taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: taler:dd59f3eea6d17391ecabf4a59f41938613f280a5
Branches Tags
taler:master
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master-broken
taler:auction_brandt
..
compare: taler:af1001bc423c51bde5cb4e02a138ce84fd6b782c
Branches Tags
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master
taler:master-broken
taler:auction_brandt

10 Commits
dd59f3eea6 ... af1001bc42

Author SHA1 Message Date
Özgür Kesim
af1001bc42
-cleanup age-withdraw_reveal 2023-03-06 13:04:26 +01:00
Christian Grothoff
70645cbb1b
fix permissions, default to UNIX, improve logging 2023-03-05 01:18:08 +01:00
Christian Grothoff
e2185233f6
bump Debian version 2023-03-04 23:33:11 +01:00
Christian Grothoff
ce205f93a2
avoid interactive prompt 2023-03-04 23:18:36 +01:00
Christian Grothoff
d24423e8f6
bump Debian version 2023-03-04 23:10:38 +01:00
Christian Grothoff
442002282d
improve nginx configuration consistency 2023-03-04 23:04:27 +01:00
Christian Grothoff
b10d990afd
prepare dirs for secmod 2023-03-04 20:39:53 +01:00
Christian Grothoff
c9d0e4a473
make taler-exchange-offline a 'normal' user with shell 2023-03-04 20:33:18 +01:00
Christian Grothoff
2ad12de668
-fix FTBFS and other bugs 2023-03-04 18:19:18 +01:00
Christian Grothoff
4eb2c3e78c
debian bump 2023-03-04 18:07:22 +01:00
11 changed files with 110 additions and 97 deletions
Show Stats Expand all files Collapse all files

12
debian/changelog vendored
View File

@ -1,3 +1,15 @@
taler-exchange (0.9.2-2) unstable; urgency=low
* Further improvements to Debian package.
-- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 23:50:12 +0200
taler-exchange (0.9.2-1) unstable; urgency=low
* Minor improvements to Debian package, also adds age-withdraw REST APIs.
-- Christian Grothoff <grothoff@gnu.org> Sat, 3 Mar 2023 13:50:12 +0200
taler-exchange (0.9.2) unstable; urgency=low taler-exchange (0.9.2) unstable; urgency=low
* Packaging latest release. * Packaging latest release.

23
debian/etc-taler-auditor/nginx/sites-available/taler-auditor vendored
View File

@ -1,7 +1,18 @@
location /taler-auditor/ { server {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off; listen 80;
proxy_set_header Host $host; listen [::]:80;
proxy_set_header X-Forwarded-Host "example.com";
proxy_set_header X-Forwarded-Proto "https"; server_name localhost;
access_log /var/log/nginx/auditor.log;
error_log /var/log/nginx/auditor.err;
location /taler-auditor/ {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Proto "https";
}
} }

3
debian/etc-taler-exchange/nginx/sites-available/taler-exchange vendored
View File

@ -4,6 +4,9 @@ server {
server_name localhost; server_name localhost;
access_log /var/log/nginx/exchange.log;
error_log /var/log/nginx/exchange.err;
location /taler-exchange/ { location /taler-exchange/ {
proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/; proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
proxy_redirect off; proxy_redirect off;

6
debian/etc-taler-exchange/taler/conf.d/exchange-business.conf vendored
View File

@ -6,11 +6,11 @@
# which you can get using `taler-exchange-offline setup`. # which you can get using `taler-exchange-offline setup`.
# This is just an example, your key will be different! # This is just an example, your key will be different!
# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG # MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
MASTER_PUBLIC_KEY = # MASTER_PUBLIC_KEY =
# Publicly visible base URL of the exchange. # Publicly visible base URL of the exchange.
# BASE_URL = https://example.com/ # BASE_URL = https://example.com/
BASE_URL = # BASE_URL =
# For your terms of service and privacy policy, you should specify # For your terms of service and privacy policy, you should specify
# an Etag that must be updated whenever there are significant # an Etag that must be updated whenever there are significant
@ -20,6 +20,8 @@ BASE_URL =
# TERMS_ETAG = # TERMS_ETAG =
# PRIVACY_ETAG = # PRIVACY_ETAG =
SERVE = unix
UNIXPATH_MODE = 666
# Bank accounts used by the exchange should be specified here: # Bank accounts used by the exchange should be specified here:
[exchange-account-1] [exchange-account-1]

