def initialize_block(self, block_header):
"""Do initialization necessary for the consensus to claim a block,
this may include initiating voting activities, starting proof of work
hash generation, or create a PoET wait timer.
Args:
block_header (BlockHeader): The BlockHeader to initialize.
Returns:
Boolean: True if the candidate block should be built. False if
no candidate should be built.
"""
# If the previous block ID matches our cached one, that means that we
# have already determined that even if we initialize the requested
# block we would not be able to claim it. So, instead of wasting time
# doing all of the checking again, simply short-circuit the failure so
# that the validator can go do something more useful.
if block_header.previous_block_id == \
PoetBlockPublisher._previous_block_id:
return False
PoetBlockPublisher._previous_block_id = block_header.previous_block_id
# Using the current chain head, we need to create a state view so we
# can create a PoET enclave.
state_view = \
BlockWrapper.state_view_for_block(
block_wrapper=self._block_cache.block_store.chain_head,
state_view_factory=self._state_view_factory)
poet_enclave_module = \
factory.PoetEnclaveFactory.get_poet_enclave_module(
state_view=state_view,
config_dir=self._config_dir,
data_dir=self._data_dir)
# Get our validator registry entry to see what PoET public key
# other validators think we are using.
validator_registry_view = ValidatorRegistryView(state_view)
validator_info = None
try:
validator_id = block_header.signer_pubkey
validator_info = \
validator_registry_view.get_validator_info(
validator_id=validator_id)
except KeyError:
pass
# If we don't have a validator registry entry, then check the active
# key. If we don't have one, then we need to sign up. If we do have
# one, then our validator registry entry has not percolated through the
# system, so nothing to to but wait.
active_poet_public_key = self._poet_key_state_store.active_key
if validator_info is None:
if active_poet_public_key is None:
LOGGER.debug(
'No public key found, so going to register new signup '
'information')
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Retrieve the key state corresponding to the PoET public key in our
# validator registry entry.
poet_key_state = None
try:
poet_key_state = \
self._poet_key_state_store[
validator_info.signup_info.poet_public_key]
except (ValueError, KeyError):
pass
# If there is no key state associated with the PoET public key that
# other validators think we should be using, then we need to create
# new signup information as we have no way whatsoever to publish
# blocks that other validators will accept.
if poet_key_state is None:
LOGGER.debug(
'PoET public key %s...%s in validator registry not found in '
'key state store. Sign up again',
validator_info.signup_info.poet_public_key[:8],
validator_info.signup_info.poet_public_key[-8:])
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
# We need to put fake information in the key state store for the
# PoET public key the other validators think we are using so that
# we don't try to keep signing up. However, we are going to mark
# that key state store entry as being refreshed so that we will
# never actually try to use it.
dummy_data = b64encode(b'No sealed signup data').decode('utf-8')
self._poet_key_state_store[
validator_info.signup_info.poet_public_key] = \
PoetKeyState(
sealed_signup_data=dummy_data,
has_been_refreshed=True)
return False
# Check the key state. If it is marked as being refreshed, then we are
# waiting until our PoET public key is updated in the validator
# registry and therefore we cannot publish any blocks.
if poet_key_state.has_been_refreshed:
LOGGER.debug(
'PoET public key %s...%s has been refreshed. Wait for new '
'key to show up in validator registry.',
validator_info.signup_info.poet_public_key[:8],
validator_info.signup_info.poet_public_key[-8:])
