private boolean processQuorumMode(Set<? extends AbstractKey> keys) { int counter = this.quorumSize; boolean result = counter == 0; Set<Role> roles = this.roles; for (Role role : roles) { if (result) break; if (role != null && role.isAllowedForKeys(keys) && --counter == 0) { result = true; break; } } return result; }
/** * Check permission is allowed to keys and references * * @param keys is collection of public keys * @return true if permission is allowed to keys and references */ public boolean isAllowedFor(Collection<PublicKey> keys) { return role.isAllowedForKeys(new HashSet<>(keys)); }
/** * Check role is allowed to keys and references * * @param keys is collection of keys * @param references this parameter is ignored * @return true if role is allowed to keys and references * @deprecated use isAllowedForKeys instead. References should be used withith reference contract context */ @Deprecated public boolean isAllowedFor(Collection<? extends AbstractKey> keys, Collection<String> references) { return isAllowedForKeys(keys instanceof Set ? (Set<? extends AbstractKey>) keys : new HashSet<>(keys)); }
/** * Check role is allowed to keys * * @param keys is set of keys * @return true if role is allowed to keys */ @Override public boolean isAllowedForKeys(Set<? extends AbstractKey> keys) { if(!super.isAllowedForKeys(keys)) return false; final Role role = resolve(); return (role == null) ? false : role.isAllowedForKeys(keys); }
private boolean processAnyMode(Set<? extends AbstractKey> keys) { return this.roles.stream().anyMatch(role -> role.isAllowedForKeys(keys)); }
private boolean processAllMode(Set<? extends AbstractKey> keys) { return this.roles.stream().allMatch(role -> role.isAllowedForKeys(keys)); }
private boolean isSignedBy(Role role) throws Quantiser.QuantiserException { if (role == null) return false; role = role.resolve(); if (role == null) return false; return role.isAllowedForKeys(getEffectiveKeys()); }
/** * Check role is allowed to keys * * @param keys is set of keys * @return true if role is allowed to keys */ @Override public boolean isAllowedForKeys(Set<? extends AbstractKey> keys) { if(!super.isAllowedForKeys(keys)) { return false; } boolean allMatch1 = anonymousIds.stream().allMatch(anonId -> keys.stream().anyMatch(key -> { try { return key.matchAnonymousId(anonId.getBytes()); } catch (IOException e) { return false; } })); boolean allMatch2 = keyRecords.values().stream().allMatch( kr -> keys.stream().anyMatch(k -> k.getPublicKey().equals(kr.getPublicKey()))); boolean allMatch3 = keyAddresses.stream().allMatch(address -> keys.stream().anyMatch(key -> key.isMatchingKeyAddress(address))); return allMatch1 && allMatch2 && allMatch3; }
/** * Check role is allowed to keys * * @param keys is set of keys * @return true if role is allowed to keys */ @Override public boolean isAllowedForKeys(Set<? extends AbstractKey> keys) { if(!super.isAllowedForKeys(keys)) return false; if(this.mode == null) { this.mode = Mode.ALL; } return this.mode == Mode.ANY && this.processAnyMode(keys) || this.mode == Mode.ALL && this.processAllMode(keys) || this.mode == Mode.QUORUM && this.processQuorumMode(keys); }
boolean willBeMine = c.getOwner().isAllowedForKeys(keys);
@Test public void testAddressRole() throws Exception { Set<KeyAddress> keyAddresses = new HashSet<>(); keyAddresses.add(new KeyAddress(keys.get(0).getPublicKey(), 0, true)); SimpleRole sr = new SimpleRole("tr1", keyAddresses); Binder serialized = DefaultBiMapper.serialize(sr); Role r1 = DefaultBiMapper.deserialize(serialized); Set<PublicKey> pubKeys = new HashSet<>(); pubKeys.add(keys.get(0).getPublicKey()); assertTrue(sr.isAllowedForKeys(pubKeys)); assertTrue(r1.isAllowedForKeys(pubKeys)); assertEquals(sr, r1); }
