Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(api): remove insecure APIs #5096

Merged
merged 1 commit into from
Apr 3, 2023
Merged

feat(api): remove insecure APIs #5096

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 0 additions & 16 deletions actuator/src/main/java/org/tron/core/utils/TransactionUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,6 @@
import org.tron.protos.Protocol.Transaction;
import org.tron.protos.Protocol.Transaction.Contract;
import org.tron.protos.Protocol.Transaction.Result.contractResult;
import org.tron.protos.Protocol.TransactionSign;
import org.tron.protos.contract.SmartContractOuterClass.CreateSmartContract;
import org.tron.protos.contract.SmartContractOuterClass.TriggerSmartContract;
import org.tron.protos.Protocol.Transaction.Contract.ContractType;
Expand Down Expand Up @@ -184,21 +183,6 @@ public static String makeUpperCamelMethod(String originName) {
.replace("_", "");
}

public static TransactionCapsule getTransactionSign(TransactionSign transactionSign) {
byte[] privateKey = transactionSign.getPrivateKey().toByteArray();
TransactionCapsule trx = new TransactionCapsule(transactionSign.getTransaction());
trx.sign(privateKey);
return trx;
}

public TransactionCapsule addSign(TransactionSign transactionSign)
throws PermissionException, SignatureException, SignatureFormatException {
byte[] privateKey = transactionSign.getPrivateKey().toByteArray();
TransactionCapsule trx = new TransactionCapsule(transactionSign.getTransaction());
trx.addSign(privateKey, chainBaseManager.getAccountStore());
return trx;
}

public TransactionSignWeight getTransactionSignWeight(Transaction trx) {
TransactionSignWeight.Builder tswBuilder = TransactionSignWeight.newBuilder();
TransactionExtention.Builder trxExBuilder = TransactionExtention.newBuilder();
Expand Down
12 changes: 0 additions & 12 deletions framework/src/main/java/org/tron/core/Wallet.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -648,18 +648,6 @@ public TransactionApprovedList getTransactionApprovedList(Transaction trx) {
return tswBuilder.build();
}

public byte[] pass2Key(byte[] passPhrase) {
return Sha256Hash.hash(CommonParameter
.getInstance().isECKeyCryptoEngine(), passPhrase);
}

public byte[] createAddress(byte[] passPhrase) {
byte[] privateKey = pass2Key(passPhrase);
SignInterface ecKey = SignUtils.fromPrivate(privateKey,
Args.getInstance().isECKeyCryptoEngine());
return ecKey.getAddress();
}

public Block getNowBlock() {
List<BlockCapsule> blockList = chainBaseManager.getBlockStore().getBlockByLatestNum(1);
if (CollectionUtils.isEmpty(blockList)) {
Expand Down
205 changes: 0 additions & 205 deletions framework/src/main/java/org/tron/core/services/RpcApiService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,12 @@
import java.util.concurrent.TimeUnit;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Hex;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.tron.api.DatabaseGrpc.DatabaseImplBase;
import org.tron.api.GrpcAPI;
import org.tron.api.GrpcAPI.AccountNetMessage;
import org.tron.api.GrpcAPI.AccountResourceMessage;
import org.tron.api.GrpcAPI.Address;
import org.tron.api.GrpcAPI.AddressPrKeyPairMessage;
import org.tron.api.GrpcAPI.AssetIssueList;
import org.tron.api.GrpcAPI.BlockExtention;
import org.tron.api.GrpcAPI.BlockLimit;
Expand All @@ -39,11 +36,6 @@
import org.tron.api.GrpcAPI.DelegatedResourceList;
import org.tron.api.GrpcAPI.DelegatedResourceMessage;
import org.tron.api.GrpcAPI.DiversifierMessage;
import org.tron.api.GrpcAPI.EasyTransferAssetByPrivateMessage;
import org.tron.api.GrpcAPI.EasyTransferAssetMessage;
import org.tron.api.GrpcAPI.EasyTransferByPrivateMessage;
import org.tron.api.GrpcAPI.EasyTransferMessage;
import org.tron.api.GrpcAPI.EasyTransferResponse;
import org.tron.api.GrpcAPI.EmptyMessage;
import org.tron.api.GrpcAPI.EstimateEnergyMessage;
import org.tron.api.GrpcAPI.ExchangeList;
Expand All @@ -52,7 +44,6 @@
import org.tron.api.GrpcAPI.IncomingViewingKeyMessage;
import org.tron.api.GrpcAPI.IvkDecryptTRC20Parameters;
import org.tron.api.GrpcAPI.NfTRC20Parameters;
import org.tron.api.GrpcAPI.Node;
import org.tron.api.GrpcAPI.NodeList;
import org.tron.api.GrpcAPI.NoteParameters;
import org.tron.api.GrpcAPI.NumberMessage;
Expand Down Expand Up @@ -85,13 +76,10 @@
import org.tron.api.WalletGrpc.WalletImplBase;
import org.tron.api.WalletSolidityGrpc.WalletSolidityImplBase;
import org.tron.common.application.Service;
import org.tron.common.crypto.SignInterface;
import org.tron.common.crypto.SignUtils;
import org.tron.common.parameter.CommonParameter;
import org.tron.common.utils.ByteArray;
import org.tron.common.utils.Sha256Hash;
import org.tron.common.utils.StringUtil;
import org.tron.common.utils.Utils;
import org.tron.core.ChainBaseManager;
import org.tron.core.Wallet;
import org.tron.core.capsule.AccountCapsule;
Expand All @@ -108,7 +96,6 @@
import org.tron.core.exception.VMIllegalException;
import org.tron.core.exception.ZksnarkException;
import org.tron.core.metrics.MetricsApiService;
import org.tron.core.net.TronNetService;
import org.tron.core.services.filter.LiteFnQueryGrpcInterceptor;
import org.tron.core.services.ratelimiter.RateLimiterInterceptor;
import org.tron.core.services.ratelimiter.RpcApiAccessInterceptor;
Expand All @@ -130,7 +117,6 @@
import org.tron.protos.Protocol.Transaction;
import org.tron.protos.Protocol.Transaction.Contract.ContractType;
import org.tron.protos.Protocol.TransactionInfo;
import org.tron.protos.Protocol.TransactionSign;
import org.tron.protos.contract.AccountContract.AccountCreateContract;
import org.tron.protos.contract.AccountContract.AccountPermissionUpdateContract;
import org.tron.protos.contract.AccountContract.AccountUpdateContract;
Expand Down Expand Up @@ -726,12 +712,6 @@ public void getTransactionInfoById(BytesMessage request,
responseObserver.onCompleted();
}

@Override
public void generateAddress(EmptyMessage request,
StreamObserver<GrpcAPI.AddressPrKeyPairMessage> responseObserver) {
generateAddressCommon(request, responseObserver);
}

@Override
public void getRewardInfo(BytesMessage request,
StreamObserver<NumberMessage> responseObserver) {
Expand Down Expand Up @@ -1145,55 +1125,6 @@ private void createTransactionExtention(Message request, ContractType contractTy
responseObserver.onCompleted();
}


@Override
public void getTransactionSign(TransactionSign req,
StreamObserver<Transaction> responseObserver) {
TransactionCapsule result = TransactionUtil.getTransactionSign(req);
responseObserver.onNext(result.getInstance());
responseObserver.onCompleted();
}

@Override
public void getTransactionSign2(TransactionSign req,
StreamObserver<TransactionExtention> responseObserver) {
TransactionExtention.Builder trxExtBuilder = TransactionExtention.newBuilder();
Return.Builder retBuilder = Return.newBuilder();
try {
TransactionCapsule trx = TransactionUtil.getTransactionSign(req);
trxExtBuilder.setTransaction(trx.getInstance());
trxExtBuilder.setTxid(trx.getTransactionId().getByteString());
retBuilder.setResult(true).setCode(response_code.SUCCESS);
} catch (Exception e) {
retBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
logger.info(EXCEPTION_CAUGHT + e.getMessage());
}
trxExtBuilder.setResult(retBuilder);
responseObserver.onNext(trxExtBuilder.build());
responseObserver.onCompleted();
}

