Merge pull request #5372 from iron-fish/rahul/account-import-multisig-identity

feat: Import multisig identity during account import

Author: patnir

ironfish-cli/src/commands/wallet/import.ts

@@ -116,7 +116,8 @@ export class ImportCommand extends IronfishCommand {
         if (
           e instanceof RpcRequestError &&
           (e.code === RPC_ERROR_CODES.DUPLICATE_ACCOUNT_NAME.toString() ||
-            e.code === RPC_ERROR_CODES.IMPORT_ACCOUNT_NAME_REQUIRED.toString())
+            e.code === RPC_ERROR_CODES.IMPORT_ACCOUNT_NAME_REQUIRED.toString() ||
+            e.code === RPC_ERROR_CODES.DUPLICATE_IDENTITY_NAME.toString())
         ) {
           const message = 'Enter a name for the account'
 
@@ -125,6 +126,11 @@ export class ImportCommand extends IronfishCommand {
             this.log(e.codeMessage)
           }
 
+          if (e.code === RPC_ERROR_CODES.DUPLICATE_IDENTITY_NAME.toString()) {
+            this.log()
+            this.log(e.codeMessage)
+          }
+
           const name = await inputPrompt(message, true)
           if (name === flags.name) {
             this.error(`Entered the same name: '${name}'`)

ironfish/src/rpc/adapters/errors.ts

@@ -12,6 +12,7 @@ export enum RPC_ERROR_CODES {
   UNAUTHENTICATED = 'unauthenticated',
   NOT_FOUND = 'not-found',
   DUPLICATE_ACCOUNT_NAME = 'duplicate-account-name',
+  DUPLICATE_IDENTITY_NAME = 'duplicate-identity-name',
   IMPORT_ACCOUNT_NAME_REQUIRED = 'import-account-name-required',
   MULTISIG_SECRET_NOT_FOUND = 'multisig-secret-not-found',
   WALLET_ALREADY_DECRYPTED = 'wallet-already-decrypted',

ironfish/src/rpc/routes/wallet/__fixtures__/importAccount.test.ts.fixture

@@ -6,23 +6,23 @@
         "previousBlockHash": "4791D7AE9F97DF100EF1558E84772D6A09B43762388283F75C6F20A32A88AA86",
         "noteCommitment": {
           "type": "Buffer",
-          "data": "base64:OrFh1gNPebpwyD0EOBJXhvWSWcNIqvOofpmIUdQuMxg="
+          "data": "base64:0KDCZq74l7x/xBpk6pN4GKueDfxqDpBfVVbEBle3piE="
         },
         "transactionCommitment": {
           "type": "Buffer",
-          "data": "base64:o67WawihP0SziWZCyKRf8E9IJLHEAKJRxtHegUciYYU="
+          "data": "base64:V+JntG6Mh/CV2y6OUBo0XHM1SsQd2BuBUpVQjfd8UTY="
         },
         "target": "9282972777491357380673661573939192202192629606981189395159182914949423",
         "randomness": "0",
-        "timestamp": 1718920385337,
+        "timestamp": 1726270914810,
         "graffiti": "0000000000000000000000000000000000000000000000000000000000000000",
         "noteSize": 4,
         "work": "0"
       },
       "transactions": [
         {
           "type": "Buffer",
-          "data": "base64:AQAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzKiP////8AAAAAKVqg+LxkGFUdgVMSHhIIrp1oG0U1gg3WxwKonNL3I16NB/NqRoZxzc+mlx6IX3v2Ch+S+aHHTzXnVwJoMNsy5KGWbqGPvb1RP+fM/H6mmbCnik9BEtu8uYv12x4XjDqAohBRAPoUG0AjYAAhpQLSXnvQ7bF6grHEj+agByDw45kVAnz+nVhTFp3ODOCH4HGMqylTTG7329MZgUGXXOSIqWKCLYjIpACsiyEsz1Y/XP+54h9oHmUwm2ObkGOLFXb6D0PHxfKTEWg+jJNU6XVGUDY9BVt6SgYyWE+qA8ForJYDgxHly6kPsDy1WMYhAHpLpvSF4oyvwUoVa8qQDmVhtS8k/F7aRjCICP94DaPs/IvvesJkXI/gmp6mBsZyS/hxwQUNPi/OOqUZzDKvVthYcKwTIJcxt2W99bVKv2UnIc9+ay/WZ6m/Tm8zm0EO2lCqZXOer6eR7sQUStydjRgl8TYyHyl4htkK8gsS5hWQarJLIgGClFAYs+zicp/me4Pn8aK+8G1h4BuLApM+TJotvIzbISyMnkOB9c9x1H01T3txQYAeAgoLtLhNbI6Pz6VPNTes9GYWCiCH6FBudyyW+7ug95kJSU54xrOvdkBjHNX6bd17okg8Rklyb24gRmlzaCBub3RlIGVuY3J5cHRpb24gbWluZXIga2V5MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwDj/3ANmFakpfmgyAW39nTxSIjLTJION9L6HdYthgi2QyZ4ClO1gzlXZKRnMfu8E6JLAtC7M6ZEfe0m+JysV5Ag=="
+          "data": "base64:AQAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzKiP////8AAAAAyk5bfvKdSTdwi+EqeXx2tuNHJaRs6/OyyTqqtfXiOpeCwrIXEHclFCfWxdYf26U+WL6RmJa2EXCOEU6DWMvSdRv9DjGNEdEs3psBNEoBsPyCxX3g2+2YZOL4q/khIPoKWnEYwtr4Y0LK4CZ2fXcBrwD6RGx/rx6XQI8KCln/DXoY8XogZd5TzPBkEgje6l7AnKSMYJSaj4NxsNHZImLJOcvJsJDKPYaupuA57kTbb9+2mXV4Ww2wX0AzPXgdbtML2WmWSDPhMqNTQ4fSEf+wej8Bdu19SfPHAVcnGM5IlmMnWxLmLpoWJSMqyLHyuIm7U+awFCB2Rnp/ctiDv5Pvw0zXsHnTD1m8FGTtDBXsCLSrcnkAScYq2k9TKSPoebA0pNNqXuK2yCCcuFwGMgno/kepNOjgIQC2NxnzhjxnVdJiw9tTgMgXqSAlXqWpSVP/px2gtax7dFibMtdv8ytLigKMfy9fAAl1L8IVrk2QclO4WHGelqhidGNNRCofwiL43lWwTeX3xFhwLetRp4coJ8xk/zu/IOiLxeL+Pgj3gCsMSgHzwWiLTjWVB0j7zm75Idrgbm+sgS8A6rEnPdlkHvW7aNLYrTHxigi7q6LdHC1m0tzkMPLTqUlyb24gRmlzaCBub3RlIGVuY3J5cHRpb24gbWluZXIga2V5MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwPTtFNObdUhDGdWBuYySM8KCwmFmBaUol9uIxYe/w3Ip9yh0GHfuULUqZHBBCfl/McTVbJl4h86Tb0qRJSoJABQ=="
         }
       ]
     }

ironfish/src/rpc/routes/wallet/importAccount.test.ts

@@ -7,12 +7,14 @@ import path from 'path'
 import { createTrustedDealerKeyPackages, useMinerBlockFixture } from '../../../testUtilities'
 import { createRouteTest } from '../../../testUtilities/routeTest'
 import { JsonEncoder } from '../../../wallet'
+import { isMultisigSignerImport } from '../../../wallet/exporter'
 import { AccountFormat, encodeAccountImport } from '../../../wallet/exporter/account'
 import { AccountImport } from '../../../wallet/exporter/accountImport'
 import { Bech32Encoder } from '../../../wallet/exporter/encoders/bech32'
 import { Bech32JsonEncoder } from '../../../wallet/exporter/encoders/bech32json'
 import { encryptEncodedAccount } from '../../../wallet/exporter/encryption'
-import { RpcClient } from '../../clients'
+import { RPC_ERROR_CODES } from '../../adapters'
+import { RpcClient, RpcRequestError } from '../../clients'
 
 describe('Route wallet/importAccount', () => {
   const routeTest = createRouteTest(true)
@@ -51,7 +53,7 @@ describe('Route wallet/importAccount', () => {
   })
 
   it('should import a multisig account that has no spending key', async () => {
-    const trustedDealerPackages = createTrustedDealerKeyPackages()
+    const { dealer: trustedDealerPackages } = createTrustedDealerKeyPackages()
 
     const account: AccountImport = {
       version: 1,
@@ -412,4 +414,117 @@ describe('Route wallet/importAccount', () => {
     const accountHead = await account?.getHead()
     expect(accountHead?.sequence).toEqual(createdAtSequence - 1)
   })
+
+  it('should not import account with duplicate name', async () => {
+    const name = 'duplicateNameTest'
+    const spendingKey = generateKey().spendingKey
+
+    await routeTest.client.wallet.importAccount({
+      account: spendingKey,
+      name,
+      rescan: false,
+    })
+
+    try {
+      await routeTest.client.wallet.importAccount({
+        account: spendingKey,
+        name,
+        rescan: false,
+      })
+    } catch (e: unknown) {
+      if (!(e instanceof RpcRequestError)) {
+        throw e
+      }
+      expect(e.status).toBe(400)
+      expect(e.code).toBe(RPC_ERROR_CODES.DUPLICATE_ACCOUNT_NAME)
+    }
+
+    expect.assertions(2)
+  })
+
+  it('should not import multisig account with duplicate identity name', async () => {
+    const name = 'duplicateIdentityNameTest'
+
+    const {
+      dealer: trustedDealerPackages,
+      secrets,
+      identities,
+    } = createTrustedDealerKeyPackages()
+
+    await routeTest.node.wallet.walletDb.putMultisigIdentity(
+      Buffer.from(identities[0], 'hex'),
+      {
+        secret: secrets[0].serialize(),
+        name,
+      },
+    )
+
+    const indentityCountBefore = (await routeTest.client.wallet.multisig.getIdentities())
+      .content.identities.length
+
+    const account: AccountImport = {
+      version: 1,
+      name,
+      viewKey: trustedDealerPackages.viewKey,
+      incomingViewKey: trustedDealerPackages.incomingViewKey,
+      outgoingViewKey: trustedDealerPackages.outgoingViewKey,
+      publicAddress: trustedDealerPackages.publicAddress,
+      spendingKey: null,
+      createdAt: null,
+      proofAuthorizingKey: trustedDealerPackages.proofAuthorizingKey,
+      multisigKeys: {
+        publicKeyPackage: trustedDealerPackages.publicKeyPackage,
+        keyPackage: trustedDealerPackages.keyPackages[1].keyPackage.toString(),
+        secret: secrets[1].serialize().toString('hex'),
+      },
+    }
+
+    try {
+      await routeTest.client.wallet.importAccount({
+        account: new JsonEncoder().encode(account),
+        name,
+        rescan: false,
+      })
+    } catch (e: unknown) {
+      if (!(e instanceof RpcRequestError)) {
+        throw e
+      }
+
+      /**
+       * These assertions ensures that we cannot import multiple identities with the same name.
+       *    This is done by creating an identity, storing it and attempting to import another identity but give it the same name.
+       */
+      expect(e.status).toBe(400)
+      expect(e.code).toBe(RPC_ERROR_CODES.DUPLICATE_IDENTITY_NAME)
+    }
+
+    if (account.multisigKeys && isMultisigSignerImport(account.multisigKeys)) {
+      account.multisigKeys.secret = secrets[0].serialize().toString('hex')
+    } else {
+      throw new Error('Invalid multisig keys')
+    }
+
+    const response = await routeTest.client.wallet.importAccount({
+      account: new JsonEncoder().encode(account),
+      name: 'account2',
+      rescan: false,
+    })
+
+    expect(response.status).toBe(200)
+    expect(response.content.name).toEqual('account2')
+
+    const identitiesAfter = (await routeTest.client.wallet.multisig.getIdentities()).content
+      .identities
+    const newIdentity = identitiesAfter.find((identity) => identity.name === name)
+
+    /**
+     * These assertions ensure that if we try to import an identity with the same secret but different name, it will pass.
+     * However, the identity name will remain the same as the original identity that was imported first.
+     */
+    expect(identitiesAfter.length).toBe(indentityCountBefore)
+    expect(newIdentity).toBeDefined()
+    expect(newIdentity?.name).toBe(name)
+
+    expect.assertions(7)
+  })
 })

ironfish/src/rpc/routes/wallet/importAccount.ts

@@ -3,7 +3,7 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
 import * as yup from 'yup'
 import { DecodeInvalidName } from '../../../wallet'
-import { DuplicateAccountNameError } from '../../../wallet/errors'
+import { DuplicateAccountNameError, DuplicateIdentityNameError } from '../../../wallet/errors'
 import { decodeAccountImport } from '../../../wallet/exporter/account'
 import { decryptEncodedAccount } from '../../../wallet/exporter/encryption'
 import { RPC_ERROR_CODES, RpcValidationError } from '../../adapters'
@@ -70,6 +70,9 @@ routes.register<typeof ImportAccountRequestSchema, ImportResponse>(
         isDefaultAccount,
       })
     } catch (e) {
+      if (e instanceof DuplicateIdentityNameError) {
+        throw new RpcValidationError(e.message, 400, RPC_ERROR_CODES.DUPLICATE_IDENTITY_NAME)
+      }
       if (e instanceof DuplicateAccountNameError) {
         throw new RpcValidationError(e.message, 400, RPC_ERROR_CODES.DUPLICATE_ACCOUNT_NAME)
       } else if (e instanceof DecodeInvalidName) {

ironfish/src/testUtilities/keys.ts

@@ -6,9 +6,22 @@ import { multisig } from '@ironfish/rust-nodejs'
 export function createTrustedDealerKeyPackages(
   minSigners: number = 2,
   maxSigners: number = 2,
-): multisig.TrustedDealerKeyPackages {
-  const identities = Array.from({ length: maxSigners }, () =>
-    multisig.ParticipantSecret.random().toIdentity().serialize().toString('hex'),
-  )
-  return multisig.generateAndSplitKey(minSigners, identities)
+): {
+  dealer: multisig.TrustedDealerKeyPackages
+  identities: string[]
+  secrets: multisig.ParticipantSecret[]
+} {
+  const secrets = Array.from({ length: maxSigners }, () => multisig.ParticipantSecret.random())
+
+  const identities = secrets.map((secret) => {
+    return secret.toIdentity().serialize().toString('hex')
+  })
+
+  const dealer = multisig.generateAndSplitKey(minSigners, identities)
+
+  return {
+    dealer,
+    identities,
+    secrets,
+  }
 }

ironfish/src/wallet/errors.ts

@@ -43,6 +43,15 @@ export class DuplicateAccountNameError extends Error {
   }
 }
 
+export class DuplicateIdentityNameError extends Error {
+  name = this.constructor.name
+
+  constructor(name: string) {
+    super()
+    this.message = `Multisig identity already exists with the name ${name}`
+  }
+}
+
 export class DuplicateSpendingKeyError extends Error {
   name = this.constructor.name
 

ironfish/src/wallet/wallet.ts

@@ -46,11 +46,13 @@ import { EncryptedAccount } from './account/encryptedAccount'
 import { AssetBalances } from './assetBalances'
 import {
   DuplicateAccountNameError,
+  DuplicateIdentityNameError,
   DuplicateMultisigSecretNameError,
   DuplicateSpendingKeyError,
   MaxMemoLengthError,
   NotEnoughFundsError,
 } from './errors'
+import { isMultisigSignerImport } from './exporter'
 import { AccountImport, validateAccountImport } from './exporter/accountImport'
 import { isMultisigSignerTrustedDealerImport } from './exporter/multisig'
 import { MintAssetOptions } from './interfaces/mintAssetOptions'
@@ -1415,6 +1417,7 @@ export class Wallet {
     options?: { createdAt?: number; passphrase?: string },
   ): Promise<Account> {
     let multisigKeys = accountValue.multisigKeys
+    let secret: Buffer | undefined
     const name = accountValue.name
 
     if (
@@ -1433,6 +1436,11 @@ export class Wallet {
         publicKeyPackage: accountValue.multisigKeys.publicKeyPackage,
         secret: multisigIdentity.secret.toString('hex'),
       }
+      secret = multisigIdentity.secret
+    }
+
+    if (accountValue.multisigKeys && isMultisigSignerImport(accountValue.multisigKeys)) {
+      secret = Buffer.from(accountValue.multisigKeys.secret, 'hex')
     }
 
     if (name && this.getAccountByName(name)) {
@@ -1492,6 +1500,32 @@ export class Wallet {
         await this.walletDb.setAccount(account, tx)
       }
 
+      if (secret) {
+        const identitySerialized = new multisig.ParticipantSecret(secret)
+          .toIdentity()
+          .serialize()
+        const multisigIdentity = await this.walletDb.getMultisigIdentity(identitySerialized, tx)
+
+        if (!multisigIdentity) {
+          const duplicateSecret = await this.walletDb.getMultisigSecretByName(
+            accountValue.name,
+            tx,
+          )
+          if (duplicateSecret) {
+            throw new DuplicateIdentityNameError(accountValue.name)
+          }
+
+          await this.walletDb.putMultisigIdentity(
+            identitySerialized,
+            {
+              name: account.name,
+              secret,
+            },
+            tx,
+          )
+        }
+      }
+
       if (createdAt !== null) {
         const previousBlock = await this.chainGetBlock({ sequence: createdAt.sequence - 1 })