rippled/PermissionedDomainInvariant_8cpp_source.html

#include <xrpl/tx/invariants/PermissionedDomainInvariant.h>


#include <xrpl/basics/Log.h>

#include <xrpl/beast/utility/Journal.h>

#include <xrpl/ledger/ReadView.h>

#include <xrpl/ledger/helpers/CredentialHelpers.h>

#include <xrpl/protocol/Feature.h>

#include <xrpl/protocol/LedgerFormats.h>

#include <xrpl/protocol/Protocol.h>

#include <xrpl/protocol/SField.h>

#include <xrpl/protocol/STArray.h>

#include <xrpl/protocol/STLedgerEntry.h>

#include <xrpl/protocol/STTx.h>

#include <xrpl/protocol/TER.h>

#include <xrpl/protocol/TxFormats.h>

#include <xrpl/protocol/XRPAmount.h>


#include <vector>


namespace xrpl {


void


ValidPermissionedDomain::visitEntry(bool isDel, SLE::const_ref before, SLE::const_ref after)

{

    if (before && before->getType() != ltPERMISSIONED_DOMAIN)

        return;

    if (after && after->getType() != ltPERMISSIONED_DOMAIN)

        return;


    auto check = [isDel](std::vector<SleStatus>& sleStatus, SLE::const_ref sle) {

        auto const& credentials = sle->getFieldArray(sfAcceptedCredentials);

        auto const sorted = credentials::makeSorted(credentials);


        SleStatus ss{

            .credentialsSize = credentials.size(),

            .isSorted = false,

            .isUnique = !sorted.empty(),

            .isDelete = isDel};


        // If array have duplicates then all the other checks are invalid

        if (ss.isUnique)

        {

            unsigned i = 0;

            for (auto const& cred : sorted)

            {

                auto const& credTx = credentials[i++];

                ss.isSorted =

                    (cred.first == credTx[sfIssuer]) && (cred.second == credTx[sfCredentialType]);

                if (!ss.isSorted)

                    break;

            }

        }

        sleStatus.emplace_back(ss);

    };


    if (after)

        check(sleStatus_, after);

}


bool


ValidPermissionedDomain::finalize(

    STTx const& tx,

    TER const result,

    XRPAmount const,

    ReadView const& view,

    beast::Journal const& j)

{

    auto check = [](SleStatus const& sleStatus, beast::Journal const& j) {

        if (!sleStatus.credentialsSize)

        {

            JLOG(j.fatal()) << "Invariant failed: permissioned domain with "

                               "no rules.";

            return false;

        }


        if (sleStatus.credentialsSize > kMaxPermissionedDomainCredentialsArraySize)

        {

            JLOG(j.fatal()) << "Invariant failed: permissioned domain bad "

                               "credentials size "

                            << sleStatus.credentialsSize;

            return false;

        }


        if (!sleStatus.isUnique)

        {

            JLOG(j.fatal()) << "Invariant failed: permissioned domain credentials "

                               "aren't unique";

            return false;

        }


        if (!sleStatus.isSorted)

        {

            JLOG(j.fatal()) << "Invariant failed: permissioned domain credentials "

                               "aren't sorted";

            return false;

        }


        return true;

    };


    if (view.rules().enabled(fixCleanup3_1_3))

    {

        // No permissioned domains should be affected if the transaction failed

        if (!isTesSuccess(result))

        {

            // If nothing changed, all is good. If there were changes, that's bad.

            return sleStatus_.empty();

        }


        if (sleStatus_.size() > 1)

        {

            JLOG(j.fatal()) << "Invariant failed: transaction affected more "

                               "than 1 permissioned domain entry.";

            return false;

        }


        switch (tx.getTxnType())

        {

            case ttPERMISSIONED_DOMAIN_SET: {

                if (sleStatus_.empty())

                {

                    JLOG(j.fatal()) << "Invariant failed: no domain objects affected by "

                                       "PermissionedDomainSet";

                    return false;

                }


                auto const& sleStatus = sleStatus_[0];

                if (sleStatus.isDelete)

                {

                    JLOG(j.fatal()) << "Invariant failed: domain object "

                                       "deleted by PermissionedDomainSet";

                    return false;

