[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] 243/277: implement signature verification on pay respon
|
From: |
gnunet |
|
Subject: |
[taler-merchant] 243/277: implement signature verification on pay response |
|
Date: |
Sun, 05 Jul 2020 20:52:36 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository merchant.
commit f8c01f4b46a8391f3196889e5df7f8ebdfb6475d
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Tue Jun 23 11:00:23 2020 +0200
implement signature verification on pay response
---
src/lib/merchant_api_post_order_pay.c | 85 ++++++++++++++++++++++++++++++-----
1 file changed, 75 insertions(+), 10 deletions(-)
diff --git a/src/lib/merchant_api_post_order_pay.c
b/src/lib/merchant_api_post_order_pay.c
index 650211c..477c3a3 100644
--- a/src/lib/merchant_api_post_order_pay.c
+++ b/src/lib/merchant_api_post_order_pay.c
@@ -77,11 +77,29 @@ struct TALER_MERCHANT_OrderPayHandle
*/
struct TALER_MERCHANT_PaidCoin *coins;
+ /**
+ * Hash of the contract we are paying, set
+ * if @e am_wallet is true.
+ */
+ struct GNUNET_HashCode h_contract_terms;
+
+ /**
+ * Public key of the merchant (instance) being paid, set
+ * if @e am_wallet is true.
+ */
+ struct TALER_MerchantPublicKeyP merchant_pub;
+
/**
* Number of @e coins we are paying with.
*/
unsigned int num_coins;
+ /**
+ * Set to true if this is the wallet API and we have
+ * initialized @e h_contract_terms and @e merchant_pub.
+ */
+ bool am_wallet;
+
};
@@ -234,8 +252,45 @@ handle_pay_finished (void *cls,
hr.ec = TALER_EC_INVALID_RESPONSE;
break;
case MHD_HTTP_OK:
- // FIXME: should verify 'sig' from merchant here!
- // FIXME: probably should return merchant signature to callback!
+ if (oph->am_wallet)
+ {
+ /* Here we can (and should) verify the merchant's signature */
+ struct PaymentResponsePS pr = {
+ .purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_PAYMENT_OK),
+ .purpose.size = htonl (sizeof (pr)),
+ .h_contract_terms = oph->h_contract_terms
+ };
+ struct TALER_MerchantSignatureP merchant_sig;
+ struct GNUNET_JSON_Specification spec[] = {
+ GNUNET_JSON_spec_fixed_auto ("sig",
+ &merchant_sig),
+ GNUNET_JSON_spec_end ()
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_JSON_parse (json,
+ spec,
+ NULL, NULL))
+ {
+ GNUNET_break_op (0);
+ hr.ec = TALER_EC_INVALID_RESPONSE;
+ hr.http_status = 0;
+ hr.hint = "sig field missing in response";
+ break;
+ }
+
+ if (GNUNET_OK !=
+ GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_PAYMENT_OK,
+ &pr,
+ &merchant_sig.eddsa_sig,
+ &oph->merchant_pub.eddsa_pub))
+ {
+ GNUNET_break_op (0);
+ hr.ec = TALER_EC_INVALID_RESPONSE;
+ hr.http_status = 0;
+ hr.hint = "signature invalid";
+ }
+ }
break;
/* Tolerating Not Acceptable because sometimes
* - especially in tests - we might want to POST
@@ -623,14 +678,24 @@ TALER_MERCHANT_order_pay (struct GNUNET_CURL_Context *ctx,
p->amount_without_fee = coin->amount_without_fee;
p->exchange_url = coin->exchange_url;
}
- return TALER_MERCHANT_order_pay_frontend (ctx,
- merchant_url,
- order_id,
- session_id,
- num_coins,
- pc,
- pay_cb,
- pay_cb_cls);
+ {
+ struct TALER_MERCHANT_OrderPayHandle *oph;
+
+ oph = TALER_MERCHANT_order_pay_frontend (ctx,
+ merchant_url,
+ order_id,
+ session_id,
+ num_coins,
+ pc,
+ pay_cb,
+ pay_cb_cls);
+ if (NULL == oph)
+ return NULL;
+ oph->h_contract_terms = *h_contract_terms;
+ oph->merchant_pub = *merchant_pub;
+ oph->am_wallet = true;
+ return oph;
+ }
}
}
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-merchant] 226/277: naive tests for the family of GET order(s) methods, (continued)
- [taler-merchant] 226/277: naive tests for the family of GET order(s) methods, gnunet, 2020/07/05
- [taler-merchant] 230/277: add amount checks, gnunet, 2020/07/05
- [taler-merchant] 232/277: 413 limits, gnunet, 2020/07/05
- [taler-merchant] 233/277: improved backenddb tests, gnunet, 2020/07/05
- [taler-merchant] 234/277: add missing notifications to private-get-orders long poller, gnunet, 2020/07/05
- [taler-merchant] 229/277: finish taler-merchant-httpd_reserves implementation, gnunet, 2020/07/05
- [taler-merchant] 235/277: Merge branch 'protocolV1' of git+ssh://git.taler.net/merchant into protocolV1, gnunet, 2020/07/05
- [taler-merchant] 240/277: Merge branch 'protocolV1' of ssh://git.taler.net/merchant into protocolV1, gnunet, 2020/07/05
- [taler-merchant] 238/277: return active-status of reserves from backenddb (fixes FIXMEs), gnunet, 2020/07/05
- [taler-merchant] 236/277: deeper checks for GET /private/instances/, gnunet, 2020/07/05
- [taler-merchant] 243/277: implement signature verification on pay response,
gnunet <=
- [taler-merchant] 209/277: DCE, gnunet, 2020/07/05
- [taler-merchant] 199/277: insert missing functions (unimplemented), gnunet, 2020/07/05
- [taler-merchant] 202/277: work on missing functions, gnunet, 2020/07/05
- [taler-merchant] 206/277: more backenddb tests, gnunet, 2020/07/05
- [taler-merchant] 207/277: test DELETE /private/reserves/, gnunet, 2020/07/05
- [taler-merchant] 210/277: fix #5957, gnunet, 2020/07/05
- [taler-merchant] 220/277: test for GET /private/reserves, gnunet, 2020/07/05
- [taler-merchant] 222/277: fix/test for POST tips//pickup, gnunet, 2020/07/05
- [taler-merchant] 225/277: stricter tests for query reserve(s) methods, gnunet, 2020/07/05
- [taler-merchant] 228/277: start with reserve processing logic, gnunet, 2020/07/05