Line data Source code
1 : /*
2 : This file is part of TALER
3 : Copyright (C) 2020 Taler Systems SA
4 :
5 : TALER is free software; you can redistribute it and/or modify it under the
6 : terms of the GNU Affero General Public License as published by the Free Software
7 : Foundation; either version 3, or (at your option) any later version.
8 :
9 : TALER is distributed in the hope that it will be useful, but WITHOUT ANY
10 : WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
11 : A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
12 :
13 : You should have received a copy of the GNU Affero General Public License along with
14 : TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
15 : */
16 : /**
17 : * @file taler-exchange-httpd_management_post_keys.c
18 : * @brief Handle request to POST /management/keys
19 : * @author Christian Grothoff
20 : */
21 : #include "platform.h"
22 : #include <gnunet/gnunet_util_lib.h>
23 : #include <gnunet/gnunet_json_lib.h>
24 : #include <jansson.h>
25 : #include <microhttpd.h>
26 : #include <pthread.h>
27 : #include "taler_json_lib.h"
28 : #include "taler_mhd_lib.h"
29 : #include "taler_signatures.h"
30 : #include "taler-exchange-httpd_keys.h"
31 : #include "taler-exchange-httpd_management.h"
32 : #include "taler-exchange-httpd_responses.h"
33 :
34 :
35 : /**
36 : * Denomination signature provided.
37 : */
38 : struct DenomSig
39 : {
40 : /**
41 : * Hash of a denomination public key.
42 : */
43 : struct GNUNET_HashCode h_denom_pub;
44 :
45 : /**
46 : * Master signature for the @e h_denom_pub.
47 : */
48 : struct TALER_MasterSignatureP master_sig;
49 :
50 : };
51 :
52 :
53 : /**
54 : * Signkey signature provided.
55 : */
56 : struct SigningSig
57 : {
58 : /**
59 : * Online signing key of the exchange.
60 : */
61 : struct TALER_ExchangePublicKeyP exchange_pub;
62 :
63 : /**
64 : * Master signature for the @e exchange_pub.
65 : */
66 : struct TALER_MasterSignatureP master_sig;
67 :
68 : };
69 :
70 :
71 : /**
72 : * Closure for the #add_keys transaction.
73 : */
74 : struct AddKeysContext
75 : {
76 :
77 : /**
78 : * Array of @e nd_sigs denomination signatures.
79 : */
80 : struct DenomSig *d_sigs;
81 :
82 : /**
83 : * Array of @e ns_sigs signkey signatures.
84 : */
85 : struct SigningSig *s_sigs;
86 :
87 : /**
88 : * Length of the d_sigs array.
89 : */
90 : unsigned int nd_sigs;
91 :
92 : /**
93 : * Length of the n_sigs array.
94 : */
95 : unsigned int ns_sigs;
96 :
97 : };
98 :
99 :
100 : /**
101 : * Function implementing database transaction to add offline signing keys.
102 : * Runs the transaction logic; IF it returns a non-error code, the transaction
103 : * logic MUST NOT queue a MHD response. IF it returns an hard error, the
104 : * transaction logic MUST queue a MHD response and set @a mhd_ret. IF it
105 : * returns the soft error code, the function MAY be called again to retry and
106 : * MUST not queue a MHD response.
107 : *
108 : * @param cls closure with a `struct AddKeysContext`
109 : * @param connection MHD request which triggered the transaction
110 : * @param[out] mhd_ret set to MHD response status for @a connection,
111 : * if transaction failed (!)
