def hwi_open_channel(plugin, amount, node_id, bitcoin_wallet_name): """ hi """ # fixme: return json assert '@' in node_id, "node_id should be pubkey@host:port" # load watch-only wallet wallets = bitcoin_rpc.listwallets() if bitcoin_wallet_name not in wallets: rpc.loadwallet(bitcoin_wallet_name) plugin.log('loaded watch-only wallet') # start channel funding lightning_rpc.connect(node_id) node_pubkey = node_id.split('@')[0] address = lightning_rpc.fundchannel_start(node_pubkey, amount)['funding_address'] plugin.log('started channel open') try: # construct rpc for this wallet rpc_settings['wallet_name'] = bitcoin_wallet_name uri = template.format(**rpc_settings) wallet_rpc = AuthServiceProxy(uri) # create transaction raw_unsigned_psbt = wallet_rpc.walletcreatefundedpsbt( # let Bitcoin Core choose inputs [], # Outputs [{address: str(sat_to_btc(amount))}], # Locktime 0, { # Include watch-only outputs "includeWatching": True, }, # Include BIP32 derivation paths in the PSBT True, )['psbt'] unsigned_psbt = serializations.PSBT() plugin.log('confirm on your device') unsigned_psbt.deserialize(raw_unsigned_psbt) plugin.log('created psbt') # sign transaction device, client = get_device_and_client() raw_signed_psbt = client.sign_tx(unsigned_psbt)['psbt'] signed_psbt = serializations.PSBT() signed_psbt.deserialize(raw_signed_psbt) plugin.log('signed psbt') plugin.log(raw_signed_psbt) # find index vout = -1 for i, output in enumerate(signed_psbt.outputs): if output.hd_keypaths == {}: vout = i break assert vout != -1 # get txid signed_psbt.tx.rehash() txid = signed_psbt.tx.hash # finalize lightning channel r = lightning_rpc.fundchannel_complete(node_pubkey, txid, vout) plugin.log(f'channel funding complete: txid={txid} vout={vout}') plugin.log(str(r)) # broadcast tx_hex = wallet_rpc.finalizepsbt(raw_signed_psbt)["hex"] txid = wallet_rpc.sendrawtransaction(tx_hex) plugin.log('broadcasted tx: ' + txid) # FIXME: exceptions might not be raised ... except Exception as e: plugin.log('RPC ERROR: ' + str(e)) r = lightning_rpc.fundchannel_cancel(node_pubkey) plugin.log(str(r))
class TestSignTx(DeviceTestCase): def setUp(self): self.rpc = AuthServiceProxy('http://{}@127.0.0.1:18443'.format( self.rpc_userpass)) if '{}_test'.format(self.full_type) not in self.rpc.listwallets(): self.rpc.createwallet('{}_test'.format(self.full_type), True) self.wrpc = AuthServiceProxy( 'http://{}@127.0.0.1:18443/wallet/{}_test'.format( self.rpc_userpass, self.full_type)) self.wpk_rpc = AuthServiceProxy( 'http://{}@127.0.0.1:18443/wallet/'.format(self.rpc_userpass)) if '--testnet' not in self.dev_args: self.dev_args.append('--testnet') self.emulator.start() def tearDown(self): self.emulator.stop() def _generate_and_finalize(self, unknown_inputs, psbt): if not unknown_inputs: # Just do the normal signing process to test "all inputs" case sign_res = self.do_command(self.dev_args + ['signtx', psbt['psbt']]) finalize_res = self.wrpc.finalizepsbt(sign_res['psbt']) else: # Sign only input one on first pass # then rest on second pass to test ability to successfully # ignore inputs that are not its own. Then combine both # signing passes to ensure they are actually properly being # partially signed at each step. first_psbt = PSBT() first_psbt.deserialize(psbt['psbt']) second_psbt = PSBT() second_psbt.deserialize(psbt['psbt']) # Blank master fingerprint to make hww fail to sign # Single input PSBTs will be fully signed by first signer for psbt_input in first_psbt.inputs[1:]: for pubkey, path in psbt_input.hd_keypaths.items(): psbt_input.hd_keypaths[pubkey] = (0, ) + path[1:] for pubkey, path in