commit/9368c0d563bcf2ad5256e23ca42e3a219023a561/Credentials_8cpp_source.html

#include <xrpld/app/tx/detail/Credentials.h>


#include <xrpl/basics/Log.h>

#include <xrpl/ledger/ApplyView.h>

#include <xrpl/ledger/CredentialHelpers.h>

#include <xrpl/ledger/View.h>

#include <xrpl/protocol/Feature.h>

#include <xrpl/protocol/Indexes.h>

#include <xrpl/protocol/TxFlags.h>


#include <chrono>


namespace xrpl {


/*

    Credentials

    ======


   A verifiable credentials (VC

   https://en.wikipedia.org/wiki/Verifiable_credentials), as defined by the W3C

   specification (https://www.w3.org/TR/vc-data-model-2.0/), is a

   secure and tamper-evident way to represent information about a subject, such

   as an individual, organization, or even an IoT device. These credentials are

   issued by a trusted entity and can be verified by third parties without

   directly involving the issuer at all.

*/


using namespace credentials;


// ------- CREATE --------------------------


std::uint32_t


CredentialCreate::getFlagsMask(PreflightContext const& ctx)

{

    // 0 means "Allow any flags"

    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;

}


NotTEC


CredentialCreate::preflight(PreflightContext const& ctx)

{

    auto const& tx = ctx.tx;

    auto& j = ctx.j;


    if (!tx[sfSubject])

    {

        JLOG(j.trace()) << "Malformed transaction: Invalid Subject";

        return temMALFORMED;

    }


    auto const uri = tx[~sfURI];

    if (uri && (uri->empty() || (uri->size() > maxCredentialURILength)))

    {

        JLOG(j.trace()) << "Malformed transaction: invalid size of URI.";

        return temMALFORMED;

    }


    auto const credType = tx[sfCredentialType];

    if (credType.empty() || (credType.size() > maxCredentialTypeLength))

    {

        JLOG(j.trace()) << "Malformed transaction: invalid size of CredentialType.";

        return temMALFORMED;

    }


    return tesSUCCESS;

}


TER


CredentialCreate::preclaim(PreclaimContext const& ctx)

{

    auto const credType(ctx.tx[sfCredentialType]);

    auto const subject = ctx.tx[sfSubject];


    if (!ctx.view.exists(keylet::account(subject)))

    {

        JLOG(ctx.j.trace()) << "Subject doesn't exist.";

        return tecNO_TARGET;

    }


    if (ctx.view.exists(keylet::credential(subject, ctx.tx[sfAccount], credType)))

    {

        JLOG(ctx.j.trace()) << "Credential already exists.";

        return tecDUPLICATE;

    }


    return tesSUCCESS;

}


TER


CredentialCreate::doApply()

{

    auto const subject = ctx_.tx[sfSubject];

    auto const credType(ctx_.tx[sfCredentialType]);

    Keylet const credentialKey = keylet::credential(subject, account_, credType);


    auto const sleCred = std::make_shared<SLE>(credentialKey);

    if (!sleCred)

        return tefINTERNAL;  // LCOV_EXCL_LINE


    auto const optExp = ctx_.tx[~sfExpiration];

    if (optExp)

    {

        std::uint32_t const closeTime = ctx_.view().header().parentCloseTime.time_since_epoch().count();


        if (closeTime > *optExp)

        {

            JLOG(j_.trace()) << "Malformed transaction: "

                                "Expiration time is in the past.";

            return tecEXPIRED;

        }


        sleCred->setFieldU32(sfExpiration, ctx_.tx.getFieldU32(sfExpiration));

    }


    auto const sleIssuer = view().peek(keylet::account(account_));

    if (!sleIssuer)

        return tefINTERNAL;  // LCOV_EXCL_LINE


    {

        STAmount const reserve{view().fees().accountReserve(sleIssuer->getFieldU32(sfOwnerCount) + 1)};

        if (mPriorBalance < reserve)

            return tecINSUFFICIENT_RESERVE;

