From 3c14b780af0116f19ac4e59e13fdd6a152ef93dd Mon Sep 17 00:00:00 2001 From: ThetaSinner Date: Tue, 20 Feb 2024 01:28:00 +0000 Subject: [PATCH] Check for existing dist on dist gpg key --- .../zomes/coordinator/trusted/src/gpg_key_dist.rs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/dnas/trusted/zomes/coordinator/trusted/src/gpg_key_dist.rs b/dnas/trusted/zomes/coordinator/trusted/src/gpg_key_dist.rs index e3be1d9..cbc021c 100644 --- a/dnas/trusted/zomes/coordinator/trusted/src/gpg_key_dist.rs +++ b/dnas/trusted/zomes/coordinator/trusted/src/gpg_key_dist.rs @@ -14,6 +14,7 @@ pub fn distribute_gpg_key(request: DistributeGpgKeyRequest) -> ExternResult ExternResult false, }); - if has_key { return Err(wasm_error!(WasmErrorInner::Guest( "You have already distributed this key".to_string() ))); } + // Just a point in time check, somebody could distribute this key using other code or we might just not have seen it yet. + // While this isn't an integrity guarantee, it might help out a somebody who is trying to distribute a key and hasn't realised they're using a different agent key than + // they originally distributed the key with. + let other_has_key = get_links(GetLinksInputBuilder::try_new(make_base_hash(summary.fingerprint.clone())?, LinkTypes::FingerprintToGpgKeyDist)?.build())?; + if !other_has_key.is_empty() { + return Err(wasm_error!(WasmErrorInner::Guest( + "This key has already been distributed by somebody else".to_string() + ))); + } + let gpg_key_dist_hash = create_entry(&EntryTypes::GpgKeyDist(GpgKeyDist { public_key: request.public_key.trim().to_string(), fingerprint: summary.fingerprint.clone(),