/bitcoin/src/external_signer.cpp

Source
// Copyright (c) 2018-present The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <external_signer.h>

#include <chainparams.h>
#include <common/run_command.h>
#include <core_io.h>
#include <psbt.h>
#include <util/strencodings.h>
#include <util/subprocess.h>

#include <algorithm>
#include <stdexcept>
#include <string>
#include <vector>

ExternalSigner::ExternalSigner(std::vector<std::string> command, std::string chain, std::string fingerprint, std::string name)
    : m_command{std::move(command)}, m_chain{std::move(chain)}, m_fingerprint{std::move(fingerprint)}, m_name{std::move(name)} {}

std::vector<std::string> ExternalSigner::NetworkArg() const
{
    return {"--chain", m_chain};
}

bool ExternalSigner::Enumerate(const std::string& command, std::vector<ExternalSigner>& signers, const std::string& chain)
{
    // Call <command> enumerate
    std::vector<std::string> cmd_args = Cat(subprocess::util::split(command), {"enumerate"});

    const UniValue result = RunCommandParseJSON(cmd_args, "");
    if (!result.isArray()) {
        throw std::runtime_error(strprintf("'%s' received invalid response, expected array of signers", command));
    }
    for (const UniValue& signer : result.getValues()) {
        // Check for error
        const UniValue& error = signer.find_value("error");
        if (!error.isNull()) {
            if (!error.isStr()) {
                throw std::runtime_error(strprintf("'%s' error", command));
            }
            throw std::runtime_error(strprintf("'%s' error: %s", command, error.getValStr()));
        }
        // Check if fingerprint is present
        const UniValue& fingerprint = signer.find_value("fingerprint");
        if (fingerprint.isNull()) {
            throw std::runtime_error(strprintf("'%s' received invalid response, missing signer fingerprint", command));
        }
        const std::string& fingerprintStr{fingerprint.get_str()};
        // Skip duplicate signer
        bool duplicate = false;
        for (const ExternalSigner& signer : signers) {
            if (signer.m_fingerprint.compare(fingerprintStr) == 0) duplicate = true;
        }
        if (duplicate) continue;
        std::string name;
        const UniValue& model_field = signer.find_value("model");
        if (model_field.isStr() && model_field.getValStr() != "") {
            name += model_field.getValStr();
        }
        signers.emplace_back(subprocess::util::split(command), chain, fingerprintStr, name);
    }
    return true;
}

UniValue ExternalSigner::DisplayAddress(const std::string& descriptor) const
{
    return RunCommandParseJSON(Cat(m_command, Cat(Cat({"--fingerprint", m_fingerprint}, NetworkArg()), {"displayaddress", "--desc", descriptor})), "");
}

UniValue ExternalSigner::GetDescriptors(const int account)
{
    return RunCommandParseJSON(Cat(m_command, Cat(Cat({"--fingerprint", m_fingerprint}, NetworkArg()), {"getdescriptors", "--account", strprintf("%d", account)})), "");
}

bool ExternalSigner::SignTransaction(PartiallySignedTransaction& psbtx, std::string& error)
{
    // Serialize the PSBT
    DataStream ssTx{};
    ssTx << psbtx;
    // parse ExternalSigner master fingerprint
    std::vector<unsigned char> parsed_m_fingerprint = ParseHex(m_fingerprint);
    // Check if signer fingerprint matches any input master key fingerprint
    auto matches_signer_fingerprint = [&](const PSBTInput& input) {
        for (const auto& entry : input.hd_keypaths) {
            if (std::ranges::equal(parsed_m_fingerprint, entry.second.fingerprint)) return true;
        }
        for (const auto& entry : input.m_tap_bip32_paths) {
            if (std::ranges::equal(parsed_m_fingerprint, entry.second.second.fingerprint)) return true;
        }
        return false;
    };