second_psbt.inputs[0].hd_keypaths.items(): second_psbt.inputs[0].hd_keypaths[pubkey] = (0, ) + path[1:] single_input = len(first_psbt.inputs) == 1 # Process the psbts first_psbt = first_psbt.serialize() second_psbt = second_psbt.serialize() # First will always have something to sign first_sign_res = self.do_command(self.dev_args + ['signtx', first_psbt]) self.assertTrue(single_input == self.wrpc.finalizepsbt( first_sign_res['psbt'])['complete']) # Second may have nothing to sign (1 input case) # and also may throw an error(e.g., ColdCard) second_sign_res = self.do_command(self.dev_args + ['signtx', second_psbt]) if 'psbt' in second_sign_res: self.assertTrue(not self.wrpc.finalizepsbt( second_sign_res['psbt'])['complete']) combined_psbt = self.wrpc.combinepsbt( [first_sign_res['psbt'], second_sign_res['psbt']]) else: self.assertTrue('error' in second_sign_res) combined_psbt = first_sign_res['psbt'] finalize_res = self.wrpc.finalizepsbt(combined_psbt) self.assertTrue(finalize_res['complete']) self.assertTrue( self.wrpc.testmempoolaccept([finalize_res['hex'] ])[0]["allowed"]) return finalize_res['hex'] def _test_signtx(self, input_type, multisig): # Import some keys to the watch only wallet and send coins to them keypool_desc = self.do_command( self.dev_args + ['getkeypool', '--keypool', '--sh_wpkh', '30', '40']) import_result = self.wrpc.importmulti(keypool_desc) self.assertTrue(import_result[0]['success']) keypool_desc = self.do_command( self.dev_args + ['getkeypool', '--keypool', '--sh_wpkh', '--internal', '30', '40']) import_result = self.wrpc.importmulti(keypool_desc) self.assertTrue(import_result[0]['success']) sh_wpkh_addr = self.wrpc.getnewaddress('', 'p2sh-segwit') wpkh_addr = self.wrpc.getnewaddress('', 'bech32') pkh_addr = self.wrpc.getnewaddress('', 'legacy') self.wrpc.importaddress(wpkh_addr) self.wrpc.importaddress(pkh_addr) # pubkeys to construct 2-of-3 multisig descriptors for import sh_wpkh_info = self.wrpc.getaddressinfo(sh_wpkh_addr) wpkh_info = self.wrpc.getaddressinfo(wpkh_addr) pkh_info = self.wrpc.getaddressinfo(pkh_addr) # Get origin info/key pair so wallet doesn't forget how to # sign with keys post-import pubkeys = [sh_wpkh_info['desc'][8:-11],\ wpkh_info['desc'][5:-10],\ pkh_info['desc'][4:-10]] # Get the descriptors with their checksums sh_multi_desc = self.wrpc.getdescriptorinfo('sh(multi(2,' + pubkeys[0] + ',' + pubkeys[1] + ',' + pubkeys[2] + '))')['descriptor'] sh_wsh_multi_desc = self.wrpc.getdescriptorinfo('sh(wsh(multi(2,' + pubkeys[0] + ',' + pubkeys[1] + ',' + pubkeys[2] + ')))')['descriptor'] wsh_multi_desc = self.wrpc.getdescriptorinfo('wsh(multi(2,' + pubkeys[2] + ',' + pubkeys[1] + ',' + pubkeys[0] + '))')['descriptor'] sh_multi_import = { 'desc': sh_multi_desc, "timestamp": "now", "label": "shmulti" } sh_wsh_multi_import = { 'desc': sh_wsh_multi_desc, "timestamp": "now", "label": "shwshmulti" } # re-order pubkeys to allow import without "already have private keys" error wsh_multi_import = { 'desc': wsh_multi_desc, "timestamp": "now", "label": "wshmulti" } multi_result = self.wrpc.importmulti( [sh_multi_import, sh_wsh_multi_import, wsh_multi_import]) self.assertTrue(multi_result[0]['success']) self.assertTrue(multi_result[1]['success']) self.assertTrue(multi_result[2]['success']) sh_multi_addr = self.wrpc.getaddressesbylabel("shmulti").popitem()[0] sh_wsh_multi_addr = self.wrpc.getaddressesbylabel( "shwshmulti").popitem()[0] wsh_multi_addr = self.wrpc.getaddressesbylabel("wshmulti").popitem()[0] in_amt = 3 out_amt = in_amt // 3 number_inputs = 0 # Single-sig if input_type == 'segwit' or input_type == 