summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2017-04-26 03:10:52 +0200
committerFlorian Dold <florian.dold@gmail.com>2017-04-26 03:10:52 +0200
commit79a2eed5589468c2df3e4ee2d190d9fc43b80fe9 (patch)
treeb9250369bb2b54a2fb298f611ff7142a0c825999 /src
parent9aab9fd6134351bba9445df2b24d3d2c6deedf0e (diff)
downloadwallet-core-79a2eed5589468c2df3e4ee2d190d9fc43b80fe9.tar.gz
wallet-core-79a2eed5589468c2df3e4ee2d190d9fc43b80fe9.tar.bz2
wallet-core-79a2eed5589468c2df3e4ee2d190d9fc43b80fe9.zip
remove dependency in taler-wallet-lib, implement pay signature check/storage
Diffstat (limited to 'src')
-rw-r--r--src/content_scripts/notify.ts768
-rw-r--r--src/cryptoApi.ts4
-rw-r--r--src/cryptoWorker.ts14
-rw-r--r--src/emscriptif.ts21
l---------src/taler-wallet-lib.ts1
-rw-r--r--src/wallet.ts9
-rw-r--r--src/wxBackend.ts6
7 files changed, 512 insertions, 311 deletions
diff --git a/src/content_scripts/notify.ts b/src/content_scripts/notify.ts
index 8a25dd500..a0f76cf26 100644
--- a/src/content_scripts/notify.ts
+++ b/src/content_scripts/notify.ts
@@ -23,378 +23,530 @@
*/
-"use strict";
-
import URI = require("urijs");
declare var cloneInto: any;
-// Make sure we don't pollute the namespace too much.
-namespace TalerNotify {
- const PROTOCOL_VERSION = 1;
+const PROTOCOL_VERSION = 1;
- let logVerbose: boolean = false;
- try {
- logVerbose = !!localStorage.getItem("taler-log-verbose");
- } catch (e) {
- // can't read from local storage
- }
+let logVerbose: boolean = false;
+try {
+ logVerbose = !!localStorage.getItem("taler-log-verbose");
+} catch (e) {
+ // can't read from local storage
+}
- if (!taler) {
- console.error("Taler wallet lib not included, HTTP 402 payments not" +
- " supported");
- }
+if (document.documentElement.getAttribute("data-taler-nojs")) {
+ document.dispatchEvent(new Event("taler-probe-result"));
+}
- if (document.documentElement.getAttribute("data-taler-nojs")) {
- document.dispatchEvent(new Event("taler-probe-result"));
- }
+function subst(url: string, H_contract: string) {
+ url = url.replace("${H_contract}", H_contract);
+ url = url.replace("${$}", "$");
+ return url;
+}
- function subst(url: string, H_contract: string) {
- url = url.replace("${H_contract}", H_contract);
- url = url.replace("${$}", "$");
- return url;
- }
+interface Handler {
+ type: string;
+ listener: (e: CustomEvent) => void|Promise<void>;
+}
+const handlers: Handler[] = [];
+
+function hashContract(contract: string): Promise<string> {
+ let walletHashContractMsg = {
+ type: "hash-contract",
+ detail: {contract}
+ };
+ return new Promise<string>((resolve, reject) => {
+ chrome.runtime.sendMessage(walletHashContractMsg, (resp: any) => {
+ if (!resp.hash) {
+ console.log("error", resp);
+ reject(Error("hashing failed"));
+ }
+ resolve(resp.hash);
+ });
+ });
+}
- interface Handler {
- type: string;
- listener: (e: CustomEvent) => void|Promise<void>;
- }
- const handlers: Handler[] = [];
+function queryPayment(url: string): Promise<any> {
+ const walletMsg = {
+ type: "query-payment",
+ detail: { url },
+ };
+ return new Promise((resolve, reject) => {
+ chrome.runtime.sendMessage(walletMsg, (resp: any) => {
+ resolve(resp);
+ });
+ });
+}
- function hashContract(contract: string): Promise<string> {
- let walletHashContractMsg = {
- type: "hash-contract",
- detail: {contract}
- };
- return new Promise<string>((resolve, reject) => {
