chore: 13519 cherry pick wave file append sign (#13555)

Signed-off-by: Lev Povolotsky <[email protected]>
hashgraph · May 28, 2024 · 583a74c · 583a74c
1 parent 35f0b8c
commit 583a74c
Show file tree

Hide file tree

Showing 5 changed files with 129 additions and 6 deletions.
diff --git a/...-impl/src/main/java/com/hedera/node/app/service/file/impl/handlers/FileAppendHandler.java b/...-impl/src/main/java/com/hedera/node/app/service/file/impl/handlers/FileAppendHandler.java
@@ -33,6 +33,7 @@
 import com.hedera.hapi.node.file.FileAppendTransactionBody;
 import com.hedera.hapi.node.state.file.File;
 import com.hedera.hapi.node.transaction.TransactionBody;
+import com.hedera.node.app.service.file.FileSignatureWaivers;
 import com.hedera.node.app.service.file.ReadableFileStore;
 import com.hedera.node.app.service.file.impl.WritableFileStore;
 import com.hedera.node.app.service.file.impl.WritableUpgradeFileStore;
@@ -60,10 +61,15 @@
 @Singleton
 public class FileAppendHandler implements TransactionHandler {
     private static final Logger logger = LogManager.getLogger(FileAppendHandler.class);
+    private final FileSignatureWaivers fileSignatureWaivers;
 
+    /**
+     * Default constructor for injection.
+     * @param fileSignatureWaivers the file signature waivers
+     */
     @Inject
-    public FileAppendHandler() {
-        // Exists for injection
+    public FileAppendHandler(final FileSignatureWaivers fileSignatureWaivers) {
+        this.fileSignatureWaivers = fileSignatureWaivers;
     }
 
     /**
@@ -90,11 +96,15 @@ public void pureChecks(@NonNull final TransactionBody txn) throws PreCheckExcept
     @Override
     public void preHandle(@NonNull final PreHandleContext context) throws PreCheckException {
         requireNonNull(context);
-
-        final var transactionBody = context.body().fileAppendOrThrow();
+        final var body = context.body();
+        final var op = body.fileAppendOrThrow();
         final var fileStore = context.createStore(ReadableFileStore.class);
-        final var transactionFileId = transactionBody.fileIDOrThrow();
+        final var transactionFileId = requireNonNull(op.fileID());
         preValidate(transactionFileId, fileStore, context);
+        final var areSignaturesWaived = fileSignatureWaivers.areFileAppendSignaturesWaived(body, context.payer());
+        if (areSignaturesWaived) {
+            return;
+        }
 
         var file = fileStore.getFileLeaf(transactionFileId);
         validateAndAddRequiredKeys(file, null, context);

diff --git a/...rc/main/java/com/hedera/node/app/service/file/impl/handlers/FileSignatureWaiversImpl.java b/...rc/main/java/com/hedera/node/app/service/file/impl/handlers/FileSignatureWaiversImpl.java
@@ -45,4 +45,10 @@ public boolean areFileUpdateSignaturesWaived(final TransactionBody fileUpdateTxn
         return authorizer.hasPrivilegedAuthorization(payer, HederaFunctionality.FILE_UPDATE, fileUpdateTxn)
                 == SystemPrivilege.AUTHORIZED;
     }
+
+    @Override
+    public boolean areFileAppendSignaturesWaived(final TransactionBody fileAppendTxn, final AccountID payer) {
+        return authorizer.hasPrivilegedAuthorization(payer, HederaFunctionality.FILE_APPEND, fileAppendTxn)
+                == SystemPrivilege.AUTHORIZED;
+    }
 }
diff --git a/...mpl/src/test/java/com/hedera/node/app/service/file/impl/test/handlers/FileAppendTest.java b/...mpl/src/test/java/com/hedera/node/app/service/file/impl/test/handlers/FileAppendTest.java
@@ -44,6 +44,7 @@
 import com.hedera.node.app.service.file.impl.WritableFileStore;
 import com.hedera.node.app.service.file.impl.WritableUpgradeFileStore;
 import com.hedera.node.app.service.file.impl.handlers.FileAppendHandler;
+import com.hedera.node.app.service.file.impl.handlers.FileSignatureWaiversImpl;
 import com.hedera.node.app.service.file.impl.test.FileTestBase;
 import com.hedera.node.app.service.token.ReadableAccountStore;
 import com.hedera.node.app.spi.fees.FeeAccumulator;
@@ -94,13 +95,16 @@ class FileAppendTest extends FileTestBase {
     @Mock(strictness = Mock.Strictness.LENIENT)
     private FeeAccumulator feeAccumulator;
 
+    @Mock(strictness = Mock.Strictness.LENIENT)
+    private FileSignatureWaiversImpl waivers;
+
     protected Configuration testConfig;
 
     private FileAppendHandler subject;
 
