2020-11-19 03:53:19 -08:00
|
|
|
package guardiand
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
2021-07-30 17:25:22 -07:00
|
|
|
"github.com/certusone/wormhole/bridge/pkg/db"
|
2021-07-22 04:31:46 -07:00
|
|
|
publicrpcv1 "github.com/certusone/wormhole/bridge/pkg/proto/publicrpc/v1"
|
|
|
|
|
"github.com/certusone/wormhole/bridge/pkg/publicrpc"
|
2021-01-19 04:01:45 -08:00
|
|
|
"math"
|
2020-11-19 03:53:19 -08:00
|
|
|
"net"
|
|
|
|
|
"os"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
ethcommon "github.com/ethereum/go-ethereum/common"
|
|
|
|
|
"go.uber.org/zap"
|
|
|
|
|
"google.golang.org/grpc"
|
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
|
"google.golang.org/grpc/status"
|
|
|
|
|
|
|
|
|
|
"github.com/certusone/wormhole/bridge/pkg/common"
|
|
|
|
|
nodev1 "github.com/certusone/wormhole/bridge/pkg/proto/node/v1"
|
|
|
|
|
"github.com/certusone/wormhole/bridge/pkg/supervisor"
|
|
|
|
|
"github.com/certusone/wormhole/bridge/pkg/vaa"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type nodePrivilegedService struct {
|
|
|
|
|
nodev1.UnimplementedNodePrivilegedServer
|
|
|
|
|
injectC chan<- *vaa.VAA
|
|
|
|
|
logger *zap.Logger
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// adminGuardianSetUpdateToVAA converts a nodev1.GuardianSetUpdate message to its canonical VAA representation.
|
|
|
|
|
// Returns an error if the data is invalid.
|
2021-01-19 04:01:45 -08:00
|
|
|
func adminGuardianSetUpdateToVAA(req *nodev1.GuardianSetUpdate, guardianSetIndex uint32, timestamp uint32) (*vaa.VAA, error) {
|
2020-11-19 03:53:19 -08:00
|
|
|
if len(req.Guardians) == 0 {
|
|
|
|
|
return nil, errors.New("empty guardian set specified")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(req.Guardians) > common.MaxGuardianCount {
|
|
|
|
|
return nil, fmt.Errorf("too many guardians - %d, maximum is %d", len(req.Guardians), common.MaxGuardianCount)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addrs := make([]ethcommon.Address, len(req.Guardians))
|
|
|
|
|
for i, g := range req.Guardians {
|
|
|
|
|
if !ethcommon.IsHexAddress(g.Pubkey) {
|
|
|
|
|
return nil, fmt.Errorf("invalid pubkey format at index %d (%s)", i, g.Name)
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-20 15:25:38 -08:00
|
|
|
ethAddr := ethcommon.HexToAddress(g.Pubkey)
|
|
|
|
|
for j, pk := range addrs {
|
|
|
|
|
if pk == ethAddr {
|
|
|
|
|
return nil, fmt.Errorf("duplicate pubkey at index %d (duplicate of %d): %s", i, j, g.Name)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
addrs[i] = ethAddr
|
2020-11-19 03:53:19 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
v := &vaa.VAA{
|
|
|
|
|
Version: vaa.SupportedVAAVersion,
|
2021-01-19 04:01:45 -08:00
|
|
|
GuardianSetIndex: guardianSetIndex,
|
|
|
|
|
Timestamp: time.Unix(int64(timestamp), 0),
|
2021-06-29 04:55:44 -07:00
|
|
|
Payload: vaa.BodyGuardianSetUpdate{
|
2020-11-19 03:53:19 -08:00
|
|
|
Keys: addrs,
|
2021-01-19 04:01:45 -08:00
|
|
|
NewIndex: guardianSetIndex + 1,
|
2021-06-29 04:55:44 -07:00
|
|
|
}.Serialize(),
|
2020-11-19 03:53:19 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return v, nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-19 04:01:45 -08:00
|
|
|
// adminContractUpgradeToVAA converts a nodev1.ContractUpgrade message to its canonical VAA representation.
|
|
|
|
|
// Returns an error if the data is invalid.
