Merge pull request #5373 from iron-fish/rahul/import-multisig-account-without-secret

feat: Import multisig hw identity

Author: patnir

ironfish/src/rpc/routes/wallet/__fixtures__/importAccount.test.ts.fixture

@@ -6,23 +6,23 @@
         "previousBlockHash": "4791D7AE9F97DF100EF1558E84772D6A09B43762388283F75C6F20A32A88AA86",
         "noteCommitment": {
           "type": "Buffer",
-          "data": "base64:0KDCZq74l7x/xBpk6pN4GKueDfxqDpBfVVbEBle3piE="
+          "data": "base64:ZXWDsqog2eRQq6WZ70lqE9cVSUINpf1J8m6T/NS5UTQ="
         },
         "transactionCommitment": {
           "type": "Buffer",
-          "data": "base64:V+JntG6Mh/CV2y6OUBo0XHM1SsQd2BuBUpVQjfd8UTY="
+          "data": "base64:iIFwx36ZjBXyt1DsFBf5Av/sNYw4+Z5ZMXV1m0bNLm4="
         },
         "target": "9282972777491357380673661573939192202192629606981189395159182914949423",
         "randomness": "0",
-        "timestamp": 1726270914810,
+        "timestamp": 1726274775730,
         "graffiti": "0000000000000000000000000000000000000000000000000000000000000000",
         "noteSize": 4,
         "work": "0"
       },
       "transactions": [
         {
           "type": "Buffer",
-          "data": "base64:AQAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzKiP////8AAAAAyk5bfvKdSTdwi+EqeXx2tuNHJaRs6/OyyTqqtfXiOpeCwrIXEHclFCfWxdYf26U+WL6RmJa2EXCOEU6DWMvSdRv9DjGNEdEs3psBNEoBsPyCxX3g2+2YZOL4q/khIPoKWnEYwtr4Y0LK4CZ2fXcBrwD6RGx/rx6XQI8KCln/DXoY8XogZd5TzPBkEgje6l7AnKSMYJSaj4NxsNHZImLJOcvJsJDKPYaupuA57kTbb9+2mXV4Ww2wX0AzPXgdbtML2WmWSDPhMqNTQ4fSEf+wej8Bdu19SfPHAVcnGM5IlmMnWxLmLpoWJSMqyLHyuIm7U+awFCB2Rnp/ctiDv5Pvw0zXsHnTD1m8FGTtDBXsCLSrcnkAScYq2k9TKSPoebA0pNNqXuK2yCCcuFwGMgno/kepNOjgIQC2NxnzhjxnVdJiw9tTgMgXqSAlXqWpSVP/px2gtax7dFibMtdv8ytLigKMfy9fAAl1L8IVrk2QclO4WHGelqhidGNNRCofwiL43lWwTeX3xFhwLetRp4coJ8xk/zu/IOiLxeL+Pgj3gCsMSgHzwWiLTjWVB0j7zm75Idrgbm+sgS8A6rEnPdlkHvW7aNLYrTHxigi7q6LdHC1m0tzkMPLTqUlyb24gRmlzaCBub3RlIGVuY3J5cHRpb24gbWluZXIga2V5MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwPTtFNObdUhDGdWBuYySM8KCwmFmBaUol9uIxYe/w3Ip9yh0GHfuULUqZHBBCfl/McTVbJl4h86Tb0qRJSoJABQ=="
+          "data": "base64:AQAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzKiP////8AAAAAKmTHIfoCqB1LPml+WWhSb5/fnq2hk48D9yavNpWu6VeJkv9RrOYq6mpE0ItseXRXF8J6Nl4s4StLeuv4wLiCrAI+n4gmZX8+b+DEUnHSUDaT6iroKN3gPhYrj2ljrGdPO5BtMIu2OAss1FuOkri17p3ABqHUbGr23HVypBuMacMVmaSpbmpctyz3zmAF+bSq24oCCm7tmQUpuK3tc4YH41QYD5vrETduQmdq0Fln5zeSpH40uEA3GegClTHrQ486PHxekbx2I2CMpC/XSZABupohuoZX81a62qm2t9rni07Y4hJtREUiK4Zt2d3+jj6HRZVnn7SeB0J+NEv6CI4vVZfk3K561jIq/tEUdFWexO5U5YZ8ylhFlDkvd4+P20o1544GTAmy9eFOcIjwkn7JBniZHpjcgZY7+H8h/CHHC95CsU8XT3rR/VLaWhy8CvTTx1PGc+X5XK0a66UfI0Pv4bEKjr+ecB4FXk7Y3DPbe4nXTAKnNoh+EbltJGZMhpGC60OQgJ8vURFVmJ/KYtwMwjyD6YFSaFD7FrsjxTIs76GEHuPsNnvEDkBknJk8ngczOqy8j9hu4/uRtBygXZyLRC00SeyfsX+FSK4xWEfKr5pXYBGu9j8LVUlyb24gRmlzaCBub3RlIGVuY3J5cHRpb24gbWluZXIga2V5MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw/ZIbYQski4H101WQ64c3yvUoZtTFl5YQAyAsxoD2Sce86qNzWDY02qg0qQ9OYQHEKC3h5Gyumwk347ivnSLTCg=="
         }
       ]
     }

