)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"997f039148019ec1867c0008ca65b7535ed481e5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"23228ff4_27740c96","updated":"2021-09-20 18:22:19.000000000","message":"Apologies for the huge change.\n\nI hope the commit message can clear up a bit on what this does and helps with review. If it\u0027s really unreviewable, I can attempt to split it up into smaller chunks, but for now I\u0027m just trying my luck.","commit_id":"02976d11aa9c260206a95103961dcb21480b6809"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"9bacb61b_dcf512e6","updated":"2021-09-29 21:33:34.000000000","message":"Finally got through this thing. Mostly minor things, overall I like the change.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}],"metropolis/node/core/curator/curator_test.go":[{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":94,"context_line":"\t\tLeaderTTL:       time.Second,"},{"line_number":95,"context_line":"\t\tDirectory:       \u0026dir,"},{"line_number":96,"context_line":"\t})"},{"line_number":97,"context_line":"\tif err :\u003d supervisor.Run(ctx, n.ID()[:16], svc.Run); err !\u003d nil {"},{"line_number":98,"context_line":"\t\tt.Fatalf(\"Run %s: %v\", n.ID(), err)"},{"line_number":99,"context_line":"\t}"},{"line_number":100,"context_line":"\treturn \u0026dut{"}],"source_content_type":"text/x-go","patch_set":2,"id":"74e09415_1f49d64e","line":97,"range":{"start_line":97,"start_character":31,"end_line":97,"end_character":42},"updated":"2021-09-29 21:33:34.000000000","message":"This looks weird. It keeps 4 characters of the pubkey hex encoding. Is there a reason for that?","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":94,"context_line":"\t\tLeaderTTL:       time.Second,"},{"line_number":95,"context_line":"\t\tDirectory:       \u0026dir,"},{"line_number":96,"context_line":"\t})"},{"line_number":97,"context_line":"\tif err :\u003d supervisor.Run(ctx, n.ID()[:16], svc.Run); err !\u003d nil {"},{"line_number":98,"context_line":"\t\tt.Fatalf(\"Run %s: %v\", n.ID(), err)"},{"line_number":99,"context_line":"\t}"},{"line_number":100,"context_line":"\treturn \u0026dut{"}],"source_content_type":"text/x-go","patch_set":2,"id":"d50f81b6_623380fb","line":97,"range":{"start_line":97,"start_character":31,"end_line":97,"end_character":42},"in_reply_to":"74e09415_1f49d64e","updated":"2021-09-30 23:34:00.000000000","message":"This was temporary to help debugging. Made this use just the ID.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}],"metropolis/node/core/curator/impl_leader_aaa.go":[{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":64,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"no PeerInfo available\")"},{"line_number":65,"context_line":"\t}"},{"line_number":66,"context_line":"\tif peerInfo.Unauthenticated \u003d\u003d nil {"},{"line_number":67,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"connection is already authenticated\")"},{"line_number":68,"context_line":"\t}"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"\t// Receive Parameters from client. This tells us what identity the client wants"}],"source_content_type":"text/x-go","patch_set":2,"id":"1f74c9c1_c24546de","line":67,"range":{"start_line":67,"start_character":22,"end_line":67,"end_character":43},"updated":"2021-09-29 21:33:34.000000000","message":"PreconditionFailed? Returning Unauthenticated seems wrong.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"9d613d82fa7dc2d350547f7c86cce3ca9a6ed373","unresolved":true,"context_lines":[{"line_number":64,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"no PeerInfo available\")"},{"line_number":65,"context_line":"\t}"},{"line_number":66,"context_line":"\tif peerInfo.Unauthenticated \u003d\u003d nil {"},{"line_number":67,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"connection is already authenticated\")"},{"line_number":68,"context_line":"\t}"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"\t// Receive Parameters from client. This tells us what identity the client