remove dependency in taler-wallet-lib, implement pay signature check/storage

2017-04-26 03:10:52 +02:00 · 2017-04-26 03:10:52 +02:00 · 79a2eed558
commit 79a2eed558
parent 9aab9fd613
11 changed files with 546 additions and 347 deletions
--- a/manifest.json
+++ b/manifest.json
@ -43,7 +43,6 @@
    {
      "matches": ["*://*/*"],
      "js": [
-        "src/taler-wallet-lib.js",
        "dist/contentScript-bundle.js"
      ],
      "run_at": "document_start"
--- a/node_modules/.yarn-integrity
+++ b/node_modules/.yarn-integrity
@ -1 +1 @@
-0dc42bcf25ec3d59c7bd394b1d9f751da1a3446ef6012260b277831cef6de2bf
+751d3ff225403bea12799f2c0ad32d26a0ff81a4f88821c8f1615d3ddc5a9533
--- a/src/content_scripts/notify.ts
+++ b/src/content_scripts/notify.ts
@ -23,46 +23,37 @@
 */


-"use strict";
-
 import URI = require("urijs");

 declare var cloneInto: any;

-// Make sure we don't pollute the namespace too much.
-namespace TalerNotify {
-  const PROTOCOL_VERSION = 1;
+const PROTOCOL_VERSION = 1;

-  let logVerbose: boolean = false;
-  try {
+let logVerbose: boolean = false;
+try {
  logVerbose = !!localStorage.getItem("taler-log-verbose");
-  } catch (e) {
+} catch (e) {
  // can't read from local storage
-  }
+}

-  if (!taler) {
-    console.error("Taler wallet lib not included, HTTP 402 payments not" +
-                  " supported");
-  }
-
-  if (document.documentElement.getAttribute("data-taler-nojs")) {
+if (document.documentElement.getAttribute("data-taler-nojs")) {
  document.dispatchEvent(new Event("taler-probe-result"));
-  }
+}


-  function subst(url: string, H_contract: string) {
+function subst(url: string, H_contract: string) {
  url = url.replace("${H_contract}", H_contract);
  url = url.replace("${$}", "$");
  return url;
-  }
+}

-  interface Handler {
+interface Handler {
  type: string;
  listener: (e: CustomEvent) => void|Promise<void>;
-  }
-  const handlers: Handler[] = [];
+}
+const handlers: Handler[] = [];

-  function hashContract(contract: string): Promise<string> {
+function hashContract(contract: string): Promise<string> {
  let walletHashContractMsg = {
    type: "hash-contract",
    detail: {contract}
@ -76,9 +67,9 @@ namespace TalerNotify {
      resolve(resp.hash);
    });
  });
-  }
+}

-  function queryPayment(url: string): Promise<any> {
+function queryPayment(url: string): Promise<any> {
  const walletMsg = {
    type: "query-payment",
    detail: { url },
@ -88,9 +79,9 @@ namespace TalerNotify {
      resolve(resp);
    });
  });
-  }
+}

-  function putHistory(historyEntry: any): Promise<void> {
+function putHistory(historyEntry: any): Promise<void> {
  const walletMsg = {
    type: "put-history-entry",
    detail: {
@ -102,9 +93,9 @@ namespace TalerNotify {
      resolve();
    });
  });
-  }
+}

-  function saveOffer(offer: any): Promise<number> {
+function saveOffer(offer: any): Promise<number> {
  const walletMsg = {
    type: "save-offer",
    detail: {
@ -125,21 +116,155 @@ namespace TalerNotify {
      }
    });
  });
+}
+
+
+
+
+let sheet: CSSStyleSheet|null;
+
+function initStyle() {
+  logVerbose && console.log("taking over styles");
+  const name = "taler-presence-stylesheet";
+  const content = "/* Taler stylesheet controlled by JS */";
+  let style = document.getElementById(name) as HTMLStyleElement|null; 
+  if (!style) {
+    style = document.createElement("style");
+    // Needed by WebKit
+    style.appendChild(document.createTextNode(content));
+    style.id = name;
+    document.head.appendChild(style);
+    sheet = style.sheet as CSSStyleSheet;
+  } else {
+    // We've taken over the stylesheet now,
+    // make it clear by clearing all the rules in it
+    // and making it obvious in the DOM.
+    if (style.tagName.toLowerCase() === "style") {
+      style.innerText = content;
+    }
+    if (!style.sheet) {
+      throw Error("taler-presence-stylesheet should be a style sheet (<link> or <style>)");
+    }
+    sheet = style.sheet as CSSStyleSheet;
+    while (sheet.cssRules.length > 0) {
+      sheet.deleteRule(0);
+    }
+  }
+}
+
+
+function setStyles(installed: boolean) {
+  if (!sheet || !sheet.cssRules) {
+    return;
+  }
+  while (sheet.cssRules.length > 0) {
+    sheet.deleteRule(0);
+  }
+  if (installed) {
+    sheet.insertRule(".taler-installed-hide { display: none; }", 0);
+    sheet.insertRule(".taler-probed-hide { display: none; }", 0);
+  } else {
+    sheet.insertRule(".taler-installed-show { display: none; }", 0);
+  }
+}
+
+
+
+function handlePaymentResponse(walletResp: any) {
+  /**
+   * Handle a failed payment.
+   *
+   * Try to notify the wallet first, before we show a potentially
+   * synchronous error message (such as an alert) or leave the page.
+   */
+  function handleFailedPayment(r: XMLHttpRequest) {
+    let timeoutHandle: number|null = null;
+    function err() {
+      // FIXME: proper error reporting!
+      console.log("pay-failed", {status: r.status, response: r.responseText});
+    }
+    function onTimeout() {
+      timeoutHandle = null
+      err();
+    }
+    talerPaymentFailed(walletResp.H_contract).then(() => {
+      if (timeoutHandle != null) {
+        clearTimeout(timeoutHandle);
+        timeoutHandle = null;
+      }
+      err();
+    })
+    timeoutHandle = setTimeout(onTimeout, 200);
  }

-  function init() {
+
+  logVerbose && console.log("handling taler-notify-payment: ", walletResp);
+  // Payment timeout in ms.
+  let timeout_ms = 1000;
+  // Current request.
+  let r: XMLHttpRequest|null;
+  let timeoutHandle: number|null = null;
+  function sendPay() {
+    r = new XMLHttpRequest();
+    r.open("post", walletResp.contract.pay_url);
+    r.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
+    r.send(JSON.stringify(walletResp.payReq));
+    r.onload = function() {
+      if (!r) {
+        return;
+      }
+      switch (r.status) {
+        case 200:
+          const merchantResp = JSON.parse(r.responseText);
+          logVerbose && console.log("got success from pay_url");
+          talerPaymentSucceeded({H_contract: walletResp.H_contract, merchantSig: merchantResp.sig}).then(() => {
+            let nextUrl = walletResp.contract.fulfillment_url;
+            logVerbose && console.log("taler-payment-succeeded done, going to", nextUrl);
+            window.location.href = nextUrl;
+            window.location.reload(true);
+          });
+          break;
+        default:
+          handleFailedPayment(r);
+          break;
+      }
+      r = null;
+      if (timeoutHandle != null) {
+        clearTimeout(timeoutHandle!);
+        timeoutHandle = null;
+      }
+    };
+    function retry() {
+      if (r) {
+        r.abort();
+        r = null;
+      }
+      timeout_ms = Math.min(timeout_ms * 2, 10 * 1000);
+      logVerbose && console.log("sendPay timed out, retrying in ", timeout_ms, "ms");
+      sendPay();
+    }
+    timeoutHandle = setTimeout(retry, timeout_ms);
+  }
+  sendPay();
+}
+
+
+function init() {
  chrome.runtime.sendMessage({type: "get-tab-cookie"}, (resp) => {
    if (chrome.runtime.lastError) {
      logVerbose && console.log("extension not yet ready");
      window.setTimeout(init, 200);
      return;
    }
+    initStyle();
+    setStyles(true);
    registerHandlers();
    // Hack to know when the extension is unloaded
    let port = chrome.runtime.connect();

    port.onDisconnect.addListener(() => {
      logVerbose && console.log("chrome runtime disconnected, removing handlers");
+      setStyles(false);
      for (let handler of handlers) {
        document.removeEventListener(handler.type, handler.listener);
      }
@ -147,20 +272,17 @@ namespace TalerNotify {

    if (resp && resp.type == "pay") {
      logVerbose && console.log("doing taler.pay with", resp.payDetail);
-        taler.internalPay(resp.payDetail);
+      talerPay(resp.payDetail).then(handlePaymentResponse);
      document.documentElement.style.visibility = "hidden";
    }
  });
-  }
+}

-  logVerbose && console.log("loading Taler content script");
-  init();
-
-  interface HandlerFn {
+interface HandlerFn {
  (detail: any, sendResponse: (msg: any) => void): void;
-  }
+}

-  function generateNonce(): Promise<string> {
+function generateNonce(): Promise<string> {
  const walletMsg = {
    type: "generate-nonce",
  };
@ -169,9 +291,9 @@ namespace TalerNotify {
      resolve(resp);
    });
  });
-  }
+}

-  function downloadContract(url: string, nonce: string): Promise<any> {
+function downloadContract(url: string, nonce: string): Promise<any> {
  let parsed_url = new URI(url);
  url = parsed_url.setQuery({nonce}).href();
  // FIXME: include and check nonce!
@ -206,9 +328,9 @@ namespace TalerNotify {
    };
    contract_request.send();
  });
-  }
+}

