diff --git a/src/PolykeyAgent.ts b/src/PolykeyAgent.ts index 702887144..337434b82 100644 --- a/src/PolykeyAgent.ts +++ b/src/PolykeyAgent.ts @@ -52,6 +52,7 @@ import * as workersUtils from './workers/utils'; import * as clientMiddleware from './client/middleware'; import clientServerManifest from './client/handlers'; import agentServerManifest from './nodes/agent/handlers'; + /** * Optional configuration for `PolykeyAgent`. */ @@ -61,6 +62,7 @@ type PolykeyAgentOptions = { clientServicePort: number; agentServiceHost: string; agentServicePort: number; + network: string; seedNodes: SeedNodes; workers: number; ipv6Only: boolean; @@ -160,6 +162,7 @@ class PolykeyAgent { agentServiceHost: config.defaultsUser.agentServiceHost, agentServicePort: config.defaultsUser.agentServicePort, seedNodes: config.defaultsUser.seedNodes, + network: config.defaultsUser.network, workers: config.defaultsUser.workers, ipv6Only: config.defaultsUser.ipv6Only, keys: { @@ -687,6 +690,7 @@ class PolykeyAgent { groups: Array; port: number; }; + network: string; seedNodes: SeedNodes; }>; workers?: number; @@ -705,6 +709,7 @@ class PolykeyAgent { groups: config.defaultsSystem.mdnsGroups, port: config.defaultsSystem.mdnsPort, }, + network: config.defaultsUser.network, seedNodes: config.defaultsUser.seedNodes, }); // Register event handlers diff --git a/src/bootstrap/utils.ts b/src/bootstrap/utils.ts index dd4d2b4ed..d6cd2e66a 100644 --- a/src/bootstrap/utils.ts +++ b/src/bootstrap/utils.ts @@ -30,7 +30,7 @@ import * as utils from '../utils'; import * as errors from '../errors'; /** - * Bootstraps the Node Path + * Bootstraps the Node Path` */ async function bootstrapState({ // Required parameters diff --git a/src/claims/payloads/claimNetworkAccess.ts b/src/claims/payloads/claimNetworkAccess.ts index 2af7f1400..e7f339701 100644 --- a/src/claims/payloads/claimNetworkAccess.ts +++ b/src/claims/payloads/claimNetworkAccess.ts @@ -14,7 +14,8 @@ interface ClaimNetworkAccess extends Claim { typ: 'ClaimNetworkAccess'; iss: NodeIdEncoded; sub: NodeIdEncoded; - signedClaimNetworkAuthorityEncoded: SignedTokenEncoded; + network: string; + signedClaimNetworkAuthorityEncoded?: SignedTokenEncoded; } function assertClaimNetworkAccess( @@ -45,7 +46,15 @@ function assertClaimNetworkAccess( ); } if ( - claimNetworkAccess['signedClaimNetworkAuthorityEncoded'] == null + claimNetworkAccess['network'] == null || + typeof claimNetworkAccess['network'] !== 'string' + ) { + throw new validationErrors.ErrorParse( + '`network` property must be a string', + ); + } + if ( + claimNetworkAccess['signedClaimNetworkAuthorityEncoded'] != null && typeof claimNetworkAccess['signedClaimNetworkAuthorityEncoded'] !== 'string' ) { throw new validationErrors.ErrorParse( '`signedClaimNetworkAuthorityEncoded` property must be an encoded signed token', diff --git a/src/config.ts b/src/config.ts index 393ce8117..b5fbac37d 100644 --- a/src/config.ts +++ b/src/config.ts @@ -383,6 +383,12 @@ const config = { */ agentServiceHost: '::', agentServicePort: 0, + /** + * Hostname of network to connect to. + * + * This is defaulted to 'mainnet.polykey.com'. + */ + network: 'mainnet.polykey.com', /** * Seed nodes. * diff --git a/src/nodes/NodeManager.ts b/src/nodes/NodeManager.ts index 06d41bce3..f751f5228 100644 --- a/src/nodes/NodeManager.ts +++ b/src/nodes/NodeManager.ts @@ -1575,6 +1575,12 @@ class NodeManager { ) { throw new claimsErrors.ErrorDoublySignedClaimVerificationFailed(); } + if (token.payload.network === 'testnet.polykey.com' || token.payload.network === 'mainnet.polykey.com') { + return { success: true }; + } + if (token.payload.signedClaimNetworkAuthorityEncoded == null) { + throw new claimsErrors.ErrorDoublySignedClaimVerificationFailed(); + } const authorityToken = Token.fromEncoded(token.payload.signedClaimNetworkAuthorityEncoded); // Verify if the token is signed if ( @@ -1601,6 +1607,9 @@ class NodeManager { catch { continue; } + if (claim.payload.signedClaimNetworkAuthorityEncoded == null) { + throw new claimsErrors.ErrorDoublySignedClaimVerificationFailed(); + } const tokenNetworkAuthority = Token.fromEncoded(claim.payload.signedClaimNetworkAuthorityEncoded); try { assertClaimNetworkAuthority(tokenNetworkAuthority.payload);