Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zmq secure connect implementation #641

Merged
merged 21 commits into from
Oct 3, 2018
Merged

Zmq secure connect implementation #641

merged 21 commits into from
Oct 3, 2018

Conversation

AionJayT
Copy link
Collaborator

Notice

It is not allowed to submit your PR to the master branch directly, please submit your PR to the master-pre-merge branch.

Description

The implementation allows the zmq server setup the secure connection by the build-in Curve algo.
To enable the secure connection, the user can enable the settings in the config.xml "secure-connect".
Also, the user needs to generate the curve keypair ( by using ./aion.sh -zs). And give the public key to the API client side. The client API need to upgrade to the v0.1.13 or later version.

Fixes Issue # .

Type of change

Insert x into the following checkboxes to confirm (eg. [x]):

  • Bug fix.
  • New feature.
  • Enhancement.
  • Unit test.
  • Breaking change (a fix or feature that causes existing functionality to not work as expected).
  • Requires documentation update.

Testing

Please describe the tests you used to validate this pull request. Provide any relevant details for test configurations as well as any instructions to reproduce these results.

it has been tested by the wallet team.

Verification

Insert x into the following checkboxes to confirm (eg. [x]):

  • I have self-reviewed my own code and conformed to the style guidelines of this project.
  • New and existing tests pass locally with my changes.
  • I have added tests for my fix or feature.
  • I have made appropriate changes to the corresponding documentation.
  • My code generates no new warnings.
  • Any dependent changes have been made.

@AionJayT AionJayT added this to the 0.3.2 milestone Sep 14, 2018
Copy link
Contributor

@arajasek arajasek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

@@ -786,7 +853,7 @@ private static boolean copyRecursively(File src, File target)
}
else {
try {
Files.copy(src, target);
com.google.common.io.Files.copy(src, target);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason this was removed from imports?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are 2 different Files classes using in this class

System.getProperty("user.dir") + File.separator + CfgSsl.SSL_KEYSTORE_DIR);

private File zmqkeyDir = new File(
System.getProperty("user.dir") + File.separator + CfgApiZmq.ZMQ_KEY_DIR);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the zmq_keystore should be added to .gitignore

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for Alexandra's suggestion

Also, can we have the value of System.getProperty() be passed into Cli's constructor instead of referring to it directly? The dependence on static methtod calls will make the class hard to test / modularize.

Copy link
Collaborator Author

@AionJayT AionJayT Sep 25, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aion-kelvin created an issue for tracking System.getProperty()
#652

case "-zs":
checkZmqKeystoreDir();
ZMQ.Curve.KeyPair kp = ZMQ.Curve.generateKeyPair();
genKeyFile(kp.publicKey, kp.secretKey);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on this implementation a user can generate multiple keys. Does having multiple keys have any advantage? Based on the key loading implementation I see a disadvantage in the fact that the chosen pair is relatively random. It may be preferable to overwrite the old key if the key generation is called a second time.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AlexandraRoatis

It may be preferable to overwrite the old key if the key generation is called a second time.

Alternatively, refuse to generate another one unless they manually remove the existing one, so they don't accidentally delete their private key and lose it forever. Or just prompt them before overwriting.

@@ -144,6 +186,39 @@ public void run() {
}
}

private void loadCurveKeyPair() {
List<File> files = getFiles();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps it would be useful here to check that the number of files is >= 2.

Copy link
Contributor

@AlexandraRoatis AlexandraRoatis Sep 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moreover, since generating the keys does not require any user input, why not simply generate them for the user when the files are missing? This would make the CLI call to generate the key pair not necessary.

Copy link
Contributor

@aion-kelvin aion-kelvin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey looks pretty good ... have a few comments related to refactoring/style

System.getProperty("user.dir") + File.separator + CfgSsl.SSL_KEYSTORE_DIR);

private File zmqkeyDir = new File(
System.getProperty("user.dir") + File.separator + CfgApiZmq.ZMQ_KEY_DIR);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 for Alexandra's suggestion

Also, can we have the value of System.getProperty() be passed into Cli's constructor instead of referring to it directly? The dependence on static methtod calls will make the class hard to test / modularize.

case "-zs":
checkZmqKeystoreDir();
ZMQ.Curve.KeyPair kp = ZMQ.Curve.generateKeyPair();
genKeyFile(kp.publicKey, kp.secretKey);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AlexandraRoatis

It may be preferable to overwrite the old key if the key generation is called a second time.

Alternatively, refuse to generate another one unless they manually remove the existing one, so they don't accidentally delete their private key and lose it forever. Or just prompt them before overwriting.

ZMQ.Curve.KeyPair kp = ZMQ.Curve.generateKeyPair();
genKeyFile(kp.publicKey, kp.secretKey);
System.out.println("Generate ZmqKeyPairFinished!");
return 1;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the convention is that a program returns 0 if it ran successfully, non-zero if it failed. So i think we should return 0 here

getFile(fileName, secretKey);
}

private void getFile(@Nonnull final String fileName, @Nonnull final String key) throws IOException {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

method name is a bit misleading... how about "writeKeyToFile"

try {
secureConnectEnabled = Boolean.parseBoolean(Cfg.readValue(sr));
} catch (Exception e) {
//System.out.println("failed to read config node: aion.api.rpc.filters-enabled; using preset: " + this.filtersEnabled);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the catch should log a warning

private static final long zmqHWM = 100_000;
private static final int SOCKETID_LEN = 5;
private static final int SOCKET_RECV_TIMEOUT = 3000;

static {
String storageDir = System.getProperty("local.storage.dir");
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we do the following to avoid the reliance on the static block:

  • make it so that storageDir is an argument to the constructor
  • make CURVEKEY_PATH and PATH non-static
  • move the logic of setting CURVEKEY_PATH and PATH into constructor
  • add either another constructor or a static method, that will call the constructor, and pass in `System.getProperty('local.storage.dir') as the value for storageDir

private void loadCurveKeyPair() {
List<File> files = getFiles();
String nextLoad = "";
for (File f : files) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a benefit to this fall-back/fuzzy logic? Why not just have two hard-coded file names it looks for?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking the user will generate several keypairs in case need to switch the keyset. The public key also needs to be updated to the client side, then the connection will be setup.

modMcf/src/org/aion/mcf/config/CfgApiZmq.java Show resolved Hide resolved
Copy link
Contributor

@aion-kelvin aion-kelvin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the changes!

@AionJayT AionJayT merged commit 4aed4ca into master-pre-merge Oct 3, 2018
@AionJayT AionJayT deleted the secure-zmq branch October 4, 2018 17:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants