bool STTx::checkSign () const
{
if (boost::indeterminate (sig_state_))
{
try
{
ECDSA const fullyCanonical = (getFlags() & tfFullyCanonicalSig)
? ECDSA::strict
: ECDSA::not_strict;
RippleAddress n;
n.setAccountPublic (getFieldVL (sfSigningPubKey));
sig_state_ = n.accountPublicVerify (getSigningData (*this),
getFieldVL (sfTxnSignature), fullyCanonical);
}
catch (...)
{
sig_state_ = false;
}
}
assert (!boost::indeterminate (sig_state_));
return static_cast<bool> (sig_state_);
}
bool
STTx::checkSingleSign () const
{
// We don't allow both a non-empty sfSigningPubKey and an sfSigners.
// That would allow the transaction to be signed two ways. So if both
// fields are present the signature is invalid.
if (isFieldPresent (sfSigners))
return false;
bool ret = false;
try
{
ECDSA const fullyCanonical = (getFlags() & tfFullyCanonicalSig)
? ECDSA::strict
: ECDSA::not_strict;
RippleAddress n;
n.setAccountPublic (getFieldVL (sfSigningPubKey));
ret = n.accountPublicVerify (getSigningData (*this),
getFieldVL (sfTxnSignature), fullyCanonical);
}
catch (...)
{
// Assume it was a signature failure.
ret = false;
}
return ret;
}
bool SerializedValidation::isValid(const uint256& signingHash) const
{
try
{
RippleAddress raPublicKey = RippleAddress::createNodePublic(getFieldVL(sfSigningPubKey));
return raPublicKey.isValid() && raPublicKey.verifyNodePublic(signingHash, getFieldVL(sfSignature));
}
catch (...)
{
Log(lsINFO) << "exception validating validation";
return false;
}
}
std::pair<bool, std::string> STTx::checkSign(bool allowMultiSign) const
{
std::pair<bool, std::string> ret {false, ""};
try
{
if (allowMultiSign)
{
// Determine whether we're single- or multi-signing by looking
// at the SigningPubKey. It it's empty we must be
// multi-signing. Otherwise we're single-signing.
Blob const& signingPubKey = getFieldVL (sfSigningPubKey);
ret = signingPubKey.empty () ?
checkMultiSign () : checkSingleSign ();
}
else
{
ret = checkSingleSign ();
}
}
catch (std::exception const&)
{
ret = {false, "Internal signature check failure."};
}
return ret;
}
bool SerializedValidation::isValid (uint256 const& signingHash) const
{
try
{
const ECDSA fullyCanonical = getFlags () & vfFullyCanonicalSig ?
ECDSA::strict : ECDSA::not_strict;
RippleAddress raPublicKey = RippleAddress::createNodePublic (getFieldVL (sfSigningPubKey));
return raPublicKey.isValid () &&
raPublicKey.verifyNodePublic (signingHash, getFieldVL (sfSignature), fullyCanonical);
}
catch (...)
{
WriteLog (lsINFO, Ledger) << "exception validating validation";
return false;
}
}
Blob STTx::getSignature () const
{
try
{
return getFieldVL (sfTxnSignature);
}
catch (std::exception const&)
{
return Blob ();
}
}
SerializedValidation::SerializedValidation(SerializerIterator& sit, bool checkSignature)
: STObject(sValidationFormat, sit, sfValidation), mTrusted(false)
{
mNodeID = RippleAddress::createNodePublic(getFieldVL(sfSigningPubKey)).getNodeID();
assert(mNodeID.isNonZero());
if (checkSignature && !isValid())
{
Log(lsTRACE) << "Invalid validation " << getJson(0);
throw std::runtime_error("Invalid validation");
}
}
Blob STTx::getSignature () const
{
try
{
return getFieldVL (sfTxnSignature);
}
catch (...)
{
return Blob ();
}
}
STValidation::STValidation (SerialIter& sit, bool checkSignature)
: STObject (getFormat (), sit, sfValidation)
{
mNodeID = calcNodeID(
PublicKey(makeSlice (getFieldVL (sfSigningPubKey))));
assert (mNodeID.isNonZero ());
if (checkSignature && !isValid ())
{
JLOG (debugLog().error())
<< "Invalid validation" << getJson (0);
Throw<std::runtime_error> ("Invalid validation");
}
}
std::pair<bool, std::string> STTx::checkSingleSign () const
{
// We don't allow both a non-empty sfSigningPubKey and an sfSigners.
// That would allow the transaction to be signed two ways. So if both
// fields are present the signature is invalid.
if (isFieldPresent (sfSigners))
return {false, "Cannot both single- and multi-sign."};
bool validSig = false;
try
{
bool const fullyCanonical = (getFlags() & tfFullyCanonicalSig);
auto const spk = getFieldVL (sfSigningPubKey);
if (publicKeyType (makeSlice(spk)))
{
Blob const signature = getFieldVL (sfTxnSignature);
Blob const data = getSigningData (*this);
validSig = verify (
PublicKey (makeSlice(spk)),
makeSlice(data),
makeSlice(signature),
fullyCanonical);
}
}
catch (std::exception const&)
{
// Assume it was a signature failure.
validSig = false;
}
if (validSig == false)
return {false, "Invalid signature."};
return {true, ""};
}
bool STValidation::isValid (uint256 const& signingHash) const
{
try
{
return verifyDigest (getSignerPublic(),
signingHash,
makeSlice(getFieldVL (sfSignature)),
getFlags () & vfFullyCanonicalSig);
}
catch (std::exception const&)
{
JLOG (debugLog().error())
<< "Exception validating validation";
return false;
}
}
bool STTx::checkSign(bool allowMultiSign) const
{
bool sigGood = false;
try
{
if (allowMultiSign)
{
// Determine whether we're single- or multi-signing by looking
// at the SigningPubKey. It it's empty we must be
// multi-signing. Otherwise we're single-signing.
Blob const& signingPubKey = getFieldVL (sfSigningPubKey);
sigGood = signingPubKey.empty () ?
checkMultiSign () : checkSingleSign ();
}
else
{
sigGood = checkSingleSign ();
}
}
catch (...)
{
}
return sigGood;
}
Blob STValidation::getSignature () const
{
return getFieldVL (sfSignature);
}
PublicKey STValidation::getSignerPublic () const
{
return PublicKey(makeSlice (getFieldVL (sfSigningPubKey)));
}
std::vector<unsigned char> SerializedValidation::getSignature() const
{
return getFieldVL(sfSignature);
}
RippleAddress SerializedValidation::getSignerPublic() const
{
RippleAddress a;
a.setNodePublic(getFieldVL(sfSigningPubKey));
return a;
}
