ThomasV
11 years ago
2 changed files with 254 additions and 0 deletions
@ -0,0 +1,46 @@ |
|||
// |
|||
// Simple Bitcoin Payment Protocol messages |
|||
// |
|||
// Use fields 1000+ for extensions; |
|||
// to avoid conflicts, register extensions via pull-req at |
|||
// https://github.com/bitcoin/bips/bip-0070/extensions.mediawiki |
|||
// |
|||
|
|||
package payments; |
|||
option java_package = "org.bitcoin.protocols.payments"; |
|||
option java_outer_classname = "Protos"; |
|||
|
|||
// Generalized form of "send payment to this/these bitcoin addresses" |
|||
message Output { |
|||
optional uint64 amount = 1 [default = 0]; // amount is integer-number-of-satoshis |
|||
required bytes script = 2; // usually one of the standard Script forms |
|||
} |
|||
message PaymentDetails { |
|||
optional string network = 1 [default = "main"]; // "main" or "test" |
|||
repeated Output outputs = 2; // Where payment should be sent |
|||
required uint64 time = 3; // Timestamp; when payment request created |
|||
optional uint64 expires = 4; // Timestamp; when this request should be considered invalid |
|||
optional string memo = 5; // Human-readable description of request for the customer |
|||
optional string payment_url = 6; // URL to send Payment and get PaymentACK |
|||
optional bytes merchant_data = 7; // Arbitrary data to include in the Payment message |
|||
} |
|||
message PaymentRequest { |
|||
optional uint32 payment_details_version = 1 [default = 1]; |
|||
optional string pki_type = 2 [default = "none"]; // none / x509+sha256 / x509+sha1 |
|||
optional bytes pki_data = 3; // depends on pki_type |
|||
required bytes serialized_payment_details = 4; // PaymentDetails |
|||
optional bytes signature = 5; // pki-dependent signature |
|||
} |
|||
message X509Certificates { |
|||
repeated bytes certificate = 1; // DER-encoded X.509 certificate chain |
|||
} |
|||
message Payment { |
|||
optional bytes merchant_data = 1; // From PaymentDetails.merchant_data |
|||
repeated bytes transactions = 2; // Signed transactions that satisfy PaymentDetails.outputs |
|||
repeated Output refund_to = 3; // Where to send refunds, if a refund is necessary |
|||
optional string memo = 4; // Human-readable message for the merchant |
|||
} |
|||
message PaymentACK { |
|||
required Payment payment = 1; // Payment message that triggered this ACK |
|||
optional string memo = 2; // human-readable message for customer |
|||
} |
|||
@ -0,0 +1,208 @@ |
|||
import hashlib |
|||
import httplib |
|||
import os.path |
|||
import re |
|||
import sys |
|||
import threading |
|||
import time |
|||
import traceback |
|||
import urllib2 |
|||
|
|||
try: |
|||
import paymentrequest_pb2 |
|||
except: |
|||
print "protoc --proto_path=lib/ --python_out=lib/ lib/paymentrequest.proto" |
|||
sys.exit(1) |
|||
|
|||
import urlparse |
|||
import requests |
|||
from M2Crypto import X509 |
|||
|
|||
from bitcoin import is_valid |
|||
import urlparse |
|||
|
|||
import transaction |
|||
|
|||
REQUEST_HEADERS = {'Accept': 'application/bitcoin-paymentrequest', 'User-Agent': 'Electrum'} |
|||
ACK_HEADERS = {'Content-Type':'application/bitcoin-payment','Accept':'application/bitcoin-paymentack','User-Agent':'Electrum'} |
|||
|
|||
class PaymentRequest: |
|||
|
|||
def __init__(self): |
|||
self.ca_path = os.path.expanduser("~/.electrum/ca/ca-bundle.crt") |
|||
self.ca_list = {} |
|||
try: |
|||
with open(self.ca_path, 'r') as ca_f: |
|||
c = "" |
|||
for line in ca_f: |
|||
if line == "-----BEGIN CERTIFICATE-----\n": |
|||
c = line |
|||
else: |
|||
c += line |
|||
if line == "-----END CERTIFICATE-----\n": |
|||
x = X509.load_cert_string(c) |
|||
self.ca_list[x.get_fingerprint()] = x |
|||
except Exception: |
|||
print "ERROR: Could not open %s"%self.ca_path |
|||
print "ca-bundle.crt file should be placed in ~/.electrum/ca/ca-bundle.crt" |
|||
print "Documentation on how to download or create the file here: http://curl.haxx.se/docs/caextract.html" |
|||
print "Payment will continue with manual verification." |
|||
|
|||
|
|||
|
|||
def verify(self, url): |
|||
|
|||
u = urlparse.urlparse(urllib2.unquote(url)) |
|||
self.domain = u.netloc |
|||
|
|||
connection = httplib.HTTPConnection(u.netloc) if u.scheme == 'http' else httplib.HTTPSConnection(u.netloc) |
|||
connection.request("GET",u.geturl(), headers=REQUEST_HEADERS) |
|||
resp = connection.getresponse() |
|||
|
|||
r = resp.read() |
|||
paymntreq = paymentrequest_pb2.PaymentRequest() |
|||
paymntreq.ParseFromString(r) |
|||
|
|||
sig = paymntreq.signature |
|||
|
|||
cert = paymentrequest_pb2.X509Certificates() |
|||
cert.ParseFromString(paymntreq.pki_data) |
|||
cert_num = len(cert.certificate) |
|||
|
|||
x509_1 = X509.load_cert_der_string(cert.certificate[0]) |
|||
if self.domain != x509_1.get_subject().CN: |
|||
###TODO: check for subject alt names |
|||
### check for wildcards |
|||
print "ERROR: Certificate Subject Domain Mismatch" |
|||
print self.domain, x509_1.get_subject().CN |
|||
#return |
|||
|
|||
x509 = [] |
|||
CA_OU = '' |
|||
|
|||
if cert_num > 1: |
|||
for i in range(cert_num - 1): |
|||
x509.append(X509.load_cert_der_string(cert.certificate[i+1])) |
|||
if x509[i].check_ca() == 0: |
|||
print "ERROR: Supplied CA Certificate Error" |
|||
return |
|||
for i in range(cert_num - 1): |
|||
if i == 0: |
|||
if x509_1.verify(x509[i].get_pubkey()) != 1: |
|||
print "ERROR: Certificate not Signed by Provided CA Certificate Chain" |
|||
return |
|||
else: |
|||
if x509[i-1].verify(x509[i].get_pubkey()) != 1: |
|||
print "ERROR: CA Certificate not Signed by Provided CA Certificate Chain" |
|||
return |
|||
|
|||
supplied_CA_fingerprint = x509[cert_num-2].get_fingerprint() |
|||
supplied_CA_CN = x509[cert_num-2].get_subject().CN |
|||
CA_match = False |
|||
|
|||
x = self.ca_list.get(supplied_CA_fingerprint) |
|||
if x: |
|||
CA_OU = x.get_subject().OU |
|||
CA_match = True |
|||
if x.get_subject().CN != supplied_CA_CN: |
|||
print "ERROR: Trusted CA CN Mismatch; however CA has trusted fingerprint" |
|||
print "Payment will continue with manual verification." |
|||
else: |
|||
print "ERROR: Supplied CA Not Found in Trusted CA Store." |
|||
print "Payment will continue with manual verification." |
|||
else: |
|||
print "ERROR: CA Certificate Chain Not Provided by Payment Processor" |
|||
return False |
|||
|
|||
paymntreq.signature = '' |
|||
s = paymntreq.SerializeToString() |
|||
