Uploaded image for project: 'Indy Node'
  1. Indy Node
  2. INDY-1768

Skip static validation and signature verification for requests that were already received and validated earlier

    XMLWordPrintable

    Details

    • Type: Task
    • Status: New
    • Priority: Medium
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 1.16.0
    • Component/s: None
    • Labels:
      None

      Description

      Now static validation (Node.doStaticValidation) is always performed for a write request received from a client and is never performed for a write request received from a node in a Propagate or a MessageRep with a Propagate. It is an issue because if a request is received only from nodes in Propagates and / or MessageReps with Propagates then static validation is not done. Static validation must be performed one time for a write request received from a client and all its Propagates received from nodes and this validation must be performed when the node sees the request for the first time.

      Also static validation (Node.doStaticValidation) is not performed and the signature is not verified for a write request received in a MessageRep with a Propagate.

      PoA:

      Now we perform schema validation, static validation (Node.doStaticValidation) and signature verification when processing incoming messages from ZStack level. This makes it impossible to use Propagator.requests map for skipping validation of already validated requests. This is so because a node handles ZStack queues and inBox queues sequentially. Thus multiple ZStack-level messages representing the same client request can be processed in one pass while the corresponding typed messages being created are just enqueued to inBox and not processed synchronously. So Propagator.requests map will not be populated at this step (it is populated when typed messages from inBox are processed). Now, to avoid repeated signature verification, such the workflow makes us to maintain additional map of authenticated requests (ReqAuthenticator maintains this map).

      If we move static validation (Node.doStaticValidation) and signature verification from the step of processing incoming ZStack-level messages to the step of processing typed inBox-level messages, then we will be able to ensure single-time static validation / signature verification (on the first reception of a request either from a client or as a Propagate from a node) with use of Propagator.requests map only. No additional maps of validated requests will be needed. By the way, this will fix the issue with a lack of static validation and signature verification for a request received in a MessageRep with a Propagate.

      The plan for this fix is as follows:

      • Perform only validation against a schema in Node.handleOneClientMsg and Node.handleOneNodeMsg methods.
      • In Node.processClientRequest, Node.processNodeRequest and Node.processPropagate methods:
        1. Perform static validation (Node.doStaticValidation) and signature verification if in Propagator.requests there is no ReqState for the request digest or if there is a ReqState for this digest but the request signature in it is different.
        2. If both static validation and signature verification succeed (this may happen only in case there is no ReqState for the request digest in Propagator.requests) then add the ReqState for the request digest to Propagator.requests.
      • Remove the additional map of authenticated requests and its usage from ReqAuthenticator class.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              spivachuk Nikita Spivachuk
              Watchers:
              Nikita Spivachuk
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: