From 14f13250a01ad15d9fb1ba956fc5409c7f76a2fa Mon Sep 17 00:00:00 2001
From: Florian Dold <florian@dold.me>
Date: Wed, 14 Apr 2021 14:36:46 +0200
Subject: forgettable information validation WIP

---
 packages/taler-wallet-core/src/operations/pay.ts | 38 ++++++++++++++++++++++--
 1 file changed, 35 insertions(+), 3 deletions(-)

(limited to 'packages/taler-wallet-core/src/operations')

diff --git a/packages/taler-wallet-core/src/operations/pay.ts b/packages/taler-wallet-core/src/operations/pay.ts
index 1e93f413b..12cefdc8b 100644
--- a/packages/taler-wallet-core/src/operations/pay.ts
+++ b/packages/taler-wallet-core/src/operations/pay.ts
@@ -93,6 +93,7 @@ import {
 } from "../util/retries.js";
 import { getTotalRefreshCost, createRefreshGroup } from "./refresh.js";
 import { InternalWalletState, EXCHANGE_COINS_LOCK } from "./state.js";
+import { ContractTermsUtil } from "../util/contractTerms.js";
 
 /**
  * Logger.
@@ -655,14 +656,45 @@ async function processDownloadProposalImpl(
   // as the coded to parse them doesn't necessarily round-trip.
   // We need this raw JSON to compute the contract terms hash.
 
-  const contractTermsHash = await ws.cryptoApi.hashString(
-    canonicalJson(proposalResp.contract_terms),
+  // FIXME: Do better error handling, check if the
+  // contract terms have all their forgettable information still
+  // present.  The wallet should never accept contract terms
+  // with missing information from the merchant.
+
+  const isWellFormed = ContractTermsUtil.validateForgettable(
+    proposalResp.contract_terms,
   );
 
-  const parsedContractTerms = codecForContractTerms().decode(
+  if (!isWellFormed) {
+    const err = makeErrorDetails(
+      TalerErrorCode.WALLET_CONTRACT_TERMS_MALFORMED,
+      "validation for well-formedness failed",
+      {},
+    );
+    await failProposalPermanently(ws, proposalId, err);
+    throw new OperationFailedAndReportedError(err);
+  }
+
+  const contractTermsHash = ContractTermsUtil.hashContractTerms(
     proposalResp.contract_terms,
   );
 
+  let parsedContractTerms: ContractTerms;
+
+  try {
+    parsedContractTerms = codecForContractTerms().decode(
+      proposalResp.contract_terms,
+    );
+  } catch (e) {
+    const err = makeErrorDetails(
+      TalerErrorCode.WALLET_CONTRACT_TERMS_MALFORMED,
+      "schema validation failed",
+      {},
+    );
+    await failProposalPermanently(ws, proposalId, err);
+    throw new OperationFailedAndReportedError(err);
+  }
+
   const sigValid = await ws.cryptoApi.isValidContractTermsSignature(
     contractTermsHash,
     proposalResp.sig,
-- 
cgit v1.2.3