Simplify message validation function

The linter complained about high complexity, so I extracted some parts
of it into smaller functions.

Author: jannikluhn

rolling-shutter/chainobserver/db/keyper/extend.go

@@ -2,10 +2,13 @@ package database
 
 import (
 	"github.com/ethereum/go-ethereum/common"
+	"github.com/pkg/errors"
 
 	"github.com/shutter-network/rolling-shutter/rolling-shutter/shdb"
 )
 
+// Contains checks if the given address is present in the KeyperSet.
+// It returns true if the address is found, otherwise false.
 func (s *KeyperSet) Contains(address common.Address) bool {
 	encodedAddress := shdb.EncodeAddress(address)
 	for _, m := range s.Keypers {
@@ -15,3 +18,23 @@ func (s *KeyperSet) Contains(address common.Address) bool {
 	}
 	return false
 }
+
+// GetSubset returns a subset of addresses from the KeyperSet based on the given indices.
+// The return value is ordered according to the order of the given indices. If indices contains
+// duplicates, the return value will do so as well. If at least one of the given indices is out of
+// range, an error is returned.
+func (s *KeyperSet) GetSubset(indices []uint64) ([]common.Address, error) {
+	subset := []common.Address{}
+	for _, i := range indices {
+		if i >= uint64(len(s.Keypers)) {
+			return nil, errors.Errorf("keyper index %d out of range (size %d)", i, len(s.Keypers))
+		}
+		addressStr := s.Keypers[i]
+		address, err := shdb.DecodeAddress(addressStr)
+		if err != nil {
+			return nil, err
+		}
+		subset = append(subset, address)
+	}
+	return subset, nil
+}

rolling-shutter/chainobserver/db/keyper/extend_test.go

@@ -0,0 +1,61 @@
+package database
+
+import (
+	"testing"
+
+	"github.com/ethereum/go-ethereum/common"
+	"gotest.tools/v3/assert"
+
+	"github.com/shutter-network/rolling-shutter/rolling-shutter/shdb"
+)
+
+func makeTestKeyperSet() KeyperSet {
+	return KeyperSet{
+		KeyperConfigIndex:     0,
+		ActivationBlockNumber: 0,
+		Keypers: []string{
+			shdb.EncodeAddress(common.HexToAddress("0x0000000000000000000000000000000000000000")),
+			shdb.EncodeAddress(common.HexToAddress("0x5555555555555555555555555555555555555555")),
+			shdb.EncodeAddress(common.HexToAddress("0xaAaAaAaaAaAaAaaAaAAAAAAAAaaaAaAaAaaAaaAa")),
+		},
+		Threshold: 2,
+	}
+}
+
+func TestKeyperSetContains(t *testing.T) {
+	keyperSet := makeTestKeyperSet()
+	addresses, err := shdb.DecodeAddresses(keyperSet.Keypers)
+	assert.NilError(t, err)
+
+	for _, address := range addresses {
+		assert.Assert(t, keyperSet.Contains(address))
+	}
+	assert.Assert(t, !keyperSet.Contains(common.HexToAddress("0xffffffffffffffffffffffffffffffffffffffff")))
+}
+
+func TestKeyperSetSubset(t *testing.T) {
+	keyperSet := makeTestKeyperSet()
+	testCases := []struct {
+		indices []uint64
+		valid   bool
+	}{
+		{indices: []uint64{0, 1, 2}, valid: true},
+		{indices: []uint64{}, valid: true},
+		{indices: []uint64{1, 0}, valid: true},
+		{indices: []uint64{0, 0}, valid: true},
+		{indices: []uint64{0, 0, 0, 0}, valid: true},
+		{indices: []uint64{3}, valid: false},
+	}
+
+	for _, tc := range testCases {
+		subset, err := keyperSet.GetSubset(tc.indices)
+		if tc.valid {
+			assert.Assert(t, len(subset) == len(tc.indices))
+			for _, i := range tc.indices {
+				assert.Assert(t, shdb.EncodeAddress(subset[i]) == keyperSet.Keypers[tc.indices[i]])
+			}
+		} else {
+			assert.Assert(t, err != nil)
+		}
+	}
+}

rolling-shutter/keyperimpl/gnosis/handlers.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"math"
 
-	"github.com/ethereum/go-ethereum/common"
 	"github.com/jackc/pgx/v4"
 	"github.com/jackc/pgx/v4/pgxpool"
 	pubsub "github.com/libp2p/go-libp2p-pubsub"
@@ -186,6 +185,24 @@ func (h *DecryptionKeysHandler) MessagePrototypes() []p2pmsg.Message {
 	return []p2pmsg.Message{&p2pmsg.DecryptionKeys{}}
 }
 
+func validateSignerIndices(extra *p2pmsg.DecryptionKeys_Gnosis, n int) (pubsub.ValidationResult, error) {
+	for i, signerIndex := range extra.Gnosis.SignerIndices {
+		if i >= 1 {
+			prevSignerIndex := extra.Gnosis.SignerIndices[i-1]
+			if signerIndex == prevSignerIndex {
+				return pubsub.ValidationReject, errors.New("duplicate signer index found")
+			}
+			if signerIndex < prevSignerIndex {
+				return pubsub.ValidationReject, errors.New("signer indices not ordered")
+			}
+		}
+		if signerIndex >= uint64(n) {
+			return pubsub.ValidationReject, errors.New("signer index out of range")
+		}
+	}
+	return pubsub.ValidationAccept, nil
+}
+
 func (h *DecryptionKeysHandler) ValidateMessage(ctx context.Context, msg p2pmsg.Message) (pubsub.ValidationResult, error) {
 	keys := msg.(*p2pmsg.DecryptionKeys)
 	extra, ok := keys.Extra.(*p2pmsg.DecryptionKeys_Gnosis)
@@ -220,25 +237,14 @@ func (h *DecryptionKeysHandler) ValidateMessage(ctx context.Context, msg p2pmsg.
 	if int32(len(extra.Gnosis.SignerIndices)) != keyperSet.Threshold {
 		return pubsub.ValidationReject, errors.Errorf("expected %d signers, got %d", keyperSet.Threshold, len(extra.Gnosis.SignerIndices))
 	}
-	signers := []common.Address{}
-	for i, signerIndex := range extra.Gnosis.SignerIndices {
-		if i >= 1 {
-			prevSignerIndex := extra.Gnosis.SignerIndices[i-1]
-			if signerIndex == prevSignerIndex {
-				return pubsub.ValidationReject, errors.New("duplicate signer index found")
-			}
-			if signerIndex < prevSignerIndex {
-				return pubsub.ValidationReject, errors.New("signer indices not ordered")
-			}
-		}
-		if signerIndex >= uint64(len(keyperSet.Keypers)) {
-			return pubsub.ValidationReject, errors.New("signer index out of range")
-		}
-		signer, err := shdb.DecodeAddress(keyperSet.Keypers[signerIndex])
-		if err != nil {
-			return pubsub.ValidationReject, errors.Wrap(err, "failed to decode signer address")
-		}
-		signers = append(signers, signer)
+
+	res, err := validateSignerIndices(extra, len(keyperSet.Keypers))
+	if res != pubsub.ValidationAccept {
+		return res, err
+	}
+	signers, err := keyperSet.GetSubset(extra.Gnosis.SignerIndices)
+	if err != nil {
+		return pubsub.ValidationReject, err
 	}
 
 	identityPreimages := []identitypreimage.IdentityPreimage{}