Merge branch 'master' into apis-split

Cargo.lock

@@ -374,6 +374,7 @@ dependencies = [
  "jsonrpc-core 2.0.5 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)",
  "parity-minimal-sysui 0.1.0 (git+https://github.com/ethcore/parity-dapps-minimal-sysui-rs.git)",
+ "rand 0.3.14 (registry+https://github.com/rust-lang/crates.io-index)",
  "rustc_version 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "ws 0.4.6 (git+https://github.com/ethcore/ws-rs.git)",
 ]
@@ -940,7 +941,7 @@ dependencies = [
 [[package]]
 name = "parity-minimal-sysui"
 version = "0.1.0"
-source = "git+https://github.com/ethcore/parity-dapps-minimal-sysui-rs.git#bc5d76f9666ce19993e6f7b636a3a7af329ea19e"
+source = "git+https://github.com/ethcore/parity-dapps-minimal-sysui-rs.git#cb27ae09ee18773ccca6ba2ac74fa3128047a652"
 
 [[package]]
 name = "phf"

dapps/src/apps/mod.rs

@@ -47,8 +47,8 @@ pub fn all_endpoints(dapps_path: String) -> Endpoints {
 		PageEndpoint::new_safe_to_embed(parity_dapps_builtins::App::default())
 	));
 	pages.insert("proxy".into(), ProxyPac::boxed());
-	insert::<parity_dapps_status::App>(&mut pages, "status");
 	insert::<parity_dapps_status::App>(&mut pages, "parity");
+	insert::<parity_dapps_status::App>(&mut pages, "status");
 
 	// Optional dapps
 	wallet_page(&mut pages);

ethcore/src/client/client.rs

@@ -479,7 +479,7 @@ impl<V> BlockChainClient for Client<V> where V: Verifier {
 			// give the sender a sufficient balance
 			state.add_balance(&sender, &(needed_balance - balance));
 		}
-		let options = TransactOptions { tracing: false, vm_tracing: analytics.vm_tracing, check_nonce: false };
+		let options = TransactOptions { tracing: analytics.transaction_tracing, vm_tracing: analytics.vm_tracing, check_nonce: false };
 		let mut ret = Executive::new(&mut state, &env_info, self.engine.deref().deref(), &self.vm_factory).transact(t, options);
 		
 		// TODO gav move this into Executive.

ethcore/src/client/mod.rs

@@ -52,6 +52,8 @@ use error::Error as EthError;
 /// Options concerning what analytics we run on the call.
 #[derive(Eq, PartialEq, Default, Clone, Copy, Debug)]
 pub struct CallAnalytics {
+	/// Make a transaction trace.
+	pub transaction_tracing: bool,
 	/// Make a VM trace.
 	pub vm_tracing: bool,
 	/// Make a diff.

ethcore/src/miner/miner.rs

@@ -280,7 +280,7 @@ impl MinerService for Miner {
 					// give the sender a sufficient balance
 					state.add_balance(&sender, &(needed_balance - balance));
 				}
-				let options = TransactOptions { tracing: false, vm_tracing: analytics.vm_tracing, check_nonce: false };
+				let options = TransactOptions { tracing: analytics.transaction_tracing, vm_tracing: analytics.vm_tracing, check_nonce: false };
 				let mut ret = Executive::new(&mut state, &env_info, self.engine(), chain.vm_factory()).transact(t, options);
 
 				// TODO gav move this into Executive.

parity/cli.rs

@@ -26,6 +26,7 @@ Usage:
   parity account (new | list) [options]
   parity import [ <file> ] [options]
   parity export [ <file> ] [options]
+  parity signer new-token [options]
   parity [options]
 
 Protocol Options:
@@ -100,9 +101,11 @@ API and Console Options:
                            [default: $HOME/.parity/dapps]
 
   --signer                 Enable Trusted Signer WebSocket endpoint used by
-                           System UIs.
+                           Signer UIs.
   --signer-port PORT       Specify the port of Trusted Signer server
                            [default: 8180].
+  --signer-path PATH       Specify directory where Signer UIs tokens should
+                           be stored. [default: $HOME/.parity/signer]
 
 Sealing/Mining Options:
   --force-sealing          Force the node to author new blocks as if it were
@@ -205,6 +208,8 @@ pub struct Args {
 	pub cmd_list: bool,
 	pub cmd_export: bool,
 	pub cmd_import: bool,
+	pub cmd_signer: bool,
+	pub cmd_new_token: bool,
 	pub arg_pid_file: String,
 	pub arg_file: Option<String>,
 	pub flag_chain: String,
@@ -244,6 +249,7 @@ pub struct Args {
 	pub flag_dapps_path: String,
 	pub flag_signer: bool,
 	pub flag_signer_port: u16,
+	pub flag_signer_path: String,
 	pub flag_force_sealing: bool,
 	pub flag_author: String,
 	pub flag_usd_per_tx: String,

parity/configuration.rs

@@ -41,6 +41,7 @@ pub struct Directories {
 	pub keys: String,
 	pub db: String,
 	pub dapps: String,
+	pub signer: String,
 }
 
 impl Configuration {
@@ -285,8 +286,10 @@ impl Configuration {
 		cors.map_or_else(Vec::new, |c| c.split(',').map(|s| s.to_owned()).collect())
 	}
 
-	fn geth_ipc_path() -> String {
-		path::ethereum::with_default("geth.ipc").to_str().unwrap().to_owned()
+	fn geth_ipc_path(&self) -> String {
+		if self.args.flag_testnet { path::ethereum::with_testnet("geth.ipc") }
+		else { path::ethereum::with_default("geth.ipc") }
+			.to_str().unwrap().to_owned()
 	}
 
 	pub fn keys_iterations(&self) -> u32 {
@@ -329,11 +332,15 @@ impl Configuration {
 		::std::fs::create_dir_all(&keys_path).unwrap_or_else(|e| die_with_io_error("main", e));
 		let dapps_path = Configuration::replace_home(&self.args.flag_dapps_path);
 		::std::fs::create_dir_all(&dapps_path).unwrap_or_else(|e| die_with_io_error("main", e));
+		let signer_path = Configuration::replace_home(&self.args.flag_signer_path);
+		::std::fs::create_dir_all(&signer_path).unwrap_or_else(|e| die_with_io_error("main", e));
+
 
 		Directories {
 			keys: keys_path,
 			db: db_path,
 			dapps: dapps_path,
+			signer: signer_path,
 		}
 	}
 
@@ -350,7 +357,7 @@ impl Configuration {
 	}
 
 	fn ipc_path(&self) -> String {
-		if self.args.flag_geth { Self::geth_ipc_path() }
+		if self.args.flag_geth { self.geth_ipc_path() }
 		else { Configuration::replace_home(&self.args.flag_ipcpath.clone().unwrap_or(self.args.flag_ipc_path.clone())) }
 	}
 }

parity/main.rs

@@ -93,7 +93,7 @@ use informant::Informant;
 use die::*;
 use cli::print_version;
 use rpc::RpcServer;
-use signer::SignerServer;
+use signer::{SignerServer, new_token};
 use dapps::WebappServer;
 use io_handler::ClientIoHandler;
 use configuration::Configuration;
@@ -137,6 +137,11 @@ fn execute(conf: Configuration) {
 		return;
 	}
 
+	if conf.args.cmd_signer {
+		execute_signer(conf);
+		return;
+	}
+
 	execute_client(conf, spec, client_config);
 }
 
@@ -241,6 +246,7 @@ fn execute_client(conf: Configuration, spec: Spec, client_config: ClientConfig)
 	let signer_server = signer::start(signer::Configuration {
 		enabled: deps_for_rpc_apis.signer_enabled,
 		port: conf.args.flag_signer_port,
+		signer_path: conf.directories().signer,
 	}, signer::Dependencies {
 		panic_handler: panic_handler.clone(),
 		apis: deps_for_rpc_apis.clone(),
@@ -439,6 +445,17 @@ fn execute_import(conf: Configuration) {
 	client.flush_queue();
 }
 
+fn execute_signer(conf: Configuration) {
+	if !conf.args.cmd_new_token {
+		die!("Unknown command.");
+	}
+
+	let path = conf.directories().signer;
+	new_token(path).unwrap_or_else(|e| {
+		die!("Error generating token: {:?}", e)
+	});
+}
+
 fn execute_account_cli(conf: Configuration) {
 	use util::keys::store::SecretStore;
 	use rpassword::read_password;

parity/rpc_apis.rs

@@ -153,7 +153,7 @@ pub fn setup_rpc<T: Extendable>(server: T, deps: Arc<Dependencies>, apis: ApiSet
 				}
 			},
 			Api::Personal => {
-				server.add_delegate(PersonalClient::new(&deps.secret_store, &deps.client, &deps.miner).to_delegate());
+				server.add_delegate(PersonalClient::new(&deps.secret_store, &deps.client, &deps.miner, deps.signer_enabled).to_delegate());
 			},
 			Api::Signer => {
 				server.add_delegate(SignerClient::new(&deps.secret_store, &deps.client, &deps.miner, &deps.signer_queue).to_delegate());

parity/signer.rs

@@ -14,21 +14,28 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
+use std::io;
+use std::path::PathBuf;
 use std::sync::Arc;
 use util::panics::{PanicHandler, ForwardPanic};
+use util::keys::directory::restrict_permissions_owner;
 use die::*;
 use rpc_apis;
 
+const CODES_FILENAME: &'static str = "authcodes";
+
 #[cfg(feature = "ethcore-signer")]
 use ethcore_signer as signer;
 #[cfg(feature = "ethcore-signer")]
 pub use ethcore_signer::Server as SignerServer;
+
 #[cfg(not(feature = "ethcore-signer"))]
 pub struct SignerServer;
 
 pub struct Configuration {
 	pub enabled: bool,
 	pub port: u16,
+	pub signer_path: String,
 }
 
 pub struct Dependencies {
@@ -44,6 +51,25 @@ pub fn start(conf: Configuration, deps: Dependencies) -> Option<SignerServer> {
 	}
 }
 
+fn codes_path(path: String) -> PathBuf {
+	let mut p = PathBuf::from(path);
+	p.push(CODES_FILENAME);
+	let _ = restrict_permissions_owner(&p);
+	p
+}
+
+
+#[cfg(feature = "ethcore-signer")]
+pub fn new_token(path: String) -> io::Result<()> {
+	let path = codes_path(path);
+	let mut codes = try!(signer::AuthCodes::from_file(&path));
+	let code = try!(codes.generate_new());
+	try!(codes.to_file(&path));
+	println!("New token has been generated. Copy the code below to your Signer UI:");
+	println!("{}", code);
+	Ok(())
+}
+
 #[cfg(feature = "ethcore-signer")]
 fn do_start(conf: Configuration, deps: Dependencies) -> SignerServer {
 	let addr = format!("127.0.0.1:{}", conf.port).parse().unwrap_or_else(|_| {
@@ -51,7 +77,10 @@ fn do_start(conf: Configuration, deps: Dependencies) -> SignerServer {
 	});
 
 	let start_result = {
-		let server = signer::ServerBuilder::new(deps.apis.signer_queue.clone());
+		let server = signer::ServerBuilder::new(
+			deps.apis.signer_queue.clone(),
+			codes_path(conf.signer_path),
+		);
 		let server = rpc_apis::setup_rpc(server, deps.apis, rpc_apis::ApiSet::SafeContext);
 		server.start(addr)
 	};
@@ -67,8 +96,12 @@ fn do_start(conf: Configuration, deps: Dependencies) -> SignerServer {
 }
 
 #[cfg(not(feature = "ethcore-signer"))]
-fn do_start(conf: Configuration) -> ! {
+fn do_start(_conf: Configuration) -> ! {
 	die!("Your Parity version has been compiled without Trusted Signer support.")
 }
 
+#[cfg(not(feature = "ethcore-signer"))]
+pub fn new_token(_path: String) -> ! {
+	die!("Your Parity version has been compiled without Trusted Signer support.")
+}
 

rpc/src/v1/impls/personal.rs

@@ -31,22 +31,29 @@ pub struct PersonalClient<A, C, M>
 	accounts: Weak<A>,
 	client: Weak<C>,
 	miner: Weak<M>,
+	signer_enabled: bool,
 }
 
 impl<A, C, M> PersonalClient<A, C, M>
 	where A: AccountProvider, C: MiningBlockChainClient, M: MinerService {
 	/// Creates new PersonalClient
-	pub fn new(store: &Arc<A>, client: &Arc<C>, miner: &Arc<M>) -> Self {
+	pub fn new(store: &Arc<A>, client: &Arc<C>, miner: &Arc<M>, signer_enabled: bool) -> Self {
 		PersonalClient {
 			accounts: Arc::downgrade(store),
 			client: Arc::downgrade(client),
 			miner: Arc::downgrade(miner),
+			signer_enabled: signer_enabled,
 		}
 	}
 }
 
