tendermint/privval/signer_dialer_endpoint.go

package privval

import (
	"time"

	cmn "github.com/tendermint/tendermint/libs/common"
	"github.com/tendermint/tendermint/libs/log"
)

const (
	defaultMaxDialRetries        = 10
	defaultRetryWaitMilliseconds = 100
)

// SignerServiceEndpointOption sets an optional parameter on the SignerDialerEndpoint.
type SignerServiceEndpointOption func(*SignerDialerEndpoint)

// SignerDialerEndpointTimeoutReadWrite sets the read and write timeout for connections
// from external signing processes.
func SignerDialerEndpointTimeoutReadWrite(timeout time.Duration) SignerServiceEndpointOption {
	return func(ss *SignerDialerEndpoint) { ss.timeoutReadWrite = timeout }
}

// SignerDialerEndpointConnRetries sets the amount of attempted retries to acceptNewConnection.
func SignerDialerEndpointConnRetries(retries int) SignerServiceEndpointOption {
	return func(ss *SignerDialerEndpoint) { ss.maxConnRetries = retries }
}

// SignerDialerEndpoint dials using its dialer and responds to any
// signature requests using its privVal.
type SignerDialerEndpoint struct {
	signerEndpoint

	dialer SocketDialer

	retryWait      time.Duration
	maxConnRetries int
}

// NewSignerDialerEndpoint returns a SignerDialerEndpoint that will dial using the given
// dialer and respond to any signature requests over the connection
// using the given privVal.
func NewSignerDialerEndpoint(
	logger log.Logger,
	dialer SocketDialer,
) *SignerDialerEndpoint {

	sd := &SignerDialerEndpoint{
		dialer:         dialer,
		retryWait:      defaultRetryWaitMilliseconds * time.Millisecond,
		maxConnRetries: defaultMaxDialRetries,
	}

	sd.BaseService = *cmn.NewBaseService(logger, "SignerDialerEndpoint", sd)
	sd.signerEndpoint.timeoutReadWrite = defaultTimeoutReadWriteSeconds * time.Second

	return sd
}

func (sd *SignerDialerEndpoint) ensureConnection() error {
	if sd.IsConnected() {
		return nil
	}

	retries := 0
	for retries < sd.maxConnRetries {
		conn, err := sd.dialer()

		if err != nil {
			retries++
			sd.Logger.Debug("SignerDialer: Reconnection failed", "retries", retries, "max", sd.maxConnRetries, "err", err)
			// Wait between retries
			time.Sleep(sd.retryWait)
		} else {
			sd.SetConnection(conn)
			sd.Logger.Debug("SignerDialer: Connection Ready")
			return nil
		}
	}

	sd.Logger.Debug("SignerDialer: Max retries exceeded", "retries", retries, "max", sd.maxConnRetries)

	return ErrNoConnection
}
privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check 2019-08-05 17:09:10 +02:00			`package privval`

			`import (`
			`"time"`

			`cmn "github.com/tendermint/tendermint/libs/common"`
			`"github.com/tendermint/tendermint/libs/log"`
			`)`

			`const (`
			`defaultMaxDialRetries = 10`
			`defaultRetryWaitMilliseconds = 100`
			`)`

			`// SignerServiceEndpointOption sets an optional parameter on the SignerDialerEndpoint.`
			`type SignerServiceEndpointOption func(*SignerDialerEndpoint)`

			`// SignerDialerEndpointTimeoutReadWrite sets the read and write timeout for connections`
			`// from external signing processes.`
			`func SignerDialerEndpointTimeoutReadWrite(timeout time.Duration) SignerServiceEndpointOption {`
			`return func(ss *SignerDialerEndpoint) { ss.timeoutReadWrite = timeout }`
			`}`

			`// SignerDialerEndpointConnRetries sets the amount of attempted retries to acceptNewConnection.`
			`func SignerDialerEndpointConnRetries(retries int) SignerServiceEndpointOption {`
			`return func(ss *SignerDialerEndpoint) { ss.maxConnRetries = retries }`
			`}`

			`// SignerDialerEndpoint dials using its dialer and responds to any`
			`// signature requests using its privVal.`
			`type SignerDialerEndpoint struct {`
			`signerEndpoint`

			`dialer SocketDialer`

			`retryWait time.Duration`
			`maxConnRetries int`
			`}`

			`// NewSignerDialerEndpoint returns a SignerDialerEndpoint that will dial using the given`
			`// dialer and respond to any signature requests over the connection`
			`// using the given privVal.`
			`func NewSignerDialerEndpoint(`
			`logger log.Logger,`
			`dialer SocketDialer,`
			`) *SignerDialerEndpoint {`

			`sd := &SignerDialerEndpoint{`
			`dialer: dialer,`
			`retryWait: defaultRetryWaitMilliseconds * time.Millisecond,`
			`maxConnRetries: defaultMaxDialRetries,`
			`}`

			`sd.BaseService = *cmn.NewBaseService(logger, "SignerDialerEndpoint", sd)`
			`sd.signerEndpoint.timeoutReadWrite = defaultTimeoutReadWriteSeconds * time.Second`

			`return sd`
			`}`

			`func (sd *SignerDialerEndpoint) ensureConnection() error {`
			`if sd.IsConnected() {`
			`return nil`
			`}`

			`retries := 0`
			`for retries < sd.maxConnRetries {`
			`conn, err := sd.dialer()`

			`if err != nil {`
			`retries++`
			`sd.Logger.Debug("SignerDialer: Reconnection failed", "retries", retries, "max", sd.maxConnRetries, "err", err)`
			`// Wait between retries`
			`time.Sleep(sd.retryWait)`
			`} else {`
			`sd.SetConnection(conn)`
			`sd.Logger.Debug("SignerDialer: Connection Ready")`
			`return nil`
			`}`
			`}`

			`sd.Logger.Debug("SignerDialer: Max retries exceeded", "retries", retries, "max", sd.maxConnRetries)`

			`return ErrNoConnection`
			`}`