ironfish/src/rpc/routes/wallet/importAccount.test.ts

@@ -4,10 +4,15 @@
 import { generateKey, LanguageCode, multisig, spendingKeyToWords } from '@ironfish/rust-nodejs'
 import fs from 'fs'
 import path from 'path'
+import { Assert } from '../../../assert'
 import { createTrustedDealerKeyPackages, useMinerBlockFixture } from '../../../testUtilities'
 import { createRouteTest } from '../../../testUtilities/routeTest'
 import { JsonEncoder } from '../../../wallet'
-import { isMultisigSignerImport } from '../../../wallet/exporter'
+import {
+  decodeAccountImport,
+  isMultisigHardwareSignerImport,
+  isMultisigSignerImport,
+} from '../../../wallet/exporter'
 import { AccountFormat, encodeAccountImport } from '../../../wallet/exporter/account'
 import { AccountImport } from '../../../wallet/exporter/accountImport'
 import { Bech32Encoder } from '../../../wallet/exporter/encoders/bech32'
@@ -322,6 +327,24 @@ describe('Route wallet/importAccount', () => {
         expect(response.content.name).not.toBeNull()
 
         await routeTest.client.wallet.removeAccount({ account: testCaseFile })
+
+        const account = decodeAccountImport(testCase, {
+          name: testCaseFile,
+        })
+
+        if (account.multisigKeys && isMultisigHardwareSignerImport(account.multisigKeys)) {
+          await routeTest.node.wallet.walletDb.deleteMultisigIdentity(
+            Buffer.from(account.multisigKeys.identity, 'hex'),
+          )
+        }
+
+        if (account.multisigKeys && isMultisigSignerImport(account.multisigKeys)) {
+          await routeTest.node.wallet.walletDb.deleteMultisigIdentity(
+            new multisig.ParticipantSecret(Buffer.from(account.multisigKeys.secret, 'hex'))
+              .toIdentity()
+              .serialize(),
+          )
+        }
       }
     })
 
@@ -442,7 +465,7 @@ describe('Route wallet/importAccount', () => {
     expect.assertions(2)
   })
 
-  it('should not import multisig account with duplicate identity name', async () => {
+  it('should not import multisig account with secret with the same identity name', async () => {
     const name = 'duplicateIdentityNameTest'
 
     const {
@@ -527,4 +550,96 @@ describe('Route wallet/importAccount', () => {
 
     expect.assertions(7)
   })
+
+  it('should not import hardware multisig account with same identity name', async () => {
+    const name = 'duplicateIdentityNameTest'
+
+    const {
+      dealer: trustedDealerPackages,
+      secrets,
+      identities,
+    } = createTrustedDealerKeyPackages()
+
+    const identity = identities[0]
+    const nextIdentity = identities[1]
+
+    await routeTest.node.wallet.walletDb.putMultisigIdentity(Buffer.from(identity, 'hex'), {
+      secret: secrets[0].serialize(),
+      name,
+    })
+
+    const account: AccountImport = {
+      version: 1,
+      name,
+      viewKey: trustedDealerPackages.viewKey,
+      incomingViewKey: trustedDealerPackages.incomingViewKey,
+      outgoingViewKey: trustedDealerPackages.outgoingViewKey,
+      publicAddress: trustedDealerPackages.publicAddress,
+      proofAuthorizingKey: trustedDealerPackages.proofAuthorizingKey,
+      spendingKey: null,
+      createdAt: null,
+      multisigKeys: {
+        publicKeyPackage: trustedDealerPackages.publicKeyPackage,
+        identity: nextIdentity,
+      },
+    }
+
+    try {
+      await routeTest.client.wallet.importAccount({
+        account: new JsonEncoder().encode(account),
+        name,
+        rescan: false,
+      })
+    } catch (e: unknown) {
+      if (!(e instanceof RpcRequestError)) {
+        throw e
+      }
+
+      expect(e.status).toBe(400)
+      expect(e.code).toBe(RPC_ERROR_CODES.DUPLICATE_IDENTITY_NAME)
+    }
+
+    expect.assertions(2)
+  })
+
+  it('should not modify existing identity if a new one is being imported with a different name', async () => {
+    const { dealer: trustedDealerPackages, identities } = createTrustedDealerKeyPackages()
+
+    const identity = identities[0]
+
+    await routeTest.node.wallet.walletDb.putMultisigIdentity(Buffer.from(identity, 'hex'), {
+      name: 'existingIdentity',
+    })
+
+    const account: AccountImport = {
+      version: 1,
+      name: 'newIdentity',
+      viewKey: trustedDealerPackages.viewKey,
+      incomingViewKey: trustedDealerPackages.incomingViewKey,
+      outgoingViewKey: trustedDealerPackages.outgoingViewKey,
+      publicAddress: trustedDealerPackages.publicAddress,
+      proofAuthorizingKey: trustedDealerPackages.proofAuthorizingKey,
+      spendingKey: null,
+      createdAt: null,
+      multisigKeys: {
+        publicKeyPackage: trustedDealerPackages.publicKeyPackage,
+        identity: identity,
+      },
+    }
+
+    const response = await routeTest.client.wallet.importAccount({
+      account: new JsonEncoder().encode(account),
+      name: 'newIdentity',
+      rescan: false,
+    })
+
+    expect(response.status).toBe(200)
+    expect(response.content.name).toEqual('newIdentity')
+
+    const existingIdentity = await routeTest.wallet.walletDb.getMultisigIdentity(
+      Buffer.from(identity, 'hex'),
+    )
+    Assert.isNotUndefined(existingIdentity)
+    expect(existingIdentity.name).toEqual('existingIdentity')
+  })
 })

