import (
"context"
- "bytom/core/pseudohsm"
- "bytom/core/txbuilder"
- "bytom/crypto/ed25519/chainkd"
- "bytom/net/http/httperror"
- "bytom/net/http/httpjson"
+ "github.com/bytom/blockchain/pseudohsm"
+ "github.com/bytom/blockchain/txbuilder"
+ "github.com/bytom/crypto/ed25519/chainkd"
+ "github.com/bytom/net/http/httperror"
+ "github.com/bytom/net/http/httpjson"
)
func init() {
// PseudoHSM configures the Core to expose the PseudoHSM endpoints. It
// is only included in non-production builds.
+/*
func PseudoHSM(hsm *Pseudohsm.HSM) RunOption {
return func(api *API) {
type pseudoHSMHandler struct {
PseudoHSM *Pseudohsm.HSM
}
+*/
-func (h *PseudoHSMHandler) pseudohsmCreateKey(ctx context.Context, password string, in struct{ Alias string }) (result *Pseudohsm.XPub, err error) {
- return h.PseudoHSM.XCreate(password, in.Alias)
+func (a *BlockchainReactor) pseudohsmCreateKey(ctx context.Context, password string, in struct{ Alias string }) (result *Pseudohsm.XPub, err error) {
+ return a.hsm.XCreate(password, in.Alias)
}
-func (h *PseudoHSMHandler) pseudohsmListKeys(ctx context.Context, query requestQuery) (page, error) {
+func (a *BlockchainReactor)) pseudohsmListKeys(ctx context.Context, query requestQuery) (page, error) {
limit := query.PageSize
if limit == 0 {
limit = defGenericPageSize // defGenericPageSize = 100
}, nil
}
-func (h *PseudoHSMHandler) pseudohsmDeleteKey(ctx context.Context, xpub chainkd.XPub, password string) error {
- return h.PseudoHSM.XDelete(xpub, password)
+func (a *BlockchainReactor) pseudohsmDeleteKey(ctx context.Context, xpub chainkd.XPub, password string) error {
+ return a.hsm.XDelete(xpub, password)
}
-func (h *PseudoHSMHandler) pseudohsmSignTemplates(ctx context.Context, x struct {
+func (a *BlockchainReactor) pseudohsmSignTemplates(ctx context.Context, x struct {
Txs []*txbuilder.Template `json:"transactions"`
XPubs []chainkd.XPub `json:"xpubs"`
}) []interface{} {
resp := make([]interface{}, 0, len(x.Txs))
for _, tx := range x.Txs {
- err := txbuilder.Sign(ctx, tx, x.XPubs, h.pseudohsmSignTemplate)
+ err := txbuilder.Sign(ctx, tx, x.XPubs, a.hsm.pseudohsmSignTemplate)
if err != nil {
info := errorFormatter.Format(err)
- resp = append(resp, info)
+ response = append(resp, info)
} else {
resp = append(resp, tx)
}
return resp
}
-func (h *PseudoHSMHandler) pseudohsmSignTemplate(ctx context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte) ([]byte, error) {
- sigBytes, err := h.PseudoHSM.XSign(ctx, xpub, path, data[:])
+func (a *BlockchainReactor) pseudohsmSignTemplate(ctx context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte) ([]byte, error) {
+ sigBytes, err := a.hsm.XSign(ctx, xpub, path, data[:])
