Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keys #8

Merged
merged 40 commits into from
Mar 31, 2022
Merged

Keys #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
0972762
First cryptographic key files
AB3rtz Nov 25, 2021
3bccbd3
adapting the Key code to java 8 and fixing imports
AB3rtz Nov 26, 2021
4a26130
new crypto architecture
oak Nov 26, 2021
587cb06
missing write key to files methods
oak Nov 26, 2021
08ea408
keys for testing
oak Nov 26, 2021
e6d2e0c
starting Ed25519PublicKeyTests
oak Nov 26, 2021
d97c338
first implementaion of Secp256k1 Keys
AB3rtz Nov 26, 2021
9a83fd3
merge
AB3rtz Nov 26, 2021
69ef4d2
small corrections
AB3rtz Nov 26, 2021
bbadea9
removing sign method from publickey
AB3rtz Nov 26, 2021
6b7209f
basic key testing
oak Nov 29, 2021
e9f44de
more Ed25519 load/write tests
oak Nov 29, 2021
a708573
changed verify method signature
oak Nov 29, 2021
050d8f8
Secp256k1 read/write Pem file - not fully working yet
AB3rtz Nov 30, 2021
0412d43
Secp256k1 Private Key writing to pem file done
AB3rtz Nov 30, 2021
40ec0d6
moved verify method to publickey and changed signature
oak Nov 30, 2021
98d355c
Merge branch 'keys' of github.com:syntifi/casper-sdk into keys
oak Nov 30, 2021
ea6ca8a
fixing path on secp256k1 tests
oak Nov 30, 2021
16d129f
fixed leading slash on windows uri path
oak Nov 30, 2021
76a7746
harmonizing crypto methods signatures
oak Nov 30, 2021
4873b1c
using ASN1Identifiers
oak Nov 30, 2021
49e586f
deriving compressed public key
AB3rtz Dec 1, 2021
1577aee
adjustments and unicode testing
oak Dec 2, 2021
b623ae2
finally figured out the issue with the signature
AB3rtz Dec 7, 2021
7d19bf4
Merge branch 'keys' of github.com:syntifi/casper-sdk into keys
AB3rtz Dec 7, 2021
f54a5ff
converting to OctetString directly instead of first to ASN1Primitive …
AB3rtz Dec 7, 2021
cad2c83
adjustments for quarkus issues
oak Dec 8, 2021
5aa5cf4
setup external crypto keypair deps (still snapshot)
oak Feb 28, 2022
7e49242
Merge branch 'main' into keys
oak Feb 28, 2022
5c9a191
@Data -> @Getter/@Setter
AB3rtz Mar 2, 2022
9a2c1fc
CasperTransferDeployService
AB3rtz Mar 7, 2022
4e0e2a6
adding getOrder to the ExecutableDeployItem; creating new POJOs (Ttl …
AB3rtz Mar 7, 2022
f4a76a4
adding type to the serialization of CLValue; adding Test/Example to t…
AB3rtz Mar 7, 2022
175bea8
appending the CLValue type instead of pre-pending it
AB3rtz Mar 28, 2022
7b49164
Updating the encoder method, adding a flag to decide whether to inclu…
AB3rtz Mar 29, 2022
347e8a8
Updating the crypto library version and modifying the Status model to…
AB3rtz Mar 31, 2022
56e034b
Updating the crypto library version and modifying the Status model to…
AB3rtz Mar 31, 2022
8656974
Merge remote-tracking branch 'origin/keys' into keys
AB3rtz Mar 31, 2022
6958948
adapting to java 8 (writeBytes is only available starting at Java 11)
AB3rtz Mar 31, 2022
5e9f4a6
cleaning up code
oak Mar 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
301 changes: 154 additions & 147 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,147 +1,154 @@
# Casper Java SDK

This project implements the SDK to interact with a Casper Node. It wraps the Json-RPC requests and maps the results to Java objects.

## Dependencies
- Java 8
- Gradle

## Build instructions
```
./gradlew build
```

## Including the library

Using gradle:

```gradle
implementation 'com.syntifi.casper:casper-sdk:0.1.0'
```

Using maven:

``` xml
<dependency>
<groupId>com.syntifi.casper</groupId>
<artifactId>casper-sdk</artifactId>
<version>0.1.0</version>
</dependency>
```

## How to

### 1. [Set-up a connection](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/AbstractJsonRpcTests.java#L23-L39)

```Java
casperService = CasperService.usingPeer("127.0.0.1","7777");
```

### 2. Query a block
Retrieve block info by a block identifier

#### [Last block](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L119)
```Java
JsonBlockData result = casperService.getBlock();
```
#### [By height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L138-L139)
```Java
JsonBlockData result = casperService.getBlock(new HeightBlockIdentifier(1234));
```
#### [By hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L126-L127)
```Java
JsonBlockData blockData = casperService.getBlock(new HashBlockIdentifier("--hash--"));
```

