Implemented step 1 and 2 for WoT. Still need to notify the POR subjec… #2
Conversation
|
Hello. Please run If you are using VSCode, the following settings are recommended: {
"editor.defaultFormatter": "denoland.vscode-deno",
"editor.formatOnPaste": true,
"editor.formatOnSave": true,
"[typescript]": {
"editor.defaultFormatter": "denoland.vscode-deno"
},
"deno.enable": true,
"deno.lint": true,
"deno.unstable": true
} |
|
How is your progress on this? |
src/security/cert-storage.ts
Outdated
There was a problem hiding this comment.
You need to implement a new class in a new file instead of changing the existing one. It will break the currently running workspace.
src/security/cert-storage.ts
Outdated
| */ | ||
| export class CertStorage implements SecurityAgent { |
There was a problem hiding this comment.
Please implement the same interface.
Also, preserve the code in L24, L32, L72, L138 and L146.
src/security/cert-storage.ts
Outdated
| @@ -82,6 +82,7 @@ export class CertStorage implements SecurityAgent { | |||
|
|
|||
| // Cache result certificates | |||
| this.storage.set(result.name.toString(), Encoder.encode(result)); | |||
| this.trustedNames.push(result.name.toString()); | |||
There was a problem hiding this comment.
trustedNames is not persistent in a storage, which means it will become empty after the program restarts.
You need to modify the create function to compute this array.
src/security/cert-storage.ts
Outdated
| @@ -60,7 +60,7 @@ export class CertStorage implements SecurityAgent { | |||
| */ | |||
| async getCertificate(keyName: Name, localOnly: boolean): Promise<Certificate | undefined> { | |||
| const certBytes = await this.storage.get(keyName.toString()); | |||
| if (certBytes === undefined || certBytes.length === 0) { // Length 0 happens for parallel access reason | |||
| if (certBytes === undefined) { | |||
| if (localOnly) { | |||
| return undefined; | |||
There was a problem hiding this comment.
You haven't done anything for an unrecognized certficate. Do you need to fetch the PoR?
Also, the function generatePoR is not used anywhere. Do you want users to generate PoR manually?
src/security/cert-storage.ts
Outdated
| const parts: string[] = item.split('/'); | ||
| let partsBeforeKey: string = ''; | ||
| for (let i = 0; i < parts.length; i++) { //put <Z_a name encoded> together with a loop | ||
| if (parts[i].includes('KEY')) { | ||
| break; | ||
| } | ||
| partsBeforeKey += parts[i] + '/'; | ||
| } |
There was a problem hiding this comment.
First, I don't think this is the correct behavior. I think <Tb keyid> is a single component containing the encoded name. Please confirm with @tianyuan129 .
If this behavior is correct, you can still get rid of the loop. See Name.append
src/security/cert-storage.ts
Outdated
| // return if we found that one of the users we trust, also trusts the new user | ||
| const response: Certificate | undefined = await this.getCertificate( | ||
| new Name(strangerKeyname + partsBeforeKey + 'v1'), | ||
| false, |
There was a problem hiding this comment.
This means PoR can be recursively signed by other unknown certifcates. Please check if the behavior if desired.
src/security/cert-storage.ts
Outdated
| if (foreignPoR == undefined) { | ||
| throw new Error('Data verification failure: No POR certificate found issued by trusted user'); | ||
| } |
There was a problem hiding this comment.
This reads as "a PoR cannot be generated without an existing one".
Then, how can the first PoR be generated?
src/security/cert-storage.ts
Outdated
| } | ||
|
|
||
| // Get public key of C_b | ||
| const certificate: Certificate | undefined = await this.getCertificate(new Name(strangerKeyname), false); |
There was a problem hiding this comment.
Do you want to fetch a certificate when generating PoR?
src/security/cert-storage.ts
Outdated
| // Create a self-signed certificate, i.e. the PoR | ||
| const proofOfZoneRecognition = await Certificate.build({ | ||
| name: certName, | ||
| validity: validityPeriod, | ||
| publicKeySpki: publicKey, | ||
| signer: this._signer, | ||
| }); |
Implemented following functionalities:
Missing functionality: Notify the POR subject a new POR is generated, let it fetch by name