aboutsummaryrefslogtreecommitdiff
path: root/src/mint
diff options
context:
space:
mode:
Diffstat (limited to 'src/mint')
-rw-r--r--src/mint/key_io.c8
-rw-r--r--src/mint/key_io.h27
-rw-r--r--src/mint/taler-mint-httpd_keystate.c82
-rw-r--r--src/mint/taler-mint-keycheck.c5
4 files changed, 77 insertions, 45 deletions
diff --git a/src/mint/key_io.c b/src/mint/key_io.c
index 6b70e980a..e02e0f563 100644
--- a/src/mint/key_io.c
+++ b/src/mint/key_io.c
@@ -55,10 +55,14 @@ signkeys_iterate_dir_iter (void *cls,
sizeof (struct TALER_MINT_SignKeyIssuePriv));
if (nread != sizeof (struct TALER_MINT_SignKeyIssuePriv))
{
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid signkey file: '%s'\n", filename);
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+ "Invalid signkey file: '%s'\n",
+ filename);
return GNUNET_OK;
}
- return skc->it (skc->it_cls, &issue);
+ return skc->it (skc->it_cls,
+ filename,
+ &issue);
}
diff --git a/src/mint/key_io.h b/src/mint/key_io.h
index c9fd57625..bd7f95112 100644
--- a/src/mint/key_io.h
+++ b/src/mint/key_io.h
@@ -41,13 +41,21 @@
*/
struct TALER_MINT_SignKeyIssuePriv
{
+ /**
+ * FIXME.
+ */
struct GNUNET_CRYPTO_EddsaPrivateKey signkey_priv;
+ /**
+ * FIXME.
+ */
struct TALER_MINT_SignKeyIssue issue;
};
-
+/**
+ * FIXME.
+ */
struct TALER_MINT_DenomKeyIssuePriv
{
/**
@@ -56,16 +64,18 @@ struct TALER_MINT_DenomKeyIssuePriv
*/
struct GNUNET_CRYPTO_rsa_PrivateKey *denom_priv;
+ /**
+ * FIXME.
+ */
struct TALER_MINT_DenomKeyIssue issue;
};
-
-
/**
* Iterator for sign keys.
*
* @param cls closure
+ * @param filename name of the file the key came from
* @param ski the sign key issue
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
@@ -73,8 +83,10 @@ struct TALER_MINT_DenomKeyIssuePriv
*/
typedef int
(*TALER_MINT_SignkeyIterator)(void *cls,
+ const char *filename,
const struct TALER_MINT_SignKeyIssuePriv *ski);
+
/**
* Iterator for denomination keys.
*
@@ -97,7 +109,8 @@ typedef int
*/
int
TALER_MINT_signkeys_iterate (const char *mint_base_dir,
- TALER_MINT_SignkeyIterator it, void *cls);
+ TALER_MINT_SignkeyIterator it,
+ void *it_cls);
/**
@@ -105,7 +118,8 @@ TALER_MINT_signkeys_iterate (const char *mint_base_dir,
*/
int
TALER_MINT_denomkeys_iterate (const char *mint_base_dir,
- TALER_MINT_DenomkeyIterator it, void *cls);
+ TALER_MINT_DenomkeyIterator it,
+ void *it_cls);
/**
@@ -132,7 +146,4 @@ TALER_MINT_read_denom_key (const char *filename,
struct TALER_MINT_DenomKeyIssuePriv *dki);
-
-
-
#endif
diff --git a/src/mint/taler-mint-httpd_keystate.c b/src/mint/taler-mint-httpd_keystate.c
index 4be13a0bb..d5872d96d 100644
--- a/src/mint/taler-mint-httpd_keystate.c
+++ b/src/mint/taler-mint-httpd_keystate.c
@@ -141,30 +141,6 @@ denom_key_issue_to_json (const struct TALER_MINT_DenomKeyIssue *dki)
/**
- * Convert the public part of a sign key issue to a JSON object.
