* Minimum factor 256*500, don't multiply by base fee
* Change autofill fee behavior to pay the open ledger fee.
** Experimental options: x-assume-tx - assume <int> more transactions in
the open queue when computing escalated fee, x-queue-okay - if true
and escalated fee is over limit, try with load fee.
* Port of 75af4ed.
Passing in objects, arrays or non-string objects previously generated
nondescript errors. Improve the error messages returned to clients.
Add unit tests to ensure that incorrect inputs are reliably detected
and generate descriptive and accurate errors.
There was a bug in version 0.30.1 where signing with an ed25519
key and a corrupt seed would cause the "sign" and "sign_for"
commands to return an unexpected error. That bug was fixed in
the 0.31.0 release.
These unit tests verify the fix. The error message for a corrupt
seed is also slightly improved.
The caller of the account_info RPC command can optionally
specify that they want the account's SignerList returned by
adding the argument:
"signer_lists": "true"
The returned SignerList is in an array. This leaves us room to
support multiple signer lists on an account in the future without
changing the syntax of the result.
The command-line version of account_info does not support the new
option.
The RippleAddress class was used to represent a number of fundamentally
different types: account public keys, account secret keys, node public
keys, node secret keys, seeds and generators.
The class is replaced by the following types:
* PublicKey for account and node public keys
* SecretKey for account and node private keys
* Generator for generating secp256k1 accounts
* Seed for account, node and generator seeds
tapENABLE_TESTING is removed from checks, and feature enablement
is the sole method for activating features. Unit tests are updated
to enable required features in the construction of the Env.
Tickets are put on a feature switch instead of a build macro.
These changes eliminate the Env's OpenLedger member and make
transactions go through the Application associated with each
instance of the Env, making the unit tests follow a code path
closer to the production code path.
* Add Env::open() for open ledger
* Add Env::now()
* Rename to Env::current()
* Inject ManualTimeKeeper in Env Application
* Make Config mutable
* Move setupConfigForUnitTests
* Launch Env Application thread
* Use Application ledgers in Env
* Adjust Application clock on ledger close
* Adjust close time for close resolution
* Scrub obsolete clock types
* Enable features via Env ctor
* Make Env::master Account object global
* Cache SSL context (performance)
* Cache master wallet keys in Ledger ctor (performance)
* Move InboundTransactions to app/ledger
* Move TransactionAcquire to app/ledger
* Move LocalTxs to app/ledger
* Move Transaction to app/misc
* Move TransactionMaster to app/ledger
o The sign_for RPC command automatically fills in an empty
"SigningPubKey" field if the field is missing.
o The sign_for command returns the Signers list inside the
tx_json. This re-establishes symmetry with the
submit_multisigned command. It also means the returned
tx_blob might be useful, since it contains the multisignature.
o The sign_for command also now allows the inclusion of a Signers
array field in the input tx_json. If a Signers array is present,
the new signature is incorporated into the passed array. This
supports a model where multisignatures are accumulated serially.
o Syntax hints are improved.
o Remove warning written to log by sign_for command.
o The sign_for RPC command previously only worked in the
"json sign_for" form. The command now works as a straight
"sign_for". The "offline" parameter also works.
o Don't autofill Fee or Paths when signing offline.
In usage it was determined that the submit_multisigned RPC
command could be improved by moving the Signers array inside the
tx_json in the submitted form of the command. This has the
advantage that the RPC command is more similar to the native form.
Also the returned JSON looks more like the submitted JSON.
Replace TxnSignApiFacade with separate passed in arguments to
the various sign/submit RPC commands.
Also increase unit test coverage of the submit_multisign RPC
command.
With this changeset two-level multisigning is removed from the
codebase and replaced with single-level multisigning.
Additionally, SignerLists in the ledger are prepared for the
possibility of multiple SignerLists per account. This was done
by adding a defaulted 32-bit SignerListID to each SignerList.
The SignerListIndex calculation incorporates the SignerListID.
There are three known missing elements:
1. Multisigned transactions should require higher fees than
regular (single-signed) transaction. That's not yet
implemented.
2. It should be possible to disable the master key on an account
if that account is multisign enabled (has a signer list).
That's not yet implemented.
3. Documentation about multisigning needs to be improved.
Multisigning is still compiled out of the code base. To enable
multisigning for a stand-alone rippled, change the
RIPPLE_ENABLE_MULTI_SIGN macro (in BeastConfig.h) to "1" and
rebuild.
This commit also addresses:
o RIPD-912: Remove multisign APIs from STObject, and
o RIPD-944: Replace common_transactor with jtx at call sites.
This commit provides support for 2-level multi-signing of
transactions. The ability is usually compiled out, since other
aspects of multi-signing are not yet complete.
Here are the missing parts:
o Full support for Tickets in transactions.
o Variable fees based on the number of signers,
o Multiple SignerLists with access control flags on accounts,
o Enable / disable operations based on access control flags,
o Enable / disable all of multi-signing based on an amendment,
o Integration tests, and
o Documentation.
Recognize a new JSON parameter `key_type` in handlers for wallet_propose
and sign/submit. In addition to letting the caller to specify either of
secp256k1 or ed25519, its presence prohibits the (now-deprecated) use of
heuristically polymorphic parameters for secret data -- the `passphrase`
parameter to wallet_propose will be not be considered as an encoded seed
value (for which `seed` and `seed_hex` should be used), and the `secret`
parameter to sign and submit will be obsoleted entirely by the same trio
above.
* Use constants instead of literals for JSON parameter names.
* Move KeyType to its own unit and add string conversions.
* RippleAddress
* Pass the entire message, rather than a hash, to accountPrivateSign()
and accountPublicVerify().
* Recognize a 33-byte value beginning with 0xED as an Ed25519 key when
signing and verifying (for accounts only).
* Add keyFromSeed() to generate an Ed25519 secret key from a seed.
* Add getSeedFromRPC() to extract the seed from JSON parameters for an
RPC call.
* Add generateKeysFromSeed() to produce a key pair of either type from
a seed.
* Extend Ledger tests to cover both key types.
* Allow `passphrase` to be a seed encoded in any of three formats or a
literal passphrase.
* Recognize the absence of `passphrase` as requesting a random seed.
Extract walletPropose() and keypairForSignature() as separately factored
functions (from doWalletPropose() and transactionSign() respectively) to
facilitate unit testing.
An alternative to the unity build, the classic build compiles each
translation unit individually. This adds more modules to the classic build:
* Remove unity header app.h
* Add missing includes as needed
* Remove obsolete NodeStore backend code
* Add app/, core/, crypto/, json/, net/, overlay/, peerfinder/ to classic build
