Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A new grant message should be generated when a credential is presented #12

Open
nkongsuwan opened this issue Nov 4, 2024 · 1 comment
Open

A new grant message should be generated when a credential is presented #12

nkongsuwan opened this issue Nov 4, 2024 · 1 comment

Comments

@nkongsuwan
Copy link
Collaborator

nkongsuwan commented Nov 4, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
Currently, when a credential is presented, the timestamp for the grant message is taken from the credential's issuance datetime credResult.acdc.ked?.a?.dt. As a result, identical grant messages are generated for every presentation of the credential. This potentially makes Origin susceptible to a reply attack.

This is a function I took from the Chrome DevTools.

export async function multisigGrantCredential(
  client: SignifyClient,
  groupName: string,
  memberName: string,
  recipientPrefix: string,
  credResult: IssueCredentialResult
) {
  const mHab = await client.identifiers().get(memberName)
  const gHab = await client.identifiers().get(groupName)
  const members = await client.identifiers().members(groupName)

  const [grant, gsigs, end] = await client.ipex().grant({
    senderName: groupName,
    recipient: recipientPrefix,
    datetime: credResult.acdc.ked?.a?.dt,
    acdc: credResult.acdc,
    anc: credResult.anc,
    iss: credResult.iss
  })

  await client
    .ipex()
    .submitGrant(groupName, grant, gsigs, end, [recipientPrefix])

  let mstate = gHab['state']
  let sner = new CesrNumber({}, undefined, mstate['ee']['s'])
  let seal = [
    'SealEvent',
    { i: gHab['prefix'], s: sner.num, d: mstate['ee']['d'] }
  ]
  let sigers = gsigs.map((sig: any) => new signify.Siger({ qb64: sig }))
  let ims = signify.d(signify.messagize(grant, sigers, seal))
  let atc = ims.substring(grant.size)
  atc += end
  let gembeds = {
    exn: [grant, atc]
  }

  const recipients = members.signing
    .map((m: { aid: string }) => m.aid)
    .filter((aid: string) => aid !== mHab.prefix)

  if (recipients.length > 0) {
    consoleLog(
      `Sending join grant credential exn message to other members : `,
      recipients
    )

    await client
      .exchanges()
      .send(
        mHab.name,
        'multisig',
        mHab,
        '/multisig/exn',
        { gid: gHab['prefix'] },
        gembeds,
        recipients
      )
  }
}

Describe the solution you'd like
When a credential is presented, a current datetime should be used when the "Present" button is clicked. This datetime must also be propagated to and used by other multisig members (if any) in the notification.
@dhh1128
Copy link
Member

dhh1128 commented Nov 4, 2024

[from twin in jira]
This issue is being tracked in jira at https://eipi.atlassian.net/browse/DF-2565.
To send new comments there, start them with 'Tell jira:'.
The issue is assigned in jira to Cal Warshaw.
As of 2024-11-04T07:23Z, the status of the issue in jira is 'to do'.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dhh1128 @nkongsuwan