gui: When BIP70 is disabled, get PaymentRequest merchant using string search #16852

pull achow101 wants to merge 1 commits into bitcoin:master from achow101:bip70-merchant-decode changing 1 files +48 −10
  1. achow101 commented at 7:41 am on September 11, 2019: member

    The merchant name is stored in the X.509 certificate embedded in a PaymentRequest. Use some string searching to locate it so that it can be shown to the user in the transaction details when BIP70 support was not configured.

    An additional notice is added to the merchant string that indicates the certificate was not verified. When BIP70 is enabled, the certificate would be verified and the merchant name not shown if the certificate was invalid.

  2. in src/qt/transactiondesc.cpp:277 in ed4e84135d outdated 
    273             QString merchant;
274             if (req.getMerchant(PaymentServer::getCertStore(), merchant))
275                 strHTML += "<b>" + tr("Merchant") + ":</b> " + GUIUtil::HtmlEscape(merchant) + "<br>";
276+#else
277+            // Search for the supported pki type strings
278+            std::string pr = r.second;
    laanwj commented at 7:43 am on September 11, 2019:
    Please, factor this out to a function at least :smile:
    achow101 commented at 7:57 am on September 11, 2019:
    Put it into a function and cleaned up this for loop and if block a bit.
    laanwj commented at 9:17 am on September 11, 2019:
    thanks !
  3. laanwj commented at 7:43 am on September 11, 2019: member

    Concept ACK

    Are there other places where the vendor name is used? For ex. the transaction list?

  4. fanquake added the label GUI on Sep 11, 2019
  5. achow101 force-pushed on Sep 11, 2019
  6. achow101 commented at 7:58 am on September 11, 2019: member

    Are there other places where the vendor name is used? For ex. the transaction list?

    AFAIK, no. @luke-jr might know as he was the one that pointed this out to me.

  7. laanwj commented at 11:01 am on September 11, 2019: member

    AFAIK, no. luke-jr might know as he was the one that pointed this out to me.

    I checked: you’re right, the only place outside of paymentrequestplus / paymentserver and the tests where the getMerchant method is used is here.

  8. luke-jr commented at 3:00 pm on September 11, 2019: member
    Concept ACK
  9. laanwj commented at 6:56 am on September 12, 2019: member
    Now, we need to find someone that has actual paid payment requests in their wallet to test this :smile:
  10. jonasschnelli commented at 12:44 pm on September 12, 2019: contributor
    Concept ACK
  11. jonasschnelli commented at 12:45 pm on September 12, 2019: contributor
    I think for testing, a simple option is @gavinandresen php script: https://github.com/gavinandresen/paymentrequest
  12. achow101 commented at 3:43 pm on September 12, 2019: member
    For testing, I made an account on https://test.bitpay.com/ and created testnet payment requests there. It says you have to “verify” your account before you can make any payment requests, but for the testing site, you can enter pretty much anything and it will be accepted (except for the email, you have to use a valid email and verify it). Or you can try it out on mainnet using https://bitpay.com/demos. With the mainnet payment requests, you can also modify the request to be for testnet (and thus have an invalid signature) and see how the display is different depending on the valid-ness of the request.
  13. harding commented at 2:43 am on September 15, 2019: contributor

    Tested fc295e42071a82955c35d90792a9cbd127ca2859 works for me on transactions I made via BIP70 back in 2015.

    2019-09-14-16_39_16_397011134

  14. fanquake added this to the milestone 0.19.0 on Sep 15, 2019
  15. fanquake commented at 10:20 am on September 15, 2019: member
    Thanks for doing some “real world” testing @harding.
  16. Sjors commented at 10:11 am on September 16, 2019: member

    Concept ACK.

    Tested fc295e4 on macOS 10.14 without BIP70 support by looking at some BitPay transactions from late 2018. It shows the merchant with “(Certificate was not verified)”

    However when I test with BIP70 support it doesn’t show the merchant. That doesn’t work on master either.

    A test case for GetPaymentRequestMerchant would be nice.

  17. achow101 commented at 3:57 pm on September 16, 2019: member

    However when I test with BIP70 support it doesn’t show the merchant. That doesn’t work on master either.

    Presumably the certificate is no longer valid. I believe they have a new certificate since earlier this year, so the old one expired and thus the merchant name isn’t being shown now.