wants"}],"source_content_type":"text/x-go","patch_set":2,"id":"a5727c88_ba2eca4f","line":67,"range":{"start_line":67,"start_character":22,"end_line":67,"end_character":43},"in_reply_to":"1747b869_6ec08c23","updated":"2021-10-04 09:26:28.000000000","message":"Fair, maybe INVALID_ARGUMENT would be better?","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":true,"context_lines":[{"line_number":64,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"no PeerInfo available\")"},{"line_number":65,"context_line":"\t}"},{"line_number":66,"context_line":"\tif peerInfo.Unauthenticated \u003d\u003d nil {"},{"line_number":67,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"connection is already authenticated\")"},{"line_number":68,"context_line":"\t}"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"\t// Receive Parameters from client. This tells us what identity the client wants"}],"source_content_type":"text/x-go","patch_set":2,"id":"1747b869_6ec08c23","line":67,"range":{"start_line":67,"start_character":22,"end_line":67,"end_character":43},"in_reply_to":"1f74c9c1_c24546de","updated":"2021-09-30 23:34:00.000000000","message":"Thought about this, but this doesn\u0027t seem to pass the FailedPrecondition litmus test:\n\n(c) Use FAILED_PRECONDITION if the client should not retry until the system state has been explicitly fixed. E.g., if an \"rmdir\" fails because the directory is non-empty, FAILED_PRECONDITION should be returned since the client should not retry unless the files are deleted from the directory.\n\nBecause it\u0027s not really a system error, but a client error..? But I\u0027m fine with either.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"67a317d8a7e2a8d366762046113b04ec3dc704f5","unresolved":false,"context_lines":[{"line_number":64,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"no PeerInfo available\")"},{"line_number":65,"context_line":"\t}"},{"line_number":66,"context_line":"\tif peerInfo.Unauthenticated \u003d\u003d nil {"},{"line_number":67,"context_line":"\t\treturn status.Error(codes.Unauthenticated, \"connection is already authenticated\")"},{"line_number":68,"context_line":"\t}"},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"\t// Receive Parameters from client. This tells us what identity the client wants"}],"source_content_type":"text/x-go","patch_set":2,"id":"e4350a36_16229df7","line":67,"range":{"start_line":67,"start_character":22,"end_line":67,"end_character":43},"in_reply_to":"a5727c88_ba2eca4f","updated":"2021-10-05 16:50:15.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}],"metropolis/node/core/identity/identity.go":[{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"// NewNode wraps a pair CA and node DER-encoded certificates into"},{"line_number":22,"context_line":"// Node, ensuring the given certificate data is valid and compatible"},{"line_number":23,"context_line":"// Metropolis assumptions."},{"line_number":24,"context_line":"func NewNode(cert, ca []byte) (*Node, error) {"},{"line_number":25,"context_line":"\tcertParsed, err :\u003d x509.ParseCertificate(cert)"},{"line_number":26,"context_line":"\tif err !\u003d nil {"}],"source_content_type":"text/x-go","patch_set":2,"id":"18a5f275_344ca892","line":23,"range":{"start_line":23,"start_character":2,"end_line":23,"end_character":3},"updated":"2021-09-29 21:33:34.000000000","message":"with","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":20,"context_line":""},{"line_number":21,"context_line":"// NewNode wraps a pair CA and node DER-encoded certificates into"},{"line_number":22,"context_line":"// Node, ensuring the given certificate data is valid and compatible"},{"line_number":23,"context_line":"// Metropolis assumptions."},{"line_number":24,"context_line":"func NewNode(cert, ca []byte) (*Node, error) {"},{"line_number":25,"context_line":"\tcertParsed, err :\u003d x509.ParseCertificate(cert)"},{"line_number":26,"context_line":"\tif err !\u003d nil {"}],"source_content_type":"text/x-go","patch_set":2,"id":"7f528bb7_8f8a6a54","line":23,"range":{"start_line":23,"start_character":2,"end_line":23,"end_character":3},"in_reply_to":"18a5f275_344ca892","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":41,"context_line":"\t}, nil"},{"line_number":42,"context_line":"}"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"// PublicKey returns the ED25519 public key corresponding to this node\u0027s"},{"line_number":45,"context_line":"// certificate/credentials."},{"line_number":46,"context_line":"func (n *Node) PublicKey() ed25519.PublicKey {"},{"line_number":47,"context_line":"\t// Safe: we have ensured that the given certificate has an ed25519 public key on"}],"source_content_type":"text/x-go","patch_set":2,"id":"56384f0a_2863f0ca","line":44,"range":{"start_line":44,"start_character":25,"end_line":44,"end_character":32},"updated":"2021-09-29 21:33:34.000000000","message":"Could we standardize on spelling that `Ed25519` like on page 7 of the paper (https://ed25519.cr.yp.to/ed25519-20110926.pdf)?","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":41,"context_line":"\t}, nil"},{"line_number":42,"context_line":"}"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"// PublicKey returns the ED25519 public key corresponding to this node\u0027s"},{"line_number":45,"context_line":"// certificate/credentials."},{"line_number":46,"context_line":"func (n *Node) PublicKey() ed25519.PublicKey {"},{"line_number":47,"context_line":"\t// Safe: we have ensured that the given certificate has an ed25519 public key on"}],"source_content_type":"text/x-go","patch_set":2,"id":"88f0e535_b03e8852","line":44,"range":{"start_line":44,"start_character":25,"end_line":44,"end_character":32},"in_reply_to":"56384f0a_2863f0ca","updated":"2021-09-30 23:34:00.000000000","message":"Let\u0027s.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":44,"context_line":"// PublicKey returns the ED25519 public key corresponding to this node\u0027s"},{"line_number":45,"context_line":"// certificate/credentials."},{"line_number":46,"context_line":"func (n *Node) PublicKey() ed25519.PublicKey {"},{"line_number":47,"context_line":"\t// Safe: we have ensured that the given certificate has an ed25519 public key on"},{"line_number":48,"context_line":"\t// NewNode."},{"line_number":49,"context_line":"\treturn n.node.PublicKey.(ed25519.PublicKey)"},{"line_number":50,"context_line":"}"}],"source_content_type":"text/x-go","patch_set":2,"id":"9727c54b_09253bee","line":47,"range":{"start_line":47,"start_character":60,"end_line":47,"end_character":67},"updated":"2021-09-29 21:33:34.000000000","message":"Ed25519","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":44,"context_line":"// PublicKey returns the ED25519 public key corresponding to this node\u0027s"},{"line_number":45,"context_line":"// certificate/credentials."},{"line_number":46,"context_line":"func (n *Node) PublicKey() ed25519.PublicKey {"},{"line_number":47,"context_line":"\t// Safe: we have ensured that the given certificate has an ed25519 public key on"},{"line_number":48,"context_line":"\t// NewNode."},{"line_number":49,"context_line":"\treturn n.node.PublicKey.(ed25519.PublicKey)"},{"line_number":50,"context_line":"}"}],"source_content_type":"text/x-go","patch_set":2,"id":"e8309b7d_287c2ec5","line":47,"range":{"start_line":47,"start_character":60,"end_line":47,"end_character":67},"in_reply_to":"9727c54b_09253bee","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":103,"context_line":"}"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"func (n *NodeCredentials) TLSCredentials() tls.Certificate {"},{"line_number":106,"context_line":"\treturn tls.Certificate{"},{"line_number":107,"context_line":"\t\tCertificate: [][]byte{n.node.Raw},"},{"line_number":108,"context_line":"\t\tPrivateKey:  n.private,"},{"line_number":109,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":2,"id":"7826373a_b3c432af","line":106,"updated":"2021-09-29 21:33:34.000000000","message":"We should fill out Leaf here since we have it (in n.node). Otherwise this get allocated twice.