aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/exchange-tools/Makefile.am17
-rw-r--r--src/exchange-tools/taler-exchange-keycheck.c336
-rwxr-xr-xsrc/exchange-tools/test_taler_exchange_keyup.sh142
3 files changed, 0 insertions, 495 deletions
diff --git a/src/exchange-tools/Makefile.am b/src/exchange-tools/Makefile.am
index e60963035..43954c446 100644
--- a/src/exchange-tools/Makefile.am
+++ b/src/exchange-tools/Makefile.am
@@ -15,7 +15,6 @@ endif
bin_PROGRAMS = \
taler-auditor-offline \
taler-exchange-keyup \
- taler-exchange-keycheck \
taler-exchange-offline \
taler-exchange-wire \
taler-exchange-dbinit
@@ -76,16 +75,6 @@ taler_exchange_wire_LDADD = \
$(XLIB)
taler_exchange_wire_LDFLAGS = $(POSTGRESQL_LDFLAGS)
-taler_exchange_keycheck_SOURCES = \
- taler-exchange-keycheck.c
-taler_exchange_keycheck_LDADD = \
- $(LIBGCRYPT_LIBS) \
- $(top_builddir)/src/util/libtalerutil.la \
- $(top_builddir)/src/exchangedb/libtalerexchangedb.la \
- -lgnunetutil \
- $(XLIB)
-taler_exchange_keycheck_LDFLAGS = $(POSTGRESQL_LDFLAGS)
-
taler_exchange_dbinit_SOURCES = \
taler-exchange-dbinit.c
taler_exchange_dbinit_LDADD = \
@@ -107,12 +96,6 @@ taler_exchange_dbinit_CPPFLAGS = \
AM_TESTS_ENVIRONMENT=export TALER_PREFIX=$${TALER_PREFIX:-@libdir@};export PATH=$${TALER_PREFIX:-@prefix@}/bin:$$PATH;
-check_SCRIPTS = \
- test_taler_exchange_keyup.sh
-
-TESTS = \
- $(check_SCRIPTS)
-
# Distribution
EXTRA_DIST = \
diff --git a/src/exchange-tools/taler-exchange-keycheck.c b/src/exchange-tools/taler-exchange-keycheck.c
deleted file mode 100644
index 917ca879f..000000000
--- a/src/exchange-tools/taler-exchange-keycheck.c
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- This file is part of TALER
- Copyright (C) 2014, 2015, 2016 Taler Systems SA
-
- TALER is free software; you can redistribute it and/or modify it under the
- terms of the GNU General Public License as published by the Free Software
- Foundation; either version 3, or (at your option) any later version.
-
- TALER is distributed in the hope that it will be useful, but WITHOUT ANY
- WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
- A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License along with
- TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
-*/
-/**
- * @file taler-exchange-keycheck.c
- * @brief Check exchange keys for validity. Reads the signing and denomination
- * keys from the exchange directory and checks to make sure they are
- * well-formed. This is purely a diagnostic tool.
- * @author Florian Dold
- * @author Benedikt Mueller
- * @author Christian Grothoff
- */
-#include <platform.h>
-#include <gnunet/gnunet_util_lib.h>
-#include "taler_exchangedb_lib.h"
-
-/**
- * Exchange directory with the keys.
- */
-static char *exchange_directory;
-
-/**
- * Our configuration.
- */
-static const struct GNUNET_CONFIGURATION_Handle *kcfg;
-
-/**
- * Return value from main().
- */
-static int global_ret;
-
-/**
- * Option -i used to print full denomination key hashes for
- * denominations of certain amounts.
- */
-static struct TALER_Amount print_dk_amount;
-
-
-/**
- * Function called on each signing key.
- *
- * @param cls closure (NULL)
- * @param filename name of the file the key came from
- * @param ski the sign key
- * @return #GNUNET_OK to continue to iterate,
- * #GNUNET_NO to stop iteration with no error,
- * #GNUNET_SYSERR to abort iteration with error!