- chrome.runtime.sendMessage(walletHashContractMsg, (resp: any) => {
- if (!resp.hash) {
- console.log("error", resp);
- reject(Error("hashing failed"));
- }
- resolve(resp.hash);
- });
+function putHistory(historyEntry: any): Promise<void> {
+ const walletMsg = {
+ type: "put-history-entry",
+ detail: {
+ historyEntry,
+ },
+ };
+ return new Promise<void>((resolve, reject) => {
+ chrome.runtime.sendMessage(walletMsg, (resp: any) => {
+ resolve();
});
- }
+ });
+}
- function queryPayment(url: string): Promise<any> {
- const walletMsg = {
- type: "query-payment",
- detail: { url },
- };
- return new Promise((resolve, reject) => {
- chrome.runtime.sendMessage(walletMsg, (resp: any) => {
+function saveOffer(offer: any): Promise<number> {
+ const walletMsg = {
+ type: "save-offer",
+ detail: {
+ offer: {
+ contract: offer.data,
+ merchant_sig: offer.sig,
+ H_contract: offer.hash,
+ offer_time: new Date().getTime() / 1000
+ },
+ },
+ };
+ return new Promise<number>((resolve, reject) => {
+ chrome.runtime.sendMessage(walletMsg, (resp: any) => {
+ if (resp && resp.error) {
+ reject(resp);
+ } else {
resolve(resp);
- });
+ }
});
+ });
+}
+
+
+
+
+let sheet: CSSStyleSheet|null;
+
+function initStyle() {
+ logVerbose && console.log("taking over styles");
+ const name = "taler-presence-stylesheet";
+ const content = "/* Taler stylesheet controlled by JS */";
+ let style = document.getElementById(name) as HTMLStyleElement|null;
+ if (!style) {
+ style = document.createElement("style");
+ // Needed by WebKit
+ style.appendChild(document.createTextNode(content));
+ style.id = name;
+ document.head.appendChild(style);
+ sheet = style.sheet as CSSStyleSheet;
+ } else {
+ // We've taken over the stylesheet now,
+ // make it clear by clearing all the rules in it
+ // and making it obvious in the DOM.
+ if (style.tagName.toLowerCase() === "style") {
+ style.innerText = content;
+ }
+ if (!style.sheet) {
+ throw Error("taler-presence-stylesheet should be a style sheet (<link> or <style>)");
+ }
+ sheet = style.sheet as CSSStyleSheet;
+ while (sheet.cssRules.length > 0) {
+ sheet.deleteRule(0);
+ }
}
+}
- function putHistory(historyEntry: any): Promise<void> {
- const walletMsg = {
- type: "put-history-entry",
- detail: {
- historyEntry,
- },
- };
- return new Promise<void>((resolve, reject) => {
- chrome.runtime.sendMessage(walletMsg, (resp: any) => {
- resolve();
- });
- });
+
+function setStyles(installed: boolean) {
+ if (!sheet || !sheet.cssRules) {
+ return;
+ }
+ while (sheet.cssRules.length > 0) {
+ sheet.deleteRule(0);
}
+ if (installed) {
+ sheet.insertRule(".taler-installed-hide { display: none; }", 0);
+ sheet.insertRule(".taler-probed-hide { display: none; }", 0);
+ } else {
+ sheet.insertRule(".taler-installed-show { display: none; }", 0);
+ }
+}
- function saveOffer(offer: any): Promise<number> {
- const walletMsg = {
- type: "save-offer",
- detail: {
- offer: {
- contract: offer.data,
- merchant_sig: offer.sig,
- H_contract: offer.hash,
- offer_time: new Date().getTime() / 1000
- },
- },
- };
- return new Promise<number>((resolve, reject) => {
- chrome.runtime.sendMessage(walletMsg, (resp: any) => {
- if (resp && resp.error) {
- reject(resp);
- } else {
- resolve(resp);
- }
- });
- });
+
+
+function handlePaymentResponse(walletResp: any) {
+ /**
+ * Handle a failed payment.