-  async function processProposal(proposal: any) {
+async function processProposal(proposal: any) {
  if (!proposal.data) {
    console.error("field proposal.data field missing");
    return;
@ -252,9 +374,78 @@ namespace TalerNotify {
  };
  const target = uri.query(params).href();
  document.location.replace(target);
+}
+
+function talerPay(msg: any): Promise<any> {
+  return new Promise(async(resolve, reject) => {
+    // current URL without fragment
+    let url = new URI(document.location.href).fragment("").href();
+    let res = await queryPayment(url);
+    logVerbose && console.log("taler-pay: got response", res);
+    if (res && res.payReq) {
+      resolve(res);
+      return;
+    }
+    if (msg.contract_url) {
+      let nonce = await generateNonce();
+      let proposal = await downloadContract(msg.contract_url, nonce);
+      if (proposal.data.nonce != nonce) {
+        console.error("stale contract");
+        return;
+      }
+      await processProposal(proposal);
+      return;
    }

-  function registerHandlers() {
+    if (msg.offer_url) {
+      document.location.href = msg.offer_url;
+      return;
+    }
+
+    console.log("can't proceed with payment, no way to get contract specified");
+  });
+}
+
+function talerPaymentFailed(H_contract: string) {
+  return new Promise(async(resolve, reject) => {
+    const walletMsg = {
+      type: "payment-failed",
+      detail: {
+        contractHash: H_contract
+      },
+    };
+    chrome.runtime.sendMessage(walletMsg, (resp) => {
+      resolve();
+    });
+  });
+}
+
+function talerPaymentSucceeded(msg: any) {
+  return new Promise((resolve, reject) => {
+    if (!msg.H_contract) {
+      console.error("H_contract missing in taler-payment-succeeded");
+      return;
+    }
+    if (!msg.merchantSig) {
+      console.error("merchantSig missing in taler-payment-succeeded");
+      return;
+    }
+    logVerbose && console.log("got taler-payment-succeeded");
+    const walletMsg = {
+      type: "payment-succeeded",
+      detail: {
+        merchantSig: msg.merchantSig,
+        contractHash: msg.H_contract,
+      },
+    };
+    chrome.runtime.sendMessage(walletMsg, (resp) => {
+      resolve();
+    });
+  });
+}
+
+
+function registerHandlers() {
  /**
   * Add a handler for a DOM event, which automatically
   * handles adding sequence numbers to responses.
@ -341,60 +532,21 @@ namespace TalerNotify {
  });

  addHandler("taler-pay", async(msg: any, sendResponse: any) => {
-      // current URL without fragment
-      let url = new URI(document.location.href).fragment("").href();
-      let res = await queryPayment(url);
-      logVerbose && console.log("taler-pay: got response", res);
-      if (res && res.payReq) {
-        sendResponse(res);
-        return;
-      }
-      if (msg.contract_url) {
-        let nonce = await generateNonce();
-        let proposal = await downloadContract(msg.contract_url, nonce);
-        if (proposal.data.nonce != nonce) {
-          console.error("stale contract");
-          return;
-        }
-        await processProposal(proposal);
-        return;
-      }
-
-      if (msg.offer_url) {
-        document.location.href = msg.offer_url;
-        return;
-      }
-
-      console.log("can't proceed with payment, no way to get contract specified");
+    let resp = await talerPay(msg);
+    sendResponse(resp);
  });

-    addHandler("taler-payment-failed", (msg: any, sendResponse: any) => {
-      const walletMsg = {
-        type: "payment-failed",
-        detail: {
-          contractHash: msg.H_contract
-        },
-      };
-      chrome.runtime.sendMessage(walletMsg, (resp) => {
+  addHandler("taler-payment-failed", async(msg: any, sendResponse: any) => {
+    await talerPaymentFailed(msg.H_contract);
    sendResponse();
-      })
  });

-    addHandler("taler-payment-succeeded", (msg: any, sendResponse: any) => {
-      if (!msg.H_contract) {
-        console.error("H_contract missing in taler-payment-succeeded");
-        return;
-      }
-      logVerbose && console.log("got taler-payment-succeeded");
-      const walletMsg = {
-        type: "payment-succeeded",
-        detail: {
-          contractHash: msg.H_contract,
-        },
-      };
-      chrome.runtime.sendMessage(walletMsg, (resp) => {
+  addHandler("taler-payment-succeeded", async(msg: any, sendResponse: any) => {
+    await talerPaymentSucceeded(msg);
    sendResponse();
-      })
  });
-  }
 }
+
+logVerbose && console.log("loading Taler content script");
+init();
+
--- a/src/cryptoApi.ts
+++ b/src/cryptoApi.ts
@ -235,6 +235,10 @@ export class CryptoApi {
    return this.doRpc<boolean>("isValidDenom", 2, denom, masterPub);
  }