- */
-static int
-signkeys_iter (void *cls,
- const char *filename,
- const struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP *ski)
-{
- (void) cls;
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Iterating over key `%s' for start time %s\n",
- filename,
- GNUNET_STRINGS_absolute_time_to_string
- (GNUNET_TIME_absolute_ntoh (ski->issue.start)));
-
- if (ntohl (ski->issue.purpose.size) !=
- (sizeof (struct TALER_ExchangeSigningKeyValidityPS)))
- {
- fprintf (stderr,
- "Signing key `%s' has invalid purpose size\n",
- filename);
- return GNUNET_SYSERR;
- }
- if ( (0 != GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us
- % 1000000) ||
- (0 != GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us
- % 1000000) ||
- (0 != GNUNET_TIME_absolute_ntoh (ski->issue.end).abs_value_us
- % 1000000) )
- {
- fprintf (stderr,
- "Timestamps are not multiples of a round second\n");
- return GNUNET_SYSERR;
- }
-
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
- &ski->issue,
- &ski->master_sig.eddsa_signature,
- &ski->issue.master_public_key.eddsa_pub))
- {
- fprintf (stderr,
- "Signing key `%s' has invalid signature\n",
- filename);
- return GNUNET_SYSERR;
- }
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Signing key `%s' valid\n",
- filename);
- return GNUNET_OK;
-}
-
-
-/**
- * Check signing keys.
- *
- * @return #GNUNET_OK if the keys are OK
- * #GNUNET_NO if not
- */
-static int
-exchange_signkeys_check ()
-{
- if (0 > TALER_EXCHANGEDB_signing_keys_iterate (exchange_directory,
- &signkeys_iter,
- NULL))
- return GNUNET_NO;
- return GNUNET_OK;
-}
-
-
-/**
- * Function called on each denomination key.
- *
- * @param cls closure (NULL)
- * @param dki the denomination key
- * @param alias coin alias
- * @return #GNUNET_OK to continue to iterate,
- * #GNUNET_NO to stop iteration with no error,
- * #GNUNET_SYSERR to abort iteration with error!
- */
-static int
-denomkeys_iter (void *cls,
- const char *alias,
- const struct
- TALER_EXCHANGEDB_DenominationKey *dki)
-{
- struct GNUNET_HashCode hc;
- struct TALER_Amount value;
-
- (void) cls;
- if (ntohl (dki->issue.properties.purpose.size) !=
- sizeof (struct TALER_DenominationKeyValidityPS))
- {
- fprintf (stderr,
- "Denomination key for `%s' has invalid purpose size\n",
- alias);
- return GNUNET_SYSERR;
- }
-
- if ( (0 != GNUNET_TIME_absolute_ntoh (
- dki->issue.properties.start).abs_value_us % 1000000) ||
- (0 != GNUNET_TIME_absolute_ntoh (
- dki->issue.properties.expire_withdraw).abs_value_us % 1000000) ||
- (0 != GNUNET_TIME_absolute_ntoh (
- dki->issue.properties.expire_legal).abs_value_us % 1000000) ||
- (0 != GNUNET_TIME_absolute_ntoh (
- dki->issue.properties.expire_deposit).abs_value_us % 1000000) )
- {
- fprintf (stderr,
- "Timestamps are not multiples of a round second\n");
- return GNUNET_SYSERR;
- }
-
- if (GNUNET_OK !=
- GNUNET_CRYPTO_eddsa_verify (
- TALER_SIGNATURE_MASTER_DENOMINATION_KEY_VALIDITY,
- &dki->issue.properties,
- &dki->issue.signature.eddsa_signature,
- &dki->issue.properties.master.eddsa_pub))
- {
- fprintf (stderr,
- "Denomination key for `%s' has invalid signature\n",
- alias);
- return GNUNET_SYSERR;
- }
- GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key,
- &hc);
- if (0 != GNUNET_memcmp (&hc,
- &dki->issue.properties.denom_hash))
- {
- fprintf (stderr,
- "Public key for `%s' does not match signature\n",
- alias);
- return GNUNET_SYSERR;
- }
- GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
- "Denomination key `%s' (%s) is valid\n",
- alias,
- GNUNET_h2s (&hc));
- TALER_amount_ntoh (&value,
- &dki->issue.properties.value);
- if ( (GNUNET_OK ==
- TALER_amount_cmp_currency (&print_dk_amount,
- &value)) &&
- (0 ==
- TALER_amount_cmp (&print_dk_amount,
- &value)) )
- {
- char *dh;
- struct GNUNET_TIME_Absolute start;
-
- start = GNUNET_TIME_absolute_ntoh (dki->issue.properties.start);
- dh = GNUNET_STRINGS_data_to_string_alloc (&dki->issue.properties.denom_hash,
- sizeof (struct GNUNET_HashCode));
- /* output start time first for easy numeric sorting, then
- the denomination hash, and finally the human-readable start time */
- printf ("%020llu %s %s\n",
- (unsigned long long) start.abs_value_us,
- dh,
- GNUNET_STRINGS_absolute_time_to_string (start));
- GNUNET_free (dh);
- }
- return GNUNET_OK;
-}
-
-
-/**
- * Check denomination keys.
