@ibgib/core-gib 0.1.58 → 0.1.60

package/src/sync/sync-saga-context/sync-saga-context-helpers.mts

@@ -2,25 +2,25 @@
  * @module sync saga context helpers
  */
 
-import { extractErrorMsg, getTimestamp } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
-import { Factory_V1 } from '@ibgib/ts-gib/dist/V1/factory.mjs';
-import { getIbGibAddr } from '@ibgib/ts-gib/dist/helper.mjs';
-import { IbGib_V1, } from '@ibgib/ts-gib/dist/V1/types.mjs';
-import { Ib } from '@ibgib/ts-gib/dist/types.mjs';
+import { extractErrorMsg, pretty, } from '@ibgib/helper-gib/dist/helpers/utils-helper.mjs';
+import { getIbGibAddr, } from '@ibgib/ts-gib/dist/helper.mjs';
+import { Ib, } from '@ibgib/ts-gib/dist/types.mjs';
 import { validateIbGibIntrinsically } from '@ibgib/ts-gib/dist/V1/validate-helper.mjs';
 
 import { GLOBAL_LOG_A_LOT } from '../../core-constants.mjs';
 import { SYNC_SAGA_CONTEXT_ATOM } from './sync-saga-context-constants.mjs';
-import { SYNC_SAGA_PAYLOAD_ADDRS_DOMAIN } from '../sync-constants.mjs';
+import { SYNC_SAGA_PAYLOAD_ADDRS_DOMAIN, SYNC_MSG_REL8N_NAME } from '../sync-constants.mjs';
 import {
     SyncSagaContextData_V1, SyncSagaContextIbGib_V1, SyncSagaContextIb_V1,
-    SyncSagaContextRel8ns_V1,
 } from './sync-saga-context-types.mjs';
 import { IbGibSpaceAny } from '../../witness/space/space-base-v1.mjs';
-import { getFromSpace, putInSpace, registerNewIbGib } from '../../witness/space/space-helper.mjs';
-import { SyncIbGib_V1, SyncSagaFrameDependencyGraph } from '../sync-types.mjs';
+import { getFromSpace, getLatestAddrs, getTjpIbGib } from '../../witness/space/space-helper.mjs';
+import { SessionGenesisFrameDetails, } from '../sync-types.mjs';
 import { validateSyncSagaFrame } from '../sync-helpers.mjs';
-import { isIbGibWithAtom } from '../../common/other/ibgib-helper.mjs';
+import { isIbGibWithAtom, toDto } from '../../common/other/ibgib-helper.mjs';
+import { KeystoneService_V1 } from '../../keystone/keystone-service-v1.mjs';
+import { KeystoneData_V1, KeystoneIbGib_V1 } from '../../keystone/keystone-types.mjs';
+import { KEYSTONE_VERB_SYNC } from '../../keystone/keystone-constants.mjs';
 
 const logalot = GLOBAL_LOG_A_LOT;
 
@@ -150,6 +150,26 @@ export async function validateContextAndSagaFrame({
             errors.push(`context.sagaFrame is falsy. (E: b4edd88f4963f493789f83b29ba2df26)`);
         }
 
+        if (context.sagaFrameMsg) {
+            const sagaFrameMsgErrors =
+                await validateIbGibIntrinsically({ ibGib: context.sagaFrameMsg }) ?? [];
+            sagaFrameMsgErrors.forEach(x => errors.push(x));
+
+            if (context.sagaFrame) {
+                const expectedMsgAddr = context.sagaFrame.rel8ns?.[SYNC_MSG_REL8N_NAME]?.[0];
+                if (expectedMsgAddr) {
+                    const actualMsgAddr = getIbGibAddr({ ibGib: context.sagaFrameMsg });
+                    if (actualMsgAddr !== expectedMsgAddr) {
+                        errors.push(`context.sagaFrameMsg address (${actualMsgAddr}) does not match the stone address referenced in sagaFrame relations (${expectedMsgAddr}). (E: a983b271fcae46bbad7e82098bc24826)`);
+                    }
+                } else {
+                    errors.push(`context.sagaFrame is missing the message stone relation '${SYNC_MSG_REL8N_NAME}'. (E: da872cf3a8d46dbbad89d0a68d712826)`);
+                }
+            }
+        } else {
+            errors.push(`context.sagaFrameMsg is falsy. (E: ed405a72ab0d8bbdca7b9605d8f9a26)`);
+        }
+
         // if this is already invalid, we could have intrinsic validation
         // errors, which are a non-starter.
         if (errors.length > 0) { return errors; /* <<<< returns early */ }
@@ -192,42 +212,253 @@ export async function validateContextDomainPayloadIbGibs({ context }: { context:
     }
 }
 