 impl<A: 'static, C: 'static, M: 'static> Personal for PersonalClient<A, C, M>
 	where A: AccountProvider, C: MiningBlockChainClient, M: MinerService {
+
+	fn signer_enabled(&self, _: Params) -> Result<Value, Error> {
+		to_value(&self.signer_enabled)
+	}
+
 	fn accounts(&self, _: Params) -> Result<Value, Error> {
 		let store = take_weak!(self.accounts);
 		match store.accounts() {

rpc/src/v1/impls/personal_signer.rs

@@ -81,8 +81,7 @@ impl<A: 'static, C: 'static, M: 'static> PersonalSigner for SignerClient<A, C, M
 						}
 					})
 					.unwrap_or_else(|| {
-						queue.request_rejected(id);
-						to_value(&H256::zero())
+						to_value(&false)
 					})
 			}
 		)

rpc/src/v1/impls/traces.rs

@@ -19,16 +19,12 @@
 use std::sync::{Weak, Arc};
 use jsonrpc_core::*;
 use std::collections::BTreeMap;
-use util::{H256, U256, Uint};
-use serde;
+use util::H256;
 use ethcore::client::{BlockChainClient, CallAnalytics, TransactionID, TraceId};
-use ethcore::trace::VMTrace;
 use ethcore::miner::MinerService;
-use ethcore::state_diff::StateDiff;
-use ethcore::account_diff::{Diff, Existance};
 use ethcore::transaction::{Transaction as EthTransaction, SignedTransaction, Action};
 use v1::traits::Traces;
-use v1::types::{TraceFilter, Trace, BlockNumber, Index, CallRequest};
+use v1::types::{TraceFilter, LocalizedTrace, Trace, BlockNumber, Index, CallRequest, Bytes, StateDiff, VMTrace};
 
 /// Traces api implementation.
 pub struct TracesClient<C, M> where C: BlockChainClient, M: MinerService {
@@ -61,102 +57,13 @@ impl<C, M> TracesClient<C, M> where C: BlockChainClient, M: MinerService {
 	}
 }
 
-fn vm_trace_to_object(t: &VMTrace) -> Value {
-	let mut ret = BTreeMap::new();
-	ret.insert("code".to_owned(), to_value(&t.code).unwrap());
-
-	let mut subs = t.subs.iter();
-	let mut next_sub = subs.next();
-
-	let ops = t.operations
-		.iter()
-		.enumerate()
-		.map(|(i, op)| {
-			let mut m = map![
-				"pc".to_owned() => to_value(&op.pc).unwrap(),
-				"cost".to_owned() => match op.gas_cost <= U256::from(!0u64) {
-					true => to_value(&op.gas_cost.low_u64()),
-					false => to_value(&op.gas_cost),
-				}.unwrap()
-			];
-			if let Some(ref ex) = op.executed {
-				let mut em = map![
-					"used".to_owned() => to_value(&ex.gas_used.low_u64()).unwrap(),
-					"push".to_owned() => to_value(&ex.stack_push).unwrap()
-				];
-				if let Some(ref md) = ex.mem_diff {
-					em.insert("mem".to_owned(), Value::Object(map![
-						"off".to_owned() => to_value(&md.offset).unwrap(),
-						"data".to_owned() => to_value(&md.data).unwrap()
-					]));
-				}
-				if let Some(ref sd) = ex.store_diff {
-					em.insert("store".to_owned(), Value::Object(map![
-						"key".to_owned() => to_value(&sd.location).unwrap(),
-						"val".to_owned() => to_value(&sd.value).unwrap()
-					]));
-				}
-				m.insert("ex".to_owned(), Value::Object(em));
-			}
-			if next_sub.is_some() && next_sub.unwrap().parent_step == i {
-				m.insert("sub".to_owned(), vm_trace_to_object(next_sub.unwrap()));
-				next_sub = subs.next();
-			}
-			Value::Object(m)
-		})
-		.collect::<Vec<_>>();
-	ret.insert("ops".to_owned(), Value::Array(ops));
-	Value::Object(ret)
-}
-
-fn diff_to_object<T>(d: &Diff<T>) -> Value where T: serde::Serialize + Eq {
-	let mut ret = BTreeMap::new();
-	match *d {
-		Diff::Same => {
-			ret.insert("diff".to_owned(), Value::String("=".to_owned()));
-		}
-		Diff::Born(ref x) => {
-			ret.insert("diff".to_owned(), Value::String("+".to_owned()));
-			ret.insert("+".to_owned(), to_value(x).unwrap());
-		}
-		Diff::Died(ref x) => {
-			ret.insert("diff".to_owned(), Value::String("-".to_owned()));
-			ret.insert("-".to_owned(), to_value(x).unwrap());
-		}
-		Diff::Changed(ref from, ref to) => {
-			ret.insert("diff".to_owned(), Value::String("*".to_owned()));
-			ret.insert("-".to_owned(), to_value(from).unwrap());
-			ret.insert("+".to_owned(), to_value(to).unwrap());
-		}
-	};
-	Value::Object(ret)
-}
-
-fn state_diff_to_object(t: &StateDiff) -> Value {
-	Value::Object(t.iter().map(|(address, account)| {
-		(address.hex(), Value::Object(map![
-			"existance".to_owned() => Value::String(match account.existance() {
-				Existance::Born => "+",
-				Existance::Alive => ".",
-				Existance::Died => "-",
-			}.to_owned()),
-			"balance".to_owned() => diff_to_object(&account.balance),
-			"nonce".to_owned() => diff_to_object(&account.nonce),
-			"code".to_owned() => diff_to_object(&account.code),
-			"storage".to_owned() => Value::Object(account.storage.iter().map(|(key, val)| {
-				(key.hex(), diff_to_object(&val))
-			}).collect::<BTreeMap<_, _>>())
-		]))
-	}).collect::<BTreeMap<_, _>>())
-}
-
 impl<C, M> Traces for TracesClient<C, M> where C: BlockChainClient + 'static, M: MinerService + 'static {
 	fn filter(&self, params: Params) -> Result<Value, Error> {
 		from_params::<(TraceFilter,)>(params)
 			.and_then(|(filter, )| {
 				let client = take_weak!(self.client);
 				let traces = client.filter_traces(filter.into());
-				let traces = traces.map_or_else(Vec::new, |traces| traces.into_iter().map(Trace::from).collect());
+				let traces = traces.map_or_else(Vec::new, |traces| traces.into_iter().map(LocalizedTrace::from).collect());
 				to_value(&traces)
 			})
 	}
@@ -166,7 +73,7 @@ impl<C, M> Traces for TracesClient<C, M> where C: BlockChainClient + 'static, M:
 			.and_then(|(block_number,)| {
 				let client = take_weak!(self.client);
 				let traces = client.block_traces(block_number.into());
-				let traces = traces.map_or_else(Vec::new, |traces| traces.into_iter().map(Trace::from).collect());
+				let traces = traces.map_or_else(Vec::new, |traces| traces.into_iter().map(LocalizedTrace::from).collect());
 				to_value(&traces)
 			})
 	}
@@ -176,7 +83,7 @@ impl<C, M> Traces for TracesClient<C, M> where C: BlockChainClient + 'static, M:
 			.and_then(|(transaction_hash,)| {
 				let client = take_weak!(self.client);
 				let traces = client.transaction_traces(TransactionID::Hash(transaction_hash));
-				let traces = traces.map_or_else(Vec::new, |traces| traces.into_iter().map(Trace::from).collect());
+				let traces = traces.map_or_else(Vec::new, |traces| traces.into_iter().map(LocalizedTrace::from).collect());
 				to_value(&traces)
 			})
 	}
@@ -190,36 +97,36 @@ impl<C, M> Traces for TracesClient<C, M> where C: BlockChainClient + 'static, M:
 					address: address.into_iter().map(|i| i.value()).collect()
 				};
 				let trace = client.trace(id);
-				let trace = trace.map(Trace::from);
+				let trace = trace.map(LocalizedTrace::from);
 				to_value(&trace)
 			})
 	}
 
