From 6e1ebde9a1ca7703ef2f65decd85e4a2f1f867c8 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Thu, 16 Mar 2023 14:25:12 +0000 Subject: [PATCH 01/12] move checking valid user shielding key into pallet extrinsics: create_identity, verify_identity, remove_identity. --- tee-worker/app-libs/stf/src/trusted_call.rs | 89 ++++++++----------- .../pallets/identity-management/src/lib.rs | 6 ++ 2 files changed, 43 insertions(+), 52 deletions(-) diff --git a/tee-worker/app-libs/stf/src/trusted_call.rs b/tee-worker/app-libs/stf/src/trusted_call.rs index 3910e60ed7..97de088fa5 100644 --- a/tee-worker/app-libs/stf/src/trusted_call.rs +++ b/tee-worker/app-libs/stf/src/trusted_call.rs @@ -495,24 +495,19 @@ where ) { Ok(code) => { debug!("create_identity_runtime {} OK", account_id_to_string(&who)); - if let Some(key) = IdentityManagement::user_shielding_keys(&who) { - let id_graph = - ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); - calls.push(OpaqueCall::from_tuple(&( - node_metadata_repo - .get_from_metadata(|m| m.identity_created_call_indexes())??, - SgxParentchainTypeConverter::convert(who), - aes_encrypt_default(&key, &identity.encode()), - aes_encrypt_default(&key, &code.encode()), - aes_encrypt_default(&key, &id_graph.encode()), - ))); - } else { - add_call_from_imp_error( - calls, - node_metadata_repo, - IMPError::InvalidUserShieldingKey, - ); - } + // For sure to get key here. It's already checked in pallet: + // ita_sgx_runtime::IdentityManagementCall::::create_identity + let key = IdentityManagement::user_shielding_keys(&who).unwrap(); + let id_graph = + ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); + calls.push(OpaqueCall::from_tuple(&( + node_metadata_repo + .get_from_metadata(|m| m.identity_created_call_indexes())??, + SgxParentchainTypeConverter::convert(who), + aes_encrypt_default(&key, &identity.encode()), + aes_encrypt_default(&key, &code.encode()), + aes_encrypt_default(&key, &id_graph.encode()), + ))); }, Err(e) => { debug!( @@ -535,23 +530,18 @@ where { Ok(()) => { debug!("remove_identity_runtime {} OK", account_id_to_string(&who)); - if let Some(key) = IdentityManagement::user_shielding_keys(&who) { - let id_graph = - ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); - calls.push(OpaqueCall::from_tuple(&( - node_metadata_repo - .get_from_metadata(|m| m.identity_removed_call_indexes())??, - SgxParentchainTypeConverter::convert(who), - aes_encrypt_default(&key, &identity.encode()), - aes_encrypt_default(&key, &id_graph.encode()), - ))); - } else { - add_call_from_imp_error( - calls, - node_metadata_repo, - IMPError::InvalidUserShieldingKey, - ); - } + // For sure to get key here. It's already checked in pallet: + // ita_sgx_runtime::IdentityManagementCall::::remove_identity + let key = IdentityManagement::user_shielding_keys(&who).unwrap(); + let id_graph = + ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); + calls.push(OpaqueCall::from_tuple(&( + node_metadata_repo + .get_from_metadata(|m| m.identity_removed_call_indexes())??, + SgxParentchainTypeConverter::convert(who), + aes_encrypt_default(&key, &identity.encode()), + aes_encrypt_default(&key, &id_graph.encode()), + ))); }, Err(e) => { debug!( @@ -599,23 +589,18 @@ where ) { Ok(()) => { debug!("verify_identity_runtime {} OK", account_id_to_string(&who)); - if let Some(key) = IdentityManagement::user_shielding_keys(&who) { - let id_graph = - ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); - calls.push(OpaqueCall::from_tuple(&( - node_metadata_repo - .get_from_metadata(|m| m.identity_verified_call_indexes())??, - SgxParentchainTypeConverter::convert(who), - aes_encrypt_default(&key, &identity.encode()), - aes_encrypt_default(&key, &id_graph.encode()), - ))); - } else { - add_call_from_imp_error( - calls, - node_metadata_repo, - IMPError::InvalidUserShieldingKey, - ); - } + // For sure to get key here. It's already checked in pallet: + // ita_sgx_runtime::IdentityManagementCall::::verify_identity + let key = IdentityManagement::user_shielding_keys(&who).unwrap(); + let id_graph = + ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); + calls.push(OpaqueCall::from_tuple(&( + node_metadata_repo + .get_from_metadata(|m| m.identity_verified_call_indexes())??, + SgxParentchainTypeConverter::convert(who), + aes_encrypt_default(&key, &identity.encode()), + aes_encrypt_default(&key, &id_graph.encode()), + ))); }, Err(e) => { debug!