chore: make extra signers auditable in dlog metadata

Closes #993

In both IssueMetadata and TransferMetadata, ExtraSigners was typed as
[]Identity. This prevented auditors with access to the metadata from
resolving those identities, unlike Issuer, Senders, and Receivers which
already use AuditableIdentity.

Changes:
- token/driver/protos/request.proto: change extra_signers field from
  repeated Identity to repeated AuditableIdentity in both TransferMetadata
  and IssueMetadata messages
- token/driver/protos-go/request/request.pb.go: update generated struct
  fields and getter methods accordingly
- token/driver/request.go: change ExtraSigners []Identity to
  []*AuditableIdentity in both structs; update ToProtos/FromProtos to use
  protos.ToProtosSlice/FromProtosSlice consistent with other auditable fields
- token/request.go: extract .Identity when building public Issue/Transfer
  structs (which keep []Identity as their API); fix extra-signer binding
  loop to use eid.Identity
- token/metadata.go: fix Match() comparisons to compare against es.Identity
- token/driver/request_test.go, token/metadata_test.go, token/request_test.go:
  update all test fixtures and assertions to use []*AuditableIdentity

Signed-off-by: SurbhiAgarwal1 <agarwalsurbhi1807@gmail.com>

Author: SurbhiAgarwal1

token/driver/protos-go/request/request.pb.go

@@ -50,7 +50,7 @@ message OutputMetadata {
 message TransferMetadata {
   repeated TransferInputMetadata inputs = 1; // Inputs
   repeated OutputMetadata outputs = 2; // Outputs
-  repeated Identity extra_signers = 8; // Additional signers for the transfer
+  repeated AuditableIdentity extra_signers = 8; // Additional signers for the transfer
   Identity issuer = 3; // Issuer signer for the redeem transfer
 }
 
@@ -63,7 +63,7 @@ message IssueMetadata {
   AuditableIdentity issuer = 1; // Issuer of the tokens
   repeated IssueInputMetadata inputs = 2; // Inputs
   repeated OutputMetadata outputs = 3; // Outputs
-  repeated Identity extra_signers = 4; // Additional signers for the issuance
+  repeated AuditableIdentity extra_signers = 4; // Additional signers for the issuance
 }
 
 // Union type containing either issue or transfer metadata

token/driver/protos/request.proto

@@ -385,7 +385,7 @@ type IssueMetadata struct {
 	Outputs []*IssueOutputMetadata
 	// ExtraSigners is the list of extra identities that are not part of the issue action per se
 	// but needs to sign the request
-	ExtraSigners []Identity
+	ExtraSigners []*AuditableIdentity
 }
 
 func (i *IssueMetadata) ToProtos() (*request.IssueMetadata, error) {
@@ -402,11 +402,16 @@ func (i *IssueMetadata) ToProtos() (*request.IssueMetadata, error) {
 		return nil, errors.Wrapf(err, "failed marshalling outputs")
 	}
 
+	extraSigners, err := protos.ToProtosSlice[request.AuditableIdentity, *AuditableIdentity](i.ExtraSigners)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed marshalling extra signers")
+	}
+
 	return &request.IssueMetadata{
 		Issuer:       issuer,
 		Inputs:       inputs,
 		Outputs:      outputs,
-		ExtraSigners: ToProtoIdentitySlice(i.ExtraSigners),
+		ExtraSigners: extraSigners,
 	}, nil
 }
 
@@ -426,7 +431,10 @@ func (i *IssueMetadata) FromProtos(issueMetadata *request.IssueMetadata) error {
 	if err != nil {
 		return errors.Wrap(err, "failed unmarshalling output metadata")
 	}
-	i.ExtraSigners = FromProtoIdentitySlice(issueMetadata.ExtraSigners)
+	i.ExtraSigners = slices.GenericSliceOfPointers[AuditableIdentity](len(issueMetadata.ExtraSigners))
+	if err = protos.FromProtosSlice[request.AuditableIdentity, *AuditableIdentity](issueMetadata.ExtraSigners, i.ExtraSigners); err != nil {
+		return errors.Wrap(err, "failed unmarshalling extra signers")
+	}
 
 	return nil
 }
@@ -536,7 +544,7 @@ type TransferMetadata struct {
 	Outputs []*TransferOutputMetadata
 	// ExtraSigners is the list of extra identities that are not part of the transfer action per se
 	// but needs to sign the request
-	ExtraSigners []Identity
+	ExtraSigners []*AuditableIdentity
 	// Issuer contains the identity of the issuer to sign the transfer action
 	Issuer Identity
 }
@@ -560,6 +568,10 @@ func (t *TransferMetadata) ToProtos() (*request.TransferMetadata, error) {
 	if err != nil {
 		return nil, errors.Wrapf(err, "failed marshalling outputs")
 	}
+	extraSigners, err := protos.ToProtosSlice[request.AuditableIdentity, *AuditableIdentity](t.ExtraSigners)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed marshalling extra signers")
+	}
 
 	var issuer *request.Identity
 	if t.Issuer != nil {
@@ -571,7 +583,7 @@ func (t *TransferMetadata) ToProtos() (*request.TransferMetadata, error) {
 	return &request.TransferMetadata{
 		Inputs:       inputs,
 		Outputs:      outputs,
-		ExtraSigners: ToProtoIdentitySlice(t.ExtraSigners),
+		ExtraSigners: extraSigners,
 		Issuer:       issuer,
 	}, nil
 }
@@ -585,7 +597,10 @@ func (t *TransferMetadata) FromProtos(transferMetadata *request.TransferMetadata
 	if err := protos.FromProtosSlice(transferMetadata.Outputs, t.Outputs); err != nil {
 		return errors.Wrap(err, "failed unmarshalling outputs")
 	}
-	t.ExtraSigners = FromProtoIdentitySlice(transferMetadata.ExtraSigners)
+	t.ExtraSigners = slices.GenericSliceOfPointers[AuditableIdentity](len(transferMetadata.ExtraSigners))
+	if err := protos.FromProtosSlice[request.AuditableIdentity, *AuditableIdentity](transferMetadata.ExtraSigners, t.ExtraSigners); err != nil {
+		return errors.Wrap(err, "failed unmarshalling extra signers")
+	}
 
 	t.Issuer = nil
 	if transferMetadata.Issuer != nil {

token/driver/request.go

@@ -387,7 +387,9 @@ func TestIssueMetadata_ToProtos(t *testing.T) {
 		Outputs: []*IssueOutputMetadata{
 			{OutputMetadata: []byte("output1")},
 		},
-		ExtraSigners: []Identity{Identity("signer1")},
+		ExtraSigners: []*AuditableIdentity{
+			{Identity: Identity("signer1")},
+		},
 	}
 
 	proto, err := im.ToProtos()
@@ -401,7 +403,7 @@ func TestIssueMetadata_ToProtos(t *testing.T) {
 	assert.Len(t, proto.Outputs, 1)
 	assert.Equal(t, []byte("output1"), proto.Outputs[0].Metadata)
 	assert.Len(t, proto.ExtraSigners, 1)
-	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Raw)
+	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Identity.Raw)
 }
 
 // TestIssueMetadata_FromProtos tests conversion from protobuf
@@ -417,8 +419,8 @@ func TestIssueMetadata_FromProtos(t *testing.T) {
 		Outputs: []*request.OutputMetadata{
 			{Metadata: []byte("output1")},
 		},
-		ExtraSigners: []*request.Identity{
-			{Raw: []byte("signer1")},
+		ExtraSigners: []*request.AuditableIdentity{
+			{Identity: &request.Identity{Raw: []byte("signer1")}},
 		},
 	}
 
@@ -432,7 +434,7 @@ func TestIssueMetadata_FromProtos(t *testing.T) {
 	assert.Len(t, im.Outputs, 1)
 	assert.Equal(t, []byte("output1"), im.Outputs[0].OutputMetadata)
 	assert.Len(t, im.ExtraSigners, 1)
-	assert.Equal(t, Identity("signer1"), im.ExtraSigners[0])
+	assert.Equal(t, Identity("signer1"), im.ExtraSigners[0].Identity)
 }
 
