Wallet certificates

mary.tellez · July 13, 2022, 12:38am

Hello, I kept in my wallet a certificate with a public id that is not mine, how is this possible, is there a way to prevent this. Greetings

lemoustachiste · July 13, 2022, 4:23pm

The check for ownership seems to have been deactivated by default in the wallet:

github.com

blockchain-certificates/wallet-android/blob/master/LearningMachine/app/src/main/java/com/learningmachine/android/app/data/CertificateManager.java#L110


      
                  .clone();
          
          
// Parse
          BlockCertParser blockCertParser = new BlockCertParser();
          BlockCert blockCert = blockCertParser.fromJson(responseBody.string());
          if (blockCert == null) {
              return Observable.error(new ExceptionWithResourceString(R.string.invalid_certificate));
          }
          String recipientKey = blockCert.getRecipientPublicKey();
          
          
if (LMConstants.SHOULD_PERFORM_OWNERSHIP_CHECK) {
              // Reject on address mismatch
              boolean isSampleCert = recipientKey.equals("sample-certificate");
              // TODO: certificate ownership check must compare against all addresses
              // recipient key must match one of the bitcoin addresses
              boolean isCertOwner = mBitcoinManager.isMyIssuedAddress(recipientKey);
          
          
    if (!isSampleCert && !isCertOwner) {
                  return Observable.error(new CertificateOwnershipException());
              }
          }

You’ll probably need to build your own wallet with that flag on. I haven’t got extensive knowledge of the wallet apps, so I cannot tell you more than this, ie why was it turned off, and if it works as expected. My guess is that this checks the recipients address against the one generated by the wallet.

Generally speaking we want to start including DIDs for ownership, but that’s still a long way out.

mary.tellez · July 13, 2022, 5:01pm

Thank you for your reply!

Topic		Replies	Views
Wallets support v3 Support	7	772	January 25, 2022
Android Wallet - Credential is in an outaded format Technical	0	552	February 9, 2021
Wallet Process Flow Technical	0	1033	December 5, 2017
Issueing and holding ethereum based certificate Needs clear documentation Technical	5	664	June 10, 2021
[Solved] Blockcerts.org verifier passed, Android app verifier failed Support	1	716	June 27, 2018

Wallet certificates

Related Topics