+ *
+ * Try to notify the wallet first, before we show a potentially
+ * synchronous error message (such as an alert) or leave the page.
+ */
+ function handleFailedPayment(r: XMLHttpRequest) {
+ let timeoutHandle: number|null = null;
+ function err() {
+ // FIXME: proper error reporting!
+ console.log("pay-failed", {status: r.status, response: r.responseText});
+ }
+ function onTimeout() {
+ timeoutHandle = null
+ err();
+ }
+ talerPaymentFailed(walletResp.H_contract).then(() => {
+ if (timeoutHandle != null) {
+ clearTimeout(timeoutHandle);
+ timeoutHandle = null;
+ }
+ err();
+ })
+ timeoutHandle = setTimeout(onTimeout, 200);
}
- function init() {
- chrome.runtime.sendMessage({type: "get-tab-cookie"}, (resp) => {
- if (chrome.runtime.lastError) {
- logVerbose && console.log("extension not yet ready");
- window.setTimeout(init, 200);
+
+ logVerbose && console.log("handling taler-notify-payment: ", walletResp);
+ // Payment timeout in ms.
+ let timeout_ms = 1000;
+ // Current request.
+ let r: XMLHttpRequest|null;
+ let timeoutHandle: number|null = null;
+ function sendPay() {
+ r = new XMLHttpRequest();
+ r.open("post", walletResp.contract.pay_url);
+ r.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
+ r.send(JSON.stringify(walletResp.payReq));
+ r.onload = function() {
+ if (!r) {
return;
}
- registerHandlers();
- // Hack to know when the extension is unloaded
- let port = chrome.runtime.connect();
-
- port.onDisconnect.addListener(() => {
- logVerbose && console.log("chrome runtime disconnected, removing handlers");
- for (let handler of handlers) {
- document.removeEventListener(handler.type, handler.listener);
- }
- });
+ switch (r.status) {
+ case 200:
+ const merchantResp = JSON.parse(r.responseText);
+ logVerbose && console.log("got success from pay_url");
+ talerPaymentSucceeded({H_contract: walletResp.H_contract, merchantSig: merchantResp.sig}).then(() => {
+ let nextUrl = walletResp.contract.fulfillment_url;
+ logVerbose && console.log("taler-payment-succeeded done, going to", nextUrl);
+ window.location.href = nextUrl;
+ window.location.reload(true);
+ });
+ break;
+ default:
+ handleFailedPayment(r);
+ break;
+ }
+ r = null;
+ if (timeoutHandle != null) {
+ clearTimeout(timeoutHandle!);
+ timeoutHandle = null;
+ }
+ };
+ function retry() {
+ if (r) {
+ r.abort();
+ r = null;
+ }
+ timeout_ms = Math.min(timeout_ms * 2, 10 * 1000);
+ logVerbose && console.log("sendPay timed out, retrying in ", timeout_ms, "ms");
+ sendPay();
+ }
+ timeoutHandle = setTimeout(retry, timeout_ms);
+ }
+ sendPay();
+}
- if (resp && resp.type == "pay") {
- logVerbose && console.log("doing taler.pay with", resp.payDetail);
- taler.internalPay(resp.payDetail);
- document.documentElement.style.visibility = "hidden";
+
+function init() {
+ chrome.runtime.sendMessage({type: "get-tab-cookie"}, (resp) => {
+ if (chrome.runtime.lastError) {
+ logVerbose && console.log("extension not yet ready");
+ window.setTimeout(init, 200);
+ return;
+ }
+ initStyle();
+ setStyles(true);
+ registerHandlers();
+ // Hack to know when the extension is unloaded
+ let port = chrome.runtime.connect();
+
+ port.onDisconnect.addListener(() => {
+ logVerbose && console.log("chrome runtime disconnected, removing handlers");
+ setStyles(false);
+ for (let handler of handlers) {
+ document.removeEventListener(handler.type, handler.listener);
}
});
- }
- logVerbose && console.log("loading Taler content script");
- init();
+ if (resp && resp.type == "pay") {
+ logVerbose && console.log("doing taler.pay with", resp.payDetail);
+ talerPay(resp.payDetail).then(handlePaymentResponse);
+ document.documentElement.style.visibility = "hidden";
+ }
+ });
+}
- interface HandlerFn {
- (detail: any, sendResponse: (msg: any) => void): void;
- }
+interface HandlerFn {
+ (detail: any, sendResponse: (msg: any) => void): void;
+}
- function generateNonce(): Promise<string> {
- const walletMsg = {
- type: "generate-nonce",
- };
- return new Promise<string>((resolve, reject) => {
- chrome.runtime.sendMessage(walletMsg, (resp: any) => {
- resolve(resp);
- });
+function generateNonce(): Promise<string> {
+ const walletMsg = {
+ type: "generate-nonce",
+ };
+ return new Promise<string>((resolve, reject) => {
+ chrome.runtime.sendMessage(walletMsg, (resp: any) => {
+ resolve(resp);
});
- }
+ });
+}
- function downloadContract(url: string, nonce: string): Promise<any> {
- let parsed_url = new URI(url);
- url = parsed_url.setQuery({nonce}).href();
- // FIXME: include and check nonce!
