19 func AddKeys(d []byte) (err error) {
20 entities, err := openpgp.ReadArmoredKeyRing(bytes.NewBuffer(d))
24 // TODO: allow multiple key uploads at once?
25 if len(entities) > 100 {
26 err = fmt.Errorf("expected at most 100 keys; got %d", len(entities))
29 for _, e := range entities {
30 // TODO: various checks..
31 b := new(bytes.Buffer)
36 fpr := fmt.Sprintf("%040X", e.PrimaryKey.Fingerprint)
37 err = db.Set("key", fpr, b.Bytes())
41 err = db.Append("fprlist/64", fpr[len(fpr)-16:], []byte(fpr))
45 err = db.Append("fprlist/32", fpr[len(fpr)-8:], []byte(fpr))
53 func CertByDraft(draftid string) (d []byte, err error) {
54 certid, err := db.Get("certid/debit", draftid)
56 // TODO: we have the draft but the cert is not ready
59 d, err = db.Get("cert", string(certid))
61 // shouldn't happen, cert is not available
67 func CertByDebitCert(debitid string) (d []byte, err error) {
68 creditid, err := db.Get("certid/credit", debitid)
70 // TODO: we have the debit cert but the credit cert is not ready
73 d, err = db.Get("cert", string(creditid))
75 // shouldn't happen, cert is not available
81 // parse clear signed draft and verify it
82 func ParseDraft(d []byte) (draft *document.Draft, draftid string, err error) {
83 iv, signed, err := document.Parse(d)
87 draft, ok := iv.(*document.Draft)
89 err = fmt.Errorf("ParseDraft: expected a draft docuent")
92 draftid = document.Id(signed)
94 k, err := db.Get("key", draft.Drawer)
98 kr, err := openpgp.ReadKeyRing(bytes.NewBuffer(k))
100 // internal error: pubkey cannot be parsed
103 cleaned, err = document.Verify(signed, kr)
107 // TODO: verify issuer
108 _, err = db.Get("key", draft.Beneficiary)
113 // TODO: do various format checks (AuthorizedBy check etc)
114 if draft.Amount <= 0 || draft.Amount >= IntLimit {
115 err = fmt.Errorf("draft amount is invalid: %d", draft.Amount)
121 func ParseDebitCert(d []byte) (cert *document.DebitCert, certid string, err error) {
122 iv, signed, err := document.Parse(d)
126 cert, ok := iv.(*document.DebitCert)
128 err = fmt.Errorf("ParseDebitCert: expected a debit docuent")
132 // TODO: keep our key at hand
133 k, err := db.Get("key", cert.AuthorizedBy)
137 kr, err := openpgp.ReadKeyRing(bytes.NewBuffer(k))
139 // internal error: pubkey cannot be parsed
142 // must clean up to make sure the hash is ok
143 cleaned, err = document.Verify(signed, kr)
148 certid = document.Id(signed)
152 func NewDebitCert(draftid string, draft *document.Draft) (*document.DebitCert, error) {
153 cert := new(document.DebitCert)
154 cert.Holder = draft.Drawer
155 cert.Date = time.Seconds()
156 cert.Denomination = "epoint"
157 cert.Issuer = draft.Issuer
158 cert.AuthorizedBy = draft.AuthorizedBy
159 cert.Difference = -draft.Amount
161 cert.Beneficiary = draft.Beneficiary
163 oid, err := db.Get("certid/last", draft.Drawer)
164 oldcertid := string(oid)
166 // first cert: drawer is issuer
167 if draft.Drawer != draft.Issuer {
168 return nil, fmt.Errorf("drawer must be the issuer when drawing an empty account")
171 cert.Balance = cert.Difference
172 cert.LastDebitSerial = 0
173 cert.LastCreditSerial = 0
175 d, err := db.Get("cert", oldcertid)
179 iv, _, err := document.Parse(d)
184 // TODO: this is a hack
185 oldcert, err := document.ToCert(iv)
186 // TODO: sanity checks? oldcert.Holder == draft.Drawer
187 cert.Serial = oldcert.Serial + 1
188 cert.Balance = oldcert.Balance + cert.Difference
189 if cert.Balance <= -IntLimit {
190 return nil, fmt.Errorf("balance limit exceeded: %d", cert.Balance)
192 if oldcert.Balance > 0 && cert.Balance < 0 {
193 return nil, fmt.Errorf("insufficient funds: %d", oldcert.Balance)
195 cert.LastDebitSerial = oldcert.LastDebitSerial
196 cert.LastCreditSerial = oldcert.LastCreditSerial
198 cert.LastDebitSerial = oldcert.Serial
200 cert.LastCreditSerial = oldcert.Serial
202 cert.LastCert = &oldcertid
207 func NewCreditCert(draftid string, draft *document.Draft, dcertid string, dcert *document.DebitCert) (*document.CreditCert, error) {
208 cert := new(document.CreditCert)
209 // TODO: get from old cert instead?
