Follow-up from PR #740.
Code:
|
/// Verify a SignBidirectionalEvent before processing it. |
|
/// |
|
/// These checks are defense-in-depth on top of the Daml ledger guarantees: |
|
/// 1. Operators from the payload must be actual signatories on the CreatedEvent |
|
/// 2. Requester must be a signatory |
|
/// 3. An ExercisedEvent with choice "SignBidirectional" on Signer:Signer must |
|
/// exist in the same transaction — proves the event was created through the |
|
/// correct Daml code path, not fabricated |
|
/// |
|
/// TODO(test): unit test each check in isolation — craft events where one |
|
/// check fails and verify the correct error is returned. Test: non-signatory |
|
/// operator, non-signatory requester, missing ExercisedEvent. |
|
fn verify_sign_event( |
Context: verify_sign_event is defense-in-depth on top of Daml ledger guarantees. Add isolated unit tests for each failure case: non-signatory operator, non-signatory requester, and missing SignBidirectional ExercisedEvent on the configured Signer contract.
Follow-up from PR #740.
Code:
mpc/chain-signatures/node/src/indexer_canton/stream.rs
Lines 407 to 419 in 93c8e00
Context:
verify_sign_eventis defense-in-depth on top of Daml ledger guarantees. Add isolated unit tests for each failure case: non-signatory operator, non-signatory requester, and missingSignBidirectionalExercisedEvent on the configured Signer contract.