public canonicalRequestResponse pay(canonicalRequestResponse req)
{
Contract.Assert(req.gross == GlobalState.tstore.orders[req.orderID].gross);
canonicalRequestResponse res = new canonicalRequestResponse();
res.gross = req.gross;
res.orderID = req.orderID;
res.status = CaasReturnStatus.Sucess;
// if the request is signed then the previous res.payee will be assigned to this req.payee in Main()
// this line of code simply propagates the payee info to the response
res.payee = req.signer;
//not sure whether this field is important
res.MerchantReturnURL = req.MerchantReturnURL;
//shuo:begin
SQLStub_insertPayment(res.gross, res.orderID, res.status, res.payee);
//shuo:end
return(res);
}
static void Main()
{
FacebookClient1 oauth_client = new FacebookClient1();
FacebookServer oauth_server = new FacebookServer();
canonicalRequestResponse req1 = oauth_client.GetServiceLoginUrl_entry();
//I'm not entirely sure if this is correct, but I think we don't have to havoc the firest req?
canonicalRequestResponse res1 = oauth_server.oauth_code_req(req1);
//we are havocing the response because it is not encrypted
res1 = p.NondetRequestResponse();
canonicalRequestResponse req2 = oauth_client.QueryAccessToken_entry(res1);
//we are not havocing the second request because it's not a redirection
canonicalRequestResponse res2 = oauth_server.oauth_token_req(req2);
//oauth_client.GetUserData_entry(res2);
//proto agnostic check
Contract.Assert(OPAssertion.isSuccess);
Contract.Assert(OPAssertion.rpid == RPStates.rpid);
Contract.Assert(OPAssertion.return_url == RPStates.domain);
Contract.Assert(OPAssertion.uid == RPStates.uid);
}
public void GetUserData_entry(canonicalRequestResponse req)
{
if (req.status == HTTPStatus.Failure)
{
Contract.Assume(false);
}
RPStates.uid = req.token;
}
//entry point for the first request
public canonicalRequestResponse GetServiceLoginUrl_entry()
{
//we are redefining the Uri objectin stub.cs
Uri url = new Uri(RPGlobalState.return_uri);
canonicalRequestResponse res = GetServiceLoginUrl(url);
return(res);
}
static void assumeOrderProperties(canonicalRequestResponse res)
{
int orderID = res.orderID;
GlobalState.tstore.orders[orderID] = p.NondetorderRecord();
Contract.Assume(GlobalState.tstore.orders[orderID].id == orderID);
Contract.Assume(GlobalState.tstore.orders[orderID].gross == res.gross);
Contract.Assume(GlobalState.tstore.orders[orderID].status == Global.OrderStatusEnum.Pending);
}
static void Main()
{
SimplePayPaymentProcessor1 merchant_sender = new SimplePayPaymentProcessor1();
CaaS amazon = new CaaS();
AmazonSimplePayReturn1 merchant_receiver = new AmazonSimplePayReturn1();
Order init_order = p.NondetOrder();
GlobalState.order = new orderRecord();
canonicalRequestResponse res_placeorder = p.NodetReqres();
canonicalRequestResponse req_pay = p.NodetReqres();
canonicalRequestResponse res_pay = p.NodetReqres();
canonicalRequestResponse req_finish = p.NodetReqres();
// Computation on merchant - place order
res_placeorder = merchant_sender.PostProcessPayment(init_order);
assumeOrderProperties(res_placeorder);
// Message: merchant -> client -> CaaS
// is the msg encrypted? if so, then:
req_pay = res_placeorder;
GlobalState.MerchantPaymentEmail = req_pay.payee;
GlobalState.order.gross = req_pay.gross;
GlobalState.order.id = req_pay.orderID;
// Computation on Amazon - pay
res_pay = amazon.pay(req_pay);
// Message: CaaS -> client -> merchant
// is the msg encrypted? if so, then:
req_finish = res_pay;
merchant_receiver.Request = req_finish;
Contract.Assume(res_pay.orderID == req_finish.orderID);
GlobalState.CaaS_email_proxy = res_pay.payee;