( diff --git a/tee-worker/litentry/pallets/identity-management/src/lib.rs b/tee-worker/litentry/pallets/identity-management/src/lib.rs index 41166680d5..2e71b83599 100644 --- a/tee-worker/litentry/pallets/identity-management/src/lib.rs +++ b/tee-worker/litentry/pallets/identity-management/src/lib.rs @@ -93,6 +93,8 @@ pub mod pallet { pub enum Error { /// challenge code doesn't exist ChallengeCodeNotExist, + /// Invalid user shielding Key + InvalidUserShieldingKey, /// the pair (litentry-account, identity) already verified when creating an identity IdentityAlreadyVerified, /// the pair (litentry-account, identity) doesn't exist @@ -200,6 +202,8 @@ pub mod pallet { parent_ss58_prefix: u16, ) -> DispatchResult { T::ManageOrigin::ensure_origin(origin)?; + ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey ); + if let Some(c) = IDGraphs::::get(&who, &identity) { ensure!( !(c.is_verified && c.creation_request_block != Some(0)), @@ -250,6 +254,7 @@ pub mod pallet { identity: Identity, ) -> DispatchResult { T::ManageOrigin::ensure_origin(origin)?; + ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey ); ensure!(IDGraphs::::contains_key(&who, &identity), Error::::IdentityNotExist); if let Some(IdentityContext:: { metadata, @@ -281,6 +286,7 @@ pub mod pallet { verification_request_block: ParentchainBlockNumber, ) -> DispatchResult { T::ManageOrigin::ensure_origin(origin)?; + ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey ); IDGraphs::::try_mutate(&who, &identity, |context| -> DispatchResult { let mut c = context.take().ok_or(Error::::IdentityNotExist)?; From b495baaf557e33df0f5a10676d68f0c9b5a592f4 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Thu, 16 Mar 2023 16:19:33 +0000 Subject: [PATCH 02/12] pass the unit test --- .../pallets/identity-management/src/lib.rs | 6 +-- .../pallets/identity-management/src/tests.rs | 43 ++++++++++++++++++- 2 files changed, 45 insertions(+), 4 deletions(-) diff --git a/tee-worker/litentry/pallets/identity-management/src/lib.rs b/tee-worker/litentry/pallets/identity-management/src/lib.rs index 2e71b83599..1587554897 100644 --- a/tee-worker/litentry/pallets/identity-management/src/lib.rs +++ b/tee-worker/litentry/pallets/identity-management/src/lib.rs @@ -202,7 +202,7 @@ pub mod pallet { parent_ss58_prefix: u16, ) -> DispatchResult { T::ManageOrigin::ensure_origin(origin)?; - ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey ); + ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey); if let Some(c) = IDGraphs::::get(&who, &identity) { ensure!( @@ -254,7 +254,7 @@ pub mod pallet { identity: Identity, ) -> DispatchResult { T::ManageOrigin::ensure_origin(origin)?; - ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey ); + ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey); ensure!(IDGraphs::::contains_key(&who, &identity), Error::::IdentityNotExist); if let Some(IdentityContext:: { metadata, @@ -286,7 +286,7 @@ pub mod pallet { verification_request_block: ParentchainBlockNumber, ) -> DispatchResult { T::ManageOrigin::ensure_origin(origin)?; - ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey ); + ensure!(Self::user_shielding_keys(&who).is_some(), Error::::InvalidUserShieldingKey); IDGraphs::::try_mutate(&who, &identity, |context| -> DispatchResult { let mut c = context.take().ok_or(Error::::IdentityNotExist)?; diff --git a/tee-worker/litentry/pallets/identity-management/src/tests.rs b/tee-worker/litentry/pallets/identity-management/src/tests.rs index 4b918c698f..090714a2dd 100644 --- a/tee-worker/litentry/pallets/identity-management/src/tests.rs +++ b/tee-worker/litentry/pallets/identity-management/src/tests.rs @@ -18,7 +18,7 @@ use crate::{ identity_context::IdentityContext, mock::*, Error, MetadataOf, ParentchainBlockNumber, UserShieldingKeyType, }; -use frame_support::{assert_err, assert_noop, assert_ok}; +use frame_support::{assert_noop, assert_ok}; use litentry_primitives::{Identity, IdentityString, Web2Network, USER_SHIELDING_KEY_LEN}; use sp_runtime::AccountId32; @@ -46,6 +46,13 @@ fn set_user_shielding_key_works() { #[test] fn create_identity_works() { new_test_ext().execute_with(|| { + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); + let ss58_prefix = 131_u16; let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); assert_ok!(IMT::create_identity( @@ -71,6 +78,13 @@ fn create_identity_works() { #[test] fn remove_identity_works() { new_test_ext().execute_with(|| { + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); + let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_noop!