diff --git a/cli/src/cli.rs b/cli/src/cli.rs index 670dc9f6a8..5399a2df5e 100644 --- a/cli/src/cli.rs +++ b/cli/src/cli.rs @@ -113,16 +113,21 @@ pub enum CliCommand { // Nonce commands CreateNonceAccount { nonce_account: KeypairEq, + nonce_authority: Pubkey, lamports: u64, }, GetNonce(Pubkey), - NewNonce(KeypairEq), + NewNonce { + nonce_account: Pubkey, + nonce_authority: KeypairEq, + }, ShowNonceAccount { nonce_account_pubkey: Pubkey, use_lamports_unit: bool, }, WithdrawFromNonceAccount { - nonce_account: KeypairEq, + nonce_account: Pubkey, + nonce_authority: KeypairEq, destination_account_pubkey: Pubkey, lamports: u64, }, @@ -1131,16 +1136,24 @@ pub fn process_command(config: &CliConfig) -> ProcessResult { // Create nonce account CliCommand::CreateNonceAccount { nonce_account, + nonce_authority, lamports, - } => process_create_nonce_account(&rpc_client, config, nonce_account, *lamports), + } => process_create_nonce_account( + &rpc_client, + config, + nonce_account, + nonce_authority, + *lamports, + ), // Get the current nonce CliCommand::GetNonce(nonce_account_pubkey) => { process_get_nonce(&rpc_client, &nonce_account_pubkey) } // Get a new nonce - CliCommand::NewNonce(nonce_account) => { - process_new_nonce(&rpc_client, config, nonce_account) - } + CliCommand::NewNonce { + nonce_account, + nonce_authority, + } => process_new_nonce(&rpc_client, config, nonce_account, nonce_authority), // Show the contents of a nonce account CliCommand::ShowNonceAccount { nonce_account_pubkey, @@ -1149,12 +1162,14 @@ pub fn process_command(config: &CliConfig) -> ProcessResult { // Withdraw lamports from a nonce account CliCommand::WithdrawFromNonceAccount { nonce_account, + nonce_authority, destination_account_pubkey, lamports, } => process_withdraw_from_nonce_account( &rpc_client, config, &nonce_account, + nonce_authority, &destination_account_pubkey, *lamports, ), diff --git a/cli/src/nonce.rs b/cli/src/nonce.rs index 1418af1ff0..c73868e443 100644 --- a/cli/src/nonce.rs +++ b/cli/src/nonce.rs @@ -22,6 +22,15 @@ pub trait NonceSubCommands { fn nonce_subcommands(self) -> Self; } +fn nonce_authority_arg<'a, 'b>() -> Arg<'a, 'b> { + Arg::with_name("nonce_authority") + .long("nonce-authority") + .takes_value(true) + .value_name("KEYPAIR") + .validator(is_keypair_or_ask_keyword) + .help("Specify nonce authority if different from account") +} + impl NonceSubCommands for App<'_, '_> { fn nonce_subcommands(self) -> Self { self.subcommand( @@ -33,7 +42,7 @@ impl NonceSubCommands for App<'_, '_> { .value_name("NONCE ACCOUNT") .takes_value(true) .required(true) - .validator(is_keypair_or_ask_keyword) + .validator(is_pubkey_or_keypair) .help("Keypair of the nonce account to fund"), ) .arg( @@ -52,6 +61,14 @@ impl NonceSubCommands for App<'_, '_> { .takes_value(true) .possible_values(&["SOL", "lamports"]) .help("Specify unit to use for request"), + ) + .arg( + Arg::with_name("nonce_authority") + .long("nonce-authority") + .takes_value(true) + .value_name("BASE58_PUBKEY") + .validator(is_pubkey_or_keypair) + .help("Assign noncing authority to another entity"), ), ) .subcommand( @@ -78,7 +95,8 @@ impl NonceSubCommands for App<'_, '_> { .required(true) .validator(is_pubkey_or_keypair) .help("Address of the nonce account"), - ), + ) + .arg(nonce_authority_arg()), ) .subcommand( SubCommand::with_name("show-nonce-account") @@ -136,18 +154,27 @@ impl NonceSubCommands for App<'_, '_> { .takes_value(true) .possible_values(&["SOL", "lamports"]) .help("Specify unit to use for request"), - ), + ) + .arg(nonce_authority_arg()), ) } } +fn resolve_nonce_authority(matches: &ArgMatches<'_>) -> Keypair { + keypair_of(matches, "nonce_authority") + .unwrap_or_else(|| keypair_of(matches, "nonce_account_keypair").unwrap()) +} + pub fn parse_nonce_create_account(matches: &ArgMatches<'_>) -> Result { let nonce_account = keypair_of(matches, "nonce_account_keypair").unwrap(); let lamports = required_lamports_from(matches, "amount", "unit")?; + let nonce_authority = + pubkey_of(matches, "nonce_authority").unwrap_or_else(|| nonce_account.pubkey()); Ok(CliCommandInfo { command: CliCommand::CreateNonceAccount { nonce_account: nonce_account.into(), + nonce_authority, lamports, }, require_keypair: true, @@ -164,10 +191,14 @@ pub fn parse_get_nonce(matches: &ArgMatches<'_>) -> Result) -> Result { - let nonce_account = keypair_of(matches, "nonce_account_keypair").unwrap(); + let nonce_account = pubkey_of(matches, "nonce_account_keypair").unwrap(); + let nonce_authority = resolve_nonce_authority(matches); Ok(CliCommandInfo { - command: CliCommand::NewNonce(nonce_account.into()), + command: CliCommand::NewNonce { + nonce_account, + nonce_authority: nonce_authority.into(), + }, require_keypair: true, }) } @@ -188,13 +219,15 @@ pub fn parse_show_nonce_account(matches: &ArgMatches<'_>) -> Result, ) -> Result { - let nonce_account = keypair_of(matches, "nonce_account_keypair").unwrap(); + let nonce_account = pubkey_of(matches, "nonce_account_keypair").unwrap(); let destination_account_pubkey = pubkey_of(matches, "destination_account_pubkey").unwrap(); let lamports = required_lamports_from(matches, "amount", "unit")?; + let nonce_authority = resolve_nonce_authority(matches); Ok(CliCommandInfo { command: CliCommand::WithdrawFromNonceAccount { - nonce_account: nonce_account.into(), + nonce_account, + nonce_authority: nonce_authority.into(), destination_account_pubkey, lamports, }, @@ -206,6 +239,7 @@ pub fn process_create_nonce_account( rpc_client: &RpcClient, config: &CliConfig, nonce_account: &Keypair, + nonce_authority: &Pubkey, lamports: u64, ) -> ProcessResult { let nonce_account_pubkey = nonce_account.pubkey(); @@ -217,7 +251,7 @@ pub fn process_create_nonce_account( if rpc_client.get_account(&nonce_account_pubkey).is_ok() { return Err(CliError::BadParameter(format!( "Unable to create nonce account. Nonce account already exists: {}", - nonce_account_pubkey + nonce_account_pubkey, )) .into()); } @@ -231,7 +265,12 @@ pub fn process_create_nonce_account( .into()); } - let ixs = create_nonce_account(&config.keypair.pubkey(), &nonce_account_pubkey, lamports); + let ixs = create_nonce_account( + &config.keypair.pubkey(), + &nonce_account_pubkey, + nonce_authority, + lamports, + ); let (recent_blockhash, fee_calculator) = rpc_client.get_recent_blockhash()?; let mut tx = Transaction::new_signed_with_payer( ixs, @@ -272,27 +311,27 @@ pub fn process_get_nonce(rpc_client: &RpcClient, nonce_account_pubkey: &Pubkey) pub fn process_new_nonce( rpc_client: &RpcClient, config: &CliConfig, - nonce_account: &Keypair, + nonce_account: &Pubkey, + nonce_authority: &Keypair, ) -> ProcessResult { - let nonce_account_pubkey = nonce_account.pubkey(); check_unique_pubkeys( (&config.keypair.pubkey(), "cli keypair".to_string()), - (&nonce_account_pubkey, "nonce_account_pubkey".to_string()), + (&nonce_account, "nonce_account_pubkey".to_string()), )?; - if rpc_client.get_account(&nonce_account_pubkey).is_err() { + if rpc_client.get_account(&nonce_account).is_err() { return Err(CliError::BadParameter( "Unable to create new nonce, no nonce account found".to_string(), ) .into()); } - let ix = nonce(&nonce_account_pubkey); + let ix = nonce(&nonce_account, &nonce_authority.pubkey()); let (recent_blockhash, fee_calculator) = rpc_client.get_recent_blockhash()?; let mut tx = Transaction::new_signed_with_payer( vec![ix], Some(&config.keypair.pubkey()), - &[&config.keypair, nonce_account], + &[&config.keypair, nonce_authority], recent_blockhash, ); check_account_for_fee( @@ -302,7 +341,7 @@ pub fn process_new_nonce( &tx.message, )?; let result = - rpc_client.send_and_confirm_transaction(&mut tx, &[&config.keypair, nonce_account]); + rpc_client.send_and_confirm_transaction(&mut tx, &[&config.keypair, nonce_authority]); log_instruction_custom_error::(result) } @@ -351,21 +390,23 @@ pub fn process_show_nonce_account( pub fn process_withdraw_from_nonce_account( rpc_client: &RpcClient, config: &CliConfig, - nonce_account: &Keypair, + nonce_account: &Pubkey, + nonce_authority: &Keypair, destination_account_pubkey: &Pubkey, lamports: u64, ) -> ProcessResult { let (recent_blockhash, fee_calculator) = rpc_client.get_recent_blockhash()?; let ix = withdraw( - &nonce_account.pubkey(), + nonce_account, + &nonce_authority.pubkey(), destination_account_pubkey, lamports, ); let mut tx = Transaction::new_signed_with_payer( vec![ix], Some(&config.keypair.pubkey()), - &[&config.keypair, nonce_account], + &[&config.keypair, nonce_authority], recent_blockhash, ); check_account_for_fee( @@ -375,7 +416,7 @@ pub fn process_withdraw_from_nonce_account( &tx.message, )?; let result = - rpc_client.send_and_confirm_transaction(&mut tx, &[&config.keypair, nonce_account]); + rpc_client.send_and_confirm_transaction(&mut tx, &[&config.keypair, nonce_authority]); log_instruction_custom_error::(result) } @@ -413,7 +454,33 @@ mod tests { CliCommandInfo { command: CliCommand::CreateNonceAccount { nonce_account: read_keypair_file(&keypair_file).unwrap().into(), - lamports: 50 + nonce_authority: nonce_account_pubkey, + lamports: 50, + }, + require_keypair: true + } + ); + + // Test CreateNonceAccount SubCommand with authority + let (authority_keypair_file, mut tmp_file2) = make_tmp_file(); + let nonce_authority_keypair = Keypair::new(); + write_keypair(&nonce_authority_keypair, tmp_file2.as_file_mut()).unwrap(); + let test_create_nonce_account = test_commands.clone().get_matches_from(vec![ + "test", + "create-nonce-account", + &keypair_file, + "50", + "lamports", + "--nonce-authority", + &authority_keypair_file, + ]); + assert_eq!( + parse_command(&test_create_nonce_account).unwrap(), + CliCommandInfo { + command: CliCommand::CreateNonceAccount { + nonce_account: read_keypair_file(&keypair_file).unwrap().into(), + nonce_authority: read_keypair_file(&authority_keypair_file).unwrap().pubkey(), + lamports: 50, }, require_keypair: true } @@ -438,10 +505,34 @@ mod tests { test_commands .clone() .get_matches_from(vec!["test", "new-nonce", &keypair_file]); + let nonce_account = read_keypair_file(&keypair_file).unwrap(); assert_eq!( parse_command(&test_new_nonce).unwrap(), CliCommandInfo { - command: CliCommand::NewNonce(read_keypair_file(&keypair_file).unwrap().into()), + command: CliCommand::NewNonce { + nonce_account: nonce_account.pubkey(), + nonce_authority: nonce_account.into(), + }, + require_keypair: true + } + ); + + // Test NewNonce SubCommand with authority + let test_new_nonce = test_commands.clone().get_matches_from(vec![ + "test", + "new-nonce", + &keypair_file, + "--nonce-authority", + &authority_keypair_file, + ]); + let nonce_account = read_keypair_file(&keypair_file).unwrap(); + assert_eq!( + parse_command(&test_new_nonce).unwrap(), + CliCommandInfo { + command: CliCommand::NewNonce { + nonce_account: nonce_account.pubkey(), + nonce_authority: read_keypair_file(&authority_keypair_file).unwrap().into(), + }, require_keypair: true } ); @@ -476,7 +567,8 @@ mod tests { parse_command(&test_withdraw_from_nonce_account).unwrap(), CliCommandInfo { command: CliCommand::WithdrawFromNonceAccount { - nonce_account: read_keypair_file(&keypair_file).unwrap().into(), + nonce_account: read_keypair_file(&keypair_file).unwrap().pubkey(), + nonce_authority: read_keypair_file(&keypair_file).unwrap().into(), destination_account_pubkey: nonce_account_pubkey, lamports: 42 }, @@ -496,12 +588,37 @@ mod tests { parse_command(&test_withdraw_from_nonce_account).unwrap(), CliCommandInfo { command: CliCommand::WithdrawFromNonceAccount { - nonce_account: read_keypair_file(&keypair_file).unwrap().into(), + nonce_account: read_keypair_file(&keypair_file).unwrap().pubkey(), + nonce_authority: read_keypair_file(&keypair_file).unwrap().into(), destination_account_pubkey: nonce_account_pubkey, lamports: 42000000000 }, require_keypair: true } ); + + // Test WithdrawFromNonceAccount Subcommand with authority + let test_withdraw_from_nonce_account = test_commands.clone().get_matches_from(vec![ + "test", + "withdraw-from-nonce-account", + &keypair_file, + &nonce_account_string, + "42", + "lamports", + "--nonce-authority", + &authority_keypair_file, + ]); + assert_eq!