diff options
-rw-r--r-- | src/auditor/Makefile.am | 2 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd.c | 10 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd.h | 1 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd_db.c | 120 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd_db.h | 72 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd_deposit-confirmation.c | 226 | ||||
-rw-r--r-- | src/auditor/taler-auditor-httpd_deposit-confirmation.h | 47 | ||||
-rw-r--r-- | src/include/taler_auditordb_plugin.h | 2 | ||||
-rw-r--r-- | src/include/taler_error_codes.h | 17 |
9 files changed, 495 insertions, 2 deletions
diff --git a/src/auditor/Makefile.am b/src/auditor/Makefile.am index 23776f436..10873e80b 100644 --- a/src/auditor/Makefile.am +++ b/src/auditor/Makefile.am @@ -48,6 +48,8 @@ taler_auditor_LDADD = \ taler_auditor_httpd_SOURCES = \ taler-auditor-httpd.c taler-auditor-httpd.h \ + taler-auditor-httpd_db.c taler-auditor-httpd_db.h \ + taler-auditor-httpd_deposit-confirmation.c taler-auditor-httpd_deposit-confirmation.h \ taler-auditor-httpd_mhd.c taler-auditor-httpd_mhd.h \ taler-auditor-httpd_parsing.c taler-auditor-httpd_parsing.h \ taler-auditor-httpd_responses.c taler-auditor-httpd_responses.h diff --git a/src/auditor/taler-auditor-httpd.c b/src/auditor/taler-auditor-httpd.c index a023fd6c2..923f69005 100644 --- a/src/auditor/taler-auditor-httpd.c +++ b/src/auditor/taler-auditor-httpd.c @@ -28,6 +28,7 @@ #include <pthread.h> #include <sys/resource.h> #include "taler_auditordb_lib.h" +#include "taler-auditor-httpd_deposit-confirmation.h" #include "taler-auditor-httpd_parsing.h" #include "taler-auditor-httpd_mhd.h" #include "taler-auditor-httpd.h" @@ -296,7 +297,14 @@ handle_mhd_request (void *cls, { static struct TAH_RequestHandler handlers[] = { - /* Landing page, tell humans to go away. */ + /* Our most popular handler (thus first!), used by merchants to + probabilistically report us their deposit confirmations. */ + { "/deposit-confirmation", MHD_HTTP_METHOD_PUT, "text/plain", + NULL, 0, + &TAH_DEPOSIT_CONFIRMATION_handler, MHD_HTTP_OK }, + + /* Landing page, for now tells humans to go away (FIXME: replace + with auditor's welcome page!) */ { "/", MHD_HTTP_METHOD_GET, "text/plain", "Hello, I'm the Taler auditor. This HTTP server is not for humans.\n", 0, &TAH_MHD_handler_static_response, MHD_HTTP_OK }, diff --git a/src/auditor/taler-auditor-httpd.h b/src/auditor/taler-auditor-httpd.h index c03cc4907..85a7feb28 100644 --- a/src/auditor/taler-auditor-httpd.h +++ b/src/auditor/taler-auditor-httpd.h @@ -24,6 +24,7 @@ #define TALER_AUDITOR_HTTPD_H #include <microhttpd.h> +#include "taler_auditordb_plugin.h" /** * Should we return "Connection: close" in each response? diff --git a/src/auditor/taler-auditor-httpd_db.c b/src/auditor/taler-auditor-httpd_db.c new file mode 100644 index 000000000..846829551 --- /dev/null +++ b/src/auditor/taler-auditor-httpd_db.c @@ -0,0 +1,120 @@ +/* + This file is part of TALER + Copyright (C) 2014-2018 GNUnet e.V. + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-auditor-httpd_db.c + * @brief Generic database operations for the auditor. + * @author Christian Grothoff + */ +#include "platform.h" +#include <pthread.h> +#include <jansson.h> +#include <gnunet/gnunet_json_lib.h> +#include "taler_json_lib.h" +#include "taler-auditor-httpd_db.h" +#include "taler-auditor-httpd_responses.h" + + +/** + * How often should we retry a transaction before giving up + * (for transactions resulting in serialization/dead locks only). + */ +#define MAX_TRANSACTION_COMMIT_RETRIES 100 + + +/** + * Run a database transaction for @a connection. + * Starts a transaction and calls @a cb. Upon success, + * attempts to commit the