-export async function authenticateContext({
-}): Promise<string[]> {
-    const lc = `[${authenticateContext.name}]`;
-    try {
-        if (logalot) { console.log(`${lc} starting... (I: 3c34e8f1d6ef965f98725c88459ea926)`); }
-        console.warn(`${lc}[NAG] not thrown. not implemented right now after removing all identity-related code. (W: e5fad31cfb49eef198a189a82dbcf726)`)
-        return [];
-    } catch (error) {
-        console.error(`${lc} ${extractErrorMsg(error)}`);
-        throw error;
-    } finally {
-        if (logalot) { console.log(`${lc} complete.`); }
-    }
-}
-
 /**
- * move to sync-peer-helpers.mts as a pure function?
+ * "Intrinsically": This authenticates assuming we have already established that
+ * this context is a valid continuation of previous sync contexts/saga state. It
+ * does not check that the session identity contained on this context is a valid
+ * continuation.
+ *
+ * ## notes
+ *
+ * Say an attacker tries to hijack a legit sync process by capturing previous
+ * context(s). Then the attacker just either creates its own sessionIdentity
+ *
+ * ## implementation notes
+ *
+ * This is a HUGE function right now, because there are just a lot of things to
+ * check. I'm basically going through and just taking every assumption that I
+ * can think of and encoding it.
+ *
+ * We will need to refactor this at some point to neaten it up, but we should
+ * not remove sections without EXTREMELY good reasoning, as this would reduce
+ * security.
  */
-export async function authorizeContext({
+export async function authenticateContextIntrinsically({
     context,
-    fullSagaHistory
+    space,
+    // stageInProtocol,
 }: {
     context: SyncSagaContextIbGib_V1,
-    fullSagaHistory: SyncSagaFrameDependencyGraph[],
+    space: IbGibSpaceAny,
+    // /**
+    //  * @see {@link StageInProtocol}
+    //  */
+    // stageInProtocol: StageInProtocol,
 }): Promise<string[]> {
-    const lc = `[${authorizeContext.name}]`;
+    const lc = `[${authenticateContextIntrinsically.name}]`;
     try {
-        if (logalot) { console.log(`${lc} starting... (I: 48c918b41ceec0cd489ca3b8819e6826)`); }
+        if (logalot) { console.log(`${lc} starting... (I: 3c34e8f1d6ef965f98725c88459ea926)`); }
 
-        console.error(`${lc} NAG ERROR (NOT THROWN): not implemented. authorize business logic (v1 must have this, but later when we are working on admin vs. student)(E: bc3a78f2dab18ab64c36d055a4b50526)`);
+        const errors: string[] = [];
 
