aboutsummaryrefslogtreecommitdiff
path: root/src/mint
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-04-13 13:11:54 +0200
committerChristian Grothoff <christian@grothoff.org>2015-04-13 13:11:54 +0200
commit9e9bad8dad9aacd3028e1baab76de36c8a5dbdc7 (patch)
tree95bb3ee1bd7f28d5f04f2e2259cb5a06a7c6e69c /src/mint
parentb69e3bf14b5ed73962daa9dfc3f0103b63038177 (diff)
distinguish active/old denomination keys (#3634)
Diffstat (limited to 'src/mint')
-rw-r--r--src/mint/Makefile.am1
-rw-r--r--src/mint/taler-mint-httpd_db.c15
-rw-r--r--src/mint/taler-mint-httpd_deposit.c6
-rw-r--r--src/mint/taler-mint-httpd_keystate.c43
-rw-r--r--src/mint/taler-mint-httpd_keystate.h28
-rw-r--r--src/mint/taler-mint-httpd_refresh.c9
-rw-r--r--src/mint/taler-mint-httpd_responses.c17
-rw-r--r--src/mint/taler-mint-httpd_withdraw.c3
8 files changed, 94 insertions, 28 deletions
diff --git a/src/mint/Makefile.am b/src/mint/Makefile.am
index 538020e9e..8d62f67c3 100644
--- a/src/mint/Makefile.am
+++ b/src/mint/Makefile.am
@@ -17,7 +17,6 @@ taler_mint_httpd_SOURCES = \
taler_mint_httpd_LDADD = \
$(LIBGCRYPT_LIBS) \
$(top_builddir)/src/util/libtalerutil.la \
- $(top_builddir)/src/pq/libtalerpq.la \
$(top_builddir)/src/mintdb/libtalermintdb.la \
-lmicrohttpd \
-ljansson \
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c
index 11bd60f7b..e72397571 100644
--- a/src/mint/taler-mint-httpd_db.c
+++ b/src/mint/taler-mint-httpd_db.c
@@ -136,7 +136,8 @@ TMH_DB_execute_deposit (struct MHD_Connection *connection,
}
mks = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (mks,
- &deposit->coin.denom_pub);
+ &deposit->coin.denom_pub,
+ TMH_KS_DKU_DEPOSIT);
TALER_amount_ntoh (&value,
&dki->issue.value);
TMH_KS_release (mks);
@@ -320,7 +321,8 @@ TMH_DB_execute_withdraw_sign (struct MHD_Connection *connection,
/* Check if balance is sufficient */
key_state = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (key_state,
- denomination_pub);
+ denomination_pub,
+ TMH_KS_DKU_WITHDRAW);
if (NULL == dki)
{
TMH_KS_release (key_state);
@@ -392,7 +394,8 @@ TMH_DB_execute_withdraw_sign (struct MHD_Connection *connection,
break;
case TALER_MINTDB_RO_WITHDRAW_COIN:
tdki = TMH_KS_denomination_key_lookup (key_state,
- &pos->details.withdraw->denom_pub);
+ &pos->details.withdraw->denom_pub,
+ TMH_KS_DKU_WITHDRAW);
TALER_amount_ntoh (&value,
&tdki->issue.value);
if (0 == (res & 2))
@@ -510,7 +513,8 @@ refresh_accept_melts (struct MHD_Connection *connection,
int res;
dki = &TMH_KS_denomination_key_lookup (key_state,
- &coin_details->coin_info.denom_pub)->issue;
+ &coin_details->coin_info.denom_pub,
+ TMH_KS_DKU_DEPOSIT)->issue;
if (NULL == dki)
return (MHD_YES ==
@@ -1023,7 +1027,8 @@ refresh_mint_coin (struct MHD_Connection *connection,
struct TALER_DenominationSignature ev_sig;
dki = TMH_KS_denomination_key_lookup (key_state,
- denom_pub);
+ denom_pub,
+ TMH_KS_DKU_WITHDRAW);
if (NULL == dki)
{
GNUNET_break (0);
diff --git a/src/mint/taler-mint-httpd_deposit.c b/src/mint/taler-mint-httpd_deposit.c
index e85eac78a..509eb5c67 100644
--- a/src/mint/taler-mint-httpd_deposit.c
+++ b/src/mint/taler-mint-httpd_deposit.c
@@ -86,7 +86,8 @@ verify_and_execute_deposit (struct MHD_Connection *connection,
/* check denomination exists and is valid */
