sappenin
commented
6 years ago The implementations of the different conditions have package private constructors for constructing a condition from just the fingerprint. This makes creating an instance from a codec.read() operation a challenge.
Yes, I see the problem. I think the constructors of PreimageSha256Condition are improperly structured (read more about that below).
Overall, I definitely think we do not need a separate class type for InterledgerSha256Condition, but I am open to keeping InterledgerSha256Fulfillment. But even then, I'm not so sure.
From my perspective, this issue has two orthogonal concerns:
- How do we encode an ILP Condition/Fulfillment in OER, while in the same application allow a crypto-condition variant to be encoded/decoded using DER.
- How do we restrict the ILP Condition/Fulfillment to have a cost of 32, and a type of `PREIMAGE_SHA_256".
The first concern (encoding) is already solved by the Codec framework. First, in the general case, no developer should be directly creating a PreimageSha256 Condition. Instead, developers should be creating a Fulfillment and then generating the Condition from there. Two exceptions to this rule are in a Codec, or in a testing scenario (and in the testing scenario, creating a Fulfillment, and then a Condition, should suffice). In the Codec scenario, we do need to allow developers to deserialize from something (bytes, JSON, etc) into a Condition class, which means we need some sort of Constructor there to allow Codecs that don't live in the org.interledger.cryptoconditions package. More specifically, encoding/decoding of a Condition should be the same for either type, but we need a mechanism to allow a single piece of software to encode the same class (PreimageSha256Condition) using two different encodings: OER sometimes, and DER sometimes.
In this case, I think the CodecFactory solves for this: a developer simply needs to create two different codecs (one for OER, and one for DER), and use them where appropriate. Likewise if a third or fourth encoding were to be introduced (like JSON or XML, for example), then there would be additional Codec's constructed. In other words, it's already a requirement for the same application to be able to encode/decode the same classes using different encodings, and the Codec framework solves for this -- so, no need to create a special class-type just to satisfy the Codec.
Next, on the Fulfillment side, we need to allow developers to be able to create a special type of PreimageSha256Fulfillment called InterledgerSha256Fulfillment that restricts the preimage size and cost. Here, I'm on the fence. On the one hand, we could create just a factory class called InterledgerSha256Fulfillment, and it will simply generate a PreimageSha256Fulfillment while enforcing the constraints that it should have. The downside to this is that in various service interfaces, the type would still be PreimageSha256Fulfillment, and implementations would need to enforce the restrictions, which is not ideal.
So, this is why I'm open to a new type of Fulfillment, specifically for ILP, that lives in java-ilp-core. To that end, I propose the following:
- Adjust the constructor for
PrimageSha256Conditionthat takes apreimageto bepackage-private. Nobody should be constructing a condition from a preimage (instead, they should construct aFulfillmentand then get the correspondingCondition). - Adjust the constructor that takes a
costandfingerprintto bepublic. This will allow Codec developers to deserialize whatever encoding they're reading into an Instance ofPreimageSha256Condition. In my mind, thePreimageSha256Conditionand theInterledgerSha256Conditionare both PreimageSha256 conditions -- only difference is the required cost, but that value will have come from a Fulfillment that was serialized to the encoding, so no need for a special class-type here -- it's all aPreimageSha256Condition. - Adjust the toString of PreimageSha256Fulfillment to use the class simpleName when emitting the toString.
- Keep the class
InterledgerSha256Fulfillment, and structure it like this (extending fromPreimageSha256Fulfillment):
/**
* An implementation of {@link Fulfillment} for a crypto-condition fulfillment of type
* "PREIMAGE-SHA-256" based upon a preimage and the SHA-256 hash function.
*
* @see "https://datatracker.ietf.org/doc/draft-thomas-crypto-conditions/"
*/
public class InterledgerSha256Fulfillment extends PreimageSha256Fulfillment
implements Fulfillment<InterledgerSha256Condition> {
public static final int INTERLEDGER_FULFILLMENT_LENGTH = 32;
/**
* Constructs an instance of the fulfillment.
*
* @param preimage The preimage associated with the fulfillment.
*/
public InterledgerSha256Fulfillment(final byte[] preimage) {
super(preimage);
if(preimage.length != INTERLEDGER_FULFILLMENT_LENGTH) {
throw new IllegalArgumentException("Preimage must be exactly 32 bytes");
}
}
}In this way, an interface could specify a InterledgerSha256Fulfillment or a PreimageSha256Fulfillment, and interfaces (like java-ilp-plugin) could either type to PreimageSha256Fulfillment and accept both without issue, or be made generic, like this:
interface handleFulfillment<T extends PreimageSha256Fulfillment>{
void handleFulfillment(T fulfillment);
}In summary, this counter-proposal seems to solve for all three of the requirements:
- Allow a Condition/Fulfillment to be encoded using OER (
hashfor a condition andpreimagefor a Fulfillment). - Force the
InterledgerSha256Fulfillmentto always be of typePREIMAGE-SHA-256. - Force the
InterledgerSha256Fulfillmentto always have a cost of 32.
Anything I'm missing?
adrianhopebailie
How I would implement https://github.com/interledger/java-ilp-core/issues/101
This highlights a few issues that have been introduced into
java-crypto-conditionsOR suggests this is a bad approach:The implementations of the different conditions have package private constructors for constructing a condition from just the fingerprint. This makes creating an instance from a
codec.read()operation a challenge.As a result of not being able to use
org.interledger.cryptoconditions.PreimageSha256Condition(see above) it was necessary to create an alternate implementation. This may not be a bad thing to do but we should consider whether these are comparable to each other. I.e. Are two conditions equal where they have the same hash but one is an instance oforg.interledger.cryptoconditions.InterledgerSha256Conditionand the otherorg.interledger.cryptoconditions.PreimageSha256ConditionThe codec context fails lookups if the provided class for a write operation implements an interface that extends another interface that was used to register the codec. i.e. Passing an instance of
InterledgerSha256Conditionfails because it implementsSimpleConditionwhich extendsConditionwhich is the class used to register the codec. The issue is in https://github.com/interledger/java-ilp-core/blob/development/src/main/java/org/interledger/codecs/CodecContext.java#L297