( @@ -115,6 +129,13 @@ fn remove_identity_works() { #[test] fn verify_identity_works() { new_test_ext().execute_with(|| { + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); + let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -146,6 +167,13 @@ fn verify_identity_works() { #[test] fn get_id_graph_works() { new_test_ext().execute_with(|| { + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); + let metadata3: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -195,6 +223,13 @@ fn verify_identity_fails_when_too_early() { const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 2; const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 1; + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); + let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -232,6 +267,12 @@ fn verify_identity_fails_when_too_late() { const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 1; const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 5; + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( From 02dbc2208ebf06dd3ca7d84c18a47e0a39c6e2aa Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Thu, 16 Mar 2023 19:19:41 +0000 Subject: [PATCH 03/12] update ts test --- tee-worker/ts-tests/identity.test.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tee-worker/ts-tests/identity.test.ts b/tee-worker/ts-tests/identity.test.ts index 143d2dfe0b..d66957577f 100644 --- a/tee-worker/ts-tests/identity.test.ts +++ b/tee-worker/ts-tests/identity.test.ts @@ -374,6 +374,8 @@ describeLitentry('Test Identity', (context) => { }); //remove a challenge code before the code is set + const bob = await setUserShieldingKey(context, context.defaultSigner[2], aesKey, true); + assert.equal(bob, u8aToHex(context.defaultSigner[2].addressRaw), 'check caller error'); const resp_not_created_identities = (await removeErrorIdentities(context, context.defaultSigner[2], true, [ twitterIdentity, ethereumIdentity, From 23bb59abe9eaf5525ed5c227836f24149d8aa6dc Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Fri, 17 Mar 2023 15:20:43 +0000 Subject: [PATCH 04/12] revert back checking user shielding key --- tee-worker/app-libs/stf/src/trusted_call.rs | 89 ++++++++++++--------- 1 file changed, 52 insertions(+), 37 deletions(-) diff --git a/tee-worker/app-libs/stf/src/trusted_call.rs b/tee-worker/app-libs/stf/src/trusted_call.rs index 97de088fa5..3910e60ed7 100644 --- a/tee-worker/app-libs/stf/src/trusted_call.rs +++ b/tee-worker/app-libs/stf/src/trusted_call.rs @@ -495,19 +495,24 @@ where ) { Ok(code) => { debug!("create_identity_runtime {} OK", account_id_to_string(&who)); - // For sure to get key here. It's already checked in pallet: - // ita_sgx_runtime::IdentityManagementCall::::create_identity - let key = IdentityManagement::user_shielding_keys(&who).unwrap(); - let id_graph = - ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); - calls.push(OpaqueCall::from_tuple(&( - node_metadata_repo - .get_from_metadata(|m| m.identity_created_call_indexes())??, - SgxParentchainTypeConverter::convert(who), - aes_encrypt_default(&key, &identity.encode()), - aes_encrypt_default(&key, &code.encode()), - aes_encrypt_default(&key, &id_graph.encode()), - ))); + if let Some(key) = IdentityManagement::user_shielding_keys(&who) { + let id_graph = + ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); + calls.push(OpaqueCall::from_tuple(&( + node_metadata_repo + .get_from_metadata(|m| m.identity_created_call_indexes())??, + SgxParentchainTypeConverter::convert(who), + aes_encrypt_default(&key, &identity.encode()), + aes_encrypt_default(&key, &code.encode()), + aes_encrypt_default(&key, &id_graph.encode()), + ))); + } else { + add_call_from_imp_error( + calls, + node_metadata_repo, + IMPError::InvalidUserShieldingKey, + ); + } }, Err(e) => { debug!( @@ -530,18 +535,23 @@ where { Ok(()) => { debug!("remove_identity_runtime {} OK", account_id_to_string(&who)); - // For sure to get key here. It's already checked in pallet: - // ita_sgx_runtime::IdentityManagementCall::::remove_identity - let key = IdentityManagement::user_shielding_keys(&who).unwrap(); - let id_graph = - ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); - calls.push(OpaqueCall::from_tuple(&( - node_metadata_repo - .get_from_metadata(|m| m.identity_removed_call_indexes())??, - SgxParentchainTypeConverter::convert(who), - aes_encrypt_default(&key, &identity.encode()), - aes_encrypt_default(&key, &id_graph.encode()), - ))); + if let Some(key) = IdentityManagement::user_shielding_keys(&who) { + let id_graph = + ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); + calls.push(OpaqueCall::from_tuple(&( + node_metadata_repo + .get_from_metadata(|m| m.identity_removed_call_indexes())??, + SgxParentchainTypeConverter::convert(who), + aes_encrypt_default(&key, &identity.encode()), + aes_encrypt_default(&key, &id_graph.encode()), + ))); + } else { + add_call_from_imp_error( + calls, + node_metadata_repo, + IMPError::InvalidUserShieldingKey, + ); + } }, Err(e) => { debug!( @@ -589,18 +599,23 @@ where ) { Ok(()) => { debug!("verify_identity_runtime {} OK", account_id_to_string(&who)); - // For sure to get key here. It's already checked in pallet: - // ita_sgx_runtime::IdentityManagementCall::::verify_identity - let key = IdentityManagement::user_shielding_keys(&who).unwrap(); - let id_graph = - ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); - calls.push(OpaqueCall::from_tuple(&( - node_metadata_repo - .get_from_metadata(|m| m.identity_verified_call_indexes())??, - SgxParentchainTypeConverter::convert(who), - aes_encrypt_default(&key, &identity.encode()), - aes_encrypt_default(&key, &id_graph.encode()), - ))); + if let Some(key) = IdentityManagement::user_shielding_keys(&who) { + let id_graph = + ita_sgx_runtime::pallet_imt::Pallet::::get_id_graph(&who); + calls.push(OpaqueCall::from_tuple(&( + node_metadata_repo + .get_from_metadata(|m| m.identity_verified_call_indexes())??, + SgxParentchainTypeConverter::convert(who), + aes_encrypt_default(&key, &identity.encode()), + aes_encrypt_default(&key, &id_graph.encode()), + ))); + } else { + add_call_from_imp_error( + calls, + node_metadata_repo, + IMPError::InvalidUserShieldingKey, + ); + } }, Err(e) => { debug!( From 57a61c395fadeb24a3a275ad38d1e27d09e888fb Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Fri, 17 Mar 2023 20:47:36 +0000 Subject: [PATCH 05/12] add ts test --- tee-worker/ts-tests/identity.test.ts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tee-worker/ts-tests/identity.test.ts b/tee-worker/ts-tests/identity.test.ts index d66957577f..d0bf2d4244 100644 --- a/tee-worker/ts-tests/identity.test.ts +++ b/tee-worker/ts-tests/identity.test.ts @@ -121,6 +121,16 @@ describeLitentry('Test Identity', (context) => { var signature_ethereum; var signature_substrate; + step('Invalid user shielding key', async function () { + const encode = context.substrate.createType('LitentryIdentity', substrateIdentity).toHex(); + const ciphertext = encryptWithTeeShieldingKey(context.teeShieldingKey, encode).toString('hex'); + const tx = context.substrate.tx.identityManagement.createIdentity(context.mrEnclave, context.defaultSigner[0].address, `0x${ciphertext}`, null); + await sendTxUntilInBlock(context.substrate, tx, context.defaultSigner[0]); + + const events = await listenEvent(context.substrate, 'identityManagement', ['StfError']); + expect(events.length).to.be.equal(1); + }) + step('set user shielding key', async function () { const alice = await setUserShieldingKey(context, context.defaultSigner[0], aesKey, true); assert.equal(alice, u8aToHex(context.defaultSigner[0].addressRaw), 'check caller error'); From 2bb3b773bbfe187130c25c679f5ac88a25bcbe63 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sat, 18 Mar 2023 00:23:20 +0000 Subject: [PATCH 06/12] use runtime network type --- .../litentry/core/data-providers/src/graphql.rs | 1 + .../litentry/pallets/identity-management/src/lib.rs | 2 +- tee-worker/litentry/primitives/src/identity.rs | 13 +++++++++++++ tee-worker/ts-tests/identity.test.ts | 3 ++- tee-worker/ts-tests/type-definitions.ts | 4 ++-- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/tee-worker/litentry/core/data-providers/src/graphql.rs b/tee-worker/litentry/core/data-providers/src/graphql.rs index 47b3f22d69..bc2af341ed 100644 --- a/tee-worker/litentry/core/data-providers/src/graphql.rs +++ b/tee-worker/litentry/core/data-providers/src/graphql.rs @@ -65,6 +65,7 @@ impl From for VerifiedCredentialsNetwork { SubstrateNetwork::Polkadot => Self::Polkadot, SubstrateNetwork::Kusama => Self::Kusama, SubstrateNetwork::Khala => Self::Khala, + SubstrateNetwork::TestNet => todo!(), } } } diff --git a/tee-worker/litentry/pallets/identity-management/src/lib.rs b/tee-worker/litentry/pallets/identity-management/src/lib.rs index e9c36dd3cb..ae58f14a5b 100644 --- a/tee-worker/litentry/pallets/identity-management/src/lib.rs +++ b/tee-worker/litentry/pallets/identity-management/src/lib.rs @@ -222,7 +222,7 @@ pub mod pallet { } let prime_id = Identity::Substrate { - network: SubstrateNetwork::Litentry, + network: SubstrateNetwork::get_network(parent_ss58_prefix), address: prime_user_address, }; if IDGraphs::::get(&who, &prime_id).is_none() { diff --git a/tee-worker/litentry/primitives/src/identity.rs b/tee-worker/litentry/primitives/src/identity.rs index f2abf3f12f..0f8d410588 100644 --- a/tee-worker/litentry/primitives/src/identity.rs +++ b/tee-worker/litentry/primitives/src/identity.rs @@ -73,6 +73,7 @@ pub enum SubstrateNetwork { Litentry, Litmus, Khala, + TestNet, } impl SubstrateNetwork { @@ -84,6 +85,18 @@ impl SubstrateNetwork { Self::Litentry => 31, Self::Litmus => 131, Self::Khala => 30, + Self::TestNet => 13, + } + } + + pub fn get_network(prefix: u16) -> Self { + match prefix { + 0 => Self::Polkadot, + 2 => Self::Kusama, + 31 => Self::Litentry, + 131 => Self::Litmus, + 30 => Self::Khala, + _ => Self::TestNet, } } } diff --git a/tee-worker/ts-tests/identity.test.ts b/tee-worker/ts-tests/identity.test.ts index 280a4571d3..ce40db45c2 100644 --- a/tee-worker/ts-tests/identity.test.ts +++ b/tee-worker/ts-tests/identity.test.ts @@ -343,7 +343,8 @@ describeLitentry('Test Identity', (context) => { const substratePrimeIdentity = { Substrate: { address: `0x${Buffer.from(context.defaultSigner[0].publicKey).toString('hex')}`, - network: 'Litentry', + // When testing with integritee-node, change network to: TestNet + network: 'Litmus', }, }; diff --git a/tee-worker/ts-tests/type-definitions.ts b/tee-worker/ts-tests/type-definitions.ts index 47b39bc367..cde9e2bb27 100644 --- a/tee-worker/ts-tests/type-definitions.ts +++ b/tee-worker/ts-tests/type-definitions.ts @@ -90,7 +90,7 @@ export const teeTypes = { _enum: ['Twitter', 'Discord', 'Github'], }, SubstrateNetwork: { - _enum: ['Polkadot', 'Kusama', 'Litentry', 'Litmus'], + _enum: ['Polkadot', 'Kusama', 'Litentry', 'Litmus', 'Khala', 'TestNet'], }, EvmNetwork: { _enum: ['Ethereum', 'BSC'], @@ -275,7 +275,7 @@ export type Web3Network = { }; export type Web2Network = 'Twitter' | 'Discord' | 'Github'; -export type SubstrateNetwork = 'Polkadot' | 'Kusama' | 'Litentry' | 'Litmus'; +export type SubstrateNetwork = 'Polkadot' | 'Kusama' | 'Litentry' | 'Litmus' | 'Khala' | 'TestNet'; export type EvmNetwork = 'Ethereum' | 'BSC'; export type IdentityGenericEvent = { From 32927fe47122c88e088c052f6ba7d3c08398d852 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sat, 18 Mar 2023 11:30:55 +0000 Subject: [PATCH 07/12] fix unit test --- .../litentry/pallets/identity-management/src/tests.rs | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/tee-worker/litentry/pallets/identity-management/src/tests.rs b/tee-worker/litentry/pallets/identity-management/src/tests.rs index 8be1d1f66c..8953a0ae4f 100644 --- a/tee-worker/litentry/pallets/identity-management/src/tests.rs +++ b/tee-worker/litentry/pallets/identity-management/src/tests.rs @@ -86,7 +86,7 @@ fn remove_identity_works() { )); let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); - let ss58_prefix = 131_u16; + let ss58_prefix = 31_u16; assert_noop!( IMT::remove_identity(RuntimeOrigin::signed(ALICE), BOB, alice_web3_identity()), Error::::IdentityNotExist @@ -307,6 +307,13 @@ fn verify_identity_fails_when_too_late() { #[test] fn get_id_graph_with_max_len_works() { new_test_ext().execute_with(|| { + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + assert_ok!(IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone() + )); + // fill in 21 identities, starting from 1 to reserve place for prime_id for i in 1..22 { assert_ok!(IMT::create_identity( @@ -333,6 +340,6 @@ fn get_id_graph_with_max_len_works() { let id_graph = IMT::get_id_graph_with_max_len(&BOB, 30); assert_eq!(id_graph.len(), 22); assert_eq!(String::from_utf8(id_graph.get(0).unwrap().0.flat()).unwrap(), "did:twitter:web2:_:alice21"); - assert_eq!(String::from_utf8(id_graph.get(21).unwrap().0.flat()).unwrap(), "did:litentry:web3:substrate:0x0202020202020202020202020202020202020202020202020202020202020202"); + assert_eq!(String::from_utf8(id_graph.get(21).unwrap().0.flat()).unwrap(), "did:litmus:web3:substrate:0x0202020202020202020202020202020202020202020202020202020202020202"); }); } From 97a1c23f4e21583e99f24552836447de110e2fcd Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sat, 18 Mar 2023 19:15:06 +0000 Subject: [PATCH 08/12] simply rename --- tee-worker/litentry/pallets/identity-management/src/lib.rs | 2 +- tee-worker/litentry/primitives/src/identity.