ligo/src/lib_signer_backends/https.ml

(**************************************************************************)
(*                                                                        *)
(*    Copyright (c) 2014 - 2018.                                          *)
(*    Dynamic Ledger Solutions, Inc. <contact@tezos.com>                  *)
(*                                                                        *)
(*    All rights reserved. No warranty, explicit or implicit, provided.   *)
(*                                                                        *)
(**************************************************************************)

open Client_keys

let scheme = "https"

module Make(P : sig
    val authenticate: Signature.Public_key_hash.t list -> MBytes.t -> Signature.t tzresult Lwt.t
  end) = struct

  let scheme = scheme

  let title =
    "Built-in tezos-signer using remote signer through hardcoded https requests."

  let description =
    "Valid locators are of this form:\n\
    \ -  https://host/tz1...\n\
    \ -  https://host:port/path/to/service/tz1...\n"

  let parse uri =
    (* extract `tz1..` from the last component of the path *)
    assert (Uri.scheme uri = Some scheme) ;
    let path = Uri.path uri in
    begin match String.rindex_opt path '/' with
      | None ->
          failwith "Invalid locator %a" Uri.pp_hum uri
      | Some i ->
          let pkh = String.sub path (i + 1) (String.length path - i - 1) in
          let path = String.sub path 0 i in
          return (Uri.with_path uri path, pkh)
    end >>=? fun (base, pkh) ->
    Lwt.return (Signature.Public_key_hash.of_b58check pkh) >>=? fun pkh ->
    return (base, pkh)

  let public_key uri =
    parse (uri : pk_uri :> Uri.t) >>=? fun (base, pkh) ->
    RPC_client.call_service
      Media_type.all_media_types
      ~base Signer_services.public_key ((), pkh) () ()

  let neuterize uri =
    return (Client_keys.make_pk_uri (uri : sk_uri :> Uri.t))

  let public_key_hash uri =
    public_key uri >>=? fun pk ->
    return (Signature.Public_key.hash pk)

  let sign ?watermark uri msg =
    parse (uri : sk_uri :> Uri.t) >>=? fun (base, pkh) ->
    let msg =
      match watermark with
      | None -> msg
      | Some watermark ->
          MBytes.concat "" [ Signature.bytes_of_watermark watermark ; msg ] in
    RPC_client.call_service
      Media_type.all_media_types
      ~base Signer_services.authorized_keys () () () >>=? fun authorized_keys ->
    begin match authorized_keys with
      | Some authorized_keys ->
          P.authenticate
            authorized_keys
            (Signer_messages.Sign.Request.to_sign ~pkh ~data:msg) >>=? fun signature ->
          return (Some signature)
      | None -> return None
    end >>=? fun signature ->
    RPC_client.call_service
      Media_type.all_media_types
      ~base Signer_services.sign ((), pkh)
      signature
      msg

end

let make_base host port =
  Uri.make ~scheme ~host ~port ()
Client: simplify `Client_keys.SIGNER` We now use `Uri.t` to represent public and secret keys. The 'remote' scheme is replaced by `https://`, `unix:///` and `tcp://`. 2018-05-26 15:22:47 +04:00			`(**************************************************************************)`
			`(* *)`
			`(* Copyright (c) 2014 - 2018. *)`
			`(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)`
			`(* *)`
			`(* All rights reserved. No warranty, explicit or implicit, provided. *)`
			`(* *)`
			`(**************************************************************************)`

			`open Client_keys`

			`let scheme = "https"`

Signer: add authorized keys mechanism 2018-06-06 12:49:53 +04:00			`module Make(P : sig`
			`val authenticate: Signature.Public_key_hash.t list -> MBytes.t -> Signature.t tzresult Lwt.t`
			`end) = struct`

			`let scheme = scheme`

			`let title =`
			`"Built-in tezos-signer using remote signer through hardcoded https requests."`

			`let description =`
			`"Valid locators are of this form:\n\`
			`\ - https://host/tz1...\n\`
			`\ - https://host:port/path/to/service/tz1...\n"`

			`let parse uri =`
			(* extract `tz1..` from the last component of the path *)
			`assert (Uri.scheme uri = Some scheme) ;`
			`let path = Uri.path uri in`
			`begin match String.rindex_opt path '/' with`
			`\| None ->`
			`failwith "Invalid locator %a" Uri.pp_hum uri`
			`\| Some i ->`
			`let pkh = String.sub path (i + 1) (String.length path - i - 1) in`
			`let path = String.sub path 0 i in`
			`return (Uri.with_path uri path, pkh)`
			`end >>=? fun (base, pkh) ->`
			`Lwt.return (Signature.Public_key_hash.of_b58check pkh) >>=? fun pkh ->`
			`return (base, pkh)`

			`let public_key uri =`
			`parse (uri : pk_uri :> Uri.t) >>=? fun (base, pkh) ->`
			`RPC_client.call_service`
			`Media_type.all_media_types`
			`~base Signer_services.public_key ((), pkh) () ()`

			`let neuterize uri =`
			`return (Client_keys.make_pk_uri (uri : sk_uri :> Uri.t))`

			`let public_key_hash uri =`
			`public_key uri >>=? fun pk ->`
			`return (Signature.Public_key.hash pk)`

			`let sign ?watermark uri msg =`
			`parse (uri : sk_uri :> Uri.t) >>=? fun (base, pkh) ->`
			`let msg =`
			`match watermark with`
			`\| None -> msg`
			`\| Some watermark ->`
			`MBytes.concat "" [ Signature.bytes_of_watermark watermark ; msg ] in`
			`RPC_client.call_service`
			`Media_type.all_media_types`
			`~base Signer_services.authorized_keys () () () >>=? fun authorized_keys ->`
			`begin match authorized_keys with`
			`\| Some authorized_keys ->`
			`P.authenticate`
			`authorized_keys`
			`(Signer_messages.Sign.Request.to_sign ~pkh ~data:msg) >>=? fun signature ->`
			`return (Some signature)`
			`\| None -> return None`
			`end >>=? fun signature ->`
			`RPC_client.call_service`
			`Media_type.all_media_types`
			`~base Signer_services.sign ((), pkh)`
			`signature`
			`msg`

			`end`
Signer: allow to configure the signer with environment variables 2018-05-27 15:27:29 +04:00
			`let make_base host port =`
			`Uri.make ~scheme ~host ~port ()`