[taler-exchange] branch master updated: ensure /keys is regenerated when

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-exchange] branch master updated: ensure /keys is regenerated when

From:	gnunet
Subject:	[taler-exchange] branch master updated: ensure /keys is regenerated when signing keys used expire
Date:	Sat, 26 Jun 2021 15:07:02 +0200

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new 34b0b166 ensure /keys is regenerated when signing keys used expire
34b0b166 is described below

commit 34b0b1666d7cb41778cb498895939a8a06fefad0
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Jun 26 15:07:00 2021 +0200

    ensure /keys is regenerated when signing keys used expire
---
 src/exchange/taler-exchange-httpd_keys.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/exchange/taler-exchange-httpd_keys.c 
b/src/exchange/taler-exchange-httpd_keys.c
index 37c1fcfc..fc38c7ac 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -293,6 +293,12 @@ struct TEH_KeyStateHandle
    */
   struct GNUNET_TIME_Absolute next_reload;
 
+  /**
+   * When does our online signing key expire and we
+   * thus need to re-generate this response?
+   */
+  struct GNUNET_TIME_Absolute signature_expires;
+
   /**
    * True if #finish_keys_response() was not yet run and this key state
    * is only suitable for the /management/keys API.
@@ -1392,6 +1398,15 @@ create_krd (struct TEH_KeyStateHandle *ksh,
       return GNUNET_SYSERR;
     }
   }
+  {
+    const struct SigningKey *sk;
+
+    sk = GNUNET_CONTAINER_multipeermap_get (
+      ksh->signkey_map,
+      (const struct GNUNET_PeerIdentity *) &exchange_pub);
+    ksh->signature_expires = GNUNET_TIME_absolute_min (sk->meta.expire_sign,
+                                                       ksh->signature_expires);
+  }
 
   keys = json_pack (
     "{s:s, s:s, s:o, s:o, s:O, s:O,"
@@ -1631,6 +1646,7 @@ build_key_state (struct HelperState *hs,
   enum GNUNET_DB_QueryStatus qs;
 
   ksh = GNUNET_new (struct TEH_KeyStateHandle);
+  ksh->signature_expires = GNUNET_TIME_UNIT_FOREVER_ABS;
   ksh->reload_time = GNUNET_TIME_absolute_get ();
   GNUNET_TIME_round_abs (&ksh->reload_time);
   /* We must use the key_generation from when we STARTED the process! */
@@ -1757,7 +1773,9 @@ get_key_state (bool management_only)
     }
     return ksh;
   }
-  if (old_ksh->key_generation < key_generation)
+  if ( (old_ksh->key_generation < key_generation) ||
+       (0 == GNUNET_TIME_absolute_get_remaining (
+          old_ksh->signature_expires).rel_value_us) )
   {
     GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
                 "Rebuilding /keys, generation upgrade from %llu to %llu\n",

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.

[Prev in Thread]

Current Thread

[Next in Thread]

[taler-exchange] branch master updated: ensure /keys is regenerated when signing keys used expire, gnunet <=

Prev by Date: [taler-exchange] branch master updated: flush /keys responses if set of auditors changes
Next by Date: [lsd0004] branch master updated: add addressing
Previous by thread: [taler-exchange] branch master updated: flush /keys responses if set of auditors changes
Next by thread: [lsd0004] branch master updated: add addressing
Index(es):
- Date
- Thread