zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7388 Commits
183 Branches
291 MiB
Tree: 7fe02a04db
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7fe02a04db'
${ noResults }
tendermint/privval/signer_client_test.go

257 lines
6.9 KiB
Raw Normal View History

privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check
5 years ago
 
  1. package privval
  2. 

  3. import (
  4. 	"fmt"
  5. 	"testing"
  6. 	"time"
  7. 

  8. 	"github.com/stretchr/testify/assert"
  9. 	"github.com/stretchr/testify/require"
  10. 

  11. 	"github.com/tendermint/tendermint/libs/common"
  12. 	"github.com/tendermint/tendermint/types"
  13. )
  14. 

  15. type signerTestCase struct {
  16. 	chainID      string
  17. 	mockPV       types.PrivValidator
  18. 	signerClient *SignerClient
  19. 	signerServer *SignerServer
  20. }
  21. 

  22. func getSignerTestCases(t *testing.T) []signerTestCase {
  23. 	testCases := make([]signerTestCase, 0)
  24. 

  25. 	// Get test cases for each possible dialer (DialTCP / DialUnix / etc)

  26. 	for _, dtc := range getDialerTestCases(t) {
  27. 		chainID := common.RandStr(12)
  28. 		mockPV := types.NewMockPV()
  29. 

  30. 		// get a pair of signer listener, signer dialer endpoints

  31. 		sl, sd := getMockEndpoints(t, dtc.addr, dtc.dialer)
  32. 		sc, err := NewSignerClient(sl)
  33. 		require.NoError(t, err)
  34. 		ss := NewSignerServer(sd, chainID, mockPV)
  35. 

  36. 		err = ss.Start()
  37. 		require.NoError(t, err)
  38. 

  39. 		tc := signerTestCase{
  40. 			chainID:      chainID,
  41. 			mockPV:       mockPV,
  42. 			signerClient: sc,
  43. 			signerServer: ss,
  44. 		}
  45. 

  46. 		testCases = append(testCases, tc)
  47. 	}
  48. 

  49. 	return testCases
  50. }
  51. 

  52. func TestSignerClose(t *testing.T) {
  53. 	for _, tc := range getSignerTestCases(t) {
  54. 		err := tc.signerClient.Close()
  55. 		assert.NoError(t, err)
  56. 

  57. 		err = tc.signerServer.Stop()
  58. 		assert.NoError(t, err)
  59. 	}
  60. }
  61. 

  62. func TestSignerPing(t *testing.T) {
  63. 	for _, tc := range getSignerTestCases(t) {
  64. 		defer tc.signerServer.Stop()
  65. 		defer tc.signerClient.Close()
  66. 

  67. 		err := tc.signerClient.Ping()
  68. 		assert.NoError(t, err)
  69. 	}
  70. }
  71. 

  72. func TestSignerGetPubKey(t *testing.T) {
  73. 	for _, tc := range getSignerTestCases(t) {
  74. 		defer tc.signerServer.Stop()
  75. 		defer tc.signerClient.Close()
  76. 

  77. 		pubKey := tc.signerClient.GetPubKey()
  78. 		expectedPubKey := tc.mockPV.GetPubKey()
  79. 

  80. 		assert.Equal(t, expectedPubKey, pubKey)
  81. 

  82. 		addr := tc.signerClient.GetPubKey().Address()
  83. 		expectedAddr := tc.mockPV.GetPubKey().Address()
  84. 

  85. 		assert.Equal(t, expectedAddr, addr)
  86. 	}
  87. }
  88. 

  89. func TestSignerProposal(t *testing.T) {
  90. 	for _, tc := range getSignerTestCases(t) {
  91. 		ts := time.Now()
  92. 		want := &types.Proposal{Timestamp: ts}
  93. 		have := &types.Proposal{Timestamp: ts}
  94. 

  95. 		defer tc.signerServer.Stop()
  96. 		defer tc.signerClient.Close()
  97. 

  98. 		require.NoError(t, tc.mockPV.SignProposal(tc.chainID, want))
  99. 		require.NoError(t, tc.signerClient.SignProposal(tc.chainID, have))
  100. 

  101. 		assert.Equal(t, want.Signature, have.Signature)
  102. 	}
  103. }
  104. 

  105. func TestSignerVote(t *testing.T) {
  106. 	for _, tc := range getSignerTestCases(t) {
  107. 		ts := time.Now()
  108. 		want := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  109. 		have := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  110. 

  111. 		defer tc.signerServer.Stop()
  112. 		defer tc.signerClient.Close()
  113. 

  114. 		require.NoError(t, tc.mockPV.SignVote(tc.chainID, want))
  115. 		require.NoError(t, tc.signerClient.SignVote(tc.chainID, have))
  116. 

  117. 		assert.Equal(t, want.Signature, have.Signature)
  118. 	}
  119. }
  120. 

  121. func TestSignerVoteResetDeadline(t *testing.T) {
  122. 	for _, tc := range getSignerTestCases(t) {
  123. 		ts := time.Now()
  124. 		want := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  125. 		have := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  126. 

  127. 		defer tc.signerServer.Stop()
  128. 		defer tc.signerClient.Close()
  129. 

  130. 		time.Sleep(testTimeoutReadWrite2o3)
  131. 

  132. 		require.NoError(t, tc.mockPV.SignVote(tc.chainID, want))
  133. 		require.NoError(t, tc.signerClient.SignVote(tc.chainID, have))
  134. 		assert.Equal(t, want.Signature, have.Signature)
  135. 

