Skip to content

Commit

Permalink
feat(api): remove insecure API
Browse files Browse the repository at this point in the history
  • Loading branch information
halibobo1205 committed Mar 30, 2023
1 parent e88bf90 commit ed241b9
Show file tree
Hide file tree
Showing 23 changed files with 46 additions and 1,415 deletions.
16 changes: 0 additions & 16 deletions actuator/src/main/java/org/tron/core/utils/TransactionUtil.java
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@
import org.tron.protos.Protocol.Transaction;
import org.tron.protos.Protocol.Transaction.Contract;
import org.tron.protos.Protocol.Transaction.Result.contractResult;
import org.tron.protos.Protocol.TransactionSign;
import org.tron.protos.contract.SmartContractOuterClass.CreateSmartContract;
import org.tron.protos.contract.SmartContractOuterClass.TriggerSmartContract;
import org.tron.protos.Protocol.Transaction.Contract.ContractType;
Expand Down Expand Up @@ -184,21 +183,6 @@ public static String makeUpperCamelMethod(String originName) {
.replace("_", "");
}

public static TransactionCapsule getTransactionSign(TransactionSign transactionSign) {
byte[] privateKey = transactionSign.getPrivateKey().toByteArray();
TransactionCapsule trx = new TransactionCapsule(transactionSign.getTransaction());
trx.sign(privateKey);
return trx;
}

public TransactionCapsule addSign(TransactionSign transactionSign)
throws PermissionException, SignatureException, SignatureFormatException {
byte[] privateKey = transactionSign.getPrivateKey().toByteArray();
TransactionCapsule trx = new TransactionCapsule(transactionSign.getTransaction());
trx.addSign(privateKey, chainBaseManager.getAccountStore());
return trx;
}

public TransactionSignWeight getTransactionSignWeight(Transaction trx) {
TransactionSignWeight.Builder tswBuilder = TransactionSignWeight.newBuilder();
TransactionExtention.Builder trxExBuilder = TransactionExtention.newBuilder();
Expand Down
12 changes: 0 additions & 12 deletions framework/src/main/java/org/tron/core/Wallet.java
Original file line number Diff line number Diff line change
Expand Up @@ -648,18 +648,6 @@ public TransactionApprovedList getTransactionApprovedList(Transaction trx) {
return tswBuilder.build();
}

public byte[] pass2Key(byte[] passPhrase) {
return Sha256Hash.hash(CommonParameter
.getInstance().isECKeyCryptoEngine(), passPhrase);
}

public byte[] createAddress(byte[] passPhrase) {
byte[] privateKey = pass2Key(passPhrase);
SignInterface ecKey = SignUtils.fromPrivate(privateKey,
Args.getInstance().isECKeyCryptoEngine());
return ecKey.getAddress();
}