transaction. Upon soft failures, + * retries @a cb a few times. Upon hard or persistent soft + * errors, generates an error message for @a connection. + * + * @param connection MHD connection to run @a cb for + * @param name name of the transaction (for debugging) + * @param[out] set to MHD response code, if transaction failed + * @param cb callback implementing transaction logic + * @param cb_cls closure for @a cb, must be read-only! + * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure + */ +int +TAH_DB_run_transaction (struct MHD_Connection *connection, + const char *name, + int *mhd_ret, + TAH_DB_TransactionCallback cb, + void *cb_cls) +{ + struct TALER_AUDITORDB_Session *session; + + if (NULL != mhd_ret) + *mhd_ret = -1; /* invalid value */ + if (NULL == (session = TAH_plugin->get_session (TAH_plugin->cls))) + { + GNUNET_break (0); + if (NULL != mhd_ret) + *mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection, + TALER_EC_DB_SETUP_FAILED); + return GNUNET_SYSERR; + } + // TAH_plugin->preflight (TAH_plugin->cls, session); // FIXME: needed? + for (unsigned int retries = 0;retries < MAX_TRANSACTION_COMMIT_RETRIES; retries++) + { + enum GNUNET_DB_QueryStatus qs; + + if (GNUNET_OK != + TAH_plugin->start (TAH_plugin->cls, + session)) + { + GNUNET_break (0); + if (NULL != mhd_ret) + *mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection, + TALER_EC_DB_START_FAILED); + return GNUNET_SYSERR; + } + qs = cb (cb_cls, + connection, + session, + mhd_ret); + if (0 > qs) + TAH_plugin->rollback (TAH_plugin->cls, + session); + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + return GNUNET_SYSERR; + if (0 <= qs) + qs = TAH_plugin->commit (TAH_plugin->cls, + session); + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + { + if (NULL != mhd_ret) + *mhd_ret = TAH_RESPONSE_reply_commit_error (connection, + TALER_EC_DB_COMMIT_FAILED_HARD); + return GNUNET_SYSERR; + } + /* make sure callback did not violate invariants! */ + GNUNET_assert ( (NULL == mhd_ret) || + (-1 == *mhd_ret) ); + if (0 <= qs) + return GNUNET_OK; + } + TALER_LOG_ERROR ("Transaction `%s' commit failed %u times\n", + name, + MAX_TRANSACTION_COMMIT_RETRIES); + if (NULL != mhd_ret) + *mhd_ret = TAH_RESPONSE_reply_commit_error (connection, + TALER_EC_DB_COMMIT_FAILED_ON_RETRY); + return GNUNET_SYSERR; +} + + +/* end of taler-auditor-httpd_db.c */ diff --git a/src/auditor/taler-auditor-httpd_db.h b/src/auditor/taler-auditor-httpd_db.h new file mode 100644 index 000000000..9aad86c12 --- /dev/null +++ b/src/auditor/taler-auditor-httpd_db.h @@ -0,0 +1,72 @@ +/* + This file is part of TALER + Copyright (C) 2014-2018 GNUnet e.V. + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file auditor/taler-auditor-httpd_db.h + * @brief High-level (transactional-layer) database operations for the auditor + * @author Chrisitan Grothoff + */ +#ifndef TALER_AUDITOR_HTTPD_DB_H +#define TALER_AUDITOR_HTTPD_DB_H + +#include <microhttpd.h> +#include "taler_auditordb_plugin.h" + +/** + * Function implementing a database transaction. Runs the transaction + * logic; IF it returns a non-error code, the transaction logic MUST + * NOT queue a MHD response. IF it returns an hard error, the + * transaction logic MUST queue a MHD response and set @a mhd_ret. IF + * it returns the soft error code, the function MAY be called again to + * retry and MUST not queue a MHD response. + * + * @param cls closure + * @param connection MHD request which triggered the transaction + * @param session database session to use + * @param[out] mhd_ret set to MHD response status for @a connection, + * if transaction failed (!) + * @return transaction status + */ +typedef enum GNUNET_DB_QueryStatus +(*TAH_DB_TransactionCallback)(void *cls, + struct MHD_Connection *connection, + struct TALER_AUDITORDB_Session *session, + int *mhd_ret); + + +/** + * Run a database transaction for @a connection. + * Starts a transaction and calls @a cb. Upon success, + * attempts to commit the transaction. Upon soft failures, + * retries @a cb a few times. Upon hard or persistent soft + * errors, generates an error message for @a connection. + * + * @param connection MHD connection to run @a cb for + * @param name name of the transaction (for debugging) + * @param[out] set to MHD response code, if transaction failed + * @param cb callback implementing transaction logic + * @param cb_cls closure for @a cb, must be read-only! + * @return #GNUNET_OK on success, #GNUNET_SYSERR on failure + */ +int +TAH_DB_run_transaction (struct MHD_Connection *connection, + const char *name, + int *mhd_ret, + TAH_DB_TransactionCallback cb, + void *cb_cls); + + +#endif +/* TALER_AUDITOR_HTTPD_DB_H */ diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.c b/src/auditor/taler-auditor-httpd_deposit-confirmation.c new file mode 100644 index 000000000..88ec9c967 --- /dev/null +++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.c @@ -0,0 +1,226 @@ +/* + This file is part of TALER + Copyright (C) 2014-2018 Inria and GNUnet e.V. + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-auditor-httpd_deposit-confirmation.c + * @brief Handle /deposit-confirmation requests; parses the POST and JSON and + * verifies the coin signature before handing things off + * to the database. + * @author Christian Grothoff + */ +#include "platform.h" +#include <gnunet/gnunet_util_lib.h> +#include <gnunet/gnunet_json_lib.h> +#include <jansson.h> +#include <microhttpd.h> +#include <pthread.h> +#include "taler_json_lib.h" +#include "taler-auditor-httpd.h" +#include "taler-auditor-httpd_db.h" +#include "taler-auditor-httpd_deposit-confirmation.h" +#include "taler-auditor-httpd_parsing.h" +#include "taler-auditor-httpd_responses.h" + + +/** + * Send confirmation of deposit-confirmation success to client. + * + * @param connection connection to the client + * @return MHD result code + */ +static int +reply_deposit_confirmation_success (struct MHD_Connection *connection) +{ + return TAH_RESPONSE_reply_json_pack (connection, + MHD_HTTP_OK, + "{s:s}", + "status", "DEPOSIT_CONFIRMATION_OK"); +} + + +/** + * Execute database transaction for /deposit-confirmation. Runs the + * transaction logic; IF it returns a non-error code, the transaction + * logic MUST NOT queue a MHD response. IF it returns an hard error, + * the transaction logic MUST queue a MHD response and set @a mhd_ret. + * IF it returns the soft error code, the function MAY be called again + * to retry and MUST not queue a MHD response. + * + * @param cls a `struct DepositConfirmation *` + * @param connection MHD request context + * @param session database session and transaction to use -- FIXME: needed? + * @param[out] mhd_ret set to MHD status on error + * @return transaction status + */ +static enum GNUNET_DB_QueryStatus +deposit_confirmation_transaction (void *cls, + struct MHD_Connection *connection, + struct TALER_AUDITORDB_Session *session, + int *mhd_ret) +{ + const struct TALER_AUDITORDB_DepositConfirmation *dc = cls; + enum GNUNET_DB_QueryStatus qs; + + qs = TAH_plugin->insert_deposit_confirmation (TAH_plugin->cls, + session, + dc); + if (GNUNET_DB_STATUS_HARD_ERROR == qs) + { + TALER_LOG_WARNING ("Failed to store /deposit-confirmation information in database\n"); + *mhd_ret = TAH_RESPONSE_reply_internal_db_error (connection, + TALER_EC_DEPOSIT_CONFIRMATION_STORE_DB_ERROR); + } + return qs; +} + + +/** + * We have parsed the JSON information about the deposit, do some + * basic sanity checks (especially that the signature on the coin is + * valid, and that this type of coin exists) and then execute the + * deposit. + * + * @param connection the MHD connection to handle + * @param dc information about the deposit confirmation + * @return MHD result code + */ +static int +verify_and_execute_deposit_confirmation (struct MHD_Connection *connection, + const struct TALER_AUDITORDB_DepositConfirmation *dc) +{ + struct TALER_ExchangeSigningKeyValidityPS skv; + struct TALER_DepositConfirmationPS dcs; + int mhd_ret; + + /* check signatures */ + dcs.