return False
# If the PoET public key in the validator registry is not the active
# one, then we need to switch the active key in the key state store.
if validator_info.signup_info.poet_public_key != \
active_poet_public_key:
active_poet_public_key = validator_info.signup_info.poet_public_key
self._poet_key_state_store.active_key = active_poet_public_key
# Ensure that the enclave is using the appropriate keys
try:
unsealed_poet_public_key = \
SignupInfo.unseal_signup_data(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=poet_key_state.sealed_signup_data)
except SystemError:
# Signup data is unuseable
LOGGER.error(
'Could not unseal signup data associated with PPK: %s..%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
self._poet_key_state_store.active_key = None
return False
assert active_poet_public_key == unsealed_poet_public_key
LOGGER.debug(
'Using PoET public key: %s...%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
LOGGER.debug(
'Unseal signup data: %s...%s',
poet_key_state.sealed_signup_data[:8],
poet_key_state.sealed_signup_data[-8:])
consensus_state = \
ConsensusState.consensus_state_for_block_id(
block_id=block_header.previous_block_id,
block_cache=self._block_cache,
state_view_factory=self._state_view_factory,
consensus_state_store=self._consensus_state_store,
poet_enclave_module=poet_enclave_module)
poet_settings_view = PoetSettingsView(state_view)
# If our signup information does not pass the freshness test, then we
# know that other validators will reject any blocks we try to claim so
# we need to try to sign up again.
if consensus_state.validator_signup_was_committed_too_late(
validator_info=validator_info,
poet_settings_view=poet_settings_view,
block_cache=self._block_cache):
LOGGER.info(
'Reject building on block %s: Validator signup information '
'not committed in a timely manner.',
block_header.previous_block_id[:8])
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Using the consensus state for the block upon which we want to
# build, check to see how many blocks we have claimed on this chain
# with this PoET key. If we have hit the key block claim limit, then
# we need to check if the key has been refreshed.
if consensus_state.validator_has_claimed_block_limit(
validator_info=validator_info,
poet_settings_view=poet_settings_view):
# Because we have hit the limit, check to see if we have already
# submitted a validator registry transaction with new signup
# information, and therefore a new PoET public key. If not, then
# mark this PoET public key in the store as having been refreshed
# and register new signup information. Regardless, since we have
# hit the key block claim limit, we won't even bother initializing
# a block on this chain as it will be rejected by other
# validators.
poet_key_state = self._poet_key_state_store[active_poet_public_key]
if not poet_key_state.has_been_refreshed:
LOGGER.info(
'Reached block claim limit for key: %s...%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
sealed_signup_data = poet_key_state.sealed_signup_data
self._poet_key_state_store[active_poet_public_key] = \
PoetKeyState(
sealed_signup_data=sealed_signup_data,
has_been_refreshed=True)
# Release enclave resources for this identity
# This signup will be invalid on all forks that use it,
# even if there is a rollback to a point it should be valid.
# A more sophisticated policy would be to release signups
# only at a block depth where finality probability
# is high.
SignupInfo.release_signup_data(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=sealed_signup_data)
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
LOGGER.info(
'Reject building on block %s: Validator has reached maximum '
'number of blocks with key pair.',
block_header.previous_block_id[:8])
return False
# Verify that we are abiding by the block claim delay (i.e., waiting a
# certain number of blocks since our validator registry was added/
# updated).
if consensus_state.validator_is_claiming_too_early(
validator_info=validator_info,
block_number=block_header.block_num,
validator_registry_view=validator_registry_view,
poet_settings_view=poet_settings_view,
block_store=self._block_cache.block_store):
LOGGER.info(
'Reject building on block %s: Validator has not waited long '
'enough since registering validator information.',
block_header.previous_block_id[:8])
return False
# We need to create a wait timer for the block...this is what we
# will check when we are asked if it is time to publish the block
poet_key_state = self._poet_key_state_store[active_poet_public_key]
sealed_signup_data = poet_key_state.sealed_signup_data
previous_certificate_id = \
utils.get_previous_certificate_id(
block_header=block_header,
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module)
wait_timer = \
WaitTimer.create_wait_timer(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=sealed_signup_data,
validator_address=block_header.signer_pubkey,
previous_certificate_id=previous_certificate_id,
consensus_state=consensus_state,
poet_settings_view=poet_settings_view)