2
debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf vendored
View File

@ -4,7 +4,7 @@
# Typically, there should only be a single line here, of the form: # Typically, there should only be a single line here, of the form:
CONFIG=postgres:///DATABASE # CONFIG=postgres:///DATABASE
# The details of the URI depend on where the database lives and how # The details of the URI depend on where the database lives and how
# access control was configured. # access control was configured.

12
debian/taler-exchange-offline.postinst vendored
View File

@ -4,20 +4,20 @@ set -e
. /usr/share/debconf/confmodule . /usr/share/debconf/confmodule
TALER_HOME="/var/lib/taler"
case "${1}" in case "${1}" in
configure) configure)
if ! getent group taler-exchange-offline >/dev/null; then if ! getent group taler-exchange-offline >/dev/null; then
addgroup --quiet --system taler-exchange-offline addgroup --quiet taler-exchange-offline
fi fi
if ! getent passwd taler-exchange-offline >/dev/null; then if ! getent passwd taler-exchange-offline >/dev/null; then
adduser --quiet --system \ adduser --quiet \
--disabled-password \
--system \
--shell /bin/bash \
--ingroup taler-exchange-offline \ --ingroup taler-exchange-offline \
--no-create-home \ taler-exchange-offline
--home ${TALER_HOME} taler-exchange-offline
fi fi
;; ;;

5
debian/taler-exchange.postinst vendored
View File

@ -30,6 +30,7 @@ configure)
if ! getent passwd ${_EUSERNAME} >/dev/null; then if ! getent passwd ${_EUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME} adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_EUSERNAME}
adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME} adduser --quiet ${_EUSERNAME} ${_DBGROUPNAME}
adduser --quiet ${_EUSERNAME} ${_GROUPNAME}
fi fi
if ! getent passwd ${_RSECUSERNAME} >/dev/null; then if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME} adduser --quiet --system --no-create-home --ingroup ${_GROUPNAME} --home ${TALER_HOME} ${_RSECUSERNAME}
@ -53,10 +54,10 @@ configure)
adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
fi fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials.secret.conf >/dev/null 2>&1; then if ! dpkg-statoverride --list /etc/taler/secrets/exchange-accountcredentials-1.secret.conf >/dev/null 2>&1; then
dpkg-statoverride --add --update \ dpkg-statoverride --add --update \
${_WIREUSERNAME} root 460 \ ${_WIREUSERNAME} root 460 \
/etc/taler/secrets/exchange-accountcredentials.secret.conf /etc/taler/secrets/exchange-accountcredentials-1.secret.conf
fi fi
if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then if ! dpkg-statoverride --list /etc/taler/secrets/exchange-db.secret.conf >/dev/null 2>&1; then

3
debian/taler-exchange.tmpfiles vendored
View File

@ -1,7 +1,8 @@
#Type Path Mode UID GID Age Argument #Type Path Mode UID GID Age Argument
d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod - - d /run/taler/exchange-secmod-rsa 0755 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /run/taler/exchange-secmod-cs 0755 taler-exchange-secmod-cs taler-exchange-secmod - -
d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod - - d /run/taler/exchange-secmod-eddsa 0755 taler-exchange-secmod-eddsa taler-exchange-secmod - -
d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data - - d /run/taler/exchange-httpd 0750 taler-exchange-httpd www-data - -
d /var/lib/taler/exchange-offline 0700 taler-exchange-offline taler-exchange-offline - - d /var/lib/taler/exchange-secmod-cs 0700 taler-exchange-secmod-cs taler-exchange-secmod - -
d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod - - d /var/lib/taler/exchange-secmod-rsa 0700 taler-exchange-secmod-rsa taler-exchange-secmod - -
d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod - - d /var/lib/taler/exchange-secmod-eddsa 0700 taler-exchange-secmod-eddsa taler-exchange-secmod - -

