grassrootseconomics/openethereum
5
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
81b52c7336
openethereum/secret_store/src/acl_storage.rs

146 lines
4.7 KiB
Rust
Raw Normal View History

Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
// Copyright 2015-2017 Parity Technologies (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
use std::sync::Arc;
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
use std::collections::{HashMap, HashSet};
use parking_lot::{Mutex, RwLock};
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
use ethkey::public_to_address;
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
use ethcore::client::{BlockChainClient, BlockId, ChainNotify};
dissolve util (#7460) * ethereum-types refactor in progress * ethereum-types refactor in progress * ethereum-types refactor in progress * ethereum-types refactor in progress * ethereum-types refactor finished * removed obsolete util/src/lib.rs * removed commented out code
2018-01-10 13:35:18 +01:00
use ethereum_types::{H256, Address};
separate trie from util and make its dependencies into libs: * bytes * hashdb * memorydb * nibbleslice * nibblevec
2017-09-06 20:47:45 +02:00
use bytes::Bytes;
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
use trusted_client::TrustedClient;
SecretStore: generating signatures (#5764) * refactoring traits * separate generation session * generalized ClusterSessions * signing session prototype * full_signature_math_session * consensus session prototype * continue signing session * continue signing session * continue signing session * continue signing session * isolated consensus logic * started work on signing test * complete_gen_sign_session works * consensus tests * get rid of duplicated data in SigningSession * TODOs in signing session * fixing tests * fixed last test * signing session in http listener * new key server tests * fix after merge * enabled warnings * fixed possible race * ignore previous jobs responses * include sef node in consensus when confirmed * fixed warning * removed extra clones * consensus_restarts_after_node_timeout * encrypt signature before return * return error text along with HTTP status * fix for odd-of-N (share check fails + not equal to local sign) * fixed t-of-N for odd t * fixed test cases in complete_gen_sign_session * fixed mistimed response reaction * jobs draft * DecryptionJob * consensus session tets * fixed decryption tests * signing job implementation * siginng_session using new consensus_session * added license preambles * same_consensus_group_returned_after_second_selection * database upgrade v0 -> v1 * typo * fixed grumbles
2017-07-06 14:02:10 +02:00
use types::all::{Error, ServerKeyId, Public};
Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
use_contract!(acl_storage, "AclStorage", "res/acl_storage.json");
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
const ACL_CHECKER_CONTRACT_REGISTRY_NAME: &'static str = "secretstore_acl_checker";
Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
/// ACL storage of Secret Store
pub trait AclStorage: Send + Sync {
/// Check if requestor with `public` key can access document with hash `document`
SecretStore: generating signatures (#5764) * refactoring traits * separate generation session * generalized ClusterSessions * signing session prototype * full_signature_math_session * consensus session prototype * continue signing session * continue signing session * continue signing session * continue signing session * isolated consensus logic * started work on signing test * complete_gen_sign_session works * consensus tests * get rid of duplicated data in SigningSession * TODOs in signing session * fixing tests * fixed last test * signing session in http listener * new key server tests * fix after merge * enabled warnings * fixed possible race * ignore previous jobs responses * include sef node in consensus when confirmed * fixed warning * removed extra clones * consensus_restarts_after_node_timeout * encrypt signature before return * return error text along with HTTP status * fix for odd-of-N (share check fails + not equal to local sign) * fixed t-of-N for odd t * fixed test cases in complete_gen_sign_session * fixed mistimed response reaction * jobs draft * DecryptionJob * consensus session tets * fixed decryption tests * signing job implementation * siginng_session using new consensus_session * added license preambles * same_consensus_group_returned_after_second_selection * database upgrade v0 -> v1 * typo * fixed grumbles
2017-07-06 14:02:10 +02:00
fn check(&self, public: &Public, document: &ServerKeyId) -> Result<bool, Error>;
Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
}
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
/// On-chain ACL storage implementation.
pub struct OnChainAclStorage {
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
/// Cached on-chain contract.
contract: Mutex<CachedContract>,
}
/// Cached on-chain ACL storage contract.
struct CachedContract {
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
/// Blockchain client.
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
client: TrustedClient,
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
/// Contract address.
contract_addr: Option<Address>,
/// Contract at given address.
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
contract: acl_storage::AclStorage,
Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
}
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
/// Dummy ACL storage implementation (check always passed).
moved attributes under docs
2017-08-16 08:40:00 +02:00
#[derive(Default, Debug)]
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
pub struct DummyAclStorage {
prohibited: RwLock<HashMap<Public, HashSet<ServerKeyId>>>,
}
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
impl OnChainAclStorage {
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
pub fn new(trusted_client: TrustedClient) -> Result<Arc<Self>, Error> {
let client = trusted_client.get_untrusted();
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
let acl_storage = Arc::new(OnChainAclStorage {
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
contract: Mutex::new(CachedContract::new(trusted_client)),
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
});
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
client
.ok_or(Error::Internal("Constructing OnChainAclStorage without active Client".into()))?
