verify_certificate function
Verifies that a certificate is by the ic_root_key. Throws an Exception if the certificate is invalid.
Implementation
Future<void> verify_certificate(Map certificate) async {
Uint8List treeroothash = construct_ic_system_state_tree_root_hash(certificate['tree']);
Uint8List derKey;
if (certificate.containsKey('delegation')) {
Map legation_certificate = cbor_simple.cbor.decode(Uint8List.fromList(certificate['delegation']['certificate'])) as Map;
await verify_certificate(legation_certificate);
derKey = lookup_path_value_in_an_ic_certificate_tree(legation_certificate['tree'], pathbytes(['subnet', Uint8List.fromList(certificate['delegation']['subnet_id'].toList()), 'public_key']))!;
} else {
derKey = ic_root_key; }
Uint8List blskey = derkeyasablskey(derKey);
bool certificatevalidity = await bls12381.verify(Uint8List.fromList(certificate['signature'].toList()), Uint8List.fromList(createdomainseparatorbytes('ic-state-root').toList()..addAll(treeroothash)), blskey);
// print(certificatevalidity);
if (certificatevalidity == false) {
throw Exception(':CERTIFICATE IS: VOID.');
}
}