aboutsummaryrefslogtreecommitdiff
path: root/src/auditor
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-12-22 18:27:34 +0100
committerChristian Grothoff <christian@grothoff.org>2020-12-22 18:27:34 +0100
commitfe232f1fed5323774578b01f83bf22a8923b684a (patch)
tree2ffc9c857f1b7d323c45f9c03e69e5207be3796d /src/auditor
parenta644355c44ec08c6e0691c8e308bba69619fdccd (diff)
integrate auditor signature check logic with taler-helper-auditor-coins
Diffstat (limited to 'src/auditor')
-rw-r--r--src/auditor/report-lib.c76
-rw-r--r--src/auditor/report-lib.h10
-rw-r--r--src/auditor/taler-helper-auditor-coins.c86
3 files changed, 115 insertions, 57 deletions
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c
index e7d20dc53..6334e6f65 100644
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@@ -64,7 +64,12 @@ struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
/**
* Public key of the auditor.
*/
-static struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+
+/**
+ * REST API endpoint of the auditor.
+ */
+char *TALER_ARL_auditor_url;
/**
* At what time did the auditor process start?
@@ -177,62 +182,6 @@ add_denomination (
GNUNET_CONTAINER_multihashmap_get (denominations,
&issue->denom_hash))
return; /* value already known */
-#if FIXME_IMPLEMENT
- qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
- TALER_ARL_esession,
- &issue->denom_hash,
- &TALER_ARL_auditor_pub,
- &auditor_sig);
- if (0 >= qs)
- {
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Encountered denomination `%s' that this auditor is not auditing!\n",
- GNUNET_h2s (&issue->denom_hash));
- return; /* skip! */
- }
- {
- // TODO: one of the auditor passes should really just do this
- // add problems to JSON report (even if the implications are unclear),
- // instead of doing it here!
- struct TALER_Amount coin_value;
- struct TALER_Amount fee_withdraw;
- struct TALER_Amount fee_deposit;
- struct TALER_Amount fee_refresh;
- struct TALER_Amount fee_refund;
-
- TALER_amount_hton (&coin_value,
- &issue->value);
- TALER_amount_hton (&fee_withdraw,
- &issue->fee_withdraw);
- TALER_amount_hton (&fee_deposit,
- &issue->fee_deposit);
- TALER_amount_hton (&fee_refresh,
- &issue->fee_refresh);
- TALER_amount_hton (&fee_refund,
- &issue->fee_refund);
- if (GNUNET_OK !=
- TALER_auditor_denom_validity_verify (
- TALER_ARL_auditor_url,
- &issue->denom_hash,
- &TALER_ARL_master_pub,
- GNUNET_TIME_absolute_ntoh (issue->start),
- GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
- GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
- GNUNET_TIME_absolute_ntoh (issue->expire_legal),
- &coin_value,
- &fee_withdraw,
- &fee_deposit,
- &fee_refresh,
- &fee_refund,
- &TALER_ARL_auditor_pub,
- &auditor_sig))
- {
- GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n",
- GNUNET_h2s (&issue->denom_hash));
- }
- }
-#endif
#if GNUNET_EXTRA_LOGGING >= 1
{
struct TALER_Amount value;
@@ -728,6 +677,18 @@ TALER_ARL_init (const struct GNUNET_CONFIGURATION_Handle *c)
{
TALER_ARL_cfg = c;
start_time = GNUNET_TIME_absolute_get ();
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TALER_ARL_cfg,
+ "auditor",
+ "BASE_URL",
+ &TALER_ARL_auditor_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "auditor",
+ "BASE_URL");
+ return GNUNET_SYSERR;
+ }
if (GNUNET_YES == GNUNET_is_zero (&TALER_ARL_master_pub))
{
/* -m option not given, try configuration */
@@ -944,6 +905,7 @@ TALER_ARL_done (json_t *report)
JSON_INDENT (2));
json_decref (report);
}
+ GNUNET_free (TALER_ARL_auditor_url);
}
diff --git a/src/auditor/report-lib.h b/src/auditor/report-lib.h
index 04165ae4a..05632f2dc 100644
--- a/src/auditor/report-lib.h
+++ b/src/auditor/report-lib.h
@@ -75,6 +75,16 @@ extern struct TALER_AUDITORDB_Session *TALER_ARL_asession;
extern struct TALER_MasterPublicKeyP TALER_ARL_master_pub;
/**
+ * Public key of the auditor.