public Block getNowBlock() {
List<BlockCapsule> blockList = chainBaseManager.getBlockStore().getBlockByLatestNum(1);
if (CollectionUtils.isEmpty(blockList)) {
Expand Down
205 changes: 0 additions & 205 deletions framework/src/main/java/org/tron/core/services/RpcApiService.java
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,12 @@
import java.util.concurrent.TimeUnit;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Hex;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.tron.api.DatabaseGrpc.DatabaseImplBase;
import org.tron.api.GrpcAPI;
import org.tron.api.GrpcAPI.AccountNetMessage;
import org.tron.api.GrpcAPI.AccountResourceMessage;
import org.tron.api.GrpcAPI.Address;
import org.tron.api.GrpcAPI.AddressPrKeyPairMessage;
import org.tron.api.GrpcAPI.AssetIssueList;
import org.tron.api.GrpcAPI.BlockExtention;
import org.tron.api.GrpcAPI.BlockLimit;
Expand All @@ -39,11 +36,6 @@
import org.tron.api.GrpcAPI.DelegatedResourceList;
import org.tron.api.GrpcAPI.DelegatedResourceMessage;
import org.tron.api.GrpcAPI.DiversifierMessage;
import org.tron.api.GrpcAPI.EasyTransferAssetByPrivateMessage;
import org.tron.api.GrpcAPI.EasyTransferAssetMessage;
import org.tron.api.GrpcAPI.EasyTransferByPrivateMessage;
import org.tron.api.GrpcAPI.EasyTransferMessage;
import org.tron.api.GrpcAPI.EasyTransferResponse;
import org.tron.api.GrpcAPI.EmptyMessage;
import org.tron.api.GrpcAPI.EstimateEnergyMessage;
import org.tron.api.GrpcAPI.ExchangeList;
Expand All @@ -52,7 +44,6 @@
import org.tron.api.GrpcAPI.IncomingViewingKeyMessage;
import org.tron.api.GrpcAPI.IvkDecryptTRC20Parameters;
import org.tron.api.GrpcAPI.NfTRC20Parameters;
import org.tron.api.GrpcAPI.Node;
import org.tron.api.GrpcAPI.NodeList;
import org.tron.api.GrpcAPI.NoteParameters;
import org.tron.api.GrpcAPI.NumberMessage;
Expand Down Expand Up @@ -85,13 +76,10 @@
import org.tron.api.WalletGrpc.WalletImplBase;
import org.tron.api.WalletSolidityGrpc.WalletSolidityImplBase;
import org.tron.common.application.Service;
import org.tron.common.crypto.SignInterface;
import org.tron.common.crypto.SignUtils;
import org.tron.common.parameter.CommonParameter;
import org.tron.common.utils.ByteArray;
import org.tron.common.utils.Sha256Hash;
import org.tron.common.utils.StringUtil;
import org.tron.common.utils.Utils;
import org.tron.core.ChainBaseManager;
import org.tron.core.Wallet;
import org.tron.core.capsule.AccountCapsule;
Expand All @@ -108,7 +96,6 @@
import org.tron.core.exception.VMIllegalException;
import org.tron.core.exception.ZksnarkException;
import org.tron.core.metrics.MetricsApiService;
import org.tron.core.net.TronNetService;
import org.tron.core.services.filter.LiteFnQueryGrpcInterceptor;
import org.tron.core.services.ratelimiter.RateLimiterInterceptor;
import org.tron.core.services.ratelimiter.RpcApiAccessInterceptor;
Expand All @@ -130,7 +117,6 @@
import org.tron.protos.Protocol.Transaction;
import org.tron.protos.Protocol.Transaction.Contract.ContractType;
import org.tron.protos.Protocol.TransactionInfo;
import org.tron.protos.Protocol.TransactionSign;
import org.tron.protos.contract.AccountContract.AccountCreateContract;
import org.tron.protos.contract.AccountContract.AccountPermissionUpdateContract;
import org.tron.protos.contract.AccountContract.AccountUpdateContract;
Expand Down Expand Up @@ -726,12 +712,6 @@ public void getTransactionInfoById(BytesMessage request,
responseObserver.onCompleted();
}

@Override
public void generateAddress(EmptyMessage request,
StreamObserver<GrpcAPI.AddressPrKeyPairMessage> responseObserver) {
generateAddressCommon(request, responseObserver);
}

@Override
public void getRewardInfo(BytesMessage request,
StreamObserver<NumberMessage> responseObserver) {
Expand Down Expand Up @@ -1145,55 +1125,6 @@ private void createTransactionExtention(Message request, ContractType contractTy
responseObserver.onCompleted();
}


@Override
public void getTransactionSign(TransactionSign req,
StreamObserver<Transaction> responseObserver) {
TransactionCapsule result = TransactionUtil.getTransactionSign(req);
responseObserver.onNext(result.getInstance());
responseObserver.onCompleted();
}