-	fn vm_trace_call(&self, params: Params) -> Result<Value, Error> {
-		trace!(target: "jsonrpc", "vm_trace_call: {:?}", params);
+	fn call(&self, params: Params) -> Result<Value, Error> {
+		trace!(target: "jsonrpc", "call: {:?}", params);
 		from_params(params)
-			.and_then(|(request,)| {
+			.and_then(|(request, flags)| {
+				let flags: Vec<String> = flags;
+				let analytics = CallAnalytics {
+					transaction_tracing: flags.contains(&("trace".to_owned())),
+					vm_tracing: flags.contains(&("vmTrace".to_owned())),
+					state_diffing: flags.contains(&("stateDiff".to_owned())),
+				};
 				let signed = try!(self.sign_call(request));
-				let r = take_weak!(self.client).call(&signed, CallAnalytics{ vm_tracing: true, state_diffing: false });
+				let r = take_weak!(self.client).call(&signed, analytics);
 				if let Ok(executed) = r {
+					// TODO maybe add other stuff to this?
+					let mut ret = map!["output".to_owned() => to_value(&Bytes(executed.output)).unwrap()];
+					if let Some(trace) = executed.trace {
+						ret.insert("trace".to_owned(), to_value(&Trace::from(trace)).unwrap());
+					}
 					if let Some(vm_trace) = executed.vm_trace {
-						return Ok(vm_trace_to_object(&vm_trace));
+						ret.insert("vmTrace".to_owned(), to_value(&VMTrace::from(vm_trace)).unwrap());
 					}
-				}
-				Ok(Value::Null)
-			})
-	}
-
-	fn state_diff_call(&self, params: Params) -> Result<Value, Error> {
-		trace!(target: "jsonrpc", "state_diff_call: {:?}", params);
-		from_params(params)
-			.and_then(|(request,)| {
-				let signed = try!(self.sign_call(request));
-				let r = take_weak!(self.client).call(&signed, CallAnalytics{ vm_tracing: false, state_diffing: true });
-				if let Ok(executed) = r {
 					if let Some(state_diff) = executed.state_diff {
-						return Ok(state_diff_to_object(&state_diff));
+						ret.insert("stateDiff".to_owned(), to_value(&StateDiff::from(state_diff)).unwrap());
 					}
+					return Ok(Value::Object(ret))
 				}
 				Ok(Value::Null)
 			})

rpc/src/v1/tests/mocked/personal.rs

@@ -53,7 +53,7 @@ fn setup() -> PersonalTester {
 	let accounts = accounts_provider();
 	let client = blockchain_client();
 	let miner = miner_service();
-	let personal = PersonalClient::new(&accounts, &client, &miner);
+	let personal = PersonalClient::new(&accounts, &client, &miner, false);
 
 	let io = IoHandler::new();
 	io.add_delegate(personal.to_delegate());
@@ -68,6 +68,20 @@ fn setup() -> PersonalTester {
 	tester
 }
 
+#[test]
+fn should_return_false_if_signer_is_disabled() {
+	// given
+	let tester = setup();
+
+	// when
+	let request = r#"{"jsonrpc": "2.0", "method": "personal_signerEnabled", "params": [], "id": 1}"#;
+	let response = r#"{"jsonrpc":"2.0","result":false,"id":1}"#;
+
+
+	// then
+	assert_eq!(tester.io.handle_request(request), Some(response.to_owned()));
+}
+
 #[test]
 fn accounts() {
 	let tester = setup();

rpc/src/v1/tests/mocked/personal_signer.rs

@@ -120,6 +120,30 @@ fn should_reject_transaction_from_queue_without_dispatching() {
 	assert_eq!(tester.miner.imported_transactions.lock().unwrap().len(), 0);
 }
 
+#[test]
+fn should_not_remove_transaction_if_password_is_invalid() {
+	// given
+	let tester = signer_tester();
+	tester.queue.add_request(TransactionRequest {
+		from: Address::from(1),
+		to: Some(Address::from_str("d46e8dd67c5d32be8058bb8eb970870f07244567").unwrap()),
+		gas_price: Some(U256::from(10_000)),
+		gas: Some(U256::from(10_000_000)),
+		value: Some(U256::from(1)),
+		data: None,
+		nonce: None,
+	});
+	assert_eq!(tester.queue.requests().len(), 1);
+
+	// when
+	let request = r#"{"jsonrpc":"2.0","method":"personal_confirmTransaction","params":["0x01",{},"xxx"],"id":1}"#;
+	let response = r#"{"jsonrpc":"2.0","result":false,"id":1}"#;
+
+	// then
+	assert_eq!(tester.io.handle_request(&request), Some(response.to_owned()));
+	assert_eq!(tester.queue.requests().len(), 1);
+}
+
 #[test]
 fn should_confirm_transaction_and_dispatch() {
 	// given

rpc/src/v1/traits/personal.rs

@@ -33,9 +33,13 @@ pub trait Personal: Sized + Send + Sync + 'static {
 	/// Sends transaction and signs it in single call. The account is not unlocked in such case.
 	fn sign_and_send_transaction(&self, _: Params) -> Result<Value, Error>;
 
