def _assert_validator_transaction(self, public_key, target_file):
filename = os.path.join(self._temp_dir, target_file)
batch_list = batch_pb.BatchList()
with open(filename, 'rb') as batch_file:
batch_list.ParseFromString(batch_file.read())
self.assertEqual(1, len(batch_list.batches))
batch = batch_list.batches[0]
self.assertEqual(1, len(batch.transactions))
batch_header = batch_pb.BatchHeader()
batch_header.ParseFromString(batch.header)
self.assertEqual(public_key, batch_header.signer_public_key)
txn = batch.transactions[0]
txn_header = txn_pb.TransactionHeader()
txn_header.ParseFromString(txn.header)
self.assertEqual(public_key, txn_header.signer_public_key)
self.assertEqual('sawtooth_validator_registry', txn_header.family_name)
payload = vr_pb.ValidatorRegistryPayload()
payload.ParseFromString(txn.payload)
self._assert_key_state(payload.signup_info.poet_public_key)
def _register_signup_information(self, block_header, poet_enclave_module):
# Create signup information for this validator, putting the block ID
# of the block previous to the block referenced by block_header in the
# nonce. Block ID is better than wait certificate ID for testing
# freshness as we need to account for non-PoET blocks.
public_key_hash = \
hashlib.sha256(
block_header.signer_pubkey.encode()).hexdigest()
nonce = SignupInfo.block_id_to_nonce(block_header.previous_block_id)
signup_info = \
SignupInfo.create_signup_info(
poet_enclave_module=poet_enclave_module,
originator_public_key_hash=public_key_hash,
nonce=nonce)
# Create the validator registry payload
payload = \
vr_pb.ValidatorRegistryPayload(
verb='register',
name='validator-{}'.format(block_header.signer_pubkey[:8]),
id=block_header.signer_pubkey,
signup_info=vr_pb.SignUpInfo(
poet_public_key=signup_info.poet_public_key,
proof_data=signup_info.proof_data,
anti_sybil_id=signup_info.anti_sybil_id,
nonce=nonce),
)
serialized = payload.SerializeToString()
# Create the address that will be used to look up this validator
# registry transaction. Seems like a potential for refactoring..
validator_entry_address = \
PoetBlockPublisher._validator_registry_namespace + \
hashlib.sha256(block_header.signer_pubkey.encode()).hexdigest()
# Create a transaction header and transaction for the validator
# registry update amd then hand it off to the batch publisher to
# send out.
output_addresses = \
[validator_entry_address,
PoetBlockPublisher._validator_map_address]
input_addresses = \
output_addresses + \
[SettingsView.setting_address(
'sawtooth.poet.report_public_key_pem'),
SettingsView.setting_address(
'sawtooth.poet.valid_enclave_measurements'),
SettingsView.setting_address(
'sawtooth.poet.valid_enclave_basenames')]
header = \
txn_pb.TransactionHeader(
signer_pubkey=block_header.signer_pubkey,
family_name='sawtooth_validator_registry',
family_version='1.0',
inputs=input_addresses,
outputs=output_addresses,
dependencies=[],
payload_sha512=hashlib.sha512(serialized).hexdigest(),
batcher_pubkey=block_header.signer_pubkey,
nonce=time.time().hex().encode()).SerializeToString()
signature = \
signing.sign(header, self._batch_publisher.identity_signing_key)
transaction = \
txn_pb.Transaction(
header=header,
payload=serialized,
header_signature=signature)
LOGGER.info(
'Register Validator Name=%s, ID=%s...%s, PoET public key=%s...%s, '
'Nonce=%s',
payload.name,
payload.id[:8],
payload.id[-8:],
payload.signup_info.poet_public_key[:8],
payload.signup_info.poet_public_key[-8:],
nonce)
self._batch_publisher.send([transaction])
# Store the key state so that we can look it up later if need be and
# set the new key as our active key
LOGGER.info(
'Save key state PPK=%s...%s => SSD=%s...%s',
signup_info.poet_public_key[:8],
signup_info.poet_public_key[-8:],
signup_info.sealed_signup_data[:8],
signup_info.sealed_signup_data[-8:])
self._poet_key_state_store[signup_info.poet_public_key] = \
PoetKeyState(
sealed_signup_data=signup_info.sealed_signup_data,
has_been_refreshed=False)
self._poet_key_state_store.active_key = signup_info.poet_public_key
def do_genesis(args):
"""Executes the `poet genesis` subcommand.
This command generates a validator registry transaction and saves it to a
file, whose location is determined by the args. The signup data, generated
by the selected enclave, is also stored in a well-known location.
"""
if args.enclave_module == 'simulator':
module_name = SIMUATOR_MODULE
elif args.enclave_module == 'sgx':
module_name = SGX_MODULE
else:
raise AssertionError('Unknown enclave module: {}'.format(
args.enclave_module))
try:
poet_enclave_module = importlib.import_module(module_name)
except ImportError as e:
raise AssertionError(str(e))
poet_enclave_module.initialize(**{})
pubkey, signing_key = _read_signing_keys(args.key)
public_key_hash = sha256(pubkey.encode()).hexdigest()
signup_info = SignupInfo.create_signup_info(
poet_enclave_module=poet_enclave_module,
validator_address=pubkey,
originator_public_key_hash=public_key_hash,
nonce=NULL_BLOCK_IDENTIFIER)
print('Writing key state for PoET public key: {}...{}'.format(
signup_info.poet_public_key[:8], signup_info.poet_public_key[-8:]))
# Store the newly-created PoET key state, associating it with its
# corresponding public key
poet_key_state_store = \
PoetKeyStateStore(
data_dir=config.get_data_dir(),
validator_id=pubkey)
poet_key_state_store[signup_info.poet_public_key] = \
PoetKeyState(
sealed_signup_data=signup_info.sealed_signup_data,
has_been_refreshed=False)
# Create the validator registry payload
payload = \
vr_pb.ValidatorRegistryPayload(
verb='register',
name='validator-{}'.format(pubkey[:8]),
id=pubkey,
signup_info=vr_pb.SignUpInfo(
poet_public_key=signup_info.poet_public_key,
proof_data=signup_info.proof_data,
anti_sybil_id=signup_info.anti_sybil_id,
nonce=NULL_BLOCK_IDENTIFIER))
serialized = payload.SerializeToString()
# Create the address that will be used to look up this validator
# registry transaction. Seems like a potential for refactoring..
validator_entry_address = \
VR_NAMESPACE + sha256(pubkey.encode()).hexdigest()
# Create a transaction header and transaction for the validator
# registry update amd then hand it off to the batch publisher to
# send out.
addresses = [validator_entry_address, VALIDATOR_MAP_ADDRESS]
header = \
txn_pb.TransactionHeader(
signer_pubkey=pubkey,
family_name='sawtooth_validator_registry',
family_version='1.0',
inputs=addresses,
outputs=addresses,
dependencies=[],
payload_encoding="application/protobuf",
payload_sha512=sha512(serialized).hexdigest(),
batcher_pubkey=pubkey,
nonce=time.time().hex().encode()).SerializeToString()
signature = signing.sign(header, signing_key)
transaction = \
txn_pb.Transaction(
header=header,
payload=serialized,
header_signature=signature)
batch = _create_batch(pubkey, signing_key, [transaction])
batch_list = batch_pb.BatchList(batches=[batch])
try:
print('Generating {}'.format(args.output))
with open(args.output, 'wb') as batch_file:
batch_file.write(batch_list.SerializeToString())
except IOError as e:
raise CliException('Unable to write to batch file: {}'.format(str(e)))
def do_create(args):
"""Executes the `poet registration` subcommand.
This command generates a validator registry transaction and saves it to a
file, whose location is determined by the args. The signup data, generated
by the selected enclave, is also stored in a well-known location.
"""
signer = _read_signer(args.key)
public_key = signer.get_public_key().as_hex()
public_key_hash = sha256(public_key.encode()).hexdigest()
with PoetEnclaveModuleWrapper(
enclave_module=args.enclave_module,
config_dir=config.get_config_dir(),
data_dir=config.get_data_dir()) as poet_enclave_module:
signup_info = SignupInfo.create_signup_info(
poet_enclave_module=poet_enclave_module,
originator_public_key_hash=public_key_hash,
nonce=SignupInfo.block_id_to_nonce(args.block))
print('Writing key state for PoET public key: {}...{}'.format(
signup_info.poet_public_key[:8], signup_info.poet_public_key[-8:]))
# Store the newly-created PoET key state, associating it with its
# corresponding public key
poet_key_state_store = \
PoetKeyStateStore(
data_dir=config.get_data_dir(),
validator_id=public_key)
poet_key_state_store[signup_info.poet_public_key] = \
PoetKeyState(
sealed_signup_data=signup_info.sealed_signup_data,
has_been_refreshed=False)
# Create the validator registry payload
payload = \
vr_pb.ValidatorRegistryPayload(
verb='register',
name='validator-{}'.format(public_key[:8]),
id=public_key,
signup_info=vr_pb.SignUpInfo(
poet_public_key=signup_info.poet_public_key,
proof_data=signup_info.proof_data,
anti_sybil_id=signup_info.anti_sybil_id,
nonce=SignupInfo.block_id_to_nonce(args.block)))
serialized = payload.SerializeToString()
# Create the address that will be used to look up this validator
# registry transaction. Seems like a potential for refactoring..
validator_entry_address = \
VR_NAMESPACE + sha256(public_key.encode()).hexdigest()
# Create a transaction header and transaction for the validator
# registry update amd then hand it off to the batch publisher to
# send out.
output_addresses = [validator_entry_address, VALIDATOR_MAP_ADDRESS]
input_addresses = \
output_addresses + \
[SettingsView.setting_address('sawtooth.poet.report_public_key_pem'),
SettingsView.setting_address('sawtooth.poet.'