- *
- * @return #GNUNET_OK if the keys are OK
- * #GNUNET_NO if not
- */
-static int
-exchange_denomkeys_check ()
-{
- struct TALER_MasterPublicKeyP master_public_key_from_cfg;
-
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_data (kcfg,
- "exchange",
- "master_public_key",
- &master_public_key_from_cfg,
- sizeof (struct
- GNUNET_CRYPTO_EddsaPublicKey)))
- {
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "exchange",
- "master_public_key");
- return GNUNET_NO;
- }
- if (0 > TALER_EXCHANGEDB_denomination_keys_iterate (exchange_directory,
- &denomkeys_iter,
- NULL))
- return GNUNET_NO;
- return GNUNET_OK;
-}
-
-
-/**
- * Main function that will be run.
- *
- * @param cls closure
- * @param args remaining command-line arguments
- * @param cfgfile name of the configuration file used (for saving, can be NULL!)
- * @param cfg configuration
- */
-static void
-run (void *cls,
- char *const *args,
- const char *cfgfile,
- const struct GNUNET_CONFIGURATION_Handle *cfg)
-{
- (void) cls;
- (void) args;
- (void) cfgfile;
- kcfg = cfg;
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_filename (kcfg,
- "exchange",
- "KEYDIR",
- &exchange_directory))
- {
- GNUNET_log_config_missing (GNUNET_ERROR_TYPE_ERROR,
- "exchange",
- "KEYDIR");
- global_ret = 1;
- return;
- }
-
- if ( (GNUNET_OK != exchange_signkeys_check ()) ||
- (GNUNET_OK != exchange_denomkeys_check ()) )
- {
- global_ret = 1;
- return;
- }
-}
-
-
-/**
- * The main function of the keyup tool
- *
- * @param argc number of arguments from the command line
- * @param argv command line arguments
- * @return 0 ok, 1 on error
- */
-int
-main (int argc,
- char *const *argv)
-{
- const struct GNUNET_GETOPT_CommandLineOption options[] = {
- TALER_getopt_get_amount ('i',
- "denomination-info-hash",
- "AMOUNT",
- "print full denomination hashes of all denominations with the given AMOUNT value",
- &print_dk_amount),
- GNUNET_GETOPT_OPTION_END
- };
-
- /* force linker to link against libtalerutil; if we do
- not do this, the linker may "optimize" libtalerutil
- away and skip #TALER_OS_init(), which we do need */
- (void) TALER_project_data_default ();
- GNUNET_assert (GNUNET_OK ==
- GNUNET_log_setup ("taler-exchange-keycheck",
- "WARNING",
- NULL));
- if (GNUNET_OK !=
- GNUNET_PROGRAM_run (argc, argv,
- "taler-exchange-keycheck",
- "Check keys of the exchange for validity",
- options,
- &run, NULL))
- return 1;
- return global_ret;
-
-}
-
-
-/* end of taler-exchange-keycheck.c */
diff --git a/src/exchange-tools/test_taler_exchange_keyup.sh b/src/exchange-tools/test_taler_exchange_keyup.sh
deleted file mode 100755
index 26f7fe131..000000000
--- a/src/exchange-tools/test_taler_exchange_keyup.sh
+++ /dev/null
@@ -1,142 +0,0 @@
-#!/bin/bash
-#
-# This file is part of TALER
-# Copyright (C) 2015-2020 Taler Systems SA
-#
-# TALER is free software; you can redistribute it and/or modify it under the
-# terms of the GNU Affero General Public License as published by the Free Software
-# Foundation; either version 3, or (at your option) any later version.
