dfinity · adamspofford-dfinity · Nov 7, 2023 · Sep 29, 2023 · Oct 3, 2023 · Oct 4, 2023
@@ -24,10 +24,11 @@ jobs:
             target
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}-1
 
-      - name: Install wasm-pack
+      - name: Install wasm-pack and chromedriver
         if: ${{ matrix.os == 'ubuntu-latest' }}
         run: |
           curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
+          sudo apt-get install -y chromium-chromedriver
 
       - name: Run Tests
         shell: bash

@@ -8,6 +8,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+* Added node signature certification to query calls, for protection against rogue boundary nodes. This can be disabled with `with_verify_query_signatures`.
+* Added `with_nonce_generation` to `QueryBuilder` for precise cache control.
 * Added `read_subnet_state_raw` to `Agent` and `read_subnet_state` to `Transport` for looking up raw state by subnet ID instead of canister ID.
 * Added `read_state_subnet_metrics` to `Agent` to access subnet metrics, such as total spent cycles.
 * Types passed to the `to_request_id` function can now contain nested structs, signed integers, and externally tagged enums.

@@ -16,7 +16,9 @@ include = ["src", "Cargo.toml", "../LICENSE", "README.md"]
 
 [dependencies]
 backoff = "0.4.0"
+cached = { version = "0.46", features = ["ahash"], default-features = false }
 candid = { workspace = true }
+ed25519-consensus = { version = "2" }
 futures-util = "0.3.21"
 hex = { workspace = true }
 http = "0.2.6"
@@ -29,6 +31,7 @@ leb128 = { workspace = true }
 pkcs8 = { version = "0.10.2", features = ["std"] }
 sec1 = { version = "0.7.2", features = ["pem"] }
 rand = "0.8.5"
+rangemap = "1.4"
 ring = { workspace = true, features = ["std"] }
 serde = { workspace = true, features = ["derive"] }
 serde_bytes = { workspace = true }
@@ -102,6 +105,7 @@ wasm-bindgen = [
     "dep:web-sys",
     "time/wasm-bindgen",
     "backoff/wasm-bindgen",
+    "cached/wasm",
 ]
 
 [package.metadata.docs.rs]

@@ -38,30 +38,47 @@ async function getMock(nonce) {
     });
 }
 
+// Status codes are chosen to avoid being picked up as successes by tests expecting a 404 or 500.
+
 self.addEventListener("fetch", (event) => {
     event.respondWith((async () => {
         try {
             const request = event.request;
             const url = new URL(request.url);
             if (url.host === "mock_configure") {
-                const { method, path, status_code, nonce, body, headers } = await request.json();
-                await setMock({ method, path, status_code, nonce, body, headers, hits: 0 });
+                const nonce = url.pathname.substring(1);
+                const { method, path, status_code, body, headers } = await request.json();
+                const mock = await getMock(nonce) ?? { nonce, routes: [] };
+                mock.routes.push({ method, path, status_code, body, headers, hits: 0 });
+                await setMock(mock);
                 return new Response(null, { status: 204 });
             } else if (url.host === "mock_assert") {
                 const nonce = url.pathname.substring(1);
-                const { hits } = await getMock(nonce);
-                return new Response(hits, { status: 200 });
+                const mock = await getMock(nonce);
+                if (mock === undefined) {
+                    return new Response(`no such mock id ${nonce}`, { status: 421 });
+                }
+                const hitsMap = Object.fromEntries(mock.routes.map(route => [`${route.method} ${route.path}`, route.hits]));
+                return new Response(JSON.stringify(hitsMap), { status: 200, headers: { 'Content-Type': 'application/json' } });
             } else {
                 const nonce = url.host.split('_')[1];
-                const { method, path, status_code, body, headers, hits } = await getMock(nonce);
-                if (request.method !== method) {
-                    return new Response(`expected ${method}, got ${request.method}`, { status: 405 });
+                const mock = await getMock(nonce);
+                if (mock === undefined) {
+                    return new Response(`no such mock id ${nonce}`, { status: 421 });
+                }
+                for (const route of mock.routes) {
+                    if (request.method === route.method && url.pathname === route.path) {
+                        route.hits += 1;
+                        await setMock(mock);
+                        return new Response(Uint8Array.from(route.body), { status: route.status_code, headers: route.headers });
+                    }
                 }
-                if (url.pathname !== path) {
-                    return new Response(`expcted ${path}, got ${url.pathname}`, { status: 404 });
+                const possiblyMeant = mock.routes.find(route => route.path === url.pathname);
+                if (possiblyMeant !== undefined) {
+                    return new Response(`expected ${possiblyMeant.method}, got ${request.method}`, { status: 405 })
+                } else {
+                    return new Response(`expected ${mock.routes.map(route => route.path).join(' | ')}, got ${url.pathname}`, { status: 410 });
                 }
-                await setMock({ method, path, status_code, nonce, body, headers, hits: hits + 1 });
-                return new Response(Uint8Array.from(body), { status: status_code, headers });
             }
         } catch (e) {
             return new Response(e.toString(), { status: 503 });

@@ -12,8 +12,10 @@ pub struct AgentConfig {
     pub identity: Arc<dyn Identity>,
     /// See [`with_ingress_expiry`](super::AgentBuilder::with_ingress_expiry).
     pub ingress_expiry: Option<Duration>,
-    /// The [`with_transport`](super::AgentBuilder::with_transport).
+    /// See [`with_transport`](super::AgentBuilder::with_transport).
     pub transport: Option<Arc<dyn Transport>>,
+    /// See [`verify_query_signatures`](super::AgentBuilder::with_verify_query_signatures).
+    pub verify_query_signatures: bool,
 }
 
 impl Default for AgentConfig {
@@ -23,6 +25,7 @@ impl Default for AgentConfig {
             identity: Arc::new(AnonymousIdentity {}),
             ingress_expiry: None,
             transport: None,
+            verify_query_signatures: true,
         }
     }
 }
@@ -4,6 +4,7 @@ use crate::{agent::status::Status, RequestIdError};
 use ic_certification::Label;
 use ic_transport_types::{InvalidRejectCodeError, RejectResponse};
 use leb128::read;
+use std::time::Duration;
 use std::{
     fmt::{Debug, Display, Formatter},
     str::Utf8Error,
@@ -93,14 +94,26 @@ pub enum AgentError {
     #[error("The request status ({1}) at path {0:?} is invalid.")]
     InvalidRequestStatus(Vec<Label>, String),
 
-    /// The certificate verification failed.
+    /// The certificate verification for a read_state call failed.
     #[error("Certificate verification failed.")]
     CertificateVerificationFailed(),
 
+    /// The signature verification for a query call failed.
+    #[error("Query signature verification failed.")]
+    QuerySignatureVerificationFailed,
+
     /// The certificate contained a delegation that does not include the effective_canister_id in the canister_ranges field.
     #[error("Certificate is not authorized to respond to queries for this canister. While developing: Did you forget to set effective_canister_id?")]
     CertificateNotAuthorized(),
 
+    /// The certificate was older than allowed by the `ingress_expiry`.
+    #[error("Certificate is stale (over {0:?}). Is the computer's clock synchronized?")]
+    CertificateOutdated(Duration),
+
+    /// The query response did not contain any node signatures.
+    #[error("Query response did not contain any node signatures")]
+    MissingSignature,
+
     /// There was a length mismatch between the expected and actual length of the BLS DER-encoded public key.
     #[error(
         r#"BLS DER-encoded public key must be ${expected} bytes long, but is {actual} bytes long."#