No funded issue found.
Check out the Issue Explorer
Be the OSS Funding you wish to see in the world.
Looking to fund some work? You can submit a new Funded Issue here .
Time left
Opened
Issue Type
Workers Auto Approve
Project Type
Time Commitment
Experience Level
Permissions
Accepted
Reserved For
Add Invalid Signature Test Cases
centrifuge
Dockerfile
This ticket is to implement three testcases with our [`testworld` p2p simulation frame work](https://github.com/centrifuge/go-centrifuge/tree/develop/testworld).
Refer `testworld/README.md` for env setup and a small guide on how to run. `testworld/park_test.go` is a good starting point for any other tests you define. Copy it and define a file called `signature_test.go` for your tests.
In order to make sure that Eves internal signing key changes don't affect the scenario results define all the scenarios in one test function or make sure that all three scenarios are run in a certain sequence.
## 1. Eve creates a document with Bob but adds a signature that is not from her own identity and sends it to Bob.
### Suggested implementation
- DO NOT use existing hosts for this test as mutating existing hosts behaviour would cause problems for other tests. Define a new host using `hostConfig` global in `park.go`. You could call this host `Eve`. Note that you only need to add a single line like `{"Eve", 8088, 38208, false},` to this variable to create a new host the next time a test runs.
- For this scenario you need to build a small utility so that you can easily mock a signature in a hosts p2p layer. The utility must be defined in the `host` struct in `park.go`. The utility should extract the `bootstrap.BootstrappedPeer` key from `bootstrappedCtx` struct field. This gives access to `p2p/peer` struct in go-centrifuge.
- Then the util should give the `host` access to call `client.GetSignaturesForDocument` method which exposes the necessary interface to fake a signature and call Bob.
## 2. Eve creates a document with Bob but uses a revoked signing key for her signature and sends it to Bob
### Suggested implementation
- You can use `Eve` defined above for this case as well.
- For this scenario we need to first make sure that `Eve`s signing key is expired first. In order to do this you first need to define a function(`RevokeKey(ctx context.Context, key []byte)`) on `identity/ethid/ethereumIdentity` struct and implement it.
- Then in order to invoke this function in Testworld you need to again build a utility in the `host` struct in `park.go`. The utility must use `identity` field on the host to call `RevokeKey` function above.
- Once done with above we can follow the same procedure as previous scenario to send a document to Bob signed with this revoked key.
## 3. Bob creates a document with Eve and Eve signs it with a key that is revoked
### Suggested implementation
- You can use `Eve` defined above for this case as well.
- This scenario can be implemented so that Bob sends the document to Eve after her signing key is revoked in the above scenario.
## Acceptance criteria for all scenarios
- The test should verify that Bob returns an error from `documents/signaturesValidator`
This issue has a gitcoin bounty attached to it. If you'd like to start working on it, feel free to reach out to me (lucas@centrifuge.io) directly, join our slack channel #bounties on our [slack](
https://join.slack.com/t/centrifuge-io/shared_invite/enQtNDk1MzkwODM4OTgxLWRlNTU4NDQzOWIwYWEzNGRhN2UzMzQwNThjZjI0ZmIxMTU4NmQwMjc2ZDBkOTEyNWJhMjE4MzA2NTE5MWU1NWE).
Setup your profile
Tell us a little about you:
Skills
No results found for [[search]] .
Type to search skills..
Bio Required
[[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Next
Setup your profile
Our tools are based on the principles of earn (π°), learn (π), and meet (π¬).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Back
Next
Save
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email:
Email
Back
Save