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":103,"context_line":"}"},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"func (n *NodeCredentials) TLSCredentials() tls.Certificate {"},{"line_number":106,"context_line":"\treturn tls.Certificate{"},{"line_number":107,"context_line":"\t\tCertificate: [][]byte{n.node.Raw},"},{"line_number":108,"context_line":"\t\tPrivateKey:  n.private,"},{"line_number":109,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":2,"id":"c9fce0b5_1f451ae4","line":106,"in_reply_to":"7826373a_b3c432af","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}],"metropolis/node/core/rpc/client.go":[{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":25,"context_line":"func verifyClusterCertificate(ca *x509.Certificate) verifyPeerCertificate {"},{"line_number":26,"context_line":"\treturn func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {"},{"line_number":27,"context_line":"\t\tif len(rawCerts) !\u003d 1 {"},{"line_number":28,"context_line":"\t\t\treturn fmt.Errorf(\"server presented no certificate\")"},{"line_number":29,"context_line":"\t\t}"},{"line_number":30,"context_line":"\t\tserverCert, err :\u003d x509.ParseCertificate(rawCerts[0])"},{"line_number":31,"context_line":"\t\tif err !\u003d nil {"}],"source_content_type":"text/x-go","patch_set":2,"id":"afc40626_70eea5af","line":28,"range":{"start_line":28,"start_character":39,"end_line":28,"end_character":41},"updated":"2021-09-29 21:33:34.000000000","message":"This might trip up someone later on when supplying more than one cert.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":25,"context_line":"func verifyClusterCertificate(ca *x509.Certificate) verifyPeerCertificate {"},{"line_number":26,"context_line":"\treturn func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error {"},{"line_number":27,"context_line":"\t\tif len(rawCerts) !\u003d 1 {"},{"line_number":28,"context_line":"\t\t\treturn fmt.Errorf(\"server presented no certificate\")"},{"line_number":29,"context_line":"\t\t}"},{"line_number":30,"context_line":"\t\tserverCert, err :\u003d x509.ParseCertificate(rawCerts[0])"},{"line_number":31,"context_line":"\t\tif err !\u003d nil {"}],"source_content_type":"text/x-go","patch_set":2,"id":"3a743946_e59806d4","line":28,"range":{"start_line":28,"start_character":39,"end_line":28,"end_character":41},"in_reply_to":"afc40626_70eea5af","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":49,"context_line":"// and new nodes Registering into the Cluster."},{"line_number":50,"context_line":"//"},{"line_number":51,"context_line":"// If \u0027ca\u0027 is given, the remote side will be cryptographically verified to be a"},{"line_number":52,"context_line":"// node that\u0027s part of the cluster represented by the ca. Otherwise, no"},{"line_number":53,"context_line":"// verification is performed and this function is unsafe."},{"line_number":54,"context_line":"func NewEphemeralClient(remote string, private ed25519.PrivateKey, ca *x509.Certificate, opts ...grpc.DialOption) (*grpc.ClientConn, error) {"},{"line_number":55,"context_line":"\ttemplate :\u003d x509.Certificate{"}],"source_content_type":"text/x-go","patch_set":2,"id":"755abbb5_220c4b45","line":52,"range":{"start_line":52,"start_character":35,"end_line":52,"end_character":46},"updated":"2021-09-29 21:33:34.000000000","message":"represented","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"9d613d82fa7dc2d350547f7c86cce3ca9a6ed373","unresolved":false,"context_lines":[{"line_number":49,"context_line":"// and new nodes Registering into the Cluster."},{"line_number":50,"context_line":"//"},{"line_number":51,"context_line":"// If \u0027ca\u0027 is given, the remote side will be cryptographically verified to be a"},{"line_number":52,"context_line":"// node that\u0027s part of the cluster represented by the ca. Otherwise, no"},{"line_number":53,"context_line":"// verification is performed and this function is unsafe."},{"line_number":54,"context_line":"func NewEphemeralClient(remote string, private ed25519.PrivateKey, ca *x509.Certificate, opts ...grpc.DialOption) (*grpc.ClientConn, error) {"},{"line_number":55,"context_line":"\ttemplate :\u003d x509.Certificate{"}],"source_content_type":"text/x-go","patch_set":2,"id":"db2d19d0_85158de7","line":52,"range":{"start_line":52,"start_character":35,"end_line":52,"end_character":46},"in_reply_to":"4e477744_a21e1b06","updated":"2021-10-04 09:26:28.000000000","message":"My bad, this seems fine.