bitcore-wallet-service/lib/client/verifier.js

var $ = require('preconditions').singleton();
var _ = require('lodash');
var log = require('npmlog');

var Bitcore = require('bitcore');
var WalletUtils = require('../walletutils')

/* 
 * Checks data given by the server
 */

function Verifier(opts) {};

Verifier.checkAddress = function(data, address) {
  var local = WalletUtils.deriveAddress(data.publicKeyRing, address.path, data.m, data.network);
  return (local.address == address.address && JSON.stringify(local.publicKeys) == JSON.stringify(address.publicKeys));
};

Verifier.checkCopayers = function(copayers, walletPrivKey, myXPrivKey, n) {
  $.checkArgument(walletPrivKey);
  var walletPubKey = Bitcore.PrivateKey.fromString(walletPrivKey).toPublicKey().toString();

  if (copayers.length != n) {
    log.error('Missing public keys in server response');
    return false;
  }

  // Repeated xpub kes?
  var uniq = [];
  var error;
  _.each(copayers, function(copayer) {
    if (uniq[copayers.xPubKey]++) {
      log.error('Repeated public keys in server response');
      error = true;
    }

    // Not signed pub keys
    if (!copayer.xPubKey || !copayer.xPubKeySignature ||
      !WalletUtils.verifyMessage(copayer.xPubKey, copayer.xPubKeySignature, walletPubKey)) {
      log.error('Invalid signatures in server response');
      error = true;
    }
  });
  if (error)
    return false;

  var myXPubKey = new Bitcore.HDPublicKey(myXPrivKey).toString();
  if (!_.contains(_.pluck(copayers, 'xPubKey'), myXPubKey)) {
    log.error('Server response does not contains our public keys')
    return false;
  }
  return true;
};


Verifier.checkTxProposal = function(data, txp) {
  $.checkArgument(txp.creatorId);

  var creatorXPubKey = _.find(data.publicKeyRing, function(xPubKey) {
    if (WalletUtils.xPubToCopayerId(xPubKey) === txp.creatorId) return true;
  });
  if (!creatorXPubKey) return false;
  var creatorSigningPubKey = (new Bitcore.HDPublicKey(creatorXPubKey)).derive('m/1/0').publicKey.toString();

  var hash = WalletUtils.getProposalHash(txp.toAddress, txp.amount, txp.encryptedMessage || txp.message);
  log.debug('Regenerating & verifying tx proposal hash -> Hash: ', hash, ' Signature: ', txp.proposalSignature);
  if (!WalletUtils.verifyMessage(hash, txp.proposalSignature, creatorSigningPubKey))
    return false;

  return Verifier.checkAddress(data, txp.changeAddress);
};

module.exports = Verifier;