWGKM3E0FYRV2V3HCTB3DQ0

File diff suppressed because it is too large Load Diff

View File

@ -1,6 +1,3 @@
[arm]
CONFIG = /research/taler/exchange/src/auditor/batch.conf
[benchmark] [benchmark]
MERCHANT_DETAILS = merchant_details.json MERCHANT_DETAILS = merchant_details.json
BANK_DETAILS = bank_details.json BANK_DETAILS = bank_details.json

View File

@ -193,7 +193,7 @@ echo " DONE"
echo -n "Setting up merchant" echo -n "Setting up merchant"
curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' http://localhost:9966/management/instances curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances
echo " DONE" echo " DONE"

View File

@ -1 +0,0 @@
@INLINE@ generate-auditor-basedb.conf

View File

@ -1,82 +1,19 @@
[exchange] [exchange-offline]
MAX_KEYS_CACHING = forever MASTER_PRIV_FILE = auditor-basedb.mpriv
DB = postgres
SERVE = tcp
UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
UNIXPATH_MODE = 660
PORT = 8081
BASE_URL = http://localhost:8081/
SIGNKEY_DURATION = 4 weeks
SIGNKEY_LEGAL_DURATION = 4 weeks
LOOKAHEAD_SIGN = 32 weeks 1 day
[merchant]
SERVE = tcp
PORT = 9966
UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
UNIXPATH_MODE = 660
DEFAULT_WIRE_FEE_AMORTIZATION = 1
DB = postgres
WIREFORMAT = default
# Set very low, so we can be sure that the database generated
# will contain wire transfers "ready" for the aggregator.
WIRE_TRANSFER_DELAY = 1 minute
DEFAULT_PAY_DEADLINE = 1 day
DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
# Ensure that merchant reports EVERY deposit confirmation to auditor
FORCE_AUDIT = YES
[instance-default] [instance-default]
KEYFILE = ${TALER_DATA_HOME}/merchant/default.priv KEYFILE = ${TALER_DATA_HOME}/merchant/default.priv
NAME = Merchant Inc. NAME = Merchant Inc.
[auditor]
DB = postgres
AUDITOR_PRIV_FILE = ${TALER_DATA_HOME}/auditor/offline-keys/auditor.priv
SERVE = tcp
UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
UNIXPATH_MODE = 660
PORT = 8083
BASE_URL = http://localhost:8083/
TINY_AMOUNT = TESTKUDOS:0.01
[PATHS]
TALER_HOME = ${PWD}/generate_auditordb_home/
TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
TALER_RUNTIME_DIR = ${TMPDIR:-${TMP:-/tmp}}/taler-system-runtime/
[bank]
DATABASE = postgres:///taler-auditor-basedb
MAX_DEBT = TESTKUDOS:50.0
MAX_DEBT_BANK = TESTKUDOS:100000.0
HTTP_PORT = 8082
SUGGESTED_EXCHANGE = http://localhost:8081/
SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
ALLOW_REGISTRATIONS = YES
SERVE = http
[exchangedb]
IDLE_RESERVE_EXPIRATION_TIME = 4 weeks
LEGAL_RESERVE_EXPIRATION_TIME = 7 years
[taler]
CURRENCY = TESTKUDOS
CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
[exchange-account-1] [exchange-account-1]
PAYTO_URI = payto://x-taler-bank/localhost/Exchange PAYTO_URI = payto://iban/SANDBOXX/DE989651?receiver-name=Exchange+Company
enable_debit = yes enable_debit = yes
enable_credit = yes enable_credit = yes
[exchange-accountcredentials-1] [exchange-accountcredentials-1]
WIRE_GATEWAY_URL = "http://localhost:8082/taler-wire-gateway/Exchange/" WIRE_GATEWAY_URL = http://localhost:8082/facades/test-facade/taler-wire-gateway/
WIRE_GATEWAY_AUTH_METHOD = basic WIRE_GATEWAY_AUTH_METHOD = basic
USERNAME = Exchange USERNAME = exchange
PASSWORD = x PASSWORD = x
[merchant-account-merchant] [merchant-account-merchant]
@ -85,6 +22,7 @@ HONOR_default = YES
ACTIVE_default = YES ACTIVE_default = YES
[merchant-exchange-default] [merchant-exchange-default]
MASTER_KEY = RKNMPRGXCX35H11WEYXDXYHPR7NX2QK9BG15MT0QEF75PC5KR470
EXCHANGE_BASE_URL = http://localhost:8081/ EXCHANGE_BASE_URL = http://localhost:8081/
CURRENCY = TESTKUDOS CURRENCY = TESTKUDOS
@ -193,30 +131,59 @@ fee_refund = TESTKUDOS:0.01
CIPHER = RSA CIPHER = RSA
rsa_keysize = 1024 rsa_keysize = 1024
[coin_kudos_ct_1]
value = TESTKUDOS:0.01
duration_withdraw = 7 days
duration_spend = 2 years
duration_legal = 3 years
fee_withdraw = TESTKUDOS:0.01
fee_deposit = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.01
fee_refund = TESTKUDOS:0.01
CIPHER = RSA
rsa_keysize = 1024
[coin_kudos_ct_10]
value = TESTKUDOS:0.10
duration_withdraw = 7 days
duration_spend = 2 years
duration_legal = 3 years
fee_withdraw = TESTKUDOS:0.01
fee_deposit = TESTKUDOS:0.01
fee_refresh = TESTKUDOS:0.03
fee_refund = TESTKUDOS:0.01
CIPHER = RSA
rsa_keysize = 1024
[benchmark] [benchmark]
BANK_DETAILS = bank_details.json BANK_DETAILS = bank_details.json
MERCHANT_DETAILS = merchant_details.json MERCHANT_DETAILS = merchant_details.json
[arm]
CONFIG = /research/taler/exchange/src/auditor/auditor-basedb.conf
[taler]
CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
CURRENCY = TESTKUDOS
[merchantdb-postgres]
CONFIG = postgres:///auditor-basedb
[merchant]
WIREFORMAT = default
DEFAULT_MAX_DEPOSIT_FEE = TESTKUDOS:0.1
KEYFILE = ${TALER_DATA_HOME}/merchant/merchant.priv
DEFAULT_MAX_WIRE_FEE = TESTKUDOS:0.10
WIRE_TRANSFER_DELAY = 1 minute
FORCE_AUDIT = YES
UNIXPATH = ${TALER_RUNTIME_DIR}/merchant.http
[exchangedb-postgres]
CONFIG = postgres:///auditor-basedb
[exchange]
MASTER_PUBLIC_KEY = RKNMPRGXCX35H11WEYXDXYHPR7NX2QK9BG15MT0QEF75PC5KR470
SIGNKEY_DURATION = 4 weeks
LOOKAHEAD_SIGN = 32 weeks 1 day
SIGNKEY_LEGAL_DURATION = 4 weeks
UNIXPATH = ${TALER_RUNTIME_DIR}/exchange.http
[bank]
HTTP_PORT = 8082
SUGGESTED_EXCHANGE = http://localhost:8081/
SUGGESTED_EXCHANGE_PAYTO = payto://x-taler-bank/localhost/2
ALLOW_REGISTRATIONS = YES
SERVE = http
MAX_DEBT_BANK = TESTKUDOS:100000.0
MAX_DEBT = TESTKUDOS:50.0
DATABASE = postgres:///auditor-basedb
[auditordb-postgres]
CONFIG = postgres:///auditor-basedb
[auditor]
BASE_URL = http://localhost:8083/
TINY_AMOUNT = TESTKUDOS:0.01
PUBLIC_KEY = 0EHPW5WEKHXPPN4MPJNGA7Z6D29JP21GKVNV8ARFB1YW7WWJX20G
[PATHS]
TALER_CACHE_HOME = $TALER_HOME/.cache/taler/
TALER_CONFIG_HOME = $TALER_HOME/.config/taler/
TALER_DATA_HOME = $TALER_HOME/.local/share/taler/
TALER_HOME = ${PWD}/generate_auditordb_home/

