Avoids testing the signature when the id or sig fields are blank

2025-04-11 05:19:46 +02:00 · 2023-10-16 11:54:56 -04:00 · 2023-10-16 11:54:56 -04:00 · c29b4b8e5f
commit c29b4b8e5f
parent 4286b64b41
3 changed files with 13 additions and 6 deletions
--- a/benchmark/src/androidTest/java/com/vitorpamplona/amethyst/benchmark/EventBenchmark.kt
+++ b/benchmark/src/androidTest/java/com/vitorpamplona/amethyst/benchmark/EventBenchmark.kt
@ -74,7 +74,7 @@ class EventBenchmark {
        val event = Event.fromJson(msg[2])
        benchmarkRule.measureRepeated {
            // Should pass
-            assertTrue( event.hasVerifedSignature() )
+            assertTrue( event.hasVerifiedSignature() )
        }
    }

--- a/benchmark/src/androidTest/java/com/vitorpamplona/amethyst/benchmark/GiftWrapReceivingBenchmark.kt
+++ b/benchmark/src/androidTest/java/com/vitorpamplona/amethyst/benchmark/GiftWrapReceivingBenchmark.kt
@ -114,7 +114,7 @@ class GiftWrapReceivingBenchmark {
        )

        benchmarkRule.measureRepeated {
-            wrap.hasVerifedSignature()
+            wrap.hasVerifiedSignature()
        }
    }

--- a/quartz/src/main/java/com/vitorpamplona/quartz/events/Event.kt
+++ b/quartz/src/main/java/com/vitorpamplona/quartz/events/Event.kt
@ -217,8 +217,15 @@ open class Event(
        return "nostr:${toNIP19()}"
    }

-    fun hasCorrectIDHash() = id.equals(generateId())
-    fun hasVerifedSignature() = CryptoUtils.verifySignature(Hex.decode(sig), Hex.decode(id), Hex.decode(pubKey))
+    fun hasCorrectIDHash(): Boolean {
+        if (id.isEmpty()) return false
+        return id.equals(generateId())
+    }
+
+    fun hasVerifiedSignature(): Boolean {
+        if (id.isEmpty() || sig.isEmpty()) return false
+        return CryptoUtils.verifySignature(Hex.decode(sig), Hex.decode(id), Hex.decode(pubKey))
+    }

    /**
     * Checks if the ID is correct and then if the pubKey's secret key signed the event.
@ -233,14 +240,14 @@ open class Event(
                """.trimIndent()
            )
        }
-        if (!hasVerifedSignature()) {
+        if (!hasVerifiedSignature()) {
            throw Exception("""Bad signature!""")
        }
    }

    override fun hasValidSignature(): Boolean {
        return try {
-            hasCorrectIDHash() && hasVerifedSignature()
+            hasCorrectIDHash() && hasVerifiedSignature()
        } catch (e: Exception) {
            Log.w("Event", "Event $id does not have a valid signature: ${toJson()}", e)
            false