if err == Pseudohsm.ErrNoKey {
return nil, nil
}
}
// remote hsm used
-
+/*
func RemoteHSM(hsm *remoteHSM) RunOption {
return func(api *API) {
h := &retmoteHSMHandler{RemoteHSM: hsm}
}
}
-/*
+
type remoteHSM struct {
Client *rpc.Client
}
"sync"
"time"
- "bytom/common"
- _"bytom/errors"
+ "github.com/bytom/common"
+ _"github.com/bytom/errors"
)
// Minimum amount of time between cache reloads. This limit applies if the platform does
"testing"
"time"
- "bytom/common"
+ "github.com/bytom/common"
"github.com/cespare/cp"
"github.com/davecgh/go-spew/spew"
)
"path/filepath"
"time"
- "bytom/common"
- "bytom/crypto/ed25519/chainkd"
+ "github.com/bytom/common"
+ "github.com/bytom/crypto/ed25519/chainkd"
"github.com/pborman/uuid"
"io/ioutil"
"path/filepath"
- "bytom/common"
- "bytom/crypto"
- "bytom/crypto/randentropy"
- "bytom/crypto/ed25519/chainkd"
+ "github.com/bytom/common"
+ "github.com/bytom/crypto"
+ "github.com/bytom/crypto/randentropy"
+ "github.com/bytom/crypto/ed25519/chainkd"
"github.com/pborman/uuid"
"golang.org/x/crypto/pbkdf2"
"golang.org/x/crypto/scrypt"
"io/ioutil"
"testing"
- "bytom/common"
- "bytom/crypto"
- "bytom/crypto/ed25519/chainkd"
+ "github.com/bytom/common"
+ "github.com/bytom/crypto"
+ "github.com/bytom/crypto/ed25519/chainkd"
"github.com/pborman/uuid"
"sync"
"os"
- "bytom/crypto/ed25519/chainkd"
- "bytom/common"
- "bytom/errors"
- "bytom/crypto"
+ "github.com/bytom/crypto/ed25519/chainkd"
+ "github.com/bytom/common"
+ "github.com/bytom/errors"
+ "github.com/bytom/crypto"
//"bytom/protocol/bc/legacy"
-
- "bytom/blockchain/config"
+ "github.com/bytom/blockchain/config"
"github.com/pborman/uuid"
)
File string `json:"file"`
}
-func New(conf *config.Config) *HSM {
- keydir, _ := filepath.Abs(conf.KeyPath)
+func New(keypath string) (*HSM, error) {
+ keydir, _ := filepath.Abs(keypath)
return &HSM{
keyStore: &keyStorePassphrase{keydir, LightScryptN, LightScryptP},
cache: newAddrCache(keydir),
kdCache: make(map[chainkd.XPub]chainkd.XPrv),
- }
+ }, nil
}
// XCreate produces a new random xprv and stores it in the db.
"testing"
_"github.com/davecgh/go-spew/spew"
- "bytom/blockchain/config"
- "bytom/errors"
+ "github.com/bytom/blockchain/config"
+ "github.com/bytom/errors"
//"bytom/protocol/bc/legacy"
)
"github.com/bytom/types"
wire "github.com/tendermint/go-wire"
cmn "github.com/tendermint/tmlibs/common"
+ "github.com/bytom/crypto/ed25519/chainkd"
//"github.com/bytom/net/http/gzip"
"github.com/bytom/net/http/httpjson"
//"github.com/bytom/net/http/limit"
crosscoreRPCPrefix = "/rpc/"
)
+type hsmSigner interface {
+ XSign(ctx context.Context, xpub chainkd.XPub, path [][]byte, msg []byte) ([]byte, error)
+}
+
// BlockchainReactor handles long-term catchup syncing.
