ec3db0f56c
* signer: introduce external signer command * cmd/signer, rpc: Implement new signer. Add info about remote user to Context * signer: refactored request/response, made use of urfave.cli * cmd/signer: Use common flags * cmd/signer: methods to validate calldata against abi * cmd/signer: work on abi parser * signer: add mutex around UI * cmd/signer: add json 4byte directory, remove passwords from api * cmd/signer: minor changes * cmd/signer: Use ErrRequestDenied, enable lightkdf * cmd/signer: implement tests * cmd/signer: made possible for UI to modify tx parameters * cmd/signer: refactors, removed channels in ui comms, added UI-api via stdin/out * cmd/signer: Made lowercase json-definitions, added UI-signer test functionality * cmd/signer: update documentation * cmd/signer: fix bugs, improve abi detection, abi argument display * cmd/signer: minor change in json format * cmd/signer: rework json communication * cmd/signer: implement mixcase addresses in API, fix json id bug * cmd/signer: rename fromaccount, update pythonpoc with new json encoding format * cmd/signer: make use of new abi interface * signer: documentation * signer/main: remove redundant option * signer: implement audit logging * signer: create package 'signer', minor changes * common: add 0x-prefix to mixcaseaddress in json marshalling + validation * signer, rules, storage: implement rules + ephemeral storage for signer rules * signer: implement OnApprovedTx, change signing response (API BREAKAGE) * signer: refactoring + documentation * signer/rules: implement dispatching to next handler * signer: docs * signer/rules: hide json-conversion from users, ensure context is cleaned * signer: docs * signer: implement validation rules, change signature of call_info * signer: fix log flaw with string pointer * signer: implement custom 4byte databsae that saves submitted signatures * signer/storage: implement aes-gcm-backed credential storage * accounts: implement json unmarshalling of url * signer: fix listresponse, fix gas->uint64 * node: make http/ipc start methods public * signer: add ipc capability+review concerns * accounts: correct docstring * signer: address review concerns * rpc: go fmt -s * signer: review concerns+ baptize Clef * signer,node: move Start-functions to separate file * signer: formatting
249 lines
7.5 KiB
Go
249 lines
7.5 KiB
Go
// Copyright 2018 The go-ethereum Authors
|
|
// This file is part of go-ethereum.
|
|
//
|
|
// go-ethereum is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// go-ethereum is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with go-ethereum. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package rules
|
|
|
|
import (
|
|
"encoding/json"
|
|
"fmt"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/ethereum/go-ethereum/common"
|
|
"github.com/ethereum/go-ethereum/internal/ethapi"
|
|
"github.com/ethereum/go-ethereum/log"
|
|
"github.com/ethereum/go-ethereum/signer/core"
|
|
"github.com/ethereum/go-ethereum/signer/rules/deps"
|
|
"github.com/ethereum/go-ethereum/signer/storage"
|
|
"github.com/robertkrimen/otto"
|
|
)
|
|
|
|
var (
|
|
BigNumber_JS = deps.MustAsset("bignumber.js")
|
|
)
|
|
|
|
// consoleOutput is an override for the console.log and console.error methods to
|
|
// stream the output into the configured output stream instead of stdout.