    }


    sleCred->setAccountID(sfSubject, subject);

    sleCred->setAccountID(sfIssuer, account_);

    sleCred->setFieldVL(sfCredentialType, credType);


    if (ctx_.tx.isFieldPresent(sfURI))

        sleCred->setFieldVL(sfURI, ctx_.tx.getFieldVL(sfURI));


    {

        auto const page = view().dirInsert(keylet::ownerDir(account_), credentialKey, describeOwnerDir(account_));

        JLOG(j_.trace()) << "Adding Credential to owner directory " << to_string(credentialKey.key) << ": "

                         << (page ? "success" : "failure");

        if (!page)

            return tecDIR_FULL;

        sleCred->setFieldU64(sfIssuerNode, *page);


        adjustOwnerCount(view(), sleIssuer, 1, j_);

    }


    if (subject == account_)

    {

        sleCred->setFieldU32(sfFlags, lsfAccepted);

    }

    else

    {

        auto const page = view().dirInsert(keylet::ownerDir(subject), credentialKey, describeOwnerDir(subject));

        JLOG(j_.trace()) << "Adding Credential to owner directory " << to_string(credentialKey.key) << ": "

                         << (page ? "success" : "failure");

        if (!page)

            return tecDIR_FULL;

        sleCred->setFieldU64(sfSubjectNode, *page);

        view().update(view().peek(keylet::account(subject)));

    }


    view().insert(sleCred);


    return tesSUCCESS;

}


// ------- DELETE --------------------------


std::uint32_t


CredentialDelete::getFlagsMask(PreflightContext const& ctx)

{

    // 0 means "Allow any flags"

    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;

}


NotTEC


CredentialDelete::preflight(PreflightContext const& ctx)

{

    auto const subject = ctx.tx[~sfSubject];

    auto const issuer = ctx.tx[~sfIssuer];


    if (!subject && !issuer)

    {

        // Neither field is present, the transaction is malformed.

        JLOG(ctx.j.trace()) << "Malformed transaction: "

                               "No Subject or Issuer fields.";

        return temMALFORMED;

    }


    // Make sure that the passed account is valid.

    if ((subject && subject->isZero()) || (issuer && issuer->isZero()))

    {

        JLOG(ctx.j.trace()) << "Malformed transaction: Subject or Issuer "

                               "field zeroed.";

        return temINVALID_ACCOUNT_ID;

    }


    auto const credType = ctx.tx[sfCredentialType];

    if (credType.empty() || (credType.size() > maxCredentialTypeLength))

    {

        JLOG(ctx.j.trace()) << "Malformed transaction: invalid size of CredentialType.";

        return temMALFORMED;

    }


    return tesSUCCESS;

}


TER


CredentialDelete::preclaim(PreclaimContext const& ctx)

{

    AccountID const account{ctx.tx[sfAccount]};

    auto const subject = ctx.tx[~sfSubject].value_or(account);

    auto const issuer = ctx.tx[~sfIssuer].value_or(account);

    auto const credType(ctx.tx[sfCredentialType]);


    if (!ctx.view.exists(keylet::credential(subject, issuer, credType)))

        return tecNO_ENTRY;


    return tesSUCCESS;

}


TER


CredentialDelete::doApply()

{

    auto const subject = ctx_.tx[~sfSubject].value_or(account_);

    auto const issuer = ctx_.tx[~sfIssuer].value_or(account_);


    auto const credType(ctx_.tx[sfCredentialType]);

    auto const sleCred = view().peek(keylet::credential(subject, issuer, credType));

    if (!sleCred)

        return tefINTERNAL;  // LCOV_EXCL_LINE


    if ((subject != account_) && (issuer != account_) && !checkExpired(sleCred, ctx_.view().header().parentCloseTime))

    {

        JLOG(j_.trace()) << "Can't delete non-expired credential.";

        return tecNO_PERMISSION;

    }


    return deleteSLE(view(), sleCred, j_);

}


// ------- APPLY --------------------------


std::uint32_t


CredentialAccept::getFlagsMask(PreflightContext const& ctx)

