Update XDR for Protocol 19, add encoding support for CAP-40 SignedPayload Signer #413
Conversation
…ignedPayload Signer from CAP40 into StrKey encoding/decoding.
| if (envelope.getTx().getCond().getDiscriminant().equals(PreconditionType.PRECOND_TIME)) { | ||
| mTimeBounds = TimeBounds.fromXdr(envelope.getTx().getCond().getTimeBounds()); | ||
| } |
There was a problem hiding this comment.
necessary but not sufficient: there can also be timebounds on the PRECOND_V2 type. maybe a helper is in order for a general way to retrieve timebounds given a tx?
There was a problem hiding this comment.
yes, I'll use that suggestion, will be in the next follow-on PR that adds the CAP21 support on those new conditions, I included all the xdr schema changes up front in this pr, but only did the cap40 changes above first, this part ideally was just trying to refactor to maintain present compile/test until then.
There was a problem hiding this comment.
a way to do it here actually would be to say instead .notEquals(PreconditionType.PRECOND_NONE), since both other forms have a timebound condition 🤔
…ns, incorporate some pr feedback
…de)ser, use AccountID for signed payload pojo to check discriminant on public key types
| import static com.google.common.base.Preconditions.checkNotNull; | ||
|
|
||
| /** | ||
| * Signer is a helper class that creates {@link org.stellar.sdk.xdr.SignerKey} objects. | ||
| */ | ||
| public class Signer { | ||
| public static final int SIGNED_PAYLOAD_MAX_PAYLOAD_LENGTH = 64; |
There was a problem hiding this comment.
Ah yeah, I think this belongs above in SignedPayloadSigner
There was a problem hiding this comment.
ok, I had located validation here in the Signer.signedPayload(SignedPayloadSigner) factory method which constructs the xdr SignerKey for payload signer from the payload. The intent on SignedPayloadSigner was to be data transfer object, no logic, to your point, it could take on that role also of validation, but thought was keeping that logic closer to when it's used in SignerKey, let me know if you want to discuss more, thanks!
There was a problem hiding this comment.
You do have validation in two places (signer key and strkey), and imo you'd never want a SignedPayloadSigner that wasn't valid, but your separation of concerns also makes sense. No strong opinion here:+1:
| char[] encoded = encodeCheck(VersionByte.SIGNED_PAYLOAD, record.toByteArray()); | ||
| return String.valueOf(encoded); | ||
| } catch (Exception ex) { | ||
| throw new FormatException(ex.getMessage()); |
There was a problem hiding this comment.
Why rethrow when you can just let it bubble up?
There was a problem hiding this comment.
to muffle the checked exceptions which otherwise would require adding on a throws declaration on the method for each one, which then forces the callers to specifically handle it, it's mostly for caller convenience as there is no significant app-level meaning to a checked failure that the client could catch and do something else instead, rather they should just let it go up also.
There was a problem hiding this comment.
makes sense, java-isms.. 👍
| if (envelope.getTx().getCond().getDiscriminant().equals(PreconditionType.PRECOND_TIME)) { | ||
| mTimeBounds = TimeBounds.fromXdr(envelope.getTx().getCond().getTimeBounds()); | ||
| } |
There was a problem hiding this comment.
a way to do it here actually would be to say instead .notEquals(PreconditionType.PRECOND_NONE), since both other forms have a timebound condition 🤔
| import static com.google.common.base.Preconditions.checkNotNull; | ||
|
|
||
| /** | ||
| * Signer is a helper class that creates {@link org.stellar.sdk.xdr.SignerKey} objects. | ||
| */ | ||
| public class Signer { | ||
| public static final int SIGNED_PAYLOAD_MAX_PAYLOAD_LENGTH = 64; |
There was a problem hiding this comment.
You do have validation in two places (signer key and strkey), and imo you'd never want a SignedPayloadSigner that wasn't valid, but your separation of concerns also makes sense. No strong opinion here:+1:
| char[] encoded = encodeCheck(VersionByte.SIGNED_PAYLOAD, record.toByteArray()); | ||
| return String.valueOf(encoded); | ||
| } catch (Exception ex) { | ||
| throw new FormatException(ex.getMessage()); |
There was a problem hiding this comment.
makes sense, java-isms.. 👍
| // Why not use base32Encoding.encode here? | ||
| // We don't want secret seed to be stored as String in memory because of security reasons. It's impossible | ||
| // to erase it from memory when we want it to be erased (ASAP). | ||
| CharArrayWriter charArrayWriter = new CharArrayWriter(unencoded.length); | ||
| OutputStream charOutputStream = StrKey.base32Encoding.encodingStream(charArrayWriter); | ||
| OutputStream charOutputStream = base32Encoding.encodingStream(charArrayWriter); |
There was a problem hiding this comment.
Errm, note the comment above this line? I think there's a reason we use StrKey? Maybe @tamirms knows more on this (or git blame it)
There was a problem hiding this comment.
this comment was referring to the usage of .encode() vs .encodingStream(), the change here was just source tidy-up, StrKey.base32Encoding was redundant, as within StrKey class scope, it references the same static member declared here at base32Encoding
…ts into SignedPayloadSigner, pr feedback
@Shaptic , good point, since it spread to both, best to encapsulate once in the shared data object, updated c61a5d531371 |
Update the Java SDK to have the new XDR schema for Protocol 19
this change focuses on supporting CAP-40 , namely the new Signed Payload Signer as new StrKey.
Update the StrKey encoding/decoding to include the new Signed Payload Signer, add more tests where signed payload signer could appear such as SetOptionsOperation and AccountEntry.
Closes #412
Closes #410
can ignore all changed files in
src/main/java/org/stellar/sdk/xdr, they are generated code fromxdrgentool against the latest xdr schema files.This is first half of Protocol 19 support, a follow-on PR will be coming for remaining Protocol 19 support of CAP-21 which introduces new tx pre-conditions on of which is
extraSignerswhich this new Signed Payload Signer can be used.