New signer token RPC & Initial signer connection without token. (#2096)

* Allowing signer to use initial token

* Generating new tokens via RPC

* Fixing RPC tests

* Fixing signer doctest

* whitespace

[ci:skip]

* whitespace

[ci:skip]
This commit is contained in:
Tomasz Drwięga 2016-09-21 12:44:49 +02:00 committed by Gav Wood
parent 93f82a1164
commit b7e2afd5c0
21 changed files with 377 additions and 94 deletions

View File

@ -14,6 +14,7 @@
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use std::time::Duration;
use std::io::{Read, Write};
use std::str::{self, Lines};
use std::net::{TcpStream, SocketAddr};
@ -43,10 +44,11 @@ pub fn read_block(lines: &mut Lines, all: bool) -> String {
pub fn request(address: &SocketAddr, request: &str) -> Response {
let mut req = TcpStream::connect(address).unwrap();
req.set_read_timeout(Some(Duration::from_secs(1))).unwrap();
req.write_all(request.as_bytes()).unwrap();
let mut response = String::new();
req.read_to_string(&mut response).unwrap();
let _ = req.read_to_string(&mut response);
let mut lines = response.lines();
let status = lines.next().unwrap().to_owned();

View File

@ -23,7 +23,8 @@ use std::ops::{Deref, DerefMut};
use rand::random;
pub struct RandomTempPath {
path: PathBuf
path: PathBuf,
pub panic_on_drop_failure: bool,
}
pub fn random_filename() -> String {
@ -39,7 +40,8 @@ impl RandomTempPath {
let mut dir = env::temp_dir();
dir.push(random_filename());
RandomTempPath {
path: dir.clone()
path: dir.clone(),
panic_on_drop_failure: true,
}
}
@ -48,7 +50,8 @@ impl RandomTempPath {
dir.push(random_filename());
fs::create_dir_all(dir.as_path()).unwrap();
RandomTempPath {
path: dir.clone()
path: dir.clone(),
panic_on_drop_failure: true,
}
}
@ -72,16 +75,24 @@ impl AsRef<Path> for RandomTempPath {
self.as_path()
}
}
impl Deref for RandomTempPath {
type Target = Path;
fn deref(&self) -> &Self::Target {
self.as_path()
}
}
impl Drop for RandomTempPath {
fn drop(&mut self) {
if let Err(_) = fs::remove_dir_all(&self) {
if let Err(e) = fs::remove_file(&self) {
if self.panic_on_drop_failure {
panic!("Failed to remove temp directory. Here's what prevented this from happening: ({})", e);
}
}
}
}
}
pub struct GuardedTempResult<T> {
pub result: Option<T>,

View File

@ -25,7 +25,7 @@ use ethcore::client::Client;
use ethcore::account_provider::AccountProvider;
use ethsync::{ManageNetwork, SyncProvider};
use ethcore_rpc::{Extendable, NetworkSettings};
pub use ethcore_rpc::ConfirmationsQueue;
pub use ethcore_rpc::SignerService;
#[derive(Debug, PartialEq, Clone, Eq, Hash)]
@ -94,7 +94,7 @@ impl FromStr for ApiSet {
pub struct Dependencies {
pub signer_port: Option<u16>,
pub signer_queue: Arc<ConfirmationsQueue>,
pub signer_service: Arc<SignerService>,
pub client: Arc<Client>,
pub sync: Arc<SyncProvider>,
pub net: Arc<ManageNetwork>,
@ -173,7 +173,7 @@ pub fn setup_rpc<T: Extendable>(server: T, deps: Arc<Dependencies>, apis: ApiSet
server.add_delegate(filter_client.to_delegate());
if deps.signer_port.is_some() {
server.add_delegate(EthSigningQueueClient::new(&deps.signer_queue, &deps.client, &deps.miner, &deps.secret_store).to_delegate());
server.add_delegate(EthSigningQueueClient::new(&deps.signer_service, &deps.client, &deps.miner, &deps.secret_store).to_delegate());
} else {
server.add_delegate(EthSigningUnsafeClient::new(&deps.client, &deps.secret_store, &deps.miner).to_delegate());
}
@ -182,11 +182,11 @@ pub fn setup_rpc<T: Extendable>(server: T, deps: Arc<Dependencies>, apis: ApiSet
server.add_delegate(PersonalClient::new(&deps.secret_store, &deps.client, &deps.miner, deps.signer_port, deps.geth_compatibility).to_delegate());
},
Api::Signer => {
server.add_delegate(SignerClient::new(&deps.secret_store, &deps.client, &deps.miner, &deps.signer_queue).to_delegate());
server.add_delegate(SignerClient::new(&deps.secret_store, &deps.client, &deps.miner, &deps.signer_service).to_delegate());
},
Api::Ethcore => {
let queue = deps.signer_port.map(|_| deps.signer_queue.clone());
server.add_delegate(EthcoreClient::new(&deps.client, &deps.miner, &deps.sync, &deps.net_service, deps.logger.clone(), deps.settings.clone(), queue).to_delegate())
let signer = deps.signer_port.map(|_| deps.signer_service.clone());
server.add_delegate(EthcoreClient::new(&deps.client, &deps.miner, &deps.sync, &deps.net_service, deps.logger.clone(), deps.settings.clone(), signer).to_delegate())
},
Api::EthcoreSet => {
server.add_delegate(EthcoreSetClient::new(&deps.client, &deps.miner, &deps.net_service).to_delegate())

View File

@ -206,9 +206,10 @@ pub fn execute(cmd: RunCmd) -> Result<(), String> {
}
// set up dependencies for rpc servers
let signer_path = cmd.signer_conf.signer_path.clone();
let deps_for_rpc_apis = Arc::new(rpc_apis::Dependencies {
signer_port: cmd.signer_port,
signer_queue: Arc::new(rpc_apis::ConfirmationsQueue::default()),
signer_service: Arc::new(rpc_apis::SignerService::new(move || signer::new_token(signer_path.clone()))),
client: client.clone(),
sync: sync_provider.clone(),
net: manage_network.clone(),

View File

@ -90,7 +90,7 @@ fn do_start(conf: Configuration, deps: Dependencies) -> Result<SignerServer, Str
let start_result = {
let server = signer::ServerBuilder::new(
deps.apis.signer_queue.clone(),
deps.apis.signer_service.queue(),
codes_path(conf.signer_path),
);
if conf.skip_origin_validation {

View File

@ -53,7 +53,7 @@ use self::jsonrpc_core::{IoHandler, IoDelegate};
pub use jsonrpc_http_server::{ServerBuilder, Server, RpcServerError};
pub mod v1;
pub use v1::{SigningQueue, ConfirmationsQueue, NetworkSettings};
pub use v1::{SigningQueue, SignerService, ConfirmationsQueue, NetworkSettings};
/// An object that can be extended with `IoDelegates`
pub trait Extendable {

View File

@ -139,6 +139,13 @@ pub fn no_author() -> Error {
}
}
pub fn token(e: String) -> Error {
Error {
code: ErrorCode::ServerError(codes::UNKNOWN_ERROR),
message: "There was an error when saving your authorization tokens.".into(),
data: Some(Value::String(e)),
}
}
pub fn signer_disabled() -> Error {
Error {

View File

@ -21,6 +21,7 @@ pub mod params;
mod poll_manager;
mod poll_filter;
mod requests;
mod signer;
mod signing_queue;
mod network_settings;
@ -28,4 +29,5 @@ pub use self::poll_manager::PollManager;
pub use self::poll_filter::PollFilter;
pub use self::requests::{TransactionRequest, FilledTransactionRequest, ConfirmationRequest, ConfirmationPayload, CallRequest};
pub use self::signing_queue::{ConfirmationsQueue, ConfirmationPromise, ConfirmationResult, SigningQueue, QueueEvent};
pub use self::signer::SignerService;
pub use self::network_settings::NetworkSettings;

View File

@ -0,0 +1,61 @@
// Copyright 2015, 2016 Ethcore (UK) Ltd.
// This file is part of Parity.
// Parity is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use std::sync::Arc;
use std::ops::Deref;
use v1::helpers::signing_queue::{ConfirmationsQueue};
/// Manages communication with Signer crate
pub struct SignerService {
queue: Arc<ConfirmationsQueue>,
generate_new_token: Box<Fn() -> Result<String, String> + Send + Sync + 'static>,
}
impl SignerService {
/// Creates new Signer Service given function to generate new tokens.
pub fn new<F>(new_token: F) -> Self
where F: Fn() -> Result<String, String> + Send + Sync + 'static {
SignerService {
queue: Arc::new(ConfirmationsQueue::default()),
generate_new_token: Box::new(new_token),
}
}
/// Generates new token.
pub fn generate_token(&self) -> Result<String, String> {
(self.generate_new_token)()
}
/// Returns a reference to `ConfirmationsQueue`
pub fn queue(&self) -> Arc<ConfirmationsQueue> {
self.queue.clone()
}
#[cfg(test)]
/// Creates new Signer Service for tests.
pub fn new_test() -> Self {
SignerService::new(|| Ok("new_token".into()))
}
}
impl Deref for SignerService {
type Target = ConfirmationsQueue;
fn deref(&self) -> &Self::Target {
&self.queue
}
}

View File

@ -23,7 +23,7 @@ use ethcore::client::MiningBlockChainClient;
use util::{U256, Address, H256, Mutex};
use transient_hashmap::TransientHashMap;
use ethcore::account_provider::AccountProvider;
use v1::helpers::{errors, SigningQueue, ConfirmationPromise, ConfirmationResult, ConfirmationsQueue, ConfirmationPayload, TransactionRequest as TRequest, FilledTransactionRequest as FilledRequest};
use v1::helpers::{errors, SigningQueue, ConfirmationPromise, ConfirmationResult, ConfirmationPayload, TransactionRequest as TRequest, FilledTransactionRequest as FilledRequest, SignerService};
use v1::helpers::dispatch::{default_gas_price, sign_and_dispatch};
use v1::traits::EthSigning;
use v1::types::{TransactionRequest, H160 as RpcH160, H256 as RpcH256, H520 as RpcH520, U256 as RpcU256};
@ -43,7 +43,7 @@ fn fill_optional_fields<C, M>(request: TRequest, client: &C, miner: &M) -> Fille
/// Implementation of functions that require signing when no trusted signer is used.
pub struct EthSigningQueueClient<C, M> where C: MiningBlockChainClient, M: MinerService {
queue: Weak<ConfirmationsQueue>,
signer: Weak<SignerService>,
accounts: Weak<AccountProvider>,
client: Weak<C>,
miner: Weak<M>,
@ -60,9 +60,9 @@ pub enum DispatchResult {
impl<C, M> EthSigningQueueClient<C, M> where C: MiningBlockChainClient, M: MinerService {
/// Creates a new signing queue client given shared signing queue.
pub fn new(queue: &Arc<ConfirmationsQueue>, client: &Arc<C>, miner: &Arc<M>, accounts: &Arc<AccountProvider>) -> Self {
pub fn new(signer: &Arc<SignerService>, client: &Arc<C>, miner: &Arc<M>, accounts: &Arc<AccountProvider>) -> Self {
EthSigningQueueClient {
queue: Arc::downgrade(queue),
signer: Arc::downgrade(signer),
accounts: Arc::downgrade(accounts),
client: Arc::downgrade(client),
miner: Arc::downgrade(miner),
@ -86,8 +86,8 @@ impl<C, M> EthSigningQueueClient<C, M> where C: MiningBlockChainClient, M: Miner
return Ok(DispatchResult::Value(to_value(&accounts.sign(address, msg).ok().map_or_else(RpcH520::default, Into::into))))
}
let queue = take_weak!(self.queue);
queue.add_request(ConfirmationPayload::Sign(address, msg))
let signer = take_weak!(self.signer);
signer.add_request(ConfirmationPayload::Sign(address, msg))
.map(DispatchResult::Promise)
.map_err(|_| errors::request_rejected_limit())
})
@ -105,9 +105,9 @@ impl<C, M> EthSigningQueueClient<C, M> where C: MiningBlockChainClient, M: Miner
return sign_and_dispatch(&*client, &*miner, request, &*accounts, sender).map(DispatchResult::Value);
}
let queue = take_weak!(self.queue);
let signer = take_weak!(self.signer);
let request = fill_optional_fields(request, &*client, &*miner);
queue.add_request(ConfirmationPayload::Transaction(request))
signer.add_request(ConfirmationPayload::Transaction(request))
.map(DispatchResult::Promise)
.map_err(|_| errors::request_rejected_limit())
})

View File

@ -30,7 +30,7 @@ use ethcore::client::{MiningBlockChainClient};
use jsonrpc_core::*;
use v1::traits::Ethcore;
use v1::types::{Bytes, U256, H160, Peers};
use v1::helpers::{errors, SigningQueue, ConfirmationsQueue, NetworkSettings};
use v1::helpers::{errors, SigningQueue, SignerService, NetworkSettings};
use v1::helpers::params::expect_no_params;
/// Ethcore implementation.
@ -45,7 +45,7 @@ pub struct EthcoreClient<C, M, S: ?Sized> where
net: Weak<ManageNetwork>,
logger: Arc<RotatingLogger>,
settings: Arc<NetworkSettings>,
confirmations_queue: Option<Arc<ConfirmationsQueue>>,
signer: Option<Arc<SignerService>>,
}
impl<C, M, S: ?Sized> EthcoreClient<C, M, S> where C: MiningBlockChainClient, M: MinerService, S: SyncProvider {
@ -57,7 +57,7 @@ impl<C, M, S: ?Sized> EthcoreClient<C, M, S> where C: MiningBlockChainClient, M:
net: &Arc<ManageNetwork>,
logger: Arc<RotatingLogger>,
settings: Arc<NetworkSettings>,
queue: Option<Arc<ConfirmationsQueue>>
signer: Option<Arc<SignerService>>
) -> Self {
EthcoreClient {
client: Arc::downgrade(client),
@ -66,7 +66,7 @@ impl<C, M, S: ?Sized> EthcoreClient<C, M, S> where C: MiningBlockChainClient, M:
net: Arc::downgrade(net),
logger: logger,
settings: settings,
confirmations_queue: queue,
signer: signer,
}
}
@ -198,9 +198,9 @@ impl<C, M, S: ?Sized> Ethcore for EthcoreClient<C, M, S> where M: MinerService +
try!(self.active());
try!(expect_no_params(params));
match self.confirmations_queue {
match self.signer {
None => Err(errors::signer_disabled()),
Some(ref queue) => Ok(to_value(&queue.len())),
Some(ref signer) => Ok(to_value(&signer.len())),
}
}

View File

@ -23,13 +23,13 @@ use ethcore::client::MiningBlockChainClient;
use ethcore::miner::MinerService;
use v1::traits::PersonalSigner;
use v1::types::{TransactionModification, ConfirmationRequest, U256};
use v1::helpers::{errors, SigningQueue, ConfirmationsQueue, ConfirmationPayload};
use v1::helpers::{errors, SignerService, SigningQueue, ConfirmationPayload};
use v1::helpers::params::expect_no_params;
use v1::helpers::dispatch::{unlock_sign_and_dispatch, signature_with_password};
/// Transactions confirmation (personal) rpc implementation.
pub struct SignerClient<C, M> where C: MiningBlockChainClient, M: MinerService {
queue: Weak<ConfirmationsQueue>,
signer: Weak<SignerService>,
accounts: Weak<AccountProvider>,
client: Weak<C>,
miner: Weak<M>,
@ -38,9 +38,14 @@ pub struct SignerClient<C, M> where C: MiningBlockChainClient, M: MinerService {
impl<C: 'static, M: 'static> SignerClient<C, M> where C: MiningBlockChainClient, M: MinerService {
/// Create new instance of signer client.
pub fn new(store: &Arc<AccountProvider>, client: &Arc<C>, miner: &Arc<M>, queue: &Arc<ConfirmationsQueue>) -> Self {
pub fn new(
store: &Arc<AccountProvider>,
client: &Arc<C>,
miner: &Arc<M>,
signer: &Arc<SignerService>,
) -> Self {
SignerClient {
queue: Arc::downgrade(queue),
signer: Arc::downgrade(signer),
accounts: Arc::downgrade(store),
client: Arc::downgrade(client),
miner: Arc::downgrade(miner),
@ -59,8 +64,8 @@ impl<C: 'static, M: 'static> PersonalSigner for SignerClient<C, M> where C: Mini
fn requests_to_confirm(&self, params: Params) -> Result<Value, Error> {
try!(self.active());
try!(expect_no_params(params));
let queue = take_weak!(self.queue);
Ok(to_value(&queue.requests().into_iter().map(From::from).collect::<Vec<ConfirmationRequest>>()))
let signer = take_weak!(self.signer);
Ok(to_value(&signer.requests().into_iter().map(From::from).collect::<Vec<ConfirmationRequest>>()))
}
fn confirm_request(&self, params: Params) -> Result<Value, Error> {
@ -71,11 +76,11 @@ impl<C: 'static, M: 'static> PersonalSigner for SignerClient<C, M> where C: Mini
|(id, modification, pass)| {
let id = id.into();
let accounts = take_weak!(self.accounts);
let queue = take_weak!(self.queue);
let signer = take_weak!(self.signer);
let client = take_weak!(self.client);
let miner = take_weak!(self.miner);
queue.peek(&id).map(|confirmation| {
signer.peek(&id).map(|confirmation| {
let result = match confirmation.payload {
ConfirmationPayload::Transaction(mut request) => {
// apply modification
@ -90,7 +95,7 @@ impl<C: 'static, M: 'static> PersonalSigner for SignerClient<C, M> where C: Mini
}
};
if let Ok(ref response) = result {
queue.request_confirmed(id, Ok(response.clone()));
signer.request_confirmed(id, Ok(response.clone()));
}
result
}).unwrap_or_else(|| Err(errors::invalid_params("Unknown RequestID", id)))
@ -102,11 +107,20 @@ impl<C: 'static, M: 'static> PersonalSigner for SignerClient<C, M> where C: Mini
try!(self.active());
from_params::<(U256, )>(params).and_then(
|(id, )| {
let queue = take_weak!(self.queue);
let res = queue.request_rejected(id.into());
let signer = take_weak!(self.signer);
let res = signer.request_rejected(id.into());
Ok(to_value(&res.is_some()))
}
)
}
fn generate_token(&self, params: Params) -> Result<Value, Error> {
try!(self.active());
try!(expect_no_params(params));
let signer = take_weak!(self.signer);
signer.generate_token()
.map(|token| to_value(&token))
.map_err(|e| errors::token(e))
}
}

View File

@ -28,4 +28,4 @@ pub mod types;
pub use self::traits::{Web3, Eth, EthFilter, EthSigning, Personal, PersonalSigner, Net, Ethcore, EthcoreSet, Traces, Rpc};
pub use self::impls::*;
pub use self::helpers::{SigningQueue, ConfirmationsQueue, NetworkSettings};
pub use self::helpers::{SigningQueue, SignerService, ConfirmationsQueue, NetworkSettings};

