173 lines
5.9 KiB
OCaml
173 lines
5.9 KiB
OCaml
(**************************************************************************)
|
|
(* *)
|
|
(* Copyright (c) 2014 - 2018. *)
|
|
(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)
|
|
(* *)
|
|
(* All rights reserved. No warranty, explicit or implicit, provided. *)
|
|
(* *)
|
|
(**************************************************************************)
|
|
|
|
open Client_keys
|
|
|
|
let scheme = "remote"
|
|
|
|
module Make(S : sig
|
|
val default : Uri.t
|
|
val authenticate: Signature.Public_key_hash.t list -> MBytes.t -> Signature.t tzresult Lwt.t
|
|
val logger: RPC_client.logger
|
|
end) = struct
|
|
|
|
let scheme = scheme
|
|
|
|
let title =
|
|
"Built-in tezos-signer using remote wallet."
|
|
|
|
let description =
|
|
"Valid locators are of this form: remote://tz1...\n\
|
|
The key will be queried to current remote signer, which can be \
|
|
configured with the `--remote-signer` or `-R` options, \
|
|
or by defining the following environment variables:\n\
|
|
\ - $TEZOS_SIGNER_UNIX_PATH,\n\
|
|
\ - $TEZOS_SIGNER_TCP_HOST and $TEZOS_SIGNER_TCP_PORT (default: 7732),\n\
|
|
\ - $TEZOS_SIGNER_HTTP_HOST and $TEZOS_SIGNER_HTTP_PORT (default: 6732),\n\
|
|
\ - $TEZOS_SIGNER_HTTPS_HOST and $TEZOS_SIGNER_HTTPS_PORT (default: 443)."
|
|
|
|
module Socket = Socket.Make(S)
|
|
module Http = Http.Make(S)
|
|
module Https = Https.Make(S)
|
|
|
|
let get_remote () =
|
|
match Uri.scheme S.default with
|
|
| Some "unix" -> (module Socket.Unix : SIGNER)
|
|
| Some "tcp" -> (module Socket.Tcp : SIGNER)
|
|
| Some "http" -> (module Http : SIGNER)
|
|
| Some "https" -> (module Https : SIGNER)
|
|
| _ -> assert false
|
|
|
|
module Remote = (val get_remote () : SIGNER)
|
|
let key =
|
|
match Uri.scheme S.default with
|
|
| Some "unix" ->
|
|
(fun uri ->
|
|
let key = Uri.path uri in
|
|
Uri.add_query_param' S.default ("pkh", key))
|
|
| Some "tcp" ->
|
|
(fun uri ->
|
|
let key = Uri.path uri in
|
|
Uri.with_path S.default key)
|
|
| Some ("https" | "http") ->
|
|
(fun uri ->
|
|
let key = Uri.path uri in
|
|
match Uri.path S.default with
|
|
| "" -> Uri.with_path S.default key
|
|
| path -> Uri.with_path S.default (path ^ "/" ^ key))
|
|
| _ -> assert false
|
|
|
|
let public_key pk_uri =
|
|
Remote.public_key
|
|
(Client_keys.make_pk_uri (key (pk_uri : pk_uri :> Uri.t)))
|
|
|
|
let public_key_hash pk_uri =
|
|
Remote.public_key_hash
|
|
(Client_keys.make_pk_uri (key (pk_uri : pk_uri :> Uri.t)))
|
|
|
|
let neuterize sk_uri =
|
|
return (Client_keys.make_pk_uri (sk_uri : sk_uri :> Uri.t))
|
|
|
|
let sign ?watermark sk_uri msg =
|
|
Remote.sign
|
|
?watermark
|
|
(Client_keys.make_sk_uri (key (sk_uri : sk_uri :> Uri.t)))
|
|
msg
|
|
|
|
end
|
|
|
|
let make_sk sk =
|
|
Client_keys.make_sk_uri
|
|
(Uri.make ~scheme ~path:(Signature.Secret_key.to_b58check sk) ())
|
|
|
|
let make_pk pk =
|
|
Client_keys.make_pk_uri
|
|
(Uri.make ~scheme ~path:(Signature.Public_key.to_b58check pk) ())
|
|
|
|
let read_base_uri_from_env () =
|
|
match Sys.getenv_opt "TEZOS_SIGNER_UNIX_PATH",
|
|
Sys.getenv_opt "TEZOS_SIGNER_TCP_HOST",
|
|
Sys.getenv_opt "TEZOS_SIGNER_HTTP_HOST",
|
|
Sys.getenv_opt "TEZOS_SIGNER_HTTPS_HOST" with
|
|
| None, None, None, None -> return None
|
|
| Some path, None, None, None ->
|
|
return (Some (Socket.make_unix_base path))
|
|
| None, Some host, None, None -> begin
|
|
try
|
|
let port =
|
|
match Sys.getenv_opt "TEZOS_SIGNER_TCP_PORT" with
|
|
| None -> 7732
|
|
| Some port -> int_of_string port in
|
|
return (Some (Socket.make_tcp_base host port))
|
|
with Invalid_argument _ ->
|
|
failwith "Failed to parse TEZOS_SIGNER_TCP_PORT.@."
