Skip to content

Validate and Verify Audit Information Before Registration#1789

Open
AkramBitar wants to merge 1 commit into
mainfrom
feature/comprehensive-recipient-validation
Open

Validate and Verify Audit Information Before Registration#1789
AkramBitar wants to merge 1 commit into
mainfrom
feature/comprehensive-recipient-validation

Conversation

@AkramBitar

@AkramBitar AkramBitar commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Problem

RegisterRecipientIdentity accepted recipient identity data without structural validation, so malformed or incomplete RecipientData could be persisted into the audit trail.

Solution

A structural validation in token/services/identity/wallet, run before the existing MatchIdentity cryptographic binding:

  1. Basic structure — nil/empty checks and length bounds: identity 10 B … 1 MiB, audit info ≤ 50 KB. (The identity cap is generous so composite identities — MultiSig/Policy aggregate several inner identities — and larger X509/Idemix payloads are never falsely rejected; it only rejects pathological multi-MB blobs.)
  2. JSON well-formedness — audit info must be valid JSON.
  3. Identity structure — the typed identity is decoded once, its type must be recognized (Idemix, X509, IdemixNym, HTLC, MultiSig, Policy), and the raw identity payload must be non-empty.
  4. Enrollment ID — non-empty, ≤ 256 B (non-composite types only).
  5. Revocation handle — non-empty, ≤ 512 B (non-composite types only).
  6. Cryptographic binding — existing Deserializer.MatchIdentity (identity ↔ audit info).

Composite types (MultiSig, HTLC, Policy) have no enrollment ID / revocation handle, so steps 4–5 are skipped for them in one place.

@AkramBitar AkramBitar added this to the Q3/26 milestone Jun 17, 2026
@AkramBitar AkramBitar self-assigned this Jun 17, 2026
@AkramBitar AkramBitar marked this pull request as draft June 17, 2026 22:51
@AkramBitar AkramBitar linked an issue Jun 22, 2026 that may be closed by this pull request
@AkramBitar AkramBitar force-pushed the feature/comprehensive-recipient-validation branch 7 times, most recently from a09c67b to c2d783f Compare June 22, 2026 21:17
@AkramBitar AkramBitar requested review from HayimShaul and adecaro June 22, 2026 21:22
@AkramBitar AkramBitar force-pushed the feature/comprehensive-recipient-validation branch from 9d5bf64 to 3de3fe8 Compare June 22, 2026 21:29
@AkramBitar AkramBitar marked this pull request as ready for review June 22, 2026 21:30
@AkramBitar AkramBitar force-pushed the feature/comprehensive-recipient-validation branch 2 times, most recently from 1caab0b to 60bbad1 Compare June 30, 2026 10:06
@AkramBitar AkramBitar marked this pull request as draft June 30, 2026 12:08
…ipient identity registration

Signed-off-by: AkramBitar <akram@il.ibm.com>
@AkramBitar AkramBitar force-pushed the feature/comprehensive-recipient-validation branch from b9c4308 to d9781cf Compare June 30, 2026 12:35
@AkramBitar AkramBitar marked this pull request as ready for review June 30, 2026 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Validate and Verify Audit Information Before Registration [HIGH]

2 participants