View File

@ -19,7 +19,7 @@ use std::sync::Arc;
use jsonrpc_core::{IoHandler, to_value};
use v1::impls::EthSigningQueueClient;
use v1::traits::EthSigning;
use v1::helpers::{ConfirmationsQueue, SigningQueue};
use v1::helpers::{SignerService, SigningQueue};
use v1::types::{H256 as RpcH256, H520 as RpcH520};
use v1::tests::helpers::TestMinerService;
use util::{Address, FixedHash, Uint, U256, H256, H520};
@ -28,7 +28,7 @@ use ethcore::client::TestBlockChainClient;
use ethcore::transaction::{Transaction, Action};
struct EthSigningTester {
pub queue: Arc<ConfirmationsQueue>,
pub signer: Arc<SignerService>,
pub client: Arc<TestBlockChainClient>,
pub miner: Arc<TestMinerService>,
pub accounts: Arc<AccountProvider>,
@ -37,15 +37,15 @@ struct EthSigningTester {
impl Default for EthSigningTester {
fn default() -> Self {
let queue = Arc::new(ConfirmationsQueue::default());
let signer = Arc::new(SignerService::new_test());
let client = Arc::new(TestBlockChainClient::default());
let miner = Arc::new(TestMinerService::default());
let accounts = Arc::new(AccountProvider::transient_provider());
let io = IoHandler::new();
io.add_delegate(EthSigningQueueClient::new(&queue, &client, &miner, &accounts).to_delegate());
io.add_delegate(EthSigningQueueClient::new(&signer, &client, &miner, &accounts).to_delegate());
EthSigningTester {
queue: queue,
signer: signer,
client: client,
miner: miner,
accounts: accounts,
@ -63,7 +63,7 @@ fn should_add_sign_to_queue() {
// given
let tester = eth_signing();
let address = Address::random();
assert_eq!(tester.queue.requests().len(), 0);
assert_eq!(tester.signer.requests().len(), 0);
// when
let request = r#"{
@ -79,9 +79,9 @@ fn should_add_sign_to_queue() {
// then
let async_result = tester.io.handle_request(&request).unwrap();
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
// respond
tester.queue.request_confirmed(U256::from(1), Ok(to_value(&RpcH520::from(H520::default()))));
tester.signer.request_confirmed(U256::from(1), Ok(to_value(&RpcH520::from(H520::default()))));
assert!(async_result.on_result(move |res| {
assert_eq!(res, response.to_owned());
}));
@ -92,7 +92,7 @@ fn should_post_sign_to_queue() {
// given
let tester = eth_signing();
let address = Address::random();
assert_eq!(tester.queue.requests().len(), 0);
assert_eq!(tester.signer.requests().len(), 0);
// when
let request = r#"{
@ -108,7 +108,7 @@ fn should_post_sign_to_queue() {
// then
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
}
#[test]
@ -155,7 +155,7 @@ fn should_check_status_of_request_when_its_resolved() {
"id": 1
}"#;
tester.io.handle_request_sync(&request).expect("Sent");
tester.queue.request_confirmed(U256::from(1), Ok(to_value(&"Hello World!")));
tester.signer.request_confirmed(U256::from(1), Ok(to_value(&"Hello World!")));
// when
let request = r#"{
@ -192,7 +192,7 @@ fn should_sign_if_account_is_unlocked() {
}"#;
let response = r#"{"jsonrpc":"2.0","result":""#.to_owned() + format!("0x{}", signature).as_ref() + r#"","id":1}"#;
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
assert_eq!(tester.queue.requests().len(), 0);
assert_eq!(tester.signer.requests().len(), 0);
}
#[test]
@ -200,7 +200,7 @@ fn should_add_transaction_to_queue() {
// given
let tester = eth_signing();
let address = Address::random();
assert_eq!(tester.queue.requests().len(), 0);
assert_eq!(tester.signer.requests().len(), 0);
// when
let request = r#"{
@ -219,9 +219,9 @@ fn should_add_transaction_to_queue() {
// then
let async_result = tester.io.handle_request(&request).unwrap();
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
// respond
tester.queue.request_confirmed(U256::from(1), Ok(to_value(&RpcH256::from(H256::default()))));
tester.signer.request_confirmed(U256::from(1), Ok(to_value(&RpcH256::from(H256::default()))));
assert!(async_result.on_result(move |res| {
assert_eq!(res, response.to_owned());
}));

View File

@ -22,7 +22,7 @@ use ethcore::client::{TestBlockChainClient};
use jsonrpc_core::IoHandler;
use v1::{Ethcore, EthcoreClient};
use v1::helpers::{ConfirmationsQueue, NetworkSettings};
use v1::helpers::{SignerService, NetworkSettings};
use v1::tests::helpers::{TestSyncProvider, Config, TestMinerService};
use super::manage_network::TestManageNetwork;
@ -262,8 +262,8 @@ fn rpc_ethcore_unsigned_transactions_count() {
let sync = sync_provider();
let net = network_service();
let io = IoHandler::new();
let queue = Arc::new(ConfirmationsQueue::default());
let ethcore = EthcoreClient::new(&client, &miner, &sync, &net, logger(), settings(), Some(queue)).to_delegate();
let signer = Arc::new(SignerService::new_test());
let ethcore = EthcoreClient::new(&client, &miner, &sync, &net, logger(), settings(), Some(signer)).to_delegate();
io.add_delegate(ethcore);
let request = r#"{"jsonrpc": "2.0", "method": "ethcore_unsignedTransactionsCount", "params":[], "id": 1}"#;

