[WIP] Apply Shield Wallet Interaction Part 2

crates/profile/models/supporting-types/src/abstract_securified_entity.rs

@@ -62,6 +62,13 @@
         Into::<AddressOfAccountOrPersona>::into(self.entity.address())
     }
 
+    pub fn current_authentication_signing_factor_instance(
+        &self,
+    ) -> HierarchicalDeterministicFactorInstance {
+        self.securified_entity_control()
+            .authentication_signing_factor_instance()
+    }
+
     pub fn veci(&self) -> Option<VirtualEntityCreatingInstance> {
         self.securified_entity_control()
             .veci()

crates/transaction/manifests/src/manifests_security_shield/access_controller_factors_and_time_input.rs

@@ -0,0 +1,100 @@
+use crate::prelude::*;
+use radix_engine_interface::blueprints::access_controller::{
+    AccessControllerInitiateRecoveryAsPrimaryInput as ScryptoAccessControllerInitiateRecoveryAsPrimaryInput,
+    AccessControllerInitiateRecoveryAsRecoveryInput as ScryptoAccessControllerInitiateRecoveryAsRecoveryInput,
+    AccessControllerQuickConfirmPrimaryRoleRecoveryProposalInput as ScryptoAccessControllerQuickConfirmPrimaryRoleRecoveryProposalInput,
+    AccessControllerQuickConfirmRecoveryRoleRecoveryProposalInput as ScryptoAccessControllerQuickConfirmRecoveryRoleRecoveryProposalInput,
+    AccessControllerTimedConfirmRecoveryInput as ScryptoAccessControllerTimedConfirmRecoveryInput,
+};
+
+#[derive(Debug, Clone)]
+pub struct AccessControllerFactorsAndTimeInput {
+    rule_set: ScryptoRuleSet,
+    timed_recovery_delay_in_minutes: u32,
+}
+
+impl AccessControllerFactorsAndTimeInput {
+    pub fn new(
+        security_structure_of_factor_instances: &SecurityStructureOfFactorInstances,
+    ) -> Self {
+        let rule_set = ScryptoRuleSet::from(
+            security_structure_of_factor_instances
+                .matrix_of_factors
+                .clone(),
+        );
+
+        let timed_recovery_delay_in_minutes =
+            security_structure_of_factor_instances
+                .timed_recovery_delay_in_minutes();
+
+        Self {
+            rule_set,
+            timed_recovery_delay_in_minutes,
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerInitiateRecoveryAsRecoveryInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerInitiateRecoveryAsPrimaryInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerQuickConfirmRecoveryRoleRecoveryProposalInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerQuickConfirmPrimaryRoleRecoveryProposalInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}
+
+impl From<&AccessControllerFactorsAndTimeInput>
+    for ScryptoAccessControllerTimedConfirmRecoveryInput
+{
+    fn from(value: &AccessControllerFactorsAndTimeInput) -> Self {
+        Self {
+            rule_set: value.rule_set.clone(),
+            timed_recovery_delay_in_minutes: Some(
+                value.timed_recovery_delay_in_minutes,
+            ),
+        }
+    }
+}

crates/transaction/manifests/src/manifests_security_shield/manifests_securify_shield_securified_entity.rs

