[#562] cmd/neofs-node: use NEP-6 wallet for keys

Also use neo-go private key wrapper where possible, as it
already has methods for (un)marshaling.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov 2021-05-31 11:55:38 +03:00 committed by Alex Vanin
parent 1553967328
commit 3f07313604
17 changed files with 119 additions and 53 deletions

View file

@ -19,7 +19,7 @@ func initAccountingService(c *cfg) {
accountingGRPC.RegisterAccountingServiceServer(c.cfgGRPC.server,
accountingTransportGRPC.New(
accountingService.NewSignService(
c.key,
&c.key.PrivateKey,
accountingService.NewResponseService(
accountingService.NewExecutionService(
accounting.NewExecutor(balanceMorphWrapper),

View file

@ -2,18 +2,17 @@ package main
import (
"context"
"crypto/ecdsa"
"net"
"os"
"path"
"sync"
"time"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neo-go/pkg/util"
"github.com/nspcc-dev/neofs-api-go/pkg"
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
netmapV2 "github.com/nspcc-dev/neofs-api-go/v2/netmap"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/config"
contractsconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/contracts"
engineconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/engine"
@ -73,7 +72,7 @@ type cfg struct {
wg *sync.WaitGroup
key *ecdsa.PrivateKey
key *keys.PrivateKey
apiVersion *pkg.Version
@ -209,12 +208,11 @@ func initCfg(path string) *cfg {
config.WithConfigFile(path),
)
key, err := crypto.LoadPrivateKey(nodeconfig.Key(appCfg))
fatalOnErr(err)
key := nodeconfig.Wallet(appCfg)
var logPrm logger.Prm
err = logPrm.SetLevelString(
err := logPrm.SetLevelString(
loggerconfig.Level(appCfg),
)
fatalOnErr(err)

View file

@ -1,6 +1,9 @@
package controlconfig
import (
"fmt"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/config"
)
@ -18,12 +21,24 @@ const (
GRPCEndpointDefault = ""
)
// AuthorizedKeysString returns string array of "authorized_keys" config
// AuthorizedKeys parses and returns array of "authorized_keys" config
// parameter from "control" section.
//
// Returns empty list if not set.
func AuthorizedKeysString(c *config.Config) []string {
return config.StringSliceSafe(c.Sub(subsection), "authorized_keys")
func AuthorizedKeys(c *config.Config) keys.PublicKeys {
strKeys := config.StringSliceSafe(c.Sub(subsection), "authorized_keys")
pubs := make(keys.PublicKeys, 0, len(strKeys))
for i := range strKeys {
pub, err := keys.NewPublicKeyFromString(strKeys[i])
if err != nil {
panic(fmt.Errorf("invalid permitted key for Control service %s: %w", strKeys[i], err))
}
pubs = append(pubs, pub)
}
return pubs
}
// GRPC returns structure that provides access to "grpc" subsection of

View file

@ -3,6 +3,7 @@ package controlconfig_test
import (
"testing"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/config"
controlconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/control"
configtest "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/test"
@ -13,19 +14,18 @@ func TestControlSection(t *testing.T) {
t.Run("defaults", func(t *testing.T) {
empty := configtest.EmptyConfig()
require.Empty(t, controlconfig.AuthorizedKeysString(empty))
require.Empty(t, controlconfig.AuthorizedKeys(empty))
require.Equal(t, controlconfig.GRPCEndpointDefault, controlconfig.GRPC(empty).Endpoint())
})
const path = "../../../../config/example/node"
var keys = []string{
"035839e45d472a3b7769a2a1bd7d54c4ccd4943c3b40f547870e83a8fcbfb3ce11",
"028f42cfcb74499d7b15b35d9bff260a1c8d27de4f446a627406a382d8961486d6",
}
pubs := make(keys.PublicKeys, 2)
pubs[0], _ = keys.NewPublicKeyFromString("035839e45d472a3b7769a2a1bd7d54c4ccd4943c3b40f547870e83a8fcbfb3ce11")
pubs[1], _ = keys.NewPublicKeyFromString("028f42cfcb74499d7b15b35d9bff260a1c8d27de4f446a627406a382d8961486d6")
var fileConfigTest = func(c *config.Config) {
require.Equal(t, keys, controlconfig.AuthorizedKeysString(c))
require.Equal(t, pubs, controlconfig.AuthorizedKeys(c))
require.Equal(t, "127.0.0.1:8090", controlconfig.GRPC(c).Endpoint())
}

