Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: remove timestamp from contracts #1029

Merged
merged 2 commits into from
Dec 20, 2024
Merged

fix: remove timestamp from contracts #1029

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
945be8f
fix: remove timestamp from contracts
frdomovic Dec 20, 2024
bbd07ee
fix: tests 2
frdomovic Dec 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions contracts/icp/context-config/src/mutate.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,6 @@ pub async fn mutate(signed_request: ICSigned<ICRequest>) -> Result<(), String> {
.parse(|r| *r.signer_id)
.map_err(|e| format!("Failed to verify signature: {}", e))?;

// Add debug logging
let current_time = ic_cdk::api::time() / 1_000_000;
let time_diff = current_time.saturating_sub(request.timestamp_ms);
if time_diff > 1000 * 5 {
return Err(format!(
"request expired: diff={}ms, current={}, request={}",
time_diff, current_time, request.timestamp_ms
));
}

match request.kind {
ICRequestKind::Context(ICContextRequest { context_id, kind }) => match kind {
ICContextRequestKind::Add {
Expand Down
136 changes: 1 addition & 135 deletions contracts/icp/context-config/tests/integration.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
use std::time::{Duration, SystemTime, UNIX_EPOCH};

use calimero_context_config::icp::repr::ICRepr;
use calimero_context_config::icp::types::{
ICApplication, ICCapability, ICContextRequest, ICContextRequestKind, ICRequest, ICRequestKind,
Expand Down Expand Up @@ -43,13 +41,6 @@ fn create_signed_request(signer_key: &SigningKey, request: ICRequest) -> ICSigne
ICSigned::new(request, |bytes| signer_key.sign(bytes)).expect("Failed to create signed request")
}

fn get_time_nanos(pic: &PocketIc) -> u64 {
pic.get_time()
.duration_since(UNIX_EPOCH)
.expect("Time went backwards")
.as_nanos() as u64
}

fn handle_response(
response: Result<WasmResult, UserError>,
expected_success: bool,
Expand Down Expand Up @@ -87,13 +78,6 @@ fn test_proxy_management() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand All @@ -119,7 +103,6 @@ fn test_proxy_management() {
},
}),
signer_id: context_id.rt().expect("infallible conversion"),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -141,7 +124,6 @@ fn test_proxy_management() {
kind: ICContextRequestKind::UpdateProxyContract,
}),
signer_id: bob_pk.rt().expect("infallible conversion"),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -161,7 +143,6 @@ fn test_proxy_management() {
kind: ICContextRequestKind::UpdateProxyContract,
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -180,22 +161,12 @@ fn test_mutate_success_cases() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time to current time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create context keys and ID
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
let context_id = context_pk.rt().expect("infallible conversion");

// Get current IC time in nanoseconds
let current_time = get_time_nanos(&pic);

// Create the request with IC time in nanoseconds
// Create the request
let request = ICRequest {
kind: ICRequestKind::Context(ICContextRequest {
context_id,
Expand All @@ -211,7 +182,6 @@ fn test_mutate_success_cases() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: current_time,
nonce: 0,
};

Expand All @@ -230,13 +200,6 @@ fn test_member_management() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand Down Expand Up @@ -266,7 +229,6 @@ fn test_member_management() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -288,7 +250,6 @@ fn test_member_management() {
},
}),
signer_id: (alice_pk.rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -333,7 +294,6 @@ fn test_member_management() {
},
}),
signer_id: (alice_pk.rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -372,13 +332,6 @@ fn test_capability_management() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand Down Expand Up @@ -408,7 +361,6 @@ fn test_capability_management() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -430,7 +382,6 @@ fn test_capability_management() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -452,7 +403,6 @@ fn test_capability_management() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -494,7 +444,6 @@ fn test_capability_management() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -530,13 +479,6 @@ fn test_application_update() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Advance IC time
let current_nanos = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos() as u64;
pic.advance_time(Duration::from_nanos(current_nanos));

