2018-10-17 10:26:14 +02:00
|
|
|
package privval
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"io"
|
|
|
|
|
"net"
|
|
|
|
|
|
2018-12-22 06:36:45 +01:00
|
|
|
"github.com/pkg/errors"
|
|
|
|
|
|
2018-10-17 10:26:14 +02:00
|
|
|
"github.com/tendermint/tendermint/crypto"
|
|
|
|
|
cmn "github.com/tendermint/tendermint/libs/common"
|
|
|
|
|
"github.com/tendermint/tendermint/types"
|
|
|
|
|
)
|
|
|
|
|
|
2019-02-28 08:48:20 +01:00
|
|
|
// SignerRemote implements PrivValidator.
|
|
|
|
|
// It uses a net.Conn to request signatures from an external process.
|
|
|
|
|
type SignerRemote struct {
|
2019-01-13 20:31:31 +01:00
|
|
|
conn net.Conn
|
|
|
|
|
|
|
|
|
|
// memoized
|
2018-12-22 06:36:45 +01:00
|
|
|
consensusPubKey crypto.PubKey
|
2018-10-17 10:26:14 +02:00
|
|
|
}
|
|
|
|
|
|
2019-02-28 08:48:20 +01:00
|
|
|
// Check that SignerRemote implements PrivValidator.
|
|
|
|
|
var _ types.PrivValidator = (*SignerRemote)(nil)
|
2018-10-17 10:26:14 +02:00
|
|
|
|
2019-02-28 08:48:20 +01:00
|
|
|
// NewSignerRemote returns an instance of SignerRemote.
|
|
|
|
|
func NewSignerRemote(conn net.Conn) (*SignerRemote, error) {
|
2019-01-13 20:31:31 +01:00
|
|
|
|
|
|
|
|
// retrieve and memoize the consensus public key once.
|
|
|
|
|
pubKey, err := getPubKey(conn)
|
2018-10-17 10:26:14 +02:00
|
|
|
if err != nil {
|
2018-12-22 06:36:45 +01:00
|
|
|
return nil, cmn.ErrorWrap(err, "error while retrieving public key for remote signer")
|
2018-10-17 10:26:14 +02:00
|
|
|
}
|
2019-02-28 08:48:20 +01:00
|
|
|
return &SignerRemote{
|
2019-01-13 20:31:31 +01:00
|
|
|
conn: conn,
|
|
|
|
|
consensusPubKey: pubKey,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Close calls Close on the underlying net.Conn.
|
2019-02-28 08:48:20 +01:00
|
|
|
func (sc *SignerRemote) Close() error {
|
2019-01-13 20:31:31 +01:00
|
|
|
return sc.conn.Close()
|
2018-10-17 10:26:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// GetPubKey implements PrivValidator.
|
2019-02-28 08:48:20 +01:00
|
|
|
func (sc *SignerRemote) GetPubKey() crypto.PubKey {
|
2018-12-22 06:36:45 +01:00
|
|
|
return sc.consensusPubKey
|
2018-10-17 10:26:14 +02:00
|
|
|
}
|
|
|
|
|
|
2019-01-13 20:31:31 +01:00
|
|
|
// not thread-safe (only called on startup).
|
|
|
|
|
func getPubKey(conn net.Conn) (crypto.PubKey, error) {
|
|
|
|
|
err := writeMsg(conn, &PubKeyRequest{})
|
2018-10-17 10:26:14 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-13 20:31:31 +01:00
|
|
|
res, err := readMsg(conn)
|
2018-10-17 10:26:14 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2019-02-28 08:48:20 +01:00
|
|
|
|
2018-12-22 06:36:45 +01:00
|
|
|
pubKeyResp, ok := res.(*PubKeyResponse)
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, errors.Wrap(ErrUnexpectedResponse, "response is not PubKeyResponse")
|
|
|
|
|
}
|
2018-10-17 10:26:14 +02:00
|
|
|
|
2018-12-22 06:36:45 +01:00
|
|
|
if pubKeyResp.Error != nil {
|
|
|
|
|
return nil, errors.Wrap(pubKeyResp.Error, "failed to get private validator's public key")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return pubKeyResp.PubKey, nil
|
2018-10-17 10:26:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SignVote implements PrivValidator.
|
2019-02-28 08:48:20 +01:00
|
|
|
func (sc *SignerRemote) SignVote(chainID string, vote *types.Vote) error {
|
2018-10-17 10:26:14 +02:00
|
|
|
err := writeMsg(sc.conn, &SignVoteRequest{Vote: vote})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res, err := readMsg(sc.conn)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp, ok := res.(*SignedVoteResponse)
|
|
|
|
|
if !ok {
|
|
|
|
|
return ErrUnexpectedResponse
|
|
|
|
|
}
|
|
|
|
|
if resp.Error != nil {
|
|
|
|
|
return resp.Error
|
|
|
|
|
}
|
|
|
|
|
*vote = *resp.Vote
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SignProposal implements PrivValidator.
