Return encrypted IDGraph when changed (#1080)

* add id_graph to ocall extrinsics

* adjust callback extrinsic

* add cross-env&&dotenv

* set env

* random shard for testing

* Change the versions of @PolkaDot

* change the version of @polkadot/types

* rm yarn.lock

* slight renaming

* change maxVerificationDelay to 30min

* change yarn.lock

* generateChallengeCode

* modify yarn run command

* change defaultSinger

* add getSinger

* add Sign functions

* add getSinger && generateChallengeCode

* add ID_HUB_URL for sign message

* modify defaultSigner

* modify shard

* add ethers provider&&wallet

* add eth endpoint

* add @ethersproject/providers&&ethers

* substrate&&ethereum tests

* web3 types

* nonce

* change methods name

* change methods name

* change events

* change methods name

* change event

* modify method name

* ts-test support `id_graph`

* fix bug

* remove log

* resolve conflicts

Co-authored-by: Verin1005 <daqingchong0809@gmail.com>
Co-authored-by: zzz <zhiming.zhong@litentry.com>

Author: 3 people

pallets/identity-management-mock/src/identity_context.rs

@@ -15,13 +15,14 @@
 // along with Litentry.  If not, see <https://www.gnu.org/licenses/>.
 
 use codec::{Decode, Encode, MaxEncodedLen};
+use frame_support::RuntimeDebugNoBound;
 use scale_info::TypeInfo;
 
 use crate::{BlockNumberOf, Config, Metadata};
 
 // The context associated with the (litentry-account, did) pair
 // TODO: maybe we have better naming
-#[derive(Clone, Eq, PartialEq, Debug, Encode, Decode, TypeInfo, MaxEncodedLen)]
+#[derive(Clone, Eq, PartialEq, RuntimeDebugNoBound, Encode, Decode, TypeInfo, MaxEncodedLen)]
 #[scale_info(skip_type_params(T))]
 #[codec(mel_bound())]
 pub struct IdentityContext<T: Config> {

pallets/identity-management-mock/src/lib.rs

@@ -129,28 +129,34 @@ pub mod pallet {
 		IdentityCreatedPlain {
 			account: T::AccountId,
 			identity: Identity,
+			id_graph: Vec<(Identity, IdentityContext<T>)>,
 		},
 		IdentityCreated {
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		},
 		// remove identity
 		IdentityRemovedPlain {
 			account: T::AccountId,
 			identity: Identity,
+			id_graph: Vec<(Identity, IdentityContext<T>)>,
 		},
 		IdentityRemoved {
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		},
 		// verify identity
 		IdentityVerifiedPlain {
 			account: T::AccountId,
 			identity: Identity,
+			id_graph: Vec<(Identity, IdentityContext<T>)>,
 		},
 		IdentityVerified {
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		},
 		// some error happened during processing in TEE, we use string-like
 		// parameters for more "generic" error event reporting
@@ -344,10 +350,12 @@ pub mod pallet {
 			Self::deposit_event(Event::<T>::IdentityCreatedPlain {
 				account: who.clone(),
 				identity: identity.clone(),
+				id_graph: Self::get_id_graph(&who),
 			});
 			Self::deposit_event(Event::<T>::IdentityCreated {
 				account: aes_encrypt_default(&key, who.encode().as_slice()),
 				identity: aes_encrypt_default(&key, identity.encode().as_slice()),
+				id_graph: aes_encrypt_default(&key, Self::get_id_graph(&who).encode().as_slice()),
 			});
 			Ok(())
 		}
@@ -375,10 +383,12 @@ pub mod pallet {
 			Self::deposit_event(Event::<T>::IdentityRemovedPlain {
 				account: who.clone(),
 				identity: identity.clone(),
+				id_graph: Self::get_id_graph(&who),
 			});
 			Self::deposit_event(Event::<T>::IdentityRemoved {
 				account: aes_encrypt_default(&key, who.encode().as_slice()),
 				identity: aes_encrypt_default(&key, identity.encode().as_slice()),
+				id_graph: aes_encrypt_default(&key, Self::get_id_graph(&who).encode().as_slice()),
 			});
 
 			Ok(())
@@ -450,10 +460,15 @@ pub mod pallet {
 				Self::deposit_event(Event::<T>::IdentityVerifiedPlain {
 					account: who.clone(),
 					identity: identity.clone(),
+					id_graph: Self::get_id_graph(&who),
 				});
 				Self::deposit_event(Event::<T>::IdentityVerified {
 					account: aes_encrypt_default(&key, who.encode().as_slice()),
 					identity: aes_encrypt_default(&key, identity.encode().as_slice()),
+					id_graph: aes_encrypt_default(
+						&key,
+						Self::get_id_graph(&who).encode().as_slice(),
+					),
 				});
 				Ok(())
 			})
@@ -487,9 +502,10 @@ pub mod pallet {
 			origin: OriginFor<T>,
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		) -> DispatchResultWithPostInfo {
 			let _ = T::TEECallOrigin::ensure_origin(origin)?;
-			Self::deposit_event(Event::IdentityCreated { account, identity });
+			Self::deposit_event(Event::IdentityCreated { account, identity, id_graph });
 			Ok(Pays::No.into())
 		}
 
@@ -498,9 +514,10 @@ pub mod pallet {
 			origin: OriginFor<T>,
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		) -> DispatchResultWithPostInfo {
 			let _ = T::TEECallOrigin::ensure_origin(origin)?;
-			Self::deposit_event(Event::IdentityRemoved { account, identity });
+			Self::deposit_event(Event::IdentityRemoved { account, identity, id_graph });
 			Ok(Pays::No.into())
 		}
 
@@ -509,9 +526,10 @@ pub mod pallet {
 			origin: OriginFor<T>,
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		) -> DispatchResultWithPostInfo {
 			let _ = T::TEECallOrigin::ensure_origin(origin)?;
-			Self::deposit_event(Event::IdentityVerified { account, identity });
+			Self::deposit_event(Event::IdentityVerified { account, identity, id_graph });
 			Ok(Pays::No.into())
 		}
 
@@ -663,5 +681,9 @@ pub mod pallet {
 			addr[..20].copy_from_slice(&hashed_pk[12..32]);
 			Ok(addr)
 		}
+
+		pub fn get_id_graph(who: &T::AccountId) -> Vec<(Identity, IdentityContext<T>)> {
+			IDGraphs::iter_prefix(who).collect::<Vec<_>>()
+		}
 	}
 }

pallets/identity-management-mock/src/mock.rs

@@ -252,6 +252,7 @@ pub fn setup_create_identity(
 	System::assert_has_event(Event::IdentityManagementMock(crate::Event::IdentityCreatedPlain {
 		account: who,
 		identity: identity.clone(),
+		id_graph: IdentityManagementMock::get_id_graph(&who),
 	}));
 	// encrypt the result
 	let aes_encrypted_account = aes_encrypt_default(&key, who.encode().as_slice());

pallets/identity-management/src/lib.rs

@@ -82,9 +82,9 @@ pub mod pallet {
 		// event that should be triggered by TEECallOrigin
 		UserShieldingKeySet { account: AesOutput },
 		ChallengeCodeGenerated { account: AesOutput, identity: AesOutput, code: AesOutput },
-		IdentityCreated { account: AesOutput, identity: AesOutput },
-		IdentityRemoved { account: AesOutput, identity: AesOutput },
-		IdentityVerified { account: AesOutput, identity: AesOutput },
+		IdentityCreated { account: AesOutput, identity: AesOutput, id_graph: AesOutput },
+		IdentityRemoved { account: AesOutput, identity: AesOutput, id_graph: AesOutput },
+		IdentityVerified { account: AesOutput, identity: AesOutput, id_graph: AesOutput },
 		// some error happened during processing in TEE, we use string-like
 		// parameters for more "generic" error event reporting
 		// TODO: maybe use concrete errors instead of events when we are more sure
@@ -177,9 +177,10 @@ pub mod pallet {
 			origin: OriginFor<T>,
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		) -> DispatchResultWithPostInfo {
 			let _ = T::TEECallOrigin::ensure_origin(origin)?;
-			Self::deposit_event(Event::IdentityCreated { account, identity });
+			Self::deposit_event(Event::IdentityCreated { account, identity, id_graph });
 			Ok(Pays::No.into())
 		}
 
@@ -188,9 +189,10 @@ pub mod pallet {
 			origin: OriginFor<T>,
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		) -> DispatchResultWithPostInfo {
 			let _ = T::TEECallOrigin::ensure_origin(origin)?;
-			Self::deposit_event(Event::IdentityRemoved { account, identity });
+			Self::deposit_event(Event::IdentityRemoved { account, identity, id_graph });
 			Ok(Pays::No.into())
 		}
 
@@ -199,9 +201,10 @@ pub mod pallet {
 			origin: OriginFor<T>,
 			account: AesOutput,
 			identity: AesOutput,
+			id_graph: AesOutput,
 		) -> DispatchResultWithPostInfo {
 			let _ = T::TEECallOrigin::ensure_origin(origin)?;
-			Self::deposit_event(Event::IdentityVerified { account, identity });
+			Self::deposit_event(Event::IdentityVerified { account, identity, id_graph });
 			Ok(Pays::No.into())
 		}
 

runtime/litmus/src/lib.rs

@@ -797,7 +797,7 @@ ord_parameter_types! {
 impl pallet_identity_management_mock::Config for Runtime {
 	type Event = Event;
 	type ManageWhitelistOrigin = EnsureRootOrAllCouncil;
-	type MaxVerificationDelay = ConstU32<10>;
+	type MaxVerificationDelay = ConstU32<{ 30 * MINUTES }>;
 	// intentionally use ALICE for the IMP mock
 	type TEECallOrigin = EnsureSignedBy<ALICE, AccountId>;
 }

runtime/rococo/src/lib.rs

@@ -871,8 +871,8 @@ ord_parameter_types! {
 
 impl pallet_identity_management_mock::Config for Runtime {
 	type Event = Event;
-	type ManageWhitelistOrigin = EnsureRoot<Self::AccountId>;
-	type MaxVerificationDelay = ConstU32<10>;
+	type ManageWhitelistOrigin = EnsureRootOrAllCouncil;
+	type MaxVerificationDelay = ConstU32<{ 30 * MINUTES }>;
 	// intentionally use ALICE for the IMP mock
 	type TEECallOrigin = EnsureSignedBy<ALICE, AccountId>;
 }

tee-worker/app-libs/sgx-runtime/src/lib.rs

@@ -77,6 +77,7 @@ pub use sp_runtime::BuildStorage;
 pub use sp_runtime::{Perbill, Permill};
 
