-
Notifications
You must be signed in to change notification settings - Fork 240
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Problem: e2ee module is not backported
Problem: no end-to-end encryption module (#1407) * Problem: no end-to-end encryption module add keeper add grpc query signer option getter/setter genesis init/export fix lint * fix proto lint * fix test * register codec * changelog * fix build * Update x/e2ee/types/keys.go Co-authored-by: mmsqe <[email protected]> Signed-off-by: yihuang <[email protected]> * Update x/e2ee/types/codec.go Co-authored-by: mmsqe <[email protected]> Signed-off-by: yihuang <[email protected]> --------- Signed-off-by: yihuang <[email protected]> Co-authored-by: mmsqe <[email protected]> Problem: encryption-key cmd is not supported (#1409) * Problem: encryption-key cmd is not supported * gen doc * add validate Problem: no keyring interface for e2ee to store arbitrary payload (#1413) changelo add age encrypt/decrypt in unit test Update x/e2ee/keyring/keyring.go Signed-off-by: yihuang <[email protected]> fix lint fix build Problem: no encrypt and decrypt cmds for message (#1411) * Problem: no encrypt and decrypt cmds for message * fix doc * add gen * test * cleanup * move command to e2ee module move encrypt cmd to e2ee module move decrypt cmd to e2ee update integration test store key as string, to make autocli better fix integration test Update x/e2ee/client/cli/encrypt.go Signed-off-by: yihuang <[email protected]> fix lint --------- Signed-off-by: yihuang <[email protected]> Co-authored-by: yihuang <[email protected]> Co-authored-by: yihuang <[email protected]> Problem: no efficient batch query for encryption keys (#1415) Update CHANGELOG.md Signed-off-by: yihuang <[email protected]> update swagger typo fix build proposal handler update version check exist Problem: proto-gen fails in CI (#1392) * Problem: proto-gen fails in CI * Apply suggestions from code review add cronos msg add store-block-list cmd refresh block list add handler update deps add handler lint fix cmd test store list set with ante move to util fix ibc Revert "set with ante" This reverts commit c2700f5. reject on err fix prepare proposal fix proto lint
- Loading branch information
Showing
57 changed files
with
5,053 additions
and
127 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
package app | ||
|
||
import ( | ||
"bytes" | ||
"encoding/json" | ||
"fmt" | ||
"io" | ||
|
||
"filippo.io/age" | ||
|
||
abci "github.com/cometbft/cometbft/abci/types" | ||
sdk "github.com/cosmos/cosmos-sdk/types" | ||
"github.com/cosmos/cosmos-sdk/x/auth/signing" | ||
) | ||
|
||
type BlockList struct { | ||
Addresses []string `mapstructure:"addresses"` | ||
} | ||
|
||
type ProposalHandler struct { | ||
TxDecoder sdk.TxDecoder | ||
Identity age.Identity | ||
Blocklist map[string]struct{} | ||
LastBlockList []byte | ||
} | ||
|
||
func NewProposalHandler(txDecoder sdk.TxDecoder, identity age.Identity) *ProposalHandler { | ||
return &ProposalHandler{ | ||
TxDecoder: txDecoder, | ||
Identity: identity, | ||
Blocklist: make(map[string]struct{}), | ||
} | ||
} | ||
|
||
func (h *ProposalHandler) SetBlockList(blob []byte) error { | ||
if h.Identity == nil { | ||
return nil | ||
} | ||
|
||
if bytes.Equal(h.LastBlockList, blob) { | ||
return nil | ||
} | ||
h.LastBlockList = blob | ||
|
||
reader, err := age.Decrypt(bytes.NewBuffer(blob), h.Identity) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
data, err := io.ReadAll(reader) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
var blocklist BlockList | ||
if err := json.Unmarshal(data, &blocklist); err != nil { | ||
return err | ||
} | ||
|
||
// convert to map | ||
m := make(map[string]struct{}, len(blocklist.Addresses)) | ||
for _, s := range blocklist.Addresses { | ||
addr, err := sdk.AccAddressFromBech32(s) | ||
if err != nil { | ||
return fmt.Errorf("invalid bech32 address: %s, err: %w", s, err) | ||
} | ||
m[addr.String()] = struct{}{} | ||
} | ||
|
||
h.Blocklist = m | ||
return nil | ||
} | ||
|
||
func (h *ProposalHandler) ValidateTransaction(txBz []byte) error { | ||
tx, err := h.TxDecoder(txBz) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
sigTx, ok := tx.(signing.SigVerifiableTx) | ||
if !ok { | ||
return fmt.Errorf("tx of type %T does not implement SigVerifiableTx", tx) | ||
} | ||
|
||
for _, signer := range sigTx.GetSigners() { | ||
if _, ok := h.Blocklist[signer.String()]; ok { | ||
return fmt.Errorf("signer is blocked: %s", signer.String()) | ||
} | ||
} | ||
return nil | ||
} | ||
|
||
func (h *ProposalHandler) PrepareProposalHandler() sdk.PrepareProposalHandler { | ||
return func(ctx sdk.Context, req abci.RequestPrepareProposal) abci.ResponsePrepareProposal { | ||
txs := make([][]byte, 0, len(req.Txs)) | ||
for _, txBz := range req.Txs { | ||
if err := h.ValidateTransaction(txBz); err != nil { | ||
continue | ||
} | ||
txs = append(txs, txBz) | ||
} | ||
|
||
return abci.ResponsePrepareProposal{Txs: txs} | ||
} | ||
} | ||
|
||
func (h *ProposalHandler) ProcessProposalHandler() sdk.ProcessProposalHandler { | ||
return func(ctx sdk.Context, req abci.RequestProcessProposal) abci.ResponseProcessProposal { | ||
for _, txBz := range req.Txs { | ||
if err := h.ValidateTransaction(txBz); err != nil { | ||
return abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_REJECT} | ||
} | ||
} | ||
|
||
return abci.ResponseProcessProposal{Status: abci.ResponseProcessProposal_ACCEPT} | ||
} | ||
} |
Oops, something went wrong.