-        return [];
+        if (!context.data) { throw new Error(`(UNEXPECTED) context.data falsy? (E: 3e4ddd0eb4b828ad489658d88d9a6326)`); }
+        if (!context.rel8ns) { throw new Error(`(UNEXPECTED) context.rel8ns falsy? (E: 8026589d4fed69c828334ee842074326)`); }
+
+        const { sagaFrame, signedSessionIdentity: currSessionIdentity } = context;
+        if (!sagaFrame.data) { throw new Error(`(UNEXPECTED) sagaFrame.data falsy? (E: b61cc82d25984c92f75db74a5a855b26)`); }
+
+        // We only sign at the context level.
+        // If context has no signedSessionIdentity, skip authentication (anonymous or broker response).
+        if (!currSessionIdentity) {
+            // check the sync saga to determine if there _should_ be a session
+            // identity according to the given sagaFrame (which could be
+            // malicious, remember!!)
+            // todo: add logic to SET this property when using identity, then (and only then) remove this todo.
+            console.error(`${lc}[NAG][not thrown] sagaFrame.data.sessionIdentityTjpAddr logic needs to be added in coordinator (E: 4fc47800a1086c917a47381824280826)`);
+            if (sagaFrame.data.sessionIdentityTjpAddr) {
+                errors.push('Context has no session identity, but sync saga frame shows a session identity (sagaFrame.data.sessionIdentityTjpAddr is truthy). (E: 69dd6cdc2e1859c0f3d62958c4339826)')
+                return errors; /* <<<< returns early */
+            } else if (context.rel8ns.sessionIdentity) {
+                errors.push('Context has no signed session identity, but context.rel8ns.sessionIdentity is truthy. (E: 96a04a8a6c88ea8bf88118f89ad8e326)')
+                return errors; /* <<<< returns early */
+            } else {
+                // nothing further to authenticate
+                if (logalot) { console.log(`${lc} context has no signedSessionIdentity and sync saga frame doesn't state there should be session identity. So nothing further to authenticate - returning early with no authentication errors. (I: d708735f9a2899ee98f762b8a09ed826)`); }
+                return []; /* <<<< returns early */
+            }
+        }
+        const currSessionIdentityAddr = getIbGibAddr({ ibGib: currSessionIdentity });
+
+        // ensure the context rel8ns points to a session identity
+        const prevSessionIdentityAddrs_accordingToContextRel8ns = context.rel8ns?.sessionIdentity ?? [];
+        if (prevSessionIdentityAddrs_accordingToContextRel8ns.length === 0) {
+            errors.push(`context.rel8ns.sessionIdentity is falsy/empty but context.signedSessionIdentity is present. (E: 66f906421eb2468c0b33f908a3cf2826)`);
+            return errors; /* <<<< returns early */
+        }
+
+        if (prevSessionIdentityAddrs_accordingToContextRel8ns.length > 1) {
+            errors.push(`context.rel8ns.sessionIdentity has multiple identity addrs. (E: 489428bfe6fdaa4cd885b938dc4c5826)`);
+            return errors; /* <<<< returns early */
+        }
+
+        // ensure the context session identity is the immediate past of the
+        // current session identity
+        const prevSessionIdentityAddr = prevSessionIdentityAddrs_accordingToContextRel8ns[0];
+
+        // Confirm previous session identity addr exists in space and that it is
+        // the most recent in the session keystone's timeline
+
+        const resGetLatestAddr = await getLatestAddrs({ addrs: [prevSessionIdentityAddr], space });
+        if (!resGetLatestAddr) { throw new Error(`(UNEXPECTED) resGetLatestAddr for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: 7b207e5cbcec9037ea5adbe822ead826)`); }
+        if (!resGetLatestAddr.data) { throw new Error(`(UNEXPECTED) resGetLatestAddr.data for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: de4eb8d730c8c4dcb59c8b9c79277826)`); }
+        if (!resGetLatestAddr.data.success) {
+            throw new Error(`(UNEXPECTED) resGetLatestAddr.data.success falsy? (E: c94298dfd9684ad6a87eb748459aa826)`);
+        }
+        const { latestAddrsMap } = resGetLatestAddr.data;
+        if (!latestAddrsMap) { throw new Error(`(UNEXPECTED) resGetLatestAddr.data.latestAddrsMap falsy? (E: 19f1fd5fe798cf2e5fa923919169d826)`); }
+        if (Object.keys(latestAddrsMap).length !== 1) {
+            throw new Error(`(UNEXPECTED) Object.keys(latestAddrsMap).length !== 1? (E: fe526a0747589c6427a8bcc86da34a26)`);
+        }
+        const prevSessionIdentityAddr_latest = latestAddrsMap[prevSessionIdentityAddr];
+        if (!prevSessionIdentityAddr_latest) {
+            errors.push(`prevSessionIdentityAddr (${prevSessionIdentityAddr}) not found in space (${space.ib}). this should have been the incoming prevSessionIdentityAddr (E: f6d042bd6b54819998653228dee34226)`);
+            return errors; /* <<<< returns early */
+        }
+        if (prevSessionIdentityAddr !== prevSessionIdentityAddr_latest) {
+            if (prevSessionIdentityAddr_latest === currSessionIdentityAddr) {
