Add a bit of hardening in the network certificate of membership by incorporating a full hash of the identity to which it is issued. This means the recipient need not depend entirely on the root verifying identities properly to make sure impersonation is not occurring.
This commit is contained in:
Adam Ierymenko
parent
39b97f9163
commit
7c3166e9be
7 changed files with 78 additions and 42 deletions
|
|
@ -91,13 +91,14 @@ public:
|
|||
* Check whether the peer represented by this Membership should be allowed on this network at all
|
||||
*
|
||||
* @param nconf Our network config
|
||||
* @param otherNodeIdentity Identity of remote node
|
||||
* @return True if this peer is allowed on this network at all
|
||||
*/
|
||||
inline bool isAllowedOnNetwork(const NetworkConfig &nconf) const
|
||||
inline bool isAllowedOnNetwork(const NetworkConfig &thisNodeNetworkConfig, const Identity &otherNodeIdentity) const
|
||||
{
|
||||
if (nconf.isPublic()) return true;
|
||||
if (thisNodeNetworkConfig.isPublic()) return true;
|
||||
if (_com.timestamp() <= _comRevocationThreshold) return false;
|
||||
return nconf.com.agreesWith(_com);
|
||||
return thisNodeNetworkConfig.com.agreesWith(_com, otherNodeIdentity);
|
||||
}
|
||||
|
||||
inline bool recentlyAssociated(const int64_t now) const
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue