Merge branch 'feature/authorize-address' into 'audit-fixes-2

proto/fairyring/keyshare/authorized_address.proto

@@ -0,0 +1,11 @@
+syntax = "proto3";
+package fairyring.keyshare;
+
+option go_package = "fairyring/x/keyshare/types";
+
+message AuthorizedAddress {
+  string  target        = 1;
+  bool    isAuthorized  = 2;
+  string  authorizedBy  = 3;
+}
+

proto/fairyring/keyshare/genesis.proto

@@ -8,6 +8,7 @@ import "fairyring/keyshare/validator_set.proto";
 import "fairyring/keyshare/key_share.proto";
 import "fairyring/keyshare/aggregated_key_share.proto";
 import "fairyring/keyshare/pub_key.proto";
+import "fairyring/keyshare/authorized_address.proto";
 
 // this line is used by starport scaffolding # genesis/proto/import
 
@@ -21,7 +22,8 @@ message GenesisState {
 
   // this line is used by starport scaffolding # genesis/proto/state
   repeated AggregatedKeyShare aggregatedKeyShareList = 4 [(gogoproto.nullable) = false];
-  ActivePubKey                activePubKey           = 5 [(gogoproto.nullable) = false];
-  QueuedPubKey                queuedPubKey           = 6 [(gogoproto.nullable) = false];
+           ActivePubKey       activePubKey           = 5 [(gogoproto.nullable) = false];
+           QueuedPubKey       queuedPubKey           = 6 [(gogoproto.nullable) = false];
+  repeated AuthorizedAddress  authorizedAddressList  = 7 [(gogoproto.nullable) = false];
 }
 

proto/fairyring/keyshare/query.proto

@@ -10,6 +10,7 @@ import "fairyring/keyshare/validator_set.proto";
 import "fairyring/keyshare/key_share.proto";
 import "fairyring/keyshare/aggregated_key_share.proto";
 import "fairyring/keyshare/pub_key.proto";
+import "fairyring/keyshare/authorized_address.proto";
 
 // this line is used by starport scaffolding # 1
 
@@ -21,41 +22,59 @@ service Query {
   // Parameters queries the parameters of the module.
   rpc Params (QueryParamsRequest) returns (QueryParamsResponse) {
     option (google.api.http).get = "/fairyring/keyshare/params";
+
   }
 
   // Queries a ValidatorSet by index.
   rpc ValidatorSet (QueryGetValidatorSetRequest) returns (QueryGetValidatorSetResponse) {
     option (google.api.http).get = "/fairyring/keyshare/validator_set/{index}";
+
   }
 
   // Queries a list of ValidatorSet items.
   rpc ValidatorSetAll (QueryAllValidatorSetRequest) returns (QueryAllValidatorSetResponse) {
     option (google.api.http).get = "/fairyring/keyshare/validator_set";
+
   }
 
   // Queries a KeyShare by index.
   rpc KeyShare (QueryGetKeyShareRequest) returns (QueryGetKeyShareResponse) {
     option (google.api.http).get = "/fairyring/keyshare/key_share/{validator}/{blockHeight}";
+
   }
 
   // Queries a list of KeyShare items.
   rpc KeyShareAll (QueryAllKeyShareRequest) returns (QueryAllKeyShareResponse) {
     option (google.api.http).get = "/fairyring/keyshare/key_share";
+
   }
 