+                // this is ok? if the sender peer is calling this just to validate **before sending**, then this will be the case. If the receiver is calling this code before continuing the sync/at the start of continuing the sync, then this will not hit.
+                // debugger; // in sync saga context auth, want to know if this hits...this does hit, so my thoughts on the innerspace/sender peer seem to be correct
+            } else {
+                // debugger; // in sync saga context auth, want to know if this hits...so far this does NOT hit
+                errors.push(`context.rel8ns.sessionIdentity does not point to the most recent in the space (${space.ib}). (E: 2f8288f53c87b6aa47bd2178d9df0c26)`)
+
+                // #region debug error keystone
+                console.log(`context: ${pretty(toDto({ ibGib: context }))}`)
+                console.log(`prevSessionIdentityAddr (context.rel8ns.sessionIdentity): ${prevSessionIdentityAddr}`)
+                console.log(`prevSessionIdentityAddr_latest: ${prevSessionIdentityAddr_latest}`)
+                console.log(`currSessionIdentity (context.signedSessionIdentity): ${pretty(toDto({
+                    ibGib: {
+                        ib: currSessionIdentity.ib,
+                        gib: currSessionIdentity.gib,
+                        rel8ns: currSessionIdentity.rel8ns,
+                        data: {
+                            ...currSessionIdentity.data,
+                            challengePools: currSessionIdentity.data.challengePools.map(p => {
+                                return { ...p, challenges: {} }
+                            }),
+                        } satisfies Partial<KeystoneData_V1>,
+
+                    }
+                }))}`)
+                console.log(`currSessionIdentityAddr: ${currSessionIdentityAddr}`)
+
+                // #endregion debug error keystone
+                return errors; /* <<<< returns early */
+            }
+        }
+
+        const resGetPrevSessionIdentity = await getFromSpace({ addr: prevSessionIdentityAddr, space });
+        if (!resGetPrevSessionIdentity.success || resGetPrevSessionIdentity.ibGibs?.length !== 1) {
+            errors.push(`could not fetch latest sender identity ${prevSessionIdentityAddr} from space (${space.ib}). (E: fd48c3e64c9fa4efd8a1f8280af18226)`);
+            return errors;
+        }
+        const prevSessionIdentity = resGetPrevSessionIdentity.ibGibs[0] as KeystoneIbGib_V1;
+
+        // get the session identity tjp, which has frame details that link back
+        // to the identity that authorized the session
+        const sessionIdentityTjp =
+            await getTjpIbGib({ ibGib: prevSessionIdentity, naive: true, space }) as KeystoneIbGib_V1 | undefined;
+        if (!sessionIdentityTjp) { throw new Error(`(UNEXPECTED) couldn't get sessionIdentityTjp in space (${space.ib})? we have already gotten the identity itself in the space, so we would expect the entire timeline to exist in it. (E: 9be0382ff1c8a0e77645ea38c096f826)`); }
+        const sessionIdentityTjpAddr = getIbGibAddr({ ibGib: sessionIdentityTjp });
+        if (sessionIdentityTjpAddr !== sagaFrame.data.sessionIdentityTjpAddr) {
+            throw new Error(`(UNEXPECTED) sessionIdentityTjpAddr !== sagaFrame.data.sessionIdentityTjpAddr? (E: c9a4ad5c2728fe38e86afc58e4abaf26)`);
+        }
+
+        const sessionGenesisFrameDetails = sessionIdentityTjp.data.frameDetails as SessionGenesisFrameDetails;
+        if (!sessionGenesisFrameDetails) {
+            errors.push(`Invalid session identity tjp: sessionIdentityTjp.data.frameDetails is falsy. (E: 0187f8f804a84256281720586620b826)`);
+            return errors; /* <<<< returns early */
+        }
+        const { senderIdentityAddr, senderIdentityTjpAddr } = sessionGenesisFrameDetails;
+        if (!senderIdentityAddr) { throw new Error(`sessionGenesisFrameDetails.senderIdentityAddr falsy (E: 02a0c80a3ead9e3af8af4cf3b156e826)`); }
+        if (!senderIdentityTjpAddr) { throw new Error(`sessionGenesisFrameDetails.senderIdentityTjpAddr falsy (E: 271928090ff5dc56d4bb63d8d5c68826)`); }
+
+        const resGetLatestAddr_senderIdentity =
+            await getLatestAddrs({ addrs: [senderIdentityTjpAddr, senderIdentityAddr], space });
+        if (!resGetLatestAddr_senderIdentity) { throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: 2e4ae8083b6fb7cbb8fae2a519062926)`); }
+        if (!resGetLatestAddr_senderIdentity.data) { throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity.data for prevSessionIdentityAddr in space (${space.ib}) falsy? (E: 2e231850c2a898cc282b4b2841056826)`); }
+        if (!resGetLatestAddr_senderIdentity.data.success) {
+            throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity.data.success falsy? (E: e93508f03e0475925875b00746ffd826)`);
+        }
+        const { latestAddrsMap: latestAddrsMap_senderIdentity } = resGetLatestAddr_senderIdentity.data;
+        if (!latestAddrsMap_senderIdentity) { throw new Error(`(UNEXPECTED) resGetLatestAddr_senderIdentity.data.latestAddrsMap falsy? (E: 87a91e3f9968ad9ba79cdfe8cd878326)`); }
+        if (Object.keys(latestAddrsMap_senderIdentity).length !== 2 && senderIdentityTjpAddr !== senderIdentityAddr) {
