diff options
| author | Christian Grothoff <christian@grothoff.org> | 2015-08-11 14:40:09 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2015-08-11 14:40:09 +0200 |
| commit | 13619f425c4f97cf0d7cffd3a35faba6ef3c654a (patch) | |
| tree | 93ec034889a06cc5f4471a086036af4eb80fb713 | |
| parent | 655e6f17bdb174bcbfb00cded2a500465db7e40a (diff) | |
towards implementing /wire replies
| -rw-r--r-- | doc/taler-mint-sepa.1 | 41 | ||||
| -rw-r--r-- | doc/taler.conf.5 | 19 | ||||
| -rw-r--r-- | src/include/taler_signatures.h | 54 | ||||
| -rw-r--r-- | src/mint-tools/Makefile.am | 10 | ||||
| -rw-r--r-- | src/mint-tools/taler-mint-sepa.c | 111 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_wire.c | 122 |
6 files changed, 347 insertions, 10 deletions
diff --git a/doc/taler-mint-sepa.1 b/doc/taler-mint-sepa.1 new file mode 100644 index 000000000..62d75a667 --- /dev/null +++ b/doc/taler-mint-sepa.1 @@ -0,0 +1,41 @@ +.TH TALER\-MINT\-SEPA 1 "Apr 22, 2015" "GNU Taler" + +.SH NAME +taler\-mint\-sepa \- Create the master-key signed response to /wire/sepa. + +.SH SYNOPSIS +.B taler\-mint\-sepa +.RI [ options ] +.br + +.SH DESCRIPTION +\fBtaler\-mint\-sepa\fP is used to create the mint's reply to a /wire/sepa request. It converts the bank details into the appropriate signed response. This needs to be done using the long-term offline master key. + +.SH OPTIONS +.B +.IP "\-b BIC, \-\-bic=BIC" +Specifies the BIC code to use. +.B +.IP "\-i IBAN, \-\-iban=IBAN" +Specifies the IBAN to use. +.B +.IP "\-n NAME, \-\-name=NAME" +Specifies the name of the account holder. +.B +.IP "\-m MASTERKEYFILE, \-\-master=MASTERKEYFILE" +Specifies the name of the file containing the mint's master key. +.B +.IP "\-o FILENAME, \-\-output=FILENAME" +Where to write the SEPA_RESPONSE_FILE. +.B +.IP "\-h, \-\-help" +Print short help on options. +.B +.IP "\-v, \-\-version" +Print version information. + +.SH BUGS +Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org> + +.SH "SEE ALSO" +\fBtaler\-mint\-httpd\fP(1), \fBtaler.conf\fP(5) diff --git a/doc/taler.conf.5 b/doc/taler.conf.5 index cb51d8989..87f216913 100644 --- a/doc/taler.conf.5 +++ b/doc/taler.conf.5 @@ -1,4 +1,4 @@ -.TH TALER.CONF 5 "Apr 22, 2015" "GNU Taler" +.TH TALER.CONF 5 "Aug 11, 2015" "GNU Taler" .SH NAME taler.conf \- Taler configuration file. @@ -25,6 +25,20 @@ The following options are from the "[mint]" section and used by most mint tools: .IP MASTER_PUBLIC_KEY Crockford Base32-encoded master public key, public version of the mint\'s long\-time offline signing key. + +.SH WIRE transfer details + +The following options must be in section "[mint-wire-test]": + +.IP REDIRECT_URL + URL to redirect /wire/test to. Should contain a Web form the user can use to charge his wallet with coins in a "test" currency for testing. If this option is not provided, /wire/test will return "501 NOT IMPLEMENTED". + +The following options must be in section "[mint-wire-sepa]": + +.IP SEPA_RESPONSE_FILE + Filename with the JSON body for the /wire/sepa response, signed using the mint's long-term offline master key. If this option is not provided, /wire/test will return "501 NOT IMPLEMENTED". Use "taler-mint-sepa" to create the SEPA_RESPONSE_FILE. + + .SH Postgres database options The following options must be in section "[mintdb-postgres]": @@ -71,4 +85,5 @@ The following options are from the "[mint_keys]" section and used by most taler\ Report bugs by using Mantis <https://gnunet.org/bugs/> or by sending electronic mail to <taler@gnu.org> .SH "SEE ALSO" -\fBtaler\-mint\-httpd\fP(1), \fBtaler\-mint\-keyup\fP(1), \fBtaler\-mint\-reservemod\fP(1), \fBtaler\-mint\-dbinit\fP(1) +\fBtaler\-mint\-httpd\fP(1), \fBtaler\-mint\-keyup\fP(1), \fBtaler\-mint\-reservemod\fP(1), \fBtaler\-mint\-dbinit\fP(1), \fBtaler\-mint\-sepa(1) + diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index c5348eb5d..e17a69bcc 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -67,6 +67,12 @@ */ #define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025 +/** + * Signature where the Mint confirms its SEPA details in + * the /wire/sepa response. + */ +#define TALER_SIGNATURE_MASTER_SEPA_DETAILS 1026 + /*********************************************/ /* Mint online signatures (with signing key) */ @@ -95,6 +101,11 @@ */ #define TALER_SIGNATURE_MINT_KEY_SET 1035 +/** + * Signature where the Mint confirms the /wire response. + */ +#define TALER_SIGNATURE_MINT_WIRE_TYPES 1036 + /*********************/ /* Wallet signatures */ @@ -520,7 +531,6 @@ struct TALER_MintKeySetPS */ struct GNUNET_TIME_AbsoluteNBO list_issue_date; - /** * Hash over the various denomination signing keys returned. */ struct GNUNET_HashCode hc; @@ -673,6 +683,48 @@ struct TALER_RefreshCommitLinkP }; +/** + * @brief Information signed by the mint's master + * key affirming the SEPA details for the mint. + */ +struct TALER_MasterWireSepaDetailsPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MASTER_SEPA_DETAILS. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Hash over the account holder's name, IBAN and BIC + * code (all as 0-terminated strings). + */ + struct GNUNET_HashCode h_sepa_details; + +}; + + +/** + * @brief Information signed by a mint's online signing key affirming + * the wire formats supported by the mint. + */ +struct TALER_MintWireSupportMethodsPS +{ + + /** + * Purpose is #TALER_SIGNATURE_MINT_WIRE_TYPES. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Hash over the various wire formats supported by this mint + * (all as 0-terminated strings). + */ + struct GNUNET_HashCode h_wire_types; + +}; + + GNUNET_NETWORK_STRUCT_END #endif diff --git a/src/mint-tools/Makefile.am b/src/mint-tools/Makefile.am index 9849bbc54..b76d9b68c 100644 --- a/src/mint-tools/Makefile.am +++ b/src/mint-tools/Makefile.am @@ -10,6 +10,7 @@ bin_PROGRAMS = \ taler-mint-keyup \ taler-mint-keycheck \ taler-mint-reservemod \ + taler-mint-sepa \ taler-mint-dbinit taler_mint_keyup_SOURCES = \ @@ -24,9 +25,16 @@ taler_mint_keyup_LDADD = \ taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS) +taler_mint_sepa_SOURCES = \ + taler-mint-sepa.c +taler_mint_sepa_LDADD = \ + $(LIBGCRYPT_LIBS) \ + $(top_builddir)/src/util/libtalerutil.la \ + -lgnunetutil $(XLIB) +taler_mint_sepa_LDFLAGS = $(POSTGRESQL_LDFLAGS) + taler_mint_keycheck_SOURCES = \ taler-mint-keycheck.c - taler_mint_keycheck_LDADD = \ $(LIBGCRYPT_LIBS) \ $(top_builddir)/src/util/libtalerutil.la \ diff --git a/src/mint-tools/taler-mint-sepa.c b/src/mint-tools/taler-mint-sepa.c new file mode 100644 index 000000000..9c7060b58 --- /dev/null +++ b/src/mint-tools/taler-mint-sepa.c @@ -0,0 +1,111 @@ +/* + This file is part of TALER + Copyright (C) 2015 Christian Grothoff (and other contributing authors) + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-mint-sepa.c + * @brief Create signed response for /wire/sepa requests. + * @author Christian Grothoff + */ +#include <platform.h> +#include "taler_crypto_lib.h" + +/** + * Filename of the master private key. + */ +static char *masterkeyfile; + +/** + * Account holder name. + */ +static char *sepa_name; + +/** + * IBAN number. + */ +static char *iban; + +/** + * BIC number. + */ +static char *bic; + +/** + * Where to write the result. + */ +static char *output_filename; + + +/** + * The main function of the taler-mint-sepa tool. This tool is used + * to sign the SEPA bank account details using the master key. + * + * @param argc number of arguments from the command line + * @param argv command line arguments + * @return 0 ok, 1 on error + */ +int +main (int argc, + char *const *argv) +{ + static const struct GNUNET_GETOPT_CommandLineOption options[] = { + {'b', "bic", "BICCODE", + "bank BIC code", 1, + &GNUNET_GETOPT_set_string, &bic}, + {'i', "iban", "IBAN", + "IBAN number of the account", 1, + &GNUNET_GETOPT_set_string, &iban}, + {'m', "master-key", "FILE", + "master key file (private key)", 1, + &GNUNET_GETOPT_set_filename, &masterkeyfile}, + {'n', "name", "NAME", + "name of the account holder", 1, + &GNUNET_GETOPT_set_string, &sepa_name}, + {'o', "output", "FILE", + "where to write the result", 1, + &GNUNET_GETOPT_set_filename, &output_filename}, + GNUNET_GETOPT_OPTION_VERSION (VERSION "-" VCS_VERSION), + GNUNET_GETOPT_OPTION_END + }; + struct GNUNET_CRYPTO_EddsaPrivateKey *eddsa_priv; + + GNUNET_assert (GNUNET_OK == + GNUNET_log_setup ("taler-mint-sepa", + "WARNING", + NULL)); + + if (GNUNET_GETOPT_run ("taler-mint-sepa", + options, + argc, argv) < 0) + return 1; + if (NULL == masterkeyfile) + { + fprintf (stderr, + "Master key file not given\n"); + return 1; + } + eddsa_priv = GNUNET_CRYPTO_eddsa_key_create_from_file (masterkeyfile); + if (NULL == eddsa_priv) + { + fprintf (stderr, + "Failed to initialize master key from file `%s'\n", + masterkeyfile); + return 1; + } + /* FIXME: do real work! */ + GNUNET_free (eddsa_priv); + return 0; +} + +/* end of taler-mint-sepa.c */ diff --git a/src/mint/taler-mint-httpd_wire.c b/src/mint/taler-mint-httpd_wire.c index 01b995f86..d6f0fd7ff 100644 --- a/src/mint/taler-mint-httpd_wire.c +++ b/src/mint/taler-mint-httpd_wire.c @@ -19,6 +19,8 @@ * @author Christian Grothoff */ #include "platform.h" +#include "taler-mint-httpd_keystate.h" +#include "taler-mint-httpd_responses.h" #include "taler-mint-httpd_wire.h" @@ -39,8 +41,27 @@ TMH_WIRE_handler_wire (struct TMH_RequestHandler *rh, const char *upload_data, size_t *upload_data_size) { - GNUNET_break (0); // FIXME: not implemented (#3477) - return MHD_NO; + struct TALER_MintWireSupportMethodsPS wsm; + struct TALER_MintPublicKeyP pub; + struct TALER_MintSignatureP sig; + + wsm.purpose.size = htonl (sizeof (wsm)); + wsm.purpose.purpose = htonl (TALER_SIGNATURE_MINT_WIRE_TYPES); + GNUNET_CRYPTO_hash (TMH_expected_wire_format, + strlen (TMH_expected_wire_format) + 1, + &wsm.h_wire_types); + TMH_KS_sign (&wsm.purpose, + &pub, + &sig); + /* FIXME: check against spec! */ + return TMH_RESPONSE_reply_json_pack (connection, + MHD_HTTP_OK, + "{s:s, s:o, s:o}", + "wire", TMH_expected_wire_format, + "sig", TALER_json_from_data (&sig, + sizeof (sig)), + "pub", TALER_json_from_data (&pub, + sizeof (pub))); } @@ -61,8 +82,42 @@ TMH_WIRE_handler_wire_test (struct TMH_RequestHandler *rh, const char *upload_data, size_t *upload_data_size) { - GNUNET_break (0); // FIXME: not implemented (#3477) - return MHD_NO; + struct MHD_Response *response; + int ret; + char *wire_test_redirect; + + response = MHD_create_response_from_buffer (0, NULL, + MHD_RESPMEM_PERSISTENT); + if (NULL == response) + { + GNUNET_break (0); + return MHD_NO; + } + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, + "mint-wire-test", + "REDIRECT_URL", + &wire_test_redirect)) + { + ret = MHD_queue_response (connection, + MHD_HTTP_NOT_IMPLEMENTED, + response); + MHD_destroy_response (response); + return ret; + } + MHD_add_response_header (response, + MHD_HTTP_HEADER_LOCATION, + wire_test_redirect); + GNUNET_free (wire_test_redirect); + if (NULL != rh->mime_type) + (void) MHD_add_response_header (response, + MHD_HTTP_HEADER_CONTENT_TYPE, + rh->mime_type); + ret = MHD_queue_response (connection, + rh->response_code, + response); + MHD_destroy_response (response); + return ret; } @@ -83,8 +138,63 @@ TMH_WIRE_handler_wire_sepa (struct TMH_RequestHandler *rh, const char *upload_data, size_t *upload_data_size) { - GNUNET_break (0); // FIXME: not implemented (#3477) - return MHD_NO; + struct MHD_Response *response; + int ret; + char *sepa_wire_file; + int fd; + struct stat sbuf; + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (cfg, + "mint-wire-sepa", + "SEPA_RESPONSE_FILE", + &sepa_wire_file)) + { + ret = MHD_queue_response (connection, + MHD_HTTP_NOT_IMPLEMENTED, + response); + MHD_destroy_response (response); + return ret; + } + fd = open (sepa_wire_file, + O_RDONLY); + if (-1 == fd) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "open", + sepa_wire_file); + GNUNET_free (sepa_wire_file); + return TMH_RESPONSE_reply_internal_error (connection, + "Failed to open SEPA_RESPONSE_FILE"); + } + if (0 != fstat (fd, &sbuf)) + { + GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, + "fstat", + sepa_wire_file); + (void) close (fd); + GNUNET_free (sepa_wire_file); + return TMH_RESPONSE_reply_internal_error (connection, + "Failed to open SEPA_RESPONSE_FILE"); + } + response = MHD_create_response_from_fd ((size_t) sbuf.st_size, + fd); + GNUNET_free (sepa_wire_file); + if (NULL == response) + { + (void) close (fd); + GNUNET_break (0); + return MHD_NO; + } + if (NULL != rh->mime_type) + (void) MHD_add_response_header (response, + MHD_HTTP_HEADER_CONTENT_TYPE, + rh->mime_type); + ret = MHD_queue_response (connection, + rh->response_code, + response); + MHD_destroy_response (response); + return ret; } /* end of taler-mint-httpd_wire.c */ |