   // this line is used by starport scaffolding # 2
 
   // Queries a list of AggregatedKeyShare items.
   rpc AggregatedKeyShare    (QueryGetAggregatedKeyShareRequest) returns (QueryGetAggregatedKeyShareResponse) {
     option (google.api.http).get = "/fairyring/keyshare/aggregated_key_share/{height}";
+
   }
   rpc AggregatedKeyShareAll (QueryAllAggregatedKeyShareRequest) returns (QueryAllAggregatedKeyShareResponse) {
     option (google.api.http).get = "/fairyring/keyshare/aggregated_key_share";
+
   }
-
+  
   // Queries the public keys
-  rpc PubKey    (QueryPubKeyRequest) returns (QueryPubKeyResponse) {
+  rpc PubKey (QueryPubKeyRequest) returns (QueryPubKeyResponse) {
     option (google.api.http).get = "/fairyring/keyshare/pub_key";
+
+  }
+
+  // Queries a list of AuthorizedAddress items.
+  rpc AuthorizedAddress    (QueryGetAuthorizedAddressRequest) returns (QueryGetAuthorizedAddressResponse) {
+    option (google.api.http).get = "/fairyring/keyshare/authorized_address/{target}";
+
+  }
+  rpc AuthorizedAddressAll (QueryAllAuthorizedAddressRequest) returns (QueryAllAuthorizedAddressResponse) {
+    option (google.api.http).get = "/fairyring/keyshare/authorized_address";
+
   }
 }
 // QueryParamsRequest is request type for the Query/Params RPC method.
@@ -124,7 +143,24 @@ message QueryAllAggregatedKeyShareResponse {
 message QueryPubKeyRequest {}
 
 message QueryPubKeyResponse {
-  ActivePubKey activePubKey   = 1 [(gogoproto.nullable) = false];
+  ActivePubKey activePubKey = 1 [(gogoproto.nullable) = false];
   QueuedPubKey queuedPubKey = 2 [(gogoproto.nullable) = false];
 }
 
+message QueryGetAuthorizedAddressRequest {
+  string target = 1;
+}
+
+message QueryGetAuthorizedAddressResponse {
+  AuthorizedAddress authorizedAddress = 1 [(gogoproto.nullable) = false];
+}
+
+message QueryAllAuthorizedAddressRequest {
+  cosmos.base.query.v1beta1.PageRequest pagination = 1;
+}
+
+message QueryAllAuthorizedAddressResponse {
+  repeated AuthorizedAddress                      authorizedAddress = 1 [(gogoproto.nullable) = false];
+           cosmos.base.query.v1beta1.PageResponse pagination        = 2;
+}
+

proto/fairyring/keyshare/tx.proto

@@ -10,9 +10,12 @@ option go_package = "fairyring/x/keyshare/types";
 service Msg {
   rpc RegisterValidator (MsgRegisterValidator) returns (MsgRegisterValidatorResponse);
   rpc SendKeyshare      (MsgSendKeyshare     ) returns (MsgSendKeyshareResponse     );
-
+  
   // this line is used by starport scaffolding # proto/tx/rpc
-  rpc CreateLatestPubKey (MsgCreateLatestPubKey) returns (MsgCreateLatestPubKeyResponse);
+  rpc CreateLatestPubKey      (MsgCreateLatestPubKey     ) returns (MsgCreateLatestPubKeyResponse     );
+  rpc CreateAuthorizedAddress (MsgCreateAuthorizedAddress) returns (MsgCreateAuthorizedAddressResponse);
+  rpc UpdateAuthorizedAddress (MsgUpdateAuthorizedAddress) returns (MsgUpdateAuthorizedAddressResponse);
+  rpc DeleteAuthorizedAddress (MsgDeleteAuthorizedAddress) returns (MsgDeleteAuthorizedAddressResponse);
 }
 message MsgRegisterValidator {
   string creator = 1;
@@ -39,7 +42,6 @@ message MsgSendKeyshareResponse {
   string errorMessage        = 7;
 }
 
-
 // this line is used by starport scaffolding # proto/tx/message
 message MsgCreateLatestPubKey {
   string creator   = 1;
@@ -48,3 +50,26 @@ message MsgCreateLatestPubKey {
 }
 
 message MsgCreateLatestPubKeyResponse {}
+
+message MsgCreateAuthorizedAddress {
+  string target       = 1;
+  string creator      = 2;
+}
+
+message MsgCreateAuthorizedAddressResponse {}
+
+message MsgUpdateAuthorizedAddress {
+  string  target        = 1;
+  bool    isAuthorized  = 2;
+  string  creator       = 3;
+}
+
+message MsgUpdateAuthorizedAddressResponse {}
+
+message MsgDeleteAuthorizedAddress {
+  string target       = 1;
+  string creator      = 2;
+}
+
+message MsgDeleteAuthorizedAddressResponse {}
+

scripts/tests/keyshare.sh

@@ -5,7 +5,9 @@ echo ""
 echo "######################################################"
 echo "# Submit Valid & Invalid KeyShare to KeyShare Module #"
 echo "#     Register as a validator in KeyShare Module     #"
+echo "#       Submit KeyShare from Authorized address      #"
 echo "#        Submit Public Key to KeyShare Module        #"
+echo "#                 Authorize address                  #"
 echo "######################################################"
 echo ""
 
