Skip to content

Commit 22d2375

Browse files
authored
Merge branch 'main' into relax-exec-id-check
2 parents 14dc1dc + 9264d44 commit 22d2375

23 files changed

Lines changed: 508 additions & 93 deletions

File tree

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ require (
4343
github.com/scylladb/go-reflectx v1.0.1
4444
github.com/shopspring/decimal v1.4.0
4545
github.com/smartcontractkit/chain-selectors v1.0.100
46-
github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260528204832-58c7145c53f8
46+
github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.11-0.20260626151909-052e55e62e62
4747
github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4
4848
github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260622152157-c8e129347b8b
4949
github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b

go.sum

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

keystore/corekeys/ocr2key/cosmos_keyring.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package ocr2key
22

33
import (
4+
"bytes"
45
"crypto/ed25519"
56
"encoding/binary"
67
"errors"
@@ -90,7 +91,10 @@ func (ckr *cosmosKeyring) VerifyBlob(pubkey ocrtypes.OnchainPublicKey, b, sig []
9091
if len(pubkey) != ed25519.PublicKeySize {
9192
return false
9293
}
93-
return ed25519consensus.Verify(ed25519.PublicKey(pubkey), b, sig[32:])
94+
if !bytes.Equal(pubkey, sig[:ed25519.PublicKeySize]) {
95+
return false
96+
}
97+
return ed25519consensus.Verify(ed25519.PublicKey(pubkey), b, sig[ed25519.PublicKeySize:])
9498
}
9599

96100
func (ckr *cosmosKeyring) MaxSignatureLength() int {

keystore/corekeys/ocr2key/ton_keyring.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package ocr2key
22

33
import (
4+
"bytes"
45
"crypto/ed25519"
56
"crypto/sha256"
67
"errors"
@@ -93,7 +94,10 @@ func (tkr *tonKeyring) VerifyBlob(pubkey ocrtypes.OnchainPublicKey, b, sig []byt
9394
if len(pubkey) != ed25519.PublicKeySize {
9495
return false
9596
}
96-
return ed25519consensus.Verify(ed25519.PublicKey(pubkey), b, sig[32:])
97+
if !bytes.Equal(pubkey, sig[:ed25519.PublicKeySize]) {
98+
return false
99+
}
100+
return ed25519consensus.Verify(ed25519.PublicKey(pubkey), b, sig[ed25519.PublicKeySize:])
97101
}
98102

99103
func (tkr *tonKeyring) MaxSignatureLength() int {

keystore/corekeys/starkkey/ocr2key.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,9 +117,14 @@ func (sk *OCR2Key) Verify(publicKey types.OnchainPublicKey, reportCtx types.Repo
117117
if len(signature) < sOffset+componentLen {
118118
return false
119119
}
120+
author := new(big.Int).SetBytes(signature[:rOffset])
120121
r := new(big.Int).SetBytes(signature[rOffset : rOffset+componentLen])
121122
s := new(big.Int).SetBytes(signature[sOffset : sOffset+componentLen])
122123

124+
if pubX.Cmp(author) != 0 {
125+
return false
126+
}
127+
123128
// Only allow canonical signatures to avoid signature malleability. Verify s <= N/2
124129
if s.Cmp(new(big.Int).Rsh(curveOrder, 1)) == 1 {
125130
return false

pkg/capabilities/actions/vault/messages.pb.go

Lines changed: 8 additions & 48 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pkg/capabilities/actions/vault/messages.proto

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -67,7 +67,6 @@ message CreateSecretResponse {
6767

6868
message CreateSecretsResponse {
6969
repeated CreateSecretResponse responses = 1;
70-
string request_id = 2;
7170
}
7271

7372
message UpdateSecretsRequest {
@@ -85,7 +84,6 @@ message UpdateSecretResponse {
8584

8685
message UpdateSecretsResponse {
8786
repeated UpdateSecretResponse responses = 1;
88-
string request_id = 2;
8987
}
9088

9189
message DeleteSecretsRequest {
@@ -103,7 +101,6 @@ message DeleteSecretResponse {
103101

104102
message DeleteSecretsResponse {
105103
repeated DeleteSecretResponse responses = 1;
106-
string request_id = 2;
107104
}
108105

109106
message ListSecretIdentifiersRequest {
@@ -118,7 +115,6 @@ message ListSecretIdentifiersResponse {
118115
repeated SecretIdentifier identifiers = 1;
119116
bool success = 2;
120117
string error = 3;
121-
string request_id = 4;
122118
}
123119

124120
enum RequestType {

pkg/chipingress/client.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -299,6 +299,9 @@ func NewEvent(domain, entity string, payload []byte, attributes map[string]any)
299299
if val, ok := attributes["subject"].(string); ok {
300300
event.SetSubject(val)
301301
}
302+
if val, ok := attributes[IdempotencyKeyAttr].(string); ok && val != "" {
303+
event.SetExtension(IdempotencyKeyAttr, val)
304+
}
302305

303306
err := event.SetData(ceformat.ContentTypeProtobuf, payload)
304307
if err != nil {

pkg/chipingress/client_test.go

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -137,6 +137,36 @@ func TestNewEvent(t *testing.T) {
137137
assert.Equal(t, testProto.Message, resultProto.Message)
138138
}
139139

140+
func TestNewEvent_IdempotencyKey(t *testing.T) {
141+
payload := []byte("body")
142+
143+
t.Run("non-empty key is set as extension", func(t *testing.T) {
144+
attrs := map[string]any{IdempotencyKeyAttr: "my-key-123"}
145+
event, err := NewEvent("domain", "entity", payload, attrs)
146+
require.NoError(t, err)
147+
ext := event.Extensions()
148+
require.NotNil(t, ext)
149+
assert.Equal(t, "my-key-123", ext[IdempotencyKeyAttr])
150+
})
151+
152+
t.Run("empty key is not set as extension", func(t *testing.T) {
153+
attrs := map[string]any{IdempotencyKeyAttr: ""}
154+
event, err := NewEvent("domain", "entity", payload, attrs)
155+
require.NoError(t, err)
156+
ext := event.Extensions()
157+
_, present := ext[IdempotencyKeyAttr]
158+
assert.False(t, present, "empty idempotency key must not appear as an extension")
159+
})
160+
161+
t.Run("absent key leaves extension unset", func(t *testing.T) {
162+
event, err := NewEvent("domain", "entity", payload, nil)
163+
require.NoError(t, err)
164+
ext := event.Extensions()
165+
_, present := ext[IdempotencyKeyAttr]
166+
assert.False(t, present, "absent idempotency key must not appear as an extension")
167+
})
168+
}
169+
140170
func TestEventToProto(t *testing.T) {
141171
// Create a test protobuf message
142172
testProto := pb.PingResponse{Message: "test message"}

pkg/chipingress/types.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,12 @@ import (
77
"github.com/smartcontractkit/chainlink-common/pkg/chipingress/pb"
88
)
99

10+
// IdempotencyKeyAttr is the CloudEvent extension attribute name for a per-event idempotency key.
11+
// Set it via the attributes map of NewEvent.
12+
// When the event is emitted over Kafka using the CloudEvents Kafka binding, extensions become
13+
// Kafka headers named "ce_<name>" (e.g., ce_idempotencykey), enabling downstream deduplication.
14+
const IdempotencyKeyAttr = "idempotencykey"
15+
1016
type (
1117
// Cloudevents types
1218
CloudEvent = ce.Event

0 commit comments

Comments
 (0)