if checkmasterpub is specified, throw if master pub is not equal to the expected value

2 files changed, 47 insertions, 11 deletions

diff --git a/packages/taler-wallet-core/src/operations/exchanges.ts b/packages/taler-wallet-core/src/operations/exchanges.ts
index 29c370e2c..56ef672dc 100644
--- a/packages/taler-wallet-core/src/operations/exchanges.ts
+++ b/packages/taler-wallet-core/src/operations/exchanges.ts
@@ -75,7 +75,13 @@ import {
   GetReadWriteAccess,
 } from "../util/query.js";
 import { WALLET_EXCHANGE_PROTOCOL_VERSION } from "../versions.js";
-import { OperationAttemptResult, OperationAttemptResultType, runTaskWithErrorReporting, TaskIdentifiers, unwrapOperationHandlerResultOrThrow } from "./common.js";
+import {
+  OperationAttemptResult,
+  OperationAttemptResultType,
+  runTaskWithErrorReporting,
+  TaskIdentifiers,
+  unwrapOperationHandlerResultOrThrow,
+} from "./common.js";
 
 const logger = new Logger("exchanges.ts");
 
@@ -544,6 +550,7 @@ export async function updateExchangeFromUrl(
   ws: InternalWalletState,
   baseUrl: string,
   options: {
+    checkMasterPub?: string;
     forceNow?: boolean;
     cancellationToken?: CancellationToken;
   } = {},
@@ -570,6 +577,7 @@ export async function updateExchangeFromUrlHandler(
   ws: InternalWalletState,
   exchangeBaseUrl: string,
   options: {
+    checkMasterPub?: string;
     forceNow?: boolean;
     cancellationToken?: CancellationToken;
   } = {},
@@ -605,6 +613,13 @@ export async function updateExchangeFromUrlHandler(
     )
   ) {
     logger.info("using existing exchange info");
+
+    if (options.checkMasterPub) {
+      if (exchangeDetails.masterPublicKey !== options.checkMasterPub) {
+        throw Error(`master public key mismatch`);
+      }
+    }
+
     return {
       type: OperationAttemptResultType.Finished,
       result: { exchange, exchangeDetails },
@@ -621,6 +636,12 @@ export async function updateExchangeFromUrlHandler(
     timeout,
   );
 
+  if (options.checkMasterPub) {
+    if (keysInfo.masterPublicKey !== options.checkMasterPub) {
+      throw Error(`master public key mismatch`);
+    }
+  }
+
   logger.info("updating exchange /wire info");
   const wireInfoDownload = await downloadExchangeWireInfo(
     exchangeBaseUrl,
diff --git a/packages/taler-wallet-core/src/wallet.ts b/packages/taler-wallet-core/src/wallet.ts
index 3ceb6b069..df4fd0d94 100644
--- a/packages/taler-wallet-core/src/wallet.ts
+++ b/packages/taler-wallet-core/src/wallet.ts
@@ -243,7 +243,12 @@ import {
   testPay,
   withdrawTestBalance,
 } from "./operations/testing.js";
-import { acceptTip, computeTipTransactionStatus, prepareTip, processTip } from "./operations/tip.js";
+import {
+  acceptTip,
+  computeTipTransactionStatus,
+  prepareTip,
+  processTip,
+} from "./operations/tip.js";
 import {
   abortTransaction,
   deleteTransaction,
@@ -281,7 +286,10 @@ import {
   GetReadOnlyAccess,
   GetReadWriteAccess,
 } from "./util/query.js";
-import { OperationAttemptResult, TaskIdentifiers } from "./operations/common.js";
+import {
+  OperationAttemptResult,
+  TaskIdentifiers,
+} from "./operations/common.js";
 import { TimerAPI, TimerGroup } from "./util/timer.js";
 import {
   WALLET_BANK_INTEGRATION_PROTOCOL_VERSION,
@@ -1068,6 +1076,7 @@ async function dispatchRequestInternal<Op extends WalletApiOperation>(
     case WalletApiOperation.AddExchange: {
       const req = codecForAddExchangeRequest().decode(payload);
       await updateExchangeFromUrl(ws, req.exchangeBaseUrl, {
+        checkMasterPub: req.masterPub,
         forceNow: req.forceUpdate,
       });
       return {};
@@ -1783,36 +1792,42 @@ class InternalWalletStateImpl implements InternalWalletState {
         return computePayMerchantTransactionState(rec);
       }
       case TransactionType.Refund: {
-        const rec = await tx.refundGroups.get(
-          parsedTxId.refundGroupId,
-        );
+        const rec = await tx.refundGroups.get(parsedTxId.refundGroupId);
         if (!rec) {
           return undefined;
         }
         return computeRefundTransactionState(rec);
       }
       case TransactionType.PeerPullCredit:
-        const rec = await tx.peerPullPaymentInitiations.get(parsedTxId.pursePub);
+        const rec = await tx.peerPullPaymentInitiations.get(
+          parsedTxId.pursePub,
+        );
         if (!rec) {
           return undefined;
         }
         return computePeerPullCreditTransactionState(rec);
       case TransactionType.PeerPullDebit: {
-        const rec = await tx.peerPullPaymentIncoming.get(parsedTxId.peerPullPaymentIncomingId);
+        const rec = await tx.peerPullPaymentIncoming.get(
+          parsedTxId.peerPullPaymentIncomingId,
+        );
         if (!rec) {
           return undefined;
         }
         return computePeerPullDebitTransactionState(rec);
       }
       case TransactionType.PeerPushCredit: {
-        const rec = await tx.peerPushPaymentIncoming.get(parsedTxId.peerPushPaymentIncomingId);
+        const rec = await tx.peerPushPaymentIncoming.get(
+          parsedTxId.peerPushPaymentIncomingId,
+        );
         if (!rec) {
           return undefined;
         }
         return computePeerPushCreditTransactionState(rec);
       }
       case TransactionType.PeerPushDebit: {
-        const rec = await tx.peerPushPaymentInitiations.get(parsedTxId.pursePub);
+        const rec = await tx.peerPushPaymentInitiations.get(
+          parsedTxId.pursePub,
+        );
         if (!rec) {
           return undefined;
         }
@@ -1823,7 +1838,7 @@ class InternalWalletStateImpl implements InternalWalletState {
         if (!rec) {
           return undefined;
         }
-        return computeRefreshTransactionState(rec)
+        return computeRefreshTransactionState(rec);
       }
       case TransactionType.Tip: {
         const rec = await tx.tips.get(parsedTxId.walletTipId);