github.com/alexdevranger/node-1.8.27@v0.0.0-20221128213301-aa5841e41d2d/cmd/clef/main.go (about) 1 // Copyright 2018 The go-ethereum Authors 2 // This file is part of go-dubxcoin. 3 // 4 // go-dubxcoin is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // go-dubxcoin is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with go-dubxcoin. If not, see <http://www.gnu.org/licenses/>. 16 17 // signer is a utility that can be used so sign transactions and 18 // arbitrary data. 19 package main 20 21 import ( 22 "bufio" 23 "context" 24 "crypto/rand" 25 "crypto/sha256" 26 "encoding/hex" 27 "encoding/json" 28 "fmt" 29 "io" 30 "io/ioutil" 31 "os" 32 "os/signal" 33 "os/user" 34 "path/filepath" 35 "runtime" 36 "strings" 37 38 "github.com/alexdevranger/node-1.8.27/accounts/keystore" 39 "github.com/alexdevranger/node-1.8.27/cmd/utils" 40 "github.com/alexdevranger/node-1.8.27/common" 41 "github.com/alexdevranger/node-1.8.27/console" 42 "github.com/alexdevranger/node-1.8.27/crypto" 43 "github.com/alexdevranger/node-1.8.27/log" 44 "github.com/alexdevranger/node-1.8.27/node" 45 "github.com/alexdevranger/node-1.8.27/rpc" 46 "github.com/alexdevranger/node-1.8.27/signer/core" 47 "github.com/alexdevranger/node-1.8.27/signer/rules" 48 "github.com/alexdevranger/node-1.8.27/signer/storage" 49 "gopkg.in/urfave/cli.v1" 50 ) 51 52 // ExternalAPIVersion -- see extapi_changelog.md 53 const ExternalAPIVersion = "4.0.0" 54 55 // InternalAPIVersion -- see intapi_changelog.md 56 const InternalAPIVersion = "3.0.0" 57 58 const legalWarning = ` 59 WARNING! 60 61 Clef is alpha software, and not yet publically released. This software has _not_ been audited, and there 62 are no guarantees about the workings of this software. It may contain severe flaws. You should not use this software 63 unless you agree to take full responsibility for doing so, and know what you are doing. 64 65 TLDR; THIS IS NOT PRODUCTION-READY SOFTWARE! 66 67 ` 68 69 var ( 70 logLevelFlag = cli.IntFlag{ 71 Name: "loglevel", 72 Value: 4, 73 Usage: "log level to emit to the screen", 74 } 75 advancedMode = cli.BoolFlag{ 76 Name: "advanced", 77 Usage: "If enabled, issues warnings instead of rejections for suspicious requests. Default off", 78 } 79 keystoreFlag = cli.StringFlag{ 80 Name: "keystore", 81 Value: filepath.Join(node.DefaultDataDir(), "keystore"), 82 Usage: "Directory for the keystore", 83 } 84 configdirFlag = cli.StringFlag{ 85 Name: "configdir", 86 Value: DefaultConfigDir(), 87 Usage: "Directory for Clef configuration", 88 } 89 rpcPortFlag = cli.IntFlag{ 90 Name: "rpcport", 91 Usage: "HTTP-RPC server listening port", 92 Value: node.DefaultHTTPPort + 5, 93 } 94 signerSecretFlag = cli.StringFlag{ 95 Name: "signersecret", 96 Usage: "A file containing the (encrypted) master seed to encrypt Clef data, e.g. keystore credentials and ruleset hash", 97 } 98 dBFlag = cli.StringFlag{ 99 Name: "4bytedb", 100 Usage: "File containing 4byte-identifiers", 101 Value: "./4byte.json", 102 } 103 customDBFlag = cli.StringFlag{ 104 Name: "4bytedb-custom", 105 Usage: "File used for writing new 4byte-identifiers submitted via API", 106 Value: "./4byte-custom.json", 107 } 108 auditLogFlag = cli.StringFlag{ 109 Name: "auditlog", 110 Usage: "File used to emit audit logs. Set to \"\" to disable", 111 Value: "audit.log", 112 } 113 ruleFlag = cli.StringFlag{ 