|
2019-02-28 08:48:20 +01:00
|
|
|
func (sc *SignerRemote) SignProposal(chainID string, proposal *types.Proposal) error {
|
2018-10-17 10:26:14 +02:00
|
|
|
err := writeMsg(sc.conn, &SignProposalRequest{Proposal: proposal})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res, err := readMsg(sc.conn)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
resp, ok := res.(*SignedProposalResponse)
|
|
|
|
|
if !ok {
|
|
|
|
|
return ErrUnexpectedResponse
|
|
|
|
|
}
|
|
|
|
|
if resp.Error != nil {
|
|
|
|
|
return resp.Error
|
|
|
|
|
}
|
|
|
|
|
*proposal = *resp.Proposal
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Ping is used to check connection health.
|
2019-02-28 08:48:20 +01:00
|
|
|
func (sc *SignerRemote) Ping() error {
|
2018-10-17 10:26:14 +02:00
|
|
|
err := writeMsg(sc.conn, &PingRequest{})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
res, err := readMsg(sc.conn)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
_, ok := res.(*PingResponse)
|
|
|
|
|
if !ok {
|
|
|
|
|
return ErrUnexpectedResponse
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func readMsg(r io.Reader) (msg RemoteSignerMsg, err error) {
|
|
|
|
|
const maxRemoteSignerMsgSize = 1024 * 10
|
2018-10-25 03:34:01 +02:00
|
|
|
_, err = cdc.UnmarshalBinaryLengthPrefixedReader(r, &msg, maxRemoteSignerMsgSize)
|
2018-10-17 10:26:14 +02:00
|
|
|
if _, ok := err.(timeoutError); ok {
|
|
|
|
|
err = cmn.ErrorWrap(ErrConnTimeout, err.Error())
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func writeMsg(w io.Writer, msg interface{}) (err error) {
|
2018-10-25 03:34:01 +02:00
|
|
|
_, err = cdc.MarshalBinaryLengthPrefixedWriter(w, msg)
|
2018-10-17 10:26:14 +02:00
|
|
|
if _, ok := err.(timeoutError); ok {
|
|
|
|
|
err = cmn.ErrorWrap(ErrConnTimeout, err.Error())
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func handleRequest(req RemoteSignerMsg, chainID string, privVal types.PrivValidator) (RemoteSignerMsg, error) {
|
|
|
|
|
var res RemoteSignerMsg
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
switch r := req.(type) {
|
2018-12-22 06:36:45 +01:00
|
|
|
case *PubKeyRequest:
|
2018-10-17 10:26:14 +02:00
|
|
|
var p crypto.PubKey
|
|
|
|
|
p = privVal.GetPubKey()
|
2018-12-22 06:36:45 +01:00
|
|
|
res = &PubKeyResponse{p, nil}
|
2019-02-28 08:48:20 +01:00
|
|
|
|
2018-10-17 10:26:14 +02:00
|
|
|
case *SignVoteRequest:
|
|
|
|
|
err = privVal.SignVote(chainID, r.Vote)
|
|
|
|
|
if err != nil {
|
|
|
|
|
res = &SignedVoteResponse{nil, &RemoteSignerError{0, err.Error()}}
|
|
|
|
|
} else {
|
|
|
|
|
res = &SignedVoteResponse{r.Vote, nil}
|
|
|
|
|
}
|
2019-02-28 08:48:20 +01:00
|
|
|
|
2018-10-17 10:26:14 +02:00
|
|
|
case *SignProposalRequest:
|
|
|
|
|
err = privVal.SignProposal(chainID, r.Proposal)
|
|
|
|
|
if err != nil {
|
|
|
|
|
res = &SignedProposalResponse{nil, &RemoteSignerError{0, err.Error()}}
|
|
|
|
|
} else {
|
|
|
|
|
res = &SignedProposalResponse{r.Proposal, nil}
|
|
|
|
|
}
|
2019-02-28 08:48:20 +01:00
|
|
|
|
2018-10-17 10:26:14 +02:00
|
|
|
case *PingRequest:
|
|
|
|
|
res = &PingResponse{}
|
2019-02-28 08:48:20 +01:00
|
|
|
|
2018-10-17 10:26:14 +02:00
|
|
|
default:
|
|
|
|
|
err = fmt.Errorf("unknown msg: %v", r)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return res, err
|
|
|
|
|
}
|