View file

@ -5,8 +5,10 @@ import (
"fmt"
"strconv"
"github.com/nspcc-dev/neo-go/pkg/crypto/keys"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/config"
"github.com/nspcc-dev/neofs-node/pkg/network"
utilConfig "github.com/nspcc-dev/neofs-node/pkg/util/config"
)
const (
@ -36,6 +38,20 @@ func Key(c *config.Config) string {
return v
}
// Wallet returns value of node private key from "node" section.
func Wallet(c *config.Config) *keys.PrivateKey {
v := c.Sub(subsection).Sub("wallet")
acc, err := utilConfig.LoadAccount(
config.String(v, "path"),
config.String(v, "address"),
config.String(v, "password"))
if err != nil {
panic(fmt.Errorf("invalid wallet config: %w", err))
}
return acc.PrivateKey()
}
// BootstrapAddress returns value of "address" config parameter
// from "node" section as network.Address.
//

View file

@ -3,6 +3,7 @@ package nodeconfig
import (
"testing"
"github.com/nspcc-dev/neo-go/pkg/encoding/address"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/config"
configtest "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/test"
"github.com/nspcc-dev/neofs-node/pkg/network"
@ -43,6 +44,7 @@ func TestNodeSection(t *testing.T) {
addr := BootstrapAddress(c)
attributes := Attributes(c)
relay := Relay(c)
wKey := Wallet(c)
expectedAddr, err := network.AddressFromString("s01.neofs.devenv:8080")
require.NoError(t, err)
@ -54,6 +56,11 @@ func TestNodeSection(t *testing.T) {
require.Len(t, attributes, 2)
require.Equal(t, "Price:11", attributes[0])
require.Equal(t, "UN-LOCODE:RU MSK", attributes[1])
require.NotNil(t, wKey)
require.Equal(t,
config.StringSafe(c.Sub("node").Sub("wallet"), "address"),
address.Uint160ToString(wKey.GetScriptHash()))
}
configtest.ForEachFileType(path, fileConfigTest)

View file

@ -0,0 +1,30 @@
{
"version": "3.0",
"accounts": [
{
"address": "NcpJzXcSDrh5CCizf4K9Ro6w4t59J5LKzz",
"key": "6PYXFRFUfoMNjWd2UmaaEjwHSWpifcLLTbEfhkwXdiSZ2n2WLfr75JpxmJ",
"label": "testacc",
"contract": {
"script": "DCECaeaVhKFa+ENNUpRJLz6BRmRbkIaoN+xZt3VHzlzkHJZBVuezJw==",
"parameters": [
{
"name": "parameter0",
"type": "Signature"
}
],
"deployed": false
},
"lock": false,
"isDefault": false
}
],
"scrypt": {
"n": 16384,
"r": 8,
"p": 8
},
"extra": {
"Tokens": null
}
}

View file

@ -14,7 +14,6 @@ import (
"github.com/nspcc-dev/neofs-api-go/pkg/netmap"
containerV2 "github.com/nspcc-dev/neofs-api-go/v2/container"
containerGRPC "github.com/nspcc-dev/neofs-api-go/v2/container/grpc"
crypto "github.com/nspcc-dev/neofs-crypto"
containerCore "github.com/nspcc-dev/neofs-node/pkg/core/container"
netmapCore "github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
@ -53,7 +52,7 @@ func initContainerService(c *cfg) {
engine: c.cfgObject.cfgLocalStorage.localStorage,
}
pubKey := crypto.MarshalPublicKey(&c.key.PublicKey)
pubKey := c.key.PublicKey().Bytes()
resultWriter := &morphLoadWriter{
log: c.log,
@ -79,7 +78,7 @@ func initContainerService(c *cfg) {
loadroute.Prm{
LocalServerInfo: c,
RemoteWriterProvider: &remoteLoadAnnounceProvider{
key: c.key,
key: &c.key.PrivateKey,
loadAddrSrc: c,
clientCache: clientCache,
deadEndProvider: loadcontroller.SimpleWriterProvider(loadAccumulator),
@ -118,7 +117,7 @@ func initContainerService(c *cfg) {
containerGRPC.RegisterContainerServiceServer(c.cfgGRPC.server,
containerTransportGRPC.New(
containerService.NewSignService(
c.key,
&c.key.PrivateKey,
containerService.NewResponseService(
&usedSpaceService{
Server: containerService.NewExecutionService(containerMorph.NewExecutor(wrap)),

