diff options
author | Christian Grothoff <christian@grothoff.org> | 2020-12-22 18:27:34 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2020-12-22 18:27:34 +0100 |
commit | fe232f1fed5323774578b01f83bf22a8923b684a (patch) | |
tree | 2ffc9c857f1b7d323c45f9c03e69e5207be3796d /src/auditor | |
parent | a644355c44ec08c6e0691c8e308bba69619fdccd (diff) |
integrate auditor signature check logic with taler-helper-auditor-coins
Diffstat (limited to 'src/auditor')
-rw-r--r-- | src/auditor/report-lib.c | 76 | ||||
-rw-r--r-- | src/auditor/report-lib.h | 10 | ||||
-rw-r--r-- | src/auditor/taler-helper-auditor-coins.c | 86 |
3 files changed, 115 insertions, 57 deletions
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c index e7d20dc53..6334e6f65 100644 --- a/src/auditor/report-lib.c +++ b/src/auditor/report-lib.c @@ -64,7 +64,12 @@ struct TALER_MasterPublicKeyP TALER_ARL_master_pub; /** * Public key of the auditor. */ -static struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub; +struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub; + +/** + * REST API endpoint of the auditor. + */ +char *TALER_ARL_auditor_url; /** * At what time did the auditor process start? @@ -177,62 +182,6 @@ add_denomination ( GNUNET_CONTAINER_multihashmap_get (denominations, &issue->denom_hash)) return; /* value already known */ -#if FIXME_IMPLEMENT - qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls, - TALER_ARL_esession, - &issue->denom_hash, - &TALER_ARL_auditor_pub, - &auditor_sig); - if (0 >= qs) - { - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - "Encountered denomination `%s' that this auditor is not auditing!\n", - GNUNET_h2s (&issue->denom_hash)); - return; /* skip! */ - } - { - // TODO: one of the auditor passes should really just do this - // add problems to JSON report (even if the implications are unclear), - // instead of doing it here! - struct TALER_Amount coin_value; - struct TALER_Amount fee_withdraw; - struct TALER_Amount fee_deposit; - struct TALER_Amount fee_refresh; - struct TALER_Amount fee_refund; - - TALER_amount_hton (&coin_value, - &issue->value); - TALER_amount_hton (&fee_withdraw, - &issue->fee_withdraw); - TALER_amount_hton (&fee_deposit, - &issue->fee_deposit); - TALER_amount_hton (&fee_refresh, - &issue->fee_refresh); - TALER_amount_hton (&fee_refund, - &issue->fee_refund); - if (GNUNET_OK != - TALER_auditor_denom_validity_verify ( - TALER_ARL_auditor_url, - &issue->denom_hash, - &TALER_ARL_master_pub, - GNUNET_TIME_absolute_ntoh (issue->start), - GNUNET_TIME_absolute_ntoh (issue->expire_withdraw), - GNUNET_TIME_absolute_ntoh (issue->expire_deposit), - GNUNET_TIME_absolute_ntoh (issue->expire_legal), - &coin_value, - &fee_withdraw, - &fee_deposit, - &fee_refresh, - &fee_refund, - &TALER_ARL_auditor_pub, - &auditor_sig)) - { - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n", - GNUNET_h2s (&issue->denom_hash)); - } - } -#endif #if GNUNET_EXTRA_LOGGING >= 1 { struct TALER_Amount value; @@ -728,6 +677,18 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c) { TALER_ARL_cfg = c; start_time = GNUNET_TIME_absolute_get (); + + if (GNUNET_OK != + GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg, + "auditor", + "BASE_URL", + &TALER_ARL_auditor_url)) + { + GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR, + "auditor", + "BASE_URL"); + return GNUNET_SYSERR; + } if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub)) { /* -m option not given, try configuration */ @@ -944,6 +905,7 @@ TALER_ARL_done (json_t *report) JSON_INDENT (2)); json_decref (report); } + GNUNET_free (TALER_ARL_auditor_url); } diff --git a/src/auditor/report-lib.h b/src/auditor/report-lib.h index 04165ae4a..05632f2dc 100644 --- a/src/auditor/report-lib.h +++ b/src/auditor/report-lib.h @@ -75,6 +75,16 @@ extern struct TALER_AUDITORDB_Session *TALER_ARL_asession; extern struct TALER_MasterPublicKeyP TALER_ARL_master_pub; /** + * Public key of the auditor. + */ +extern struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub; + +/** + * REST API endpoint of the auditor. + */ +extern char *TALER_ARL_auditor_url; + +/** * At what time did the auditor process start? */ extern struct GNUNET_TIME_Absolute start_time; diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c index 55feeec36..fe9cf7744 100644 --- a/src/auditor/taler-helper-auditor-coins.c +++ b/src/auditor/taler-helper-auditor-coins.c @@ -2197,6 +2197,81 @@ recoup_refresh_cb (void *cls, /** + * Function called with the results of iterate_denomination_info(), + * or directly (!). Used to check that we correctly signed the + * denomination and to warn if there are denominations not approved + * by this auditor. + * + * @param cls closure, NULL + * @param denom_pub public key, sometimes NULL (!) + * @param validity issuing information with value, fees and other info about the denomination. + */ +static void +check_denomination ( + void *cls, + const struct TALER_DenominationPublicKey *denom_pub, + const struct TALER_EXCHANGEDB_DenominationKeyInformationP *validity) +{ + const struct TALER_DenominationKeyValidityPS *issue = &validity->properties; + enum GNUNET_DB_QueryStatus qs; + struct TALER_AuditorSignatureP auditor_sig; + + qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls, + TALER_ARL_esession, + &issue->denom_hash, + &TALER_ARL_auditor_pub, + &auditor_sig); + if (0 >= qs) + { + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "Encountered denomination `%s' that this auditor is not auditing!\n", + GNUNET_h2s (&issue->denom_hash)); + return; /* skip! */ + } + { + struct TALER_Amount coin_value; + struct TALER_Amount fee_withdraw; + struct TALER_Amount fee_deposit; + struct TALER_Amount fee_refresh; + struct TALER_Amount fee_refund; + + TALER_amount_ntoh (&coin_value, + &issue->value); + TALER_amount_ntoh (&fee_withdraw, + &issue->fee_withdraw); + TALER_amount_ntoh (&fee_deposit, + &issue->fee_deposit); + TALER_amount_ntoh (&fee_refresh, + &issue->fee_refresh); + TALER_amount_ntoh (&fee_refund, + &issue->fee_refund); + if (GNUNET_OK != + TALER_auditor_denom_validity_verify ( + TALER_ARL_auditor_url, + &issue->denom_hash, + &TALER_ARL_master_pub, + GNUNET_TIME_absolute_ntoh (issue->start), + GNUNET_TIME_absolute_ntoh (issue->expire_withdraw), + GNUNET_TIME_absolute_ntoh (issue->expire_deposit), + GNUNET_TIME_absolute_ntoh (issue->expire_legal), + &coin_value, + &fee_withdraw, + &fee_deposit, + &fee_refresh, + &fee_refund, + &TALER_ARL_auditor_pub, + &auditor_sig)) + { + // FIXME: add properly to audit report! + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n", + GNUNET_h2s (&issue->denom_hash)); + } + } +} + + +/** * Analyze the exchange's processing of coins. * * @param cls closure @@ -2212,6 +2287,17 @@ analyze_coins (void *cls) (void) cls; GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, + "Checking denominations...\n"); + qs = TALER_ARL_edb->iterate_denomination_info (TALER_ARL_edb->cls, + TALER_ARL_esession, + &check_denomination, + NULL); + if (0 > qs) + { + GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs); + return qs; + } + GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Analyzing coins\n"); qsp = TALER_ARL_adb->get_auditor_progress_coin (TALER_ARL_adb->cls, TALER_ARL_asession, |