  18. in src/qt/transactiondesc.cpp:288 in fc295e4207 outdated 
    284@@ -255,26 +285,34 @@ QString TransactionDesc::toHTML(interfaces::Node& node, interfaces::Wallet& wall
285     strHTML += "<b>" + tr("Output index") + ":</b> " + QString::number(rec->getOutputIndex()) + "<br>";
286 
287     // Message from normal bitcoin:URI (bitcoin:123...?message=example)
288-    for (const std::pair<std::string, std::string>& r : orderForm)
289+    for (const std::pair<std::string, std::string>& r : orderForm) {
    luke-jr commented at 3:20 am on September 21, 2019:

    This will change Message,Message,Merchant,Merchant into Message,Merchant,Message,Merchant.

    Is that intentional? Probably should be in a separate commit…

    achow101 commented at 11:00 am on September 21, 2019:

    Does it really matter that much that the order is changed?

    The only reason I changed it is because it looked funny that there were two loops in a row over the same vector.

  19. luke-jr referenced this in commit c134dbe29b on Sep 21, 2019
  20. fanquake deleted a comment on Sep 21, 2019
  21. laanwj commented at 12:26 pm on September 26, 2019: member

    certificate is no longer valid. I believe they have a new certificate since earlier this year, so the old one expired and thus the merchant name isn’t being shown now.

    Hehe so this actually tends to work more reliably because it doesn’t check the signature. Which is fine as it was (presumably) checked at the time the payment was made, which is what counts.

  22. in src/qt/transactiondesc.cpp:53 in fc295e4207 outdated 
    48@@ -49,6 +49,36 @@ QString TransactionDesc::FormatTxStatus(const interfaces::WalletTx& wtx, const i
49     }
50 }
51 
52+#ifndef ENABLE_BIP70
53+// Takes an encoded PaymentRequst as a string and tries to find the Common Name of the X.509 certificate
    practicalswift commented at 4:34 pm on September 28, 2019:
    Should be PaymentRequest :)
    achow101 commented at 3:32 pm on September 30, 2019:
    Done
  23. laanwj added the label Waiting for author on Sep 30, 2019
  24. laanwj commented at 11:47 am on September 30, 2019: member

    @achow101 Can you do the small comment correction please ^^

    If not, this will be merged nevertheless in the course of today or tomorrow before the 0.19 split-off. It’s more desirable to have this with a comment typo than not at all.

  25. When BIP70 is disabled, get PaymentRequest merchant using string search 
    The merchant name is stored in the X.509 certificate embedded in a
PaymentRequest. Use some string searching to locate it so that it
can be shown to the user in the transaction details when BIP70 support
was not configured.
    85973bcc44
  26. achow101 force-pushed on Sep 30, 2019
  27. fanquake removed the label Waiting for author on Oct 1, 2019
  28. laanwj commented at 9:52 am on October 1, 2019: member
    ACK 85973bcc44f60fe3bbc952557ebf578dd4c475d2
  29. laanwj referenced this in commit cd6e9b33a6 on Oct 1, 2019
  30. laanwj merged this on Oct 1, 2019
  31. laanwj closed this on Oct 1, 2019
  32. dooglus commented at 7:27 pm on November 14, 2019: contributor

    I have a couple of payments to bitpay in my wallet. In Bitcoin Core 0.18.1 the merchant information wasn’t displayed at all for either of them. When I viewed the transaction details I would see this in the debug.log:

    PaymentRequestPlus::getMerchant: Payment request: certificate expired or not yet active

    The certificate was valid from 2017-03-23 18:22:00.000 UTC to 2019-04-25 19:11:00.000 UTC, and so could no longer be validated, and as a result Core wasn’t showing any “Merchant:” information at all.

    In Bitcoin Core 0.19 I see:

    Merchant: bitpay.com (Certificate was not verified)

    which is infinitely better.

  33. laanwj commented at 11:38 am on November 15, 2019: member
    @dooglus Thanks for checking. Yes it was a bug that the certificate-checking for transactions used the current date, instead of the date of the transaction (also, verifying it once at payment would have been good enough, no need to do so every time details are viewed).
  34. Fabcien referenced this in commit 272c12f83d on Dec 24, 2020
  35. Munkybooty referenced this in commit 8f6f7d7000 on Dec 9, 2021
  36. DrahtBot locked this on Dec 16, 2021


achow101 laanwj luke-jr jonasschnelli harding fanquake Sjors practicalswift dooglus

Labels
GUI

Milestone
0.19.0

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-17 15:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me