[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: implement #6161
|
From: |
gnunet |
|
Subject: |
[taler-exchange] branch master updated: implement #6161 |
|
Date: |
Sat, 26 Dec 2020 15:55:45 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 57c90547 implement #6161
57c90547 is described below
commit 57c90547840ea2a073c950116303c54f9ef976f1
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Dec 26 15:55:34 2020 +0100
implement #6161
---
src/auditor/Makefile.am | 1 +
src/auditor/taler-auditor-httpd.c | 17 ++++++-
src/auditor/taler-auditor-httpd.h | 6 +++
.../taler-auditor-httpd_deposit-confirmation.c | 54 ++++++++++++++++------
src/exchangedb/plugin_exchangedb_postgres.c | 47 +++++++++++++++++++
src/include/taler_exchangedb_plugin.h | 17 +++++++
6 files changed, 126 insertions(+), 16 deletions(-)
diff --git a/src/auditor/Makefile.am b/src/auditor/Makefile.am
index 935f8354..79da458f 100644
--- a/src/auditor/Makefile.am
+++ b/src/auditor/Makefile.am
@@ -148,6 +148,7 @@ taler_auditor_httpd_LDADD = \
$(top_builddir)/src/util/libtalerutil.la \
$(top_builddir)/src/json/libtalerjson.la \
$(top_builddir)/src/auditordb/libtalerauditordb.la \
+ $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
-lmicrohttpd \
-ljansson \
-lgnunetjson \
diff --git a/src/auditor/taler-auditor-httpd.c
b/src/auditor/taler-auditor-httpd.c
index d1e3c2de..1f6413b2 100644
--- a/src/auditor/taler-auditor-httpd.c
+++ b/src/auditor/taler-auditor-httpd.c
@@ -29,6 +29,7 @@
#include <sys/resource.h>
#include "taler_mhd_lib.h"
#include "taler_auditordb_lib.h"
+#include "taler_exchangedb_lib.h"
#include "taler-auditor-httpd_deposit-confirmation.h"
#include "taler-auditor-httpd_exchanges.h"
#include "taler-auditor-httpd_mhd.h"
@@ -69,6 +70,11 @@ static struct GNUNET_CONFIGURATION_Handle *cfg;
*/
struct TALER_AUDITORDB_Plugin *TAH_plugin;
+/**
+ * Our DB plugin to talk to the *exchange* database.
+ */
+struct TALER_EXCHANGEDB_Plugin *TAH_eplugin;
+
/**
* Public key of this auditor.
*/
@@ -434,7 +440,14 @@ auditor_serve_process_config (void)
(TAH_plugin = TALER_AUDITORDB_plugin_load (cfg)))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Failed to initialize DB subsystem\n");
+ "Failed to initialize DB subsystem to interact with auditor
database\n");
+ return GNUNET_SYSERR;
+ }
+ if (NULL ==
+ (TAH_eplugin = TALER_EXCHANGEDB_plugin_load (cfg)))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Failed to initialize DB subsystem to query exchange
database\n");
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
@@ -729,6 +742,8 @@ main (int argc,
}
TALER_AUDITORDB_plugin_unload (TAH_plugin);
TAH_plugin = NULL;
+ TALER_EXCHANGEDB_plugin_unload (TAH_eplugin);
+ TAH_eplugin = NULL;
TEAH_DEPOSIT_CONFIRMATION_done ();
return (GNUNET_SYSERR == ret) ? 1 : 0;
}
diff --git a/src/auditor/taler-auditor-httpd.h
b/src/auditor/taler-auditor-httpd.h
index 127c4dd8..25e37427 100644
--- a/src/auditor/taler-auditor-httpd.h
+++ b/src/auditor/taler-auditor-httpd.h
@@ -25,6 +25,7 @@
#include <microhttpd.h>
#include "taler_auditordb_plugin.h"
+#include "taler_exchangedb_plugin.h"
/**
@@ -32,6 +33,11 @@
*/
extern struct TALER_AUDITORDB_Plugin *TAH_plugin;
+/**
+ * Our DB plugin to talk to the *exchange* database.
+ */
+extern struct TALER_EXCHANGEDB_Plugin *TAH_eplugin;
+
/**
* @brief Struct describing an URL and the handler for it.
diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
index 08a781f3..61263888 100644
--- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
+++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
@@ -35,7 +35,7 @@
/**
* Cache of already verified exchange signing keys. Maps the hash of the
* `struct TALER_ExchangeSigningKeyValidityPS` to the (static) string
- * "verified". Access to this map is guarded by the #lock.
+ * "verified" or "revoked". Access to this map is guarded by the #lock.
