diff options
Diffstat (limited to 'src/json/json_wire.c')
-rw-r--r-- | src/json/json_wire.c | 338 |
1 files changed, 338 insertions, 0 deletions
diff --git a/src/json/json_wire.c b/src/json/json_wire.c index 5052f458f..4c5b7d647 100644 --- a/src/json/json_wire.c +++ b/src/json/json_wire.c @@ -24,6 +24,338 @@ #include "taler_json_lib.h" +/* Taken from GNU gettext */ + +/** + * Entry in the country table. + */ +struct CountryTableEntry +{ + /** + * 2-Character international country code. + */ + const char *code; + + /** + * Long English name of the country. + */ + const char *english; +}; + + +/* Keep the following table in sync with gettext. + WARNING: the entries should stay sorted according to the code */ +/** + * List of country codes. + */ +static const struct CountryTableEntry country_table[] = { + { "AE", "U.A.E." }, + { "AF", "Afghanistan" }, + { "AL", "Albania" }, + { "AM", "Armenia" }, + { "AN", "Netherlands Antilles" }, + { "AR", "Argentina" }, + { "AT", "Austria" }, + { "AU", "Australia" }, + { "AZ", "Azerbaijan" }, + { "BA", "Bosnia and Herzegovina" }, + { "BD", "Bangladesh" }, + { "BE", "Belgium" }, + { "BG", "Bulgaria" }, + { "BH", "Bahrain" }, + { "BN", "Brunei Darussalam" }, + { "BO", "Bolivia" }, + { "BR", "Brazil" }, + { "BT", "Bhutan" }, + { "BY", "Belarus" }, + { "BZ", "Belize" }, + { "CA", "Canada" }, + { "CG", "Congo" }, + { "CH", "Switzerland" }, + { "CI", "Cote d'Ivoire" }, + { "CL", "Chile" }, + { "CM", "Cameroon" }, + { "CN", "People's Republic of China" }, + { "CO", "Colombia" }, + { "CR", "Costa Rica" }, + { "CS", "Serbia and Montenegro" }, + { "CZ", "Czech Republic" }, + { "DE", "Germany" }, + { "DK", "Denmark" }, + { "DO", "Dominican Republic" }, + { "DZ", "Algeria" }, + { "EC", "Ecuador" }, + { "EE", "Estonia" }, + { "EG", "Egypt" }, + { "ER", "Eritrea" }, + { "ES", "Spain" }, + { "ET", "Ethiopia" }, + { "FI", "Finland" }, + { "FO", "Faroe Islands" }, + { "FR", "France" }, + { "GB", "United Kingdom" }, + { "GD", "Caribbean" }, + { "GE", "Georgia" }, + { "GL", "Greenland" }, + { "GR", "Greece" }, + { "GT", "Guatemala" }, + { "HK", "Hong Kong" }, + { "HK", "Hong Kong S.A.R." }, + { "HN", "Honduras" }, + { "HR", "Croatia" }, + { "HT", "Haiti" }, + { "HU", "Hungary" }, + { "ID", "Indonesia" }, + { "IE", "Ireland" }, + { "IL", "Israel" }, + { "IN", "India" }, + { "IQ", "Iraq" }, + { "IR", "Iran" }, + { "IS", "Iceland" }, + { "IT", "Italy" }, + { "JM", "Jamaica" }, + { "JO", "Jordan" }, + { "JP", "Japan" }, + { "KE", "Kenya" }, + { "KG", "Kyrgyzstan" }, + { "KH", "Cambodia" }, + { "KR", "South Korea" }, + { "KW", "Kuwait" }, + { "KZ", "Kazakhstan" }, + { "LA", "Laos" }, + { "LB", "Lebanon" }, + { "LI", "Liechtenstein" }, + { "LK", "Sri Lanka" }, + { "LT", "Lithuania" }, + { "LU", "Luxembourg" }, + { "LV", "Latvia" }, + { "LY", "Libya" }, + { "MA", "Morocco" }, + { "MC", "Principality of Monaco" }, + { "MD", "Moldava" }, + { "MD", "Moldova" }, + { "ME", "Montenegro" }, + { "MK", "Former Yugoslav Republic of Macedonia" }, + { "ML", "Mali" }, + { "MM", "Myanmar" }, + { "MN", "Mongolia" }, + { "MO", "Macau S.A.R." }, + { "MT", "Malta" }, + { "MV", "Maldives" }, + { "MX", "Mexico" }, + { "MY", "Malaysia" }, + { "NG", "Nigeria" }, + { "NI", "Nicaragua" }, + { "NL", "Netherlands" }, + { "NO", "Norway" }, + { "NP", "Nepal" }, + { "NZ", "New Zealand" }, + { "OM", "Oman" }, + { "PA", "Panama" }, + { "PE", "Peru" }, + { "PH", "Philippines" }, + { "PK", "Islamic Republic of Pakistan" }, + { "PL", "Poland" }, + { "PR", "Puerto Rico" }, + { "PT", "Portugal" }, + { "PY", "Paraguay" }, + { "QA", "Qatar" }, + { "RE", "Reunion" }, + { "RO", "Romania" }, + { "RS", "Serbia" }, + { "RU", "Russia" }, + { "RW", "Rwanda" }, + { "SA", "Saudi Arabia" }, + { "SE", "Sweden" }, + { "SG", "Singapore" }, + { "SI", "Slovenia" }, + { "SK", "Slovak" }, + { "SN", "Senegal" }, + { "SO", "Somalia" }, + { "SR", "Suriname" }, + { "SV", "El Salvador" }, + { "SY", "Syria" }, + { "TH", "Thailand" }, + { "TJ", "Tajikistan" }, + { "TM", "Turkmenistan" }, + { "TN", "Tunisia" }, + { "TR", "Turkey" }, + { "TT", "Trinidad and Tobago" }, + { "TW", "Taiwan" }, + { "TZ", "Tanzania" }, + { "UA", "Ukraine" }, + { "US", "United