diff options
author | Sree Harsha Totakura <sreeharsha@totakura.in> | 2015-02-17 17:23:13 +0100 |
---|---|---|
committer | Sree Harsha Totakura <sreeharsha@totakura.in> | 2015-02-17 17:29:43 +0100 |
commit | bea425de6cbbfb054a19e0f2312c5ef00c2e1bbe (patch) | |
tree | f0c5b1b1d1a1df235555dd5ed3a1a624bd3c8886 | |
parent | 2f51cd3e3ec8a439e54be154a0c5b639483fb919 (diff) |
Fix #3624: Check JSON format for wire deposits (SEPA specification)
-rw-r--r-- | src/include/taler_json_lib.h | 18 | ||||
-rw-r--r-- | src/util/Makefile.am | 12 | ||||
-rw-r--r-- | src/util/json.c | 294 | ||||
-rw-r--r-- | src/util/test_json_validations.c | 54 |
4 files changed, 368 insertions, 10 deletions
diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h index 262e612cc..f0ae923f4 100644 --- a/src/include/taler_json_lib.h +++ b/src/include/taler_json_lib.h @@ -23,6 +23,14 @@ #include <jansson.h> +/** + * Print JSON parsing related error information + */ +#define TALER_JSON_warn(error) \ + GNUNET_log (GNUNET_ERROR_TYPE_WARNING, \ + "JSON parsing failed at %s:%u: %s (%s)\n", \ + __FILE__, __LINE__, error.text, error.source) + /** * Convert a TALER amount to a JSON object. @@ -103,6 +111,16 @@ TALER_JSON_to_data (json_t *json, void *out, size_t out_size); +/** + * Check if the given wire format JSON object is correctly formatted + * + * @param type the type of the wire format + * @param wire the JSON wire format object + * @return 1 if correctly formatted; 0 if not + */ +int +TALER_JSON_validate_wireformat (const char *type, json_t *wire); + #endif /* TALER_JSON_LIB_H_ */ diff --git a/src/util/Makefile.am b/src/util/Makefile.am index a7f9fe3f7..a15d42ad8 100644 --- a/src/util/Makefile.am +++ b/src/util/Makefile.am @@ -19,3 +19,15 @@ libtalerutil_la_LIBADD = \ libtalerutil_la_LDFLAGS = \ -version-info 0:0:0 \ -export-dynamic -no-undefined + +TESTS=\ + test-json-validations + +check_PROGRAMS=\ + test-json-validations + +test_json_validations_SOURCES=test_json_validations.c +test_json_validations_LDADD=\ + -lgnunetutil \ + -ljansson \ + libtalerutil.la diff --git a/src/util/json.c b/src/util/json.c index 55717c5e0..02591d7bf 100644 --- a/src/util/json.c +++ b/src/util/json.c @@ -32,19 +32,11 @@ } while (0) /** - * Print JSON parsing related error information - */ -#define WARN_JSON(error) \ - GNUNET_log (GNUNET_ERROR_TYPE_WARNING, \ - "JSON parsing failed at %s:%u: %s (%s)", \ - __FILE__, __LINE__, error.text, error.source) - -/** * Shorthand for JSON parsing related exit jumps. */ -#define UNPACK_EXITIF(cond) \ +#define UNPACK_EXITIF(cond) \ do { \ - if (cond) { WARN_JSON(error); goto EXITIF_exit; } \ + if (cond) { TALER_JSON_warn (error); goto EXITIF_exit; } \ } while (0) @@ -221,4 +213,286 @@ TALER_JSON_to_data (json_t *json, return GNUNET_SYSERR; } +/* Taken from GNU gettext */ +struct table_entry +{ + const char *code; + const char *english; +}; +/* Keep the following table in sync with gettext. + WARNING: the entries should stay sorted according to the code */ +static const struct table_entry country_table[] = + { + { "AE", "U.A.E." }, + { "AF", "Afghanistan" }, + { "AL", "Albania" }, + { "AM", "Armenia" }, + { "AN", "Netherlands Antilles" }, + { "AR", "Argentina" }, + { "AT", "Austria" }, + { "AU", "Australia" }, + { "AZ", "Azerbaijan" }, + { "BA", "Bosnia and Herzegovina" }, + { "BD", "Bangladesh" }, + { "BE", "Belgium" }, + { "BG", "Bulgaria" }, + { "BH", "Bahrain" }, + { "BN", "Brunei Darussalam" }, + { "BO", "Bolivia" }, + { "BR", "Brazil" }, + { "BT", "Bhutan" }, + { "BY", "Belarus" }, + { "BZ", "Belize" }, + { "CA", "Canada" }, + { "CG", "Congo" }, + { "CH", "Switzerland" }, + { "CI", "Cote