210 cert.Holder = dcert.Beneficiary
211 cert.Date = time.Seconds()
212 // TODO: get these from the cert holder pubkey
213 cert.Denomination = "epoint"
214 cert.Issuer = draft.Issuer
215 cert.AuthorizedBy = dcert.AuthorizedBy // TODO: draft vs dcert vs serverside decision
216 cert.Difference = -dcert.Difference
218 cert.Drawer = dcert.Holder
219 cert.DebitCert = dcertid
221 oid, err := db.Get("certid/last", dcert.Beneficiary)
222 oldcertid := string(oid)
224 // this is the first cert
226 cert.Balance = cert.Difference
227 cert.LastDebitSerial = 0
228 cert.LastCreditSerial = 0
230 d, err := db.Get("cert", oldcertid)
235 iv, _, err := document.Parse(d)
240 // TODO: this is a hack
241 oldcert, err := document.ToCert(iv)
246 cert.Serial = oldcert.Serial + 1
247 cert.Balance = oldcert.Balance + cert.Difference
248 if cert.Balance >= IntLimit {
249 return nil, fmt.Errorf("balance limit exceeded: %d", cert.Balance)
251 cert.LastDebitSerial = oldcert.LastDebitSerial
252 cert.LastCreditSerial = oldcert.LastCreditSerial
254 cert.LastDebitSerial = oldcert.Serial
256 cert.LastCreditSerial = oldcert.Serial
258 cert.LastCert = &oldcertid
264 func EvalDraft(d []byte, sk *openpgp.Entity) (r []byte, err error) {
265 draft, draftid, err := ParseDraft(d)
269 _, err = db.Get("draft", draftid)
272 return CertByDraft(draftid)
274 // if draft is ok we save it
275 err = db.Set("draft", draftid, d)
282 cert, err := NewDebitCert(draftid, draft)
286 r, signed, err := document.Format(cert, sk)
287 certid := document.Id(signed)
288 err = db.Set("cert", certid, r)
293 err = db.Set("certid/debit", draftid, []byte(certid))
298 err = db.Set("certid/last", cert.Holder, []byte(certid))
304 err = db.Set("certid/all", fmt.Sprintf("%s.%09d", cert.Holder, cert.Serial), []byte(certid))
312 func EvalDebitCert(d []byte, sk *openpgp.Entity) (r []byte, err error) {
313 dcert, dcertid, err := ParseDebitCert(d)
317 r, err = CertByDebitCert(dcertid)
322 // TODO: we only need the draft to know the issuer (+beneficiary)
323 // it should be in the pubkey
324 d, err = db.Get("draft", dcert.Draft)
329 iv, _, err := document.Parse(d)
334 draft, ok := iv.(*document.Draft)
337 err = fmt.Errorf("EvalDebitCert: expected draft from internal db")
342 // TODO: check pubkey etc
343 cert, err := NewCreditCert(dcert.Draft, draft, dcertid, dcert)
348 r, signed, err := document.Format(cert, sk)
353 certid := document.Id(signed)
354 err = db.Set("cert", certid, r)
359 err = db.Set("certid/credit", dcertid, []byte(certid))
364 err = db.Set("certid/last", cert.Holder, []byte(certid))
370 err = db.Set("certid/all", fmt.Sprintf("%s.%09d", cert.Holder, cert.Serial), []byte(certid))
378 func Init() (err error) {
379 db, err = store.Open("teststore")
383 err = db.Ensure("key")
387 err = db.Ensure("cert")
391 err = db.Ensure("draft")
395 err = db.Ensure("certid/credit")
399 err = db.Ensure("certid/debit")
403 err = db.Ensure("certid/last")
407 err = db.Ensure("certid/all")
411 err = db.Ensure("fprlist/64")
415 err = db.Ensure("fprlist/32")
projects / epoint / blob