feature: XLS-86d - Firewall

include/xrpl/protocol/Feature.h

@@ -80,7 +80,7 @@ namespace detail {
 // Feature.cpp. Because it's only used to reserve storage, and determine how
 // large to make the FeatureBitset, it MAY be larger. It MUST NOT be less than
 // the actual number of amendments. A LogicError on startup will verify this.
-static constexpr std::size_t numFeatures = 83;
+static constexpr std::size_t numFeatures = 84;
 
 /** Amendments that this server supports and the default voting behavior.
    Whether they are enabled depends on the Rules defined in the validated

include/xrpl/protocol/Indexes.h

@@ -329,6 +329,20 @@ mptoken(uint256 const& mptokenKey)
 Keylet
 mptoken(uint256 const& issuanceKey, AccountID const& holder) noexcept;
 
+Keylet
+firewall(AccountID const& account) noexcept;
+
+Keylet
+withdrawPreauth(
+    AccountID const& owner,
+    AccountID const& preauthorized) noexcept;
+
+inline Keylet
+withdrawPreauth(uint256 const& key) noexcept
+{
+    return {ltWITHDRAW_PREAUTH, key};
+}
+
 }  // namespace keylet
 
 // Everything below is deprecated and should be removed in favor of keylets:
@@ -374,4 +388,4 @@ makeMptID(std::uint32_t sequence, AccountID const& account);
 
 }  // namespace ripple
 
-#endif
+#endif

include/xrpl/protocol/LedgerFormats.h

@@ -62,7 +62,6 @@ enum LedgerEntryType : std::uint16_t
 
 #undef LEDGER_ENTRY
 #pragma pop_macro("LEDGER_ENTRY")
-
     //---------------------------------------------------------------------------
     /** A special type, matching any ledger entry type.
 

include/xrpl/protocol/STTx.h

@@ -124,6 +124,10 @@ class STTx final : public STObject, public CountedObject<STTx>
     checkSign(RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules)
         const;
 
+    Expected<void, std::string>
+    checkFirewallSign(RequireFullyCanonicalSig requireCanonicalSig, Rules const& rules)
+        const;
+
     // SQL Functions with metadata.
     static std::string const&
     getMetaSQLInsertReplaceHeader();
@@ -141,10 +145,11 @@ class STTx final : public STObject, public CountedObject<STTx>
 
 private:
     Expected<void, std::string>
-    checkSingleSign(RequireFullyCanonicalSig requireCanonicalSig) const;
+    checkSingleSign(STObject const& obj, RequireFullyCanonicalSig requireCanonicalSig) const;
 
     Expected<void, std::string>
     checkMultiSign(
+        STObject const& obj,
         RequireFullyCanonicalSig requireCanonicalSig,
         Rules const& rules) const;
 

include/xrpl/protocol/TER.h

@@ -344,6 +344,7 @@ enum TECcodes : TERUnderlyingType {
     tecARRAY_TOO_LARGE = 191,
     tecLOCKED = 192,
     tecBAD_CREDENTIALS = 193,
+    tecFIREWALL_BLOCK = 194,
 };
 
 //------------------------------------------------------------------------------

include/xrpl/protocol/TxFormats.h

@@ -97,4 +97,4 @@ class TxFormats : public KnownFormats<TxType, TxFormats>
 
 }  // namespace ripple
 
-#endif
+#endif

include/xrpl/protocol/detail/features.macro

@@ -29,6 +29,7 @@
 // If you add an amendment here, then do not forget to increment `numFeatures`
 // in include/xrpl/protocol/Feature.h.
 
+XRPL_FEATURE(Firewall,                   Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(Credentials,                Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(AMMClawback,                Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (AMMv1_2,                    Supported::yes, VoteBehavior::DefaultNo)