114 Name: "rules", 115 Usage: "Enable rule-engine", 116 Value: "rules.json", 117 } 118 stdiouiFlag = cli.BoolFlag{ 119 Name: "stdio-ui", 120 Usage: "Use STDIN/STDOUT as a channel for an external UI. " + 121 "This means that an STDIN/STDOUT is used for RPC-communication with a e.g. a graphical user " + 122 "interface, and can be used when Clef is started by an external process.", 123 } 124 testFlag = cli.BoolFlag{ 125 Name: "stdio-ui-test", 126 Usage: "Mechanism to test interface between Clef and UI. Requires 'stdio-ui'.", 127 } 128 app = cli.NewApp() 129 initCommand = cli.Command{ 130 Action: utils.MigrateFlags(initializeSecrets), 131 Name: "init", 132 Usage: "Initialize the signer, generate secret storage", 133 ArgsUsage: "", 134 Flags: []cli.Flag{ 135 logLevelFlag, 136 configdirFlag, 137 }, 138 Description: ` 139 The init command generates a master seed which Clef can use to store credentials and data needed for 140 the rule-engine to work.`, 141 } 142 attestCommand = cli.Command{ 143 Action: utils.MigrateFlags(attestFile), 144 Name: "attest", 145 Usage: "Attest that a js-file is to be used", 146 ArgsUsage: "<sha256sum>", 147 Flags: []cli.Flag{ 148 logLevelFlag, 149 configdirFlag, 150 signerSecretFlag, 151 }, 152 Description: ` 153 The attest command stores the sha256 of the rule.js-file that you want to use for automatic processing of 154 incoming requests. 155 156 Whenever you make an edit to the rule file, you need to use attestation to tell 157 Clef that the file is 'safe' to execute.`, 158 } 159 160 setCredentialCommand = cli.Command{ 161 Action: utils.MigrateFlags(setCredential), 162 Name: "setpw", 163 Usage: "Store a credential for a keystore file", 164 ArgsUsage: "<address>", 165 Flags: []cli.Flag{ 166 logLevelFlag, 167 configdirFlag, 168 signerSecretFlag, 169 }, 170 Description: ` 171 The setpw command stores a password for a given address (keyfile). If you enter a blank passphrase, it will 172 remove any stored credential for that address (keyfile) 173 `, 174 } 175 ) 176 177 func init() { 178 app.Name = "Clef" 179 app.Usage = "Manage Ethereum account operations" 180 app.Flags = []cli.Flag{ 181 logLevelFlag, 182 keystoreFlag, 183 configdirFlag, 184 utils.NetworkIdFlag, 185 utils.LightKDFFlag, 186 utils.NoUSBFlag, 187 utils.RPCListenAddrFlag, 188 utils.RPCVirtualHostsFlag, 189 utils.IPCDisabledFlag, 190 utils.IPCPathFlag, 191 utils.RPCEnabledFlag, 192 rpcPortFlag, 193 signerSecretFlag, 194 dBFlag, 195 customDBFlag, 196 auditLogFlag, 197 ruleFlag, 198 stdiouiFlag, 199 testFlag, 200 advancedMode, 201 } 202 app.Action = signer 203 app.Commands = []cli.Command{initCommand, attestCommand, setCredentialCommand} 204 205 } 206 func main() { 207 if err := app.Run(os.Args); err != nil { 208 fmt.Fprintln(os.Stderr, err) 209 os.Exit(1) 210 } 211 } 212 213 func initializeSecrets(c *cli.Context) error { 214 if err := initialize(c); err != nil { 215 return err 216 } 217 configDir := c.GlobalString(configdirFlag.Name) 218 219 masterSeed := make([]byte, 256) 220 num, err := io.ReadFull(rand.Reader, masterSeed) 221 if err != nil { 222 return err 223 } 224 if num != len(masterSeed) { 225 return fmt.Errorf("failed to read enough random") 226 } 227 228 n, p := keystore.StandardScryptN, keystore.StandardScryptP 229 if c.GlobalBool(utils.LightKDFFlag.Name) { 230 n, p = keystore.LightScryptN, keystore.LightScryptP 231 } 232 text := "The master seed of clef is locked with a password. Please give a password. Do not forget this password." 233 var password string 234 for { 235 password = getPassPhrase(text, true) 236 if err := core.ValidatePasswordFormat(password); err != nil { 237 fmt.Printf("invalid password: %v\n", err) 238 } else { 239 break 240 } 241 } 242 cipherSeed, err := encryptSeed(masterSeed, []byte(password), n, p) 243 if err != nil { 244 return fmt.Errorf("failed to encrypt master seed: %v", err) 245 } 246 247 err = os.Mkdir(configDir, 0700) 248 if err != nil && !os.IsExist(err) { 249 return err 250 } 251 location := filepath.Join(configDir, "masterseed.json") 252 if _, err := os.Stat(location); err == nil { 253 return fmt.Errorf("file %v already exists, will not overwrite", location) 254 } 255 err = ioutil.WriteFile(location, cipherSeed, 0400) 256 if err != nil { 257 return err 258 } 259 fmt.Printf("A master seed has been generated into %s\n", location) 260 fmt.Printf(` 261 This is required to be able to store credentials, such as : 262 * Passwords for keystores (used by rule engine) 263 * Storage for javascript rules 264 * Hash of rule-file 265 266 You should treat that file with utmost secrecy, and make a backup of it. 267 NOTE: This file does not contain your accounts. Those need to be backed up separately! 268 269 `) 270 return nil 271 } 272 func attestFile(ctx *cli.Context) error { 273 if len(ctx.Args()) < 1 { 274 utils.Fatalf("This command requires an argument.") 275 } 276 if err := initialize(ctx); err != nil { 277 return err 278 } 279 280 stretchedKey, err := readMasterKey(ctx, nil) 281 if err != nil { 282 utils.Fatalf(err.Error()) 283 } 284 configDir := ctx.GlobalString(configdirFlag.Name) 285 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 286 confKey := crypto.Keccak256([]byte("config"), stretchedKey) 287 288 // Initialize the encrypted storages 289 configStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "config.json"), confKey) 290 val := ctx.Args().First() 291 configStorage.Put("ruleset_sha256", val) 292 log.Info("Ruleset attestation updated", "sha256", val) 293 return nil 294 } 295 296 func setCredential(ctx *cli.Context) error { 297 if len(ctx.Args()) < 1 { 298 utils.Fatalf("This command requires an address to be passed as an argument.") 299 } 300 if err := initialize(ctx); err != nil { 301 return err 302 } 303 304 address := ctx.Args().First() 305 password := getPassPhrase("Enter a passphrase to store with this address.", true) 306 307 stretchedKey, err := readMasterKey(ctx, nil) 308 if err != nil { 309 utils.Fatalf(err.Error()) 310 } 311 configDir := ctx.GlobalString(configdirFlag.Name) 312 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 313 pwkey := crypto.Keccak256([]byte("credentials"), stretchedKey) 314 315 // Initialize the encrypted storages 316 pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) 317 pwStorage.Put(address, password) 318 log.Info("Credential store updated", "key", address) 319 return nil 320 } 321 322 func initialize(c *cli.Context) error { 323 // Set up the logger to print everything 324 logOutput := os.Stdout 325 if c.GlobalBool(stdiouiFlag.Name) { 326 logOutput = os.Stderr 327 // If using the stdioui, we can't do the 'confirm'-flow 328 fmt.Fprintf(logOutput, legalWarning) 329 } else { 330 if !confirm(legalWarning) { 331 return fmt.Errorf("aborted by user") 332 } 333 } 334 335 log.Root().SetHandler(log.LvlFilterHandler(log.Lvl(c.Int(logLevelFlag.Name)), log.StreamHandler(logOutput, log.TerminalFormat(true)))) 336 return nil 337 } 338 339 func signer(c *cli.Context) error { 340 if err := initialize(c); err != nil { 341 return err 342 } 343 var ( 344 ui core.SignerUI 345 ) 346 if c.GlobalBool(stdiouiFlag.Name) { 347 log.Info("Using stdin/stdout as UI-channel") 348 ui = core.NewStdIOUI() 349 } else { 350 log.Info("Using CLI as UI-channel") 351 ui = core.NewCommandlineUI() 352 } 353 fourByteDb := c.GlobalString(dBFlag.Name) 354 fourByteLocal := c.GlobalString(customDBFlag.Name) 355 db, err := core.NewAbiDBFromFiles(fourByteDb, fourByteLocal) 356 if err != nil { 357 utils.Fatalf(err.Error()) 358 } 359 log.Info("Loaded 4byte db", "signatures", db.Size(), "file", fourByteDb, "local", fourByteLocal) 360 361 var ( 362 api core.ExternalAPI 363 ) 364 365 configDir := c.GlobalString(configdirFlag.Name) 366 if stretchedKey, err := readMasterKey(c, ui); err != nil { 367 log.Info("No master seed provided, rules disabled", "error", err) 368 } else { 369 370 if err != nil { 371 utils.Fatalf(err.Error()) 372 } 373 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 374 375 // Generate domain specific keys 376 pwkey := crypto.Keccak256([]byte("credentials"), stretchedKey) 377 jskey := crypto.Keccak256([]byte("jsstorage"), stretchedKey) 378 confkey := crypto.Keccak256([]byte("config"), stretchedKey) 379 380 // Initialize the encrypted storages 381 pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) 382 jsStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "jsstorage.json"), jskey) 383 configStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "config.json"), confkey) 384 385 //Do we have a rule-file? 386 ruleJS, err := ioutil.ReadFile(c.GlobalString(ruleFlag.Name)) 387 if err != nil { 388 log.Info("Could not load rulefile, rules not enabled", "file", "rulefile") 389 } else { 390 hasher := sha256.New() 391 hasher.Write(ruleJS) 392 shasum := hasher.Sum(nil) 393 storedShasum := configStorage.Get("ruleset_sha256") 394 if storedShasum != hex.EncodeToString(shasum) { 395 log.Info("Could not validate ruleset hash, rules not enabled", "got", hex.EncodeToString(shasum), "expected", storedShasum) 396 } else { 397 // Initialize rules 398 ruleEngine, err := rules.NewRuleEvaluator(ui, jsStorage, pwStorage) 399 if err != nil { 400 utils.Fatalf(err.Error()) 401 } 402 ruleEngine.Init(string(ruleJS)) 403 ui = ruleEngine 404 log.Info("Rule engine configured", "file", c.String(ruleFlag.Name)) 405 } 406 } 407 } 408 409 apiImpl := core.NewSignerAPI( 410 c.GlobalInt64(utils.NetworkIdFlag.Name), 411 c.GlobalString(keystoreFlag.Name), 412 c.GlobalBool(utils.NoUSBFlag.Name), 413 ui, db, 414 c.GlobalBool(utils.LightKDFFlag.Name), 415 c.GlobalBool(advancedMode.Name)) 416 api = apiImpl 417 // Audit logging 418 if logfile := c.GlobalString(auditLogFlag.Name); logfile != "" { 419 api, err = core.NewAuditLogger(logfile, api) 420 if err != nil { 421 utils.Fatalf(err.Error()) 422 } 423 log.Info("Audit logs configured", "file", logfile) 424 } 425 // register signer API with server 426 var ( 427 extapiURL = "n/a" 428 ipcapiURL = "n/a" 429 ) 430 rpcAPI := []rpc.API{ 431 { 432 Namespace: "account", 