( + parse_command(&test_withdraw_from_nonce_account).unwrap(), + CliCommandInfo { + command: CliCommand::WithdrawFromNonceAccount { + nonce_account: read_keypair_file(&keypair_file).unwrap().pubkey(), + nonce_authority: read_keypair_file(&authority_keypair_file).unwrap().into(), + destination_account_pubkey: nonce_account_pubkey, + lamports: 42 + }, + require_keypair: true + } + ); } } diff --git a/cli/tests/nonce.rs b/cli/tests/nonce.rs index 2b1822cadf..14180a9b6f 100644 --- a/cli/tests/nonce.rs +++ b/cli/tests/nonce.rs @@ -4,7 +4,7 @@ use solana_faucet::faucet::run_local_faucet; use solana_sdk::{ hash::Hash, pubkey::Pubkey, - signature::{read_keypair_file, write_keypair, KeypairUtil}, + signature::{read_keypair_file, write_keypair, Keypair, KeypairUtil}, }; use std::fs::remove_dir_all; use std::sync::mpsc::channel; @@ -53,6 +53,63 @@ fn test_nonce() { let (keypair_file, mut tmp_file) = make_tmp_file(); write_keypair(&config_nonce.keypair, tmp_file.as_file_mut()).unwrap(); + full_battery_tests( + &rpc_client, + &drone_addr, + &mut config_payer, + &mut config_nonce, + &keypair_file, + &keypair_file, + ); + + server.close().unwrap(); + remove_dir_all(ledger_path).unwrap(); +} + +#[test] +fn test_nonce_with_authority() { + let (server, leader_data, alice, ledger_path) = new_validator_for_tests(); + let (sender, receiver) = channel(); + run_local_drone(alice, sender, None); + let drone_addr = receiver.recv().unwrap(); + + let rpc_client = RpcClient::new_socket(leader_data.rpc); + + let mut config_payer = CliConfig::default(); + config_payer.json_rpc_url = + format!("http://{}:{}", leader_data.rpc.ip(), leader_data.rpc.port()); + + let mut config_nonce = CliConfig::default(); + config_nonce.json_rpc_url = + format!("http://{}:{}", leader_data.rpc.ip(), leader_data.rpc.port()); + let (nonce_keypair_file, mut tmp_file) = make_tmp_file(); + write_keypair(&config_nonce.keypair, tmp_file.as_file_mut()).unwrap(); + + let nonce_authority = Keypair::new(); + let (authority_keypair_file, mut tmp_file2) = make_tmp_file(); + write_keypair(&nonce_authority, tmp_file2.as_file_mut()).unwrap(); + + full_battery_tests( + &rpc_client, + &drone_addr, + &mut config_payer, + &mut config_nonce, + &nonce_keypair_file, + &authority_keypair_file, + ); + + server.close().unwrap(); + remove_dir_all(ledger_path).unwrap(); +} + +fn full_battery_tests( + rpc_client: &RpcClient, + drone_addr: &std::net::SocketAddr, + config_payer: &mut CliConfig, + config_nonce: &mut CliConfig, + nonce_keypair_file: &str, + authority_keypair_file: &str, +) { request_and_confirm_airdrop( &rpc_client, &faucet_addr, @@ -64,7 +121,8 @@ fn test_nonce() { // Create nonce account config_payer.command = CliCommand::CreateNonceAccount { - nonce_account: read_keypair_file(&keypair_file).unwrap().into(), + nonce_account: read_keypair_file(&nonce_keypair_file).unwrap().into(), + nonce_authority: read_keypair_file(&authority_keypair_file).unwrap().pubkey(), lamports: 1000, }; process_command(&config_payer).unwrap(); @@ -84,7 +142,10 @@ fn test_nonce() { assert_eq!(first_nonce, second_nonce); // New nonce - config_payer.command = CliCommand::NewNonce(read_keypair_file(&keypair_file).unwrap().into()); + config_payer.command = CliCommand::NewNonce { + nonce_account: read_keypair_file(&nonce_keypair_file).unwrap().pubkey(), + nonce_authority: read_keypair_file(&authority_keypair_file).unwrap().into(), + }; process_command(&config_payer).unwrap(); // Get nonce @@ -97,7 +158,8 @@ fn test_nonce() { // Withdraw from nonce account let payee_pubkey = Pubkey::new_rand(); config_payer.command = CliCommand::WithdrawFromNonceAccount { - nonce_account: read_keypair_file(&keypair_file).unwrap().into(), + nonce_account: read_keypair_file(&nonce_keypair_file).unwrap().pubkey(), + nonce_authority: read_keypair_file(&authority_keypair_file).unwrap().into(), destination_account_pubkey: payee_pubkey, lamports: 100, }; @@ -112,7 +174,4 @@ fn test_nonce() { use_lamports_unit: true, }; process_command(&config_payer).unwrap(); - - server.close().unwrap(); - remove_dir_all(ledger_path).unwrap(); } diff --git a/runtime/src/bank.rs b/runtime/src/bank.rs index 5e0bdb62c4..4144c0ecd6 100644 --- a/runtime/src/bank.rs +++ b/runtime/src/bank.rs @@ -4471,6 +4471,7 @@ mod tests { mint_keypair: &Keypair, custodian_lamports: u64, nonce_lamports: u64, + nonce_authority: Option, ) -> Result<(Keypair, Keypair)> { let custodian_keypair = Keypair::new(); let nonce_keypair = Keypair::new(); @@ -4480,9 +4481,11 @@ mod tests { &custodian_keypair.pubkey(), custodian_lamports, )]; + let nonce_authority = nonce_authority.unwrap_or(nonce_keypair.pubkey()); setup_ixs.extend_from_slice(&nonce_instruction::create_nonce_account( &custodian_keypair.pubkey(), &nonce_keypair.pubkey(), + &nonce_authority, nonce_lamports, )); let setup_tx = Transaction::new_signed_instructions( @@ -4499,6 +4502,7 @@ mod tests { mut genesis_cfg_fn: F, custodian_lamports: u64, nonce_lamports: u64, + nonce_authority: Option, ) -> Result<(Arc, Keypair, Keypair, Keypair)> where F: FnMut(&mut GenesisConfig), @@ -4508,22 +4512,27 @@ mod tests { genesis_cfg_fn(&mut genesis_config); let mut bank = Arc::new(Bank::new(&genesis_config)); - let (custodian_keypair, nonce_keypair) = - nonce_setup(&mut bank, &mint_keypair, custodian_lamports, nonce_lamports)?; + let (custodian_keypair, nonce_keypair) = nonce_setup( + &mut bank, + &mint_keypair, + custodian_lamports, + nonce_lamports, + nonce_authority, + )?; Ok((bank, mint_keypair, custodian_keypair, nonce_keypair)) } #[test] fn