Skip to content

feat(rust/cardano-chain-follower): RBAC CIP509 validation #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 17 commits into from
Sep 17, 2024
Merged

feat(rust/cardano-chain-follower): RBAC CIP509 validation #16

merged 17 commits into from
Sep 17, 2024

Conversation

@bkioshn
Copy link
Contributor

@bkioshn bkioshn commented Sep 5, 2024
edited
Loading

Description

CIP509 RBAC Validation

Move from input-output-hk/hermes#351

Related Issue(s)

Closes #324

Description of Changes

The validation includes

  • Hashing the transaction input 0: transaction inputs within the transaction should match the 1: txn-inputs-hash
  • ?7: auxiliary_data_hash should match the hash of the auxiliary data. This also log the pre-hashed of the auxiliary data (aux with 99: validation signature set to 0x00`)
  • Role 0 validation
    • public key extracted from URI in x509 or c509 subject alternative name should match some of the witness set within the transaction - Only cares about stake key
    • Reference ?3: payment-key
      • Negative index reference - reference to transaction output in transaction: should match some of the key within witness set
      • Positive index reference - referece to transaction input in transaction: check only the index exist within the transaction input

Validation Logging
If validation report is not empty (meaning there is some error) log the error
e.g. CIP509 4: ["Failed to compare public keys with witnesses No public key addresses provided"], chain: "Preprod"
else logging the actual validation mention above
e.g.

CIP509 1: Cip509Validation { valid_txn_inputs_hash: true, valid_aux: true, precomputed_aux: [161, 25, 1, 253, 165, 0, 80, 202, 122, 20, 87, 239, 159, 76, 127, 156, 116, 127, 140, 74, 76, 250, 108, 1, 80, 57, 55, 67, 75, 150, 199, 38, 153, 239, 0, 128, 183, 106, 120, 138, 146, 2, 88, 32, 77, 63, 87, 111, 38, 219, 41, 19, 153, 129, 166, 148, 67, 194, 50, 93, 170, 129, 44, 195, 83, 163, 27, 90, 77, 183, 148, 165, 188, 187, 6, 194, 11, 140, 88, 64, 27, 61, 3, 8, 102, 8, 79, 203, 37, 157, 224, 116, 150, 211, 25, 126, 145, 58, 57, 253, 98, 138, 61, 176, 164, 237, 104, 57, 38, 26, 0, 197, 28, 176, 165, 185, 193, 97, 148, 6, 65, 50, 172, 227, 117, 234, 35, 199, 92, 96, 101, 148, 0, 203, 163, 4, 208, 214, 137, 192, 0, 134, 25, 93, 88, 64, 255, 40, 113, 77, 160, 44, 53, 231, 41, 88, 21, 186, 88, 183, 127, 34, 126, 87, 111, 162, 84, 196, 100, 226, 249, 198, 249, 223, 169, 0, 160, 32, 130, 80, 3, 60, 5, 74, 70, 140, 56, 224, 136, 25, 96, 29, 7, 60, 3, 74, 71, 39, 165, 36, 255, 57, 153, 84, 119, 68, 60, 31, 202, 35, 88, 64, 131, 156, 146, 117, 153, 178, 83, 136, 127, 80, 72, 124, 28, 175, 117, 124, 10, 175, 121, 188, 63, 202, 205, 66, 37, 43, 143, 42, 225, 241, 168, 178, 130, 146, 156, 162, 43, 181, 194, 136, 92, 194, 58, 102, 0, 92, 12, 193, 202, 32, 20, 43, 130, 49, 12, 58, 19, 125, 68, 193, 148, 62, 64, 153, 88, 64, 167, 167, 206, 92, 52, 117, 181, 136, 122, 55, 101, 237, 226, 255, 59, 123, 254, 169, 15, 37, 94, 46, 223, 55, 253, 68, 226, 127, 38, 184, 230, 207, 64, 138, 239, 75, 32, 190, 191, 114, 87, 179, 218, 188, 126, 218, 101, 255, 244, 237, 39, 139, 80, 33, 159, 10, 82, 54, 127, 245, 184, 14, 70, 183, 88, 64, 56, 117, 245, 90, 57, 77, 23, 165, 217, 166, 177, 161, 222, 255, 91, 34, 6, 233, 233, 115, 78, 159, 190, 250, 106, 28, 223, 235, 122, 16, 69, 70, 223, 182, 228, 108, 70, 254, 174, 182, 90, 127, 70, 72, 194, 118, 226, 158, 135, 178, 123, 192, 83, 191, 254, 247, 147, 89, 48, 2, 32, 208, 195, 135, 88, 64, 242, 160, 92, 196, 136, 3, 23, 53, 142, 25, 199, 88, 253, 154, 185, 145, 117, 81, 206, 57, 135, 175, 46, 53, 215, 59, 105, 88, 160, 245, 115, 39, 132, 98, 27, 12, 146, 246, 138, 147, 83, 127, 22, 244, 132, 69, 66, 72, 144, 249, 85, 215, 165, 151, 193, 60, 46, 181, 74, 130, 179, 159, 3, 7, 88, 64, 151, 80, 125, 245, 254, 249, 22, 250, 187, 109, 175, 223, 181, 22, 251, 145, 132, 120, 62, 44, 180, 232, 157, 4, 138, 108, 30, 92, 4, 129, 139, 219, 118, 255, 181, 203, 239, 31, 190, 69, 38, 88, 217, 4, 205, 21, 46, 231, 42, 59, 252, 110, 254, 17, 153, 251, 59, 81, 241, 151, 150, 41, 205, 78, 88, 64, 253, 183, 223, 81, 23, 35, 212, 206, 173, 61, 43, 46, 185, 193, 241, 140, 187, 252, 249, 245, 204, 142, 172, 70, 220, 3, 205, 85, 252, 172, 51, 3, 195, 145, 67, 127, 80, 64, 9, 35, 230, 92, 2, 233, 129, 175, 84, 97, 182, 134, 122, 71, 251, 37, 235, 233, 176, 251, 77, 158, 65, 236, 33, 14, 88, 64, 75, 144, 17, 0, 2, 6, 65, 69, 35, 192, 153, 15, 158, 226, 11, 93, 138, 116, 83, 147, 211, 254, 186, 246, 65, 58, 68, 139, 153, 79, 21, 103, 235, 121, 69, 223, 122, 10, 180, 74, 253, 85, 86, 30, 1, 144, 179, 118, 212, 17, 2, 108, 93, 122, 74, 73, 161, 158, 11, 211, 245, 173, 221, 108, 88, 64, 73, 47, 222, 70, 238, 232, 215, 91, 88, 114, 134, 41, 29, 254, 182, 167, 143, 223, 89, 193, 166, 191, 162, 113, 123, 31, 65, 223, 168, 120, 117, 97, 64, 206, 124, 119, 80, 75, 100, 176, 148, 184, 112, 173, 231, 133, 105, 86, 110, 236, 102, 54, 145, 51, 175, 90, 168, 200, 234, 185, 249, 94, 41, 223, 88, 64, 158, 193, 11, 226, 81, 84, 113, 1, 178, 76, 73, 92, 143, 244, 250, 85, 55, 141, 187, 74, 92, 110, 137, 177, 138, 18, 172, 3, 51, 67, 214, 28, 59, 127, 95, 186, 114, 91, 81, 83, 109, 146, 165, 203, 250, 239, 155, 230, 210, 74, 62, 91, 61, 117, 161, 192, 226, 158, 66, 245, 35, 86, 127, 172, 77, 15, 130, 0, 129, 28, 130, 45, 34, 16, 185, 127, 87, 8, 24, 99, 88, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0], valid_public_key: false, valid_payment_key: false }, chain: "Preprod"
  • Minor changes to other files may included