# NOTE - we do the zTest after we create the wait timer because we
# need its population estimate to see if this block would be accepted
# by other validators based upon the zTest.
# Check to see if by chance we were to be able to claim this block
# if it would result in us winning more frequently than statistically
# expected. If so, then refuse to initialize the block because other
# validators will not accept anyway.
if consensus_state.validator_is_claiming_too_frequently(
validator_info=validator_info,
previous_block_id=block_header.previous_block_id,
poet_settings_view=poet_settings_view,
population_estimate=wait_timer.population_estimate(
poet_settings_view=poet_settings_view),
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module):
LOGGER.info(
'Reject building on block %s: Validator is claiming blocks '
'too frequently.',
block_header.previous_block_id[:8])
return False
# At this point, we know that if we are able to claim the block we are
# initializing, we will not be prevented from doing so because of PoET
# policies.
self._wait_timer = wait_timer
PoetBlockPublisher._previous_block_id = None
LOGGER.debug('Created wait timer: %s', self._wait_timer)
return True
def initialize_block(self, block_header):
"""Do initialization necessary for the consensus to claim a block,
this may include initiating voting activities, starting proof of work
hash generation, or create a PoET wait timer.
Args:
block_header (BlockHeader): The BlockHeader to initialize.
Returns:
Boolean: True if the candidate block should be built. False if
no candidate should be built.
"""
# If the previous block ID matches our cached one, that means that we
# have already determined that even if we initialize the requested
# block we would not be able to claim it. So, instead of wasting time
# doing all of the checking again, simply short-circuit the failure so
# that the validator can go do something more useful.
if block_header.previous_block_id == \
PoetBlockPublisher._previous_block_id:
return False
PoetBlockPublisher._previous_block_id = block_header.previous_block_id
# Using the current chain head, we need to create a state view so we
# can create a PoET enclave.
state_view = \
BlockWrapper.state_view_for_block(
block_wrapper=self._block_cache.block_store.chain_head,
state_view_factory=self._state_view_factory)
poet_enclave_module = \
factory.PoetEnclaveFactory.get_poet_enclave_module(
state_view=state_view,
config_dir=self._config_dir,
data_dir=self._data_dir)
# Get our validator registry entry to see what PoET public key
# other validators think we are using.
validator_registry_view = ValidatorRegistryView(state_view)
validator_info = None
try:
validator_id = block_header.signer_public_key
validator_info = \
validator_registry_view.get_validator_info(
validator_id=validator_id)
except KeyError:
pass
# If we don't have a validator registry entry, then check the active
# key. If we don't have one, then we need to sign up. If we do have
# one, then our validator registry entry has not percolated through the
# system, so nothing to to but wait.
active_poet_public_key = self._poet_key_state_store.active_key
if validator_info is None:
if active_poet_public_key is None:
LOGGER.debug(
'No public key found, so going to register new signup '
'information')
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
else: # Check if we need to give up on this registration attempt
try:
nonce = self._poet_key_state_store[
active_poet_public_key].signup_nonce
except (ValueError, AttributeError):
self._poet_key_state_store.active_key = None
LOGGER.warning('Poet Key State Store had inaccessible or '
'corrupt active key [%s] clearing '
'key.', active_poet_public_key)
return False
self._handle_registration_timeout(
block_header=block_header,
poet_enclave_module=poet_enclave_module,
state_view=state_view,
signup_nonce=nonce,
poet_public_key=active_poet_public_key
)
return False
# Retrieve the key state corresponding to the PoET public key in our
# validator registry entry.
poet_key_state = None
try:
poet_key_state = \
self._poet_key_state_store[
validator_info.signup_info.poet_public_key]
except (ValueError, KeyError):
pass
# If there is no key state associated with the PoET public key that
# other validators think we should be using, then we need to create
# new signup information as we have no way whatsoever to publish
# blocks that other validators will accept.
if poet_key_state is None:
LOGGER.debug(
'PoET public key %s...%s in validator registry not found in '
'key state store. Sign up again',
validator_info.signup_info.poet_public_key[:8],
validator_info.signup_info.poet_public_key[-8:])
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
# We need to put fake information in the key state store for the
# PoET public key the other validators think we are using so that
# we don't try to keep signing up. However, we are going to mark
# that key state store entry as being refreshed so that we will
# never actually try to use it.
dummy_data = b64encode(b'No sealed signup data').decode('utf-8')
self._poet_key_state_store[
validator_info.signup_info.poet_public_key] = \
PoetKeyState(
sealed_signup_data=dummy_data,
has_been_refreshed=True,
signup_nonce='unknown')