test_check_tx_durable_nonce_ok() { let (bank, _mint_keypair, custodian_keypair, nonce_keypair) = - setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000).unwrap(); + setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000, None).unwrap(); let custodian_pubkey = custodian_keypair.pubkey(); let nonce_pubkey = nonce_keypair.pubkey(); let nonce_hash = get_nonce(&bank, &nonce_pubkey).unwrap(); let tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &nonce_pubkey, 100_000), ], Some(&custodian_pubkey), @@ -4536,7 +4545,7 @@ mod tests { #[test] fn test_check_tx_durable_nonce_not_durable_nonce_fail() { let (bank, _mint_keypair, custodian_keypair, nonce_keypair) = - setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000).unwrap(); + setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000, None).unwrap(); let custodian_pubkey = custodian_keypair.pubkey(); let nonce_pubkey = nonce_keypair.pubkey(); @@ -4544,7 +4553,7 @@ mod tests { let tx = Transaction::new_signed_with_payer( vec![ system_instruction::transfer(&custodian_pubkey, &nonce_pubkey, 100_000), - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), ], Some(&custodian_pubkey), &[&custodian_keypair, &nonce_keypair], @@ -4556,14 +4565,14 @@ mod tests { #[test] fn test_check_tx_durable_nonce_missing_ix_pubkey_fail() { let (bank, _mint_keypair, custodian_keypair, nonce_keypair) = - setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000).unwrap(); + setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000, None).unwrap(); let custodian_pubkey = custodian_keypair.pubkey(); let nonce_pubkey = nonce_keypair.pubkey(); let nonce_hash = get_nonce(&bank, &nonce_pubkey).unwrap(); let mut tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &nonce_pubkey, 100_000), ], Some(&custodian_pubkey), @@ -4577,7 +4586,7 @@ mod tests { #[test] fn test_check_tx_durable_nonce_nonce_acc_does_not_exist_fail() { let (bank, _mint_keypair, custodian_keypair, nonce_keypair) = - setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000).unwrap(); + setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000, None).unwrap(); let custodian_pubkey = custodian_keypair.pubkey(); let nonce_pubkey = nonce_keypair.pubkey(); let missing_keypair = Keypair::new(); @@ -4586,11 +4595,11 @@ mod tests { let nonce_hash = get_nonce(&bank, &nonce_pubkey).unwrap(); let tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&missing_pubkey), + nonce_instruction::nonce(&missing_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &nonce_pubkey, 100_000), ], Some(&custodian_pubkey), - &[&custodian_keypair, &missing_keypair], + &[&custodian_keypair, &nonce_keypair], nonce_hash, ); assert!(!bank.check_tx_durable_nonce(&tx)); @@ -4599,13 +4608,13 @@ mod tests { #[test] fn test_check_tx_durable_nonce_bad_tx_hash_fail() { let (bank, _mint_keypair, custodian_keypair, nonce_keypair) = - setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000).unwrap(); + setup_nonce_with_bank(10_000_000, |_| {}, 5_000_000, 250_000, None).unwrap(); let custodian_pubkey = custodian_keypair.pubkey(); let nonce_pubkey = nonce_keypair.pubkey(); let tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &nonce_pubkey, 100_000), ], Some(&custodian_pubkey), @@ -4624,6 +4633,7 @@ mod tests { }, 5_000_000, 250_000, + None, ) .unwrap(); let alice_keypair = Keypair::new(); @@ -4659,7 +4669,7 @@ mod tests { /* Durable Nonce transfer */ let durable_tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &alice_pubkey, 100_000), ], Some(&custodian_pubkey), @@ -4680,7 +4690,7 @@ mod tests { /* Durable Nonce re-use fails */ let durable_tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &alice_pubkey, 100_000), ], Some(&custodian_pubkey), @@ -4704,7 +4714,7 @@ mod tests { let durable_tx = Transaction::new_signed_with_payer( vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&custodian_pubkey, &alice_pubkey, 100_000_000), ], Some(&custodian_pubkey), diff --git a/runtime/src/nonce_utils.rs b/runtime/src/nonce_utils.rs index db5dae2a97..54156a2d62 100644 --- a/runtime/src/nonce_utils.rs +++ b/runtime/src/nonce_utils.rs @@ -61,7 +61,7 @@ mod tests { let tx = Transaction::new_signed_instructions( &[&from_keypair, &nonce_keypair], vec![ - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), system_instruction::transfer(&from_pubkey, &nonce_pubkey, 42), ], Hash::default(), @@ -99,7 +99,7 @@ mod tests { &[&from_keypair, &nonce_keypair], vec![ system_instruction::transfer(&from_pubkey, &nonce_pubkey, 42), - nonce_instruction::nonce(&nonce_pubkey), + nonce_instruction::nonce(&nonce_pubkey, &nonce_pubkey), ], Hash::default(), ); @@ -115,7 +115,7 @@ mod tests { let tx = Transaction::new_signed_instructions( &[&from_keypair, &nonce_keypair], vec![ - nonce_instruction::withdraw(&nonce_pubkey, &from_pubkey, 42), + nonce_instruction::withdraw(&nonce_pubkey, &nonce_pubkey, &from_pubkey, 42), system_instruction::transfer(&from_pubkey, &nonce_pubkey, 42), ], Hash::default(), @@ -160,8 +160,9 @@ mod tests { // New is in Uninitialzed state assert_eq!(state, NonceState::Uninitialized); let recent_blockhashes = create_test_recent_blockhashes(0); + let authorized = nonce_account.unsigned_key().clone(); nonce_account - .initialize(&recent_blockhashes, &Rent::free()) + .initialize(&authorized, &recent_blockhashes, &Rent::free()) .unwrap(); assert!(verify_nonce(&nonce_account.account, &recent_blockhashes[0])); }); @@ -183,8 +184,9 @@ mod tests { // New is in Uninitialzed state assert_eq!(state, NonceState::Uninitialized); let recent_blockhashes = create_test_recent_blockhashes(0); + let authorized = nonce_account.unsigned_key().clone(); nonce_account - .initialize(&recent_blockhashes, &Rent::free()) + .initialize(&authorized, &recent_blockhashes, &Rent::free()) .unwrap(); assert!