fix: Make mirror node security protocol rely on port number (#1507)

* feat: add GetMirrorBaseUrl func

Signed-off-by: Ivan Ivanov <[email protected]>

* fix: use port 5551 for localhost

Signed-off-by: Ivan Ivanov <[email protected]>

* test: unit

Signed-off-by: Ivan Ivanov <[email protected]>

* test: unit

Signed-off-by: Ivan Ivanov <[email protected]>

* chore: refactor

Signed-off-by: Ivan Ivanov <[email protected]>

---------

Signed-off-by: Ivan Ivanov <[email protected]>

Author: 0xivanov

sdk/account_id.go

@@ -342,29 +342,18 @@ func (id *AccountID) _MirrorNodeRequest(client *Client, populateType string) (ma
 		return nil, errors.New("mirror node is not set")
 	}
 
-	mirrorUrl := client.GetMirrorNetwork()[0]
-	index := strings.Index(mirrorUrl, ":")
-	if index == -1 {
-		return nil, errors.New("invalid mirrorUrl format")
-	}
-	mirrorUrl = mirrorUrl[:index]
-
-	var url string
-	protocol := "https"
-	port := ""
-
-	if client.GetLedgerID() == nil {
-		protocol = "http"
-		port = ":5551"
+	mirrorUrl, err := client.GetMirrorRestApiBaseUrl()
+	if err != nil {
+		return nil, err
 	}
 
 	if populateType == "account" {
-		url = fmt.Sprintf("%s://%s%s/api/v1/accounts/%s", protocol, mirrorUrl, port, hex.EncodeToString(*id.AliasEvmAddress))
+		mirrorUrl = fmt.Sprintf("%s/accounts/%s", mirrorUrl, hex.EncodeToString(*id.AliasEvmAddress))
 	} else {
-		url = fmt.Sprintf("%s://%s%s/api/v1/accounts/%s", protocol, mirrorUrl, port, id.String())
+		mirrorUrl = fmt.Sprintf("%s/accounts/%s", mirrorUrl, id.String())
 	}
 
-	resp, err := http.Get(url) // #nosec
+	resp, err := http.Get(mirrorUrl) // #nosec
 	if err != nil {
 		return nil, err
 	}

sdk/account_id_unit_test.go

@@ -6,13 +6,14 @@ package hiero
 // SPDX-License-Identifier: Apache-2.0
 
 import (
+	"encoding/hex"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
 	"strings"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-
-	"encoding/hex"
-
 	"github.com/stretchr/testify/require"
 )
 
@@ -276,3 +277,125 @@ func TestUnitAccountIDToEvmAddress(t *testing.T) {
 	id = AccountID{Shard: 1, Realm: 1, AliasEvmAddress: &bytes}
 	require.Equal(t, expected, id.ToEvmAddress())
 }
+
+func TestUnitAccountIDPopulateWithDifferentPorts(t *testing.T) {
+	// Note: Not running in parallel since we modify global http.DefaultTransport
+
+	tests := []struct {
+		name           string
+		domain         string
+		expectedScheme string
+		description    string
+	}{
+		{
+			name:           "port 80 uses HTTP",
+			domain:         "mirror80.example.com:80",
+			expectedScheme: "http",
+			description:    "Port 80 should use HTTP scheme",
+		},
+		{
+			name:           "port 443 uses HTTPS",
+			domain:         "mirror443.example.com:443",
+			expectedScheme: "https",
+			description:    "Port 443 should use HTTPS scheme",
+		},
+		{
+			name:           "port 8443 uses HTTPS",
+			domain:         "mirror8443.example.com:8443",
+			expectedScheme: "https",
+			description:    "Other ports should use HTTPS scheme for security",
+		},
+		{
+			name:           "port 9999 uses HTTPS",
+			domain:         "mirror9999.example.com:9999",
+			expectedScheme: "https",
+			description:    "Any non-standard port should use HTTPS scheme",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			t.Run("PopulateAccount", func(t *testing.T) {
+				server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					assert.Contains(t, r.URL.Path, "accounts")
+
+					response := map[string]interface{}{
+						"account": "0.0.12345",
+					}
+					w.Header().Set("Content-Type", "application/json")
+					err := json.NewEncoder(w).Encode(response)
+					require.NoError(t, err)
+				}))
+				defer server.Close()
+
+				// Setup mock transport
+				cleanup := SetupMockTransportForDomain(test.domain, server.URL)
+				defer cleanup()
+
+				// Setup client with the test domain as the mirror network
+				client, err := _NewMockClient()
+				require.NoError(t, err)
+				client.SetLedgerID(*NewLedgerIDTestnet())
+				client.SetMirrorNetwork([]string{test.domain})
+
+				// Create an account ID with EVM address
+				evmAddressBytes, err := hex.DecodeString(evmAddress)
+				require.NoError(t, err)
+				accountID := AccountID{
+					Shard:           0,
+					Realm:           0,
+					Account:         0,
+					AliasEvmAddress: &evmAddressBytes,
+				}
+
+				// Test PopulateAccount
+				err = accountID.PopulateAccount(client)
+				require.NoError(t, err, "PopulateAccount should succeed for %s", test.description)
+				assert.Equal(t, uint64(12345), accountID.Account)
+			})
+
+			// Test PopulateEvmAddress
+			t.Run("PopulateEvmAddress", func(t *testing.T) {
+				// Create a mock server that responds with EVM address data
+				server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+					// Verify the request path
+					assert.Contains(t, r.URL.Path, "accounts/0.0.789")
+
+					response := map[string]interface{}{
+						"evm_address": "0x" + evmAddress,
+					}
+					w.Header().Set("Content-Type", "application/json")
+					err := json.NewEncoder(w).Encode(response)
+					require.NoError(t, err)
+				}))
+				defer server.Close()
+
+				// Setup mock transport
+				cleanup := SetupMockTransportForDomain(test.domain, server.URL)
+				defer cleanup()
+
+				// Setup client with the test domain as the mirror network
+				client, err := _NewMockClient()
+				require.NoError(t, err)
+				client.SetLedgerID(*NewLedgerIDTestnet())
+				client.SetMirrorNetwork([]string{test.domain})
+
+				// Create an account ID with account number
+				accountID := AccountID{
+					Shard:   0,
+					Realm:   0,
+					Account: 789,
+				}
+
+				// Test PopulateEvmAddress
+				err = accountID.PopulateEvmAddress(client)
+				require.NoError(t, err, "PopulateEvmAddress should succeed for %s", test.description)
+				require.NotNil(t, accountID.AliasEvmAddress)
+
+				expectedBytes, err := hex.DecodeString(evmAddress)
+				require.NoError(t, err)
+				assert.Equal(t, expectedBytes, *accountID.AliasEvmAddress)
+			})
+		})
+	}
+}

