aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2020-01-17 13:09:14 +0100
committerChristian Grothoff <christian@grothoff.org>2020-01-17 13:09:20 +0100
commit4e125d8eda41dcfa7488c96f7b00011a09959c5d (patch)
treeb443bf8fb306c5379c0a2741fa250fee4a6dbfc9 /src
parentfc55952b4f2b151e81160995da16a67a98e9eb50 (diff)
check for key expiration
Diffstat (limited to 'src')
-rw-r--r--src/auditor/taler-auditor-httpd_deposit-confirmation.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
index 2d73bab28..4c80d8aa2 100644
--- a/src/auditor/taler-auditor-httpd_deposit-confirmation.c
+++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c
@@ -54,7 +54,19 @@ verify_and_execute_deposit_confirmation (struct MHD_Connection *connection,
struct TALER_DepositConfirmationPS dcs;
struct TALER_AUDITORDB_Session *session;
enum GNUNET_DB_QueryStatus qs;
+ struct GNUNET_TIME_Absolute now;
+ now = GNUNET_TIME_absolute_get ();
+ if ( (es->ep_start.abs_value_us > now.abs_value_us) ||
+ (es->ep_expire.abs_value_us < now.abs_value_us) )
+ {
+ /* Signing key expired */
+ TALER_LOG_WARNING ("Expired exchange signing key\n");
+ return TALER_MHD_reply_with_error (connection,
+ MHD_HTTP_FORBIDDEN,
+ TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
+ "master_sig (expired)");
+ }
/* check exchange signing key signature */
skv.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
skv.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));