LCOV - code coverage report
Current view: top level - exchange - taler-exchange-httpd_management_post_keys.c (source / functions) Hit Total Coverage
Test: GNU Taler exchange coverage report Lines: 91 159 57.2 %
Date: 2021-08-30 06:43:37 Functions: 2 2 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2020 Taler Systems SA
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU Affero General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU Affero General Public License along with
      14             :   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
      15             : */
      16             : /**
      17             :  * @file taler-exchange-httpd_management_post_keys.c
      18             :  * @brief Handle request to POST /management/keys
      19             :  * @author Christian Grothoff
      20             :  */
      21             : #include "platform.h"
      22             : #include <gnunet/gnunet_util_lib.h>
      23             : #include <gnunet/gnunet_json_lib.h>
      24             : #include <jansson.h>
      25             : #include <microhttpd.h>
      26             : #include <pthread.h>
      27             : #include "taler_json_lib.h"
      28             : #include "taler_mhd_lib.h"
      29             : #include "taler_signatures.h"
      30             : #include "taler-exchange-httpd_keys.h"
      31             : #include "taler-exchange-httpd_management.h"
      32             : #include "taler-exchange-httpd_responses.h"
      33             : 
      34             : 
      35             : /**
      36             :  * Denomination signature provided.
      37             :  */
      38             : struct DenomSig
      39             : {
      40             :   /**
      41             :    * Hash of a denomination public key.
      42             :    */
      43             :   struct GNUNET_HashCode h_denom_pub;
      44             : 
      45             :   /**
      46             :    * Master signature for the @e h_denom_pub.
      47             :    */
      48             :   struct TALER_MasterSignatureP master_sig;
      49             : 
      50             : };
      51             : 
      52             : 
      53             : /**
      54             :  * Signkey signature provided.
      55             :  */
      56             : struct SigningSig
      57             : {
      58             :   /**
      59             :    * Online signing key of the exchange.
      60             :    */
      61             :   struct TALER_ExchangePublicKeyP exchange_pub;
      62             : 
      63             :   /**
      64             :    * Master signature for the @e exchange_pub.
      65             :    */
      66             :   struct TALER_MasterSignatureP master_sig;
      67             : 
      68             : };
      69             : 
      70             : 
      71             : /**
      72             :  * Closure for the #add_keys transaction.
      73             :  */
      74             : struct AddKeysContext
      75             : {
      76             : 
      77             :   /**
      78             :    * Array of @e nd_sigs denomination signatures.
      79             :    */
      80             :   struct DenomSig *d_sigs;
      81             : 
      82             :   /**
      83             :    * Array of @e ns_sigs signkey signatures.
      84             :    */
      85             :   struct SigningSig *s_sigs;
      86             : 
      87             :   /**
      88             :    * Length of the d_sigs array.
      89             :    */
      90             :   unsigned int nd_sigs;
      91             : 
      92             :   /**
      93             :    * Length of the n_sigs array.
      94             :    */
      95             :   unsigned int ns_sigs;
      96             : 
      97             : };
      98             : 
      99             : 
     100             : /**
     101             :  * Function implementing database transaction to add offline signing keys.
     102             :  * Runs the transaction logic; IF it returns a non-error code, the transaction
     103             :  * logic MUST NOT queue a MHD response.  IF it returns an hard error, the
     104             :  * transaction logic MUST queue a MHD response and set @a mhd_ret.  IF it
     105             :  * returns the soft error code, the function MAY be called again to retry and
     106             :  * MUST not queue a MHD response.
     107             :  *
     108             :  * @param cls closure with a `struct AddKeysContext`
     109             :  * @param connection MHD request which triggered the transaction
     110             :  * @param[out] mhd_ret set to MHD response status for @a connection,
     111             :  *             if transaction failed (!)