- *
- * @param ski the sign key issue
- * @return a JSON object describing the sign key isue (public part)
- */
-static json_t *
-sign_key_issue_to_json (const struct TALER_MINT_SignKeyIssue *ski)
-{
- return
- json_pack ("{s:o, s:o, s:o, s:o}",
- "stamp_start",
- TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)),
- "stamp_expire",
- TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)),
- "master_sig",
- TALER_JSON_from_data (&ski->signature,
- sizeof (struct GNUNET_CRYPTO_EddsaSignature)),
- "key",
- TALER_JSON_from_data (&ski->signkey_pub,
- sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)));
-}
-
-
-/**
* Get the relative time value that describes how
* far in the future do we want to provide coin keys.
*
@@ -207,6 +183,7 @@ reload_keys_denom_iter (void *cls,
struct MintKeyState *ctx = cls;
struct GNUNET_TIME_Absolute stamp_provide;
struct GNUNET_HashCode denom_key_hash;
+ struct TALER_MINT_DenomKeyIssuePriv *d2;
int res;
stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time,
@@ -214,39 +191,71 @@ reload_keys_denom_iter (void *cls,
if (GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us < ctx->reload_time.abs_value_us)
{
- // this key is expired
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Skipping expired denomination key `%s'\n",
+ alias);
return GNUNET_OK;
}
if (GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us > stamp_provide.abs_value_us)
{
- // we are to early for this key
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Skipping future denomination key `%s'\n",
+ alias);
return GNUNET_OK;
}
GNUNET_CRYPTO_hash (&dki->issue.denom_pub,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey),
&denom_key_hash);
-
+ d2 = GNUNET_memdup (dki,
+ sizeof (struct TALER_MINT_DenomKeyIssuePriv));
res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map,
&denom_key_hash,
- GNUNET_memdup (dki,
- sizeof (struct TALER_MINT_DenomKeyIssuePriv)),
+ d2,
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
if (GNUNET_OK != res)
+ {
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
- "Duplicate denomination key\n");
-
+ "Duplicate denomination key `%s'\n",
+ alias);
+ GNUNET_free (d2);
+ return GNUNET_OK;
+ }
json_array_append_new (ctx->denom_keys_array,
denom_key_issue_to_json (&dki->issue));
-
return GNUNET_OK;
}
/**
+ * Convert the public part of a sign key issue to a JSON object.
+ *
+ * @param ski the sign key issue
+ * @return a JSON object describing the sign key isue (public part)
+ */
+static json_t *
+sign_key_issue_to_json (const struct TALER_MINT_SignKeyIssue *ski)
+{
+ return
+ json_pack ("{s:o, s:o, s:o, s:o}",
+ "stamp_start",
+ TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->start)),
+ "stamp_expire",
+ TALER_JSON_from_abs (GNUNET_TIME_absolute_ntoh (ski->expire)),
+ "master_sig",
+ TALER_JSON_from_data (&ski->signature,
+ sizeof (struct GNUNET_CRYPTO_EddsaSignature)),
+ "key",
+ TALER_JSON_from_data (&ski->signkey_pub,
+ sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)));
+}
+
+
+/**
* Iterator for sign keys.
*
* @param cls closure
+ * @param filename name of the file the key came from
* @param ski the sign key issue
* @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error,
@@ -254,6 +263,7 @@ reload_keys_denom_iter (void *cls,
*/
static int
reload_keys_sign_iter (void *cls,
+ const char *filename,
const struct TALER_MINT_SignKeyIssuePriv *ski)
{
struct MintKeyState *ctx = cls;
@@ -264,13 +274,17 @@ reload_keys_sign_iter (void *cls,
if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us < ctx->reload_time.abs_value_us)
{
- // this key is expired
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Skipping expired signing key `%s'\n",
+ filename);
return GNUNET_OK;
}
if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us > stamp_provide.abs_value_us)
{
- // we are to early for this key
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Skipping future signing key `%s'\n",
+ filename);
return GNUNET_OK;
}
diff --git a/src/mint/taler-mint-keycheck.c b/src/mint/taler-mint-keycheck.c
index c934d08fa..b8f40c580 100644
--- a/src/mint/taler-mint-keycheck.c
+++ b/src/mint/taler-mint-keycheck.c
@@ -28,11 +28,14 @@
static char *mintdir;
+
static struct GNUNET_CONFIGURATION_Handle *kcfg;
static int
-signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssuePriv *ski)
+signkeys_iter (void *cls,
+ const char *filename,
+ const struct TALER_MINT_SignKeyIssuePriv *ski)
{
struct GNUNET_TIME_Absolute start;