112 : * @return transaction status
113 : */
114 : static enum GNUNET_DB_QueryStatus
115 8 : add_keys (void *cls,
116 : struct MHD_Connection *connection,
117 : MHD_RESULT *mhd_ret)
118 : {
119 8 : struct AddKeysContext *akc = cls;
120 :
121 : /* activate all denomination keys */
122 124 : for (unsigned int i = 0; i<akc->nd_sigs; i++)
123 : {
124 : enum GNUNET_DB_QueryStatus qs;
125 116 : bool is_active = false;
126 : struct TALER_EXCHANGEDB_DenominationKeyMetaData meta;
127 : struct TALER_DenominationPublicKey denom_pub;
128 :
129 : /* For idempotency, check if the key is already active */
130 116 : qs = TEH_plugin->lookup_denomination_key (
131 116 : TEH_plugin->cls,
132 116 : &akc->d_sigs[i].h_denom_pub,
133 : &meta);
134 116 : if (qs < 0)
135 : {
136 0 : if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
137 0 : return qs;
138 0 : GNUNET_break (0);
139 0 : *mhd_ret = TALER_MHD_reply_with_error (connection,
140 : MHD_HTTP_INTERNAL_SERVER_ERROR,
141 : TALER_EC_GENERIC_DB_FETCH_FAILED,
142 : "lookup denomination key");
143 0 : return qs;
144 : }
145 116 : if (0 == qs)
146 : {
147 : enum GNUNET_GenericReturnValue rv;
148 :
149 116 : rv = TEH_keys_load_fees (&akc->d_sigs[i].h_denom_pub,
150 : &denom_pub,
151 : &meta);
152 116 : switch (rv)
153 : {
154 0 : case GNUNET_SYSERR:
155 0 : *mhd_ret = TALER_MHD_reply_with_error (
156 : connection,
157 : MHD_HTTP_INTERNAL_SERVER_ERROR,
158 : TALER_EC_EXCHANGE_GENERIC_BAD_CONFIGURATION,
159 0 : GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
160 0 : return GNUNET_DB_STATUS_HARD_ERROR;
161 0 : case GNUNET_NO:
162 0 : *mhd_ret = TALER_MHD_reply_with_error (
163 : connection,
164 : MHD_HTTP_NOT_FOUND,
165 : TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN,
166 0 : GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
167 0 : return GNUNET_DB_STATUS_HARD_ERROR;
168 116 : case GNUNET_OK:
169 116 : break;
170 : }
171 116 : }
172 : else
173 : {
174 0 : is_active = true;
175 : }
176 :
177 : /* check signature is valid */
178 : {
179 116 : if (GNUNET_OK !=
180 116 : TALER_exchange_offline_denom_validity_verify (
181 116 : &akc->d_sigs[i].h_denom_pub,
182 : meta.start,
183 : meta.expire_withdraw,
184 : meta.expire_deposit,
185 : meta.expire_legal,
186 : &meta.value,
187 : &meta.fee_withdraw,
188 : &meta.fee_deposit,
189 : &meta.fee_refresh,
190 : &meta.fee_refund,
191 : &TEH_master_public_key,
192 116 : &akc->d_sigs[i].master_sig))
193 : {
194 0 : GNUNET_break_op (0);
195 0 : *mhd_ret = TALER_MHD_reply_with_error (
196 : connection,
197 : MHD_HTTP_FORBIDDEN,
198 : TALER_EC_EXCHANGE_MANAGEMENT_KEYS_DENOMKEY_ADD_SIGNATURE_INVALID,
199 0 : GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
200 0 : return GNUNET_DB_STATUS_HARD_ERROR;
201 : }
202 : }
203 116 : if (is_active)
204 0 : continue; /* skip, already known */
205 116 : qs = TEH_plugin->add_denomination_key (
206 116 : TEH_plugin->cls,
207 116 : &akc->d_sigs[i].h_denom_pub,
208 : &denom_pub,
209 : &meta,
210 116 : &akc->d_sigs[i].master_sig);
211 116 : GNUNET_CRYPTO_rsa_public_key_free (denom_pub.rsa_public_key);
212 116 : if (qs < 0)
213 : {
214 0 : if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
215 0 : return qs;
216 0 : GNUNET_break (0);
217 0 : *mhd_ret = TALER_MHD_reply_with_error (connection,
218 : MHD_HTTP_INTERNAL_SERVER_ERROR,
219 : TALER_EC_GENERIC_DB_STORE_FAILED,
220 : "activate denomination key");
221 0 : return qs;
222 : }
223 116 : GNUNET_log (GNUNET_ERROR_TYPE_INFO,
224 : "Added offline signature for denomination `%s'\n",
225 : GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
226 116 : GNUNET_assert (0 != qs);
227 : }
228 :
229 :
230 22 : for (unsigned int i = 0; i<akc->ns_sigs; i++)
231 : {
232 : enum GNUNET_DB_QueryStatus qs;
233 14 : bool is_active = false;
234 : struct TALER_EXCHANGEDB_SignkeyMetaData meta;
235 :
236 14 : qs = TEH_plugin->lookup_signing_key (
237 14 : TEH_plugin->cls,
238 14 : &akc->s_sigs[i].exchange_pub,
239 : &meta);
240 14 : if (qs < 0)
241 : {
242 0 : if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
243 0 : return qs;
244 0 : GNUNET_break (0);
245 0 : *mhd_ret = TALER_MHD_reply_with_error (connection,
246 : MHD_HTTP_INTERNAL_SERVER_ERROR,
247 : TALER_EC_GENERIC_DB_FETCH_FAILED,
248 : "lookup signing key");
249 0 : return qs;
250 : }
251 14 : if (0 == qs)
252 : {
253 14 : if (GNUNET_OK !=
254 14 : TEH_keys_get_timing (&akc->s_sigs[i].exchange_pub,
255 : &meta))
256 : {
257 : /* For idempotency, check if the key is already active */
258 0 : *mhd_ret = TALER_MHD_reply_with_error (
259 : connection,
260 : MHD_HTTP_NOT_FOUND,
261 : TALER_EC_EXCHANGE_MANAGEMENT_KEYS_SIGNKEY_UNKNOWN,
262 0 : TALER_B2S (&akc->s_sigs[i].exchange_pub));
263 0 : return GNUNET_DB_STATUS_HARD_ERROR;
264 : }
265 : }
266 : else
267 : {
268 0 : is_active = true; /* if we pass, it's active! */
269 : }
270 :
271 : /* check signature is valid */
272 : {
273 14 : if (GNUNET_OK !=
274 14 : TALER_exchange_offline_signkey_validity_verify (
275 14 : &akc->s_sigs[i].exchange_pub,
276 : meta.start,
277 : meta.expire_sign,
278 : meta.expire_legal,
279 : &TEH_master_public_key,
280 14 : &akc->s_sigs[i].master_sig))
281 : {
282 0 : GNUNET_break_op (0);
283 0 : *mhd_ret = TALER_MHD_reply_with_error (
284 : connection,
285 : MHD_HTTP_FORBIDDEN,
286 : TALER_EC_EXCHANGE_MANAGEMENT_KEYS_SIGNKEY_ADD_SIGNATURE_INVALID,
287 0 : GNUNET_h2s (&akc->d_sigs[i].h_denom_pub));
288 0 : return GNUNET_DB_STATUS_HARD_ERROR;
289 : }
290 : }
291 14 : if (is_active)
292 0 : continue; /* skip, already known */
293 14 : qs = TEH_plugin->activate_signing_key (
294 14 : TEH_plugin->cls,
295 14 : &akc->s_sigs[i].exchange_pub,
296 : &meta,
297 14 : &akc->s_sigs[i].master_sig);
298 14 : if (qs < 0)
299 : {
300 0 : if (GNUNET_DB_STATUS_SOFT_ERROR == qs)
301 0 : return qs;
302 0 : GNUNET_break (0);
303 0 : *mhd_ret = TALER_MHD_reply_with_error (connection,
304 : MHD_HTTP_INTERNAL_SERVER_ERROR,
305 : TALER_EC_GENERIC_DB_STORE_FAILED,
306 : "activate signing key");
307 0 : return qs;
308 : }
309 14 : GNUNET_log (GNUNET_ERROR_TYPE_INFO,
310 : "Added offline signature for signing key `%s'\n",
311 : TALER_B2S (&akc->s_sigs[i].exchange_pub));
312 14 : GNUNET_assert (0 != qs);
313 : }
314 8 : return GNUNET_DB_STATUS_SUCCESS_ONE_RESULT; /* only 'success', so >=0, matters here */
315 : }
316 :
317 :
318 : MHD_RESULT
319 8 : TEH_handler_management_post_keys (
320 : struct MHD_Connection *connection,
321 : const json_t *root)
322 : {
323 : struct AddKeysContext akc;
324 : json_t *denom_sigs;
325 : json_t *signkey_sigs;
326 : struct GNUNET_JSON_Specification spec[] = {
327 8 : GNUNET_JSON_spec_json ("denom_sigs",
328 : &denom_sigs),
329 8 : GNUNET_JSON_spec_json ("signkey_sigs",
330 : &signkey_sigs),
331 8 : GNUNET_JSON_spec_end ()
332 : };
333 : bool ok;
334 : MHD_RESULT ret;
335 :
336 : {
337 : enum GNUNET_GenericReturnValue res;
