Skip to content

refactor(remote-config): fix remote config signature verification + add integration tests#3659

Open
tonidero wants to merge 2 commits into
mainfrom
remote_config_verify_signed_responses
Open

refactor(remote-config): fix remote config signature verification + add integration tests#3659
tonidero wants to merge 2 commits into
mainfrom
remote_config_verify_signed_responses

Conversation

@tonidero

@tonidero tonidero commented Jun 26, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Fixes remote config endpoint signature verification by:
    • Requiring a nonce
    • Using the whole config data to verify the signature instead of the checksum
    • Verify on 204 responses as well.
  • We change the domain to be sent as part of the url /v1/config/{domain} instead of as part of the body.
  • We add some integration tests that verify that the endpoint parsing and verification work as expected

Note

High Risk
Changes authentication/signature verification for remote config and alters trust model (checksum vs signed config bytes); incorrect verification could block config or accept bad responses under Enforced mode.

Overview
Aligns remote config (GetRemoteConfig / RC container format) signature verification with how the backend signs responses.

GetRemoteConfig now requires a nonce for signing (needsNonceToPerformSigning), so requests send X-Nonce and verification includes it. RC format verification no longer checks the config element’s checksum or signs over checksumBytes(); it verifies the signature over the config element’s raw data bytes via new RCElement.dataBytes(). Element checksums are treated as untrusted hints only.

204 No Content RC responses are no longer auto-VERIFIED without crypto: a new verifyRCFormatNoContentResponse runs signingManager.verifyResponse with an empty body plus request context (nonce, path, request time). Enforced mode can throw on failed 204 verification.

Unit tests in HTTPClientVerificationTest and EndpointTest were updated; ProductionRemoteConfigIntegrationTest hits live /v1/config for 200/204, manifest replay, and enforced verification.

Reviewed by Cursor Bugbot for commit 536fd30. Bugbot is set up for automated code reviews on this repo. Configure here.

@tonidero tonidero changed the title feat(remote-config): verify /v1/config signed responses (nonce + config bytes + 204) refactor(remote-config): fix remote config signature verification + add integration tests Jun 26, 2026
@tonidero tonidero changed the base branch from phase_4__v2_config_topic_handler_registry to main June 26, 2026 07:27
@tonidero @claude
feat(remote-config): verify /v1/config signed responses (nonce + conf…
536fd30 
…ig bytes + 204)

Make the SDK actually verify the /v1/config signed responses now that the
endpoint is in production:

- Require a nonce for GetRemoteConfig signing (was a WIP no-nonce stub) and
  thread it through the binary verification path.
- Sign over the config part bytes exactly as received (RcFormatResponse
  main_body) instead of the element's 24-byte checksum; element checksums are
  untrusted lookup hints. Adds RCElement.dataBytes(); drops the now-unused
  checksumBytes() and the checksum gate.
- Verify the 204 (no content) response over the request context with an empty
  body instead of trusting it unconditionally.

Adds backend integration tests against production (200 + 204, informational and
enforced) plus HTTPClient/Endpoint unit coverage.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@tonidero tonidero force-pushed the remote_config_verify_signed_responses branch from fd7e00c to 536fd30 Compare June 26, 2026 07:33
@tonidero tonidero marked this pull request as ready for review June 26, 2026 07:37
@tonidero tonidero requested a review from a team as a code owner June 26, 2026 07:37
@codecov

codecov Bot commented Jun 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.35%. Comparing base (4d368aa) to head (536fd30).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3659   +/-   ##
=======================================
  Coverage   80.34%   80.35%           
=======================================
  Files         382      382           
  Lines       15706    15711    +5     
  Branches     2191     2190    -1     
=======================================
+ Hits        12619    12624    +5     
  Misses       2213     2213           
  Partials      874      874

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feat:remote-config pr:other

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tonidero