public synchronized Contract finishSwap_wrongKey(Contract swapContract, Set<PrivateKey> keys, PrivateKey wrongKey) { List<Contract> swappingContracts = (List<Contract>) swapContract.getNew(); // looking for contract that will be own for (Contract c : swappingContracts) { boolean willBeMine = c.getOwner().isAllowedForKeys(keys); System.out.println("willBeMine: " + willBeMine + " " + c.getSealedByKeys().size()); if(willBeMine) { c.addSignatureToSeal(wrongKey); } } swapContract.seal(); return swapContract; }
@Test public void createU() throws Exception { PrivateKey privateKey = TestKeys.privateKey(3); Set<PublicKey> keys = new HashSet(); keys.add(privateKey.getPublicKey()); Contract u = InnerContractsService.createFreshU(100, keys); u.check(); u.traceErrors(); assertEquals(true, u.getRole("owner").isAllowedForKeys(keys)); assertEquals(100, u.getStateData().getIntOrThrow("transaction_units")); PrivateKey manufacturePrivateKey = new PrivateKey(Do.read( "./src/test_contracts/keys/u_key.private.unikey")); Set<PublicKey> badKeys = new HashSet(); badKeys.add(manufacturePrivateKey.getPublicKey()); assertEquals(false, u.getRole("owner").isAllowedForKeys(badKeys)); }
public void prepareContractsForSwap( Set<PrivateKey> martyPrivateKeys, Set<PublicKey> martyPublicKeys, Set<PrivateKey> stepaPrivateKeys, Set<PublicKey> stepaPublicKeys, Contract delorean, Contract lamborghini) throws Exception { martyPrivateKeys.add(new PrivateKey(Do.read(ROOT_PATH + "keys/marty_mcfly.private.unikey"))); for (PrivateKey pk : martyPrivateKeys) { martyPublicKeys.add(pk.getPublicKey()); } stepaPrivateKeys.add(new PrivateKey(Do.read(ROOT_PATH + "keys/stepan_mamontov.private.unikey"))); for (PrivateKey pk : stepaPrivateKeys) { stepaPublicKeys.add(pk.getPublicKey()); } PrivateKey manufacturePrivateKey = new PrivateKey(Do.read(ROOT_PATH + "_xer0yfe2nn1xthc.private.unikey")); delorean.addSignerKey(manufacturePrivateKey); delorean.seal(); System.out.println("DeLorean ownership contract is valid: " + delorean.check()); delorean.traceErrors(); registerAndCheckApproved(delorean); System.out.println("DeLorean ownership is belongs to Marty: " + delorean.getOwner().isAllowedForKeys(martyPublicKeys)); lamborghini.addSignerKey(manufacturePrivateKey); lamborghini.seal(); System.out.println("Lamborghini ownership contract is valid: " + lamborghini.check()); lamborghini.traceErrors(); registerAndCheckApproved(lamborghini); System.out.println("Lamborghini ownership is belongs to Stepa: " + lamborghini.getOwner().isAllowedForKeys(stepaPublicKeys)); }
@Test public void goodNotary() throws Exception { Set<PrivateKey> martyPrivateKeys = new HashSet<>(); Set<PrivateKey> stepaPrivateKeys = new HashSet<>(); Set<PublicKey> martyPublicKeys = new HashSet<>(); Set<PublicKey> stepaPublicKeys = new HashSet<>(); martyPrivateKeys.add(new PrivateKey(Do.read(rootPath + "keys/marty_mcfly.private.unikey"))); stepaPrivateKeys.add(new PrivateKey(Do.read(rootPath + "keys/stepan_mamontov.private.unikey"))); for (PrivateKey pk : stepaPrivateKeys) stepaPublicKeys.add(pk.getPublicKey()); for (PrivateKey pk : martyPrivateKeys) martyPublicKeys.add(pk.getPublicKey()); Contract notaryContract = ContractsService.createNotaryContract(martyPrivateKeys, stepaPublicKeys); notaryContract.check(); notaryContract.traceErrors(); assertTrue(notaryContract.isOk()); assertTrue(notaryContract.getOwner().isAllowedForKeys(stepaPublicKeys)); assertTrue(notaryContract.getIssuer().isAllowedForKeys(martyPrivateKeys)); assertTrue(notaryContract.getCreator().isAllowedForKeys(martyPrivateKeys)); assertFalse(notaryContract.getOwner().isAllowedForKeys(martyPrivateKeys)); assertFalse(notaryContract.getIssuer().isAllowedForKeys(stepaPublicKeys)); assertFalse(notaryContract.getCreator().isAllowedForKeys(stepaPublicKeys)); assertTrue(notaryContract.getExpiresAt().isAfter(ZonedDateTime.now().plusMonths(3))); assertTrue(notaryContract.getCreatedAt().isBefore(ZonedDateTime.now())); assertTrue(notaryContract.isPermitted("revoke", stepaPublicKeys)); assertTrue(notaryContract.isPermitted("revoke", martyPublicKeys)); assertTrue(notaryContract.isPermitted("change_owner", stepaPublicKeys)); assertFalse(notaryContract.isPermitted("change_owner", martyPublicKeys)); }
notaryContract.traceErrors(); assertTrue(notaryContract.getOwner().isAllowedForKeys(ownerPublicKeys)); assertTrue(notaryContract.getIssuer().isAllowedForKeys(issuerPrivateKeys)); assertTrue(notaryContract.getCreator().isAllowedForKeys(issuerPrivateKeys)); assertFalse(notaryContract.getOwner().isAllowedForKeys(issuerPrivateKeys)); assertFalse(notaryContract.getIssuer().isAllowedForKeys(ownerPublicKeys)); assertFalse(notaryContract.getCreator().isAllowedForKeys(ownerPublicKeys));
@Override public boolean beforeUpdate(ImmutableEnvironment c) { boolean checkResult = false; // recalculate storing info without saving to state to get valid storing data calculatePrepaidKilobytesForDays(false); // check that payment was not hacked checkResult = prepaidKilobytesForDays == getStateData().getInt(PREPAID_KD_FIELD_NAME, 0); if(!checkResult) { addError(Errors.FAILED_CHECK, "Wrong [state.data." + PREPAID_KD_FIELD_NAME + "] value. " + "Should be sum of early paid U and paid U by current revision."); return checkResult; } if(getTrackingContract() != null) { // check for that last revision of tracking contract has same owner as creator of slot checkResult = getTrackingContract().getOwner().isAllowedForKeys(getEffectiveKeys()); if (!checkResult) { addError(Errors.FAILED_CHECK, "Slot-contract signing keys must has allowed keys for owner of tracking contract"); return checkResult; } } // and call common slot check checkResult = additionallySlotCheck(c); return checkResult; }
@Test public void createTestU() throws Exception { PrivateKey privateKey = TestKeys.privateKey(3); Set<PublicKey> keys = new HashSet(); keys.add(privateKey.getPublicKey()); Contract u = InnerContractsService.createFreshU(100, keys, true); u.check(); u.traceErrors(); assertEquals(true, u.getRole("owner").isAllowedForKeys(keys)); assertEquals(100, u.getStateData().getIntOrThrow("transaction_units")); assertEquals(10000, u.getStateData().getIntOrThrow("test_transaction_units")); PrivateKey manufacturePrivateKey = new PrivateKey(Do.read( "./src/test_contracts/keys/u_key.private.unikey")); Set<PublicKey> badKeys = new HashSet(); badKeys.add(manufacturePrivateKey.getPublicKey()); assertEquals(false, u.getRole("owner").isAllowedForKeys(badKeys)); }
/** * Create new root contract to be created. It may have parent, but does not have origin, as it is an origin itself. */ private void checkRootContract() throws Quantiser.QuantiserException { // root contract must be issued ny the issuer Role issuer = getRole("issuer"); if (issuer == null || !issuer.isValid()) { addError(BAD_VALUE, "definition.issuer", "missing issuer"); return; } // the bad case - no issuer - should be processed normally without exceptions: Role createdBy = getRole("creator"); if (createdBy == null || !createdBy.isValid()) { addError(BAD_VALUE, "state.created_by", "invalid creator"); return; } if (!issuer.isAllowedForKeys(getEffectiveKeys())) { addError(ISSUER_MUST_CREATE, "issuer.keys"); } if (state.revision != 1) addError(BAD_VALUE, "state.revision", "must be 1 in a root contract"); if (state.createdAt == null) state.createdAt = definition.createdAt; else if (!state.createdAt.equals(definition.createdAt)) addError(BAD_VALUE, "state.created_at", "invalid"); if (state.origin != null) addError(BAD_VALUE, "state.origin", "must be empty in a root contract"); checkRevokePermissions(revokingItems); }
assertTrue(c.getPermissions().getFirst("change_owner").getRole().isAllowedForKeys(new HashSet(Do.listOf(ownerKey1))));