feat(plugins): migrate keystore CLI from FullNode to Toolkit

.github/CODEOWNERS

@@ -0,0 +1,96 @@
+# CODEOWNERS — java-tron PR Review assignments
+#
+# Rule: when multiple rules match the same file, the last one takes precedence.
+# Recommendation: put more specific paths further down.
+
+# Default owner — applies to any file not matched by a more specific rule below.
+*                                   @zeusoo001 @317787106
+
+# ────────────────────────────────────────────────────────────────
+# 1. Top-level Gradle modules (corresponds to the "Level-1/Level-2 module" column)
+# ────────────────────────────────────────────────────────────────
+
+/framework/                         @xxo1shine @bladehan1
+/chainbase/                         @halibobo1205 @bladehan1
+/actuator/                          @Sunny6889 @lxcmyf
+/consensus/                         @kuny0707 @xxo1shine
+/protocol/                          @lvs0075 @waynercheung
+/common/                            @lvs0075 @lxcmyf
+/crypto/                            @Federico2014 @3for
+/plugins/                           @halibobo1205 @warku123
+/docker/                            @3for @kuny0707
+
+# ────────────────────────────────────────────────────────────────
+# 2. CI / Build configuration
+# ────────────────────────────────────────────────────────────────
+
+/.github/                           @317787106 @halibobo1205
+*.gradle                            @317787106 @halibobo1205
+/gradle/                            @317787106 @halibobo1205
+
+# ────────────────────────────────────────────────────────────────
+# 3. Sub-module paths (more specific than top-level; placed later to override rules above)
+# ────────────────────────────────────────────────────────────────
+
+# db — covers the db, db2, and storage packages inside chainbase
+/chainbase/src/main/java/org/tron/core/db/              @halibobo1205 @bladehan1
+/chainbase/src/main/java/org/tron/core/db2/             @halibobo1205 @bladehan1
+/chainbase/src/main/java/org/tron/common/storage/       @halibobo1205 @bladehan1
+
+# trie
+/framework/src/main/java/org/tron/core/trie/            @halibobo1205 @317787106
+
+# net
+/framework/src/main/java/org/tron/core/net/             @317787106 @xxo1shine
+
+# vm / tvm
+/actuator/src/main/java/org/tron/core/vm/               @yanghang8612 @CodeNinjaEvan
+
+# jsonrpc
+/framework/src/main/java/org/tron/core/services/jsonrpc/                    @0xbigapple @waynercheung
+/framework/src/main/java/org/tron/core/services/interfaceJsonRpcOnSolidity/ @0xbigapple @waynercheung
+
+# rpc (gRPC) — non-HTTP parts of interfaceOnPBFT / interfaceOnSolidity + RpcService
+/framework/src/main/java/org/tron/core/services/interfaceOnSolidity/        @317787106 @waynercheung
+/framework/src/main/java/org/tron/common/application/                       @317787106 @waynercheung
+
+# http (REST) — overrides the rpc rule above for the http sub-directories inside interfaceOnXxx
+/framework/src/main/java/org/tron/core/services/http/                       @Sunny6889 @waynercheung
+/framework/src/main/java/org/tron/core/services/interfaceOnSolidity/http/   @Sunny6889 @waynercheung
+
+# event
+/framework/src/main/java/org/tron/core/services/event/  @xxo1shine @0xbigapple
+/framework/src/main/java/org/tron/common/logsfilter/    @xxo1shine @0xbigapple
+
+# config
+/framework/src/main/java/org/tron/core/config/          @317787106 @kuny0707
+/chainbase/src/main/java/org/tron/core/config/          @317787106 @kuny0707
+
+# backup
+/framework/src/main/java/org/tron/common/backup/        @xxo1shine @317787106
+/framework/src/main/java/org/tron/core/db/backup/       @xxo1shine @317787106
+
+# metrics
+/framework/src/main/java/org/tron/core/metrics/         @halibobo1205 @Sunny6889
+
+# rewards — logic is spread across chainbase service/store
+/chainbase/src/main/java/org/tron/core/service/         @Sunny6889 @kuny0707
+/chainbase/src/main/java/org/tron/core/store/           @Sunny6889 @kuny0707
+
+# lite — DbLite in plugins module; lite-related filters in framework
+/plugins/src/main/java/common/org/tron/plugins/DbLite.java   @bladehan1 @halibobo1205
+/plugins/src/main/java/common/org/tron/plugins/DbCopy.java   @bladehan1 @halibobo1205
+/framework/src/main/java/org/tron/core/services/filter/      @bladehan1 @halibobo1205
+
+# ────────────────────────────────────────────────────────────────
+# 4. Test code — mirrors the module ownership above
+# ────────────────────────────────────────────────────────────────
+
+/framework/src/test/                @xxo1shine @bladehan1
+/chainbase/src/test/                @halibobo1205 @bladehan1
+/actuator/src/test/                 @Sunny6889 @lxcmyf
+/consensus/src/test/                @kuny0707 @xxo1shine
+/protocol/src/test/                 @lvs0075 @waynercheung
+/common/src/test/                   @lvs0075 @lxcmyf
+/crypto/src/test/                   @Federico2014 @3for
+/plugins/src/test/                  @halibobo1205 @warku123