return False
# Check the key state. If it is marked as being refreshed, then we are
# waiting until our PoET public key is updated in the validator
# registry and therefore we cannot publish any blocks.
if poet_key_state.has_been_refreshed:
LOGGER.debug(
'PoET public key %s...%s has been refreshed. Wait for new '
'key to show up in validator registry.',
validator_info.signup_info.poet_public_key[:8],
validator_info.signup_info.poet_public_key[-8:])
# Check if we need to give up on this registration attempt
self._handle_registration_timeout(
block_header=block_header,
poet_enclave_module=poet_enclave_module,
state_view=state_view,
signup_nonce=poet_key_state.signup_nonce,
poet_public_key=active_poet_public_key
)
return False
# If the PoET public key in the validator registry is not the active
# one, then we need to switch the active key in the key state store.
if validator_info.signup_info.poet_public_key != \
active_poet_public_key:
active_poet_public_key = validator_info.signup_info.poet_public_key
self._poet_key_state_store.active_key = active_poet_public_key
# Ensure that the enclave is using the appropriate keys
try:
unsealed_poet_public_key = \
SignupInfo.unseal_signup_data(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=poet_key_state.sealed_signup_data)
except SystemError:
# Signup data is unuseable
LOGGER.error(
'Could not unseal signup data associated with PPK: %s..%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
self._poet_key_state_store.active_key = None
return False
assert active_poet_public_key == unsealed_poet_public_key
LOGGER.debug(
'Using PoET public key: %s...%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
LOGGER.debug(
'Unseal signup data: %s...%s',
poet_key_state.sealed_signup_data[:8],
poet_key_state.sealed_signup_data[-8:])
consensus_state = \
ConsensusState.consensus_state_for_block_id(
block_id=block_header.previous_block_id,
block_cache=self._block_cache,
state_view_factory=self._state_view_factory,
consensus_state_store=self._consensus_state_store,
poet_enclave_module=poet_enclave_module)
poet_settings_view = PoetSettingsView(state_view)
# If our signup information does not pass the freshness test, then we
# know that other validators will reject any blocks we try to claim so
# we need to try to sign up again.
if consensus_state.validator_signup_was_committed_too_late(
validator_info=validator_info,
poet_settings_view=poet_settings_view,
block_cache=self._block_cache):
LOGGER.info(
'Reject building on block %s: Validator signup information '
'not committed in a timely manner.',
block_header.previous_block_id[:8])
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Using the consensus state for the block upon which we want to
# build, check to see how many blocks we have claimed on this chain
# with this PoET key. If we have hit the key block claim limit, then
# we need to check if the key has been refreshed.
if consensus_state.validator_has_claimed_block_limit(
validator_info=validator_info,
poet_settings_view=poet_settings_view):
# Because we have hit the limit, check to see if we have already
# submitted a validator registry transaction with new signup
# information, and therefore a new PoET public key. If not, then
# mark this PoET public key in the store as having been refreshed
# and register new signup information. Regardless, since we have
# hit the key block claim limit, we won't even bother initializing
# a block on this chain as it will be rejected by other
# validators.
poet_key_state = self._poet_key_state_store[active_poet_public_key]
if not poet_key_state.has_been_refreshed:
LOGGER.info(
'Reached block claim limit for key: %s...%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
sealed_signup_data = poet_key_state.sealed_signup_data
signup_nonce = poet_key_state.signup_nonce
self._poet_key_state_store[active_poet_public_key] = \
PoetKeyState(
sealed_signup_data=sealed_signup_data,
has_been_refreshed=True,
signup_nonce=signup_nonce)