View File

@ -3,8 +3,8 @@
# testing from a 'correct' interaction between exchange, # testing from a 'correct' interaction between exchange,
# wallet and merchant. # wallet and merchant.
# #
# Creates $BASEDB.sql, $BASEDB.fees, $BASEDB.mpub and # Creates $BASEDB.sql, $BASEDB.fees,
# $BASEDB.age. # $BASEDB.{mpub,mpriv}.
# Default $BASEDB is "auditor-basedb", override via $1. # Default $BASEDB is "auditor-basedb", override via $1.
# #
# Currently must be run online as it interacts with # Currently must be run online as it interacts with
@ -14,30 +14,47 @@
# and be allowed to create/drop databases. # and be allowed to create/drop databases.
# #
set -eu set -eu
#set -x
# Cleanup to run whenever we exit # Cleanup to run whenever we exit
function cleanup() function exit_cleanup()
{ {
echo "Running generate-auditor-basedb exit cleanup logic..."
if test -f ${MY_TMP_DIR:-/}/libeufin-sandbox.pid
then
PID=`cat ${MY_TMP_DIR}/libeufin-sandbox.pid 2> /dev/null`
kill $PID 2> /dev/null || true
rm ${MY_TMP_DIR}/libeufin-sandbox.pid
echo "Killed libeufin sandbox $PID"
wait $PID || true
fi
if test -f ${MY_TMP_DIR:-/}/libeufin-nexus.pid
then
PID=`cat ${MY_TMP_DIR}/libeufin-nexus.pid 2> /dev/null`
kill $PID 2> /dev/null || true
rm ${MY_TMP_DIR}/libeufin-nexus.pid
echo "Killed libeufin nexus $PID"
wait $PID || true
fi
echo "killing libeufin DONE"
for n in `jobs -p` for n in `jobs -p`
do do
kill $n 2> /dev/null || true kill $n 2> /dev/null || true
done done
wait wait || true
} }
# Install cleanup handler (except for kill -9) # Install cleanup handler (except for kill -9)
trap cleanup EXIT trap exit_cleanup EXIT
# Exit, with status code "skip" (no 'real' failure) # Exit, with status code "skip" (no 'real' failure)
function exit_skip() { function exit_skip() {
echo $1 echo "SKIPPING: $1"
exit 77 exit 77
} }
# Where do we write the result? # Where do we write the result?
BASEDB=${1:-"auditor-basedb"} BASEDB=${1:-"auditor-basedb"}
# Name of the Postgres database we will use for the script. # Name of the Postgres database we will use for the script.
# Will be dropped, do NOT use anything that might be used # Will be dropped, do NOT use anything that might be used
# elsewhere # elsewhere
@ -48,15 +65,17 @@ export WALLET_DB=${BASEDB:-"wallet"}.wdb
# delete existing wallet database # delete existing wallet database
rm -f $WALLET_DB rm -f $WALLET_DB
# Configuration file will be edited, so we create one # Configuration file will be edited, so we create one
# from the template. # from the template.
CONF=${BASEDB}.conf export CONF=$1.conf
cp generate-auditor-basedb.conf $CONF cp generate-auditor-basedb.conf $CONF
echo "Created configuration at ${CONF}"
DATA_DIR=$1/exchange-data-dir/
mkdir -p $DATA_DIR
taler-config -c $CONF -s PATHS -o TALER_HOME -V $DATA_DIR
echo -n "Testing for libeufin"
echo -n "Testing for taler-bank-manage" libeufin-cli --help >/dev/null </dev/null || exit_skip " MISSING"
taler-bank-manage --help >/dev/null </dev/null || exit_skip " MISSING"
echo " FOUND" echo " FOUND"
echo -n "Testing for taler-wallet-cli" echo -n "Testing for taler-wallet-cli"
taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING" taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING"
@ -65,42 +84,41 @@ echo -n "Testing for curl"
curl --help >/dev/null </dev/null || exit_skip " MISSING" curl --help >/dev/null </dev/null || exit_skip " MISSING"
echo " FOUND" echo " FOUND"
pwd
# Clean up
DATA_DIR=`taler-config -f -c $CONF -s PATHS -o TALER_HOME`
rm -rf $DATA_DIR || true
# reset database # reset database
dropdb $TARGET_DB >/dev/null 2>/dev/null || true dropdb $TARGET_DB >/dev/null 2>/dev/null || true
createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB" createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB"
ORIGIN=`pwd`
MY_TMP_DIR=`dirname $1`
# obtain key configuration data # obtain key configuration data
MASTER_PRIV_FILE=`taler-config -f -c $CONF -s exchange-offline -o MASTER_PRIV_FILE` MASTER_PRIV_FILE=$1.mpriv
MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE` MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE`
taler-config -f -c ${CONF} -s exchange-offline -o MASTER_PRIV_FILE -V ${MASTER_PRIV_FILE}
rm -f "${MASTER_PRIV_FILE}"
mkdir -p $MASTER_PRIV_DIR mkdir -p $MASTER_PRIV_DIR
gnunet-ecc -g1 $MASTER_PRIV_FILE > /dev/null gnunet-ecc -l/dev/null -g1 $MASTER_PRIV_FILE > /dev/null
MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE` export MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE`
EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL` export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT` MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT`
MERCHANT_URL=http://localhost:${MERCHANT_PORT}/ export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT` BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT`
BANK_URL=http://localhost:${BANK_PORT}/ BANK_URL="http://localhost:1${BANK_PORT}"
AUDITOR_URL=http://localhost:8083/ export AUDITOR_URL=http://localhost:8083/
AUDITOR_PRIV_FILE=`taler-config -f -c $CONF -s AUDITOR -o AUDITOR_PRIV_FILE` AUDITOR_PRIV_FILE=$1.apriv
AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE` AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE`
taler-config -f -c ${CONF} -s auditor -o AUDITOR_PRIV_FILE -V ${AUDITOR_PRIV_FILE}
mkdir -p $AUDITOR_PRIV_DIR mkdir -p $AUDITOR_PRIV_DIR
gnunet-ecc -g1 $AUDITOR_PRIV_FILE > /dev/null gnunet-ecc -l/dev/null -g1 $AUDITOR_PRIV_FILE > /dev/null
AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE` AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE`
echo "AUDITOR PUB is $AUDITOR_PUB using file $AUDITOR_PRIV_FILE" echo "MASTER PUB is ${MASTER_PUB} using file ${MASTER_PRIV_FILE}"
echo "AUDITOR PUB is ${AUDITOR_PUB} using file ${AUDITOR_PRIV_FILE}"
# patch configuration # patch configuration
taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB
taler-config -c $CONF -s auditor -o PUBLIC_KEY -V $AUDITOR_PUB taler-config -c $CONF -s auditor -o PUBLIC_KEY -V $AUDITOR_PUB
taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB
taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TARGET_DB taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TARGET_DB
taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TARGET_DB taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TARGET_DB
taler-config -c $CONF -s merchantdb-postgres -o CONFIG -V postgres:///$TARGET_DB taler-config -c $CONF -s merchantdb-postgres -o CONFIG -V postgres:///$TARGET_DB
@ -119,19 +137,193 @@ taler-auditor-dbinit -c $CONF || exit_skip "Failed to initialize auditor DB"
taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL || exit_skip "Failed to add exchange to auditor" taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL || exit_skip "Failed to add exchange to auditor"
# Launch services # Launch services
echo "Launching services" echo "Launching services (pre audit DB: $TARGET_DB)"
taler-bank-manage-testing $CONF postgres:///$TARGET_DB serve &> taler-bank.log &
rm -rf ${TARGET_DB}-sandbox.sqlite3
export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-sandbox.sqlite3"
# Create the default demobank.
cd $MY_TMP_DIR
export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
libeufin-sandbox config --currency "TESTKUDOS" default
libeufin-sandbox serve --port "1${BANK_PORT}" \
> ${MY_TMP_DIR}/libeufin-sandbox-stdout.log \
2> ${MY_TMP_DIR}/libeufin-sandbox-stderr.log &
echo $! > ${MY_TMP_DIR}/libeufin-sandbox.pid
cd $ORIGIN
export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}"
set +e
echo -n "Waiting for Sandbox..."
OK=0
for n in `seq 1 100`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--user admin --password secret --auth-no-challenge \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
${LIBEUFIN_SANDBOX_URL};
then
OK=1
break
fi
done
if test $OK != 1
then
exit_skip " Failed to launch sandbox"
fi
echo "OK"
register_sandbox_account() {
export LIBEUFIN_SANDBOX_USERNAME=$1
export LIBEUFIN_SANDBOX_PASSWORD=$2
cd $MY_TMP_DIR
libeufin-cli sandbox \
demobank \
register --name "$3"
cd $ORIGIN
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
}
set -e
echo -n "Register the 'fortytwo' Sandbox user.."
register_sandbox_account fortytwo x "Forty Two"
echo OK
echo -n "Register the 'fortythree' Sandbox user.."
register_sandbox_account fortythree x "Forty Three"
echo OK
echo -n "Register 'exchange' Sandbox user.."
register_sandbox_account exchange x "Exchange Company"
echo OK
echo -n "Specify exchange's PAYTO_URI in the config ..."
export LIBEUFIN_SANDBOX_USERNAME=exchange
export LIBEUFIN_SANDBOX_PASSWORD=x
cd $MY_TMP_DIR
PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI -V $PAYTO
echo " OK"
echo -n "Setting this exchange as the bank's default ..."
EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
libeufin-sandbox default-exchange "$EXCHANGE_URL" "$EXCHANGE_PAYTO"
echo " OK"
# Prepare EBICS: create Ebics host and Exchange subscriber.
# Shortly becoming admin to setup Ebics.
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
echo -n "Create EBICS host at Sandbox.."
libeufin-cli sandbox \
--sandbox-url "http://localhost:1${BANK_PORT}" \
ebicshost create --host-id "talerebics"
echo "OK"
echo -n "Create exchange EBICS subscriber at Sandbox.."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id talerebics \
--user-id exchangeebics --partner-id talerpartner \
--bank-account exchange # that's a username _and_ a bank account name
echo "OK"
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
# Prepare Nexus, which is the side actually talking
# to the exchange.
rm -rf ${TARGET_DB}-nexus.sqlite3
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-nexus.sqlite3"
# For convenience, username and password are
# identical to those used at the Sandbox.
echo -n "Create exchange Nexus user..."
libeufin-nexus superuser exchange --password x
echo " OK"
libeufin-nexus serve --port ${BANK_PORT} \
2> ${MY_TMP_DIR}/libeufin-nexus-stderr.log \
> ${MY_TMP_DIR}/libeufin-nexus-stdout.log &
echo $! > ${MY_TMP_DIR}/libeufin-nexus.pid
export LIBEUFIN_NEXUS_URL="http://localhost:${BANK_PORT}"
echo -n "Waiting for Nexus..."
set +e
OK=0
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
$LIBEUFIN_NEXUS_URL;
then
OK=1
break
fi
done
if test $OK != 1
then
exit_skip " Failed to launch Nexus at $LIBEUFIN_NEXUS_URL"
fi
set -e
echo "OK"
export LIBEUFIN_NEXUS_USERNAME=exchange
export LIBEUFIN_NEXUS_PASSWORD=x
echo -n "Creating an EBICS connection at Nexus..."
libeufin-cli connections new-ebics-connection \
--ebics-url "http://localhost:1${BANK_PORT}/ebicsweb" \
--host-id "talerebics" \
--partner-id "talerpartner" \
--ebics-user-id "exchangeebics" \
talerconn
echo "OK"
echo -n "Setup EBICS keying..."
libeufin-cli connections connect "talerconn" > /dev/null
echo "OK"
echo -n "Download bank account name from Sandbox..."
libeufin-cli connections download-bank-accounts "talerconn"
echo "OK"
echo -n "Importing bank account info into Nexus..."
libeufin-cli connections import-bank-account \
--offered-account-id "exchange" \
--nexus-bank-account-id "exchange-nexus" \
"talerconn"
echo "OK"
echo -n "Setup payments submission task..."
# Tries every second.
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name "exchange-payments" \
--task-cronspec "* * *" \
"exchange-nexus"
echo "OK"
# Tries every second. Ask C52
echo -n "Setup history fetch task..."
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name "exchange-history" \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
"exchange-nexus"
echo "OK"
# create Taler facade.
echo -n "Create the Taler facade at Nexus..."
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency "TESTKUDOS" --facade-name "test-facade" \
"talerconn" "exchange-nexus"
echo "OK"
cd $ORIGIN
# Facade schema: http://localhost:$BANK_PORT/facades/test-facade/taler-wire-gateway/
TFN=`which taler-exchange-httpd` TFN=`which taler-exchange-httpd`