*/
static struct GNUNET_CONTAINER_MultiHashMap *cache;
@@ -66,7 +66,7 @@ verify_and_execute_deposit_confirmation (
enum GNUNET_DB_QueryStatus qs;
struct GNUNET_TIME_Absolute now;
struct GNUNET_HashCode h;
- int cached;
+ const char *cached;
struct TALER_ExchangeSigningKeyValidityPS skv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)),
@@ -94,10 +94,9 @@ verify_and_execute_deposit_confirmation (
sizeof (skv),
&h);
GNUNET_assert (0 == pthread_mutex_lock (&lock));
- cached = GNUNET_CONTAINER_multihashmap_contains (cache,
- &h);
+ cached = GNUNET_CONTAINER_multihashmap_get (cache,
+ &h);
GNUNET_assert (0 == pthread_mutex_unlock (&lock));
-
session = TAH_plugin->get_session (TAH_plugin->cls);
if (NULL == session)
{
@@ -107,7 +106,7 @@ verify_and_execute_deposit_confirmation (
TALER_EC_GENERIC_DB_SETUP_FAILED,
NULL);
}
- if (! cached)
+ if (NULL == cached)
{
/* Not in cache, need to verify the signature, persist it, and possibly
cache it */
if (GNUNET_OK !=
@@ -139,18 +138,43 @@ verify_and_execute_deposit_confirmation (
TALER_EC_GENERIC_DB_STORE_FAILED,
"exchange signing key");
}
+ cached = "verified";
+ }
+
+ if (0 == strcmp (cached,
+ "verified"))
+ {
+ struct TALER_MasterSignatureP master_sig;
- /* Cache it, due to concurreny it might already be in the cache,
- so we do not cache it twice but also don't insist on the 'put' to
- succeed. */
- GNUNET_assert (0 == pthread_mutex_lock (&lock));
- (void) GNUNET_CONTAINER_multihashmap_put (cache,
- &h,
- "verified",
-
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
- GNUNET_assert (0 == pthread_mutex_unlock (&lock));
+ /* check for revocation */
+ qs = TAH_eplugin->lookup_signkey_revocation (TAH_eplugin->cls,
+ NULL,
+ &es->exchange_pub,
+ &master_sig);
+ if (0 > qs)
+ {
+ GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
+ TALER_LOG_WARNING (
+ "Failed to check for signing key revocation in database\n");
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_INTERNAL_SERVER_ERROR,
+ TALER_EC_GENERIC_DB_FETCH_FAILED,
+ "exchange signing key revocation");
+ }
+ if (0 < qs)
+ cached = "revoked";
}
+ /* Cache it, due to concurreny it might already be in the cache,
+ so we do not cache it twice but also don't insist on the 'put' to
+ succeed. */
+ GNUNET_assert (0 == pthread_mutex_lock (&lock));
+ (void) GNUNET_CONTAINER_multihashmap_put (cache,
+ &h,
+ (void *) cached,
+
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
+ GNUNET_assert (0 == pthread_mutex_unlock (&lock));
+
/* check deposit confirmation signature */
{
struct TALER_DepositConfirmationPS dcs = {
diff --git a/src/exchangedb/plugin_exchangedb_postgres.c
b/src/exchangedb/plugin_exchangedb_postgres.c
index 23e94787..4f49a219 100644
--- a/src/exchangedb/plugin_exchangedb_postgres.c
+++ b/src/exchangedb/plugin_exchangedb_postgres.c
@@ -1555,6 +1555,13 @@ postgres_get_session (void *cls)
") VALUES "
"($1, $2);",
2),
+ /* used in #postgres_insert_signkey_revocation() */
+ GNUNET_PQ_make_prepare ("lookup_signkey_revocation",
+ "SELECT "
+ " master_sig"
+ " FROM signkey_revocations"
+ " WHERE exchange_pub=$1;",
+ 1),
/* used in #postgres_insert_signkey() */
GNUNET_PQ_make_prepare ("insert_signkey",
"INSERT INTO exchange_sign_keys "
@@ -8491,6 +8498,46 @@ postgres_insert_signkey_revocation (
}
+/**
+ * Obtain information about a revoked online signing key.
+ *
+ * @param cls closure
+ * @param session a session (can be NULL)
+ * @param exchange_pub exchange online signing key
+ * @param[out] master_sig set to signature affirming the revocation (if
revoked)
+ * @return transaction status code
+ */
+static enum GNUNET_DB_QueryStatus
+postgres_lookup_signkey_revocation (
+ void *cls,
+ struct TALER_EXCHANGEDB_Session *session,
+ const struct TALER_ExchangePublicKeyP *exchange_pub,
+ struct TALER_MasterSignatureP *master_sig)
+{
+ struct PostgresClosure *pg = cls;
+ struct GNUNET_PQ_QueryParam params[] = {
+ GNUNET_PQ_query_param_auto_from_type (exchange_pub),
+ GNUNET_PQ_query_param_end
+ };
+ struct GNUNET_PQ_ResultSpec rs[] = {
+ TALER_PQ_result_spec_auto_from_type ("master_sig",
+ master_sig),
+ GNUNET_PQ_result_spec_end
+ };
+
+ (void) cls;
+ if (NULL == session)
+ session = postgres_get_session (pg);
+ if (NULL == session)
+ return GNUNET_DB_STATUS_HARD_ERROR;
+
+ return GNUNET_PQ_eval_prepared_singleton_select (session->conn,
+ "lookup_signkey_revocation",
+ params,
+ rs);
+}
+
+
/**
* Lookup information about current denomination key.
*
diff --git a/src/include/taler_exchangedb_plugin.h
b/src/include/taler_exchangedb_plugin.h
index 8bf118a0..feca61fe 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -3340,6 +3340,23 @@ struct TALER_EXCHANGEDB_Plugin
const struct TALER_MasterSignatureP *master_sig);
+ /**
+ * Obtain information about a revoked online signing key.
+ *
+ * @param cls closure
+ * @param session a session (can be NULL)
+ * @param exchange_pub exchange online signing key that was revoked
+ * @param[out] master_sig signature affirming the revocation
+ * @return transaction status code
+ */
+ enum GNUNET_DB_QueryStatus
+ (*lookup_signkey_revocation)(
+ void *cls,
+ struct TALER_EXCHANGEDB_Session *session,
+ const struct TALER_ExchangePublicKeyP *exchange_pub,
+ struct TALER_MasterSignatureP *master_sig);
+
+
/**
* Lookup information about current denomination key.
*
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: implement #6161,
gnunet <=