(!verify_nonce( &nonce_account.account, diff --git a/sdk/src/nonce_instruction.rs b/sdk/src/nonce_instruction.rs index 2057159172..6118ac90b8 100644 --- a/sdk/src/nonce_instruction.rs +++ b/sdk/src/nonce_instruction.rs @@ -1,6 +1,6 @@ use crate::{ account::{get_signers, KeyedAccount}, - instruction::{AccountMeta, Instruction, InstructionError}, + instruction::{AccountMeta, Instruction, InstructionError, WithSigner}, instruction_processor_utils::{limited_deserialize, next_keyed_account, DecodeError}, nonce_program::id, nonce_state::{NonceAccount, NonceState}, @@ -38,10 +38,11 @@ impl DecodeError for NonceError { pub enum NonceInstruction { /// `Nonce` consumes a stored nonce, replacing it with a successor /// - /// Expects 3 Accounts: + /// Expects 2 Accounts: /// 0 - A NonceAccount /// 1 - RecentBlockhashes sysvar /// + /// The current authority must sign a transaction executing this instrucion Nonce, /// `Withdraw` transfers funds out of the nonce account @@ -54,6 +55,8 @@ pub enum NonceInstruction { /// /// The `u64` parameter is the lamports to withdraw, which must leave the /// account balance above the rent exempt reserve or at zero. + /// + /// The current authority must sign a transaction executing this instruction Withdraw(u64), /// `Initialize` drives state of Uninitalized NonceAccount to Initialized, @@ -63,12 +66,30 @@ pub enum NonceInstruction { /// 0 - A NonceAccount in the Uninitialized state /// 1 - RecentBlockHashes sysvar /// 2 - Rent sysvar - Initialize, + /// + /// The `Pubkey` parameter specifies the entity authorized to execute nonce + /// instruction on the account + /// + /// No signatures are required to execute this instruction, enabling derived + /// nonce account addresses + Initialize(Pubkey), + + /// `Authorize` changes the entity authorized to execute nonce instructions + /// on the account + /// + /// Expects 1 Account: + /// 0 - A NonceAccount + /// + /// The `Pubkey` parameter identifies the entity to authorize + /// + /// The current authority must sign a transaction executing this instruction + Authorize(Pubkey), } pub fn create_nonce_account( from_pubkey: &Pubkey, nonce_pubkey: &Pubkey, + authority: &Pubkey, lamports: u64, ) -> Vec { vec![ @@ -79,43 +100,57 @@ pub fn create_nonce_account( NonceState::size() as u64, &id(), ), - initialize(nonce_pubkey), + initialize(nonce_pubkey, authority), ] } -fn initialize(nonce_pubkey: &Pubkey) -> Instruction { +fn initialize(nonce_pubkey: &Pubkey, authority: &Pubkey) -> Instruction { Instruction::new( id(), - &NonceInstruction::Initialize, + &NonceInstruction::Initialize(*authority), vec![ - AccountMeta::new(*nonce_pubkey, true), + AccountMeta::new(*nonce_pubkey, false), AccountMeta::new_readonly(recent_blockhashes::id(), false), AccountMeta::new_readonly(rent::id(), false), ], ) } -pub fn nonce(nonce_pubkey: &Pubkey) -> Instruction { - Instruction::new( - id(), - &NonceInstruction::Nonce, - vec![ - AccountMeta::new(*nonce_pubkey, true), - AccountMeta::new_readonly(recent_blockhashes::id(), false), - ], - ) +pub fn nonce(nonce_pubkey: &Pubkey, authorized_pubkey: &Pubkey) -> Instruction { + let account_metas = vec![ + AccountMeta::new(*nonce_pubkey, false), + AccountMeta::new_readonly(recent_blockhashes::id(), false), + ] + .with_signer(authorized_pubkey); + Instruction::new(id(), &NonceInstruction::Nonce, account_metas) } -pub fn withdraw(nonce_pubkey: &Pubkey, to_pubkey: &Pubkey, lamports: u64) -> Instruction { +pub fn withdraw( + nonce_pubkey: &Pubkey, + authorized_pubkey: &Pubkey, + to_pubkey: &Pubkey, + lamports: u64, +) -> Instruction { + let account_metas = vec![ + AccountMeta::new(*nonce_pubkey, false), + AccountMeta::new(*to_pubkey, false), + AccountMeta::new_readonly(recent_blockhashes::id(), false), + AccountMeta::new_readonly(rent::id(), false), + ] + .with_signer(authorized_pubkey); + Instruction::new(id(), &NonceInstruction::Withdraw(lamports), account_metas) +} + +pub fn authorize( + nonce_pubkey: &Pubkey, + authorized_pubkey: &Pubkey, + new_authority: &Pubkey, +) -> Instruction { + let account_metas = vec![AccountMeta::new(*nonce_pubkey, false)].with_signer(authorized_pubkey); Instruction::new( id(), - &NonceInstruction::Withdraw(lamports), - vec![ - AccountMeta::new(*nonce_pubkey, true), - AccountMeta::new(*to_pubkey, false), - AccountMeta::new_readonly(recent_blockhashes::id(), false), - AccountMeta::new_readonly(rent::id(), false), - ], + &NonceInstruction::Authorize(*new_authority), + account_metas, ) } @@ -144,10 +179,12 @@ pub fn process_instruction( &signers, ) } - NonceInstruction::Initialize => me.initialize( + NonceInstruction::Initialize(authorized) => me.initialize( + &authorized, &RecentBlockhashes::from_keyed_account(next_keyed_account(keyed_accounts)?)?, &Rent::from_keyed_account(next_keyed_account(keyed_accounts)?)?, ), + NonceInstruction::Authorize(nonce_authority) => me.authorize(&nonce_authority, &signers), } } @@ -194,7 +231,8 @@ mod tests { fn test_create_account() { let from_pubkey = Pubkey::new_rand(); let nonce_pubkey = Pubkey::new_rand(); - let ixs = create_nonce_account(&from_pubkey, &nonce_pubkey, 42); + let authorized = nonce_pubkey; + let ixs = create_nonce_account(&from_pubkey, &nonce_pubkey, &authorized, 42); assert_eq!(ixs.len(), 2); let ix = &ixs[0]; assert_eq!(ix.program_id, system_program::id()); @@ -206,7 +244,7 @@ mod tests { #[test] fn test_process_nonce_ix_no_acc_data_fail() { assert_eq!( - process_instruction(&nonce(&Pubkey::default(),)), + process_instruction(&nonce(&Pubkey::default(), &Pubkey::default())), Err(InstructionError::InvalidAccountData), ); } @@ -279,7 +317,7 @@ mod tests { &mut sysvar::rent::create_account(1, &Rent::free()), ), ], - &serialize(&NonceInstruction::Initialize).unwrap(), + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), ) .unwrap(); assert_eq!( @@ -305,7 +343,12 @@ mod tests { #[test] fn test_process_withdraw_ix_no_acc_data_fail() { assert_eq!( - process_instruction(&withdraw(&Pubkey::default(), &Pubkey::default(), 1,)), + process_instruction(&withdraw( + &Pubkey::default(), + &Pubkey::default(), + &Pubkey::default(), + 1, + )), Err(InstructionError::InvalidAccountData), ); } @@ -420,8 +463,9 @@ mod tests { #[test] fn test_process_initialize_ix_invalid_acc_data_fail() { + let authorized = Pubkey::default(); assert_eq!( - process_instruction(&initialize(&Pubkey::default())), + process_instruction(&initialize(&Pubkey::default(), &authorized)), Err(InstructionError::InvalidAccountData), ); } @@ -432,7 +476,7 @@ mod tests { super::process_instruction( &Pubkey::default(), &mut [], - &serialize(&NonceInstruction::Initialize).unwrap(), + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), ), Err(InstructionError::NotEnoughAccountKeys), ); @@ -448,7 +492,7 @@ mod tests { true, &mut nonce_state::create_account(1_000_000), ),], - &serialize(&NonceInstruction::Initialize).unwrap(), + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), ), Err(InstructionError::NotEnoughAccountKeys), ); @@ -471,7 +515,7 @@ mod tests { &mut Account::default(), ), ], - &serialize(&NonceInstruction::Initialize).unwrap(), + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), ), Err(InstructionError::InvalidArgument), ); @@ -498,7 +542,7 @@ mod tests { ), KeyedAccount::new(&sysvar::rent::id(), false, &mut Account::default(),), ], - &serialize(&NonceInstruction::Initialize).unwrap(), + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), ), Err(InstructionError::InvalidArgument), ); @@ -529,12 +573,58 @@ mod tests { &mut sysvar::rent::create_account(1, &Rent::free()) ), ], - &serialize(&NonceInstruction::Initialize).unwrap(), + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), ), Ok(()), ); } + #[test] + fn test_process_authorize_ix_ok() { + let mut nonce_acc = nonce_state::create_account(1_000_000); + super::process_instruction( + &Pubkey::default(), + &mut [ + KeyedAccount::new(&Pubkey::default(), true, &mut nonce_acc), + KeyedAccount::new( + &sysvar::recent_blockhashes::id(), + false, + &mut sysvar::recent_blockhashes::create_account_with_data( + 1, + vec![(0u64, &Hash::default()); 32].into_iter(), + ), + ), + KeyedAccount::new( + &sysvar::rent::id(), + false, + &mut sysvar::rent::create_account(1, &Rent::free()), + ), + ], + &serialize(&NonceInstruction::Initialize(Pubkey::default())).unwrap(), + ) + .unwrap(); + assert_eq!( + super::process_instruction( + &Pubkey::default(), + &mut [KeyedAccount::new(&Pubkey::default(), true, &mut nonce_acc,),], + &serialize(&NonceInstruction::Authorize(Pubkey::default(),)).unwrap(), + ), + Ok(()), + ); + } + + #[test] + fn test_process_authorize_bad_account_data_fail() { + assert_eq!( + process_instruction(&authorize( + &Pubkey::default(), + &Pubkey::default(), + &Pubkey::default(), + )), + Err(InstructionError::InvalidAccountData), + ); + } + #[test] fn test_custom_error_decode() { use num_traits::FromPrimitive; diff --git a/sdk/src/nonce_state.rs b/sdk/src/nonce_state.rs index d25b6ce672..87ce7d45b1 100644 --- a/sdk/src/nonce_state.rs +++ b/sdk/src/nonce_state.rs @@ -13,11 +13,15 @@ use serde_derive::{Deserialize, Serialize}; use std::collections::HashSet; #[derive(Debug, Default, Serialize, Deserialize, PartialEq, Clone, Copy)] -pub struct Meta {} +pub struct Meta { + pub nonce_authority: Pubkey, +} impl Meta { - pub fn new() -> Self { - Self {} + pub fn new(nonce_authority: &Pubkey) -> Self { + Self { + nonce_authority: *nonce_authority, + } } } @@ -56,9 +60,15 @@ pub trait NonceAccount { ) -> Result<(), InstructionError>; fn initialize( &mut self, + nonce_authority: &Pubkey, recent_blockhashes: &RecentBlockhashes, rent: &Rent, ) -> Result<(), InstructionError>; + fn authorize( + &mut self, + nonce_authority: &Pubkey, + signers: &HashSet, + ) -> Result<(), InstructionError>; } impl<'a> NonceAccount for KeyedAccount<'a> { @@ -71,12 +81,11 @@ impl<'a> NonceAccount for KeyedAccount<'a> { return Err(NonceError::NoRecentBlockhashes.into()); } - if !signers.contains(self.unsigned_key()) { - return Err(InstructionError::MissingRequiredSignature); - } - let meta = match self.state()? { NonceState::Initialized(meta, ref hash) => { + if !signers.contains(&meta.nonce_authority) { + return Err(InstructionError::MissingRequiredSignature); + } if *hash == recent_blockhashes[0] { return Err(NonceError::NotExpired.into()); } @@ -96,17 +105,14 @@ impl<'a> NonceAccount for KeyedAccount<'a> { rent: &Rent, signers: &HashSet, ) -> Result<(), InstructionError> { - if !signers.contains(self.unsigned_key()) { - return Err(InstructionError::MissingRequiredSignature); - } - - match self.state()? { + let signer = match self.state()? { NonceState::Uninitialized => { if lamports > self.account.lamports { return Err(InstructionError::InsufficientFunds); } + *self.unsigned_key() } - NonceState::Initialized(_meta, ref hash) => { + NonceState::Initialized(meta, ref hash) => { if lamports == self.account.lamports { if *hash == recent_blockhashes[0] { return Err(NonceError::NotExpired.into()); @@ -117,7 +123,12 @@ impl<'a> NonceAccount for KeyedAccount<'a> { return Err(InstructionError::InsufficientFunds); } } + meta.nonce_authority } + }; + + if !signers.contains(&signer) { + return Err(InstructionError::MissingRequiredSignature); } self.account.lamports -= lamports; @@ -128,6 +139,7 @@ impl<'a> NonceAccount for KeyedAccount<'a> { fn initialize( &mut self, + nonce_authority: &Pubkey, recent_blockhashes: &RecentBlockhashes, rent: &Rent, ) -> Result<(), InstructionError> { @@ -141,13 +153,29 @@ impl<'a> NonceAccount for KeyedAccount<'a> { if self.account.lamports < min_balance { return Err(InstructionError::InsufficientFunds); } - Meta::new() + Meta::new(nonce_authority) } _ => return Err(NonceError::BadAccountState.into()), }; self.set_state(&NonceState::Initialized(meta, recent_blockhashes[0])) } + + fn authorize( + &mut self, + nonce_authority: &Pubkey, + signers: &HashSet, + ) -> Result<(), InstructionError> { + match self.state()? { + NonceState::Initialized(meta, nonce) => { + if !signers.contains(&meta.nonce_authority) { + return Err(InstructionError::MissingRequiredSignature); + } + self.set_state(&NonceState::Initialized(Meta::new(nonce_authority), nonce)) + } + _ => Err(NonceError::BadAccountState.into()), + } + } } pub fn create_account(lamports: u64) -> Account { @@ -189,7 +217,8 @@ mod test { #[test] fn new_meta() { - assert_eq!