'all': self.wpk_rpc.sendtoaddress(sh_wpkh_addr, in_amt) self.wpk_rpc.sendtoaddress(wpkh_addr, in_amt) number_inputs += 2 if input_type == 'legacy' or input_type == 'all': self.wpk_rpc.sendtoaddress(pkh_addr, in_amt) number_inputs += 1 # Now do segwit/legacy multisig if multisig: if input_type == 'legacy' or input_type == 'all': self.wpk_rpc.sendtoaddress(sh_multi_addr, in_amt) number_inputs += 1 if input_type == 'segwit' or input_type == 'all': self.wpk_rpc.sendtoaddress(wsh_multi_addr, in_amt) self.wpk_rpc.sendtoaddress(sh_wsh_multi_addr, in_amt) number_inputs += 2 self.wpk_rpc.generatetoaddress(6, self.wpk_rpc.getnewaddress()) # Spend different amounts, requiring 1 to 3 inputs for i in range(number_inputs): # Create a psbt spending the above if i == number_inputs - 1: self.assertTrue((i + 1) * in_amt == self.wrpc.getbalance("*", 0, True)) psbt = self.wrpc.walletcreatefundedpsbt( [], [{ self.wpk_rpc.getnewaddress('', 'legacy'): (i + 1) * out_amt }, { self.wpk_rpc.getnewaddress('', 'p2sh-segwit'): (i + 1) * out_amt }, { self.wpk_rpc.getnewaddress('', 'bech32'): (i + 1) * out_amt }], 0, { 'includeWatching': True, 'subtractFeeFromOutputs': [0, 1, 2] }, True) # Sign with unknown inputs in two steps self._generate_and_finalize(True, psbt) # Sign all inputs all at once final_tx = self._generate_and_finalize(False, psbt) # Send off final tx to sweep the wallet self.wrpc.sendrawtransaction(final_tx) # Test wrapper to avoid mixed-inputs signing for Ledger def test_signtx(self): supports_mixed = {'coldcard', 'trezor_1', 'digitalbitbox', 'keepkey'} supports_multisig = {'ledger', 'trezor_1', 'digitalbitbox', 'keepkey'} if self.full_type not in supports_mixed: self._test_signtx("legacy", self.full_type in supports_multisig) self._test_signtx("segwit", self.full_type in supports_multisig) else: self._test_signtx("all", self.full_type in supports_multisig) # Make a huge transaction which might cause some problems with different interfaces def test_big_tx(self): # make a huge transaction that is unrelated to the hardware wallet outputs = [] num_inputs = 60 for i in range(0, num_inputs): outputs.append({self.wpk_rpc.getnewaddress('', 'legacy'): 0.001}) psbt = self.wpk_rpc.walletcreatefundedpsbt([], outputs, 0, {}, True)['psbt'] psbt = self.wpk_rpc.walletprocesspsbt(psbt)['psbt'] tx = self.wpk_rpc.finalizepsbt(psbt)['hex'] txid = self.wpk_rpc.sendrawtransaction(tx) inputs = [] for i in range(0, num_inputs): inputs.append({'txid': txid, 'vout': i}) psbt = self.wpk_rpc.walletcreatefundedpsbt( inputs, [{ self.wpk_rpc.getnewaddress('', 'legacy'): 0.001 * num_inputs }], 0, {'subtractFeeFromOutputs': [0]}, True)['psbt'] # For cli, this should throw an exception try: result = self.do_command(self.dev_args + ['signtx', psbt]) if self.interface == 'cli': self.fail('Big tx did not cause CLI to error') if self.type == 'coldcard': self.assertEqual(result['code'], -7) else: self.assertNotIn('code', result) self.assertNotIn('error', result) except OSError as e: if self.interface == 'cli': pass
class TestSignTx(DeviceTestCase): def setUp(self): self.rpc = AuthServiceProxy('http://{}@127.0.0.1:18443'.format( self.rpc_userpass)) if '{}_test'.format(self.type) not in self.rpc.listwallets(): self.rpc.createwallet('{}_test'.format(self.type), True) self.wrpc = AuthServiceProxy( 'http://{}@127.0.0.1:18443/wallet/{}_test'.format( self.rpc_userpass, self.type)) self.wpk_rpc = AuthServiceProxy( 'http://{}@127.0.0.1:18443/wallet/'.format(self.rpc_userpass)) if '--testnet' not in self.dev_args: self.dev_args.append('--testnet') def _test_signtx(self, input_type, multisig): # Import some keys to the watch only wallet and send coins to them