cosmos · AdityaSripal · Mar 26, 2020 · Mar 26, 2020 · Mar 26, 2020 · Mar 27, 2020
@@ -176,16 +176,19 @@ func NewSimApp(
 	app.subspaces[crisis.ModuleName] = app.ParamsKeeper.Subspace(crisis.DefaultParamspace)
 	app.subspaces[evidence.ModuleName] = app.ParamsKeeper.Subspace(evidence.DefaultParamspace)
 
+	// add capability keeper and ScopeToModule for ibc module
+	app.CapabilityKeeper = capability.NewKeeper(
+		app.cdc, keys[capability.StoreKey], memKeys[capability.MemStoreKey],
+	)
+	scopedIBCKeeper := app.CapabilityKeeper.ScopeToModule(ibc.ModuleName)
+
 	// add keepers
 	app.AccountKeeper = auth.NewAccountKeeper(
 		appCodec, keys[auth.StoreKey], app.subspaces[auth.ModuleName], auth.ProtoBaseAccount,
 	)
 	app.BankKeeper = bank.NewBaseKeeper(
 		appCodec, keys[bank.StoreKey], app.AccountKeeper, app.subspaces[bank.ModuleName], app.BlacklistedAccAddrs(),
 	)
-	app.CapabilityKeeper = capability.NewKeeper(
-		app.cdc, keys[capability.StoreKey], memKeys[capability.MemStoreKey],
-	)
 	app.SupplyKeeper = supply.NewKeeper(
 		appCodec, keys[supply.StoreKey], app.AccountKeeper, app.BankKeeper, maccPerms,
 	)
@@ -236,7 +239,7 @@ func NewSimApp(
 	)
 
 	app.IBCKeeper = ibc.NewKeeper(
-		app.cdc, keys[ibc.StoreKey], app.StakingKeeper,
+		app.cdc, keys[ibc.StoreKey], app.StakingKeeper, scopedIBCKeeper,
 	)
 
 	transferCapKey := app.IBCKeeper.PortKeeper.BindPort(bank.ModuleName)

@@ -8,9 +8,9 @@ import (
 
 // HandleMsgChannelOpenInit defines the sdk.Handler for MsgChannelOpenInit
 func HandleMsgChannelOpenInit(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelOpenInit) (*sdk.Result, error) {
-	err := k.ChanOpenInit(
+	_, err := k.ChanOpenInit(
 		ctx, msg.Channel.Ordering, msg.Channel.ConnectionHops, msg.PortID, msg.ChannelID,
-		msg.Channel.Counterparty, msg.Channel.Version,
+		msg.PortCap, msg.Channel.Counterparty, msg.Channel.Version,
 	)
 	if err != nil {
 		return nil, err
@@ -39,8 +39,8 @@ func HandleMsgChannelOpenInit(ctx sdk.Context, k keeper.Keeper, msg types.MsgCha
 
 // HandleMsgChannelOpenTry defines the sdk.Handler for MsgChannelOpenTry
 func HandleMsgChannelOpenTry(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelOpenTry) (*sdk.Result, error) {
-	err := k.ChanOpenTry(ctx, msg.Channel.Ordering, msg.Channel.ConnectionHops, msg.PortID, msg.ChannelID,
-		msg.Channel.Counterparty, msg.Channel.Version, msg.CounterpartyVersion, msg.ProofInit, msg.ProofHeight,
+	_, err := k.ChanOpenTry(ctx, msg.Channel.Ordering, msg.Channel.ConnectionHops, msg.PortID, msg.ChannelID,
+		msg.PortCap, msg.Channel.Counterparty, msg.Channel.Version, msg.CounterpartyVersion, msg.ProofInit, msg.ProofHeight,
 	)
 	if err != nil {
 		return nil, err
@@ -70,7 +70,7 @@ func HandleMsgChannelOpenTry(ctx sdk.Context, k keeper.Keeper, msg types.MsgChan
 // HandleMsgChannelOpenAck defines the sdk.Handler for MsgChannelOpenAck
 func HandleMsgChannelOpenAck(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelOpenAck) (*sdk.Result, error) {
 	err := k.ChanOpenAck(
-		ctx, msg.PortID, msg.ChannelID, msg.CounterpartyVersion, msg.ProofTry, msg.ProofHeight,
+		ctx, msg.PortID, msg.ChannelID, msg.ChannelCap, msg.CounterpartyVersion, msg.ProofTry, msg.ProofHeight,
 	)
 	if err != nil {
 		return nil, err
@@ -96,7 +96,7 @@ func HandleMsgChannelOpenAck(ctx sdk.Context, k keeper.Keeper, msg types.MsgChan
 
