LCOV - code coverage report
Current view: top level - util - payto.c (source / functions) Hit Total Coverage
Test: GNU Taler exchange coverage report Lines: 50 68 73.5 %
Date: 2021-08-30 06:43:37 Functions: 6 6 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2019-2021 Taler Systems SA
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU General Public License along with
      14             :   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
      15             : */
      16             : /**
      17             :  * @file payto.c
      18             :  * @brief Common utility functions for dealing with payto://-URIs
      19             :  * @author Florian Dold
      20             :  */
      21             : #include "platform.h"
      22             : #include "taler_util.h"
      23             : 
      24             : 
      25             : /**
      26             :  * Prefix of PAYTO URLs.
      27             :  */
      28             : #define PAYTO "payto://"
      29             : 
      30             : 
      31             : /**
      32             :  * Extract the value under @a key from the URI parameters.
      33             :  *
      34             :  * @param payto_uri the URL to parse
      35             :  * @param search_key key to look for, including "="
      36             :  * @return NULL if the @a key parameter is not found.
      37             :  *         The caller should free the returned value.
      38             :  */
      39             : static char *
      40           9 : payto_get_key (const char *payto_uri,
      41             :                const char *search_key)
      42             : {
      43             :   const char *key;
      44             :   const char *value_start;
      45             :   const char *value_end;
      46             : 
      47           9 :   key = strchr (payto_uri,
      48             :                 (unsigned char) '?');
      49           9 :   if (NULL == key)
      50           1 :     return NULL;
      51             : 
      52             :   do {
      53           8 :     if (0 == strncasecmp (++key,
      54             :                           search_key,
      55             :                           strlen (search_key)))
      56             :     {
      57           8 :       value_start = strchr (key,
      58             :                             (unsigned char) '=');
      59           8 :       if (NULL == value_start)
      60           0 :         return NULL;
      61           8 :       value_end = strchrnul (value_start,
      62             :                              (unsigned char) '&');
      63             : 
      64           8 :       return GNUNET_strndup (value_start + 1,
      65             :                              value_end - value_start - 1);
      66             :     }
      67           0 :   } while ( (key = strchr (key,
      68           0 :                            (unsigned char) '&')) );
      69           0 :   return NULL;
      70             : }
      71             : 
      72             : 
      73             : /**
      74             :  * Extract the subject value from the URI parameters.
      75             :  *
      76             :  * @param payto_uri the URL to parse
      77             :  * @return NULL if the subject parameter is not found.
      78             :  *         The caller should free the returned value.
      79             :  */
      80             : char *
      81           2 : TALER_payto_get_subject (const char *payto_uri)
      82             : {
      83           2 :   return payto_get_key (payto_uri,
      84             :                         "subject=");
      85             : }
      86             : 
      87             : 
      88             : /**
      89             :  * Obtain the payment method from a @a payto_uri. The
      90             :  * format of a payto URI is 'payto://$METHOD/$SOMETHING'.
      91             :  * We return $METHOD.
      92             :  *
      93             :  * @param payto_uri the URL to parse
      94             :  * @return NULL on error (malformed @a payto_uri)
      95             :  */
      96             : char *
      97         460 : TALER_payto_get_method (const char *payto_uri)
      98             : {
      99             :   const char *start;
     100             :   const char *end;
     101             : 
     102         460 :   if (0 != strncasecmp (payto_uri,
     103             :                         PAYTO,
     104             :                         strlen (PAYTO)))
     105           0 :     return NULL;
     106         460 :   start = &payto_uri[strlen (PAYTO)];
     107         460 :   end = strchr (start,
     108             :                 (unsigned char) '/');
     109         460 :   if (NULL == end)
     110           0 :     return NULL;
     111         460 :   return GNUNET_strndup (start,
     112             :                          end - start);
     113             : }
     114             : 
     115             : 
     116             : /**
     117             :  * Obtain the account name from a payto URL.  The format
     118             :  * of the @a payto URL is 'payto://x-taler-bank/$HOSTNAME/$ACCOUNT[?PARAMS]'.
     119             :  * We check the first part matches, skip over the $HOSTNAME
     120             :  * and return the $ACCOUNT portion.