 // TestTransferInputMetadata_ToProtos tests conversion to protobuf
@@ -648,7 +650,9 @@ func TestTransferMetadata_ToProtos(t *testing.T) {
 		Outputs: []*TransferOutputMetadata{
 			{OutputMetadata: []byte("output1")},
 		},
-		ExtraSigners: []Identity{Identity("signer1")},
+		ExtraSigners: []*AuditableIdentity{
+			{Identity: Identity("signer1")},
+		},
 		Issuer:       Identity("issuer1"),
 	}
 
@@ -661,7 +665,7 @@ func TestTransferMetadata_ToProtos(t *testing.T) {
 	assert.Len(t, proto.Outputs, 1)
 	assert.Equal(t, []byte("output1"), proto.Outputs[0].Metadata)
 	assert.Len(t, proto.ExtraSigners, 1)
-	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Raw)
+	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Identity.Raw)
 	assert.NotNil(t, proto.Issuer)
 	assert.Equal(t, []byte("issuer1"), proto.Issuer.Raw)
 }
@@ -689,8 +693,8 @@ func TestTransferMetadata_FromProtos(t *testing.T) {
 		Outputs: []*request.OutputMetadata{
 			{Metadata: []byte("output1")},
 		},
-		ExtraSigners: []*request.Identity{
-			{Raw: []byte("signer1")},
+		ExtraSigners: []*request.AuditableIdentity{
+			{Identity: &request.Identity{Raw: []byte("signer1")}},
 		},
 		Issuer: &request.Identity{Raw: []byte("issuer1")},
 	}
@@ -704,7 +708,7 @@ func TestTransferMetadata_FromProtos(t *testing.T) {
 	assert.Len(t, tm.Outputs, 1)
 	assert.Equal(t, []byte("output1"), tm.Outputs[0].OutputMetadata)
 	assert.Len(t, tm.ExtraSigners, 1)
-	assert.Equal(t, Identity("signer1"), tm.ExtraSigners[0])
+	assert.Equal(t, Identity("signer1"), tm.ExtraSigners[0].Identity)
 	assert.Equal(t, Identity("issuer1"), tm.Issuer)
 }
 
@@ -751,9 +755,9 @@ func TestTokenRequestMetadataSerialization(t *testing.T) {
 						},
 					},
 				},
-				ExtraSigners: []Identity{
-					[]byte("issue_extra_signer1"),
-					[]byte("issue_extra_signer2"),
+				ExtraSigners: []*AuditableIdentity{
+					{Identity: []byte("issue_extra_signer1")},
+					{Identity: []byte("issue_extra_signer2")},
 				},
 			},
 		},
@@ -807,9 +811,9 @@ func TestTokenRequestMetadataSerialization(t *testing.T) {
 						},
 					},
 				},
-				ExtraSigners: []Identity{
-					[]byte("extra_signer1"),
-					[]byte("extra_signer2"),
+				ExtraSigners: []*AuditableIdentity{
+					{Identity: []byte("extra_signer1")},
+					{Identity: []byte("extra_signer2")},
 				},
 				Issuer: Identity([]byte("issuer")),
 			},
@@ -1312,20 +1316,23 @@ func TestIssueMetadata_ToProtos_WithExtraSigners(t *testing.T) {
 		Outputs: []*IssueOutputMetadata{
 			{OutputMetadata: []byte("output1")},
 		},
-		ExtraSigners: []Identity{
-			Identity("signer1"),
-			Identity("signer2"),
-			Identity("signer3"),
+		ExtraSigners: []*AuditableIdentity{
+			{Identity: Identity("signer1"), AuditInfo: []byte("audit1")},
+			{Identity: Identity("signer2"), AuditInfo: []byte("audit2")},
+			{Identity: Identity("signer3"), AuditInfo: []byte("audit3")},
 		},
 	}
 
 	proto, err := im.ToProtos()
 	require.NoError(t, err)
 	assert.NotNil(t, proto)
 	assert.Len(t, proto.ExtraSigners, 3)
-	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Raw)
-	assert.Equal(t, []byte("signer2"), proto.ExtraSigners[1].Raw)
-	assert.Equal(t, []byte("signer3"), proto.ExtraSigners[2].Raw)
+	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Identity.Raw)
+	assert.Equal(t, []byte("audit1"), proto.ExtraSigners[0].AuditInfo)
+	assert.Equal(t, []byte("signer2"), proto.ExtraSigners[1].Identity.Raw)
+	assert.Equal(t, []byte("audit2"), proto.ExtraSigners[1].AuditInfo)
+	assert.Equal(t, []byte("signer3"), proto.ExtraSigners[2].Identity.Raw)
+	assert.Equal(t, []byte("audit3"), proto.ExtraSigners[2].AuditInfo)
 }
 
 // TestTransferMetadata_ToProtos_WithExtraSigners tests ToProtos with extra signers
@@ -1337,9 +1344,9 @@ func TestTransferMetadata_ToProtos_WithExtraSigners(t *testing.T) {
 		Outputs: []*TransferOutputMetadata{
 			{OutputMetadata: []byte("output1")},
 		},
-		ExtraSigners: []Identity{
-			Identity("signer1"),
-			Identity("signer2"),
+		ExtraSigners: []*AuditableIdentity{
+			{Identity: Identity("signer1"), AuditInfo: []byte("audit1")},
+			{Identity: Identity("signer2"), AuditInfo: []byte("audit2")},
 		},
 		Issuer: Identity("issuer1"),
 	}
@@ -1348,8 +1355,10 @@ func TestTransferMetadata_ToProtos_WithExtraSigners(t *testing.T) {
 	require.NoError(t, err)
 	assert.NotNil(t, proto)
 	assert.Len(t, proto.ExtraSigners, 2)
-	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Raw)
-	assert.Equal(t, []byte("signer2"), proto.ExtraSigners[1].Raw)
+	assert.Equal(t, []byte("signer1"), proto.ExtraSigners[0].Identity.Raw)
+	assert.Equal(t, []byte("audit1"), proto.ExtraSigners[0].AuditInfo)
+	assert.Equal(t, []byte("signer2"), proto.ExtraSigners[1].Identity.Raw)
+	assert.Equal(t, []byte("audit2"), proto.ExtraSigners[1].AuditInfo)
 	assert.NotNil(t, proto.Issuer)
 	assert.Equal(t, []byte("issuer1"), proto.Issuer.Raw)
 }

token/driver/request_test.go

@@ -247,7 +247,9 @@ func (m *IssueMetadata) Match(action *IssueAction) error {
 		return errors.Errorf("expected [%d] extra signers but got [%d]", len(extraSigners), len(m.ExtraSigners))
 	}
 	for i, signer := range extraSigners {
-		if !slices.ContainsFunc(m.ExtraSigners, signer.Equal) {
+		if !slices.ContainsFunc(m.ExtraSigners, func(es *driver.AuditableIdentity) bool {
+			return es != nil && signer.Equal(es.Identity)
+		}) {
 			return errors.Errorf("expected extra signer [%s] but got [%s]", signer, m.ExtraSigners[i])
 		}
 	}
@@ -302,7 +304,7 @@ func (m *TransferMetadata) Match(action *TransferAction) error {
 		return errors.Errorf("expected [%d] extra signers but got [%d]", len(m.ExtraSigners), len(extraSigners))
 	}
 	for i, signer := range extraSigners {
-		if !signer.Equal(m.ExtraSigners[i]) {
+		if m.ExtraSigners[i] == nil || !signer.Equal(m.ExtraSigners[i].Identity) {
 			return errors.Errorf("expected extra signer [%s] but got [%s]", m.ExtraSigners[i], signer)
 		}
 	}