### 3. Query transfers
Retrieve block transfers by a block identifier

#### [Last block](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L148)
```Java
TransferData transferData = casperService.getBlockTransfers();
```
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L155)
```Java
TransferData transferData = casperService.getBlockTransfers(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L170-L171)
```Java
TransferData transferData = casperService.getBlockTransfers(new HashBlockIdentifier("--hash--"));
```

### 3. Query state root hash
Retrieve the state root hash given the BlockIdentifier
#### [Last block](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L186)
```Java
StateRootHashData stateRootData = casperService.getStateRootHash();
```
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L193)
```Java
StateRootHashData stateRootData = casperService.getStateRootHash(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L201-L202)
```Java
StateRootHashData stateRootData = casperService.getStateRootHash(new HashBlockIdentifier("--hash--"));
```

### 4. [Query deploy](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L225-L226)
Get a Deploy from the network
```Java
DeployData deployData = casperService.getDeploy("--hash--");
```

### 5. [Query peers](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L111)
Get network peers data
```Java
PeerData peerData = casperService.getPeerData();
```

### 6. [Query stored value](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L212-L215)
Retrieve a stored value from the network
```Java
StoredValueData result = casperService.getStateItem("--stateRootHash--", "key", Arrays.asList("The path components starting from the key as base"));
```

### 7. [Get node status](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L242)
Return the current status of the node
```Java
StatusData status = casperService.getStatus()
```

### 8. Get account info
Returns an Account from the network
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L280-L282)
```Java
AccountData account = casperService.getStateAccountInfo("--publicKey--", new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L268-L270)
```Java
AccountData account = casperService.getStateAccountInfo("--publicKey--", new HashBlockIdentifier("--hash--"));
```

### 9. Get auction info
Returns the Auction info for a given block
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L302)
```Java
AuctionData auction = casperService.getStateAuctionInfo(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L292-L293)
```Java
AuctionData auction = casperServiceMainnet.getStateAuctionInfo(new HashBlockIdentifier("--hash--"));
```

### 10. Get era info
Returns an EraInfo from the network
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L311)
```Java
EraInfoData eraInfoData = casperService.getEraInfoBySwitchBlock(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L325-L326)
```Java
EraInfoData eraInfoData = casperService.getEraInfoBySwitchBlock(new HashBlockIdentifier("--hash--"));
```

### 11. Deploy
Sends a deploy to be received by the network

TODO
# Casper Java SDK

This project implements the SDK to interact with a Casper Node. It wraps the Json-RPC requests and maps the results to Java objects.

## Dependencies
- Java 8
- Gradle

## Build instructions
```
./gradlew build
```

## Including the library

Using gradle:

```gradle
implementation 'com.syntifi.casper:casper-sdk:0.1.0'
```

Using maven:

``` xml
<dependency>
<groupId>com.syntifi.casper</groupId>
<artifactId>casper-sdk</artifactId>
<version>0.1.0</version>
</dependency>
```

## How to

### 1. [Set-up a connection](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/AbstractJsonRpcTests.java#L23-L39)

```Java
casperService = CasperService.usingPeer("127.0.0.1","7777");
```

### 2. Query a block
Retrieve block info by a block identifier

#### [Last block](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L119)
```Java
JsonBlockData result = casperService.getBlock();
```
#### [By height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L138-L139)
```Java
JsonBlockData result = casperService.getBlock(new HeightBlockIdentifier(1234));
```
#### [By hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L126-L127)
```Java
JsonBlockData blockData = casperService.getBlock(new HashBlockIdentifier("--hash--"));
```

### 3. Query transfers
Retrieve block transfers by a block identifier

#### [Last block](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L148)
```Java
TransferData transferData = casperService.getBlockTransfers();
```
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L155)
```Java
TransferData transferData = casperService.getBlockTransfers(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L170-L171)
```Java
TransferData transferData = casperService.getBlockTransfers(new HashBlockIdentifier("--hash--"));
```

