aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/include/taler_signatures.h18
-rw-r--r--src/include/taler_testing_lib.h31
-rw-r--r--src/testing/Makefile.am1
-rw-r--r--src/testing/testing_api_cmd_revoke_denom_key.c2
-rw-r--r--src/testing/testing_api_cmd_revoke_sign_key.c297
5 files changed, 335 insertions, 14 deletions
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index 90d772441..d80b267cf 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -1205,6 +1205,24 @@ struct TALER_MasterDenominationKeyRevocationPS
/**
+ * @brief Message confirming that an exchange online signing key was revoked.
+ */
+struct TALER_MasterSigningKeyRevocationPS
+{
+ /**
+ * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED.
+ */
+ struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+ /**
+ * The exchange's public key.
+ */
+ struct TALER_ExchangePublicKeyP exchange_pub;
+
+};
+
+
+/**
* @brief Format used to generate the signature on a request to obtain
* the wire transfer identifier associated with a deposit.
*/
diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h
index 9ddc28a3b..65df94945 100644
--- a/src/include/taler_testing_lib.h
+++ b/src/include/taler_testing_lib.h
@@ -2112,7 +2112,7 @@ TALER_TESTING_cmd_offline_sign_keys (const char *label,
* @return the command
*/
struct TALER_TESTING_Command
-TALER_TESTING_cmd_revoke_denomination (
+TALER_TESTING_cmd_revoke_denom_key (
const char *label,
unsigned int expected_response_code,
bool bad_sig,
@@ -2120,32 +2120,37 @@ TALER_TESTING_cmd_revoke_denomination (
/**
- * Have the auditor affirm that it is auditing the given
- * denomination key and upload the auditor's signature to
- * the exchange.
+ * Revoke an exchange online signing key.
*
* @param label command label.
- * @param denom_ref reference to a command that identifies
- * a denomination key (i.e. because it was used to
- * withdraw a coin).
+ * @param expected_http_status expected HTTP status from exchange
+ * @param bad_sig should we use a bogus signature?
+ * @param signkey_ref reference to a command that identifies
+ * a signing key (i.e. because it was used to
+ * sign a deposit confirmation).
* @return the command
*/
struct TALER_TESTING_Command
-TALER_TESTING_cmd_auditor_add_denom_key (const char *denom_ref);
+TALER_TESTING_cmd_revoke_sign_key (
+ const char *label,
+ unsigned int expected_response_code,
+ bool bad_sig,
+ const char *signkey_ref);
/**
- * Revoke an exchange signing key.
+ * Have the auditor affirm that it is auditing the given
+ * denomination key and upload the auditor's signature to
+ * the exchange.
*
* @param label command label.
* @param denom_ref reference to a command that identifies
- * a signing key (i.e. because it was used to
- * sign a deposit confirmation).
+ * a denomination key (i.e. because it was used to
+ * withdraw a coin).
* @return the command
*/
struct TALER_TESTING_Command
-TALER_TESTING_cmd_revoke_denom_key (const char *label,
- const char *signkey_ref);
+TALER_TESTING_cmd_auditor_add_denom_key (const char *denom_ref);
/* *** Generic trait logic for implementing traits ********* */
diff --git a/src/testing/Makefile.am b/src/testing/Makefile.am
index a2a016acf..7539cecc3 100644
--- a/src/testing/Makefile.am
+++ b/src/testing/Makefile.am
@@ -65,6 +65,7 @@ libtalertesting_la_SOURCES = \
testing_api_cmd_refresh.c \
testing_api_cmd_revoke.c \
testing_api_cmd_revoke_denom_key.c \
+ testing_api_cmd_revoke_sign_key.c \
testing_api_cmd_rewind.c \
testing_api_cmd_serialize_keys.c \
testing_api_cmd_signal.c \
diff --git a/src/testing/testing_api_cmd_revoke_denom_key.c b/src/testing/testing_api_cmd_revoke_denom_key.c
index 133838e38..2e524338c 100644
--- a/src/testing/testing_api_cmd_revoke_denom_key.c
+++ b/src/testing/testing_api_cmd_revoke_denom_key.c
@@ -271,7 +271,7 @@ revoke_run (void *cls,
struct TALER_TESTING_Command
-TALER_TESTING_cmd_revoke_denomination (
+TALER_TESTING_cmd_revoke_denom_key (
const char *label,
unsigned int expected_response_code,
bool bad_sig,
diff --git a/src/testing/testing_api_cmd_revoke_sign_key.c b/src/testing/testing_api_cmd_revoke_sign_key.c
new file mode 100644
index 000000000..72f288d78
--- /dev/null
+++ b/src/testing/testing_api_cmd_revoke_sign_key.c
@@ -0,0 +1,297 @@
+/*
+ This file is part of TALER
+ Copyright (C) 2014-2020 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 3, or
+ (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public
+ License along with TALER; see the file COPYING. If not, see
+ <http://www.gnu.org/licenses/>
+*/
+/**
+ * @file testing/testing_api_cmd_revoke_sign_key.c
+ * @brief Implement the revoke test command.
+ * @author Christian Grothoff
+ */
+#include "platform.h"
+#include "taler_json_lib.h"
+#include <gnunet/gnunet_curl_lib.h>
+#include "taler_signatures.h"
+#include "taler_testing_lib.h"
+
+
+/**
+ * State for a "revoke" CMD.
+ */
+struct RevokeState
+{
+ /**
+ * Expected HTTP status code.
+ */
+ unsigned int expected_response_code;
+
+ /**
+ * Command that offers a signination to revoke.
+ */
+ const char *coin_reference;
+
+ /**
+ * The interpreter state.
+ */
+ struct TALER_TESTING_Interpreter *is;
+
+ /**
+ * Handle for the operation.
+ */
+ struct TALER_EXCHANGE_ManagementRevokeSigningKeyHandle *kh;
+
+ /**
+ * Should we use a bogus signature?
+ */
+ bool bad_sig;
+
+};
+
+
+/**
+ * Function called with information about the post revocation operation result.
+ *
+ * @param cls closure with a `struct RevokeState *`
+ * @param hr HTTP response data
+ */
+static void
+success_cb (
+ void *cls,
+ const struct TALER_EXCHANGE_HttpResponse *hr)
+{
+ struct RevokeState *rs = cls;
+
+ rs->kh = NULL;
+ if (rs->expected_response_code != hr->http_status)
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Unexpected response code %u to command %s in %s:%u\n",
+ hr->http_status,
+ rs->is->commands[rs->is->ip].label,
+ __FILE__,
+ __LINE__);
+ json_dumpf (hr->reply,
+ stderr,
+ 0);
+ TALER_TESTING_interpreter_fail (rs->is);
+ return;
+ }
+ TALER_TESTING_interpreter_next (rs->is);
+}
+
+
+/**
+ * Cleanup the state.
+ *
+ * @param cls closure, must be a `struct RevokeState`.
+ * @param cmd the command which is being cleaned up.
+ */
+static void
+revoke_cleanup (void *cls,
+ const struct TALER_TESTING_Command *cmd)
+{
+ struct RevokeState *rs = cls;
+
+ if (NULL != rs->kh)
+ {
+ TALER_EXCHANGE_management_revoke_signing_key_cancel (rs->kh);
+ rs->kh = NULL;
+ }
+ GNUNET_free (rs);
+}
+
+
+/**
+ * Offer internal data from a "revoke" CMD to other CMDs.
+ *
+ * @param cls closure
+ * @param[out] ret result (could be anything)
+ * @param trait name of the trait
+ * @param index index number of the object to offer.
+ * @return #GNUNET_OK on success
+ */
+static int
+revoke_traits (void *cls,
+ const void **ret,
+ const char *trait,
+ unsigned int index)
+{
+ struct RevokeState *rs = cls;
+ struct TALER_TESTING_Trait traits[] = {
+ TALER_TESTING_trait_end ()
+ };
+
+ (void) rs;
+ return TALER_TESTING_get_trait (traits,
+ ret,
+ trait,
+ index);
+}
+
+
+/**
+ * Run the "revoke" command. The core of the function
+ * is to call the "keyup" utility passing it the base32
+ * encoding of the signination to revoke.
