Transaction tear-offsΒΆ

Suppose we want to construct a transaction that includes commands containing interest rate fix data as in Writing oracle services. Before sending the transaction to the oracle to obtain its signature, we need to filter out every part of the transaction except for the Fix commands.

To do so, we need to create a filtering function that specifies which fields of the transaction should be included. Each field will only be included if the filtering function returns true when the field is passed in as input.

val filtering = Predicate<Any> {
    when (it) {
        is Command<*> -> oracle.owningKey in it.signers && it.value is Fix
        else -> false
    }
}

We can now use our filtering function to construct a FilteredTransaction:

val ftx: FilteredTransaction = stx.buildFilteredTransaction(filtering)

In the Oracle example this step takes place in RatesFixFlow by overriding the filtering function. See Using an oracle.

FilteredTransaction holds filteredLeaves (data that we wanted to reveal) and Merkle branch for them.

// Direct access to included commands, inputs, outputs, attachments etc.
val cmds: List<Command<*>> = ftx.commands
val ins: List<StateRef> = ftx.inputs
val timeWindow: TimeWindow? = ftx.timeWindow
// ...

The following code snippet is taken from NodeInterestRates.kt and implements a signing part of an Oracle.

fun sign(ftx: FilteredTransaction): TransactionSignature {
    ftx.verify()
    // Performing validation of obtained filtered components.
    fun commandValidator(elem: Command<*>): Boolean {
        require(services.myInfo.legalIdentities.first().owningKey in elem.signers && elem.value is Fix) {
            "Oracle received unknown command (not in signers or not Fix)."
        }
        val fix = elem.value as Fix
        val known = knownFixes[fix.of]
        if (known == null || known != fix)
            throw UnknownFix(fix.of)
        return true
    }

    fun check(elem: Any): Boolean {
        return when (elem) {
            is Command<*> -> commandValidator(elem)
            else -> throw IllegalArgumentException("Oracle received data of different type than expected.")
        }
    }

    require(ftx.checkWithFun(::check))

    // It all checks out, so we can return a signature.
    //
    // Note that we will happily sign an invalid transaction, as we are only being presented with a filtered
    // version so we can't resolve or check it ourselves. However, that doesn't matter much, as if we sign
    // an invalid transaction the signature is worthless.
    return services.createSignature(ftx, services.myInfo.legalIdentities.first().owningKey)
}

Note

The way the FilteredTransaction is constructed ensures that after signing of the root hash it’s impossible to add or remove leaves. However, it can happen that having transaction with multiple commands one party reveals only subset of them to the Oracle. As signing is done now over the Merkle root hash, the service signs all commands of given type, even though it didn’t see all of them. This issue will be handled after implementing partial signatures.