add validity checks for incoming node and bill ids (#558)

Author: zupzup

crates/bcr-ebill-api/src/data/mod.rs

@@ -15,3 +15,25 @@ pub use bcr_ebill_core::PostalAddress;
 pub use bcr_ebill_core::PublicKey;
 pub use bcr_ebill_core::SecretKey;
 pub use bcr_ebill_core::UploadFileResult;
+use bcr_ebill_core::ValidationError;
+use log::warn;
+
+use crate::get_config;
+
+pub fn validate_node_id_network(node_id: &NodeId) -> Result<(), ValidationError> {
+    if node_id.network() != get_config().bitcoin_network() {
+        warn!("Detected node id of wrong network {node_id}");
+        return Err(ValidationError::InvalidNodeId);
+    }
+
+    Ok(())
+}
+
+pub fn validate_bill_id_network(bill_id: &bill::BillId) -> Result<(), ValidationError> {
+    if bill_id.network() != get_config().bitcoin_network() {
+        warn!("Detected bill id of wrong network {bill_id}");
+        return Err(ValidationError::InvalidBillId);
+    }
+
+    Ok(())
+}

crates/bcr-ebill-api/src/service/bill_service/blocks.rs

@@ -23,6 +23,8 @@ use bcr_ebill_core::{
     util::BcrKeys,
 };
 
+use crate::data::validate_node_id_network;
+
 use super::{BillAction, Result, error::Error, service::BillService};
 
 impl BillService {
@@ -126,6 +128,7 @@ impl BillService {
             }
             // has to be ident to req recourse
             BillAction::RequestRecourse(recoursee, recourse_reason) => {
+                validate_node_id_network(&recoursee.node_id)?;
                 if let BillParticipant::Ident(signer) = signer_public_data {
                     let (sum, currency, reason) = match *recourse_reason {
                         RecourseReason::Accept => (
@@ -163,6 +166,7 @@ impl BillService {
             }
             // has to be ident to recourse
             BillAction::Recourse(recoursee, sum, currency, recourse_reason) => {
+                validate_node_id_network(&recoursee.node_id)?;
                 if let BillParticipant::Ident(signer) = signer_public_data {
                     let reason = match *recourse_reason {
                         RecourseReason::Accept => BillRecourseReasonBlockData::Accept,
@@ -194,6 +198,7 @@ impl BillService {
             }
             // can be anon to mint
             BillAction::Mint(mint, sum, currency) => {
+                validate_node_id_network(&mint.node_id())?;
                 let block_data = BillMintBlockData {
                     endorser: if holder_is_anon {
                         // if holder is anon, we need to continue as anon
@@ -221,6 +226,7 @@ impl BillService {
             }
             // can be anon to offer to sell
             BillAction::OfferToSell(buyer, sum, currency) => {
+                validate_node_id_network(&buyer.node_id())?;
                 let address_to_pay = self.bitcoin_client.get_address_to_pay(
                     &bill_keys.public_key,
                     &signer_public_data.node_id().pub_key(),
@@ -253,6 +259,7 @@ impl BillService {
             }
             // can be anon to sell
             BillAction::Sell(buyer, sum, currency, payment_address) => {
+                validate_node_id_network(&buyer.node_id())?;
                 let block_data = BillSellBlockData {
                     seller: if holder_is_anon {
                         // if holder is anon, we need to continue as anon
@@ -281,6 +288,7 @@ impl BillService {
             }
             // can be anon to endorse
             BillAction::Endorse(endorsee) => {
+                validate_node_id_network(&endorsee.node_id())?;
                 let block_data = BillEndorseBlockData {
                     endorser: if holder_is_anon {
                         // if holder is anon, we need to continue as anon

crates/bcr-ebill-api/src/service/bill_service/issue.rs

@@ -1,5 +1,5 @@
 use super::{BillAction, BillServiceApi, Result, error::Error, service::BillService};
-use crate::{get_config, util};
+use crate::{data::validate_node_id_network, get_config, util};
 use bcr_ebill_core::{
     File, PublicKey, Validate, ValidationError,
     bill::{
@@ -40,6 +40,9 @@ impl BillService {
             "issuing bill with type {}, blank: {}",
             &data.t, &data.blank_issue
         );
+        validate_node_id_network(&data.drawee)?;
+        validate_node_id_network(&data.payee)?;
+        validate_node_id_network(&data.drawer_public_data.node_id())?;
         let (sum, bill_type) = validate_bill_issue(&data)?;
 