View file

@ -2,12 +2,9 @@ package main
import (
"context"
"encoding/hex"
"fmt"
"net"
"github.com/nspcc-dev/neofs-api-go/pkg/object"
crypto "github.com/nspcc-dev/neofs-crypto"
controlconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/control"
grpcconfig "github.com/nspcc-dev/neofs-node/cmd/neofs-node/config/grpc"
"github.com/nspcc-dev/neofs-node/pkg/local_object_storage/engine"
@ -17,25 +14,18 @@ import (
)
func initControlService(c *cfg) {
strKeys := controlconfig.AuthorizedKeysString(c.appCfg)
keys := make([][]byte, 0, len(strKeys)+1) // +1 for node key
pubs := controlconfig.AuthorizedKeys(c.appCfg)
rawPubs := make([][]byte, 0, len(pubs)+1) // +1 for node key
keys = append(keys, crypto.MarshalPublicKey(&c.key.PublicKey))
rawPubs = append(rawPubs, c.key.PublicKey().Bytes())
for i := range strKeys {
key, err := hex.DecodeString(strKeys[i])
fatalOnErr(err)
if crypto.UnmarshalPublicKey(key) == nil {
fatalOnErr(fmt.Errorf("invalid permitted key for Control service %s", strKeys[i]))
}
keys = append(keys, key)
for i := range pubs {
rawPubs = append(rawPubs, pubs[i].Bytes())
}
ctlSvc := controlSvc.New(
controlSvc.WithKey(c.key),
controlSvc.WithAuthorizedKeys(keys),
controlSvc.WithKey(&c.key.PrivateKey),
controlSvc.WithAuthorizedKeys(rawPubs),
controlSvc.WithHealthChecker(c),
controlSvc.WithNetMapSource(c.cfgNetmap.wrapper),
controlSvc.WithNodeState(c),

View file

@ -30,7 +30,7 @@ func initMorphComponents(c *cfg) {
})
for i := range addresses {
cli, err := client.New(c.key, addresses[i], client.WithDialTimeout(dialTimeout))
cli, err := client.New(&c.key.PrivateKey, addresses[i], client.WithDialTimeout(dialTimeout))
if err == nil {
c.log.Info("neo RPC connection established",
zap.String("endpoint", addresses[i]))

View file

@ -6,7 +6,6 @@ import (
netmapSDK "github.com/nspcc-dev/neofs-api-go/pkg/netmap"
netmapV2 "github.com/nspcc-dev/neofs-api-go/v2/netmap"
netmapGRPC "github.com/nspcc-dev/neofs-api-go/v2/netmap/grpc"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
"github.com/nspcc-dev/neofs-node/pkg/morph/event"
netmapEvent "github.com/nspcc-dev/neofs-node/pkg/morph/event/netmap"
@ -75,7 +74,7 @@ func nodeAddressFromNetmap(c *cfg) string {
func initNetmapService(c *cfg) {
c.cfgNodeInfo.localInfo.SetAddress(c.localAddr.String())
c.cfgNodeInfo.localInfo.SetPublicKey(crypto.MarshalPublicKey(&c.key.PublicKey))
c.cfgNodeInfo.localInfo.SetPublicKey(c.key.PublicKey().Bytes())
c.cfgNodeInfo.localInfo.SetAttributes(parseAttributes(c.appCfg)...)
c.cfgNodeInfo.localInfo.SetState(netmapSDK.NodeStateOffline)
@ -86,7 +85,7 @@ func initNetmapService(c *cfg) {
netmapGRPC.RegisterNetmapServiceServer(c.cfgGRPC.server,
netmapTransportGRPC.New(
netmapService.NewSignService(
c.key,
&c.key.PrivateKey,
netmapService.NewResponseService(
netmapService.NewExecutionService(
c,
@ -196,7 +195,7 @@ func (c *cfg) netmapLocalNodeState(epoch uint64) (*netmapSDK.NodeInfo, error) {
func (c *cfg) localNodeInfoFromNetmap(nm *netmapSDK.Netmap) *netmapSDK.NodeInfo {
for _, n := range nm.Nodes {
if bytes.Equal(n.PublicKey(), crypto.MarshalPublicKey(&c.key.PublicKey)) {
if bytes.Equal(n.PublicKey(), c.key.PublicKey().Bytes()) {
return n.NodeInfo
}
}
@ -237,7 +236,7 @@ func (c *cfg) SetNetmapStatus(st control.NetmapStatus) error {
c.cfgNetmap.reBoostrapTurnedOff.Store(true)
return c.cfgNetmap.wrapper.UpdatePeerState(
crypto.MarshalPublicKey(&c.key.PublicKey),
c.key.PublicKey().Bytes(),
apiState,
)
}

View file

@ -2,6 +2,7 @@ package main
import (
"context"
"crypto/ecdsa"
"crypto/sha256"
"fmt"
@ -147,10 +148,10 @@ func (n *innerRingFetcher) InnerRingKeys() ([][]byte, error) {
func initObjectService(c *cfg) {
ls := c.cfgObject.cfgLocalStorage.localStorage
keyStorage := util.NewKeyStorage(c.key, c.privateTokenStore)
keyStorage := util.NewKeyStorage(&c.key.PrivateKey, c.privateTokenStore)
nodeOwner := owner.NewID()
neo3Wallet, err := owner.NEO3WalletFromPublicKey(&c.key.PublicKey)
neo3Wallet, err := owner.NEO3WalletFromPublicKey((*ecdsa.PublicKey)(c.key.PublicKey()))
fatalOnErr(err)
nodeOwner.SetNeo3Wallet(neo3Wallet)
@ -325,7 +326,7 @@ func initObjectService(c *cfg) {
)
signSvc := objectService.NewSignService(
c.key,
&c.key.PrivateKey,
respSvc,
)