 // HandleMsgChannelOpenConfirm defines the sdk.Handler for MsgChannelOpenConfirm
 func HandleMsgChannelOpenConfirm(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelOpenConfirm) (*sdk.Result, error) {
-	err := k.ChanOpenConfirm(ctx, msg.PortID, msg.ChannelID, msg.ProofAck, msg.ProofHeight)
+	err := k.ChanOpenConfirm(ctx, msg.PortID, msg.ChannelID, msg.ChannelCap, msg.ProofAck, msg.ProofHeight)
 	if err != nil {
 		return nil, err
 	}
@@ -121,7 +121,7 @@ func HandleMsgChannelOpenConfirm(ctx sdk.Context, k keeper.Keeper, msg types.Msg
 
 // HandleMsgChannelCloseInit defines the sdk.Handler for MsgChannelCloseInit
 func HandleMsgChannelCloseInit(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelCloseInit) (*sdk.Result, error) {
-	err := k.ChanCloseInit(ctx, msg.PortID, msg.ChannelID)
+	err := k.ChanCloseInit(ctx, msg.PortID, msg.ChannelID, msg.ChannelCap)
 	if err != nil {
 		return nil, err
 	}
@@ -146,7 +146,7 @@ func HandleMsgChannelCloseInit(ctx sdk.Context, k keeper.Keeper, msg types.MsgCh
 
 // HandleMsgChannelCloseConfirm defines the sdk.Handler for MsgChannelCloseConfirm
 func HandleMsgChannelCloseConfirm(ctx sdk.Context, k keeper.Keeper, msg types.MsgChannelCloseConfirm) (*sdk.Result, error) {
-	err := k.ChanCloseConfirm(ctx, msg.PortID, msg.ChannelID, msg.ProofInit, msg.ProofHeight)
+	err := k.ChanCloseConfirm(ctx, msg.PortID, msg.ChannelID, msg.ChannelCap, msg.ProofInit, msg.ProofHeight)
 	if err != nil {
 		return nil, err
 	}

@@ -3,12 +3,15 @@ package keeper
 import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
+	"github.com/cosmos/cosmos-sdk/x/capability"
 	connection "github.com/cosmos/cosmos-sdk/x/ibc/03-connection"
 	connectionexported "github.com/cosmos/cosmos-sdk/x/ibc/03-connection/exported"
+	porttypes "github.com/cosmos/cosmos-sdk/x/ibc/05-port/types"
 
 	"github.com/cosmos/cosmos-sdk/x/ibc/04-channel/exported"
 	"github.com/cosmos/cosmos-sdk/x/ibc/04-channel/types"
 	commitmentexported "github.com/cosmos/cosmos-sdk/x/ibc/23-commitment/exported"
+	ibctypes "github.com/cosmos/cosmos-sdk/x/ibc/types"
 )
 
 // CounterpartyHops returns the connection hops of the counterparty channel.
@@ -33,38 +36,44 @@ func (k Keeper) ChanOpenInit(
 	connectionHops []string,
 	portID,
 	channelID string,
+	portCap capability.Capability,
 	counterparty types.Counterparty,
 	version string,
-) error {
+) (capability.Capability, error) {
 	// channel identifier and connection hop length checked on msg.ValidateBasic()
 
 	_, found := k.GetChannel(ctx, portID, channelID)
 	if found {
-		return sdkerrors.Wrap(types.ErrChannelExists, channelID)
+		return nil, sdkerrors.Wrap(types.ErrChannelExists, channelID)
 	}
 
 	connectionEnd, found := k.connectionKeeper.GetConnection(ctx, connectionHops[0])
 	if !found {
-		return sdkerrors.Wrap(connection.ErrConnectionNotFound, connectionHops[0])
+		return nil, sdkerrors.Wrap(connection.ErrConnectionNotFound, connectionHops[0])
 	}
 
 	if connectionEnd.GetState() == connectionexported.UNINITIALIZED {
-		return sdkerrors.Wrap(
+		return nil, sdkerrors.Wrap(
 			connection.ErrInvalidConnectionState,
 			"connection state cannot be UNINITIALIZED",
 		)
 	}
 
+	if !k.portKeeper.Authenticate(ctx, portCap, portID) {
+		return nil, sdkerrors.Wrap(porttypes.ErrInvalidPort, "caller does not own port capability")
+	}
+
 	channel := types.NewChannel(exported.INIT, order, counterparty, connectionHops, version)
 	k.SetChannel(ctx, portID, channelID, channel)
 
-	// TODO: blocked by #5542
-	// key := ""
-	// k.SetChannelCapability(ctx, portID, channelID, key)
+	capKey, err := k.scopedKeeper.NewCapability(ctx, ibctypes.ChannelCapabilityPath(portID, channelID))
+	if err != nil {
+		return nil, sdkerrors.Wrap(types.ErrInvalidChannelCapability, err.Error())
+	}
 	k.SetNextSequenceSend(ctx, portID, channelID, 1)
 	k.SetNextSequenceRecv(ctx, portID, channelID, 1)
 
-	return nil
+	return capKey, nil
 }
 
 // ChanOpenTry is called by a module to accept the first step of a channel opening
@@ -75,12 +84,13 @@ func (k Keeper) ChanOpenTry(
 	connectionHops []string,
 	portID,
 	channelID string,
+	portCap capability.Capability,
 	counterparty types.Counterparty,
 	version,
 	counterpartyVersion string,
 	proofInit commitmentexported.Proof,
 	proofHeight uint64,
-) error {
+) (capability.Capability, error) {
 	// channel identifier and connection hop length checked on msg.ValidateBasic()
 
 	previousChannel, found := k.GetChannel(ctx, portID, channelID)
@@ -93,19 +103,17 @@ func (k Keeper) ChanOpenTry(
 		sdkerrors.Wrap(types.ErrInvalidChannel, "cannot relay connection attempt")
 	}
 
-	// TODO: blocked by #5542
-	// key := sdk.NewKVStoreKey(portID)
-	// if !k.portKeeper.Authenticate(key, portID) {
-	// 	return sdkerrors.Wrap(port.ErrInvalidPort, portID)
-	// }
+	if !k.portKeeper.Authenticate(ctx, portCap, portID) {
+		return nil, sdkerrors.Wrap(porttypes.ErrInvalidPort, "caller does not own port capability")
+	}
 
 	connectionEnd, found := k.connectionKeeper.GetConnection(ctx, connectionHops[0])
 	if !found {
-		return sdkerrors.Wrap(connection.ErrConnectionNotFound, connectionHops[0])
+		return nil, sdkerrors.Wrap(connection.ErrConnectionNotFound, connectionHops[0])
 	}
 
 	if connectionEnd.GetState() != connectionexported.OPEN {
-		return sdkerrors.Wrapf(
+		return nil, sdkerrors.Wrapf(
 			connection.ErrInvalidConnectionState,
 			"connection state is not OPEN (got %s)", connectionEnd.GetState().String(),
 		)
@@ -133,26 +141,28 @@ func (k Keeper) ChanOpenTry(
 		ctx, connectionEnd, proofHeight, proofInit,
 		counterparty.PortID, counterparty.ChannelID, expectedChannel,
 	); err != nil {
-		return err
+		return nil, err
 	}
 
 	k.SetChannel(ctx, portID, channelID, channel)
 
-	// TODO: blocked by #5542
-	// key := ""
-	// k.SetChannelCapability(ctx, portID, channelID, key)
+	capKey, err := k.scopedKeeper.NewCapability(ctx, ibctypes.ChannelCapabilityPath(portID, channelID))
+	if err != nil {
+		return nil, sdkerrors.Wrap(types.ErrInvalidChannelCapability, err.Error())
+	}
 	k.SetNextSequenceSend(ctx, portID, channelID, 1)
 	k.SetNextSequenceRecv(ctx, portID, channelID, 1)
 
-	return nil
+	return capKey, nil
 }
 
 // ChanOpenAck is called by the handshake-originating module to acknowledge the
 // acceptance of the initial request by the counterparty module on the other chain.
 func (k Keeper) ChanOpenAck(
 	ctx sdk.Context,
 	portID,
-	channelID,
+	channelID string,
+	chanCap capability.Capability,
 	counterpartyVersion string,
 	proofTry commitmentexported.Proof,
 	proofHeight uint64,
@@ -169,11 +179,9 @@ func (k Keeper) ChanOpenAck(
 		)
 	}
 