# Release enclave resources for this identity
# This signup will be invalid on all forks that use it,
# even if there is a rollback to a point it should be valid.
# A more sophisticated policy would be to release signups
# only at a block depth where finality probability
# is high.
SignupInfo.release_signup_data(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=sealed_signup_data)
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
LOGGER.info(
'Reject building on block %s: Validator has reached maximum '
'number of blocks with key pair.',
block_header.previous_block_id[:8])
return False
# Verify that we are abiding by the block claim delay (i.e., waiting a
# certain number of blocks since our validator registry was added/
# updated).
if consensus_state.validator_is_claiming_too_early(
validator_info=validator_info,
block_number=block_header.block_num,
validator_registry_view=validator_registry_view,
poet_settings_view=poet_settings_view,
block_store=self._block_cache.block_store):
LOGGER.info(
'Reject building on block %s: Validator has not waited long '
'enough since registering validator information.',
block_header.previous_block_id[:8])
return False
# We need to create a wait timer for the block...this is what we
# will check when we are asked if it is time to publish the block
poet_key_state = self._poet_key_state_store[active_poet_public_key]
sealed_signup_data = poet_key_state.sealed_signup_data
previous_certificate_id = \
utils.get_previous_certificate_id(
block_header=block_header,
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module)
wait_timer = \
WaitTimer.create_wait_timer(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=sealed_signup_data,
validator_address=block_header.signer_public_key,
previous_certificate_id=previous_certificate_id,
consensus_state=consensus_state,
poet_settings_view=poet_settings_view)
# NOTE - we do the zTest after we create the wait timer because we
# need its population estimate to see if this block would be accepted
# by other validators based upon the zTest.
# Check to see if by chance we were to be able to claim this block
# if it would result in us winning more frequently than statistically
# expected. If so, then refuse to initialize the block because other
# validators will not accept anyway.
if consensus_state.validator_is_claiming_too_frequently(
validator_info=validator_info,
previous_block_id=block_header.previous_block_id,
poet_settings_view=poet_settings_view,
population_estimate=wait_timer.population_estimate(
poet_settings_view=poet_settings_view),
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module):
LOGGER.info(
'Reject building on block %s: '
'Validator (signing public key: %s) is claiming blocks '
'too frequently.',
block_header.previous_block_id[:8],
block_header.signer_public_key)
return False
# At this point, we know that if we are able to claim the block we are
# initializing, we will not be prevented from doing so because of PoET
# policies.
self._wait_timer = wait_timer
PoetBlockPublisher._previous_block_id = None
LOGGER.debug('Created wait timer: %s', self._wait_timer)
return True
def verify_block(self, block_wrapper):
"""Check that the block received conforms to the consensus rules.
Args:
block_wrapper (BlockWrapper): The block to validate.
Returns:
Boolean: True if the Block is valid, False if the block is invalid.
"""
# Get the state view for the previous block in the chain so we can
# create a PoET enclave and validator registry view
previous_block = None
try:
previous_block = \
self._block_cache[block_wrapper.previous_block_id]
except KeyError:
pass
state_view = \
BlockWrapper.state_view_for_block(
block_wrapper=previous_block,
state_view_factory=self._state_view_factory)
poet_enclave_module = \
factory.PoetEnclaveFactory.get_poet_enclave_module(
state_view=state_view,
config_dir=self._config_dir)
validator_registry_view = ValidatorRegistryView(state_view)
# Grab the validator info based upon the block signer's public
# key
try:
validator_info = \
validator_registry_view.get_validator_info(
block_wrapper.header.signer_pubkey)
except KeyError:
LOGGER.error(
'Block %s rejected: Received block from an unregistered '
'validator %s...%s',
block_wrapper.identifier[:8],
block_wrapper.header.signer_pubkey[:8],
block_wrapper.header.signer_pubkey[-8:])
return False
LOGGER.debug(
'Block Signer Name=%s, ID=%s...%s, PoET public key='
'%s...%s',
validator_info.name,
validator_info.id[:8],
validator_info.id[-8:],
validator_info.signup_info.poet_public_key[:8],
validator_info.signup_info.poet_public_key[-8:])
# For the candidate block, reconstitute the wait certificate
# and verify that it is valid
wait_certificate = \
utils.deserialize_wait_certificate(
block=block_wrapper,
poet_enclave_module=poet_enclave_module)
if wait_certificate is None:
LOGGER.error(
'Block %s rejected: Block from validator %s (ID=%s...%s) was '
'not created by PoET consensus module',
block_wrapper.identifier[:8],
validator_info.name,
validator_info.id[:8],
validator_info.id[-8:])
return False
# Get the consensus state and PoET configuration view for the block
# that is being built upon
consensus_state = \
ConsensusState.consensus_state_for_block_id(
block_id=block_wrapper.previous_block_id,
block_cache=self._block_cache,
state_view_factory=self._state_view_factory,
consensus_state_store=self._consensus_state_store,
poet_enclave_module=poet_enclave_module)
poet_config_view = PoetConfigView(state_view=state_view)
previous_certificate_id = \
utils.get_previous_certificate_id(
block_header=block_wrapper.header,
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module)
try:
wait_certificate.check_valid(
poet_enclave_module=poet_enclave_module,
previous_certificate_id=previous_certificate_id,
poet_public_key=validator_info.signup_info.poet_public_key,
consensus_state=consensus_state,
poet_config_view=poet_config_view)
except ValueError as error:
LOGGER.error(
'Block %s rejected: Wait certificate check failed - %s',
block_wrapper.identifier[:8],
error)