GlobalState.CaaS_gross_proxy = res_pay.gross; //we need this since boogie can't handle string concat
// Computation on merchant - finish order
merchant_receiver.Page_Load(null, null);
res_pay.witness = GlobalState.witness;
Contract.Assert(amazon.caas.payments[res_pay.witness].orderID == req_finish.orderID &&
amazon.caas.payments[res_pay.witness].gross == GlobalState.tstore.orders[req_finish.orderID].gross &&
amazon.caas.payments[res_pay.witness].payee == GlobalState.tstore.myDomain &&
amazon.caas.payments[res_pay.witness].status == CaasReturnStatus.Sucess);
Contract.Assert(0 <= res_pay.witness && res_pay.witness < amazon.caas.payments.Length);
Contract.Assert(Contract.Exists(0, amazon.caas.payments.Length, i =>
amazon.caas.payments[i].orderID == req_finish.orderID &&
amazon.caas.payments[i].gross == GlobalState.tstore.orders[req_finish.orderID].gross &&
amazon.caas.payments[i].payee == GlobalState.tstore.myDomain &&
amazon.caas.payments[i].status == CaasReturnStatus.Sucess
));
}
public bool getPDTDetails(int tx, out orderRecord values)
{
canonicalRequestResponse res = new canonicalRequestResponse();
if (payment47 != null && payment47.id == tx)
{
values = payment47;
return(true);
}
else
{
values = null;
return(false);
}
}
static void Main()
{
int y;
foo(out y);
Contract.Assert(y != 10);
int witness;
CaaS paypal = GlobalState.paypal;
PayPalStandardPaymentProcessor1 merchant_sender = new PayPalStandardPaymentProcessor1();
PayPalStandardReturn1 merchant_receiver = new PayPalStandardReturn1();
Order init_order = p.NondetOrder();
canonicalRequestResponse res_placeorder = p.NodetReqres();
canonicalRequestResponse req_pay = p.NodetReqres();
canonicalRequestResponse res_pay = p.NodetReqres();
canonicalRequestResponse req_finish = p.NodetReqres();
// Computation on merchant - place order
res_placeorder = merchant_sender.PostProcessPayment(init_order);
// Message: merchant -> client -> CaaS
// is the msg encrypted? if so, then:
req_pay = res_placeorder;
GlobalState.MerchantPaymentEmail = req_pay.payee;
GlobalState.order.gross = req_pay.gross;
GlobalState.order.id = req_pay.orderID;
GlobalState.paypal.pay(req_pay); //Rui: there is no return for this call, because anything returned through the client should be havoced
req_finish.orderID = p.NondetInt();
witness = merchant_receiver.Page_Load(null, null, req_finish.orderID);
Contract.Assert(GlobalState.paypal.caas.payments[witness].orderID == req_finish.orderID);
Contract.Assert(
paypal.caas.payments[witness].orderID == req_finish.orderID &&
paypal.caas.payments[witness].gross == GlobalState.tstore.orders[req_finish.orderID].gross &&
paypal.caas.payments[witness].payee == GlobalState.tstore.myAccount &&
paypal.caas.payments[witness].status == CaasReturnStatus.Sucess
);
Contract.Assert(0 <= witness && witness < paypal.caas.payments.Length);
Contract.Assert(Contract.Exists(0, paypal.caas.payments.Length, i =>
paypal.caas.payments[i].orderID == req_finish.orderID &&
paypal.caas.payments[i].payee == GlobalState.tstore.myAccount &&
paypal.caas.payments[i].status == CaasReturnStatus.Sucess &&
paypal.caas.payments[i].gross == GlobalState.tstore.orders[req_finish.orderID].gross
));
}
public canonicalRequestResponse pay(canonicalRequestResponse req)
{
canonicalRequestResponse res = new canonicalRequestResponse();
res.gross = req.gross;
res.orderID = req.orderID;
res.status = CaasReturnStatus.Sucess;
// if the request is signed then the previous res.payee will be assigned to this req.payee in Main()
// this line of code simply propagates the payee info to the response
res.payee = req.payee;
//not sure whether this field is important