+            throw new Error(`(UNEXPECTED) Object.keys(latestAddrsMap_senderIdentity).length !== 2 && senderIdentityTjpAddr !== senderIdentityAddr? (E: fe46bd584853d8e1e8e2d11f52012826)`);
+        }
+        // these two should be the same, we're just confirming that they're both
+        // on the same timeline.
+        const senderIdentityTjpAddr_latest = latestAddrsMap_senderIdentity[senderIdentityTjpAddr];
+        const senderIdentityAddr_latest = latestAddrsMap_senderIdentity[senderIdentityAddr];
+        if (!senderIdentityAddr_latest) { throw new Error(`(UNEXPECTED) senderIdentityAddr_latest falsy? (E: e151798ae2e9241578d09948937c4b26)`); }
+        if (senderIdentityTjpAddr_latest !== senderIdentityAddr_latest) {
+            throw new Error(`senderIdentityTjpAddr_latest !== senderIdentityAddr_latest (E: 52478a1053589e72665031a853cc1826)`);
+        }
+
+        // ATOW, we're only allowing a single sync to occur on an identity at
+        // any given time (which makes sense). We also are assuming that the
+        // sender identity is not doing anything ELSE at this time, which in
+        // the (far) future may change. So the user couldn't edit their primary
+        // identity's profile, description, etc., while the sync is in progress.
+        // This may ultimately be asking too much though. But for now, we'll
+        // enforce that the latest senderIdentity addr should be that addr that
+        // authorized the session keystone.
+        // if (senderIdentityAddr_latest !== senderIdentityAddr) {
+        //     errors.push(`The senderIdentityAddr referenced in the session keystone's genesis frameDetails (${senderIdentityAddr}) is DIFFERENT than the latest sender identity addr (${senderIdentityAddr_latest}). This means that the sender has done something besides the current sync operation, which isn't supported at this time. (E: a02598271b48cbeb584e45abde121826)`);
+        //     return errors; /* <<<< returns early */
+        // }
+
+        // now we confirm the other direction: sender identity should have been
+        // signed with "sync" verb and targeting the sessionIdentity tjp
+        // (genesis) frame.
+        const resGetSenderIdentity_latest = await getFromSpace({
+            addr: senderIdentityAddr_latest,
+            space,
+        });
+        if (!resGetSenderIdentity_latest.success || resGetSenderIdentity_latest.ibGibs?.length !== 1) {
+            errors.push(`could not fetch latest sender identity ${prevSessionIdentityAddr} from space (${space.ib}). (E: 3565ff0ed458f5a2384c40b16e849826)`);
+            return errors; /* <<<< returns early */
+        }
+        const senderIdentity_latest = resGetSenderIdentity_latest.ibGibs[0] as KeystoneIbGib_V1;
+        if (!senderIdentity_latest.data.proofs) {
+            errors.push(`Invalid sender identity. Proofs empty/falsy. (E: ebf488853061614d2b5b137828119526)`);
+            return errors; /* <<<< returns early */
+        }
+        const syncClaim = senderIdentity_latest.data.proofs.find(p =>
+            p.claim.verb === KEYSTONE_VERB_SYNC
+        )?.claim;
+        if (!syncClaim) {
+            errors.push(`Most recent senderIdentity has no proof whose claim.verb === ${KEYSTONE_VERB_SYNC}. (E: b0f488ecccbbfe43d9a0b7c8a29d7826)`);
+            return errors; /* <<<< returns early */
+        }
+        if (syncClaim.target !== sessionIdentityTjpAddr) {
+            errors.push(`Most recent sender identity claim has claim.verb === ${KEYSTONE_VERB_SYNC} but DOES NOT target expected session identity addr ${prevSessionIdentityAddr}. (E: 3e7f18d99848969be8586423d5ccb826)`);
+            return errors;
+        }
+
+        const keystoneSvc = new KeystoneService_V1();
+        const transitionErrors = await keystoneSvc.validate({
+            currentIbGib: currSessionIdentity,
+            prevIbGib: prevSessionIdentity,
+        });
+        if (transitionErrors.length > 0) {
+            errors.push(`Invalid session identity transition: ${transitionErrors.join(', ')} (E: da1c81c6d3c86aec3254f48fe7514226)`);
+        }
+
+        // we have a valid keystone evolution/signing, but was it specifically
+        // for this incoming context? verify that the signing targets context.
+        const contextAddr = getIbGibAddr({ ibGib: context });
+        const targetsThisContext =
+            currSessionIdentity.data?.proofs?.some(p => p.claim.target === contextAddr);
+        if (!targetsThisContext) {
+            errors.push(`Session identity signature does not target current context ibgib (${contextAddr}). (E: acae68938c287178c878d1b88bebb826)`);
+        }
+
+        return errors;
     } catch (error) {
-        console.error(`${lc} ${extractErrorMsg(error)}`);
-        throw error;
+        const emsg = `${lc} ${extractErrorMsg(error)}`;
+        console.error(emsg);
+        return [`authentication produced an error: ${emsg} (E: 45e014b82af81993d936611ca6fc4d26)`];
     } finally {
         if (logalot) { console.log(`${lc} complete.`); }
     }
-}
+}