+ */
+extern struct TALER_AuditorPublicKeyP TALER_ARL_auditor_pub;
+
+/**
+ * REST API endpoint of the auditor.
+ */
+extern char *TALER_ARL_auditor_url;
+
+/**
* At what time did the auditor process start?
*/
extern struct GNUNET_TIME_Absolute start_time;
diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c
index 55feeec36..fe9cf7744 100644
--- a/src/auditor/taler-helper-auditor-coins.c
+++ b/src/auditor/taler-helper-auditor-coins.c
@@ -2197,6 +2197,81 @@ recoup_refresh_cb (void *cls,
/**
+ * Function called with the results of iterate_denomination_info(),
+ * or directly (!). Used to check that we correctly signed the
+ * denomination and to warn if there are denominations not approved
+ * by this auditor.
+ *
+ * @param cls closure, NULL
+ * @param denom_pub public key, sometimes NULL (!)
+ * @param validity issuing information with value, fees and other info about the denomination.
+ */
+static void
+check_denomination (
+ void *cls,
+ const struct TALER_DenominationPublicKey *denom_pub,
+ const struct TALER_EXCHANGEDB_DenominationKeyInformationP *validity)
+{
+ const struct TALER_DenominationKeyValidityPS *issue = &validity->properties;
+ enum GNUNET_DB_QueryStatus qs;
+ struct TALER_AuditorSignatureP auditor_sig;
+
+ qs = TALER_ARL_edb->select_auditor_denom_sig (TALER_ARL_edb->cls,
+ TALER_ARL_esession,
+ &issue->denom_hash,
+ &TALER_ARL_auditor_pub,
+ &auditor_sig);
+ if (0 >= qs)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Encountered denomination `%s' that this auditor is not auditing!\n",
+ GNUNET_h2s (&issue->denom_hash));
+ return; /* skip! */
+ }
+ {
+ struct TALER_Amount coin_value;
+ struct TALER_Amount fee_withdraw;
+ struct TALER_Amount fee_deposit;
+ struct TALER_Amount fee_refresh;
+ struct TALER_Amount fee_refund;
+
+ TALER_amount_ntoh (&coin_value,
+ &issue->value);
+ TALER_amount_ntoh (&fee_withdraw,
+ &issue->fee_withdraw);
+ TALER_amount_ntoh (&fee_deposit,
+ &issue->fee_deposit);
+ TALER_amount_ntoh (&fee_refresh,
+ &issue->fee_refresh);
+ TALER_amount_ntoh (&fee_refund,
+ &issue->fee_refund);
+ if (GNUNET_OK !=
+ TALER_auditor_denom_validity_verify (
+ TALER_ARL_auditor_url,
+ &issue->denom_hash,
+ &TALER_ARL_master_pub,
+ GNUNET_TIME_absolute_ntoh (issue->start),
+ GNUNET_TIME_absolute_ntoh (issue->expire_withdraw),
+ GNUNET_TIME_absolute_ntoh (issue->expire_deposit),
+ GNUNET_TIME_absolute_ntoh (issue->expire_legal),
+ &coin_value,
+ &fee_withdraw,
+ &fee_deposit,
+ &fee_refresh,
+ &fee_refund,
+ &TALER_ARL_auditor_pub,
+ &auditor_sig))
+ {
+ // FIXME: add properly to audit report!
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Exchange has invalid signature from this auditor for denomination `%s' in its database!\n",
+ GNUNET_h2s (&issue->denom_hash));
+ }
+ }
+}
+
+
+/**
* Analyze the exchange's processing of coins.
*
* @param cls closure
@@ -2212,6 +2287,17 @@ analyze_coins (void *cls)
(void) cls;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "Checking denominations...\n");
+ qs = TALER_ARL_edb->iterate_denomination_info (TALER_ARL_edb->cls,
+ TALER_ARL_esession,
+ &check_denomination,
+ NULL);
+ if (0 > qs)
+ {
+ GNUNET_break (GNUNET_DB_STATUS_SOFT_ERROR == qs);
+ return qs;
+ }
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Analyzing coins\n");
qsp = TALER_ARL_adb->get_auditor_progress_coin (TALER_ARL_adb->cls,
TALER_ARL_asession,