wip

src/nodes/NodeManager.ts

@@ -277,7 +277,7 @@ class NodeManager {
           const halfSignedClaimEncoded =
             claimsUtils.generateSignedClaim(halfSignedClaim);
           const receivedClaim =
-            await conn.rpcClient.methods.nodesNetworkSignClaim({
+            await conn.rpcClient.methods.nodesClaimNetworkSign({
               signedTokenEncoded: halfSignedClaimEncoded,
             });
           const signedClaim = claimsUtils.parseSignedClaim(
@@ -1592,43 +1592,36 @@ class NodeManager {
       throw new claimsErrors.ErrorDoublySignedClaimVerificationFailed();
     }
 
-    let isAuthenticated = false;
+    let success = false;
     for await (const [_, claim] of this.sigchain.getSignedClaims({})) {
-      const tokenNetworkAccess = Token.fromSigned(claim);
       try {
-        assertClaimNetworkAccess(tokenNetworkAccess.payload);
+        assertClaimNetworkAccess(claim.payload);
       }
       catch {
         continue;
       }
-      const tokenNetworkAuthority = Token.fromEncoded(tokenNetworkAccess.payload.signedClaimNetworkAuthorityEncoded);
+      const tokenNetworkAuthority = Token.fromEncoded(claim.payload.signedClaimNetworkAuthorityEncoded);
       try {
         assertClaimNetworkAuthority(tokenNetworkAuthority.payload);
       }
       catch {
         continue;
       }
-      if (!tokenNetworkAuthority.verifyWithPublicKey(
-        keysUtils.publicKeyFromNodeId(
-          nodesUtils.decodeNodeId(tokenNetworkAccess.payload.iss)!,
-        ),
-      )) {
-        continue;
-      }
+      // No need to check if local claims are correctly signed by an Network Authority.
       if (
         authorityToken.verifyWithPublicKey(
           keysUtils.publicKeyFromNodeId(
-            nodesUtils.decodeNodeId(tokenNetworkAccess.payload.iss)!,
+            nodesUtils.decodeNodeId(claim.payload.iss)!,
           )
         )
       ) {
-        isAuthenticated = true;
+        success = true;
         break;
       }
     }
 
     return {
-      success: isAuthenticated,
+      success: success,
     }
   }
 

src/nodes/agent/callers/index.ts

@@ -4,8 +4,8 @@ import nodesClosestLocalNodesGet from './nodesClosestLocalNodesGet';
 import nodesConnectionSignalFinal from './nodesConnectionSignalFinal';
 import nodesConnectionSignalInitial from './nodesConnectionSignalInitial';
 import nodesCrossSignClaim from './nodesCrossSignClaim';
-import nodesNetworkSignClaim from './nodesNetworkSignClaim';
-import nodesNetworkVerifyClaim from './nodesNetworkVerifyClaim';
+import nodesClaimNetworkSign from './nodesClaimNetworkSign';
+import nodesClaimNetworkVerify from './nodesClaimNetworkVerify';
 import notificationsSend from './notificationsSend';
 import vaultsGitInfoGet from './vaultsGitInfoGet';
 import vaultsGitPackGet from './vaultsGitPackGet';
@@ -21,8 +21,8 @@ const manifestClient = {
   nodesConnectionSignalFinal,
   nodesConnectionSignalInitial,
   nodesCrossSignClaim,
-  nodesNetworkSignClaim,
-  nodesNetworkVerifyClaim,
+  nodesClaimNetworkSign,
+  nodesClaimNetworkVerify,
   notificationsSend,
   vaultsGitInfoGet,
   vaultsGitPackGet,
@@ -40,8 +40,8 @@ export {
   nodesConnectionSignalFinal,
   nodesConnectionSignalInitial,
   nodesCrossSignClaim,
-  nodesNetworkSignClaim,
-  nodesNetworkVerifyClaim,
+  nodesClaimNetworkSign,
+  nodesClaimNetworkVerify,
   notificationsSend,
   vaultsGitInfoGet,
   vaultsGitPackGet,

