[taler-exchange] branch master updated: check for key expiration

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 4e125d8e check for key expiration
4e125d8e is described below

commit 4e125d8eda41dcfa7488c96f7b00011a09959c5d
Author: Christian Grothoff <address@hidden>
AuthorDate: Fri Jan 17 13:09:14 2020 +0100

    check for key expiration
---
 src/auditor/taler-auditor-httpd_deposit-confirmation.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c 
b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
index 2d73bab2..4c80d8aa 100644
--- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
+++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
@@ -54,7 +54,19 @@ verify_and_execute_deposit_confirmation (struct 
MHD_Connection *connection,
   struct TALER_DepositConfirmationPS dcs;
   struct TALER_AUDITORDB_Session *session;
   enum GNUNET_DB_QueryStatus qs;
+  struct GNUNET_TIME_Absolute now;
 
+  now = GNUNET_TIME_absolute_get ();
+  if ( (es->ep_start.abs_value_us > now.abs_value_us) ||
+       (es->ep_expire.abs_value_us < now.abs_value_us) )
+  {
+    /* Signing key expired */
+    TALER_LOG_WARNING ("Expired exchange signing key\n");
+    return TALER_MHD_reply_with_error (connection,
+                                       MHD_HTTP_FORBIDDEN,
+                                       
TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
+                                       "master_sig (expired)");
+  }
   /* check exchange signing key signature */
   skv.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
   skv.purpose.size = htonl (sizeof (struct 
TALER_ExchangeSigningKeyValidityPS));

-- 
To stop receiving notification emails like this one, please contact
address@hidden.