|
|
func consoleOutput(call otto.FunctionCall) otto.Value {
|
|
output := []string{"JS:> "}
|
|
for _, argument := range call.ArgumentList {
|
|
output = append(output, fmt.Sprintf("%v", argument))
|
|
}
|
|
fmt.Fprintln(os.Stdout, strings.Join(output, " "))
|
|
return otto.Value{}
|
|
}
|
|
|
|
// rulesetUi provides an implementation of SignerUI that evaluates a javascript
|
|
// file for each defined UI-method
|
|
type rulesetUi struct {
|
|
next core.SignerUI // The next handler, for manual processing
|
|
storage storage.Storage
|
|
credentials storage.Storage
|
|
jsRules string // The rules to use
|
|
}
|
|
|
|
func NewRuleEvaluator(next core.SignerUI, jsbackend, credentialsBackend storage.Storage) (*rulesetUi, error) {
|
|
c := &rulesetUi{
|
|
next: next,
|
|
storage: jsbackend,
|
|
credentials: credentialsBackend,
|
|
jsRules: "",
|
|
}
|
|
|
|
return c, nil
|
|
}
|
|
|
|
func (r *rulesetUi) Init(javascriptRules string) error {
|
|
r.jsRules = javascriptRules
|
|
return nil
|
|
}
|
|
func (r *rulesetUi) execute(jsfunc string, jsarg interface{}) (otto.Value, error) {
|
|
|
|
// Instantiate a fresh vm engine every time
|
|
vm := otto.New()
|
|
// Set the native callbacks
|
|
consoleObj, _ := vm.Get("console")
|
|
consoleObj.Object().Set("log", consoleOutput)
|
|
consoleObj.Object().Set("error", consoleOutput)
|
|
vm.Set("storage", r.storage)
|
|
|
|
// Load bootstrap libraries
|
|
script, err := vm.Compile("bignumber.js", BigNumber_JS)
|
|
if err != nil {
|
|
log.Warn("Failed loading libraries", "err", err)
|
|
return otto.UndefinedValue(), err
|
|
}
|
|
vm.Run(script)
|
|
|
|
// Run the actual rule implementation
|
|
_, err = vm.Run(r.jsRules)
|
|
if err != nil {
|
|
log.Warn("Execution failed", "err", err)
|
|
return otto.UndefinedValue(), err
|
|
}
|
|
|
|
// And the actual call
|
|
// All calls are objects with the parameters being keys in that object.
|
|
// To provide additional insulation between js and go, we serialize it into JSON on the Go-side,
|
|
// and deserialize it on the JS side.
|
|
|
|
jsonbytes, err := json.Marshal(jsarg)
|
|
if err != nil {
|
|
log.Warn("failed marshalling data", "data", jsarg)
|
|
return otto.UndefinedValue(), err
|
|
}
|
|
// Now, we call foobar(JSON.parse(<jsondata>)).
|
|
var call string
|
|
if len(jsonbytes) > 0 {
|
|
call = fmt.Sprintf("%v(JSON.parse(%v))", jsfunc, string(jsonbytes))
|
|
} else {
|
|
call = fmt.Sprintf("%v()", jsfunc)
|
|
}
|
|
return vm.Run(call)
|
|
}
|
|
|
|
func (r *rulesetUi) checkApproval(jsfunc string, jsarg []byte, err error) (bool, error) {
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
v, err := r.execute(jsfunc, string(jsarg))
|
|
if err != nil {
|
|
log.Info("error occurred during execution", "error", err)
|
|
return false, err
|
|
}
|
|
result, err := v.ToString()
|
|
if err != nil {
|
|
log.Info("error occurred during response unmarshalling", "error", err)
|
|
return false, err
|
|
}
|
|
if result == "Approve" {
|
|
log.Info("Op approved")
|
|
return true, nil
|
|
} else if result == "Reject" {
|
|
log.Info("Op rejected")
|
|
return false, nil
|
|
}
|
|
return false, fmt.Errorf("Unknown response")
|
|
}
|
|
|
|
func (r *rulesetUi) ApproveTx(request *core.SignTxRequest) (core.SignTxResponse, error) {
|
|
jsonreq, err := json.Marshal(request)
|
|
approved, err := r.checkApproval("ApproveTx", jsonreq, err)
|
|
if err != nil {
|
|
log.Info("Rule-based approval error, going to manual", "error", err)
|
|
return r.next.ApproveTx(request)
|
|
}
|
|
|
|
if approved {
|
|
return core.SignTxResponse{
|
|
Transaction: request.Transaction,
|
|
Approved: true,
|
|
Password: r.lookupPassword(request.Transaction.From.Address()),
|
|
},
|
|
nil
|
|
}
|
|
return core.SignTxResponse{Approved: false}, err
|
|
}
|
|
|
|
func (r *rulesetUi) lookupPassword(address common.Address) string {
|
|
return r.credentials.Get(strings.ToLower(address.String()))
|
|
}
|
|
|
|
func (r *rulesetUi) ApproveSignData(request *core.SignDataRequest) (core.SignDataResponse, error) {
|
|
jsonreq, err := json.Marshal(request)
|
|
approved, err := r.checkApproval("ApproveSignData", jsonreq, err)
|
|
if err != nil {
|
|
log.Info("Rule-based approval error, going to manual", "error", err)
|
|
return r.next.ApproveSignData(request)
|
|
}
|
|
if approved {
|
|
return core.SignDataResponse{Approved: true, Password: r.lookupPassword(request.Address.Address())}, nil
|
|
}
|
|
return core.SignDataResponse{Approved: false, Password: ""}, err
|
|
}
|
|
|
|
func (r *rulesetUi) ApproveExport(request *core.ExportRequest) (core.ExportResponse, error) {
|
|
jsonreq, err := json.Marshal(request)
|
|
approved, err := r.checkApproval("ApproveExport", jsonreq, err)
|
|
if err != nil {
|
|
log.Info("Rule-based approval error, going to manual", "error", err)
|
|
return r.next.ApproveExport(request)
|
|
}
|
|
if approved {
|
|
return core.ExportResponse{Approved: true}, nil
|
|
}
|
|
return core.ExportResponse{Approved: false}, err
|
|
}
|
|
|
|
func (r *rulesetUi) ApproveImport(request *core.ImportRequest) (core.ImportResponse, error) {
|
|
// This cannot be handled by rules, requires setting a password
|
|
// dispatch to next
|
|
return r.next.ApproveImport(request)
|
|
}
|
|
|
|
func (r *rulesetUi) ApproveListing(request *core.ListRequest) (core.ListResponse, error) {
|
|
jsonreq, err := json.Marshal(request)
|
|
approved, err := r.checkApproval("ApproveListing", jsonreq, err)
|
|
if err != nil {
|
|
log.Info("Rule-based approval error, going to manual", "error", err)
|
|
return r.next.ApproveListing(request)
|
|
}
|
|
if approved {
|
|
return core.ListResponse{Accounts: request.Accounts}, nil
|
|
}
|
|
return core.ListResponse{}, err
|
|
}
|
|
|
|
func (r *rulesetUi) ApproveNewAccount(request *core.NewAccountRequest) (core.NewAccountResponse, error) {
|
|
// This cannot be handled by rules, requires setting a password
|
|
// dispatch to next
|
|
return r.next.ApproveNewAccount(request)
|
|
}
|
|
|
|
func (r *rulesetUi) ShowError(message string) {
|
|
log.Error(message)
|
|
r.next.ShowError(message)
|
|
}
|
|
|
|
func (r *rulesetUi) ShowInfo(message string) {
|
|
log.Info(message)
|
|
r.next.ShowInfo(message)
|
|
}
|
|
func (r *rulesetUi) OnSignerStartup(info core.StartupInfo) {
|
|
jsonInfo, err := json.Marshal(info)
|
|
if err != nil {
|
|
log.Warn("failed marshalling data", "data", info)
|
|
return
|
|
}
|
|
r.next.OnSignerStartup(info)
|
|
_, err = r.execute("OnSignerStartup", string(jsonInfo))
|
|
if err != nil {
|
|
log.Info("error occurred during execution", "error", err)
|
|
}
|
|
}
|
|
|
|
func (r *rulesetUi) OnApprovedTx(tx ethapi.SignTransactionResult) {
|
|
jsonTx, err := json.Marshal(tx)
|
|
if err != nil {
|
|
log.Warn("failed marshalling transaction", "tx", tx)
|
|
return
|
|
}
|
|
_, err = r.execute("OnApprovedTx", string(jsonTx))
|
|
if err != nil {
|
|
log.Info("error occurred during execution", "error", err)
|
|
}
|
|
}
|