commit fcfadeebc4409dac2fa2e090538b15676fa00ec7
parent b8ec6db023d99022003bbd17094c043bfe74d4b5
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 30 Jun 2026 22:47:51 +0200
load age mask when showing denomination keys to ensure hash matches
Diffstat:
1 file changed, 58 insertions(+), 57 deletions(-)
diff --git a/src/exchange-tools/taler-exchange-offline.c b/src/exchange-tools/taler-exchange-offline.c
@@ -4275,6 +4275,63 @@ show_signkeys (const struct TALER_SecurityModulePublicKeyP *secm_pub,
/**
+ * Looks up the AGE_RESTRICTED setting for a denomination in the config and
+ * returns the age restriction (mask) accordingly.
+ *
+ * @param section_name Section in the configuration for the particular
+ * denomination.
+ */
+static struct TALER_AgeMask
+load_age_mask (const char *section_name)
+{
+ static const struct TALER_AgeMask null_mask = {0};
+ enum GNUNET_GenericReturnValue ret;
+
+ if (GNUNET_YES !=
+ GNUNET_CONFIGURATION_get_value_yesno (kcfg,
+ "exchange",
+ "AGE_RESTRICTION_ENABLED"))
+ return null_mask;
+
+ if (GNUNET_OK != (GNUNET_CONFIGURATION_have_value (
+ kcfg,
+ section_name,
+ "AGE_RESTRICTED")))
+ return null_mask;
+
+ ret = GNUNET_CONFIGURATION_get_value_yesno (kcfg,
+ section_name,
+ "AGE_RESTRICTED");
+ if (GNUNET_SYSERR == ret)
+ GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
+ section_name,
+ "AGE_RESTRICTED",
+ "Value must be YES or NO\n");
+ if (GNUNET_YES == ret)
+ {
+ char *groups = NULL;
+ struct TALER_AgeMask mask = {0};
+
+ if (GNUNET_OK !=
+ GNUNET_CONFIGURATION_get_value_string (kcfg,
+ "exchange",
+ "AGE_GROUPS",
+ &groups))
+ groups = GNUNET_strdup ("8:10:12:14:16:18:21");
+ if (GNUNET_OK ==
+ TALER_parse_age_group_string (groups, &mask))
+ {
+ GNUNET_free (groups);
+ return mask;
+ }
+ GNUNET_free (groups);
+ }
+
+ return null_mask;
+}
+
+
+/**
* Output @a denomkeys for human consumption.
*
* @param secm_pub_rsa security module public key used to sign the RSA denominations
@@ -4351,6 +4408,7 @@ show_denomkeys (const struct TALER_SecurityModulePublicKeyP *secm_pub_rsa,
duration = GNUNET_TIME_absolute_get_difference (
stamp_start.abs_time,
stamp_expire_withdraw.abs_time);
+ denom_pub.age_mask = load_age_mask (section_name);
TALER_denom_pub_hash (&denom_pub,
&h_denom_pub);
switch (denom_pub.bsign_pub_key->cipher)
@@ -4713,63 +4771,6 @@ sign_signkeys (const struct TALER_SecurityModulePublicKeyP *secm_pub,
/**
- * Looks up the AGE_RESTRICTED setting for a denomination in the config and
- * returns the age restriction (mask) accordingly.
- *
- * @param section_name Section in the configuration for the particular
- * denomination.
- */
-static struct TALER_AgeMask
-load_age_mask (const char*section_name)
-{
- static const struct TALER_AgeMask null_mask = {0};
- enum GNUNET_GenericReturnValue ret;
-
- if (GNUNET_YES !=
- GNUNET_CONFIGURATION_get_value_yesno (kcfg,
- "exchange",
- "AGE_RESTRICTION_ENABLED"))
- return null_mask;
-
- if (GNUNET_OK != (GNUNET_CONFIGURATION_have_value (
- kcfg,
- section_name,
- "AGE_RESTRICTED")))
- return null_mask;
-
- ret = GNUNET_CONFIGURATION_get_value_yesno (kcfg,
- section_name,
- "AGE_RESTRICTED");
- if (GNUNET_SYSERR == ret)
- GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
- section_name,
- "AGE_RESTRICTED",
- "Value must be YES or NO\n");
- if (GNUNET_YES == ret)
- {
- char *groups = NULL;
- struct TALER_AgeMask mask = {0};
-
- if (GNUNET_OK !=
- GNUNET_CONFIGURATION_get_value_string (kcfg,
- "exchange",
- "AGE_GROUPS",
- &groups))
- groups = GNUNET_strdup ("8:10:12:14:16:18:21");
- if (GNUNET_OK ==
- TALER_parse_age_group_string (groups, &mask))
- {
- GNUNET_free (groups);
- return mask;
- }
- GNUNET_free (groups);
- }
-
- return null_mask;
-}
-
-
-/**
* Sign @a denomkeys with offline key.
*
* @param secm_pub_rsa security module public key used to sign the RSA denominations