(Meta::new(), Meta {}); + let nonce_authority = Pubkey::default(); + assert_eq!(Meta::new(&nonce_authority), Meta { nonce_authority }); } #[test] @@ -199,16 +228,17 @@ mod test { ..Rent::default() }; let min_lamports = rent.minimum_balance(NonceState::size()); - let meta = Meta::new(); with_test_keyed_account(min_lamports + 42, true, |keyed_account| { + let meta = Meta::new(&keyed_account.unsigned_key()); let mut signers = HashSet::new(); signers.insert(keyed_account.signer_key().unwrap().clone()); let state: NonceState = keyed_account.state().unwrap(); // New is in Uninitialzed state assert_eq!(state, NonceState::Uninitialized); let recent_blockhashes = create_test_recent_blockhashes(95); + let authorized = keyed_account.unsigned_key().clone(); keyed_account - .initialize(&recent_blockhashes, &rent) + .initialize(&authorized, &recent_blockhashes, &rent) .unwrap(); let state: NonceState = keyed_account.state().unwrap(); let stored = recent_blockhashes[0]; @@ -255,12 +285,13 @@ mod test { ..Rent::default() }; let min_lamports = rent.minimum_balance(NonceState::size()); - let meta = Meta::new(); with_test_keyed_account(min_lamports + 42, true, |nonce_account| { let recent_blockhashes = create_test_recent_blockhashes(31); let stored = recent_blockhashes[0]; + let authorized = nonce_account.unsigned_key().clone(); + let meta = Meta::new(&authorized); nonce_account - .initialize(&recent_blockhashes, &rent) + .initialize(&authorized, &recent_blockhashes, &rent) .unwrap(); let pubkey = nonce_account.account.owner.clone(); let mut nonce_account = KeyedAccount::new(&pubkey, false, nonce_account.account); @@ -284,8 +315,9 @@ mod test { let mut signers = HashSet::new(); signers.insert(keyed_account.signer_key().unwrap().clone()); let recent_blockhashes = create_test_recent_blockhashes(0); + let authorized = keyed_account.unsigned_key().clone(); keyed_account - .initialize(&recent_blockhashes, &rent) + .initialize(&authorized, &recent_blockhashes, &rent) .unwrap(); let recent_blockhashes = RecentBlockhashes::from_iter(vec![].into_iter()); let result = keyed_account.nonce(&recent_blockhashes, &signers); @@ -304,8 +336,9 @@ mod test { let mut signers = HashSet::new(); signers.insert(keyed_account.signer_key().unwrap().clone()); let recent_blockhashes = create_test_recent_blockhashes(63); + let authorized = keyed_account.unsigned_key().clone(); keyed_account - .initialize(&recent_blockhashes, &rent) + .initialize(&authorized, &recent_blockhashes, &rent) .unwrap(); let result = keyed_account.nonce(&recent_blockhashes, &signers); assert_eq!(result, Err(NonceError::NotExpired.into())); @@ -328,6 +361,53 @@ mod test { }) } + #[test] + fn nonce_inx_independent_nonce_authority_ok() { + let rent = Rent { + lamports_per_byte_year: 42, + ..Rent::default() + }; + let min_lamports = rent.minimum_balance(NonceState::size()); + with_test_keyed_account(min_lamports + 42, true, |nonce_account| { + with_test_keyed_account(42, true, |nonce_authority| { + let mut signers = HashSet::new(); + signers.insert(nonce_account.signer_key().unwrap().clone()); + let recent_blockhashes = create_test_recent_blockhashes(63); + let authorized = nonce_authority.unsigned_key().clone(); + nonce_account + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); + let mut signers = HashSet::new(); + signers.insert(nonce_authority.signer_key().unwrap().clone()); + let recent_blockhashes = create_test_recent_blockhashes(31); + let result = nonce_account.nonce(&recent_blockhashes, &signers); + assert_eq!(result, Ok(())); + }); + }); + } + + #[test] + fn nonce_inx_no_nonce_authority_sig_fail() { + let rent = Rent { + lamports_per_byte_year: 42, + ..Rent::default() + }; + let min_lamports = rent.minimum_balance(NonceState::size()); + with_test_keyed_account(min_lamports + 42, true, |nonce_account| { + with_test_keyed_account(42, false, |nonce_authority| { + let mut signers = HashSet::new(); + signers.insert(nonce_account.signer_key().unwrap().clone()); + let recent_blockhashes = create_test_recent_blockhashes(63); + let authorized = nonce_authority.unsigned_key().clone(); + nonce_account + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); + let result = nonce_account.nonce(&recent_blockhashes, &signers); + assert_eq!(result, Err(InstructionError::MissingRequiredSignature),); + }); + }); + } + #[test] fn withdraw_inx_unintialized_acc_ok() { let rent = Rent { @@ -472,12 +552,15 @@ mod test { ..Rent::default() }; let min_lamports = rent.minimum_balance(NonceState::size()); - let meta = Meta::new(); with_test_keyed_account(min_lamports + 42, true, |nonce_keyed| { let mut signers = HashSet::new(); signers.insert(nonce_keyed.signer_key().unwrap().clone()); let recent_blockhashes = create_test_recent_blockhashes(31); - nonce_keyed.initialize(&recent_blockhashes, &rent).unwrap(); + let authorized = nonce_keyed.unsigned_key().clone(); + let meta = Meta::new(&authorized); + nonce_keyed + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); let state: NonceState = nonce_keyed.state().unwrap(); let stored = recent_blockhashes[0]; assert_eq!