[Fix]: ISigner Only sign consensus messages (#3939)

* Fix: make the signer sign specific data

* Fix: make the signer sign specific data

---------

Co-authored-by: Shargon <[email protected]>
Co-authored-by: Vitor Nazário Coelho <[email protected]>

Author: 3 people

src/Neo.CLI/CLI/MainService.Wallet.cs

@@ -73,7 +73,7 @@ private void OnCloseWalletCommand()
 
             if (CurrentWallet is not null)
             {
-                SignerFactory.UnregisterSigner(CurrentWallet.Name);
+                SignerManager.UnregisterSigner(CurrentWallet.Name);
             }
 
             CurrentWallet = null;

src/Neo.CLI/CLI/MainService.cs

@@ -161,7 +161,7 @@ public void CreateWallet(string path, string password, bool createDefaultAccount
             wallet.Save();
 
             CurrentWallet = wallet;
-            SignerFactory.RegisterSigner(wallet.Name, wallet);
+            SignerManager.RegisterSigner(wallet.Name, wallet);
         }
 
         private bool NoWallet()
@@ -296,10 +296,10 @@ public void OpenWallet(string path, string password)
                 throw new FileNotFoundException($"Wallet file \"{path}\" not found.");
             }
 
-            if (CurrentWallet is not null) SignerFactory.UnregisterSigner(CurrentWallet.Name);
+            if (CurrentWallet is not null) SignerManager.UnregisterSigner(CurrentWallet.Name);
 
             CurrentWallet = Wallet.Open(path, password, NeoSystem.Settings) ?? throw new NotSupportedException();
-            SignerFactory.RegisterSigner(CurrentWallet.Name, CurrentWallet);
+            SignerManager.RegisterSigner(CurrentWallet.Name, CurrentWallet);
         }
 
         public async void Start(CommandLineOptions options)

src/Neo/Sign/ISigner.cs

@@ -10,7 +10,8 @@
 // modifications are permitted.
 
 using Neo.Cryptography.ECC;
-using Neo.SmartContract;
+using Neo.Network.P2P.Payloads;
+using Neo.Persistence;
 using System;
 
 namespace Neo.Sign
@@ -21,22 +22,27 @@ namespace Neo.Sign
     public interface ISigner
     {
         /// <summary>
-        /// Signs the <see cref="ContractParametersContext"/> with the wallet.
+        /// Signs the <see cref="ExtensiblePayload"/> with the wallet.
         /// </summary>
-        /// <param name="context">The <see cref="ContractParametersContext"/> to be used.</param>
-        /// <returns>
-        /// <see langword="true"/> if any signature is successfully added to the context;
-        /// otherwise, <see langword="false"/>.
-        /// </returns>
-        bool Sign(ContractParametersContext context);
+        /// <param name="payload">The <see cref="ExtensiblePayload"/> to be used.</param>
+        /// <param name="snapshot">The snapshot.</param>
+        /// <param name="network">The network.</param>
+        /// <returns>The witness.</returns>
+        /// <exception cref="ArgumentNullException">Thrown when the payload is null.</exception>
+        Witness SignExtensiblePayload(ExtensiblePayload payload, DataCache snapshot, uint network);
 
         /// <summary>
         /// Signs the specified data with the corresponding private key of the specified public key.
         /// </summary>
-        /// <param name="signData">The data to sign.</param>
+        /// <param name="block">The block to sign.</param>
         /// <param name="publicKey">The public key.</param>
+        /// <param name="network">The network.</param>
         /// <returns>The signature.</returns>
-        ReadOnlyMemory<byte> Sign(byte[] signData, ECPoint publicKey);
+        /// <exception cref="ArgumentNullException">Thrown when the block or public key is null.</exception>
+        /// <exception cref="SignException">
+        /// Thrown when the account is not found or not signable, or the network is not matching.
+        /// </exception>
+        ReadOnlyMemory<byte> SignBlock(Block block, ECPoint publicKey, uint network);
 
         /// <summary>
         /// Checks if the wallet contains an account(has private key and is not locked) with the specified public key.

src/Neo/Sign/SignerFactory.cs renamed to src/Neo/Sign/SignerManager.cs

@@ -1,6 +1,6 @@
 // Copyright (C) 2015-2025 The Neo Project.
 //
-// SignerFactory.cs file belongs to the neo project and is free
+// SignerManager.cs file belongs to the neo project and is free
 // software distributed under the MIT software license, see the
 // accompanying file LICENSE in the main directory of the
 // repository or http://www.opensource.org/licenses/mit-license.php
@@ -15,7 +15,7 @@
 
 namespace Neo.Sign
 {
-    public static class SignerFactory
+    public static class SignerManager
     {
         private static readonly ConcurrentDictionary<string, ISigner> s_signers = new();
 

src/Neo/Wallets/Wallet.cs

@@ -11,6 +11,7 @@
 
 using Neo.Cryptography;
 using Neo.Extensions;
+using Neo.Network.P2P;
 using Neo.Network.P2P.Payloads;
 using Neo.Persistence;
 using Neo.Sign;
@@ -664,11 +665,42 @@ public bool Sign(ContractParametersContext context)
             return fSuccess;
         }
 
