-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add certificates store validation #1899
Comments
Right now lucas believes this means that anyone can change another user's name. |
We should address #1891 first and then address this. |
We can assume some of the the infrastructure necessary for this task will be implemented in #1891. Specifically that there will exist functions We should also verify:
Since it looks like access controllers only validate heads, I think we should simply validate each entry ourselves. We can create a new validation function It might be nice to encapsulate everything in a |
* chore: start moving certificates to its own store * chore: postpone validation work * chore: move certificates to its own store * fix: checking username availability * test: fix * fix: lint * test: temporarily remove empty spec files * fix: resolving promises on certificates loading * fix: updating peer list * chore: remove leftover * test: add certificates store unit tests * feat: validate certificates against the authority and format #1899 * chore: Merge chore/validate-scrs into chore/1899 * chore: Revert "chore: Merge chore/validate-scrs into chore/1899" This reverts commit 73c4f8d. * chore: update CHANGELOG.md * test: verify certificate against the authority (negative case) * fix: lint * bug: updatePeersList returning wrong data type * fix: update localdb peers list * chore: Revert "fix: update localdb peers list" This reverts commit 64d64c0. * test: unskip write event test * test: remove deprecated and broken cases * fix: disable broken test --------- Co-authored-by: Vin Kabuki <[email protected]>
@leblowl any way I can check this doing manual checks? |
Desktop: [email protected] |
Currently anyone can write to the certificates log. This allows anyone to forge certificates. certificates store should only be writable to by the owner and we should validate certs and verify they are signed by the owner.
With the additions of #1843, when certificates are replicated:
quiet/packages/backend/src/nest/storage/storage.service.ts
Lines 361 to 367 in e019b86
They are then sent to the client, where they are parsed and added to the Redux store:
quiet/packages/state-manager/src/sagas/users/users.slice.ts
Lines 20 to 30 in e019b86
parseCertificate doesn't check the signature.
Then certs are used for usernames via allUsers selector:
quiet/packages/state-manager/src/sagas/users/users.selectors.ts
Line 76 in e019b86
If we don't verify that a cert is signed by the owner, we cannot guarantee username uniqueness and we cannot guarantee the public key in the cert is connected to the username in the cert... assuming that we trust the owner to check uniqueness and verify CSR signatures.
The text was updated successfully, but these errors were encountered: