You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree:
cb1a0a7333
1394-mempool-overload-2
2565-max-age-duration
2926_don_panic_with_getaddr
abci++
add_persistence
alessio/go1.14
alessio/new-setup-test-configuration
anca/fix_TestReactorTerminationScenarios
anca/pbts_metrics
anca/prevote_nil_untimely
anton/4963-jepsen-tests
anton/block-file-format-adr
bez/check-deliver-tx-block-gas-used
bez/consensus-reactor-internal
bez/nuke-libs
bez/p2p-refactor-blockchain-v2-reactor
bez/revert-16bbe8c
bez/wal-update
breaking
bucky/adr-038
bucky/chunking
bucky/fix-pb2tm-header
bucky/node-info-substructs
bucky/upgrades
bucky/versions
bucky/ws
callum/adr16-versioning
callum/app-version
callum/config
callum/e2e-timeout
callum/event-bus
callum/evidence-hashes
callum/handshake
callum/nuke-libs
callum/p2p-logs
cason/pbts
checked_ints
clist-waitgroup
conr2d/doc-go-built-in
dev/boiler_plate_val_distr_tets
dev/simple_merkle_rfc
do-not-delete/wiki
docs-staging
dont_panic_fileperms
e2e-extend-timeouts
e2e-future-proof
e2e-limit-experiment
e2e-limited-no-catchup
e2e-no-perterb
e2e-small-suite
erik/usi-kvstore-statesync
finalizeBlock
indexer_return_early
ismail/custom_types_revival_or_not
jae/generalmerkle
jae/literefactor6
jae/verifyingcachineprovider
jasmina/4457_block_sync_verification
jk/pbtsPOL
jlandrews/removetimestamp
jlandrews/trim_commit
josef/check-validators
manuel/abci++-spec-refactor-methodspage
marko/4698grpc_priv
marko/int64-
marko/remove-apphash
master
mergify/bp/v0.35.x/pr-7625
mjf/panic-tooling
mjf/rpc-event-sub
rc0/v0.33.8
rc1/0.33.4
rc1/v0.32.12
rc1/v0.33.5
rc1/v0.33.6
rc2/v0.33.5
rc5/v0.34.0
rc6/v0.34.0
rc7/v0.34.0
release/0.32.12
release/v0.28.0
release/v0.28.1
release/v0.29.0
release/v0.29.1
release/v0.29.2
release/v0.30.0
release/v0.30.1
release/v0.30.2
release/v0.30.3
release/v0.31.0
release/v0.31.0-dev0-fix
release/v0.31.1
release/v0.31.3
release/v0.31.4
release/v0.31.6
release/v0.31.7
release/v0.31.8
release/v0.31.9
release/v0.32.1
release/v0.32.11
release/v0.32.13
release/v0.32.14
release/v0.32.2
release/v0.32.3
release/v0.32.4
release/v0.32.5
release/v0.32.8
release/v0.32.9
release/v0.33.1
release/v0.33.2
release/v0.33.4
release/v0.33.5
release/v0.33.7
release/v0.33.8
release/v0.33.9
release/v0.34.0
release/v0.34.13
sergio/0length-vote-extensions-prepare-proposal-txs-size
sergio/spec_finish_adapt_app_client
sergio/tmp-test-isproposer
show_validator_experiments
sign_bytes_amino
split_validator_upgrade_test
tau3/feature/2998/addressbooks-hash
tessr/codeowner
tessr/f
tessr/speling
tessr/tm-db
thane/7655-vote-extensions
tychoish/e2e-smaller-queues
v0.19.1
v0.19.2
v0.25
v0.30
v0.31
v0.31.6-changelog
v0.31.9-changelog
v0.32.5-backport
v0.32.x
v0.33.x
v0.34.0-rc
v0.34.x
v0.34/x
v0.35.x
wb/abci-finalize-block-synchronize
wb/add-nullable-false
wb/apphash-fail
wb/block-height-app-hash
wb/chain-upgrade
wb/epoch-block-idea-3
wb/fix-pbts-params
wb/getfreeport-fix
wb/image-publish
wb/ingest-consensus-params
wb/ingest-params
wb/is-timely-metric
wb/issue-7761
wb/issue-8156
wb/light-client-sycnronization
wb/master-2
wb/merge-master
wb/message-delay-metrics
wb/no-tx
wb/pbts-metrics
wb/pbts-rebase
wb/pbts-test-fixup
wb/proposer-based-timestamps
wb/proposer-sets-own-time
wb/refactor-ensure
wb/remove-vector-tests
wb/rollback-test-fix
wb/rw-bench
wb/state-serialize
wb/state-serialize-receive
wb/triggered-precommit-fix
wb/txrset
wb/untimely-propose
wb/update-changelog-6630
wb/validator-set-changes-fail
wb/vwfp-rebased
zarko/1555-make-proposer-selection-functional
zarko/add-experiments-code
zm_light_client_spec
v0.9.2
v0.9.1
v0.9.0
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.36.0-dev
v0.35.2
v0.35.1
v0.35.0-rc4
v0.35.0-rc3
v0.35.0-rc2
v0.35.0-rc1
v0.35.0-dev
v0.35.0
v0.34.9
v0.34.8
v0.34.7
v0.34.6
v0.34.5
v0.34.4
v0.34.3
v0.34.2
v0.34.16
v0.34.15
v0.34.14
v0.34.13
v0.34.12
v0.34.11
v0.34.10
v0.34.1-rc1
v0.34.1-dev1
v0.34.1
v0.34.0-rc6
v0.34.0-rc5
v0.34.0-rc4
v0.34.0-rc3
v0.34.0-rc2
v0.34.0-dev1
v0.34.0
v0.33.9
v0.33.8
v0.33.7
v0.33.6
v0.33.5
v0.33.4
v0.33.3
v0.33.2
v0.33.1-dev3
v0.33.1-dev2
v0.33.1-dev1
v0.33.1-dev0
v0.33.1
v0.33.0-dev2
v0.33.0-dev1
v0.33.0
v0.32.9
v0.32.8
v0.32.7
v0.32.6
v0.32.5
v0.32.4
v0.32.3
v0.32.2
v0.32.14
v0.32.13-rc1
v0.32.13
v0.32.12
v0.32.11
v0.32.10
v0.32.1
v0.32.0-dev2
v0.32.0-dev1
v0.32.0-dev0
v0.32.0
v0.31.9
v0.31.8
v0.31.7
v0.31.6
v0.31.5
v0.31.4
v0.31.3
v0.31.2-rc0
v0.31.2
v0.31.12
v0.31.11
v0.31.10
v0.31.1
v0.31.0-rc0
v0.31.0-dev0-fix0
v0.31.0-dev0
v0.31.0
v0.30.4
v0.30.3
v0.30.2
v0.30.1
v0.30.0-rc0
v0.30.0
v0.29.2-rc2
v0.29.2-rc1
v0.29.2-rc0
v0.29.2
v0.29.1-rc0
v0.29.1
v0.29.0-rc0
v0.29.0-beta1
v0.29.0-beta0
v0.29.0
v0.28.1
v0.28.0-dev0
v0.28.0-beta2
v0.28.0-beta1
v0.28.0
v0.27.4
v0.27.3
v0.27.2
v0.27.1
v0.27.0-rc1
v0.27.0-rc0
v0.27.0-dev1
v0.27.0-dev0
v0.27.0
v0.26.4
v0.26.3
v0.26.2-rc0
v0.26.2
v0.26.1-rc3
v0.26.1-rc2
v0.26.1-rc1
v0.26.1-rc0
v0.26.1
v0.26.0-rc1
v0.26.0-rc0
v0.26.0-dev0
v0.26.0
v0.25.1-rc0
v0.25.0
v0.24.0-rc0
v0.24.0
v0.23.1-rc0
v0.23.1
v0.23.0
v0.22.8-rc0
v0.22.8-autodraft
v0.22.8
v0.22.7
v0.22.6-rc0
v0.22.6
v0.22.5
v0.22.4-rc0
v0.22.4
v0.22.3
v0.22.2-rc0
v0.22.2
v0.22.1
v0.22.0-rc2
v0.22.0-rc1
v0.22.0-rc0
v0.22.0-autodraft
v0.22.0
v0.21.1-rc1
v0.21.1-rc0
v0.21.0-rc0
v0.21.0
v0.20.1-rc0
v0.20.0-rc3
v0.20.0-rc2
v0.20.0-rc1
v0.20.0-rc0
v0.20.0
v0.19.9-rc0
v0.19.9
v0.19.8
v0.19.7-rc0
v0.19.7
v0.19.6-rc2
v0.19.6-rc1
v0.19.6-rc0
v0.19.6
v0.19.5-rc1
v0.19.5-rc0
v0.19.5
v0.19.4-rc0
v0.19.3-rc0
v0.19.3
v0.19.2-rc0
v0.19.2
v0.19.1
v0.19.0-rc4
v0.19.0-rc3
v0.19.0
v0.18.0-rc1
v0.18.0-autodraft
v0.18.0
v0.17.1
v0.17.0
v0.16.0
v0.15.0
v0.14.0
v0.13.0
v0.12.1
v0.12.0
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0-rc2
v0.10.0-rc1
v0.10.0
v0.0.1
v0.0.0
0.2
0.19.0-rc2
0.19.0-rc1
0.1
tendermint/tools/tm-signer-harness
Juan Leni
f7f034a8be
privval: refactor Remote signers (#3370)
