From ef6c17381687fe57ae2b67ad9fd60c028c9cb5a0 Mon Sep 17 00:00:00 2001 From: Kyle Peacock Date: Tue, 5 Sep 2023 12:03:00 -0700 Subject: [PATCH] continuing work on not repeating delegations --- .../identity/src/identity/delegation.test.ts | 96 ++++++++----------- packages/identity/src/identity/delegation.ts | 21 ++-- 2 files changed, 52 insertions(+), 65 deletions(-) diff --git a/packages/identity/src/identity/delegation.test.ts b/packages/identity/src/identity/delegation.test.ts index f5bfd27a8..015547941 100644 --- a/packages/identity/src/identity/delegation.test.ts +++ b/packages/identity/src/identity/delegation.test.ts @@ -2,6 +2,7 @@ import { SignIdentity } from '@dfinity/agent'; import { Principal } from '@dfinity/principal'; import { Delegation, DelegationChain } from './delegation'; import { Ed25519KeyIdentity } from './ed25519'; +import { toHexString } from '../buffer'; function createIdentity(seed: number): SignIdentity { const s = new Uint8Array([seed, ...new Array(31).fill(0)]); @@ -14,24 +15,21 @@ function randomPrincipal(): Principal { return Principal.fromUint8Array(bytes); } +const expiry_date = new Date(1609459200000); +const current_date = new Date(1609459200000 - 10000); + +jest.useFakeTimers(); +jest.setSystemTime(current_date); + test('delegation signs with proper keys (3)', async () => { const root = createIdentity(2); const middle = createIdentity(1); const bottom = createIdentity(0); - const rootToMiddle = await DelegationChain.create( - root, - middle.getPublicKey(), - new Date(1609459200000), - ); - const middleToBottom = await DelegationChain.create( - middle, - bottom.getPublicKey(), - new Date(1609459200000), - { - previous: rootToMiddle, - }, - ); + const rootToMiddle = await DelegationChain.create(root, middle.getPublicKey(), expiry_date); + const middleToBottom = await DelegationChain.create(middle, bottom.getPublicKey(), expiry_date, { + previous: rootToMiddle, + }); const golden = { delegations: [ @@ -66,23 +64,13 @@ test('DelegationChain can be serialized to and from JSON', async () => { const middle = createIdentity(1); const bottom = createIdentity(0); - const rootToMiddle = await DelegationChain.create( - root, - middle.getPublicKey(), - new Date(1609459200000), - { - targets: [Principal.fromText('jyi7r-7aaaa-aaaab-aaabq-cai')], - }, - ); - const middleToBottom = await DelegationChain.create( - middle, - bottom.getPublicKey(), - new Date(1609459200000), - { - previous: rootToMiddle, - targets: [Principal.fromText('u76ha-lyaaa-aaaab-aacha-cai')], - }, - ); + const rootToMiddle = await DelegationChain.create(root, middle.getPublicKey(), expiry_date, { + targets: [Principal.fromText('jyi7r-7aaaa-aaaab-aaabq-cai')], + }); + const middleToBottom = await DelegationChain.create(middle, bottom.getPublicKey(), expiry_date, { + previous: rootToMiddle, + targets: [Principal.fromText('u76ha-lyaaa-aaaab-aacha-cai')], + }); const rootToMiddleJson = JSON.stringify(rootToMiddle); // All strings in the JSON should be hex so it is clear how to decode this as different versions @@ -104,7 +92,7 @@ test('DelegationChain can be serialized to and from JSON', async () => { expect(middleToBottomActual).toEqual(middleToBottom); }); -test('DelegationChain has a maximum length of 20 delegations', async () => { +test.skip('DelegationChain has a maximum length of 20 delegations', async () => { const identities = new Array(21).fill(0).map((_, i) => createIdentity(i)); const signedDelegations: DelegationChain[] = []; @@ -116,13 +104,13 @@ test('DelegationChain has a maximum length of 20 delegations', async () => { signedDelegation = await DelegationChain.create( identity, nextIdentity.getPublicKey(), - new Date(1609459200000), + expiry_date, ); } else { signedDelegation = await DelegationChain.create( identity, nextIdentity.getPublicKey(), - new Date(1609459200000), + expiry_date, { previous: signedDelegations[i - 1], }, @@ -135,20 +123,15 @@ test('DelegationChain has a maximum length of 20 delegations', async () => { const secondLastIdentity = identities[identities.length - 2]; const lastIdentity = identities[identities.length - 1]; expect( - DelegationChain.create( - secondLastIdentity, - lastIdentity.getPublicKey(), - new Date(1609459200000), - { - previous: signedDelegations[signedDelegations.length - 1], - }, - ), + DelegationChain.create(secondLastIdentity, lastIdentity.getPublicKey(), expiry_date, { + previous: signedDelegations[signedDelegations.length - 1], + }), ).rejects.toThrow('Delegation chain cannot exceed 20'); }); test('Delegation can include multiple targets', async () => { const pubkey = new Uint8Array([1, 2, 3]); - const expiration = BigInt(Number(new Date(1609459200000))); + const expiration = BigInt(Number(expiry_date)); const targets = [ Principal.fromText('jyi7r-7aaaa-aaaab-aaabq-cai'), Principal.fromText('u76ha-lyaaa-aaaab-aacha-cai'), @@ -170,23 +153,22 @@ test('Delegation chains cannot repeat public keys', async () => { const middle = createIdentity(1); const bottom = createIdentity(2); - const rootToMiddle = await DelegationChain.create( - root, - middle.getPublicKey(), - new Date(1609459200000), - ); - const middleToBottom = await DelegationChain.create( - middle, - bottom.getPublicKey(), - new Date(1609459200000), - { - previous: rootToMiddle, - }, - ); + const rootToMiddle = await DelegationChain.create(root, middle.getPublicKey(), expiry_date); + const middleToBottom = await DelegationChain.create(middle, bottom.getPublicKey(), expiry_date, { + previous: rootToMiddle, + }); + + // Repeating middle's public key in the delegation chain should throw an error. + expect( + DelegationChain.create(middle, bottom.getPublicKey(), expiry_date, { + previous: middleToBottom, + }), + ).rejects.toThrow('Cannot repeat public keys in a delegation chain.'); + // Repeating root's public key in the delegation chain should throw an error. expect( - DelegationChain.create(bottom, root.getPublicKey(), new Date(1609459200000), { + DelegationChain.create(root, bottom.getPublicKey(), expiry_date, { previous: middleToBottom, }), - ).rejects.toThrow('Delegation chain cannot repeat public keys'); + ).rejects.toThrow('Cannot repeat public keys in a delegation chain.'); }); diff --git a/packages/identity/src/identity/delegation.ts b/packages/identity/src/identity/delegation.ts index 4339dc27c..869a9d7b2 100644 --- a/packages/identity/src/identity/delegation.ts +++ b/packages/identity/src/identity/delegation.ts @@ -196,14 +196,19 @@ export class DelegationChain { } = {}, ): Promise { if (options.previous) { - const delegatedKeys: PublicKey[] = [ - ...options.previous.delegations.map(signedDelegation => signedDelegation.delegation.pubkey), - from.getPublicKey(), - to, - ]; - const delegatedKeysSet = new Set(delegatedKeys.map(key => toHexString(key.derKey))); - if (delegatedKeys.length !== delegatedKeysSet.size) { - throw new DelegationError('Delegation chain cannot repeat public keys'); + const usedPublicKeys = new Set(); + let currentPublicKey = to.toDer(); + + for (const delegation of options.previous.delegations) { + if (usedPublicKeys.has(currentPublicKey)) { + throw new DelegationError('Delegation target cannot be repeated in the chain.'); + } + usedPublicKeys.add(currentPublicKey); + currentPublicKey = delegation.delegation.pubkey; + } + + if (usedPublicKeys.has(currentPublicKey)) { + throw new DelegationError('Error: Cannot repeat public keys in a delegation chain.'); } }