Line data Source code
1 : /*
2 : This file is part of TALER
3 : Copyright (C) 2014-2020 Taler Systems SA
4 :
5 : TALER is free software; you can redistribute it and/or modify it under the
6 : terms of the GNU Affero General Public License as published by the Free Software
7 : Foundation; either version 3, or (at your option) any later version.
8 :
9 : TALER is distributed in the hope that it will be useful, but WITHOUT ANY
10 : WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 : A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
12 :
13 : You should have received a copy of the GNU Affero General Public License along with
14 : TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
15 : */
16 : /**
17 : * @file taler-auditor-httpd_deposit-confirmation.c
18 : * @brief Handle /deposit-confirmation requests; parses the POST and JSON and
19 : * verifies the coin signature before handing things off
20 : * to the database.
21 : * @author Christian Grothoff
22 : */
23 : #include "platform.h"
24 : #include <gnunet/gnunet_util_lib.h>
25 : #include <gnunet/gnunet_json_lib.h>
26 : #include <jansson.h>
27 : #include <microhttpd.h>
28 : #include <pthread.h>
29 : #include "taler_json_lib.h"
30 : #include "taler_mhd_lib.h"
31 : #include "taler-auditor-httpd.h"
32 : #include "taler-auditor-httpd_deposit-confirmation.h"
33 :
34 :
35 : GNUNET_NETWORK_STRUCT_BEGIN
36 :
37 : /**
38 : * @brief Information about a signing key of the exchange. Signing keys are used
39 : * to sign exchange messages other than coins, i.e. to confirm that a
40 : * deposit was successful or that a refresh was accepted.
41 : */
42 : struct ExchangeSigningKeyDataP
43 : {
44 :
45 : /**
46 : * When does this signing key begin to be valid?
47 : */
48 : struct GNUNET_TIME_TimestampNBO start;
49 :
50 : /**
51 : * When does this signing key expire? Note: This is currently when
52 : * the Exchange will definitively stop using it. Signatures made with
53 : * the key remain valid until @e end. When checking validity periods,
54 : * clients should allow for some overlap between keys and tolerate
55 : * the use of either key during the overlap time (due to the
56 : * possibility of clock skew).
57 : */
58 : struct GNUNET_TIME_TimestampNBO expire;
59 :
60 : /**
61 : * When do signatures with this signing key become invalid? After
62 : * this point, these signatures cannot be used in (legal) disputes
63 : * anymore, as the Exchange is then allowed to destroy its side of the
64 : * evidence. @e end is expected to be significantly larger than @e
65 : * expire (by a year or more).
66 : */
67 : struct GNUNET_TIME_TimestampNBO end;
68 :
69 : /**
70 : * The public online signing key that the exchange will use
71 : * between @e start and @e expire.
72 : */
73 : struct TALER_ExchangePublicKeyP signkey_pub;
74 : };
75 :
76 : GNUNET_NETWORK_STRUCT_END
77 :
78 :
79 : /**
80 : * Cache of already verified exchange signing keys. Maps the hash of the
81 : * `struct TALER_ExchangeSigningKeyValidityPS` to the (static) string
82 : * "verified" or "revoked". Access to this map is guarded by the #lock.
83 : */
84 : static struct GNUNET_CONTAINER_MultiHashMap *cache;
85 :
86 : /**
87 : * Lock for operations on #cache.
88 : */
89 : static pthread_mutex_t lock;
90 :
91 :
92 : /**
93 : * We have parsed the JSON information about the deposit, do some
94 : * basic sanity checks (especially that the signature on the coin is
95 : * valid, and that this type of coin exists) and then execute the
96 : * deposit.
