Skip to content

Commit

Permalink
Check for existing dist on dist gpg key
Browse files Browse the repository at this point in the history
  • Loading branch information
ThetaSinner committed Feb 20, 2024
1 parent 77effa2 commit 3c14b78
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion dnas/trusted/zomes/coordinator/trusted/src/gpg_key_dist.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ pub fn distribute_gpg_key(request: DistributeGpgKeyRequest) -> ExternResult<Reco

let summary = PublicKeySummary::try_from_public_key(&public_key)?;

// Check that we haven't already distributed this key, that would never be valid and will be checked by our peers.
let has_key = get_my_keys(())?
.iter()
.any(|record| match record.entry.as_option() {
Expand All @@ -23,13 +24,22 @@ pub fn distribute_gpg_key(request: DistributeGpgKeyRequest) -> ExternResult<Reco
}
_ => false,
});

if has_key {
return Err(wasm_error!(WasmErrorInner::Guest(
"You have already distributed this key".to_string()
)));
}

// Just a point in time check, somebody could distribute this key using other code or we might just not have seen it yet.
// While this isn't an integrity guarantee, it might help out a somebody who is trying to distribute a key and hasn't realised they're using a different agent key than
// they originally distributed the key with.
let other_has_key = get_links(GetLinksInputBuilder::try_new(make_base_hash(summary.fingerprint.clone())?, LinkTypes::FingerprintToGpgKeyDist)?.build())?;
if !other_has_key.is_empty() {
return Err(wasm_error!(WasmErrorInner::Guest(
"This key has already been distributed by somebody else".to_string()
)));
}

let gpg_key_dist_hash = create_entry(&EntryTypes::GpgKeyDist(GpgKeyDist {
public_key: request.public_key.trim().to_string(),
fingerprint: summary.fingerprint.clone(),
Expand Down

0 comments on commit 3c14b78

Please sign in to comment.