@Override
public void addSign(TransactionSign req,
StreamObserver<TransactionExtention> responseObserver) {
TransactionExtention.Builder trxExtBuilder = TransactionExtention.newBuilder();
Return.Builder retBuilder = Return.newBuilder();
try {
TransactionCapsule trx = transactionUtil.addSign(req);
trxExtBuilder.setTransaction(trx.getInstance());
trxExtBuilder.setTxid(trx.getTransactionId().getByteString());
retBuilder.setResult(true).setCode(response_code.SUCCESS);
} catch (Exception e) {
retBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
logger.info(EXCEPTION_CAUGHT + e.getMessage());
}
trxExtBuilder.setResult(retBuilder);
responseObserver.onNext(trxExtBuilder.build());
responseObserver.onCompleted();
}

@Override
public void getTransactionSignWeight(Transaction req,
StreamObserver<TransactionSignWeight> responseObserver) {
Expand All @@ -1210,121 +1141,6 @@ public void getTransactionApprovedList(Transaction req,
responseObserver.onCompleted();
}

@Override
public void createAddress(BytesMessage req,
StreamObserver<BytesMessage> responseObserver) {
byte[] address = wallet.createAddress(req.getValue().toByteArray());
BytesMessage.Builder builder = BytesMessage.newBuilder();
builder.setValue(ByteString.copyFrom(address));
responseObserver.onNext(builder.build());
responseObserver.onCompleted();
}

private EasyTransferResponse easyTransfer(byte[] privateKey, ByteString toAddress,
long amount) {
TransactionCapsule transactionCapsule;
GrpcAPI.Return.Builder returnBuilder = GrpcAPI.Return.newBuilder();
EasyTransferResponse.Builder responseBuild = EasyTransferResponse.newBuilder();
try {
SignInterface cryptoEngine = SignUtils.fromPrivate(privateKey, Args.getInstance()
.isECKeyCryptoEngine());
byte[] owner = cryptoEngine.getAddress();
TransferContract.Builder builder = TransferContract.newBuilder();
builder.setOwnerAddress(ByteString.copyFrom(owner));
builder.setToAddress(toAddress);
builder.setAmount(amount);
transactionCapsule = createTransactionCapsule(builder.build(),
ContractType.TransferContract);
transactionCapsule.sign(privateKey);
GrpcAPI.Return result = wallet.broadcastTransaction(transactionCapsule.getInstance());
responseBuild.setTransaction(transactionCapsule.getInstance());
responseBuild.setTxid(transactionCapsule.getTransactionId().getByteString());
responseBuild.setResult(result);
} catch (ContractValidateException e) {
returnBuilder.setResult(false).setCode(response_code.CONTRACT_VALIDATE_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getMessage()));
responseBuild.setResult(returnBuilder.build());
} catch (Exception e) {
returnBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
responseBuild.setResult(returnBuilder.build());
}

return responseBuild.build();
}

@Override
public void easyTransfer(EasyTransferMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = wallet.pass2Key(req.getPassPhrase().toByteArray());
EasyTransferResponse response = easyTransfer(privateKey, req.getToAddress(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