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":true,"context_lines":[{"line_number":49,"context_line":"// and new nodes Registering into the Cluster."},{"line_number":50,"context_line":"//"},{"line_number":51,"context_line":"// If \u0027ca\u0027 is given, the remote side will be cryptographically verified to be a"},{"line_number":52,"context_line":"// node that\u0027s part of the cluster represented by the ca. Otherwise, no"},{"line_number":53,"context_line":"// verification is performed and this function is unsafe."},{"line_number":54,"context_line":"func NewEphemeralClient(remote string, private ed25519.PrivateKey, ca *x509.Certificate, opts ...grpc.DialOption) (*grpc.ClientConn, error) {"},{"line_number":55,"context_line":"\ttemplate :\u003d x509.Certificate{"}],"source_content_type":"text/x-go","patch_set":2,"id":"4e477744_a21e1b06","line":52,"range":{"start_line":52,"start_character":35,"end_line":52,"end_character":46},"in_reply_to":"755abbb5_220c4b45","updated":"2021-09-30 23:34:00.000000000","message":"Hm, where\u0027s the typo? Seems to be spelled correctly.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":52,"context_line":"// node that\u0027s part of the cluster represented by the ca. Otherwise, no"},{"line_number":53,"context_line":"// verification is performed and this function is unsafe."},{"line_number":54,"context_line":"func NewEphemeralClient(remote string, private ed25519.PrivateKey, ca *x509.Certificate, opts ...grpc.DialOption) (*grpc.ClientConn, error) {"},{"line_number":55,"context_line":"\ttemplate :\u003d x509.Certificate{"},{"line_number":56,"context_line":"\t\tSerialNumber: big.NewInt(1),"},{"line_number":57,"context_line":"\t\tNotBefore:    time.Now(),"},{"line_number":58,"context_line":"\t\tNotAfter:     pki.UnknownNotAfter,"}],"source_content_type":"text/x-go","patch_set":2,"id":"b714bfd0_d30722f3","line":55,"range":{"start_line":55,"start_character":1,"end_line":55,"end_character":9},"updated":"2021-09-29 21:33:34.000000000","message":"Why are we now using a self-signed CA certificate? At first glance this doesn\u0027t make much sense.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":52,"context_line":"// node that\u0027s part of the cluster represented by the ca. Otherwise, no"},{"line_number":53,"context_line":"// verification is performed and this function is unsafe."},{"line_number":54,"context_line":"func NewEphemeralClient(remote string, private ed25519.PrivateKey, ca *x509.Certificate, opts ...grpc.DialOption) (*grpc.ClientConn, error) {"},{"line_number":55,"context_line":"\ttemplate :\u003d x509.Certificate{"},{"line_number":56,"context_line":"\t\tSerialNumber: big.NewInt(1),"},{"line_number":57,"context_line":"\t\tNotBefore:    time.Now(),"},{"line_number":58,"context_line":"\t\tNotAfter:     pki.UnknownNotAfter,"}],"source_content_type":"text/x-go","patch_set":2,"id":"2442a47f_728bc2ef","line":55,"range":{"start_line":55,"start_character":1,"end_line":55,"end_character":9},"in_reply_to":"b714bfd0_d30722f3","updated":"2021-09-30 23:34:00.000000000","message":"Yeah, whoops, this was a mindless change following moving the checking code to x509.Certificate.CheckSignatureFrom which expects this. Made the check use CheckSignature instead which skips this check.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}],"metropolis/node/core/rpc/methodinfo.go":[{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":37,"context_line":"\tif !strings.HasPrefix(methodName, \"/\") {"},{"line_number":38,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"invalid method name %q\", methodName)"},{"line_number":39,"context_line":"\t}"},{"line_number":40,"context_line":"\tmethodName \u003d strings.ReplaceAll(methodName[1:], \"/\", \".