@Override
public void getTransactionSign2(TransactionSign req,
StreamObserver<TransactionExtention> responseObserver) {
TransactionExtention.Builder trxExtBuilder = TransactionExtention.newBuilder();
Return.Builder retBuilder = Return.newBuilder();
try {
TransactionCapsule trx = TransactionUtil.getTransactionSign(req);
trxExtBuilder.setTransaction(trx.getInstance());
trxExtBuilder.setTxid(trx.getTransactionId().getByteString());
retBuilder.setResult(true).setCode(response_code.SUCCESS);
} catch (Exception e) {
retBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
logger.info(EXCEPTION_CAUGHT + e.getMessage());
}
trxExtBuilder.setResult(retBuilder);
responseObserver.onNext(trxExtBuilder.build());
responseObserver.onCompleted();
}

@Override
public void addSign(TransactionSign req,
StreamObserver<TransactionExtention> responseObserver) {
TransactionExtention.Builder trxExtBuilder = TransactionExtention.newBuilder();
Return.Builder retBuilder = Return.newBuilder();
try {
TransactionCapsule trx = transactionUtil.addSign(req);
trxExtBuilder.setTransaction(trx.getInstance());
trxExtBuilder.setTxid(trx.getTransactionId().getByteString());
retBuilder.setResult(true).setCode(response_code.SUCCESS);
} catch (Exception e) {
retBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
logger.info(EXCEPTION_CAUGHT + e.getMessage());
}
trxExtBuilder.setResult(retBuilder);
responseObserver.onNext(trxExtBuilder.build());
responseObserver.onCompleted();
}

@Override
public void getTransactionSignWeight(Transaction req,
StreamObserver<TransactionSignWeight> responseObserver) {
Expand All @@ -1210,121 +1141,6 @@ public void getTransactionApprovedList(Transaction req,
responseObserver.onCompleted();
}

@Override
public void createAddress(BytesMessage req,
StreamObserver<BytesMessage> responseObserver) {
byte[] address = wallet.createAddress(req.getValue().toByteArray());
BytesMessage.Builder builder = BytesMessage.newBuilder();
builder.setValue(ByteString.copyFrom(address));
responseObserver.onNext(builder.build());
responseObserver.onCompleted();
}

private EasyTransferResponse easyTransfer(byte[] privateKey, ByteString toAddress,
long amount) {
TransactionCapsule transactionCapsule;
GrpcAPI.Return.Builder returnBuilder = GrpcAPI.Return.newBuilder();
EasyTransferResponse.Builder responseBuild = EasyTransferResponse.newBuilder();
try {
SignInterface cryptoEngine = SignUtils.fromPrivate(privateKey, Args.getInstance()
.isECKeyCryptoEngine());
byte[] owner = cryptoEngine.getAddress();
TransferContract.Builder builder = TransferContract.newBuilder();
builder.setOwnerAddress(ByteString.copyFrom(owner));
builder.setToAddress(toAddress);
builder.setAmount(amount);
transactionCapsule = createTransactionCapsule(builder.build(),
ContractType.TransferContract);
transactionCapsule.sign(privateKey);
GrpcAPI.Return result = wallet.broadcastTransaction(transactionCapsule.getInstance());
responseBuild.setTransaction(transactionCapsule.getInstance());
responseBuild.setTxid(transactionCapsule.getTransactionId().getByteString());
responseBuild.setResult(result);
} catch (ContractValidateException e) {
returnBuilder.setResult(false).setCode(response_code.CONTRACT_VALIDATE_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getMessage()));
responseBuild.setResult(returnBuilder.build());
} catch (Exception e) {
returnBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
responseBuild.setResult(returnBuilder.build());
}

return responseBuild.build();
}

@Override
public void easyTransfer(EasyTransferMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = wallet.pass2Key(req.getPassPhrase().toByteArray());
EasyTransferResponse response = easyTransfer(privateKey, req.getToAddress(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