View File

@ -23,10 +23,10 @@ use ethcore::client::TestBlockChainClient;
use ethcore::transaction::{Transaction, Action};
use v1::{SignerClient, PersonalSigner};
use v1::tests::helpers::TestMinerService;
use v1::helpers::{SigningQueue, ConfirmationsQueue, FilledTransactionRequest, ConfirmationPayload};
use v1::helpers::{SigningQueue, SignerService, FilledTransactionRequest, ConfirmationPayload};
struct PersonalSignerTester {
queue: Arc<ConfirmationsQueue>,
signer: Arc<SignerService>,
accounts: Arc<AccountProvider>,
io: IoHandler,
miner: Arc<TestMinerService>,
@ -49,16 +49,16 @@ fn miner_service() -> Arc<TestMinerService> {
}
fn signer_tester() -> PersonalSignerTester {
let queue = Arc::new(ConfirmationsQueue::default());
let signer = Arc::new(SignerService::new_test());
let accounts = accounts_provider();
let client = blockchain_client();
let miner = miner_service();
let io = IoHandler::new();
io.add_delegate(SignerClient::new(&accounts, &client, &miner, &queue).to_delegate());
io.add_delegate(SignerClient::new(&accounts, &client, &miner, &signer).to_delegate());
PersonalSignerTester {
queue: queue,
signer: signer,
accounts: accounts,
io: io,
miner: miner,
@ -71,7 +71,7 @@ fn signer_tester() -> PersonalSignerTester {
fn should_return_list_of_items_to_confirm() {
// given
let tester = signer_tester();
tester.queue.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
tester.signer.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
from: Address::from(1),
to: Some(Address::from_str("d46e8dd67c5d32be8058bb8eb970870f07244567").unwrap()),
gas_price: U256::from(10_000),
@ -80,7 +80,7 @@ fn should_return_list_of_items_to_confirm() {
data: vec![],
nonce: None,
})).unwrap();
tester.queue.add_request(ConfirmationPayload::Sign(1.into(), 5.into())).unwrap();
tester.signer.add_request(ConfirmationPayload::Sign(1.into(), 5.into())).unwrap();
// when
let request = r#"{"jsonrpc":"2.0","method":"personal_requestsToConfirm","params":[],"id":1}"#;
@ -100,7 +100,7 @@ fn should_return_list_of_items_to_confirm() {
fn should_reject_transaction_from_queue_without_dispatching() {
// given
let tester = signer_tester();
tester.queue.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
tester.signer.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
from: Address::from(1),
to: Some(Address::from_str("d46e8dd67c5d32be8058bb8eb970870f07244567").unwrap()),
gas_price: U256::from(10_000),
@ -109,7 +109,7 @@ fn should_reject_transaction_from_queue_without_dispatching() {
data: vec![],
nonce: None,
})).unwrap();
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
// when
let request = r#"{"jsonrpc":"2.0","method":"personal_rejectRequest","params":["0x1"],"id":1}"#;
@ -117,7 +117,7 @@ fn should_reject_transaction_from_queue_without_dispatching() {
// then
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
assert_eq!(tester.queue.requests().len(), 0);
assert_eq!(tester.signer.requests().len(), 0);
assert_eq!(tester.miner.imported_transactions.lock().len(), 0);
}
@ -125,7 +125,7 @@ fn should_reject_transaction_from_queue_without_dispatching() {
fn should_not_remove_transaction_if_password_is_invalid() {
// given
let tester = signer_tester();
tester.queue.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
tester.signer.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
from: Address::from(1),
to: Some(Address::from_str("d46e8dd67c5d32be8058bb8eb970870f07244567").unwrap()),
gas_price: U256::from(10_000),
@ -134,7 +134,7 @@ fn should_not_remove_transaction_if_password_is_invalid() {
data: vec![],
nonce: None,
})).unwrap();
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
// when
let request = r#"{"jsonrpc":"2.0","method":"personal_confirmRequest","params":["0x1",{},"xxx"],"id":1}"#;
@ -142,15 +142,15 @@ fn should_not_remove_transaction_if_password_is_invalid() {
// then
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
}
#[test]
fn should_not_remove_sign_if_password_is_invalid() {
// given
let tester = signer_tester();
tester.queue.add_request(ConfirmationPayload::Sign(0.into(), 5.into())).unwrap();
assert_eq!(tester.queue.requests().len(), 1);
tester.signer.add_request(ConfirmationPayload::Sign(0.into(), 5.into())).unwrap();
assert_eq!(tester.signer.requests().len(), 1);
// when
let request = r#"{"jsonrpc":"2.0","method":"personal_confirmRequest","params":["0x1",{},"xxx"],"id":1}"#;
@ -158,7 +158,7 @@ fn should_not_remove_sign_if_password_is_invalid() {
// then
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
}
#[test]
@ -167,7 +167,7 @@ fn should_confirm_transaction_and_dispatch() {
let tester = signer_tester();
let address = tester.accounts.new_account("test").unwrap();
let recipient = Address::from_str("d46e8dd67c5d32be8058bb8eb970870f07244567").unwrap();
tester.queue.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
tester.signer.add_request(ConfirmationPayload::Transaction(FilledTransactionRequest {
from: address,
to: Some(recipient),
gas_price: U256::from(10_000),
@ -189,7 +189,7 @@ fn should_confirm_transaction_and_dispatch() {
let signature = tester.accounts.sign(address, t.hash()).unwrap();
let t = t.with_signature(signature);
assert_eq!(tester.queue.requests().len(), 1);
assert_eq!(tester.signer.requests().len(), 1);
// when
let request = r#"{
@ -202,7 +202,24 @@ fn should_confirm_transaction_and_dispatch() {
// then
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
assert_eq!(tester.queue.requests().len(), 0);
assert_eq!(tester.signer.requests().len(), 0);
assert_eq!(tester.miner.imported_transactions.lock().len(), 1);
}
#[test]
fn should_generate_new_token() {
// given
let tester = signer_tester();
// when
let request = r#"{
"jsonrpc":"2.0",
"method":"personal_generateAuthorizationToken",
"params":[],
"id":1
}"#;
let response = r#"{"jsonrpc":"2.0","result":"new_token","id":1}"#;
// then
assert_eq!(tester.io.handle_request_sync(&request), Some(response.to_owned()));
}