\")"},{"line_number":41,"context_line":"\tdesc, err :\u003d protoregistry.GlobalFiles.FindDescriptorByName(protoreflect.FullName(methodName))"},{"line_number":42,"context_line":"\tif err !\u003d nil {"},{"line_number":43,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"could not retrieve descriptor for method: %v\", err)"}],"source_content_type":"text/x-go","patch_set":2,"id":"29b3727b_56a72efb","line":40,"updated":"2021-09-29 21:33:34.000000000","message":"Could this be used to confuse the authorization machinery to verify permissions for a different method than gRPC will then call? Probably not, but I think it\u0027s worth having a quick look at it. The main attack vector I can see is managing to call a RPC requiring higher-than-default permissions and getting this method to not find it and apply default permissions.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"67a317d8a7e2a8d366762046113b04ec3dc704f5","unresolved":true,"context_lines":[{"line_number":37,"context_line":"\tif !strings.HasPrefix(methodName, \"/\") {"},{"line_number":38,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"invalid method name %q\", methodName)"},{"line_number":39,"context_line":"\t}"},{"line_number":40,"context_line":"\tmethodName \u003d strings.ReplaceAll(methodName[1:], \"/\", \".\")"},{"line_number":41,"context_line":"\tdesc, err :\u003d protoregistry.GlobalFiles.FindDescriptorByName(protoreflect.FullName(methodName))"},{"line_number":42,"context_line":"\tif err !\u003d nil {"},{"line_number":43,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"could not retrieve descriptor for method: %v\", err)"}],"source_content_type":"text/x-go","patch_set":2,"id":"201da838_b4ffe07c","line":40,"in_reply_to":"07aa26c6_5ab9c5f1","updated":"2021-10-05 16:50:15.000000000","message":"Investigated a bit.\n\nSeems like this way is recommended by the gRPC devs: https://github.com/grpc/grpc-go/issues/1526#issuecomment-831543874\n\nThere\u0027s also an authorization engine in gRPC-Go that seems like it uses this string format, but it doesn\u0027t seem to be actually usable at this point: https://pkg.go.dev/google.golang.org/grpc/security/authorization\n\nFinally, it seems like this same string is parsed by the actual dispatch code, so there shouldn\u0027t be any confusion bug: https://github.com/grpc/grpc-go/blob/02da625150e8ee126d4b84dfed27d2453f2617f4/server.go#L1587\n\nRegardless, I\u0027ve made the checks a bit more aggressive and fail-safe, to make it more difficult for bugs to sneak in.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"3cc4fde7dcaf7fc7cca17c92098594b2a9cdb9b5","unresolved":false,"context_lines":[{"line_number":37,"context_line":"\tif !strings.HasPrefix(methodName, \"/\") {"},{"line_number":38,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"invalid method name %q\", methodName)"},{"line_number":39,"context_line":"\t}"},{"line_number":40,"context_line":"\tmethodName \u003d strings.ReplaceAll(methodName[1:], \"/\", \".\")"},{"line_number":41,"context_line":"\tdesc, err :\u003d protoregistry.GlobalFiles.FindDescriptorByName(protoreflect.FullName(methodName))"},{"line_number":42,"context_line":"\tif err !\u003d nil {"},{"line_number":43,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"could not retrieve descriptor for method: %v\", err)"}],"source_content_type":"text/x-go","patch_set":2,"id":"6dacc493_40caa2e8","line":40,"in_reply_to":"201da838_b4ffe07c","updated":"2021-10-05 17:13:03.000000000","message":"As long as we know that the other side is doing the same this fine.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":true,"context_lines":[{"line_number":37,"context_line":"\tif !strings.HasPrefix(methodName, \"/\") {"},{"line_number":38,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"invalid method name %q\", methodName)"},{"line_number":39,"context_line":"\t}"},{"line_number":40,"context_line":"\tmethodName \u003d strings.ReplaceAll(methodName[1:], \"/\", \".\")"},{"line_number":41,"context_line":"\tdesc, err :\u003d protoregistry.GlobalFiles.FindDescriptorByName(protoreflect.FullName(methodName))"},{"line_number":42,"context_line":"\tif err !