aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSree Harsha Totakura <sreeharsha@totakura.in>2015-02-17 17:23:13 +0100
committerSree Harsha Totakura <sreeharsha@totakura.in>2015-02-17 17:29:43 +0100
commitbea425de6cbbfb054a19e0f2312c5ef00c2e1bbe (patch)
treef0c5b1b1d1a1df235555dd5ed3a1a624bd3c8886
parent2f51cd3e3ec8a439e54be154a0c5b639483fb919 (diff)
Fix #3624: Check JSON format for wire deposits (SEPA specification)
-rw-r--r--src/include/taler_json_lib.h18
-rw-r--r--src/util/Makefile.am12
-rw-r--r--src/util/json.c294
-rw-r--r--src/util/test_json_validations.c54
4 files changed, 368 insertions, 10 deletions
diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h
index 262e612cc..f0ae923f4 100644
--- a/src/include/taler_json_lib.h
+++ b/src/include/taler_json_lib.h
@@ -23,6 +23,14 @@
#include <jansson.h>
+/**
+ * Print JSON parsing related error information
+ */
+#define TALER_JSON_warn(error) \
+ GNUNET_log (GNUNET_ERROR_TYPE_WARNING, \
+ "JSON parsing failed at %s:%u: %s (%s)\n", \
+ __FILE__, __LINE__, error.text, error.source)
+
/**
* Convert a TALER amount to a JSON object.
@@ -103,6 +111,16 @@ TALER_JSON_to_data (json_t *json,
void *out,
size_t out_size);
+/**
+ * Check if the given wire format JSON object is correctly formatted
+ *
+ * @param type the type of the wire format
+ * @param wire the JSON wire format object
+ * @return 1 if correctly formatted; 0 if not
+ */
+int
+TALER_JSON_validate_wireformat (const char *type, json_t *wire);
+
#endif /* TALER_JSON_LIB_H_ */
diff --git a/src/util/Makefile.am b/src/util/Makefile.am
index a7f9fe3f7..a15d42ad8 100644
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@@ -19,3 +19,15 @@ libtalerutil_la_LIBADD = \
libtalerutil_la_LDFLAGS = \
-version-info 0:0:0 \
-export-dynamic -no-undefined
+
+TESTS=\
+ test-json-validations
+
+check_PROGRAMS=\
+ test-json-validations
+
+test_json_validations_SOURCES=test_json_validations.c
+test_json_validations_LDADD=\
+ -lgnunetutil \
+ -ljansson \
+ libtalerutil.la
diff --git a/src/util/json.c b/src/util/json.c
index 55717c5e0..02591d7bf 100644
--- a/src/util/json.c
+++ b/src/util/json.c
@@ -32,19 +32,11 @@
} while (0)
/**
- * Print JSON parsing related error information
- */
-#define WARN_JSON(error) \
- GNUNET_log (GNUNET_ERROR_TYPE_WARNING, \
- "JSON parsing failed at %s:%u: %s (%s)", \
- __FILE__, __LINE__, error.text, error.source)
-
-/**
* Shorthand for JSON parsing related exit jumps.
*/
-#define UNPACK_EXITIF(cond) \
+#define UNPACK_EXITIF(cond) \
do { \
- if (cond) { WARN_JSON(error); goto EXITIF_exit; } \
+ if (cond) { TALER_JSON_warn (error); goto EXITIF_exit; } \
} while (0)
@@ -221,4 +213,286 @@ TALER_JSON_to_data (json_t *json,
return GNUNET_SYSERR;
}
+/* Taken from GNU gettext */
+struct table_entry
+{
+ const char *code;
+ const char *english;
+};
+/* Keep the following table in sync with gettext.
