From 32348c092cf6b1c09d4be5c5ca056148a90d6430 Mon Sep 17 00:00:00 2001 From: Sebastien Mondet Date: Wed, 20 Feb 2019 16:24:52 -0500 Subject: [PATCH] Fix use of ledger in `main_signer` --- src/bin_signer/main_signer.ml | 313 +++++++++++++++++----------------- 1 file changed, 159 insertions(+), 154 deletions(-) diff --git a/src/bin_signer/main_signer.ml b/src/bin_signer/main_signer.ml index dd4e88f98..766fd66ea 100644 --- a/src/bin_signer/main_signer.ml +++ b/src/bin_signer/main_signer.ml @@ -116,155 +116,158 @@ let may_setup_pidfile = function trace (failure "Failed to create the pidfile: %s" pidfile) @@ Lwt_lock_file.create ~unlink_on_exit:true pidfile -let commands base_dir require_auth = - Client_keys_commands.commands None @ - (* Tezos_signer_backends.Ledger.commands () @ *) - [ command ~group - ~desc: "Launch a signer daemon over a TCP socket." - (args5 - pidfile_arg - magic_bytes_arg - high_watermark_switch - (default_arg - ~doc: "listening address or host name" - ~short: 'a' - ~long: "address" - ~placeholder: "host|address" - ~default: default_tcp_host - (parameter (fun _ s -> return s))) - (default_arg - ~doc: "listening TCP port or service name" - ~short: 'p' - ~long: "port" - ~placeholder: "port number" - ~default: default_tcp_port - (parameter (fun _ s -> return s)))) - (prefixes [ "launch" ; "socket" ; "signer" ] @@ stop) - (fun (pidfile, magic_bytes, check_high_watermark, host, port) cctxt -> - init_signal () ; - may_setup_pidfile pidfile >>=? fun () -> - Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> - Socket_daemon.run - cctxt (Tcp (host, port, [AI_SOCKTYPE SOCK_STREAM])) - ?magic_bytes ~check_high_watermark ~require_auth >>=? fun _ -> - return_unit) ; - command ~group - ~desc: "Launch a signer daemon over a local Unix socket." - (args4 - pidfile_arg - magic_bytes_arg - high_watermark_switch - (default_arg - ~doc: "path to the local socket file" - ~short: 's' - ~long: "socket" - ~placeholder: "path" - ~default: (Filename.concat base_dir "socket") - (parameter (fun _ s -> return s)))) - (prefixes [ "launch" ; "local" ; "signer" ] @@ stop) - (fun (pidfile, magic_bytes, check_high_watermark, path) cctxt -> - init_signal () ; - may_setup_pidfile pidfile >>=? fun () -> - Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> - Socket_daemon.run - cctxt (Unix path) ?magic_bytes ~check_high_watermark ~require_auth >>=? fun _ -> - return_unit) ; - command ~group - ~desc: "Launch a signer daemon over HTTP." - (args5 - pidfile_arg - magic_bytes_arg - high_watermark_switch - (default_arg - ~doc: "listening address or host name" - ~short: 'a' - ~long: "address" - ~placeholder: "host|address" - ~default: default_http_host - (parameter (fun _ s -> return s))) - (default_arg - ~doc: "listening HTTP port" - ~short: 'p' - ~long: "port" - ~placeholder: "port number" - ~default: default_http_port - (parameter - (fun _ x -> - try return (int_of_string x) - with Failure _ -> failwith "Invalid port %s" x)))) - (prefixes [ "launch" ; "http" ; "signer" ] @@ stop) - (fun (pidfile, magic_bytes, check_high_watermark, host, port) cctxt -> - init_signal () ; - may_setup_pidfile pidfile >>=? fun () -> - Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> - Http_daemon.run_http cctxt ~host ~port ?magic_bytes ~check_high_watermark ~require_auth) ; - command ~group - ~desc: "Launch a signer daemon over HTTPS." - (args5 - pidfile_arg - magic_bytes_arg - high_watermark_switch - (default_arg - ~doc: "listening address or host name" - ~short: 'a' - ~long: "address" - ~placeholder: "host|address" - ~default: default_https_host - (parameter (fun _ s -> return