res.MerchantReturnURL = req.MerchantReturnURL;
return(res);
}
static void Main()
{
SimplePayPaymentProcessor1 merchant_sender = new SimplePayPaymentProcessor1();
CaaS amazon = new CaaS();
AmazonSimplePayReturn1 merchant_receiver = new AmazonSimplePayReturn1();
Order init_order = p.NondetOrder();
GlobalState.order = new orderRecord();
canonicalRequestResponse res_placeorder = p.NodetReqres();
canonicalRequestResponse req_pay = p.NodetReqres();
canonicalRequestResponse res_pay = p.NodetReqres();
canonicalRequestResponse req_finish = p.NodetReqres();
// Computation on merchant - place order
res_placeorder = merchant_sender.PostProcessPayment(init_order);
// Message: merchant -> client -> CaaS
// is the msg encrypted? if so, then:
req_pay = res_placeorder;
GlobalState.MerchantPaymentEmail = req_pay.payee;
GlobalState.order.gross = req_pay.gross;
GlobalState.order.id = req_pay.orderID;
// Computation on Amazon - pay
res_pay = amazon.pay(req_pay);
// Message: CaaS -> client -> merchant
// is the msg encrypted? if so, then:
req_finish = res_pay;
merchant_receiver.Request = req_finish;
Contract.Assume(res_pay.orderID == req_finish.orderID);
GlobalState.CaaS_email_proxy = res_pay.payee;
GlobalState.CaaS_gross_proxy = res_pay.gross; //we need this since boogie can't handle string concat
// Computation on merchant - finish order
merchant_receiver.Page_Load(null, null);
Contract.Assert(GlobalState.order.id == req_finish.orderID);
Contract.Assert(GlobalState.MerchantPaymentEmail == req_finish.payee);
Contract.Assert(GlobalState.order.gross == req_finish.gross);
Contract.Assert(GlobalState.order.status == Global.OrderStatusEnum.Paid);
}
public canonicalRequestResponse oauth_token_req(canonicalRequestResponse req)
{
canonicalRequestResponse res = new canonicalRequestResponse();
//ideally we should leave them uninitialized but it doesnt work for boogie check
FBGlobalState.code = p.NondetString();
FBGlobalState.access_token = p.NondetString();
FBGlobalState.user_id = p.NondetInt();
FBGlobalState.return_url = p.NondetString();
FBGlobalState.client_id = p.NondetString();
//conversion to proto-agnostic data structures
OPAssertion.uid = FBGlobalState.access_token;
OPAssertion.rpid = FBGlobalState.client_id;
OPAssertion.return_url = FBGlobalState.return_url;
OPAssertion.isSuccess = p.NondetBool();
if (req.code != FBGlobalState.code)
{
res.status = HTTPStatus.Failure;
}
else if (req.redirect_url != FBGlobalState.return_url)
{
res.status = HTTPStatus.Failure;
}
else if (req.client_id != FBGlobalState.client_id)
{
res.status = HTTPStatus.Failure;
}
else if (!OPAssertion.isSuccess)
{
res.status = HTTPStatus.Failure;
}
else
{
res.status = HTTPStatus.Success;
res.token = FBGlobalState.access_token;
}
return(res);
}
// entry point for the second request
public canonicalRequestResponse QueryAccessToken_entry(canonicalRequestResponse req)
{
//boogie hack -- uninitializes our vars
this.appId = p.NondetString();
this.appSecret = p.NondetString();
RPGlobalState.appId = this.appId;
RPGlobalState.appSecret = this.appSecret;
RPGlobalState.return_uri = p.NondetString();
//conversion to proto-agnostic data structures
RPStates.domain = RPGlobalState.return_uri;
RPStates.rpid = RPGlobalState.appId;
// end of boogie hack
//we are redefining the Uri objectin stub.cs
Uri url = new Uri(RPGlobalState.return_uri);
canonicalRequestResponse res = QueryAccessToken(url, req.code);
return(res);
}
public canonicalRequestResponse QueryAccessToken(Uri returnUrl, string authorizationCode)
{
var builder = new UriBuilder(TokenEndpoint);
builder.AppendQueryArgs(
new Dictionary <string, string> {
{ "client_id", this.appId },