token/metadata.go

@@ -251,7 +251,7 @@ func TestMetadata_TestMatchTransferAction(t *testing.T) {
 					Issuer:       mockIssuer,
 					Inputs:       []*driver.TransferInputMetadata{{}},
 					Outputs:      []*driver.TransferOutputMetadata{{}},
-					ExtraSigners: []token.Identity{signer1},
+					ExtraSigners: []*driver.AuditableIdentity{{Identity: signer1}},
 				},
 			},
 			wantErr: false,
@@ -309,7 +309,7 @@ func TestMetadata_TestMatchTransferAction(t *testing.T) {
 				&driver.TransferMetadata{
 					Inputs:       []*driver.TransferInputMetadata{{}},
 					Outputs:      []*driver.TransferOutputMetadata{{}},
-					ExtraSigners: []token.Identity{},
+					ExtraSigners: []*driver.AuditableIdentity{},
 				},
 			},
 			wantErr:       true,
@@ -322,7 +322,7 @@ func TestMetadata_TestMatchTransferAction(t *testing.T) {
 				&driver.TransferMetadata{
 					Inputs:       []*driver.TransferInputMetadata{{}},
 					Outputs:      []*driver.TransferOutputMetadata{{}},
-					ExtraSigners: []token.Identity{token.Identity("other")},
+					ExtraSigners: []*driver.AuditableIdentity{{Identity: token.Identity("other")}},
 				},
 			},
 			wantErr:       true,
@@ -336,7 +336,7 @@ func TestMetadata_TestMatchTransferAction(t *testing.T) {
 					Issuer:       token.Identity("other"),
 					Inputs:       []*driver.TransferInputMetadata{{}},
 					Outputs:      []*driver.TransferOutputMetadata{{}},
-					ExtraSigners: []token.Identity{signer1},
+					ExtraSigners: []*driver.AuditableIdentity{{Identity: signer1}},
 				},
 			},
 			wantErr:       true,
@@ -525,7 +525,7 @@ func TestIssueMetadata_Match(t *testing.T) {
 					Issuer:       driver.AuditableIdentity{Identity: issuer1},
 					Inputs:       []*driver.IssueInputMetadata{{}},
 					Outputs:      []*driver.IssueOutputMetadata{{}},
-					ExtraSigners: []token.Identity{signer1},
+					ExtraSigners: []*driver.AuditableIdentity{{Identity: signer1}},
 				},
 			},
 			action:  token.NewIssueAction(action),
@@ -583,7 +583,7 @@ func TestIssueMetadata_Match(t *testing.T) {
 				IssueMetadata: &driver.IssueMetadata{
 					Inputs:       []*driver.IssueInputMetadata{{}},
 					Outputs:      []*driver.IssueOutputMetadata{{}},
-					ExtraSigners: []token.Identity{},
+					ExtraSigners: []*driver.AuditableIdentity{},
 				},
 			},
 			action:        token.NewIssueAction(action),
@@ -596,7 +596,7 @@ func TestIssueMetadata_Match(t *testing.T) {
 				IssueMetadata: &driver.IssueMetadata{
 					Inputs:       []*driver.IssueInputMetadata{{}},
 					Outputs:      []*driver.IssueOutputMetadata{{}},
-					ExtraSigners: []token.Identity{token.Identity("other")},
+					ExtraSigners: []*driver.AuditableIdentity{{Identity: token.Identity("other")}},
 				},
 			},
 			action:        token.NewIssueAction(action),
@@ -610,7 +610,7 @@ func TestIssueMetadata_Match(t *testing.T) {
 					Issuer:       driver.AuditableIdentity{Identity: issuer2},
 					Inputs:       []*driver.IssueInputMetadata{{}},
 					Outputs:      []*driver.IssueOutputMetadata{{}},
-					ExtraSigners: []token.Identity{signer1},
+					ExtraSigners: []*driver.AuditableIdentity{{Identity: signer1}},
 				},
 			},
 			action:        token.NewIssueAction(action),