mirror of
https://github.com/fluencelabs/tendermint
synced 2025-04-25 06:42:16 +00:00
f7f034a8be
This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check
62 lines
1.6 KiB
Go
62 lines
1.6 KiB
Go
package privval
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
|
|
"github.com/tendermint/tendermint/crypto/ed25519"
|
|
cmn "github.com/tendermint/tendermint/libs/common"
|
|
"github.com/tendermint/tendermint/libs/log"
|
|
)
|
|
|
|
// IsConnTimeout returns a boolean indicating whether the error is known to
|
|
// report that a connection timeout occurred. This detects both fundamental
|
|
// network timeouts, as well as ErrConnTimeout errors.
|
|
func IsConnTimeout(err error) bool {
|
|
if cmnErr, ok := err.(cmn.Error); ok {
|
|
if cmnErr.Data() == ErrConnectionTimeout {
|
|
return true
|
|
}
|
|
}
|
|
if _, ok := err.(timeoutError); ok {
|
|
return true
|
|
}
|
|
return false
|
|
}
|
|
|
|
// NewSignerListener creates a new SignerListenerEndpoint using the corresponding listen address
|
|
func NewSignerListener(listenAddr string, logger log.Logger) (*SignerListenerEndpoint, error) {
|
|
var listener net.Listener
|
|
|
|
protocol, address := cmn.ProtocolAndAddress(listenAddr)
|
|
ln, err := net.Listen(protocol, address)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
switch protocol {
|
|
case "unix":
|
|
listener = NewUnixListener(ln)
|
|
case "tcp":
|
|
// TODO: persist this key so external signer can actually authenticate us
|
|
listener = NewTCPListener(ln, ed25519.GenPrivKey())
|
|
default:
|
|
return nil, fmt.Errorf(
|
|
"wrong listen address: expected either 'tcp' or 'unix' protocols, got %s",
|
|
protocol,
|
|
)
|
|
}
|
|
|
|
pve := NewSignerListenerEndpoint(logger.With("module", "privval"), listener)
|
|
|
|
return pve, nil
|
|
}
|
|
|
|
// GetFreeLocalhostAddrPort returns a free localhost:port address
|
|
func GetFreeLocalhostAddrPort() string {
|
|
port, err := cmn.GetFreePort()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return fmt.Sprintf("127.0.0.1:%d", port)
|
|
}
|