key_state = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (key_state,
- &deposit->coin.denom_pub);
+ &deposit->coin.denom_pub,
+ TMH_KS_DKU_DEPOSIT);
if (NULL == dki)
{
TMH_KS_release (key_state);
@@ -188,7 +189,8 @@ parse_and_handle_deposit_request (struct MHD_Connection *connection,
GNUNET_free (wire_enc);
ks = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (ks,
- &deposit.coin.denom_pub);
+ &deposit.coin.denom_pub,
+ TMH_KS_DKU_DEPOSIT);
if (NULL == dki)
{
TMH_KS_release (ks);
diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c
index 60d18ef14..6da2ebbee 100644
--- a/src/mint/taler-mint-httpd_keystate.c
+++ b/src/mint/taler-mint-httpd_keystate.c
@@ -461,19 +461,56 @@ TMH_KS_acquire (void)
*
* @param key_state state to look in
* @param denom_pub denomination public key
+ * @param use purpose for which the key is being located
* @return the denomination key issue,
* or NULL if denom_pub could not be found
*/
struct TALER_MINTDB_DenominationKeyIssueInformation *
TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state,
- const struct TALER_DenominationPublicKey *denom_pub)
+ const struct TALER_DenominationPublicKey *denom_pub,
+ enum TMH_KS_DenominationKeyUse use)
{
struct GNUNET_HashCode hc;
+ struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
+ struct GNUNET_TIME_Absolute now;
GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key,
&hc);
- return GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map,
- &hc);
+ dki = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map,
+ &hc);
+ if (now.abs_value_us <
+ GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Not returning DKI for %s, as start time is in the future\n",
+ GNUNET_h2s (&hc));
+ return NULL;
+ }
+ now = GNUNET_TIME_absolute_get ();
+ switch (use)
+ {
+ case TMH_KS_DKU_WITHDRAW:
+ if (now.abs_value_us >
+ GNUNET_TIME_absolute_ntoh (dki->issue.expire_withdraw).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Not returning DKI for %s, as time to create coins has passed\n",
+ GNUNET_h2s (&hc));
+ return NULL;
+ }
+ break;
+ case TMH_KS_DKU_DEPOSIT:
+ if (now.abs_value_us >
+ GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Not returning DKI for %s, as time to spend coin has passed\n",
+ GNUNET_h2s (&hc));
+ return NULL;
+ }
+ break;
+ }
+ return dki;
}
diff --git a/src/mint/taler-mint-httpd_keystate.h b/src/mint/taler-mint-httpd_keystate.h
index 118a86e78..bcdd01f56 100644
--- a/src/mint/taler-mint-httpd_keystate.h
+++ b/src/mint/taler-mint-httpd_keystate.h
@@ -57,17 +57,41 @@ TMH_KS_release (struct TMH_KS_StateHandle *key_state);
/**
+ * Denomination key lookups can be for signing of fresh coins
+ * or to validate signatures on existing coins. As the validity
+ * periods for a key differ, the caller must specify which
+ * use is relevant for the current operation.
+ */
+enum TMH_KS_DenominationKeyUse {
+
+ /**
+ * The key is to be used for a /withdraw/sign or /refresh (mint)
+ * operation.
+ */
+ TMH_KS_DKU_WITHDRAW,
+
+ /**
+ * The key is to be usd for a /deposit or /refresh (melt) operation.
+ */
+ TMH_KS_DKU_DEPOSIT
+
+};
+
+
+/**
* Look up the issue for a denom public key. Note that the result
* is only valid while the @a key_state is not released!