+	/// Returns `true` if Trusted Signer is enabled, `false` otherwise.
+	fn signer_enabled(&self, _: Params) -> Result<Value, Error>;
+
 	/// Should be used to convert object to io delegate.
 	fn to_delegate(self) -> IoDelegate<Self> {
 		let mut delegate = IoDelegate::new(Arc::new(self));
+		delegate.add_method("personal_signerEnabled", Personal::signer_enabled);
 		delegate.add_method("personal_listAccounts", Personal::accounts);
 		delegate.add_method("personal_newAccount", Personal::new_account);
 		delegate.add_method("personal_unlockAccount", Personal::unlock_account);

rpc/src/v1/traits/traces.rs

@@ -32,11 +32,8 @@ pub trait Traces: Sized + Send + Sync + 'static {
 	/// Returns all traces produced at given block.
 	fn block_traces(&self, _: Params) -> Result<Value, Error>;
 
-	/// Executes the given call and returns the VM trace for it.
-	fn vm_trace_call(&self, _: Params) -> Result<Value, Error>;
-
-	/// Executes the given call and returns the diff for it.
-	fn state_diff_call(&self, params: Params) -> Result<Value, Error>;
+	/// Executes the given call and returns a number of possible traces for it.
+	fn call(&self, _: Params) -> Result<Value, Error>;
 
 	/// Should be used to convert object to io delegate.
 	fn to_delegate(self) -> IoDelegate<Self> {
@@ -45,9 +42,7 @@ pub trait Traces: Sized + Send + Sync + 'static {
 		delegate.add_method("trace_get", Traces::trace);
 		delegate.add_method("trace_transaction", Traces::transaction_traces);
 		delegate.add_method("trace_block", Traces::block_traces);
-
-		delegate.add_method("trace_vmTraceCall", Traces::vm_trace_call);
-		delegate.add_method("trace_stateDiffCall", Traces::state_diff_call);
+		delegate.add_method("trace_call", Traces::call);
 
 		delegate
 	}

rpc/src/v1/types/bytes.rs

@@ -36,6 +36,12 @@ impl Bytes {
 	}
 }
 
+impl From<Vec<u8>> for Bytes {
+	fn from(bytes: Vec<u8>) -> Bytes {
+		Bytes(bytes)
+	}
+}
+
 impl Serialize for Bytes {
 	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
 	where S: Serializer {

rpc/src/v1/types/mod.rs.in

@@ -41,5 +41,5 @@ pub use self::transaction::Transaction;
 pub use self::transaction_request::{TransactionRequest, TransactionConfirmation, TransactionModification};
 pub use self::call_request::CallRequest;
 pub use self::receipt::Receipt;
-pub use self::trace::Trace;
+pub use self::trace::{Trace, LocalizedTrace, StateDiff, VMTrace};
 pub use self::trace_filter::TraceFilter;

rpc/src/v1/types/trace.rs

@@ -14,11 +14,201 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
-use util::{Address, U256, H256};
+use std::collections::BTreeMap;
+use util::{Address, U256, H256, Uint};
+use serde::{Serialize, Serializer};
 use ethcore::trace::trace;
-use ethcore::trace::LocalizedTrace;
+use ethcore::trace::{Trace as EthTrace, LocalizedTrace as EthLocalizedTrace};
+use ethcore::trace as et;
+use ethcore::state_diff;
+use ethcore::account_diff;
 use v1::types::Bytes;
 
+#[derive(Debug, Serialize)]
+/// A diff of some chunk of memory.
+pub struct MemoryDiff {
+	/// Offset into memory the change begins.
+	pub off: usize,
+	/// The changed data.
+	pub data: Vec<u8>,
+}
+
+impl From<et::MemoryDiff> for MemoryDiff {
+	fn from(c: et::MemoryDiff) -> Self {
+		MemoryDiff {
+			off: c.offset,
+			data: c.data,
+		}
+	}
+}
+
+#[derive(Debug, Serialize)]
+/// A diff of some storage value.
+pub struct StorageDiff {
+	/// Which key in storage is changed.
+	pub key: U256,
+	/// What the value has been changed to.
+	pub val: U256,
+}
+
+impl From<et::StorageDiff> for StorageDiff {
+	fn from(c: et::StorageDiff) -> Self {
+		StorageDiff {
+			key: c.location,
+			val: c.value,
+		}
+	}
+}
+
+#[derive(Debug, Serialize)]
+/// A record of an executed VM operation.
+pub struct VMExecutedOperation {
+	/// The total gas used.
+	#[serde(rename="used")]
+	pub used: u64,
+	/// The stack item placed, if any.
+	pub push: Vec<U256>,
+	/// If altered, the memory delta.
+	#[serde(rename="mem")]
+	pub mem: Option<MemoryDiff>,
+	/// The altered storage value, if any.
+	#[serde(rename="store")]
+	pub store: Option<StorageDiff>,
+}
+
+impl From<et::VMExecutedOperation> for VMExecutedOperation {
+	fn from(c: et::VMExecutedOperation) -> Self {
+		VMExecutedOperation {
+			used: c.gas_used.low_u64(),
+			push: c.stack_push,
+			mem: c.mem_diff.map(From::from),
+			store: c.store_diff.map(From::from),
+		}
+	}
+}
+
+#[derive(Debug, Serialize)]
+/// A record of the execution of a single VM operation.
+pub struct VMOperation {
+	/// The program counter.
+	pub pc: usize,
+	/// The gas cost for this instruction.
+	pub cost: u64,
+	/// Information concerning the execution of the operation.
+	pub ex: Option<VMExecutedOperation>,
+	/// Subordinate trace of the CALL/CREATE if applicable.
+	pub sub: Option<VMTrace>,
+}
+
+impl From<(et::VMOperation, Option<et::VMTrace>)> for VMOperation {
+	fn from(c: (et::VMOperation, Option<et::VMTrace>)) -> Self {
+		VMOperation {
+			pc: c.0.pc,
+			cost: c.0.gas_cost.low_u64(),
+			ex: c.0.executed.map(From::from),
+			sub: c.1.map(From::from),
+		}
+	}
+}
+
+#[derive(Debug, Serialize)]
+/// A record of a full VM trace for a CALL/CREATE.
+pub struct VMTrace {
+	/// The code to be executed.
+	pub code: Vec<u8>,
+	/// The operations executed.
+	pub ops: Vec<VMOperation>,
+}
+
+impl From<et::VMTrace> for VMTrace {
+	fn from(c: et::VMTrace) -> Self {
+		let mut subs = c.subs.into_iter();
+		let mut next_sub = subs.next();
+		VMTrace {
+			code: c.code,
+			ops: c.operations
+				.into_iter()
+				.enumerate()
+				.map(|(i, op)| (op, {
+					let have_sub = next_sub.is_some() && next_sub.as_ref().unwrap().parent_step == i;
+					if have_sub {
+						let r = next_sub.clone();
+						next_sub = subs.next();
+						r
+					} else { None }
+				}).into())
+				.collect(),
+		}
+	}
+}
+
+#[derive(Debug, Serialize)]
+/// Aux type for Diff::Changed.
+pub struct ChangedType<T> where T: Serialize {
+	from: T,
+	to: T,
+}
+
+#[derive(Debug, Serialize)]
+/// Serde-friendly `Diff` shadow.
+pub enum Diff<T> where T: Serialize {
+	#[serde(rename="=")]
+	Same,
+	#[serde(rename="+")]
+	Born(T),
+	#[serde(rename="-")]
+	Died(T),
+	#[serde(rename="*")]
+	Changed(ChangedType<T>),
+}
+
+impl<T, U> From<account_diff::Diff<T>> for Diff<U> where T: Eq, U: Serialize + From<T> {
+	fn from(c: account_diff::Diff<T>) -> Self {
+		match c {
+			account_diff::Diff::Same => Diff::Same,
+			account_diff::Diff::Born(t) => Diff::Born(t.into()),
+			account_diff::Diff::Died(t) => Diff::Died(t.into()),
+			account_diff::Diff::Changed(t, u) => Diff::Changed(ChangedType{from: t.into(), to: u.into()}),
+		}
+	}
+}
+
+#[derive(Debug, Serialize)]
+/// Serde-friendly `AccountDiff` shadow.
+pub struct AccountDiff {
+	pub balance: Diff<U256>,
+	pub nonce: Diff<U256>,
+	pub code: Diff<Bytes>,
+	pub storage: BTreeMap<H256, Diff<H256>>,
+}
+
+impl From<account_diff::AccountDiff> for AccountDiff {
+	fn from(c: account_diff::AccountDiff) -> Self {
+		AccountDiff {
+			balance: c.balance.into(),
+			nonce: c.nonce.into(),
+			code: c.code.into(),
+			storage: c.storage.into_iter().map(|(k, v)| (k, v.into())).collect(),
+		}
+	}
+}
+
+/// Serde-friendly `StateDiff` shadow.
+pub struct StateDiff(BTreeMap<Address, AccountDiff>);
+
+impl Serialize for StateDiff {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+	where S: Serializer {
+		Serialize::serialize(&self.0, serializer)
+	}
+}
+
+impl From<state_diff::StateDiff> for StateDiff {
+	fn from(c: state_diff::StateDiff) -> Self {
+		StateDiff(c.0.into_iter().map(|(k, v)| (k, v.into())).collect())
+	}
+}
+
 /// Create response
 #[derive(Debug, Serialize)]
 pub struct Create {
@@ -161,7 +351,7 @@ impl From<trace::Res> for Res {
 