+ WARNING: the entries should stay sorted according to the code */
+static const struct table_entry country_table[] =
+ {
+ { "AE", "U.A.E." },
+ { "AF", "Afghanistan" },
+ { "AL", "Albania" },
+ { "AM", "Armenia" },
+ { "AN", "Netherlands Antilles" },
+ { "AR", "Argentina" },
+ { "AT", "Austria" },
+ { "AU", "Australia" },
+ { "AZ", "Azerbaijan" },
+ { "BA", "Bosnia and Herzegovina" },
+ { "BD", "Bangladesh" },
+ { "BE", "Belgium" },
+ { "BG", "Bulgaria" },
+ { "BH", "Bahrain" },
+ { "BN", "Brunei Darussalam" },
+ { "BO", "Bolivia" },
+ { "BR", "Brazil" },
+ { "BT", "Bhutan" },
+ { "BY", "Belarus" },
+ { "BZ", "Belize" },
+ { "CA", "Canada" },
+ { "CG", "Congo" },
+ { "CH", "Switzerland" },
+ { "CI", "Cote d'Ivoire" },
+ { "CL", "Chile" },
+ { "CM", "Cameroon" },
+ { "CN", "People's Republic of China" },
+ { "CO", "Colombia" },
+ { "CR", "Costa Rica" },
+ { "CS", "Serbia and Montenegro" },
+ { "CZ", "Czech Republic" },
+ { "DE", "Germany" },
+ { "DK", "Denmark" },
+ { "DO", "Dominican Republic" },
+ { "DZ", "Algeria" },
+ { "EC", "Ecuador" },
+ { "EE", "Estonia" },
+ { "EG", "Egypt" },
+ { "ER", "Eritrea" },
+ { "ES", "Spain" },
+ { "ET", "Ethiopia" },
+ { "FI", "Finland" },
+ { "FO", "Faroe Islands" },
+ { "FR", "France" },
+ { "GB", "United Kingdom" },
+ { "GD", "Caribbean" },
+ { "GE", "Georgia" },
+ { "GL", "Greenland" },
+ { "GR", "Greece" },
+ { "GT", "Guatemala" },
+ { "HK", "Hong Kong" },
+ { "HK", "Hong Kong S.A.R." },
+ { "HN", "Honduras" },
+ { "HR", "Croatia" },
+ { "HT", "Haiti" },
+ { "HU", "Hungary" },
+ { "ID", "Indonesia" },
+ { "IE", "Ireland" },
+ { "IL", "Israel" },
+ { "IN", "India" },
+ { "IQ", "Iraq" },
+ { "IR", "Iran" },
+ { "IS", "Iceland" },
+ { "IT", "Italy" },
+ { "JM", "Jamaica" },
+ { "JO", "Jordan" },
+ { "JP", "Japan" },
+ { "KE", "Kenya" },
+ { "KG", "Kyrgyzstan" },
+ { "KH", "Cambodia" },
+ { "KR", "South Korea" },
+ { "KW", "Kuwait" },
+ { "KZ", "Kazakhstan" },
+ { "LA", "Laos" },
+ { "LB", "Lebanon" },
+ { "LI", "Liechtenstein" },
+ { "LK", "Sri Lanka" },
+ { "LT", "Lithuania" },
+ { "LU", "Luxembourg" },
+ { "LV", "Latvia" },
+ { "LY", "Libya" },
+ { "MA", "Morocco" },
+ { "MC", "Principality of Monaco" },
+ { "MD", "Moldava" },
+ { "MD", "Moldova" },
+ { "ME", "Montenegro" },
+ { "MK", "Former Yugoslav Republic of Macedonia" },
+ { "ML", "Mali" },
+ { "MM", "Myanmar" },
+ { "MN", "Mongolia" },
+ { "MO", "Macau S.A.R." },
+ { "MT", "Malta" },
+ { "MV", "Maldives" },
+ { "MX", "Mexico" },
+ { "MY", "Malaysia" },
+ { "NG", "Nigeria" },
+ { "NI", "Nicaragua" },
+ { "NL", "Netherlands" },
+ { "NO", "Norway" },
+ { "NP", "Nepal" },
+ { "NZ", "New Zealand" },
+ { "OM", "Oman" },
+ { "PA", "Panama" },
+ { "PE", "Peru" },
+ { "PH", "Philippines" },
+ { "PK", "Islamic Republic of Pakistan" },
+ { "PL", "Poland" },
+ { "PR", "Puerto Rico" },
+ { "PT", "Portugal" },
+ { "PY", "Paraguay" },
+ { "QA", "Qatar" },
+ { "RE", "Reunion" },
+ { "RO", "Romania" },
+ { "RS", "Serbia" },
+ { "RU", "Russia" },
+ { "RW", "Rwanda" },
+ { "SA", "Saudi Arabia" },
+ { "SE", "Sweden" },
+ { "SG", "Singapore" },
+ { "SI", "Slovenia" },
+ { "SK", "Slovak" },
+ { "SN", "Senegal" },
+ { "SO", "Somalia" },
+ { "SR", "Suriname" },
+ { "SV", "El Salvador" },
+ { "SY", "Syria" },
+ { "TH", "Thailand" },
+ { "TJ", "Tajikistan" },
+ { "TM", "Turkmenistan" },
+ { "TN", "Tunisia" },
+ { "TR", "Turkey" },
+ { "TT", "Trinidad and Tobago" },
+ { "TW", "Taiwan" },
+ { "TZ", "Tanzania" },
+ { "UA", "Ukraine" },
+ { "US", "United States" },
+ { "UY", "Uruguay" },
+ { "VA", "Vatican" },
+ { "VE", "Venezuela" },
+ { "VN", "Viet Nam" },
+ { "YE", "Yemen" },
+ { "ZA", "South Africa" },
+ { "ZW", "Zimbabwe" }
+ };
+
+static int
+cmp_country_code (const void *ptr1, const void *ptr2)
+{
+ const struct table_entry *cc1 = ptr1;
+ const struct table_entry *cc2 = ptr2;
+
+ return strncmp (cc1->code, cc2->code, 2);
+}
+
+/**
+ * Validates given IBAN according to the European Banking Standards. See:
+ * http://www.europeanpaymentscouncil.eu/documents/ECBS%20IBAN%20standard%20EBS204_V3.2.pdf
+ *
+ * @param iban the IBAN number to validate
+ * @return 1 is validated successfully; 0 if not.