return False
# Reject the block if the validator signup information fails the
# freshness check.
if consensus_state.validator_signup_was_committed_too_late(
validator_info=validator_info,
poet_config_view=poet_config_view,
block_cache=self._block_cache):
LOGGER.error(
'Block %s rejected: Validator signup information not '
'committed in a timely manner.',
block_wrapper.identifier[:8])
return False
# Reject the block if the validator has already claimed the key bock
# limit for its current PoET key pair.
if consensus_state.validator_has_claimed_block_limit(
validator_info=validator_info,
poet_config_view=poet_config_view):
LOGGER.error(
'Block %s rejected: Validator has reached maximum number of '
'blocks with key pair.',
block_wrapper.identifier[:8])
return False
# Reject the block if the validator has not waited the required number
# of blocks between when the block containing its validator registry
# transaction was committed to the chain and trying to claim this
# block
if consensus_state.validator_is_claiming_too_early(
validator_info=validator_info,
block_number=block_wrapper.block_num,
validator_registry_view=validator_registry_view,
poet_config_view=poet_config_view,
block_store=self._block_cache.block_store):
LOGGER.error(
'Block %s rejected: Validator has not waited long enough '
'since registering validator information.',
block_wrapper.identifier[:8])
return False
# Reject the block if the validator is claiming blocks at a rate that
# is more frequent than is statistically allowed (i.e., zTest)
if consensus_state.validator_is_claiming_too_frequently(
validator_info=validator_info,
previous_block_id=block_wrapper.previous_block_id,
poet_config_view=poet_config_view,
population_estimate=wait_certificate.population_estimate(
poet_config_view=poet_config_view),
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module):
LOGGER.error(
'Block %s rejected: Validator is claiming blocks too '
'frequently.',
block_wrapper.identifier[:8])
return False
return True
def verify_block(self, block_wrapper):
"""Check that the block received conforms to the consensus rules.
Args:
block_wrapper (BlockWrapper): The block to validate.
Returns:
Boolean: True if the Block is valid, False if the block is invalid.
"""
# Get the state view for the previous block in the chain so we can
# create a PoET enclave and validator registry view
previous_block = None
try:
previous_block = \
self._block_cache[block_wrapper.previous_block_id]
except KeyError:
pass
state_view = \
BlockWrapper.state_view_for_block(
block_wrapper=previous_block,
state_view_factory=self._state_view_factory)
poet_enclave_module = \
factory.PoetEnclaveFactory.get_poet_enclave_module(
state_view=state_view,
config_dir=self._config_dir,
data_dir=self._data_dir)
validator_registry_view = ValidatorRegistryView(state_view)
# Grab the validator info based upon the block signer's public
# key
try:
validator_info = \
validator_registry_view.get_validator_info(
block_wrapper.header.signer_public_key)
except KeyError:
LOGGER.error(
'Block %s rejected: Received block from an unregistered '
'validator %s...%s',
block_wrapper.identifier[:8],
block_wrapper.header.signer_public_key[:8],
block_wrapper.header.signer_public_key[-8:])
return False
LOGGER.debug(
'Block Signer Name=%s, ID=%s...%s, PoET public key='
'%s...%s',
validator_info.name,
validator_info.id[:8],
validator_info.id[-8:],
validator_info.signup_info.poet_public_key[:8],
validator_info.signup_info.poet_public_key[-8:])
# For the candidate block, reconstitute the wait certificate
# and verify that it is valid
wait_certificate = \
utils.deserialize_wait_certificate(
block=block_wrapper,
poet_enclave_module=poet_enclave_module)
