diff options
| author | Christian Grothoff <christian@grothoff.org> | 2020-01-17 13:09:14 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2020-01-17 13:09:20 +0100 |
| commit | 4e125d8eda41dcfa7488c96f7b00011a09959c5d (patch) | |
| tree | b443bf8fb306c5379c0a2741fa250fee4a6dbfc9 | |
| parent | fc55952b4f2b151e81160995da16a67a98e9eb50 (diff) | |
check for key expiration
| -rw-r--r-- | src/auditor/taler-auditor-httpd_deposit-confirmation.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c b/src/auditor/taler-auditor-httpd_deposit-confirmation.c index 2d73bab28..4c80d8aa2 100644 --- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c +++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c @@ -54,7 +54,19 @@ verify_and_execute_deposit_confirmation (struct MHD_Connection *connection, struct TALER_DepositConfirmationPS dcs; struct TALER_AUDITORDB_Session *session; enum GNUNET_DB_QueryStatus qs; + struct GNUNET_TIME_Absolute now; + now = GNUNET_TIME_absolute_get (); + if ( (es->ep_start.abs_value_us > now.abs_value_us) || + (es->ep_expire.abs_value_us < now.abs_value_us) ) + { + /* Signing key expired */ + TALER_LOG_WARNING ("Expired exchange signing key\n"); + return TALER_MHD_reply_with_error (connection, + MHD_HTTP_FORBIDDEN, + TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID, + "master_sig (expired)"); + } /* check exchange signing key signature */ skv.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); skv.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)); |