From 3341fae2bca2f1f0ea85f60e0d697bafbc1eebf3 Mon Sep 17 00:00:00 2001
From: Arthur Britto <ahbritto@gmail.com>
Date: Tue, 15 May 2012 20:44:50 -0700
Subject: [PATCH] Revise doClaim for proof.

---
 src/TransactionEngine.cpp | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/TransactionEngine.cpp b/src/TransactionEngine.cpp
index 4f38ff81b..6cdb754c8 100644
--- a/src/TransactionEngine.cpp
+++ b/src/TransactionEngine.cpp
@@ -254,7 +254,26 @@ TransactionEngineResult TransactionEngine::doClaim(const SerializedTransaction&
 		return tenCLAIMED;
 	}
 
-	uint160							hGeneratorID	= txn.getITFieldH160(sfGeneratorID);
+	//
+	// Verify claim is authorized
+	//
+
+	std::vector<unsigned char>		vucCipher		= txn.getITFieldVL(sfGenerator);
+	std::vector<unsigned char>		vucPubKey		= txn.getITFieldVL(sfPubKey);
+	std::vector<unsigned char>		vucSignature	= txn.getITFieldVL(sfSignature);
+
+	NewcoinAddress					naAccountPublic;
+
+	naAccountPublic.setAccountPublic(vucPubKey);
+
+	if (!naAccountPublic.accountPublicVerify(Serializer::getSHA512Half(vucCipher), vucSignature))
+	{
+		std::cerr << "doClaim: bad signature unauthorized claim" << std::endl;
+		return tenINVALID;
+	}
+
+	uint160							hGeneratorID	= naAccountPublic.getAccountID();
+
 									qry				= lepNONE;
 	SerializedLedgerEntry::pointer	gen				= mLedger->getGenerator(qry, hGeneratorID);
 	if (gen)
@@ -267,7 +286,6 @@ TransactionEngineResult TransactionEngine::doClaim(const SerializedTransaction&
 	//
 	// Claim the account.
 	//
-	std::vector<unsigned char>		vucCipher		= txn.getITFieldVL(sfGenerator);
 
 	// Set the public key needed to use the account.
 	dest->setIFieldH160(sfAuthorizedKey, hGeneratorID);