Encode AccountId as AccountController enum with multisig sort (#5536)

Replace plain string encoding of AccountId with proper
AccountController enum serialization (Single/Multisig discriminants).
Sort multisig members by canonical sort key to match Rust ordering.
Add bounds checks on all wire length reads in decode paths.

Signed-off-by: Dmitry Selivanov <diselivanov@gmail.com>

Author: SDILogin

java/iroha_android/src/main/java/org/hyperledger/iroha/android/norito/TransactionPayloadAdapter.java

@@ -1,6 +1,8 @@
 package org.hyperledger.iroha.android.norito;
 
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -146,10 +148,119 @@ public Executable decode(final NoritoDecoder decoder) {
     }
   }
 
+  /**
+   * Encodes/decodes AccountId which is {@code #[norito(transparent)]} over AccountController.
+   *
+   * <p>Rust layout:
+   *
+   * <pre>
+   *   struct AccountId { controller: AccountController }   // #[norito(transparent)]
+   *   enum AccountController {
+   *       Single(PublicKey),           // discriminant 0
+   *       Multisig(MultisigPolicy),    // discriminant 1
+   *   }
+   * </pre>
+   *
+   * The transparent attribute means AccountId serializes directly as AccountController. The Java
+   * side represents authority as the canonical I105 address string.
+   */
   private static final class AccountIdAdapter implements TypeAdapter<String> {
+    private static final long SINGLE_DISCRIMINANT = 0L;
+    private static final long MULTISIG_DISCRIMINANT = 1L;
+
     @Override
     public void encode(final NoritoEncoder encoder, final String value) {
-      STRING_ADAPTER.encode(encoder, normalizeAuthority(value));
+      final String i105 = normalizeAuthority(value);
+      final AccountAddress address;
+      try {
+        address = AccountAddress.parseEncoded(i105, null).address;
+      } catch (final AccountAddress.AccountAddressException ex) {
+        throw new IllegalArgumentException("Failed to parse I105 address: " + i105, ex);
+      }
+
+      try {
+        final Optional<AccountAddress.SingleKeyPayload> singleKey = address.singleKeyPayload();
+        if (singleKey.isPresent()) {
+          encodeSingle(encoder, singleKey.get());
+          return;
+        }
+      } catch (final AccountAddress.AccountAddressException ex) {
+        throw new IllegalArgumentException("Failed to extract controller from I105 address", ex);
+      }
+
+      try {
+        final Optional<AccountAddress.MultisigPolicyPayload> multisig = address.multisigPolicyPayload();
+        if (multisig.isPresent()) {
+          encodeMultisig(encoder, multisig.get());
+          return;
+        }
+      } catch (final AccountAddress.AccountAddressException ex) {
+        throw new IllegalArgumentException("Failed to extract controller from I105 address", ex);
+      }
+
+      throw new IllegalArgumentException(
+          "I105 address contains neither single-key nor multisig controller");
+    }
+
+    private static void encodeSingle(
+        final NoritoEncoder encoder, final AccountAddress.SingleKeyPayload key) {
+      final boolean compact = (encoder.flags() & NoritoHeader.COMPACT_LEN) != 0;
+      ENUM_TAG_ADAPTER.encode(encoder, SINGLE_DISCRIMINANT);
+      final String multihashHex =
+          PublicKeyCodec.encodePublicKeyMultihash(key.curveId(), key.publicKey());
+      final NoritoEncoder child = encoder.childEncoder();
+      STRING_ADAPTER.encode(child, multihashHex);
+      final byte[] payload = child.toByteArray();
+      encoder.writeLength(payload.length, compact);
+      encoder.writeBytes(payload);
+    }
+
+    private static void encodeMultisig(
+        final NoritoEncoder encoder, final AccountAddress.MultisigPolicyPayload policy) {
+      final boolean compact = (encoder.flags() & NoritoHeader.COMPACT_LEN) != 0;
+      ENUM_TAG_ADAPTER.encode(encoder, MULTISIG_DISCRIMINANT);
+
+      final NoritoEncoder policyEncoder = encoder.childEncoder();
+      encodeSizedField(policyEncoder, UINT8_ADAPTER, (long) policy.version());
+      encodeSizedField(policyEncoder, UINT16_ADAPTER, (long) policy.threshold());
+      encodeMultisigMembers(policyEncoder, policy.members());
+
+      final byte[] policyPayload = policyEncoder.toByteArray();
+      encoder.writeLength(policyPayload.length, compact);
+      encoder.writeBytes(policyPayload);
+    }
+
+    private static void encodeMultisigMembers(
+        final NoritoEncoder encoder, final List<AccountAddress.MultisigMemberPayload> members) {
+      final List<AccountAddress.MultisigMemberPayload> sorted = new ArrayList<>(members);
+      sorted.sort(
+          (a, b) -> {
+            final byte[] keyA = canonicalSortKey(a);
+            final byte[] keyB = canonicalSortKey(b);
+            return compareUnsigned(keyA, keyB);
+          });
+      for (int i = 1; i < sorted.size(); i++) {
+        if (Arrays.equals(canonicalSortKey(sorted.get(i - 1)), canonicalSortKey(sorted.get(i)))) {
+          throw new IllegalArgumentException("Duplicate multisig member");
+        }
+      }
+
+      final boolean compact = (encoder.flags() & NoritoHeader.COMPACT_LEN) != 0;
+      final NoritoEncoder vecEncoder = encoder.childEncoder();
+      vecEncoder.writeLength(sorted.size(), false);
+      for (final AccountAddress.MultisigMemberPayload member : sorted) {
+        final NoritoEncoder memberEncoder = vecEncoder.childEncoder();
+        final String memberMultihash =
+            PublicKeyCodec.encodePublicKeyMultihash(member.curveId(), member.publicKey());
+        encodeSizedField(memberEncoder, STRING_ADAPTER, memberMultihash);
+        encodeSizedField(memberEncoder, UINT16_ADAPTER, (long) member.weight());
+        final byte[] memberPayload = memberEncoder.toByteArray();
+        vecEncoder.writeLength(memberPayload.length, compact);
+        vecEncoder.writeBytes(memberPayload);
+      }
+      final byte[] vecPayload = vecEncoder.toByteArray();
+      encoder.writeLength(vecPayload.length, compact);
+      encoder.writeBytes(vecPayload);
     }
 
