guardian logic that supports zk login #70
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
guardianApprove verify operate details
Release/1.17.0
stevenportkey
requested changes
Jul 5, 2024
Comment on lines
418
to
452
| public override Empty AddJwtIssuer(/*GuardianType guardianType, */StringValue input) | ||
| { | ||
| Assert(input != null, "Invalid Issuer."); | ||
| Assert(!input.Equals(State.JwtIssuers[GuardianType.OfGoogle]), "Google jwt issuer exists"); | ||
| State.JwtIssuers[GuardianType.OfGoogle] = input.Value; | ||
| return new Empty(); | ||
| } | ||
|
|
||
| public override Empty AddVerifyingKey(VerifyingKey input) | ||
| { | ||
| Assert(input != null, "Invalid verifying key."); | ||
| Assert(!string.IsNullOrEmpty(input.CircuitId), "circuitId is required."); | ||
| Assert(!string.IsNullOrEmpty(input.VerifyingKey_), "verifying key is required."); | ||
| State.CircuitIdToVerifyingKey[input.CircuitId] = input; | ||
| return base.AddVerifyingKey(input); | ||
| } | ||
|
|
||
| public override BoolValue IsValidIssuer(/*GuardianType guardianType, */StringValue input) | ||
| { | ||
| Assert(input != null, "Invalid verifying key."); | ||
| Assert(State.JwtIssuers[GuardianType.OfGoogle] != null | ||
| || State.JwtIssuers[GuardianType.OfApple] != null | ||
| || State.JwtIssuers[GuardianType.OfFacebook] != null, "verifying key doesn't exist."); | ||
| return new BoolValue | ||
| { | ||
| Value = true//State.JwtIssuers[guardianType].Equals(input) | ||
| }; | ||
| } | ||
|
|
||
| public override VerifyingKey GetVerifyingKey(StringValue input) | ||
| { | ||
| Assert(input != null, "Invalid circuitId."); | ||
| Assert(State.CircuitIdToVerifyingKey[input.Value] != null, "circuitId not exist"); | ||
| return State.CircuitIdToVerifyingKey[input.Value]; | ||
| } |
There was a problem hiding this comment.
These are different group of methods. Please move them into a separate file.
Comment on lines
454
to
485
| public override Empty StartOracleRequest(StartOracleRequestInput input) | ||
| { | ||
| Assert(input != null, "Invalid input."); | ||
| Assert(input.SubscriptionId > 0, "Invalid input subscription id."); | ||
| Assert(input.RequestTypeIndex > 0, "Invalid request type index."); | ||
|
|
||
| State.OracleContract.SendRequest.Send(new SendRequestInput | ||
| { | ||
| SubscriptionId = input.SubscriptionId, | ||
| RequestTypeIndex = input.RequestTypeIndex, | ||
| SpecificData = input.SpecificData | ||
| }); | ||
|
|
||
| return new Empty(); | ||
| } | ||
|
|
||
| public override Empty HandleOracleFulfillment(HandleOracleFulfillmentInput input) | ||
| { | ||
| Assert(input != null, "Invalid input."); | ||
| // Assert(IsHashValid(input.RequestId), "Invalid input request id."); | ||
| Assert(input.RequestTypeIndex > 0, "Invalid request type index."); | ||
| Assert(!input.Response.IsNullOrEmpty() || !input.Err.IsNullOrEmpty(), "Invalid input response or err."); | ||
| GoogleResponse reponse = JsonConvert.DeserializeObject<GoogleResponse>(System.Text.Encoding.UTF8.GetString(input.Response.ToByteArray())); | ||
| Assert(reponse != null, "Invalid input."); | ||
| //todo aetherlink can't differentiate apple/google/facebook | ||
| foreach (var googleKeyDto in reponse.Keys) | ||
| { | ||
| State.KidToPublicKey[GuardianType.OfGoogle][googleKeyDto.Kid] = googleKeyDto.N; | ||
| } | ||
|
|
||
| return new Empty(); | ||
| } |
There was a problem hiding this comment.
These are different group of methods. Please move them into a separate file.
Comment on lines
508
to
521
| internal class GoogleResponse | ||
| { | ||
| public List<GoogleKeyDto> Keys { get; set; } | ||
| } | ||
|
|
||
| internal class GoogleKeyDto | ||
| { | ||
| public string N { get; set; } | ||
| public string Kid { get; set; } | ||
| public string E { get; set; } | ||
| public string Alg { get; set; } | ||
| public string Kty { get; set; } | ||
| public string Use { get; set; } | ||
| } |
| public List<GoogleKeyDto> Keys { get; set; } | ||
| } | ||
|
|
||
| internal class GoogleKeyDto |
There was a problem hiding this comment.
This is not specific to Google. Other providers follow the same.
protobuf/ca_contract.proto
Outdated
| @@ -237,13 +272,57 @@ message GuardianInfo { | |||
| GuardianType type = 1; | |||
| aelf.Hash identifier_hash = 2; | |||
| VerificationInfo verification_info = 3; | |||
| ZkJwtAuthInfo zk_oidc_info = 4; | |||
There was a problem hiding this comment.
Suggested change
| ZkJwtAuthInfo zk_oidc_info = 4; | |
| ZkLoginInfo zk_login_info = 4; |
| @@ -162,13 +198,70 @@ public override Empty ReportPreCrossChainSyncHolderInfo(ReportPreCrossChainSyncH | |||
|
|
|||
| return new Empty(); | |||
| } | |||
|
|
|||
| private bool CreateCaHolderInfoWithCaHashAndCreateChainIdForZkLogin(ManagerInfo managerInfo, GuardianInfo guardianApproved, | |||
There was a problem hiding this comment.
NoncePayload needs to be checked again actual operation taken in current transaction, e.g. AddManager for CreateCAHolder.
Comment on lines
97
to
120
| private byte[] Decode(string input) | ||
| { | ||
| if (input.IsNullOrEmpty()) | ||
| throw new ArgumentException(nameof(input)); | ||
|
|
||
| var output = input; | ||
| output = output.Replace('-', '+'); // 62nd char of encoding | ||
| output = output.Replace('_', '/'); // 63rd char of encoding | ||
| switch (output.Length % 4) // Pad with trailing '='s | ||
| { | ||
| case 0: | ||
| break; // No pad chars in this case | ||
| case 2: | ||
| output += "=="; | ||
| break; // Two pad chars | ||
| case 3: | ||
| output += "="; | ||
| break; // One pad char | ||
| default: | ||
| throw new FormatException("Illegal base64url string."); | ||
| } | ||
| var converted = Convert.FromBase64String(output); // Standard base64 decoder | ||
| return converted; | ||
| } |
Comment on lines
385
to
388
| if (CanVerifyWithZkLogin(guardianInfo)) | ||
| { | ||
| continue; | ||
| } |
There was a problem hiding this comment.
Now we only implemented logics for CAHolder creation. What about other scenarios where Guardian approval is needed?
…acontract need add zk definitions,verifiers logic should be tested by qa
…hash when verifying zk
Edward-BXS
force-pushed
the
feature/zklogin
branch
from
c0cc42e to
0a21aa4
Compare
Open
Feature/add workflows
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.