     112             :  * @return transaction status
     113             :  */
     114             : static enum GNUNET_DB_QueryStatus
     115           8 : add_keys (void *cls,
     116             :           struct MHD_Connection *connection,
     117             :           MHD_RESULT *mhd_ret)
     118             : {
     119           8 :   struct AddKeysContext *akc = cls;
     120             : 
     121             :   /* activate all denomination keys */
     122         124 :   for (unsigned int i = 0; i<akc->nd_sigs; i++)
     123             :   {
     124             :     enum GNUNET_DB_QueryStatus qs;
     125         116 :     bool is_active = false;
     126             :     struct TALER_EXCHANGEDB_DenominationKeyMetaData meta;
     127             :     struct TALER_DenominationPublicKey denom_pub;
     128             : 
     129             :     /* For idempotency, check if the key is already active */
     130         116 :     qs = TEH_plugin->lookup_denomination_key (
     131         116 :       TEH_plugin->cls,
     132         116 :       &akc->d_sigs[i].h_denom_pub,
     133             :       &meta);
     134         116 :     if (qs < 0)
     135             :     {
     136           0 :       if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
     137           0 :         return qs;
     138           0 :       GNUNET_break (0);
     139           0 :       *mhd_ret = TALER_MHD_reply_with_error (connection,
     140             :                                              MHD_HTTP_INTERNAL_SERVER_ERROR,
     141             :                                              TALER_EC_GENERIC_DB_FETCH_FAILED,
     142             :                                              "lookup denomination key");
     143           0 :       return qs;
     144             :     }
     145         116 :     if (0 == qs)
     146             :     {
     147             :       enum GNUNET_GenericReturnValue rv;
     148             : 
     149         116 :       rv = TEH_keys_load_fees (&akc->d_sigs[i].h_denom_pub,
     150             :                                &denom_pub,
     151             :                                &meta);
     152         116 :       switch (rv)
     153             :       {
     154           0 :       case GNUNET_SYSERR:
     155           0 :         *mhd_ret = TALER_MHD_reply_with_error (
     156             :           connection,
     157             :           MHD_HTTP_INTERNAL_SERVER_ERROR,
     158             :           TALER_EC_EXCHANGE_GENERIC_BAD_CONFIGURATION,
     159           0 :           GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
     160           0 :         return GNUNET_DB_STATUS_HARD_ERROR;
     161           0 :       case GNUNET_NO:
     162           0 :         *mhd_ret = TALER_MHD_reply_with_error (
     163             :           connection,
     164             :           MHD_HTTP_NOT_FOUND,
     165             :           TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN,
     166           0 :           GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
     167           0 :         return GNUNET_DB_STATUS_HARD_ERROR;
     168         116 :       case GNUNET_OK:
     169         116 :         break;
     170             :       }
     171         116 :     }
     172             :     else
     173             :     {
     174           0 :       is_active = true;
     175             :     }
     176             : 
     177             :     /* check signature is valid */
     178             :     {
     179         116 :       if (GNUNET_OK !=
     180         116 :           TALER_exchange_offline_denom_validity_verify (
     181         116 :             &akc->d_sigs[i].h_denom_pub,
     182             :             meta.start,
     183             :             meta.expire_withdraw,
     184             :             meta.expire_deposit,
     185             :             meta.expire_legal,
     186             :             &meta.value,
     187             :             &meta.fee_withdraw,
     188             :             &meta.fee_deposit,
     189             :             &meta.fee_refresh,
     190             :             &meta.fee_refund,
     191             :             &TEH_master_public_key,
     192         116 :             &akc->d_sigs[i].master_sig))
     193             :       {
     194           0 :         GNUNET_break_op (0);
     195           0 :         *mhd_ret = TALER_MHD_reply_with_error (
     196             :           connection,
     197             :           MHD_HTTP_FORBIDDEN,
     198             :           TALER_EC_EXCHANGE_MANAGEMENT_KEYS_DENOMKEY_ADD_SIGNATURE_INVALID,
