fix: parse and check the checksum as part of the URL when using domai…

…ns (#788) This does not change the solution when using query params. This will be a breaking change in Tungsten when we publish this code to the bootstrap server. See coordination thread [here](https://dfinity.slack.com/archives/CT2V7QZHB/p1594151572357300).
dfinity · Jul 8, 2020 · bcde568 · bcde568
1 parent a3da664
commit bcde568
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 17 deletions.
diff --git a/src/agent/javascript/src/canisterId.ts b/src/agent/javascript/src/canisterId.ts
@@ -9,25 +9,28 @@ function getCrc(hex: string): string {
 export class CanisterId {
   public static fromText(text: string): CanisterId {
     if (text.startsWith('ic:')) {
-      text = text.toUpperCase();
-      const hex = text.slice(3);
-      if (hex.length >= 2 && hex.length % 2 === 0 && /^[0-9A-F]+$/.test(hex)) {
-        const id = hex.slice(0, -2);
-        const checksum = hex.slice(-2);
-        if (checksum !== getCrc(id)) {
-          throw new Error('Illegal CanisterId: ' + text);
-        }
-        return this.fromHex(id);
-      } else {
-        throw new Error('Cannot parse CanisterId: ' + text);
-      }
+      return this.fromHexWithChecksum(text.slice(3));
     } else {
       throw new Error('CanisterId is not a "ic:" url: ' + text);
     }
   }
 
+  public static fromHexWithChecksum(hexWithChecksum: string): CanisterId {
+    const hex = hexWithChecksum.toUpperCase();
+    if (hex.length >= 2 && hex.length % 2 === 0 && /^[0-9A-F]+$/.test(hex)) {
+      const id = hex.slice(0, -2);
+      const checksum = hex.slice(-2);
+      if (checksum !== getCrc(id)) {
+        throw new Error(`Invalid checksum for CanisterId: "ic:${hexWithChecksum}"`);
+      }
+      return new this(id);
+    } else {
+      throw new Error('Cannot parse CanisterId: ' + hexWithChecksum);
+    }
+  }
+
   public static fromHex(hex: string): CanisterId {
-    return new this(hex);
+    return new this(hex.toUpperCase());
   }
 
   public static fromBlob(blob: BinaryBlob): CanisterId {

diff --git a/src/bootstrap/src/host.ts b/src/bootstrap/src/host.ts
@@ -73,17 +73,21 @@ export class SiteInfo {
     const subdomain = components.slice(0, -3).join('.');
 
     if (maybeIc0 === 'ic0' && maybeApp === 'app') {
-      return new SiteInfo(DomainKind.Ic0, CanisterId.fromHex(maybeCId), subdomain);
+      return new SiteInfo(DomainKind.Ic0, CanisterId.fromHexWithChecksum(maybeCId), subdomain);
     } else if (maybeIc0 === 'lvh' && maybeApp === 'me') {
-      return new SiteInfo(DomainKind.Lvh, CanisterId.fromHex(maybeCId), subdomain);
+      return new SiteInfo(DomainKind.Lvh, CanisterId.fromHexWithChecksum(maybeCId), subdomain);
     } else if (maybeIc0 === 'localhost' && maybeApp === undefined) {
       /// Allow subdomain of localhost.
-      return new SiteInfo(DomainKind.Localhost, CanisterId.fromHex(maybeCId), subdomain);
+      return new SiteInfo(
+        DomainKind.Localhost,
+        CanisterId.fromHexWithChecksum(maybeCId),
+        subdomain,
+      );
     } else if (maybeApp === 'localhost') {
       /// Allow subdomain of localhost, but maybeIc0 is the canister ID.
       return new SiteInfo(
         DomainKind.Localhost,
-        CanisterId.fromHex(maybeIc0),
+        CanisterId.fromHexWithChecksum(maybeIc0),
         `${maybeCId}.${subdomain}`,
       );
     } else {