github.com/cerc-io/go-ethereum@v1.9.7/cmd/checkpoint-admin/exec.go (about) 1 // Copyright 2019 The go-ethereum Authors 2 // This file is part of go-ethereum. 3 // 4 // go-ethereum is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // go-ethereum is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with go-ethereum. If not, see <http://www.gnu.org/licenses/>. 16 17 package main 18 19 import ( 20 "bytes" 21 "context" 22 "encoding/binary" 23 "fmt" 24 "math/big" 25 "strings" 26 "time" 27 28 "github.com/ethereum/go-ethereum/accounts" 29 "github.com/ethereum/go-ethereum/cmd/utils" 30 "github.com/ethereum/go-ethereum/common" 31 "github.com/ethereum/go-ethereum/common/hexutil" 32 "github.com/ethereum/go-ethereum/contracts/checkpointoracle" 33 "github.com/ethereum/go-ethereum/contracts/checkpointoracle/contract" 34 "github.com/ethereum/go-ethereum/crypto" 35 "github.com/ethereum/go-ethereum/ethclient" 36 "github.com/ethereum/go-ethereum/log" 37 "github.com/ethereum/go-ethereum/params" 38 "github.com/ethereum/go-ethereum/rpc" 39 "gopkg.in/urfave/cli.v1" 40 ) 41 42 var commandDeploy = cli.Command{ 43 Name: "deploy", 44 Usage: "Deploy a new checkpoint oracle contract", 45 Flags: []cli.Flag{ 46 nodeURLFlag, 47 clefURLFlag, 48 signerFlag, 49 signersFlag, 50 thresholdFlag, 51 }, 52 Action: utils.MigrateFlags(deploy), 53 } 54 55 var commandSign = cli.Command{ 56 Name: "sign", 57 Usage: "Sign the checkpoint with the specified key", 58 Flags: []cli.Flag{ 59 nodeURLFlag, 60 clefURLFlag, 61 signerFlag, 62 indexFlag, 63 hashFlag, 64 oracleFlag, 65 }, 66 Action: utils.MigrateFlags(sign), 67 } 68 69 var commandPublish = cli.Command{ 70 Name: "publish", 71 Usage: "Publish a checkpoint into the oracle", 72 Flags: []cli.Flag{ 73 nodeURLFlag, 74 clefURLFlag, 75 signerFlag, 76 indexFlag, 77 signaturesFlag, 78 }, 79 Action: utils.MigrateFlags(publish), 80 } 81 82 // deploy deploys the checkpoint registrar contract. 83 // 84 // Note the network where the contract is deployed depends on 85 // the network where the connected node is located. 86 func deploy(ctx *cli.Context) error { 87 // Gather all the addresses that should be permitted to sign 88 var addrs []common.Address 89 for _, account := range strings.Split(ctx.String(signersFlag.Name), ",") { 90 if trimmed := strings.TrimSpace(account); !common.IsHexAddress(trimmed) { 91 utils.Fatalf("Invalid account in --signers: '%s'", trimmed) 92 } 93 addrs = append(addrs, common.HexToAddress(account)) 94 } 95 // Retrieve and validate the signing threshold 96 needed := ctx.Int(thresholdFlag.Name) 97 if needed == 0 || needed > len(addrs) { 98 utils.Fatalf("Invalid signature threshold %d", needed) 99 } 100 // Print a summary to ensure the user understands what they're signing 101 fmt.Printf("Deploying new checkpoint oracle:\n\n") 102 for i, addr := range addrs { 103 fmt.Printf("Admin %d => %s\n", i+1, addr.Hex()) 104 } 105 fmt.Printf("\nSignatures needed to publish: %d\n", needed) 106 107 // setup clef signer, create an abigen transactor and an RPC client 108 transactor, client := newClefSigner(ctx), newClient(ctx) 109 110 // Deploy the checkpoint oracle 111 fmt.Println("Sending deploy request to Clef...") 112 oracle, tx, _, err := contract.DeployCheckpointOracle(transactor, client, addrs, big.NewInt(int64(params.CheckpointFrequency)), 113 big.NewInt(int64(params.CheckpointProcessConfirmations)), big.NewInt(int64(needed))) 114 if err != nil { 115 utils.Fatalf("Failed to deploy checkpoint oracle %v", err) 116 } 117 log.Info("Deployed checkpoint oracle", "address", oracle, "tx", tx.Hash().Hex()) 118 119 return nil 120 } 121 122 // sign creates the signature for specific checkpoint 123 // with local key. Only contract admins have the permission to 124 // sign checkpoint. 