-	// TODO: blocked by #5542
-	// key := sdk.NewKVStoreKey(portID)
-	// if !k.portKeeper.Authenticate(key, portID) {
-	// 	return sdkerrors.Wrap(port.ErrInvalidPort, portID)
-	// }
+	if !k.scopedKeeper.AuthenticateCapability(ctx, chanCap, ibctypes.ChannelCapabilityPath(portID, channelID)) {
+		return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, "caller does not own capability for channel")
+	}
 
 	connectionEnd, found := k.connectionKeeper.GetConnection(ctx, channel.ConnectionHops[0])
 	if !found {
@@ -221,6 +229,7 @@ func (k Keeper) ChanOpenConfirm(
 	ctx sdk.Context,
 	portID,
 	channelID string,
+	chanCap capability.Capability,
 	proofAck commitmentexported.Proof,
 	proofHeight uint64,
 ) error {
@@ -236,16 +245,9 @@ func (k Keeper) ChanOpenConfirm(
 		)
 	}
 
-	// TODO: blocked by #5542
-	// capkey, found := k.GetChannelCapability(ctx, portID, channelID)
-	// if !found {
-	// 	return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, channelID)
-	// }
-
-	// key := sdk.NewKVStoreKey(capkey)
-	// if !k.portKeeper.Authenticate(key, portID) {
-	// 	return sdkerrors.Wrap(port.ErrInvalidPort, portID)
-	// }
+	if !k.scopedKeeper.AuthenticateCapability(ctx, chanCap, ibctypes.ChannelCapabilityPath(portID, channelID)) {
+		return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, "caller does not own capability for channel")
+	}
 
 	connectionEnd, found := k.connectionKeeper.GetConnection(ctx, channel.ConnectionHops[0])
 	if !found {
@@ -296,17 +298,11 @@ func (k Keeper) ChanCloseInit(
 	ctx sdk.Context,
 	portID,
 	channelID string,
+	chanCap capability.Capability,
 ) error {
-	// TODO: blocked by #5542
-	// capkey, found := k.GetChannelCapability(ctx, portID, channelID)
-	// if !found {
-	// 	return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, channelID)
-	// }
-
-	// key := sdk.NewKVStoreKey(capkey)
-	// if !k.portKeeper.Authenticate(key, portID) {
-	// 	return sdkerrors.Wrap(port.ErrInvalidPort, portID)
-	// }
+	if !k.scopedKeeper.AuthenticateCapability(ctx, chanCap, ibctypes.ChannelCapabilityPath(portID, channelID)) {
+		return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, "caller does not own capability for channel")
+	}
 
 	channel, found := k.GetChannel(ctx, portID, channelID)
 	if !found {
@@ -341,19 +337,13 @@ func (k Keeper) ChanCloseConfirm(
 	ctx sdk.Context,
 	portID,
 	channelID string,
+	chanCap capability.Capability,
 	proofInit commitmentexported.Proof,
 	proofHeight uint64,
 ) error {
-	// TODO: blocked by #5542
-	// capkey, found := k.GetChannelCapability(ctx, portID, channelID)
-	// if !found {
-	// 	return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, channelID)
-	// }
-
-	// key := sdk.NewKVStoreKey(capkey)
-	// if !k.portKeeper.Authenticate(key, portID) {
-	// 	return sdkerrors.Wrap(port.ErrInvalidPort, portID)
-	// }
+	if !k.scopedKeeper.AuthenticateCapability(ctx, chanCap, ibctypes.ChannelCapabilityPath(portID, channelID)) {
+		return sdkerrors.Wrap(types.ErrChannelCapabilityNotFound, "caller does not own capability for channel")
+	}
 
 	channel, found := k.GetChannel(ctx, portID, channelID)
 	if !found {

@@ -8,6 +8,7 @@ import (
 
 	"github.com/cosmos/cosmos-sdk/codec"
 	sdk "github.com/cosmos/cosmos-sdk/types"
+	"github.com/cosmos/cosmos-sdk/x/capability"
 	"github.com/cosmos/cosmos-sdk/x/ibc/04-channel/types"
 	ibctypes "github.com/cosmos/cosmos-sdk/x/ibc/types"
 )
@@ -19,20 +20,22 @@ type Keeper struct {
 	clientKeeper     types.ClientKeeper
 	connectionKeeper types.ConnectionKeeper
 	portKeeper       types.PortKeeper
+	scopedKeeper     capability.ScopedKeeper
 }
 
