feat: start_new_chain

apskhem · apskhem · commit a088f4188d4a · 2025-10-20T19:10:09.000+07:00
diff --git a/rust/rbac-registration/src/providers.rs b/rust/rbac-registration/src/providers.rs
@@ -51,19 +51,3 @@ pub trait RbacRegistrationProvider {
         is_persistent: bool,
     ) -> impl Future<Output = anyhow::Result<Option<CatalystId>>> + Send;
 }
-
-/// `RbacCache` Provider trait
-pub trait RbacCacheProvider {
-    /// Add (or update) a persistent chain to the cache.
-    fn cache_persistent_rbac_chain(
-        &self,
-        id: CatalystId,
-        chain: RegistrationChain,
-    );
-
-    /// Returns a cached persistent chain by the given Catalyst ID.
-    fn cached_persistent_rbac_chain(
-        &self,
-        id: &CatalystId,
-    ) -> Option<RegistrationChain>;
-}
diff --git a/rust/rbac-registration/src/registration/cardano/validation.rs b/rust/rbac-registration/src/registration/cardano/validation.rs
@@ -1,15 +1,18 @@
 //! Utilities for RBAC registrations validation.
 
-use std::collections::HashSet;
+use std::collections::{HashMap, HashSet};
 
 use anyhow::{Context, Result};
 use cardano_chain_follower::{hashes::TransactionId, StakeAddress};
-use catalyst_types::problem_report::ProblemReport;
+use catalyst_types::{
+    catalyst_id::{role_index::RoleId, CatalystId},
+    problem_report::ProblemReport,
+};
 use ed25519_dalek::VerifyingKey;
 
 use crate::{
     cardano::cip509::{Cip0134UriSet, Cip509},
-    providers::{RbacCacheProvider, RbacRegistrationProvider},
+    providers::RbacRegistrationProvider,
     registration::cardano::{
         validation_result::{RbacValidationError, RbacValidationResult, RbacValidationSuccess},
         RegistrationChain,
@@ -24,7 +27,7 @@ async fn update_chain<Provider>(
     provider: &Provider,
 ) -> RbacValidationResult
 where
-    Provider: RbacRegistrationProvider + RbacCacheProvider,
+    Provider: RbacRegistrationProvider,
 {
     let purpose = reg.purpose();
     let report = reg.report().to_owned();
@@ -86,10 +89,6 @@ where
         });
     }
 
-    if is_persistent {
-        provider.cache_persistent_rbac_chain(catalyst_id.clone(), new_chain);
-    }
-
     Ok(RbacValidationSuccess {
         catalyst_id,
         stake_addresses,
@@ -101,6 +100,104 @@ where
     })
 }
 
+/// Tries to start a new RBAC chain.
+async fn start_new_chain<Provider>(
+    reg: Cip509,
+    is_persistent: bool,
+    provider: &Provider,
+) -> RbacValidationResult
+where
+    Provider: RbacRegistrationProvider,
+{
+    let catalyst_id = reg.catalyst_id().map(CatalystId::as_short_id);
+    let purpose = reg.purpose();
+    let report = reg.report().to_owned();
+
+    // Try to start a new chain.
+    let new_chain = RegistrationChain::new(reg).ok_or_else(|| {
+        if let Some(catalyst_id) = catalyst_id {
+            RbacValidationError::InvalidRegistration {
+                catalyst_id,
+                purpose,
+                report: report.clone(),
+            }
+        } else {
+            RbacValidationError::UnknownCatalystId
+        }
+    })?;
+
+    // Verify that a Catalyst ID of this chain is unique.
+    let catalyst_id = new_chain.catalyst_id().as_short_id();
+    if provider
+        .is_chain_known(catalyst_id.clone(), is_persistent)
+        .await?
+    {
+        report.functional_validation(
+            &format!("{catalyst_id} is already used"),
+            "It isn't allowed to use same Catalyst ID (certificate subject public key) in multiple registration chains",
+        );
+        return Err(RbacValidationError::InvalidRegistration {
+            catalyst_id,
+            purpose,
+            report,
+        });
+    }
+
+    // Validate stake addresses.
+    let new_addresses = new_chain.stake_addresses();
+    let mut updated_chains: HashMap<_, HashSet<StakeAddress>> = HashMap::new();
+    for address in &new_addresses {
+        if let Some(id) = provider
+            .catalyst_id_from_stake_address(address, is_persistent)
+            .await?
+        {
+            // If an address is used in existing chain then a new chain must have different role 0
+            // signing key.
+            let previous_chain = provider.chain(id.clone(), is_persistent)
+                .await?
+                .context("{id} is present in 'catalyst_id_for_stake_address', but not in 'rbac_registration'")?;
+            if previous_chain.get_latest_signing_pk_for_role(&RoleId::Role0)
+                == new_chain.get_latest_signing_pk_for_role(&RoleId::Role0)
+            {
+                report.functional_validation(
+                    &format!("A new registration ({catalyst_id}) uses the same public key as the previous one ({})",
+                        previous_chain.catalyst_id().as_short_id()
+                    ),
+                    "It is only allowed to override the existing chain by using different public key",
+                );
+            } else {
+                // The new root registration "takes" an address(es) from the existing chain, so that
+                // chain needs to be updated.
+                updated_chains
+                    .entry(id)
+                    .and_modify(|e| {
+                        e.insert(address.clone());
+                    })
+                    .or_insert([address.clone()].into_iter().collect());
+            }
+        }
+    }
+
+    // Check that new public keys aren't used by other chains.
+    let public_keys = validate_public_keys(&new_chain, is_persistent, &report, provider).await?;
+
+    if report.is_problematic() {
+        return Err(RbacValidationError::InvalidRegistration {
+            catalyst_id,
+            purpose,
+            report,
+        });
+    }
+
+    Ok(RbacValidationSuccess {
+        catalyst_id,
+        stake_addresses: new_addresses,
+        public_keys,
+        modified_chains: updated_chains.into_iter().collect(),
+        purpose,
+    })
+}
+
 /// Checks that a new registration doesn't contain a signing key that was used by any
 /// other chain. Returns a list of public keys in the registration.
 async fn validate_public_keys<Provider>(
