[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: integrate auditor signature chec
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: integrate auditor signature check logic with taler-helper-auditor-coins |
|
Date: |
Tue, 22 Dec 2020 18:27:42 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new fe232f1f integrate auditor signature check logic with
taler-helper-auditor-coins
fe232f1f is described below
commit fe232f1fed5323774578b01f83bf22a8923b684a
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Dec 22 18:27:34 2020 +0100
integrate auditor signature check logic with taler-helper-auditor-coins
---
src/auditor/report-lib.c | 76 +++++++------------------
src/auditor/report-lib.h | 10 ++++
src/auditor/taler-helper-auditor-coins.c | 86 +++++++++++++++++++++++++++++
src/exchangedb/plugin_exchangedb_postgres.c | 47 ++++++++++++++++
src/include/taler_exchangedb_plugin.h | 19 +++++++
5 files changed, 181 insertions(+), 57 deletions(-)
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c
index e7d20dc5..6334e6f6 100644
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@@ -64,7 +64,12 @@ struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
/**
* Public key of the auditor.
*/
-static struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+
+/**
+ * REST API endpoint of the auditor.
+ */
+char *TALER_ARL_auditor_url;
/**
* At what time did the auditor process start?
@@ -177,62 +182,6 @@ add_denomination (
GNUNET_CONTAINER_multihashmap_get (denominations,
&issue->denom_hash))
return; /* value already known */
-#if FIXME_IMPLEMENT
- qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
- TALER_ARL_esession,
- &issue->denom_hash,
- &TALER_ARL_auditor_pub,
- &auditor_sig);
- if (0 >= qs)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Encountered denomination `%s' that this auditor is not
auditing!\n",
- GNUNET_h2s (&issue->denom_hash));
- return; /* skip! */
- }
- {
- // TODO: one of the auditor passes should really just do this
- // add problems to JSON report (even if the implications are unclear),
- // instead of doing it here!
- struct TALER_Amount coin_value;
- struct TALER_Amount fee_withdraw;
- struct TALER_Amount fee_deposit;
- struct TALER_Amount fee_refresh;
- struct TALER_Amount fee_refund;
-
- TALER_amount_hton (&coin_value,
- &issue->value);
- TALER_amount_hton (&fee_withdraw,
- &issue->fee_withdraw);
- TALER_amount_hton (&fee_deposit,
- &issue->fee_deposit);
- TALER_amount_hton (&fee_refresh,
- &issue->fee_refresh);
- TALER_amount_hton (&fee_refund,
- &issue->fee_refund);
- if (GNUNET_OK !=
- TALER_auditor_denom_validity_verify (
- TALER_ARL_auditor_url,
- &issue->denom_hash,
- &TALER_ARL_master_pub,
- GNUNET_TIME_absolute_ntoh (issue->start),
- GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
- GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
- GNUNET_TIME_absolute_ntoh (issue->expire_legal),
- &coin_value,
- &fee_withdraw,
- &fee_deposit,
- &fee_refresh,
- &fee_refund,
- &TALER_ARL_auditor_pub,
- &auditor_sig))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Exchange has invalid signature from this auditor for
denomination `%s' in its database!\n",
- GNUNET_h2s (&issue->denom_hash));
- }
- }
-#endif
#if GNUNET_EXTRA_LOGGING >= 1
{
struct TALER_Amount value;
@@ -728,6 +677,18 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle
*c)
{
TALER_ARL_cfg = c;
start_time = GNUNET_TIME_absolute_get ();
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
+ "auditor",
+ "BASE_URL",
+ &TALER_ARL_auditor_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "auditor",
+ "BASE_URL");
+ return GNUNET_SYSERR;
+ }
if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))
{
/* -m option not given, try configuration */
@@ -944,6 +905,7 @@ TALER_ARL_done (json_t *report)
JSON_INDENT (2));
json_decref (report);
}
+ GNUNET_free (TALER_ARL_auditor_url);
}
diff --git a/src/auditor/report-lib.h b/src/auditor/report-lib.h
index 04165ae4..05632f2d 100644
--- a/src/auditor/report-lib.h
+++ b/src/auditor/report-lib.h
@@ -74,6 +74,16 @@ extern struct TALER_AUDITORDB_Session *TALER_ARL_asession;
*/
extern struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
+/**
+ * Public key of the auditor.
