tendermint/privval/signer_server.go

package privval

import (
	"io"
	"sync"

	cmn "github.com/tendermint/tendermint/libs/common"
	"github.com/tendermint/tendermint/types"
)

// ValidationRequestHandlerFunc handles different remoteSigner requests
type ValidationRequestHandlerFunc func(
	privVal types.PrivValidator,
	requestMessage SignerMessage,
	chainID string) (SignerMessage, error)

type SignerServer struct {
	cmn.BaseService

	endpoint *SignerDialerEndpoint
	chainID  string
	privVal  types.PrivValidator

	handlerMtx               sync.Mutex
	validationRequestHandler ValidationRequestHandlerFunc
}

func NewSignerServer(endpoint *SignerDialerEndpoint, chainID string, privVal types.PrivValidator) *SignerServer {
	ss := &SignerServer{
		endpoint:                 endpoint,
		chainID:                  chainID,
		privVal:                  privVal,
		validationRequestHandler: DefaultValidationRequestHandler,
	}

	ss.BaseService = *cmn.NewBaseService(endpoint.Logger, "SignerServer", ss)

	return ss
}

// OnStart implements cmn.Service.
func (ss *SignerServer) OnStart() error {
	go ss.serviceLoop()
	return nil
}

// OnStop implements cmn.Service.
func (ss *SignerServer) OnStop() {
	ss.endpoint.Logger.Debug("SignerServer: OnStop calling Close")
	_ = ss.endpoint.Close()
}

// SetRequestHandler override the default function that is used to service requests
func (ss *SignerServer) SetRequestHandler(validationRequestHandler ValidationRequestHandlerFunc) {
	ss.handlerMtx.Lock()
	defer ss.handlerMtx.Unlock()
	ss.validationRequestHandler = validationRequestHandler
}

func (ss *SignerServer) servicePendingRequest() {
	if !ss.IsRunning() {
		return // Ignore error from closing.
	}

	req, err := ss.endpoint.ReadMessage()
	if err != nil {
		if err != io.EOF {
			ss.Logger.Error("SignerServer: HandleMessage", "err", err)
		}
		return
	}

	var res SignerMessage
	{
		// limit the scope of the lock
		ss.handlerMtx.Lock()
		defer ss.handlerMtx.Unlock()
		res, err = ss.validationRequestHandler(ss.privVal, req, ss.chainID)
		if err != nil {
			// only log the error; we'll reply with an error in res
			ss.Logger.Error("SignerServer: handleMessage", "err", err)
		}
	}

	if res != nil {
		err = ss.endpoint.WriteMessage(res)
		if err != nil {
			ss.Logger.Error("SignerServer: writeMessage", "err", err)
		}
	}
}

func (ss *SignerServer) serviceLoop() {
	for {
		select {
		default:
			err := ss.endpoint.ensureConnection()
			if err != nil {
				return
			}
			ss.servicePendingRequest()

		case <-ss.Quit():
			return
		}
	}
}
privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check 2019-08-05 17:09:10 +02:00			`package privval`

			`import (`
			`"io"`
			`"sync"`

			`cmn "github.com/tendermint/tendermint/libs/common"`
			`"github.com/tendermint/tendermint/types"`
			`)`

			`// ValidationRequestHandlerFunc handles different remoteSigner requests`
			`type ValidationRequestHandlerFunc func(`
			`privVal types.PrivValidator,`
			`requestMessage SignerMessage,`
			`chainID string) (SignerMessage, error)`

			`type SignerServer struct {`
			`cmn.BaseService`

			`endpoint *SignerDialerEndpoint`
			`chainID string`
			`privVal types.PrivValidator`

			`handlerMtx sync.Mutex`
			`validationRequestHandler ValidationRequestHandlerFunc`
			`}`

			`func NewSignerServer(endpoint SignerDialerEndpoint, chainID string, privVal types.PrivValidator) SignerServer {`
			`ss := &SignerServer{`
			`endpoint: endpoint,`
			`chainID: chainID,`
			`privVal: privVal,`
			`validationRequestHandler: DefaultValidationRequestHandler,`
			`}`

			`ss.BaseService = *cmn.NewBaseService(endpoint.Logger, "SignerServer", ss)`

			`return ss`
			`}`

			`// OnStart implements cmn.Service.`
			`func (ss *SignerServer) OnStart() error {`
			`go ss.serviceLoop()`
			`return nil`
			`}`

			`// OnStop implements cmn.Service.`
			`func (ss *SignerServer) OnStop() {`
			`ss.endpoint.Logger.Debug("SignerServer: OnStop calling Close")`
			`_ = ss.endpoint.Close()`
			`}`

			`// SetRequestHandler override the default function that is used to service requests`
			`func (ss *SignerServer) SetRequestHandler(validationRequestHandler ValidationRequestHandlerFunc) {`
			`ss.handlerMtx.Lock()`
			`defer ss.handlerMtx.Unlock()`
			`ss.validationRequestHandler = validationRequestHandler`
			`}`

			`func (ss *SignerServer) servicePendingRequest() {`
			`if !ss.IsRunning() {`
			`return // Ignore error from closing.`
			`}`

			`req, err := ss.endpoint.ReadMessage()`
			`if err != nil {`
			`if err != io.EOF {`
			`ss.Logger.Error("SignerServer: HandleMessage", "err", err)`
			`}`
			`return`
			`}`

			`var res SignerMessage`
			`{`
			`// limit the scope of the lock`
			`ss.handlerMtx.Lock()`
			`defer ss.handlerMtx.Unlock()`
			`res, err = ss.validationRequestHandler(ss.privVal, req, ss.chainID)`
			`if err != nil {`
			`// only log the error; we'll reply with an error in res`
			`ss.Logger.Error("SignerServer: handleMessage", "err", err)`
			`}`
			`}`

			`if res != nil {`
			`err = ss.endpoint.WriteMessage(res)`
			`if err != nil {`
			`ss.Logger.Error("SignerServer: writeMessage", "err", err)`
			`}`
			`}`
			`}`

			`func (ss *SignerServer) serviceLoop() {`
			`for {`
			`select {`
			`default:`
			`err := ss.endpoint.ensureConnection()`
			`if err != nil {`
			`return`
			`}`
			`ss.servicePendingRequest()`

			`case <-ss.Quit():`
			`return`
			`}`
			`}`
			`}`