From 4d498b3765695f1b82a2448f0e8efe698b33667d Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Tue, 9 Aug 2016 13:14:38 -0700
Subject: Handling of multi-part chunked network configs on the inbound side.

---
 node/NetworkConfig.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'node/NetworkConfig.cpp')

diff --git a/node/NetworkConfig.cpp b/node/NetworkConfig.cpp
index 07e9bd4f..a4fddf40 100644
--- a/node/NetworkConfig.cpp
+++ b/node/NetworkConfig.cpp
@@ -178,8 +178,18 @@ bool NetworkConfig::toDictionary(Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d,b
 	return true;
 }
 
-bool NetworkConfig::fromDictionary(const Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d)
+bool NetworkConfig::fromDictionary(const Identity &controllerId,Dictionary<ZT_NETWORKCONFIG_DICT_CAPACITY> &d)
 {
+	if ((d.contains(ZT_NETWORKCONFIG_DICT_KEY_SIGNATURE))&&(controllerId)) {
+		// FIXME: right now signature are optional since network configs are only
+		// accepted directly from the controller and the protocol already guarantees
+		// the sender. In the future these might be made non-optional once old
+		// controllers that do not sign are gone and if we ever support peer caching
+		// of network configs.
+		if (!d.unwrapAndVerify(ZT_NETWORKCONFIG_DICT_KEY_SIGNATURE,controllerId.publicKey()))
+			return false;
+	}
+
 	Buffer<ZT_NETWORKCONFIG_DICT_CAPACITY> *tmp = new Buffer<ZT_NETWORKCONFIG_DICT_CAPACITY>();
 
 	try {
-- 
cgit v1.2.3