97 : *
98 : * @param connection the MHD connection to handle
99 : * @param dc information about the deposit confirmation
100 : * @param es information about the exchange's signing key
101 : * @return MHD result code
102 : */
103 : static MHD_RESULT
104 0 : verify_and_execute_deposit_confirmation (
105 : struct MHD_Connection *connection,
106 : const struct TALER_AUDITORDB_DepositConfirmation *dc,
107 : const struct TALER_AUDITORDB_ExchangeSigningKey *es)
108 : {
109 : enum GNUNET_DB_QueryStatus qs;
110 : struct GNUNET_HashCode h;
111 : const char *cached;
112 0 : struct ExchangeSigningKeyDataP skv = {
113 0 : .start = GNUNET_TIME_timestamp_hton (es->ep_start),
114 0 : .expire = GNUNET_TIME_timestamp_hton (es->ep_expire),
115 0 : .end = GNUNET_TIME_timestamp_hton (es->ep_end),
116 : .signkey_pub = es->exchange_pub
117 : };
118 :
119 0 : if (GNUNET_TIME_absolute_is_future (es->ep_start.abs_time) ||
120 0 : GNUNET_TIME_absolute_is_past (es->ep_expire.abs_time) )
121 : {
122 : /* Signing key expired */
123 0 : TALER_LOG_WARNING ("Expired exchange signing key\n");
124 0 : return TALER_MHD_reply_with_error (connection,
125 : MHD_HTTP_FORBIDDEN,
126 : TALER_EC_AUDITOR_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
127 : "master signature expired");
128 : }
129 :
130 : /* check our cache */
131 0 : GNUNET_CRYPTO_hash (&skv,
132 : sizeof (skv),
133 : &h);
134 0 : GNUNET_assert (0 == pthread_mutex_lock (&lock));
135 0 : cached = GNUNET_CONTAINER_multihashmap_get (cache,
136 : &h);
137 0 : GNUNET_assert (0 == pthread_mutex_unlock (&lock));
138 0 : if (GNUNET_SYSERR ==
139 0 : TAH_plugin->preflight (TAH_plugin->cls))
140 : {
141 0 : GNUNET_break (0);
142 0 : return TALER_MHD_reply_with_error (connection,
143 : MHD_HTTP_INTERNAL_SERVER_ERROR,
144 : TALER_EC_GENERIC_DB_SETUP_FAILED,
145 : NULL);
146 : }
147 0 : if (NULL == cached)
148 : {
149 : /* Not in cache, need to verify the signature, persist it, and possibly cache it */
150 0 : if (GNUNET_OK !=
151 0 : TALER_exchange_offline_signkey_validity_verify (
152 : &es->exchange_pub,
153 : es->ep_start,
154 : es->ep_expire,
155 : es->ep_end,
156 : &es->master_public_key,
157 : &es->master_sig))
158 : {
159 0 : TALER_LOG_WARNING ("Invalid signature on exchange signing key\n");
160 0 : return TALER_MHD_reply_with_error (connection,
161 : MHD_HTTP_FORBIDDEN,
162 : TALER_EC_AUDITOR_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
163 : "master signature invalid");
164 : }
165 :
166 : /* execute transaction */
167 0 : qs = TAH_plugin->insert_exchange_signkey (TAH_plugin->cls,
168 : es);
169 0 : if (0 > qs)
170 : {
171 0 : GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
172 0 : TALER_LOG_WARNING ("Failed to store exchange signing key in database\n");
173 0 : return TALER_MHD_reply_with_error (connection,
174 : MHD_HTTP_INTERNAL_SERVER_ERROR,
175 : TALER_EC_GENERIC_DB_STORE_FAILED,
176 : "exchange signing key");
177 : }
178 0 : cached = "verified";
179 : }
180 :
181 0 : if (0 == strcmp (cached,
182 : "verified"))
183 : {
