mirror of
https://github.com/tendermint/tendermint.git
synced 2026-02-09 05:20:10 +00:00
f7f034a8be
This PR is related to #3107 and a continuation of #3351
It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction.
Given two hosts A and B:
Host A is listener/client
Host B is dialer/server (contains the secret key)
When A requires a signature, it needs to wait for B to dial in before it can issue a request.
A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect.
The original rationale behind this design was based on security.
Host B only allows outbound connections to a list of whitelisted hosts.
It is not possible to reach B unless B dials in. There are no listening/open ports in B.
This PR results in the following changes:
Refactors ping/heartbeat to avoid previously existing race conditions.
Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow.
Unifies and abstracts away the differences between unix and tcp sockets.
A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj)
The signer request handler (server side) is customizable to increase testability.
Updates and extends unit tests
A high level overview of the classes is as follows:
Transport (endpoints): The following classes take care of establishing a connection
SignerDialerEndpoint
SignerListeningEndpoint
SignerEndpoint groups common functionality (read/write/timeouts/etc.)
Signing (client/server): The following classes take care of exchanging request/responses
SignerClient
SignerServer
This PR also closes #3601
Commits:
* refactoring - work in progress
* reworking unit tests
* Encapsulating and fixing unit tests
* Improve tests
* Clean up
* Fix/improve unit tests
* clean up tests
* Improving service endpoint
* fixing unit test
* fix linter issues
* avoid invalid cache values (improve later?)
* complete implementation
* wip
* improved connection loop
* Improve reconnections + fixing unit tests
* addressing comments
* small formatting changes
* clean up
* Update node/node.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_client.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_client_test.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* check during initialization
* dropping connecting when writing fails
* removing break
* use t.log instead
* unifying and using cmn.GetFreePort()
* review fixes
* reordering and unifying drop connection
* closing instead of signalling
* refactored service loop
* removed superfluous brackets
* GetPubKey can return errors
* Revert "GetPubKey can return errors"
This reverts commit 68c06f19b4.
* adding entry to changelog
* Update CHANGELOG_PENDING.md
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_client.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_dialer_endpoint.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_dialer_endpoint.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_dialer_endpoint.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_dialer_endpoint.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_listener_endpoint_test.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* updating node.go
* review fixes
* fixes linter
* fixing unit test
* small fixes in comments
* addressing review comments
* addressing review comments 2
* reverting suggestion
* Update privval/signer_client_test.go
Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com>
* Update privval/signer_client_test.go
Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com>
* Update privval/signer_listener_endpoint_test.go
Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com>
* do not expose brokenSignerDialerEndpoint
* clean up logging
* unifying methods
shorten test time
signer also drops
* reenabling pings
* improving testability + unit test
* fixing go fmt + unit test
* remove unused code
* Addressing review comments
* simplifying connection workflow
* fix linter/go import issue
* using base service quit
* updating comment
* Simplifying design + adjusting names
* fixing linter issues
* refactoring test harness + fixes
* Addressing review comments
* cleaning up
* adding additional error check
132 lines
3.4 KiB
Go
132 lines
3.4 KiB
Go
package privval
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/tendermint/tendermint/crypto"
|
|
"github.com/tendermint/tendermint/types"
|
|
)
|
|
|
|
// SignerClient implements PrivValidator.
|
|
// Handles remote validator connections that provide signing services
|
|
type SignerClient struct {
|
|
endpoint *SignerListenerEndpoint
|
|
}
|
|
|
|
var _ types.PrivValidator = (*SignerClient)(nil)
|
|
|
|
// NewSignerClient returns an instance of SignerClient.
|
|
// it will start the endpoint (if not already started)
|
|
func NewSignerClient(endpoint *SignerListenerEndpoint) (*SignerClient, error) {
|
|
if !endpoint.IsRunning() {
|
|
if err := endpoint.Start(); err != nil {
|
|
return nil, errors.Wrap(err, "failed to start listener endpoint")
|
|
}
|
|
}
|
|
|
|
return &SignerClient{endpoint: endpoint}, nil
|
|
}
|
|
|
|
// Close closes the underlying connection
|
|
func (sc *SignerClient) Close() error {
|
|
return sc.endpoint.Close()
|
|
}
|
|
|
|
// IsConnected indicates with the signer is connected to a remote signing service
|
|
func (sc *SignerClient) IsConnected() bool {
|
|
return sc.endpoint.IsConnected()
|
|
}
|
|
|
|
// WaitForConnection waits maxWait for a connection or returns a timeout error
|
|
func (sc *SignerClient) WaitForConnection(maxWait time.Duration) error {
|
|
return sc.endpoint.WaitForConnection(maxWait)
|
|
}
|
|
|
|
//--------------------------------------------------------
|
|
// Implement PrivValidator
|
|
|
|
// Ping sends a ping request to the remote signer
|
|
func (sc *SignerClient) Ping() error {
|
|
response, err := sc.endpoint.SendRequest(&PingRequest{})
|
|
|
|
if err != nil {
|
|
sc.endpoint.Logger.Error("SignerClient::Ping", "err", err)
|
|
return nil
|
|
}
|
|
|
|
_, ok := response.(*PingResponse)
|
|
if !ok {
|
|
sc.endpoint.Logger.Error("SignerClient::Ping", "err", "response != PingResponse")
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// GetPubKey retrieves a public key from a remote signer
|
|
func (sc *SignerClient) GetPubKey() crypto.PubKey {
|
|
response, err := sc.endpoint.SendRequest(&PubKeyRequest{})
|
|
if err != nil {
|
|
sc.endpoint.Logger.Error("SignerClient::GetPubKey", "err", err)
|
|
return nil
|
|
}
|
|
|
|
pubKeyResp, ok := response.(*PubKeyResponse)
|
|
if !ok {
|
|
sc.endpoint.Logger.Error("SignerClient::GetPubKey", "err", "response != PubKeyResponse")
|
|
return nil
|
|
}
|
|
|
|
if pubKeyResp.Error != nil {
|
|
sc.endpoint.Logger.Error("failed to get private validator's public key", "err", pubKeyResp.Error)
|
|
return nil
|
|
}
|
|
|
|
return pubKeyResp.PubKey
|
|
}
|
|
|
|
// SignVote requests a remote signer to sign a vote
|
|
func (sc *SignerClient) SignVote(chainID string, vote *types.Vote) error {
|
|
response, err := sc.endpoint.SendRequest(&SignVoteRequest{Vote: vote})
|
|
if err != nil {
|
|
sc.endpoint.Logger.Error("SignerClient::SignVote", "err", err)
|
|
return err
|
|
}
|
|
|
|
resp, ok := response.(*SignedVoteResponse)
|
|
if !ok {
|
|
sc.endpoint.Logger.Error("SignerClient::GetPubKey", "err", "response != SignedVoteResponse")
|
|
return ErrUnexpectedResponse
|
|
}
|
|
|
|
if resp.Error != nil {
|
|
return resp.Error
|
|
}
|
|
*vote = *resp.Vote
|
|
|
|
return nil
|
|
}
|
|
|
|
// SignProposal requests a remote signer to sign a proposal
|
|
func (sc *SignerClient) SignProposal(chainID string, proposal *types.Proposal) error {
|
|
response, err := sc.endpoint.SendRequest(&SignProposalRequest{Proposal: proposal})
|
|
if err != nil {
|
|
sc.endpoint.Logger.Error("SignerClient::SignProposal", "err", err)
|
|
return err
|
|
}
|
|
|
|
resp, ok := response.(*SignedProposalResponse)
|
|
if !ok {
|
|
sc.endpoint.Logger.Error("SignerClient::SignProposal", "err", "response != SignedProposalResponse")
|
|
return ErrUnexpectedResponse
|
|
}
|
|
if resp.Error != nil {
|
|
return resp.Error
|
|
}
|
|
*proposal = *resp.Proposal
|
|
|
|
return nil
|
|
}
|