6
src/exchange/taler-exchange-httpd.c
View File

@ -1939,6 +1939,9 @@ exchange_serve_process_config (void)
GNUNET_free (master_public_key_str); GNUNET_free (master_public_key_str);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Launching exchange with public key `%s'...\n",
master_public_key_str);
GNUNET_free (master_public_key_str); GNUNET_free (master_public_key_str);
} }
@ -1961,9 +1964,6 @@ exchange_serve_process_config (void)
&TEH_attribute_key.hash); &TEH_attribute_key.hash);
GNUNET_free (attr_enc_key_str); GNUNET_free (attr_enc_key_str);
} }
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Launching exchange with public key `%s'...\n",
GNUNET_p2s (&TEH_master_public_key.eddsa_pub));
if (NULL == if (NULL ==
(TEH_plugin = TALER_EXCHANGEDB_plugin_load (TEH_cfg))) (TEH_plugin = TALER_EXCHANGEDB_plugin_load (TEH_cfg)))

62
src/exchange/taler-exchange-httpd_age-withdraw_reveal.c
View File

@ -116,17 +116,17 @@ handle_age_withdraw_reveal_json (
error = "denoms_h must not be empty"; error = "denoms_h must not be empty";
else if (actx->num_coins != json_array_size (j_coin_evs)) else if (actx->num_coins != json_array_size (j_coin_evs))
error = "denoms_h and coins_evs must be arrays of the same size"; error = "denoms_h and coins_evs must be arrays of the same size";
else if (actx->num_coins > TALER_MAX_FRESH_COINS)
/**
* The wallet had committed to more than the maximum coins allowed, the
* reserve has been charged, but now the user can not withdraw any money
* from it. Note that the user can't get their money back in this case!
**/
error = "maximum number of coins that can be withdrawn has been exceeded";
else if (actx->num_coins * (TALER_CNC_KAPPA - 1) else if (actx->num_coins * (TALER_CNC_KAPPA - 1)
!= json_array_size (j_disclosed_coins)) != json_array_size (j_disclosed_coins))
error = "the size of array disclosed_coins must be " error = "the size of array disclosed_coins must be "
TALER_CNC_KAPPA_MINUS_ONE_STR " times of the size of denoms_h"; TALER_CNC_KAPPA_MINUS_ONE_STR " times the size of denoms_h";
else if (actx->num_coins > TALER_MAX_FRESH_COINS)
/**
* FIXME?: If the user had commited to more than the maximum coins allowed,
* the reserve has been charged, but now the user can not withdraw any money
* from it. How can the user get their money back?
**/
error = "maximum number of coins that can be withdrawn has been exceeded";
if (NULL != error) if (NULL != error)
return TALER_MHD_reply_with_error (connection, return TALER_MHD_reply_with_error (connection,
@ -135,22 +135,23 @@ handle_age_withdraw_reveal_json (
error); error);
} }
/* Parse denomination keys */ /* Continue parsing the parts */
{ {
unsigned int idx; unsigned int idx = 0;
json_t *jh; json_t *value = NULL;
/* Parse denomination keys */
actx->denoms_h = GNUNET_new_array (actx->num_coins, actx->denoms_h = GNUNET_new_array (actx->num_coins,
struct TALER_DenominationHashP); struct TALER_DenominationHashP);