*
* @param key_state state to look in
* @param denom_pub denomination public key
+ * @param use purpose for which the key is being located
* @return the denomination key issue,
- * or NULL if denom_pub could not be found
+ * or NULL if denom_pub could not be found (or is not valid at this time for the given @a use)
*/
struct TALER_MINTDB_DenominationKeyIssueInformation *
TMH_KS_denomination_key_lookup (const struct TMH_KS_StateHandle *key_state,
- const struct TALER_DenominationPublicKey *denom_pub);
+ const struct TALER_DenominationPublicKey *denom_pub,
+ enum TMH_KS_DenominationKeyUse use);
/**
diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c
index 38af09d85..0f9dbfa0c 100644
--- a/src/mint/taler-mint-httpd_refresh.c
+++ b/src/mint/taler-mint-httpd_refresh.c
@@ -80,7 +80,8 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
for (i=0;i<num_new_denoms;i++)
{
dki = &TMH_KS_denomination_key_lookup (key_state,
- &denom_pubs[i])->issue;
+ &denom_pubs[i],
+ TMH_KS_DKU_WITHDRAW)->issue;
TALER_amount_ntoh (&value,
&dki->value);
TALER_amount_ntoh (&fee_withdraw,
@@ -108,7 +109,8 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
/* calculate contribution of the i-th melt by subtracting
the fee; add the rest to the total_melt value */
dki = &TMH_KS_denomination_key_lookup (key_state,
- &coin_melt_details[i].coin_info.denom_pub)->issue;
+ &coin_melt_details[i].coin_info.denom_pub,
+ TMH_KS_DKU_DEPOSIT)->issue;
TALER_amount_ntoh (&fee_melt,
&dki->fee_refresh);
if (GNUNET_OK !=
@@ -234,7 +236,8 @@ verify_coin_public_info (struct MHD_Connection *connection,
key_state = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (key_state,
- &melt_detail->coin_info.denom_pub);
+ &melt_detail->coin_info.denom_pub,
+ TMH_KS_DKU_DEPOSIT);
if (NULL == dki)
{
TMH_KS_release (key_state);
diff --git a/src/mint/taler-mint-httpd_responses.c b/src/mint/taler-mint-httpd_responses.c
index aad96fe72..4cd5f87ed 100644
--- a/src/mint/taler-mint-httpd_responses.c
+++ b/src/mint/taler-mint-httpd_responses.c
@@ -468,8 +468,6 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
json_t *transaction;
int ret;
const struct TALER_MINTDB_ReserveHistory *pos;
- struct TALER_MINTDB_DenominationKeyIssueInformation *dki;
- struct TMH_KS_StateHandle *key_state;
struct TALER_WithdrawRequestPS wr;
json_history = json_array ();
@@ -502,7 +500,6 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
}
}
- key_state = TMH_KS_acquire ();
ret = 0;
for (pos = rh; NULL != pos; pos = pos->next)
{
@@ -511,29 +508,28 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
case TALER_MINTDB_RO_BANK_TO_MINT:
break;
case TALER_MINTDB_RO_WITHDRAW_COIN:
-
- dki = TMH_KS_denomination_key_lookup (key_state,
- &pos->details.withdraw->denom_pub);
- TALER_amount_ntoh (&value,
- &dki->issue.value);
+ value = pos->details.withdraw->amount_with_fee;
if (0 == ret)
+ {
withdraw_total = value;
+ }
else
+ {
if (GNUNET_OK !=
TALER_amount_add (&withdraw_total,
&withdraw_total,
&value))
{
- TMH_KS_release (key_state);
json_decref (json_history);
return NULL;
}
+ }
ret = 1;
wr.purpose.purpose = htonl (TALER_SIGNATURE_WALLET_RESERVE_WITHDRAW);
wr.purpose.size = htonl (sizeof (struct TALER_WithdrawRequestPS));
wr.reserve_pub = pos->details.withdraw->reserve_pub;
TALER_amount_hton (&wr.amount_with_fee,
- &pos->details.withdraw->amount_with_fee);
+ &value);
TALER_amount_hton (&wr.withdraw_fee,
&pos->details.withdraw->withdraw_fee);
GNUNET_CRYPTO_rsa_public_key_hash (pos->details.withdraw->denom_pub.rsa_public_key,
@@ -552,7 +548,6 @@ compile_reserve_history (const struct TALER_MINTDB_ReserveHistory *rh,
break;
}
}
- TMH_KS_release (key_state);
if (GNUNET_SYSERR ==
TALER_amount_subtract (balance,
diff --git a/src/mint/taler-mint-httpd_withdraw.c b/src/mint/taler-mint-httpd_withdraw.c
index cd79532b2..ca7ec9a01 100644
--- a/src/mint/taler-mint-httpd_withdraw.c
+++ b/src/mint/taler-mint-httpd_withdraw.c
@@ -128,7 +128,8 @@ TMH_WITHDRAW_handler_withdraw_sign (struct TMH_RequestHandler *rh,
blinded_msg_len = spec[0].destination_size_out;
ks = TMH_KS_acquire ();
dki = TMH_KS_denomination_key_lookup (ks,
- &denomination_pub);
+ &denomination_pub,
+ TMH_KS_DKU_WITHDRAW);
if (NULL == dki)
{
TMH_PARSE_release_data (spec);