{ "redirect_uri", returnUrl.AbsoluteUri },
{ "client_secret", this.appSecret },
{ "code", authorizationCode }
});
//[NON rp related code]
canonicalRequestResponse res = new canonicalRequestResponse();
res.client_id = this.appId;
res.redirect_url = returnUrl.AbsoluteUri;
res.code = authorizationCode;
return(res);
}
static void Main()
{
FacebookClient1 oauth_client = new FacebookClient1();
FacebookServer oauth_server = new FacebookServer();
canonicalRequestResponse req1 = p.NondetRequestResponse();
canonicalRequestResponse res1 = p.NondetRequestResponse();
canonicalRequestResponse req2 = p.NondetRequestResponse();
canonicalRequestResponse res2 = p.NondetRequestResponse();
req2 = oauth_client.QueryAccessToken_entry(res1);
//we are not havocing the second request because it's not a redirection
res2 = oauth_server.oauth_token_req(req2);
oauth_client.GetUserData_entry(res2);
//proto agnostic check
Contract.Assert(OPAssertion.isSuccess);
Contract.Assert(OPAssertion.rpid == RPStates.rpid);
Contract.Assert(OPAssertion.return_url == RPStates.domain);
Contract.Assert(OPAssertion.uid == RPStates.uid);
}
public canonicalRequestResponse oauth_code_req(canonicalRequestResponse req)
{
FBGlobalState.code = p.NondetString();
FBGlobalState.access_token = p.NondetString();
FBGlobalState.user_id = p.NondetInt();
FBGlobalState.return_url = req.redirect_url;
FBGlobalState.client_id = req.client_id;
//conversion to proto-agnostic data structures
OPAssertion.uid = FBGlobalState.access_token;
OPAssertion.rpid = req.client_id;
OPAssertion.return_url = req.redirect_url;
OPAssertion.isSuccess = true;
Contract.Assert(OPAssertion.rpid == RPStates.rpid);
Contract.Assert(OPAssertion.return_url == RPStates.domain);
canonicalRequestResponse res = new canonicalRequestResponse();
res.code = FBGlobalState.code;
return(res);
}
static void Main()
{
PayPalStandardPaymentProcessor1 merchant_sender = new PayPalStandardPaymentProcessor1();
PayPalStandardReturn1 merchant_receiver = new PayPalStandardReturn1();
Order init_order = p.NondetOrder();
GlobalState.order = new orderRecord();
GlobalState.payment = new orderRecord();
canonicalRequestResponse res_placeorder = p.NodetReqres();
canonicalRequestResponse req_pay = p.NodetReqres();
canonicalRequestResponse res_pay = p.NodetReqres();
canonicalRequestResponse req_finish = p.NodetReqres();
// Message: CaaS -> client -> merchant
// Computation on merchant - finish order
merchant_receiver.Page_Load(null, null);
Contract.Assert(GlobalState.order.id == GlobalState.payment.id);
Contract.Assert(GlobalState.MerchantPaymentEmail == GlobalState.payment.payee);
Contract.Assert(GlobalState.order.gross == GlobalState.payment.gross);
Contract.Assert(GlobalState.order.status == Global.OrderStatusEnum.Paid);
}
public canonicalRequestResponse GetServiceLoginUrl(Uri returnUrl)
{
// Note: Facebook doesn't like us to url-encode the redirect_uri value
var builder = new UriBuilder(AuthorizationEndpoint);
builder.AppendQueryArgs(
new Dictionary <string, string> {
{ "client_id", this.appId },
{ "redirect_uri", returnUrl.AbsoluteUri },
{ "path_digest", "RP[HASH()]" }
});
//[NON rp related code]
canonicalRequestResponse res = new canonicalRequestResponse();
res.client_id = this.appId;
res.redirect_url = returnUrl.AbsoluteUri;
//Contract.Assert(res.redirect_url == retu
return(res);
}
public AmazonSimplePayReturn1()
{
Request = new canonicalRequestResponse();
Response = new canonicalRequestResponse();
Page = new Page();
}
public PayPalStandardReturn1()
{
Request = new canonicalRequestResponse();
Response = new canonicalRequestResponse();
Page = new Page();
}