'valid_enclave_measurements'),
SettingsView.setting_address('sawtooth.poet.valid_enclave_basenames')]
header = \
txn_pb.TransactionHeader(
signer_public_key=public_key,
family_name='sawtooth_validator_registry',
family_version='1.0',
inputs=input_addresses,
outputs=output_addresses,
dependencies=[],
payload_sha512=sha512(serialized).hexdigest(),
batcher_public_key=public_key,
nonce=time.time().hex().encode()).SerializeToString()
signature = signer.sign(header)
transaction = \
txn_pb.Transaction(
header=header,
payload=serialized,
header_signature=signature)
batch = _create_batch(signer, [transaction])
batch_list = batch_pb.BatchList(batches=[batch])
try:
print('Generating {}'.format(args.output))
with open(args.output, 'wb') as batch_file:
batch_file.write(batch_list.SerializeToString())
except IOError as e:
raise CliException('Unable to write to batch file: {}'.format(str(e)))
def _register_signup_information(self, block_header, poet_enclave_module):
# Find the most-recent block in the block cache, if such a block
# exists, and get its wait certificate ID
wait_certificate_id = NULL_BLOCK_IDENTIFIER
most_recent_block = self._block_cache.block_store.chain_head
if most_recent_block is not None:
wait_certificate = \
utils.deserialize_wait_certificate(
block=most_recent_block,
poet_enclave_module=poet_enclave_module)
if wait_certificate is not None:
wait_certificate_id = wait_certificate.identifier
# Create signup information for this validator
public_key_hash = \
hashlib.sha256(
block_header.signer_pubkey.encode()).hexdigest()
signup_info = \
SignupInfo.create_signup_info(
poet_enclave_module=poet_enclave_module,
validator_address=block_header.signer_pubkey,
originator_public_key_hash=public_key_hash,
most_recent_wait_certificate_id=wait_certificate_id)
# Create the validator registry payload
payload = \
vr_pb.ValidatorRegistryPayload(
verb='register',
name='validator-{}'.format(block_header.signer_pubkey[:8]),
id=block_header.signer_pubkey,
signup_info=vr_pb.SignUpInfo(
poet_public_key=signup_info.poet_public_key,
proof_data=signup_info.proof_data,
anti_sybil_id=signup_info.anti_sybil_id),
)
serialized = payload.SerializeToString()
# Create the address that will be used to look up this validator
# registry transaction. Seems like a potential for refactoring..
validator_entry_address = \
PoetBlockPublisher._validator_registry_namespace + \
hashlib.sha256(block_header.signer_pubkey.encode()).hexdigest()
# Create a transaction header and transaction for the validator
# registry update amd then hand it off to the batch publisher to
# send out.
addresses = \
[validator_entry_address,
PoetBlockPublisher._validator_map_address]
header = \
txn_pb.TransactionHeader(
signer_pubkey=block_header.signer_pubkey,
family_name='sawtooth_validator_registry',
family_version='1.0',
inputs=addresses,
outputs=addresses,
dependencies=[],
payload_encoding="application/protobuf",
payload_sha512=hashlib.sha512(serialized).hexdigest(),
batcher_pubkey=block_header.signer_pubkey,
nonce=time.time().hex().encode()).SerializeToString()
signature = \
signing.sign(header, self._batch_publisher.identity_signing_key)
transaction = \
txn_pb.Transaction(
header=header,
payload=serialized,
header_signature=signature)
LOGGER.info(
'Register Validator Name=%s, ID=%s...%s, PoET public key=%s...%s',
payload.name, payload.id[:8], payload.id[-8:],
payload.signup_info.poet_public_key[:8],
payload.signup_info.poet_public_key[-8:])
self._batch_publisher.send([transaction])
# Store the key state so that we can look it up later if need be
LOGGER.info('Save key state PPK=%s...%s => SSD=%s...%s',
signup_info.poet_public_key[:8],
signup_info.poet_public_key[-8:],
signup_info.sealed_signup_data[:8],
signup_info.sealed_signup_data[-8:])
self._poet_key_state_store[signup_info.poet_public_key] = \
PoetKeyState(
sealed_signup_data=signup_info.sealed_signup_data,
has_been_refreshed=False)
# Cache the PoET public key in a class to indicate that this is the
# current public key for the PoET enclave
PoetBlockPublisher._poet_public_key = signup_info.poet_public_key