 /// Trace
 #[derive(Debug, Serialize)]
-pub struct Trace {
+pub struct LocalizedTrace {
 	/// Action
 	action: Action,
 	/// Result
@@ -185,9 +375,9 @@ pub struct Trace {
 	block_hash: H256,
 }
 
-impl From<LocalizedTrace> for Trace {
-	fn from(t: LocalizedTrace) -> Self {
-		Trace {
+impl From<EthLocalizedTrace> for LocalizedTrace {
+	fn from(t: EthLocalizedTrace) -> Self {
+		LocalizedTrace {
 			action: From::from(t.action),
 			result: From::from(t.result),
 			trace_address: t.trace_address.into_iter().map(From::from).collect(),
@@ -200,6 +390,30 @@ impl From<LocalizedTrace> for Trace {
 	}
 }
 
+/// Trace
+#[derive(Debug, Serialize)]
+pub struct Trace {
+	/// Depth within the call trace tree.
+	depth: usize,
+	/// Action
+	action: Action,
+	/// Result
+	result: Res,
+	/// Subtraces
+	subtraces: Vec<Trace>,
+}
+
+impl From<EthTrace> for Trace {
+	fn from(t: EthTrace) -> Self {
+		Trace {
+			depth: t.depth.into(),
+			action: t.action.into(),
+			result: t.result.into(),
+			subtraces: t.subs.into_iter().map(From::from).collect(),
+		}
+	}
+}
+
 #[cfg(test)]
 mod tests {
 	use serde_json;
@@ -209,7 +423,7 @@ mod tests {
 
 	#[test]
 	fn test_trace_serialize() {
-		let t = Trace {
+		let t = LocalizedTrace {
 			action: Action::Call(Call {
 				from: Address::from(4),
 				to: Address::from(5),

rpc/src/v1/types/transaction_request.rs

@@ -49,7 +49,7 @@ pub struct TransactionConfirmation {
 	pub transaction: TransactionRequest,
 }
 
-/// Possible modifications to the confirmed transaction sent by SystemUI
+/// Possible modifications to the confirmed transaction sent by `SignerUI`
 #[derive(Debug, PartialEq, Deserialize)]
 pub struct TransactionModification {
 	/// Modified gas price

signer/Cargo.toml

@@ -11,6 +11,7 @@ build = "build.rs"
 rustc_version = "0.1"
 
 [dependencies]
+rand = "0.3.14"
 jsonrpc-core = "2.0"
 log = "0.3"
 env_logger = "0.3"