{

    // 0 means "Allow any flags"

    return ctx.rules.enabled(fixInvalidTxFlags) ? tfUniversalMask : 0;

}


NotTEC


CredentialAccept::preflight(PreflightContext const& ctx)

{

    if (!ctx.tx[sfIssuer])

    {

        JLOG(ctx.j.trace()) << "Malformed transaction: Issuer field zeroed.";

        return temINVALID_ACCOUNT_ID;

    }


    auto const credType = ctx.tx[sfCredentialType];

    if (credType.empty() || (credType.size() > maxCredentialTypeLength))

    {

        JLOG(ctx.j.trace()) << "Malformed transaction: invalid size of CredentialType.";

        return temMALFORMED;

    }


    return tesSUCCESS;

}


TER


CredentialAccept::preclaim(PreclaimContext const& ctx)

{

    AccountID const subject = ctx.tx[sfAccount];

    AccountID const issuer = ctx.tx[sfIssuer];

    auto const credType(ctx.tx[sfCredentialType]);


    if (!ctx.view.exists(keylet::account(issuer)))

    {

        JLOG(ctx.j.warn()) << "No issuer: " << to_string(issuer);

        return tecNO_ISSUER;

    }


    auto const sleCred = ctx.view.read(keylet::credential(subject, issuer, credType));

    if (!sleCred)

    {

        JLOG(ctx.j.warn()) << "No credential: " << to_string(subject) << ", " << to_string(issuer) << ", " << credType;

        return tecNO_ENTRY;

    }


    if (sleCred->getFieldU32(sfFlags) & lsfAccepted)

    {

        JLOG(ctx.j.warn()) << "Credential already accepted: " << to_string(subject) << ", " << to_string(issuer) << ", "

                           << credType;

        return tecDUPLICATE;

    }


    return tesSUCCESS;

}


TER


CredentialAccept::doApply()

{

    AccountID const issuer{ctx_.tx[sfIssuer]};


    // Both exist as credential object exist itself (checked in preclaim)

    auto const sleSubject = view().peek(keylet::account(account_));

    auto const sleIssuer = view().peek(keylet::account(issuer));


    if (!sleSubject || !sleIssuer)

        return tefINTERNAL;  // LCOV_EXCL_LINE


    {

        STAmount const reserve{view().fees().accountReserve(sleSubject->getFieldU32(sfOwnerCount) + 1)};

        if (mPriorBalance < reserve)

            return tecINSUFFICIENT_RESERVE;

    }


    auto const credType(ctx_.tx[sfCredentialType]);

    Keylet const credentialKey = keylet::credential(account_, issuer, credType);

    auto const sleCred = view().peek(credentialKey);  // Checked in preclaim()


    if (checkExpired(sleCred, view().header().parentCloseTime))

    {

        JLOG(j_.trace()) << "Credential is expired: " << sleCred->getText();

        // delete expired credentials even if the transaction failed

        auto const err = credentials::deleteSLE(view(), sleCred, j_);

        return isTesSuccess(err) ? tecEXPIRED : err;

    }


    sleCred->setFieldU32(sfFlags, lsfAccepted);

    view().update(sleCred);


    adjustOwnerCount(view(), sleIssuer, -1, j_);

    adjustOwnerCount(view(), sleSubject, 1, j_);


    return tesSUCCESS;

}


}  // namespace xrpl

chrono

beast::Journal::trace
Stream trace() const
Severity stream access functions.
Definition Journal.h:295

beast::Journal::warn
Stream warn() const
Definition Journal.h:313

xrpl::ApplyContext::tx
STTx const  & tx
Definition ApplyContext.h:44

xrpl::ApplyContext::view
ApplyView & view()
Definition ApplyContext.h:50

xrpl::ApplyView::update
virtual void update(std::shared_ptr< SLE > const &sle)=0
Indicate changes to a peeked SLE.

xrpl::ApplyView::insert
virtual void insert(std::shared_ptr< SLE > const &sle)=0
Insert a new state SLE.

