@ -65,38 +65,44 @@ void PaymentServerTests::paymentServerTests()
OptionsModel optionsModel ;
OptionsModel optionsModel ;
PaymentServer * server = new PaymentServer ( NULL , false ) ;
PaymentServer * server = new PaymentServer ( NULL , false ) ;
X509_STORE * caStore = X509_STORE_new ( ) ;
X509_STORE * caStore = X509_STORE_new ( ) ;
X509_STORE_add_cert ( caStore , parse_b64der_cert ( caCert_BASE64 ) ) ;
X509_STORE_add_cert ( caStore , parse_b64der_cert ( caCert1 _BASE64 ) ) ;
PaymentServer : : LoadRootCAs ( caStore ) ;
PaymentServer : : LoadRootCAs ( caStore ) ;
server - > setOptionsModel ( & optionsModel ) ;
server - > setOptionsModel ( & optionsModel ) ;
server - > uiReady ( ) ;
server - > uiReady ( ) ;
// Now feed PaymentRequests to server, and observe signals it produces:
std : : vector < unsigned char > data ;
std : : vector < unsigned char > data = DecodeBase64 ( paymentrequest1_BASE64 ) ;
SendCoinsRecipient r ;
SendCoinsRecipient r = handleRequest ( server , data ) ;
QString merchant ;
QString merchant ;
// Now feed PaymentRequests to server, and observe signals it produces
// This payment request validates directly against the
// caCert1 certificate authority:
data = DecodeBase64 ( paymentrequest1_cert1_BASE64 ) ;
r = handleRequest ( server , data ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
QCOMPARE ( merchant , QString ( " testmerchant.org " ) ) ;
QCOMPARE ( merchant , QString ( " testmerchant.org " ) ) ;
// Version of the above, with an expired certificate:
// Signed, but expired, merchant cert in the request :
data = DecodeBase64 ( paymentrequest2_BASE64 ) ;
data = DecodeBase64 ( paymentrequest2_cert1_ BASE64 ) ;
r = handleRequest ( server , data ) ;
r = handleRequest ( server , data ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
// Long certificate chain :
// 10-long certificate chain, all intermediates valid :
data = DecodeBase64 ( paymentrequest3_BASE64 ) ;
data = DecodeBase64 ( paymentrequest3_cert1_ BASE64 ) ;
r = handleRequest ( server , data ) ;
r = handleRequest ( server , data ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
QCOMPARE ( merchant , QString ( " testmerchant8.org " ) ) ;
QCOMPARE ( merchant , QString ( " testmerchant8.org " ) ) ;
// Long certificate chain, with an expired certificate in the middle:
// Long certificate chain, with an expired certificate in the middle:
data = DecodeBase64 ( paymentrequest4_BASE64 ) ;
data = DecodeBase64 ( paymentrequest4_cert1_ BASE64 ) ;
r = handleRequest ( server , data ) ;
r = handleRequest ( server , data ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
// Validly signed, but by a CA not in our root CA list:
// Validly signed, but by a CA not in our root CA list:
data = DecodeBase64 ( paymentrequest5_BASE64 ) ;
data = DecodeBase64 ( paymentrequest5_cert1_ BASE64 ) ;
r = handleRequest ( server , data ) ;
r = handleRequest ( server , data ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
@ -104,11 +110,39 @@ void PaymentServerTests::paymentServerTests()
// Try again with no root CA's, verifiedMerchant should be empty:
// Try again with no root CA's, verifiedMerchant should be empty:
caStore = X509_STORE_new ( ) ;
caStore = X509_STORE_new ( ) ;
PaymentServer : : LoadRootCAs ( caStore ) ;
PaymentServer : : LoadRootCAs ( caStore ) ;
data = DecodeBase64 ( paymentrequest1_BASE64 ) ;
data = DecodeBase64 ( paymentrequest1_cert1_ BASE64 ) ;
r = handleRequest ( server , data ) ;
r = handleRequest ( server , data ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
r . paymentRequest . getMerchant ( caStore , merchant ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
QCOMPARE ( merchant , QString ( " " ) ) ;
// Load second root certificate
caStore = X509_STORE_new ( ) ;
X509_STORE_add_cert ( caStore , parse_b64der_cert ( caCert2_BASE64 ) ) ;
PaymentServer : : LoadRootCAs ( caStore ) ;
QByteArray byteArray ;
// For the tests below we just need the payment request data from
// paymentrequestdata.h parsed + stored in r.paymentRequest.
//
// These tests require us to bypass the following normal client execution flow
// shown below to be able to explicitly just trigger a certain condition!
//
// handleRequest()
// -> PaymentServer::eventFilter()
// -> PaymentServer::handleURIOrFile()
// -> PaymentServer::readPaymentRequestFromFile()
// -> PaymentServer::processPaymentRequest()
// Contains a testnet paytoaddress, so payment request network doesn't match client network:
data = DecodeBase64 ( paymentrequest1_cert2_BASE64 ) ;
byteArray = QByteArray ( ( const char * ) & data [ 0 ] , data . size ( ) ) ;
r . paymentRequest . parse ( byteArray ) ;
// Ensure the request is initialized, because network "main" is default, even for
// uninizialized payment requests and that will fail our test here.
QVERIFY ( r . paymentRequest . IsInitialized ( ) ) ;
QCOMPARE ( PaymentServer : : verifyNetwork ( r . paymentRequest . getDetails ( ) ) , false ) ;
// Just get some random data big enough to trigger BIP70 DoS protection
// Just get some random data big enough to trigger BIP70 DoS protection
unsigned char randData [ BIP70_MAX_PAYMENTREQUEST_SIZE + 1 ] ;
unsigned char randData [ BIP70_MAX_PAYMENTREQUEST_SIZE + 1 ] ;
GetRandBytes ( randData , sizeof ( randData ) ) ;
GetRandBytes ( randData , sizeof ( randData ) ) ;