Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: fetch node keys from subnet certificate #776

Merged
merged 8 commits into from
Sep 29, 2023

Conversation

krpeacock
Copy link
Contributor

@krpeacock krpeacock commented Sep 28, 2023

Description

Adds support for pulling subnet ID and node public keys out of a Certificate, and making them available for the subnet path in CanisterStatus.

Involves some refactoring of certificate decoding, so we introduce lookupResultToBuffer to constrain the Cert.lookup method to its existing return types. This means that a HashTree with type empty will be returned as undefined, preserving existing behavior. However, the lookup_path function will now return HashTrees.

This will support the upcoming certified queries feature

Fixes # (issue)

How Has This Been Tested?

new tests, including fresh certificates from application and system subnets on local and mainnet, on dfx 0.15.0

Checklist:

  • My changes follow the guidelines in CONTRIBUTING.md.
  • The title of this PR complies with Conventional Commits.
  • I have edited the CHANGELOG accordingly.
  • I have made corresponding changes to the documentation.

@krpeacock krpeacock requested a review from a team as a code owner September 28, 2023 22:01
@krpeacock krpeacock changed the title Kyle/sdk 1214 fetch node keys feat: fetch node keys from subnet certificate Sep 28, 2023
@krpeacock krpeacock marked this pull request as draft September 28, 2023 22:31
@github-actions
Copy link
Contributor

github-actions bot commented Sep 28, 2023

size-limit report 📦

Path Size
@dfinity/agent 88.16 KB (+0.84% 🔺)
@dfinity/candid 13.58 KB (0%)
@dfinity/principal 5.2 KB (0%)
@dfinity/auth-client 92.63 KB (+0.03% 🔺)
@dfinity/assets 90.6 KB (+0.66% 🔺)
@dfinity/identity 89.91 KB (+0.04% 🔺)
@dfinity/identity-secp256k1 233.43 KB (+0.37% 🔺)

@krpeacock krpeacock marked this pull request as ready for review September 29, 2023 17:51
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these like the golden tickets in willy wonka?

| [NodeId.Labeled, ArrayBuffer, HashTree]
| [NodeId.Leaf, ArrayBuffer]
| [NodeId.Pruned, ArrayBuffer];
| [typeof NodeId.Empty]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how did this not produce a type error before?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The JS agent's decoding logic simply didn't cover this case. The /subnet path never decoded correctly.

At some point, the entire certificate ought to be re-written, modeled after the rust library for comprehensiveness

const label = labelToString(tree[1]);
const sub = hashTreeToString(tree[2]);
return `label(\n label:\n${indent(label)}\n sub:\n${indent(sub)}\n)`;
if (tree[1] instanceof ArrayBuffer && tree[2] instanceof ArrayBuffer) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some links to the spec as a comment would be helpful here imo

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This entire utility function doesn't seem to work and it has no tests. I only modified it in order to make it type safe with the other lookup changes

Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Nice work @krpeacock 👍

@krpeacock krpeacock merged commit 62ba61b into main Sep 29, 2023
78 checks passed
@krpeacock krpeacock deleted the kyle/SDK-1214-fetch-node-keys branch September 29, 2023 18:18
@@ -98,7 +110,24 @@ export const request = async (options: {
canisterId: canisterId,
});

const data = cert.lookup(encodePath(uniquePaths[index], canisterId));
response.certificate;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a leftover?

const nodeForks = flatten_forks(nodeTree as HashTree) as HashTree[];
nodeForks.length;

this.#nodeKeys = nodeForks.map(fork => {
Copy link
Collaborator

@ShuoWangNSL ShuoWangNSL Oct 3, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here nodeKeys is an array of public keys.
When we verify the node signature, we know the node id and would like to find the corresponding public. For this purpose, should nodeKeys be a map from node id to public key?

In the code below, I think <node_id> is fork[1], which is ArrayBuffer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants