diff options
author | Florian Dold <florian.dold@gmail.com> | 2020-03-13 19:04:16 +0530 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2020-03-13 19:04:16 +0530 |
commit | 1744b1a80063397105081a4d5aeec76936781345 (patch) | |
tree | 53399350dba33fd6e7c916b3c177e36ff7e283f9 /src/operations/recoup.ts | |
parent | 51eef5419a37187f437115316a00ceec91e4addb (diff) | |
download | wallet-core-1744b1a80063397105081a4d5aeec76936781345.tar.xz |
signature verification for recoup
Diffstat (limited to 'src/operations/recoup.ts')
-rw-r--r-- | src/operations/recoup.ts | 42 |
1 files changed, 41 insertions, 1 deletions
diff --git a/src/operations/recoup.ts b/src/operations/recoup.ts index 29753ce28..163f77591 100644 --- a/src/operations/recoup.ts +++ b/src/operations/recoup.ts @@ -142,7 +142,26 @@ async function recoupWithdrawCoin( throw Error(`Coin's reserve doesn't match reserve on recoup`); } - // FIXME: verify signature + const exchange = await ws.db.get(Stores.exchanges, coin.exchangeBaseUrl); + if (!exchange) { + // FIXME: report inconsistency? + return; + } + const exchangeDetails = exchange.details; + if (!exchangeDetails) { + // FIXME: report inconsistency? + return; + } + + const isValid = ws.cryptoApi.isValidRecoupConfirmation( + coin.coinPub, + recoupConfirmation, + exchangeDetails.signingKeys, + ); + + if (!isValid) { + throw Error("invalid recoup confirmation signature"); + } // FIXME: verify that our expectations about the amount match @@ -207,6 +226,27 @@ async function recoupRefreshCoin( throw Error(`Coin's oldCoinPub doesn't match reserve on recoup`); } + const exchange = await ws.db.get(Stores.exchanges, coin.exchangeBaseUrl); + if (!exchange) { + // FIXME: report inconsistency? + return; + } + const exchangeDetails = exchange.details; + if (!exchangeDetails) { + // FIXME: report inconsistency? + return; + } + + const isValid = ws.cryptoApi.isValidRecoupConfirmation( + coin.coinPub, + recoupConfirmation, + exchangeDetails.signingKeys, + ); + + if (!isValid) { + throw Error("invalid recoup confirmation signature"); + } + const refreshGroupId = await ws.db.runWithWriteTransaction( [Stores.coins, Stores.reserves], async tx => { |