@@ -0,0 +1,95 @@
+#![allow(dead_code)]
+use crate::prelude::*;
+use std::ops::Deref;
+
+use profile_supporting_types::AnySecurifiedEntity;
+
+pub trait TransactionManifestSecurifySecurifiedEntity:
+    TransactionManifestSetRolaKey
+{
+    fn apply_security_shield_for_securified_entity(
+        securified_entity: AnySecurifiedEntity,
+        input: TransactionManifestApplySecurityShieldSecurifiedInput,
+    ) -> Result<TransactionManifest>;
+}
+
+impl TransactionManifestSecurifySecurifiedEntity for TransactionManifest {
+    fn apply_security_shield_for_securified_entity(
+        securified_entity: AnySecurifiedEntity,
+        input: TransactionManifestApplySecurityShieldSecurifiedInput,
+    ) -> Result<Self> {
+        let TransactionManifestApplySecurityShieldSecurifiedInput {
+            security_structure_of_factor_instances,
+            apply_shield_manifest_kind: kind,
+        } = input.clone();
+
+        let entity_address = securified_entity.entity.address();
+
+        // ACCESS_CONTROLLER_CREATE_PROOF_IDENT
+        let mut builder = TransactionManifest::produce_owner_badge(
+            ScryptoTransactionManifestBuilder::new(),
+            &securified_entity.entity,
+        );
+
+        let access_controller_address = securified_entity
+            .securified_entity_control
+            .access_controller_address;
+
+        let factors_and_time_input = &AccessControllerFactorsAndTimeInput::new(
+            &security_structure_of_factor_instances,
+        );
+
+        // INITIATE RECOVERY
+        let (init_method, init_input) =
+            kind.input_for_initialization(factors_and_time_input);
+        builder = builder.call_method(
+            access_controller_address.scrypto(),
+            init_method,
+            (init_input.deref(),),
+        );
+
+        // CONFIRM RECOVERY
+        // TODO: for timed, should we really call it here, now? Should
+        // we not call it AFTER the time has elapsed???
+        let (confirm_method, confirm_input) =
+            kind.input_for_confirm(factors_and_time_input);
+        builder = builder.call_method(
+            access_controller_address.scrypto(),
+            confirm_method,
+            (confirm_input.deref(),),
+        );
+
+        // Set Rola Key
+        let should_set_rola_key = security_structure_of_factor_instances
+            .authentication_signing_factor_instance
+            != securified_entity
+                .current_authentication_signing_factor_instance();
+
+        if should_set_rola_key {
+            if kind.can_set_rola_key() {
+                builder = TransactionManifest::set_rola_key(
+                    builder,
+                    &security_structure_of_factor_instances
+                        .authentication_signing_factor_instance,
+                    &entity_address,
+                );
+            } else {
+                return Err(CommonError::Unknown); // TODO: new error variant
+            }
+        }
+
+        let manifest = TransactionManifest::sargon_built(
+            builder,
+            securified_entity.network_id(),
+        );
+
+        // N.B.
+        // We do NOT top of XRD vault of AccessController - yet!
+        // Host will need to call the function:
+        // `modify_manifest_add_withdraw_of_xrd_for_access_controller_xrd_vault_top_up_paid_by_account`
+        // after user has selected account to pay in wallet GUI.
+        // (and as usual also call `modify_manifest_lock_fee`)
+
+        Ok(manifest)
+    }
+}

crates/transaction/manifests/src/manifests_security_shield/manifests_security_shield.rs → crates/transaction/manifests/src/manifests_security_shield/manifests_securify_shield_unsecurified_entity.rs

@@ -1,14 +1,10 @@
 use profile_supporting_types::AnyUnsecurifiedEntity;
 use radix_common::prelude::ACCESS_CONTROLLER_PACKAGE as SCRYPTO_ACCESS_CONTROLLER_PACKAGE;
-use radix_engine_interface::blueprints::{
-    access_controller::{
-        AccessControllerCreateManifestInput as ScryptoAccessControllerCreateManifestInput,
-        ACCESS_CONTROLLER_BLUEPRINT as SCRYPTO_ACCESS_CONTROLLER_BLUEPRINT,
-        ACCESS_CONTROLLER_CREATE_IDENT as SCRYPTO_ACCESS_CONTROLLER_CREATE_IDENT,
-    },
-    account::AccountSecurifyManifestInput as ScryptoAccountSecurifyManifestInput,
+use radix_engine_interface::blueprints::access_controller::{
+    AccessControllerCreateManifestInput as ScryptoAccessControllerCreateManifestInput,
+    ACCESS_CONTROLLER_BLUEPRINT as SCRYPTO_ACCESS_CONTROLLER_BLUEPRINT,
+    ACCESS_CONTROLLER_CREATE_IDENT as SCRYPTO_ACCESS_CONTROLLER_CREATE_IDENT,
 };
-use radix_transactions::prelude::ManifestBuilder;
 
 use crate::prelude::*;
 
@@ -29,37 +25,16 @@ impl TransactionManifestApplySecurityShieldUnsecurifiedInput {
     }
 }
 
-pub trait TransactionManifestSecurifyEntity: Sized {
+pub trait TransactionManifestSecurifyUnsecurifiedEntity:
+    Sized + TransactionManifestSetRolaKey
+{
     fn apply_security_shield_for_unsecurified_entity(
         unsecurified_entity: AnyUnsecurifiedEntity,
         input: TransactionManifestApplySecurityShieldUnsecurifiedInput,
     ) -> Result<Self>;
-
-    fn set_rola_key(
-        builder: ManifestBuilder,
-        authentication_signing_factor_instance: &HierarchicalDeterministicFactorInstance,
-        entity_address: &AddressOfAccountOrPersona,
-    ) -> ManifestBuilder;
 }
 
