diff options
author | Christian Grothoff <christian@grothoff.org> | 2017-10-17 14:32:35 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2017-10-17 19:53:44 +0200 |
commit | 0f67a9fca2626172ff0caec09603c5d8bae0f112 (patch) | |
tree | 3e055732ead3885dfaec6b74074c9b93fda0c4a0 | |
parent | 1fae7a4f9ef3167dc1d47de2607fd5676d39722d (diff) |
fix matching of auditor keys/denomination issues so that we return _all_ applicable auditor signatures, instead of a tiny subset
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | src/exchange/taler-exchange-httpd_keystate.c | 63 |
2 files changed, 53 insertions, 14 deletions
@@ -1,3 +1,7 @@ +Tue Oct 17 14:32:46 CEST 2017 + Fix building of /keys response to include full auditor + signature set instead of partial map. -CG + Mon Oct 16 12:10:35 CEST 2017 Realize JSON-based report formats from auditor (#4963). -CG diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c index 17ba9da83..07ccd6109 100644 --- a/src/exchange/taler-exchange-httpd_keystate.c +++ b/src/exchange/taler-exchange-httpd_keystate.c @@ -542,7 +542,6 @@ store_in_map (struct GNUNET_CONTAINER_MultiHashMap *map, } - /** * Closure for #add_revocations_transaction(). */ @@ -671,8 +670,9 @@ reload_keys_denom_iter (void *cls, int res; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Loading denomination key `%s'\n", - alias); + "Loading denomination key `%s' (%s)\n", + alias, + GNUNET_h2s (&dki->issue.properties.denom_hash)); now = GNUNET_TIME_absolute_get (); expire_deposit = GNUNET_TIME_absolute_ntoh (dki->issue.properties.expire_deposit); if (expire_deposit.abs_value_us < now.abs_value_us) @@ -697,8 +697,9 @@ reload_keys_denom_iter (void *cls, struct AddRevocationContext arc; GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Adding denomination key `%s' to revocation set\n", - alias); + "Adding denomination key `%s' (%s) to revocation set\n", + alias, + GNUNET_h2s (&dki->issue.properties.denom_hash)); res = store_in_map (key_state->revoked_map, dki); if (GNUNET_NO == res) @@ -729,8 +730,9 @@ reload_keys_denom_iter (void *cls, if (start.abs_value_us > horizon.abs_value_us) { GNUNET_log (GNUNET_ERROR_TYPE_INFO, - "Skipping future denomination key `%s' (starts at %s)\n", + "Skipping future denomination key `%s' (%s), validity starts at %s\n", alias, + GNUNET_h2s (&dki->issue.properties.denom_hash), GNUNET_STRINGS_absolute_time_to_string (start)); return GNUNET_OK; } @@ -742,11 +744,16 @@ reload_keys_denom_iter (void *cls, (void *) dki)) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Could not persist denomination key in DB. Committing suicide via SIGTERM.\n"); + "Could not persist denomination key %s in DB. Committing suicide via SIGTERM.\n", + GNUNET_h2s (&dki->issue.properties.denom_hash)); handle_signal (SIGTERM); return GNUNET_SYSERR; } + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Adding denomination key `%s' (%s) to active set\n", + alias, + GNUNET_h2s (&dki->issue.properties.denom_hash)); res = store_in_map (key_state->denomkey_map, dki); if (GNUNET_NO == res) @@ -892,25 +899,42 @@ reload_auditor_iter (void *cls, keys actually match the denomination keys that are active right now */ for (unsigned int i=0;i<dki_len;i++) { - GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, - "Found auditor signature for DK `%s'\n", - GNUNET_h2s (&dki[i].denom_hash)); + int matched; + if (GNUNET_YES != GNUNET_CONTAINER_multihashmap_contains (key_state->denomkey_map, &dki[i].denom_hash)) + { + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found auditor signature for DK `%s', but key is not in active map\n", + GNUNET_h2s (&dki[i].denom_hash)); continue; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Found auditor signature for DK `%s'\n", + GNUNET_h2s (&dki[i].denom_hash)); /* Note: the array is sorted, we could theoretically speed this up using a binary search. */ + matched = GNUNET_NO; for (unsigned int j=0;j<rfc->denomkey_array_length;j++) { struct DenominationKeyEntry *dke = &rfc->denomkey_array[j]; struct AuditorSignature *as; if (0 != - memcmp (dki, - &dke->dki[i].issue.properties, + memcmp (&dki[i].denom_hash, + &dke->dki->issue.properties.denom_hash, + sizeof (struct GNUNET_HashCode))) + continue; + if (0 != + memcmp (&dki[i], + &dke->dki->issue.properties, sizeof (struct TALER_DenominationKeyValidityPS))) + { + /* if the hash is the same, the properties should also match! */ + GNUNET_break (0); continue; + } as = GNUNET_malloc (sizeof (struct AuditorSignature) + strlen (auditor_url) + 1); as->asig = asigs[i]; @@ -922,6 +946,15 @@ reload_auditor_iter (void *cls, GNUNET_CONTAINER_DLL_insert (dke->as_head, dke->as_tail, as); + matched = GNUNET_YES; + break; + } + if (GNUNET_NO == matched) + { + GNUNET_break (0); + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "DK `%s' is in active map, but not in array!?\n", + GNUNET_h2s (&dki[i].denom_hash)); } } return GNUNET_OK; @@ -1459,10 +1492,12 @@ make_fresh_key_state () { const struct DenominationKeyEntry *dke = &rfc.denomkey_array[i]; + if (NULL == dke->as_head) GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Denomination key `%s' not signed by any auditor!\n", - GNUNET_h2s (&dke->denom_key_hash)); + "Denomination key `%s' at %p not signed by any auditor!\n", + GNUNET_h2s (&dke->denom_key_hash), + dke); } /* Determine size of `krd_array` by counting number of discrete |