UNPKG

bitcore-wallet-client

Version:

Client for bitcore-wallet-service

162 lines (130 loc) 4.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
/** @namespace Verifier */ var $ = require('preconditions').singleton(); var _ = require('lodash'); var Bitcore = require('bitcore-lib'); var Common = require('./common'); var Utils = Common.Utils; var log = require('./log'); /** * @desc Verifier constructor. Checks data given by the server * * @constructor */ function Verifier(opts) {}; /** * Check address * * @param {Function} credentials * @param {String} address * @returns {Boolean} true or false */ Verifier.checkAddress = function(credentials, address) { $.checkState(credentials.isComplete()); var local = Utils.deriveAddress(address.type || credentials.addressType, credentials.publicKeyRing, address.path, credentials.m, credentials.network); return (local.address == address.address && _.difference(local.publicKeys, address.publicKeys).length === 0); }; /** * Check copayers * * @param {Function} credentials * @param {Array} copayers * @returns {Boolean} true or false */ Verifier.checkCopayers = function(credentials, copayers) { $.checkState(credentials.walletPrivKey); var walletPubKey = Bitcore.PrivateKey.fromString(credentials.walletPrivKey).toPublicKey().toString(); if (copayers.length != credentials.n) { log.error('Missing public keys in server response'); return false; } // Repeated xpub kes? var uniq = []; var error; _.each(copayers, function(copayer) { if (error) return; if (uniq[copayers.xPubKey]++) { log.error('Repeated public keys in server response'); error = true; } // Not signed pub keys if (!copayer.name || !copayer.xPubKey || !copayer.requestPubKey || !copayer.signature) { log.error('Missing copayer fields in server response'); error = true; } else { var hash = Utils.getCopayerHash(copayer.name, copayer.xPubKey, copayer.requestPubKey); if (!Utils.verifyMessage(hash, copayer.signature, walletPubKey)) { log.error('Invalid signatures in server response'); error = true; } } }); if (error) return false; if (!_.contains(_.pluck(copayers, 'xPubKey'), credentials.xPubKey)) { log.error('Server response does not contains our public keys') return false; } return true; }; Verifier.checkTxProposalBody = function(credentials, txp) { $.checkArgument(txp.creatorId); $.checkState(credentials.isComplete()); var creatorKeys = _.find(credentials.publicKeyRing, function(item) { if (Utils.xPubToCopayerId(item.xPubKey) === txp.creatorId) return true; }); if (!creatorKeys) return false; var creatorSigningPubKey; // If the txp using a selfsigned pub key? if (txp.proposalSignaturePubKey) { // Verify it... if (!Utils.verifyRequestPubKey(txp.proposalSignaturePubKey, txp.proposalSignaturePubKeySig, creatorKeys.xPubKey)) return false; creatorSigningPubKey = txp.proposalSignaturePubKey; } else { creatorSigningPubKey = creatorKeys.requestPubKey; } if (!creatorSigningPubKey) return false; var hash; if (txp.outputs) { var outputs = _.map(txp.outputs, function(o) { return { toAddress: o.toAddress, amount: o.amount, message: o.encryptedMessage || o.message || null }; }); var proposalHeader = { outputs: outputs, message: txp.encryptedMessage || txp.message || null, payProUrl: txp.payProUrl || null, }; hash = Utils.getProposalHash(proposalHeader); } else { hash = Utils.getProposalHash(txp.toAddress, txp.amount, txp.encryptedMessage || txp.message || null, txp.payProUrl || null); } log.debug('Regenerating & verifying tx proposal hash -> Hash: ', hash, ' Signature: ', txp.proposalSignature); if (!Utils.verifyMessage(hash, txp.proposalSignature, creatorSigningPubKey)) return false; if (!Verifier.checkAddress(credentials, txp.changeAddress)) return false; return true; }; /** * Check transaction proposal * * @param {Function} credentials * @param {Object} txp * @param {Object} Optional: paypro * @param {Boolean} isLegit */ Verifier.checkTxProposal = function(credentials, txp, opts) { opts = opts || {}; if (!this.checkTxProposalBody(credentials, txp)) return false; if (opts.paypro) { if (txp.toAddress != opts.paypro.toAddress || txp.amount != opts.paypro.amount) return false; } return true; }; module.exports = Verifier;