.add_notify(acl_storage.clone());
Ok(acl_storage)
Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
}
}
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
impl AclStorage for OnChainAclStorage {
SecretStore: generating signatures (#5764) * refactoring traits * separate generation session * generalized ClusterSessions * signing session prototype * full_signature_math_session * consensus session prototype * continue signing session * continue signing session * continue signing session * continue signing session * isolated consensus logic * started work on signing test * complete_gen_sign_session works * consensus tests * get rid of duplicated data in SigningSession * TODOs in signing session * fixing tests * fixed last test * signing session in http listener * new key server tests * fix after merge * enabled warnings * fixed possible race * ignore previous jobs responses * include sef node in consensus when confirmed * fixed warning * removed extra clones * consensus_restarts_after_node_timeout * encrypt signature before return * return error text along with HTTP status * fix for odd-of-N (share check fails + not equal to local sign) * fixed t-of-N for odd t * fixed test cases in complete_gen_sign_session * fixed mistimed response reaction * jobs draft * DecryptionJob * consensus session tets * fixed decryption tests * signing job implementation * siginng_session using new consensus_session * added license preambles * same_consensus_group_returned_after_second_selection * database upgrade v0 -> v1 * typo * fixed grumbles
2017-07-06 14:02:10 +02:00
fn check(&self, public: &Public, document: &ServerKeyId) -> Result<bool, Error> {
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
self.contract.lock().check(public, document)
}
}
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
impl ChainNotify for OnChainAclStorage {
re-read only when blockchain is changed
2017-07-20 12:28:31 +02:00
fn new_blocks(&self, _imported: Vec<H256>, _invalid: Vec<H256>, enacted: Vec<H256>, retracted: Vec<H256>, _sealed: Vec<H256>, _proposed: Vec<Bytes>, _duration: u64) {
if !enacted.is_empty() || !retracted.is_empty() {
self.contract.lock().update()
}
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
}
}
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
impl CachedContract {
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
pub fn new(client: TrustedClient) -> Self {
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
CachedContract {
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
client,
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
contract_addr: None,
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
contract: acl_storage::AclStorage::default(),
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
}
}
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
pub fn update(&mut self) {
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
if let Some(client) = self.client.get() {
read registry_address from given block (#7866)
2018-02-12 18:02:48 +01:00
match client.registry_address(ACL_CHECKER_CONTRACT_REGISTRY_NAME.to_owned(), BlockId::Latest) {
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
Some(new_contract_addr) if Some(new_contract_addr).as_ref() != self.contract_addr.as_ref() => {
trace!(target: "secretstore", "Configuring for ACL checker contract from {}", new_contract_addr);
self.contract_addr = Some(new_contract_addr);
},
Some(_) | None => ()
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
}
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
}
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
}
do not cache ACL storage contract
2017-06-30 10:26:09 +02:00
initial KeyServerSet commit
2017-07-19 10:35:17 +02:00
pub fn check(&mut self, public: &Public, document: &ServerKeyId) -> Result<bool, Error> {
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
if let Some(client) = self.client.get() {
// call contract to check accesss
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
match self.contract_addr {
Some(contract_address) => {
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
let address = public_to_address(&public);
ethabi version 5 (#7723) * Refactor updater to use ethabi-derive * Grumble: do_call type alias * Empty commit to trigger test re-run * migration to ethabi-5.0 * migration to ethabi-5.0 in progress * use ethabi_deriven to generate TransactAcl contract * use ethabi_deriven to generate Registry contract * hash-fetch uses ethabi_derive, removed retain cycle from updater, fixed #7720 * node-filter crate uses ethabi_derive to generate peer_set contract interface * use LruCache in node-filter instead of HashMap * validator_set engine uses ethabi_derive * ethcore does not depend on native_contracts * miner does no depend on native_contracts * secret_store does not use native_contracts (in progress) * removed native-contracts * ethcore and updater does not depend on futures * updated ethereum-types * fixed all warnings caused by using new version of ethereum-types * updated ethabi_derive && ethabi_contract to get rid of warnings * removed another retain cycle in updater, fixed following minor version on update * moved contracts out of native_contracts res * updated ethabi_contract * fixed failing test * fixed failing test * there is no need to create two contracts of the same kind any more * simplify updater::ReleaseTrack conversion into u8 and add several tests for it * applied review suggestions * applied review suggestions
2018-02-09 09:32:06 +01:00
let do_call = |data| client.call_contract(BlockId::Latest, contract_address, data);
self.contract.functions()
.check_permissions()
.call(address, document.clone(), &do_call)
.map_err(|e| Error::Internal(e.to_string()))
SecretStore: TrustedClient
2017-12-20 14:02:21 +01:00
},
None => Err(Error::Internal("ACL checker contract is not configured".to_owned())),
}
} else {
Err(Error::Internal("Calling ACL contract without trusted blockchain client".into()))
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
}
}
}
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
impl DummyAclStorage {
moved attributes under docs
2017-08-16 08:40:00 +02:00
/// Prohibit given requestor access to given documents
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
#[cfg(test)]
pub fn prohibit(&self, public: Public, document: ServerKeyId) {
self.prohibited.write()
.entry(public)
.or_insert_with(Default::default)
.insert(document);
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
}
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
}
On-chain ACL checker for secretstore (#5015) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * fix after merge * fix after merge * moved contract to native-contracts lib
2017-04-03 17:46:51 +02:00
cli option to disable SS ACL check
2017-07-27 14:48:07 +02:00
impl AclStorage for DummyAclStorage {
fn check(&self, public: &Public, document: &ServerKeyId) -> Result<bool, Error> {
Ok(self.prohibited.read()
.get(public)
.map(|docs| !docs.contains(document))
.unwrap_or(true))
Secret store - initial version (#4567) * initial secret store commit * various fixes * license * (sstore, secstore) -> secretstore * marked KeyServer trait as IPC-ready * fixed style * ignore requests with Origin header * fixed tests * fixed Origin header check
2017-02-20 16:13:21 +01:00
}
}
Reference in New Issue Copy Permalink