* Minimum factor 256*500, don't multiply by base fee
* Change autofill fee behavior to pay the open ledger fee.
** Experimental options: x-assume-tx - assume <int> more transactions in
the open queue when computing escalated fee, x-queue-okay - if true
and escalated fee is over limit, try with load fee.
* Port of 75af4ed.
Replace Journal public data members with member function accessors
in order to make Journal lighter weight. The change makes a
Journal cheaper to pass by value.
Also add missing stream checks (e.g., calls to JLOG) to avoid
text processing that ultimately will not be stored in the log.
The RippleAddress class was used to represent a number of fundamentally
different types: account public keys, account secret keys, node public
keys, node secret keys, seeds and generators.
The class is replaced by the following types:
* PublicKey for account and node public keys
* SecretKey for account and node private keys
* Generator for generating secp256k1 accounts
* Seed for account, node and generator seeds
This is designed for use by proxies in front of rippled. Configured IPs
can forward identifying user data in HTTP headers, including
user name and origin IP. If the user name exists, then resource limits
are lifted for that session. However, administrative commands are still
reserved only for administrative sessions.
* Move InboundTransactions to app/ledger
* Move TransactionAcquire to app/ledger
* Move LocalTxs to app/ledger
* Move Transaction to app/misc
* Move TransactionMaster to app/ledger
o The sign_for RPC command automatically fills in an empty
"SigningPubKey" field if the field is missing.
o The sign_for command returns the Signers list inside the
tx_json. This re-establishes symmetry with the
submit_multisigned command. It also means the returned
tx_blob might be useful, since it contains the multisignature.
o The sign_for command also now allows the inclusion of a Signers
array field in the input tx_json. If a Signers array is present,
the new signature is incorporated into the passed array. This
supports a model where multisignatures are accumulated serially.
o Syntax hints are improved.
o Remove warning written to log by sign_for command.
o The sign_for RPC command previously only worked in the
"json sign_for" form. The command now works as a straight
"sign_for". The "offline" parameter also works.
o Don't autofill Fee or Paths when signing offline.
The digest for a transaction (its transaction ID, or tid) is
computed once upon constructed when the STTx is deserialized.
Subsequent calls to retrieve the digest use the cached value.
Any code which modifies the STTx and then attempts to
retrieve the digest will terminate the process with a
logic error contract violation.
* Nested types removed
* All STTx are contained as const
(Except in transaction sign, which must modify)
* tid in STTx is computed once on deserialization
* All checks flow through ripple::checkValidity, which transparently caches result flags.
* All external transaction submission code paths use checkValidity.
* SF_SIGGOOD flag no longer appears outside of HashRouter / checkValidity.
* Validity can be forced in known or trusted scenarios.
In usage it was determined that the submit_multisigned RPC
command could be improved by moving the Signers array inside the
tx_json in the submitted form of the command. This has the
advantage that the RPC command is more similar to the native form.
Also the returned JSON looks more like the submitted JSON.
Replace TxnSignApiFacade with separate passed in arguments to
the various sign/submit RPC commands.
Also increase unit test coverage of the submit_multisign RPC
command.
With this changeset two-level multisigning is removed from the
codebase and replaced with single-level multisigning.
Additionally, SignerLists in the ledger are prepared for the
possibility of multiple SignerLists per account. This was done
by adding a defaulted 32-bit SignerListID to each SignerList.
The SignerListIndex calculation incorporates the SignerListID.
There are three known missing elements:
1. Multisigned transactions should require higher fees than
regular (single-signed) transaction. That's not yet
implemented.
2. It should be possible to disable the master key on an account
if that account is multisign enabled (has a signer list).
That's not yet implemented.
3. Documentation about multisigning needs to be improved.
Multisigning is still compiled out of the code base. To enable
multisigning for a stand-alone rippled, change the
RIPPLE_ENABLE_MULTI_SIGN macro (in BeastConfig.h) to "1" and
rebuild.
This commit also addresses:
o RIPD-912: Remove multisign APIs from STObject, and
o RIPD-944: Replace common_transactor with jtx at call sites.
The View hierarchy of classes is reorganized to include new
classes with member functions moved and renamed, to solve
defects in the original design:
OpenView accumulates raw state and tx changes and
can be applied to the base. ApplyView accumulates changes
for a single transaction, including metadata, and can be
applied to an OpenView. The Sandbox allows changes with
the option to apply or throw them out. The PaymentSandbox
provides a sandbox with account credit deferral.
Call sites are changed to use the class appropriate for
the task.
This shores up the View interface support for contextual
transaction processing by putting params in the View, and
provides support for replacing the open ledger with the
open MetaView.
Transaction metadata is now part of the View interface.
Stacked MetaViews correctly apply their transaction
metadata to the parent.
* Add lastCloseTime to View
* Add insertTx to View, implement in MetaView
* Add View::txExists for transaction checking
* Add Fees to View, cache fees in Ledger and MetaView
* Use ViewFlags in View
* Use tapENABLE_TESTING flag for features
* Use cached Fees in View
* Rename to ViewFlags
* Move FreezeHandling to View.h, remove ViewAPIBasics.h
* Remove BasicView::parent hack
* Remove calls to getLedger in Transactors
All AccountID functionality is removed from RippleAddress and
replaced with free functions. The AccountID to string conversion
cache is factored out as an explicit type with an instance in
the Application object. New base58 conversion functions are used,
with no dependence on OpenSSL.
All types and free functions related to AccountID are consolidated
into one header file. Routines to operate on "tokens" are also
introduced and consolidated into a single header file.
A token one of the cryptographic primitives used in Ripple:
Secret Seed
Server Public Key
Server Secret Key
Account ID
Account Public Key
Account Private Key
and these deprecated primitives:
Account Family Seed
Account Family Generator
Member functions and free functions on Ledger and LedgerEntrySet are
rewritten in terms of new abstract interfaces `BasicView` and `View`,
representing the set of non-decomposable primitives necessary to read
and write state map items in a ledger, and to overlay a discardable
view onto a Ledger that can calculate metadata during transaction
processing. const-correctness is enforced through the parameter and
return types.
The MetaView now supports multi-level stacking: A MetaView can be
stacked on top of either a Ledger or another MetaView, up to any
number of levels.
The getSLEi member function is removed. The CachedView wrapper
replaces it, wrapping a View such that any function called with a
CachedView will go through the SLECache.
* Add BasicView, View, CachedView
* Rename LedgerEntrySet to MetaView
* Factor out free functions
* Consolidate free functions in ViewAPI
* Remove unused class members and free functions
This performs a deep refactor on the Ledger class and its supporting
classes, in preparation for the move to shared_ptr<SLE const> in
places where the SLE is immutable and we are currently using
shared_ptr<SLE>.
Member functions are converted to free functions, the SLECache is an
explicit parameter, one line convenience functions are removed to
streamline the interface. Some callers are changed to use <SLE const>
instead of <SLE>
SLECache:
* Moved to its own header file
RippleState:
* Remove unused functions
* Store the SLE as const
* Simplify callers
AccountState:
* Remove unused members
* Simplify existing members
Ledger:
* Replace writeBack with insert and update
* Remove unused functions
* Remove LedgerStateParams
* Move getLastFullLedger to Application
* add entryCacheI, exists, fetch, erase
* Use boost::optional where it makes sense
* Make member functions free functions
Free functions:
* fetch: cache-aware SLE retrieval
* forEachItem, forEachItemAfter
* (various)
* Consolidate constructors
* Use pointer/size instead of Serializer
* Factor out PendingSaves
* Make some members free functions
* Reduce size of constructor initializer lists
* Implement subtraction as addition to the additive inverse
* Do not allow comparison with, addition to or subtraction from integers
* Remove unused functions
* Convert member functions to free functions
* Isolate unit-test specific code into the unit test
This commit provides support for 2-level multi-signing of
transactions. The ability is usually compiled out, since other
aspects of multi-signing are not yet complete.
Here are the missing parts:
o Full support for Tickets in transactions.
o Variable fees based on the number of signers,
o Multiple SignerLists with access control flags on accounts,
o Enable / disable operations based on access control flags,
o Enable / disable all of multi-signing based on an amendment,
o Integration tests, and
o Documentation.
* Cleanups and reduction of copying
* Add STArray::back, operator[], push_back(&&)
* Add make_stvar
* Rework STParsedJSON
* Fix code and unit tests that use STParsedJSON
* STTx move constructor
* Allow `passphrase` to be a seed encoded in any of three formats or a
literal passphrase.
* Recognize the absence of `passphrase` as requesting a random seed.
Extract walletPropose() and keypairForSignature() as separately factored
functions (from doWalletPropose() and transactionSign() respectively) to
facilitate unit testing.