 // litentry
+use litentry_primitives::MINUTES;
 pub use pallet_imt::{self, Call as IdentityManagementCall};
 
 /// Block type as expected by this sgx-runtime.
@@ -264,7 +265,7 @@ impl pallet_imt::Config for Runtime {
 	type Event = Event;
 	type ManageOrigin = EnsureRoot<AccountId>;
 	type MaxMetadataLength = ConstU32<128>;
-	type MaxVerificationDelay = ConstU32<20>;
+	type MaxVerificationDelay = ConstU32<{ 30 * MINUTES }>;
 }
 
 // The plain sgx-runtime without the `evm-pallet`

tee-worker/app-libs/stf/src/trusted_call.rs

@@ -440,11 +440,14 @@ where
 					Ok(code) => {
 						debug!("create_identity {} OK", account_id_to_string(&who));
 						if let Some(key) = IdentityManagement::user_shielding_keys(&who) {
+							let id_graph =
+								ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
 							calls.push(OpaqueCall::from_tuple(&(
 								node_metadata_repo
 									.get_from_metadata(|m| m.identity_created_call_indexes())??,
 								aes_encrypt_default(&key, &who.encode()),
 								aes_encrypt_default(&key, &identity.encode()),
+								aes_encrypt_default(&key, &id_graph.encode()),
 							)));
 							calls.push(OpaqueCall::from_tuple(&(
 								node_metadata_repo.get_from_metadata(|m| {
@@ -486,11 +489,14 @@ where
 					Ok(()) => {
 						debug!("remove_identity {} OK", account_id_to_string(&who));
 						if let Some(key) = IdentityManagement::user_shielding_keys(&who) {
+							let id_graph =
+								ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
 							calls.push(OpaqueCall::from_tuple(&(
 								node_metadata_repo
 									.get_from_metadata(|m| m.identity_removed_call_indexes())??,
 								aes_encrypt_default(&key, &who.encode()),
 								aes_encrypt_default(&key, &identity.encode()),
+								aes_encrypt_default(&key, &id_graph.encode()),
 							)));
 						} else {
 							calls.push(OpaqueCall::from_tuple(&(
@@ -535,11 +541,14 @@ where
 					Ok(()) => {
 						debug!("verify_identity {} OK", account_id_to_string(&who));
 						if let Some(key) = IdentityManagement::user_shielding_keys(&who) {
+							let id_graph =
+								ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
 							calls.push(OpaqueCall::from_tuple(&(
 								node_metadata_repo
 									.get_from_metadata(|m| m.identity_verified_call_indexes())??,
 								aes_encrypt_default(&key, &who.encode()),
 								aes_encrypt_default(&key, &identity.encode()),
+								aes_encrypt_default(&key, &id_graph.encode()),
 							)));
 						} else {
 							calls.push(OpaqueCall::from_tuple(&(

tee-worker/app-libs/stf/src/trusted_call_litentry.rs

@@ -186,16 +186,13 @@ impl TrustedCallSigned {
 		who: AccountId,
 		assertion: Assertion,
 	) -> StfResult<()> {
-		let v_identity_context =
-			ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_identity_and_identity_context(&who);
+		let id_graph = ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
 
 		let mut vec_identity: BoundedVec<Identity, MaxIdentityLength> = vec![].try_into().unwrap();
 
-		for identity_ctx in &v_identity_context {
-			if identity_ctx.1.is_verified {
-				vec_identity
-					.try_push(identity_ctx.0.clone())
-					.map_err(|_| StfError::AssertionBuildFail)?;
+		for id in &id_graph {
+			if id.1.is_verified {
+				vec_identity.try_push(id.0.clone()).map_err(|_| StfError::AssertionBuildFail)?;
 			}
 		}
 

tee-worker/litentry/pallets/identity-management/src/lib.rs

@@ -247,9 +247,7 @@ pub mod pallet {
 	}
 
 	impl<T: Config> Pallet<T> {
-		pub fn get_identity_and_identity_context(
-			who: &T::AccountId,
-		) -> Vec<(Identity, IdentityContext<T>)> {
+		pub fn get_id_graph(who: &T::AccountId) -> Vec<(Identity, IdentityContext<T>)> {
 			IDGraphs::iter_prefix(who).collect::<Vec<_>>()
 		}
 	}