|
|
|
|
|
func adminContractUpgradeToVAA(req *nodev1.ContractUpgrade, guardianSetIndex uint32, timestamp uint32) (*vaa.VAA, error) {
|
|
|
|
|
if len(req.NewContract) != 32 {
|
|
|
|
|
return nil, errors.New("invalid new_contract address")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if req.ChainId > math.MaxUint8 {
|
|
|
|
|
return nil, errors.New("invalid chain_id")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newContractAddress := vaa.Address{}
|
|
|
|
|
copy(newContractAddress[:], req.NewContract)
|
|
|
|
|
|
|
|
|
|
v := &vaa.VAA{
|
|
|
|
|
Version: vaa.SupportedVAAVersion,
|
|
|
|
|
GuardianSetIndex: guardianSetIndex,
|
|
|
|
|
Timestamp: time.Unix(int64(timestamp), 0),
|
2021-06-29 04:55:44 -07:00
|
|
|
Payload: vaa.BodyContractUpgrade{
|
|
|
|
|
ChainID: vaa.ChainID(req.ChainId),
|
2021-01-19 04:01:45 -08:00
|
|
|
NewContract: newContractAddress,
|
2021-06-29 04:55:44 -07:00
|
|
|
}.Serialize(),
|
2021-01-19 04:01:45 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return v, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *nodePrivilegedService) InjectGovernanceVAA(ctx context.Context, req *nodev1.InjectGovernanceVAARequest) (*nodev1.InjectGovernanceVAAResponse, error) {
|
|
|
|
|
s.logger.Info("governance VAA injected via admin socket", zap.String("request", req.String()))
|
2020-11-19 03:53:19 -08:00
|
|
|
|
2021-01-19 04:01:45 -08:00
|
|
|
var (
|
|
|
|
|
v *vaa.VAA
|
|
|
|
|
err error
|
|
|
|
|
)
|
|
|
|
|
switch payload := req.Payload.(type) {
|
|
|
|
|
case *nodev1.InjectGovernanceVAARequest_GuardianSet:
|
|
|
|
|
v, err = adminGuardianSetUpdateToVAA(payload.GuardianSet, req.CurrentSetIndex, req.Timestamp)
|
|
|
|
|
case *nodev1.InjectGovernanceVAARequest_ContractUpgrade:
|
|
|
|
|
v, err = adminContractUpgradeToVAA(payload.ContractUpgrade, req.CurrentSetIndex, req.Timestamp)
|
|
|
|
|
default:
|
|
|
|
|
panic(fmt.Sprintf("unsupported VAA type: %T", payload))
|
|
|
|
|
}
|
2020-11-19 03:53:19 -08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, status.Error(codes.InvalidArgument, err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Generate digest of the unsigned VAA.
|
|
|
|
|
digest, err := v.SigningMsg()
|
|
|
|
|
if err != nil {
|
|
|
|
|
panic(err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-19 04:01:45 -08:00
|
|
|
s.logger.Info("governance VAA constructed",
|
2020-11-19 03:53:19 -08:00
|
|
|
zap.Any("vaa", v),
|
|
|
|
|
zap.String("digest", digest.String()),
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
s.injectC <- v
|
|
|
|
|
|
2021-01-19 04:01:45 -08:00
|
|
|
return &nodev1.InjectGovernanceVAAResponse{Digest: digest.Bytes()}, nil
|
2020-11-19 03:53:19 -08:00
|
|
|
}
|
|
|
|
|
|
2021-08-03 11:03:00 -07:00
|
|
|
func adminServiceRunnable(logger *zap.Logger, socketPath string, injectC chan<- *vaa.VAA, hl *publicrpc.RawHeartbeatConns, db *db.Database, gst *common.GuardianSetState) (supervisor.Runnable, error) {
|
2020-11-19 03:53:19 -08:00
|
|
|
// Delete existing UNIX socket, if present.
|
|
|
|
|
fi, err := os.Stat(socketPath)
|
|
|
|
|
if err == nil {
|
|
|
|
|
fmode := fi.Mode()
|
|
|
|
|
if fmode&os.ModeType == os.ModeSocket {
|
|
|
|
|
err = os.Remove(socketPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to remove existing socket at %s: %w", socketPath, err)
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return nil, fmt.Errorf("%s is not a UNIX socket", socketPath)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create a new UNIX socket and listen to it.
|
|
|
|
|
|
|
|
|
|
// The socket is created with the default umask. We set a restrictive umask in setRestrictiveUmask
|
|
|
|
|
// to ensure that any files we create are only readable by the user - this is much harder to mess up.
|
|
|
|
|
// The umask avoids a race condition between file creation and chmod.
|
|
|
|
|
|
|
|
|
|
laddr, err := net.ResolveUnixAddr("unix", socketPath)
|
|
|
|
|
l, err := net.ListenUnix("unix", laddr)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to listen on %s: %w", socketPath, err)
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 00:48:44 -08:00
|
|
|
logger.Info("admin server listening on", zap.String("path", socketPath))
|
2020-11-19 03:53:19 -08:00
|
|
|
|
|
|
|
|
nodeService := &nodePrivilegedService{
|
|
|
|
|
injectC: injectC,
|
|
|
|
|
logger: logger.Named("adminservice"),
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-03 11:03:00 -07:00
|
|
|
publicrpcService := publicrpc.NewPublicrpcServer(logger, hl, db, gst)
|
2021-07-22 04:31:46 -07:00
|
|
|
|
2020-11-19 03:53:19 -08:00
|
|
|
grpcServer := grpc.NewServer()
|
|
|
|
|
nodev1.RegisterNodePrivilegedServer(grpcServer, nodeService)
|
2021-07-22 04:31:46 -07:00
|
|
|
publicrpcv1.RegisterPublicrpcServer(grpcServer, publicrpcService)
|
2020-11-19 03:53:19 -08:00
|
|
|
return supervisor.GRPCServer(grpcServer, l, false), nil
|
|
|
|
|
}
|
