DisallowIncomingCredential

include/xrpl/protocol/LedgerFormats.h

@@ -149,6 +149,8 @@ enum LedgerSpecificFlags {
         0x40000000,               // True, enable trustline locking
     lsfAllowTrustLineClawback =
         0x80000000,               // True, enable clawback
+    lsfDisallowIncomingCredential =
+        0x00008000,               // True, reject new credentials
 
     // ltOFFER
     lsfPassive = 0x00010000,

include/xrpl/protocol/TxFlags.h

@@ -93,6 +93,7 @@ constexpr std::uint32_t asfDisallowIncomingPayChan         = 14;
 constexpr std::uint32_t asfDisallowIncomingTrustline       = 15;
 constexpr std::uint32_t asfAllowTrustLineClawback          = 16;
 constexpr std::uint32_t asfAllowTrustLineLocking           = 17;
+constexpr std::uint32_t asfDisallowIncomingCredential      = 18;
 
 // OfferCreate flags:
 constexpr std::uint32_t tfPassive                          = 0x00010000;

include/xrpl/protocol/detail/features.macro

@@ -32,6 +32,7 @@
 // If you add an amendment here, then do not forget to increment `numFeatures`
 // in include/xrpl/protocol/Feature.h.
 
+XRPL_FIX    (DisallowIncomingCredential, Supported::no,  VoteBehavior::DefaultNo)
 XRPL_FIX    (PriceOracleOrder,           Supported::no,  VoteBehavior::DefaultNo)
 XRPL_FIX    (MPTDeliveredAmount,         Supported::no,  VoteBehavior::DefaultNo)
 XRPL_FIX    (AMMClawbackRounding,        Supported::no,  VoteBehavior::DefaultNo)

src/test/app/Credentials_test.cpp

@@ -599,6 +599,52 @@ struct Credentials_test : public beast::unit_test::suite
                 env.close();
             }
         }
+
+        {
+            using namespace jtx;
+            {
+                // test flag doesn't set unless amendment enabled
+                Env env{*this, features - fixDisallowIncomingCredential};
+                env.fund(XRP(5000), subject, issuer);
+                env.close();
+
+                env(fset(subject, asfDisallowIncomingCredential));
+                env.close();
+                auto const sle = env.le(subject);
+                uint32_t flags = sle->getFlags();
+                BEAST_EXPECT(!(flags & lsfDisallowIncomingCredential));
+            }
+
+            testcase("Credentials fail, disallow incoming credential.");
+            {
+                Env env{*this, features | fixDisallowIncomingCredential};
+                env.fund(XRP(5000), subject, issuer);
+                env.close();
+
+                env(fset(subject, asfDisallowIncomingCredential, 1));
+                env.close();
+                auto const sle = env.le(subject);
+                uint32_t flags = sle->getFlags();
+                BEAST_EXPECT((flags & lsfDisallowIncomingCredential));
+
+                auto const jv = credentials::create(subject, issuer, credType);
+                env(jv, ter(tecNO_PERMISSION));
+                env.close();
+
+                // allow self-issued credential
+                auto const jv2 =
+                    credentials::create(subject, subject, credType);
+                env(jv2, ter(tesSUCCESS));
+                env.close();
+
+                // clear flag
+                env(fset(subject, 0, asfDisallowIncomingCredential));
+                env.close();
+                auto const sle2 = env.le(subject);
+                uint32_t flags2 = sle2->getFlags();
+                BEAST_EXPECT(!(flags2 & lsfDisallowIncomingCredential));
+            }
+        }
     }
 
     void

src/test/rpc/AccountSet_test.cpp

@@ -87,7 +87,8 @@ class AccountSet_test : public beast::unit_test::suite
                 if (flag == asfDisallowIncomingCheck ||
                     flag == asfDisallowIncomingPayChan ||
                     flag == asfDisallowIncomingNFTokenOffer ||
-                    flag == asfDisallowIncomingTrustline)
+                    flag == asfDisallowIncomingTrustline ||
+                    flag == asfDisallowIncomingCredential)
                 {
                     // These flags are part of the DisallowIncoming amendment
                     // and are tested elsewhere

src/xrpld/app/tx/detail/Credentials.cpp

@@ -100,7 +100,9 @@ CredentialCreate::preclaim(PreclaimContext const& ctx)
     auto const credType(ctx.tx[sfCredentialType]);
     auto const subject = ctx.tx[sfSubject];
 
-    if (!ctx.view.exists(keylet::account(subject)))
+    auto const sleSubject = ctx.view.read(keylet::account(subject));
+
+    if (!sleSubject)
     {
         JLOG(ctx.j.trace()) << "Subject doesn't exist.";
         return tecNO_TARGET;
@@ -113,6 +115,17 @@ CredentialCreate::preclaim(PreclaimContext const& ctx)
         return tecDUPLICATE;
     }
 
+    if (ctx.view.rules().enabled(featureDisallowIncoming) &&
+        ctx.view.rules().enabled(fixDisallowIncomingCredential))
+    {
+        auto const id = ctx.tx[sfAccount];
+        if (id != subject &&
+            sleSubject->getFlags() & lsfDisallowIncomingCredential)
+        {
+            return tecNO_PERMISSION;
+        }
+    }
+
     return tesSUCCESS;
 }
 

src/xrpld/app/tx/detail/SetAccount.cpp

@@ -648,6 +648,14 @@ SetAccount::doApply()
             uFlagsOut |= lsfDisallowIncomingTrustline;
         else if (uClearFlag == asfDisallowIncomingTrustline)
             uFlagsOut &= ~lsfDisallowIncomingTrustline;
+
+        if (ctx_.view().rules().enabled(fixDisallowIncomingCredential))
+        {
+            if (uSetFlag == asfDisallowIncomingCredential)
+                uFlagsOut |= lsfDisallowIncomingCredential;
+            else if (uClearFlag == asfDisallowIncomingCredential)
+                uFlagsOut &= ~lsfDisallowIncomingCredential;
+        }
     }
 
     // Set or clear flags for disallowing escrow