Add transaction signing API endpoint with stub impl

[rvl]

Issue Number

ADP-902

Overview

• Swagger spec updates for new transaction signing API.
• New API types and servant stuff.
• Rename some definitions to old so as to mark them as soft-deprecated.
• Add stub implementation to server handler with TODO comments.

[paweljakubas]

Maybe introduce newtype TxBody rather than ByteString ?

[rvl]

Yes it needs some type, but that will be added in the next PR. This function is a placeholder stub, so I hope that ByteString is good enough for the moment.

[paweljakubas]

we want both json and octet, not just octet?

[paweljakubas]

Is it connected with the fact that we want both binary (serviced by octet) and hex string (serviced by json)?

[rvl]

The user can decide whether they want raw transaction bytes, or hex-encoded bytes inside a JSON object.

[paweljakubas]

"lenient" here 🤔

[rvl]

It means that there is no minimum length for the given passphrase.
We only want a minimum length when creating a new wallet or changing its password.

[paweljakubas]

very elegant I must say:-)

[paweljakubas]

ah, I got it now, why [JSON, OctetStream]

[paweljakubas]

what about waiting with Transactions -> Legacy Transactions and stable -> deprecated until the last ticket in this epic?

[rvl]

OK fair enough.

[paweljakubas]

How should I understand this? Either we get serialized hex which means all needed witnesses were constructed and added and the signed txs can be submitted OR I have partially signed tx, ie., not enough witnesses collected yet to treat it as fully signed tx?

[rvl]

I added some more swagger doc strings.
The idea is that the user can submit an encoded tx, or an encoded tx body with zero or more witnesses.
The signing endpoint will add new witnesses to the set.

[paweljakubas]

@rvl we have now

1. postSignTransaction in which we have serialized tx body and password needed to sign. As a result we have blob that can be sent.
2. postSignedTransaction which submits the result of 1.

What about creating serialized tx body from outputs, delegations, ... It is in another ticket, right?

[rvl]

Thanks for the review comments @paweljakubas .

You were probably slightly confused because I made an error with the return types.
PostSignedTransaction should return either a TxId or error, nothing else.

Constructing the TxBody is for another PR, ticket ADP-909.

[KtorZ]

What about signatures to be a bit more rest-ish. Verbs / action should ideally be captured by the HTTP method.

[rvl]

I'm afraid that REST is a poor fit for this endpoint (perhaps in general too, but that's a separate discussion).

The resource is the wallet (specifically the keys contained in the wallet) and action is to sign a blob of data (a TxBody), given a spending password, and return the blob of data plus its signatures (TxBody + TxWits).

None of the HTTPs methods adequately describe this signing operation. And no request path name can make a verb look like a noun.

So I think the least worst name is something short and simple: POST /v2/wallet/<id>/transactions/sign.

Slightly related, I think the corresponding servant handler function name I have chosen is thoroughly confusing: postSignTransaction. What do you think of renaming that to signTransactionHandler ?

[KtorZ]

(perhaps in general too, but that's a separate discussion).

I couldn't agree more.

None of the HTTPs methods adequately describe this signing operation. And no request path name can make a verb look like a noun.

I see it differently 🤔 , to me POST /wallets/{walletId}/witnesses for instance would read just fine. This creates a witness resource from a given payload on the given wallet. So it's kinda rest-ish.

Slightly related, I think the corresponding servant handler function name I have chosen is thoroughly confusing: postSignTransaction. What do you think of renaming that to signTransactionHandler ?

Yeah... I always have mixed feelings when naming handlers. One the one hand, keeping some form of consistent naming from the endpoint structure makes it "brain dead" and easy to name / figure out. But on the other hand, it's often ugly and, we have deviated so many times from it that we have lost any benefits from consistent naming. This being said, I like your suggestion 😊

[KtorZ]

We've avoided shorten names and acronym in the API so far. I'd suggest to go for "transaction" or "body" since this is really just the transaction body without witnesses in principle.

[rvl]

Yep good idea, fixed.

[KtorZ]

Wouldn't Base64 be a better fit here? We typically use Base16 for short-ish strings and base64 for longer payloads.

[rvl]

I don't think it matters that much. I thought hex might be slightly easier to use. Base64 is 1.33× raw size and hex is 2× raw size - both acceptable for transactions given their max size. Anyway I have changed it to Base64 because the sign metadata endpoint uses Base64, as you say. I also changed the encoding accepted by the cardano-wallet transaction submit CLI from hex to base64 to align with this.

[KtorZ]

I didn't catch where the code from Api/Types could generate a tx_body field 🤔 ?

[rvl]

Yes I changed the types and forgot to update these tests.

[KtorZ]

👍

[paweljakubas]

lgtm, the rest bits can come in next PRs

[Anviking]

Why is SerialisedTxParts needed when we have SerialisedTx?

Isn't the structure it exposes already unambiguously exposed in the raw CBOR?

[rvl]

Yes, but I think it will be helpful for API consumers to get both.

[rvl]

bors r+

[paweljakubas]

well, as I did in construct tx PR, one can argue we can read public reward account key from wallet state, we need this structure only when private reward account key is needed...which probably is the case here

[paweljakubas]

much work is needed to implement signing and prove it works which is to be done in coming PRs. API seems reasonable, some solid/beautifully-conveying-idea-under-the-hood data structures were introduced

[iohk-bors]

Build succeeded:

• ci/hydra-build:required
• buildkite/cardano-wallet