initial KeyServerSet commit

Cargo.lock

@@ -669,6 +669,7 @@ dependencies = [
  "futures 0.1.11 (registry+https://github.com/rust-lang/crates.io-index)",
  "futures-cpupool 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "hyper 0.10.5 (registry+https://github.com/rust-lang/crates.io-index)",
+ "lazy_static 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)",
  "log 0.3.7 (registry+https://github.com/rust-lang/crates.io-index)",
  "native-contracts 0.1.0",
  "parking_lot 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)",

ethcore/native_contracts/build.rs

@@ -21,6 +21,7 @@ use std::fs::File;
 use std::io::Write;
 
 // TODO: just walk the "res" directory and generate whole crate automatically.
+const KEY_SERVER_SET_ABI: &'static str = include_str!("res/key_server_set.json");
 const REGISTRY_ABI: &'static str = include_str!("res/registrar.json");
 const URLHINT_ABI: &'static str = include_str!("res/urlhint.json");
 const SERVICE_TRANSACTION_ABI: &'static str = include_str!("res/service_transaction.json");
@@ -45,6 +46,7 @@ fn build_test_contracts() {
 }
 
 fn main() {
+	build_file("KeyServerSet", KEY_SERVER_SET_ABI, "key_server_set.rs");
 	build_file("Registry", REGISTRY_ABI, "registry.rs");
 	build_file("Urlhint", URLHINT_ABI, "urlhint.rs");
 	build_file("ServiceTransactionChecker", SERVICE_TRANSACTION_ABI, "service_transaction.rs");

ethcore/native_contracts/res/key_server_set.json

@@ -0,0 +1 @@
+[{"constant":true,"inputs":[{"name":"","type":"uint256"}],"name":"keyServersList","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"_new","type":"address"}],"name":"setOwner","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"getKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"keyServer","type":"address"}],"name":"removeKeyServer","outputs":[],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"keyServerPublic","type":"bytes"},{"name":"keyServerIp","type":"string"}],"name":"addKeyServer","outputs":[],"payable":false,"type":"function"},{"anonymous":false,"inputs":[{"indexed":false,"name":"keyServer","type":"address"}],"name":"KeyServerAdded","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"keyServer","type":"address"}],"name":"KeyServerRemoved","type":"event"},{"anonymous":false,"inputs":[{"indexed":true,"name":"old","type":"address"},{"indexed":true,"name":"current","type":"address"}],"name":"NewOwner","type":"event"}]

ethcore/native_contracts/src/key_server_set.rs

@@ -0,0 +1,21 @@
+// Copyright 2015-2017 Parity Technologies (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+#![allow(unused_mut, unused_variables, unused_imports)]
+
+//! Secret store Key Server set contract.
+
+include!(concat!(env!("OUT_DIR"), "/key_server_set.rs"));

ethcore/native_contracts/src/lib.rs

@@ -23,6 +23,7 @@ extern crate byteorder;
 extern crate ethabi;
 extern crate ethcore_util as util;
 
+mod key_server_set;
 mod registry;
 mod urlhint;
 mod service_transaction;
@@ -32,6 +33,7 @@ mod validator_report;
 
 pub mod test_contracts;
 
+pub use self::key_server_set::KeyServerSet;
 pub use self::registry::Registry;
 pub use self::urlhint::Urlhint;
 pub use self::service_transaction::ServiceTransactionChecker;

secret_store/Cargo.toml

@@ -35,3 +35,4 @@ ethcore-logger = { path = "../logger" }
 ethcrypto = { path = "../ethcrypto" }
 ethkey = { path = "../ethkey" }
 native-contracts = { path = "../ethcore/native_contracts" }
+lazy_static = "0.2"

secret_store/src/acl_storage.rs

@@ -14,13 +14,13 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
-use std::sync::Arc;
+use std::sync::{Arc, Weak};
 use futures::{future, Future};
 use parking_lot::Mutex;
 use ethkey::public_to_address;
-use ethcore::client::{Client, BlockChainClient, BlockId};
+use ethcore::client::{Client, BlockChainClient, BlockId, ChainNotify};
 use native_contracts::SecretStoreAclStorage;
-use util::{H256, Address};
+use util::{H256, Address, Bytes};
 use types::all::{Error, ServerKeyId, Public};
 
 const ACL_CHECKER_CONTRACT_REGISTRY_NAME: &'static str = "secretstore_acl_checker";
@@ -40,9 +40,7 @@ pub struct OnChainAclStorage {
 /// Cached on-chain ACL storage contract.
 struct CachedContract {
 	/// Blockchain client.
-	client: Arc<Client>,
-	/// Hash of best block, when contract address has been read.
-	best_block_hash: Option<H256>,
+	client: Weak<Client>,
 	/// Contract address.
 	contract_addr: Option<Address>,
 	/// Contract at given address.
@@ -50,10 +48,12 @@ struct CachedContract {
 }
 
 impl OnChainAclStorage {
-	pub fn new(client: Arc<Client>) -> Self {
-		OnChainAclStorage {
+	pub fn new(client: &Arc<Client>) -> Arc<Self> {
+		let acl_storage = Arc::new(OnChainAclStorage {
 			contract: Mutex::new(CachedContract::new(client)),
-		}
+		});
+		client.add_notify(acl_storage.clone());
+		acl_storage
 	}
 }
 
@@ -63,20 +63,24 @@ impl AclStorage for OnChainAclStorage {
 	}
 }
 
+impl ChainNotify for OnChainAclStorage {
+	fn new_blocks(&self, _imported: Vec<H256>, _invalid: Vec<H256>, _enacted: Vec<H256>, _retracted: Vec<H256>, _sealed: Vec<H256>, _proposed: Vec<Bytes>, _duration: u64) {
+		self.contract.lock().update()
+	}
+}
+
 impl CachedContract {
-	pub fn new(client: Arc<Client>) -> Self {
+	pub fn new(client: &Arc<Client>) -> Self {
 		CachedContract {
-			client: client,
-			best_block_hash: None,
+			client: Arc::downgrade(client),
 			contract_addr: None,
 			contract: None,
 		}
 	}
 
-	pub fn check(&mut self, public: &Public, document: &ServerKeyId) -> Result<bool, Error> {
-		let new_best_block_hash = self.client.best_block_header().hash();
-		if self.best_block_hash.as_ref() != Some(&new_best_block_hash) {
-			let new_contract_addr = self.client.registry_address(ACL_CHECKER_CONTRACT_REGISTRY_NAME.to_owned());
+	pub fn update(&mut self) {
+		if let Some(client) = self.client.upgrade() {
+			let new_contract_addr = client.registry_address(ACL_CHECKER_CONTRACT_REGISTRY_NAME.to_owned());
 			if self.contract_addr.as_ref() != new_contract_addr.as_ref() {
 				self.contract = new_contract_addr.map(|contract_addr| {
 					trace!(target: "secretstore", "Configuring for ACL checker contract from {}", contract_addr);
@@ -86,18 +90,23 @@ impl CachedContract {
 
 				self.contract_addr = new_contract_addr;
 			}
-
-			self.best_block_hash = Some(new_best_block_hash);
 		}
+	}
 
-		if let Some(contract) = self.contract.as_ref() {
-			let address = public_to_address(&public);
-			let do_call = |a, d| future::done(self.client.call_contract(BlockId::Latest, a, d));
-			contract.check_permissions(do_call, address, document.clone())
-				.map_err(|err| Error::Internal(err))
-				.wait()
-		} else {
-			Err(Error::Internal("ACL checker contract is not configured".to_owned()))
+	pub fn check(&mut self, public: &Public, document: &ServerKeyId) -> Result<bool, Error> {
+		match self.contract.as_ref() {
+			Some(contract) => {
+				let address = public_to_address(&public);
+				let do_call = |a, d| future::done(
+					self.client
+						.upgrade()
+						.ok_or("Calling contract without client".into())
+						.and_then(|c| c.call_contract(BlockId::Latest, a, d)));
+				contract.check_permissions(do_call, address, document.clone())
+					.map_err(|err| Error::Internal(err))
+					.wait()
+			},
+			None => Err(Error::Internal("ACL checker contract is not configured".to_owned())),
 		}
 	}
 }

secret_store/src/key_server.rs

@@ -24,6 +24,7 @@ use ethcrypto;
 use ethkey;
 use super::acl_storage::AclStorage;
 use super::key_storage::KeyStorage;
+use super::key_server_set::KeyServerSet;
 use key_server_cluster::{math, ClusterCore};
 use traits::{ServerKeyGenerator, DocumentKeyServer, MessageSigner, KeyServer};
 use types::all::{Error, Public, RequestSignature, ServerKeyId, EncryptedDocumentKey, EncryptedDocumentKeyShadow,
@@ -44,9 +45,9 @@ pub struct KeyServerCore {
 
 impl KeyServerImpl {
 	/// Create new key server instance
-	pub fn new(config: &ClusterConfiguration, acl_storage: Arc<AclStorage>, key_storage: Arc<KeyStorage>) -> Result<Self, Error> {
+	pub fn new(config: &ClusterConfiguration, key_server_set: Arc<KeyServerSet>, acl_storage: Arc<AclStorage>, key_storage: Arc<KeyStorage>) -> Result<Self, Error> {
 		Ok(KeyServerImpl {
-			data: Arc::new(Mutex::new(KeyServerCore::new(config, acl_storage, key_storage)?)),
+			data: Arc::new(Mutex::new(KeyServerCore::new(config, key_server_set, acl_storage, key_storage)?)),
 		})
 	}
 
@@ -143,14 +144,12 @@ impl MessageSigner for KeyServerImpl {
 }
 
 impl KeyServerCore {
-	pub fn new(config: &ClusterConfiguration, acl_storage: Arc<AclStorage>, key_storage: Arc<KeyStorage>) -> Result<Self, Error> {
+	pub fn new(config: &ClusterConfiguration, key_server_set: Arc<KeyServerSet>, acl_storage: Arc<AclStorage>, key_storage: Arc<KeyStorage>) -> Result<Self, Error> {
 		let config = NetClusterConfiguration {
 			threads: config.threads,
 			self_key_pair: ethkey::KeyPair::from_secret_slice(&config.self_private)?,
 			listen_address: (config.listener_address.address.clone(), config.listener_address.port),
-			nodes: config.nodes.iter()
-				.map(|(node_id, node_address)| (node_id.clone(), (node_address.address.clone(), node_address.port)))
-				.collect(),
+			key_server_set: key_server_set,
 			allow_connecting_to_higher_nodes: config.allow_connecting_to_higher_nodes,
 			acl_storage: acl_storage,
 			key_storage: key_storage,

secret_store/src/key_server_cluster/cluster.rs

@@ -28,7 +28,7 @@ use tokio_core::reactor::{Handle, Remote, Interval};
 use tokio_core::net::{TcpListener, TcpStream};
 use ethkey::{Public, KeyPair, Signature, Random, Generator};
 use util::H256;
-use key_server_cluster::{Error, NodeId, SessionId, AclStorage, KeyStorage};
+use key_server_cluster::{Error, NodeId, SessionId, AclStorage, KeyStorage, KeyServerSet};
 use key_server_cluster::cluster_sessions::{ClusterSession, ClusterSessions, GenerationSessionWrapper, EncryptionSessionWrapper,
 	DecryptionSessionWrapper, SigningSessionWrapper};
 use key_server_cluster::message::{self, Message, ClusterMessage, GenerationMessage, EncryptionMessage, DecryptionMessage,
@@ -102,8 +102,8 @@ pub struct ClusterConfiguration {
 	pub self_key_pair: KeyPair,
 	/// Interface to listen to.
 	pub listen_address: (String, u16),
-	/// Cluster nodes.
-	pub nodes: BTreeMap<NodeId, (String, u16)>,
+	/// Cluster nodes set.
+	pub key_server_set: Arc<KeyServerSet>,
 	/// Reference to key storage
 	pub key_storage: Arc<KeyStorage>,
 	/// Reference to ACL storage
@@ -671,9 +671,10 @@ impl ClusterConnections {
 			connections: RwLock::new(BTreeMap::new()),
 		};
 
-		for (node_id, &(ref node_addr, node_port)) in config.nodes.iter().filter(|&(node_id, _)| node_id != config.self_key_pair.public()) {
-			let socket_address = make_socket_address(&node_addr, node_port)?;
-			connections.nodes.insert(node_id.clone(), socket_address);
+		let nodes = config.key_server_set.get();
+		for (node_id, socket_address) in nodes.iter().filter(|&(node_id, _)| node_id != config.self_key_pair.public()) {
+			//let socket_address = make_socket_address(&node_addr, node_port)?;
+			connections.nodes.insert(node_id.clone(), socket_address.clone());
 		}
 