     199           0 :           GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
     200           0 :         return GNUNET_DB_STATUS_HARD_ERROR;
     201             :       }
     202             :     }
     203         116 :     if (is_active)
     204           0 :       continue; /* skip, already known */
     205         116 :     qs = TEH_plugin->add_denomination_key (
     206         116 :       TEH_plugin->cls,
     207         116 :       &akc->d_sigs[i].h_denom_pub,
     208             :       &denom_pub,
     209             :       &meta,
     210         116 :       &akc->d_sigs[i].master_sig);
     211         116 :     GNUNET_CRYPTO_rsa_public_key_free (denom_pub.rsa_public_key);
     212         116 :     if (qs < 0)
     213             :     {
     214           0 :       if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
     215           0 :         return qs;
     216           0 :       GNUNET_break (0);
     217           0 :       *mhd_ret = TALER_MHD_reply_with_error (connection,
     218             :                                              MHD_HTTP_INTERNAL_SERVER_ERROR,
     219             :                                              TALER_EC_GENERIC_DB_STORE_FAILED,
     220             :                                              "activate denomination key");
     221           0 :       return qs;
     222             :     }
     223         116 :     GNUNET_log (GNUNET_ERROR_TYPE_INFO,
     224             :                 "Added offline signature for denomination `%s'\n",
     225             :                 GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
     226         116 :     GNUNET_assert (0 != qs);
     227             :   }
     228             : 
     229             : 
     230          22 :   for (unsigned int i = 0; i<akc->ns_sigs; i++)
     231             :   {
     232             :     enum GNUNET_DB_QueryStatus qs;
     233          14 :     bool is_active = false;
     234             :     struct TALER_EXCHANGEDB_SignkeyMetaData meta;
     235             : 
     236          14 :     qs = TEH_plugin->lookup_signing_key (
     237          14 :       TEH_plugin->cls,
     238          14 :       &akc->s_sigs[i].exchange_pub,
     239             :       &meta);
     240          14 :     if (qs < 0)
     241             :     {
     242           0 :       if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
     243           0 :         return qs;
     244           0 :       GNUNET_break (0);
     245           0 :       *mhd_ret = TALER_MHD_reply_with_error (connection,
     246             :                                              MHD_HTTP_INTERNAL_SERVER_ERROR,
     247             :                                              TALER_EC_GENERIC_DB_FETCH_FAILED,
     248             :                                              "lookup signing key");
     249           0 :       return qs;
     250             :     }
     251          14 :     if (0 == qs)
     252             :     {
     253          14 :       if (GNUNET_OK !=
     254          14 :           TEH_keys_get_timing (&akc->s_sigs[i].exchange_pub,
     255             :                                &meta))
     256             :       {
     257             :         /* For idempotency, check if the key is already active */
     258           0 :         *mhd_ret = TALER_MHD_reply_with_error (
     259             :           connection,
     260             :           MHD_HTTP_NOT_FOUND,
     261             :           TALER_EC_EXCHANGE_MANAGEMENT_KEYS_SIGNKEY_UNKNOWN,
     262           0 :           TALER_B2S (&akc->s_sigs[i].exchange_pub));
     263           0 :         return GNUNET_DB_STATUS_HARD_ERROR;
     264             :       }
     265             :     }
     266             :     else
     267             :     {
     268           0 :       is_active = true; /* if we pass, it's active! */
     269             :     }
     270             : 
     271             :     /* check signature is valid */
     272             :     {
     273          14 :       if (GNUNET_OK !=
     274          14 :           TALER_exchange_offline_signkey_validity_verify (
     275          14 :             &akc->s_sigs[i].exchange_pub,
     276             :             meta.start,
     277             :             meta.expire_sign,
     278             :             meta.expire_legal,
     279             :             &TEH_master_public_key,
     280          14 :             &akc->s_sigs[i].master_sig))
     281             :       {
     282           0 :         GNUNET_break_op (0);
     283           0 :         *mhd_ret = TALER_MHD_reply_with_error (
     284             :           connection,