184 : struct TALER_MasterSignatureP master_sig;
185 :
186 : /* check for revocation */
187 0 : qs = TAH_eplugin->lookup_signkey_revocation (TAH_eplugin->cls,
188 : &es->exchange_pub,
189 : &master_sig);
190 0 : if (0 > qs)
191 : {
192 0 : GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
193 0 : TALER_LOG_WARNING (
194 : "Failed to check for signing key revocation in database\n");
195 0 : return TALER_MHD_reply_with_error (connection,
196 : MHD_HTTP_INTERNAL_SERVER_ERROR,
197 : TALER_EC_GENERIC_DB_FETCH_FAILED,
198 : "exchange signing key revocation");
199 : }
200 0 : if (0 < qs)
201 0 : cached = "revoked";
202 : }
203 :
204 : /* Cache it, due to concurreny it might already be in the cache,
205 : so we do not cache it twice but also don't insist on the 'put' to
206 : succeed. */
207 0 : GNUNET_assert (0 == pthread_mutex_lock (&lock));
208 0 : (void) GNUNET_CONTAINER_multihashmap_put (cache,
209 : &h,
210 : (void *) cached,
211 : GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
212 0 : GNUNET_assert (0 == pthread_mutex_unlock (&lock));
213 :
214 0 : if (0 == strcmp (cached,
215 : "revoked"))
216 : {
217 0 : TALER_LOG_WARNING (
218 : "Invalid signature on /deposit-confirmation request: key was revoked\n");
219 0 : return TALER_MHD_reply_with_error (connection,
220 : MHD_HTTP_GONE,
221 : TALER_EC_AUDITOR_EXCHANGE_SIGNING_KEY_REVOKED,
222 : "exchange signing key was revoked");
223 : }
224 :
225 : /* check deposit confirmation signature */
226 0 : if (GNUNET_OK !=
227 0 : TALER_exchange_online_deposit_confirmation_verify (
228 : &dc->h_contract_terms,
229 : &dc->h_wire,
230 : NULL /* h_extensions! */,
231 : dc->exchange_timestamp,
232 : dc->wire_deadline,
233 : dc->refund_deadline,
234 : &dc->amount_without_fee,
235 : &dc->coin_pub,
236 : &dc->merchant,
237 : &dc->exchange_pub,
238 : &dc->exchange_sig))
239 : {
240 0 : TALER_LOG_WARNING (
241 : "Invalid signature on /deposit-confirmation request\n");
242 0 : return TALER_MHD_reply_with_error (connection,
243 : MHD_HTTP_FORBIDDEN,
244 : TALER_EC_AUDITOR_DEPOSIT_CONFIRMATION_SIGNATURE_INVALID,
245 : "exchange signature invalid");
246 : }
247 :
248 : /* execute transaction */
249 0 : qs = TAH_plugin->insert_deposit_confirmation (TAH_plugin->cls,
250 : dc);
251 0 : if (0 > qs)
252 : {
253 0 : GNUNET_break (GNUNET_DB_STATUS_HARD_ERROR == qs);
254 0 : TALER_LOG_WARNING ("Failed to store /deposit-confirmation in database\n");
255 0 : return TALER_MHD_reply_with_error (connection,
256 : MHD_HTTP_INTERNAL_SERVER_ERROR,
257 : TALER_EC_GENERIC_DB_STORE_FAILED,
258 : "deposit confirmation");
259 : }
260 0 : return TALER_MHD_REPLY_JSON_PACK (connection,
261 : MHD_HTTP_OK,
262 : GNUNET_JSON_pack_string ("status",
263 : "DEPOSIT_CONFIRMATION_OK"));
264 : }
265 :
266 :
267 : MHD_RESULT
268 0 : TAH_DEPOSIT_CONFIRMATION_handler (struct TAH_RequestHandler *rh,
269 : struct MHD_Connection *connection,
270 : void **connection_cls,
271 : const char *upload_data,
272 : size_t *upload_data_size)
273 : {
274 : struct TALER_AUDITORDB_DepositConfirmation dc;