framework/src/main/java/org/tron/keystore/Wallet.java → crypto/src/main/java/org/tron/keystore/Wallet.java

@@ -23,7 +23,6 @@
 import org.tron.common.crypto.SignUtils;
 import org.tron.common.utils.ByteArray;
 import org.tron.common.utils.StringUtil;
-import org.tron.core.config.args.Args;
 import org.tron.core.exception.CipherException;
 
 /**
@@ -168,8 +167,8 @@ private static byte[] generateMac(byte[] derivedKey, byte[] cipherText) {
     return Hash.sha3(result);
   }
 
-  public static SignInterface decrypt(String password, WalletFile walletFile)
-      throws CipherException {
+  public static SignInterface decrypt(String password, WalletFile walletFile,
+      boolean ecKey) throws CipherException {
 
     validate(walletFile);
 
@@ -205,14 +204,14 @@ public static SignInterface decrypt(String password, WalletFile walletFile)
 
     byte[] derivedMac = generateMac(derivedKey, cipherText);
 
-    if (!Arrays.equals(derivedMac, mac)) {
+    if (!java.security.MessageDigest.isEqual(derivedMac, mac)) {
       throw new CipherException("Invalid password provided");
     }
 
     byte[] encryptKey = Arrays.copyOfRange(derivedKey, 0, 16);
     byte[] privateKey = performCipherOperation(Cipher.DECRYPT_MODE, iv, encryptKey, cipherText);
 
-    return SignUtils.fromPrivate(privateKey, Args.getInstance().isECKeyCryptoEngine());
+    return SignUtils.fromPrivate(privateKey, ecKey);
   }
 
   static void validate(WalletFile walletFile) throws CipherException {

framework/src/main/java/org/tron/keystore/WalletUtils.java → crypto/src/main/java/org/tron/keystore/WalletUtils.java

@@ -17,7 +17,6 @@
 import org.tron.common.crypto.SignInterface;
 import org.tron.common.crypto.SignUtils;
 import org.tron.common.utils.Utils;
-import org.tron.core.config.args.Args;
 import org.tron.core.exception.CipherException;
 
 /**
@@ -32,27 +31,28 @@ public class WalletUtils {
     objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
   }
 
-  public static String generateFullNewWalletFile(String password, File destinationDirectory)
+  public static String generateFullNewWalletFile(String password, File destinationDirectory,
+      boolean ecKey)
       throws NoSuchAlgorithmException, NoSuchProviderException,
       InvalidAlgorithmParameterException, CipherException, IOException {
 
-    return generateNewWalletFile(password, destinationDirectory, true);
+    return generateNewWalletFile(password, destinationDirectory, true, ecKey);
   }
 
-  public static String generateLightNewWalletFile(String password, File destinationDirectory)
+  public static String generateLightNewWalletFile(String password, File destinationDirectory,
+      boolean ecKey)
       throws NoSuchAlgorithmException, NoSuchProviderException,
       InvalidAlgorithmParameterException, CipherException, IOException {
 
-    return generateNewWalletFile(password, destinationDirectory, false);
+    return generateNewWalletFile(password, destinationDirectory, false, ecKey);
   }
 
   public static String generateNewWalletFile(
-      String password, File destinationDirectory, boolean useFullScrypt)
+      String password, File destinationDirectory, boolean useFullScrypt, boolean ecKey)
       throws CipherException, IOException, InvalidAlgorithmParameterException,
       NoSuchAlgorithmException, NoSuchProviderException {
 
