highperfocused/amethyst
1
0
Fork 0
mirror of https://github.com/vitorpamplona/amethyst.git synced 2025-06-23 18:30:52 +02:00
Code Issues Packages Projects Releases Wiki Activity

Avoids testing the signature when the id or sig fields are blank

Browse Source
This commit is contained in:
Vitor Pamplona 2023-10-16 11:54:56 -04:00
parent 4286b64b41
commit c29b4b8e5f
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
benchmark/src/androidTest/java/com/vitorpamplona/amethyst/benchmark/EventBenchmark.kt
View File

@ -74,7 +74,7 @@ class EventBenchmark {
val event = Event.fromJson(msg[2]) val event = Event.fromJson(msg[2])
benchmarkRule.measureRepeated { benchmarkRule.measureRepeated {
// Should pass // Should pass
assertTrue( event.hasVerifedSignature() ) assertTrue( event.hasVerifiedSignature() )
} }
} }

2
benchmark/src/androidTest/java/com/vitorpamplona/amethyst/benchmark/GiftWrapReceivingBenchmark.kt
View File

@ -114,7 +114,7 @@ class GiftWrapReceivingBenchmark {
) )
benchmarkRule.measureRepeated { benchmarkRule.measureRepeated {
wrap.hasVerifedSignature() wrap.hasVerifiedSignature()
} }
} }

15
quartz/src/main/java/com/vitorpamplona/quartz/events/Event.kt
View File

@ -217,8 +217,15 @@ open class Event(
return "nostr:${toNIP19()}" return "nostr:${toNIP19()}"
} }
fun hasCorrectIDHash() = id.equals(generateId()) fun hasCorrectIDHash(): Boolean {
fun hasVerifedSignature() = CryptoUtils.verifySignature(Hex.decode(sig), Hex.decode(id), Hex.decode(pubKey)) if (id.isEmpty()) return false
return id.equals(generateId())
}
fun hasVerifiedSignature(): Boolean {
if (id.isEmpty() || sig.isEmpty()) return false
return CryptoUtils.verifySignature(Hex.decode(sig), Hex.decode(id), Hex.decode(pubKey))
}
/** /**
* Checks if the ID is correct and then if the pubKey's secret key signed the event. * Checks if the ID is correct and then if the pubKey's secret key signed the event.
@ -233,14 +240,14 @@ open class Event(
""".trimIndent() """.trimIndent()
) )
} }
if (!hasVerifedSignature()) { if (!hasVerifiedSignature()) {
throw Exception("""Bad signature!""") throw Exception("""Bad signature!""")
} }
} }
override fun hasValidSignature(): Boolean { override fun hasValidSignature(): Boolean {
return try { return try {
hasCorrectIDHash() && hasVerifedSignature() hasCorrectIDHash() && hasVerifiedSignature()
} catch (e: Exception) { } catch (e: Exception) {
Log.w("Event", "Event $id does not have a valid signature: ${toJson()}", e) Log.w("Event", "Event $id does not have a valid signature: ${toJson()}", e)
false false