@Override
public void easyTransferAsset(EasyTransferAssetMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = wallet.pass2Key(req.getPassPhrase().toByteArray());
EasyTransferResponse response = easyTransferAsset(privateKey, req.getToAddress(),
req.getAssetId(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

private EasyTransferResponse easyTransferAsset(byte[] privateKey, ByteString toAddress,
String assetId, long amount) {
TransactionCapsule transactionCapsule;
GrpcAPI.Return.Builder returnBuilder = GrpcAPI.Return.newBuilder();
EasyTransferResponse.Builder responseBuild = EasyTransferResponse.newBuilder();
try {
SignInterface cryptoEngine = SignUtils.fromPrivate(privateKey,
Args.getInstance().isECKeyCryptoEngine());
byte[] owner = cryptoEngine.getAddress();
TransferAssetContract.Builder builder = TransferAssetContract.newBuilder();
builder.setOwnerAddress(ByteString.copyFrom(owner));
builder.setToAddress(toAddress);
builder.setAssetName(ByteString.copyFrom(assetId.getBytes()));
builder.setAmount(amount);
transactionCapsule = createTransactionCapsule(builder.build(),
ContractType.TransferAssetContract);
transactionCapsule.sign(privateKey);
GrpcAPI.Return result = wallet.broadcastTransaction(transactionCapsule.getInstance());
responseBuild.setTransaction(transactionCapsule.getInstance());
responseBuild.setTxid(transactionCapsule.getTransactionId().getByteString());
responseBuild.setResult(result);
} catch (ContractValidateException e) {
returnBuilder.setResult(false).setCode(response_code.CONTRACT_VALIDATE_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getMessage()));
responseBuild.setResult(returnBuilder.build());
} catch (Exception e) {
returnBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
responseBuild.setResult(returnBuilder.build());
}

return responseBuild.build();
}

@Override
public void easyTransferByPrivate(EasyTransferByPrivateMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = req.getPrivateKey().toByteArray();
EasyTransferResponse response = easyTransfer(privateKey, req.getToAddress(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

@Override
public void easyTransferAssetByPrivate(EasyTransferAssetByPrivateMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = req.getPrivateKey().toByteArray();
EasyTransferResponse response = easyTransferAsset(privateKey, req.getToAddress(),
req.getAssetId(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

@Override
public void broadcastTransaction(Transaction req,
StreamObserver<GrpcAPI.Return> responseObserver) {
Expand Down Expand Up @@ -2235,12 +2051,6 @@ public void getChainParameters(EmptyMessage request,
responseObserver.onCompleted();
}

@Override
public void generateAddress(EmptyMessage request,
StreamObserver<GrpcAPI.AddressPrKeyPairMessage> responseObserver) {
generateAddressCommon(request, responseObserver);
}

@Override
public void getTransactionInfoById(BytesMessage request,
StreamObserver<TransactionInfo> responseObserver) {
Expand Down Expand Up @@ -2899,21 +2709,6 @@ public void getStatsInfo(EmptyMessage request,
}
}

public void generateAddressCommon(EmptyMessage request,
StreamObserver<GrpcAPI.AddressPrKeyPairMessage> responseObserver) {
SignInterface cryptoEngine = SignUtils.getGeneratedRandomSign(Utils.getRandom(),
Args.getInstance().isECKeyCryptoEngine());
byte[] priKey = cryptoEngine.getPrivateKey();
byte[] address = cryptoEngine.getAddress();
String addressStr = StringUtil.encode58Check(address);
String priKeyStr = Hex.encodeHexString(priKey);
AddressPrKeyPairMessage.Builder builder = AddressPrKeyPairMessage.newBuilder();
builder.setAddress(addressStr);
builder.setPrivateKey(priKeyStr);
responseObserver.onNext(builder.build());
responseObserver.onCompleted();
}

public void getRewardInfoCommon(BytesMessage request,
StreamObserver<NumberMessage> responseObserver) {
try {
Expand Down

This file was deleted.

Loading

0 comments on commit ed241b9

Please sign in to comment.