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tee-worker/litentry/pallets/identity-management/src/lib.rs b/tee-worker/litentry/pallets/identity-management/src/lib.rs index ae58f14a5b..9996bef4a2 100644 --- a/tee-worker/litentry/pallets/identity-management/src/lib.rs +++ b/tee-worker/litentry/pallets/identity-management/src/lib.rs @@ -222,7 +222,7 @@ pub mod pallet { } let prime_id = Identity::Substrate { - network: SubstrateNetwork::get_network(parent_ss58_prefix), + network: SubstrateNetwork::from_ss58_prefix(parent_ss58_prefix), address: prime_user_address, }; if IDGraphs::::get(&who, &prime_id).is_none() { diff --git a/tee-worker/litentry/primitives/src/identity.rs b/tee-worker/litentry/primitives/src/identity.rs index 0f8d410588..c7d58d11bd 100644 --- a/tee-worker/litentry/primitives/src/identity.rs +++ b/tee-worker/litentry/primitives/src/identity.rs @@ -89,7 +89,7 @@ impl SubstrateNetwork { } } - pub fn get_network(prefix: u16) -> Self { + pub fn from_ss58_prefix(prefix: u16) -> Self { match prefix { 0 => Self::Polkadot, 2 => Self::Kusama, From f568ce4b7a6895aa5001a26f01f8789219ccd3e4 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sat, 18 Mar 2023 19:31:13 +0000 Subject: [PATCH 09/12] only log is enough --- tee-worker/app-libs/stf/src/trusted_call.rs | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/tee-worker/app-libs/stf/src/trusted_call.rs b/tee-worker/app-libs/stf/src/trusted_call.rs index 367f7774b8..313ba5e533 100644 --- a/tee-worker/app-libs/stf/src/trusted_call.rs +++ b/tee-worker/app-libs/stf/src/trusted_call.rs @@ -508,11 +508,7 @@ where aes_encrypt_default(&key, &code.encode()), ))); } else { - add_call_from_imp_error( - calls, - node_metadata_repo, - IMPError::InvalidUserShieldingKey, - ); + error!("Can't create identity: InvalidUserShieldingKey"); } }, Err(e) => { @@ -544,11 +540,7 @@ where aes_encrypt_default(&key, &identity.encode()), ))); } else { - add_call_from_imp_error( - calls, - node_metadata_repo, - IMPError::InvalidUserShieldingKey, - ); + error!("Can't remove identity: InvalidUserShieldingKey"); } }, Err(e) => { @@ -608,11 +600,7 @@ where aes_encrypt_default(&key, &id_graph.encode()), ))); } else { - add_call_from_imp_error( - calls, - node_metadata_repo, - IMPError::InvalidUserShieldingKey, - ); + error!("Can't verify identity: InvalidUserShieldingKey"); } }, Err(e) => { From a3e61f6dcd5b61b15f733c89f3b75f22bb61a664 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sat, 18 Mar 2023 19:36:47 +0000 Subject: [PATCH 10/12] add extra unit test to check InvalidUserShieldingKey --- tee-worker/litentry/pallets/identity-management/src/tests.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tee-worker/litentry/pallets/identity-management/src/tests.rs b/tee-worker/litentry/pallets/identity-management/src/tests.rs index 8953a0ae4f..b2dfb502cd 100644 --- a/tee-worker/litentry/pallets/identity-management/src/tests.rs +++ b/tee-worker/litentry/pallets/identity-management/src/tests.rs @@ -78,6 +78,11 @@ fn create_identity_works() { #[test] fn remove_identity_works() { new_test_ext().execute_with(|| { + assert_noop!( + IMT::remove_identity(RuntimeOrigin::signed(ALICE), BOB, alice_web3_identity()), + Error::::InvalidUserShieldingKey + ); + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; assert_ok!(IMT::set_user_shielding_key( RuntimeOrigin::signed(ALICE), From 059a7f633b3d175e67f20a7e85d8e5465dff0ef2 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sat, 18 Mar 2023 21:53:50 +0000 Subject: [PATCH 11/12] refactor: move duplicate code --- .../pallets/identity-management/src/mock.rs | 22 ++++++++- .../pallets/identity-management/src/tests.rs | 45 +------------------ 2 files changed, 23 insertions(+), 44 deletions(-) diff --git a/tee-worker/litentry/pallets/identity-management/src/mock.rs b/tee-worker/litentry/pallets/identity-management/src/mock.rs index d754da2633..429ab8d6bb 100644 --- a/tee-worker/litentry/pallets/identity-management/src/mock.rs +++ b/tee-worker/litentry/pallets/identity-management/src/mock.rs @@ -15,13 +15,16 @@ // along with Litentry. If not, see . use crate as pallet_tee_identity_management; +use crate::UserShieldingKeyType; use frame_support::{ ord_parameter_types, parameter_types, traits::{ConstU128, ConstU16, ConstU32}, }; use frame_system as system; use frame_system::EnsureSignedBy; -use litentry_primitives::{Identity, IdentityString, SubstrateNetwork, Web2Network}; +use litentry_primitives::{ + Identity, IdentityString, SubstrateNetwork, Web2Network, USER_SHIELDING_KEY_LEN, +}; use sp_core::H256; use sp_runtime::{ testing::Header, @@ -102,6 +105,9 @@ impl pallet_tee_identity_management::Config for Test { const ALICE_KEY: &str = "0xd43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d"; +pub const ALICE: AccountId32 = AccountId32::new([1u8; 32]); +pub const BOB: AccountId32 = AccountId32::new([2u8; 32]); + pub fn alice_twitter_identity(suffix: u32) -> Identity { let address = IdentityString::try_from(format!