TBINPFX=`dirname $TFN` TBINPFX=`dirname $TFN`
TLIBEXEC=${TBINPFX}/../lib/taler/libexec/ TLIBEXEC=${TBINPFX}/../lib/taler/libexec/
taler-exchange-secmod-eddsa -c $CONF 2> taler-exchange-secmod-eddsa.log & taler-exchange-secmod-eddsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-eddsa.log &
taler-exchange-secmod-rsa -c $CONF 2> taler-exchange-secmod-rsa.log & taler-exchange-secmod-rsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-rsa.log &
taler-exchange-secmod-cs -c $CONF 2> taler-exchange-secmod-cs.log & taler-exchange-secmod-cs -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-cs.log &
taler-exchange-httpd -c $CONF 2> taler-exchange-httpd.log & taler-exchange-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log & taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
taler-exchange-wirewatch -c $CONF 2> taler-exchange-wirewatch.log & taler-exchange-wirewatch -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-wirewatch.log &
taler-auditor-httpd -L INFO -c $CONF 2> taler-auditor-httpd.log & taler-auditor-httpd -L INFO -c $CONF 2> ${MY_TMP_DIR}/taler-auditor-httpd.log &
export BANK_PORT
export EXCHANGE_URL
export MERCHANT_URL
export AUDITOR_URL
echo -n "Waiting for services to be available "
# Wait for all bank to be available (usually the slowest) # Wait for all bank to be available (usually the slowest)
for n in `seq 1 50` for n in `seq 1 50`
do do
@ -139,14 +331,14 @@ do
sleep 0.2 sleep 0.2
OK=0 OK=0
# bank # bank
wget http://localhost:8082/ -o /dev/null -O /dev/null >/dev/null || continue wget http://localhost:${BANK_PORT}/ -o /dev/null -O /dev/null >/dev/null || continue
OK=1 OK=1
break break
done done
if [ 1 != $OK ] if [ 1 != $OK ]
then then
exit_skip "Failed to launch services" exit_skip "Failed to launch services (bank)"
fi fi
# Wait for all services to be available # Wait for all services to be available
@ -156,29 +348,28 @@ do
sleep 0.1 sleep 0.1
OK=0 OK=0
# exchange # exchange
wget http://localhost:8081/seed -o /dev/null -O /dev/null >/dev/null || continue wget ${EXCHANGE_URL}seed -o /dev/null -O /dev/null >/dev/null || continue
# merchant # merchant
wget http://localhost:9966/ -o /dev/null -O /dev/null >/dev/null || continue wget ${MERCHANT_URL} -o /dev/null -O /dev/null >/dev/null || continue
# Auditor # Auditor
wget http://localhost:8083/ -o /dev/null -O /dev/null >/dev/null || continue wget ${AUDITOR_URL} -o /dev/null -O /dev/null >/dev/null || continue
OK=1 OK=1
break break
done done
if [ 1 != $OK ] if [ 1 != $OK ]
then then
exit_skip "Failed to launch services" bash
exit_skip "Failed to launch services (Taler)"
fi fi
echo " DONE"
echo -n "Setting up keys" echo -n "Setting up keys"
taler-exchange-offline -c $CONF \ taler-exchange-offline -c $CONF \
download sign \ download sign \
enable-account payto://x-taler-bank/localhost/Exchange \ enable-account `taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI` \
enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \ enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \
wire-fee now x-taler-bank TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 \ wire-fee now iban TESTKUDOS:0.07 TESTKUDOS:0.01 \
global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1h 1year 5 \ global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1year 5 \
upload &> taler-exchange-offline.log upload &> ${MY_TMP_DIR}/taler-exchange-offline.log
echo -n "." echo -n "."
@ -200,14 +391,14 @@ echo " DONE"
echo -n "Adding auditor signatures ..." echo -n "Adding auditor signatures ..."
taler-auditor-offline -c $CONF \ taler-auditor-offline -c $CONF \
download sign upload &> taler-auditor-offline.log download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log
echo " DONE" echo " DONE"
# Setup merchant # Setup merchant
echo -n "Setting up merchant" echo -n "Setting up merchant"
curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' http://localhost:9966/management/instances curl -H "Content-Type: application/json" -X POST -d '{"auth":{"method":"external"},"payto_uris":["payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances
echo " DONE" echo " DONE"
@ -215,8 +406,7 @@ echo " DONE"
# run wallet CLI # run wallet CLI
echo "Running wallet" echo "Running wallet"
taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api --expect-success 'runIntegrationTest' \
taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'runIntegrationTest' \
"$(jq -n ' "$(jq -n '
{ {
amountToSpend: "TESTKUDOS:4", amountToSpend: "TESTKUDOS:4",
@ -227,27 +417,27 @@ taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'runIntegrationTest' \
}' \ }' \
--arg MERCHANT_URL "$MERCHANT_URL" \ --arg MERCHANT_URL "$MERCHANT_URL" \
--arg EXCHANGE_URL "$EXCHANGE_URL" \ --arg EXCHANGE_URL "$EXCHANGE_URL" \
--arg BANK_URL "$BANK_URL" --arg BANK_URL "$BANK_URL/demobanks/default/access-api/"
)" &> taler-wallet-cli.log )" &> ${MY_TMP_DIR}/taler-wallet-cli.log
echo "Shutting down services" echo "Shutting down services"
cleanup exit_cleanup
# Dump database # Dump database
echo "Dumping database" echo "Dumping database ${BASEDB}(-libeufin).sql"
pg_dump -O $TARGET_DB | sed -e '/AS integer/d' > ${BASEDB}.sql pg_dump -O $TARGET_DB | sed -e '/AS integer/d' > ${BASEDB}.sql
cd $MY_TMP_DIR
sqlite3 ${TARGET_DB}-nexus.sqlite3 ".dump" > ${BASEDB}-libeufin-nexus.sql
sqlite3 ${TARGET_DB}-sandbox.sqlite3 ".dump" > ${BASEDB}-libeufin-sandbox.sql
rm ${TARGET_DB}-sandbox.sqlite3 ${TARGET_DB}-nexus.sqlite3 # libeufin DB
cd $ORIGIN
echo $MASTER_PUB > ${BASEDB}.mpub echo $MASTER_PUB > ${BASEDB}.mpub
date +%s > ${BASEDB}.age
# clean up # clean up
echo "Final clean up" echo "Final clean up"
dropdb $TARGET_DB dropdb $TARGET_DB
rm -rf $DATA_DIR || true
echo "=====================================" echo "====================================="
echo " Finished generation of $BASEDB" echo " Finished generation of $BASEDB"
echo "=====================================" echo "====================================="

View File

@ -6,10 +6,29 @@
# create/drop databases. # create/drop databases.
# #
set -eu set -eu
# set -x
# Cleanup to run whenever we exit # Cleanup to run whenever we exit
function cleanup() function exit_cleanup()
{ {
echo "Running generate-revoke-basedb exit cleanup logic..."
if test -f ${MY_TMP_DIR:-/}/libeufin-sandbox.pid
then
PID=`cat ${MY_TMP_DIR}/libeufin-sandbox.pid 2> /dev/null`
kill $PID 2> /dev/null || true
rm ${MY_TMP_DIR}/libeufin-sandbox.pid
echo "Killed libeufin sandbox $PID"
wait $PID || true
fi
if test -f ${MY_TMP_DIR}/libeufin-nexus.pid
then
PID=`cat ${MY_TMP_DIR}/libeufin-nexus.pid 2> /dev/null`
kill $PID 2> /dev/null || true
rm ${MY_TMP_DIR}/libeufin-nexus.pid
echo "Killed libeufin nexus $PID"
wait $PID || true
fi
echo "killing libeufin DONE"
for n in `jobs -p` for n in `jobs -p`
do do
kill $n 2> /dev/null || true kill $n 2> /dev/null || true
@ -17,8 +36,17 @@ function cleanup()
wait wait
} }
function get_payto_uri() {
export LIBEUFIN_SANDBOX_USERNAME=$1
export LIBEUFIN_SANDBOX_PASSWORD=$2
export LIBEUFIN_SANDBOX_URL=$BANK_URL
cd $MY_TMP_DIR
libeufin-cli sandbox demobank info --bank-account $1 | jq --raw-output '.paytoUri'
cd $ORIGIN
}
# Install cleanup handler (except for kill -9) # Install cleanup handler (except for kill -9)
trap cleanup EXIT trap exit_cleanup EXIT
# Exit, with status code "skip" (no 'real' failure) # Exit, with status code "skip" (no 'real' failure)
function exit_skip() { function exit_skip() {
@ -39,12 +67,15 @@ rm -f $WALLET_DB
# Configuration file will be edited, so we create one # Configuration file will be edited, so we create one
# from the template. # from the template.
export CONF=generate-auditor-basedb-revocation.conf export CONF=${BASEDB}.conf
cp generate-auditor-basedb.conf $CONF cp generate-auditor-basedb.conf $CONF
echo "Created configuration at ${CONF}"
DATA_DIR=$1/exchange-data-dir/
mkdir -p $DATA_DIR
taler-config -c $CONF -s PATHS -o TALER_HOME -V $DATA_DIR
echo -n "Testing for libeufin(-cli)"
echo -n "Testing for taler-bank-manage" libeufin-cli --help >/dev/null </dev/null || exit_skip " MISSING"
taler-bank-manage --help >/dev/null </dev/null || exit_skip " MISSING"
echo " FOUND" echo " FOUND"
echo -n "Testing for taler-wallet-cli" echo -n "Testing for taler-wallet-cli"
taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING" taler-wallet-cli -v >/dev/null </dev/null || exit_skip " MISSING"
@ -53,36 +84,41 @@ echo -n "Testing for curl"
curl --help >/dev/null </dev/null || exit_skip " MISSING" curl --help >/dev/null </dev/null || exit_skip " MISSING"
echo " FOUND" echo " FOUND"
# Clean up
DATA_DIR=`taler-config -f -c $CONF -s PATHS -o TALER_HOME`
rm -rf $DATA_DIR || true
# reset database # reset database
dropdb $TARGET_DB >/dev/null 2>/dev/null || true dropdb $TARGET_DB >/dev/null 2>/dev/null || true
createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB" createdb $TARGET_DB || exit_skip "Could not create database $TARGET_DB"
ORIGIN=`pwd`
MY_TMP_DIR=`dirname $1`
# obtain key configuration data # obtain key configuration data
MASTER_PRIV_FILE=`taler-config -f -c $CONF -s exchange-offline -o MASTER_PRIV_FILE` MASTER_PRIV_FILE=$1.mpriv
MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE` MASTER_PRIV_DIR=`dirname $MASTER_PRIV_FILE`
taler-config -f -c $CONF -s exchange-offline -o MASTER_PRIV_FILE -V ${MASTER_PRIV_FILE}
mkdir -p $MASTER_PRIV_DIR mkdir -p $MASTER_PRIV_DIR
rm -f "${MASTER_PRIV_FILE}"
gnunet-ecc -g1 $MASTER_PRIV_FILE > /dev/null gnunet-ecc -g1 $MASTER_PRIV_FILE > /dev/null
export MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE` export MASTER_PUB=`gnunet-ecc -p $MASTER_PRIV_FILE`
export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL` export EXCHANGE_URL=`taler-config -c $CONF -s EXCHANGE -o BASE_URL`
MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT` MERCHANT_PORT=`taler-config -c $CONF -s MERCHANT -o PORT`
export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/ export MERCHANT_URL=http://localhost:${MERCHANT_PORT}/
BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT` BANK_PORT=`taler-config -c $CONF -s BANK -o HTTP_PORT`
export BANK_URL=http://localhost:${BANK_PORT}/ export BANK_URL=http://localhost:1${BANK_PORT}
export AUDITOR_URL=http://localhost:8083/ export AUDITOR_URL=http://localhost:8083/
AUDITOR_PRIV_FILE=`taler-config -f -c $CONF -s AUDITOR -o AUDITOR_PRIV_FILE` AUDITOR_PRIV_FILE=$1.apriv
AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE` AUDITOR_PRIV_DIR=`dirname $AUDITOR_PRIV_FILE`
taler-config -f -c ${CONF} -s auditor -o AUDITOR_PRIV_FILE -V ${AUDITOR_PRIV_FILE}
mkdir -p $AUDITOR_PRIV_DIR mkdir -p $AUDITOR_PRIV_DIR
gnunet-ecc -g1 $AUDITOR_PRIV_FILE > /dev/null gnunet-ecc -l /dev/null -g1 $AUDITOR_PRIV_FILE > /dev/null
AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE` AUDITOR_PUB=`gnunet-ecc -p $AUDITOR_PRIV_FILE`
echo "MASTER PUB is ${MASTER_PUB} using file ${MASTER_PRIV_FILE}"
echo "AUDITOR PUB is ${AUDITOR_PUB} using file ${AUDITOR_PRIV_FILE}"
# patch configuration # patch configuration
taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB taler-config -c $CONF -s exchange -o MASTER_PUBLIC_KEY -V $MASTER_PUB
taler-config -c $CONF -s auditor -o PUBLIC_KEY -V $AUDITOR_PUB
taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB taler-config -c $CONF -s merchant-exchange-default -o MASTER_KEY -V $MASTER_PUB
taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TARGET_DB taler-config -c $CONF -s exchangedb-postgres -o CONFIG -V postgres:///$TARGET_DB
taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TARGET_DB taler-config -c $CONF -s auditordb-postgres -o CONFIG -V postgres:///$TARGET_DB
@ -105,22 +141,188 @@ taler-auditor-exchange -c $CONF -m $MASTER_PUB -u $EXCHANGE_URL
# Launch services # Launch services
echo "Launching services" echo "Launching services"
taler-bank-manage-testing $CONF postgres:///$TARGET_DB serve &> revocation-bank.log &
export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-sandbox.sqlite3"
# Create the default demobank.
cd $MY_TMP_DIR
export LIBEUFIN_SANDBOX_ADMIN_PASSWORD=secret
libeufin-sandbox config --currency "TESTKUDOS" default
libeufin-sandbox serve --port "1${BANK_PORT}" \
> ${MY_TMP_DIR}/libeufin-sandbox-stdout.log \
2> ${MY_TMP_DIR}/libeufin-sandbox-stderr.log &
echo $! > ${MY_TMP_DIR}/libeufin-sandbox.pid
cd $ORIGIN
export LIBEUFIN_SANDBOX_URL="http://localhost:1${BANK_PORT}"
set +e
echo -n "Waiting for Sandbox..."
OK=0
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--user admin --password secret --auth-no-challenge \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
${LIBEUFIN_SANDBOX_URL};
then
OK=1
break
fi
done
if test $OK != 1
then
exit_skip " Failed to launch sandbox"
fi
echo "OK"
register_sandbox_account() {
export LIBEUFIN_SANDBOX_USERNAME=$1
export LIBEUFIN_SANDBOX_PASSWORD=$2
cd $MY_TMP_DIR
libeufin-cli sandbox \
demobank \
register --name "$3"
cd $ORIGIN
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
}
set -e
echo -n "Register the 'fortytwo' Sandbox user.."
register_sandbox_account fortytwo x "Forty Two"
echo OK
echo -n "Register the 'fortythree' Sandbox user.."
register_sandbox_account fortythree x "Forty Three"
echo OK
echo -n "Register 'exchange' Sandbox user.."
register_sandbox_account exchange x "Exchange Company"
echo OK
echo -n "Specify exchange's PAYTO_URI in the config ..."
export LIBEUFIN_SANDBOX_USERNAME=exchange
export LIBEUFIN_SANDBOX_PASSWORD=x
cd $MY_TMP_DIR
PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI -V $PAYTO
echo " OK"
echo -n "Setting this exchange as the bank's default ..."
EXCHANGE_PAYTO=`libeufin-cli sandbox demobank info --bank-account exchange | jq --raw-output '.paytoUri'`
libeufin-sandbox default-exchange "$EXCHANGE_URL" "$EXCHANGE_PAYTO"
echo " OK"
# Prepare EBICS: create Ebics host and Exchange subscriber.
# Shortly becoming admin to setup Ebics.
export LIBEUFIN_SANDBOX_USERNAME=admin
export LIBEUFIN_SANDBOX_PASSWORD=secret
echo -n "Create EBICS host at Sandbox.."
libeufin-cli sandbox \
--sandbox-url "http://localhost:1${BANK_PORT}" \
ebicshost create --host-id "talerebics"
echo "OK"
echo -n "Create exchange EBICS subscriber at Sandbox.."
libeufin-cli sandbox \
demobank new-ebicssubscriber --host-id talerebics \
--user-id exchangeebics --partner-id talerpartner \
--bank-account exchange # that's a username _and_ a bank account name
echo "OK"
unset LIBEUFIN_SANDBOX_USERNAME
unset LIBEUFIN_SANDBOX_PASSWORD
# Prepare Nexus, which is the side actually talking
# to the exchange.
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:sqlite:${TARGET_DB}-nexus.sqlite3"
# For convenience, username and password are
# identical to those used at the Sandbox.
echo -n "Create exchange Nexus user..."
libeufin-nexus superuser exchange --password x
echo " OK"
libeufin-nexus serve --port ${BANK_PORT} \
2> ${MY_TMP_DIR}/libeufin-nexus-stderr.log \
> ${MY_TMP_DIR}/libeufin-nexus-stdout.log &
echo $! > ${MY_TMP_DIR}/libeufin-nexus.pid
export LIBEUFIN_NEXUS_URL="http://localhost:${BANK_PORT}"
echo -n "Waiting for Nexus..."
set +e
OK=0
for n in `seq 1 50`; do
echo -n "."
sleep 1
if wget --timeout=1 \
--tries=3 --waitretry=0 \
-o /dev/null -O /dev/null \
$LIBEUFIN_NEXUS_URL;
then
OK=1
break
fi
done
if test $OK != 1
then
exit_skip " Failed to launch Nexus at $LIBEUFIN_NEXUS_URL"
fi
set -e
echo "OK"
export LIBEUFIN_NEXUS_USERNAME=exchange
export LIBEUFIN_NEXUS_PASSWORD=x
echo -n "Creating an EBICS connection at Nexus..."
libeufin-cli connections new-ebics-connection \
--ebics-url "http://localhost:1${BANK_PORT}/ebicsweb" \
--host-id "talerebics" \
--partner-id "talerpartner" \
--ebics-user-id "exchangeebics" \
talerconn
echo "OK"
echo -n "Setup EBICS keying..."
libeufin-cli connections connect "talerconn" > /dev/null
echo "OK"
echo -n "Download bank account name from Sandbox..."
libeufin-cli connections download-bank-accounts "talerconn"
echo "OK"
echo -n "Importing bank account info into Nexus..."
libeufin-cli connections import-bank-account \
--offered-account-id "exchange" \
--nexus-bank-account-id "exchange-nexus" \
"talerconn"
echo "OK"
echo -n "Setup payments submission task..."
# Tries every second.
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name "exchange-payments" \
--task-cronspec "* * *" \
"exchange-nexus"
echo "OK"
# Tries every second. Ask C52
echo -n "Setup history fetch task..."
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name "exchange-history" \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
"exchange-nexus"
echo "OK"
# create Taler facade.
echo -n "Create the Taler facade at Nexus..."
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency "TESTKUDOS" --facade-name "test-facade" \
"talerconn" "exchange-nexus"
echo "OK"
cd $ORIGIN
# Facade schema: http://localhost:$BANK_PORT/facades/test-facade/taler-wire-gateway/
TFN=`which taler-exchange-httpd` TFN=`which taler-exchange-httpd`
TBINPFX=`dirname $TFN` TBINPFX=`dirname $TFN`
TLIBEXEC=${TBINPFX}/../lib/taler/libexec/ TLIBEXEC=${TBINPFX}/../lib/taler/libexec/
taler-exchange-secmod-eddsa -c $CONF 2> taler-exchange-secmod-eddsa.log & taler-exchange-secmod-eddsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-eddsa.log &
SIGNKEY_HELPER_PID=$! SIGNKEY_HELPER_PID=$!
taler-exchange-secmod-rsa -c $CONF 2> taler-exchange-secmod-rsa.log & taler-exchange-secmod-rsa -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-rsa.log &
RSA_DENOM_HELPER_PID=$! RSA_DENOM_HELPER_PID=$!
taler-exchange-secmod-cs -c $CONF 2> taler-exchange-secmod-cs.log & taler-exchange-secmod-cs -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-cs.log &
CS_DENOM_HELPER_PID=$! CS_DENOM_HELPER_PID=$!
taler-exchange-httpd -c $CONF 2> taler-exchange-httpd.log & taler-exchange-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
EXCHANGE_PID=$! EXCHANGE_PID=$!
taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log & taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
MERCHANT_PID=$! MERCHANT_PID=$!
taler-exchange-wirewatch -c $CONF 2> taler-exchange-wirewatch.log & taler-exchange-wirewatch -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-wirewatch.log &
taler-auditor-httpd -c $CONF 2> taler-auditor-httpd.log & taler-auditor-httpd -c $CONF 2> ${MY_TMP_DIR}/taler-auditor-httpd.log &
# Wait for all bank to be available (usually the slowest) # Wait for all bank to be available (usually the slowest)
for n in `seq 1 50` for n in `seq 1 50`
@ -157,7 +359,7 @@ done
if [ 1 != $OK ] if [ 1 != $OK ]
then then
cleanup exit_cleanup
exit_skip "Failed to launch Taler services" exit_skip "Failed to launch Taler services"
fi fi
echo " DONE" echo " DONE"
@ -166,11 +368,11 @@ echo -n "Setting up keys"
taler-exchange-offline -c $CONF \ taler-exchange-offline -c $CONF \
download sign \ download sign \
enable-account payto://x-taler-bank/localhost/Exchange \ enable-account `taler-config -c $CONF -s exchange-account-1 -o PAYTO_URI` \
enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \ enable-auditor $AUDITOR_PUB $AUDITOR_URL "TESTKUDOS Auditor" \
wire-fee now x-taler-bank TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 \ wire-fee now iban TESTKUDOS:0.01 TESTKUDOS:0.01 \
global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1h 1year 5 \ global-fee now TESTKUDOS:0.01 TESTKUDOS:0.01 TESTKUDOS:0.01 1h 1year 5 \
upload &> taler-exchange-offline.log upload &> ${MY_TMP_DIR}/taler-exchange-offline.log
echo -n "." echo -n "."
@ -191,27 +393,27 @@ fi
taler-auditor-offline -c $CONF \ taler-auditor-offline -c $CONF \
download sign upload &> taler-auditor-offline.log download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log