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT); + dcs.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS)); + dcs.h_contract_terms = dc->h_contract_terms; + dcs.h_wire = dc->h_wire; + dcs.timestamp = GNUNET_TIME_absolute_hton (dc->timestamp); + dcs.refund_deadline = GNUNET_TIME_absolute_hton (dc->refund_deadline); + TALER_amount_hton (&dcs.amount_without_fee, + &dc->amount_without_fee); + dcs.coin_pub = dc->coin_pub; + dcs.merchant = dc->merchant; + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_EXCHANGE_CONFIRM_DEPOSIT, + &dcs.purpose, + &dc->exchange_sig.eddsa_signature, + &dc->exchange_pub.eddsa_pub)) + { + TALER_LOG_WARNING ("Invalid signature on /deposit-confirmation request\n"); + return TAH_RESPONSE_reply_signature_invalid (connection, + TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID, + "exchange_sig"); + } + /* TODO: we should probably cache these, no need to verify the + exchange_sig's every time (wastes CPU) */ + skv.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); + skv.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)); + skv.master_public_key = dc->master_public_key; + skv.start; // FIXME + skv.expire; // FIXME + skv.end; // FIXME + skv.signkey_pub = dc->exchange_pub; + if (GNUNET_OK != + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, + &skv.purpose, + &dc->master_sig.eddsa_signature, + &dc->master_public_key.eddsa_pub)) + { + TALER_LOG_WARNING ("Invalid signature on /deposit-confirmation request\n"); + return TAH_RESPONSE_reply_signature_invalid (connection, + TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID, + "master_sig"); + } + + /* execute transaction */ + if (GNUNET_OK != + TAH_DB_run_transaction (connection, + "store deposit confirmation", + &mhd_ret, + &deposit_confirmation_transaction, + (void *) dc)) + return mhd_ret; + return reply_deposit_confirmation_success (connection); +} + + +/** + * Handle a "/deposit-confirmation" request. Parses the JSON, and, if + * successful, passes the JSON data to #verify_and_execute_deposit_confirmation() + * to further check the details of the operation specified. If + * everything checks out, this will ultimately lead to the "/deposit-confirmation" + * being stored in the database. + * + * @param rh context of the handler + * @param connection the MHD connection to handle + * @param[in,out] connection_cls the connection's closure (can be updated) + * @param upload_data upload data + * @param[in,out] upload_data_size number of bytes (left) in @a upload_data + * @return MHD result code + */ +int +TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh, + struct MHD_Connection *connection, + void **connection_cls, + const char *upload_data, + size_t *upload_data_size) +{ + json_t *json; + int res; + struct TALER_AUDITORDB_DepositConfirmation dc; + struct GNUNET_JSON_Specification spec[] = { + GNUNET_JSON_spec_fixed_auto ("h_contract_terms", &dc.h_contract_terms), + GNUNET_JSON_spec_fixed_auto ("h_wire", &dc.h_wire), + GNUNET_JSON_spec_absolute_time ("timestamp", &dc.timestamp), + GNUNET_JSON_spec_absolute_time ("refund_deadline", &dc.refund_deadline), + TALER_JSON_spec_amount ("amount_without_fee", &dc.amount_without_fee), + GNUNET_JSON_spec_fixed_auto ("coin_pub", &dc.coin_pub), + GNUNET_JSON_spec_fixed_auto ("merchant_pub", &dc.merchant), + GNUNET_JSON_spec_fixed_auto ("exchange_sig", &dc.exchange_sig), + GNUNET_JSON_spec_fixed_auto ("exchange_pub", &dc.exchange_pub), + GNUNET_JSON_spec_fixed_auto ("master_sig", &dc.master_sig), + GNUNET_JSON_spec_fixed_auto ("master_public_key", &dc.master_public_key), + GNUNET_JSON_spec_end () + }; + + res = TAH_PARSE_post_json (connection, + connection_cls, + upload_data, + upload_data_size, + &json); + if (GNUNET_SYSERR == res) + return MHD_NO; + if ( (GNUNET_NO == res) || + (NULL == json) ) + return MHD_YES; + res = TAH_PARSE_json_data (connection, + json, + spec); + json_decref (json); + if (GNUNET_SYSERR == res) + return MHD_NO; /* hard failure */ + if (GNUNET_NO == res) + return MHD_YES; /* failure */ + res = verify_and_execute_deposit_confirmation (connection, + &dc); + GNUNET_JSON_parse_free (spec); + return res; +} + + +/* end of taler-auditor-httpd_deposit-confirmation.c */ diff --git a/src/auditor/taler-auditor-httpd_deposit-confirmation.h b/src/auditor/taler-auditor-httpd_deposit-confirmation.h new file mode 100644 index 000000000..4b49c496c --- /dev/null +++ b/src/auditor/taler-auditor-httpd_deposit-confirmation.h @@ -0,0 +1,47 @@ +/* + This file is part of TALER + Copyright (C) 2018 GNUnet e.V. + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> +*/ +/** + * @file taler-auditor-httpd_deposit-confirmation.h + * @brief Handle /deposit-confirmation requests + * @author Christian Grothoff + */ +#ifndef TALER_AUDITOR_HTTPD_DEPOSIT_CONFIRMATION_H +#define TALER_AUDITOR_HTTPD_DEPOSIT_CONFIRMATION_H + +#include <gnunet/gnunet_util_lib.h> +#include <microhttpd.h> +#include "taler-auditor-httpd.h" + + +/** + * Handle a "/deposit-confirmation" request. Parses the JSON, and, if + * successful, checks the signatures and stores the result in the DB. + * + * @param rh context of the handler + * @param connection the MHD connection to handle + * @param[in,out] connection_cls the connection's closure (can be updated) + * @param upload_data upload data + * @param[in,out] upload_data_size number of bytes (left) in @a upload_data + * @return MHD result code + */ +int +TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh, + struct MHD_Connection *connection, + void **connection_cls, + const char *upload_data, + size_t *upload_data_size); + +#endif diff --git a/src/include/taler_auditordb_plugin.h b/src/include/taler_auditordb_plugin.h index 622ae1afa..752ff6a8d 100644 --- a/src/include/taler_auditordb_plugin.h +++ b/src/include/taler_auditordb_plugin.h @@ -245,7 +245,7 @@ struct TALER_AUDITORDB_DepositConfirmation /** * Public signing key from the exchange matching @e exchange_sig. */ - struct TALER_ExchangeSignatureP exchange_pub; + struct TALER_ExchangePublicKeyP exchange_pub; /** * Exchange master signature over @e exchange_sig. diff --git a/src/include/taler_error_codes.h b/src/include/taler_error_codes.h index 35dceb7c4..3c226e37e 100644 --- a/src/include/taler_error_codes.h +++ b/src/include/taler_error_codes.h @@ -1516,6 +1516,23 @@ enum TALER_ErrorCode */ TALER_EC_CHECK_PAYMENT_FAILED_COMPUTE_PROPOSAL_HASH = 2014, + + /* *********** Auditor error codes ********* */ + + /** + * The signature from the exchange on the deposit confirmation + * is invalid. Returned with a "400 Bad Request" status code. + */ + TALER_EC_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID = 2500, + + /** + * The auditor had trouble storing the deposit confirmation + * in its database. Returned with an HTTP status code of + * MHD_HTTP_INTERNAL_SERVER_ERROR. + */ + TALER_EC_DEPOSIT_CONFIRMATION_STORE_DB_ERROR = 2501, + + /* ********** /test API error codes ************* */ /** |