     121             :  *
     122             :  * @param payto an x-taler-bank payto URL
     123             :  * @return only the account name from the @a payto URL, NULL if not an x-taler-bank
     124             :  *   payto URL
     125             :  */
     126             : char *
     127         177 : TALER_xtalerbank_account_from_payto (const char *payto)
     128             : {
     129             :   const char *beg;
     130             :   const char *end;
     131             : 
     132         177 :   if (0 != strncasecmp (payto,
     133             :                         PAYTO "x-taler-bank/",
     134             :                         strlen (PAYTO "x-taler-bank/")))
     135           0 :     return NULL;
     136         177 :   beg = strchr (&payto[strlen (PAYTO "x-taler-bank/")],
     137             :                 '/');
     138         177 :   if (NULL == beg)
     139           0 :     return NULL;
     140         177 :   beg++; /* now points to $ACCOUNT */
     141         177 :   end = strchr (beg,
     142             :                 '?');
     143         177 :   if (NULL == end)
     144         176 :     return GNUNET_strdup (beg); /* optional part is missing */
     145           1 :   return GNUNET_strndup (beg,
     146             :                          end - beg);
     147             : }
     148             : 
     149             : 
     150             : /**
     151             :  * Validate payto://iban/ account URL (only account information,
     152             :  * wire subject and amount are ignored).
     153             :  *
     154             :  * @param account_url payto URL to parse
     155             :  * @return NULL on success, otherwise an error message
     156             :  *      to be freed by the caller
     157             :  */
     158             : static char *
     159         695 : validate_payto_iban (const char *account_url)
     160             : {
     161             :   const char *iban;
     162             :   const char *q;
     163             :   char *result;
     164             :   char *err;
     165             : 
     166             : #define IBAN_PREFIX "payto://iban/"
     167         695 :   if (0 != strncasecmp (account_url,
     168             :                         IBAN_PREFIX,
     169             :                         strlen (IBAN_PREFIX)))
     170         688 :     return NULL; /* not an IBAN */
     171             : 
     172           7 :   iban = strrchr (account_url, '/') + 1;
     173             : #undef IBAN_PREFIX
     174           7 :   q = strchr (iban,
     175             :               '?');
     176           7 :   if (NULL != q)
     177             :   {
     178           7 :     result = GNUNET_strndup (iban,
     179             :                              q - iban);
     180             :   }
     181             :   else
     182             :   {
     183           0 :     result = GNUNET_strdup (iban);
     184             :   }
     185           7 :   if (NULL !=
     186           7 :       (err = TALER_iban_validate (result)))
     187             :   {
     188           0 :     GNUNET_free (result);
     189           0 :     return err;
     190             :   }
     191           7 :   GNUNET_free (result);
     192             :   {
     193             :     char *target;
     194             : 
     195           7 :     target = payto_get_key (account_url,
     196             :                             "receiver-name=");
     197           7 :     if (NULL == target)
     198           0 :       return GNUNET_strdup ("'receiver-name' parameter missing");
     199           7 :     GNUNET_free (target);
     200             :   }
     201           7 :   return NULL;
     202             : }
     203             : 
     204             : 
     205             : /**
     206             :  * Check that a payto:// URI is well-formed.
     207             :  *
     208             :  * @param payto_uri the URL to check
     209             :  * @return NULL on success, otherwise an error
     210             :  *         message to be freed by the caller!
     211             :  */
     212             : char *
     213         695 : TALER_payto_validate (const char *payto_uri)
     214             : {
     215             :   char *ret;
     216             :   const char *start;
     217             :   const char *end;
     218             : 
     219         695 :   if (0 != strncasecmp (payto_uri,
     220             :                         PAYTO,
     221             :                         strlen (PAYTO)))
     222           0 :     return GNUNET_strdup ("invalid prefix");
     223       23792 :   for (unsigned int i = 0; '\0' != payto_uri[i]; i++)
     224             :   {
     225             :     /* This is more strict than RFC 8905, alas we do not need to support messages/instructions/etc.,
     226             :        and it is generally better to start with a narrow whitelist; we can be more permissive later ...*/
     227             : #define ALLOWED_CHARACTERS \
     228             :   "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/:&?-.,="
     229       23097 :     if (NULL == strchr (ALLOWED_CHARACTERS,
     230       23097 :                         (int) payto_uri[i]))
     231             :     {
     232             :       char *ret;
     233             : 
     234           0 :       GNUNET_asprintf (&ret,
     235             :                        "Encountered invalid character `%c' at offset %u in payto URI `%s'",
     236           0 :                        payto_uri[i],
     237             :                        i,
     238             :                        payto_uri);
     239           0 :       return ret;
     240             :     }
     241             : #undef ALLOWED_CHARACTERS
     242             :   }
     243             : 
     244         695 :   start = &payto_uri[strlen (PAYTO)];
     245         695 :   end = strchr (start,
     246             :                 (unsigned char) '/');
     247         695 :   if (NULL == end)
     248           0 :     return GNUNET_strdup ("missing '/' in payload");
     249             : 
     250         695 :   if (NULL != (ret = validate_payto_iban (payto_uri)))
     251           0 :     return ret; /* got a definitive answer */
     252             : 
     253             :   /* Insert other bank account validation methods here later! */
     254             : 
     255         695 :   return NULL;
     256             : }

Generated by: LCOV version 1.14