View File

@ -92,12 +92,16 @@ pub trait PersonalSigner: Sized + Send + Sync + 'static {
/// Reject the confirmation request.
fn reject_request(&self, _: Params) -> Result<Value, Error>;
/// Generates new authorization token.
fn generate_token(&self, _: Params) -> Result<Value, Error>;
/// Should be used to convert object to io delegate.
fn to_delegate(self) -> IoDelegate<Self> {
let mut delegate = IoDelegate::new(Arc::new(self));
delegate.add_method("personal_requestsToConfirm", PersonalSigner::requests_to_confirm);
delegate.add_method("personal_confirmRequest", PersonalSigner::confirm_request);
delegate.add_method("personal_rejectRequest", PersonalSigner::reject_request);
delegate.add_method("personal_generateAuthorizationToken", PersonalSigner::generate_token);
delegate
}
}

View File

@ -48,6 +48,7 @@ impl TimeProvider for DefaultTimeProvider {
/// No of seconds the hash is valid
const TIME_THRESHOLD: u64 = 7;
const TOKEN_LENGTH: usize = 16;
const INITIAL_TOKEN: &'static str = "initial";
/// Manages authorization codes for `SignerUIs`
pub struct AuthCodes<T: TimeProvider = DefaultTimeProvider> {
@ -98,7 +99,7 @@ impl<T: TimeProvider> AuthCodes<T> {
}
/// Checks if given hash is correct identifier of `SignerUI`
pub fn is_valid(&self, hash: &H256, time: u64) -> bool {
pub fn is_valid(&mut self, hash: &H256, time: u64) -> bool {
let now = self.now.now();
// check time
if time >= now + TIME_THRESHOLD || time <= now - TIME_THRESHOLD {
@ -106,9 +107,21 @@ impl<T: TimeProvider> AuthCodes<T> {
return false;
}
let as_token = |code| format!("{}:{}", code, time).sha3();
// Check if it's the initial token.
if self.is_empty() {
let initial = &as_token(INITIAL_TOKEN) == hash;
// Initial token can be used only once.
if initial {
let _ = self.generate_new();
}
return initial;
}
// look for code
self.codes.iter()
.any(|code| &format!("{}:{}", code, time).sha3() == hash)
.any(|code| &as_token(code) == hash)
}
/// Generates and returns a new code that can be used by `SignerUIs`
@ -124,6 +137,11 @@ impl<T: TimeProvider> AuthCodes<T> {
self.codes.push(code);
Ok(readable_code)
}
/// Returns true if there are no tokens in this store
pub fn is_empty(&self) -> bool {
self.codes.is_empty()
}
}
@ -137,12 +155,28 @@ mod tests {
format!("{}:{}", val, time).sha3()
}
#[test]
fn should_return_true_if_code_is_initial_and_store_is_empty() {
// given
let code = "initial";
let time = 99;
let mut codes = AuthCodes::new(vec![], || 100);
// when
let res1 = codes.is_valid(&generate_hash(code, time), time);
let res2 = codes.is_valid(&generate_hash(code, time), time);
// then
assert_eq!(res1, true);
assert_eq!(res2, false);
}
#[test]
fn should_return_true_if_hash_is_valid() {
// given
let code = "23521352asdfasdfadf";
let time = 99;
let codes = AuthCodes::new(vec![code.into()], || 100);
let mut codes = AuthCodes::new(vec![code.into()], || 100);
// when
let res = codes.is_valid(&generate_hash(code, time), time);
@ -156,7 +190,7 @@ mod tests {
// given
let code = "23521352asdfasdfadf";
let time = 99;
let codes = AuthCodes::new(vec!["1".into()], || 100);
let mut codes = AuthCodes::new(vec!["1".into()], || 100);
// when
let res = codes.is_valid(&generate_hash(code, time), time);
@ -171,7 +205,7 @@ mod tests {
let code = "23521352asdfasdfadf";
let time = 107;
let time2 = 93;
let codes = AuthCodes::new(vec![code.into()], || 100);
let mut codes = AuthCodes::new(vec![code.into()], || 100);
// when
let res1 = codes.is_valid(&generate_hash(code, time), time);