     @Override
@@ -158,14 +269,128 @@ public String decode(final NoritoDecoder decoder) {
       return decodePayload(payload, decoder.flags(), decoder.flagsHint());
     }
 
-    private static String decodePayload(
+    static String decodePayload(
         final byte[] payload, final int flags, final int flagsHint) {
-      final NoritoDecoder stringDecoder = new NoritoDecoder(payload, flags, flagsHint);
-      final String literal = STRING_ADAPTER.decode(stringDecoder);
-      if (stringDecoder.remaining() != 0) {
-        throw new IllegalArgumentException("Trailing bytes after authority payload");
+      final NoritoDecoder d = new NoritoDecoder(payload, flags, flagsHint);
+      final long tag = ENUM_TAG_ADAPTER.decode(d);
+      final long variantLen = d.readLength(d.compactLenActive());
+      if (variantLen > Integer.MAX_VALUE) {
+        throw new IllegalArgumentException("AccountController variant payload too large");
+      }
+      final byte[] variantPayload = d.readBytes((int) variantLen);
+      if (d.remaining() != 0) {
+        throw new IllegalArgumentException("Trailing bytes after AccountController");
+      }
+
+      if (tag == SINGLE_DISCRIMINANT) {
+        return decodeSingleVariant(variantPayload, flags, flagsHint);
+      }
+      if (tag == MULTISIG_DISCRIMINANT) {
+        return decodeMultisigVariant(variantPayload, flags, flagsHint);
+      }
+      throw new IllegalArgumentException("Unknown AccountController discriminant: " + tag);
+    }
+
+    private static String decodeSingleVariant(
+        final byte[] payload, final int flags, final int flagsHint) {
+      final NoritoDecoder d = new NoritoDecoder(payload, flags, flagsHint);
+      final String multihashHex = STRING_ADAPTER.decode(d);
+      if (d.remaining() != 0) {
+        throw new IllegalArgumentException("Trailing bytes after PublicKey");
+      }
+      final PublicKeyCodec.PublicKeyPayload pk = PublicKeyCodec.decodePublicKeyLiteral(multihashHex);
+      if (pk == null) {
+        throw new IllegalArgumentException("Invalid public key multihash: " + multihashHex);
+      }
+      try {
+        return AccountAddress.fromAccount(pk.keyBytes(), algorithmForCurveId(pk.curveId()))
+            .toI105(AccountAddress.DEFAULT_I105_DISCRIMINANT);
+      } catch (final AccountAddress.AccountAddressException ex) {
+        throw new IllegalArgumentException("Failed to reconstruct I105 from public key", ex);
+      }
+    }
+
+    private static String decodeMultisigVariant(
+        final byte[] payload, final int flags, final int flagsHint) {
+      final NoritoDecoder d = new NoritoDecoder(payload, flags, flagsHint);
+      final int version = Math.toIntExact(decodeSizedField(d, UINT8_ADAPTER));
+      final int threshold = Math.toIntExact(decodeSizedField(d, UINT16_ADAPTER));
+
+      final long vecLen = d.readLength(d.compactLenActive());
+      if (vecLen > Integer.MAX_VALUE) {
+        throw new IllegalArgumentException("MultisigPolicy vector payload too large");
+      }
+      final byte[] vecPayload = d.readBytes((int) vecLen);
+      if (d.remaining() != 0) {
+        throw new IllegalArgumentException("Trailing bytes after MultisigPolicy");
+      }
+
+      final NoritoDecoder vecDecoder = new NoritoDecoder(vecPayload, flags, flagsHint);
