Merge pull request #125 from proximax-storage/feature/new_server_security

Adjustments for server release after security audit

Author: tonowie

CHANGELOG.md

@@ -1,5 +1,11 @@
 # CHANGELOG
 
+## 0.6.0 Security audit
+
+Breaking changes introduced by the security audit
+* DTO changes to match changes in REST API
+* e2e test cleanup (+ disabled contract tests as plugin is disabled now)
+
 ## 0.5.1 Security audit
 
 Fixing issues caused by changes introduced because of security audit

README.md

@@ -12,9 +12,9 @@ The ProximaX Sirius Chain Java SDK is a Java library for interacting with the Si
 
 ## Use the library ##
 
-Current version of the library is <b>0.5.0</b>
+See [wiki](https://github.com/proximax-storage/java-xpx-chain-sdk/wiki) for latest version of the project.
 
-This library requires use of Java8. Library is published to [Maven Central](https://search.maven.org/). To include library and its dependencies, add following to your build script:
+This library requires use of Java8. Releases of library are published to [Maven Central](https://search.maven.org/search?q=a:java-xpx-chain-sdk) and [snapshots](https://oss.sonatype.org/content/repositories/snapshots/io/proximax/java-xpx-chain-sdk/) are available in [Sonatype snapshot repository](https://oss.sonatype.org/content/repositories/snapshots/). To include library and its dependencies, add following to your build script:
 
 ### Maven ###
 

gradle.properties

@@ -1,4 +1,4 @@
 # repository group
 group=io.proximax
 # current version
-version=0.5.1-SNAPSHOT
+version=0.6.0-SNAPSHOT

schemas/swagger/swagger.yaml

@@ -789,7 +789,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/CatapultConfigDTO'
+                $ref: '#/components/schemas/NetworkConfigDTO'
         '404':
           description: resource not found
         '409':
@@ -1438,7 +1438,7 @@ paths:
           content:
             application/json:
               schema:
-                $ref: '#/components/schemas/CatapultUpgradeDTO'
+                $ref: '#/components/schemas/BlockchainUpgradeDTO'
         '404':
           description: resource not found
         '409':
@@ -1555,6 +1555,11 @@ components:
     EntityTypeEnum:
       type: integer
       enum:
+      - 16728
+      - 16729
+      - 16701
+      - 16957
+      - 17213
       - 16717
       - 16973
       - 16718
@@ -1575,6 +1580,11 @@ components:
       - 33091
       description: |
         The entity type:
+        * 0x4158 (16728 decimal) - Blockchain Upgrade Transaction.
+        * 0x4159 (16729 decimal) - Network Config Transaction.
+        * 0x413D (16701 decimal) - Address Metadata Transaction.
+        * 0x423D (16957 decimal) - Mosaic Metadata Transaction.
+        * 0x433D (17213 decimal) - Namespace Metadata Transaction.
         * 0x414D (16717 decimal) - Mosaic Definition Transaction.
         * 0x424D (16973 decimal) - Mosaic Supply Change Transaction.
         * 0x414E (16718 decimal) - Register Namespace Transaction.
@@ -1615,6 +1625,28 @@ components:
         The type of the action:
         * 0 - Link.
         * 1 - Unlink.
+    MetadataTypeEnum:
+      type: integer
+      enum:
+      - 1
+      - 2
+      - 3
+      description: |
+        The type of the metadata:
+        * 1 - Address metadata.
+        * 2 - Mosaic metadata.
+        * 3 - Namespace metadata.
+      example: 0
+    MetadataModificationTypeEnum:
+      type: integer
+      enum:
+      - 0
+      - 1
+      description: |
+        The type of the metadata modification:
+        * 0 - Add metadata.
+        * 1 - Remove metadata.
+      example: 0
     MessageTypeEnum:
       type: integer
       enum:
@@ -1872,44 +1904,44 @@ components:
             - type: string
             - $ref: "#/components/schemas/UInt64DTO"
             - type: integer
-    CatapultConfigDTO:
+    NetworkConfigDTO:
       type: object
       required:
-      - catapultConfig
+      - networkConfig
       properties:
-        catapultConfig:
+        networkConfig:
           $ref: '#/components/schemas/ConfigDTO'
     ConfigDTO:
       type: object
       required:
       - height
-      - blockChainConfig
+      - networkConfig
       - supportedEntityVersions
       properties:
         height:
           $ref: '#/components/schemas/UInt64DTO'
-        blockChainConfig:
+        networkConfig:
           type: string
           example: "[network]\n\nidentifier = mijin-test\npublicKey = B4F12E7C9F6946091E2CB8B6D3A12B50D17CCBBF646386EA27CE2946A7423DCF\ngenerationHash = 7B631D803F912B00DC0CBED3014BBD17A302BA50B99D233B9C2D9533B842ABDF\n\n"
         supportedEntityVersions:
           type: string
           example: "{\n\t\"entities\": [\n\t\t{\n\t\t\t\"name\": \"Block\",\n\t\t\t\"type\": \"33091\",\n\t\t\t\"supportedVersions\": [3]\n\t\t}]}"
-    CatapultUpgradeDTO:
+    BlockchainUpgradeDTO:
       type: object
       required:
-      - catapultUpgrade
+      - blockchainUpgrade
       properties:
-        catapultConfig:
+        blockchainUpgrade:
           $ref: '#/components/schemas/UpgradeDTO'
     UpgradeDTO:
       type: object
       required:
       - height
-      - catapultVersion
+      - blockChainVersion
       properties:
         height:
           $ref: '#/components/schemas/UInt64DTO'
-        catapultVersion:
+        blockChainVersion:
           $ref: '#/components/schemas/UInt64DTO'
     ContractInfoDTO:
       type: object
@@ -1958,6 +1990,21 @@ components:
           items:
             type: string
             example: "3DCB6E5EFF4D63A38902EF948E895B01D6EA497EBF84B1460C14CA5BEDCAD9F3"
+    MetadataModificationDTO:
+      type: object
+      required:
+      - modificationType
+      - key
+      - value
+      properties:
+        modificationType:
+          $ref: "#/components/schemas/MetadataModificationTypeEnum"
+        key:
+          type: string
+          description: The key of metadata modification.
+        value:
+          type: string
+          description: The value of metadata modification.
     MultisigAccountGraphInfoDTO:
       type: object
       required:
@@ -2696,6 +2743,11 @@ components:
           $ref: "#/components/schemas/TransactionMetaDTO"
         transaction:
           anyOf:
+          - $ref: "#/components/schemas/BlockchainUpgradeTransactionDTO"
+          - $ref: "#/components/schemas/NetworkConfigTransactionDTO"
+          - $ref: "#/components/schemas/AddressMetadataTransactionDTO"
+          - $ref: "#/components/schemas/MosaicMetadataTransactionDTO"
+          - $ref: "#/components/schemas/NamespaceMetadataTransactionDTO"
           - $ref: "#/components/schemas/MosaicDefinitionTransactionDTO"
           - $ref: "#/components/schemas/MosaicSupplyChangeTransactionDTO"
           - $ref: "#/components/schemas/RegisterNamespaceTransactionDTO"
@@ -2738,6 +2790,11 @@ components:
           $ref: "#/components/schemas/EmbeddedTransactionMetaDTO"
         transaction:
           anyOf:
+          - $ref: "#/components/schemas/EmbeddedBlockchainUpgradeTransactionDTO"
+          - $ref: "#/components/schemas/EmbeddedNetworkConfigTransactionDTO"
+          - $ref: "#/components/schemas/EmbeddedAddressMetadataTransactionDTO"
+          - $ref: "#/components/schemas/EmbeddedMosaicMetadataTransactionDTO"
+          - $ref: "#/components/schemas/EmbeddedNamespaceMetadataTransactionDTO"
           - $ref: "#/components/schemas/EmbeddedMosaicDefinitionTransactionDTO"
           - $ref: "#/components/schemas/EmbeddedMosaicSupplyChangeTransactionDTO"
           - $ref: "#/components/schemas/EmbeddedRegisterNamespaceTransactionDTO"
@@ -2771,6 +2828,137 @@ components:
       allOf:
       - $ref: "#/components/schemas/EntityDTO"
       - $ref: "#/components/schemas/TransactionBodyDTO"
+    BlockchainUpgradeBodyDTO:
+      type: object
+      required:
+      - upgradePeriod
+      - newBlockChainVersion
+      properties:
+        upgradePeriod:
+          $ref: "#/components/schemas/UInt64DTO"
+        newBlockChainVersion:
+          $ref: "#/components/schemas/UInt64DTO"
+    BlockchainUpgradeTransactionDTO:
+      type: object
+      description: Transaction that change version of blockchain.
+      allOf:
+      - $ref: "#/components/schemas/TransactionDTO"
+      - $ref: "#/components/schemas/BlockchainUpgradeBodyDTO"
+    EmbeddedBlockchainUpgradeTransactionDTO:
+      type: object
+      allOf:
+      - $ref: "#/components/schemas/EmbeddedTransactionDTO"
+      - $ref: "#/components/schemas/BlockchainUpgradeBodyDTO"
+    NetworkConfigBodyDTO:
+      type: object
+      required:
+      - applyHeightDelta
+      - networkConfig
+      - supportedEntityVersions
+      properties:
+        applyHeightDelta:
+          $ref: "#/components/schemas/UInt64DTO"
+        networkConfig:
+          type: string
+          description: Network config like a raw text.
+        supportedEntityVersions:
+          type: string
+          description: Allowed versions of transaction in json format.
+    NetworkConfigTransactionDTO:
+      type: object
+      description: Transaction that updates config.
+      allOf:
+      - $ref: "#/components/schemas/TransactionDTO"
+      - $ref: "#/components/schemas/NetworkConfigBodyDTO"
+    EmbeddedNetworkConfigTransactionDTO:
+      type: object
+      allOf:
+      - $ref: "#/components/schemas/EmbeddedTransactionDTO"
+      - $ref: "#/components/schemas/NetworkConfigBodyDTO"
+    AddressMetadataBodyDTO:
+      type: object
+      required:
+      - metadataId
+      - metadataType
+      - modifications
+      properties:
+        metadataId:
+          type: string
+          description: The address in hexadecimal.
+        metadataType:
+          $ref: "#/components/schemas/MetadataTypeEnum"
+        modifications:
+          type: array
+          description: The array of metadata modifications.
+          items:
+            $ref: "#/components/schemas/MetadataModificationDTO"
+    AddressMetadataTransactionDTO:
+      type: object
+      description: Transaction that addes metadata to account.
+      allOf:
+      - $ref: "#/components/schemas/TransactionDTO"
+      - $ref: "#/components/schemas/AddressMetadataBodyDTO"
+    EmbeddedAddressMetadataTransactionDTO:
+      type: object
+      allOf:
+      - $ref: "#/components/schemas/EmbeddedTransactionDTO"
+      - $ref: "#/components/schemas/AddressMetadataBodyDTO"
+    MosaicMetadataBodyDTO:
+      type: object
+      required:
+      - metadataId
+      - metadataType
+      - modifications
+      properties:
+        metadataId:
+          $ref: "#/components/schemas/UInt64DTO"
+          description: Mosaic id.
+        metadataType:
+          $ref: "#/components/schemas/MetadataTypeEnum"
+        modifications:
+          type: array
+          description: The array of metadata modifications.
+          items:
+            $ref: "#/components/schemas/MetadataModificationDTO"
+    MosaicMetadataTransactionDTO:
+      type: object
+      description: Transaction that addes metadata to mosaic.
+      allOf:
+      - $ref: "#/components/schemas/TransactionDTO"
+      - $ref: "#/components/schemas/MosaicMetadataBodyDTO"
+    EmbeddedMosaicMetadataTransactionDTO:
+      type: object
+      allOf:
+      - $ref: "#/components/schemas/EmbeddedTransactionDTO"
+      - $ref: "#/components/schemas/MosaicMetadataBodyDTO"
+    NamespaceMetadataBodyDTO:
+      type: object
+      required:
+      - metadataId
+      - metadataType
+      - modifications
+      properties:
+        metadataId:
+          $ref: "#/components/schemas/UInt64DTO"
+          description: Namespace id.
+        metadataType:
+          $ref: "#/components/schemas/MetadataTypeEnum"
+        modifications:
+          type: array
+          description: The array of metadata modifications.
+          items:
+            $ref: "#/components/schemas/MetadataModificationDTO"
+    NamespaceMetadataTransactionDTO:
+      type: object
+      description: Transaction that addes metadata to namespace.
+      allOf:
+      - $ref: "#/components/schemas/TransactionDTO"
+      - $ref: "#/components/schemas/NamespaceMetadataBodyDTO"
+    EmbeddedNamespaceMetadataTransactionDTO:
+      type: object
+      allOf:
+      - $ref: "#/components/schemas/EmbeddedTransactionDTO"
+      - $ref: "#/components/schemas/NamespaceMetadataBodyDTO"
     MosaicDefinitionTransactionBodyDTO:
       type: object
       required:
@@ -3144,12 +3332,12 @@ components:
       type: object
       required:
       - remoteAccountKey
-      - linkAction
+      - action
       properties:
         remoteAccountKey:
           type: string
           description: The public key of the remote account.
-        linkAction:
+        action:
           $ref: "#/components/schemas/LinkActionEnum"
     AccountLinkTransactionDTO:
       type: object

src/e2e/java/io/proximax/sdk/E2EBlockchainTest.java

@@ -207,6 +207,7 @@ void upgradeBlockchainVersion() {
    }
 
    @Test
+   @Disabled("Requires nemesis private key to be defined")
    void configTransaction() {
       Account nemesis = Account.createFromPrivateKey(NEMESIS_PRIVATE_KEY, getNetworkType());
       BigInteger height = blockchainHttp.getBlockchainHeight().blockingFirst();

src/e2e/java/io/proximax/sdk/E2EContractTest.java

@@ -15,6 +15,7 @@
 import org.apache.commons.lang3.RandomUtils;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.MethodOrderer;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.TestInstance;
@@ -38,6 +39,7 @@
  */
 @TestInstance(TestInstance.Lifecycle.PER_CLASS)
 @TestMethodOrder(MethodOrderer.Alphanumeric.class)
+@Disabled("Contracts plugin is currently disabled after security review")
 public class E2EContractTest extends E2EBaseTest {
 
    private Account customer;