src/nodes/agent/callers/nodesClaimNetworkSign.ts

@@ -0,0 +1,12 @@
+import type { HandlerTypes } from '@matrixai/rpc';
+import type NodesClaimNetworkSign from '../handlers/NodesClaimNetworkSign';
+import { UnaryCaller } from '@matrixai/rpc';
+
+type CallerTypes = HandlerTypes<NodesClaimNetworkSign>;
+
+const nodesClaimNetworkSign = new UnaryCaller<
+  CallerTypes['input'],
+  CallerTypes['output']
+>();
+
+export default nodesClaimNetworkSign;

src/nodes/agent/callers/nodesClaimNetworkVerify.ts

@@ -0,0 +1,12 @@
+import type { HandlerTypes } from '@matrixai/rpc';
+import type NodesClaimNetworkVerify from '../handlers/NodesClaimNetworkVerify';
+import { UnaryCaller } from '@matrixai/rpc';
+
+type CallerTypes = HandlerTypes<NodesClaimNetworkVerify>;
+
+const nodesClaimNetworkVerify = new UnaryCaller<
+  CallerTypes['input'],
+  CallerTypes['output']
+>();
+
+export default nodesClaimNetworkVerify;

src/nodes/agent/errors.ts

@@ -22,8 +22,14 @@ class ErrorNodesConnectionSignalRelayVerificationFailed<
   exitCode = sysexits.UNAVAILABLE;
 }
 
+class ErrorNodesClaimNetworkVerificationFailed<T> extends ErrorAgent<T> {
+  static description = 'Failed to verify claim network message';
+  exitCode = sysexits.UNAVAILABLE
+}
+
 export {
   ErrorAgentNodeIdMissing,
   ErrorNodesConnectionSignalRequestVerificationFailed,
   ErrorNodesConnectionSignalRelayVerificationFailed,
+  ErrorNodesClaimNetworkVerificationFailed,
 };

src/nodes/agent/handlers/NodesNetworkSignClaim.ts → src/nodes/agent/handlers/NodesClaimNetworkSign.ts

@@ -9,7 +9,7 @@ import { UnaryHandler } from '@matrixai/rpc';
 import * as agentErrors from '../errors';
 import * as agentUtils from '../utils';
 
-class NodesNetworkSignClaim extends UnaryHandler<
+class NodesClaimNetworkSign extends UnaryHandler<
   {
     nodeManager: NodeManager;
   },
@@ -31,4 +31,4 @@ class NodesNetworkSignClaim extends UnaryHandler<
   };
 }
 
-export default NodesNetworkSignClaim;
+export default NodesClaimNetworkSign;

src/nodes/agent/handlers/NodesNetworkVerifyClaim.ts → src/nodes/agent/handlers/NodesClaimNetworkVerify.ts

@@ -14,7 +14,7 @@ import { never } from '../../../utils';
 import * as keysUtils from '../../../keys/utils';
 import * as ids from '../../../ids';
 
-class NodesNetworkVerifyClaim extends UnaryHandler<
+class NodesClaimNetworkVerify extends UnaryHandler<
   {
     nodeManager: NodeManager;
   },
@@ -34,4 +34,4 @@ class NodesNetworkVerifyClaim extends UnaryHandler<
   };
 }
 
-export default NodesNetworkVerifyClaim;
+export default NodesClaimNetworkVerify;