if wait_certificate is None:
LOGGER.error(
'Block %s rejected: Block from validator %s (ID=%s...%s) was '
'not created by PoET consensus module',
block_wrapper.identifier[:8],
validator_info.name,
validator_info.id[:8],
validator_info.id[-8:])
return False
# Get the consensus state and PoET configuration view for the block
# that is being built upon
consensus_state = \
ConsensusState.consensus_state_for_block_id(
block_id=block_wrapper.previous_block_id,
block_cache=self._block_cache,
state_view_factory=self._state_view_factory,
consensus_state_store=self._consensus_state_store,
poet_enclave_module=poet_enclave_module)
poet_settings_view = PoetSettingsView(state_view=state_view)
previous_certificate_id = \
utils.get_previous_certificate_id(
block_header=block_wrapper.header,
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module)
try:
wait_certificate.check_valid(
poet_enclave_module=poet_enclave_module,
previous_certificate_id=previous_certificate_id,
poet_public_key=validator_info.signup_info.poet_public_key,
consensus_state=consensus_state,
poet_settings_view=poet_settings_view)
except ValueError as error:
LOGGER.error(
'Block %s rejected: Wait certificate check failed - %s',
block_wrapper.identifier[:8],
error)
return False
# Reject the block if the validator signup information fails the
# freshness check.
if consensus_state.validator_signup_was_committed_too_late(
validator_info=validator_info,
poet_settings_view=poet_settings_view,
block_cache=self._block_cache):
LOGGER.error(
'Block %s rejected: Validator signup information not '
'committed in a timely manner.',
block_wrapper.identifier[:8])
return False
# Reject the block if the validator has already claimed the key block
# limit for its current PoET key pair.
if consensus_state.validator_has_claimed_block_limit(
validator_info=validator_info,
poet_settings_view=poet_settings_view):
LOGGER.error(
'Block %s rejected: Validator has reached maximum number of '
'blocks with key pair.',
block_wrapper.identifier[:8])
return False
# Reject the block if the validator has not waited the required number
# of blocks between when the block containing its validator registry
# transaction was committed to the chain and trying to claim this
# block
if consensus_state.validator_is_claiming_too_early(
validator_info=validator_info,
block_number=block_wrapper.block_num,
validator_registry_view=validator_registry_view,
poet_settings_view=poet_settings_view,
block_store=self._block_cache.block_store):
LOGGER.error(
'Block %s rejected: Validator has not waited long enough '
'since registering validator information.',
block_wrapper.identifier[:8])
return False
# Reject the block if the validator is claiming blocks at a rate that
# is more frequent than is statistically allowed (i.e., zTest)
if consensus_state.validator_is_claiming_too_frequently(
validator_info=validator_info,
previous_block_id=block_wrapper.previous_block_id,
poet_settings_view=poet_settings_view,
population_estimate=wait_certificate.population_estimate(
poet_settings_view=poet_settings_view),
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module):
LOGGER.error(
'Block %s rejected: Validator is claiming blocks too '
'frequently.',
block_wrapper.identifier[:8])
return False
return True
def initialize_block(self, block_header):
"""Do initialization necessary for the consensus to claim a block,
this may include initiating voting activities, starting proof of work
hash generation, or create a PoET wait timer.
Args:
block_header (BlockHeader): The BlockHeader to initialize.
Returns:
Boolean: True if the candidate block should be built. False if
no candidate should be built.