@@ -57,6 +59,18 @@ if [[ "$ERROR_MSG" != *"account is not staking"* ]]; then
   exit 1
 fi
 
+echo "Non validator account authorizing another address to submit key share on chain fairyring_test_1"
+RESULT=$($BINARY tx keyshare create-authorized-address $VALIDATOR_1 --from $WALLET_1 --gas-prices 1frt --home $CHAIN_DIR/$CHAINID_1 --chain-id $CHAINID_1 --node tcp://localhost:16657 --broadcast-mode sync --keyring-backend test -o json -y)
+check_tx_code $RESULT
+RESULT=$(wait_for_tx $RESULT)
+ERROR_MSG=$(echo "$RESULT" | jq -r '.raw_log')
+if [[ "$ERROR_MSG" != *"only validator can authorize address to submit key share"* ]]; then
+  echo "ERROR: KeyShare module authorize address error. Expected to get account is not validator error, got '$ERROR_MSG'"
+  echo "$RESULT"
+  exit 1
+fi
+
+
 GENERATED_RESULT=$($GENERATOR generate 1 1)
 GENERATED_SHARE=$(echo "$GENERATED_RESULT" | jq -r '.Shares[0].Value')
 PUB_KEY=$(echo "$GENERATED_RESULT" | jq -r '.MasterPublicKey')
@@ -93,17 +107,78 @@ EXTRACTED_SHARE=$(echo "$EXTRACTED_RESULT" | jq -r '.KeyShare')
 
 
 echo "Not registered account submit key share on chain fairyring_test_1"
+CURRENT_BLOCK=$($BINARY query block --home $CHAIN_DIR/$CHAINID_1 --node tcp://localhost:16657 | jq -r '.block.header.height')
 RESULT=$($BINARY tx keyshare send-keyshare $EXTRACTED_SHARE 0 $TARGET_HEIGHT --from $WALLET_1 --gas-prices 1frt --home $CHAIN_DIR/$CHAINID_1 --chain-id $CHAINID_1 --node tcp://localhost:16657 --broadcast-mode sync --keyring-backend test -o json -y)
 check_tx_code $RESULT
 RESULT=$(wait_for_tx $RESULT)
 ERROR_MSG=$(echo "$RESULT" | jq -r '.raw_log')
-if [[ "$ERROR_MSG" != *"validator not registered"* ]]; then
-  echo "ERROR: KeyShare module submit key share from not registered account error. Expected to get account not registered error, got '$ERROR_MSG'"
+if [[ "$ERROR_MSG" != *"sender is not validator / authorized address to submit key share"* ]]; then
+  echo "ERROR: KeyShare module submit key share from not registered account error. Expected to get account not validator / authorized address error, got '$ERROR_MSG'"
   echo "$RESULT"
   exit 1
 fi
 
