aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-11-26 22:48:56 +0100
committerChristian Grothoff <christian@grothoff.org>2020-11-26 22:49:42 +0100
commit1c1d4d9974d7a97bd157197adeb11cd759e2b931 (patch)
tree212e52cdd71ced0d8b02d369da44e657e642aeed
parent2c88cff2837cb6f8b1b95822dd53f1d338055474 (diff)
cmd to add auditor
-rw-r--r--src/include/taler_crypto_lib.h12
-rw-r--r--src/include/taler_signatures.h67
-rw-r--r--src/include/taler_testing_lib.h116
-rw-r--r--src/testing/Makefile.am1
-rw-r--r--src/testing/testing_api_cmd_auditor_add.c335
5 files changed, 528 insertions, 3 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index d6f19f449..8be0bad4a 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -223,6 +223,18 @@ struct TALER_MasterPublicKeyP
/**
+ * @brief Type of the private key used by the auditor.
+ */
+struct TALER_AuditorPrivateKeyP
+{
+ /**
+ * Taler uses EdDSA for the auditor's signing key.
+ */
+ struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv;
+};
+
+
+/**
* @brief Type of the public key used by the auditor.
*/
struct TALER_AuditorPublicKeyP
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index d72dd11b9..e732f13b6 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -57,6 +57,16 @@
#define TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY 1025
/**
+ * Add an auditor to the list of our auditors.
+ */
+#define TALER_SIGNATURE_MASTER_ADD_AUDITOR 1026
+
+/**
+ * Remove an auditor from the list of our auditors.
+ */
+#define TALER_SIGNATURE_MASTER_DEL_AUDITOR 1027
+
+/**
* Fees charged per (aggregate) wire transfer to the merchant.
*/
#define TALER_SIGNATURE_MASTER_WIRE_FEES 1028
@@ -72,6 +82,7 @@
*/
#define TALER_SIGNATURE_MASTER_WIRE_DETAILS 1030
+
/*********************************************/
/* Exchange online signatures (with signing key) */
/*********************************************/
@@ -792,6 +803,62 @@ struct TALER_ExchangeKeySetPS
/**
+ * @brief Signature made by the exchange offline key over the information of
+ * an auditor to be added to the exchange's set of auditors.
+ */
+struct TALER_ExchangeAddAuditorPS
+{
+
+ /**
+ * Purpose is #TALER_SIGNATURE_MASTER_ADD_AUDITOR. Signed
+ * by a `struct TALER_MasterPublicKeyP` using EdDSA.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Time of the change.
+ */
+ struct GNUNET_TIME_AbsoluteNBO start_date;
+
+ /**
+ * Public key of the auditor.
+ */
+ struct TALER_AuditorPublicKeyP auditor_pub;
+
+ /**
+ * Hash over the auditor's URL.
+ */
+ struct GNUNET_HashCode h_auditor_url GNUNET_PACKED;
+};
+
+
+/**
+ * @brief Signature made by the exchange offline key over the information of
+ * an auditor to be removed to the exchange's set of auditors.
+ */
+struct TALER_ExchangeDelAuditorPS
+{
+
+ /**
+ * Purpose is #TALER_SIGNATURE_MASTER_DEL_AUDITOR. Signed
+ * by a `struct TALER_MasterPublicKeyP` using EdDSA.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * Time of the change.
+ */
+ struct GNUNET_TIME_AbsoluteNBO end_date;
+
+ /**
+ * Public key of the auditor.
+ */
+ struct TALER_AuditorPublicKeyP auditor_pub;
+
+};
+
+
+/**
* @brief Information about a denomination key. Denomination keys
* are used to sign coins of a certain value into existence.
*/
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 74148b8f5..61f1c50a6 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -417,7 +417,7 @@ struct TALER_TESTING_Interpreter
struct GNUNET_OS_Process *exchanged;
/**
- * GNUNET_OK if key state should be reloaded. NOTE: this
+ * #GNUNET_OK if key state should be reloaded. NOTE: this
* field can be removed because a new "send signal" command
* has been introduced.
*/
@@ -1083,8 +1083,6 @@ struct TALER_TESTING_Command
TALER_TESTING_cmd_exchanges_with_retry (struct TALER_TESTING_Command cmd);
-/* ***** Commands ONLY for testing (/admin-API) **** */
-
/**
* Create /admin/add-incoming command.
*
@@ -2021,6 +2019,118 @@ struct TALER_TESTING_Command
TALER_TESTING_cmd_stat (struct TALER_TESTING_Timer *timers);
+/**
+ * Add the auditor to the exchange's list of auditors.
+ * The information about the auditor is taken from the
+ * "[auditor]" section in the configuration file.
+ *
+ * @param label command label.
+ * @param expected_http_status expected HTTP status from exchange
+ * @param bad_sig should we use a bogus signature?
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_auditor_add (const char *label,
+ unsigned int expected_http_status,
+ bool bad_sig);
+
+
+/**
+ * Remove the auditor from the exchange's list of auditors.
+ * The information about the auditor is taken from the
+ * "[auditor]" section in the configuration file.
+ *
+ * @param label command label.
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_auditor_del (const char *label);
+
+
+/**
+ * Add the given payto-URI bank account to the list of bank
+ * accounts used by the exchange.
+ *
+ * @param label command label.
+ * @param payto_uri URI identifying the bank account
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_wire_add (const char *label,
+ const char *payto_uri);
+
+
+/**
+ * Remove the given payto-URI bank account from the list of bank
+ * accounts used by the exchange.
+ *
+ * @param label command label.
+ * @param payto_uri URI identifying the bank account
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_wire_del (const char *label,
+ const char *payto_uri);
+
+
+/**
+ * Sign all exchange denomination and online signing keys
+ * with the "offline" key and provide those signatures to
+ * the exchange. (Downloads the keys, makes the signature
+ * and uploads the result, all in one.)
+ *
+ * @param label command label.
+ * @param config_filename configuration filename.
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_offline_sign_keys (const char *label,
+ const char *config_filename);
+
+
+/**
+ * Revoke an exchange denomination key.
+ *
+ * @param label command label.
+ * @param denom_ref reference to a command that identifies
+ * a denomination key (i.e. because it was used to
+ * withdraw a coin).
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_revoke_denom_key (const char *label,
+ const char *denom_ref);
+
+
+/**
+ * Have the auditor affirm that it is auditing the given
+ * denomination key and upload the auditor's signature to
+ * the exchange.
+ *
+ * @param label command label.
+ * @param denom_ref reference to a command that identifies
+ * a denomination key (i.e. because it was used to
+ * withdraw a coin).
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_auditor_add_denom_key (const char *denom_ref);
+
+
+/**
+ * Revoke an exchange signing key.
+ *
+ * @param label command label.
+ * @param denom_ref reference to a command that identifies
+ * a signing key (i.e. because it was used to
+ * sign a deposit confirmation).
+ * @return the command
+ */
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_revoke_denom_key (const char *label,
+ const char *signkey_ref);
+
+
/* *** Generic trait logic for implementing traits ********* */
/**
diff --git a/src/testing/Makefile.am b/src/testing/Makefile.am
index fc2f7f870..e1d01225c 100644
--- a/src/testing/Makefile.am
+++ b/src/testing/Makefile.am
@@ -35,6 +35,7 @@ libtalertesting_la_LDFLAGS = \
-version-info 0:0:0 \
-no-undefined
libtalertesting_la_SOURCES = \
+ testing_api_cmd_auditor_add.c \
testing_api_cmd_auditor_deposit_confirmation.c \
testing_api_cmd_auditor_exchanges.c \
testing_api_cmd_auditor_exec_auditor.c \
diff --git a/src/testing/testing_api_cmd_auditor_add.c b/src/testing/testing_api_cmd_auditor_add.c
new file mode 100644
index 000000000..cfdcae15c
--- /dev/null
+++ b/src/testing/testing_api_cmd_auditor_add.c
@@ -0,0 +1,335 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2018-2020 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3, or (at your
+ option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public
+ License along with TALER; see the file COPYING. If not, see
+ <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file testing/testing_api_cmd_auditor_add.c
+ * @brief command for testing /auditor_add.
+ * @author Marcello Stanisci
+ */
+#include "platform.h"
+#include "taler_json_lib.h"
+#include <gnunet/gnunet_curl_lib.h>
+#include "taler_testing_lib.h"
+#include "taler_signatures.h"
+#include "backoff.h"
+
+
+/**
+ * State for a "auditor_add" CMD.
+ */
+struct AuditorAddState
+{
+
+ /**
+ * Auditor enable handle while operation is running.
+ */
+ struct TALER_EXCHANGE_ManagementAuditorEnableHandle *dh;
+
+ /**
+ * Our interpreter.
+ */
+ struct TALER_TESTING_Interpreter *is;
+
+ /**
+ * Expected HTTP response code.
+ */
+ unsigned int expected_response_code;
+
+ /**
+ * Should we make the request with a bad master_sig signature?
+ */
+ bool bad_sig;
+};
+
+
+/**
+ * Callback to analyze the /management/auditors response, just used to check
+ * if the response code is acceptable.
+ *
+ * @param cls closure.
+ * @param hr HTTP response details
+ */
+static void
+auditor_add_cb (void *cls,
+ const struct TALER_EXCHANGE_HttpResponse *hr)
+{
+ struct AuditorAddState *ds = cls;
+
+ ds->dh = NULL;
+ if (ds->expected_response_code != hr->http_status)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unexpected response code %u to command %s in %s:%u\n",
+ hr->http_status,
+ ds->is->commands[ds->is->ip].label,
+ __FILE__,
+ __LINE__);
+ json_dumpf (hr->reply,
+ stderr,
+ 0);
+ TALER_TESTING_interpreter_fail (ds->is);
+ return;
+ }
+ TALER_TESTING_interpreter_next (ds->is);
+}
+
+
+/**
+ * Run the command.
+ *
+ * @param cls closure.
+ * @param cmd the command to execute.
+ * @param is the interpreter state.
