aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/exchange/exchange.conf17
-rw-r--r--src/exchange/taler-exchange-httpd.c114
-rw-r--r--src/exchange/taler-exchange-httpd.h62
3 files changed, 192 insertions, 1 deletions
diff --git a/src/exchange/exchange.conf b/src/exchange/exchange.conf
index c41150427..2dd934f4e 100644
--- a/src/exchange/exchange.conf
+++ b/src/exchange/exchange.conf
@@ -77,9 +77,24 @@ TERMS_DIR = $DATADIR/exchange/tos/
# Etag / filename for the terms of service.
TERMS_ETAG = 0
-
# Directory with our privacy policy.
PRIVACY_DIR = $DATADIR/exchange/pp/
# Etag / filename for the privacy policy.
PRIVACY_ETAG = 0
+
+# Set to NONE to disable KYC checks.
+# Set to "OAUTH2" to use OAuth 2.0 for KYC authorization.
+KYC_MODE = NONE
+
+
+[exchange-kyc-oauth2]
+
+# URL of the OAuth endpoint for KYC checks
+# KYC_OAUTH2_URL =
+
+# KYC Oauth client ID.
+# KYC_OAUTH2_CLIENT_ID =
+
+# KYC Client secret used to obtain access tokens.
+# KYC_OAUTH2_CLIENT_SECRET =
diff --git a/src/exchange/taler-exchange-httpd.c b/src/exchange/taler-exchange-httpd.c
index 57ca085a6..b7845f5aa 100644
--- a/src/exchange/taler-exchange-httpd.c
+++ b/src/exchange/taler-exchange-httpd.c
@@ -69,6 +69,11 @@ int TEH_allow_keys_timetravel;
const struct GNUNET_CONFIGURATION_Handle *TEH_cfg;
/**
+ * Our KYC configuration.
+ */
+struct TEH_KycOptions TEH_kyc_config;
+
+/**
* How long is caching /keys allowed at most? (global)
*/
struct GNUNET_TIME_Relative TEH_max_keys_caching;
@@ -1071,6 +1076,74 @@ handle_mhd_request (void *cls,
/**
+ * Load OAuth2.0 configuration parameters for the exchange server into the
+ * #TEH_kyc_config variable.
+ *
+ * @return #GNUNET_OK on success
+ */
+static enum GNUNET_GenericReturnValue
+parse_kyc_oauth_cfg (void)
+{
+ char *s;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_URL",
+ &s))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_URL");
+ return GNUNET_SYSERR;
+ }
+ if ( (! TALER_url_valid_charset (s)) ||
+ ( (0 != strncasecmp (s,
+ "http://",
+ strlen ("http://"))) &&
+ (0 != strncasecmp (s,
+ "https://",
+ strlen ("https://"))) ) )
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_URL",
+ "not a valid URL");
+ GNUNET_free (s);
+ return GNUNET_SYSERR;
+ }
+ TEH_kyc_config.details.oauth2.url = s;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_ID",
+ &s))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_ID");
+ return GNUNET_SYSERR;
+ }
+ TEH_kyc_config.details.oauth2.client_id = s;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_SECRET",
+ &s))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-kyc-oauth2",
+ "KYC_OAUTH2_CLIENT_SECRET");
+ return GNUNET_SYSERR;
+ }
+ TEH_kyc_config.details.oauth2.client_secret = s;
+ return GNUNET_OK;
+}
+
+
+/**
* Load configuration parameters for the exchange
* server into the corresponding global variables.
*
@@ -1079,6 +1152,47 @@ handle_mhd_request (void *cls,
static enum GNUNET_GenericReturnValue
exchange_serve_process_config (void)
{
+ {
+ char *kyc_mode;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (TEH_cfg,
+ "exchange",
+ "KYC_MODE",
+ &kyc_mode))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "KYC_MODE");
+ return GNUNET_SYSERR;
+ }
+ if (0 == strcasecmp (kyc_mode,
+ "NONE"))
+ {
+ TEH_kyc_config.mode = TEH_KYC_NONE;
+ }
+ else if (0 == strcasecmp (kyc_mode,
+ "OAUTH2"))
+ {
+ TEH_kyc_config.mode = TEH_KYC_OAUTH2;
+ if (GNUNET_OK !=
+ parse_kyc_oauth_cfg ())
+ {
+ GNUNET_free (kyc_mode);
+ return GNUNET_SYSERR;
+ }
+ }
+ else
+ {
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "KYC_MODE",
+ "Must be 'NONE' or 'OAUTH2'");
+ GNUNET_free (kyc_mode);
+ return GNUNET_SYSERR;
+ }
+ GNUNET_free (kyc_mode);
+ }
if (GNUNET_OK !=
GNUNET_CONFIGURATION_get_value_number (TEH_cfg,
"exchange",
diff --git a/src/exchange/taler-exchange-httpd.h b/src/exchange/taler-exchange-httpd.h
index e43426488..bf41d227d 100644
--- a/src/exchange/taler-exchange-httpd.h
+++ b/src/exchange/taler-exchange-httpd.h
@@ -30,6 +30,68 @@
/**
+ * Enumeration for our KYC modes.
+ */
+enum TEH_KycMode
+{
+ /**
+ * KYC is disabled.
+ */
+ TEH_KYC_NONE = 0,
+
+ /**
+ * We use Oauth2.0.
+ */
+ TEH_KYC_OAUTH2 = 1
+};
+
+
+/**
+ * Structure describing our KYC configuration.
+ */
+struct TEH_KycOptions
+{
+ /**
+ * What KYC mode are we in?
+ */
+ enum TEH_KycMode mode;
+
+ /**
+ * Details depending on @e mode.
+ */
+ union
+ {
+
+ /**
+ * Configuration details if @e mode is #TEH_KYC_OAUTH2.
+ */
+ struct
+ {
+
+ /**
+ * URL of tue OAuth2.0 endpoint for KYC checks.
+ */
+ char *url;
+
+ /**
+ * Our client ID for OAuth2.0.
+ */
+ char *client_id;
+
+ /**
+ * Our client secret for OAuth2.0.
+ */
+ char *client_secret;
+
+ } oauth2;
+
+ } details;
+};
+
+
+extern struct TEH_KycOptions TEH_kyc_config;
+
+/**
* How long is caching /keys allowed at most?
*/
extern struct GNUNET_TIME_Relative TEH_max_keys_caching;