Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(agent): Check subnet canister ranges #580

Merged
merged 18 commits into from Jun 28, 2022
Merged

fix(agent): Check subnet canister ranges #580

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
d67164e
Verify the canister subnet ranges for a certificate
oggy-dfin May 30, 2022
298b5b5
Don't check subnet ranges for reading management canister state
oggy-dfin Jun 3, 2022
2c360c8
Please the linter
oggy-dfin Jun 7, 2022
8adffe9
Update usage of Certificate.verify in e2e test
oggy-dfin Jun 7, 2022
8212233
snake_case to camelCase
oggy-dfin Jun 7, 2022
d452ce7
Fix how root keys are determined
oggy-dfin Jun 7, 2022
dc6229e
Merge branch 'dfinity:main' into check-subnet-canister-ranges
oggy-dfin Jun 7, 2022
76ac41c
Bump version up
oggy-dfin Jun 7, 2022
af999e4
Switch to a static constructor with automatic verification
oggy-dfin Jun 8, 2022
4203c2e
Fail on wrong signature
oggy-dfin Jun 8, 2022
d4d11dc
Change the expected error in the MITM test
oggy-dfin Jun 8, 2022
cd997df
Avoid any potential coercion
oggy-dfin Jun 8, 2022
5e98356
chore: reverts package versions
krpeacock Jun 14, 2022
5755d35
Merge pull request #1 from dfinity/kyle/revert-package-versions
oggy-dfin Jun 14, 2022
6889f72
Apply suggestions from code review
oggy-dfin Jun 17, 2022
839a6ea
Use an options object for Certificate.create
oggy-dfin Jun 17, 2022
e7f9eb6
Robin's review comments
oggy-dfin Jun 28, 2022
7cd23c1
Merge branch 'main' into check-subnet-canister-ranges
krpeacock Jun 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 10 additions & 0 deletions docs/generated/changelog.html
View file
Open in desktop
Expand Up @@ -10,6 +10,16 @@
<h1>Agent-JS Changelog</h1>

<section>
<h2>Version 0.12.0</h2>
<ul>
<li>
Changed the certificate verification interface and fixed its logic. The public constructor
is now static and asynchronous. There is no separate verification method, the check is
done automatically in the constructor and newly also checks that the delegation is
authoritative for the given canister ID, as required by the Internet Computer interface
specification.
</li>
</ul>
<h2>Version 0.11.2</h2>
<ul>
<li>
Expand Down
13 changes: 8 additions & 5 deletions e2e/node/basic/basic.test.ts
View file
Open in desktop
Expand Up @@ -10,13 +10,16 @@ test('read_state', async () => {
const resolvedAgent = await agent;
const now = Date.now() / 1000;
const path = [new TextEncoder().encode('time')];
const response = await resolvedAgent.readState(Principal.fromHex('00000000000000000001'), {
const canisterId = Principal.fromHex('00000000000000000001');
const response = await resolvedAgent.readState(canisterId, {
paths: [path],
});
const cert = new Certificate(response, resolvedAgent);

expect(() => cert.lookup(path)).toThrow(/Cannot lookup unverified certificate/);
expect(await cert.verify()).toBe(true);
if (resolvedAgent.rootKey == null) throw new Error(`The agent doesn't have a root key yet`);
const cert = await Certificate.create({
certificate: response.certificate,
rootKey: resolvedAgent.rootKey,
canisterId: canisterId,
});
expect(cert.lookup([new TextEncoder().encode('Time')])).toBe(undefined);
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
const rawTime = cert.lookup(path)!;
Expand Down
2 changes: 1 addition & 1 deletion e2e/node/basic/mitm.test.ts
View file
Open in desktop
Expand Up @@ -11,6 +11,6 @@ if (!process.env['MITM']) {
jest.setTimeout(30000);
mitmTest('mitm greet', async () => {
const { actor: counter } = await counterCanister();
await expect(counter.greet('counter')).rejects.toThrow(/Fail to verify certificate/);
await expect(counter.greet('counter')).rejects.toThrow(/Invalid certificate/);
expect(await counter.queryGreet('counter')).toEqual('Hullo, counter!');
});
113 changes: 58 additions & 55 deletions package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 5 additions & 7 deletions packages/agent/src/canisterStatus/index.ts
View file
Open in desktop
Expand Up @@ -87,13 +87,11 @@ export const request = async (options: {
const response = await agent.readState(canisterId, {
paths: [encodedPaths[index]],
});
const cert = new Certificate(response, agent);
const verified = await cert.verify();
if (!verified) {
throw new Error(
'There was a problem certifying the response data. Please verify your connection to the mainnet, or be sure to call fetchRootKey on your agent if you are developing locally',
);
}
const cert = await Certificate.create({
certificate: response.certificate,
rootKey: agent.rootKey,
canisterId: canisterId,
});

const data = cert.lookup(encodePath(uniquePaths[index], canisterId));
if (!data) {
Expand Down