wip

Mr-Leshiy · Mr-Leshiy · commit 6d52775ca88c · 2025-11-13T15:59:06.000+07:00
diff --git a/rust/rbac-registration/src/cardano/cip509/utils/cip134_uri_set.rs b/rust/rbac-registration/src/cardano/cip509/utils/cip134_uri_set.rs
@@ -39,6 +39,8 @@ struct Cip0134UriSetInner {
     x_uris: UrisMap,
     /// URIs from c509 certificates.
     c_uris: UrisMap,
+    /// URIs which are taken by another certificates.
+    taken_uris: HashSet<Cip0134Uri>,
 }
 
 impl Cip0134UriSet {
@@ -51,7 +53,12 @@ impl Cip0134UriSet {
     ) -> Self {
         let x_uris = extract_x509_uris(x509_certs, report);
         let c_uris = extract_c509_uris(c509_certs, report);
-        Self(Arc::new(Cip0134UriSetInner { x_uris, c_uris }))
+        let taken_uris = HashSet::new();
+        Self(Arc::new(Cip0134UriSetInner {
+            x_uris,
+            c_uris,
+            taken_uris,
+        }))
     }
 
     /// Returns a mapping from the x509 certificate index to URIs contained within.
@@ -67,7 +74,7 @@ impl Cip0134UriSet {
     }
 
     /// Returns an iterator over of `Cip0134Uri`.
-    pub fn values(&self) -> impl Iterator<Item = &Cip0134Uri> {
+    pub(crate) fn values(&self) -> impl Iterator<Item = &Cip0134Uri> {
         self.x_uris()
             .values()
             .chain(self.c_uris().values())
@@ -159,6 +166,7 @@ impl Cip0134UriSet {
         let Cip0134UriSetInner {
             mut x_uris,
             mut c_uris,
+            mut taken_uris,
         } = Arc::unwrap_or_clone(self.0);
 
         for (index, cert) in metadata.x509_certs.iter().enumerate() {
@@ -171,6 +179,7 @@ impl Cip0134UriSet {
                 },
                 X509DerCert::X509Cert(_) => {
                     if let Some(uris) = metadata.certificate_uris.x_uris().get(&index) {
+                        taken_uris.remove(&uris);
                         x_uris.insert(index, uris.clone());
                     }
                 },
@@ -190,13 +199,41 @@ impl Cip0134UriSet {
                 },
                 C509Cert::C509Certificate(_) => {
                     if let Some(uris) = metadata.certificate_uris.c_uris().get(&index) {
+                        taken_uris.remove(&uris);
                         c_uris.insert(index, uris.clone());
                     }
                 },
             }
         }
 
-        Self(Arc::new(Cip0134UriSetInner { x_uris, c_uris }))
+        Self(Arc::new(Cip0134UriSetInner {
+            x_uris,
+            c_uris,
+            taken_uris,
+        }))
+    }
+
+    /// Return the updated URIs set where the provided URIs were taken by other
+    /// registration chains.
+    ///
+    /// Updates the current URI set by removing the taken URIs from it.
+    #[must_use]
+    pub fn update_taken_uris(
+        self,
+        metadata: &Cip509RbacMetadata,
+    ) -> Self {
+        let taken_uri_set = metadata.certificate_uris.values().collect::<HashSet<_>>();
+        let current_uris_set = self.values().collect::<HashSet<_>>();
+        let taken_uris = current_uris_set.intersection(&taken_uri_set);
+
+        let Cip0134UriSetInner { x_uris, c_uris, .. } = Arc::unwrap_or_clone(self.0);
+        let taken_uris = taken_uris.cloned().cloned().collect();
+
+        Self(Arc::new(Cip0134UriSetInner {
+            x_uris,
+            c_uris,
+            taken_uris,
+        }))
     }
 }
 
diff --git a/rust/rbac-registration/src/cardano/cip509/validation.rs b/rust/rbac-registration/src/cardano/cip509/validation.rs
@@ -157,10 +157,7 @@ fn extract_stake_addresses(uris: Option<&Cip0134UriSet>) -> Vec<(VKeyHash, Strin
         return Vec::new();
     };
 
-    uris.x_uris()
-        .iter()
-        .chain(uris.c_uris())
-        .flat_map(|(_index, uris)| uris.iter())
+    uris.values()
         .filter_map(|uri| {
             if let Address::Stake(a) = uri.address() {
                 let bech32 = uri.address().to_string();
@@ -185,10 +182,7 @@ fn extract_payment_addresses(uris: Option<&Cip0134UriSet>) -> Vec<(VKeyHash, Str
         return Vec::new();
     };
 
-    uris.x_uris()
-        .iter()
-        .chain(uris.c_uris())
-        .flat_map(|(_index, uris)| uris.iter())
+    uris.values()
         .filter_map(|uri| {
             if let Address::Shelley(a) = uri.address() {
                 match a.payment() {
diff --git a/rust/rbac-registration/src/registration/cardano/mod.rs b/rust/rbac-registration/src/registration/cardano/mod.rs
@@ -9,9 +9,7 @@ use std::{
 
 use anyhow::Context;
 use c509_certificate::c509::C509;
-use cardano_blockchain_types::{
-    hashes::TransactionId, pallas_addresses::Address, Cip0134Uri, Point, StakeAddress, TxnIndex,
-};
+use cardano_blockchain_types::{hashes::TransactionId, Point, StakeAddress, TxnIndex};
 use catalyst_types::{
     catalyst_id::{key_rotation::KeyRotation, role_index::RoleId, CatalystId},
     conversion::zero_out_last_n_bytes,
@@ -26,8 +24,8 @@ use x509_cert::certificate::Certificate as X509Certificate;
 
 use crate::{
     cardano::cip509::{
-        CertKeyHash, CertOrPk, Cip0134UriSet, Cip509, PaymentHistory, PointData, RoleData,
-        RoleDataRecord, ValidationSignature,
+        CertKeyHash, CertOrPk, Cip0134UriSet, Cip509, PaymentHistory, PointData, PointTxnIdx,
+        RoleData, RoleDataRecord, ValidationSignature,
     },
     providers::RbacRegistrationProvider,
 };
@@ -349,26 +347,13 @@ impl RegistrationChain {
     /// Returns all stake addresses associated to this chain.
     #[must_use]
     pub fn stake_addresses(&self) -> HashSet<StakeAddress> {
-        let stolen_stake_addresses = self
-            .inner
-            .stolen_uris
-            .iter()
-            .flat_map(|v| {
-                v.data().iter().filter_map(|uri| {
-                    match uri.address() {
-                        Address::Stake(a) => Some(a.clone().into()),
-                        _ => None,
-                    }
-                })
-            })
-            .collect();
+        self.inner.certificate_uris.stake_addresses();
+    }
 
-        self.inner
-            .certificate_uris
-            .stake_addresses()
-            .difference(&stolen_stake_addresses)
-            .cloned()
-            .collect()
+    /// Returns the latest know applied registration's `PointTxnIdx`.
+    #[must_use]
+    pub fn latest_applied(&self) -> PointTxnIdx {
+        self.inner.latest_applied()
     }
 }
 
@@ -379,6 +364,9 @@ struct RegistrationChainInner {
     catalyst_id: CatalystId,
     /// The current transaction ID hash (32 bytes)
     current_tx_id_hash: PointData<TransactionId>,
+    /// The latest `PointTxnIdx` of the stolen taken URIs by another registration chains.
+    latest_taken_uris_point: Option<PointTxnIdx>,
+
     /// List of purpose for this registration chain
     purpose: Vec<UuidV4>,
 
@@ -397,9 +385,6 @@ struct RegistrationChainInner {
     /// List of point + transaction index, and certificate key hash.
     revocations: Vec<PointData<CertKeyHash>>,
 
-    /// URIs which are stolen by another registration chains.
-    stolen_uris: Vec<PointData<Box<[Cip0134Uri]>>>,
-
     // Role
     /// Map of role number to list point + transaction index, and role data.
     /// Record history of the whole role data in point in time.
@@ -516,9 +501,9 @@ impl RegistrationChainInner {
             x509_certs,
             c509_certs,
             certificate_uris,
+            latest_taken_uris_point: None,
             simple_keys,
             revocations,
-            stolen_uris: vec![],
             role_data_history,
             role_data_record,
             payment_history,
@@ -536,6 +521,18 @@ impl RegistrationChainInner {
         signing_pk: VerifyingKey,
     ) -> Option<Self> {
         let context = "Registration Chain update";
+        if self.latest_applied().point() >= cip509.origin().point() {
+            cip509.report().functional_validation(
+                &format!(
+                    "The provided registration is earlier {} than the current one {}",
+                    cip509.origin().point(),
+                    self.current_tx_id_hash.point()
+                ),
+                "Provided registrations must be applied in the correct order.",
+            );
+            return None;
+        }
+
         let mut new_inner = self.clone();
 
         let Some(prv_tx_id) = cip509.previous_transaction() else {
@@ -654,19 +651,12 @@ impl RegistrationChainInner {
     fn update_cause_another_chain(
         mut self,
         cip509: &Cip509,
-    ) -> Option<Self> {
-        if let Some(uri_set) = cip509.certificate_uris() {
-            let origin = cip509.origin().clone();
-            self.stolen_uris.push(PointData::new(
-                origin,
-                uri_set
-                    .values()
-                    .cloned()
-                    .collect::<Vec<_>>()
-                    .into_boxed_slice(),
-            ));
+    ) -> Self {
+        if let Some(reg) = cip509.metadata() {
+            self.certificate_uris = self.certificate_uris.update_taken_uris(reg);
         }
-        Some(self)
+        self.latest_taken_uris_point = Some(cip509.origin().clone());
+        self
     }
 
     /// Get the latest signing public key for a role.
@@ -700,6 +690,20 @@ impl RegistrationChainInner {
             })
         })
     }
+
+    /// Returns the latest know applied registration's `PointTxnIdx`.
+    #[must_use]
+    fn latest_applied(&self) -> PointTxnIdx {
+        if let Some(latest_taken_uris_point) = &self.latest_taken_uris_point {
+            if latest_taken_uris_point.point() > self.current_tx_id_hash.point() {
+                return latest_taken_uris_point.clone();
+            }
+        }
+        PointTxnIdx::new(
+            self.current_tx_id_hash.point().clone(),
+            self.current_tx_id_hash.txn_index(),
+        )
+    }
 }
 
 /// Perform a check on the validation signature.