signer/src/authcode_store.rs

@@ -0,0 +1,187 @@
+// Copyright 2015, 2016 Ethcore (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+use rand::Rng;
+use rand::os::OsRng;
+use std::io;
+use std::io::{Read, Write};
+use std::fs;
+use std::path::Path;
+use std::time;
+use util::{H256, Hashable};
+
+/// Providing current time in seconds
+pub trait TimeProvider {
+	/// Returns timestamp (in seconds since epoch)
+	fn now(&self) -> u64;
+}
+
+impl<F : Fn() -> u64> TimeProvider for F {
+	fn now(&self) -> u64 {
+		self()
+	}
+}
+
+/// Default implementation of `TimeProvider` using system time.
+#[derive(Default)]
+pub struct DefaultTimeProvider;
+
+impl TimeProvider for DefaultTimeProvider {
+	fn now(&self) -> u64 {
+		time::UNIX_EPOCH.elapsed().expect("Valid time has to be set in your system.").as_secs()
+	}
+}
+
+/// No of seconds the hash is valid
+const TIME_THRESHOLD: u64 = 2;
+const TOKEN_LENGTH: usize = 16;
+
+/// Manages authorization codes for `SignerUIs`
+pub struct AuthCodes<T: TimeProvider = DefaultTimeProvider> {
+	codes: Vec<String>,
+	now: T,
+}
+
+impl AuthCodes<DefaultTimeProvider> {
+
+	/// Reads `AuthCodes` from file and creates new instance using `DefaultTimeProvider`.
+	pub fn from_file(file: &Path) -> io::Result<AuthCodes> {
+		let content = {
+			if let Ok(mut file) = fs::File::open(file) {
+				let mut s = String::new();
+				let _ = try!(file.read_to_string(&mut s));
+				s
+			} else {
+				"".into()
+			}
+		};
+		let codes = content.lines()
+			.filter(|f| f.len() >= TOKEN_LENGTH)
+			.map(String::from)
+			.collect();
+		Ok(AuthCodes {
+			codes: codes,
+			now: DefaultTimeProvider::default(),
+		})
+	}
+
+}
+
+impl<T: TimeProvider> AuthCodes<T> {
+
+	/// Writes all `AuthCodes` to a disk.
+	pub fn to_file(&self, file: &Path) -> io::Result<()> {
+		let mut file = try!(fs::File::create(file));
+		let content = self.codes.join("\n");
+		file.write_all(content.as_bytes())
+	}
+
+	/// Creates a new `AuthCodes` store with given `TimeProvider`.
+	pub fn new(codes: Vec<String>, now: T) -> Self {
+		AuthCodes {
+			codes: codes,
+			now: now,
+		}
+	}
+
+	/// Checks if given hash is correct identifier of `SignerUI`
+	pub fn is_valid(&self, hash: &H256, time: u64) -> bool {
+		let now = self.now.now();
+		// check time
+		if time >= now + TIME_THRESHOLD || time <= now - TIME_THRESHOLD {
+			warn!(target: "signer", "Received old authentication request.");
+			return false;
+		}
+
+		// look for code
+		self.codes.iter()
+			.any(|code| &format!("{}:{}", code, time).sha3() == hash)
+	}
+
+	/// Generates and returns a new code that can be used by `SignerUIs`
+	pub fn generate_new(&mut self) -> io::Result<String> {
+		let mut rng = try!(OsRng::new());
+		let code = rng.gen_ascii_chars().take(TOKEN_LENGTH).collect::<String>();
+		let readable_code = code.as_bytes()
+			.chunks(4)
+			.filter_map(|f| String::from_utf8(f.to_vec()).ok())
+			.collect::<Vec<String>>()
+			.join("-");
+		info!(target: "signer", "New authentication token generated.");
+		self.codes.push(code);
+		Ok(readable_code)
+	}
+}
+
+
+#[cfg(test)]
+mod tests {
+
+	use util::{H256, Hashable};
+	use super::*;
+
+	fn generate_hash(val: &str, time: u64) -> H256 {
+		format!("{}:{}", val, time).sha3()
+	}
+
+	#[test]
+	fn should_return_true_if_hash_is_valid() {
+		// given
+		let code = "23521352asdfasdfadf";
+		let time = 99;
+		let codes = AuthCodes::new(vec![code.into()], || 100);
+
+		// when
+		let res = codes.is_valid(&generate_hash(code, time), time);
+
+		// then
+		assert_eq!(res, true);
+	}
+
+	#[test]
+	fn should_return_false_if_code_is_unknown() {
+		// given
+		let code = "23521352asdfasdfadf";
+		let time = 99;
+		let codes = AuthCodes::new(vec!["1".into()], || 100);
+
+		// when
+		let res = codes.is_valid(&generate_hash(code, time), time);
+
+		// then
+		assert_eq!(res, false);
+	}
+
+	#[test]
+	fn should_return_false_if_hash_is_valid_but_time_is_invalid() {
+		// given
+		let code = "23521352asdfasdfadf";
+		let time = 105;
+		let time2 = 95;
+		let codes = AuthCodes::new(vec![code.into()], || 100);
+
+		// when
+		let res1 = codes.is_valid(&generate_hash(code, time), time);
+		let res2 = codes.is_valid(&generate_hash(code, time2), time2);
+
+		// then
+		assert_eq!(res1, false);
+		assert_eq!(res2, false);
+	}
+
+}
+
+

signer/src/lib.rs

@@ -23,8 +23,8 @@
 //! This module manages your private keys and accounts/identities
 //! that can be used within Dapps.
 //!
-//! It exposes API (over `WebSockets`) accessed by System UIs.
-//! Each transaction sent by Dapp is broadcasted to System UIs
+//! It exposes API (over `WebSockets`) accessed by Signer UIs.
+//! Each transaction sent by Dapp is broadcasted to Signer UIs
 //! and their responsibility is to confirm (or confirm and sign)
 //! the transaction for you.
 //!
@@ -38,13 +38,14 @@
 //!
 //!	fn main() {
 //!	 let queue = Arc::new(ConfirmationsQueue::default());
-//!	 let _server = ServerBuilder::new(queue).start("127.0.0.1:8084".parse().unwrap());
+//!	 let _server = ServerBuilder::new(queue, "/tmp/authcodes".into()).start("127.0.0.1:8084".parse().unwrap());
 //!	}
 //! ```
 
 #[macro_use]
 extern crate log;
 extern crate env_logger;
+extern crate rand;
 
 extern crate ethcore_util as util;
 extern crate ethcore_rpc as rpc;
@@ -52,7 +53,10 @@ extern crate jsonrpc_core;
 extern crate ws;
 extern crate parity_minimal_sysui as sysui;
 
+mod authcode_store;
 mod ws_server;
+
+pub use authcode_store::*;
 pub use ws_server::*;
 
 #[cfg(test)]

signer/src/ws_server/mod.rs

@@ -19,6 +19,7 @@
 use ws;
 use std;
 use std::thread;
+use std::path::PathBuf;
 use std::default::Default;
 use std::ops::Drop;
 use std::sync::Arc;
@@ -51,6 +52,7 @@ impl From<ws::Error> for ServerError {
 pub struct ServerBuilder {
 	queue: Arc<ConfirmationsQueue>,
 	handler: Arc<IoHandler>,
+	authcodes_path: PathBuf,
 }
 
 impl Extendable for ServerBuilder {
@@ -61,17 +63,18 @@ impl Extendable for ServerBuilder {
 
 impl ServerBuilder {
 	/// Creates new `ServerBuilder`
-	pub fn new(queue: Arc<ConfirmationsQueue>) -> Self {
+	pub fn new(queue: Arc<ConfirmationsQueue>, authcodes_path: PathBuf) -> Self {
 		ServerBuilder {
 			queue: queue,
 			handler: Arc::new(IoHandler::new()),
+			authcodes_path: authcodes_path,
 		}
 	}
 
