zolfa
/
tendermint


								package lite


								import (

									"bytes"


									lerr "github.com/tendermint/tendermint/lite/errors"

									"github.com/tendermint/tendermint/types"

									log "github.com/tendermint/tendermint/libs/log"

								)


								var _ Certifier = (*InquiringCertifier)(nil)


								// InquiringCertifier implements an auto-updating certifier.  It uses a

								// "source" provider to obtain the needed FullCommits to securely sync with

								// validator set changes.  It stores properly validated data on the

								// "trusted" local system.

								type InquiringCertifier struct {

									logger  log.Logger

									chainID string

									// These are only properly validated data, from local system.

									trusted PersistentProvider

									// This is a source of new info, like a node rpc, or other import method.

									source Provider

								}


								// NewInquiringCertifier returns a new InquiringCertifier. It uses the

								// trusted provider to store validated data and the source provider to

								// obtain missing data (e.g. FullCommits).

								//

								// The trusted provider should a CacheProvider, MemProvider or

								// files.Provider.  The source provider should be a client.HTTPProvider.

								func NewInquiringCertifier(chainID string, trusted PersistentProvider, source Provider) *InquiringCertifier {

									return &InquiringCertifier{

										logger:  log.NewNopLogger(),

										chainID: chainID,

										trusted: trusted,

										source:  source,

									}

								}


								func (ic *InquiringCertifier) SetLogger(logger log.Logger) {

									logger = logger.With("module", "lite")

									ic.logger = logger

									ic.trusted.SetLogger(logger)

									ic.source.SetLogger(logger)

								}


								// Implements Certifier.

								func (ic *InquiringCertifier) ChainID() string {

									return ic.chainID

								}


								// Implements Certifier.

								//

								// If the validators have changed since the last know time, it looks to

								// ic.trusted and ic.source to prove the new validators.  On success, it will

								// try to store the SignedHeader in ic.trusted if the next

								// validator can be sourced.

								func (ic *InquiringCertifier) Certify(shdr types.SignedHeader) error {


									// Get the latest known full commit <= h-1 from our trusted providers.

									// The full commit at h-1 contains the valset to sign for h.

									h := shdr.Height - 1

									tfc, err := ic.trusted.LatestFullCommit(ic.chainID, 1, h)

									if err != nil {

										return err

									}


									if tfc.Height() == h {

										// Return error if valset doesn't match.

										if !bytes.Equal(

											tfc.NextValidators.Hash(),

											shdr.Header.ValidatorsHash) {

											return lerr.ErrUnexpectedValidators(

												tfc.NextValidators.Hash(),

												shdr.Header.ValidatorsHash)

										}

									} else {

										// If valset doesn't match...

										if !bytes.Equal(tfc.NextValidators.Hash(),

											shdr.Header.ValidatorsHash) {

											// ... update.

											tfc, err = ic.updateToHeight(h)

											if err != nil {

												return err

											}

											// Return error if valset _still_ doesn't match.

											if !bytes.Equal(tfc.NextValidators.Hash(),

												shdr.Header.ValidatorsHash) {

												return lerr.ErrUnexpectedValidators(

													tfc.NextValidators.Hash(),

													shdr.Header.ValidatorsHash)

											}

										}

									}


									// Certify the signed header using the matching valset.

									cert := NewBaseCertifier(ic.chainID, tfc.Height()+1, tfc.NextValidators)

									err = cert.Certify(shdr)

									if err != nil {

										return err

									}


									// Get the next validator set.

									nextValset, err := ic.source.ValidatorSet(ic.chainID, shdr.Height+1)

									if lerr.IsErrMissingValidators(err) {

										// Ignore this error.

										return nil

									} else if err != nil {

										return err

									}


									// Create filled FullCommit.

									nfc := FullCommit{

										SignedHeader:   shdr,

										Validators:     tfc.NextValidators,

										NextValidators: nextValset,

									}

									// Validate the full commit.  This checks the cryptographic

									// signatures of Commit against Validators.

									if err := nfc.ValidateFull(ic.chainID); err != nil {

										return err

									}

									// Trust it.

									return ic.trusted.SaveFullCommit(nfc)

								}


								// verifyAndSave will verify if this is a valid source full commit given the

								// best match trusted full commit, and if good, persist to ic.trusted.

								// Returns ErrTooMuchChange when >2/3 of tfc did not sign sfc.

								// Panics if tfc.Height() >= sfc.Height().

								func (ic *InquiringCertifier) verifyAndSave(tfc, sfc FullCommit) error {

									if tfc.Height() >= sfc.Height() {

										panic("should not happen")

									}

									err := tfc.NextValidators.VerifyFutureCommit(

										sfc.Validators,

										ic.chainID, sfc.SignedHeader.Commit.BlockID,

										sfc.SignedHeader.Height, sfc.SignedHeader.Commit,

									)

									if err != nil {

										return err

									}


									return ic.trusted.SaveFullCommit(sfc)

								}


								// updateToHeight will use divide-and-conquer to find a path to h.

								// Returns nil error iff we successfully verify and persist a full commit

								// for height h, using repeated applications of bisection if necessary.

								//

								// Returns ErrCommitNotFound if source provider doesn't have the commit for h.

								func (ic *InquiringCertifier) updateToHeight(h int64) (FullCommit, error) {


									// Fetch latest full commit from source.

									sfc, err := ic.source.LatestFullCommit(ic.chainID, h, h)

									if err != nil {

										return FullCommit{}, err

									}


									// Validate the full commit.  This checks the cryptographic

									// signatures of Commit against Validators.

									if err := sfc.ValidateFull(ic.chainID); err != nil {

										return FullCommit{}, err

									}


									// If sfc.Height() != h, we can't do it.

									if sfc.Height() != h {

										return FullCommit{}, lerr.ErrCommitNotFound()

									}


								FOR_LOOP:

									for {

										// Fetch latest full commit from trusted.

										tfc, err := ic.trusted.LatestFullCommit(ic.chainID, 1, h)

										if err != nil {

											return FullCommit{}, err

										}

										// We have nothing to do.

										if tfc.Height() == h {

											return tfc, nil

										}


										// Try to update to full commit with checks.

										err = ic.verifyAndSave(tfc, sfc)

										if err == nil {

											// All good!

											return sfc, nil

										}


										// Handle special case when err is ErrTooMuchChange.

										if lerr.IsErrTooMuchChange(err) {

											// Divide and conquer.

											start, end := tfc.Height(), sfc.Height()

											if !(start < end) {

												panic("should not happen")

											}

											mid := (start + end) / 2

											_, err = ic.updateToHeight(mid)

											if err != nil {

												return FullCommit{}, err

											}

											// If we made it to mid, we retry.

											continue FOR_LOOP

										}

										return FullCommit{}, err

									}

								}


								func (ic *InquiringCertifier) LastTrustedHeight() int64 {

									fc, err := ic.trusted.LatestFullCommit(ic.chainID, 1, 1<<63-1)

									if err != nil {

										panic("should not happen")

									}

									return fc.Height()

								}