- return new Promise((resolve, reject) => {
- const contract_request = new XMLHttpRequest();
- console.log("downloading contract from '" + url + "'")
- contract_request.open("GET", url, true);
- contract_request.onload = function (e) {
- if (contract_request.readyState == 4) {
- if (contract_request.status == 200) {
- console.log("response text:",
- contract_request.responseText);
- var contract_wrapper = JSON.parse(contract_request.responseText);
- if (!contract_wrapper) {
- console.error("response text was invalid json");
- let detail = {hint: "invalid json", status: contract_request.status, body: contract_request.responseText};
- reject(detail);
- return;
- }
- resolve(contract_wrapper);
- } else {
- let detail = {hint: "contract download failed", status: contract_request.status, body: contract_request.responseText};
+function downloadContract(url: string, nonce: string): Promise<any> {
+ let parsed_url = new URI(url);
+ url = parsed_url.setQuery({nonce}).href();
+ // FIXME: include and check nonce!
+ return new Promise((resolve, reject) => {
+ const contract_request = new XMLHttpRequest();
+ console.log("downloading contract from '" + url + "'")
+ contract_request.open("GET", url, true);
+ contract_request.onload = function (e) {
+ if (contract_request.readyState == 4) {
+ if (contract_request.status == 200) {
+ console.log("response text:",
+ contract_request.responseText);
+ var contract_wrapper = JSON.parse(contract_request.responseText);
+ if (!contract_wrapper) {
+ console.error("response text was invalid json");
+ let detail = {hint: "invalid json", status: contract_request.status, body: contract_request.responseText};
reject(detail);
return;
}
+ resolve(contract_wrapper);
+ } else {
+ let detail = {hint: "contract download failed", status: contract_request.status, body: contract_request.responseText};
+ reject(detail);
+ return;
}
- };
- contract_request.onerror = function (e) {
- let detail = {hint: "contract download failed", status: contract_request.status, body: contract_request.responseText};
- reject(detail);
- return;
- };
- contract_request.send();
- });
+ }
+ };
+ contract_request.onerror = function (e) {
+ let detail = {hint: "contract download failed", status: contract_request.status, body: contract_request.responseText};
+ reject(detail);
+ return;
+ };
+ contract_request.send();
+ });
+}
+
+async function processProposal(proposal: any) {
+ if (!proposal.data) {
+ console.error("field proposal.data field missing");
+ return;
}
- async function processProposal(proposal: any) {
- if (!proposal.data) {
- console.error("field proposal.data field missing");
- return;
+ if (!proposal.hash) {
+ console.error("proposal.hash field missing");
+ return;
+ }
+
+ let contractHash = await hashContract(proposal.data);
+
+ if (contractHash != proposal.hash) {
+ console.error("merchant-supplied contract hash is wrong");
+ return;
+ }
+
+ let merchantName = "(unknown)";
+ try {
+ merchantName = proposal.data.merchant.name;
+ } catch (e) {
+ // bad contract / name not included
+ }
+
+ let historyEntry = {
+ timestamp: (new Date).getTime(),
+ subjectId: `contract-${contractHash}`,
+ type: "offer-contract",
+ detail: {
+ contractHash,
+ merchantName,
}
+ };
+ await putHistory(historyEntry);
+ let offerId = await saveOffer(proposal);
+