    if (!std::any_of(psbtx.inputs.begin(), psbtx.inputs.end(), matches_signer_fingerprint)) {
        error = "Signer fingerprint " + m_fingerprint + " does not match any of the inputs:\n" + EncodeBase64(ssTx.str());
        return false;
    }

    const std::vector<std::string> command = Cat(m_command, Cat({"--stdin", "--fingerprint", m_fingerprint}, NetworkArg()));
    const std::string stdinStr = "signtx " + EncodeBase64(ssTx.str());

    const UniValue signer_result = RunCommandParseJSON(command, stdinStr);

    if (signer_result.find_value("error").isStr()) {
        error = signer_result.find_value("error").get_str();
        return false;
    }

    if (!signer_result.find_value("psbt").isStr()) {
        error = "Unexpected result from signer";
        return false;
    }

    util::Result<PartiallySignedTransaction> signer_psbtx = DecodeBase64PSBT(signer_result.find_value("psbt").get_str());
    if (!signer_psbtx) {
        error = strprintf("TX decode failed %s", util::ErrorString(signer_psbtx).original);
        return false;
    }

    psbtx = *signer_psbtx;

    return true;
}

Line	Count	Source
1		// Copyright (c) 2018-present The Bitcoin Core developers
2		// Distributed under the MIT software license, see the accompanying
3		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
4
5		#include <external_signer.h>
6
7		#include <chainparams.h>
8		#include <common/run_command.h>
9		#include <core_io.h>
10		#include <psbt.h>
11		#include <util/strencodings.h>
12		#include <util/subprocess.h>
13
14		#include <algorithm>
15		#include <stdexcept>
16		#include <string>
17		#include <vector>
18
19		ExternalSigner::ExternalSigner(std::vector<std::string> command, std::string chain, std::string fingerprint, std::string name)
20	0	: m_command{std::move(command)}, m_chain{std::move(chain)}, m_fingerprint{std::move(fingerprint)}, m_name{std::move(name)} {}
21
22		std::vector<std::string> ExternalSigner::NetworkArg() const
23	0	{
24	0	return {"--chain", m_chain};
25	0	}
26
27		bool ExternalSigner::Enumerate(const std::string& command, std::vector<ExternalSigner>& signers, const std::string& chain)
28	0	{
29		// Call <command> enumerate
30	0	std::vector<std::string> cmd_args = Cat(subprocess::util::split(command), {"enumerate"});
31
32	0	const UniValue result = RunCommandParseJSON(cmd_args, "");
33	0	if (!result.isArray()) { Branch (33:9): [True: 0, False: 0]
34	0	throw std::runtime_error(strprintf("'%s' received invalid response, expected array of signers", command));
35	0	}
36	0	for (const UniValue& signer : result.getValues()) { Branch (36:33): [True: 0, False: 0]
37		// Check for error
38	0	const UniValue& error = signer.find_value("error");
39	0	if (!error.isNull()) { Branch (39:13): [True: 0, False: 0]
40	0	if (!error.isStr()) { Branch (40:17): [True: 0, False: 0]
41	0	throw std::runtime_error(strprintf("'%s' error", command));
42	0	}
43	0	throw std::runtime_error(strprintf("'%s' error: %s", command, error.getValStr()));
44	0	}
45		// Check if fingerprint is present
46	0	const UniValue& fingerprint = signer.find_value("fingerprint");
47	0	if (fingerprint.isNull()) { Branch (47:13): [True: 0, False: 0]
48	0	throw std::runtime_error(strprintf("'%s' received invalid response, missing signer fingerprint", command));
49	0	}
50	0	const std::string& fingerprintStr{fingerprint.get_str()};
51		// Skip duplicate signer
52	0	bool duplicate = false;
