feat(credentials): store and processing generic app credentials #1466
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rymnc
added
the
track:rln
Jenkins BuildsClick to see older builds (7)
|
rymnc
added
track:rlnp2p
and removed
track:rln
s1fr0
force-pushed
the
app-credentials
branch
from
287b10a
to
cc75811
Compare
|
Wow! +696 new lines! 😨 I will need a couple of days to review this. Please, let's keep the PR sizes manageable. Smaller PRs will help us be more agile in reviewing and merging code changes. |
rymnc
approved these changes
Feb 6, 2023
LNSD
suggested changes
Feb 6, 2023
waku/v2/utils/credentials.nim
Outdated
| @@ -0,0 +1,401 @@ | |||
| when (NimMajor, NimMinor) < (1, 4): | |||
There was a problem hiding this comment.
I am against adding more stuff under the utils module.
Please, move the utils/keyfile and utils/credentials modules under the waku_rln_relay module given that at this moment it is the only user of this code.
There was a problem hiding this comment.
Agreed to move all keyfile/keystore implementation under a new waku_keystore module in protocol. Done in 082043c
waku/v2/utils/credentials.nim
Outdated
Comment on lines
50
to
67
| type AppKeystore* = object | ||
| application*: string | ||
| appIdentifier*: string | ||
| credentials*: seq[MembershipCredentials] | ||
| version*: string | ||
|
|
||
| type | ||
| AppKeystoreError = enum | ||
| OsError = "keystore error: OS specific error" | ||
| IoError = "keystore error: IO specific error" | ||
| JsonKeyError = "keystore error: fields not present in JSON" | ||
| JsonError = "keystore error: JSON encoder/decoder error" | ||
| KeystoreDoesNotExist = "keystore error: file does not exist" | ||
| CreateKeystoreError = "Error while creating application keystore" | ||
| LoadKeystoreError = "Error while loading application keystore" | ||
| CreateKeyfileError = "Error while creating keyfile for credentials" | ||
| SaveKeyfileError = "Error while saving keyfile for credentials" | ||
| ReadKeyfileError = "Error while reading keyfile for credentials" |
There was a problem hiding this comment.
Could you separate the AppKeystore related code into another module and import and use it here?
waku/v2/utils/credentials.nim
Outdated
Comment on lines
71
to
93
| # Encodes a Membership credential to a byte sequence | ||
| proc encode*(credential: MembershipCredentials): seq[byte] = | ||
| # TODO: use custom encoding, avoid wordy json | ||
| var stringCredential: string | ||
| # NOTE: toUgly appends to the string, doesn't replace its contents | ||
| stringCredential.toUgly(%credential) | ||
| return toBytes(stringCredential) | ||
|
|
||
| # Decodes a byte sequence to a Membership credential | ||
| proc decode*(encodedCredential: seq[byte]): KeystoreResult[MembershipCredentials] = | ||
| # TODO: use custom decoding, avoid wordy json | ||
| try: | ||
| # we parse the json decrypted keystoreCredential | ||
| let jsonObject = parseJson(string.fromBytes(encodedCredential)) | ||
| return ok(to(jsonObject, MembershipCredentials)) | ||
| except JsonParsingError: | ||
| return err(JsonError) | ||
| except Exception: #parseJson raises Exception | ||
| return err(OsError) | ||
|
|
||
| # Checks if a JsonNode has all keys contained in "keys" | ||
| proc hasKeys*(data: JsonNode, keys: openArray[string]): bool = | ||
| return all(keys, proc (key: string): bool = return data.hasKey(key)) |
There was a problem hiding this comment.
All the JSON serialization-related code should be in a separate module. Is that possible?
There was a problem hiding this comment.
Sure. Separated encoding/decoding of keystore relevant data structures from more general "utils". Done in 082043c
LNSD
approved these changes
Feb 8, 2023
This was referenced Feb 8, 2023
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a dynamic keystore for membership credential storage and management. The credentials are thought to be generic membership credentials, i.e. associated to a membership contract and membership Merkle tree, and the implementation is not tied to RLN credentials only.
The keystore JSON schema implemented is the one proposed in #1238 (comment).
In short, a keystore is uniquely identified by an application name, app identifier and version strings. Multiple keystores can co-exist in the same file.
Each keystore can contain none or more Membership credentials. Each Membership Credential contains a unique Identity Credential (made of identity trapdoor, nullifier, secret hash and commitment) and none or more Membership Groups. Each Membership Group contains a Membership contract and a membership tree index position. A Membership Contract contains the chain ID and the membership contract address information.
When a Membership credential is added to a certain keystore:
When one or more credentials are added, the keystore is automatically updated to disk (with a backup mechanism to mitigate credentials loss in case of IO errors).
Membership credentials in a certain keystore can be retrieved by none or more filters. These allow to return:
This PR addresses the issues: