mirror of
https://github.com/bisq-network/bisq.git
synced 2024-11-19 01:41:11 +01:00
[BUGFIX] Validate Entry.receiversPubKey for MailboxPayloads
The remove code checks to ensure these fields match, but the add code never did. This could lead to a situation where a MailboxStoragePayload could be added, but never removed.
This commit is contained in:
parent
9ffbcf795e
commit
bdfe32bd18
@ -94,6 +94,13 @@ public class ProtectedMailboxStorageEntry extends ProtectedStorageEntry {
|
||||
return false;
|
||||
|
||||
MailboxStoragePayload mailboxStoragePayload = this.getMailboxStoragePayload();
|
||||
|
||||
// Verify the Entry.receiversPubKey matches the Payload.ownerPubKey. This is a requirement for removal
|
||||
if (!mailboxStoragePayload.getOwnerPubKey().equals(this.receiversPubKey)) {
|
||||
log.debug("Entry receiversPubKey does not match payload owner which is a requirement for adding MailboxStoragePayloads");
|
||||
return false;
|
||||
}
|
||||
|
||||
boolean result = mailboxStoragePayload.getSenderPubKeyForAddOperation() != null &&
|
||||
mailboxStoragePayload.getSenderPubKeyForAddOperation().equals(this.getOwnerPubKey());
|
||||
|
||||
|
@ -94,8 +94,6 @@ public class ProtectedMailboxStorageEntryTest {
|
||||
}
|
||||
|
||||
// TESTCASE: validForAddOperation() should fail if Entry.receiversPubKey and Payload.ownerPubKey don't match
|
||||
// XXXBUGXXX: The current code doesn't validate this mismatch, but it would create an added payload that could never
|
||||
// be removed since the remove code requires Entry.receiversPubKey == Payload.ownerPubKey
|
||||
@Test
|
||||
public void isValidForAddOperation_EntryReceiverPayloadReceiverMismatch() throws NoSuchAlgorithmException, CryptoException {
|
||||
KeyPair senderKeys = TestUtils.generateKeyPair();
|
||||
@ -104,8 +102,7 @@ public class ProtectedMailboxStorageEntryTest {
|
||||
MailboxStoragePayload mailboxStoragePayload = buildMailboxStoragePayload(senderKeys.getPublic(), receiverKeys.getPublic());
|
||||
ProtectedStorageEntry protectedStorageEntry = buildProtectedMailboxStorageEntry(mailboxStoragePayload, senderKeys, senderKeys.getPublic(), 1);
|
||||
|
||||
// should be assertFalse
|
||||
Assert.assertTrue(protectedStorageEntry.isValidForAddOperation());
|
||||
Assert.assertFalse(protectedStorageEntry.isValidForAddOperation());
|
||||
}
|
||||
|
||||
// TESTCASE: validForAddOperation() should fail if the signature isn't valid
|
||||
|
Loading…
Reference in New Issue
Block a user