19 // transaction: either draft or debit cert
27 signed *document.Signed
29 debit *document.DebitCert
34 var serverkey *openpgp.Entity
35 var newchan chan *work
36 var delchan chan *work
38 type worklist struct {
43 func pushwork(ws *worklist, w *work) {
53 func popwork(ws *worklist) *work {
65 func setserverkey(e *openpgp.Entity) (err error) {
71 d, err := key.Format(e)
75 err = db.Set("key", key.Id(e), d)
79 err = db.Set("", "serverkey", d)
83 func GetKeys(fpr string) (es openpgp.EntityList, err error) {
84 b, err := db.Get("key", fpr)
88 es, err = openpgp.ReadKeyRing(bytes.NewBuffer(b))
90 // internal error: pubkey cannot be parsed
96 func AddKeys(d []byte) (err error) {
97 entities, err := openpgp.ReadArmoredKeyRing(bytes.NewBuffer(d))
101 // TODO: allow multiple key uploads at once?
102 if len(entities) > 100 {
103 err = fmt.Errorf("expected at most 100 keys; got %d", len(entities))
106 for _, e := range entities {
107 // TODO: various checks..
108 // TODO: collect errors instead of aborting addkeys
109 isIssuer, issuer, denom, err1 := key.Check(e)
115 es, err1 := GetKeys(issuer)
120 ok, _, den, err1 := key.Check(es[0])
126 if !ok || den != denom {
127 err = fmt.Errorf("Issuer key check failed")
131 b := new(bytes.Buffer)
137 err = db.Insert("key", fpr, b.Bytes())
141 err = db.Append("keysby/64", fpr[len(fpr)-16:], []byte(fpr))
145 err = db.Append("keysby/32", fpr[len(fpr)-8:], []byte(fpr))
153 // Get cert through the named store
154 func GetCert(name, id string) (d []byte, err error) {
155 certid, err := db.Get(name, id)
160 d, err = db.Get("cert", string(certid))
162 // internal error: cert is not available
168 func EvalDraft(d []byte) (c []byte, err error) {
169 iv, signed, err := document.Parse(d)
173 draft, ok := iv.(*document.Draft)
175 err = fmt.Errorf("EvalDraft: expected a draft document")
178 k, err := db.Get("key", draft.Drawer)
183 kr, err := openpgp.ReadKeyRing(bytes.NewBuffer(k))
185 // internal error: pubkey cannot be parsed
188 err = document.Verify(signed, kr)
192 // _, issuer, denom, err := key.Check(kr[0])
196 // TODO: do various format checks (AuthorizedBy check etc)
197 if draft.Amount <= 0 || draft.Amount >= IntLimit {
198 err = fmt.Errorf("draft amount is invalid: %d", draft.Amount)
201 k, err = db.Get("key", draft.Beneficiary)
205 kr, err = openpgp.ReadKeyRing(bytes.NewBuffer(k))
207 // internal error: pubkey cannot be parsed
210 return addDraft(d, signed, draft)
213 func EvalDebitCert(d []byte) (c []byte, err error) {
214 iv, signed, err := document.Parse(d)
218 cert, ok := iv.(*document.DebitCert)
220 err = fmt.Errorf("ParseDebitCert: expected a debit docuent")
224 kr := openpgp.EntityList{serverkey}
225 if key.Id(serverkey) != cert.AuthorizedBy {
228 k, err = db.Get("key", cert.AuthorizedBy)
232 kr, err = openpgp.ReadKeyRing(bytes.NewBuffer(k))
234 // internal error: pubkey cannot be parsed
238 // must clean up to make sure the hash is ok
239 err = document.Verify(signed, kr)
243 return addDebit(d, signed, cert)
246 func addDraft(d []byte, signed *document.Signed, draft *document.Draft) (c []byte, err error) {
248 w.docid = document.Id(signed)
249 w.account = fmt.Sprintf("%s.%s", draft.Drawer, draft.Issuer)
253 w.sync = make(chan int)
254 log.Printf("add draft work: %s", w.account)
260 func addDebit(d []byte, signed *document.Signed, cert *document.DebitCert) (c []byte, err error) {
262 w.docid = document.Id(signed)
263 w.account = fmt.Sprintf("%s.%s", cert.Beneficiary, cert.Issuer)
267 w.sync = make(chan int)
268 log.Printf("add debit work: %s", w.account)
275 log.Printf("start dispatch")
276 works := make(map[string]*worklist)
280 log.Printf("queue work: %s", w.account)
281 ws := works[w.account]
283 // TODO: unnecessary alloc
284 works[w.account] = new(worklist)
290 log.Printf("unqueue work: %s", w.account)
291 ws := works[w.account]
294 delete(works, w.account)
302 func handle(w *work) {
303 log.Printf("start work: %s", w.account)
305 w.out, w.err = handleDebit(w)
306 } else if w.draft != nil {
307 w.out, w.err = handleDraft(w)
311 log.Printf("finish work: %s outlen: %d, errtype: %T", w.account, len(w.out), w.err)
316 func handleDraft(w *work) (c []byte, err error) {
317 nonce := fmt.Sprintf("%s.%s", w.account, w.draft.Nonce)
318 oldid, err := db.Get("draftby/key.issuer.nonce", nonce)
320 if string(oldid) != w.docid {
321 err = fmt.Errorf("draft nonce is not unique (see draft %s)", oldid)
323 c, err = GetCert("certby/draft", w.docid)
326 } else if _, ok := err.(store.NotFoundError); !ok {
330 err = db.Begin(w.docid)
334 err = db.Set("draft", w.docid, w.in)
338 err = db.Set("draftby/key.issuer.nonce", nonce, []byte(w.docid))