+ */
+extern struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+
+/**
+ * REST API endpoint of the auditor.
+ */
+extern char *TALER_ARL_auditor_url;
+
/**
* At what time did the auditor process start?
*/
diff --git a/src/auditor/taler-helper-auditor-coins.c
b/src/auditor/taler-helper-auditor-coins.c
index 55feeec3..fe9cf774 100644
--- a/src/auditor/taler-helper-auditor-coins.c
+++ b/src/auditor/taler-helper-auditor-coins.c
@@ -2196,6 +2196,81 @@ recoup_refresh_cb (void *cls,
}
+/**
+ * Function called with the results of iterate_denomination_info(),
+ * or directly (!). Used to check that we correctly signed the
+ * denomination and to warn if there are denominations not approved
+ * by this auditor.
+ *
+ * @param cls closure, NULL
+ * @param denom_pub public key, sometimes NULL (!)
+ * @param validity issuing information with value, fees and other info about
the denomination.
+ */
+static void
+check_denomination (
+ void *cls,
+ const struct TALER_DenominationPublicKey *denom_pub,
+ const struct TALER_EXCHANGEDB_DenominationKeyInformationP *validity)
+{
+ const struct TALER_DenominationKeyValidityPS *issue = &validity->properties;
+ enum GNUNET_DB_QueryStatus qs;
+ struct TALER_AuditorSignatureP auditor_sig;
+
+ qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
+ TALER_ARL_esession,
+ &issue->denom_hash,
+ &TALER_ARL_auditor_pub,
+ &auditor_sig);
+ if (0 >= qs)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Encountered denomination `%s' that this auditor is not
auditing!\n",
+ GNUNET_h2s (&issue->denom_hash));
+ return; /* skip! */
+ }
+ {
+ struct TALER_Amount coin_value;
+ struct TALER_Amount fee_withdraw;
+ struct TALER_Amount fee_deposit;
+ struct TALER_Amount fee_refresh;
+ struct TALER_Amount fee_refund;
+
+ TALER_amount_ntoh (&coin_value,
+ &issue->value);
+ TALER_amount_ntoh (&fee_withdraw,
+ &issue->fee_withdraw);
+ TALER_amount_ntoh (&fee_deposit,
+ &issue->fee_deposit);
+ TALER_amount_ntoh (&fee_refresh,
+ &issue->fee_refresh);
+ TALER_amount_ntoh (&fee_refund,
+ &issue->fee_refund);
+ if (GNUNET_OK !=
+ TALER_auditor_denom_validity_verify (
+ TALER_ARL_auditor_url,
+ &issue->denom_hash,
+ &TALER_ARL_master_pub,
+ GNUNET_TIME_absolute_ntoh (issue->start),
+ GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
+ GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
+ GNUNET_TIME_absolute_ntoh (issue->expire_legal),
+ &coin_value,
+ &fee_withdraw,
+ &fee_deposit,
+ &fee_refresh,
+ &fee_refund,
+ &TALER_ARL_auditor_pub,
+ &auditor_sig))
+ {
+ // FIXME: add properly to audit report!
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Exchange has invalid signature from this auditor for
denomination `%s' in its database!\n",
+ GNUNET_h2s (&issue->denom_hash));
+ }
+ }
+}
+
+
/**
* Analyze the exchange's processing of coins.