\u003d nil {"},{"line_number":43,"context_line":"\t\treturn nil, status.Errorf(codes.InvalidArgument, \"could not retrieve descriptor for method: %v\", err)"}],"source_content_type":"text/x-go","patch_set":2,"id":"07aa26c6_5ab9c5f1","line":40,"in_reply_to":"29b3727b_56a72efb","updated":"2021-09-30 23:34:00.000000000","message":"Interesting, I\u0027ll take a look. Meanwhile, punting over the change for you to take a look at the rest of the discussions.","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}],"metropolis/node/core/rpc/server_authentication.go":[{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":24,"context_line":"\t// to authenticate incoming gRPC calls. It\u0027s given the gRPC context of the call"},{"line_number":25,"context_line":"\t// (therefore allowing access to information about the underlying gRPC"},{"line_number":26,"context_line":"\t// transport), and should return a PeerInfo structure describing the"},{"line_number":27,"context_line":"\t// authenticated other end of the connection, or an gRPC status if the other"},{"line_number":28,"context_line":"\t// side could not be successfully authenticated."},{"line_number":29,"context_line":"\t//"},{"line_number":30,"context_line":"\t// The returned PeerInfo will be then used to perform authorization checks based"}],"source_content_type":"text/x-go","patch_set":2,"id":"4cc4dbf9_7b99c328","line":27,"range":{"start_line":27,"start_character":50,"end_line":27,"end_character":52},"updated":"2021-09-29 21:33:34.000000000","message":"a","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":24,"context_line":"\t// to authenticate incoming gRPC calls. It\u0027s given the gRPC context of the call"},{"line_number":25,"context_line":"\t// (therefore allowing access to information about the underlying gRPC"},{"line_number":26,"context_line":"\t// transport), and should return a PeerInfo structure describing the"},{"line_number":27,"context_line":"\t// authenticated other end of the connection, or an gRPC status if the other"},{"line_number":28,"context_line":"\t// side could not be successfully authenticated."},{"line_number":29,"context_line":"\t//"},{"line_number":30,"context_line":"\t// The returned PeerInfo will be then used to perform authorization checks based"}],"source_content_type":"text/x-go","patch_set":2,"id":"0f819aa6_d15ec646","line":27,"range":{"start_line":27,"start_character":50,"end_line":27,"end_character":52},"in_reply_to":"4cc4dbf9_7b99c328","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":27,"context_line":"\t// authenticated other end of the connection, or an gRPC status if the other"},{"line_number":28,"context_line":"\t// side could not be successfully authenticated."},{"line_number":29,"context_line":"\t//"},{"line_number":30,"context_line":"\t// The returned PeerInfo will be then used to perform authorization checks based"},{"line_number":31,"context_line":"\t// on the configured authentication of a given gRPC method, as described by the"},{"line_number":32,"context_line":"\t// metropolis.proto.ext.authorization extension. The same PeerInfo will then be"},{"line_number":33,"context_line":"\t// available to the gRPC handler for this method by retrieving it from the"}],"source_content_type":"text/x-go","patch_set":2,"id":"37f654a2_eef40c74","line":30,"range":{"start_line":30,"start_character":31,"end_line":30,"end_character":38},"updated":"2021-09-29 21:33:34.000000000","message":"then be","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":27,"context_line":"\t// authenticated other end of the connection, or an gRPC status if the other"},{"line_number":28,"context_line":"\t// side could not be successfully authenticated."