342 cert, err := newDebitCert(w)
344 // probably client error
348 c, signed, err := document.Format(cert, serverkey)
352 certid := document.Id(signed)
353 err = db.Set("cert", certid, c)
358 err = db.Set("certby/draft", w.docid, []byte(certid))
364 err = db.Set("certby/key.issuer.serial", fmt.Sprintf("%s.%09d", w.account, cert.Serial), []byte(certid))
369 err = db.Set("certby/key.issuer", w.account, []byte(certid))
374 // TODO: run journal cleanup in case of client errors
375 err = db.End(w.docid)
379 func handleDebit(w *work) (c []byte, err error) {
380 c, err = GetCert("certby/debit", w.docid)
383 } else if _, ok := err.(store.NotFoundError); !ok {
387 err = db.Begin(w.docid)
391 err = db.Set("cert", w.docid, w.in)
395 // TODO: check pubkey etc
396 cert, err := newCreditCert(w)
401 c, signed, err := document.Format(cert, serverkey)
406 certid := document.Id(signed)
407 err = db.Set("cert", certid, c)
412 err = db.Set("certby/debit", w.docid, []byte(certid))
418 err = db.Set("certby/key.issuer.serial", fmt.Sprintf("%s.%09d", w.account, cert.Serial), []byte(certid))
423 err = db.Set("certby/key.issuer", w.account, []byte(certid))
432 func newDebitCert(w *work) (*document.DebitCert, error) {
433 cert := new(document.DebitCert)
434 cert.Holder = w.draft.Drawer
435 cert.Date = time.Now().Unix()
436 cert.Denomination = "epoint"
437 cert.Issuer = w.draft.Issuer
438 cert.AuthorizedBy = w.draft.AuthorizedBy
439 cert.Difference = -w.draft.Amount
441 cert.Beneficiary = w.draft.Beneficiary
443 oid, err := db.Get("certby/key.issuer", w.account)
444 oldcertid := string(oid)
446 // first cert: drawer is issuer
447 if w.draft.Drawer != w.draft.Issuer {
448 return nil, fmt.Errorf("drawer must be the issuer when drawing an empty account (%s != %s)", w.draft.Drawer, w.draft.Issuer)
451 cert.Balance = cert.Difference
452 cert.LastDebitSerial = 0
453 cert.LastCreditSerial = 0
455 d, err := db.Get("cert", oldcertid)
459 iv, _, err := document.Parse(d)
464 // TODO: this is a hack
465 oldcert, err := document.ToCert(iv)
470 // TODO: sanity checks? oldcert.Holder == draft.Drawer
471 cert.Serial = oldcert.Serial + 1
472 cert.Balance = oldcert.Balance + cert.Difference
473 if cert.Balance <= -IntLimit {
474 return nil, fmt.Errorf("balance limit exceeded: %d", cert.Balance)
476 if oldcert.Balance > 0 && cert.Balance < 0 {
477 return nil, fmt.Errorf("insufficient funds: %d", oldcert.Balance)
479 cert.LastDebitSerial = oldcert.LastDebitSerial
480 cert.LastCreditSerial = oldcert.LastCreditSerial
481 if _, ok := iv.(*document.DebitCert); ok {
482 cert.LastDebitSerial = oldcert.Serial
484 cert.LastCreditSerial = oldcert.Serial
486 cert.LastCert = &oldcertid
491 func newCreditCert(w *work) (*document.CreditCert, error) {
492 cert := new(document.CreditCert)
493 // TODO: get from old cert instead?
494 cert.Holder = w.debit.Beneficiary
495 cert.Date = time.Now().Unix()
496 // TODO: get these from the cert holder pubkey
497 cert.Denomination = "epoint"
498 cert.Issuer = w.debit.Issuer
499 cert.AuthorizedBy = w.debit.AuthorizedBy // TODO: draft vs dcert vs serverside decision
500 cert.Difference = -w.debit.Difference
501 cert.Draft = w.debit.Draft
502 cert.Drawer = w.debit.Holder
503 cert.DebitCert = w.docid
505 oid, err := db.Get("certby/key.issuer", w.account)
506 oldcertid := string(oid)
508 if _, ok := err.(store.NotFoundError); !ok {
512 // this is the first cert
514 cert.Balance = cert.Difference
515 cert.LastDebitSerial = 0
516 cert.LastCreditSerial = 0
518 d, err := db.Get("cert", oldcertid)
523 iv, _, err := document.Parse(d)
528 // TODO: this is a hack
529 oldcert, err := document.ToCert(iv)
534 cert.Serial = oldcert.Serial + 1
535 cert.Balance = oldcert.Balance + cert.Difference
536 if cert.Balance >= IntLimit {
537 return nil, fmt.Errorf("balance limit exceeded: %d", cert.Balance)
539 cert.LastDebitSerial = oldcert.LastDebitSerial
540 cert.LastCreditSerial = oldcert.LastCreditSerial
541 if _, ok := iv.(*document.DebitCert); ok {
542 cert.LastDebitSerial = oldcert.Serial
544 cert.LastCreditSerial = oldcert.Serial
546 cert.LastCert = &oldcertid
551 func Init(rootdir string, sk *openpgp.Entity) (err error) {
552 db, err = store.Open(rootdir)
556 err = db.Ensure("key")
560 err = db.Ensure("cert")
564 err = db.Ensure("draft")
568 err = db.Ensure("certby/draft")
572 err = db.Ensure("certby/debit")
576 err = db.Ensure("certby/key.issuer")
580 err = db.Ensure("certby/key.issuer.serial")
584 err = db.Ensure("draftby/key.issuer.nonce")
588 err = db.Ensure("keysby/64")
592 err = db.Ensure("keysby/32")
596 err = setserverkey(sk)
600 newchan = make(chan *work)
601 delchan = make(chan *work)
projects / epoint / blob