+ const uri = new URI(chrome.extension.getURL(
+ "/src/pages/confirm-contract.html"));
+ const params = {
+ offerId: offerId.toString(),
+ };
+ const target = uri.query(params).href();
+ document.location.replace(target);
+}
- if (!proposal.hash) {
- console.error("proposal.hash field missing");
+function talerPay(msg: any): Promise<any> {
+ return new Promise(async(resolve, reject) => {
+ // current URL without fragment
+ let url = new URI(document.location.href).fragment("").href();
+ let res = await queryPayment(url);
+ logVerbose && console.log("taler-pay: got response", res);
+ if (res && res.payReq) {
+ resolve(res);
return;
}
-
- let contractHash = await hashContract(proposal.data);
-
- if (contractHash != proposal.hash) {
- console.error("merchant-supplied contract hash is wrong");
+ if (msg.contract_url) {
+ let nonce = await generateNonce();
+ let proposal = await downloadContract(msg.contract_url, nonce);
+ if (proposal.data.nonce != nonce) {
+ console.error("stale contract");
+ return;
+ }
+ await processProposal(proposal);
return;
}
- let merchantName = "(unknown)";
- try {
- merchantName = proposal.data.merchant.name;
- } catch (e) {
- // bad contract / name not included
+ if (msg.offer_url) {
+ document.location.href = msg.offer_url;
+ return;
}
- let historyEntry = {
- timestamp: (new Date).getTime(),
- subjectId: `contract-${contractHash}`,
- type: "offer-contract",
- detail: {
- contractHash,
- merchantName,
- }
- };
- await putHistory(historyEntry);
- let offerId = await saveOffer(proposal);
+ console.log("can't proceed with payment, no way to get contract specified");
+ });
+}
- const uri = new URI(chrome.extension.getURL(
- "/src/pages/confirm-contract.html"));
- const params = {
- offerId: offerId.toString(),
+function talerPaymentFailed(H_contract: string) {
+ return new Promise(async(resolve, reject) => {
+ const walletMsg = {
+ type: "payment-failed",
+ detail: {
+ contractHash: H_contract
+ },
};
- const target = uri.query(params).href();
- document.location.replace(target);
- }
+ chrome.runtime.sendMessage(walletMsg, (resp) => {
+ resolve();
+ });
+ });
+}
- function registerHandlers() {
- /**
- * Add a handler for a DOM event, which automatically
- * handles adding sequence numbers to responses.
- */
- function addHandler(type: string, handler: HandlerFn) {
- let handlerWrap = (e: CustomEvent) => {
- if (e.type != type) {
- throw Error(`invariant violated`);
- }
- let callId: number|undefined = undefined;
- if (e.detail && e.detail.callId != undefined) {
- callId = e.detail.callId;
- }
- let responder = (msg?: any) => {
- let fullMsg = Object.assign({}, msg, {callId});
- let opts = { detail: fullMsg };
- if ("function" == typeof cloneInto) {
- opts = cloneInto(opts, document.defaultView);
- }
- let evt = new CustomEvent(type + "-result", opts);
- document.dispatchEvent(evt);
- };
- handler(e.detail, responder);
- };
- document.addEventListener(type, handlerWrap);
- handlers.push({type, listener: handlerWrap});
+function talerPaymentSucceeded(msg: any) {
+ return new Promise((resolve, reject) => {
+ if (!msg.H_contract) {
+ console.error("H_contract missing in taler-payment-succeeded");
+ return;
}
-
-
- addHandler("taler-query-id", (msg: any, sendResponse: any) => {
- // FIXME: maybe include this info in taoer-probe?