     285             :           MHD_HTTP_FORBIDDEN,
     286             :           TALER_EC_EXCHANGE_MANAGEMENT_KEYS_SIGNKEY_ADD_SIGNATURE_INVALID,
     287           0 :           GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
     288           0 :         return GNUNET_DB_STATUS_HARD_ERROR;
     289             :       }
     290             :     }
     291          14 :     if (is_active)
     292           0 :       continue; /* skip, already known */
     293          14 :     qs = TEH_plugin->activate_signing_key (
     294          14 :       TEH_plugin->cls,
     295          14 :       &akc->s_sigs[i].exchange_pub,
     296             :       &meta,
     297          14 :       &akc->s_sigs[i].master_sig);
     298          14 :     if (qs < 0)
     299             :     {
     300           0 :       if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
     301           0 :         return qs;
     302           0 :       GNUNET_break (0);
     303           0 :       *mhd_ret = TALER_MHD_reply_with_error (connection,
     304             :                                              MHD_HTTP_INTERNAL_SERVER_ERROR,
     305             :                                              TALER_EC_GENERIC_DB_STORE_FAILED,
     306             :                                              "activate signing key");
     307           0 :       return qs;
     308             :     }
     309          14 :     GNUNET_log (GNUNET_ERROR_TYPE_INFO,
     310             :                 "Added offline signature for signing key `%s'\n",
     311             :                 TALER_B2S (&akc->s_sigs[i].exchange_pub));
     312          14 :     GNUNET_assert (0 != qs);
     313             :   }
     314           8 :   return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; /* only 'success', so >=0, matters here */
     315             : }
     316             : 
     317             : 
     318             : MHD_RESULT
     319           8 : TEH_handler_management_post_keys (
     320             :   struct MHD_Connection *connection,
     321             :   const json_t *root)
     322             : {
     323             :   struct AddKeysContext akc;
     324             :   json_t *denom_sigs;
     325             :   json_t *signkey_sigs;
     326             :   struct GNUNET_JSON_Specification spec[] = {
     327           8 :     GNUNET_JSON_spec_json ("denom_sigs",
     328             :                            &denom_sigs),
     329           8 :     GNUNET_JSON_spec_json ("signkey_sigs",
     330             :                            &signkey_sigs),
     331           8 :     GNUNET_JSON_spec_end ()
     332             :   };
     333             :   bool ok;
     334             :   MHD_RESULT ret;
     335             : 
     336             :   {
     337             :     enum GNUNET_GenericReturnValue res;
     338             : 
     339           8 :     res = TALER_MHD_parse_json_data (connection,
     340             :                                      root,
     341             :                                      spec);
     342           8 :     if (GNUNET_SYSERR == res)
     343           0 :       return MHD_NO; /* hard failure */
     344           8 :     if (GNUNET_NO == res)
     345           0 :       return MHD_YES; /* failure */
     346             :   }
     347           8 :   if (! (json_is_array (denom_sigs) &&
     348           8 :          json_is_array (signkey_sigs)) )
     349             :   {
     350           0 :     GNUNET_break_op (0);
     351           0 :     GNUNET_JSON_parse_free (spec);
     352           0 :     return TALER_MHD_reply_with_error (
     353             :       connection,
     354             :       MHD_HTTP_BAD_REQUEST,
     355             :       TALER_EC_GENERIC_PARAMETER_MALFORMED,
     356             :       "array expected for denom_sigs and signkey_sigs");
     357             :   }
     358           8 :   akc.nd_sigs = json_array_size (denom_sigs);
     359           8 :   akc.d_sigs = GNUNET_new_array (akc.nd_sigs,
     360             :                                  struct DenomSig);
     361           8 :   ok = true;
     362         124 :   for (unsigned int i = 0; i<akc.nd_sigs; i++)
     363             :   {
     364         116 :     struct DenomSig *d = &akc.d_sigs[i];
     365             :     struct GNUNET_JSON_Specification ispec[] = {
     366         116 :       GNUNET_JSON_spec_fixed_auto ("master_sig",
     367             :                                    &d->master_sig),
     368         116 :       GNUNET_JSON_spec_fixed_auto ("h_denom_pub",
     369             :                                    &d->h_denom_pub),
