diff --git a/lib/archethic/bootstrap/network_init.ex b/lib/archethic/bootstrap/network_init.ex index 8c308c494..f8858fe7c 100644 --- a/lib/archethic/bootstrap/network_init.ex +++ b/lib/archethic/bootstrap/network_init.ex @@ -98,6 +98,10 @@ defmodule Archethic.Bootstrap.NetworkInit do [genesis_origin_public_key | _rest] = @genesis_origin_public_keys + origin_cert = + "3044022063c64fbf5df43655246aa1ada1ebdde9433b8134e4a2149a9166062a032a4a2402207beb350265a3d2af0eb25c5b0ab3488abce55eb307566fa706ac6c87a56e2ffd" + |> Base.decode16!(case: :mixed) + Transaction.new( :origin, %TransactionData{ @@ -109,7 +113,8 @@ defmodule Archethic.Bootstrap.NetworkInit do content: true ] """, - content: <> + content: + <> }, signing_seed, 0 diff --git a/lib/archethic/crypto.ex b/lib/archethic/crypto.ex index 58b27a31d..097d651ae 100755 --- a/lib/archethic/crypto.ex +++ b/lib/archethic/crypto.ex @@ -1196,7 +1196,7 @@ defmodule Archethic.Crypto do ...> <<4, 210, 136, 107, 189, 140, 118, 86, 124, 217, 244, 69, 111, 61, 56, 224, 56, 150, 230, ...> 194, 203, 81, 213, 212, 220, 19, 1, 180, 114, 44, 230, 149, 21, 125, 69, 206, 32, 173, ...> 186, 81, 243, 58, 13, 198, 129, 169, 33, 179, 201, 50, 49, 67, 38, 156, 38, 199, 97, 59, - ...> 70, 95, 28, 35, 233, 21, 230>>) + ...> 70, 95, 28, 35, 233, 21, 230>>, false) true # Should return true with origin :onchain_wallet/:software & empty certificate @@ -1204,13 +1204,13 @@ defmodule Archethic.Crypto do iex> Crypto.verify_key_certificate?( ...> <<0,0, 241, 101, 225, 229, 247, 194, 144, 229, 47, 46, 222, 243, 251, 171, 96, ...> 203, 174, 116, 191, 211, 39, 79, 142, 94, 225, 222, 51, 69, 201, 84, 161, 102>>, - ...> _cerificate = "" ,_root_ca_public_key= <<4>>) + ...> _cerificate = "" ,_root_ca_public_key= <<4>>, _for_node=false) true iex> Crypto.verify_key_certificate?( ...> <<0,1, 241, 101, 225, 229, 247, 194, 144, 229, 47, 46, 222, 243, 251, 171, 96, ...> 203, 174, 116, 191, 211, 39, 79, 142, 94, 225, 222, 51, 69, 201, 84, 161, 102>>, - ...> _cerificate = "" ,_root_ca_public_key= <<6>>) + ...> _cerificate = "" ,_root_ca_public_key= <<6>>, _for_node=false) true # Should return false with origin :all & Any certificate & Empty Root_CA_Public_Key @@ -1222,7 +1222,7 @@ defmodule Archethic.Crypto do ...> 241, 104, 124, 212, 13, 10, 30, 80, 2, 170, 174, 8, 129, 205, 30, 40, 7, 196, ...> 2, 32, 27, 21, 21, 174, 186, 126, 63, 184, 50, 195, 46, 118, 188, 2, 112, 214, ...> 196, 121, 250, 48, 223, 110, 152, 189, 231, 137, 152, 25, 78, 29, 76, 191>> , - ...> _root_ca_public_key= "") + ...> _root_ca_public_key= "", _for_node=false) false iex> Crypto.verify_key_certificate?( @@ -1232,24 +1232,28 @@ defmodule Archethic.Crypto do ...> 241, 104, 124, 212, 13, 10, 30, 80, 2, 170, 174, 8, 129, 205, 30, 40, 7, 196, ...> 2, 32, 27, 21, 21, 174, 186, 126, 63, 184, 50, 195, 46, 118, 188, 2, 112, 214, ...> 196, 121, 250, 48, 223, 110, 152, 189, 231, 137, 152, 25, 78, 29, 76, 191>> , - ...> _root_ca_public_key= "") + ...> _root_ca_public_key= "", _for_node=false) false """ @spec verify_key_certificate?( public_key :: key(), certificate :: binary(), - root_ca_key :: binary() + root_ca_key :: binary(), + for_node? :: boolean() ) :: boolean() + def verify_key_certificate?(_, "", "", true), do: true + def verify_key_certificate?(_, "", _, true), do: false - def verify_key_certificate?(<<_::8, 0::8, _::binary>>, "", _), do: true - def verify_key_certificate?(<<_::8, 1::8, _::binary>>, "", _), do: true - def verify_key_certificate?(_, _, ""), do: false + def verify_key_certificate?(<<_::8, 0::8, _::binary>>, "", _, false), do: true + def verify_key_certificate?(<<_::8, 1::8, _::binary>>, "", _, false), do: true + def verify_key_certificate?(_, _, "", false), do: false def verify_key_certificate?( <>, certificate, - root_ca_key + root_ca_key, + _ ) when is_binary(certificate) and is_binary(root_ca_key) do try do diff --git a/lib/archethic/mining/pending_transaction_validation.ex b/lib/archethic/mining/pending_transaction_validation.ex index a66fa674d..aad9df4c0 100644 --- a/lib/archethic/mining/pending_transaction_validation.ex +++ b/lib/archethic/mining/pending_transaction_validation.ex @@ -322,7 +322,8 @@ defmodule Archethic.Mining.PendingTransactionValidation do Crypto.verify_key_certificate?( origin_public_key, key_certificate, - root_ca_public_key + root_ca_public_key, + true )}, {:conn, :ok} <- {:conn, valid_connection(ip, port, previous_public_key)}, @@ -369,7 +370,12 @@ defmodule Archethic.Mining.PendingTransactionValidation do root_ca_public_key <- Crypto.get_root_ca_public_key(origin_public_key), true <- - Crypto.verify_key_certificate?(origin_public_key, key_certificate, root_ca_public_key) do + Crypto.verify_key_certificate?( + origin_public_key, + key_certificate, + root_ca_public_key, + false + ) do :ok else false -> diff --git a/lib/archethic_web/controllers/api/schema/origin_public_key.ex b/lib/archethic_web/controllers/api/schema/origin_public_key.ex index 3554fc96d..55a73028a 100644 --- a/lib/archethic_web/controllers/api/schema/origin_public_key.ex +++ b/lib/archethic_web/controllers/api/schema/origin_public_key.ex @@ -86,7 +86,12 @@ defmodule ArchethicWeb.API.Schema.OriginPublicKey do with root_ca_public_key <- Crypto.get_root_ca_public_key(origin_public_key), true <- - Crypto.verify_key_certificate?(origin_public_key, certificate, root_ca_public_key) do + Crypto.verify_key_certificate?( + origin_public_key, + certificate, + root_ca_public_key, + false + ) do {:ok, :valid} else _ -> :error