Skip to content

Commit

Permalink
feat: nodesNetworkVerifyClaim test
Browse files Browse the repository at this point in the history
  • Loading branch information
amydevs committed Aug 20, 2024
1 parent a401b04 commit 1eadd20
Show file tree
Hide file tree
Showing 4 changed files with 353 additions and 11 deletions.
59 changes: 50 additions & 9 deletions src/nodes/NodeManager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1560,30 +1560,71 @@ class NodeManager {
}
const signedClaim = claimsUtils.parseSignedClaim(input.signedTokenEncoded);
const token = Token.fromSigned(signedClaim);
const tokenEncodedSignatures = token.signaturesEncoded.map((e) => e.signature);
assertClaimNetworkAccess(token.payload);
// Verify if the token is signed
if (
!token.verifyWithPublicKey(
keysUtils.publicKeyFromNodeId(requestingNodeId),
) ||
!token.verifyWithPublicKey(
keysUtils.publicKeyFromNodeId(
nodesUtils.decodeNodeId(token.payload.iss)!,
),
)
) {
throw new claimsErrors.ErrorSinglySignedClaimVerificationFailed();
throw new claimsErrors.ErrorDoublySignedClaimVerificationFailed();
}
const authorityToken = Token.fromEncoded(token.payload.signedClaimNetworkAuthorityEncoded);
// Verify if the token is signed
if (
token.payload.iss !== authorityToken.payload.sub ||
!authorityToken.verifyWithPublicKey(
keysUtils.publicKeyFromNodeId(
nodesUtils.decodeNodeId(authorityToken.payload.sub)!,
),
) ||
!authorityToken.verifyWithPublicKey(
keysUtils.publicKeyFromNodeId(
nodesUtils.decodeNodeId(authorityToken.payload.iss)!,
),
)
) {
throw new claimsErrors.ErrorDoublySignedClaimVerificationFailed();
}

let isAuthenticated = false;
for await (const [_, claim] of this.sigchain.getSignedClaims({})) {
const tokenNetworkAccess = Token.fromSigned(claim);
try {
assertClaimNetworkAccess(claim.payload);
const signedClaimNetworkAuthority = Token.fromSigned(claimsUtils.parseSignedClaim(claim.payload.signedClaimNetworkAuthorityEncoded));
assertClaimNetworkAuthority(signedClaimNetworkAuthority.payload);
if (signedClaimNetworkAuthority.signaturesEncoded.findIndex((sig) => tokenEncodedSignatures.includes(sig.signature)) !== -1) {
isAuthenticated = true;
break;
}
assertClaimNetworkAccess(tokenNetworkAccess.payload);
}
catch {
continue;
}
const tokenNetworkAuthority = Token.fromEncoded(tokenNetworkAccess.payload.signedClaimNetworkAuthorityEncoded);
try {
assertClaimNetworkAuthority(tokenNetworkAuthority.payload);
}
catch {
continue;
}
if (!tokenNetworkAuthority.verifyWithPublicKey(
keysUtils.publicKeyFromNodeId(
nodesUtils.decodeNodeId(tokenNetworkAccess.payload.iss)!,
),
)) {
continue;
}
if (
authorityToken.verifyWithPublicKey(
keysUtils.publicKeyFromNodeId(
nodesUtils.decodeNodeId(tokenNetworkAccess.payload.iss)!,
)
)
) {
isAuthenticated = true;
break;
}
}

return {
Expand Down
3 changes: 3 additions & 0 deletions src/nodes/agent/callers/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import nodesConnectionSignalFinal from './nodesConnectionSignalFinal';
import nodesConnectionSignalInitial from './nodesConnectionSignalInitial';
import nodesCrossSignClaim from './nodesCrossSignClaim';
import nodesNetworkSignClaim from './nodesNetworkSignClaim';
import nodesNetworkVerifyClaim from './nodesNetworkVerifyClaim';
import notificationsSend from './notificationsSend';
import vaultsGitInfoGet from './vaultsGitInfoGet';
import vaultsGitPackGet from './vaultsGitPackGet';
Expand All @@ -21,6 +22,7 @@ const manifestClient = {
nodesConnectionSignalInitial,
nodesCrossSignClaim,
nodesNetworkSignClaim,
nodesNetworkVerifyClaim,
notificationsSend,
vaultsGitInfoGet,
vaultsGitPackGet,
Expand All @@ -39,6 +41,7 @@ export {
nodesConnectionSignalInitial,
nodesCrossSignClaim,
nodesNetworkSignClaim,
nodesNetworkVerifyClaim,
notificationsSend,
vaultsGitInfoGet,
vaultsGitPackGet,
Expand Down
4 changes: 2 additions & 2 deletions src/nodes/agent/handlers/NodesNetworkVerifyClaim.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ class NodesNetworkVerifyClaim extends UnaryHandler<
{
nodeManager: NodeManager;
},
AgentRPCRequestParams<{}>,
AgentRPCResponseResult<{}>
AgentRPCRequestParams<AgentClaimMessage>,
AgentRPCResponseResult<{ success: boolean }>
> {
public handle = async (
input: AgentRPCRequestParams<AgentClaimMessage>,
Expand Down
Loading

0 comments on commit 1eadd20

Please sign in to comment.