     @BeforeEach
     void setUp() {
-        subject = new FileAppendHandler();
+        subject = new FileAppendHandler(waivers);
         testConfig = HederaTestConfigBuilder.createConfig();
         when(preHandleContext.configuration()).thenReturn(testConfig);
         when(handleContext.configuration()).thenReturn(testConfig);

diff --git a/...ava/com/hedera/node/app/service/file/impl/test/handlers/FileSignatureWaiversImplTest.java b/...ava/com/hedera/node/app/service/file/impl/test/handlers/FileSignatureWaiversImplTest.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2024 Hedera Hashgraph, LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.hedera.node.app.service.file.impl.test.handlers;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
+import com.hedera.hapi.node.base.AccountID;
+import com.hedera.hapi.node.base.HederaFunctionality;
+import com.hedera.hapi.node.transaction.TransactionBody;
+import com.hedera.node.app.service.file.impl.handlers.FileSignatureWaiversImpl;
+import com.hedera.node.app.spi.authorization.Authorizer;
+import com.hedera.node.app.spi.authorization.SystemPrivilege;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+@ExtendWith(MockitoExtension.class)
+public class FileSignatureWaiversImplTest {
+
+    @Mock
+    private Authorizer authorizer;
+
+    @Mock
+    private TransactionBody fileUpdateTxn;
+
+    @Mock
+    private AccountID payer;
+
+    private FileSignatureWaiversImpl fileSignatureWaivers;
+
+    @BeforeEach
+    public void setup() {
+        MockitoAnnotations.openMocks(this);
+        fileSignatureWaivers = new FileSignatureWaiversImpl(authorizer);
+    }
+
+    @Test
+    @DisplayName("Signatures are waived when payer has privileged authorization for file update")
+    public void signaturesAreWaivedWhenPayerHasPrivilegedAuthorizationForFileUpdate() {
+        when(authorizer.hasPrivilegedAuthorization(payer, HederaFunctionality.FILE_UPDATE, fileUpdateTxn))
+                .thenReturn(SystemPrivilege.AUTHORIZED);
+
+        assertThat(fileSignatureWaivers.areFileUpdateSignaturesWaived(fileUpdateTxn, payer))
+                .isTrue();
+    }
+
+    @Test
+    @DisplayName("Signatures are not waived when payer does not have privileged authorization for file update")
+    public void signaturesAreNotWaivedWhenPayerDoesNotHavePrivilegedAuthorizationForFileUpdate() {
+        when(authorizer.hasPrivilegedAuthorization(payer, HederaFunctionality.FILE_UPDATE, fileUpdateTxn))
+                .thenReturn(SystemPrivilege.UNAUTHORIZED);
+
+        assertThat(fileSignatureWaivers.areFileUpdateSignaturesWaived(fileUpdateTxn, payer))
+                .isFalse();
+    }
+
+    @Test
+    @DisplayName("Signatures are waived when payer has privileged authorization")
+    public void signaturesAreWaivedWhenPayerHasPrivilegedAuthorizationForFileAppend() {
+        when(authorizer.hasPrivilegedAuthorization(payer, HederaFunctionality.FILE_APPEND, fileUpdateTxn))
+                .thenReturn(SystemPrivilege.AUTHORIZED);
+
+        assertThat(fileSignatureWaivers.areFileAppendSignaturesWaived(fileUpdateTxn, payer))
+                .isTrue();
+    }
+
+    @Test
+    @DisplayName("Signatures are not waived when payer does not have privileged authorization")
+    public void signaturesAreNotWaivedWhenPayerDoesNotHavePrivilegedAuthorizationForFileAppend() {
+        when(authorizer.hasPrivilegedAuthorization(payer, HederaFunctionality.FILE_APPEND, fileUpdateTxn))
+                .thenReturn(SystemPrivilege.UNAUTHORIZED);
+
+        assertThat(fileSignatureWaivers.areFileAppendSignaturesWaived(fileUpdateTxn, payer))
+                .isFalse();
+    }
+}
diff --git a/...era-file-service/src/main/java/com/hedera/node/app/service/file/FileSignatureWaivers.java b/...era-file-service/src/main/java/com/hedera/node/app/service/file/FileSignatureWaivers.java
@@ -29,4 +29,12 @@ public interface FileSignatureWaivers extends SigWaivers {
      * @return whether the target account's key must sign
      */
     boolean areFileUpdateSignaturesWaived(TransactionBody fileUpdateTxn, AccountID payer);
+
+    /**
+     * Advises if the target file's key must sign a given file append.
+     *
+     * @param fileAppendTxn a file append transaction
+     * @return whether the target account's key must sign
+     */
+    boolean areFileAppendSignaturesWaived(TransactionBody fileAppendTxn, AccountID payer);
 }