type BlockchainReactor struct {
p2p.BaseReactor
requestsCh chan BlockRequest
timeoutsCh chan string
submitter txbuilder.Submitter
+ hsm hsmSigner
chain *protocol.Chain
store *txdb.Store
accounts *account.Manager
pool *BlockPool
mux *http.ServeMux
accesstoken *accesstoken.Token
- handler http.Handler
+
fastSync bool
requestsCh chan BlockRequest
timeoutsCh chan string
}
}
+
+
func jsonHandler(f interface{}) http.Handler {
h, err := httpjson.Handler(f, errorFormatter.Write)
if err != nil {
return jsonHandler(func() error { return err })
}
+
func (bcr *BlockchainReactor) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
bcr.handler.ServeHTTP(rw, req)
}
m.Handle("/list-access-tokens", jsonHandler(bcr.listAccessTokens))
m.Handle("/delete-access-token", jsonHandler(bcr.deleteAccessToken))
+ m.Handle("/hsm/create-key", needConfig(bcr.pseudohsmCreateKey))
+ m.Handle("/hsm/list-keys", needConfig(bcr.pseudohsmListKeys))
+ m.Handle("/hsm/delete-key", needConfig(bcr.pseudohsmDeleteKey))
+ m.Handle("/hsm/sign-transaction", needConfig(bcr.pseudohsmSignTemplates))
+ m.Handle("/hsm/reset-password", needConfig(bcr.pseudohsmResetPassword))
+ m.Handle("/hsm/update-alias", needConfig(bcr.pseudohsmUpdateAlias))
+
+
latencyHandler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
if l := latency(m, req); l != nil {
defer l.RecordSince(time.Now())
handler = blockchainIDHandler(handler, a.config.BlockchainId.String())
}
*/
+
bcr.handler = handler
}
LastPage bool `json:"last_page"`
}
-func NewBlockchainReactor(store *txdb.Store, chain *protocol.Chain, accounts *account.Manager, assets *asset.Registry, fastSync bool) *BlockchainReactor {
+func NewBlockchainReactor(store *txdb.Store, chain *protocol.Chain, accounts *account.Manager, assets *asset.Registry, hsm hsmSigner, fastSync bool) *BlockchainReactor {
requestsCh := make(chan BlockRequest, defaultChannelCapacity)
timeoutsCh := make(chan string, defaultChannelCapacity)
pool := NewBlockPool(
txPool: txPool,
mining: mining,
mux: http.NewServeMux(),
+ hsm: hsm,
fastSync: fastSync,
requestsCh: requestsCh,
timeoutsCh: timeoutsCh,
+++ /dev/null
-//+build pseudohsm
-
-package main
-
-import (
- "bytom/core"
- "bytom/core/config"
- "bytom/core/pseduokhsm"
-)
-
-func init() {
- config.BuildConfig.PseudoHSM = true
-}
-
-func enablePseudoHSM(config *config.Config) []core.RunOption {
- return []core.RunOption{core.PseudoHSM(Pseudohsm.New(config))}
-}
+++ /dev/null
-//+build remotehsm
-
-package main
-
-import (
- "bytom/core"
- "bytom/core/config"
-)
-
-func init() {
- config.BuildConfig.PseudoHSM = false
-}
-
-func enableHSM(config *config.Config) []core.RunOption {
- return []core.RunOption{core.RemoteHSM(Remotehsm.New(config))}
-}
// Database directory
DBPath string `mapstructure:"db_dir"`
+ // Keystore directory
+ KeysPath string `mapstructure:"keys_dir"`
+
+ // remote HSM url
+ HsmUrl string `mapstructure:"hsm_url"`
+
ApiAddress string `mapstructure:"api_addr"`
Time time.Time
TxIndex: "kv",
DBBackend: "leveldb",
DBPath: "data",
+ KeysPath: "keystore",
+ HsmUrl: ""
}
}
return rootify(b.DBPath, b.RootDir)
}
+func (b BaseConfig) KeysDir() string {
+ return rootify(b.KeysPath, b.RootDir)
+}
+
+
func DefaultLogLevel() string {
return "info"
}
"github.com/bytom/blockchain/account"
"github.com/bytom/blockchain/asset"
"github.com/bytom/blockchain/txdb"
+ "github.com/bytom/blockchain/pseudohsm"
"github.com/bytom/net/http/reqid"
"github.com/bytom/protocol"
rpcserver "github.com/bytom/rpc/lib/server"
accounts := account.NewManager(accounts_db, chain)
assets_db := dbm.NewDB("asset", config.DBBackend, config.DBDir())
assets := asset.NewRegistry(assets_db, chain)
- bcReactor := bc.NewBlockchainReactor(store, chain, txPool, accounts, assets, fastSync)
+
+ //Todo HSM
+ var hsm bc.hsmSigner
+
+ if config.HsmUrl != ""{
+ // todo remoteHSM
+ hsm = nil
+ } else {
+ hsm, err = pseudohsm.New(config.KeysDir())
+ if err != nil {
+ cmn.Exit(cmn.Fmt("initialize HSM failed: %v", err))
+ }
+ }
+
+ bcReactor := bc.NewBlockchainReactor(store, chain, txPool, accounts, assets, hsm, fastSync)
bcReactor.SetLogger(logger.With("module", "blockchain"))
sw.AddReactor("BLOCKCHAIN", bcReactor)