diff --git a/src/claims/payloads/claimNetworkAccess.ts b/src/claims/payloads/claimNetworkAccess.ts index e9ab1a91a..b7fcbfd2c 100644 --- a/src/claims/payloads/claimNetworkAccess.ts +++ b/src/claims/payloads/claimNetworkAccess.ts @@ -14,7 +14,7 @@ interface ClaimNetworkAccess extends Claim { typ: 'ClaimNetworkAccess'; iss: NodeIdEncoded; sub: NodeIdEncoded; - signedClaimNetworkNodeEncoded: SignedTokenEncoded;x + signedClaimNetworkNodeEncoded: SignedTokenEncoded; } function assertClaimNetworkAccess( @@ -44,6 +44,13 @@ function assertClaimNetworkAccess( '`sub` property must be an encoded node ID', ); } + if ( + claimNetworkAccess['signedClaimNetworkNodeEncoded'] == null + ) { + throw new validationErrors.ErrorParse( + '`signedClaimNetworkNodeEncoded` property must be an encoded signed token', + ); + } } function parseClaimNetworkAccess( diff --git a/src/nodes/NodeManager.ts b/src/nodes/NodeManager.ts index 76b79422b..510c3c569 100644 --- a/src/nodes/NodeManager.ts +++ b/src/nodes/NodeManager.ts @@ -57,6 +57,7 @@ import * as claimsErrors from '../claims/errors'; import * as utils from '../utils/utils'; import config from '../config'; import * as networkUtils from '../network/utils'; +import { ClaimNetworkAccess, assertClaimNetworkAccess } from '../claims/payloads/claimNetworkAccess'; const abortEphemeralTaskReason = Symbol('abort ephemeral task reason'); const abortSingletonTaskReason = Symbol('abort singleton task reason'); @@ -1546,14 +1547,14 @@ class NodeManager { }; } - public async handleVerifyClaimNetworkNode( + public async handleVerifyClaimNetwork( requestingNodeId: NodeId, input: AgentRPCRequestParams, tran?: DBTransaction, ): Promise> { if (tran == null) { return this.db.withTransactionF((tran) => - this.handleVerifyClaimNetworkNode(requestingNodeId, input, tran), + this.handleVerifyClaimNetwork(requestingNodeId, input, tran), ); } const signedClaim = claimsUtils.parseSignedClaim(input.signedTokenEncoded); @@ -1566,7 +1567,18 @@ class NodeManager { ) { throw new claimsErrors.ErrorSinglySignedClaimVerificationFailed(); } - // Need to get the seednode and test public keys against the claim + for await (const [claimId, claim] of this.sigchain.getSignedClaims({})) { + let claimNetworkAccess: ClaimNetworkAccess; + try { + assertClaimNetworkAccess(claim.payload); + claimNetworkAccess = claim.payload; + } + catch(_) { + continue; + } + // Need to get the seednode and test public keys against the claim + + } throw new Error(); } diff --git a/src/nodes/agent/callers/nodesNetworkVerifyClaim.ts b/src/nodes/agent/callers/nodesNetworkVerifyClaim.ts new file mode 100644 index 000000000..115c12f47 --- /dev/null +++ b/src/nodes/agent/callers/nodesNetworkVerifyClaim.ts @@ -0,0 +1,12 @@ +import type { HandlerTypes } from '@matrixai/rpc'; +import type NodesNetworkVerifyClaim from '../handlers/NodesNetworkVerifyClaim'; +import { UnaryCaller } from '@matrixai/rpc'; + +type CallerTypes = HandlerTypes; + +const nodesNetworkVerifyClaim = new UnaryCaller< + CallerTypes['input'], + CallerTypes['output'] +>(); + +export default nodesNetworkVerifyClaim; diff --git a/src/nodes/agent/handlers/NodesNetworkVerifyClaim.ts b/src/nodes/agent/handlers/NodesNetworkVerifyClaim.ts index bae58b8f5..76df808bf 100644 --- a/src/nodes/agent/handlers/NodesNetworkVerifyClaim.ts +++ b/src/nodes/agent/handlers/NodesNetworkVerifyClaim.ts @@ -2,7 +2,7 @@ import type { AgentRPCRequestParams, AgentRPCResponseResult, } from '../types'; -import type NodeConnectionManager from '../../../nodes/NodeConnectionManager'; +import type NodeManager from '../../../nodes/NodeManager'; import type { Host, Port } from '../../../network/types'; import type { JSONValue } from '../../../types'; import { UnaryHandler } from '@matrixai/rpc'; @@ -15,7 +15,7 @@ import * as ids from '../../../ids'; class NodesNetworkAuthenticate extends UnaryHandler< { - nodeConnectionManager: NodeConnectionManager; + nodeManager: NodeManager; }, AgentRPCRequestParams<{}>, AgentRPCResponseResult<{}>