include/xrpl/protocol/detail/ledger_entries.macro

@@ -436,3 +436,29 @@ LEDGER_ENTRY(ltCREDENTIAL, 0x0081, Credential, ({
     {sfPreviousTxnID,        soeREQUIRED},
     {sfPreviousTxnLgrSeq,    soeREQUIRED},
 }))
+
+/** A ledger object which tracks Firewall
+    \sa keylet::firewall
+ */
+LEDGER_ENTRY(ltFIREWALL, 0x0046, Firewall, ({
+    {sfOwner,               soeREQUIRED},
+    {sfIssuer,              soeREQUIRED},
+    {sfAmount,              soeOPTIONAL},
+    {sfTimePeriod,          soeOPTIONAL},
+    {sfTimePeriodStart,     soeOPTIONAL},
+    {sfTotalOut,            soeOPTIONAL},
+    {sfOwnerNode,           soeREQUIRED},
+    {sfPreviousTxnID,       soeREQUIRED},
+    {sfPreviousTxnLgrSeq,   soeREQUIRED}
+}))
+
+/** A ledger object which tracks WithdrawPreauth
+    \sa keylet::WithdrawPreauth
+ */
+LEDGER_ENTRY(ltWITHDRAW_PREAUTH, 0x0047, WithdrawPreauth, ({
+    {sfAccount,              soeREQUIRED},
+    {sfAuthorize,            soeREQUIRED},
+    {sfOwnerNode,            soeREQUIRED},
+    {sfPreviousTxnID,        soeREQUIRED},
+    {sfPreviousTxnLgrSeq,    soeREQUIRED},
+}))

include/xrpl/protocol/detail/sfields.macro

@@ -112,6 +112,8 @@ TYPED_SFIELD(sfEmitGeneration,           UINT32,    46)
 TYPED_SFIELD(sfVoteWeight,               UINT32,    48)
 TYPED_SFIELD(sfFirstNFTokenSequence,     UINT32,    50)
 TYPED_SFIELD(sfOracleDocumentID,         UINT32,    51)
+TYPED_SFIELD(sfTimePeriod,               UINT32,    52)
+TYPED_SFIELD(sfTimePeriodStart,          UINT32,    53)
 
 // 64-bit integers (common)
 TYPED_SFIELD(sfIndexNext,                UINT64,     1)
@@ -230,6 +232,7 @@ TYPED_SFIELD(sfPrice,                    AMOUNT,    28)
 TYPED_SFIELD(sfSignatureReward,          AMOUNT,    29)
 TYPED_SFIELD(sfMinAccountCreateAmount,   AMOUNT,    30)
 TYPED_SFIELD(sfLPTokenBalance,           AMOUNT,    31)
+TYPED_SFIELD(sfTotalOut,                 AMOUNT,    32)
 
 // variable length (common)
 TYPED_SFIELD(sfPublicKey,                VL,         1)
@@ -346,6 +349,7 @@ UNTYPED_SFIELD(sfXChainClaimAttestationCollectionElement, OBJECT, 30)
 UNTYPED_SFIELD(sfXChainCreateAccountAttestationCollectionElement, OBJECT, 31)
 UNTYPED_SFIELD(sfPriceData,              OBJECT,    32)
 UNTYPED_SFIELD(sfCredential,             OBJECT,    33)
+UNTYPED_SFIELD(sfFirewallSigner,         OBJECT,    34)
 
 // array of objects (common)
 // ARRAY/1 is reserved for end of array
@@ -375,3 +379,4 @@ UNTYPED_SFIELD(sfPriceDataSeries,        ARRAY,     24)
 UNTYPED_SFIELD(sfAuthAccounts,           ARRAY,     25)
 UNTYPED_SFIELD(sfAuthorizeCredentials,   ARRAY,     26)
 UNTYPED_SFIELD(sfUnauthorizeCredentials, ARRAY,     27)
+UNTYPED_SFIELD(sfFirewallSigners,        ARRAY,     28, SField::sMD_Default, SField::notSigning)

include/xrpl/protocol/detail/transactions.macro

@@ -447,6 +447,28 @@ TRANSACTION(ttCREDENTIAL_DELETE, 60, CredentialDelete, ({
     {sfCredentialType, soeREQUIRED},
 }))
 