-    SignInterface ecKeyPair = SignUtils.getGeneratedRandomSign(Utils.getRandom(),
-        Args.getInstance().isECKeyCryptoEngine());
+    SignInterface ecKeyPair = SignUtils.getGeneratedRandomSign(Utils.getRandom(), ecKey);
     return generateWalletFile(password, ecKeyPair, destinationDirectory, useFullScrypt);
   }
 
@@ -75,10 +75,10 @@ public static String generateWalletFile(
     return fileName;
   }
 
-  public static Credentials loadCredentials(String password, File source)
+  public static Credentials loadCredentials(String password, File source, boolean ecKey)
       throws IOException, CipherException {
     WalletFile walletFile = objectMapper.readValue(source, WalletFile.class);
-    return Credentials.create(Wallet.decrypt(password, walletFile));
+    return Credentials.create(Wallet.decrypt(password, walletFile, ecKey));
   }
 
   private static String getWalletFileName(WalletFile walletFile) {

crypto/src/test/java/org/tron/keystore/CredentialsTest.java

@@ -0,0 +1,72 @@
+package org.tron.keystore;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.tron.common.crypto.SignInterface;
+import org.tron.common.crypto.SignUtils;
+import org.tron.common.crypto.sm2.SM2;
+import org.tron.common.utils.ByteUtil;
+
+@Slf4j
+public class CredentialsTest {
+
+  @Test
+  public void testCreate() throws NoSuchAlgorithmException {
+    Credentials credentials = Credentials.create(SignUtils.getGeneratedRandomSign(
+        SecureRandom.getInstance("NativePRNG"), true));
+    Assert.assertTrue("Credentials address create failed!",
+        credentials.getAddress() != null && !credentials.getAddress().isEmpty());
+    Assert.assertNotNull("Credentials cryptoEngine create failed",
+        credentials.getSignInterface());
+  }
+
+  @Test
+  public void testCreateFromSM2() {
+    try {
+      Credentials.create(SM2.fromNodeId(ByteUtil.hexToBytes("fffffffffff"
+          + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
+          + "fffffffffffffffffffffffffffffffffffffff")));
+      Assert.fail("Expected IllegalArgumentException");
+    } catch (IllegalArgumentException e) {
+      // Expected
+    }
+  }
+
+  @Test
+  public void testEquals() throws NoSuchAlgorithmException {
+    Credentials credentials1 = Credentials.create(SignUtils.getGeneratedRandomSign(
+        SecureRandom.getInstance("NativePRNG"), true));
+    Credentials credentials2 = Credentials.create(SignUtils.getGeneratedRandomSign(
+        SecureRandom.getInstance("NativePRNG"), true));
+    Assert.assertFalse("Credentials instance should be not equal!",
+        credentials1.equals(credentials2));
+  }
+
+  @Test
+  public void testEqualityWithMocks() {
+    Object aObject = new Object();
+    SignInterface si = Mockito.mock(SignInterface.class);
+    SignInterface si2 = Mockito.mock(SignInterface.class);
+    SignInterface si3 = Mockito.mock(SignInterface.class);
+    byte[] address = "TQhZ7W1RudxFdzJMw6FvMnujPxrS6sFfmj".getBytes();
+    byte[] address2 = "TNCmcTdyrYKMtmE1KU2itzeCX76jGm5Not".getBytes();
+    Mockito.when(si.getAddress()).thenReturn(address);
+    Mockito.when(si2.getAddress()).thenReturn(address);
+    Mockito.when(si3.getAddress()).thenReturn(address2);
+    Credentials aCredential = Credentials.create(si);
+    Assert.assertFalse(aObject.equals(aCredential));
+    Assert.assertFalse(aCredential.equals(aObject));
+    Assert.assertFalse(aCredential.equals(null));
+    Credentials anotherCredential = Credentials.create(si);
+    Assert.assertTrue(aCredential.equals(anotherCredential));
+    Credentials aCredential2 = Credentials.create(si2);
+    // si and si2 are different mock objects, so credentials are not equal
+    Assert.assertFalse(aCredential.equals(aCredential2));
+    Credentials aCredential3 = Credentials.create(si3);
+    Assert.assertFalse(aCredential.equals(aCredential3));
+  }
+}