States" }, + { "UY", "Uruguay" }, + { "VA", "Vatican" }, + { "VE", "Venezuela" }, + { "VN", "Viet Nam" }, + { "YE", "Yemen" }, + { "ZA", "South Africa" }, + { "ZW", "Zimbabwe" } +}; + + +/** + * Country code comparator function, for binary search with bsearch(). + * + * @param ptr1 pointer to a `struct table_entry` + * @param ptr2 pointer to a `struct table_entry` + * @return result of strncmp()'ing the 2-digit country codes of the entries + */ +static int +cmp_country_code (const void *ptr1, + const void *ptr2) +{ + const struct CountryTableEntry *cc1 = ptr1; + const struct CountryTableEntry *cc2 = ptr2; + + return strncmp (cc1->code, + cc2->code, + 2); +} + + +/** + * Validates given IBAN according to the European Banking Standards. See: + * http://www.europeanpaymentscouncil.eu/documents/ECBS%20IBAN%20standard%20EBS204_V3.2.pdf + * + * @param iban the IBAN number to validate + * @return #GNUNET_YES if correctly formatted; #GNUNET_NO if not + */ +static int +validate_iban (const char *iban) +{ + char cc[2]; + char ibancpy[35]; + struct CountryTableEntry cc_entry; + unsigned int len; + char *nbuf; + unsigned long long dividend; + unsigned long long remainder; + int nread; + int ret; + unsigned int i; + unsigned int j; + + len = strlen (iban); + if (len > 34) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "IBAN number too long to be valid\n"); + return GNUNET_NO; + } + strncpy (cc, iban, 2); + strncpy (ibancpy, iban + 4, len - 4); + strncpy (ibancpy + len - 4, iban, 4); + ibancpy[len] = '\0'; + cc_entry.code = cc; + cc_entry.english = NULL; + if (NULL == + bsearch (&cc_entry, + country_table, + sizeof (country_table) / sizeof (struct CountryTableEntry), + sizeof (struct CountryTableEntry), + &cmp_country_code)) + { + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "Country code `%c%c' not supported\n", + cc[0], + cc[1]); + return GNUNET_NO; + } + nbuf = GNUNET_malloc ((len * 2) + 1); + for (i = 0, j = 0; i < len; i++) + { + if (isalpha ((unsigned char) ibancpy[i])) + { + if (2 != snprintf (&nbuf[j], + 3, + "%2u", + (ibancpy[i] - 'A' + 10))) + { + GNUNET_free (nbuf); + return GNUNET_NO; + } + j += 2; + continue; + } + nbuf[j] = ibancpy[i]; + j++; + } + for (j = 0; '\0' != nbuf[j]; j++) + GNUNET_assert (isdigit ( (unsigned char) nbuf[j])); + GNUNET_assert (sizeof(dividend) >= 8); + remainder = 0; + for (unsigned int i = 0; i<j; i += 16) + { + if (1 != + (ret = sscanf (&nbuf[i], + "%16llu %n", + ÷nd, + &nread))) + { + GNUNET_free (nbuf); + GNUNET_break_op (0); + return GNUNET_NO; + } + if (0 != remainder) + dividend += remainder * (pow (10, nread)); + remainder = dividend % 97; + } + GNUNET_free (nbuf); + if (1 == remainder) + return GNUNET_YES; + GNUNET_log (GNUNET_ERROR_TYPE_INFO, + "IBAN checksum wrong\n"); + return GNUNET_NO; +} + + +/** + * Valudate payto://iban/ account URL (only account information, + * wire subject and amount are ignored). + * + * @param account_url URL to parse + * @return #GNUNET_YES if @a account_url is a valid payto://iban URI, + * #GNUNET_NO if @a account_url is a payto URI of a different type, + * #GNUNET_SYSERR if the IBAN (checksum) is incorrect + */ +int +validate_payto_iban (const char *account_url) +{ + const char *iban; + const char *q; + char *result; + +#define PREFIX "payto://iban/" + if (0 != strncasecmp (account_url, + PREFIX, + strlen (PREFIX))) + return GNUNET_NO; + iban = &account_url[strlen (PREFIX)]; +#undef PREFIX + q = strchr (iban, + '?'); + if (NULL != q) + { + result = GNUNET_strndup (iban, + q - iban); + } + else + { + result = GNUNET_strdup (iban); + } + if (GNUNET_OK != + validate_iban (result)) + { + GNUNET_free (result); + return GNUNET_SYSERR; + } + GNUNET_free (result); + return GNUNET_YES; +} + + /** * Compute the hash of the given wire details. The resulting * hash is what is put into the contract. @@ -88,6 +420,12 @@ TALER_JSON_exchange_wire_signature_check (const json_t *wire_s, return GNUNET_SYSERR; } + if (GNUNET_SYSERR == validate_payto_iban (payto_url)) + { + GNUNET_break_op (0); + return GNUNET_SYSERR; + } + return TALER_exchange_wire_signature_check (payto_url, master_pub, &master_sig); |