2 files changed, 43 insertions, 1 deletions

diff --git a/src/operations/exchanges.ts b/src/operations/exchanges.ts
index 04238e61d..f920a5a59 100644
--- a/src/operations/exchanges.ts
+++ b/src/operations/exchanges.ts
@@ -211,12 +211,14 @@ async function updateExchangeWithKeys(
       if (r.details) {
         // FIXME: We need to do some consistency checks!
       }
+      // FIXME: validate signing keys and merge with old set
       r.details = {
         auditors: exchangeKeysJson.auditors,
         currency: currency,
         lastUpdateTime: lastUpdateTimestamp,
         masterPublicKey: exchangeKeysJson.master_public_key,
         protocolVersion: protocolVersion,
+        signingKeys: exchangeKeysJson.signkeys,
       };
       r.updateStatus = ExchangeUpdateStatus.FetchWire;
       r.lastError = undefined;
diff --git a/src/operations/recoup.ts b/src/operations/recoup.ts
index 29753ce28..163f77591 100644
--- a/src/operations/recoup.ts
+++ b/src/operations/recoup.ts
@@ -142,7 +142,26 @@ async function recoupWithdrawCoin(
     throw Error(`Coin's reserve doesn't match reserve on recoup`);
   }
 
-  // FIXME: verify signature
+  const exchange = await ws.db.get(Stores.exchanges, coin.exchangeBaseUrl);
+  if (!exchange) {
+    // FIXME: report inconsistency?
+    return;
+  }
+  const exchangeDetails = exchange.details;
+  if (!exchangeDetails) {
+    // FIXME: report inconsistency?
+    return;
+  }
+
+  const isValid = ws.cryptoApi.isValidRecoupConfirmation(
+    coin.coinPub,
+    recoupConfirmation,
+    exchangeDetails.signingKeys,
+  );
+
+  if (!isValid) {
+    throw Error("invalid recoup confirmation signature");
+  }
 
   // FIXME: verify that our expectations about the amount match
 
@@ -207,6 +226,27 @@ async function recoupRefreshCoin(
     throw Error(`Coin's oldCoinPub doesn't match reserve on recoup`);
   }
 
+  const exchange = await ws.db.get(Stores.exchanges, coin.exchangeBaseUrl);
+  if (!exchange) {
+    // FIXME: report inconsistency?
+    return;
+  }
+  const exchangeDetails = exchange.details;
+  if (!exchangeDetails) {
+    // FIXME: report inconsistency?
+    return;
+  }
+
+  const isValid = ws.cryptoApi.isValidRecoupConfirmation(
+    coin.coinPub,
+    recoupConfirmation,
+    exchangeDetails.signingKeys,
+  );
+
+  if (!isValid) {
+    throw Error("invalid recoup confirmation signature");
+  }
+
   const refreshGroupId = await ws.db.runWithWriteTransaction(
     [Stores.coins, Stores.reserves],
     async tx => {