gui: When BIP70 is disabled, get PaymentRequest merchant using string search #16852
Conversation
|
Concept ACK Are there other places where the vendor name is used? For ex. the transaction list? |
ed4e841 to
fc295e4
Compare
AFAIK, no. @luke-jr might know as he was the one that pointed this out to me. |
I checked: you're right, the only place outside of paymentrequestplus / paymentserver and the tests where the |
|
Concept ACK |
|
Now, we need to find someone that has actual paid payment requests in their wallet to test this 😄 |
|
Concept ACK |
|
I think for testing, a simple option is @gavinandresen php script: https://github.com/gavinandresen/paymentrequest |
|
For testing, I made an account on https://test.bitpay.com/ and created testnet payment requests there. It says you have to "verify" your account before you can make any payment requests, but for the testing site, you can enter pretty much anything and it will be accepted (except for the email, you have to use a valid email and verify it). Or you can try it out on mainnet using https://bitpay.com/demos. With the mainnet payment requests, you can also modify the request to be for testnet (and thus have an invalid signature) and see how the display is different depending on the valid-ness of the request. |
|
Tested fc295e42071a82955c35d90792a9cbd127ca2859 works for me on transactions I made via BIP70 back in 2015.
|
|
Thanks for doing some "real world" testing @harding. |
|
Concept ACK. Tested fc295e4 on macOS 10.14 without BIP70 support by looking at some BitPay transactions from late 2018. It shows the merchant with "(Certificate was not verified)" However when I test with BIP70 support it doesn't show the merchant. That doesn't work on master either. A test case for |
Presumably the certificate is no longer valid. I believe they have a new certificate since earlier this year, so the old one expired and thus the merchant name isn't being shown now. |
src/qt/transactiondesc.cpp
Outdated
There was a problem hiding this comment.
This will change Message,Message,Merchant,Merchant into Message,Merchant,Message,Merchant.
Is that intentional? Probably should be in a separate commit...
There was a problem hiding this comment.
Does it really matter that much that the order is changed?
The only reason I changed it is because it looked funny that there were two loops in a row over the same vector.
The merchant name is stored in the X.509 certificate embedded in a PaymentRequest. Use some string searching to locate it so that it can be shown to the user in the transaction details when BIP70 support was not configured. Github-Pull: bitcoin#16852 Rebased-From: fc295e42071a82955c35d90792a9cbd127ca2859
Hehe so this actually tends to work more reliably because it doesn't check the signature. Which is fine as it was (presumably) checked at the time the payment was made, which is what counts. |
|
@achow101 Can you do the small comment correction please ^^ If not, this will be merged nevertheless in the course of today or tomorrow before the 0.19 split-off. It's more desirable to have this with a comment typo than not at all. |
The merchant name is stored in the X.509 certificate embedded in a PaymentRequest. Use some string searching to locate it so that it can be shown to the user in the transaction details when BIP70 support was not configured.
fc295e4 to
85973bc
Compare
|
ACK 85973bc |
…t using string search 85973bc When BIP70 is disabled, get PaymentRequest merchant using string search (Andrew Chow) Pull request description: The merchant name is stored in the X.509 certificate embedded in a PaymentRequest. Use some string searching to locate it so that it can be shown to the user in the transaction details when BIP70 support was not configured. An additional notice is added to the merchant string that indicates the certificate was not verified. When BIP70 is enabled, the certificate would be verified and the merchant name not shown if the certificate was invalid. ACKs for top commit: laanwj: ACK 85973bc Tree-SHA512: 50fdb60d418e2f9eb65a4b52477be16189f00bfc30493adb27d9fb62100fd5bca33b98b8db6caa8485db424838d3b7a1da802c14ff4917943464401f47391616
|
I have a couple of payments to bitpay in my wallet. In Bitcoin Core 0.18.1 the merchant information wasn't displayed at all for either of them. When I viewed the transaction details I would see this in the debug.log: The certificate was valid from 2017-03-23 18:22:00.000 UTC to 2019-04-25 19:11:00.000 UTC, and so could no longer be validated, and as a result Core wasn't showing any "Merchant:" information at all. In Bitcoin Core 0.19 I see: which is infinitely better. |
|
@dooglus Thanks for checking. Yes it was a bug that the certificate-checking for transactions used the current date, instead of the date of the transaction (also, verifying it once at payment would have been good enough, no need to do so every time details are viewed). |
…hant using string search Summary: 85973bcc44f60fe3bbc952557ebf578dd4c475d2 When BIP70 is disabled, get PaymentRequest merchant using string search (Andrew Chow) Pull request description: The merchant name is stored in the X.509 certificate embedded in a PaymentRequest. Use some string searching to locate it so that it can be shown to the user in the transaction details when BIP70 support was not configured. An additional notice is added to the merchant string that indicates the certificate was not verified. When BIP70 is enabled, the certificate would be verified and the merchant name not shown if the certificate was invalid. --- Backport of Core [[bitcoin/bitcoin#16852 | PR16852]] Test Plan: cmake -GNinja -DENABLE_BIP70=ON|OFF ninja all check Reviewers: #bitcoin_abc, PiRK Reviewed By: #bitcoin_abc, PiRK Differential Revision: https://reviews.bitcoinabc.org/D8751
The merchant name is stored in the X.509 certificate embedded in a PaymentRequest. Use some string searching to locate it so that it can be shown to the user in the transaction details when BIP70 support was not configured.
An additional notice is added to the merchant string that indicates the certificate was not verified. When BIP70 is enabled, the certificate would be verified and the merchant name not shown if the certificate was invalid.