(state, NonceState::Initialized(meta, stored)); @@ -527,7 +610,10 @@ mod test { let min_lamports = rent.minimum_balance(NonceState::size()); with_test_keyed_account(min_lamports + 42, true, |nonce_keyed| { let recent_blockhashes = create_test_recent_blockhashes(0); - nonce_keyed.initialize(&recent_blockhashes, &rent).unwrap(); + let authorized = nonce_keyed.unsigned_key().clone(); + nonce_keyed + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); with_test_keyed_account(42, false, |mut to_keyed| { let mut signers = HashSet::new(); signers.insert(nonce_keyed.signer_key().unwrap().clone()); @@ -553,7 +639,10 @@ mod test { let min_lamports = rent.minimum_balance(NonceState::size()); with_test_keyed_account(min_lamports + 42, true, |nonce_keyed| { let recent_blockhashes = create_test_recent_blockhashes(95); - nonce_keyed.initialize(&recent_blockhashes, &rent).unwrap(); + let authorized = nonce_keyed.unsigned_key().clone(); + nonce_keyed + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); with_test_keyed_account(42, false, |mut to_keyed| { let recent_blockhashes = create_test_recent_blockhashes(63); let mut signers = HashSet::new(); @@ -580,7 +669,10 @@ mod test { let min_lamports = rent.minimum_balance(NonceState::size()); with_test_keyed_account(min_lamports + 42, true, |nonce_keyed| { let recent_blockhashes = create_test_recent_blockhashes(95); - nonce_keyed.initialize(&recent_blockhashes, &rent).unwrap(); + let authorized = nonce_keyed.unsigned_key().clone(); + nonce_keyed + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); with_test_keyed_account(42, false, |mut to_keyed| { let recent_blockhashes = create_test_recent_blockhashes(63); let mut signers = HashSet::new(); @@ -612,10 +704,12 @@ mod test { signers.insert(keyed_account.signer_key().unwrap().clone()); let recent_blockhashes = create_test_recent_blockhashes(0); let stored = recent_blockhashes[0]; - let result = keyed_account.initialize(&recent_blockhashes, &rent); + let authorized = keyed_account.unsigned_key().clone(); + let meta = Meta::new(&authorized); + let result = keyed_account.initialize(&authorized, &recent_blockhashes, &rent); assert_eq!(result, Ok(())); let state: NonceState = keyed_account.state().unwrap(); - assert_eq!(state, NonceState::Initialized(Meta::new(), stored)); + assert_eq!(state, NonceState::Initialized(meta, stored)); }) } @@ -630,7 +724,8 @@ mod test { let mut signers = HashSet::new(); signers.insert(keyed_account.signer_key().unwrap().clone()); let recent_blockhashes = RecentBlockhashes::from_iter(vec![].into_iter()); - let result = keyed_account.initialize(&recent_blockhashes, &rent); + let authorized = keyed_account.unsigned_key().clone(); + let result = keyed_account.initialize(&authorized, &recent_blockhashes, &rent); assert_eq!(result, Err(NonceError::NoRecentBlockhashes.into())); }) } @@ -644,11 +739,12 @@ mod test { let min_lamports = rent.minimum_balance(NonceState::size()); with_test_keyed_account(min_lamports + 42, true, |keyed_account| { let recent_blockhashes = create_test_recent_blockhashes(31); + let authorized = keyed_account.unsigned_key().clone(); keyed_account - .initialize(&recent_blockhashes, &rent) + .initialize(&authorized, &recent_blockhashes, &rent) .unwrap(); let recent_blockhashes = create_test_recent_blockhashes(0); - let result = keyed_account.initialize(&recent_blockhashes, &rent); + let result = keyed_account.initialize(&authorized, &recent_blockhashes, &rent); assert_eq!(result, Err(NonceError::BadAccountState.into())); }) } @@ -662,8 +758,69 @@ mod test { let min_lamports = rent.minimum_balance(NonceState::size()); with_test_keyed_account(min_lamports - 42, true, |keyed_account| { let recent_blockhashes = create_test_recent_blockhashes(63); - let result = keyed_account.initialize(&recent_blockhashes, &rent); + let authorized = keyed_account.unsigned_key().clone(); + let result = keyed_account.initialize(&authorized, &recent_blockhashes, &rent); assert_eq!(result, Err(InstructionError::InsufficientFunds)); }) } + + #[test] + fn authorize_inx_ok() { + let rent = Rent { + lamports_per_byte_year: 42, + ..Rent::default() + }; + let min_lamports = rent.minimum_balance(NonceState::size()); + with_test_keyed_account(min_lamports + 42, true, |nonce_account| { + let mut signers = HashSet::new(); + signers.insert(nonce_account.signer_key().unwrap().clone()); + let recent_blockhashes = create_test_recent_blockhashes(31); + let stored = recent_blockhashes[0]; + let authorized = nonce_account.unsigned_key().clone(); + nonce_account + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); + let authorized = &Pubkey::default().clone(); + let meta = Meta::new(&authorized); + let result = nonce_account.authorize(&Pubkey::default(), &signers); + assert_eq!(result, Ok(())); + let state: NonceState = nonce_account.state().unwrap(); + assert_eq!(state, NonceState::Initialized(meta, stored)); + }) + } + + #[test] + fn authorize_inx_uninitialized_state_fail() { + let rent = Rent { + lamports_per_byte_year: 42, + ..Rent::default() + }; + let min_lamports = rent.minimum_balance(NonceState::size()); + with_test_keyed_account(min_lamports + 42, true, |nonce_account| { + let mut signers = HashSet::new(); + signers.insert(nonce_account.signer_key().unwrap().clone()); + let result = nonce_account.authorize(&Pubkey::default(), &signers); + assert_eq!(result, Err(NonceError::BadAccountState.into())); + }) + } + + #[test] + fn authorize_inx_bad_authority_fail() { + let rent = Rent { + lamports_per_byte_year: 42, + ..Rent::default() + }; + let min_lamports = rent.minimum_balance(NonceState::size()); + with_test_keyed_account(min_lamports + 42, true, |nonce_account| { + let mut signers = HashSet::new(); + signers.insert(nonce_account.signer_key().unwrap().clone()); + let recent_blockhashes = create_test_recent_blockhashes(31); + let authorized = &Pubkey::default().clone(); + nonce_account + .initialize(&authorized, &recent_blockhashes, &rent) + .unwrap(); + let result = nonce_account.authorize(&Pubkey::default(), &signers); + assert_eq!(result, Err(InstructionError::MissingRequiredSignature)); + }) + } }