Browse Source
paymentrequest: be explicit about only allowing "addresses"
3.3.3.1
SomberNight
6 years ago
No known key found for this signature in database
GPG Key ID: B33B5F232C6271E9
3 changed files with
16 additions and
11 deletions
-
electrum/paymentrequest.py
-
electrum/transaction.py
-
electrum/util.py
|
|
|
@ -132,8 +132,12 @@ class PaymentRequest: |
|
|
|
self.details.ParseFromString(self.data.serialized_payment_details) |
|
|
|
self.outputs = [] |
|
|
|
for o in self.details.outputs: |
|
|
|
addr = transaction.get_address_from_output_script(o.script)[1] |
|
|
|
self.outputs.append(TxOutput(TYPE_ADDRESS, addr, o.amount)) |
|
|
|
type_, addr = transaction.get_address_from_output_script(o.script) |
|
|
|
if type_ != TYPE_ADDRESS: |
|
|
|
# TODO maybe rm restriction but then get_requestor and get_id need changes |
|
|
|
self.error = "only addresses are allowed as outputs" |
|
|
|
return |
|
|
|
self.outputs.append(TxOutput(type_, addr, o.amount)) |
|
|
|
self.memo = self.details.memo |
|
|
|
self.payment_url = self.details.payment_url |
|
|
|
|
|
|
|
@ -195,6 +199,9 @@ class PaymentRequest: |
|
|
|
verify = pubkey0.verify(sigBytes, x509.PREFIX_RSA_SHA256 + hashBytes) |
|
|
|
elif paymntreq.pki_type == "x509+sha1": |
|
|
|
verify = pubkey0.hashAndVerify(sigBytes, msgBytes) |
|
|
|
else: |
|
|
|
self.error = f"ERROR: unknown pki_type {paymntreq.pki_type} in Payment Request" |
|
|
|
return False |
|
|
|
if not verify: |
|
|
|
self.error = "ERROR: Invalid Signature for Payment Request Data" |
|
|
|
return False |
|
|
|
|
|
|
|
@ -1030,9 +1030,10 @@ class Transaction: |
|
|
|
if outputs: |
|
|
|
self._outputs.sort(key = lambda o: (o.value, self.pay_script(o.type, o.address))) |
|
|
|
|
|
|
|
def serialize_output(self, output: TxOutput) -> str: |
|
|
|
@classmethod |
|
|
|
def serialize_output(cls, output: TxOutput) -> str: |
|
|
|
s = int_to_hex(output.value, 8) |
|
|
|
script = self.pay_script(output.type, output.address) |
|
|
|
script = cls.pay_script(output.type, output.address) |
|
|
|
s += var_int(len(script)//2) |
|
|
|
s += script |
|
|
|
return s |
|
|
|
|
|
|
|
@ -444,8 +444,7 @@ def assert_str(*args): |
|
|
|
assert isinstance(x, str) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def to_string(x, enc): |
|
|
|
def to_string(x, enc) -> str: |
|
|
|
if isinstance(x, (bytes, bytearray)): |
|
|
|
return x.decode(enc) |
|
|
|
if isinstance(x, str): |
|
|
|
@ -453,7 +452,8 @@ def to_string(x, enc): |
|
|
|
else: |
|
|
|
raise TypeError("Not a string or bytes like object") |
|
|
|
|
|
|
|
def to_bytes(something, encoding='utf8'): |
|
|
|
|
|
|
|
def to_bytes(something, encoding='utf8') -> bytes: |
|
|
|
""" |
|
|
|
cast string to bytes() like object, but for python2 support it's bytearray copy |
|
|
|
""" |
|
|
|
@ -471,16 +471,13 @@ bfh = bytes.fromhex |
|
|
|
hfu = binascii.hexlify |
|
|
|
|
|
|
|
|
|
|
|
def bh2u(x): |
|
|
|
def bh2u(x: bytes) -> str: |
|
|
|
""" |
|
|
|
str with hex representation of a bytes-like object |
|
|
|
|
|
|
|
>>> x = bytes((1, 2, 10)) |
|
|
|
>>> bh2u(x) |
|
|
|
'01020A' |
|
|
|
|
|
|
|
:param x: bytes |
|
|
|
:rtype: str |
|
|
|
""" |
|
|
|
return hfu(x).decode('ascii') |
|
|
|
|
|
|
|
|