s))) - (default_arg - ~doc: "listening HTTPS port" - ~short: 'p' - ~long: "port" - ~placeholder: "port number" - ~default: default_https_port - (parameter - (fun _ x -> - try return (int_of_string x) - with Failure _ -> failwith "Invalid port %s" x)))) - (prefixes [ "launch" ; "https" ; "signer" ] @@ - param - ~name:"cert" - ~desc: "path to the TLS certificate" - (parameter (fun _ s -> - if not (Sys.file_exists s) then - failwith "No such TLS certificate file %s" s - else - return s)) @@ - param - ~name:"key" - ~desc: "path to the TLS key" - (parameter (fun _ s -> - if not (Sys.file_exists s) then - failwith "No such TLS key file %s" s - else - return s)) @@ stop) - (fun (pidfile, magic_bytes, check_high_watermark, host, port) cert key cctxt -> - init_signal () ; - may_setup_pidfile pidfile >>=? fun () -> - Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> - Http_daemon.run_https cctxt ~host ~port ~cert ~key ?magic_bytes ~check_high_watermark ~require_auth) ; - command ~group - ~desc: "Authorize a given public key to perform signing requests." - (args1 - (arg - ~doc: "an optional name for the key (defaults to the hash)" - ~short: 'N' - ~long: "name" - ~placeholder: "name" - (parameter (fun _ s -> return s)))) - (prefixes [ "add" ; "authorized" ; "key" ] @@ - param - ~name:"pk" - ~desc: "full public key (Base58 encoded)" - (parameter (fun _ s -> Lwt.return (Signature.Public_key.of_b58check s))) @@ - stop) - (fun name key cctxt -> - let pkh = Signature.Public_key.hash key in - let name = match name with - | Some name -> name - | None -> Signature.Public_key_hash.to_b58check pkh in - Handler.Authorized_key.add ~force:false cctxt name key) - ] +let commands base_dir require_auth : Client_context.full command list = + Tezos_signer_backends.Ledger.commands () @ + List.map + (Clic.map_command + (fun (o : Client_context.full) -> (o :> Client_context.io_wallet))) + (Client_keys_commands.commands None @ + [ command ~group + ~desc: "Launch a signer daemon over a TCP socket." + (args5 + pidfile_arg + magic_bytes_arg + high_watermark_switch + (default_arg + ~doc: "listening address or host name" + ~short: 'a' + ~long: "address" + ~placeholder: "host|address" + ~default: default_tcp_host + (parameter (fun _ s -> return s))) + (default_arg + ~doc: "listening TCP port or service name" + ~short: 'p' + ~long: "port" + ~placeholder: "port number" + ~default: default_tcp_port + (parameter (fun _ s -> return s)))) + (prefixes [ "launch" ; "socket" ; "signer" ] @@ stop) + (fun (pidfile, magic_bytes, check_high_watermark, host, port) cctxt -> + init_signal () ; + may_setup_pidfile pidfile >>=? fun () -> + Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> + Socket_daemon.run + cctxt (Tcp (host, port, [AI_SOCKTYPE SOCK_STREAM])) + ?magic_bytes ~check_high_watermark ~require_auth >>=? fun _ -> + return_unit) ; + command ~group + ~desc: "Launch a signer daemon over a local Unix socket." + (args4 + pidfile_arg + magic_bytes_arg + high_watermark_switch + (default_arg + ~doc: "path to the local socket file" + ~short: 's' + ~long: "socket" + ~placeholder: "path" + ~default: (Filename.concat base_dir "socket") + (parameter (fun _ s -> return s)))) + (prefixes [ "launch" ; "local" ; "signer" ] @@ stop) + (fun (pidfile, magic_bytes, check_high_watermark, path) cctxt -> + init_signal () ; + may_setup_pidfile pidfile >>=? fun () -> + Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> + Socket_daemon.run + cctxt (Unix path) ?magic_bytes ~check_high_watermark ~require_auth >>=? fun _ -> + return_unit) ; + command ~group + ~desc: "Launch a signer daemon over HTTP." + (args5 + pidfile_arg + magic_bytes_arg + high_watermark_switch + (default_arg + ~doc: "listening address or host name" + ~short: 'a' + ~long: "address" + ~placeholder: "host|address" + ~default: default_http_host + (parameter (fun _ s -> return s))) + (default_arg + ~doc: "listening HTTP port" + ~short: 'p' + ~long: "port" + ~placeholder: "port number" + ~default: default_http_port + (parameter + (fun _ x -> + try return (int_of_string x) + with Failure _ -> failwith "Invalid port %s" x)))) + (prefixes [ "launch" ; "http" ; "signer" ] @@ stop) + (fun (pidfile, magic_bytes, check_high_watermark, host, port) cctxt -> + init_signal () ; + may_setup_pidfile pidfile >>=? fun () -> + Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> + Http_daemon.run_http cctxt ~host ~port ?magic_bytes ~check_high_watermark ~require_auth) ; + command ~group + ~desc: "Launch a signer daemon over HTTPS." + (args5 + pidfile_arg + magic_bytes_arg + high_watermark_switch + (default_arg + ~doc: "listening address or host name" + ~short: 'a' + ~long: "address" + ~placeholder: "host|address" + ~default: default_https_host + (parameter (fun _ s -> return s))) + (default_arg + ~doc: "listening HTTPS port" + ~short: 'p' + ~long: "port" + ~placeholder: "port number" + ~default: default_https_port + (parameter + (fun _ x -> + try return (int_of_string x) + with Failure _ -> failwith "Invalid port %s" x)))) + (prefixes [ "launch" ; "https" ; "signer" ] @@ + param + ~name:"cert" + ~desc: "path to the TLS certificate" + (parameter (fun _ s -> + if not (Sys.file_exists s) then + failwith "No such TLS certificate file %s" s + else + return s)) @@ + param + ~name:"key" + ~desc: "path to the TLS key" + (parameter (fun _ s -> + if not (Sys.file_exists s) then + failwith "No such TLS key file %s" s + else + return s)) @@ stop) + (fun (pidfile, magic_bytes, check_high_watermark, host, port) cert key cctxt -> + init_signal () ; + may_setup_pidfile pidfile >>=? fun () -> + Tezos_signer_backends.Encrypted.decrypt_all cctxt >>=? fun () -> + Http_daemon.run_https cctxt ~host ~port ~cert ~key ?magic_bytes ~check_high_watermark ~require_auth) ; + command ~group + ~desc: "Authorize a given public key to perform signing requests." + (args1 + (arg + ~doc: "an optional name for the key (defaults to the hash)" + ~short: 'N' + ~long: "name" + ~placeholder: "name" + (parameter (fun _ s -> return s)))) + (prefixes [ "add" ; "authorized" ; "key" ] @@ + param + ~name:"pk" + ~desc: "full public key (Base58 encoded)" + (parameter (fun _ s -> Lwt.return (Signature.Public_key.of_b58check s))) @@ + stop) + (fun name key cctxt -> + let pkh = Signature.Public_key.hash key in + let name = match name with + | Some name -> name + | None -> Signature.Public_key_hash.to_b58check pkh in + Handler.Authorized_key.add ~force:false cctxt name key) + ]) let home = try Sys.getenv "HOME" with Not_found -> "/root" @@ -333,11 +336,13 @@ let main () = (global_options ()) () original_args >>=? fun ((base_dir, require_auth, password_filename), remaining) -> let base_dir = Option.unopt ~default:default_base_dir base_dir in - let cctxt = object - inherit Client_context_unix.unix_logger ~base_dir - inherit Client_context_unix.unix_prompter - inherit Client_context_unix.unix_wallet ~base_dir ~password_filename - end in + let cctxt = + new Client_context_unix.unix_full + ~block:Client_config.default_block + ~confirmations:None + ~password_filename + ~base_dir + ~rpc_config:RPC_client.default_config in Client_keys.register_signer (module Tezos_signer_backends.Encrypted.Make(struct let cctxt = new Client_context_unix.unix_prompter