chore: skip range check when the certificate comes from the managemen…

…t canister
dfinity · Oct 17, 2024 · 613da0f · 613da0f
1 parent 00ad493
commit 613da0f
Showing 1 changed file with 14 additions and 11 deletions.
diff --git a/packages/agent/src/certificate.ts b/packages/agent/src/certificate.ts
@@ -5,6 +5,7 @@ import { bufEquals, concat, fromHex, toHex } from './utils/buffer';
 import { Principal } from '@dfinity/principal';
 import * as bls from './utils/bls';
 import { decodeTime } from './utils/leb';
+import { MANAGEMENT_CANISTER_ID } from "./agent";
 
 /**
  * A certificate may fail verification with respect to the provided public key
@@ -271,17 +272,19 @@ export class Certificate {
 
     await cert.verify();
 
-    const canisterInRange = check_canister_ranges({
-      canisterId: this._canisterId,
-      subnetId: Principal.fromUint8Array(new Uint8Array(d.subnet_id)),
-      tree: cert.cert.tree,
-    });
-    if (!canisterInRange) {
-      throw new CertificateVerificationError(
-        `Canister ${this._canisterId} not in range of delegations for subnet 0x${toHex(
-          d.subnet_id,
-        )}`,
-      );
+    if (this._canisterId.toString() !== MANAGEMENT_CANISTER_ID) {
+      const canisterInRange = check_canister_ranges({
+        canisterId: this._canisterId,
+        subnetId: Principal.fromUint8Array(new Uint8Array(d.subnet_id)),
+        tree: cert.cert.tree,
+      });
+      if (!canisterInRange) {
+        throw new CertificateVerificationError(
+          `Canister ${this._canisterId} not in range of delegations for subnet 0x${toHex(
+            d.subnet_id,
+          )}`,
+        );
+      }
     }
     const publicKeyLookup = lookupResultToBuffer(
       cert.lookup(['subnet', d.subnet_id, 'public_key']),