("alice{}", suffix).as_bytes().to_vec()) .expect("convert to BoundedVec failed"); @@ -119,12 +125,26 @@ pub fn bob_web3_identity() -> Identity { Identity::Substrate { network: SubstrateNetwork::Litentry, address: bob_key_hex.into() } } +pub fn new_test_ext_wo_shielding_key() -> sp_io::TestExternalities { + let t = system::GenesisConfig::default().build_storage::().unwrap(); + + let mut ext = sp_io::TestExternalities::new(t); + ext.execute_with(|| { + System::set_block_number(1); + }); + ext +} + pub fn new_test_ext() -> sp_io::TestExternalities { let t = system::GenesisConfig::default().build_storage::().unwrap(); let mut ext = sp_io::TestExternalities::new(t); ext.execute_with(|| { System::set_block_number(1); + + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + let _ = + IMT::set_user_shielding_key(RuntimeOrigin::signed(ALICE), BOB, shielding_key.clone()); }); ext } diff --git a/tee-worker/litentry/pallets/identity-management/src/tests.rs b/tee-worker/litentry/pallets/identity-management/src/tests.rs index b2dfb502cd..1bc3101df7 100644 --- a/tee-worker/litentry/pallets/identity-management/src/tests.rs +++ b/tee-worker/litentry/pallets/identity-management/src/tests.rs @@ -27,7 +27,7 @@ pub const BOB: AccountId32 = AccountId32::new([2u8; 32]); #[test] fn set_user_shielding_key_works() { - new_test_ext().execute_with(|| { + new_test_ext_wo_shielding_key().execute_with(|| { let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; assert_eq!(IMT::user_shielding_keys(BOB), None); assert_ok!(IMT::set_user_shielding_key( @@ -46,13 +46,6 @@ fn set_user_shielding_key_works() { #[test] fn create_identity_works() { new_test_ext().execute_with(|| { - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - assert_ok!(IMT::set_user_shielding_key( - RuntimeOrigin::signed(ALICE), - BOB, - shielding_key.clone() - )); - let ss58_prefix = 131_u16; let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); assert_ok!(IMT::create_identity( @@ -77,7 +70,7 @@ fn create_identity_works() { #[test] fn remove_identity_works() { - new_test_ext().execute_with(|| { + new_test_ext_wo_shielding_key().execute_with(|| { assert_noop!( IMT::remove_identity(RuntimeOrigin::signed(ALICE), BOB, alice_web3_identity()), Error::::InvalidUserShieldingKey @@ -134,13 +127,6 @@ fn remove_identity_works() { #[test] fn verify_identity_works() { new_test_ext().execute_with(|| { - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - assert_ok!(IMT::set_user_shielding_key( - RuntimeOrigin::signed(ALICE), - BOB, - shielding_key.clone() - )); - let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -172,13 +158,6 @@ fn verify_identity_works() { #[test] fn get_id_graph_works() { new_test_ext().execute_with(|| { - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - assert_ok!(IMT::set_user_shielding_key( - RuntimeOrigin::signed(ALICE), - BOB, - shielding_key.clone() - )); - let metadata3: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -228,13 +207,6 @@ fn verify_identity_fails_when_too_early() { const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 2; const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 1; - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - assert_ok!(IMT::set_user_shielding_key( - RuntimeOrigin::signed(ALICE), - BOB, - shielding_key.clone() - )); - let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -272,12 +244,6 @@ fn verify_identity_fails_when_too_late() { const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 1; const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 5; - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - assert_ok!(IMT::set_user_shielding_key( - RuntimeOrigin::signed(ALICE), - BOB, - shielding_key.clone() - )); let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -312,13 +278,6 @@ fn verify_identity_fails_when_too_late() { #[test] fn get_id_graph_with_max_len_works() { new_test_ext().execute_with(|| { - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - assert_ok!(IMT::set_user_shielding_key( - RuntimeOrigin::signed(ALICE), - BOB, - shielding_key.clone() - )); - // fill in 21 identities, starting from 1 to reserve place for prime_id for i in 1..22 { assert_ok!