338 :
339 8 : res = TALER_MHD_parse_json_data (connection,
340 : root,
341 : spec);
342 8 : if (GNUNET_SYSERR == res)
343 0 : return MHD_NO; /* hard failure */
344 8 : if (GNUNET_NO == res)
345 0 : return MHD_YES; /* failure */
346 : }
347 8 : if (! (json_is_array (denom_sigs) &&
348 8 : json_is_array (signkey_sigs)) )
349 : {
350 0 : GNUNET_break_op (0);
351 0 : GNUNET_JSON_parse_free (spec);
352 0 : return TALER_MHD_reply_with_error (
353 : connection,
354 : MHD_HTTP_BAD_REQUEST,
355 : TALER_EC_GENERIC_PARAMETER_MALFORMED,
356 : "array expected for denom_sigs and signkey_sigs");
357 : }
358 8 : akc.nd_sigs = json_array_size (denom_sigs);
359 8 : akc.d_sigs = GNUNET_new_array (akc.nd_sigs,
360 : struct DenomSig);
361 8 : ok = true;
362 124 : for (unsigned int i = 0; i<akc.nd_sigs; i++)
363 : {
364 116 : struct DenomSig *d = &akc.d_sigs[i];
365 : struct GNUNET_JSON_Specification ispec[] = {
366 116 : GNUNET_JSON_spec_fixed_auto ("master_sig",
367 : &d->master_sig),
368 116 : GNUNET_JSON_spec_fixed_auto ("h_denom_pub",
369 : &d->h_denom_pub),
370 116 : GNUNET_JSON_spec_end ()
371 : };
372 : enum GNUNET_GenericReturnValue res;
373 :
374 116 : res = TALER_MHD_parse_json_data (connection,
375 116 : json_array_get (denom_sigs,
376 : i),
377 : ispec);
378 116 : if (GNUNET_SYSERR == res)
379 : {
380 0 : ret = MHD_NO; /* hard failure */
381 0 : ok = false;
382 0 : break;
383 : }
384 116 : if (GNUNET_NO == res)
385 : {
386 0 : ret = MHD_YES;
387 0 : ok = false;
388 0 : break;
389 : }
390 : }
391 8 : if (! ok)
392 : {
393 0 : GNUNET_free (akc.d_sigs);
394 0 : GNUNET_JSON_parse_free (spec);
395 0 : return ret;
396 : }
397 8 : akc.ns_sigs = json_array_size (signkey_sigs);
398 8 : akc.s_sigs = GNUNET_new_array (akc.ns_sigs,
399 : struct SigningSig);
400 22 : for (unsigned int i = 0; i<akc.ns_sigs; i++)
401 : {
402 14 : struct SigningSig *s = &akc.s_sigs[i];
403 : struct GNUNET_JSON_Specification ispec[] = {
404 14 : GNUNET_JSON_spec_fixed_auto ("master_sig",
405 : &s->master_sig),
406 14 : GNUNET_JSON_spec_fixed_auto ("exchange_pub",
407 : &s->exchange_pub),
408 14 : GNUNET_JSON_spec_end ()
409 : };
410 : enum GNUNET_GenericReturnValue res;
411 :
412 14 : res = TALER_MHD_parse_json_data (connection,
413 14 : json_array_get (signkey_sigs,
414 : i),
415 : ispec);
416 14 : if (GNUNET_SYSERR == res)
417 : {
418 0 : ret = MHD_NO; /* hard failure */
419 0 : ok = false;
420 0 : break;
421 : }
422 14 : if (GNUNET_NO == res)
423 : {
424 0 : ret = MHD_YES;
425 0 : ok = false;
426 0 : break;
427 : }
428 : }
429 8 : if (! ok)
430 : {
431 0 : GNUNET_free (akc.d_sigs);
432 0 : GNUNET_free (akc.s_sigs);
433 0 : GNUNET_JSON_parse_free (spec);
434 0 : return ret;
435 : }
436 8 : GNUNET_log (GNUNET_ERROR_TYPE_INFO,
437 : "Received %u denomination and %u signing key signatures\n",
438 : akc.nd_sigs,
439 : akc.ns_sigs);
440 : {
441 : enum GNUNET_GenericReturnValue res;
442 :
443 8 : res = TEH_DB_run_transaction (connection,
444 : "add keys",
445 : &ret,
446 : &add_keys,
447 : &akc);
448 8 : GNUNET_free (akc.d_sigs);
449 8 : GNUNET_free (akc.s_sigs);
450 8 : GNUNET_JSON_parse_free (spec);
451 8 : if (GNUNET_SYSERR == res)
452 0 : return ret;
453 : }
454 8 : TEH_keys_update_states ();
455 8 : return TALER_MHD_reply_static (
456 : connection,
457 : MHD_HTTP_NO_CONTENT,
458 : NULL,
459 : NULL,
460 : 0);
461 : }
462 :
463 :
464 : /* end of taler-exchange-httpd_management_management_post_keys.c */
|