275 : struct TALER_AUDITORDB_ExchangeSigningKey es;
276 : struct GNUNET_JSON_Specification spec[] = {
277 0 : GNUNET_JSON_spec_fixed_auto ("h_contract_terms",
278 : &dc.h_contract_terms),
279 0 : GNUNET_JSON_spec_fixed_auto ("h_extensions",
280 : &dc.h_extensions),
281 0 : GNUNET_JSON_spec_fixed_auto ("h_wire",
282 : &dc.h_wire),
283 0 : GNUNET_JSON_spec_timestamp ("exchange_timestamp",
284 : &dc.exchange_timestamp),
285 0 : GNUNET_JSON_spec_timestamp ("refund_deadline",
286 : &dc.refund_deadline),
287 0 : GNUNET_JSON_spec_timestamp ("wire_deadline",
288 : &dc.wire_deadline),
289 0 : TALER_JSON_spec_amount ("amount_without_fee",
290 : TAH_currency,
291 : &dc.amount_without_fee),
292 0 : GNUNET_JSON_spec_fixed_auto ("coin_pub",
293 : &dc.coin_pub),
294 0 : GNUNET_JSON_spec_fixed_auto ("merchant_pub",
295 : &dc.merchant),
296 0 : GNUNET_JSON_spec_fixed_auto ("exchange_sig",
297 : &dc.exchange_sig),
298 0 : GNUNET_JSON_spec_fixed_auto ("exchange_pub",
299 : &dc.exchange_pub),
300 0 : GNUNET_JSON_spec_fixed_auto ("master_pub",
301 : &es.master_public_key),
302 0 : GNUNET_JSON_spec_timestamp ("ep_start",
303 : &es.ep_start),
304 0 : GNUNET_JSON_spec_timestamp ("ep_expire",
305 : &es.ep_expire),
306 0 : GNUNET_JSON_spec_timestamp ("ep_end",
307 : &es.ep_end),
308 0 : GNUNET_JSON_spec_fixed_auto ("master_sig",
309 : &es.master_sig),
310 0 : GNUNET_JSON_spec_end ()
311 : };
312 :
313 : (void) rh;
314 : (void) connection_cls;
315 : (void) upload_data;
316 : (void) upload_data_size;
317 : {
318 : json_t *json;
319 : enum GNUNET_GenericReturnValue res;
320 :
321 0 : res = TALER_MHD_parse_post_json (connection,
322 : connection_cls,
323 : upload_data,
324 : upload_data_size,
325 : &json);
326 0 : if (GNUNET_SYSERR == res)
327 0 : return MHD_NO;
328 0 : if ( (GNUNET_NO == res) ||
329 0 : (NULL == json) )
330 0 : return MHD_YES;
331 0 : res = TALER_MHD_parse_json_data (connection,
332 : json,
333 : spec);
334 0 : json_decref (json);
335 0 : if (GNUNET_SYSERR == res)
336 0 : return MHD_NO; /* hard failure */
337 0 : if (GNUNET_NO == res)
338 0 : return MHD_YES; /* failure */
339 : }
340 :
341 0 : es.exchange_pub = dc.exchange_pub; /* used twice! */
342 0 : dc.master_public_key = es.master_public_key;
343 : {
344 : MHD_RESULT res;
345 :
346 0 : res = verify_and_execute_deposit_confirmation (connection,
347 : &dc,
348 : &es);
349 0 : GNUNET_JSON_parse_free (spec);
350 0 : return res;
351 : }
352 : }
353 :
354 :
355 : void
356 0 : TEAH_DEPOSIT_CONFIRMATION_init (void)
357 : {
358 0 : cache = GNUNET_CONTAINER_multihashmap_create (32,
359 : GNUNET_NO);
360 0 : GNUNET_assert (0 == pthread_mutex_init (&lock, NULL));
361 0 : }
362 :
363 :
364 : void
365 0 : TEAH_DEPOSIT_CONFIRMATION_done (void)
366 : {
367 0 : if (NULL != cache)
368 : {
369 0 : GNUNET_CONTAINER_multihashmap_destroy (cache);
370 0 : cache = NULL;
371 0 : GNUNET_assert (0 == pthread_mutex_destroy (&lock));
372 : }
373 0 : }
374 :
375 :
376 : /* end of taler-auditor-httpd_deposit-confirmation.c */
|