-impl TransactionManifestSecurifyEntity for TransactionManifest {
-    fn set_rola_key(
-        builder: ManifestBuilder,
-        authentication_signing_factor_instance:
-        &HierarchicalDeterministicFactorInstance,
-        entity_address: &AddressOfAccountOrPersona,
-    ) -> ManifestBuilder {
-        let rola_key_hash = PublicKeyHash::hash(
-            authentication_signing_factor_instance.public_key(),
-        );
-        let owner_key_hashes = vec![rola_key_hash];
-        Self::set_owner_keys_hashes_on_builder(
-            entity_address,
-            owner_key_hashes,
-            builder,
-        )
-    }
-
+impl TransactionManifestSecurifyUnsecurifiedEntity for TransactionManifest {
     /// We do NOT top of XRD vault of AccessController - yet!
     /// Host will need to call the function:
     /// `modify_manifest_add_withdraw_of_xrd_for_access_controller_xrd_vault_top_up_paid_by_account`
@@ -77,34 +52,11 @@ impl TransactionManifestSecurifyEntity for TransactionManifest {
         security_structure_of_factor_instances
             .assert_has_entity_kind(entity_address.get_entity_kind())?;
 
-        let (security_entity_identifier, owner_badge) =
-            if entity_address.is_identity() {
-                (
-                    SCRYPTO_IDENTITY_SECURIFY_IDENT,
-                    SCRYPTO_IDENTITY_OWNER_BADGE,
-                )
-            } else {
-                (SCRYPTO_ACCOUNT_SECURIFY_IDENT, SCRYPTO_ACCOUNT_OWNER_BADGE)
-            };
-
-        let mut builder = ScryptoTransactionManifestBuilder::new();
-
         // Securify the entity which will return an entity owner badge onto the worktop.
-        let owner_badge_bucket_name = "owner_badge_bucket";
-        {
-            builder = builder.call_method(
-                &entity_address,
-                security_entity_identifier,
-                ScryptoAccountSecurifyManifestInput {},
-            );
-
-            // Create a bucket out of the entity owner badge.
-            builder = builder.take_from_worktop(
-                owner_badge,
-                1,
-                owner_badge_bucket_name,
-            );
-        };
+        let (mut builder, owner_badge_bucket) = Self::put_owner_badge_in_bucket(
+            ScryptoTransactionManifestBuilder::new(),
+            &unsecurified_entity.entity,
+        );
 
         // Create an access controller for the entity.
         builder = {
@@ -131,8 +83,6 @@ impl TransactionManifestSecurifyEntity for TransactionManifest {
                     .clone(),
             );
 
-            let owner_badge_bucket = builder.bucket(owner_badge_bucket_name);
-
             builder.call_function(
                 SCRYPTO_ACCESS_CONTROLLER_PACKAGE,
                 SCRYPTO_ACCESS_CONTROLLER_BLUEPRINT,

crates/transaction/manifests/src/manifests_security_shield/mod.rs

@@ -1,6 +1,19 @@
-#[allow(clippy::module_inception)]
-mod manifests_security_shield;
+mod access_controller_factors_and_time_input;
+mod manifests_securify_shield_securified_entity;
+mod manifests_securify_shield_unsecurified_entity;
+mod set_rola_key;
 mod top_up_access_controller_xrd_vault;
+mod transaction_manifest_apply_security_shield_any_input;
+mod transaction_manifest_apply_security_shield_kind;
+mod transaction_manifest_apply_security_shield_securified_input;
+mod transaction_manifest_owner_badge_producing;
 
-pub use manifests_security_shield::*;
+pub use access_controller_factors_and_time_input::*;
+pub use manifests_securify_shield_securified_entity::*;
+pub use manifests_securify_shield_unsecurified_entity::*;
+pub use set_rola_key::*;
 pub use top_up_access_controller_xrd_vault::*;
+pub use transaction_manifest_apply_security_shield_any_input::*;
+pub use transaction_manifest_apply_security_shield_kind::*;
+pub use transaction_manifest_apply_security_shield_securified_input::*;
+pub use transaction_manifest_owner_badge_producing::*;

crates/transaction/manifests/src/manifests_security_shield/set_rola_key.rs

@@ -0,0 +1,30 @@
+use radix_transactions::prelude::ManifestBuilder;
+
+use crate::prelude::*;
+
+pub trait TransactionManifestSetRolaKey: Sized {
+    fn set_rola_key(
+        builder: ManifestBuilder,
+        authentication_signing_factor_instance: &HierarchicalDeterministicFactorInstance,
+        entity_address: &AddressOfAccountOrPersona,
+    ) -> ManifestBuilder;
+}
+
+impl TransactionManifestSetRolaKey for TransactionManifest {
+    fn set_rola_key(
+        builder: ManifestBuilder,
+        authentication_signing_factor_instance:
+        &HierarchicalDeterministicFactorInstance,
+        entity_address: &AddressOfAccountOrPersona,
+    ) -> ManifestBuilder {
+        let rola_key_hash = PublicKeyHash::hash(
+            authentication_signing_factor_instance.public_key(),
+        );
+        let owner_key_hashes = vec![rola_key_hash];
+        Self::set_owner_keys_hashes_on_builder(
+            entity_address,
+            owner_key_hashes,
+            builder,
+        )
+    }
+}