xrpl::ApplyView::dirInsert
std::optional< std::uint64_t > dirInsert(Keylet const &directory, uint256 const &key, std::function< void(std::shared_ptr< SLE > const &)> const &describe)
Insert an entry to a directory.
Definition ApplyView.h:284

xrpl::ApplyView::peek
virtual std::shared_ptr< SLE > peek(Keylet const &k)=0
Prepare to modify the SLE associated with key.

xrpl::CredentialAccept::doApply
TER doApply() override
Definition Credentials.cpp:297

xrpl::CredentialAccept::preclaim
static TER preclaim(PreclaimContext const &ctx)
Definition Credentials.cpp:267

xrpl::CredentialAccept::getFlagsMask
static std::uint32_t getFlagsMask(PreflightContext const &ctx)
Definition Credentials.cpp:241

xrpl::CredentialAccept::preflight
static NotTEC preflight(PreflightContext const &ctx)
Definition Credentials.cpp:248

xrpl::CredentialCreate::getFlagsMask
static std::uint32_t getFlagsMask(PreflightContext const &ctx)
Definition Credentials.cpp:33

xrpl::CredentialCreate::preflight
static NotTEC preflight(PreflightContext const &ctx)
Definition Credentials.cpp:40

xrpl::CredentialCreate::doApply
TER doApply() override
Definition Credentials.cpp:90

xrpl::CredentialCreate::preclaim
static TER preclaim(PreclaimContext const &ctx)
Definition Credentials.cpp:69

xrpl::CredentialDelete::preclaim
static TER preclaim(PreclaimContext const &ctx)
Definition Credentials.cpp:205

xrpl::CredentialDelete::getFlagsMask
static std::uint32_t getFlagsMask(PreflightContext const &ctx)
Definition Credentials.cpp:166

xrpl::CredentialDelete::preflight
static NotTEC preflight(PreflightContext const &ctx)
Definition Credentials.cpp:173

xrpl::CredentialDelete::doApply
TER doApply() override
Definition Credentials.cpp:219

xrpl::ReadView::fees
virtual Fees const & fees() const =0
Returns the fees for the base ledger.

xrpl::ReadView::exists
virtual bool exists(Keylet const &k) const =0
Determine if a state item exists.

xrpl::ReadView::header
virtual LedgerHeader const & header() const =0
Returns information about the ledger.

xrpl::ReadView::read
virtual std::shared_ptr< SLE const > read(Keylet const &k) const =0
Return the state item associated with a key.

xrpl::Rules::enabled
bool enabled(uint256 const &feature) const
Returns true if a feature is enabled.
Definition Rules.cpp:118

xrpl::STAmount
Definition STAmount.h:31

xrpl::STObject::getFieldVL
Blob getFieldVL(SField const &field) const
Definition STObject.cpp:624

xrpl::STObject::getFieldU32
std::uint32_t getFieldU32(SField const &field) const
Definition STObject.cpp:576

xrpl::STObject::isFieldPresent
bool isFieldPresent(SField const &field) const
Definition STObject.cpp:439

xrpl::TERSubset
Definition TER.h:396

xrpl::Transactor::account_
AccountID const account_
Definition Transactor.h:113

xrpl::Transactor::j_
beast::Journal const j_
Definition Transactor.h:111

xrpl::Transactor::view
ApplyView & view()
Definition Transactor.h:129

xrpl::Transactor::mPriorBalance
XRPAmount mPriorBalance
Definition Transactor.h:114

xrpl::Transactor::ctx_
ApplyContext & ctx_
Definition Transactor.h:109

xrpl::base_uint< 160, detail::AccountIDTag >

std::uint32_t

std::is_same_v
T is_same_v

xrpl::credentials::checkExpired
bool checkExpired(std::shared_ptr< SLE const > const &sleCredential, NetClock::time_point const &closed)
Definition CredentialHelpers.cpp:12

xrpl::credentials::deleteSLE
TER deleteSLE(ApplyView &view, std::shared_ptr< SLE > const &sleCredential, beast::Journal j)
Definition CredentialHelpers.cpp:44

xrpl::keylet::ownerDir
Keylet ownerDir(AccountID const &id) noexcept
The root page of an account's directory.
Definition Indexes.cpp:325

xrpl::keylet::account
Keylet account(AccountID const &id) noexcept
AccountID root.
Definition Indexes.cpp:160

xrpl::keylet::credential
Keylet credential(AccountID const &subject, AccountID const &issuer, Slice const &credType) noexcept
Definition Indexes.cpp:486

xrpl
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition algorithm.h:6

xrpl::maxCredentialURILength
std::size_t constexpr maxCredentialURILength
The maximum length of a URI inside a Credential.
Definition Protocol.h:218

xrpl::to_string
std::string to_string(base_uint< Bits, Tag > const &a)
Definition base_uint.h:598

xrpl::tefINTERNAL
@ tefINTERNAL
Definition TER.h:154

xrpl::adjustOwnerCount
void adjustOwnerCount(ApplyView &view, std::shared_ptr< SLE > const &sle, std::int32_t amount, beast::Journal j)
Adjust the owner count up or down.
Definition View.cpp:941

xrpl::describeOwnerDir
std::function< void(SLE::ref)> describeOwnerDir(AccountID const &account)
Definition View.cpp:955

xrpl::temMALFORMED
@ temMALFORMED
Definition TER.h:68

xrpl::temINVALID_ACCOUNT_ID
@ temINVALID_ACCOUNT_ID
Definition TER.h:100

xrpl::isTesSuccess
bool isTesSuccess(TER x) noexcept
Definition TER.h:650

xrpl::tecDIR_FULL
@ tecDIR_FULL
Definition TER.h:269

xrpl::tecNO_ENTRY
@ tecNO_ENTRY
Definition TER.h:288

xrpl::tecNO_TARGET
@ tecNO_TARGET
Definition TER.h:286

xrpl::tecEXPIRED
@ tecEXPIRED
Definition TER.h:296

xrpl::tecINSUFFICIENT_RESERVE
@ tecINSUFFICIENT_RESERVE
Definition TER.h:289

xrpl::tecNO_PERMISSION
@ tecNO_PERMISSION
Definition TER.h:287

xrpl::tecNO_ISSUER
@ tecNO_ISSUER
Definition TER.h:281

xrpl::tecDUPLICATE
@ tecDUPLICATE
Definition TER.h:297

xrpl::lsfAccepted
@ lsfAccepted
Definition LedgerFormats.h:185

xrpl::tesSUCCESS
@ tesSUCCESS
Definition TER.h:226

xrpl::tfUniversalMask
constexpr std::uint32_t tfUniversalMask
Definition TxFlags.h:44

xrpl::maxCredentialTypeLength
std::size_t constexpr maxCredentialTypeLength
The maximum length of a CredentialType inside a Credential.
Definition Protocol.h:221

xrpl::Fees::accountReserve
XRPAmount accountReserve(std::size_t ownerCount) const
Returns the account reserve given the owner count, in drops.
Definition protocol/Fees.h:30

xrpl::Keylet
A pair of SHAMap key and LedgerEntryType.
Definition Keylet.h:20

xrpl::Keylet::key
uint256 key
Definition Keylet.h:21

xrpl::LedgerHeader::parentCloseTime
NetClock::time_point parentCloseTime
Definition LedgerHeader.h:23

xrpl::PreclaimContext
State information when determining if a tx is likely to claim a fee.
Definition Transactor.h:54

xrpl::PreclaimContext::view
ReadView const  & view
Definition Transactor.h:57

xrpl::PreclaimContext::tx
STTx const  & tx
Definition Transactor.h:60

xrpl::PreclaimContext::j
beast::Journal const j
Definition Transactor.h:62

xrpl::PreflightContext
State information when preflighting a tx.
Definition Transactor.h:16

xrpl::PreflightContext::rules
Rules const rules
Definition Transactor.h:20

xrpl::PreflightContext::j
beast::Journal const j
Definition Transactor.h:23

xrpl::PreflightContext::tx
STTx const  & tx
Definition Transactor.h:19

std::chrono::time_point::time_since_epoch
T time_since_epoch(T... args)