 // NewKeeper creates a new IBC channel Keeper instance
 func NewKeeper(
 	cdc *codec.Codec, key sdk.StoreKey,
 	clientKeeper types.ClientKeeper, connectionKeeper types.ConnectionKeeper,
-	portKeeper types.PortKeeper,
+	portKeeper types.PortKeeper, scopedKeeper capability.ScopedKeeper,
 ) Keeper {
 	return Keeper{
 		storeKey:         key,
 		cdc:              cdc,
 		clientKeeper:     clientKeeper,
 		connectionKeeper: connectionKeeper,
 		portKeeper:       portKeeper,
+		scopedKeeper:     scopedKeeper,
 	}
 }
 
@@ -61,23 +64,6 @@ func (k Keeper) SetChannel(ctx sdk.Context, portID, channelID string, channel ty
 	store.Set(ibctypes.KeyChannel(portID, channelID), bz)
 }
 
-// GetChannelCapability gets a channel's capability key from the store
-func (k Keeper) GetChannelCapability(ctx sdk.Context, portID, channelID string) (string, bool) {
-	store := ctx.KVStore(k.storeKey)
-	bz := store.Get(ibctypes.KeyChannelCapabilityPath(portID, channelID))
-	if bz == nil {
-		return "", false
-	}
-
-	return string(bz), true
-}
-
-// SetChannelCapability sets a channel's capability key to the store
-func (k Keeper) SetChannelCapability(ctx sdk.Context, portID, channelID string, key string) {
-	store := ctx.KVStore(k.storeKey)
-	store.Set(ibctypes.KeyChannelCapabilityPath(portID, channelID), []byte(key))
-}
-
 // GetNextSequenceSend gets a channel's next send sequence from the store
 func (k Keeper) GetNextSequenceSend(ctx sdk.Context, portID, channelID string) (uint64, bool) {
 	store := ctx.KVStore(k.storeKey)

@@ -12,11 +12,12 @@ var (
 	ErrInvalidChannelState       = sdkerrors.Register(SubModuleName, 4, "invalid channel state")
 	ErrInvalidChannelOrdering    = sdkerrors.Register(SubModuleName, 5, "invalid channel ordering")
 	ErrInvalidCounterparty       = sdkerrors.Register(SubModuleName, 6, "invalid counterparty channel")
-	ErrChannelCapabilityNotFound = sdkerrors.Register(SubModuleName, 7, "channel capability not found")
-	ErrSequenceSendNotFound      = sdkerrors.Register(SubModuleName, 8, "sequence send not found")
-	ErrSequenceReceiveNotFound   = sdkerrors.Register(SubModuleName, 9, "sequence receive not found")
-	ErrInvalidPacket             = sdkerrors.Register(SubModuleName, 10, "invalid packet")
-	ErrPacketTimeout             = sdkerrors.Register(SubModuleName, 11, "packet timeout")
-	ErrTooManyConnectionHops     = sdkerrors.Register(SubModuleName, 12, "too many connection hops")
-	ErrAcknowledgementTooLong    = sdkerrors.Register(SubModuleName, 13, "acknowledgement too long")
+	ErrInvalidChannelCapability  = sdkerrors.Register(SubModuleName, 7, "invalid channel capability")
+	ErrChannelCapabilityNotFound = sdkerrors.Register(SubModuleName, 8, "channel capability not found")
+	ErrSequenceSendNotFound      = sdkerrors.Register(SubModuleName, 9, "sequence send not found")
+	ErrSequenceReceiveNotFound   = sdkerrors.Register(SubModuleName, 10, "sequence receive not found")
+	ErrInvalidPacket             = sdkerrors.Register(SubModuleName, 11, "invalid packet")
+	ErrPacketTimeout             = sdkerrors.Register(SubModuleName, 12, "packet timeout")
+	ErrTooManyConnectionHops     = sdkerrors.Register(SubModuleName, 13, "too many connection hops")
+	ErrAcknowledgementTooLong    = sdkerrors.Register(SubModuleName, 14, "acknowledgement too long")
 )