 	/// Starts a new `WebSocket` server in separate thread.
 	/// Returns a `Server` handle which closes the server when droped.
 	pub fn start(self, addr: SocketAddr) -> Result<Server, ServerError> {
-		Server::start(addr, self.handler, self.queue)
+		Server::start(addr, self.handler, self.queue, self.authcodes_path)
 	}
 }
 
@@ -86,7 +89,7 @@ pub struct Server {
 impl Server {
 	/// Starts a new `WebSocket` server in separate thread.
 	/// Returns a `Server` handle which closes the server when droped.
-	fn start(addr: SocketAddr, handler: Arc<IoHandler>, queue: Arc<ConfirmationsQueue>) -> Result<Server, ServerError> {
+	fn start(addr: SocketAddr, handler: Arc<IoHandler>, queue: Arc<ConfirmationsQueue>, authcodes_path: PathBuf) -> Result<Server, ServerError> {
 		let config = {
 			let mut config = ws::Settings::default();
 			config.max_connections = 10;
@@ -96,7 +99,7 @@ impl Server {
 
 		// Create WebSocket
 		let origin = format!("{}", addr);
-		let ws = try!(ws::Builder::new().with_settings(config).build(session::Factory::new(handler, origin)));
+		let ws = try!(ws::Builder::new().with_settings(config).build(session::Factory::new(handler, origin, authcodes_path)));
 
 		let panic_handler = PanicHandler::new_in_arc();
 		let ph = panic_handler.clone();

signer/src/ws_server/session.rs

@@ -18,8 +18,12 @@
 
 use ws;
 use sysui;
+use authcode_store::AuthCodes;
+use std::path::{PathBuf, Path};
 use std::sync::Arc;
+use std::str::FromStr;
 use jsonrpc_core::IoHandler;
+use util::H256;
 
 fn origin_is_allowed(self_origin: &str, header: Option<&Vec<u8>>) -> bool {
 	match header {
@@ -36,13 +40,32 @@ fn origin_is_allowed(self_origin: &str, header: Option<&Vec<u8>>) -> bool {
 	}
 }
 
-fn auth_is_valid(_header: Option<&Vec<u8>>) -> bool {
-	true
+fn auth_is_valid(codes: &Path, protocols: ws::Result<Vec<&str>>) -> bool {
+	match protocols {
+		Ok(ref protocols) if protocols.len() == 1 => {
+			protocols.iter().any(|protocol| {
+				let mut split = protocol.split('_');
+				let auth = split.next().and_then(|v| H256::from_str(v).ok());
+				let time = split.next().and_then(|v| u64::from_str_radix(v, 10).ok());
+
+				if let (Some(auth), Some(time)) = (auth, time) {
+					// Check if the code is valid
+					AuthCodes::from_file(codes)
+						.map(|codes| codes.is_valid(&auth, time))
+						.unwrap_or(false)
+				} else {
+					false
+				}
+			})
+		},
+		_ => false
+	}
 }
 
 pub struct Session {
 	out: ws::Sender,
 	self_origin: String,
+	authcodes_path: PathBuf,
 	handler: Arc<IoHandler>,
 }
 
@@ -53,17 +76,25 @@ impl ws::Handler for Session {
 
 		// Check request origin and host header.
 		if !origin_is_allowed(&self.self_origin, origin) && !origin_is_allowed(&self.self_origin, host) {
+			warn!(target: "signer", "Blocked connection to Signer API from untrusted origin.");
 			return Ok(ws::Response::forbidden(format!("You are not allowed to access system ui. Use: http://{}", self.self_origin)));
 		}
 
-		// Check authorization
-		if !auth_is_valid(req.header("authorization")) {
-			return Ok(ws::Response::forbidden("You are not authorized.".into()));
-		}
-
 		// Detect if it's a websocket request.
 		if req.header("sec-websocket-key").is_some() {
-			return ws::Response::from_request(req);
+			// Check authorization
+			if !auth_is_valid(&self.authcodes_path, req.protocols()) {
+				info!(target: "signer", "Unauthorized connection to Signer API blocked.");
+				return Ok(ws::Response::forbidden("You are not authorized.".into()));
+			}
+
+			let protocols = req.protocols().expect("Existence checked by authorization.");
+			let protocol = protocols.get(0).expect("Proved by authorization.");
+			return ws::Response::from_request(req).map(|mut res| {
+				// To make WebSockets connection successful we need to send back the protocol header.
+				res.set_protocol(protocol);
+				res
+			});
 		}
 
 		// Otherwise try to serve a page.
@@ -101,13 +132,15 @@ impl ws::Handler for Session {
 pub struct Factory {
 	handler: Arc<IoHandler>,
 	self_origin: String,
+	authcodes_path: PathBuf,
 }
 
 impl Factory {
-	pub fn new(handler: Arc<IoHandler>, self_origin: String) -> Self {
+	pub fn new(handler: Arc<IoHandler>, self_origin: String, authcodes_path: PathBuf) -> Self {
 		Factory {
 			handler: handler,
 			self_origin: self_origin,
+			authcodes_path: authcodes_path,
 		}
 	}
 }
@@ -118,8 +151,9 @@ impl ws::Factory for Factory {
 	fn connection_made(&mut self, sender: ws::Sender) -> Self::Handler {
 		Session {
 			out: sender,
-			self_origin: self.self_origin.clone(),
 			handler: self.handler.clone(),
+			self_origin: self.self_origin.clone(),
+			authcodes_path: self.authcodes_path.clone(),
 		}
 	}
 }

util/src/keys/directory.rs

@@ -465,7 +465,8 @@ pub struct KeyDirectory {
 	cache_usage: RwLock<VecDeque<Uuid>>,
 }
 
-fn restrict_permissions_owner(file_path: &Path) -> Result<(), i32>  {
+/// Restricts the permissions of given path only to the owner.
+pub fn restrict_permissions_owner(file_path: &Path) -> Result<(), i32>  {
 	let cstr = ::std::ffi::CString::new(file_path.to_str().unwrap()).unwrap();
 	match unsafe { ::libc::chmod(cstr.as_ptr(), ::libc::S_IWUSR | ::libc::S_IRUSR) } {
 		0 => Ok(()),

util/src/path.rs

@@ -53,4 +53,12 @@ pub mod ethereum {
 		pth.push(s);
 		pth
 	}
+
+	/// Get the specific folder inside default ethereum installation configured for testnet
+	pub fn with_testnet(s: &str) -> PathBuf {
+		let mut pth = default();
+		pth.push("testnet");
+		pth.push(s);
+		pth
+	}
 }