*
@@ -2211,6 +2286,17 @@ analyze_coins (void *cls)
enum GNUNET_DB_QueryStatus qsp;
(void) cls;
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Checking denominations...\n");
+ qs = TALER_ARL_edb->iterate_denomination_info (TALER_ARL_edb->cls,
+ TALER_ARL_esession,
+ &check_denomination,
+ NULL);
+ if (0 > qs)
+ {
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+ return qs;
+ }
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Analyzing coins\n");
qsp = TALER_ARL_adb->get_auditor_progress_coin (TALER_ARL_adb->cls,
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c
b/src/exchangedb/plugin_exchangedb_postgres.c
index 43b927c2..71245dbc 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -1597,6 +1597,14 @@ postgres_get_session (void *cls)
") VALUES "
"($1, $2, $3);",
3),
+ /* used in #postgres_select_auditor_denom_sig() */
+ GNUNET_PQ_make_prepare ("select_auditor_denom_sig",
+ "SELECT"
+ " auditor_sig"
+ " FROM auditor_denom_sigs"
+ " WHERE auditor_pub=$1"
+ " AND denom_pub_hash=$2",
+ 2),
/* used in #postgres_lookup_wire_fee_by_time() */
GNUNET_PQ_make_prepare ("lookup_wire_fee_by_time",
"SELECT"
@@ -8695,6 +8703,43 @@ postgres_insert_auditor_denom_sig (
}
+/**
+ * Select information about an auditor auditing a denomination key.
+ *
+ * @param cls closure
+ * @param session a session
+ * @param h_denom_pub the audited denomination
+ * @param auditor_pub the auditor's key
+ * @param[out] auditor_sig set to signature affirming the auditor's audit
activity
+ * @return transaction status code
+ */
+static enum GNUNET_DB_QueryStatus
+postgres_select_auditor_denom_sig (
+ void *cls,
+ struct TALER_EXCHANGEDB_Session *session,
+ const struct GNUNET_HashCode *h_denom_pub,
+ const struct TALER_AuditorPublicKeyP *auditor_pub,
+ struct TALER_AuditorSignatureP *auditor_sig)
+{
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (auditor_pub),
+ GNUNET_PQ_query_param_auto_from_type (h_denom_pub),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ GNUNET_PQ_result_spec_auto_from_type ("auditor_sig",
+ auditor_sig),
+ GNUNET_PQ_result_spec_end
+ };
+
+ (void) cls;
+ return GNUNET_PQ_eval_prepared_singleton_select (session->conn,
+ "select_auditor_denom_sig",
+ params,
+ rs);
+}
+
+
/**
* Closure for #wire_fee_by_time_helper()
*/
@@ -9036,6 +9081,8 @@ libtaler_plugin_exchangedb_postgres_init (void *cls)
= &postgres_lookup_denomination_key;
plugin->insert_auditor_denom_sig
= &postgres_insert_auditor_denom_sig;
+ plugin->select_auditor_denom_sig
+ = &postgres_select_auditor_denom_sig;
plugin->lookup_wire_fee_by_time
= &postgres_lookup_wire_fee_by_time;
plugin->add_denomination_key
diff --git a/src/include/taler_exchangedb_plugin.h
b/src/include/taler_exchangedb_plugin.h
index 068d97fb..8bf118a0 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -3436,6 +3436,25 @@ struct TALER_EXCHANGEDB_Plugin
const struct TALER_AuditorSignatureP *auditor_sig);
+ /**
+ * Obtain information about an auditor auditing a denomination key.
+ *
+ * @param cls closure
+ * @param session a session
+ * @param h_denom_pub the audited denomination
+ * @param auditor_pub the auditor's key
+ * @param[out] auditor_sig set to signature affirming the auditor's audit
activity
+ * @return transaction status code
+ */
+ enum GNUNET_DB_QueryStatus
+ (*select_auditor_denom_sig)(
+ void *cls,
+ struct TALER_EXCHANGEDB_Session *session,
+ const struct GNUNET_HashCode *h_denom_pub,
+ const struct TALER_AuditorPublicKeyP *auditor_pub,
+ struct TALER_AuditorSignatureP *auditor_sig);
+
+
/**
* Lookup information about known wire fees.
*
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: integrate auditor signature check logic with taler-helper-auditor-coins,
gnunet <=