+ */
+static void
+auditor_add_run (void *cls,
+ const struct TALER_TESTING_Command *cmd,
+ struct TALER_TESTING_Interpreter *is)
+{
+ struct AuditorAddState *ds = cls;
+ struct TALER_AuditorPublicKeyP auditor_pub;
+ char *auditor_url;
+ char *exchange_url;
+ struct TALER_MasterSignatureP master_sig;
+ struct GNUNET_TIME_Absolute now;
+
+ (void) cmd;
+ now = GNUNET_TIME_absolute_get ();
+ (void) GNUNET_TIME_round_abs (&now);
+ ds->is = is;
+ if (ds->bad_sig)
+ {
+ memset (&master_sig,
+ 42,
+ sizeof (master_sig));
+ }
+ else
+ {
+ char *fn;
+ struct TALER_MasterPrivateKeyP master_priv;
+ struct TALER_AuditorPrivateKeyP auditor_priv;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (is->cfg,
+ "exchange-offline",
+ "MASTER_PRIV_FILE",
+ &fn))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-offline",
+ "MASTER_PRIV_FILE");
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_DISK_directory_create_for_file (fn))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not setup directory for master private key file `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_key_from_file (fn,
+ GNUNET_YES,
+ &master_priv.eddsa_priv))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not load master private key from `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ GNUNET_free (fn);
+
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (is->cfg,
+ "auditor",
+ "AUDITOR_PRIV_FILE",
+ &fn))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "auditor",
+ "AUDITOR_PRIV_FILE");
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_DISK_directory_create_for_file (fn))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not setup directory for auditor private key file `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_key_from_file (fn,
+ GNUNET_YES,
+ &auditor_priv.eddsa_priv))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not load auditor private key from `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ GNUNET_free (fn);
+ GNUNET_CRYPTO_eddsa_key_get_public (&auditor_priv.eddsa_priv,
+ &auditor_pub.eddsa_pub);
+
+ /* now sign */
+ {
+ struct TALER_ExchangeAddAuditorPS kv = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_AUDITOR),
+ .purpose.size = htonl (sizeof (kv)),
+ .start_date = GNUNET_TIME_absolute_hton (now),
+ .auditor_pub = auditor_pub,
+ };
+
+ GNUNET_CRYPTO_hash (auditor_url,
+ strlen (auditor_url) + 1,
+ &kv.h_auditor_url);
+ /* Finally sign ... */
+ GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv,
+ &kv,
+ &master_sig.eddsa_signature);
+ }
+ }
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (is->cfg,
+ "auditor",
+ "BASE_URL",
+ &auditor_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "auditor",
+ "BASE_URL");
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (is->cfg,
+ "exchange",
+ "BASE_URL",
+ &exchange_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "BASE_URL");
+ GNUNET_free (auditor_url);
+ TALER_TESTING_interpreter_next (ds->is);
+ return;
+ }
+ ds->dh = TALER_EXCHANGE_management_enable_auditor (
+ is->ctx,
+ exchange_url,
+ &auditor_pub,
+ auditor_url,
+ now,
+ &master_sig,
+ &auditor_add_cb,
+ ds);
+ GNUNET_free (exchange_url);
+ GNUNET_free (auditor_url);
+ if (NULL == ds->dh)
+ {
+ GNUNET_break (0);
+ TALER_TESTING_interpreter_fail (is);
+ return;
+ }
+}
+
+
+/**
+ * Free the state of a "auditor_add" CMD, and possibly cancel a
+ * pending operation thereof.
+ *
+ * @param cls closure, must be a `struct AuditorAddState`.
+ * @param cmd the command which is being cleaned up.
+ */
+static void
+auditor_add_cleanup (void *cls,
+ const struct TALER_TESTING_Command *cmd)
+{
+ struct AuditorAddState *ds = cls;
+
+ if (NULL != ds->dh)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Command %u (%s) did not complete\n",
+ ds->is->ip,
+ cmd->label);
+ TALER_EXCHANGE_management_enable_auditor_cancel (ds->dh);
+ ds->dh = NULL;
+ }
+ GNUNET_free (ds);
+}
+
+
+/**
+ * Offer internal data from a "auditor_add" CMD, to other commands.
+ *
+ * @param cls closure.
+ * @param[out] ret result.
+ * @param trait name of the trait.
+ * @param index index number of the object to offer.
+ *
+ * @return #GNUNET_OK on success.
+ */
+static int
+auditor_add_traits (void *cls,
+ const void **ret,
+ const char *trait,
+ unsigned int index)
+{
+ return GNUNET_NO;
+}
+
+
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_auditor_add (const char *label,
+ unsigned int expected_http_status,
+ bool bad_sig)
+{
+ struct AuditorAddState *ds;
+
+ ds = GNUNET_new (struct AuditorAddState);
+ ds->expected_response_code = expected_http_status;
+ ds->bad_sig = bad_sig;
+ {
+ struct TALER_TESTING_Command cmd = {
+ .cls = ds,
+ .label = label,
+ .run = &auditor_add_run,
+ .cleanup = &auditor_add_cleanup,
+ .traits = &auditor_add_traits
+ };
+
+ return cmd;
+ }
+}
+
+
+/* end of testing_api_cmd_auditor_add.c */