  136. 		// TODO(jleni): Clarify what is actually being tested

  137. 

  138. 		// This would exceed the deadline if it was not extended by the previous message

  139. 		time.Sleep(testTimeoutReadWrite2o3)
  140. 

  141. 		require.NoError(t, tc.mockPV.SignVote(tc.chainID, want))
  142. 		require.NoError(t, tc.signerClient.SignVote(tc.chainID, have))
  143. 		assert.Equal(t, want.Signature, have.Signature)
  144. 	}
  145. }
  146. 

  147. func TestSignerVoteKeepAlive(t *testing.T) {
  148. 	for _, tc := range getSignerTestCases(t) {
  149. 		ts := time.Now()
  150. 		want := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  151. 		have := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  152. 

  153. 		defer tc.signerServer.Stop()
  154. 		defer tc.signerClient.Close()
  155. 

  156. 		// Check that even if the client does not request a

  157. 		// signature for a long time. The service is still available

  158. 

  159. 		// in this particular case, we use the dialer logger to ensure that

  160. 		// test messages are properly interleaved in the test logs

  161. 		tc.signerServer.Logger.Debug("TEST: Forced Wait -------------------------------------------------")
  162. 		time.Sleep(testTimeoutReadWrite * 3)
  163. 		tc.signerServer.Logger.Debug("TEST: Forced Wait DONE---------------------------------------------")
  164. 

  165. 		require.NoError(t, tc.mockPV.SignVote(tc.chainID, want))
  166. 		require.NoError(t, tc.signerClient.SignVote(tc.chainID, have))
  167. 

  168. 		assert.Equal(t, want.Signature, have.Signature)
  169. 	}
  170. }
  171. 

  172. func TestSignerSignProposalErrors(t *testing.T) {
  173. 	for _, tc := range getSignerTestCases(t) {
  174. 		// Replace service with a mock that always fails

  175. 		tc.signerServer.privVal = types.NewErroringMockPV()
  176. 		tc.mockPV = types.NewErroringMockPV()
  177. 

  178. 		defer tc.signerServer.Stop()
  179. 		defer tc.signerClient.Close()
  180. 

  181. 		ts := time.Now()
  182. 		proposal := &types.Proposal{Timestamp: ts}
  183. 		err := tc.signerClient.SignProposal(tc.chainID, proposal)
  184. 		require.Equal(t, err.(*RemoteSignerError).Description, types.ErroringMockPVErr.Error())
  185. 

  186. 		err = tc.mockPV.SignProposal(tc.chainID, proposal)
  187. 		require.Error(t, err)
  188. 

  189. 		err = tc.signerClient.SignProposal(tc.chainID, proposal)
  190. 		require.Error(t, err)
  191. 	}
  192. }
  193. 

  194. func TestSignerSignVoteErrors(t *testing.T) {
  195. 	for _, tc := range getSignerTestCases(t) {
  196. 		ts := time.Now()
  197. 		vote := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  198. 

  199. 		// Replace signer service privval with one that always fails

  200. 		tc.signerServer.privVal = types.NewErroringMockPV()
  201. 		tc.mockPV = types.NewErroringMockPV()
  202. 

  203. 		defer tc.signerServer.Stop()
  204. 		defer tc.signerClient.Close()
  205. 

  206. 		err := tc.signerClient.SignVote(tc.chainID, vote)
  207. 		require.Equal(t, err.(*RemoteSignerError).Description, types.ErroringMockPVErr.Error())
  208. 

  209. 		err = tc.mockPV.SignVote(tc.chainID, vote)
  210. 		require.Error(t, err)
  211. 

  212. 		err = tc.signerClient.SignVote(tc.chainID, vote)
  213. 		require.Error(t, err)
  214. 	}
  215. }
  216. 

  217. func brokenHandler(privVal types.PrivValidator, request SignerMessage, chainID string) (SignerMessage, error) {
  218. 	var res SignerMessage
  219. 	var err error
  220. 

  221. 	switch r := request.(type) {
  222. 

  223. 	// This is broken and will answer most requests with a pubkey response

  224. 	case *PubKeyRequest:
  225. 		res = &PubKeyResponse{nil, nil}
  226. 	case *SignVoteRequest:
  227. 		res = &PubKeyResponse{nil, nil}
  228. 	case *SignProposalRequest:
  229. 		res = &PubKeyResponse{nil, nil}
  230. 

  231. 	case *PingRequest:
  232. 		err, res = nil, &PingResponse{}
  233. 

  234. 	default:
  235. 		err = fmt.Errorf("unknown msg: %v", r)
  236. 	}
  237. 

  238. 	return res, err
  239. }
  240. 

  241. func TestSignerUnexpectedResponse(t *testing.T) {
  242. 	for _, tc := range getSignerTestCases(t) {
  243. 		tc.signerServer.privVal = types.NewMockPV()
  244. 		tc.mockPV = types.NewMockPV()
  245. 

  246. 		tc.signerServer.SetRequestHandler(brokenHandler)
  247. 

  248. 		defer tc.signerServer.Stop()
  249. 		defer tc.signerClient.Close()
  250. 

  251. 		ts := time.Now()
  252. 		want := &types.Vote{Timestamp: ts, Type: types.PrecommitType}
  253. 

  254. 		e := tc.signerClient.SignVote(tc.chainID, want)
  255. 		assert.EqualError(t, e, "received unexpected response")
  256. 	}
  257. }