json_array_foreach (j_denoms_h, idx, jh) { json_array_foreach (j_denoms_h, idx, value) {
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto (NULL, &actx->denoms_h[idx]), GNUNET_JSON_spec_fixed_auto (NULL, &actx->denoms_h[idx]),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_JSON_parse (jh, spec, NULL, NULL)) GNUNET_JSON_parse (value, spec, NULL, NULL))
{ {
char msg[256] = {0}; char msg[256] = {0};
GNUNET_snprintf (msg, GNUNET_snprintf (msg,
@ -161,28 +162,22 @@ handle_age_withdraw_reveal_json (
MHD_HTTP_BAD_REQUEST, MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED, TALER_EC_GENERIC_PARAMETER_MALFORMED,
msg); msg);
goto EXIT; goto CLEANUP;
} }
}; };
}
/* Parse blinded envelopes */
{
unsigned int idx;
json_t *ce;
/* Parse blinded envelopes */
actx->coin_evs = GNUNET_new_array (actx->num_coins, actx->coin_evs = GNUNET_new_array (actx->num_coins,
struct TALER_BlindedCoinHashP); struct TALER_BlindedCoinHashP);
json_array_foreach (j_coin_evs, idx, ce) { json_array_foreach (j_coin_evs, idx, value) {
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto (NULL, &actx->coin_evs[idx]), GNUNET_JSON_spec_fixed_auto (NULL, &actx->coin_evs[idx]),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_JSON_parse (ce, spec, NULL, NULL)) GNUNET_JSON_parse (value, spec, NULL, NULL))
{ {
char msg[256] = {0}; char msg[256] = {0};
GNUNET_snprintf (msg, GNUNET_snprintf (msg,
@ -193,28 +188,23 @@ handle_age_withdraw_reveal_json (
MHD_HTTP_BAD_REQUEST, MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED, TALER_EC_GENERIC_PARAMETER_MALFORMED,
msg); msg);
goto EXIT; goto CLEANUP;
} }
}; };
}
/* Parse diclosed keys */
{
unsigned int idx;
json_t *dc;
/* Parse diclosed keys */
actx->disclosed_coins = GNUNET_new_array ( actx->disclosed_coins = GNUNET_new_array (
actx->num_coins * (TALER_CNC_KAPPA), actx->num_coins * (TALER_CNC_KAPPA - 1),
struct GNUNET_CRYPTO_EddsaPrivateKey); struct GNUNET_CRYPTO_EddsaPrivateKey);
json_array_foreach (j_coin_evs, idx, dc) { json_array_foreach (j_disclosed_coins, idx, value) {
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto (NULL, &actx->disclosed_coins[idx]), GNUNET_JSON_spec_fixed_auto (NULL, &actx->disclosed_coins[idx]),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_JSON_parse (dc, spec, NULL, NULL)) GNUNET_JSON_parse (value, spec, NULL, NULL))
{ {
char msg[256] = {0}; char msg[256] = {0};
GNUNET_snprintf (msg, GNUNET_snprintf (msg,
@ -225,10 +215,9 @@ handle_age_withdraw_reveal_json (
MHD_HTTP_BAD_REQUEST, MHD_HTTP_BAD_REQUEST,
TALER_EC_GENERIC_PARAMETER_MALFORMED, TALER_EC_GENERIC_PARAMETER_MALFORMED,
msg); msg);
goto EXIT; goto CLEANUP;
} }
}; };
} }
/* TODO:oec: find commitment */ /* TODO:oec: find commitment */
@ -241,8 +230,7 @@ handle_age_withdraw_reveal_json (
/* TODO:oec: send response */ /* TODO:oec: send response */
/* TODO */ CLEANUP:
EXIT:
age_reveal_context_free (actx); age_reveal_context_free (actx);
return mhd_ret; return mhd_ret;
} }