- sendResponse({id: chrome.runtime.id})
+ if (!msg.merchantSig) {
+ console.error("merchantSig missing in taler-payment-succeeded");
+ return;
+ }
+ logVerbose && console.log("got taler-payment-succeeded");
+ const walletMsg = {
+ type: "payment-succeeded",
+ detail: {
+ merchantSig: msg.merchantSig,
+ contractHash: msg.H_contract,
+ },
+ };
+ chrome.runtime.sendMessage(walletMsg, (resp) => {
+ resolve();
});
+ });
+}
- addHandler("taler-probe", (msg: any, sendResponse: any) => {
- sendResponse();
- });
- addHandler("taler-create-reserve", (msg: any) => {
- let params = {
- amount: JSON.stringify(msg.amount),
- callback_url: new URI(msg.callback_url)
- .absoluteTo(document.location.href),
- bank_url: document.location.href,
- wt_types: JSON.stringify(msg.wt_types),
- suggested_exchange_url: msg.suggested_exchange_url,
+function registerHandlers() {
+ /**
+ * Add a handler for a DOM event, which automatically
+ * handles adding sequence numbers to responses.
+ */
+ function addHandler(type: string, handler: HandlerFn) {
+ let handlerWrap = (e: CustomEvent) => {
+ if (e.type != type) {
+ throw Error(`invariant violated`);
+ }
+ let callId: number|undefined = undefined;
+ if (e.detail && e.detail.callId != undefined) {
+ callId = e.detail.callId;
+ }
+ let responder = (msg?: any) => {
+ let fullMsg = Object.assign({}, msg, {callId});
+ let opts = { detail: fullMsg };
+ if ("function" == typeof cloneInto) {
+ opts = cloneInto(opts, document.defaultView);
+ }
+ let evt = new CustomEvent(type + "-result", opts);
+ document.dispatchEvent(evt);
};
- let uri = new URI(chrome.extension.getURL("/src/pages/confirm-create-reserve.html"));
- let redirectUrl = uri.query(params).href();
- window.location.href = redirectUrl;
- });
+ handler(e.detail, responder);
+ };
+ document.addEventListener(type, handlerWrap);
+ handlers.push({type, listener: handlerWrap});
+ }
- addHandler("taler-add-auditor", (msg: any) => {
- let params = {
- req: JSON.stringify(msg),
- };
- let uri = new URI(chrome.extension.getURL("/src/pages/add-auditor.html"));
- let redirectUrl = uri.query(params).href();
- window.location.href = redirectUrl;
- });
- addHandler("taler-confirm-reserve", (msg: any, sendResponse: any) => {
- let walletMsg = {
- type: "confirm-reserve",
- detail: {
- reservePub: msg.reserve_pub
- }
- };
- chrome.runtime.sendMessage(walletMsg, (resp) => {
- sendResponse();
- });
- });
+ addHandler("taler-query-id", (msg: any, sendResponse: any) => {
+ // FIXME: maybe include this info in taoer-probe?
+ sendResponse({id: chrome.runtime.id})
+ });
+ addHandler("taler-probe", (msg: any, sendResponse: any) => {
+ sendResponse();
+ });
- addHandler("taler-confirm-contract", async(msg: any) => {
- if (!msg.contract_wrapper) {
- console.error("contract wrapper missing");
- return;
+ addHandler("taler-create-reserve", (msg: any) => {
+ let params = {
+ amount: JSON.stringify(msg.amount),
+ callback_url: new URI(msg.callback_url)
+ .absoluteTo(document.location.href),
+ bank_url: document.location.href,
+ wt_types: JSON.stringify(msg.wt_types),
+ suggested_exchange_url: msg.suggested_exchange_url,
+ };
+ let uri = new URI(chrome.extension.getURL("/src/pages/confirm-create-reserve.html"));
+ let redirectUrl = uri.query(params).href();
+ window.location.href = redirectUrl;
+ });
+
+ addHandler("taler-add-auditor", (msg: any) => {
+ let params = {
+ req: JSON.stringify(msg),
+ };
+ let uri = new URI(chrome.extension.getURL("/src/pages/add-auditor.html"));
+ let redirectUrl = uri.query(params).href();
+ window.location.href = redirectUrl;
+ });
+
+ addHandler("taler-confirm-reserve", (msg: any, sendResponse: any) => {
+ let walletMsg = {
+ type: "confirm-reserve",
+ detail: {
+ reservePub: msg.reserve_pub
}
+ };
+ chrome.runtime.sendMessage(walletMsg, (resp) => {
+ sendResponse();
+ });
+ });
- const proposal = msg.contract_wrapper;
- processProposal(proposal);
- });
+ addHandler("taler-confirm-contract", async(msg: any) => {
+ if (!msg.contract_wrapper) {
+ console.error("contract wrapper missing");
+ return;
+ }
- addHandler("taler-pay", async(msg: any, sendResponse: any) => {
- // current URL without fragment
- let url = new URI(document.location.href).fragment("").href();
- let res = await queryPayment(url);
- logVerbose && console.log("taler-pay: got response", res);
- if (res && res.payReq) {
- sendResponse(res);
- return;
- }
- if (msg.contract_url) {
- let nonce = await generateNonce();
- let proposal = await downloadContract(msg.contract_url, nonce);
- if (proposal.data.nonce != nonce) {
- console.error("stale contract");
- return;
- }
- await processProposal(proposal);
- return;
- }
+ const proposal = msg.contract_wrapper;
- if (msg.offer_url) {
- document.location.href = msg.offer_url;
- return;
- }
+ processProposal(proposal);
+ });
- console.log("can't proceed with payment, no way to get contract specified");
- });
+ addHandler("taler-pay", async(msg: any, sendResponse: any) => {
+ let resp = await talerPay(msg);
+ sendResponse(resp);
+ });
- addHandler("taler-payment-failed", (msg: any, sendResponse: any) => {
- const walletMsg = {
- type: "payment-failed",
- detail: {
- contractHash: msg.H_contract
- },
- };
- chrome.runtime.sendMessage(walletMsg, (resp) => {
- sendResponse();
- })
- });
+ addHandler("taler-payment-failed", async(msg: any, sendResponse: any) => {
+ await talerPaymentFailed(msg.H_contract);
+ sendResponse();
+ });
- addHandler("taler-payment-succeeded", (msg: any, sendResponse: any) => {
- if (!msg.H_contract) {
- console.error("H_contract missing in taler-payment-succeeded");
- return;
- }
- logVerbose && console.log("got taler-payment-succeeded");
- const walletMsg = {
- type: "payment-succeeded",
- detail: {
- contractHash: msg.H_contract,
- },
- };
- chrome.runtime.sendMessage(walletMsg, (resp) => {
- sendResponse();
- })
- });
- }
+ addHandler("taler-payment-succeeded", async(msg: any, sendResponse: any) => {
+ await talerPaymentSucceeded(msg);
+ sendResponse();
+ });
}
+
+logVerbose && console.log("loading Taler content script");
+init();
+
diff --git a/src/cryptoApi.ts b/src/cryptoApi.ts
index 672b90d74..98fc2c66a 100644
--- a/src/cryptoApi.ts
+++ b/src/cryptoApi.ts
@@ -235,6 +235,10 @@ export class CryptoApi {
return this.doRpc<boolean>("isValidDenom", 2, denom, masterPub);
}
+ isValidPaymentSignature(sig: string, contractHash: string, merchantPub: string) {
+ return this.doRpc<PayCoinInfo>("isValidPaymentSignature", 1, sig, contractHash, merchantPub);
+ }
+
signDeposit(offer: OfferRecord,
cds: CoinWithDenom[]): Promise<PayCoinInfo> {
return this.doRpc<PayCoinInfo>("signDeposit", 3, offer, cds);
diff --git a/src/cryptoWorker.ts b/src/cryptoWorker.ts
index 0abcb36ff..cb7bee40b 100644
--- a/src/cryptoWorker.ts
+++ b/src/cryptoWorker.ts
@@ -97,6 +97,20 @@ namespace RpcFunctions {
}
+ export function isValidPaymentSignature(sig: string, contractHash: string, merchantPub: string) {
+ let p = new native.PaymentSignaturePS({
+ contract_hash: native.HashCode.fromCrock(contractHash),
+ });
+ let nativeSig = new native.EddsaSignature();
+ nativeSig.loadCrock(sig);
+ let nativePub = native.EddsaPublicKey.fromCrock(merchantPub);
+ return native.eddsaVerify(native.SignaturePurpose.MERCHANT_PAYMENT_OK,
+ p.toPurpose(),
+ nativeSig,
+ nativePub);
+ }
+
+
export function isValidDenom(denom: DenominationRecord,
masterPub: string): boolean {
let p = new native.DenominationKeyValidityPS({
diff --git a/src/emscriptif.ts b/src/emscriptif.ts
index 0b3f2ae71..3a34f6451 100644
--- a/src/emscriptif.ts
+++ b/src/emscriptif.ts
@@ -206,6 +206,7 @@ export enum SignaturePurpose {
MASTER_DENOMINATION_KEY_VALIDITY = 1025,
WALLET_COIN_MELT = 1202,
TEST = 4242,
+ MERCHANT_PAYMENT_OK = 1104,
}
@@ -1134,6 +1135,26 @@ export class DenominationKeyValidityPS extends SignatureStruct {
}
}
+export interface PaymentSignaturePS_args {
+ contract_hash: HashCode;
+}
+
+export class PaymentSignaturePS extends SignatureStruct {
+ constructor(w: PaymentSignaturePS_args) {
+ super(w);
+ }
+
+ purpose() {
+ return SignaturePurpose.MERCHANT_PAYMENT_OK;
+ }
+
+ fieldTypes() {
+ return [
+ ["contract_hash", HashCode],
+ ];
+ }
+}
+
export class RsaPublicKey extends MallocArenaObject {
static fromCrock(s: string): RsaPublicKey {
diff --git a/src/taler-wallet-lib.ts b/src/taler-wallet-lib.ts
deleted file mode 120000
index 20e599359..000000000
--- a/src/taler-wallet-lib.ts
+++ /dev/null
@@ -1 +0,0 @@
-../web-common/taler-wallet-lib.ts \ No newline at end of file
diff --git a/src/wallet.ts b/src/wallet.ts
index a809b94cc..51046159b 100644
--- a/src/wallet.ts
+++ b/src/wallet.ts
@@ -1787,7 +1787,7 @@ export class Wallet {
}
- async paymentSucceeded(contractHash: string): Promise<any> {
+ async paymentSucceeded(contractHash: string, merchantSig: string): Promise<any> {
const doPaymentSucceeded = async() => {
let t = await this.q().get<TransactionRecord>(Stores.transactions,
contractHash);
@@ -1795,6 +1795,13 @@ export class Wallet {
console.error("contract not found");
return;
}
+ let merchantPub = t.contract.merchant_pub;
+ let valid = this.cryptoApi.isValidPaymentSignature(merchantSig, contractHash, merchantPub);
+ if (!valid) {
+ console.error("merchant payment signature invalid");
+ // FIXME: properly display error
+ return;
+ }
t.finished = true;
let modifiedCoins: CoinRecord[] = [];
for (let pc of t.payReq.coins) {
diff --git a/src/wxBackend.ts b/src/wxBackend.ts
index 1aa10ce4c..984cad21a 100644
--- a/src/wxBackend.ts
+++ b/src/wxBackend.ts
@@ -254,10 +254,14 @@ function makeHandlers(db: IDBDatabase,
},
["payment-succeeded"]: function (detail, sender) {
let contractHash = detail.contractHash;
+ let merchantSig = detail.merchantSig;
if (!contractHash) {
return Promise.reject(Error("contractHash missing"));
}
- return wallet.paymentSucceeded(contractHash);
+ if (!merchantSig) {
+ return Promise.reject(Error("merchantSig missing"));
+ }
+ return wallet.paymentSucceeded(contractHash, merchantSig);
},
};
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 03:32:14 +0000