pubkey_1 = x509_1.get_pubkey() |
|||
|
|||
if paymntreq.pki_type == "x509+sha256": |
|||
pubkey_1.reset_context(md="sha256") |
|||
elif paymntreq.pki_type == "x509+sha1": |
|||
pubkey_1.reset_context(md="sha1") |
|||
else: |
|||
print "ERROR: Unsupported PKI Type for Message Signature" |
|||
return False |
|||
|
|||
pubkey_1.verify_init() |
|||
pubkey_1.verify_update(s) |
|||
if pubkey_1.verify_final(sig) != 1: |
|||
print "ERROR: Invalid Signature for Payment Request Data" |
|||
return False |
|||
|
|||
### SIG Verified |
|||
|
|||
self.payment_details = pay_det = paymentrequest_pb2.PaymentDetails() |
|||
pay_det.ParseFromString(paymntreq.serialized_payment_details) |
|||
|
|||
if pay_det.expires and pay_det.expires < int(time.time()): |
|||
print "ERROR: Payment Request has Expired." |
|||
return False |
|||
|
|||
self.outputs = [] |
|||
for o in pay_det.outputs: |
|||
addr = transaction.get_address_from_output_script(o.script)[1] |
|||
self.outputs.append( (addr, o.amount) ) |
|||
|
|||
if CA_match: |
|||
print 'Signed By Trusted CA: ', CA_OU |
|||
|
|||
return True |
|||
|
|||
|
|||
|
|||
def send_ack(self, raw_tx, refund_addr): |
|||
|
|||
pay_det = self.payment_details |
|||
if pay_det.payment_url: |
|||
paymnt = paymentrequest_pb2.Payment() |
|||
|
|||
paymnt.merchant_data = pay_det.merchant_data |
|||
paymnt.transactions.append(raw_tx) |
|||
|
|||
ref_out = paymnt.refund_to.add() |
|||
ref_out.script = transaction.Transaction.pay_script(refund_addr) |
|||
paymnt.memo = "Paid using Electrum" |
|||
pm = paymnt.SerializeToString() |
|||
|
|||
payurl = urlparse.urlparse(pay_det.payment_url) |
|||
try: |
|||
r = requests.post(payurl.geturl(), data=pm, headers=ACK_HEADERS, verify=self.ca_path) |
|||
except requests.exceptions.SSLError: |
|||
print "Payment Message/PaymentACK verify Failed" |
|||
try: |
|||
r = requests.post(payurl.geturl(), data=pm, headers=ACK_HEADERS, verify=False) |
|||
except Exception as e: |
|||
print "Payment Message/PaymentACK Failed" |
|||
print e |
|||
return |
|||
try: |
|||
paymntack = paymentrequest_pb2.PaymentACK() |
|||
paymntack.ParseFromString(r.content) |
|||
print "PaymentACK message received: %s" % paymntack.memo |
|||
except Exception: |
|||
print "PaymentACK could not be processed. Payment was sent; please manually verify that payment was received." |
|||
|
|||
|
|||
uri = "bitcoin:mpu3yTLdqA1BgGtFUwkVJmhnU3q5afaFkf?r=https%3A%2F%2Fbitcoincore.org%2F%7Egavin%2Ff.php%3Fh%3D26c19879d44c3891214e7897797b9160&amount=1" |
|||
url = "https%3A%2F%2Fbitcoincore.org%2F%7Egavin%2Ff.php%3Fh%3D26c19879d44c3891214e7897797b9160" |
|||
|
|||
#uri = "bitcoin:1m9Lw2pFCe6Hs7xUuo9fMJCzEwQNdCo5e?amount=0.0012&r=https%3A%2F%2Fbitpay.com%2Fi%2F8XNDiQU92H2whNG4j8hZ5M" |
|||
#url = "https%3A%2F%2Fbitpay.com%2Fi%2F8XNDiQU92H2whNG4j8hZ5M" |
|||
|
|||
|
|||
if __name__ == "__main__": |
|||
|
|||
pr = PaymentRequest() |
|||
if not pr.verify(url): |
|||
sys.exit(1) |
|||
|
|||
print 'Payment Request Verified Domain: ', pr.domain |
|||
print 'outputs', pr.outputs |
|||
print 'Payment Memo: ', pr.payment_details.memo |
|||
|
|||
tx = "blah" |
|||
pr.send_ack(tx, "1vXAXUnGitimzinpXrqDWVU4tyAAQ34RA") |
|||
|
|||
Loading…
Reference in new issue