add trust anchor check to attest machine and fix test cases

Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com>
2025-06-05 21:56:45 +00:00 · 2023-09-06 11:26:26 +02:00 · 2023-09-06 11:26:26 +02:00 · 6d7158d124
commit 6d7158d124
parent 8b072d3186
2 changed files with 20 additions and 3 deletions
--- a/x/machine/keeper/msg_server_attest_machine.go
+++ b/x/machine/keeper/msg_server_attest_machine.go
@ -24,6 +24,14 @@ func (k msgServer) isNFTCreationRequest(machine *types.Machine) bool {
 func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMachine) (*types.MsgAttestMachineResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)

+	ta, activated, found := k.GetTrustAnchor(ctx, msg.Machine.MachineId)
+	if !found {
+		return nil, errors.New("no preregistered trust anchor found for machine id")
+	}
+	if activated {
+		return nil, errors.New("trust anchor has already been used for attestation")
+	}
+
 	isValidIssuerPlanetmint := validateExtendedPublicKey(msg.Machine.IssuerPlanetmint, config.PlmntNetParams)
 	if !isValidIssuerPlanetmint {
 		return nil, errors.New("invalid planetmint key")
@ -45,6 +53,7 @@ func (k msgServer) AttestMachine(goCtx context.Context, msg *types.MsgAttestMach

 	k.StoreMachine(ctx, *msg.Machine)
 	k.StoreMachineIndex(ctx, *msg.Machine)
+	k.StoreTrustAnchor(ctx, ta, true)

 	return &types.MsgAttestMachineResponse{}, nil
 }
--- a/x/machine/keeper/msg_server_test.go
+++ b/x/machine/keeper/msg_server_test.go
@ -28,9 +28,13 @@ func TestMsgServer(t *testing.T) {

 func TestMsgServerAttestMachine(t *testing.T) {
 	_, pk := sample.KeyPair()
-	machine := sample.Machine(pk, pk)
+	ta := sample.TrustAnchor()
+	taMsg := types.NewMsgRegisterTrustAnchor(pk, &ta)
+	machine := sample.Machine(pk, ta.Pubkey)
 	msg := types.NewMsgAttestMachine(pk, &machine)
 	msgServer, ctx := setupMsgServer(t)
+	_, err := msgServer.RegisterTrustAnchor(ctx, taMsg)
+	assert.NoError(t, err)
 	res, err := msgServer.AttestMachine(ctx, msg)
 	if assert.NoError(t, err) {
 		assert.Equal(t, &types.MsgAttestMachineResponse{}, res)
@ -39,11 +43,15 @@ func TestMsgServerAttestMachine(t *testing.T) {

 func TestMsgServerAttestMachineInvalidLiquidKey(t *testing.T) {
 	_, pk := sample.KeyPair()
-	machine := sample.Machine(pk, pk)
+	ta := sample.TrustAnchor()
+	taMsg := types.NewMsgRegisterTrustAnchor(pk, &ta)
+	machine := sample.Machine(pk, ta.Pubkey)
 	machine.IssuerLiquid = "invalidkey"
 	msg := types.NewMsgAttestMachine(pk, &machine)
 	msgServer, ctx := setupMsgServer(t)
-	_, err := msgServer.AttestMachine(ctx, msg)
+	_, err := msgServer.RegisterTrustAnchor(ctx, taMsg)
+	assert.NoError(t, err)
+	_, err = msgServer.AttestMachine(ctx, msg)
 	assert.EqualError(t, err, "invalid liquid key")
 }