-
Notifications
You must be signed in to change notification settings - Fork 113
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Zmq secure connect implementation #641
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM :)
@@ -786,7 +853,7 @@ private static boolean copyRecursively(File src, File target) | |||
} | |||
else { | |||
try { | |||
Files.copy(src, target); | |||
com.google.common.io.Files.copy(src, target); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there a reason this was removed from imports?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there are 2 different Files classes using in this class
System.getProperty("user.dir") + File.separator + CfgSsl.SSL_KEYSTORE_DIR); | ||
|
||
private File zmqkeyDir = new File( | ||
System.getProperty("user.dir") + File.separator + CfgApiZmq.ZMQ_KEY_DIR); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the zmq_keystore
should be added to .gitignore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for Alexandra's suggestion
Also, can we have the value of System.getProperty() be passed into Cli's constructor instead of referring to it directly? The dependence on static methtod calls will make the class hard to test / modularize.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@aion-kelvin created an issue for tracking System.getProperty()
#652
case "-zs": | ||
checkZmqKeystoreDir(); | ||
ZMQ.Curve.KeyPair kp = ZMQ.Curve.generateKeyPair(); | ||
genKeyFile(kp.publicKey, kp.secretKey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on this implementation a user can generate multiple keys. Does having multiple keys have any advantage? Based on the key loading implementation I see a disadvantage in the fact that the chosen pair is relatively random. It may be preferable to overwrite the old key if the key generation is called a second time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may be preferable to overwrite the old key if the key generation is called a second time.
Alternatively, refuse to generate another one unless they manually remove the existing one, so they don't accidentally delete their private key and lose it forever. Or just prompt them before overwriting.
@@ -144,6 +186,39 @@ public void run() { | |||
} | |||
} | |||
|
|||
private void loadCurveKeyPair() { | |||
List<File> files = getFiles(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps it would be useful here to check that the number of files is >= 2.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moreover, since generating the keys does not require any user input, why not simply generate them for the user when the files are missing? This would make the CLI call to generate the key pair not necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey looks pretty good ... have a few comments related to refactoring/style
System.getProperty("user.dir") + File.separator + CfgSsl.SSL_KEYSTORE_DIR); | ||
|
||
private File zmqkeyDir = new File( | ||
System.getProperty("user.dir") + File.separator + CfgApiZmq.ZMQ_KEY_DIR); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for Alexandra's suggestion
Also, can we have the value of System.getProperty() be passed into Cli's constructor instead of referring to it directly? The dependence on static methtod calls will make the class hard to test / modularize.
case "-zs": | ||
checkZmqKeystoreDir(); | ||
ZMQ.Curve.KeyPair kp = ZMQ.Curve.generateKeyPair(); | ||
genKeyFile(kp.publicKey, kp.secretKey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may be preferable to overwrite the old key if the key generation is called a second time.
Alternatively, refuse to generate another one unless they manually remove the existing one, so they don't accidentally delete their private key and lose it forever. Or just prompt them before overwriting.
ZMQ.Curve.KeyPair kp = ZMQ.Curve.generateKeyPair(); | ||
genKeyFile(kp.publicKey, kp.secretKey); | ||
System.out.println("Generate ZmqKeyPairFinished!"); | ||
return 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the convention is that a program returns 0 if it ran successfully, non-zero if it failed. So i think we should return 0 here
getFile(fileName, secretKey); | ||
} | ||
|
||
private void getFile(@Nonnull final String fileName, @Nonnull final String key) throws IOException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
method name is a bit misleading... how about "writeKeyToFile"
try { | ||
secureConnectEnabled = Boolean.parseBoolean(Cfg.readValue(sr)); | ||
} catch (Exception e) { | ||
//System.out.println("failed to read config node: aion.api.rpc.filters-enabled; using preset: " + this.filtersEnabled); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the catch should log a warning
private static final long zmqHWM = 100_000; | ||
private static final int SOCKETID_LEN = 5; | ||
private static final int SOCKET_RECV_TIMEOUT = 3000; | ||
|
||
static { | ||
String storageDir = System.getProperty("local.storage.dir"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we do the following to avoid the reliance on the static block:
- make it so that
storageDir
is an argument to the constructor - make
CURVEKEY_PATH
andPATH
non-static - move the logic of setting CURVEKEY_PATH and PATH into constructor
- add either another constructor or a static method, that will call the constructor, and pass in `System.getProperty('local.storage.dir') as the value for storageDir
private void loadCurveKeyPair() { | ||
List<File> files = getFiles(); | ||
String nextLoad = ""; | ||
for (File f : files) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a benefit to this fall-back/fuzzy logic? Why not just have two hard-coded file names it looks for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was thinking the user will generate several keypairs in case need to switch the keyset. The public key also needs to be updated to the client side, then the connection will be setup.
…d cli return logic fix for secure connect
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for the changes!
Notice
It is not allowed to submit your PR to the master branch directly, please submit your PR to the master-pre-merge branch.
Description
The implementation allows the zmq server setup the secure connection by the build-in Curve algo.
To enable the secure connection, the user can enable the settings in the config.xml "secure-connect".
Also, the user needs to generate the curve keypair ( by using ./aion.sh -zs). And give the public key to the API client side. The client API need to upgrade to the v0.1.13 or later version.
Fixes Issue # .
Type of change
Insert x into the following checkboxes to confirm (eg. [x]):
Testing
Please describe the tests you used to validate this pull request. Provide any relevant details for test configurations as well as any instructions to reproduce these results.
it has been tested by the wallet team.
Verification
Insert x into the following checkboxes to confirm (eg. [x]):