From 698f356659b1c2b029eaaa22c74f3474ff2f99c1 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 6 Jun 2023 17:18:53 +0200 Subject: wallet-core: check base URL reported by exchange --- packages/taler-wallet-core/src/operations/exchanges.ts | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'packages/taler-wallet-core/src') diff --git a/packages/taler-wallet-core/src/operations/exchanges.ts b/packages/taler-wallet-core/src/operations/exchanges.ts index 29d2451e6..40ef22c6d 100644 --- a/packages/taler-wallet-core/src/operations/exchanges.ts +++ b/packages/taler-wallet-core/src/operations/exchanges.ts @@ -38,11 +38,13 @@ import { j2s, LibtoolVersion, Logger, + makeErrorDetail, NotificationType, parsePaytoUri, Recoup, TalerError, TalerErrorCode, + TalerErrorDetail, TalerPreciseTimestamp, TalerProtocolDuration, TalerProtocolTimestamp, @@ -421,6 +423,7 @@ export async function provideExchangeRecordInTx( } interface ExchangeKeysDownloadResult { + baseUrl: string; masterPublicKey: string; currency: string; auditors: ExchangeAuditor[]; @@ -486,6 +489,7 @@ async function downloadExchangeKeysInfo( return { masterPublicKey: exchangeKeysJsonUnchecked.master_public_key, currency, + baseUrl: exchangeKeysJsonUnchecked.base_url, auditors: exchangeKeysJsonUnchecked.auditors, currentDenominations: exchangeKeysJsonUnchecked.denoms.map((d) => denominationRecordFromKeys( @@ -650,6 +654,20 @@ export async function updateExchangeFromUrlHandler( keysInfo.globalFees, keysInfo.masterPublicKey, ); + if (keysInfo.baseUrl != exchangeBaseUrl) { + logger.warn("exchange base URL mismatch"); + const errorDetail: TalerErrorDetail = makeErrorDetail( + TalerErrorCode.WALLET_EXCHANGE_BASE_URL_MISMATCH, + { + urlWallet: exchangeBaseUrl, + urlExchange: keysInfo.baseUrl, + }, + ); + return { + type: OperationAttemptResultType.Error, + errorDetail, + }; + } logger.info("finished validating exchange /wire info"); -- cgit v1.2.3