+      final long count = vecDecoder.readLength(false);
+      if (count > Integer.MAX_VALUE) {
+        throw new IllegalArgumentException("MultisigMember count too large");
+      }
+      final List<AccountAddress.MultisigMemberPayload> members = new ArrayList<>((int) count);
+      for (long i = 0; i < count; i++) {
+        final long memberLen = vecDecoder.readLength(vecDecoder.compactLenActive());
+        if (memberLen > Integer.MAX_VALUE) {
+          throw new IllegalArgumentException("MultisigMember payload too large");
+        }
+        final byte[] memberPayload = vecDecoder.readBytes((int) memberLen);
+        final NoritoDecoder memberDecoder = new NoritoDecoder(memberPayload, flags, flagsHint);
+        final String memberMultihash = decodeSizedField(memberDecoder, STRING_ADAPTER);
+        final int weight = Math.toIntExact(decodeSizedField(memberDecoder, UINT16_ADAPTER));
+        if (memberDecoder.remaining() != 0) {
+          throw new IllegalArgumentException("Trailing bytes after MultisigMember");
+        }
+        final PublicKeyCodec.PublicKeyPayload pk =
+            PublicKeyCodec.decodePublicKeyLiteral(memberMultihash);
+        if (pk == null) {
+          throw new IllegalArgumentException("Invalid member public key: " + memberMultihash);
+        }
+        members.add(AccountAddress.MultisigMemberPayload.of(pk.curveId(), weight, pk.keyBytes()));
+      }
+      if (vecDecoder.remaining() != 0) {
+        throw new IllegalArgumentException("Trailing bytes after MultisigMember vector");
+      }
+
+      try {
+        return AccountAddress.fromMultisigPolicy(
+                AccountAddress.MultisigPolicyPayload.of(version, threshold, members))
+            .toI105(AccountAddress.DEFAULT_I105_DISCRIMINANT);
+      } catch (final AccountAddress.AccountAddressException ex) {
+        throw new IllegalArgumentException("Failed to reconstruct I105 from multisig policy", ex);
+      }
+    }
+
+    private static byte[] canonicalSortKey(final AccountAddress.MultisigMemberPayload member) {
+      final String algorithm = algorithmForCurveId(member.curveId());
+      final byte[] algorithmBytes = algorithm.getBytes(StandardCharsets.UTF_8);
+      final byte[] key = member.publicKey();
+      final byte[] sortKey = new byte[algorithmBytes.length + 1 + key.length];
+      System.arraycopy(algorithmBytes, 0, sortKey, 0, algorithmBytes.length);
+      sortKey[algorithmBytes.length] = 0;
+      System.arraycopy(key, 0, sortKey, algorithmBytes.length + 1, key.length);
+      return sortKey;
+    }
+
+    private static int compareUnsigned(final byte[] a, final byte[] b) {
+      final int len = Math.min(a.length, b.length);
+      for (int i = 0; i < len; i++) {
+        final int cmp = (a[i] & 0xFF) - (b[i] & 0xFF);
+        if (cmp != 0) {
+          return cmp;
+        }
+      }
+      return Integer.compare(a.length, b.length);
+    }
+
+    private static String algorithmForCurveId(final int curveId) {
+      final String algorithm = PublicKeyCodec.algorithmForCurveId(curveId);
+      if (algorithm == null) {
+        throw new IllegalArgumentException("Unknown curve id: " + curveId);
       }
-      return normalizeAuthority(literal);
+      return algorithm;
     }
 
     private static String normalizeAuthority(final String authority) {