From 752f10273860d2496fc3eb1e03de6ad4451e7c0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96zg=C3=BCr=20Kesim?= Date: Fri, 4 Nov 2022 12:18:16 +0100 Subject: policy extensions and age restriction refactoring - refactoring of extension-plugin-mechanism - refactoring of age restriction extension - added policy extensions plugin plumbing - added DB schema and api - policy_details - policy_fulfillments --- src/lib/auditor_api_deposit_confirmation.c | 14 +++++++------- src/lib/exchange_api_batch_deposit.c | 18 +++++++++--------- src/lib/exchange_api_common.c | 11 ++++++++--- src/lib/exchange_api_common.h | 4 ++-- src/lib/exchange_api_deposit.c | 16 ++++++++-------- src/lib/exchange_api_handle.c | 26 +++++++++++++++++--------- src/lib/exchange_api_refund.c | 13 ++++++++----- 7 files changed, 59 insertions(+), 43 deletions(-) (limited to 'src/lib') diff --git a/src/lib/auditor_api_deposit_confirmation.c b/src/lib/auditor_api_deposit_confirmation.c index c4542d0eb..82537e25a 100644 --- a/src/lib/auditor_api_deposit_confirmation.c +++ b/src/lib/auditor_api_deposit_confirmation.c @@ -153,7 +153,7 @@ handle_deposit_confirmation_finished (void *cls, * Verify signature information about the deposit-confirmation. * * @param h_wire hash of merchant wire details - * @param h_extensions hash over the extensions, if any + * @param h_policy hash over the policy extension, if any * @param h_contract_terms hash of the contact of the merchant with the customer (further details are never disclosed to the auditor) * @param exchange_timestamp timestamp when the deposit was received by the wallet * @param wire_deadline by what time must the amount be wired to the merchant @@ -172,7 +172,7 @@ handle_deposit_confirmation_finished (void *cls, */ static enum GNUNET_GenericReturnValue verify_signatures (const struct TALER_MerchantWireHashP *h_wire, - const struct TALER_ExtensionContractHashP *h_extensions, + const struct TALER_ExtensionPolicyHashP *h_policy, const struct TALER_PrivateContractHashP *h_contract_terms, struct GNUNET_TIME_Timestamp exchange_timestamp, struct GNUNET_TIME_Timestamp wire_deadline, @@ -192,7 +192,7 @@ verify_signatures (const struct TALER_MerchantWireHashP *h_wire, TALER_exchange_online_deposit_confirmation_verify ( h_contract_terms, h_wire, - h_extensions, + h_policy, exchange_timestamp, wire_deadline, refund_deadline, @@ -239,7 +239,7 @@ struct TALER_AUDITOR_DepositConfirmationHandle * TALER_AUDITOR_deposit_confirmation ( struct TALER_AUDITOR_Handle *auditor, const struct TALER_MerchantWireHashP *h_wire, - const struct TALER_ExtensionContractHashP *h_extensions, + const struct TALER_ExtensionPolicyHashP *h_policy, const struct TALER_PrivateContractHashP *h_contract_terms, struct GNUNET_TIME_Timestamp exchange_timestamp, struct GNUNET_TIME_Timestamp wire_deadline, @@ -266,7 +266,7 @@ TALER_AUDITOR_deposit_confirmation ( TALER_AUDITOR_handle_is_ready_ (auditor)); if (GNUNET_OK != verify_signatures (h_wire, - h_extensions, + h_policy, h_contract_terms, exchange_timestamp, wire_deadline, @@ -290,8 +290,8 @@ TALER_AUDITOR_deposit_confirmation ( = GNUNET_JSON_PACK ( GNUNET_JSON_pack_data_auto ("h_wire", h_wire), - GNUNET_JSON_pack_data_auto ("h_extensions", - h_extensions), + GNUNET_JSON_pack_data_auto ("h_policy", + h_policy), GNUNET_JSON_pack_data_auto ("h_contract_terms", h_contract_terms), GNUNET_JSON_pack_timestamp ("exchange_timestamp", diff --git a/src/lib/exchange_api_batch_deposit.c b/src/lib/exchange_api_batch_deposit.c index 39c1c9b4f..ca5c3c618 100644 --- a/src/lib/exchange_api_batch_deposit.c +++ b/src/lib/exchange_api_batch_deposit.c @@ -99,7 +99,7 @@ struct TALER_EXCHANGE_BatchDepositHandle /** * Hash over the extensions, or all zero. */ - struct TALER_ExtensionContractHashP h_extensions; + struct TALER_ExtensionPolicyHashP h_policy; /** * Time when this confirmation was generated / when the exchange received @@ -185,7 +185,7 @@ auditor_cb (void *cls, aie->dch = TALER_AUDITOR_deposit_confirmation ( ah, &dh->h_wire, - &dh->h_extensions, + &dh->h_policy, &dh->dcd.h_contract_terms, dh->exchange_timestamp, dh->dcd.wire_deadline, @@ -317,7 +317,7 @@ handle_deposit_finished (void *cls, TALER_exchange_online_deposit_confirmation_verify ( &dh->dcd.h_contract_terms, &dh->h_wire, - &dh->h_extensions, + &dh->h_policy, dh->exchange_timestamp, dh->dcd.wire_deadline, dh->dcd.refund_deadline, @@ -492,9 +492,9 @@ TALER_EXCHANGE_batch_deposit ( * sizeof (*cdds)); dh->num_cdds = num_cdds; dh->dcd = *dcd; - if (NULL != dcd->extension_details) - TALER_deposit_extension_hash (dcd->extension_details, - &dh->h_extensions); + if (NULL != dcd->policy_details) + TALER_deposit_policy_hash (dcd->policy_details, + &dh->h_policy); TALER_merchant_wire_signature_hash (dcd->merchant_payto_uri, &dcd->wire_salt, &dh->h_wire); @@ -533,7 +533,7 @@ TALER_EXCHANGE_batch_deposit ( if (GNUNET_OK != TALER_EXCHANGE_verify_deposit_signature_ (dcd, - &dh->h_extensions, + &dh->h_policy, &dh->h_wire, cdd, dki)) @@ -586,8 +586,8 @@ TALER_EXCHANGE_batch_deposit ( GNUNET_JSON_pack_array_steal ("coins", deposits), GNUNET_JSON_pack_allow_null ( - GNUNET_JSON_pack_object_steal ("extension_details", - NULL)), /* FIXME #7270-Oec */ + GNUNET_JSON_pack_object_steal ("policy_details", + dcd->policy_details)), GNUNET_JSON_pack_timestamp ("timestamp", dcd->timestamp), GNUNET_JSON_pack_data_auto ("merchant_pub", diff --git a/src/lib/exchange_api_common.c b/src/lib/exchange_api_common.c index 3041e6e0e..3807b997f 100644 --- a/src/lib/exchange_api_common.c +++ b/src/lib/exchange_api_common.c @@ -844,7 +844,8 @@ help_deposit (struct CoinHistoryParseContext *pc, { struct TALER_MerchantWireHashP h_wire; struct TALER_PrivateContractHashP h_contract_terms; - // struct TALER_ExtensionContractHashP h_extensions; // FIXME #7270! + struct TALER_ExtensionPolicyHashP h_policy; + bool no_h_policy; struct GNUNET_TIME_Timestamp wallet_timestamp; struct TALER_MerchantPublicKeyP merchant_pub; struct GNUNET_TIME_Timestamp refund_deadline = {0}; @@ -863,6 +864,10 @@ help_deposit (struct CoinHistoryParseContext *pc, GNUNET_JSON_spec_fixed_auto ("h_age_commitment", &hac), &no_hac), + GNUNET_JSON_spec_mark_optional ( + GNUNET_JSON_spec_fixed_auto ("h_policy", + &h_policy), + &no_h_policy), GNUNET_JSON_spec_timestamp ("timestamp", &wallet_timestamp), GNUNET_JSON_spec_mark_optional ( @@ -891,7 +896,7 @@ help_deposit (struct