     370         116 :       GNUNET_JSON_spec_end ()
     371             :     };
     372             :     enum GNUNET_GenericReturnValue res;
     373             : 
     374         116 :     res = TALER_MHD_parse_json_data (connection,
     375         116 :                                      json_array_get (denom_sigs,
     376             :                                                      i),
     377             :                                      ispec);
     378         116 :     if (GNUNET_SYSERR == res)
     379             :     {
     380           0 :       ret = MHD_NO; /* hard failure */
     381           0 :       ok = false;
     382           0 :       break;
     383             :     }
     384         116 :     if (GNUNET_NO == res)
     385             :     {
     386           0 :       ret = MHD_YES;
     387           0 :       ok = false;
     388           0 :       break;
     389             :     }
     390             :   }
     391           8 :   if (! ok)
     392             :   {
     393           0 :     GNUNET_free (akc.d_sigs);
     394           0 :     GNUNET_JSON_parse_free (spec);
     395           0 :     return ret;
     396             :   }
     397           8 :   akc.ns_sigs = json_array_size (signkey_sigs);
     398           8 :   akc.s_sigs = GNUNET_new_array (akc.ns_sigs,
     399             :                                  struct SigningSig);
     400          22 :   for (unsigned int i = 0; i<akc.ns_sigs; i++)
     401             :   {
     402          14 :     struct SigningSig *s = &akc.s_sigs[i];
     403             :     struct GNUNET_JSON_Specification ispec[] = {
     404          14 :       GNUNET_JSON_spec_fixed_auto ("master_sig",
     405             :                                    &s->master_sig),
     406          14 :       GNUNET_JSON_spec_fixed_auto ("exchange_pub",
     407             :                                    &s->exchange_pub),
     408          14 :       GNUNET_JSON_spec_end ()
     409             :     };
     410             :     enum GNUNET_GenericReturnValue res;
     411             : 
     412          14 :     res = TALER_MHD_parse_json_data (connection,
     413          14 :                                      json_array_get (signkey_sigs,
     414             :                                                      i),
     415             :                                      ispec);
     416          14 :     if (GNUNET_SYSERR == res)
     417             :     {
     418           0 :       ret = MHD_NO; /* hard failure */
     419           0 :       ok = false;
     420           0 :       break;
     421             :     }
     422          14 :     if (GNUNET_NO == res)
     423             :     {
     424           0 :       ret = MHD_YES;
     425           0 :       ok = false;
     426           0 :       break;
     427             :     }
     428             :   }
     429           8 :   if (! ok)
     430             :   {
     431           0 :     GNUNET_free (akc.d_sigs);
     432           0 :     GNUNET_free (akc.s_sigs);
     433           0 :     GNUNET_JSON_parse_free (spec);
     434           0 :     return ret;
     435             :   }
     436           8 :   GNUNET_log (GNUNET_ERROR_TYPE_INFO,
     437             :               "Received %u denomination and %u signing key signatures\n",
     438             :               akc.nd_sigs,
     439             :               akc.ns_sigs);
     440             :   {
     441             :     enum GNUNET_GenericReturnValue res;
     442             : 
     443           8 :     res = TEH_DB_run_transaction (connection,
     444             :                                   "add keys",
     445             :                                   &ret,
     446             :                                   &add_keys,
     447             :                                   &akc);
     448           8 :     GNUNET_free (akc.d_sigs);
     449           8 :     GNUNET_free (akc.s_sigs);
     450           8 :     GNUNET_JSON_parse_free (spec);
     451           8 :     if (GNUNET_SYSERR == res)
     452           0 :       return ret;
     453             :   }
     454           8 :   TEH_keys_update_states ();
     455           8 :   return TALER_MHD_reply_static (
     456             :     connection,
     457             :     MHD_HTTP_NO_CONTENT,
     458             :     NULL,
     459             :     NULL,
     460             :     0);
     461             : }
     462             : 
     463             : 
     464             : /* end of taler-exchange-httpd_management_management_post_keys.c */

Generated by: LCOV version 1.14