-
Notifications
You must be signed in to change notification settings - Fork 20
PlaygroundBitpointBank
TODO: intro
TODO: soon
If you want to get "paid" with bitpoints for a service you provide on the Playground network, you can use an over-the-network API as follows:
- Assume that your application has a client and a server. The client must prove to the server that it has paid for services
- The client requests services
- The server informs the client of a cost, an account name, and a transaction ID
- The client contacts the bank and transfers bitpoints to the named account (transaction ID in the memo)
- The bank sends the client a signed receipt
- The client presents the signed receipt to the server as proof of payment
- Server verifies that the receipt is authentic and has the transaction ID in the memo
In this document, we will provide example source code for connecting to the bank, transferring money, and receiving a receipt. We will also describe how a server verifies a receipt. The other steps are standard networking communications and are not covered here.
In this example, we assume that our client has been told by the server three things:
- An amount
- An account
- A transaction ID
The client code to perform this operation can be processed as follows:
from OnlineBank import BankClientProtocol
async def transfer(amount, account, transactionID):
bank_factory = lambda: BankClientProtocol(cert, login_name, password)
bank_client = await playground.create_connection(bank_factory, bank_addr, bank_port)
login_response = await bank_client.loginToServer()
switch_response = await bank_client.switchAccount(my_account)
transfer_response = await bank_client.transfer(account, amount, str(transactionID))
return (transfer_response.receipt, transfer_response.receiptSignature)
This code is not complete, of course. when you write your code, make sure to:
- Ensure that OnlineBank is in Playground's path.
- Load the bank's cert from disk and have access to your own login name and password
- Know your own account name
- Know the bank's address and port
Once the server receives the receipt and receipt signature from the bank, the receipt is verified in the following manner:
from BankCore import RSA_SIGNATURE_MAC
def validate(amount, account, transactionID, receipt, receiptSignature, cert):
verifier = RSA_SIGNATURE_MAC(cert.public_key())
try:
verifier.verify(receiptSignature, SHA(receipt).digest())
except AssertionError:
# the receipt is forged
return False
receiptObj = pickle.loads(receipt)
if receiptObj.memo() != str(transactionID):
# memo mismatch. Wrong transaction ID
return False
if receiptObj.getTransactionAmount(account) != amount:
# wrong amount
return False
return True
As with the client code, not all elements are shown. Make sure to verify that the receipt is from the bank before unpickling.