fix: refactor and simplify HIP-540 implementation and tests

[tinker-michaelj]

Description:

• Move state-independent TOKEN_UPDATE checks into pureChecks().
• Make signing requirements much more explicit.
• Dramatically simplify test coverage by characterizing each scenario in a Hip540TestScenario value that is capable of translating itself into a sequence of HapiSpecOperations; and repeat all these scenarios for each non-admin key type here.
• Remove some unused methods.
• Add some requireNonNull() and OrThrow() assertions to fail faster in some cases.

[github-actions]

Node: HAPI Test (Restart) Results

2 tests  ±0   2 ✅ ±0   5m 15s ⏱️ -1s
2 suites ±0   0 💤 ±0 
2 files   ±0   0 ❌ ±0 

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: HAPI Test (Node Death Reconnect) Results

1 tests  ±0   1 ✅ ±0   22s ⏱️ -5s
1 suites ±0   0 💤 ±0 
2 files   ±0   0 ❌ ±0 
1 errors

For more details on these parsing errors, see this check.

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: HAPI Test (Token) Results

235 tests   - 27   234 ✅  - 27   18m 14s ⏱️ - 4m 15s
 17 suites ± 0     1 💤 ± 0 
 17 files   ± 0     0 ❌ ± 0 

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: HAPI Test (Crypto) Results

335 tests  ±0   335 ✅ ±0   34m 59s ⏱️ -9s
 25 suites ±0     0 💤 ±0 
 25 files   ±0     0 ❌ ±0 

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: HAPI Test (Misc) Results

457 tests  +457   447 ✅ +447   42m 15s ⏱️ + 42m 15s
 76 suites + 76    10 💤 + 10 
 77 files   + 77     0 ❌ ±  0 
  1 errors

For more details on these parsing errors, see this check.

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: HAPI Test (Time Consuming) Results

21 tests  ±0   21 ✅ ±0   54m 2s ⏱️ -1s
 3 suites ±0    0 💤 ±0 
 3 files   ±0    0 ❌ ±0 

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: Unit Test Results

  2 267 files  ±0    2 267 suites  ±0   2h 45m 21s ⏱️ + 15m 48s
112 331 tests +1  112 264 ✅ +1  67 💤 ±0  0 ❌ ±0 
120 794 runs  +1  120 727 ✅ +1  67 💤 ±0  0 ❌ ±0 

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[github-actions]

Node: HAPI Test (Smart Contract) Results

583 tests  ±0   582 ✅ ±0   1h 12m 48s ⏱️ + 10m 27s
 62 suites ±0     0 💤 ±0 
 62 files   ±0     1 ❌ ±0 

For more details on these failures, see this check.

Results for commit b6dc987. ± Comparison against base commit 818f784.

♻️ This comment has been updated with latest results.

[petreze]

I totally agree with enhancing the pureChecks() and removing some unused methods as well as requireNonNull() and OrThrow() assertions, however why we remove Hip540ChangeOrRemoveKeysSuite. The file contains lots of corner cases to test every combination of TokenUpdateTx to examine every possible behaviour for this HIP.

With the provided changes in this PR, 17 from 29 tests in Hip540ChangeOrRemoveKeysSuite are failing as well as some of the already existing metadata HIP tests

[petreze]

Suggested change

	if (!isKeyRemoval(key)) {
	if (!isKeyRemoval(key) && op.keyVerificationMode() != TokenKeyValidation.NO_VALIDATION) {

if we do not check for the TokenKeyValidation enum, a user will always end up with INVALID_<SOME>_KEY in prechecks when he tries to update to an invalid key. IMO, we should check if the TokenKeyValidation is NO_VALIDATION and in this case to not throw anything and allow the user to update to an invalid key (part of the HIP requirements)

[tinker-michaelj]

I have opened a HIP PR to eliminate misleading use of the term "invalid"; we definitely don't want to introduce a way to put invalid key structures in state.

[petreze]

Previously, we were throwing TOKEN_IS_IMMUTABLE when the token cannot be updated under any circumstances. With this logic, we will throw it if the admin key is required for the success of the update transaction and it is not present. But this does not mean that the token is immutable. If the token has any low priority key, it can still be updated if for example the freeze key want to update itself (part of the HIP requirements)

[tinker-michaelj]

It would be nice to have more targeted response codes for the specific failure of trying to change a non-key, non-metadata property without an admin key, true...in general, we need richer failure statuses. 🤔

[petreze]

I think TOKEN_KEYS and NON_ADMIN_TOKEN_KEYS can stay protected

[petreze]

Whenever a low priority key wants to update itself to other key. In this case, the replacementKey is not required to sign the transaction
i.e: kycKey wants to update itself to newKycKey -> we require only kycKey signature (part of the HIP requirements)

[tinker-michaelj]

I have updated the HIP to clarify that without the admin signature, the new low-privilege key also needs to sign.

(This is the only meaningful interpretation of TokenKeyValidation.NONE, I think.)

[petreze]

I see, this changes the initial requirements quite a bit

[tinker-michaelj]

True. :/

[Neeharika-Sompalli]

LGTM ! We can add a String to the HIP540TestScenario to describe test name. What do you think ?

[lukelee-sl]

LGTM. For smart contracts only.