433 Public: true, 434 Service: api, 435 Version: "1.0"}, 436 } 437 if c.GlobalBool(utils.RPCEnabledFlag.Name) { 438 439 vhosts := splitAndTrim(c.GlobalString(utils.RPCVirtualHostsFlag.Name)) 440 cors := splitAndTrim(c.GlobalString(utils.RPCCORSDomainFlag.Name)) 441 442 // start http server 443 httpEndpoint := fmt.Sprintf("%s:%d", c.GlobalString(utils.RPCListenAddrFlag.Name), c.Int(rpcPortFlag.Name)) 444 listener, _, err := rpc.StartHTTPEndpoint(httpEndpoint, rpcAPI, []string{"account"}, cors, vhosts, rpc.DefaultHTTPTimeouts) 445 if err != nil { 446 utils.Fatalf("Could not start RPC api: %v", err) 447 } 448 extapiURL = fmt.Sprintf("http://%s", httpEndpoint) 449 log.Info("HTTP endpoint opened", "url", extapiURL) 450 451 defer func() { 452 listener.Close() 453 log.Info("HTTP endpoint closed", "url", httpEndpoint) 454 }() 455 456 } 457 if !c.GlobalBool(utils.IPCDisabledFlag.Name) { 458 if c.IsSet(utils.IPCPathFlag.Name) { 459 ipcapiURL = c.GlobalString(utils.IPCPathFlag.Name) 460 } else { 461 ipcapiURL = filepath.Join(configDir, "clef.ipc") 462 } 463 464 listener, _, err := rpc.StartIPCEndpoint(ipcapiURL, rpcAPI) 465 if err != nil { 466 utils.Fatalf("Could not start IPC api: %v", err) 467 } 468 log.Info("IPC endpoint opened", "url", ipcapiURL) 469 defer func() { 470 listener.Close() 471 log.Info("IPC endpoint closed", "url", ipcapiURL) 472 }() 473 474 } 475 476 if c.GlobalBool(testFlag.Name) { 477 log.Info("Performing UI test") 478 go testExternalUI(apiImpl) 479 } 480 ui.OnSignerStartup(core.StartupInfo{ 481 Info: map[string]interface{}{ 482 "extapi_version": ExternalAPIVersion, 483 "intapi_version": InternalAPIVersion, 484 "extapi_http": extapiURL, 485 "extapi_ipc": ipcapiURL, 486 }, 487 }) 488 489 abortChan := make(chan os.Signal) 490 signal.Notify(abortChan, os.Interrupt) 491 492 sig := <-abortChan 493 log.Info("Exiting...", "signal", sig) 494 495 return nil 496 } 497 498 // splitAndTrim splits input separated by a comma 499 // and trims excessive white space from the substrings. 500 func splitAndTrim(input string) []string { 501 result := strings.Split(input, ",") 502 for i, r := range result { 503 result[i] = strings.TrimSpace(r) 504 } 505 return result 506 } 507 508 // DefaultConfigDir is the default config directory to use for the vaults and other 509 // persistence requirements. 510 func DefaultConfigDir() string { 511 // Try to place the data folder in the user's home dir 512 home := homeDir() 513 if home != "" { 514 if runtime.GOOS == "darwin" { 515 return filepath.Join(home, "Library", "Signer") 516 } else if runtime.GOOS == "windows" { 517 return filepath.Join(home, "AppData", "Roaming", "Signer") 518 } else { 519 return filepath.Join(home, ".clef") 520 } 521 } 522 // As we cannot guess a stable location, return empty and handle later 523 return "" 524 } 525 526 func homeDir() string { 527 if home := os.Getenv("HOME"); home != "" { 528 return home 529 } 530 if usr, err := user.Current(); err == nil { 531 return usr.HomeDir 532 } 533 return "" 534 } 535 func readMasterKey(ctx *cli.Context, ui core.SignerUI) ([]byte, error) { 536 var ( 537 file string 538 configDir = ctx.GlobalString(configdirFlag.Name) 539 ) 540 if ctx.GlobalIsSet(signerSecretFlag.Name) { 541 file = ctx.GlobalString(signerSecretFlag.Name) 542 } else { 543 file = filepath.Join(configDir, "masterseed.json") 544 } 545 if err := checkFile(file); err != nil { 546 return nil, err 547 } 548 cipherKey, err := ioutil.ReadFile(file) 549 if err != nil { 550 return nil, err 551 } 552 var password string 553 // If ui is not nil, get the password from ui. 554 if ui != nil { 555 resp, err := ui.OnInputRequired(core.UserInputRequest{ 556 Title: "Master Password", 557 Prompt: "Please enter the password to decrypt the master seed", 558 IsPassword: true}) 559 if err != nil { 560 return nil, err 561 } 562 password = resp.Text 563 } else { 564 password = getPassPhrase("Decrypt master seed of clef", false) 565 } 566 masterSeed, err := decryptSeed(cipherKey, password) 567 if err != nil { 568 return nil, fmt.Errorf("failed to decrypt the master seed of clef") 569 } 570 if len(masterSeed) < 256 { 571 return nil, fmt.Errorf("master seed of insufficient length, expected >255 bytes, got %d", len(masterSeed)) 572 } 573 574 // Create vault location 575 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), masterSeed)[:10])) 576 err = os.Mkdir(vaultLocation, 0700) 577 if err != nil && !os.IsExist(err) { 578 return nil, err 579 } 580 return masterSeed, nil 581 } 582 583 // checkFile is a convenience function to check if a file 584 // * exists 585 // * is mode 0400 586 func checkFile(filename string) error { 587 info, err := os.Stat(filename) 588 if err != nil { 589 return fmt.Errorf("failed stat on %s: %v", filename, err) 590 } 591 // Check the unix permission bits 592 if info.Mode().Perm()&0377 != 0 { 593 return fmt.Errorf("file (%v) has insecure file permissions (%v)", filename, info.Mode().String()) 594 } 595 return nil 596 } 597 598 // confirm displays a text and asks for user confirmation 599 func confirm(text string) bool { 600 fmt.Printf(text) 601 fmt.Printf("\nEnter 'ok' to proceed:\n>") 602 603 text, err := bufio.NewReader(os.Stdin).ReadString('\n') 604 if err != nil { 605 log.Crit("Failed to read user input", "err", err) 606 } 607 608 if text := strings.TrimSpace(text); text == "ok" { 609 return true 610 } 611 return false 612 } 613 614 func testExternalUI(api *core.SignerAPI) { 615 616 ctx := context.WithValue(context.Background(), "remote", "clef binary") 617 ctx = context.WithValue(ctx, "scheme", "in-proc") 618 ctx = context.WithValue(ctx, "local", "main") 619 620 errs := make([]string, 0) 621 622 api.UI.ShowInfo("Testing 'ShowInfo'") 623 api.UI.ShowError("Testing 'ShowError'") 624 625 checkErr := func(method string, err error) { 626 if err != nil && err != core.ErrRequestDenied { 627 errs = append(errs, fmt.Sprintf("%v: %v", method, err.Error())) 628 } 629 } 630 var err error 631 632 _, err = api.SignTransaction(ctx, core.SendTxArgs{From: common.MixedcaseAddress{}}, nil) 633 checkErr("SignTransaction", err) 634 _, err = api.Sign(ctx, common.MixedcaseAddress{}, common.Hex2Bytes("01020304")) 635 checkErr("Sign", err) 636 _, err = api.List(ctx) 637 checkErr("List", err) 638 _, err = api.New(ctx) 639 checkErr("New", err) 640 _, err = api.Export(ctx, common.Address{}) 641 checkErr("Export", err) 642 _, err = api.Import(ctx, json.RawMessage{}) 643 checkErr("Import", err) 644 645 api.UI.ShowInfo("Tests completed") 646 647 if len(errs) > 0 { 648 log.Error("Got errors") 649 for _, e := range errs { 650 log.Error(e) 651 } 652 } else { 653 log.Info("No errors") 654 } 655 656 } 657 658 // getPassPhrase retrieves the password associated with clef, either fetched 659 // from a list of preloaded passphrases, or requested interactively from the user. 660 // TODO: there are many `getPassPhrase` functions, it will be better to abstract them into one. 661 func getPassPhrase(prompt string, confirmation bool) string { 662 fmt.Println(prompt) 663 password, err := console.Stdin.PromptPassword("Passphrase: ") 664 if err != nil { 665 utils.Fatalf("Failed to read passphrase: %v", err) 666 } 667 if confirmation { 668 confirm, err := console.Stdin.PromptPassword("Repeat passphrase: ") 669 if err != nil { 670 utils.Fatalf("Failed to read passphrase confirmation: %v", err) 671 } 672 if password != confirm { 673 utils.Fatalf("Passphrases do not match") 674 } 675 } 676 return password 677 } 678 679 type encryptedSeedStorage struct { 680 Description string `json:"description"` 681 Version int `json:"version"` 682 Params keystore.CryptoJSON `json:"params"` 683 } 684 685 // encryptSeed uses a similar scheme as the keystore uses, but with a different wrapping, 686 // to encrypt the master seed 687 func encryptSeed(seed []byte, auth []byte, scryptN, scryptP int) ([]byte, error) { 688 cryptoStruct, err := keystore.EncryptDataV3(seed, auth, scryptN, scryptP) 689 if err != nil { 690 return nil, err 691 } 692 return json.Marshal(&encryptedSeedStorage{"Clef seed", 1, cryptoStruct}) 693 } 694 695 // decryptSeed decrypts the master seed 696 func decryptSeed(keyjson []byte, auth string) ([]byte, error) { 697 var encSeed encryptedSeedStorage 698 if err := json.Unmarshal(keyjson, &encSeed); err != nil { 699 return nil, err 700 } 701 if encSeed.Version != 1 { 702 log.Warn(fmt.Sprintf("unsupported encryption format of seed: %d, operation will likely fail", encSeed.Version)) 703 } 704 seed, err := keystore.DecryptDataV3(encSeed.Params, auth) 705 if err != nil { 706 return nil, err 707 } 708 return seed, err 709 } 710 711 /** 712 //Create Account 713 714 curl -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_new","params":["test"],"id":67}' localhost:8550 715 716 // List accounts 717 718 curl -i -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_list","params":[""],"id":67}' http://localhost:8550/ 719 720 // Make Transaction 721 // safeSend(0x12) 722 // 4401a6e40000000000000000000000000000000000000000000000000000000000000012 723 724 // supplied abi 725 curl -i -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x82A2A876D39022B3019932D30Cd9c97ad5616813","gas":"0x333","gasPrice":"0x123","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x10", "data":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"},"test"],"id":67}' http://localhost:8550/ 726 727 // Not supplied 728 curl -i -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_signTransaction","params":[{"from":"0x82A2A876D39022B3019932D30Cd9c97ad5616813","gas":"0x333","gasPrice":"0x123","nonce":"0x0","to":"0x07a565b7ed7d7a678680a4c162885bedbb695fe0", "value":"0x10", "data":"0x4401a6e40000000000000000000000000000000000000000000000000000000000000012"}],"id":67}' http://localhost:8550/ 729 730 // Sign data 731 732 curl -i -H "Content-Type: application/json" -X POST --data '{"jsonrpc":"2.0","method":"account_sign","params":["0x694267f14675d7e1b9494fd8d72fefe1755710fa","bazonk gaz baz"],"id":67}' http://localhost:8550/ 733 734 735 **/