### 3. Query state root hash
Retrieve the state root hash given the BlockIdentifier
#### [Last block](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L186)
```Java
StateRootHashData stateRootData = casperService.getStateRootHash();
```
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L193)
```Java
StateRootHashData stateRootData = casperService.getStateRootHash(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L201-L202)
```Java
StateRootHashData stateRootData = casperService.getStateRootHash(new HashBlockIdentifier("--hash--"));
```

### 4. [Query deploy](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L225-L226)
Get a Deploy from the network
```Java
DeployData deployData = casperService.getDeploy("--hash--");
```

### 5. [Query peers](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L111)
Get network peers data
```Java
PeerData peerData = casperService.getPeerData();
```

### 6. [Query stored value](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L212-L215)
Retrieve a stored value from the network
```Java
StoredValueData result = casperService.getStateItem("--stateRootHash--", "key", Arrays.asList("The path components starting from the key as base"));
```

### 7. [Get node status](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L242)
Return the current status of the node
```Java
StatusData status = casperService.getStatus()
```

### 8. Get account info
Returns an Account from the network
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L280-L282)
```Java
AccountData account = casperService.getStateAccountInfo("--publicKey--", new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L268-L270)
```Java
AccountData account = casperService.getStateAccountInfo("--publicKey--", new HashBlockIdentifier("--hash--"));
```

### 9. Get auction info
Returns the Auction info for a given block
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L302)
```Java
AuctionData auction = casperService.getStateAuctionInfo(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L292-L293)
```Java
AuctionData auction = casperServiceMainnet.getStateAuctionInfo(new HashBlockIdentifier("--hash--"));
```

### 10. Get era info
Returns an EraInfo from the network
#### [By block height](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L311)
```Java
EraInfoData eraInfoData = casperService.getEraInfoBySwitchBlock(new HeightBlockIdentifier(1234));
```
#### [By block hash](https://github.com/syntifi/casper-sdk/blob/main/src/test/java/com/syntifi/casper/sdk/service/CasperServiceTests.java#L325-L326)
```Java
EraInfoData eraInfoData = casperService.getEraInfoBySwitchBlock(new HashBlockIdentifier("--hash--"));
```

### 11. Deploy
#### [Transfering CSPR ](https://github.com/syntifi/casper-sdk/blob/347e8a8a3538f18a064dc4e224b3d1816b6e8f90/src/test/java/com/syntifi/casper/sdk/service/CasperDeployServiceTests.java#L73-L77)

```Java
Deploy deploy = CasperDeployService.buildTransferDeploy(from, to,
BigInteger.valueOf(2500000000L), "casper-test",
id, BigInteger.valueOf(100000000L), 1L, ttl, new Date(),
new ArrayList<>());

