github.com/theQRL/go-zond@v0.1.1/signer/core/uiapi.go (about) 1 // Copyright 2019 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package core 18 19 import ( 20 "context" 21 "encoding/json" 22 "errors" 23 "fmt" 24 "math/big" 25 "os" 26 27 "github.com/theQRL/go-zond/accounts" 28 "github.com/theQRL/go-zond/accounts/keystore" 29 "github.com/theQRL/go-zond/common" 30 "github.com/theQRL/go-zond/common/math" 31 "github.com/theQRL/go-zond/pqcrypto" 32 ) 33 34 // SignerUIAPI implements methods Clef provides for a UI to query, in the bidirectional communication 35 // channel. 36 // This API is considered secure, since a request can only 37 // ever arrive from the UI -- and the UI is capable of approving any action, thus we can consider these 38 // requests pre-approved. 39 // NB: It's very important that these methods are not ever exposed on the external service 40 // registry. 41 type UIServerAPI struct { 42 extApi *SignerAPI 43 am *accounts.Manager 44 } 45 46 // NewUIServerAPI creates a new UIServerAPI 47 func NewUIServerAPI(extapi *SignerAPI) *UIServerAPI { 48 return &UIServerAPI{extapi, extapi.am} 49 } 50 51 // List available accounts. As opposed to the external API definition, this method delivers 52 // the full Account object and not only Address. 53 // Example call 54 // {"jsonrpc":"2.0","method":"clef_listAccounts","params":[], "id":4} 55 func (s *UIServerAPI) ListAccounts(ctx context.Context) ([]accounts.Account, error) { 56 var accs []accounts.Account 57 for _, wallet := range s.am.Wallets() { 58 accs = append(accs, wallet.Accounts()...) 59 } 60 return accs, nil 61 } 62 63 // rawWallet is a JSON representation of an accounts.Wallet interface, with its 64 // data contents extracted into plain fields. 65 type rawWallet struct { 66 URL string `json:"url"` 67 Status string `json:"status"` 68 Failure string `json:"failure,omitempty"` 69 Accounts []accounts.Account `json:"accounts,omitempty"` 70 } 71 72 // ListWallets will return a list of wallets that clef manages 73 // Example call 74 // {"jsonrpc":"2.0","method":"clef_listWallets","params":[], "id":5} 75 func (s *UIServerAPI) ListWallets() []rawWallet { 76 wallets := make([]rawWallet, 0) // return [] instead of nil if empty 77 for _, wallet := range s.am.Wallets() { 78 status, failure := wallet.Status() 79 80 raw := rawWallet{ 81 URL: wallet.URL().String(), 82 Status: status, 83 Accounts: wallet.Accounts(), 84 } 85 if failure != nil { 86 raw.Failure = failure.Error() 87 } 88 wallets = append(wallets, raw) 89 } 90 return wallets 91 } 92 93 // DeriveAccount requests a HD wallet to derive a new account, optionally pinning 94 // it for later reuse. 95 // Example call 96 // {"jsonrpc":"2.0","method":"clef_deriveAccount","params":["ledger://","m/44'/60'/0'", false], "id":6} 97 func (s *UIServerAPI) DeriveAccount(url string, path string, pin *bool) (accounts.Account, error) { 98 wallet, err := s.am.Wallet(url) 99 if err != nil { 100 return accounts.Account{}, err 101 } 102 derivPath, err := accounts.ParseDerivationPath(path) 103 if err != nil { 104 return accounts.Account{}, err 105 } 106 if pin == nil { 107 pin = new(bool) 108 } 109 return wallet.Derive(derivPath, *pin) 110 } 111 112 // fetchKeystore retrieves the encrypted keystore from the account manager. 113 func fetchKeystore(am *accounts.Manager) *keystore.KeyStore { 114 ks := am.Backends(keystore.KeyStoreType) 115 if len(ks) == 0 { 116 return nil 117 } 118 return ks[0].(*keystore.KeyStore) 119 } 120 121 // ImportRawKey stores the given hex encoded ECDSA key into the key directory, 122 // encrypting it with the passphrase. 123 // Example call (should fail on password too short) 124 // {"jsonrpc":"2.0","method":"clef_importRawKey","params":["1111111111111111111111111111111111111111111111111111111111111111","test"], "id":6} 125 func (s *UIServerAPI) ImportRawKey(hexSeed string, password string) (accounts.Account, error) { 126 key, err := pqcrypto.HexToDilithium(hexSeed) 127 if err != nil { 128 return accounts.Account{}, err 129 } 130 if err := ValidatePasswordFormat(password); err != nil { 131 return accounts.Account{}, fmt.Errorf("password requirements not met: %v", err) 132 } 133 // No error 134 return fetchKeystore(s.am).ImportDilithium(key, password) 135 } 136 137 // OpenWallet initiates a hardware wallet opening procedure, establishing a USB 138 // connection and attempting to authenticate via the provided passphrase. Note, 139 // the method may return an extra challenge requiring a second open (e.g. the 140 // Trezor PIN matrix challenge). 