         let drawer = match data.drawer_public_data {

crates/bcr-ebill-api/src/service/bill_service/mod.rs

@@ -6459,4 +6459,293 @@ pub mod tests {
             .await;
         assert!(res.is_ok());
     }
+
+    #[tokio::test]
+    async fn wrong_network_failures() {
+        let participant =
+            BillParticipant::Ident(bill_identified_participant_only_node_id(node_id_test()));
+        let mainnet_node_id = NodeId::new(BcrKeys::new().pub_key(), bitcoin::Network::Bitcoin);
+        let mainnet_participant = BillParticipant::Ident(bill_identified_participant_only_node_id(
+            mainnet_node_id.clone(),
+        ));
+        let mainnet_bill_id = BillId::new(BcrKeys::new().pub_key(), bitcoin::Network::Bitcoin);
+        let identity = get_baseline_identity();
+        let ctx = get_ctx();
+        let service = get_service(ctx);
+
+        assert!(matches!(
+            service
+                .get_combined_bitcoin_key_for_bill(&mainnet_bill_id, &participant, &BcrKeys::new())
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_combined_bitcoin_key_for_bill(
+                    &bill_id_test(),
+                    &mainnet_participant,
+                    &BcrKeys::new()
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .get_detail(
+                    &mainnet_bill_id,
+                    &identity.identity,
+                    &node_id_test(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_detail(
+                    &bill_id_test(),
+                    &identity.identity,
+                    &mainnet_node_id,
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service.get_bill_keys(&mainnet_bill_id).await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+
+        assert!(matches!(
+            service
+                .check_payment_for_bill(&mainnet_bill_id, &identity.identity)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .check_offer_to_sell_payment_for_bill(&mainnet_bill_id, &identity)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .check_recourse_payment_for_bill(&mainnet_bill_id, &identity)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_past_endorsees(&mainnet_bill_id, &node_id_test())
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_past_endorsees(&bill_id_test(), &mainnet_node_id)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .get_past_payments(&mainnet_bill_id, &participant, &BcrKeys::new(), 1731593928)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_past_payments(
+                    &bill_id_test(),
+                    &mainnet_participant,
+                    &BcrKeys::new(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .get_endorsements(&mainnet_bill_id, &node_id_test())
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_endorsements(&bill_id_test(), &mainnet_node_id)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .request_to_mint(
+                    &mainnet_bill_id,
+                    &node_id_test(),
+                    &participant,
+                    &BcrKeys::new(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .request_to_mint(
+                    &bill_id_test(),
+                    &mainnet_node_id,
+                    &participant,
+                    &BcrKeys::new(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .request_to_mint(
+                    &bill_id_test(),
+                    &node_id_test(),
+                    &mainnet_participant,
+                    &BcrKeys::new(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .get_mint_state(&mainnet_bill_id, &node_id_test())
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .get_mint_state(&bill_id_test(), &mainnet_node_id)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service.cancel_request_to_mint("", &mainnet_node_id).await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .check_mint_state(&mainnet_bill_id, &node_id_test())
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .check_mint_state(&bill_id_test(), &mainnet_node_id)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .accept_mint_offer("", &mainnet_participant, &BcrKeys::new(), 1731593928)
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service.reject_mint_offer("", &mainnet_node_id).await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        // issue
+        assert!(matches!(
+            service
+                .issue_new_bill(BillIssueData {
+                    t: 2,
+                    country_of_issuing: String::from("UK"),
+                    city_of_issuing: String::from("London"),
+                    issue_date: String::from("2030-01-01"),
+                    maturity_date: String::from("2030-04-01"),
+                    drawee: mainnet_node_id.clone(),
+                    payee: node_id_test(),
+                    sum: String::from("100"),
+                    currency: String::from("sat"),
+                    country_of_payment: String::from("AT"),
+                    city_of_payment: String::from("Vienna"),
+                    language: String::from("en-UK"),
+                    file_upload_ids: vec!["some_file_id".to_string()],
+                    drawer_public_data: participant.clone(),
+                    drawer_keys: BcrKeys::new(),
+                    timestamp: 1731593928,
+                    blank_issue: false,
+                })
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .issue_new_bill(BillIssueData {
+                    t: 2,
+                    country_of_issuing: String::from("UK"),
+                    city_of_issuing: String::from("London"),
+                    issue_date: String::from("2030-01-01"),
+                    maturity_date: String::from("2030-04-01"),
+                    drawee: node_id_test(),
+                    payee: mainnet_node_id.clone(),
+                    sum: String::from("100"),
+                    currency: String::from("sat"),
+                    country_of_payment: String::from("AT"),
+                    city_of_payment: String::from("Vienna"),
+                    language: String::from("en-UK"),
+                    file_upload_ids: vec!["some_file_id".to_string()],
+                    drawer_public_data: participant.clone(),
+                    drawer_keys: BcrKeys::new(),
+                    timestamp: 1731593928,
+                    blank_issue: false,
+                })
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        assert!(matches!(
+            service
+                .issue_new_bill(BillIssueData {
+                    t: 2,
+                    country_of_issuing: String::from("UK"),
+                    city_of_issuing: String::from("London"),
+                    issue_date: String::from("2030-01-01"),
+                    maturity_date: String::from("2030-04-01"),
+                    drawee: node_id_test(),
+                    payee: node_id_test(),
+                    sum: String::from("100"),
+                    currency: String::from("sat"),
+                    country_of_payment: String::from("AT"),
+                    city_of_payment: String::from("Vienna"),
+                    language: String::from("en-UK"),
+                    file_upload_ids: vec!["some_file_id".to_string()],
+                    drawer_public_data: mainnet_participant.clone(),
+                    drawer_keys: BcrKeys::new(),
+                    timestamp: 1731593928,
+                    blank_issue: false,
+                })
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+        // execute bill action
+        assert!(matches!(
+            service
+                .execute_bill_action(
+                    &mainnet_bill_id,
+                    BillAction::Accept,
+                    &participant,
+                    &BcrKeys::new(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidBillId))
+        ));
+        assert!(matches!(
+            service
+                .execute_bill_action(
+                    &bill_id_test(),
+                    BillAction::Accept,
+                    &mainnet_participant,
+                    &BcrKeys::new(),
+                    1731593928
+                )
+                .await,
+            Err(Error::Validation(ValidationError::InvalidNodeId))
+        ));
+    }
 }