125 func sign(ctx *cli.Context) error { 126 var ( 127 offline bool // The indicator whether we sign checkpoint by offline. 128 chash common.Hash 129 cindex uint64 130 address common.Address 131 132 node *rpc.Client 133 oracle *checkpointoracle.CheckpointOracle 134 ) 135 if !ctx.GlobalIsSet(nodeURLFlag.Name) { 136 // Offline mode signing 137 offline = true 138 if !ctx.IsSet(hashFlag.Name) { 139 utils.Fatalf("Please specify the checkpoint hash (--hash) to sign in offline mode") 140 } 141 chash = common.HexToHash(ctx.String(hashFlag.Name)) 142 143 if !ctx.IsSet(indexFlag.Name) { 144 utils.Fatalf("Please specify checkpoint index (--index) to sign in offline mode") 145 } 146 cindex = ctx.Uint64(indexFlag.Name) 147 148 if !ctx.IsSet(oracleFlag.Name) { 149 utils.Fatalf("Please specify oracle address (--oracle) to sign in offline mode") 150 } 151 address = common.HexToAddress(ctx.String(oracleFlag.Name)) 152 } else { 153 // Interactive mode signing, retrieve the data from the remote node 154 node = newRPCClient(ctx.GlobalString(nodeURLFlag.Name)) 155 156 checkpoint := getCheckpoint(ctx, node) 157 chash, cindex, address = checkpoint.Hash(), checkpoint.SectionIndex, getContractAddr(node) 158 159 // Check the validity of checkpoint 160 reqCtx, cancelFn := context.WithTimeout(context.Background(), 10*time.Second) 161 defer cancelFn() 162 163 head, err := ethclient.NewClient(node).HeaderByNumber(reqCtx, nil) 164 if err != nil { 165 return err 166 } 167 num := head.Number.Uint64() 168 if num < ((cindex+1)*params.CheckpointFrequency + params.CheckpointProcessConfirmations) { 169 utils.Fatalf("Invalid future checkpoint") 170 } 171 _, oracle = newContract(node) 172 latest, _, h, err := oracle.Contract().GetLatestCheckpoint(nil) 173 if err != nil { 174 return err 175 } 176 if cindex < latest { 177 utils.Fatalf("Checkpoint is too old") 178 } 179 if cindex == latest && (latest != 0 || h.Uint64() != 0) { 180 utils.Fatalf("Stale checkpoint, latest registered %d, given %d", latest, cindex) 181 } 182 } 183 var ( 184 signature string 185 signer string 186 ) 187 // isAdmin checks whether the specified signer is admin. 188 isAdmin := func(addr common.Address) error { 189 signers, err := oracle.Contract().GetAllAdmin(nil) 190 if err != nil { 191 return err 192 } 193 for _, s := range signers { 194 if s == addr { 195 return nil 196 } 197 } 198 return fmt.Errorf("signer %v is not the admin", addr.Hex()) 199 } 200 // Print to the user the data thy are about to sign 201 fmt.Printf("Oracle => %s\n", address.Hex()) 202 fmt.Printf("Index %4d => %s\n", cindex, chash.Hex()) 203 204 // Sign checkpoint in clef mode. 205 signer = ctx.String(signerFlag.Name) 206 207 if !offline { 208 if err := isAdmin(common.HexToAddress(signer)); err != nil { 209 return err 210 } 211 } 212 clef := newRPCClient(ctx.String(clefURLFlag.Name)) 213 p := make(map[string]string) 214 buf := make([]byte, 8) 215 binary.BigEndian.PutUint64(buf, cindex) 216 p["address"] = address.Hex() 217 p["message"] = hexutil.Encode(append(buf, chash.Bytes()...)) 