validate contract

2386926c · Jonah Husson · ee25dacf · 2386926c · 2386926c
Commit 2386926c authored Oct 22, 2021 by Jonah Husson
--- a/cmd/server.go
+++ b/cmd/server.go
@@ -69,6 +69,7 @@ var serverCmd = &cobra.Command{
 				Address:  addr,
 				Port:     port,
 			},
+			ContractPath: viper.GetString("contractPath"),
 		}
 		err = server.StartServer(params)
 		var stopCh = make(chan bool)

--- a/server/serverImpl.go
+++ b/server/serverImpl.go
@@ -8,6 +8,7 @@
 package server

 import (
+	"bytes"
 	"context"
 	gorsa "crypto/rsa"
 	"crypto/x509"
@@ -26,6 +27,7 @@ import (
 	"gitlab.com/xx_network/crypto/signature/rsa"
 	"gitlab.com/xx_network/primitives/id"
 	"gitlab.com/xx_network/primitives/id/idf"
+	utils2 "gitlab.com/xx_network/primitives/utils"
 	"net/http"
 	"testing"
 	"time"
@@ -35,6 +37,7 @@ import (
 type Params struct {
 	KeyPath       string
 	CertPath      string
+	ContractPath  string
 	Port          string
 	StorageParams storage.Params
 }
@@ -46,8 +49,19 @@ func StartServer(params Params) error {
 	if err != nil {
 		return err
 	}
+
+	cp, err := utils2.ExpandPath(params.ContractPath)
+	if err != nil {
+		return err
+	}
+	validContractBytes, err := utils2.ReadFile(cp)
+	if err != nil {
+		return err
+	}
+
 	impl := &Impl{
 		s:        s,
+		contract: validContractBytes,
 	}

 	// Build gin server, link to verify code
@@ -89,6 +103,7 @@ func StartServer(params Params) error {
 type Impl struct {
 	comms    *gin.Engine
 	s        *storage.Storage
+	contract []byte
 }

 // Verify func is the main endpoint for the mainnet-commitments server
@@ -107,53 +122,60 @@ func (i *Impl) Verify(_ context.Context, msg messages.Commitment) error {
 		jww.ERROR.Println(err)
 		return err
 	}
-
 	jww.INFO.Printf("Received verification request from %+v", idfStruct.ID)

-	ok, err := wallet.ValidateXXNetworkAddress(msg.Wallet)
+	// Check hex node ID (betanet nodes don't have this)
+	if idfStruct.HexNodeID == "" {
+		nid, err := id.Unmarshal(idfStruct.IdBytes[:])
 		if err != nil {
-		err = errors.WithMessage(err, "Failed to validate wallet address")
+			err = errors.WithMessage(err, "Failed to unmarshal ID")
 			jww.ERROR.Println(err)
 			return err
 		}
-	if !ok {
-		err = errors.New("Wallet validation returned false")
+
+		idfStruct.HexNodeID = nid.HexEncode()
+	}
+
+	// Get member info from database
+	hexId := "\\" + idfStruct.HexNodeID[1:]
+	m, err := i.s.GetMember(hexId)
+	if err != nil {
+		err = errors.WithMessagef(err, "Member %s [%+v] not found", idfStruct.ID, idfStruct.IdBytes)
 		jww.ERROR.Println(err)
 		return err
 	}

-	// Hash node info from message
+	// Load contract from request & compare to ours
 	contractBytes, err := base64.URLEncoding.DecodeString(msg.Contract)
 	if err != nil {
 		err = errors.WithMessage(err, "Failed to decode contract from base64")
 	}
-	hashed, hash, err := utils.HashNodeInfo(msg.Wallet, idfBytes, contractBytes)
-	if err != nil {
-		err = errors.WithMessage(err, "Failed to hash node info")
-		jww.ERROR.Println(err)
-		return err
+	if bytes.Compare(contractBytes, i.contract) != 0 {
+		err = errors.Errorf("Contract received [%+v] did not match server contract [%+v]", contractBytes, i.contract)
 	}

-	if idfStruct.HexNodeID == "" {
-		nid, err := id.Unmarshal(idfStruct.IdBytes[:])
+	// Validate wallet
+	ok, err := wallet.ValidateXXNetworkAddress(msg.Wallet)
 	if err != nil {
-			err = errors.WithMessage(err, "Failed to unmarshal ID")
+		err = errors.WithMessage(err, "Failed to validate wallet address")
 		jww.ERROR.Println(err)
 		return err
 	}
-
-		idfStruct.HexNodeID = nid.HexEncode()
+	if !ok {
+		err = errors.New("Wallet validation returned false")
+		jww.ERROR.Println(err)
+		return err
 	}

-	// Get member info from database
-	hexId := "\\" + idfStruct.HexNodeID[1:]
-	m, err := i.s.GetMember(hexId)
+	// Hash node info from message
+	hashed, hash, err := utils.HashNodeInfo(msg.Wallet, idfBytes, contractBytes)
 	if err != nil {
-		err = errors.WithMessagef(err, "Member %s [%+v] not found", idfStruct.ID, idfStruct.IdBytes)
+		err = errors.WithMessage(err, "Failed to hash node info")
 		jww.ERROR.Println(err)
 		return err
 	}

+	// Decode certificate & extract public component
 	block, rest := pem.Decode(m.Cert)
 	jww.INFO.Printf("Decoded cert into block: %+v, rest: %+v", block, rest)
 	var cert *x509.Certificate
@@ -165,6 +187,7 @@ func (i *Impl) Verify(_ context.Context, msg messages.Commitment) error {
 	}
 	rsaPublicKey := cert.PublicKey.(*gorsa.PublicKey)

+	// Decode signature
 	sigBytes, err := base64.URLEncoding.DecodeString(msg.Signature)
 	if err != nil {
 		err = errors.WithMessage(err, "Failed to decode signature from base64")