feat: node signature verification for queries (#784)

* feat: adds node signatures to query response types * moves fetchNodeKeys to canisterStatus * updating e2e tests * replaces tweetnacl with @noble/curves * more ed25519 tests and compatibility with previous stored JSON * moves public key and DER utils into agent * simplifies @dfinity/identity with agent exports * subnetStatus mapping node id to public key * lookup_path now returns tree by default * fix: canister ranges checked for root subnet fixes FOLLOW-1301 * fix: sets maxAge for delegation certificates to Infinity, bypassing check resolves FOLLOW-1302
dfinity · Nov 7, 2023 · c115480 · c115480
1 parent 6e1dbfb
commit c115480
Show file tree

Hide file tree

Showing 42 changed files with 1,039 additions and 630 deletions.
diff --git a/canister_ids.json b/canister_ids.json
@@ -1,4 +1,7 @@
 {
+  "counter": {
+    "ic": "tnnnb-2yaaa-aaaab-qaiiq-cai"
+  },
   "docs": {
     "ic": "erxue-5aaaa-aaaab-qaagq-cai"
   }

diff --git a/docs/generated/changelog.html b/docs/generated/changelog.html
@@ -12,6 +12,27 @@ <h1>Agent-JS Changelog</h1>
     <section>
       <h2>Version x.x.x</h2>
       <ul>
+        <ul>
+          <strong>feat!: node signature verification</strong
+          ><br />
+          This feature includes additional changes in support of testing and releasing the feature:
+          <br />
+          <li>Mainnet e2e tests for queries and calls</li>
+          <li>published counter canister</li>
+          <li>
+            New HttpAgent option - verifyQuerySignatures. Defaults to true, but allows you to opt
+            out of verification. Useful for testing against older replica versions
+          </li>
+          <li>Introducing ed25519 logic to agent for validating node signatures</li>
+          <li>Standardizing around @noble/curves instead of tweetnacl in @dfinity/identity</li>
+          <li>
+            new export - hashOfMap from agent, matching the naming used in the interface
+            specification
+          </li>
+          <li>new unit tests</li>
+          <li>new Verify export on ed25519 because why not</li>
+        </ul>
+        <li>Adds support for Uint8Arrays in Principal.from()</li>
         <li>
           chore: increases size limit for agent-js to allow for Ed25519 support for node key
           signature verification

diff --git a/e2e/node/basic/mitm.test.ts b/e2e/node/basic/mitm.test.ts
@@ -19,3 +19,14 @@ mitmTest(
   },
   { timeout: 30000 },
 );
+
+mitmTest('mitm with query verification', async () => {
+  const counter = await createActor('tnnnb-2yaaa-aaaab-qaiiq-cai', {
+    agent: await makeAgent({
+      host: 'http://127.0.0.1:8888',
+      verifyQuerySignatures: true,
+    }),
+  });
+  await expect(counter.greet('counter')).rejects.toThrow(/Invalid certificate/);
+  await expect(counter.queryGreet('counter')).rejects.toThrow(/Invalid certificate/);
+});
diff --git a/e2e/node/utils/agent.ts b/e2e/node/utils/agent.ts
@@ -12,6 +12,8 @@ if (Number.isNaN(port)) {
 export const makeAgent = async (options?: HttpAgentOptions) => {
   const agent = new HttpAgent({
     host: `http://127.0.0.1:${process.env.REPLICA_PORT ?? 4943}`,
+    // TODO - remove this when the dfx replica supports it
+    verifyQuerySignatures: false,
     ...options,
   });
   try {