From 03f6f9c6e1267e77a21b119f94c672813be21c4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bartosz=20R=C3=B3=C5=BCa=C5=84ski?= <bartek.roza@gmail.com>
Date: Mon, 18 Nov 2024 11:33:38 +0000
Subject: [PATCH] don't certify if URL or pubkey is empty (#6457)

## Motivation

Fixes the issue when the poet client tries to certify despite the certifier URL is empty.
---
 CHANGELOG.md                   |  2 ++
 activation/poet.go             |  2 +-
 activation/poet_client_test.go | 39 ++++++++++++++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 18623abce6..b9c67936b4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,8 @@ See [RELEASE](./RELEASE.md) for workflow instructions.
 
 * [#6451](https://github.com/spacemeshos/go-spacemesh/pull/6451) Fix a possible deadloop in the beacon protocol.
 
+* [#6457](https://github.com/spacemeshos/go-spacemesh/pull/6457) Fix trying to certify POST when certifier URL is empty.
+
 ## v1.7.6
 
 ### Upgrade information
diff --git a/activation/poet.go b/activation/poet.go
index 3174d0c19e..57f8b0b4fc 100644
--- a/activation/poet.go
+++ b/activation/poet.go
@@ -647,7 +647,7 @@ func (c *poetService) Certify(ctx context.Context, id types.NodeID) (*certifier.
 		return nil, err
 	}
 
-	if info.Certifier == nil {
+	if info.Certifier == nil || len(info.Certifier.Url.Host) == 0 || len(info.Certifier.Pubkey) == 0 {
 		return nil, ErrCertificatesNotSupported
 	}
 	return c.certifier.Certificate(ctx, id, info.Certifier.Url, info.Certifier.Pubkey)
diff --git a/activation/poet_client_test.go b/activation/poet_client_test.go
index a668b97643..bf49429404 100644
--- a/activation/poet_client_test.go
+++ b/activation/poet_client_test.go
@@ -338,6 +338,45 @@ func TestPoetClient_Certify(t *testing.T) {
 		_, err = poet.Certify(context.Background(), sig.NodeID())
 		require.ErrorIs(t, err, ErrCertificatesNotSupported)
 	})
+	t.Run("poet does not support certificate (empty certifier URL)", func(t *testing.T) {
+		ctrl := gomock.NewController(t)
+		mCertifier := NewMockcertifierService(ctrl)
+		client := NewMockPoetClient(ctrl)
+		client.EXPECT().Info(gomock.Any()).Return(
+			&types.PoetInfo{
+				Certifier: &types.CertifierInfo{
+					Url:    &url.URL{},
+					Pubkey: []byte("key"),
+				},
+			},
+			nil,
+		).AnyTimes()
+
+		logger := zaptest.NewLogger(t)
+		poet := NewPoetServiceWithClient(nil, client, cfg, logger, testTickSize, WithCertifier(mCertifier))
+		_, err = poet.Certify(context.Background(), sig.NodeID())
+		require.ErrorIs(t, err, ErrCertificatesNotSupported)
+	})
+	t.Run("poet does not support certificate (empty certifier pubkey)", func(t *testing.T) {
+		ctrl := gomock.NewController(t)
+		mCertifier := NewMockcertifierService(ctrl)
+		client := NewMockPoetClient(ctrl)
+		url, err := url.Parse("http://poet.spacemesh")
+		require.NoError(t, err)
+		client.EXPECT().Info(gomock.Any()).Return(
+			&types.PoetInfo{
+				Certifier: &types.CertifierInfo{
+					Url: url,
+				},
+			},
+			nil,
+		).AnyTimes()
+
+		logger := zaptest.NewLogger(t)
+		poet := NewPoetServiceWithClient(nil, client, cfg, logger, testTickSize, WithCertifier(mCertifier))
+		_, err = poet.Certify(context.Background(), sig.NodeID())
+		require.ErrorIs(t, err, ErrCertificatesNotSupported)
+	})
 }
 
 func TestPoetClient_ObtainsCertOnSubmit(t *testing.T) {