1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
/*
This file is part of TALER
(C) 2014 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU Affero General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with
TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file taler-mint-httpd_keys.h
* @brief Handle /keys requests and manage key state
* @author Florian Dold
* @author Benedikt Mueller
* @author Christian Grothoff
*/
#ifndef TALER_MINT_HTTPD_KEYS_H
#define TALER_MINT_HTTPD_KEYS_H
#include <gnunet/gnunet_util_lib.h>
#include <microhttpd.h>
#include <jansson.h>
#include "taler-mint-httpd.h"
#include "mint.h"
/**
* Snapshot of the (coin and signing)
* keys (including private keys) of the mint.
*/
struct MintKeyState
{
/**
* When did we initiate the key reloading?
*/
struct GNUNET_TIME_Absolute reload_time;
/**
* JSON array with denomination keys.
*/
json_t *denom_keys_array;
/**
* JSON array with signing keys.
*/
json_t *sign_keys_array;
/**
* Mapping from denomination keys to denomination key issue struct.
*/
struct GNUNET_CONTAINER_MultiHashMap *denomkey_map;
/**
* When is the next key invalid and we have to reload?
*/
struct GNUNET_TIME_Absolute next_reload;
/**
* Mint signing key that should be used currently.
*/
struct TALER_MINT_SignKeyIssuePriv current_sign_key_issue;
/**
* Cached JSON text that the mint will send for
* a /keys request.
*/
char *keys_json;
/**
* Reference count.
*/
unsigned int refcnt;
};
/**
* Release key state, free if necessary (if reference count gets to zero).
*
* @param key_state the key state to release
*/
void
TALER_MINT_key_state_release (struct MintKeyState *key_state);
/**
* Acquire the key state of the mint. Updates keys if necessary.
* For every call to #TALER_MINT_key_state_acquire, a matching call
* to #TALER_MINT_key_state_release must be made.
*
* @return the key state
*/
struct MintKeyState *
TALER_MINT_key_state_acquire (void);
/**
* Look up the issue for a denom public key.
*
* @param key state to look in
* @param denom_pub denomination public key
* @return the denomination key issue,
* or NULL if denom_pub could not be found
*/
struct TALER_MINT_DenomKeyIssuePriv *
TALER_MINT_get_denom_key (const struct MintKeyState *key_state,
const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub);
/**
* Check if a coin is valid; that is, whether the denomination key exists,
* is not expired, and the signature is correct.
*
* @param key_state the key state to use for checking the coin's validity
* @param coin_public_info the coin public info to check for validity
* @return #GNUNET_YES if the coin is valid,
* #GNUNET_NO if it is invalid
* #GNUNET_SYSERROR if an internal error occured
*/
int
TALER_MINT_test_coin_valid (const struct MintKeyState *key_state,
struct TALER_CoinPublicInfo *coin_public_info);
/**
* Read signals from a pipe in a loop, and reload keys from disk if
* SIGUSR1 is read from the pipe.
*
* @return #GNUNET_OK if we terminated normally, #GNUNET_SYSERR on error
*/
int
TALER_MINT_key_reload_loop (void);
/**
* Handle a "/keys" request
*
* @param rh context of the handler
* @param connection the MHD connection to handle
* @param[IN|OUT] connection_cls the connection's closure (can be updated)
* @param upload_data upload data
* @param[IN|OUT] upload_data_size number of bytes (left) in @a upload_data
* @return MHD result code
*/
int
TALER_MINT_handler_keys (struct RequestHandler *rh,
struct MHD_Connection *connection,
void **connection_cls,
const char *upload_data,
size_t *upload_data_size);
/**
* Sign the message in @a purpose with the mint's signing
* key.
*
* @param purpose the message to sign
* @param[OUT] sig signature over purpose using current signing key
*/
void
TALER_MINT_keys_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct GNUNET_CRYPTO_EddsaSignature *sig);
#endif
|