@Override
public void easyTransferAsset(EasyTransferAssetMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = wallet.pass2Key(req.getPassPhrase().toByteArray());
EasyTransferResponse response = easyTransferAsset(privateKey, req.getToAddress(),
req.getAssetId(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

private EasyTransferResponse easyTransferAsset(byte[] privateKey, ByteString toAddress,
String assetId, long amount) {
TransactionCapsule transactionCapsule;
GrpcAPI.Return.Builder returnBuilder = GrpcAPI.Return.newBuilder();
EasyTransferResponse.Builder responseBuild = EasyTransferResponse.newBuilder();
try {
SignInterface cryptoEngine = SignUtils.fromPrivate(privateKey,
Args.getInstance().isECKeyCryptoEngine());
byte[] owner = cryptoEngine.getAddress();
TransferAssetContract.Builder builder = TransferAssetContract.newBuilder();
builder.setOwnerAddress(ByteString.copyFrom(owner));
builder.setToAddress(toAddress);
builder.setAssetName(ByteString.copyFrom(assetId.getBytes()));
builder.setAmount(amount);
transactionCapsule = createTransactionCapsule(builder.build(),
ContractType.TransferAssetContract);
transactionCapsule.sign(privateKey);
GrpcAPI.Return result = wallet.broadcastTransaction(transactionCapsule.getInstance());
responseBuild.setTransaction(transactionCapsule.getInstance());
responseBuild.setTxid(transactionCapsule.getTransactionId().getByteString());
responseBuild.setResult(result);
} catch (ContractValidateException e) {
returnBuilder.setResult(false).setCode(response_code.CONTRACT_VALIDATE_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getMessage()));
responseBuild.setResult(returnBuilder.build());
} catch (Exception e) {
returnBuilder.setResult(false).setCode(response_code.OTHER_ERROR)
.setMessage(ByteString.copyFromUtf8(e.getClass() + " : " + e.getMessage()));
responseBuild.setResult(returnBuilder.build());
}

return responseBuild.build();
}

@Override
public void easyTransferByPrivate(EasyTransferByPrivateMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = req.getPrivateKey().toByteArray();
EasyTransferResponse response = easyTransfer(privateKey, req.getToAddress(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

@Override
public void easyTransferAssetByPrivate(EasyTransferAssetByPrivateMessage req,
StreamObserver<EasyTransferResponse> responseObserver) {
byte[] privateKey = req.getPrivateKey().toByteArray();
EasyTransferResponse response = easyTransferAsset(privateKey, req.getToAddress(),
req.getAssetId(), req.getAmount());
responseObserver.onNext(response);
responseObserver.onCompleted();
}

@Override
public void broadcastTransaction(Transaction req,
StreamObserver<GrpcAPI.Return> responseObserver) {
Expand Down Expand Up @@ -2235,12 +2051,6 @@ public void getChainParameters(EmptyMessage request,
responseObserver.onCompleted();
}

@Override
public void generateAddress(EmptyMessage request,
StreamObserver<GrpcAPI.AddressPrKeyPairMessage> responseObserver) {
generateAddressCommon(request, responseObserver);
}

@Override
public void getTransactionInfoById(BytesMessage request,
StreamObserver<TransactionInfo> responseObserver) {
Expand Down Expand Up @@ -2899,21 +2709,6 @@ public void getStatsInfo(EmptyMessage request,
}
}

public void generateAddressCommon(EmptyMessage request,
StreamObserver<GrpcAPI.AddressPrKeyPairMessage> responseObserver) {
SignInterface cryptoEngine = SignUtils.getGeneratedRandomSign(Utils.getRandom(),
Args.getInstance().isECKeyCryptoEngine());
byte[] priKey = cryptoEngine.getPrivateKey();
byte[] address = cryptoEngine.getAddress();
String addressStr = StringUtil.encode58Check(address);
String priKeyStr = Hex.encodeHexString(priKey);
AddressPrKeyPairMessage.Builder builder = AddressPrKeyPairMessage.newBuilder();
builder.setAddress(addressStr);
builder.setPrivateKey(priKeyStr);
responseObserver.onNext(builder.build());
responseObserver.onCompleted();
}

public void getRewardInfoCommon(BytesMessage request,
StreamObserver<NumberMessage> responseObserver) {
try {
Expand Down
51 changes: 0 additions & 51 deletions framework/src/main/java/org/tron/core/services/http/AddTransactionSignServlet.java
View file
Open in desktop

This file was deleted.

Loading