echo " DONE" echo " DONE"
# Setup merchant # Setup merchant
echo -n "Setting up merchant" echo -n "Setting up merchant"
curl -H "Content-Type: application/json" -X POST -d '{"auth": {"method": "external"}, "payto_uris":["payto://x-taler-bank/localhost/43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_ms" : 3600000},"default_pay_delay":{"d_ms": 3600000}}' http://localhost:9966/management/instances curl -H "Content-Type: application/json" -X POST -d '{"auth": {"method": "external"}, "payto_uris":["payto://iban/SANDBOXX/DE474361?receiver-name=Merchant43"],"id":"default","name":"default","address":{},"jurisdiction":{},"default_max_wire_fee":"TESTKUDOS:1", "default_max_deposit_fee":"TESTKUDOS:1","default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us" : 3600000000},"default_pay_delay":{"d_us": 3600000000}}' http://localhost:9966/management/instances
# run wallet CLI # run wallet CLI
echo "Running wallet" echo "Running wallet"
taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api 'withdrawTestBalance' \ taler-wallet-cli --no-throttle --wallet-db=$WALLET_DB api --expect-success 'withdrawTestBalance' \
"$(jq -n ' "$(jq -n '
{ {
amount: "TESTKUDOS:8", amount: "TESTKUDOS:8",
bankBaseUrl: $BANK_URL, bankBaseUrl: $BANK_URL,
exchangeBaseUrl: $EXCHANGE_URL, exchangeBaseUrl: $EXCHANGE_URL,
}' \ }' \
--arg BANK_URL $BANK_URL \ --arg BANK_URL "$BANK_URL/demobanks/default/access-api/" \
--arg EXCHANGE_URL $EXCHANGE_URL --arg EXCHANGE_URL $EXCHANGE_URL
)" )"
@ -232,13 +434,13 @@ export susp=$(echo "$coins" | jq --arg rc "$rc" '[.coins[] | select(.coin_pub !=
# Do the revocation # Do the revocation
taler-exchange-offline -c $CONF \ taler-exchange-offline -c $CONF \
revoke-denomination "${rd}" upload &> taler-exchange-offline-revoke.log revoke-denomination "${rd}" upload &> ${MY_TMP_DIR}/taler-exchange-offline-revoke.log
sleep 1 # Give exchange time to create replacmenent key sleep 1 # Give exchange time to create replacmenent key
# Re-sign replacement keys # Re-sign replacement keys
taler-auditor-offline -c $CONF \ taler-auditor-offline -c $CONF \
download sign upload &> taler-auditor-offline.log download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log
# Now we suspend the other coins, so later we will pay with the recouped coin # Now we suspend the other coins, so later we will pay with the recouped coin
taler-wallet-cli --wallet-db=$WALLET_DB advanced suspend-coins "$susp" taler-wallet-cli --wallet-db=$WALLET_DB advanced suspend-coins "$susp"
@ -286,13 +488,13 @@ kill -TERM $EXCHANGE_PID
kill -TERM $RSA_DENOM_HELPER_PID kill -TERM $RSA_DENOM_HELPER_PID
kill -TERM $CS_DENOM_HELPER_PID kill -TERM $CS_DENOM_HELPER_PID
kill -TERM $SIGNKEY_HELPER_PID kill -TERM $SIGNKEY_HELPER_PID
taler-exchange-secmod-eddsa $TIMETRAVEL -c $CONF 2> taler-exchange-secmod-eddsa.log & taler-exchange-secmod-eddsa $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-eddsa.log &
SIGNKEY_HELPER_PID=$! SIGNKEY_HELPER_PID=$!
taler-exchange-secmod-rsa $TIMETRAVEL -c $CONF 2> taler-exchange-secmod-rsa.log & taler-exchange-secmod-rsa $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-rsa.log &
RSA_DENOM_HELPER_PID=$! RSA_DENOM_HELPER_PID=$!
taler-exchange-secmod-cs $TIMETRAVEL -c $CONF 2> taler-exchange-secmod-cs.log & taler-exchange-secmod-cs $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-secmod-cs.log &
CS_DENOM_HELPER_PID=$! CS_DENOM_HELPER_PID=$!
taler-exchange-httpd $TIMETRAVEL -c $CONF 2> taler-exchange-httpd.log & taler-exchange-httpd $TIMETRAVEL -c $CONF 2> ${MY_TMP_DIR}/taler-exchange-httpd.log &
export EXCHANGE_PID=$! export EXCHANGE_PID=$!
# Wait for exchange to be available # Wait for exchange to be available
@ -333,13 +535,13 @@ export susp=$(echo "$coins" | jq --arg freshc "$freshc" '[.coins[] | select(.coi
# Do the revocation of freshc # Do the revocation of freshc
echo "Revoking ${fresh_denom} (to affect coin ${freshc})" echo "Revoking ${fresh_denom} (to affect coin ${freshc})"
taler-exchange-offline -c $CONF \ taler-exchange-offline -c $CONF \
revoke-denomination "${fresh_denom}" upload &> taler-exchange-offline-revoke-2.log revoke-denomination "${fresh_denom}" upload &> ${MY_TMP_DIR}/taler-exchange-offline-revoke-2.log
sleep 1 # Give exchange time to create replacmenent key sleep 1 # Give exchange time to create replacmenent key
# Re-sign replacement keys # Re-sign replacement keys
taler-auditor-offline -c $CONF \ taler-auditor-offline -c $CONF \
download sign upload &> taler-auditor-offline.log download sign upload &> ${MY_TMP_DIR}/taler-auditor-offline.log
# Now we suspend the other coins, so later we will pay with the recouped coin # Now we suspend the other coins, so later we will pay with the recouped coin
taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB advanced suspend-coins "$susp" taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB advanced suspend-coins "$susp"
@ -353,7 +555,7 @@ taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB run-until-done
echo "Restarting merchant (so new keys are known)" echo "Restarting merchant (so new keys are known)"
kill -TERM $MERCHANT_PID kill -TERM $MERCHANT_PID
taler-merchant-httpd -c $CONF -L INFO 2> taler-merchant-httpd.log & taler-merchant-httpd -c $CONF -L INFO 2> ${MY_TMP_DIR}/taler-merchant-httpd.log &
MERCHANT_PID=$! MERCHANT_PID=$!
# Wait for merchant to be again available # Wait for merchant to be again available
for n in `seq 1 50` for n in `seq 1 50`
@ -383,25 +585,29 @@ taler-wallet-cli $TIMETRAVEL --wallet-db=$WALLET_DB run-until-done
echo "Bought something with refresh-recouped coin" echo "Bought something with refresh-recouped coin"
echo "Shutting down services" echo "Shutting down services"
cleanup exit_cleanup
# Dump database # Dump database
echo "Dumping database" echo "Dumping database"
echo "Dumping PostgreSQL database: ${BASEDB}.sql"
pg_dump -O $TARGET_DB | sed -e '/AS integer/d' > ${BASEDB}.sql pg_dump -O $TARGET_DB | sed -e '/AS integer/d' > ${BASEDB}.sql
echo "Dumping libeufin database: ${TARGET_DB}-libeufin-*.sql"
cd $MY_TMP_DIR
sqlite3 ${TARGET_DB}-nexus.sqlite3 ".dump" > ${BASEDB}-libeufin-nexus.sql
sqlite3 ${TARGET_DB}-sandbox.sqlite3 ".dump" > ${BASEDB}-libeufin-sandbox.sql
rm ${TARGET_DB}-sandbox.sqlite3 ${TARGET_DB}-nexus.sqlite3 # libeufin DB
cd $ORIGIN
echo $MASTER_PUB > ${BASEDB}.mpub echo $MASTER_PUB > ${BASEDB}.mpub
date +%s > ${BASEDB}.age
# clean up
echo "Final clean up" echo "Final clean up"
dropdb $TARGET_DB dropdb $TARGET_DB
rm -rf $DATA_DIR || true
rm -f $CONF
rm -r $TMP_DIR
echo "=====================================" echo "====================================="
echo " Finished revocation DB generation " echo " Finished generation of $BASEDB "
echo "=====================================" echo "====================================="
exit 0 exit 0