 		Ok(connections)

secret_store/src/key_server_cluster/cluster_sessions.rs

@@ -135,7 +135,7 @@ impl ClusterSessions {
 	pub fn new(config: &ClusterConfiguration) -> Self {
 		ClusterSessions {
 			self_node_id: config.self_key_pair.public().clone(),
-			nodes: config.nodes.keys().cloned().collect(),
+			nodes: config.key_server_set.get().keys().cloned().collect(),
 			acl_storage: config.acl_storage.clone(),
 			key_storage: config.key_storage.clone(),
 			generation_sessions: ClusterSessionsContainer::new(),

secret_store/src/key_server_cluster/mod.rs

@@ -23,6 +23,7 @@ use super::types::all::ServerKeyId;
 pub use super::types::all::{NodeId, EncryptedDocumentKeyShadow};
 pub use super::acl_storage::AclStorage;
 pub use super::key_storage::{KeyStorage, DocumentKeyShare};
+pub use super::key_server_set::KeyServerSet;
 pub use super::serialization::{SerializableSignature, SerializableH256, SerializableSecret, SerializablePublic, SerializableMessageHash};
 pub use self::cluster::{ClusterCore, ClusterConfiguration, ClusterClient};
 pub use self::generation_session::Session as GenerationSession;

secret_store/src/key_server_set.rs

@@ -0,0 +1,145 @@
+// Copyright 2015-2017 Parity Technologies (UK) Ltd.
+// This file is part of Parity.
+
+// Parity is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+
+// Parity is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+
+// You should have received a copy of the GNU General Public License
+// along with Parity.  If not, see <http://www.gnu.org/licenses/>.
+
+use std::sync::{Arc, Weak};
+use std::net::SocketAddr;
+use std::collections::HashMap;
+use futures::{future, Future};
+use parking_lot::Mutex;
+use ethcore::filter::Filter;
+use ethcore::client::{Client, BlockChainClient, BlockId, ChainNotify};
+use native_contracts::KeyServerSet as KeyServerSetContract;
+use util::{H256, Address, Bytes, Hashable};
+use types::all::Public;
+
+const KEY_SERVER_SET_CONTRACT_REGISTRY_NAME: &'static str = "secretstore_server_set";
+
+// TODO: ethabi should be able to generate this.
+const ADDED_EVENT_NAME: &'static [u8] = &*b"KeyServerAdded()";
+const REMOVED_EVENT_NAME: &'static [u8] = &*b"KeyServerRemoved()";
+
+lazy_static! {
+	static ref ADDED_EVENT_NAME_HASH: H256 = ADDED_EVENT_NAME.sha3();
+	static ref REMOVED_EVENT_NAME_HASH: H256 = REMOVED_EVENT_NAME.sha3();
+}
+
+/// Key Server set
+pub trait KeyServerSet: Send + Sync {
+	/// Get set of configured key servers
+	fn get(&self) -> HashMap<Public, SocketAddr>;
+}
+
+/// On-chain Key Server set implementation.
+pub struct OnChainKeyServerSet {
+	/// Cached on-chain contract.
+	contract: Mutex<CachedContract>,
+}
+
+/// Cached on-chain Key Server set contract.
+struct CachedContract {
+	/// Blockchain client.
+	client: Weak<Client>,
+	/// Contract address.
+	contract_addr: Option<Address>,
+	/// Active set of key servers.
+	key_servers: HashMap<Public, SocketAddr>,
+}
+
+impl OnChainKeyServerSet {
+	pub fn new(client: &Arc<Client>, key_servers: HashMap<Public, SocketAddr>) -> Arc<Self> {
+		let key_server_set = Arc::new(OnChainKeyServerSet {
+			contract: Mutex::new(CachedContract::new(client, key_servers)),
+		});
+		client.add_notify(key_server_set.clone());
+		key_server_set
+	}
+}
+
+impl KeyServerSet for OnChainKeyServerSet {
+	fn get(&self) -> HashMap<Public, SocketAddr> {
+		self.contract.lock().get()
+	}
+}
+
+impl ChainNotify for OnChainKeyServerSet {
+	fn new_blocks(&self, _imported: Vec<H256>, _invalid: Vec<H256>, enacted: Vec<H256>, retracted: Vec<H256>, _sealed: Vec<H256>, _proposed: Vec<Bytes>, _duration: u64) {
+		self.contract.lock().update(enacted, retracted)
+	}
+}
+
+impl CachedContract {
+	pub fn new(client: &Arc<Client>, key_servers: HashMap<Public, SocketAddr>) -> Self {
+		CachedContract {
+			client: Arc::downgrade(client),
+			contract_addr: None,
+			key_servers: key_servers,
+		}
+	}
+
+	pub fn update(&mut self, enacted: Vec<H256>, _retracted: Vec<H256>) {
+		if let Some(client) = self.client.upgrade() {
+			let new_contract_addr = client.registry_address(KEY_SERVER_SET_CONTRACT_REGISTRY_NAME.to_owned());
+
+			// new contract installed
+			if self.contract_addr.as_ref() != new_contract_addr.as_ref() {
+println!("=== Installing contract from address: {:?}", new_contract_addr);
+				self.key_servers = new_contract_addr.map(|contract_addr| {
+					trace!(target: "secretstore", "Configuring for key server set contract from {}", contract_addr);
+
+					KeyServerSetContract::new(contract_addr)
+				})
+				.map(|contract| {
+					let mut key_servers = HashMap::new();
+					let do_call = |a, d| future::done(self.client.upgrade().ok_or("Calling contract without client".into()).and_then(|c| c.call_contract(BlockId::Latest, a, d)));
+					let key_servers_list = contract.get_key_servers(do_call).wait()
+						.map_err(|err| { trace!(target: "secretstore", "Error {} reading list of key servers from contract", err); err })
+						.unwrap_or_default();
+					for key_server in key_servers_list {
+						let key_server_public = contract.get_key_server_public(
+							|a, d| future::done(self.client.upgrade().ok_or("Calling contract without client".into()).and_then(|c| c.call_contract(BlockId::Latest, a, d))), key_server).wait()
+							.and_then(|p| if p.len() == 64 { Ok(Public::from_slice(&p)) } else { Err(format!("Invalid public length {}", p.len())) });
+						let key_server_ip = contract.get_key_server_address(
+							|a, d| future::done(self.client.upgrade().ok_or("Calling contract without client".into()).and_then(|c| c.call_contract(BlockId::Latest, a, d))), key_server).wait()
+							.and_then(|a| a.parse().map_err(|e| format!("Invalid ip address: {}", e)));
+						if let (Ok(key_server_public), Ok(key_server_ip)) = (key_server_public, key_server_ip) {
+							key_servers.insert(key_server_public, key_server_ip);
+						}
+					}
+					key_servers
+				})
+				.unwrap_or_default();
+
+				return;
+			}
+
+			// check for events
+			for enacted_hash in enacted {
+				let filter = Filter {
+					from_block: BlockId::Hash(enacted_hash.clone()),
+					to_block: BlockId::Hash(enacted_hash.clone()),
+					address: self.contract_addr.clone().map(|a| vec![a]),
+					topics: vec![Some(vec![*ADDED_EVENT_NAME_HASH]), Some(vec![*REMOVED_EVENT_NAME_HASH])],
+					limit: None,
+				};
+				println!("=== Number of filtered log entries: {}", client.logs(filter).len());
+			}
+		}
+	}
+
+	fn get(&self) -> HashMap<Public, SocketAddr> {
+		self.key_servers.clone()
+	}
+}

secret_store/src/lib.rs

@@ -21,6 +21,8 @@ extern crate log;
 extern crate futures;
 extern crate futures_cpupool;
 extern crate hyper;
+#[macro_use]
+extern crate lazy_static;
 extern crate parking_lot;
 extern crate rustc_hex;
 extern crate serde;
@@ -56,6 +58,7 @@ mod http_listener;
 mod key_server;
 mod key_storage;
 mod serialization;
+mod key_server_set;
 
 use std::sync::Arc;
 use ethcore::client::Client;
@@ -68,9 +71,12 @@ pub use traits::{KeyServer};
 pub fn start(client: Arc<Client>, config: ServiceConfiguration) -> Result<Box<KeyServer>, Error> {
 	use std::sync::Arc;
 
-	let acl_storage = Arc::new(acl_storage::OnChainAclStorage::new(client));
+	let acl_storage = acl_storage::OnChainAclStorage::new(&client);
+	let key_server_set = key_server_set::OnChainKeyServerSet::new(&client, config.cluster_config.nodes.clone()
+		.into_iter()
+		.map(|a| (a.0, format!("{}:{}", a.1.address, a.1.port).parse().unwrap())).collect()); // TODO: remove after switching to enode:///
 	let key_storage = Arc::new(key_storage::PersistentKeyStorage::new(&config)?);
-	let key_server = key_server::KeyServerImpl::new(&config.cluster_config, acl_storage, key_storage)?;
+	let key_server = key_server::KeyServerImpl::new(&config.cluster_config, key_server_set, acl_storage, key_storage)?;
 	let listener = http_listener::KeyServerHttpListener::start(&config.listener_address, key_server)?;
 	Ok(Box::new(listener))
 }