141 // Example 142 // {"jsonrpc":"2.0","method":"clef_openWallet","params":["ledger://",""], "id":6} 143 func (s *UIServerAPI) OpenWallet(url string, passphrase *string) error { 144 wallet, err := s.am.Wallet(url) 145 if err != nil { 146 return err 147 } 148 pass := "" 149 if passphrase != nil { 150 pass = *passphrase 151 } 152 return wallet.Open(pass) 153 } 154 155 // ChainId returns the chainid in use for Eip-155 replay protection 156 // Example call 157 // {"jsonrpc":"2.0","method":"clef_chainId","params":[], "id":8} 158 func (s *UIServerAPI) ChainId() math.HexOrDecimal64 { 159 return (math.HexOrDecimal64)(s.extApi.chainID.Uint64()) 160 } 161 162 // SetChainId sets the chain id to use when signing transactions. 163 // Example call to set Ropsten: 164 // {"jsonrpc":"2.0","method":"clef_setChainId","params":["3"], "id":8} 165 func (s *UIServerAPI) SetChainId(id math.HexOrDecimal64) math.HexOrDecimal64 { 166 s.extApi.chainID = new(big.Int).SetUint64(uint64(id)) 167 return s.ChainId() 168 } 169 170 // Export returns encrypted private key associated with the given address in web3 keystore format. 171 // Example 172 // {"jsonrpc":"2.0","method":"clef_export","params":["0x19e7e376e7c213b7e7e7e46cc70a5dd086daff2a"], "id":4} 173 func (s *UIServerAPI) Export(ctx context.Context, addr common.Address) (json.RawMessage, error) { 174 // Look up the wallet containing the requested signer 175 wallet, err := s.am.Find(accounts.Account{Address: addr}) 176 if err != nil { 177 return nil, err 178 } 179 if wallet.URL().Scheme != keystore.KeyStoreScheme { 180 return nil, errors.New("account is not a keystore-account") 181 } 182 return os.ReadFile(wallet.URL().Path) 183 } 184 185 // Import tries to import the given keyJSON in the local keystore. The keyJSON data is expected to be 186 // in web3 keystore format. It will decrypt the keyJSON with the given passphrase and on successful 187 // decryption it will encrypt the key with the given newPassphrase and store it in the keystore. 188 // Example (the address in question has privkey `11...11`): 189 // {"jsonrpc":"2.0","method":"clef_import","params":[{"address":"19e7e376e7c213b7e7e7e46cc70a5dd086daff2a","crypto":{"cipher":"aes-128-ctr","ciphertext":"33e4cd3756091d037862bb7295e9552424a391a6e003272180a455ca2a9fb332","cipherparams":{"iv":"b54b263e8f89c42bb219b6279fba5cce"},"kdf":"scrypt","kdfparams":{"dklen":32,"n":262144,"p":1,"r":8,"salt":"e4ca94644fd30569c1b1afbbc851729953c92637b7fe4bb9840bbb31ffbc64a5"},"mac":"f4092a445c2b21c0ef34f17c9cd0d873702b2869ec5df4439a0c2505823217e7"},"id":"216c7eac-e8c1-49af-a215-fa0036f29141","version":3},"test","yaddayadda"], "id":4} 190 func (api *UIServerAPI) Import(ctx context.Context, keyJSON json.RawMessage, oldPassphrase, newPassphrase string) (accounts.Account, error) { 191 be := api.am.Backends(keystore.KeyStoreType) 192 193 if len(be) == 0 { 194 return accounts.Account{}, errors.New("password based accounts not supported") 195 } 196 if err := ValidatePasswordFormat(newPassphrase); err != nil { 197 return accounts.Account{}, fmt.Errorf("password requirements not met: %v", err) 198 } 199 return be[0].(*keystore.KeyStore).Import(keyJSON, oldPassphrase, newPassphrase) 200 } 201 202 // New creates a new password protected Account. The private key is protected with 203 // the given password. Users are responsible to backup the private key that is stored 204 // in the keystore location that was specified when this API was created. 205 // This method is the same as New on the external API, the difference being that 206 // this implementation does not ask for confirmation, since it's initiated by 207 // the user 208 func (api *UIServerAPI) New(ctx context.Context) (common.Address, error) { 209 return api.extApi.newAccount() 210 } 211 212 // Other methods to be added, not yet implemented are: 213 // - Ruleset interaction: add rules, attest rulefiles 214 // - Store metadata about accounts, e.g. naming of accounts