53	0	for (const ExternalSigner& signer : signers) { Branch (53:43): [True: 0, False: 0]
54	0	if (signer.m_fingerprint.compare(fingerprintStr) == 0) duplicate = true; Branch (54:17): [True: 0, False: 0]
55	0	}
56	0	if (duplicate) continue; Branch (56:13): [True: 0, False: 0]
57	0	std::string name;
58	0	const UniValue& model_field = signer.find_value("model");
59	0	if (model_field.isStr() && model_field.getValStr() != "") { Branch (59:13): [True: 0, False: 0] Branch (59:36): [True: 0, False: 0]
60	0	name += model_field.getValStr();
61	0	}
62	0	signers.emplace_back(subprocess::util::split(command), chain, fingerprintStr, name);
63	0	}
64	0	return true;
65	0	}
66
67		UniValue ExternalSigner::DisplayAddress(const std::string& descriptor) const
68	0	{
69	0	return RunCommandParseJSON(Cat(m_command, Cat(Cat({"--fingerprint", m_fingerprint}, NetworkArg()), {"displayaddress", "--desc", descriptor})), "");
70	0	}
71
72		UniValue ExternalSigner::GetDescriptors(const int account)
73	0	{
74	0	return RunCommandParseJSON(Cat(m_command, Cat(Cat({"--fingerprint", m_fingerprint}, NetworkArg()), {"getdescriptors", "--account", strprintf("%d", account)})), "");
75	0	}
76
77		bool ExternalSigner::SignTransaction(PartiallySignedTransaction& psbtx, std::string& error)
78	0	{
79		// Serialize the PSBT
80	0	DataStream ssTx{};
81	0	ssTx << psbtx;
82		// parse ExternalSigner master fingerprint
83	0	std::vector<unsigned char> parsed_m_fingerprint = ParseHex(m_fingerprint);
84		// Check if signer fingerprint matches any input master key fingerprint
85	0	auto matches_signer_fingerprint = [&](const PSBTInput& input) {
86	0	for (const auto& entry : input.hd_keypaths) { Branch (86:32): [True: 0, False: 0]
87	0	if (std::ranges::equal(parsed_m_fingerprint, entry.second.fingerprint)) return true; Branch (87:17): [True: 0, False: 0]
88	0	}
89	0	for (const auto& entry : input.m_tap_bip32_paths) { Branch (89:32): [True: 0, False: 0]
90	0	if (std::ranges::equal(parsed_m_fingerprint, entry.second.second.fingerprint)) return true; Branch (90:17): [True: 0, False: 0]
91	0	}
92	0	return false;
93	0	};
94
95	0	if (!std::any_of(psbtx.inputs.begin(), psbtx.inputs.end(), matches_signer_fingerprint)) { Branch (95:9): [True: 0, False: 0]
96	0	error = "Signer fingerprint " + m_fingerprint + " does not match any of the inputs:\n" + EncodeBase64(ssTx.str());
97	0	return false;
98	0	}
99
100	0	const std::vector<std::string> command = Cat(m_command, Cat({"--stdin", "--fingerprint", m_fingerprint}, NetworkArg()));
101	0	const std::string stdinStr = "signtx " + EncodeBase64(ssTx.str());
102
103	0	const UniValue signer_result = RunCommandParseJSON(command, stdinStr);
104
105	0	if (signer_result.find_value("error").isStr()) { Branch (105:9): [True: 0, False: 0]
106	0	error = signer_result.find_value("error").get_str();
107	0	return false;
108	0	}
109
110	0	if (!signer_result.find_value("psbt").isStr()) { Branch (110:9): [True: 0, False: 0]
111	0	error = "Unexpected result from signer";
112	0	return false;
113	0	}
114
115	0	util::Result<PartiallySignedTransaction> signer_psbtx = DecodeBase64PSBT(signer_result.find_value("psbt").get_str());
116	0	if (!signer_psbtx) { Branch (116:9): [True: 0, False: 0]
117	0	error = strprintf("TX decode failed %s", util::ErrorString(signer_psbtx).original);
118	0	return false;
119	0	}
120
121	0	psbtx = *signer_psbtx;
122
123	0	return true;
124	0	}

Coverage Report

Created: 2026-06-01 18:35