package/src/sync/sync-saga-context/sync-saga-context-types.mts

@@ -8,6 +8,7 @@ import { IbGibData_V1, IbGibRel8ns_V1, IbGib_V1 } from '@ibgib/ts-gib/dist/V1/ty
 import { SYNC_SAGA_PAYLOAD_ADDRS_DOMAIN } from '../sync-constants.mjs';
 import { SyncIbGib_V1 } from '../sync-types.mjs';
 import { SYNC_SAGA_CONTEXT_ATOM } from './sync-saga-context-constants.mjs';
+import { KeystoneIbGib_V1 } from '../../keystone/keystone-types.mjs';
 
 export interface SyncSagaContextIb_V1 {
     atom: typeof SYNC_SAGA_CONTEXT_ATOM;
@@ -48,6 +49,10 @@ export interface SyncSagaContextRel8ns_V1 extends IbGibRel8ns_V1 {
      */
     sagaFrame: IbGibAddr[];
 
+    /**
+     * Ephemeral session identity genesis address to confirm S_genesis.
+     */
+    sessionIdentity?: IbGibAddr[];
 }
 
 /**
@@ -70,4 +75,13 @@ export interface SyncSagaContextIbGib_V1 extends IbGib_V1<SyncSagaContextData_V1
      */
     sagaFrame: SyncIbGib_V1;
 
+    /**
+     * Evolved session identity frame signed by Alice targeting this context.
+     */
+    signedSessionIdentity?: KeystoneIbGib_V1;
+
+    /**
+     * The actual message stone (the sync saga message containing state/stage).
+     */
+    sagaFrameMsg: IbGib_V1;
 }