ironfish/src/wallet/wallet.ts

@@ -54,7 +54,10 @@ import {
 } from './errors'
 import { isMultisigSignerImport } from './exporter'
 import { AccountImport, validateAccountImport } from './exporter/accountImport'
-import { isMultisigSignerTrustedDealerImport } from './exporter/multisig'
+import {
+  isMultisigHardwareSignerImport,
+  isMultisigSignerTrustedDealerImport,
+} from './exporter/multisig'
 import { MintAssetOptions } from './interfaces/mintAssetOptions'
 import { ScanState } from './scanner/scanState'
 import { WalletScanner } from './scanner/walletScanner'
@@ -1418,29 +1421,31 @@ export class Wallet {
   ): Promise<Account> {
     let multisigKeys = accountValue.multisigKeys
     let secret: Buffer | undefined
+    let identity: Buffer | undefined
     const name = accountValue.name
 
-    if (
-      accountValue.multisigKeys &&
-      isMultisigSignerTrustedDealerImport(accountValue.multisigKeys)
-    ) {
-      const multisigIdentity = await this.walletDb.getMultisigIdentity(
-        Buffer.from(accountValue.multisigKeys.identity, 'hex'),
-      )
-      if (!multisigIdentity || !multisigIdentity.secret) {
-        throw new Error('Cannot import identity without a corresponding multisig secret')
-      }
+    if (accountValue.multisigKeys) {
+      if (isMultisigSignerTrustedDealerImport(accountValue.multisigKeys)) {
+        const multisigIdentity = await this.walletDb.getMultisigIdentity(
+          Buffer.from(accountValue.multisigKeys.identity, 'hex'),
+        )
+        if (!multisigIdentity || !multisigIdentity.secret) {
+          throw new Error('Cannot import identity without a corresponding multisig secret')
+        }
 
-      multisigKeys = {
-        keyPackage: accountValue.multisigKeys.keyPackage,
-        publicKeyPackage: accountValue.multisigKeys.publicKeyPackage,
-        secret: multisigIdentity.secret.toString('hex'),
+        multisigKeys = {
+          keyPackage: accountValue.multisigKeys.keyPackage,
+          publicKeyPackage: accountValue.multisigKeys.publicKeyPackage,
+          secret: multisigIdentity.secret.toString('hex'),
+        }
+        secret = multisigIdentity.secret
+        identity = Buffer.from(accountValue.multisigKeys.identity, 'hex')
+      } else if (isMultisigSignerImport(accountValue.multisigKeys)) {
+        secret = Buffer.from(accountValue.multisigKeys.secret, 'hex')
+        identity = new multisig.ParticipantSecret(secret).toIdentity().serialize()
+      } else if (isMultisigHardwareSignerImport(accountValue.multisigKeys)) {
+        identity = Buffer.from(accountValue.multisigKeys.identity, 'hex')
       }
-      secret = multisigIdentity.secret
-    }
-
-    if (accountValue.multisigKeys && isMultisigSignerImport(accountValue.multisigKeys)) {
-      secret = Buffer.from(accountValue.multisigKeys.secret, 'hex')
     }
 
     if (name && this.getAccountByName(name)) {
@@ -1500,23 +1505,21 @@ export class Wallet {
         await this.walletDb.setAccount(account, tx)
       }
 
-      if (secret) {
-        const identitySerialized = new multisig.ParticipantSecret(secret)
-          .toIdentity()
-          .serialize()
-        const multisigIdentity = await this.walletDb.getMultisigIdentity(identitySerialized, tx)
+      if (identity) {
+        const existingIdentity = await this.walletDb.getMultisigIdentity(identity, tx)
 
-        if (!multisigIdentity) {
+        if (!existingIdentity) {
           const duplicateSecret = await this.walletDb.getMultisigSecretByName(
             accountValue.name,
             tx,
           )
+
           if (duplicateSecret) {
             throw new DuplicateIdentityNameError(accountValue.name)
           }
 
           await this.walletDb.putMultisigIdentity(
-            identitySerialized,
+            identity,
             {
               name: account.name,
               secret,