+/** This transaction type creates an WithdrawPreauth instance */
+TRANSACTION(ttWITHDRAW_PREAUTH, 61, WithdrawPreauth, ({
+    {sfAuthorize, soeOPTIONAL},
+    {sfUnauthorize, soeOPTIONAL},
+    {sfPublicKey, soeREQUIRED},
+    {sfSignature, soeREQUIRED},
+}))
+
+/** This transaction type creates an Firewall instance */
+TRANSACTION(ttFIREWALL_SET, 62, FirewallSet, ({
+    {sfIssuer, soeOPTIONAL},
+    {sfAuthorize, soeOPTIONAL},
+    {sfAmount, soeOPTIONAL},
+    {sfTimePeriod, soeOPTIONAL},
+    {sfFirewallSigners, soeOPTIONAL},
+}))
+
+// /** This transaction type deletes an Firewall instance */
+// TRANSACTION(ttFIREWALL_DELETE, 63, FirewallDelete, ({
+//     {sfSignature, soeREQUIRED},
+// }))
+
 
 /** This system-generated transaction type is used to update the status of the various amendments.
 

include/xrpl/protocol/jss.h

@@ -73,6 +73,7 @@ JSS(EPrice);               // in: AMM Deposit option
 JSS(Escrow);               // ledger type.
 JSS(Fee);                  // in/out: TransactionSign; field.
 JSS(FeeSettings);          // ledger type.
+JSS(Firewall);             // ledger type.
 JSS(Flags);                // in/out: TransactionSign; field.
 JSS(Holder);               // field.
 JSS(Invalid);              //
@@ -307,6 +308,8 @@ JSS(fee_level);               // out: AccountInfo
 JSS(fee_mult_max);            // in: TransactionSign
 JSS(fee_ref);                 // out: NetworkOPs, DEPRECATED
 JSS(fetch_pack);              // out: NetworkOPs
+JSS(firewall);                // in: LedgerEntry
+JSS(withdraw_preauth);        // in: LedgerEntry
 JSS(FIELDS);                  // out: RPC server_definitions
                               // matches definitions.json format
 JSS(first);                   // out: rpc/Version
@@ -752,4 +755,4 @@ JSS(NegativeUNL);                           // out: ValidatorList; ledger type
 }  // namespace jss
 }  // namespace ripple
 
-#endif
+#endif

src/libxrpl/protocol/Feature.cpp

@@ -463,4 +463,4 @@ uint256 const
 [[maybe_unused]] static const bool readOnlySet =
     featureCollections.registrationIsDone();
 
-}  // namespace ripple
+}  // namespace ripple

src/libxrpl/protocol/Indexes.cpp

@@ -77,6 +77,8 @@ enum class LedgerNameSpace : std::uint16_t {
     MPTOKEN_ISSUANCE = '~',
     MPTOKEN = 't',
     CREDENTIAL = 'D',
+    FIREWALL = 'F',
+    WITHDRAW_PREAUTH = 'G',
 
     // No longer used or supported. Left here to reserve the space
     // to avoid accidental reuse.
@@ -519,6 +521,20 @@ credential(
         indexHash(LedgerNameSpace::CREDENTIAL, subject, issuer, credType)};
 }
 
+Keylet
+firewall(AccountID const& account) noexcept
+{
+    return {ltFIREWALL, indexHash(LedgerNameSpace::FIREWALL, account)};
+}
+
+Keylet
+withdrawPreauth(AccountID const& owner, AccountID const& preauthorized) noexcept
+{
+    return {
+        ltWITHDRAW_PREAUTH,
+        indexHash(LedgerNameSpace::WITHDRAW_PREAUTH, owner, preauthorized)};
+}
+
 }  // namespace keylet
 
-}  // namespace ripple
+}  // namespace ripple

src/libxrpl/protocol/InnerObjectFormats.cpp

@@ -154,6 +154,14 @@ InnerObjectFormats::InnerObjectFormats()
             {sfIssuer, soeREQUIRED},
             {sfCredentialType, soeREQUIRED},
         });
+
+    add(sfFirewallSigner.jsonName.c_str(),
+        sfFirewallSigner.getCode(),
+        {
+            {sfAccount, soeREQUIRED},
+            {sfSigningPubKey, soeREQUIRED},
+            {sfTxnSignature, soeREQUIRED},
+        });
 }
 
 InnerObjectFormats const&

src/libxrpl/protocol/LedgerFormats.cpp

@@ -56,4 +56,4 @@ LedgerFormats::getInstance()
     return instance;
 }
 
-}  // namespace ripple
+}  // namespace ripple