|
|
end
|
|
| None, None, Some host, None -> begin
|
|
try
|
|
let port =
|
|
match Sys.getenv_opt "TEZOS_SIGNER_HTTP_PORT" with
|
|
| None -> 6732
|
|
| Some port -> int_of_string port in
|
|
return (Some (Http.make_base host port))
|
|
with Invalid_argument _ ->
|
|
failwith "Failed to parse TEZOS_SIGNER_HTTP_PORT.@."
|
|
end
|
|
| None, None, None, Some host -> begin
|
|
try
|
|
let port =
|
|
match Sys.getenv_opt "TEZOS_SIGNER_HTTPS_PORT" with
|
|
| None -> 443
|
|
| Some port -> int_of_string port in
|
|
return (Some (Https.make_base host port))
|
|
with Invalid_argument _ ->
|
|
failwith "Failed to parse TEZOS_SIGNER_HTTPS_PORT.@."
|
|
end
|
|
| _, _, _, _ ->
|
|
failwith
|
|
"Only one the following environment variable must be defined: \
|
|
TEZOS_SIGNER_UNIX_PATH, \
|
|
TEZOS_SIGNER_TCP_HOST, \
|
|
TEZOS_SIGNER_HTTP_HOST, \
|
|
TEZOS_SIGNER_HTTPS_HOST@."
|
|
|
|
type error += Invalid_remote_signer of string
|
|
|
|
let () =
|
|
register_error_kind
|
|
`Branch
|
|
~id: "invalid_remote_signer"
|
|
~title: "Unexpected URI fot remote signer"
|
|
~description: "The provided remote signer is invalid."
|
|
~pp:
|
|
(fun ppf s ->
|
|
Format.fprintf ppf
|
|
"@[<v 0>Value '%s' is not a valid URI for a remote signer.@,\
|
|
Supported URIs for remote signers are of the form:@,\
|
|
\ - unix:///path/to/socket/file@,\
|
|
\ - tcp://host:port@,\
|
|
\ - http://host[:port][/prefix]@,\
|
|
\ - https://host[:port][/prefix]@]" s)
|
|
Data_encoding.(obj1 (req "uri" string))
|
|
(function Invalid_remote_signer s -> Some s | _ -> None)
|
|
(fun s -> Invalid_remote_signer s)
|
|
|
|
let parse_base_uri s =
|
|
trace (Invalid_remote_signer s) @@
|
|
try
|
|
let uri = Uri.of_string s in
|
|
match Uri.scheme uri with
|
|
| Some "http" -> return uri
|
|
| Some "https" -> return uri
|
|
| Some "tcp" -> return uri
|
|
| Some "unix" -> return uri
|
|
| Some scheme -> failwith "Unknown scheme: %s" scheme
|
|
| None -> failwith "Unknown scheme: <empty>"
|
|
with Invalid_argument msg -> failwith "Malformed URI: %s" msg
|
|
|