sdk/client.go

@@ -788,3 +788,11 @@ func (client *Client) SetLogLevel(level LogLevel) *Client {
 	client.logger.SetLevel(level)
 	return client
 }
+
+func (client *Client) GetMirrorRestApiBaseUrl() (string, error) {
+	mirrorNode, err := client.mirrorNetwork._GetNextMirrorNode()
+	if err != nil {
+		return "", err
+	}
+	return mirrorNode.getBaseRestUrl()
+}

sdk/client_unit_test.go

@@ -7,6 +7,7 @@ package hiero
 
 import (
 	"bytes"
+	"net/url"
 	"testing"
 	"time"
 
@@ -370,3 +371,94 @@ func TestUnitClientForNetworkV2(t *testing.T) {
 	require.Error(t, err)
 	assert.Equal(t, err.Error(), "network is empty")
 }
+
+func TestUnitClientGetMirrorRestApiBaseUrl(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name           string
+		domain         string
+		expectedScheme string
+	}{
+		{
+			name:           "HTTP for port 80",
+			domain:         "mirror.example.com:80",
+			expectedScheme: "http",
+		},
+		{
+			name:           "HTTPS for port 443",
+			domain:         "mirror.example.com:443",
+			expectedScheme: "https",
+		},
+		{
+			name:           "HTTPS for custom port",
+			domain:         "mirror.example.com:8080",
+			expectedScheme: "https",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			client, err := _NewMockClient()
+			require.NoError(t, err)
+			client.SetLedgerID(*NewLedgerIDTestnet())
+			client.SetMirrorNetwork([]string{test.domain})
+
+			baseURL, err := client.GetMirrorRestApiBaseUrl()
+			require.NoError(t, err)
+
+			parsedURL, err := url.Parse(baseURL)
+			require.NoError(t, err)
+			assert.Equal(t, test.expectedScheme, parsedURL.Scheme)
+
+			assert.Equal(t, test.domain, parsedURL.Host)
+			assert.Equal(t, "/api/v1", parsedURL.Path)
+		})
+	}
+}
+
+func TestUnitClientGetMirrorRestApiBaseUrlLocalHost(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name           string
+		domain         string
+		expectedScheme string
+		expectedPort   string
+	}{
+		{
+			name:           "HTTP local host",
+			domain:         "localhost:80",
+			expectedScheme: "http",
+		},
+		{
+			name:           "HTTP 127.0.0.1",
+			domain:         "127.0.0.1:8080",
+			expectedScheme: "http",
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			client, err := _NewMockClient()
+			require.NoError(t, err)
+			client.SetLedgerID(*NewLedgerIDTestnet())
+			client.SetMirrorNetwork([]string{test.domain})
+
+			baseURL, err := client.GetMirrorRestApiBaseUrl()
+			require.NoError(t, err)
+
+			parsedURL, err := url.Parse(baseURL)
+			require.NoError(t, err)
+			assert.Equal(t, test.expectedScheme, parsedURL.Scheme)
+
+			if test.domain == "localhost:80" {
+				assert.Equal(t, "localhost:5551", parsedURL.Host)
+			} else {
+				assert.Equal(t, "127.0.0.1:5551", parsedURL.Host)
+			}
+
+			assert.Equal(t, "/api/v1", parsedURL.Path)
+		})
+	}
+}

sdk/contract_id.go

@@ -171,16 +171,11 @@ func (id *ContractID) PopulateContract(client *Client) error {
 	if client.mirrorNetwork == nil || len(client.GetMirrorNetwork()) == 0 {
 		return errors.New("mirror node is not set")
 	}
-	mirrorUrl := client.GetMirrorNetwork()[0]
-	index := strings.Index(mirrorUrl, ":")
-	if index == -1 {
-		return errors.New("invalid mirrorUrl format")
-	}
-	mirrorUrl = mirrorUrl[:index]
-	url := fmt.Sprintf("https://%s/api/v1/contracts/%s", mirrorUrl, hex.EncodeToString(id.EvmAddress))
-	if client.GetLedgerID() == nil {
-		url = fmt.Sprintf("http://%s:5551/api/v1/contracts/%s", mirrorUrl, hex.EncodeToString(id.EvmAddress))
+	mirrorUrl, err := client.GetMirrorRestApiBaseUrl()
+	if err != nil {
+		return err
 	}
+	url := fmt.Sprintf("%s/contracts/%s", mirrorUrl, hex.EncodeToString(id.EvmAddress))
 
 	resp, err := http.Get(url) // #nosec
 	if err != nil {