-        /// <inheritdoc/>
-        public ReadOnlyMemory<byte> Sign(byte[] signData, ECPoint publicKey)
+        /// <summary>
+        /// Signs the specified extensible payload with the wallet.
+        /// </summary>
+        /// <param name="payload">The extensible payload to sign.</param>
+        /// <param name="snapshot">The snapshot.</param>
+        /// <param name="network">The network.</param>
+        /// <returns>The signature.</returns>
+        /// <exception cref="ArgumentNullException">Thrown when the payload is null.</exception>
+        public Witness SignExtensiblePayload(ExtensiblePayload payload, DataCache snapshot, uint network)
+        {
+            if (payload is null) throw new ArgumentNullException(nameof(payload));
+
+            var context = new ContractParametersContext(snapshot, payload, network);
+            Sign(context);
+
+            return context.GetWitnesses()[0];
+        }
+
+        /// <summary>
+        /// Signs the specified block with the specified public key.
+        /// </summary>
+        /// <param name="block">The block to sign.</param>
+        /// <param name="publicKey">The public key.</param>
+        /// <param name="network">The network.</param>
+        /// <returns>The signature.</returns>
+        /// <exception cref="ArgumentNullException">Thrown when the block or public key is null.</exception>
+        /// <exception cref="SignException">
+        /// Thrown when the account is not found, the private key is not found, the account is locked,
+        /// or the network is not matching.
+        /// </exception>
+        public ReadOnlyMemory<byte> SignBlock(Block block, ECPoint publicKey, uint network)
         {
-            if (signData is null) throw new ArgumentNullException(nameof(signData));
+            if (block is null) throw new ArgumentNullException(nameof(block));
             if (publicKey is null) throw new ArgumentNullException(nameof(publicKey));
+            if (network != ProtocolSettings.Network)
+                throw new SignException($"Network is not matching({ProtocolSettings.Network} != {network})");
 
             var account = GetAccount(publicKey);
             if (account is null)
@@ -681,10 +713,18 @@ public ReadOnlyMemory<byte> Sign(byte[] signData, ECPoint publicKey)
             if (account.Lock)
                 throw new SignException("Account is locked");
 
+            var signData = block.GetSignData(network);
             return Crypto.Sign(signData, privateKey);
         }
 
-        /// <inheritdoc/>
+        /// <summary>
+        /// Checks if the wallet contains an account with the specified public key.
+        /// </summary>
+        /// <param name="publicKey">The public key.</param>
+        /// <returns>
+        /// <see langword="true"/> if the account is found and has a private key and is not locked;
+        /// otherwise, <see langword="false"/>.
+        /// </returns>
         public bool ContainsSignable(ECPoint publicKey)
         {
             var account = GetAccount(publicKey);

src/Plugins/DBFTPlugin/Consensus/ConsensusContext.MakePayload.cs

@@ -11,11 +11,10 @@
 
 using Neo.Extensions;
 using Neo.Ledger;
-using Neo.Network.P2P;
 using Neo.Network.P2P.Payloads;
 using Neo.Plugins.DBFTPlugin.Messages;
 using Neo.Plugins.DBFTPlugin.Types;
-using Neo.SmartContract;
+using Neo.Sign;
 using System;
 using System.Buffers.Binary;
 using System.Collections.Generic;
@@ -40,10 +39,10 @@ public ExtensiblePayload MakeCommit()
             if (CommitPayloads[MyIndex] is not null)
                 return CommitPayloads[MyIndex];
 
-            var signData = EnsureHeader().GetSignData(dbftSettings.Network);
+            var block = EnsureHeader();
             CommitPayloads[MyIndex] = MakeSignedPayload(new Commit
             {
-                Signature = _signer.Sign(signData, _myPublicKey)
+                Signature = _signer.SignBlock(block, _myPublicKey, dbftSettings.Network)
             });
             return CommitPayloads[MyIndex];
         }
@@ -60,18 +59,15 @@ private ExtensiblePayload MakeSignedPayload(ConsensusMessage message)
 
         private void SignPayload(ExtensiblePayload payload)
         {
-            ContractParametersContext sc;
             try
             {
-                sc = new ContractParametersContext(neoSystem.StoreView, payload, dbftSettings.Network);
-                _signer.Sign(sc);
+                payload.Witness = _signer.SignExtensiblePayload(payload, Snapshot, dbftSettings.Network);
             }
-            catch (InvalidOperationException exception)
+            catch (InvalidOperationException ex)
             {
-                Utility.Log(nameof(ConsensusContext), LogLevel.Debug, exception.ToString());
+                Utility.Log(nameof(ConsensusContext), LogLevel.Debug, ex.ToString());
                 return;
             }
-            payload.Witness = sc.GetWitnesses()[0];
         }
 
         /// <summary>

src/Plugins/DBFTPlugin/DBFTPlugin.cs

@@ -87,7 +87,7 @@ void IWalletChangedHandler.IWalletProvider_WalletChanged_Handler(object sender,
         [ConsoleCommand("start consensus", Category = "Consensus", Description = "Start consensus service (dBFT)")]
         private void OnStart(string signerName = "")
         {
-            var signer = SignerFactory.GetSignerOrDefault(signerName);
+            var signer = SignerManager.GetSignerOrDefault(signerName);
             Start(signer ?? walletProvider.GetWallet());
         }