d'Ivoire" }, + { "CL", "Chile" }, + { "CM", "Cameroon" }, + { "CN", "People's Republic of China" }, + { "CO", "Colombia" }, + { "CR", "Costa Rica" }, + { "CS", "Serbia and Montenegro" }, + { "CZ", "Czech Republic" }, + { "DE", "Germany" }, + { "DK", "Denmark" }, + { "DO", "Dominican Republic" }, + { "DZ", "Algeria" }, + { "EC", "Ecuador" }, + { "EE", "Estonia" }, + { "EG", "Egypt" }, + { "ER", "Eritrea" }, + { "ES", "Spain" }, + { "ET", "Ethiopia" }, + { "FI", "Finland" }, + { "FO", "Faroe Islands" }, + { "FR", "France" }, + { "GB", "United Kingdom" }, + { "GD", "Caribbean" }, + { "GE", "Georgia" }, + { "GL", "Greenland" }, + { "GR", "Greece" }, + { "GT", "Guatemala" }, + { "HK", "Hong Kong" }, + { "HK", "Hong Kong S.A.R." }, + { "HN", "Honduras" }, + { "HR", "Croatia" }, + { "HT", "Haiti" }, + { "HU", "Hungary" }, + { "ID", "Indonesia" }, + { "IE", "Ireland" }, + { "IL", "Israel" }, + { "IN", "India" }, + { "IQ", "Iraq" }, + { "IR", "Iran" }, + { "IS", "Iceland" }, + { "IT", "Italy" }, + { "JM", "Jamaica" }, + { "JO", "Jordan" }, + { "JP", "Japan" }, + { "KE", "Kenya" }, + { "KG", "Kyrgyzstan" }, + { "KH", "Cambodia" }, + { "KR", "South Korea" }, + { "KW", "Kuwait" }, + { "KZ", "Kazakhstan" }, + { "LA", "Laos" }, + { "LB", "Lebanon" }, + { "LI", "Liechtenstein" }, + { "LK", "Sri Lanka" }, + { "LT", "Lithuania" }, + { "LU", "Luxembourg" }, + { "LV", "Latvia" }, + { "LY", "Libya" }, + { "MA", "Morocco" }, + { "MC", "Principality of Monaco" }, + { "MD", "Moldava" }, + { "MD", "Moldova" }, + { "ME", "Montenegro" }, + { "MK", "Former Yugoslav Republic of Macedonia" }, + { "ML", "Mali" }, + { "MM", "Myanmar" }, + { "MN", "Mongolia" }, + { "MO", "Macau S.A.R." }, + { "MT", "Malta" }, + { "MV", "Maldives" }, + { "MX", "Mexico" }, + { "MY", "Malaysia" }, + { "NG", "Nigeria" }, + { "NI", "Nicaragua" }, + { "NL", "Netherlands" }, + { "NO", "Norway" }, + { "NP", "Nepal" }, + { "NZ", "New Zealand" }, + { "OM", "Oman" }, + { "PA", "Panama" }, + { "PE", "Peru" }, + { "PH", "Philippines" }, + { "PK", "Islamic Republic of Pakistan" }, + { "PL", "Poland" }, + { "PR", "Puerto Rico" }, + { "PT", "Portugal" }, + { "PY", "Paraguay" }, + { "QA", "Qatar" }, + { "RE", "Reunion" }, + { "RO", "Romania" }, + { "RS", "Serbia" }, + { "RU", "Russia" }, + { "RW", "Rwanda" }, + { "SA", "Saudi Arabia" }, + { "SE", "Sweden" }, + { "SG", "Singapore" }, + { "SI", "Slovenia" }, + { "SK", "Slovak" }, + { "SN", "Senegal" }, + { "SO", "Somalia" }, + { "SR", "Suriname" }, + { "SV", "El Salvador" }, + { "SY", "Syria" }, + { "TH", "Thailand" }, + { "TJ", "Tajikistan" }, + { "TM", "Turkmenistan" }, + { "TN", "Tunisia" }, + { "TR", "Turkey" }, + { "TT", "Trinidad and Tobago" }, + { "TW", "Taiwan" }, + { "TZ", "Tanzania" }, + { "UA", "Ukraine" }, + { "US", "United States" }, + { "UY", "Uruguay" }, + { "VA", "Vatican" }, + { "VE", "Venezuela" }, + { "VN", "Viet Nam" }, + { "YE", "Yemen" }, + { "ZA", "South Africa" }, + { "ZW", "Zimbabwe" } + }; + +static int +cmp_country_code (const void *ptr1, const void *ptr2) +{ + const struct table_entry *cc1 = ptr1; + const struct table_entry *cc2 = ptr2; + + return strncmp (cc1->code, cc2->code, 2); +} + +/** + * Validates given IBAN according to the European Banking Standards. See: + * http://www.europeanpaymentscouncil.eu/documents/ECBS%20IBAN%20standard%20EBS204_V3.2.pdf + * + * @param iban the IBAN number to validate + * @return 1 is validated successfully; 0 if not. + */ +static int +validate_iban (const char *iban) +{ + char cc[2]; + char ibancpy[35]; + struct table_entry cc_entry; + unsigned int len; + char *nbuf; + int i,j; + + len = strlen(iban); + if (len > 34) + return 0; + (void) strncpy (cc, iban, 2); + (void) strncpy (ibancpy, iban+4, len - 4); + (void) strncpy (ibancpy + len - 4, iban, 4); + ibancpy[len] = '\0'; + cc_entry.code = cc; + cc_entry.english = NULL; + if (NULL == + bsearch (&cc_entry, country_table, + sizeof(country_table)/sizeof(struct table_entry), + sizeof (struct table_entry), + &cmp_country_code)) + return 0; + nbuf = GNUNET_malloc((len * 2) + 1); + for (i=0, j=0; i < len; i++) + { + if(isalpha(ibancpy[i])) + { + EXITIF(2 != snprintf(&nbuf[j], 3, "%2u", (ibancpy[i] - 'A' + 10))); + j+=2; + continue; + } + nbuf[j] = ibancpy[i]; + j++; + } + for (j=0; ;j++) + { + if ('\0' == nbuf[j]) + break; + GNUNET_assert (isdigit(nbuf[j])); + } + unsigned long long dividend; + unsigned long long remainder = 0; + int nread; + int ret; + GNUNET_assert (sizeof(dividend) >= 8); + for (i=0; i<j; i+=16) + { + EXITIF (1 != (ret = sscanf(&nbuf[i], "%16llu %n", ÷nd, &nread))); + if (0 != remainder) + dividend += remainder * (pow (10, nread)); + remainder = dividend % 97; + } + EXITIF (1 != remainder); + GNUNET_free (nbuf); + return 1; + + EXITIF_exit: + GNUNET_free (nbuf); + return 0; +} + +/** + * Check if the given wire format JSON object is correctly formatted + * + * @param type the type of the wire format + * @param wire the JSON wire format object + * @return 1 if correctly formatted; 0 if not + */ +int +TALER_JSON_validate_wireformat (const char *type, json_t *wire) +{ + json_error_t error; + if (0 == strcmp ("SEPA", type)) + { + const char *type; + const char *iban; + const char *name; + const char *bic; + const char *edate; + uint64_t r; + const char *address; + UNPACK_EXITIF (0 != json_unpack_ex + (wire, &error, JSON_STRICT, + "{" + "s:s " /* type: "SEPA" */ + "s:s " /* IBAN: iban */ + "s:s " /* name: beneficiary name */ + "s:s " /* BIC: beneficiary bank's BIC */ + "s:s " /* edate: transfer execution date */ + "s:i " /* r: random 64-bit integer nounce */ + "s?s " /* address: address of the beneficiary */ + "}", + "type", &type, + "IBAN", &iban, + "name", &name, + "bic", &bic, + "edate", &edate, + "r", &r, + "address", &address)); + EXITIF (0 != strcmp (type, "SEPA")); + EXITIF (1 != validate_iban (iban)); + return 1; + } + + EXITIF_exit: + return 0; +} + /* End of util/json.c */ diff --git a/src/util/test_json_validations.c b/src/util/test_json_validations.c new file mode 100644 index 000000000..a5747c94a --- /dev/null +++ b/src/util/test_json_validations.c @@ -0,0 +1,54 @@ +/* + This file is part of TALER + (C) 2014 Christian Grothoff (and other contributing authors) + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU General Public License as published by the Free Software + Foundation; either version 3, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along with + TALER; see the file COPYING. If not, If not, see <http://www.gnu.org/licenses/> +*/ + +/** + * @file util/test_json_validations.c + * @brief Tests for JSON validations + * @author Sree Harsha Totakura <sreeharsha@totakura.in> + */ + +#include "platform.h" +#include "taler_util.h" +#include "taler_json_lib.h" + +static const char * const json_wire_str = + "{ \"type\":\"SEPA\", \ +\"IBAN\":\"DE67830654080004822650\", \ +\"name\":\"GNUnet e.V.\", \ +\"bic\":\"GENODEF1SLR\", \ +\"edate\":\"1449930207000\", \ +\"r\":123456789, \ +\"address\": \"foobar\"}"; + +int main(int argc, const char *const argv[]) +{ + json_t *wire; + json_error_t error; + int ret; + + GNUNET_log_setup ("test-json-validations", "WARNING", NULL); + (void) memset(&error, 0, sizeof(error)); + wire = json_loads (json_wire_str, 0, &error); + if (NULL == wire) + { + TALER_JSON_warn (error); + return 2; + } + ret = TALER_JSON_validate_wireformat ("SEPA", wire); + if (1 == ret) + return 0; + return 1; +} |