+  isValidPaymentSignature(sig: string, contractHash: string, merchantPub: string) {
+    return this.doRpc<PayCoinInfo>("isValidPaymentSignature", 1, sig, contractHash, merchantPub);
+  }
+
  signDeposit(offer: OfferRecord,
              cds: CoinWithDenom[]): Promise<PayCoinInfo> {
    return this.doRpc<PayCoinInfo>("signDeposit", 3, offer, cds);
--- a/src/cryptoWorker.ts
+++ b/src/cryptoWorker.ts
@ -97,6 +97,20 @@ namespace RpcFunctions {
  }


+  export function isValidPaymentSignature(sig: string, contractHash: string, merchantPub: string) {
+    let p = new native.PaymentSignaturePS({
+      contract_hash: native.HashCode.fromCrock(contractHash),
+    });
+    let nativeSig = new native.EddsaSignature();
+    nativeSig.loadCrock(sig);
+    let nativePub = native.EddsaPublicKey.fromCrock(merchantPub);
+    return native.eddsaVerify(native.SignaturePurpose.MERCHANT_PAYMENT_OK,
+                              p.toPurpose(),
+                              nativeSig,
+                              nativePub);
+  }
+
+
  export function isValidDenom(denom: DenominationRecord,
                               masterPub: string): boolean {
    let p = new native.DenominationKeyValidityPS({
--- a/src/emscriptif.ts
+++ b/src/emscriptif.ts
@ -206,6 +206,7 @@ export enum SignaturePurpose {
  MASTER_DENOMINATION_KEY_VALIDITY = 1025,
  WALLET_COIN_MELT = 1202,
  TEST = 4242,
+  MERCHANT_PAYMENT_OK = 1104,
 }


@ -1134,6 +1135,26 @@ export class DenominationKeyValidityPS extends SignatureStruct {
  }
 }

+export interface PaymentSignaturePS_args {
+  contract_hash: HashCode;
+}
+
+export class PaymentSignaturePS extends SignatureStruct {
+  constructor(w: PaymentSignaturePS_args) {
+    super(w);
+  }
+
+  purpose() {
+    return SignaturePurpose.MERCHANT_PAYMENT_OK;
+  }
+
+  fieldTypes() {
+    return [
+      ["contract_hash", HashCode],
+    ];
+  }
+}
+

 export class RsaPublicKey extends MallocArenaObject {
  static fromCrock(s: string): RsaPublicKey {
--- a/src/taler-wallet-lib.ts
+++ b/src/taler-wallet-lib.ts
@ -1 +0,0 @@
-../web-common/taler-wallet-lib.ts
--- a/src/wallet.ts
+++ b/src/wallet.ts
@ -1787,7 +1787,7 @@ export class Wallet {
  }


-  async paymentSucceeded(contractHash: string): Promise<any> {
+  async paymentSucceeded(contractHash: string, merchantSig: string): Promise<any> {
    const doPaymentSucceeded = async() => {
      let t = await this.q().get<TransactionRecord>(Stores.transactions,
                                                    contractHash);
@ -1795,6 +1795,13 @@ export class Wallet {
        console.error("contract not found");
        return;
      }
+      let merchantPub = t.contract.merchant_pub;
+      let valid = this.cryptoApi.isValidPaymentSignature(merchantSig, contractHash, merchantPub);
+      if (!valid) {
+        console.error("merchant payment signature invalid");
+        // FIXME: properly display error
+        return;
+      }
      t.finished = true;
      let modifiedCoins: CoinRecord[] = [];
      for (let pc of t.payReq.coins) {
--- a/src/wxBackend.ts
+++ b/src/wxBackend.ts
@ -254,10 +254,14 @@ function makeHandlers(db: IDBDatabase,
    },
    ["payment-succeeded"]: function (detail, sender) {
      let contractHash = detail.contractHash;
+      let merchantSig = detail.merchantSig;
      if (!contractHash) {
        return Promise.reject(Error("contractHash missing"));
      }
-      return wallet.paymentSucceeded(contractHash);
+      if (!merchantSig) {
+        return Promise.reject(Error("merchantSig missing"));
+      }
+      return wallet.paymentSucceeded(contractHash, merchantSig);
    },
  };
 }
--- a/tsconfig.json
+++ b/tsconfig.json
@ -48,7 +48,6 @@
    "src/pages/tree.tsx",
    "src/query.ts",
    "src/renderHtml.tsx",
-    "src/taler-wallet-lib.ts",
    "src/types-test.ts",
    "src/types.ts",
    "src/wallet-test.ts",
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit d7e013594d15388b1a7342a44a0e9c8d4ecca82d
+Subproject commit a8bff2e27b89feb3696cf0e3a49fc00155d92de5