 
+echo "Registered validator authorize another address to submit key share on chain fairyring_test_1"
+RESULT=$($BINARY tx keyshare create-authorized-address $WALLET_1 --from $VALIDATOR_1 --gas-prices 1frt --home $CHAIN_DIR/$CHAINID_1 --chain-id $CHAINID_1 --node tcp://localhost:16657 --broadcast-mode sync --keyring-backend test -o json -y)
+check_tx_code $RESULT
+RESULT=$(wait_for_tx $RESULT)
+EVENT_ATR=$(echo "$RESULT" | jq -r '.logs[0].events[0].attributes[0].value')
+if [ "$EVENT_ATR" != "/fairyring.keyshare.MsgCreateAuthorizedAddress" ]; then
+  echo "ERROR: KeyShare module registered validator authorize address error. Expected the account to be authorized successfully, got '$EVENT_ATR'"
+  echo "ERROR MESSAGE: $(echo "$RESULT" | jq -r '.raw_log')"
+  exit 1
+fi
+
+
+CURRENT_BLOCK=$($BINARY query block --home $CHAIN_DIR/$CHAINID_1 --node tcp://localhost:16657 | jq -r '.block.header.height')
+TARGET_HEIGHT=$((CURRENT_BLOCK+1))
+EXTRACTED_RESULT=$($GENERATOR derive $GENERATED_SHARE 0 $TARGET_HEIGHT)
+EXTRACTED_SHARE=$(echo "$EXTRACTED_RESULT" | jq -r '.KeyShare')
+
+
+echo "Authorized account submit key share on chain fairyring_test_1"
+RESULT=$($BINARY tx keyshare send-keyshare $EXTRACTED_SHARE 0 $TARGET_HEIGHT --from $WALLET_1 --gas-prices 1frt --home $CHAIN_DIR/$CHAINID_1 --chain-id $CHAINID_1 --node tcp://localhost:16657 --broadcast-mode sync --keyring-backend test -o json -y)
+check_tx_code $RESULT
+RESULT=$(wait_for_tx $RESULT)
+KEYSHARE_HEIGHT=$(echo "$RESULT" | jq -r '.logs[0].events[1].attributes[1].value')
+if [ "$KEYSHARE_HEIGHT" != "$TARGET_HEIGHT" ]; then
+  echo "ERROR: KeyShare module submit valid key share from registered validator error. Expected the key received at height $TARGET_HEIGHT, got '$RESULT_EVENT'"
+  echo "ERROR MESSAGE: $(echo "$RESULT" | jq -r '.raw_log')"
+  exit 1
+fi
+
+
+echo "Registered validator remove authorized address to submit key share on chain fairyring_test_1"
+RESULT=$($BINARY tx keyshare delete-authorized-address $WALLET_1 --from $VALIDATOR_1 --gas-prices 1frt --home $CHAIN_DIR/$CHAINID_1 --chain-id $CHAINID_1 --node tcp://localhost:16657 --broadcast-mode sync --keyring-backend test -o json -y)
+check_tx_code $RESULT
+RESULT=$(wait_for_tx $RESULT)
+EVENT_ATR=$(echo "$RESULT" | jq -r '.logs[0].events[0].attributes[0].value')
+if [ "$EVENT_ATR" != "/fairyring.keyshare.MsgDeleteAuthorizedAddress" ]; then
+  echo "ERROR: KeyShare module registered validator remove authorized address error. Expected the account to be removed successfully, got '$EVENT_ATR'"
+  echo "ERROR MESSAGE: $(echo "$RESULT" | jq -r '.raw_log')"
+  exit 1
+fi
+
+
+CURRENT_BLOCK=$($BINARY query block --home $CHAIN_DIR/$CHAINID_1 --node tcp://localhost:16657 | jq -r '.block.header.height')
+TARGET_HEIGHT=$((CURRENT_BLOCK+1))
+EXTRACTED_RESULT=$($GENERATOR derive $GENERATED_SHARE 0 $TARGET_HEIGHT)
+EXTRACTED_SHARE=$(echo "$EXTRACTED_RESULT" | jq -r '.KeyShare')
+
+
+echo "Removed Authorized account tries submit key share on chain fairyring_test_1"
+RESULT=$($BINARY tx keyshare send-keyshare $EXTRACTED_SHARE 0 $TARGET_HEIGHT --from $WALLET_1 --gas-prices 1frt --home $CHAIN_DIR/$CHAINID_1 --chain-id $CHAINID_1 --node tcp://localhost:16657 --broadcast-mode sync --keyring-backend test -o json -y)
+check_tx_code $RESULT
+RESULT=$(wait_for_tx $RESULT)
+ERROR_MSG=$(echo "$RESULT" | jq -r '.raw_log')
+if [[ "$ERROR_MSG" != *"sender is not validator / authorized address to submit key share"* ]]; then
+  echo "ERROR: KeyShare module submit valid key share from registered validator error. Expected the key received at height $TARGET_HEIGHT, got '$RESULT_EVENT'"
+  echo "ERROR MESSAGE: $(echo "$RESULT" | jq -r '.raw_log')"
+  exit 1
+fi
+
+
 CURRENT_BLOCK=$($BINARY query block --home $CHAIN_DIR/$CHAINID_1 --node tcp://localhost:16657 | jq -r '.block.header.height')
 TARGET_HEIGHT=$((CURRENT_BLOCK+1))
 EXTRACTED_RESULT=$($GENERATOR derive $GENERATED_SHARE 0 $TARGET_HEIGHT)
@@ -116,7 +191,7 @@ check_tx_code $RESULT
 RESULT=$(wait_for_tx $RESULT)
 RESULT_EVENT=$(echo "$RESULT" | jq -r '.logs[0].events[2].type')
 if [ "$RESULT_EVENT" != "keyshare-aggregated" ]; then
-  echo "ERROR: KeyShare module submit invalid key share from registered validator error. Expected the key to be aggregated, got '$RESULT_EVENT'"
+  echo "ERROR: KeyShare module submit valid key share from registered validator error. Expected the key to be aggregated, got '$RESULT_EVENT'"
   echo "ERROR MESSAGE: $(echo "$RESULT" | jq -r '.raw_log')"
   exit 1
 fi

x/keyshare/client/cli/query.go

@@ -32,6 +32,8 @@ func GetQueryCmd(queryRoute string) *cobra.Command {
 	cmd.AddCommand(CmdListAggregatedKeyShare())
 	cmd.AddCommand(CmdShowAggregatedKeyShare())
 	cmd.AddCommand(CmdShowPubKey())
+	cmd.AddCommand(CmdListAuthorizedAddress())
+	cmd.AddCommand(CmdShowAuthorizedAddress())
 	// this line is used by starport scaffolding # 1
 
 	return cmd

x/keyshare/client/cli/query_authorized_address.go

@@ -0,0 +1,73 @@
+package cli
+
+import (
+	"context"
+
+	"fairyring/x/keyshare/types"
+	"github.com/cosmos/cosmos-sdk/client"
+	"github.com/cosmos/cosmos-sdk/client/flags"
+	"github.com/spf13/cobra"
+)
+
+func CmdListAuthorizedAddress() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "list-authorized-address",
+		Short: "list all authorizedAddress",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			clientCtx := client.GetClientContextFromCmd(cmd)
+
+			pageReq, err := client.ReadPageRequest(cmd.Flags())
+			if err != nil {
+				return err
+			}
+
+			queryClient := types.NewQueryClient(clientCtx)
+
+			params := &types.QueryAllAuthorizedAddressRequest{
+				Pagination: pageReq,
+			}
+
+			res, err := queryClient.AuthorizedAddressAll(context.Background(), params)
+			if err != nil {
+				return err
+			}
+
+			return clientCtx.PrintProto(res)
+		},
+	}
+
+	flags.AddPaginationFlagsToCmd(cmd, cmd.Use)
+	flags.AddQueryFlagsToCmd(cmd)
+
+	return cmd
+}
+
+func CmdShowAuthorizedAddress() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "show-authorized-address [target]",
+		Short: "shows a authorizedAddress",
+		Args:  cobra.ExactArgs(1),
+		RunE: func(cmd *cobra.Command, args []string) (err error) {
+			clientCtx := client.GetClientContextFromCmd(cmd)
+
+			queryClient := types.NewQueryClient(clientCtx)
+
+			argTarget := args[0]
+
+			params := &types.QueryGetAuthorizedAddressRequest{
+				Target: argTarget,
+			}
+
+			res, err := queryClient.AuthorizedAddress(context.Background(), params)
+			if err != nil {
+				return err
+			}
+
+			return clientCtx.PrintProto(res)
+		},
+	}
+
+	flags.AddQueryFlagsToCmd(cmd)
+
+	return cmd
+}