View file

@ -7,7 +7,6 @@ import (
v2reputation "github.com/nspcc-dev/neofs-api-go/v2/reputation"
v2reputationgrpc "github.com/nspcc-dev/neofs-api-go/v2/reputation/grpc"
"github.com/nspcc-dev/neofs-api-go/v2/session"
crypto "github.com/nspcc-dev/neofs-crypto"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/reputation/common"
"github.com/nspcc-dev/neofs-node/cmd/neofs-node/reputation/intermediate"
intermediatereputation "github.com/nspcc-dev/neofs-node/cmd/neofs-node/reputation/intermediate"
@ -38,7 +37,7 @@ func initReputationService(c *cfg) {
wrap, err := rtpwrapper.NewFromMorph(c.cfgMorph.client, c.cfgReputation.scriptHash, 0)
fatalOnErr(err)
localKey := crypto.MarshalPublicKey(&c.key.PublicKey)
localKey := c.key.PublicKey().Bytes()
// consider sharing this between application components
nmSrc := newCachedNetmapStorage(c.cfgNetmap.state, c.cfgNetmap.wrapper)
@ -99,7 +98,7 @@ func initReputationService(c *cfg) {
ClientCache: apiClientCache,
WriterProvider: localreputation.NewRemoteProvider(
localreputation.RemoteProviderPrm{
Key: c.key,
Key: &c.key.PrivateKey,
},
),
},
@ -112,7 +111,7 @@ func initReputationService(c *cfg) {
ClientCache: apiClientCache,
WriterProvider: intermediatereputation.NewRemoteProvider(
intermediatereputation.RemoteProviderPrm{
Key: c.key,
Key: &c.key.PrivateKey,
},
),
},
@ -144,7 +143,7 @@ func initReputationService(c *cfg) {
WorkerPool: c.cfgReputation.workerPool,
FinalResultTarget: intermediate.NewFinalWriterProvider(
intermediate.FinalWriterProviderPrm{
PrivatKey: c.key,
PrivatKey: &c.key.PrivateKey,
PubKey: localKey,
Client: wrap,
},
@ -190,7 +189,7 @@ func initReputationService(c *cfg) {
v2reputationgrpc.RegisterReputationServiceServer(c.cfgGRPC.server,
grpcreputation.New(
reputationrpc.NewSignService(
c.key,
&c.key.PrivateKey,
reputationrpc.NewResponseService(
&reputationServer{
cfg: c,

View file

@ -13,7 +13,7 @@ func initSessionService(c *cfg) {
sessionGRPC.RegisterSessionServiceServer(c.cfgGRPC.server,
sessionTransportGRPC.New(
sessionSvc.NewSignService(
c.key,
&c.key.PrivateKey,
sessionSvc.NewResponseService(
sessionSvc.NewExecutionService(
c.privateTokenStore,

View file

@ -8,6 +8,9 @@ NEOFS_METRICS_SHUTDOWN_TIMEOUT=15s
# Node section
NEOFS_NODE_KEY=path/hex/WIF
NEOFS_NODE_WALLET_PATH=./wallet.json
NEOFS_NODE_WALLET_ADDRESS=NcpJzXcSDrh5CCizf4K9Ro6w4t59J5LKzz
NEOFS_NODE_WALLET_PASSWORD=password
NEOFS_NODE_ADDRESS=s01.neofs.devenv:8080
NEOFS_NODE_ATTRIBUTE_0=Price:11
NEOFS_NODE_ATTRIBUTE_1=UN-LOCODE:RU MSK

View file

@ -12,6 +12,11 @@
},
"node": {
"key": "path/hex/WIF",
"wallet": {
"path": "./wallet.json",
"address": "NcpJzXcSDrh5CCizf4K9Ro6w4t59J5LKzz",
"password": "password"
},
"address": "s01.neofs.devenv:8080",
"attribute_0": "Price:11",
"attribute_1": "UN-LOCODE:RU MSK",

View file

@ -11,6 +11,10 @@ metrics:
node:
key: path/hex/WIF
wallet:
path: "./wallet.json"
address: "NcpJzXcSDrh5CCizf4K9Ro6w4t59J5LKzz"
password: "password"
address: s01.neofs.devenv:8080
attribute_0: "Price:11"
attribute_1: UN-LOCODE:RU MSK