218 219 fmt.Println("Sending signing request to Clef...") 220 if err := clef.Call(&signature, "account_signData", accounts.MimetypeDataWithValidator, signer, p); err != nil { 221 utils.Fatalf("Failed to sign checkpoint, err %v", err) 222 } 223 fmt.Printf("Signer => %s\n", signer) 224 fmt.Printf("Signature => %s\n", signature) 225 return nil 226 } 227 228 // sighash calculates the hash of the data to sign for the checkpoint oracle. 229 func sighash(index uint64, oracle common.Address, hash common.Hash) []byte { 230 buf := make([]byte, 8) 231 binary.BigEndian.PutUint64(buf, index) 232 233 data := append([]byte{0x19, 0x00}, append(oracle[:], append(buf, hash[:]...)...)...) 234 return crypto.Keccak256(data) 235 } 236 237 // ecrecover calculates the sender address from a sighash and signature combo. 238 func ecrecover(sighash []byte, sig []byte) common.Address { 239 sig[64] -= 27 240 defer func() { sig[64] += 27 }() 241 242 signer, err := crypto.SigToPub(sighash, sig) 243 if err != nil { 244 utils.Fatalf("Failed to recover sender from signature %x: %v", sig, err) 245 } 246 return crypto.PubkeyToAddress(*signer) 247 } 248 249 // publish registers the specified checkpoint which generated by connected node 250 // with a authorised private key. 251 func publish(ctx *cli.Context) error { 252 // Print the checkpoint oracle's current status to make sure we're interacting 253 // with the correct network and contract. 254 status(ctx) 255 256 // Gather the signatures from the CLI 257 var sigs [][]byte 258 for _, sig := range strings.Split(ctx.String(signaturesFlag.Name), ",") { 259 trimmed := strings.TrimPrefix(strings.TrimSpace(sig), "0x") 260 if len(trimmed) != 130 { 261 utils.Fatalf("Invalid signature in --signature: '%s'", trimmed) 262 } else { 263 sigs = append(sigs, common.Hex2Bytes(trimmed)) 264 } 265 } 266 // Retrieve the checkpoint we want to sign to sort the signatures 267 var ( 268 client = newRPCClient(ctx.GlobalString(nodeURLFlag.Name)) 269 addr, oracle = newContract(client) 270 checkpoint = getCheckpoint(ctx, client) 271 sighash = sighash(checkpoint.SectionIndex, addr, checkpoint.Hash()) 272 ) 273 for i := 0; i < len(sigs); i++ { 274 for j := i + 1; j < len(sigs); j++ { 275 signerA := ecrecover(sighash, sigs[i]) 276 signerB := ecrecover(sighash, sigs[j]) 277 if bytes.Compare(signerA.Bytes(), signerB.Bytes()) > 0 { 278 sigs[i], sigs[j] = sigs[j], sigs[i] 279 } 280 } 281 } 282 // Retrieve recent header info to protect replay attack 283 reqCtx, cancelFn := context.WithTimeout(context.Background(), 10*time.Second) 284 defer cancelFn() 285 286 head, err := ethclient.NewClient(client).HeaderByNumber(reqCtx, nil) 287 if err != nil { 288 return err 289 } 290 num := head.Number.Uint64() 291 recent, err := ethclient.NewClient(client).HeaderByNumber(reqCtx, big.NewInt(int64(num-128))) 292 if err != nil { 293 return err 294 } 295 // Print a summary of the operation that's going to be performed 296 fmt.Printf("Publishing %d => %s:\n\n", checkpoint.SectionIndex, checkpoint.Hash().Hex()) 297 for i, sig := range sigs { 298 fmt.Printf("Signer %d => %s\n", i+1, ecrecover(sighash, sig).Hex()) 299 } 300 fmt.Println() 301 fmt.Printf("Sentry number => %d\nSentry hash => %s\n", recent.Number, recent.Hash().Hex()) 302 303 // Publish the checkpoint into the oracle 304 fmt.Println("Sending publish request to Clef...") 305 tx, err := oracle.RegisterCheckpoint(newClefSigner(ctx), checkpoint.SectionIndex, checkpoint.Hash().Bytes(), recent.Number, recent.Hash(), sigs) 306 if err != nil { 307 utils.Fatalf("Register contract failed %v", err) 308 } 309 log.Info("Successfully registered checkpoint", "tx", tx.Hash().Hex()) 310 return nil 311 }