73
src/util/crypto_confirmation.c
View File

@ -21,7 +21,7 @@
*/ */
#include "platform.h" #include "platform.h"
#include "taler_util.h" #include "taler_util.h"
#include <taler/taler_mhd_lib.h> #include "taler_mhd_lib.h"
#include <gnunet/gnunet_db_lib.h> #include <gnunet/gnunet_db_lib.h>
#include <gcrypt.h> #include <gcrypt.h>
@ -29,7 +29,7 @@
* How long is a TOTP code valid? * How long is a TOTP code valid?
*/ */
#define TOTP_VALIDITY_PERIOD GNUNET_TIME_relative_multiply ( \ #define TOTP_VALIDITY_PERIOD GNUNET_TIME_relative_multiply ( \
GNUNET_TIME_UNIT_SECONDS, 30) GNUNET_TIME_UNIT_SECONDS, 30)
/** /**
* Range of time we allow (plus-minus). * Range of time we allow (plus-minus).
@ -37,7 +37,6 @@
#define TIME_INTERVAL_RANGE 2 #define TIME_INTERVAL_RANGE 2
/** /**
* Compute TOTP code at current time with offset * Compute TOTP code at current time with offset
* @a time_off for the @a key. * @a time_off for the @a key.
@ -131,26 +130,22 @@ base32decode (const char *val,
* 32 characters for decoding, using RFC 3548. * 32 characters for decoding, using RFC 3548.
*/ */
static const char *decTable__ = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"; static const char *decTable__ = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
unsigned int wpos; unsigned char *udata = key;
unsigned int rpos; unsigned int wpos = 0;
unsigned int bits; unsigned int rpos = 0;
unsigned int vbit; unsigned int bits = 0;
unsigned char *udata; unsigned int vbit = 0;
udata = val;
vbit = 0;
wpos = 0;
rpos = 0;
bits = 0;
while ((rpos < val_size) || (vbit >= 8)) while ((rpos < val_size) || (vbit >= 8))
{ {
if ((rpos < val_size) && (vbit < 8)) if ((rpos < val_size) && (vbit < 8))
{ {
char c = val[rpos++]; char c = val[rpos++];
if (c == '=') { // padding character if (c == '=') // padding character
{
break; break;
} }
const char *p = strchr(decTable__, toupper(c)); const char *p = strchr (decTable__, toupper (c));
if (! p) if (! p)
{ // invalid character { // invalid character
return -1; return -1;
@ -178,29 +173,29 @@ executive_totp (void *h_key,
ret = NULL; ret = NULL;
for (int i = -TIME_INTERVAL_RANGE; i<= TIME_INTERVAL_RANGE; i++) for (int i = -TIME_INTERVAL_RANGE; i<= TIME_INTERVAL_RANGE; i++)
{
code = compute_totp (ts,
i,
h_key,
h_key_len);
if (NULL == ret)
{ {
code = compute_totp (ts, GNUNET_asprintf (&ret,
i, "%llu",
h_key, (unsigned long long) code);
h_key_len);
if (NULL == ret)
{
GNUNET_asprintf (&ret,
"%llu",
(unsigned long long) code);
}
else
{
char *tmp;
GNUNET_asprintf (&tmp,
"%s\n%llu",
ret,
(unsigned long long) code);
GNUNET_free (ret);
ret = tmp;
}
} }
else
{
char *tmp;
GNUNET_asprintf (&tmp,
"%s\n%llu",
ret,
(unsigned long long) code);
GNUNET_free (ret);
ret = tmp;
}
}
return ret; return ret;
} }
@ -263,13 +258,13 @@ TALER_build_pos_confirmation (const char *pos_key,
return ret; return ret;
case TALER_MCA_WITH_PRICE: case TALER_MCA_WITH_PRICE:
{ {
struct GNUNET_HashCode *hkey; struct GNUNET_HashCode hkey;
struct TALER_AmountNBO ntotal; struct TALER_AmountNBO ntotal;
TALER_amount_hton (&ntotal, TALER_amount_hton (&ntotal,
total); total);
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (hkey, GNUNET_CRYPTO_kdf (&hkey,
sizeof (hkey), sizeof (hkey),
&ntotal, &ntotal,
sizeof (ntotal), sizeof (ntotal),
@ -278,7 +273,7 @@ TALER_build_pos_confirmation (const char *pos_key,
NULL, NULL,
0)); 0));
GNUNET_free (key); GNUNET_free (key);
ret = executive_totp (hkey, ret = executive_totp (&hkey,
sizeof(hkey), sizeof(hkey),
ts); ts);
GNUNET_free (key); GNUNET_free (key);