+ */
+static int
+validate_iban (const char *iban)
+{
+ char cc[2];
+ char ibancpy[35];
+ struct table_entry cc_entry;
+ unsigned int len;
+ char *nbuf;
+ int i,j;
+
+ len = strlen(iban);
+ if (len > 34)
+ return 0;
+ (void) strncpy (cc, iban, 2);
+ (void) strncpy (ibancpy, iban+4, len - 4);
+ (void) strncpy (ibancpy + len - 4, iban, 4);
+ ibancpy[len] = '\0';
+ cc_entry.code = cc;
+ cc_entry.english = NULL;
+ if (NULL ==
+ bsearch (&cc_entry, country_table,
+ sizeof(country_table)/sizeof(struct table_entry),
+ sizeof (struct table_entry),
+ &cmp_country_code))
+ return 0;
+ nbuf = GNUNET_malloc((len * 2) + 1);
+ for (i=0, j=0; i < len; i++)
+ {
+ if(isalpha(ibancpy[i]))
+ {
+ EXITIF(2 != snprintf(&nbuf[j], 3, "%2u", (ibancpy[i] - 'A' + 10)));
+ j+=2;
+ continue;
+ }
+ nbuf[j] = ibancpy[i];
+ j++;
+ }
+ for (j=0; ;j++)
+ {
+ if ('\0' == nbuf[j])
+ break;
+ GNUNET_assert (isdigit(nbuf[j]));
+ }
+ unsigned long long dividend;
+ unsigned long long remainder = 0;
+ int nread;
+ int ret;
+ GNUNET_assert (sizeof(dividend) >= 8);
+ for (i=0; i<j; i+=16)
+ {
+ EXITIF (1 != (ret = sscanf(&nbuf[i], "%16llu %n", &dividend, &nread)));
+ if (0 != remainder)
+ dividend += remainder * (pow (10, nread));
+ remainder = dividend % 97;
+ }
+ EXITIF (1 != remainder);
+ GNUNET_free (nbuf);
+ return 1;
+
+ EXITIF_exit:
+ GNUNET_free (nbuf);
+ return 0;
+}
+
+/**
+ * Check if the given wire format JSON object is correctly formatted
+ *
+ * @param type the type of the wire format
+ * @param wire the JSON wire format object
+ * @return 1 if correctly formatted; 0 if not
+ */
+int
+TALER_JSON_validate_wireformat (const char *type, json_t *wire)
+{
+ json_error_t error;
+ if (0 == strcmp ("SEPA", type))
+ {
+ const char *type;
+ const char *iban;
+ const char *name;
+ const char *bic;
+ const char *edate;
+ uint64_t r;
+ const char *address;
+ UNPACK_EXITIF (0 != json_unpack_ex
+ (wire, &error, JSON_STRICT,
+ "{"
+ "s:s " /* type: "SEPA" */
+ "s:s " /* IBAN: iban */
+ "s:s " /* name: beneficiary name */
+ "s:s " /* BIC: beneficiary bank's BIC */
+ "s:s " /* edate: transfer execution date */
+ "s:i " /* r: random 64-bit integer nounce */
+ "s?s " /* address: address of the beneficiary */
+ "}",
+ "type", &type,
+ "IBAN", &iban,
+ "name", &name,
+ "bic", &bic,
+ "edate", &edate,
+ "r", &r,
+ "address", &address));
+ EXITIF (0 != strcmp (type, "SEPA"));
+ EXITIF (1 != validate_iban (iban));
+ return 1;
+ }
+
+ EXITIF_exit:
+ return 0;
+}
+
/* End of util/json.c */
diff --git a/src/util/test_json_validations.c b/src/util/test_json_validations.c
new file mode 100644
index 000000000..a5747c94a
--- /dev/null
+++ b/src/util/test_json_validations.c
@@ -0,0 +1,54 @@
+/*
+ This file is part of TALER
+ (C) 2014 Christian Grothoff (and other contributing authors)
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/>
+*/
+
+/**
+ * @file util/test_json_validations.c
+ * @brief Tests for JSON validations
+ * @author Sree Harsha Totakura <sreeharsha@totakura.in>
+ */
+
+#include "platform.h"
+#include "taler_util.h"
+#include "taler_json_lib.h"
+
+static const char * const json_wire_str =
+ "{ \"type\":\"SEPA\", \
+\"IBAN\":\"DE67830654080004822650\", \
+\"name\":\"GNUnet e.V.\", \
+\"bic\":\"GENODEF1SLR\", \
+\"edate\":\"1449930207000\", \
+\"r\":123456789, \
+\"address\": \"foobar\"}";
+
+int main(int argc, const char *const argv[])
+{
+ json_t *wire;
+ json_error_t error;
+ int ret;
+
+ GNUNET_log_setup ("test-json-validations", "WARNING", NULL);
+ (void) memset(&error, 0, sizeof(error));
+ wire = json_loads (json_wire_str, 0, &error);
+ if (NULL == wire)
+ {
+ TALER_JSON_warn (error);
+ return 2;
+ }
+ ret = TALER_JSON_validate_wireformat ("SEPA", wire);
+ if (1 == ret)
+ return 0;
+ return 1;
+}