[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: ensure /keys is regenerated when
From: |
gnunet |
Subject: |
[taler-exchange] branch master updated: ensure /keys is regenerated when signing keys used expire |
Date: |
Sat, 26 Jun 2021 15:07:02 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
The following commit(s) were added to refs/heads/master by this push:
new 34b0b166 ensure /keys is regenerated when signing keys used expire
34b0b166 is described below
commit 34b0b1666d7cb41778cb498895939a8a06fefad0
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Jun 26 15:07:00 2021 +0200
ensure /keys is regenerated when signing keys used expire
---
src/exchange/taler-exchange-httpd_keys.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/exchange/taler-exchange-httpd_keys.c
b/src/exchange/taler-exchange-httpd_keys.c
index 37c1fcfc..fc38c7ac 100644
--- a/src/exchange/taler-exchange-httpd_keys.c
+++ b/src/exchange/taler-exchange-httpd_keys.c
@@ -293,6 +293,12 @@ struct TEH_KeyStateHandle
*/
struct GNUNET_TIME_Absolute next_reload;
+ /**
+ * When does our online signing key expire and we
+ * thus need to re-generate this response?
+ */
+ struct GNUNET_TIME_Absolute signature_expires;
+
/**
* True if #finish_keys_response() was not yet run and this key state
* is only suitable for the /management/keys API.
@@ -1392,6 +1398,15 @@ create_krd (struct TEH_KeyStateHandle *ksh,
return GNUNET_SYSERR;
}
}
+ {
+ const struct SigningKey *sk;
+
+ sk = GNUNET_CONTAINER_multipeermap_get (
+ ksh->signkey_map,
+ (const struct GNUNET_PeerIdentity *) &exchange_pub);
+ ksh->signature_expires = GNUNET_TIME_absolute_min (sk->meta.expire_sign,
+ ksh->signature_expires);
+ }
keys = json_pack (
"{s:s, s:s, s:o, s:o, s:O, s:O,"
@@ -1631,6 +1646,7 @@ build_key_state (struct HelperState *hs,
enum GNUNET_DB_QueryStatus qs;
ksh = GNUNET_new (struct TEH_KeyStateHandle);
+ ksh->signature_expires = GNUNET_TIME_UNIT_FOREVER_ABS;
ksh->reload_time = GNUNET_TIME_absolute_get ();
GNUNET_TIME_round_abs (&ksh->reload_time);
/* We must use the key_generation from when we STARTED the process! */
@@ -1757,7 +1773,9 @@ get_key_state (bool management_only)
}
return ksh;
}
- if (old_ksh->key_generation < key_generation)
+ if ( (old_ksh->key_generation < key_generation) ||
+ (0 == GNUNET_TIME_absolute_get_remaining (
+ old_ksh->signature_expires).rel_value_us) )
{
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Rebuilding /keys, generation upgrade from %llu to %llu\n",
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-exchange] branch master updated: ensure /keys is regenerated when signing keys used expire,
gnunet <=