DeployResult deployResult = casperServiceTestnet.putDeploy(deploy);
```
13 changes: 8 additions & 5 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,17 +14,20 @@ version = '0.2.0-SNAPSHOT'
sourceCompatibility = '8'

repositories {
mavenCentral()
mavenCentral()
maven { url 'https://s01.oss.sonatype.org/content/repositories/snapshots' }
}

dependencies {
implementation "com.github.briandilley.jsonrpc4j:jsonrpc4j:${jsonrpc4jVersion}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Severe OSS Vulnerability:

pkg:maven/com.github.briandilley.jsonrpc4j/jsonrpc4j@1.6

0 Critical, 1 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/commons-codec/commons-codec@1.10
      SEVERE Vulnerabilities (1)

        [sonatype-2012-0050] CWE-20: Improper Input Validation

        commons-codec - Base32 would decode some invalid Base32 encoded string into arbitrary value

        The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

        CVSS Score: 5.3

        CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

        CWE: CWE-20

(at-me in a reply with help or ignore)


implementation "com.syntifi.crypto:crypto-key-common:${cryptokeyVersion}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moderate OSS Vulnerability:

pkg:maven/com.syntifi.crypto/crypto-key-common@0.2.0

0 Critical, 0 Severe, 1 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/org.bouncycastle/bcprov-jdk15on@1.69
      MODERATE Vulnerabilities (1)

        [sonatype-2019-0673] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

        BouncyCastle - Denial of Service (DoS)

        The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended.

        CVSS Score: 3.7

        CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

        CWE: CWE-400

(at-me in a reply with help or ignore)

implementation "com.syntifi.crypto:crypto-key-ed25519:${cryptokeyVersion}"
implementation "com.syntifi.crypto:crypto-key-secp256k1:${cryptokeyVersion}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical OSS Vulnerability:

pkg:maven/com.syntifi.crypto/crypto-key-secp256k1@0.2.0

5 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 5 dependencies

Components
    pkg:maven/com.squareup.okhttp3/okhttp@4.3.1
      CRITICAL Vulnerabilities (1)

        [CVE-2021-0341] CWE-295: Improper Certificate Validation

        In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069

        CVSS Score: 7.5

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

        CWE: CWE-295

    pkg:maven/org.web3j/rlp@5.0.0
      CRITICAL Vulnerabilities (1)

        [sonatype-2020-0823] CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

        rlp - Buffer Overflow

        The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

        CVSS Score: 8.4

        CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

        CWE: CWE-119

    pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1
      CRITICAL Vulnerabilities (1)

        [CVE-2020-36518] CWE-787: Out-of-bounds Write

        jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

        CVSS Score: 7.5

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

        CWE: CWE-787

    pkg:maven/org.java-websocket/Java-WebSocket@1.3.8
      CRITICAL Vulnerabilities (1)

        [CVE-2020-11050] CWE-295: Improper Certificate Validation

        In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

        CVSS Score: 8.1

        CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

        CWE: CWE-295

    pkg:maven/com.github.jnr/jnr-posix@3.0.47
      CRITICAL Vulnerabilities (1)

        [sonatype-2021-1118] CWE-416: Use After Free

        jnr-posix - Use After Free

        Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

        CVSS Score: 7.3

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

        CWE: CWE-416

(at-me in a reply with help or ignore)

implementation "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
implementation "com.fasterxml.jackson.core:jackson-databind:${jacksonVersion}"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Critical OSS Vulnerability:

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1

1 Critical, 0 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 1 dependencies

Components
    pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1
      CRITICAL Vulnerabilities (1)

        [CVE-2020-36518] CWE-787: Out-of-bounds Write

        jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

        CVSS Score: 7.5

        CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

        CWE: CWE-787

(at-me in a reply with help or ignore)

implementation "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"

implementation "org.javatuples:javatuples:${javaTuplesVersion}"
implementation "joda-time:joda-time:${jodaTimeVersion}"

// log4j and slf4j
compileOnly "org.slf4j:slf4j-api:${slf4jApiVersion}"
Expand Down Expand Up @@ -59,7 +62,7 @@ test {
events TestLogEvent.FAILED,
TestLogEvent.PASSED,
TestLogEvent.SKIPPED
//TestLogEvent.STANDARD_OUT
//TestLogEvent.STANDARD_OUT
exceptionFormat TestExceptionFormat.FULL
showExceptions true
showCauses true
Expand Down Expand Up @@ -120,7 +123,7 @@ publishing {
}
}
}

publications {
mavenJava(MavenPublication) {
artifactId = 'casper-sdk'
Expand Down
18 changes: 10 additions & 8 deletions gradle.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
lombokPluginVersion=6.2.0
jupiterVersion=5.7.1
jsonrpc4jVersion=1.6
jacksonVersion=2.12.4
log4jVersion=2.13.3
slf4jApiVersion=1.7.30
javaTuplesVersion=1.2
jsonassertVersion=1.5.0
cryptokeyVersion=0.2.0
lombokPluginVersion=6.2.0
jupiterVersion=5.8.2
jsonrpc4jVersion=1.6
jacksonVersion=2.13.1
log4jVersion=2.17.0
slf4jApiVersion=1.7.36
javaTuplesVersion=1.2
jsonassertVersion=1.5.0
jodaTimeVersion=2.10.13
1 change: 0 additions & 1 deletion lombok.config
View file
Open in desktop

This file was deleted.

4 changes: 0 additions & 4 deletions src/main/java/com/syntifi/casper/sdk/exception/BufferEndCLValueDecodeException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,4 @@ public class BufferEndCLValueDecodeException extends CLValueDecodeException {
public BufferEndCLValueDecodeException(String message) {
super(message);
}

public BufferEndCLValueDecodeException(String message, Throwable cause) {
super(message, cause);
}
}
10 changes: 7 additions & 3 deletions src/main/java/com/syntifi/casper/sdk/exception/CasperClientErrorData.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,19 @@
package com.syntifi.casper.sdk.exception;

import lombok.Data;
import lombok.Builder;
import lombok.Getter;
import lombok.Setter;

/**
* Json RPC service error data
*
*
* @author Alexandre Carvalho
* @author Andre Bertolace
* @since 0.0.1
*/
@Data
@Getter
@Setter
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SameNameButDifferent: The name @Setter refers to [java.lang.SuppressWarnings, java.lang.String, java.lang.Object] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)

(at-me in a reply with help or ignore)

@Builder
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MissingSummary: A summary fragment is required; consider using the value of the @return block as a summary fragment instead. (details)

Suggested change
@Builder
Returns {@code this}.

(at-me in a reply with help or ignore)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SameNameButDifferent: The name @Builder refers to [java.lang.SuppressWarnings, java.lang.String, java.lang.Object, com.syntifi.casper.sdk.exception.CasperClientErrorData.CasperClientErrorDataBuilder, com.syntifi.casper.sdk.exception.CasperClientErrorData, java.lang.Override] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)

Suggested change
@Builder
CasperClientErrorData.@Builder

(at-me in a reply with help or ignore)

public class CasperClientErrorData {
private int code;
private String message;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SameNameButDifferent: The name message; refers to [java.lang.SuppressWarnings, java.lang.String] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity. (details)

(at-me in a reply with help or ignore)

Expand Down
Loading