@enactprotocol/shared 1.2.5 → 1.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/EnactCore.js +6 -3
- package/package.json +1 -1
- package/src/core/EnactCore.ts +7 -3
package/dist/core/EnactCore.js
CHANGED
|
@@ -288,7 +288,10 @@ export class EnactCore {
|
|
|
288
288
|
throw new Error(`Tool ${tool.name} does not have any signatures`);
|
|
289
289
|
}
|
|
290
290
|
const documentForVerification = {
|
|
291
|
-
command: tool.command
|
|
291
|
+
command: tool.command,
|
|
292
|
+
description: tool.description,
|
|
293
|
+
from: tool.from,
|
|
294
|
+
name: tool.name,
|
|
292
295
|
};
|
|
293
296
|
const referenceSignature = {
|
|
294
297
|
signature: tool.signatures[0].value,
|
|
@@ -297,14 +300,14 @@ export class EnactCore {
|
|
|
297
300
|
timestamp: new Date(tool.signatures[0].created).getTime()
|
|
298
301
|
};
|
|
299
302
|
// Check what canonical document looks like
|
|
300
|
-
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
|
|
303
|
+
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command', 'description', 'from', 'name'] });
|
|
301
304
|
const docString = JSON.stringify(canonicalDoc);
|
|
302
305
|
const messageHash = CryptoUtils.hash(docString);
|
|
303
306
|
// Test direct crypto verification
|
|
304
307
|
const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
|
|
305
308
|
// Check trusted keys
|
|
306
309
|
// const trustedKeys = KeyManager.getAllTrustedPublicKeys();
|
|
307
|
-
const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command'] });
|
|
310
|
+
const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command', 'description', 'from', 'name'] });
|
|
308
311
|
// console.log("Final verification result:", isValid);
|
|
309
312
|
if (!isValid) {
|
|
310
313
|
throw new Error(`Tool ${tool.name} has invalid signatures`);
|
package/package.json
CHANGED
package/src/core/EnactCore.ts
CHANGED
|
@@ -420,7 +420,10 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
|
|
|
420
420
|
}
|
|
421
421
|
|
|
422
422
|
const documentForVerification = {
|
|
423
|
-
command: tool.command
|
|
423
|
+
command: tool.command,
|
|
424
|
+
description: tool.description,
|
|
425
|
+
from: tool.from,
|
|
426
|
+
name: tool.name,
|
|
424
427
|
};
|
|
425
428
|
|
|
426
429
|
const referenceSignature = {
|
|
@@ -432,7 +435,8 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
|
|
|
432
435
|
|
|
433
436
|
|
|
434
437
|
// Check what canonical document looks like
|
|
435
|
-
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification,
|
|
438
|
+
const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command', 'description', 'from', 'name'] }
|
|
439
|
+
);
|
|
436
440
|
|
|
437
441
|
const docString = JSON.stringify(canonicalDoc);
|
|
438
442
|
const messageHash = CryptoUtils.hash(docString);
|
|
@@ -451,7 +455,7 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
|
|
|
451
455
|
const isValid = SigningService.verifyDocument(
|
|
452
456
|
documentForVerification,
|
|
453
457
|
referenceSignature,
|
|
454
|
-
|
|
458
|
+
{ includeFields: ['command', 'description', 'from', 'name'] }
|
|
455
459
|
);
|
|
456
460
|
|
|
457
461
|
// console.log("Final verification result:", isValid);
|