src/nodes/agent/handlers/index.ts

@@ -14,7 +14,7 @@ import NodesClosestLocalNodesGet from './NodesClosestLocalNodesGet';
 import NodesConnectionSignalFinal from './NodesConnectionSignalFinal';
 import NodesConnectionSignalInitial from './NodesConnectionSignalInitial';
 import NodesCrossSignClaim from './NodesCrossSignClaim';
-import NodesNetworkSignClaim from './NodesNetworkSignClaim';
+import NodesClaimNetworkSign from './NodesClaimNetworkSign';
 import NotificationsSend from './NotificationsSend';
 import VaultsGitInfoGet from './VaultsGitInfoGet';
 import VaultsGitPackGet from './VaultsGitPackGet';
@@ -44,7 +44,7 @@ const manifestServer = (container: {
     nodesConnectionSignalFinal: new NodesConnectionSignalFinal(container),
     nodesConnectionSignalInitial: new NodesConnectionSignalInitial(container),
     nodesCrossSignClaim: new NodesCrossSignClaim(container),
-    nodesNetworkSignClaim: new NodesNetworkSignClaim(container),
+    nodesClaimNetworkSign: new NodesClaimNetworkSign(container),
     notificationsSend: new NotificationsSend(container),
     vaultsGitInfoGet: new VaultsGitInfoGet(container),
     vaultsGitPackGet: new VaultsGitPackGet(container),
@@ -63,7 +63,7 @@ export {
   NodesConnectionSignalFinal,
   NodesConnectionSignalInitial,
   NodesCrossSignClaim,
-  NodesNetworkSignClaim,
+  NodesClaimNetworkSign,
   NotificationsSend,
   VaultsGitInfoGet,
   VaultsGitPackGet,

tests/nodes/agent/handlers/nodesNetworkVerifyClaim.test.ts

@@ -13,8 +13,8 @@ import { RPCClient, RPCServer } from '@matrixai/rpc';
 import Sigchain from '@/sigchain/Sigchain';
 import KeyRing from '@/keys/KeyRing';
 import NodeGraph from '@/nodes/NodeGraph';
-import { nodesNetworkVerifyClaim } from '@/nodes/agent/callers';
-import NodesNetworkVerifyClaim from '@/nodes/agent/handlers/NodesNetworkVerifyClaim';
+import { nodesClaimNetworkVerify } from '@/nodes/agent/callers';
+import NodesClaimNetworkVerify from '@/nodes/agent/handlers/NodesClaimNetworkVerify';
 import ACL from '@/acl/ACL';
 import NodeManager from '@/nodes/NodeManager';
 import GestaltGraph from '@/gestalts/GestaltGraph';
@@ -30,8 +30,8 @@ import { SignedTokenEncoded } from '@/tokens/types';
 import { ClaimNetworkAuthority } from '@/claims/payloads/claimNetworkAuthority';
 import { ClaimNetworkAccess } from '@/claims/payloads/claimNetworkAccess';
 
-describe('nodesNetworkVerifyClaim', () => {
-  const logger = new Logger('nodesNetworkVerifyClaim test', LogLevel.WARN, [
+describe('nodesClaimNetworkVerify', () => {
+  const logger = new Logger('nodesClaimNetworkVerify test', LogLevel.WARN, [
     new StreamHandler(),
   ]);
   const password = 'password';
@@ -50,7 +50,7 @@ describe('nodesNetworkVerifyClaim', () => {
   let quicServer: QUICServer;
 
   const clientManifest = {
-    nodesNetworkVerifyClaim,
+    nodesClaimNetworkVerify,
   };
   type ClientManifest = typeof clientManifest;
   let rpcClient: RPCClient<ClientManifest>;
@@ -122,7 +122,7 @@ describe('nodesNetworkVerifyClaim', () => {
 
     // Setting up server
     const serverManifest = {
-      nodesNetworkVerifyClaim: new NodesNetworkVerifyClaim({
+      nodesClaimNetworkVerify: new NodesClaimNetworkVerify({
         nodeManager,
       }),
     };
@@ -290,7 +290,7 @@ describe('nodesNetworkVerifyClaim', () => {
     const accessToken = Token.fromPayload(accessClaim);
     accessToken.signWithPrivateKey(seedKeyPair.privateKey);
     accessToken.signWithPrivateKey(clientKeyPair.privateKey);
-    const response = await rpcClient.methods.nodesNetworkVerifyClaim({
+    const response = await rpcClient.methods.nodesClaimNetworkVerify({
       signedTokenEncoded: accessToken.toEncoded(),
     });
     expect(response).toEqual({ success: true });