View File

@ -588,6 +588,9 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
GNUNET_free (master_public_key_str); GNUNET_free (master_public_key_str);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Running auditor against exchange master public key `%s'\n",
master_public_key_str);
GNUNET_free (master_public_key_str); GNUNET_free (master_public_key_str);
} /* end of -m not given */ } /* end of -m not given */

View File

@ -1 +0,0 @@
1655640625

View File

@ -1,34 +1,34 @@
[auditor] [auditor]
DB = postgres PUBLIC_KEY = CK4P6P5VXR82B1A4C3PY5DCHG8HDZA1HSZR76Z8D6FD57MASFT70
TINY_AMOUNT = TESTKUDOS:0.01 TINY_AMOUNT = TESTKUDOS:0.01
BASE_URL = http://localhost:8083/ BASE_URL = http://localhost:8083/
[exchange-account-1] [exchange-account-1]
PAYTO_URI = payto://x-taler-bank/localhost/Exchange PAYTO_URI = payto://iban/SANDBOXX/DE717324?receiver-name=Exchange+Company
enable_debit = yes enable_debit = yes
enable_credit = yes enable_credit = yes
[exchange-accountcredentials-1] [exchange-accountcredentials-1]
WIRE_GATEWAY_URL = "http://localhost:8082/taler-wire-gateway/Exchange/" WIRE_GATEWAY_URL = "http://localhost:8082/facades/test-facade/taler-wire-gateway/"
WIRE_GATEWAY_AUTH_METHOD = basic WIRE_GATEWAY_AUTH_METHOD = basic
USERNAME = Exchange USERNAME = exchange
PASSWORD = x PASSWORD = x
[exchangedb] [exchangedb]
WIREFEE_BASE_DIR = ${PWD}/wirefees/ WIREFEE_BASE_DIR = ${PWD}/wirefees/
[auditordb-postgres] [auditordb-postgres]
CONFIG = postgres:///taler-auditor-test CONFIG = postgres:///revoke-basedb
[exchangedb-postgres] [exchangedb-postgres]
CONFIG = postgres:///taler-auditor-test CONFIG = postgres:///revoke-basedb
[taler] [taler]
CURRENCY = TESTKUDOS CURRENCY = TESTKUDOS
CURRENCY_ROUND_UNIT = TESTKUDOS:0.01 CURRENCY_ROUND_UNIT = TESTKUDOS:0.01
[bank] [bank]
DATABASE = postgres:///taler-auditor-test DATABASE = postgres:///revoke-basedb
MAX_DEBT = TESTKUDOS:50.0 MAX_DEBT = TESTKUDOS:50.0
MAX_DEBT_BANK = TESTKUDOS:100000.0 MAX_DEBT_BANK = TESTKUDOS:100000.0
HTTP_PORT = 8082 HTTP_PORT = 8082

Binary file not shown.

View File

@ -1 +0,0 @@
MREDG0XYVSX4RPYSA6JNQZ93P2DDBG45F3M6RBZXRS49M0JTVN40

Some files were not shown because too many files have changed in this diff Show More