                }

                return check(sleStatus, j);

            }

            case ttPERMISSIONED_DOMAIN_DELETE: {

                if (sleStatus_.empty())

                {

                    JLOG(j.fatal()) << "Invariant failed: no domain objects affected by "

                                       "PermissionedDomainDelete";

                    return false;

                }


                if (!sleStatus_[0].isDelete)

                {

                    JLOG(j.fatal()) << "Invariant failed: domain object "

                                       "modified, but not deleted by "

                                       "PermissionedDomainDelete";

                    return false;

                }

                return true;

            }

            default: {

                if (!sleStatus_.empty())

                {

                    JLOG(j.fatal()) << "Invariant failed: " << sleStatus_.size()

                                    << " domain object(s) affected by an "

                                       "unauthorized transaction. "

                                    << tx.getTxnType();

                    return false;

                }

                return true;

            }

        }

    }

    else

    {

        if (tx.getTxnType() != ttPERMISSIONED_DOMAIN_SET || !isTesSuccess(result) ||

            sleStatus_.empty())

            return true;

        return check(sleStatus_[0], j);

    }

}


}  // namespace xrpl

beast::Journal
A generic endpoint for log messages.
Definition Journal.h:38

beast::Journal::fatal
Stream fatal() const
Definition Journal.h:321

xrpl::ReadView
A view into a ledger.
Definition ReadView.h:31

xrpl::ReadView::rules
virtual Rules const & rules() const =0
Returns the tx processing rules.

xrpl::Rules::enabled
bool enabled(uint256 const &feature) const
Returns true if a feature is enabled.
Definition Rules.cpp:171

xrpl::STLedgerEntry::const_ref
std::shared_ptr< STLedgerEntry const  > const  & const_ref
Definition STLedgerEntry.h:22

xrpl::STTx
Definition STTx.h:28

xrpl::STTx::getTxnType
TxType getTxnType() const
Definition STTx.h:188

xrpl::ValidPermissionedDomain::sleStatus_
std::vector< SleStatus > sleStatus_
Definition PermissionedDomainInvariant.h:31

xrpl::ValidPermissionedDomain::finalize
bool finalize(STTx const &, TER const, XRPAmount const, ReadView const &, beast::Journal const &)
Definition PermissionedDomainInvariant.cpp:61

xrpl::ValidPermissionedDomain::visitEntry
void visitEntry(bool, SLE::const_ref, SLE::const_ref)
Definition PermissionedDomainInvariant.cpp:23

xrpl::XRPAmount
Definition XRPAmount.h:23

std::vector::emplace_back
T emplace_back(T... args)

xrpl::credentials
Definition CredentialHelpers.h:14

xrpl::credentials::makeSorted
std::set< std::pair< AccountID, Slice > > makeSorted(STArray const &credentials)
Definition CredentialHelpers.cpp:254

xrpl
Use hash_* containers for keys that do not need a cryptographically secure hashing algorithm.
Definition algorithm.h:5

xrpl::after
bool after(NetClock::time_point now, std::uint32_t mark)
Has the specified time passed?
Definition View.cpp:554

xrpl::isTesSuccess
bool isTesSuccess(TER x) noexcept
Definition TER.h:663

xrpl::TER
TERSubset< CanCvtToTER > TER
Definition TER.h:634

xrpl::kMaxPermissionedDomainCredentialsArraySize
constexpr std::size_t kMaxPermissionedDomainCredentialsArraySize
The maximum number of credentials can be passed in array for permissioned domain.
Definition Protocol.h:232

xrpl::ValidPermissionedDomain::SleStatus
Definition PermissionedDomainInvariant.h:25

xrpl::ValidPermissionedDomain::SleStatus::isSorted
bool isSorted
Definition PermissionedDomainInvariant.h:27

xrpl::ValidPermissionedDomain::SleStatus::isDelete
bool isDelete
Definition PermissionedDomainInvariant.h:29

xrpl::ValidPermissionedDomain::SleStatus::isUnique
bool isUnique
Definition PermissionedDomainInvariant.h:28

xrpl::ValidPermissionedDomain::SleStatus::credentialsSize
std::size_t credentialsSize
Definition PermissionedDomainInvariant.h:26

vector