CoinHistoryParseContext *pc, &h_wire, &h_contract_terms, no_hac ? NULL : &hac, - NULL /* h_extensions! */, + no_h_policy ? NULL : &h_policy, &pc->dk->h_key, wallet_timestamp, &merchant_pub, @@ -2143,7 +2148,7 @@ TALER_EXCHANGE_get_min_denomination_ ( enum GNUNET_GenericReturnValue TALER_EXCHANGE_verify_deposit_signature_ ( const struct TALER_EXCHANGE_DepositContractDetail *dcd, - const struct TALER_ExtensionContractHashP *ech, + const struct TALER_ExtensionPolicyHashP *ech, const struct TALER_MerchantWireHashP *h_wire, const struct TALER_EXCHANGE_CoinDepositDetail *cdd, const struct TALER_EXCHANGE_DenomPublicKey *dki) diff --git a/src/lib/exchange_api_common.h b/src/lib/exchange_api_common.h index a75ed3ed2..80c36daf1 100644 --- a/src/lib/exchange_api_common.h +++ b/src/lib/exchange_api_common.h @@ -203,7 +203,7 @@ TALER_EXCHANGE_get_min_denomination_ ( * Verify signature information about the deposit. * * @param dcd contract details - * @param ech hashed contract (passed to avoid recomputation) + * @param ech hashed policy (passed to avoid recomputation) * @param h_wire hashed wire details (passed to avoid recomputation) * @param cdd coin-specific details * @param dki denomination of the coin @@ -212,7 +212,7 @@ TALER_EXCHANGE_get_min_denomination_ ( enum GNUNET_GenericReturnValue TALER_EXCHANGE_verify_deposit_signature_ ( const struct TALER_EXCHANGE_DepositContractDetail *dcd, - const struct TALER_ExtensionContractHashP *ech, + const struct TALER_ExtensionPolicyHashP *ech, const struct TALER_MerchantWireHashP *h_wire, const struct TALER_EXCHANGE_CoinDepositDetail *cdd, const struct TALER_EXCHANGE_DenomPublicKey *dki); diff --git a/src/lib/exchange_api_deposit.c b/src/lib/exchange_api_deposit.c index 3ba986b2d..8f179b72c 100644 --- a/src/lib/exchange_api_deposit.c +++ b/src/lib/exchange_api_deposit.c @@ -97,9 +97,9 @@ struct TALER_EXCHANGE_DepositHandle struct TALER_MerchantWireHashP h_wire; /** - * Hash over the extensions, or all zero. + * Hash over the policy extension, or all zero. */ - struct TALER_ExtensionContractHashP h_extensions; + struct TALER_ExtensionPolicyHashP h_policy; /** * Time when this confirmation was generated / when the exchange received @@ -177,7 +177,7 @@ auditor_cb (void *cls, aie->dch = TALER_AUDITOR_deposit_confirmation ( ah, &dh->h_wire, - &dh->h_extensions, + &dh->h_policy, &dh->dcd.h_contract_terms, dh->exchange_timestamp, dh->dcd.wire_deadline, @@ -277,7 +277,7 @@ handle_deposit_finished (void *cls, TALER_exchange_online_deposit_confirmation_verify ( &dh->dcd.h_contract_terms, &dh->h_wire, - &dh->h_extensions, + &dh->h_policy, dh->exchange_timestamp, dh->dcd.wire_deadline, dh->dcd.refund_deadline, @@ -446,15 +446,15 @@ TALER_EXCHANGE_deposit ( dh->cb_cls = cb_cls; dh->cdd = *cdd; dh->dcd = *dcd; - if (NULL != dcd->extension_details) - TALER_deposit_extension_hash (dcd->extension_details, - &dh->h_extensions); + if (NULL != dcd->policy_details) + TALER_deposit_policy_hash (dcd->policy_details, + &dh->h_policy); TALER_merchant_wire_signature_hash (dcd->merchant_payto_uri, &dcd->wire_salt, &dh->h_wire); if (GNUNET_OK != TALER_EXCHANGE_verify_deposit_signature_ (dcd, - &dh->h_extensions, + &dh->h_policy, &dh->h_wire, cdd, dki)) diff --git a/src/lib/exchange_api_handle.c b/src/lib/exchange_api_handle.c index d6e12cc17..14ba73174 100644 --- a/src/lib/exchange_api_handle.c +++ b/src/lib/exchange_api_handle.c @@ -898,17 +898,20 @@ decode_keys_json (const json_t *resp_obj, /* TODO: maybe lift all this into a FP in TALER_Extension ? */ { struct TALER_MasterSignatureP extensions_sig = {0}; - json_t *extensions = NULL; + json_t *manifests = NULL; + bool no_extensions = false; + bool no_signature = false; + struct GNUNET_JSON_Specification ext_spec[] = { GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_json ("extensions", - &extensions), - NULL), + &manifests), + &no_extensions), GNUNET_JSON_spec_mark_optional ( GNUNET_JSON_spec_fixed_auto ( "extensions_sig", &extensions_sig), - NULL), + &no_signature), GNUNET_JSON_spec_end () }; @@ -918,22 +921,27 @@ decode_keys_json (const json_t *resp_obj, ext_spec, NULL, NULL)); - if (NULL != extensions) + + if (! no_extensions && no_signature) + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, + "found extensions without signature\n"); + + if (! no_extensions && ! no_signature) { /* 2. We have an extensions object. Verify its signature. */ EXITIF (GNUNET_OK != - TALER_extensions_verify_json_config_signature ( - extensions, + TALER_extensions_verify_manifests_signature ( + manifests, &extensions_sig, &key_data->master_pub)); /* 3. Parse and set the the configuration of the extensions accordingly */ EXITIF (GNUNET_OK != - TALER_extensions_load_json_config (extensions)); + TALER_extensions_load_manifests (manifests)); } /* 4. assuming we might have now a new value for age_mask, set it in key_data */ - key_data->age_mask = TALER_extensions_age_restriction_ageMask (); + key_data->age_mask = TALER_extensions_get_age_restriction_mask (); } /** diff --git a/src/lib/exchange_api_refund.c b/src/lib/exchange_api_refund.c index a937c18af..855b4fcc7 100644 --- a/src/lib/exchange_api_refund.c +++ b/src/lib/exchange_api_refund.c @@ -236,7 +236,8 @@ verify_conflict_history_ok (struct TALER_EXCHANGE_RefundHandle *rh, struct TALER_PrivateContractHashP h_contract_terms; struct TALER_AgeCommitmentHash h_age_commitment; bool no_hac; - // struct TALER_ExtensionContractHashP h_extensions; // FIXME #7270! + struct TALER_ExtensionPolicyHashP h_policy; + bool no_h_policy; struct GNUNET_TIME_Timestamp wallet_timestamp; struct TALER_MerchantPublicKeyP merchant_pub; struct GNUNET_TIME_Timestamp refund_deadline; @@ -252,6 +253,10 @@ verify_conflict_history_ok (struct TALER_EXCHANGE_RefundHandle *rh, GNUNET_JSON_spec_fixed_auto ("h_age_commitment", &h_age_commitment), &no_hac), + GNUNET_JSON_spec_mark_optional ( + GNUNET_JSON_spec_fixed_auto ("h_policy", + &h_policy), + &no_h_policy), GNUNET_JSON_spec_timestamp ("timestamp", &wallet_timestamp), GNUNET_JSON_spec_timestamp ("refund_deadline", @@ -277,10 +282,8 @@ verify_conflict_history_ok (struct TALER_EXCHANGE_RefundHandle *rh, &deposit_fee, &h_wire, &h_contract_terms, - no_hac - ? NULL - : &h_age_commitment, - NULL /* FIXME #7270-OEC: h_extensions! */, + no_hac ? NULL : &h_age_commitment, + no_h_policy ? NULL: &h_policy, &h_denom_pub, wallet_timestamp, &merchant_pub, -- cgit v1.2.3