Please confirm the following checks

  • My code follows the style guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream module

@bkioshn bkioshn self-assigned this Sep 5, 2024
@bkioshn bkioshn added the enhancement New feature or request label Sep 5, 2024
@bkioshn bkioshn changed the title feat: RBAC CIP509 validation (move from hermes) feat(rust/cardano-chain-follower): RBAC CIP509 validation Sep 5, 2024
@bkioshn bkioshn added the review me PR is ready for review label Sep 12, 2024
stevenj
stevenj requested changes Sep 13, 2024
View reviewed changes
@bkioshn bkioshn requested a review from stevenj September 13, 2024 13:59
bkioshn and others added 3 commits September 16, 2024 15:27
@bkioshn
fix(rust/cardano-chain-follower): payment key ref index
2a1f5c3
@bkioshn
fix(rust/cardano-chain-follower): payment key ref index type to i16
88826b0
@bkioshn
test(rust/cardano-chain-follower): CIP509 RBAC validation (#25)
af7a84d 
* test(rust/cardano-chain-follower): add test data

* test(rust/cardano-chain-follower): add test for x509_chunk decompression

* fix(rust/cardano-chain-follower): payment key should accept negative number

* test(rust/cardano-chain-follower): add test for cip509 validation

* chore(rust/cardano-chain-follower): typo

* fix(rust/cardano-chain-follower): update test data
stevenj
stevenj approved these changes Sep 17, 2024
View reviewed changes
Copy link
Collaborator

@stevenj stevenj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stevenj stevenj merged commit 1c2b570 into main Sep 17, 2024
@stevenj stevenj deleted the feat/rbac-validation branch September 17, 2024 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stevenj stevenj stevenj approved these changes

Assignees

@bkioshn bkioshn

Labels

enhancement New feature or request review me PR is ready for review

Projects

Catalyst
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bkioshn @stevenj