"ref/profiles/internal/ipc": Fix Client Authorization Vulnerability
Currently, an IPC server does not check that the blessings
received from the client as part of a flow are bound to
the same public key that the client used during VC establishments.
This is a security vulnerability as it allows the client to
use a blessing bound to any principal and thus impersonate that
principal.
This CL fixes this vulnerability and adds a test for it.
Change-Id: Ia6ab5d6a85c1a438fd6dcd71cc4f5c3180dd613b
2 files changed