(IMT::create_identity( From 28bdb17273416b952469b4a69b21a0b43bc55705 Mon Sep 17 00:00:00 2001 From: BillyWooo Date: Sun, 19 Mar 2023 21:22:18 +0000 Subject: [PATCH 12/12] refactor to remove duplicate code --- .../pallets/identity-management/src/mock.rs | 23 ++++++++----------- .../pallets/identity-management/src/tests.rs | 16 ++++++------- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/tee-worker/litentry/pallets/identity-management/src/mock.rs b/tee-worker/litentry/pallets/identity-management/src/mock.rs index 429ab8d6bb..a458ce8775 100644 --- a/tee-worker/litentry/pallets/identity-management/src/mock.rs +++ b/tee-worker/litentry/pallets/identity-management/src/mock.rs @@ -125,26 +125,21 @@ pub fn bob_web3_identity() -> Identity { Identity::Substrate { network: SubstrateNetwork::Litentry, address: bob_key_hex.into() } } -pub fn new_test_ext_wo_shielding_key() -> sp_io::TestExternalities { - let t = system::GenesisConfig::default().build_storage::().unwrap(); - - let mut ext = sp_io::TestExternalities::new(t); - ext.execute_with(|| { - System::set_block_number(1); - }); - ext -} - -pub fn new_test_ext() -> sp_io::TestExternalities { +pub fn new_test_ext(set_shielding_key: bool) -> sp_io::TestExternalities { let t = system::GenesisConfig::default().build_storage::().unwrap(); let mut ext = sp_io::TestExternalities::new(t); ext.execute_with(|| { System::set_block_number(1); - let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; - let _ = - IMT::set_user_shielding_key(RuntimeOrigin::signed(ALICE), BOB, shielding_key.clone()); + if set_shielding_key { + let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; + let _ = IMT::set_user_shielding_key( + RuntimeOrigin::signed(ALICE), + BOB, + shielding_key.clone(), + ); + } }); ext } diff --git a/tee-worker/litentry/pallets/identity-management/src/tests.rs b/tee-worker/litentry/pallets/identity-management/src/tests.rs index 1bc3101df7..eac9b5a0fb 100644 --- a/tee-worker/litentry/pallets/identity-management/src/tests.rs +++ b/tee-worker/litentry/pallets/identity-management/src/tests.rs @@ -27,7 +27,7 @@ pub const BOB: AccountId32 = AccountId32::new([2u8; 32]); #[test] fn set_user_shielding_key_works() { - new_test_ext_wo_shielding_key().execute_with(|| { + new_test_ext(false).execute_with(|| { let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN]; assert_eq!(IMT::user_shielding_keys(BOB), None); assert_ok!(IMT::set_user_shielding_key( @@ -45,7 +45,7 @@ fn set_user_shielding_key_works() { #[test] fn create_identity_works() { - new_test_ext().execute_with(|| { + new_test_ext(true).execute_with(|| { let ss58_prefix = 131_u16; let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); assert_ok!(IMT::create_identity( @@ -70,7 +70,7 @@ fn create_identity_works() { #[test] fn remove_identity_works() { - new_test_ext_wo_shielding_key().execute_with(|| { + new_test_ext(false).execute_with(|| { assert_noop!( IMT::remove_identity(RuntimeOrigin::signed(ALICE), BOB, alice_web3_identity()), Error::::InvalidUserShieldingKey @@ -126,7 +126,7 @@ fn remove_identity_works() { #[test] fn verify_identity_works() { - new_test_ext().execute_with(|| { + new_test_ext(true).execute_with(|| { let metadata: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -157,7 +157,7 @@ fn verify_identity_works() { #[test] fn get_id_graph_works() { - new_test_ext().execute_with(|| { + new_test_ext(true).execute_with(|| { let metadata3: MetadataOf = vec![0u8; 16].try_into().unwrap(); let ss58_prefix = 131_u16; assert_ok!(IMT::create_identity( @@ -203,7 +203,7 @@ fn get_id_graph_works() { #[test] fn verify_identity_fails_when_too_early() { - new_test_ext().execute_with(|| { + new_test_ext(true).execute_with(|| { const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 2; const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 1; @@ -240,7 +240,7 @@ fn verify_identity_fails_when_too_early() { #[test] fn verify_identity_fails_when_too_late() { - new_test_ext().execute_with(|| { + new_test_ext(true).execute_with(|| { const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 1; const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 5; @@ -277,7 +277,7 @@ fn verify_identity_fails_when_too_late() { #[test] fn get_id_graph_with_max_len_works() { - new_test_ext().execute_with(|| { + new_test_ext(true).execute_with(|| { // fill in 21 identities, starting from 1 to reserve place for prime_id for i in 1..22 { assert_ok!(IMT::create_identity(