packages/taler-wallet-core/src/util/contractTerms.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231

/*
 This file is part of GNU Taler
 (C) 2021 Taler Systems S.A.

 GNU Taler is free software; you can redistribute it and/or modify it under the
 terms of the GNU General Public License as published by the Free Software
 Foundation; either version 3, or (at your option) any later version.

 GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
 A PARTICULAR PURPOSE.  See the GNU General Public License for more details.

 You should have received a copy of the GNU General Public License along with
 GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 */

import { canonicalJson, Logger } from "@gnu-taler/taler-util";
import { kdf } from "@gnu-taler/taler-util";
import {
  decodeCrock,
  encodeCrock,
  getRandomBytes,
  hash,
  stringToBytes,
} from "@gnu-taler/taler-util";

const logger = new Logger("contractTerms.ts");

export namespace ContractTermsUtil {
  export type PathPredicate = (path: string[]) => boolean;

  /**
   * Scrub all forgettable members from an object.
   */
  export function scrub(anyJson: any): any {
    return forgetAllImpl(anyJson, [], () => true);
  }

  /**
   * Recursively forget all forgettable members of an object,
   * where the path matches a predicate.
   */
  export function forgetAll(anyJson: any, pred: PathPredicate): any {
    return forgetAllImpl(anyJson, [], pred);
  }

  function forgetAllImpl(
    anyJson: any,
    path: string[],
    pred: PathPredicate,
  ): any {
    const dup = JSON.parse(JSON.stringify(anyJson));
    if (Array.isArray(dup)) {
      for (let i = 0; i < dup.length; i++) {
        dup[i] = forgetAllImpl(dup[i], [...path, `${i}`], pred);
      }
    } else if (typeof dup === "object" && dup != null) {
      if (typeof dup.$forgettable === "object") {
        for (const x of Object.keys(dup.$forgettable)) {
          if (!pred([...path, x])) {
            continue;
          }
          if (!dup.$forgotten) {
            dup.$forgotten = {};
          }
          if (!dup.$forgotten[x]) {
            const membValCanon = stringToBytes(
              canonicalJson(scrub(dup[x])) + "\0",
            );
            const membSalt = stringToBytes(dup.$forgettable[x] + "\0");
            const h = kdf(64, membValCanon, membSalt, new Uint8Array([]));
            dup.$forgotten[x] = encodeCrock(h);
          }
          delete dup[x];
          delete dup.$forgettable[x];
        }
        if (Object.keys(dup.$forgettable).length === 0) {
          delete dup.$forgettable;
        }
      }
      for (const x of Object.keys(dup)) {
        if (x.startsWith("$")) {
          continue;
        }
        dup[x] = forgetAllImpl(dup[x], [...path, x], pred);
      }
    }
    return dup;
  }

  /**
   * Generate a salt for all members marked as forgettable,
   * but which don't have an actual salt yet.
   */
  export function saltForgettable(anyJson: any): any {
    const dup = JSON.parse(JSON.stringify(anyJson));
    if (Array.isArray(dup)) {
      for (let i = 0; i < dup.length; i++) {
        dup[i] = saltForgettable(dup[i]);
      }
    } else if (typeof dup === "object" && dup !== null) {
      if (typeof dup.$forgettable === "object") {
        for (const k of Object.keys(dup.$forgettable)) {
          if (dup.$forgettable[k] === true) {
            dup.$forgettable[k] = encodeCrock(getRandomBytes(32));
          }
        }
      }
      for (const x of Object.keys(dup)) {
        if (x.startsWith("$")) {
          continue;
        }
        dup[x] = saltForgettable(dup[x]);
      }
    }
    return dup;
  }

  const nameRegex = /^[0-9A-Za-z_]+$/;

  /**
   * Check that the given JSON object is well-formed with regards
   * to forgettable fields and other restrictions for forgettable JSON.
   */
  export function validateForgettable(anyJson: any): boolean {
    if (typeof anyJson === "string") {
      return true;
    }
    if (typeof anyJson === "number") {
      return (
        Number.isInteger(anyJson) &&
        anyJson >= Number.MIN_SAFE_INTEGER &&
        anyJson <= Number.MAX_SAFE_INTEGER
      );
    }
    if (typeof anyJson === "boolean") {
      return true;
    }
    if (anyJson === null) {
      return true;
    }
    if (Array.isArray(anyJson)) {
      return anyJson.every((x) => validateForgettable(x));
    }
    if (typeof anyJson === "object") {
      for (const k of Object.keys(anyJson)) {
        if (k.match(nameRegex)) {
          if (validateForgettable(anyJson[k])) {
            continue;
          } else {
            return false;
          }
        }
        if (k === "$forgettable") {
          const fga = anyJson.$forgettable;
          if (!fga || typeof fga !== "object") {
            return false;
          }
          for (const fk of Object.keys(fga)) {
            if (!fk.match(nameRegex)) {
              return false;
            }
            if (!(fk in anyJson)) {
              return false;
            }
            const fv = anyJson.$forgettable[fk];
            if (typeof fv !== "string") {
              return false;
            }
          }
        } else if (k === "$forgotten") {
          const fgo = anyJson.$forgotten;
          if (!fgo || typeof fgo !== "object") {
            return false;
          }
          for (const fk of Object.keys(fgo)) {
            if (!fk.match(nameRegex)) {
              return false;
            }
            // Check that the value has actually been forgotten.
            if (fk in anyJson) {
              return false;
            }
            const fv = anyJson.$forgotten[fk];
            if (typeof fv !== "string") {
              return false;
            }
            try {
              const decFv = decodeCrock(fv);
              if (decFv.length != 64) {
                return false;
              }
            } catch (e) {
              return false;
            }
            // Check that salt has been deleted after forgetting.
            if (anyJson.$forgettable?.[k] !== undefined) {
              return false;
            }
          }
        } else {
          return false;
        }
      }
      return true;
    }
    return false;
  }

  /**
   * Check that no forgettable information has been forgotten.
   *
   * Must only be called on an object already validated with validateForgettable.
   */
  export function validateNothingForgotten(contractTerms: any): boolean {
    throw Error("not implemented yet");
  }

  /**
   * Hash a contract terms object.  Forgettable fields
   * are scrubbed and JSON canonicalization is applied
   * before hashing.
   */
  export function hashContractTerms(contractTerms: unknown): string {
    const cleaned = scrub(contractTerms);
    const canon = canonicalJson(cleaned) + "\0";
    const bytes = stringToBytes(canon);
    logger.info(`contract terms before hashing: ${encodeCrock(bytes)}`);
    return encodeCrock(hash(bytes));
  }
}