http server: add ssl and bip70 signed requests

electrum/commands.py

@@ -702,7 +702,7 @@ class Commands:
     @command('w')
     async def getrequest(self, key):
         """Return a payment request"""
-        r = self.wallet.get_payment_request(key, self.config)
+        r = self.wallet.get_request(key)
         if not r:
             raise Exception("Request not found")
         return self._format_request(r)
@@ -754,7 +754,7 @@ class Commands:
         expiration = int(expiration) if expiration else None
         req = self.wallet.make_payment_request(addr, amount, memo, expiration)
         self.wallet.add_payment_request(req, self.config)
-        out = self.wallet.get_payment_request(addr, self.config)
+        out = self.wallet.get_request(addr)
         return self._format_request(out)
 
     @command('w')

electrum/daemon.py

@@ -34,6 +34,7 @@ import aiohttp
 from aiohttp import web
 from base64 import b64decode
 from collections import defaultdict
+import ssl
 
 import jsonrpcclient
 import jsonrpcserver
@@ -184,18 +185,25 @@ class HttpServer(Logger):
         #await self.pending[key].set()
 
     async def run(self):
-        from aiohttp import helpers
+        host = self.config.get('http_host', 'localhost')
+        port = self.config.get('http_port')
+        root = self.config.get('http_root', '/r')
+        ssl_keyfile = self.config.get('ssl_keyfile')
+        ssl_certfile = self.config.get('ssl_certfile')
+        if ssl_keyfile and ssl_certfile:
+            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            ssl_context.load_cert_chain(ssl_certfile, ssl_keyfile)
+        else:
+            ssl_context = None
         app = web.Application()
-        #app.on_response_prepare.append(http_server.on_response_prepare)
         app.add_routes([web.post('/api/create_invoice', self.create_request)])
         app.add_routes([web.get('/api/get_invoice', self.get_request)])
         app.add_routes([web.get('/api/get_status', self.get_status)])
-        app.add_routes([web.static('/electrum', 'electrum/www')])
+        app.add_routes([web.get('/bip70/{key}.bip70', self.get_bip70_request)])
+        app.add_routes([web.static(root, 'electrum/www')])
         runner = web.AppRunner(app)
         await runner.setup()
-        host = self.config.get('http_host', 'localhost')
-        port = int(self.config.get('http_port'))
-        site = web.TCPSite(runner, port=port, host=host)
+        site = web.TCPSite(runner, port=port, host=host, ssl_context=ssl_context)
         await site.start()
 
     async def create_request(self, request):
@@ -207,13 +215,22 @@ class HttpServer(Logger):
         message = params['message'] or "donation"
         payment_hash = await wallet.lnworker._add_invoice_coro(amount, message, 3600)
         key = payment_hash.hex()
-        raise web.HTTPFound('/electrum/index.html?id=' + key)
+        raise web.HTTPFound(self.root + '/pay?id=' + key)
 
     async def get_request(self, r):
         key = r.query_string
         request = self.daemon.wallet.get_request(key)
         return web.json_response(request)
 
+    async def get_bip70_request(self, r):
+        from .paymentrequest import make_request
+        key = r.match_info['key']
+        request = self.daemon.wallet.get_request(key)
+        if not request:
+            return web.HTTPNotFound()
+        pr = make_request(self.config, request)
+        return web.Response(body=pr.SerializeToString(), content_type='application/bitcoin-paymentrequest')
+
     async def get_status(self, request):
         ws = web.WebSocketResponse()
         await ws.prepare(request)

electrum/gui/kivy/uix/screens.py

@@ -429,7 +429,7 @@ class ReceiveScreen(CScreen):
         self.screen.address = addr
 
     def on_address(self, addr):
-        req = self.app.wallet.get_payment_request(addr, self.app.electrum_config)
+        req = self.app.wallet.get_request(addr)
         self.screen.status = ''
         if req:
             self.screen.message = req.get('memo', '')

electrum/gui/qt/request_list.py

@@ -183,11 +183,8 @@ class RequestList(MyTreeView):
             menu.addAction(_("Copy lightning payment request"), lambda: self.parent.do_copy('Request', req['invoice']))
         else:
             menu.addAction(_("Copy URI"), lambda: self.parent.do_copy('URI', req['URI']))
-        if 'http_url' in req:
-            menu.addAction(_("View in web browser"), lambda: webopen(req['http_url']))
-        # do bip70 only for browser access
-        # so, each request should have an ID, regardless
-        #menu.addAction(_("Save as BIP70 file"), lambda: self.parent.export_payment_request(addr))
+        if 'view_url' in req:
+            menu.addAction(_("View in web browser"), lambda: webopen(req['view_url']))
         menu.addAction(_("Delete"), lambda: self.parent.delete_request(key))
         run_hook('receive_list_menu', menu, key)
         menu.exec_(self.viewport().mapToGlobal(position))

electrum/paymentrequest.py

@@ -473,8 +473,8 @@ def serialize_request(req):
 
 def make_request(config, req):
     pr = make_unsigned_request(req)
-    key_path = config.get('ssl_privkey')
-    cert_path = config.get('ssl_chain')
+    key_path = config.get('ssl_keyfile')
+    cert_path = config.get('ssl_certfile')
     if key_path and cert_path:
         sign_request_with_x509(pr, key_path, cert_path)
     return pr

electrum/wallet.py

@@ -1268,7 +1268,7 @@ class Abstract_Wallet(AddressSynchronizer):
                 return True, conf
         return False, None
 
-    def get_payment_request(self, addr, config):
+    def get_payment_request(self, addr):
         r = self.receive_requests.get(addr)
         if not r:
             return
@@ -1324,15 +1324,22 @@ class Abstract_Wallet(AddressSynchronizer):
         from .simple_config import get_config
         config = get_config()
         if key in self.receive_requests:
-            req = self.get_payment_request(key, {})
+            req = self.get_payment_request(key)
         else:
             req = self.lnworker.get_request(key)
         if not req:
             return
-        if config.get('http_port', 8000):
+        if config.get('http_port'):
             host = config.get('http_host', 'localhost')
-            port = config.get('http_port', 8000)
-            req['http_url'] = 'http://%s:%d/electrum/index.html?id=%s'%(host, port, key)
+            port = config.get('http_port')
+            root = config.get('http_root', '/r')
+            use_ssl = bool(config.get('ssl_keyfile'))
+            protocol = 'https' if use_ssl else 'http'
+            base = '%s://%s:%d'%(protocol, host, port)
+            req['view_url'] = base + root + '/pay?id=' + key
+            if use_ssl and 'URI' in req:
+                request_url = base + '/bip70/' + key + '.bip70'
+                req['bip70_url'] = request_url
         return req
 
     def receive_tx_callback(self, tx_hash, tx, tx_height):
@@ -1397,7 +1404,7 @@ class Abstract_Wallet(AddressSynchronizer):
 
     def get_sorted_requests(self, config):
         """ sorted by timestamp """
-        out = [self.get_payment_request(x, config) for x in self.receive_requests.keys()]
+        out = [self.get_request(x) for x in self.receive_requests.keys()]
         if self.lnworker:
             out += self.lnworker.get_requests()
         out.sort(key=operator.itemgetter('time'))

electrum/www

@@ -1 +1 @@
-Subproject commit cfab42bfc1db4976d7bba5a9d20bfc94da91db7f
+Subproject commit b777d98ce1f374d4136d1481a89b198f9813aa90