zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7795 Commits
183 Branches
291 MiB
Tree: 044f1bf288
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '044f1bf288'
${ noResults }
tendermint/privval/signer_endpoint.go

154 lines
3.3 KiB
Raw Normal View History

privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check
5 years ago
libs/common: refactor libs common 3 (#4232) * libs/common: refactor libs common 3 - move nil.go into types folder and make private - move service & baseservice out of common into service pkg ref #4147 Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry
5 years ago
privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check
5 years ago
libs/common: refactor libs common 3 (#4232) * libs/common: refactor libs common 3 - move nil.go into types folder and make private - move service & baseservice out of common into service pkg ref #4147 Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry
5 years ago
privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check
5 years ago
 
  1. package privval
  2. 

  3. import (
  4. 	"fmt"
  5. 	"net"
  6. 	"sync"
  7. 	"time"
  8. 

  9. 	"github.com/pkg/errors"
  10. 

  11. 	"github.com/tendermint/tendermint/libs/service"
  12. )
  13. 

  14. const (
  15. 	defaultTimeoutReadWriteSeconds = 3
  16. )
  17. 

  18. type signerEndpoint struct {
  19. 	service.BaseService
  20. 

  21. 	connMtx sync.Mutex
  22. 	conn    net.Conn
  23. 

  24. 	timeoutReadWrite time.Duration
  25. }
  26. 

  27. // Close closes the underlying net.Conn.

  28. func (se *signerEndpoint) Close() error {
  29. 	se.DropConnection()
  30. 	return nil
  31. }
  32. 

  33. // IsConnected indicates if there is an active connection

  34. func (se *signerEndpoint) IsConnected() bool {
  35. 	se.connMtx.Lock()
  36. 	defer se.connMtx.Unlock()
  37. 	return se.isConnected()
  38. }
  39. 

  40. // TryGetConnection retrieves a connection if it is already available

  41. func (se *signerEndpoint) GetAvailableConnection(connectionAvailableCh chan net.Conn) bool {
  42. 	se.connMtx.Lock()
  43. 	defer se.connMtx.Unlock()
  44. 

  45. 	// Is there a connection ready?

  46. 	select {
  47. 	case se.conn = <-connectionAvailableCh:
  48. 		return true
  49. 	default:
  50. 	}
  51. 	return false
  52. }
  53. 

  54. // TryGetConnection retrieves a connection if it is already available

  55. func (se *signerEndpoint) WaitConnection(connectionAvailableCh chan net.Conn, maxWait time.Duration) error {
  56. 	se.connMtx.Lock()
  57. 	defer se.connMtx.Unlock()
  58. 

  59. 	select {
  60. 	case se.conn = <-connectionAvailableCh:
  61. 	case <-time.After(maxWait):
  62. 		return ErrConnectionTimeout
  63. 	}
  64. 

  65. 	return nil
  66. }
  67. 

  68. // SetConnection replaces the current connection object

  69. func (se *signerEndpoint) SetConnection(newConnection net.Conn) {
  70. 	se.connMtx.Lock()
  71. 	defer se.connMtx.Unlock()
  72. 	se.conn = newConnection
  73. }
  74. 

  75. // IsConnected indicates if there is an active connection

  76. func (se *signerEndpoint) DropConnection() {
  77. 	se.connMtx.Lock()
  78. 	defer se.connMtx.Unlock()
  79. 	se.dropConnection()
  80. }
  81. 

  82. // ReadMessage reads a message from the endpoint

  83. func (se *signerEndpoint) ReadMessage() (msg SignerMessage, err error) {
  84. 	se.connMtx.Lock()
  85. 	defer se.connMtx.Unlock()
  86. 

  87. 	if !se.isConnected() {
  88. 		return nil, fmt.Errorf("endpoint is not connected")
  89. 	}
  90. 

  91. 	// Reset read deadline

  92. 	deadline := time.Now().Add(se.timeoutReadWrite)
  93. 

  94. 	err = se.conn.SetReadDeadline(deadline)
  95. 	if err != nil {
  96. 		return
  97. 	}
  98. 

  99. 	const maxRemoteSignerMsgSize = 1024 * 10
  100. 	_, err = cdc.UnmarshalBinaryLengthPrefixedReader(se.conn, &msg, maxRemoteSignerMsgSize)
  101. 	if _, ok := err.(timeoutError); ok {
  102. 		if err != nil {
  103. 			err = errors.Wrap(ErrReadTimeout, err.Error())
  104. 		} else {
  105. 			err = errors.Wrap(ErrReadTimeout, "Empty error")
  106. 		}
  107. 		se.Logger.Debug("Dropping [read]", "obj", se)
  108. 		se.dropConnection()
  109. 	}
  110. 

  111. 	return
  112. }
  113. 

  114. // WriteMessage writes a message from the endpoint

  115. func (se *signerEndpoint) WriteMessage(msg SignerMessage) (err error) {
  116. 	se.connMtx.Lock()
  117. 	defer se.connMtx.Unlock()
  118. 

  119. 	if !se.isConnected() {
  120. 		return errors.Wrap(ErrNoConnection, "endpoint is not connected")
  121. 	}
  122. 

  123. 	// Reset read deadline

  124. 	deadline := time.Now().Add(se.timeoutReadWrite)
  125. 	err = se.conn.SetWriteDeadline(deadline)
  126. 	if err != nil {
  127. 		return
  128. 	}
  129. 

  130. 	_, err = cdc.MarshalBinaryLengthPrefixedWriter(se.conn, msg)
  131. 	if _, ok := err.(timeoutError); ok {
  132. 		if err != nil {
  133. 			err = errors.Wrap(ErrWriteTimeout, err.Error())
  134. 		} else {
  135. 			err = errors.Wrap(ErrWriteTimeout, "Empty error")
  136. 		}
  137. 		se.dropConnection()
  138. 	}
  139. 

  140. 	return
  141. }
  142. 

  143. func (se *signerEndpoint) isConnected() bool {
  144. 	return se.conn != nil
  145. }
  146. 

  147. func (se *signerEndpoint) dropConnection() {
  148. 	if se.conn != nil {
  149. 		if err := se.conn.Close(); err != nil {
  150. 			se.Logger.Error("signerEndpoint::dropConnection", "err", err)
  151. 		}
  152. 		se.conn = nil
  153. 	}
  154. }