},{"line_number":29,"context_line":"\t//"},{"line_number":30,"context_line":"\t// The returned PeerInfo will be then used to perform authorization checks based"},{"line_number":31,"context_line":"\t// on the configured authentication of a given gRPC method, as described by the"},{"line_number":32,"context_line":"\t// metropolis.proto.ext.authorization extension. The same PeerInfo will then be"},{"line_number":33,"context_line":"\t// available to the gRPC handler for this method by retrieving it from the"}],"source_content_type":"text/x-go","patch_set":2,"id":"74a15107_f6523200","line":30,"range":{"start_line":30,"start_character":31,"end_line":30,"end_character":38},"in_reply_to":"37f654a2_eef40c74","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":53,"context_line":"\t}"},{"line_number":54,"context_line":"}"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"// unary implements the gRPC UnaryInterceptor interface for use with"},{"line_number":57,"context_line":"// grpc.NewServer, based on an authenticationStrategy."},{"line_number":58,"context_line":"func unaryInterceptor(a authenticationStrategy) grpc.UnaryServerInterceptor {"},{"line_number":59,"context_line":"\treturn func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {"}],"source_content_type":"text/x-go","patch_set":2,"id":"71b0febf_18a10fba","line":56,"range":{"start_line":56,"start_character":3,"end_line":56,"end_character":8},"updated":"2021-09-29 21:33:34.000000000","message":"unaryInterceptor","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":53,"context_line":"\t}"},{"line_number":54,"context_line":"}"},{"line_number":55,"context_line":""},{"line_number":56,"context_line":"// unary implements the gRPC UnaryInterceptor interface for use with"},{"line_number":57,"context_line":"// grpc.NewServer, based on an authenticationStrategy."},{"line_number":58,"context_line":"func unaryInterceptor(a authenticationStrategy) grpc.UnaryServerInterceptor {"},{"line_number":59,"context_line":"\treturn func(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (resp interface{}, err error) {"}],"source_content_type":"text/x-go","patch_set":2,"id":"14ab862d_9e6ab71b","line":56,"range":{"start_line":56,"start_character":3,"end_line":56,"end_character":8},"in_reply_to":"71b0febf_18a10fba","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000001,"name":"Lorenz Brun","display_name":"Lorenz","email":"lorenz@monogon.tech","username":"lorenz","avatars":[{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/75c04f6e9881c24ee621fba80667eed8.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"de803dd678a69f2cf605fd511d8014887ecdc864","unresolved":true,"context_lines":[{"line_number":189,"context_line":"}"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"// getPeerCertificate returns the x509 certificate associated with the given"},{"line_number":192,"context_line":"// gRPC connection\u0027s context and ensures that it is a certificate for an ED25519"},{"line_number":193,"context_line":"// keypair. The certificate is _not_ checked against the cluster CA."},{"line_number":194,"context_line":"//"},{"line_number":195,"context_line":"// A gRPC status is returned if the certificate is invalid / unauthenticated for"}],"source_content_type":"text/x-go","patch_set":2,"id":"b356af22_a1414ac2","line":192,"range":{"start_line":192,"start_character":73,"end_line":192,"end_character":80},"updated":"2021-09-29 21:33:34.000000000","message":"Ed25519","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"5cd3e6b901d012bd2d03b756be8ed5e226c97b49","unresolved":false,"context_lines":[{"line_number":189,"context_line":"}"},{"line_number":190,"context_line":""},{"line_number":191,"context_line":"// getPeerCertificate returns the x509 certificate associated with the given"},{"line_number":192,"context_line":"// gRPC connection\u0027s context and ensures that it is a certificate for an ED25519"},{"line_number":193,"context_line":"// keypair. The certificate is _not_ checked against the cluster CA."},{"line_number":194,"context_line":"//"},{"line_number":195,"context_line":"// A gRPC status is returned if the certificate is invalid / unauthenticated for"}],"source_content_type":"text/x-go","patch_set":2,"id":"354c1f30_ff47fa75","line":192,"range":{"start_line":192,"start_character":73,"end_line":192,"end_character":80},"in_reply_to":"b356af22_a1414ac2","updated":"2021-09-30 23:34:00.000000000","message":"Done","commit_id":"078acab87ba041ad300426a6253c09e2048923f2"}]}