keypool_desc = process_commands( self.dev_args + ['getkeypool', '--keypool', '--sh_wpkh', '30', '40']) import_result = self.wrpc.importmulti(keypool_desc) self.assertTrue(import_result[0]['success']) keypool_desc = process_commands( self.dev_args + ['getkeypool', '--keypool', '--sh_wpkh', '--internal', '30', '40']) import_result = self.wrpc.importmulti(keypool_desc) self.assertTrue(import_result[0]['success']) sh_wpkh_addr = self.wrpc.getnewaddress('', 'p2sh-segwit') wpkh_addr = self.wrpc.getnewaddress('', 'bech32') pkh_addr = self.wrpc.getnewaddress('', 'legacy') self.wrpc.importaddress(wpkh_addr) self.wrpc.importaddress(pkh_addr) # pubkeys to construct 2-of-3 multisig descriptors for import sh_wpkh_info = self.wrpc.getaddressinfo(sh_wpkh_addr) wpkh_info = self.wrpc.getaddressinfo(wpkh_addr) pkh_info = self.wrpc.getaddressinfo(pkh_addr) # Get origin info/key pair so wallet doesn't forget how to # sign with keys post-import pubkeys = [sh_wpkh_info['desc'][8:-2],\ wpkh_info['desc'][5:-1],\ pkh_info['desc'][4:-1]] sh_multi_desc = { 'desc': 'sh(multi(2,' + pubkeys[0] + ',' + pubkeys[1] + ',' + pubkeys[2] + '))', "timestamp": "now", "label": "shmulti" } sh_wsh_multi_desc = { 'desc': 'sh(wsh(multi(2,' + pubkeys[0] + ',' + pubkeys[1] + ',' + pubkeys[2] + ')))', "timestamp": "now", "label": "shwshmulti" } # re-order pubkeys to allow import without "already have private keys" error wsh_multi_desc = { 'desc': 'wsh(multi(2,' + pubkeys[2] + ',' + pubkeys[1] + ',' + pubkeys[0] + '))', "timestamp": "now", "label": "wshmulti" } multi_result = self.wrpc.importmulti( [sh_multi_desc, sh_wsh_multi_desc, wsh_multi_desc]) self.assertTrue(multi_result[0]['success']) self.assertTrue(multi_result[1]['success']) self.assertTrue(multi_result[2]['success']) sh_multi_addr = self.wrpc.getaddressesbylabel("shmulti").popitem()[0] sh_wsh_multi_addr = self.wrpc.getaddressesbylabel( "shwshmulti").popitem()[0] wsh_multi_addr = self.wrpc.getaddressesbylabel("wshmulti").popitem()[0] send_amount = 2 number_inputs = 0 # Single-sig if input_type == 'segwit' or input_type == 'all': self.wpk_rpc.sendtoaddress(sh_wpkh_addr, send_amount) self.wpk_rpc.sendtoaddress(wpkh_addr, send_amount) number_inputs += 2 if input_type == 'legacy' or input_type == 'all': self.wpk_rpc.sendtoaddress(pkh_addr, send_amount) number_inputs += 1 # Now do segwit/legacy multisig if multisig: if input_type == 'legacy' or input_type == 'all': self.wpk_rpc.sendtoaddress(sh_multi_addr, send_amount) number_inputs += 1 if input_type == 'segwit' or input_type == 'all': self.wpk_rpc.sendtoaddress(wsh_multi_addr, send_amount) self.wpk_rpc.sendtoaddress(sh_wsh_multi_addr, send_amount) number_inputs += 2 self.wpk_rpc.generatetoaddress(6, self.wpk_rpc.getnewaddress()) # Spend different amounts, requiring 1 to 3 inputs for i in range(number_inputs): # Create a psbt spending the above psbt = self.wrpc.walletcreatefundedpsbt( [], [{ self.wpk_rpc.getnewaddress(): (i + 1) * send_amount }], 0, { 'includeWatching': True, 'subtractFeeFromOutputs': [0] }, True) sign_res = process_commands(self.dev_args + ['signtx', psbt['psbt']]) finalize_res = self.wrpc.finalizepsbt(sign_res['psbt']) self.assertTrue(finalize_res['complete']) self.wrpc.sendrawtransaction(finalize_res['hex']) # Test wrapper to avoid mixed-inputs signing for Ledger def test_signtx(self): supports_mixed = {'coldcard', 'trezor'} supports_multisig = {'ledger', 'trezor'} if self.type not in supports_mixed: self._test_signtx("legacy", self.type in supports_multisig) self._test_signtx("segwit", self.type in supports_multisig) else: self._test_signtx("all", self.type in supports_multisig)