libeufin

Integration and sandbox testing for FinTech APIs and data formats
Log | Files | Refs | Submodules | README | LICENSE
commit d3fba053fe2e0e4a1268da726f62aa96f0e12fdd
parent 245fc8ee395cb386e8b7f8fe410fcc30d8844c9d
Author: MS <ms@taler.net>
Date:   Wed,  8 Jul 2020 16:10:52 +0200

Validating documents before communicating them (sandbox)

Diffstat:

Msandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt | 18++++++++++++++++++


1 file changed, 18 insertions(+), 0 deletions(-)

diff --git a/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt b/sandbox/src/main/kotlin/tech/libeufin/sandbox/EbicsProtocolBackend.kt
@@ -124,6 +124,10 @@ private suspend fun ApplicationCall.respondEbicsKeyManagement(
     }
     val text = XMLUtil.convertJaxbToString(responseXml)
     LOGGER.info("responding with:\n${text}")
+    if (!XMLUtil.validateFromString(text)) throw SandboxError(
+        HttpStatusCode.InternalServerError,
+        "Outgoint EBICS key management response is invalid"
+    )
     respondText(text, ContentType.Application.Xml, HttpStatusCode.OK)
 }
 
@@ -515,7 +519,13 @@ private fun handleEbicsC53(requestContext: RequestContext): ByteArray {
         requestContext.requestObject.header,
         requestContext.subscriber
     )
+    // FIXME: this function should be replaced with one that fills only
+    // *one* CAMT document with multiple "Ntry" elements.
     return camt.map {
+        if (!XMLUtil.validateFromString(it)) throw SandboxError(
+            HttpStatusCode.InternalServerError,
+            "CAMT document was generated invalid"
+        )
         it.toByteArray(Charsets.UTF_8)
     }.zip()
 }
@@ -1090,6 +1100,10 @@ suspend fun ApplicationCall.ebicsweb() {
 
             val strResp = XMLUtil.convertJaxbToString(hevResponse)
             LOGGER.debug("HEV response: $strResp")
+            if (!XMLUtil.validateFromString(strResp)) throw SandboxError(
+                HttpStatusCode.InternalServerError,
+                "Outgoing HEV response is invalid"
+            )
             respondText(strResp, ContentType.Application.Xml, HttpStatusCode.OK)
         }
         "ebicsNoPubKeyDigestsRequest" -> {
@@ -1142,6 +1156,10 @@ suspend fun ApplicationCall.ebicsweb() {
                 }
                 signEbicsResponse(ebicsResponse, requestContext.hostAuthPriv)
             }
+            if (!XMLUtil.validateFromString(responseXmlStr)) throw SandboxError(
+                HttpStatusCode.InternalServerError,
+                "Outgoing EBICS XML is invalid"
+            )
             respondText(responseXmlStr, ContentType.Application.Xml, HttpStatusCode.OK)
         }
         else -> {