This PR is related to #3107 and a continuation of #3351
It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction.
Given two hosts A and B:
Host A is listener/client
Host B is dialer/server (contains the secret key)
When A requires a signature, it needs to wait for B to dial in before it can issue a request.
A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect.
The original rationale behind this design was based on security.
Host B only allows outbound connections to a list of whitelisted hosts.
It is not possible to reach B unless B dials in. There are no listening/open ports in B.
This PR results in the following changes:
Refactors ping/heartbeat to avoid previously existing race conditions.
Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow.
Unifies and abstracts away the differences between unix and tcp sockets.
A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj)
The signer request handler (server side) is customizable to increase testability.
Updates and extends unit tests
A high level overview of the classes is as follows:
Transport (endpoints): The following classes take care of establishing a connection
SignerDialerEndpoint
SignerListeningEndpoint
SignerEndpoint groups common functionality (read/write/timeouts/etc.)
Signing (client/server): The following classes take care of exchanging request/responses
SignerClient
SignerServer
This PR also closes #3601
Commits:
* refactoring - work in progress
* reworking unit tests
* Encapsulating and fixing unit tests
* Improve tests
* Clean up
* Fix/improve unit tests
* clean up tests
* Improving service endpoint
* fixing unit test
* fix linter issues
* avoid invalid cache values (improve later?)
* complete implementation
* wip
* improved connection loop
* Improve reconnections + fixing unit tests
* addressing comments
* small formatting changes
* clean up
* Update node/node.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_client.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* Update privval/signer_client_test.go
Co-Authored-By: jleni <juan.leni@zondax.ch>
* check during initialization
* dropping connecting when writing fails
* removing break
* use t.log instead
* unifying and using cmn.GetFreePort()
* review fixes
* reordering and unifying drop connection
* closing instead of signalling
* refactored service loop
* removed superfluous brackets
* GetPubKey can return errors
* Revert "GetPubKey can return errors"
This reverts commit
|
5 years ago | |
|---|---|---|
| .. | ||
| internal | privval: refactor Remote signers (#3370) | 5 years ago |
| Dockerfile | Add remote signer test harness (KMS) (#3149) | 6 years ago |
| Makefile | Add remote signer test harness (KMS) (#3149) | 6 years ago |
| README.md | Add remote signer test harness (KMS) (#3149) | 6 years ago |
| main.go | Add remote signer test harness (KMS) (#3149) | 6 years ago |
README.md
tm-signer-harness
See the tm-signer-harness
documentation
for more details.