+ *
+ * @param cls closure.
+ * @param cmd the command to execute.
+ * @param is the interpreter state.
+ */
+static void
+revoke_run (void *cls,
+ const struct TALER_TESTING_Command *cmd,
+ struct TALER_TESTING_Interpreter *is)
+{
+ struct RevokeState *rs = cls;
+ const struct TALER_TESTING_Command *coin_cmd;
+ const struct TALER_ExchangePublicKeyP *exchange_pub;
+ char *exchange_url;
+ struct TALER_MasterSignatureP master_sig;
+
+ rs->is = is;
+ /* Get sign pub from trait */
+ coin_cmd = TALER_TESTING_interpreter_lookup_command (is,
+ rs->coin_reference);
+
+ if (NULL == coin_cmd)
+ {
+ GNUNET_break (0);
+ TALER_TESTING_interpreter_fail (is);
+ return;
+ }
+ GNUNET_assert (GNUNET_OK ==
+ TALER_TESTING_get_trait_exchange_pub (coin_cmd,
+ 0,
+ &exchange_pub));
+ GNUNET_log (GNUNET_ERROR_TYPE_INFO,
+ "Trying to revoke sign '%s..'\n",
+ TALER_B2S (exchange_pub));
+ if (rs->bad_sig)
+ {
+ memset (&master_sig,
+ 42,
+ sizeof (master_sig));
+ }
+ else
+ {
+ char *fn;
+ struct TALER_MasterPrivateKeyP master_priv;
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_filename (is->cfg,
+ "exchange-offline",
+ "MASTER_PRIV_FILE",
+ &fn))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange-offline",
+ "MASTER_PRIV_FILE");
+ TALER_TESTING_interpreter_next (rs->is);
+ return;
+ }
+ if (GNUNET_SYSERR ==
+ GNUNET_DISK_directory_create_for_file (fn))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not setup directory for master private key file `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (rs->is);
+ return;
+ }
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_key_from_file (fn,
+ GNUNET_YES,
+ &master_priv.eddsa_priv))
+ {
+ GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+ "Could not load master private key from `%s'\n",
+ fn);
+ GNUNET_free (fn);
+ TALER_TESTING_interpreter_next (rs->is);
+ return;
+ }
+ GNUNET_free (fn);
+
+ /* now sign */
+ {
+ struct TALER_MasterSigningKeyRevocationPS kv = {
+ .purpose.purpose = htonl (
+ TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
+ .purpose.size = htonl (sizeof (kv)),
+ .exchange_pub = *exchange_pub
+ };
+
+ GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv,
+ &kv,
+ &master_sig.eddsa_signature);
+ }
+ }
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (is->cfg,
+ "exchange",
+ "BASE_URL",
+ &exchange_url))
+ {
+ GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
+ "exchange",
+ "BASE_URL");
+ TALER_TESTING_interpreter_next (rs->is);
+ return;
+ }
+ rs->kh = TALER_EXCHANGE_management_revoke_signing_key (
+ is->ctx,
+ exchange_url,
+ exchange_pub,
+ &master_sig,
+ &success_cb,
+ rs);
+ GNUNET_free (exchange_url);
+ if (NULL == rs->kh)
+ {
+ GNUNET_break (0);
+ TALER_TESTING_interpreter_fail (is);
+ return;
+ }
+}
+
+
+struct TALER_TESTING_Command
+TALER_TESTING_cmd_revoke_sign_key (
+ const char *label,
+ unsigned int expected_response_code,
+ bool bad_sig,
+ const char *sign_ref)
+{
+ struct RevokeState *rs;
+
+ rs = GNUNET_new (struct RevokeState);
+ rs->expected_response_code = expected_response_code;
+ rs->coin_reference = sign_ref;
+ rs->bad_sig = bad_sig;
+ {
+ struct TALER_TESTING_Command cmd = {
+ .cls = rs,
+ .label = label,
+ .run = &revoke_run,
+ .cleanup = &revoke_cleanup,
+ .traits = &revoke_traits
+ };
+
+ return cmd;
+ }
+}