diff options
author | Philip Kaufmann <phil.kaufmann@t-online.de> | 2015-01-08 14:42:04 +0100 |
---|---|---|
committer | Philip Kaufmann <phil.kaufmann@t-online.de> | 2015-01-15 09:08:22 +0100 |
commit | 6715efb9ca5cabeb07ae4ba8390a6e1b7638f66c (patch) | |
tree | a6a984a35af1053209e0cd884ee90eff1d87797a /src/qt/test/paymentservertests.cpp | |
parent | e0cd2f55233d10476b75ac75df95a079735921ec (diff) |
[Qt] Payment request expiration bug fix (re-done)
- this is based on #4122 (which can be closed)
Currently a payment request is only checked for expiration upon receipt.
It should be checked again immediately before sending coins to prevent
the user from paying to an expired invoice which would then require a
customer service interaction.
- add static verifyExpired() function to PaymentServer to be able to use
the same validation code in GUI and unit-testing code
- extend unit tests to use that function and also add an unit test which
overflows, because payment requests allow expires as uint64, whereas we
use int64_t for verification of expired payment requests
Diffstat (limited to 'src/qt/test/paymentservertests.cpp')
-rw-r--r-- | src/qt/test/paymentservertests.cpp | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/src/qt/test/paymentservertests.cpp b/src/qt/test/paymentservertests.cpp index e6cdb58ef5..04935192c8 100644 --- a/src/qt/test/paymentservertests.cpp +++ b/src/qt/test/paymentservertests.cpp @@ -143,7 +143,38 @@ void PaymentServerTests::paymentServerTests() QVERIFY(r.paymentRequest.IsInitialized()); QCOMPARE(PaymentServer::verifyNetwork(r.paymentRequest.getDetails()), false); - // Just get some random data big enough to trigger BIP70 DoS protection + // Expired payment request (expires is set to 1 = 1970-01-01 00:00:01): + data = DecodeBase64(paymentrequest2_cert2_BASE64); + byteArray = QByteArray((const char*)&data[0], data.size()); + r.paymentRequest.parse(byteArray); + // Ensure the request is initialized + QVERIFY(r.paymentRequest.IsInitialized()); + // compares 1 < GetTime() == false (treated as expired payment request) + QCOMPARE(PaymentServer::verifyExpired(r.paymentRequest.getDetails()), true); + + // Unexpired payment request (expires is set to 0x7FFFFFFFFFFFFFFF = max. int64_t): + // 9223372036854775807 (uint64), 9223372036854775807 (int64_t) and -1 (int32_t) + // -1 is 1969-12-31 23:59:59 (for a 32 bit time values) + data = DecodeBase64(paymentrequest3_cert2_BASE64); + byteArray = QByteArray((const char*)&data[0], data.size()); + r.paymentRequest.parse(byteArray); + // Ensure the request is initialized + QVERIFY(r.paymentRequest.IsInitialized()); + // compares 9223372036854775807 < GetTime() == false (treated as unexpired payment request) + QCOMPARE(PaymentServer::verifyExpired(r.paymentRequest.getDetails()), false); + + // Unexpired payment request (expires is set to 0x8000000000000000 > max. int64_t, allowed uint64): + // 9223372036854775808 (uint64), -9223372036854775808 (int64_t) and 0 (int32_t) + // 0 is 1970-01-01 00:00:00 (for a 32 bit time values) + data = DecodeBase64(paymentrequest4_cert2_BASE64); + byteArray = QByteArray((const char*)&data[0], data.size()); + r.paymentRequest.parse(byteArray); + // Ensure the request is initialized + QVERIFY(r.paymentRequest.IsInitialized()); + // compares -9223372036854775808 < GetTime() == true (treated as expired payment request) + QCOMPARE(PaymentServer::verifyExpired(r.paymentRequest.getDetails()), true); + + // Test BIP70 DoS protection: unsigned char randData[BIP70_MAX_PAYMENTREQUEST_SIZE + 1]; GetRandBytes(randData, sizeof(randData)); // Write data to a temp file: @@ -151,7 +182,6 @@ void PaymentServerTests::paymentServerTests() tempFile.open(); tempFile.write((const char*)randData, sizeof(randData)); tempFile.close(); - // Trigger BIP70 DoS protection QCOMPARE(PaymentServer::readPaymentRequestFromFile(tempFile.fileName(), r.paymentRequest), false); delete server; |