radixdlt · CyonAlexRDX · Jan 23, 2025 · Jan 23, 2025 · Jan 23, 2025 · Jan 24, 2025
diff --git a/crates/profile/models/supporting-types/src/abstract_securified_entity.rs b/crates/profile/models/supporting-types/src/abstract_securified_entity.rs
@@ -62,6 +62,13 @@
         Into::<AddressOfAccountOrPersona>::into(self.entity.address())
     }
 
+    pub fn current_authentication_signing_factor_instance(
+        &self,
+    ) -> HierarchicalDeterministicFactorInstance {
+        self.securified_entity_control()
+            .authentication_signing_factor_instance()
+    }
+
     pub fn veci(&self) -> Option<VirtualEntityCreatingInstance> {
         self.securified_entity_control()
             .veci()

diff --git a/...ystem/os/factors/src/apply_security_shield/sargon_os_apply_security_shield_interaction.rs b/...ystem/os/factors/src/apply_security_shield/sargon_os_apply_security_shield_interaction.rs
@@ -30,10 +30,9 @@
             .map(|e| {
                 let provisional = e.entity.get_provisional().expect("Entity should have a provisional config set since we applied shield above");
                 let derived = provisional.as_factor_instances_derived().expect("Should have derived factors");
-                let input = TransactionManifestApplySecurityShieldUnsecurifiedInput::new(derived.clone());
                 TransactionManifest::apply_security_shield_for_unsecurified_entity(
                     e,
-                    input,
+                    derived.clone()
                 )
         }).collect::<Result<Vec<TransactionManifest>>>()?;
 

diff --git a/...ction/manifests/src/manifests_security_shield/access_controller_factors_and_time_input.rs b/...ction/manifests/src/manifests_security_shield/access_controller_factors_and_time_input.rs
@@ -0,0 +1,100 @@
+use crate::prelude::*;
+use radix_engine_interface::blueprints::access_controller::{
+    AccessControllerInitiateRecoveryAsPrimaryInput as ScryptoAccessControllerInitiateRecoveryAsPrimaryInput,
+    AccessControllerInitiateRecoveryAsRecoveryInput as ScryptoAccessControllerInitiateRecoveryAsRecoveryInput,
+    AccessControllerQuickConfirmPrimaryRoleRecoveryProposalInput as ScryptoAccessControllerQuickConfirmPrimaryRoleRecoveryProposalInput,
+    AccessControllerQuickConfirmRecoveryRoleRecoveryProposalInput as ScryptoAccessControllerQuickConfirmRecoveryRoleRecoveryProposalInput,
+    AccessControllerTimedConfirmRecoveryInput as ScryptoAccessControllerTimedConfirmRecoveryInput,
+};
+
+#[derive(Debug, Clone)]
+pub struct AccessControllerFactorsAndTimeInput {
+    rule_set: ScryptoRuleSet,
+    timed_recovery_delay_in_minutes: u32,
+}
+
+impl AccessControllerFactorsAndTimeInput {
+    pub fn new(
+        security_structure_of_factor_instances: &SecurityStructureOfFactorInstances,
+    ) -> Self {
+        let rule_set = ScryptoRuleSet::from(
+            security_structure_of_factor_instances
+                .matrix_of_factors
+                .clone(),
+        );
+
+        let timed_recovery_delay_in_minutes =
+            security_structure_of_factor_instances
+                .timed_recovery_delay_in_minutes();
+
+        Self {
+            rule_set,
+            timed_recovery_delay_in_minutes,
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerInitiateRecoveryAsRecoveryInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerInitiateRecoveryAsPrimaryInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerQuickConfirmRecoveryRoleRecoveryProposalInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerQuickConfirmPrimaryRoleRecoveryProposalInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerTimedConfirmRecoveryInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
diff --git a/...on/manifests/src/manifests_security_shield/manifests_securify_shield_securified_entity.rs b/...on/manifests/src/manifests_security_shield/manifests_securify_shield_securified_entity.rs
@@ -0,0 +1,95 @@
+#![allow(dead_code)]
+use crate::prelude::*;
+use std::ops::Deref;
+
+use profile_supporting_types::AnySecurifiedEntity;
+
+pub trait TransactionManifestSecurifySecurifiedEntity:
+    TransactionManifestSetRolaKey
+{
+    fn apply_security_shield_for_securified_entity(
+        securified_entity: AnySecurifiedEntity,
+        security_structure_of_factor_instances:
+        SecurityStructureOfFactorInstances,
+        apply_shield_manifest_kind: TransactionManifestApplySecurityShieldKind,
+    ) -> Result<TransactionManifest>;
+}
+
+impl TransactionManifestSecurifySecurifiedEntity for TransactionManifest {
+    fn apply_security_shield_for_securified_entity(
+        securified_entity: AnySecurifiedEntity,
+        security_structure_of_factor_instances:
+        SecurityStructureOfFactorInstances,
+        apply_shield_manifest_kind: TransactionManifestApplySecurityShieldKind,
+    ) -> Result<Self> {
+        let kind = apply_shield_manifest_kind;
+        let entity_address = securified_entity.entity.address();
+
+        // ACCESS_CONTROLLER_CREATE_PROOF_IDENT
+        let mut builder = TransactionManifest::produce_owner_badge(
+            ScryptoTransactionManifestBuilder::new(),
+            &securified_entity.entity,
+        );
+
+        let access_controller_address = securified_entity
+            .securified_entity_control
+            .access_controller_address;
+
+        let factors_and_time_input = &AccessControllerFactorsAndTimeInput::new(
+            &security_structure_of_factor_instances,
+        );
+
+        // INITIATE RECOVERY
+        let (init_method, init_input) =
+            kind.input_for_initialization(factors_and_time_input);
+        builder = builder.call_method(
+            access_controller_address.scrypto(),
+            init_method,
+            (init_input.deref(),),
+        );
+
+        // CONFIRM RECOVERY
+        // TODO: for timed, should we really call it here, now? Should
+        // we not call it AFTER the time has elapsed???
+        let (confirm_method, confirm_input) =
+            kind.input_for_confirm(factors_and_time_input);
+        builder = builder.call_method(
+            access_controller_address.scrypto(),
+            confirm_method,
+            (confirm_input.deref(),),
+        );
+
+        // Set Rola Key
+        let should_set_rola_key = security_structure_of_factor_instances
+            .authentication_signing_factor_instance
+            != securified_entity
+                .current_authentication_signing_factor_instance();
+
+        if should_set_rola_key {
+            if kind.can_set_rola_key() {
+                builder = TransactionManifest::set_rola_key(
+                    builder,
+                    &security_structure_of_factor_instances
+                        .authentication_signing_factor_instance,
+                    &entity_address,
+                );
+            } else {
+                return Err(CommonError::Unknown); // TODO: new error variant
+            }
+        }
+
+        let manifest = TransactionManifest::sargon_built(
+            builder,
+            securified_entity.network_id(),
+        );
+
+        // N.B.
+        // We do NOT top of XRD vault of AccessController - yet!
+        // Host will need to call the function:
+        // `modify_manifest_add_withdraw_of_xrd_for_access_controller_xrd_vault_top_up_paid_by_account`
+        // after user has selected account to pay in wallet GUI.
+        // (and as usual also call `modify_manifest_lock_fee`)
+
+        Ok(manifest)
+    }
+}