// Create test identities
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
Expand Down Expand Up @@ -570,7 +512,6 @@ fn test_application_update() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -628,7 +569,6 @@ fn test_application_update() {
},
}),
signer_id: (bob_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -681,7 +621,6 @@ fn test_application_update() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -751,7 +690,6 @@ fn test_edge_cases() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -771,7 +709,6 @@ fn test_edge_cases() {
kind: ICContextRequestKind::AddMembers { members: vec![] },
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -794,7 +731,6 @@ fn test_edge_cases() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand Down Expand Up @@ -825,73 +761,6 @@ fn test_edge_cases() {
}
}

#[ignore = "we're deprecating timestamp checks, in favor of nonce checks"]
#[test]
fn test_timestamp_scenarios() {
let (pic, canister) = setup();
let mut rng = rand::thread_rng();

// Setup initial context
let context_sk = SigningKey::from_bytes(&rng.gen());
let context_pk = context_sk.verifying_key();
let context_id = context_pk.to_bytes().rt().expect("infallible conversion");
let alice_sk = SigningKey::from_bytes(&rng.gen());
let alice_pk = alice_sk.verifying_key();
let alice_id = alice_pk.to_bytes().rt().expect("infallible conversion");

// Create initial context with current timestamp
let current_time = get_time_nanos(&pic);
let create_request = ICRequest {
kind: ICRequestKind::Context(ICContextRequest {
context_id,
kind: ICContextRequestKind::Add {
author_id: alice_id,
application: ICApplication {
id: rng.gen::<[_; 32]>().rt().expect("infallible conversion"),
blob: rng.gen::<[_; 32]>().rt().expect("infallible conversion"),
size: 0,
source: String::new(),
metadata: vec![],
},
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: current_time,
nonce: 0,
};

let signed_request = create_signed_request(&context_sk, create_request);
let response = pic.update_call(
canister,
Principal::anonymous(),
"mutate",
candid::encode_one(signed_request).unwrap(),
);
handle_response(response, true, "Context creation");

// Try with expired timestamp (more than 5 seconds old)
let expired_request = ICRequest {
kind: ICRequestKind::Context(ICContextRequest {
context_id,
kind: ICContextRequestKind::AddMembers {
members: vec![rng.gen::<[_; 32]>().rt().expect("infallible conversion")],
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: current_time - 6_000_000_000, // 6 seconds ago
nonce: 0,
};

let signed_request = create_signed_request(&alice_sk, expired_request);
let response = pic.update_call(
canister,
Principal::anonymous(),
"mutate",
candid::encode_one(signed_request).unwrap(),
);
handle_response(response, false, "Expired timestamp request");
}

#[test]
fn test_concurrent_operations() {
let (pic, canister) = setup();
Expand Down Expand Up @@ -921,7 +790,6 @@ fn test_concurrent_operations() {
},
}),
signer_id: (context_id.as_bytes().rt().expect("infallible conversion")),
timestamp_ms: get_time_nanos(&pic),
nonce: 0,
};

Expand All @@ -935,7 +803,6 @@ fn test_concurrent_operations() {
.expect("Context creation should succeed");

// Create multiple member additions with same timestamp
let timestamp = get_time_nanos(&pic);
let mut requests = Vec::new();
for _ in 0..3 {
let new_member = rng.gen::<[_; 32]>().rt().expect("infallible conversion");
Expand All @@ -947,7 +814,6 @@ fn test_concurrent_operations() {
},
}),
signer_id: (alice_pk.to_bytes().rt().expect("infallible conversion")),
timestamp_ms: timestamp,
nonce: 0,
};
requests.push(create_signed_request(&alice_sk, request));
Expand Down
1 change: 0 additions & 1 deletion contracts/icp/context-proxy/src/query.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,6 @@ pub fn get_proposal_approvals_with_signer(
.map(|signer_id| ICProposalApprovalWithSigner {
proposal_id: proposal_id.clone(),
signer_id: signer_id.clone(),
added_timestamp: 0, // TODO: We need to store approval timestamps
})
.collect()
} else {
Expand Down
Loading
Loading