View File

@ -14,24 +14,48 @@
// You should have received a copy of the GNU General Public License
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use std::env;
use std::ops::{Deref, DerefMut};
use std::thread;
use std::time::Duration;
use std::time::{self, Duration};
use std::sync::Arc;
use devtools::http_client;
use devtools::{http_client, RandomTempPath};
use rpc::ConfirmationsQueue;
use util::Hashable;
use rand;
use ServerBuilder;
use Server;
use AuthCodes;
pub fn serve() -> Server {
pub struct GuardedAuthCodes {
authcodes: AuthCodes,
path: RandomTempPath,
}
impl Deref for GuardedAuthCodes {
type Target = AuthCodes;
fn deref(&self) -> &Self::Target {
&self.authcodes
}
}
impl DerefMut for GuardedAuthCodes {
fn deref_mut(&mut self) -> &mut AuthCodes {
&mut self.authcodes
}
}
pub fn serve() -> (Server, usize, GuardedAuthCodes) {
let mut path = RandomTempPath::new();
path.panic_on_drop_failure = false;
let queue = Arc::new(ConfirmationsQueue::default());
let builder = ServerBuilder::new(queue, env::temp_dir());
let builder = ServerBuilder::new(queue, path.to_path_buf());
let port = 35000 + rand::random::<usize>() % 10000;
let res = builder.start(format!("127.0.0.1:{}", port).parse().unwrap()).unwrap();
thread::sleep(Duration::from_millis(25));
res
(res, port, GuardedAuthCodes {
authcodes: AuthCodes::from_file(&path).unwrap(),
path: path,
})
}
pub fn request(server: Server, request: &str) -> http_client::Response {
@ -41,7 +65,7 @@ pub fn request(server: Server, request: &str) -> http_client::Response {
#[test]
fn should_reject_invalid_host() {
// given
let server = serve();
let server = serve().0;
// when
let response = request(server,
@ -62,7 +86,7 @@ fn should_reject_invalid_host() {
#[test]
fn should_serve_styles_even_on_disallowed_domain() {
// given
let server = serve();
let server = serve().0;
// when
let response = request(server,
@ -79,3 +103,103 @@ fn should_serve_styles_even_on_disallowed_domain() {
assert_eq!(response.status, "HTTP/1.1 200 OK".to_owned());
}
#[test]
fn should_block_if_authorization_is_incorrect() {
// given
let (server, port, _) = serve();
// when
let response = request(server,
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Upgrade\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol: wrong\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
", port)
);
// then
assert_eq!(response.status, "HTTP/1.1 403 FORBIDDEN".to_owned());
}
#[test]
fn should_allow_if_authorization_is_correct() {
// given
let (server, port, mut authcodes) = serve();
let code = authcodes.generate_new().unwrap().replace("-", "");
authcodes.to_file(&authcodes.path).unwrap();
let timestamp = time::UNIX_EPOCH.elapsed().unwrap().as_secs();
// when
let response = request(server,
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Close\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol: {:?}_{}\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
",
port,
format!("{}:{}", code, timestamp).sha3(),
timestamp,
)
);
// then
assert_eq!(response.status, "HTTP/1.1 101 Switching Protocols".to_owned());
}
#[test]
fn should_allow_initial_connection_but_only_once() {
// given
let (server, port, authcodes) = serve();
let code = "initial";
let timestamp = time::UNIX_EPOCH.elapsed().unwrap().as_secs();
assert!(authcodes.is_empty());
// when
let response1 = http_client::request(server.addr(),
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Close\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol:{:?}_{}\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
",
port,
format!("{}:{}", code, timestamp).sha3(),
timestamp,
)
);
let response2 = http_client::request(server.addr(),
&format!("\
GET / HTTP/1.1\r\n\
Host: 127.0.0.1:{}\r\n\
Connection: Close\r\n\
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw==\r\n\
Sec-WebSocket-Protocol:{:?}_{}\r\n\
Sec-WebSocket-Version: 13\r\n\
\r\n\
{{}}
",
port,
format!("{}:{}", code, timestamp).sha3(),
timestamp,
)
);
// then
assert_eq!(response1.status, "HTTP/1.1 101 Switching Protocols".to_owned());
assert_eq!(response2.status, "HTTP/1.1 403 FORBIDDEN".to_owned());
}

View File

@ -180,7 +180,6 @@ impl Drop for Server {
self.queue.finish();
self.broadcaster_handle.take().unwrap().join().unwrap();
self.handle.take().unwrap().join().unwrap();
}
}

View File

@ -59,7 +59,7 @@ fn origin_is_allowed(self_origin: &str, header: Option<&[u8]>) -> bool {
}
}
fn auth_is_valid(codes: &Path, protocols: ws::Result<Vec<&str>>) -> bool {
fn auth_is_valid(codes_path: &Path, protocols: ws::Result<Vec<&str>>) -> bool {
match protocols {
Ok(ref protocols) if protocols.len() == 1 => {
protocols.iter().any(|protocol| {
@ -69,8 +69,15 @@ fn auth_is_valid(codes: &Path, protocols: ws::Result<Vec<&str>>) -> bool {
if let (Some(auth), Some(time)) = (auth, time) {
// Check if the code is valid
AuthCodes::from_file(codes)
.map(|codes| codes.is_valid(&auth, time))
AuthCodes::from_file(codes_path)
.map(|mut codes| {
let res = codes.is_valid(&auth, time);
// make sure to save back authcodes - it might have been modified
if let Err(_) = codes.to_file(codes_path) {
warn!(target: "signer", "Couldn't save authorization codes to file.");
}
res
})
.unwrap_or(false)
} else {
false