mirror of
https://github.com/ipfs/kubo.git
synced 2026-02-22 02:47:48 +08:00
105 lines
3.5 KiB
Go
105 lines
3.5 KiB
Go
package namesys
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
pb "github.com/ipfs/go-ipfs/namesys/pb"
|
|
pstore "gx/ipfs/QmXauCuJzmzapetmC6W4TuDJLL1yFFrVzSHoWv8YdbmnxH/go-libp2p-peerstore"
|
|
peer "gx/ipfs/QmZoWKhxUmZ2seW4BzX6fJkNR8hh9PsGModr7q171yq2SS/go-libp2p-peer"
|
|
|
|
u "gx/ipfs/QmNiJuT8Ja3hMVpBHXv3Q6dwmperaQ6JjLtpMQgMCD7xvx/go-ipfs-util"
|
|
record "gx/ipfs/QmUpttFinNDmNPgFwKN8sZK6BUtBmA68Y4KdSBDXa8t9sJ/go-libp2p-record"
|
|
proto "gx/ipfs/QmZ4Qi3GaRbjcx28Sme5eMH7RQjGkt8wHxt2a65oLaeFEV/gogo-protobuf/proto"
|
|
)
|
|
|
|
// ErrExpiredRecord should be returned when an ipns record is
|
|
// invalid due to being too old
|
|
var ErrExpiredRecord = errors.New("expired record")
|
|
|
|
// ErrUnrecognizedValidity is returned when an IpnsRecord has an
|
|
// unknown validity type.
|
|
var ErrUnrecognizedValidity = errors.New("unrecognized validity type")
|
|
|
|
// ErrInvalidPath should be returned when an ipns record path
|
|
// is not in a valid format
|
|
var ErrInvalidPath = errors.New("record path invalid")
|
|
|
|
// ErrSignature should be returned when an ipns record fails
|
|
// signature verification
|
|
var ErrSignature = errors.New("record signature verification failed")
|
|
|
|
// ErrBadRecord should be returned when an ipns record cannot be unmarshalled
|
|
var ErrBadRecord = errors.New("record could not be unmarshalled")
|
|
|
|
// ErrKeyFormat should be returned when an ipns record key is
|
|
// incorrectly formatted (not a peer ID)
|
|
var ErrKeyFormat = errors.New("record key could not be parsed into peer ID")
|
|
|
|
// ErrPublicKeyNotFound should be returned when the public key
|
|
// corresponding to the ipns record path cannot be retrieved
|
|
// from the peer store
|
|
var ErrPublicKeyNotFound = errors.New("public key not found in peer store")
|
|
|
|
// NewIpnsRecordValidator returns a ValidChecker for IPNS records.
|
|
// The validator function will get a public key from the KeyBook
|
|
// to verify the record's signature. Note that the public key must
|
|
// already have been fetched from the network and put into the KeyBook
|
|
// by the caller.
|
|
func NewIpnsRecordValidator(kbook pstore.KeyBook) *record.ValidChecker {
|
|
// ValidateIpnsRecord implements ValidatorFunc and verifies that the
|
|
// given record's value is an IpnsEntry, that the entry has been correctly
|
|
// signed, and that the entry has not expired
|
|
ValidateIpnsRecord := func(r *record.ValidationRecord) error {
|
|
if r.Namespace != "ipns" {
|
|
return ErrInvalidPath
|
|
}
|
|
|
|
// Parse the value into an IpnsEntry
|
|
entry := new(pb.IpnsEntry)
|
|
err := proto.Unmarshal(r.Value, entry)
|
|
if err != nil {
|
|
return ErrBadRecord
|
|
}
|
|
|
|
// Get the public key defined by the ipns path
|
|
pid, err := peer.IDFromString(r.Key)
|
|
if err != nil {
|
|
log.Debugf("failed to parse ipns record key %s into peer ID", r.Key)
|
|
return ErrKeyFormat
|
|
}
|
|
pubk := kbook.PubKey(pid)
|
|
if pubk == nil {
|
|
log.Debugf("public key with hash %s not found in peer store", pid)
|
|
return ErrPublicKeyNotFound
|
|
}
|
|
|
|
// Check the ipns record signature with the public key
|
|
if ok, err := pubk.Verify(ipnsEntryDataForSig(entry), entry.GetSignature()); err != nil || !ok {
|
|
log.Debugf("failed to verify signature for ipns record %s", r.Key)
|
|
return ErrSignature
|
|
}
|
|
|
|
// Check that record has not expired
|
|
switch entry.GetValidityType() {
|
|
case pb.IpnsEntry_EOL:
|
|
t, err := u.ParseRFC3339(string(entry.GetValidity()))
|
|
if err != nil {
|
|
log.Debugf("failed parsing time for ipns record EOL in record %s", r.Key)
|
|
return err
|
|
}
|
|
if time.Now().After(t) {
|
|
return ErrExpiredRecord
|
|
}
|
|
default:
|
|
return ErrUnrecognizedValidity
|
|
}
|
|
return nil
|
|
}
|
|
|
|
return &record.ValidChecker{
|
|
Func: ValidateIpnsRecord,
|
|
Sign: false,
|
|
}
|
|
}
|