diff options
author | Christian Grothoff <christian@grothoff.org> | 2024-08-08 10:02:56 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2024-08-08 10:02:56 +0200 |
commit | 8339980393cf93b947f5b1fa50aa669d6a8d9177 (patch) | |
tree | cf42e1f98a5e4628f77cf1f1672bbcbebe0962a9 | |
parent | a9a40d1e58f0b2d48285511dc8f216f6d99e115d (diff) |
add clear option to enable/disable KYC
-rw-r--r-- | src/exchange/exchange.conf | 4 | ||||
-rw-r--r-- | src/exchange/taler-exchange-aggregator.c | 15 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd.c | 33 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd.h | 4 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_common_kyc.c | 14 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keys.c | 3 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_kyc-check.c | 2 | ||||
-rw-r--r-- | src/include/taler_kyclogic_lib.h | 10 | ||||
-rw-r--r-- | src/kyclogic/kyclogic_api.c | 15 | ||||
-rw-r--r-- | src/testing/test_exchange_api.conf | 1 | ||||
-rw-r--r-- | src/testing/test_exchange_api_age_restriction.conf | 1 |
11 files changed, 52 insertions, 50 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf index cc534de1a..f88c8e7b0 100644 --- a/src/exchange/exchange.conf +++ b/src/exchange/exchange.conf @@ -20,8 +20,8 @@ CURRENCY_FRACTION_DIGITS = 2 # in the database. Should be a high-entropy nonce. ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE -# Set to NO to disable rewards. -ENABLE_REWARDS = YES +# Set to YES to enable AML/KYC. +ENABLE_KYC = NO # How long do we allow /keys to be cached at most? The actual # limit is the minimum of this value and the first expected diff --git a/src/exchange/taler-exchange-aggregator.c b/src/exchange/taler-exchange-aggregator.c index ab65829d5..b4ff32cd2 100644 --- a/src/exchange/taler-exchange-aggregator.c +++ b/src/exchange/taler-exchange-aggregator.c @@ -268,6 +268,21 @@ shutdown_task (void *cls) static enum GNUNET_GenericReturnValue parse_aggregator_config (void) { + enum GNUNET_GenericReturnValue enable_kyc; + + enable_kyc + = GNUNET_CONFIGURATION_get_value_yesno ( + cfg, + "exchange", + "ENABLE_KYC"); + if (GNUNET_SYSERR == enable_kyc) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Need YES or NO in section `exchange' under `ENABLE_KYC'\n"); + return GNUNET_SYSERR; + } + if (GNUNET_NO == enable_kyc) + kyc_off = true; if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (cfg, "exchange", diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c index b04a56429..38bf10719 100644 --- a/src/exchange/taler-exchange-httpd.c +++ b/src/exchange/taler-exchange-httpd.c @@ -181,11 +181,6 @@ static char *toplevel_redirect_url; char *TEH_currency; /** - * Option set to #GNUNET_YES if rewards are enabled. - */ -int TEH_enable_rewards; - -/** * Our base URL. */ char *TEH_base_url; @@ -201,6 +196,11 @@ static unsigned int connection_timeout = 30; static int connection_close; /** + * Option set to #GNUNET_YES if KYC/AML are enabled. + */ +int TEH_enable_kyc; + +/** * -I command-line flag given? */ int TEH_check_invariants_flag; @@ -2115,6 +2115,17 @@ handle_mhd_request (void *cls, static enum GNUNET_GenericReturnValue exchange_serve_process_config (void) { + TEH_enable_kyc + = GNUNET_CONFIGURATION_get_value_yesno ( + TEH_cfg, + "exchange", + "ENABLE_KYC"); + if (GNUNET_SYSERR == TEH_enable_kyc) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Need YES or NO in section `exchange' under `ENABLE_KYC'\n"); + return GNUNET_SYSERR; + } if (GNUNET_OK != TALER_KYCLOGIC_kyc_init (TEH_cfg)) { @@ -2222,18 +2233,6 @@ exchange_serve_process_config (void) TEH_stefan_lin = 0.0f; } - TEH_enable_rewards - = GNUNET_CONFIGURATION_get_value_yesno ( - TEH_cfg, - "exchange", - "ENABLE_REWARDS"); - if (GNUNET_SYSERR == TEH_enable_rewards) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Need YES or NO in section `exchange' under `ENABLE_REWARDS'\n") - ; - return GNUNET_SYSERR; - } if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_string (TEH_cfg, "exchange", diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h index 293455af6..7bdc79649 100644 --- a/src/exchange/taler-exchange-httpd.h +++ b/src/exchange/taler-exchange-httpd.h @@ -65,9 +65,9 @@ extern int TEH_check_invariants_flag; extern int TEH_allow_keys_timetravel; /** - * Option set to #GNUNET_YES if rewards are allowed. + * Option set to #GNUNET_YES if KYC/AML are enabled. */ -extern int TEH_enable_rewards; +extern int TEH_enable_kyc; /** * Main directory with revocation data. diff --git a/src/exchange/taler-exchange-httpd_common_kyc.c b/src/exchange/taler-exchange-httpd_common_kyc.c index b01d5fbe6..8bcda3977 100644 --- a/src/exchange/taler-exchange-httpd_common_kyc.c +++ b/src/exchange/taler-exchange-httpd_common_kyc.c @@ -1435,7 +1435,19 @@ legitimization_check_run ( enum GNUNET_DB_QueryStatus qs; const struct TALER_KYCLOGIC_Measure *instant_ms; - // FIXME: add global flag to disable legitimizations! + if (! TEH_enable_kyc) + { + /* AML/KYC disabled, just immediately return success! */ + lch->lcr.kyc.requirement_row = 0; + lch->lcr.kyc.ok = true; + lch->lcr.http_status = 0; + lch->lcr.response = NULL; + lch->async_task + = GNUNET_SCHEDULER_add_now ( + &async_return_legi_result, + lch); + return; + } // FIXME: enter (+exit) lch->scope! { json_t *jrules; diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index 650cce4df..490e4a9ac 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -2422,8 +2422,7 @@ create_krd (struct TEH_KeyStateHandle *ksh, GNUNET_JSON_pack_string ("asset_type", asset_type), GNUNET_JSON_pack_bool ("rewards_allowed", - GNUNET_YES == - TEH_enable_rewards), + false), GNUNET_JSON_pack_data_auto ("master_public_key", &TEH_master_public_key), GNUNET_JSON_pack_time_rel ("reserve_closing_delay", diff --git a/src/exchange/taler-exchange-httpd_kyc-check.c b/src/exchange/taler-exchange-httpd_kyc-check.c index 9481ea002..78073d83b 100644 --- a/src/exchange/taler-exchange-httpd_kyc-check.c +++ b/src/exchange/taler-exchange-httpd_kyc-check.c @@ -230,7 +230,7 @@ TEH_handler_kyc_check ( &kyp->timeout); } - if (! TALER_KYCLOGIC_is_enabled ()) + if (! TEH_enable_kyc) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, "KYC not enabled\n"); diff --git a/src/include/taler_kyclogic_lib.h b/src/include/taler_kyclogic_lib.h index 9dbcf92fd..b852ba14c 100644 --- a/src/include/taler_kyclogic_lib.h +++ b/src/include/taler_kyclogic_lib.h @@ -400,16 +400,6 @@ TALER_KYCLOGIC_is_satisfiable ( /** - * Check if any KYC checks are enabled. - * - * @return true if KYC is enabled - * false if no KYC checks are possible - */ -bool -TALER_KYCLOGIC_is_enabled (void); - - -/** * A KYC rule @a r has been triggered. Convert the resulting requirements into * JSON of type ``LegitimizationMeasures`` for the legitimization measures table. * diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c index 7c52b93c3..d0b8b7315 100644 --- a/src/kyclogic/kyclogic_api.c +++ b/src/kyclogic/kyclogic_api.c @@ -2325,25 +2325,10 @@ TALER_KYCLOGIC_kyc_init ( return GNUNET_SYSERR; } } - - return GNUNET_OK; } -/** - * Check if any KYC checks are enabled. - * - * @return true if KYC is enabled - * false if no KYC checks are possible - */ -bool -TALER_KYCLOGIC_is_enabled (void) -{ - return 0 != num_kyc_providers; -} - - void TALER_KYCLOGIC_kyc_done (void) { diff --git a/src/testing/test_exchange_api.conf b/src/testing/test_exchange_api.conf index 008aaa919..2215918b3 100644 --- a/src/testing/test_exchange_api.conf +++ b/src/testing/test_exchange_api.conf @@ -49,6 +49,7 @@ EXPIRE_SHARD_SIZE ="300 ms" EXPIRE_IDLE_SLEEP_INTERVAL ="1 s" STEFAN_ABS = EUR:0 STEFAN_LOG = EUR:0.005 +ENABLE_KYC = YES [exchangedb-postgres] CONFIG = "postgres:///talercheck" diff --git a/src/testing/test_exchange_api_age_restriction.conf b/src/testing/test_exchange_api_age_restriction.conf index d7780e7e2..d814519da 100644 --- a/src/testing/test_exchange_api_age_restriction.conf +++ b/src/testing/test_exchange_api_age_restriction.conf @@ -29,6 +29,7 @@ DB = postgres BASE_URL = "http://localhost:8081/" EXPIRE_SHARD_SIZE ="300 ms" EXPIRE_IDLE_SLEEP_INTERVAL ="1 s" +ENABLE_KYC = YES [exchangedb-postgres] CONFIG = "postgres:///talercheck" |