start un-hardcoding certificates, etc

gavinandresen · gavinandresen · commit 4b96b607309f · 2012-12-11T11:09:07.000-05:00
diff --git a/Makefile b/Makefile
@@ -10,7 +10,7 @@ CXXFLAGS = -g $(PLATFORM_CXXFLAGS)
 LDFLAGS = $(PLATFORM_LDFLAGS)
 
 PBFILES = paymentrequest.pb.h paymentrequest.pb.cc
-TARGETS = paymentrequest-create paymentrequest-verify
+TARGETS = paymentrequest-create paymentrequest-dump
 LIBS = -lssl -lcrypto -lprotobuf
 
 all: $(TARGETS) ca_in_a_box/certs/demomerchant.pem
@@ -25,9 +25,9 @@ CREATEOBJS = obj/util.o obj/paymentrequest-create.o obj/paymentrequest.pb.o
 paymentrequest-create: $(PBFILES) $(CREATEOBJS)
 	$(CXX) $(CXXFLAGS) -o $@ $(CREATEOBJS) $(LDFLAGS) $(LIBS)
 
-VERIFYOBJS = obj/util.o obj/paymentrequest-verify.o obj/paymentrequest.pb.o
-paymentrequest-verify: $(PBFILES) $(VERIFYOBJS)
-	$(CXX) $(CXXFLAGS) -o $@ $(VERIFYOBJS) $(LDFLAGS) $(LIBS)
+DUMPOBJS = obj/util.o obj/paymentrequest-dump.o obj/paymentrequest.pb.o
+paymentrequest-dump: $(PBFILES) $(DUMPOBJS)
+	$(CXX) $(CXXFLAGS) -o $@ $(DUMPOBJS) $(LDFLAGS) $(LIBS)
 
 ca_in_a_box/certs/demomerchant.pem:
 	pushd ca_in_a_box && ./create_ca.sh && popd
diff --git a/README.txt b/README.txt
@@ -3,8 +3,13 @@ Code implementing a simple payment protocol for Bitcoin (PaymentRequest/etc).
 See https://gist.github.com/4120476
 
 Dependencies:
-  OpenSSL
-  Google Protocol Buffers
+  OpenSSL (library and openssl command-line tool)
+  Google Protocol Buffers (library and protoc command-line compiler)
+
+Debian/Ubuntu:
+  apt-get install openssl protobuf
+OSX MacPorts:
+  port install openssl protobuf
 
 To compile:
   make
@@ -15,3 +20,6 @@ compile command-line tools:
 paymentrequest-create  # Prototype code: create a SignedPaymentRequest message
 paymentrequest-verify  # Prototype code: verify a SignedPaymentRequest message
 
+
+Example usage:
+  paymentrequest-create memo="Just Testing" amount=11.0 | paymentrequest-dump
diff --git a/paymentrequest-create.cpp b/paymentrequest-create.cpp
@@ -150,10 +150,13 @@ int main(int argc, char **argv) {
     // We got here, so the signature is self-consistent.
     signedPaymentRequest.set_signature(signature, actual_signature_len);
 
-    std::fstream outfile("demo.bitcoin-paymentrequest", std::ios::out | std::ios::trunc | std::ios::binary);
-    assert(signedPaymentRequest.SerializeToOstream(&outfile));
-    printf("File written successfully, see demo.bitcoin-paymentrequest\n");
-    printf("You can check it by running paymentrequest-verify\n");
+    if (params.count("out")) {
+        std::fstream outfile(params["out"].c_str(), std::ios::out | std::ios::trunc | std::ios::binary);
+        assert(signedPaymentRequest.SerializeToOstream(&outfile));
+    }
+    else {
+        assert(signedPaymentRequest.SerializeToOstream(&std::cout));
+    }
 
     delete[] signature;
 
diff --git a/paymentrequest-dump.cpp b/paymentrequest-dump.cpp
@@ -17,6 +17,7 @@
 #include "util.h"
 
 using std::string;
+using std::map;
 
 // Take binary DER data and return an X509 object suitable for verification or use.
 X509 *parse_der_cert(string cert_data) {
@@ -27,6 +28,18 @@ X509 *parse_der_cert(string cert_data) {
 }
 
 int main(int argc, char **argv) {
+    std::list<string> expected = split("rootcertificates,in", ",");
+
+    map<string,string> params;
+    if (!parse_command_line(argc, argv, expected, params)) {
+        usage(expected);
+        exit(1);
+    }
+    if (params["rootcertificates"].empty()) {
+        // Use the certificate-authority-in-a-box root cert by default:
+        params["rootcertificates"] = string("ca_in_a_box/certs/cacert.pem");
+    }
+
     SSL_library_init();
     ERR_load_BIO_strings();
     SSL_load_error_strings();
@@ -43,17 +56,13 @@ int main(int argc, char **argv) {
     // how to do it, it doesn't actually look anything up despite the name.
     X509_LOOKUP *lookup = X509_STORE_add_lookup(cert_store, X509_LOOKUP_file());
 
-    // Use the certificate-authority-in-a-box root cert:
-    assert(X509_LOOKUP_load_file(lookup, "ca_in_a_box/certs/cacert.pem", X509_FILETYPE_PEM));
-
-    // Load all the root authority certificates. This file was retrieved from
-    // http://www.startssl.com/certs/ca-bundle.pem on Nov 18th 2012.
-    // assert(X509_LOOKUP_load_file(lookup, "ca-bundle-startcom.pem", X509_FILETYPE_PEM));
+    assert(X509_LOOKUP_load_file(lookup, params["rootcertificates"].c_str(), X509_FILETYPE_PEM));
 
-    // Load the paymentrequest file.
-    std::ifstream infile("demo.bitcoin-paymentrequest", std::ios::in | std::ios::binary);
+    // Load the paymentrequest file from stdin
     SignedPaymentRequest signedPaymentRequest;
-    assert(signedPaymentRequest.ParseFromIstream(&infile));
+    if (!signedPaymentRequest.ParseFromIstream(&std::cin)) {
+        exit(1);
+    }
 
     // Dump in raw text format, obviously this is mostly useless as bulk of
     // the data is binary.
@@ -105,19 +114,28 @@ int main(int argc, char **argv) {
     EVP_MD_CTX ctx;
     EVP_PKEY *pubkey = X509_get_pubkey(signing_cert);
     EVP_MD_CTX_init(&ctx);
-    assert(EVP_VerifyInit_ex(&ctx, EVP_sha256(), NULL));
-    assert(EVP_VerifyUpdate(&ctx, data_to_verify.data(), data_to_verify.size()));
-    assert(EVP_VerifyFinal(&ctx, (const unsigned char*)signature.data(), signature.size(), pubkey));
+    if (!EVP_VerifyInit_ex(&ctx, EVP_sha256(), NULL) ||
+        !EVP_VerifyUpdate(&ctx, data_to_verify.data(), data_to_verify.size()) ||
+        !EVP_VerifyFinal(&ctx, (const unsigned char*)signature.data(), signature.size(), pubkey)) {
+
+        printf("Bad signature, invalid SignedPaymentRequest.\n");
+    }
+    else {
+        // OpenSSL API for getting human printable strings from certs is baroque.
+        int textlen = X509_NAME_get_text_by_NID(certname, NID_commonName, NULL, 0);
+        char *website = new char[textlen + 1];
+        if (X509_NAME_get_text_by_NID(certname, NID_commonName, website, textlen + 1) == textlen && textlen > 0) {
+            printf("SignedPaymentRequest is valid! Signed by %s\n", website);
+        }
+        else {
+            printf("Bad certificate, missing common name\n");
+        }
+        delete[] website;
+    }
 
-    // OpenSSL API for getting human printable strings from certs is baroque.
-    int textlen = X509_NAME_get_text_by_NID(certname, NID_commonName, NULL, 0);
-    char *website = new char[textlen + 1];
-    assert(X509_NAME_get_text_by_NID(certname, NID_commonName, website, textlen + 1) == textlen);
-    printf("Paymentrequest is valid! Signed by %s\n", website);
-    printf("Memo: %s\n", paymentRequest.memo().c_str());
+    printf("PaymentRequest data:\n%s\n", paymentRequest.DebugString().c_str());
 
     // Avoid reported memory leaks.
-    delete website;
     X509_STORE_CTX_free(store_ctx);
     for (int i = 0; i < certs.size(); i++)
         X509_free(certs[i]);
