19 // transaction: either draft or debit cert
27 signed *document.Signed
29 debit *document.DebitCert
34 var serverkey *openpgp.Entity
35 var newchan chan *work
36 var delchan chan *work
38 type worklist struct {
43 func pushwork(ws *worklist, w *work) {
53 func popwork(ws *worklist) *work {
65 func setserverkey(e *openpgp.Entity) (err error) {
71 d, err := key.Format(e)
75 err = db.Set("key", key.Id(e), d)
79 err = db.Set("", "serverkey", d)
83 func GetKeys(fpr string) (es openpgp.EntityList, err error) {
84 b, err := db.Get("key", fpr)
88 es, err = openpgp.ReadKeyRing(bytes.NewBuffer(b))
90 // internal error: pubkey cannot be parsed
96 func AddKeys(d []byte) (err error) {
97 entities, err := openpgp.ReadArmoredKeyRing(bytes.NewBuffer(d))
101 // TODO: allow multiple key uploads at once?
102 if len(entities) > 100 {
103 err = fmt.Errorf("expected at most 100 keys; got %d", len(entities))
106 for _, e := range entities {
107 // TODO: various checks..
108 // TODO: collect errors instead of aborting addkeys
109 isIssuer, issuer, denom, err1 := key.Check(e)
115 es, err1 := GetKeys(issuer)
120 ok, _, den, err1 := key.Check(es[0])
126 if !ok || den != denom {
127 err = fmt.Errorf("Issuer key check failed")
131 b := new(bytes.Buffer)
137 err = db.Insert("key", fpr, b.Bytes())
141 err = db.Append("keysby/64", fpr[len(fpr)-16:], []byte(fpr))
145 err = db.Append("keysby/32", fpr[len(fpr)-8:], []byte(fpr))
153 // Get cert through the named store
154 func GetCert(name, id string) (d []byte, err error) {
155 certid, err := db.Get(name, id)
160 d, err = db.Get("cert", string(certid))
162 // internal error: cert is not available
168 func EvalDraft(d []byte) (c []byte, err error) {
169 iv, signed, err := document.Parse(d)
173 draft, ok := iv.(*document.Draft)
175 err = fmt.Errorf("EvalDraft: expected a draft document")
178 k, err := db.Get("key", draft.Drawer)
183 kr, err := openpgp.ReadKeyRing(bytes.NewBuffer(k))
185 // internal error: pubkey cannot be parsed
188 err = document.Verify(signed, kr)
192 // _, issuer, denom, err := key.Check(kr[0])
196 // TODO: do various format checks (AuthorizedBy check etc)
197 if draft.Amount <= 0 || draft.Amount >= IntLimit {
198 err = fmt.Errorf("draft amount is invalid: %d", draft.Amount)
201 k, err = db.Get("key", draft.Beneficiary)
205 kr, err = openpgp.ReadKeyRing(bytes.NewBuffer(k))
207 // internal error: pubkey cannot be parsed
210 return addDraft(d, signed, draft)
213 func EvalDebitCert(d []byte) (c []byte, err error) {
214 iv, signed, err := document.Parse(d)
218 cert, ok := iv.(*document.DebitCert)
220 err = fmt.Errorf("ParseDebitCert: expected a debit docuent")
224 kr := openpgp.EntityList{serverkey}
225 if key.Id(serverkey) != cert.AuthorizedBy {
228 k, err = db.Get("key", cert.AuthorizedBy)
232 kr, err = openpgp.ReadKeyRing(bytes.NewBuffer(k))
234 // internal error: pubkey cannot be parsed
238 // must clean up to make sure the hash is ok
239 err = document.Verify(signed, kr)
243 return addDebit(d, signed, cert)
246 func addDraft(d []byte, signed *document.Signed, draft *document.Draft) (c []byte, err error) {
248 w.docid = document.Id(signed)
249 w.account = fmt.Sprintf("%s.%s", draft.Drawer, draft.Issuer)
253 w.sync = make(chan int)
254 log.Printf("add draft work: %s", w.account)
260 func addDebit(d []byte, signed *document.Signed, cert *document.DebitCert) (c []byte, err error) {
262 w.docid = document.Id(signed)
263 w.account = fmt.Sprintf("%s.%s", cert.Holder, cert.Issuer)
267 w.sync = make(chan int)
268 log.Printf("add debit work: %s", w.account)
275 log.Printf("start dispatch")
276 works := make(map[string]*worklist)
280 log.Printf("queue work: %s", w.account)
281 ws := works[w.account]
283 // TODO: unnecessary alloc
284 works[w.account] = new(worklist)
290 log.Printf("unqueue work: %s", w.account)
291 ws := works[w.account]
294 delete(works, w.account)
302 func handle(w *work) {
303 log.Printf("start work: %s", w.account)
306 } else if w.draft != nil {
311 log.Printf("finish work: %s outlen: %d, errtype: %T", w.account, len(w.out), w.err)
316 func handleDraft(w *work) {
317 nonce := fmt.Sprintf("%s.%s", w.account, w.draft.Nonce)
318 oldid, err := db.Get("draftby/key.issuer.nonce", nonce)
320 if string(oldid) != w.docid {
321 w.err = fmt.Errorf("draft nonce is not unique (see draft %s)", oldid)
323 w.out, w.err = GetCert("certby/draft", w.docid)
326 } else if _, ok := err.(store.NotFoundError); !ok {
331 err = db.Begin(w.docid)
336 err = db.Set("draft", w.docid, w.in)
341 err = db.Set("draftby/key.issuer.nonce", nonce, []byte(w.docid))
346 cert, err := newDebitCert(w)
