From f3cf062a42dc1ac7fe293c4d94dcbec270e999a3 Mon Sep 17 00:00:00 2001 From: sierra19XX <15652887+sierra19XX@users.noreply.github.com> Date: Thu, 4 Jun 2020 12:19:18 +0000 Subject: [PATCH] rbac10 - db api changes for required signature fetch --- libraries/app/database_api.cpp | 9 ++++++ .../graphene/chain/protocol/transaction.hpp | 1 + libraries/chain/protocol/transaction.cpp | 28 +++++++++++++++++-- tests/tests/authority_tests.cpp | 12 ++++++-- 4 files changed, 46 insertions(+), 4 deletions(-) diff --git a/libraries/app/database_api.cpp b/libraries/app/database_api.cpp index ecb407be..4b1bc232 100644 --- a/libraries/app/database_api.cpp +++ b/libraries/app/database_api.cpp @@ -1865,6 +1865,9 @@ set database_api_impl::get_required_signatures( const signed_tr available_keys, [&]( account_id_type id ){ return &id(_db).active; }, [&]( account_id_type id ){ return &id(_db).owner; }, + [&]( account_id_type id, const operation& op ) { + return _db.get_account_custom_authorities(id, op); + }, _db.get_global_properties().parameters.max_authority_depth ); wdump((result)); return result; @@ -1900,6 +1903,9 @@ set database_api_impl::get_potential_signatures( const signed_t result.insert(k); return &auth; }, + [&]( account_id_type id, const operation& op ) { + return _db.get_account_custom_authorities(id, op); + }, _db.get_global_properties().parameters.max_authority_depth ); @@ -1927,6 +1933,9 @@ set
database_api_impl::get_potential_address_signatures( const signed_t result.insert(k); return &auth; }, + [&]( account_id_type id, const operation& op ) { + return _db.get_account_custom_authorities(id, op); + }, _db.get_global_properties().parameters.max_authority_depth ); return result; diff --git a/libraries/chain/include/graphene/chain/protocol/transaction.hpp b/libraries/chain/include/graphene/chain/protocol/transaction.hpp index 7408a29c..ec8f3f53 100644 --- a/libraries/chain/include/graphene/chain/protocol/transaction.hpp +++ b/libraries/chain/include/graphene/chain/protocol/transaction.hpp @@ -141,6 +141,7 @@ namespace graphene { namespace chain { const flat_set& available_keys, const std::function& get_active, const std::function& get_owner, + const std::function(account_id_type, const operation&)>& get_custom, uint32_t max_recursion = GRAPHENE_MAX_SIG_CHECK_DEPTH )const; diff --git a/libraries/chain/protocol/transaction.cpp b/libraries/chain/protocol/transaction.cpp index ff375bc5..62419948 100644 --- a/libraries/chain/protocol/transaction.cpp +++ b/libraries/chain/protocol/transaction.cpp @@ -348,17 +348,41 @@ set signed_transaction::get_required_signatures( const flat_set& available_keys, const std::function& get_active, const std::function& get_owner, + const std::function(account_id_type, const operation&)>& get_custom, uint32_t max_recursion_depth )const { flat_set required_active; flat_set required_owner; vector other; - get_required_authorities( required_active, required_owner, other ); const flat_set& signature_keys = get_signature_keys( chain_id ); sign_state s( signature_keys, get_active, available_keys ); s.max_recursion = max_recursion_depth; + auto approved_by_custom_authority = [&s, &get_custom]( + account_id_type account, + operation op ) mutable { + auto custom_auths = get_custom( account, op ); + for( const auto& auth : custom_auths ) + if( s.check_authority( &auth ) ) return true; + return false; + }; + + for( const auto& op : operations ) { + flat_set operation_required_active; + operation_get_required_authorities( op, operation_required_active, required_owner, other ); + + auto itr = operation_required_active.begin(); + while ( itr != operation_required_active.end() ) { + if ( approved_by_custom_authority( *itr, op ) ) + itr = operation_required_active.erase( itr ); + else + ++itr; + } + + required_active.insert( operation_required_active.begin(), operation_required_active.end() ); + } + for( const auto& auth : other ) s.check_authority(&auth); for( auto& owner : required_owner ) @@ -386,7 +410,7 @@ set signed_transaction::minimize_required_signatures( uint32_t max_recursion ) const { - set< public_key_type > s = get_required_signatures( chain_id, available_keys, get_active, get_owner, max_recursion ); + set< public_key_type > s = get_required_signatures( chain_id, available_keys, get_active, get_owner, get_custom, max_recursion ); flat_set< public_key_type > result( s.begin(), s.end() ); for( const public_key_type& k : s ) diff --git a/tests/tests/authority_tests.cpp b/tests/tests/authority_tests.cpp index 92c62ba6..a6169489 100644 --- a/tests/tests/authority_tests.cpp +++ b/tests/tests/authority_tests.cpp @@ -1189,6 +1189,14 @@ BOOST_FIXTURE_TEST_CASE( get_required_signatures_test, database_fixture ) return &(aid(db).owner); } ; + auto get_custom = [&]( + account_id_type id, + const operation& op + ) -> vector + { + return db.get_account_custom_authorities(id, op); + } ; + auto chk = [&]( const signed_transaction& tx, flat_set available_keys, @@ -1196,7 +1204,7 @@ BOOST_FIXTURE_TEST_CASE( get_required_signatures_test, database_fixture ) ) -> bool { //wdump( (tx)(available_keys) ); - set result_set = tx.get_required_signatures( db.get_chain_id(), available_keys, get_active, get_owner ); + set result_set = tx.get_required_signatures( db.get_chain_id(), available_keys, get_active, get_owner, get_custom ); //wdump( (result_set)(ref_set) ); return result_set == ref_set; } ; @@ -1318,7 +1326,7 @@ BOOST_FIXTURE_TEST_CASE( nonminimal_sig_test, database_fixture ) ) -> bool { //wdump( (tx)(available_keys) ); - set result_set = tx.get_required_signatures( db.get_chain_id(), available_keys, get_active, get_owner ); + set result_set = tx.get_required_signatures( db.get_chain_id(), available_keys, get_active, get_owner, get_custom ); //wdump( (result_set)(ref_set) ); return result_set == ref_set; } ;