check header & change address

10 years ago · b1a29f5005
2 changed files with 51 additions and 50 deletions
--- a/lib/client/Verifier.js
+++ b/lib/client/Verifier.js
@ -55,7 +55,8 @@ Verifier.checkCopayers = function(copayers, walletPrivKey, myXPrivKey, n) {

 Verifier.checkTxProposal = function(data, txp) {
  var header = txp.toAddress + '|' + txp.amount + '|' + (txp.message || '');
-  if (!SignUtils.verify(header, txp.proposalSignature, data.signingPubKey)) return false;
+  var signingPubKey = Bitcore.PrivateKey.fromString(data.signingPrivKey).toPublicKey().toString();
+  if (!SignUtils.verify(header, txp.proposalSignature, signingPubKey)) return false;

  return Verifier.checkAddress(data, txp.changeAddress);
 };
--- a/test/integration/clientApi.js
+++ b/test/integration/clientApi.js
@ -10,11 +10,9 @@ var Bitcore = require('bitcore');
 var TestData = require('./clienttestdata');

 describe('client API ', function() {
-
  var client;

  beforeEach(function() {
-
    var fsmock = {};;
    fsmock.readFile = sinon.mock().yields(null, JSON.stringify(TestData.storage.wallet11));
    fsmock.writeFile = sinon.mock().yields();
@ -27,7 +25,7 @@ describe(' client API ', function() {
    });
  });

-  describe(' _tryToComplete ', function() {
+  describe('#_tryToComplete ', function() {
    it('should complete a wallet ', function(done) {
      var request = sinon.stub();

@ -45,7 +43,7 @@ describe(' client API ', function() {
        should.not.exist(err);
        done();
      });
-    })
+    });


    it('should handle incomple wallets', function(done) {
@ -62,7 +60,7 @@ describe(' client API ', function() {
        err.should.contain('Incomplete');
        done();
      });
-    })
+    });

    it('should reject wallets with bad signatures', function(done) {
      var request = sinon.stub();
@ -77,7 +75,8 @@ describe(' client API ', function() {
        err.should.contain('verified');
        done();
      });
-    })
+    });
+
    it('should reject wallets with missing signatures ', function(done) {
      var request = sinon.stub();
      // Wallet request
@ -91,7 +90,7 @@ describe(' client API ', function() {
        err.should.contain('verified');
        done();
      });
-    })
+    });

    it('should reject wallets missing caller"s pubkey', function(done) {
      var request = sinon.stub();
@ -106,12 +105,10 @@ describe(' client API ', function() {
        err.should.contain('verified');
        done();
      });
-    })
-
-
+    });
  });

-  describe(' createAddress ', function() {
+  describe('#createAddress ', function() {
    it('should check address ', function(done) {

      var response = {
@ -131,7 +128,8 @@ describe(' client API ', function() {
        x.address.should.equal('2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq');
        done();
      });
-    })
+    });
+
    it('should detect fake addresses ', function(done) {
      var response = {
        createdOn: 1424105995,
@ -148,46 +146,48 @@ describe(' client API ', function() {
        err.message.should.contain('fake address');
        done();
      });
-    })
-  })
+    });
+  });

-  describe(' createAddress ', function() {
-    it(' should check address ', function(done) {
+  describe('#signTxProposal ', function() {
+    it.skip('should sign tx proposal', function(done) {});

-      var response = {
-        createdOn: 1424105995,
+    it('should detect fake tx proposal signature', function(done) {
+      var txp = {
+        toAddress: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
+        amount: 100000,
+        message: 'some message',
+        proposalSignature: 'dummy',
+        changeAddress: {
          address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
          path: 'm/2147483647/0/7',
          publicKeys: ['03f6a5fe8db51bfbaf26ece22a3e3bc242891a47d3048fc70bc0e8c03a071ad76f']
+        },
      };
-      var request = sinon.mock().yields(null, {
-        statusCode: 200
-      }, response);
-      client.request = request;
-
-
-      client.createAddress(function(err, x) {
-        should.not.exist(err);
-        x.address.should.equal('2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq');
+      client.signTxProposal(txp, function(err) {
+        err.code.should.equal('SERVERCOMPROMISED');
+        err.message.should.contain('fake transaction proposal');
        done();
      });
-    })
-    it(' should detect fake addresses ', function(done) {
-      var response = {
-        createdOn: 1424105995,
+    });
+
+    it('should detect fake tx proposal change address', function(done) {
+      var txp = {
+        toAddress: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
+        amount: 100000,
+        message: 'some message',
+        proposalSignature: '3045022100e2d9ef7ed592217ab2256fdcf9627075f35ecdf431dde8c9a9c9422b7b1fb00f02202bc8ce066db4401bdbafb2492c3138debbc69c4c01db50d8c22a227e744c8906',
+        changeAddress: {
          address: '2N3fA6wDtnebzywPkGuNK9KkFaEzgbPRRTq',
          path: 'm/2147483647/0/8',
          publicKeys: ['03f6a5fe8db51bfbaf26ece22a3e3bc242891a47d3048fc70bc0e8c03a071ad76f']
+        },
      };
-      var request = sinon.mock().yields(null, {
-        statusCode: 200
-      }, response);
-      client.request = request;
-      client.createAddress(function(err, x) {
+      client.signTxProposal(txp, function(err) {
        err.code.should.equal('SERVERCOMPROMISED');
-        err.message.should.contain('fake address');
+        err.message.should.contain('fake transaction proposal');
        done();
      });
-    })
-  })
+    });
+  });
 });