348 // probably client error
352 c, signed, err := document.Format(cert, serverkey)
357 certid := document.Id(signed)
358 err = db.Set("cert", certid, c)
363 err = db.Set("certby/draft", w.docid, []byte(certid))
369 err = db.Set("certby/key.issuer.serial", fmt.Sprintf("%s.%09d", w.account, cert.Serial), []byte(certid))
374 err = db.Set("certby/key.issuer", w.account, []byte(certid))
379 // TODO: run journal cleanup in case of client errors
380 err = db.End(w.docid)
384 func handleDebit(w *work) {
385 c, err := GetCert("certby/debit", w.docid)
389 } else if _, ok := err.(store.NotFoundError); !ok {
394 err = db.Begin(w.docid)
399 err = db.Set("cert", w.docid, w.in)
404 // TODO: check pubkey etc
405 cert, err := newCreditCert(w)
410 c, signed, err := document.Format(cert, serverkey)
416 certid := document.Id(signed)
417 err = db.Set("cert", certid, c)
422 err = db.Set("certby/debit", w.docid, []byte(certid))
428 err = db.Set("certby/key.issuer.serial", fmt.Sprintf("%s.%09d", w.account, cert.Serial), []byte(certid))
433 err = db.Set("certby/key.issuer", w.account, []byte(certid))
442 func newDebitCert(w *work) (*document.DebitCert, error) {
443 cert := new(document.DebitCert)
444 cert.Holder = w.draft.Drawer
445 cert.Date = time.Now().Unix()
446 cert.Denomination = "epoint"
447 cert.Issuer = w.draft.Issuer
448 cert.AuthorizedBy = w.draft.AuthorizedBy
449 cert.Difference = -w.draft.Amount
451 cert.Beneficiary = w.draft.Beneficiary
453 oid, err := db.Get("certby/key.issuer", w.account)
454 oldcertid := string(oid)
456 // first cert: drawer is issuer
457 if w.draft.Drawer != w.draft.Issuer {
458 return nil, fmt.Errorf("drawer must be the issuer when drawing an empty account (%s != %s)", w.draft.Drawer, w.draft.Issuer)
461 cert.Balance = cert.Difference
462 cert.LastDebitSerial = 0
463 cert.LastCreditSerial = 0
465 d, err := db.Get("cert", oldcertid)
469 iv, _, err := document.Parse(d)
474 // TODO: this is a hack
475 oldcert, err := document.ToCert(iv)
480 // TODO: sanity checks? oldcert.Holder == draft.Drawer
481 cert.Serial = oldcert.Serial + 1
482 cert.Balance = oldcert.Balance + cert.Difference
483 if cert.Balance <= -IntLimit {
484 return nil, fmt.Errorf("balance limit exceeded: %d", cert.Balance)
486 if oldcert.Balance > 0 && cert.Balance < 0 {
487 return nil, fmt.Errorf("insufficient funds: %d", oldcert.Balance)
489 cert.LastDebitSerial = oldcert.LastDebitSerial
490 cert.LastCreditSerial = oldcert.LastCreditSerial
491 if _, ok := iv.(*document.DebitCert); ok {
492 cert.LastDebitSerial = oldcert.Serial
494 cert.LastCreditSerial = oldcert.Serial
496 cert.LastCert = &oldcertid
501 func newCreditCert(w *work) (*document.CreditCert, error) {
502 cert := new(document.CreditCert)
503 // TODO: get from old cert instead?
504 cert.Holder = w.debit.Beneficiary
505 cert.Date = time.Now().Unix()
506 // TODO: get these from the cert holder pubkey
507 cert.Denomination = "epoint"
508 cert.Issuer = w.debit.Issuer
509 cert.AuthorizedBy = w.debit.AuthorizedBy // TODO: draft vs dcert vs serverside decision
510 cert.Difference = -w.debit.Difference
511 cert.Draft = w.debit.Draft
512 cert.Drawer = w.debit.Holder
513 cert.DebitCert = w.docid
515 oid, err := db.Get("certby/key", w.debit.Beneficiary)
516 oldcertid := string(oid)
518 // this is the first cert
520 cert.Balance = cert.Difference
521 cert.LastDebitSerial = 0
522 cert.LastCreditSerial = 0
524 d, err := db.Get("cert", oldcertid)
529 iv, _, err := document.Parse(d)
534 // TODO: this is a hack
535 oldcert, err := document.ToCert(iv)
540 cert.Serial = oldcert.Serial + 1
541 cert.Balance = oldcert.Balance + cert.Difference
542 if cert.Balance >= IntLimit {
543 return nil, fmt.Errorf("balance limit exceeded: %d", cert.Balance)
545 cert.LastDebitSerial = oldcert.LastDebitSerial
546 cert.LastCreditSerial = oldcert.LastCreditSerial
547 if _, ok := iv.(*document.DebitCert); ok {
548 cert.LastDebitSerial = oldcert.Serial
550 cert.LastCreditSerial = oldcert.Serial
552 cert.LastCert = &oldcertid
557 func Init(rootdir string, sk *openpgp.Entity) (err error) {
558 db, err = store.Open(rootdir)
562 err = db.Ensure("key")
566 err = db.Ensure("cert")
570 err = db.Ensure("draft")
574 err = db.Ensure("certby/draft")
578 err = db.Ensure("certby/debit")
582 err = db.Ensure("certby/key.issuer")
586 err = db.Ensure("certby/key.issuer.serial")
590 err = db.Ensure("draftby/key.issuer.nonce")
594 err = db.Ensure("keysby/64")
598 err = db.Ensure("keysby/32")
602 err = setserverkey(sk)
606 newchan = make(chan *work)
607 delchan = make(chan *work)
projects / epoint / blob