Disable BIP-70 payment server by default

chromatic · patricklodder · patricklodder · commit e024b05b72ab · 2024-02-12T14:12:49.000-05:00
This commit adds a configuration option, `enable-bip70`, to enable this
feature. Only enable this if you know what you're doing.

Please note that BIP-21 payment links continue to work.

Co-authored-by: Old Dip Tracker &lt;patricklodder@users.noreply.github.com&gt;
diff --git a/src/init.cpp b/src/init.cpp
@@ -373,6 +373,7 @@ std::string HelpMessage(HelpMessageMode mode)
     strUsage += HelpMessageOpt("-discover", _("Discover own IP addresses (default: 1 when listening and no -externalip or -proxy)"));
     strUsage += HelpMessageOpt("-dns", _("Allow DNS lookups for -addnode, -seednode and -connect") + " " + strprintf(_("(default: %u)"), DEFAULT_NAME_LOOKUP));
     strUsage += HelpMessageOpt("-dnsseed", _("Query for peer addresses via DNS lookup, if low on addresses (default: 1 unless -connect/-noconnect)"));
+    strUsage += HelpMessageOpt("-enable-bip70", _("Enable BIP-70 PaymentServer (default: 0)"));
     strUsage += HelpMessageOpt("-externalip=<ip>", _("Specify your own public address"));
     strUsage += HelpMessageOpt("-forcednsseed", strprintf(_("Always query for peer addresses via DNS lookup (default: %u)"), DEFAULT_FORCEDNSSEED));
     strUsage += HelpMessageOpt("-listen", _("Accept connections from outside (default: 1 if no -proxy or -connect/-noconnect)"));
diff --git a/src/qt/bitcoin.cpp b/src/qt/bitcoin.cpp
@@ -368,7 +368,7 @@ BitcoinApplication::~BitcoinApplication()
 #ifdef ENABLE_WALLET
 void BitcoinApplication::createPaymentServer()
 {
-    paymentServer = new PaymentServer(this);
+    paymentServer = new PaymentServer(this, true, GetBoolArg("-enable-bip70", false));
 }
 #endif
 
@@ -466,10 +466,6 @@ void BitcoinApplication::initializeResult(int retval)
     {
         // Log this only after AppInit2 finishes, as then logging setup is guaranteed complete
         qWarning() << "Platform customization:" << platformStyle->getName();
-#ifdef ENABLE_WALLET
-        PaymentServer::LoadRootCAs();
-        paymentServer->setOptionsModel(optionsModel);
-#endif
 
         clientModel = new ClientModel(optionsModel);
         window->setClientModel(clientModel);
@@ -481,9 +477,6 @@ void BitcoinApplication::initializeResult(int retval)
 
             window->addWallet(BitcoinGUI::DEFAULT_WALLET, walletModel);
             window->setCurrentWallet(BitcoinGUI::DEFAULT_WALLET);
-
-            connect(walletModel, SIGNAL(coinsSent(CWallet*,SendCoinsRecipient,QByteArray)),
-                             paymentServer, SLOT(fetchPaymentACK(CWallet*,const SendCoinsRecipient&,QByteArray)));
         }
 #endif
 
@@ -499,10 +492,21 @@ void BitcoinApplication::initializeResult(int retval)
         Q_EMIT splashFinished(window);
 
 #ifdef ENABLE_WALLET
+        paymentServer->setOptionsModel(optionsModel);
+
+        if(GetBoolArg("-enable-bip70", false))
+        {
+            PaymentServer::LoadRootCAs();
+            if(pwalletMain)
+                connect(walletModel, SIGNAL(coinsSent(CWallet*,SendCoinsRecipient,QByteArray)),
+                        paymentServer, SLOT(fetchPaymentACK(CWallet*,const SendCoinsRecipient&,QByteArray)));
+        }
+
         // Now that initialization/startup is done, process any command-line
-        // bitcoin: URIs or payment requests:
+        // payment requests:
         connect(paymentServer, SIGNAL(receivedPaymentRequest(SendCoinsRecipient)),
-                         window, SLOT(handlePaymentRequest(SendCoinsRecipient)));
+                          window, SLOT(handlePaymentRequest(SendCoinsRecipient)));
+        // Now that initialization/startup is done, process any command-line bitcoin: URIs
         connect(window, SIGNAL(receivedURI(QString)),
                          paymentServer, SLOT(handleURIOrFile(QString)));
         connect(paymentServer, SIGNAL(message(QString,QString,unsigned int)),
diff --git a/src/qt/paymentserver.cpp b/src/qt/paymentserver.cpp
@@ -298,10 +298,11 @@ bool PaymentServer::ipcSendCommandLine()
     return fResult;
 }
 
-void PaymentServer::initializeServer(QObject* parent, QString ipcServerName, bool startLocalServer) {
+void PaymentServer::initializeServer(QObject* parent, QString ipcServerName, bool startLocalServer, bool enableBip70) {
     // Verify that the version of the library that we linked against is
     // compatible with the version of the headers we compiled against.
     GOOGLE_PROTOBUF_VERIFY_VERSION;
+    this->enableBip70 = enableBip70;
 
     // Install global event filter to catch QFileOpenEvents
     // on Mac: sent when you click bitcoin: links
@@ -332,7 +333,18 @@ PaymentServer::PaymentServer(QObject* parent, bool startLocalServer) :
     netManager(0),
     optionsModel(0)
 {
-    this->initializeServer(parent, ipcServerName(), startLocalServer);
+    this->initializeServer(parent, ipcServerName(), startLocalServer, false);
+}
+
+
+PaymentServer::PaymentServer(QObject* parent, bool startLocalServer, bool enableBip70) :
+    QObject(parent),
+    saveURIs(true),
+    uriServer(0),
+    netManager(0),
+    optionsModel(0)
+{
+    this->initializeServer(parent, ipcServerName(), startLocalServer, enableBip70);
 }
 
 
@@ -343,7 +355,18 @@ PaymentServer::PaymentServer(QObject* parent, QString ipcServerName, bool startL
     netManager(0),
     optionsModel(0)
 {
-    this->initializeServer(parent, ipcServerName, startLocalServer);
+    this->initializeServer(parent, ipcServerName, startLocalServer, false);
+}
+
+
+PaymentServer::PaymentServer(QObject* parent, QString ipcServerName, bool startLocalServer, bool enableBip70Flag) :
+    QObject(parent),
+    saveURIs(true),
+    uriServer(0),
+    netManager(0),
+    optionsModel(0)
+{
+    this->initializeServer(parent, ipcServerName, startLocalServer, enableBip70Flag);
 }
 
 PaymentServer::~PaymentServer()
@@ -427,6 +450,15 @@ void PaymentServer::handleURIOrFile(const QString& s)
 #endif
         if (uri.hasQueryItem("r")) // payment request URI
         {
+            if (!enableBip70) {
+              qDebug() << "PaymentServer::handleURIOrFile: 'r' item supplied but BIP70 disabled.";
+              Q_EMIT message(tr("URI handling"), tr(
+                      "BIP70 payment requests are deprecated and disabled by default."
+                      "Restart with -enable-bip70 if you absolutely have to use this functionality.\n\n"
+                      "Use this functionality with extreme caution."),
+                  CClientUIInterface::MSG_ERROR);
+              return;
+            }
             QByteArray temp;
             temp.append(uri.queryItemValue("r"));
             QString decoded = QUrl::fromPercentEncoding(temp);
@@ -469,7 +501,17 @@ void PaymentServer::handleURIOrFile(const QString& s)
         }
     }
 
-    if (QFile::exists(s)) // payment request file
+    // payment request file
+    if (!enableBip70) {
+        Q_EMIT message(tr("Payment request file handling"), tr(
+                "Payment request file handling is disabled by default."
+                "Restart with -enable-bip70 if you absolutely have to use this functionality.\n\n"
+                "Use this functionality with extreme caution."),
+            CClientUIInterface::MSG_ERROR);
+        return;
+    }
+
+    if (QFile::exists(s))
     {
         PaymentRequestPlus request;
         SendCoinsRecipient recipient;
diff --git a/src/qt/paymentserver.h b/src/qt/paymentserver.h
@@ -73,7 +73,9 @@ class PaymentServer : public QObject
 
     // parent should be QApplication object
     PaymentServer(QObject* parent, bool startLocalServer = true);
+    PaymentServer(QObject* parent, bool startLocalServer = true, bool enableBip70Flag = false);
     PaymentServer(QObject* parent, QString ipcServerName, bool startLocalServer = true);
+    PaymentServer(QObject* parent, QString ipcServerName, bool startLocalServer = true, bool enableBip70Flag = false);
     ~PaymentServer();
 
     // Load root certificate authorities. Pass NULL (default)
@@ -140,7 +142,8 @@ private Q_SLOTS:
 
     bool saveURIs;                      // true during startup
 
-    void initializeServer(QObject* parent, QString ipcServerName, bool startLocalServer);
+    void initializeServer(QObject* parent, QString ipcServerName, bool startLocalServer, bool enableBip70Flag);
+    bool enableBip70;                   // false by default
     QLocalServer* uriServer;
 
     QNetworkAccessManager* netManager;  // Used to fetch payment requests
diff --git a/src/qt/test/paymentservertests.cpp b/src/qt/test/paymentservertests.cpp
@@ -67,7 +67,7 @@ void PaymentServerTests::paymentServerTests()
 {
     SelectParams(CBaseChainParams::MAIN);
     OptionsModel optionsModel;
-    PaymentServer* server = new PaymentServer(NULL, QString("testIPCServer"), false);
+    PaymentServer* server = new PaymentServer(NULL, QString("testIPCServer"), false, true);
     X509_STORE* caStore = X509_STORE_new();
     X509_STORE_add_cert(caStore, parse_b64der_cert(caCert1_BASE64));
     PaymentServer::LoadRootCAs(caStore);

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ void PaymentServerTests::paymentServerTests()`
`67`	`67`	`{`
`68`	`68`	`SelectParams(CBaseChainParams::MAIN);`
`69`	`69`	`OptionsModel optionsModel;`
`70`		`- PaymentServer* server = new PaymentServer(NULL, QString("testIPCServer"), false);`
	`70`	`+ PaymentServer* server = new PaymentServer(NULL, QString("testIPCServer"), false, true);`
`71`	`71`	`X509_STORE* caStore = X509_STORE_new();`
`72`	`72`	`X509_STORE_add_cert(caStore, parse_b64der_cert(caCert1_BASE64));`
`73`	`73`	`PaymentServer::LoadRootCAs(caStore);`