-#
-# TALER is distributed in the hope that it will be useful, but WITHOUT ANY
-# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License along with
-# TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
-#
-#
-# This script uses 'curl' to POST various ill-formed requests to the
-# taler-exchange-httpd. Basically, the goal is to make sure that the
-# HTTP server survives (and produces the 'correct' error code).
-#
-#
-# Clear environment from variables that override config.
-unset XDG_DATA_HOME
-unset XDG_CONFIG_HOME
-#
-
-
-# Exit, with status code "skip" (no 'real' failure)
-function exit_skip() {
- echo $1
- exit 77
-}
-
-# test required commands exist
-echo -n "Testing for jq ..."
-jq -h > /dev/null || exit_skip "jq required"
-echo " OK"
-
-CONF="-c test_taler_exchange_httpd.conf"
-
-echo -n "Launching exchange ..."
-PREFIX=
-# Uncomment this line to run with valgrind...
-# PREFIX="valgrind --leak-check=yes --track-fds=yes --error-exitcode=1 --log-file=valgrind.%p"
-
-# Setup database
-taler-exchange-dbinit $CONF &> /dev/null
-# Setup keys.
-taler-exchange-keyup $CONF &> /dev/null || exit 1
-# Setup wire accounts.
-taler-exchange-wire $CONF > /dev/null || exit 1
-# Run Exchange HTTPD (in background)
-$PREFIX taler-exchange-httpd $CONF 2> test-exchange.log &
-
-# Give HTTP time to start
-
-for n in `seq 1 100`
-do
- echo -n "."
- sleep 0.1
- OK=1
- wget http://localhost:8081/ -o /dev/null -O /dev/null >/dev/null && break
- OK=0
-done
-if [ 1 != $OK ]
-then
- echo "Failed to launch exchange"
- kill -TERM $!
- wait $!
- echo Process status: $?
- exit 77
-fi
-echo " DONE"
-
-# Finally run test...
-echo -n "Running tests ... "
-
-# Revoke active denomination key
-REVOKE_DENOM_HASH=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $2}'`
-REVOKE_DENOM_TIME=`taler-exchange-keycheck $CONF -i EUR:1 | sort | head -n1 | awk '{print $1}'`
-
-taler-exchange-keyup $CONF -r "$REVOKE_DENOM_HASH" -k 1024
-
-# check revocation file exists
-RDIR=`taler-config $CONF -f -s exchange -o REVOCATION_DIR`
-if [ -f "$RDIR"/$REVOKE_DENOM_HASH.rev ]
-then
- echo -n "REV-OK "
-else
- echo -n "REV-FAIL ($RDIR) "
- RET=1
-fi
-
-# Check we now have two keys for that timestamp
-CNT=`taler-exchange-keycheck $CONF -i EUR:1 | awk '{print $1}' | grep -- "$REVOKE_DENOM_TIME" | wc -l`
-
-if [ x2 != x${CNT} ]
-then
- echo -n "CNT-FAIL (${CNT}) "
- RET=1
-else
- echo -n "CNT-OK "
-fi
-
-# Reload keys (and revocation data) at the exchange
-kill -SIGUSR1 $!
-
-# Give exchange chance to parse and reload keys
-sleep 5
-
-# Download (updated) keys
-wget http://localhost:8081/keys -O keys.json -o /dev/null >/dev/null
-
-RK=`jq -er .recoup[0].h_denom_pub < keys.json`
-if [ x$RK != x$REVOKE_DENOM_HASH ]
-then
- echo -n "KEYS-FAIL ($RK vs $REVOKE_DENOM_HASH)"
- RET=1
-else
- echo -n "KEYS-OK"
-fi
-
-echo " DONE"
-# $! is the last backgrounded process, hence the exchange
-kill -TERM $!
-wait $!
-if [ 0 != $? ]
-then
- RET=4
-fi
-
-echo "Final cleanup"
-# Can't leave revocations around, would mess up next test run
-rm -r "$RDIR"
-# Also cleaning up live keys, as otherwise we have two for the revoked denomination type next time
-KDIR=`taler-config $CONF -f -s exchange -o KEYDIR`
-rm -r "$KDIR"
-# Clean up our temporary file
-rm keys.json
-
-exit $RET