"""
# If the previous block ID matches our cached one, that means that we
# have already determined that even if we initialize the requested
# block we would not be able to claim it. So, instead of wasting time
# doing all of the checking again, simply short-circuit the failure so
# that the validator can go do something more useful.
if block_header.previous_block_id == \
PoetBlockPublisher._previous_block_id:
return False
PoetBlockPublisher._previous_block_id = block_header.previous_block_id
# Using the current chain head, we need to create a state view so we
# can create a PoET enclave.
state_view = \
BlockWrapper.state_view_for_block(
block_wrapper=self._block_cache.block_store.chain_head,
state_view_factory=self._state_view_factory)
poet_enclave_module = \
factory.PoetEnclaveFactory.get_poet_enclave_module(state_view)
# Get our validator registry entry to see what PoET public key
# other validators think we are using.
validator_registry_view = ValidatorRegistryView(state_view)
validator_info = None
try:
validator_id = block_header.signer_pubkey
validator_info = \
validator_registry_view.get_validator_info(
validator_id=validator_id)
except KeyError:
pass
# If we don't have a validator registry entry, then check our cached
# PoET public key. If we don't have one, then we need to sign up.
# If we do have one, then our validator registry entry has not
# percolated through the system, so nothing to to but wait.
if validator_info is None:
if PoetBlockPublisher._poet_public_key is None:
LOGGER.debug(
'No public key found, so going to register new signup '
'information')
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Otherwise, we have a current validator registry entry. In that
# case, we need to make sure that we are using the same PPK that the
# other validators think we are using. If not, then we need to switch
# the PoET enclave to using the correct keys.
elif validator_info.signup_info.poet_public_key != \
PoetBlockPublisher._poet_public_key:
# Retrieve the key state corresponding to the PoET public key and
# use it to re-establish the key used by the enclave.
poet_key_state = \
self._poet_key_state_store[
validator_info.signup_info.poet_public_key]
PoetBlockPublisher._poet_public_key = \
SignupInfo.unseal_signup_data(
poet_enclave_module=poet_enclave_module,
validator_address=block_header.signer_pubkey,
sealed_signup_data=poet_key_state.sealed_signup_data)
assert PoetBlockPublisher._poet_public_key == \
validator_info.signup_info.poet_public_key
LOGGER.debug(
'Switched to public key: %s...%s',
PoetBlockPublisher._poet_public_key[:8],
PoetBlockPublisher._poet_public_key[-8:])
LOGGER.debug(
'Unseal signup data: %s...%s',
poet_key_state.sealed_signup_data[:8],
poet_key_state.sealed_signup_data[-8:])
consensus_state = \
ConsensusState.consensus_state_for_block_id(
block_id=block_header.previous_block_id,
block_cache=self._block_cache,
state_view_factory=self._state_view_factory,
consensus_state_store=self._consensus_state_store,
poet_enclave_module=poet_enclave_module)
poet_config_view = PoetConfigView(state_view)
# If our signup information does not pass the freshness test, then we
# know that other validators will reject any blocks we try to claim so
# we need to try to sign up again.
if consensus_state.validator_signup_was_committed_too_late(
validator_info=validator_info,
poet_config_view=poet_config_view,
block_cache=self._block_cache):
LOGGER.error(
'Reject building on block %s: Validator signup information '
'not committed in a timely manner.',
block_header.previous_block_id[:8])
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Using the consensus state for the block upon which we want to
# build, check to see how many blocks we have claimed on this chain
# with this PoET key. If we have hit the key block claim limit, then
# we need to check if the key has been refreshed.
if consensus_state.validator_has_claimed_block_limit(
validator_info=validator_info,
poet_config_view=poet_config_view):
# Because we have hit the limit, check to see if we have already
# submitted a validator registry transaction with new signup
# information, and therefore a new PoET public key. If not, then
# mark this PoET public key in the store as having been refreshed
# and register new signup information. Regardless, since we have
# hit the key block claim limit, we won't even bother initializing
# a block on this chain as it will be rejected by other
# validators.
poet_key_state = \
self._poet_key_state_store[
PoetBlockPublisher._poet_public_key]
if not poet_key_state.has_been_refreshed:
LOGGER.info(
'Reached block claim limit for key: %s...%s',
PoetBlockPublisher._poet_public_key[:8],
PoetBlockPublisher._poet_public_key[-8:])
sealed_signup_data = poet_key_state.sealed_signup_data
self._poet_key_state_store[
PoetBlockPublisher._poet_public_key] = \
PoetKeyState(
sealed_signup_data=sealed_signup_data,
has_been_refreshed=True)
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
LOGGER.error(
'Reject building on block %s: Validator has reached maximum '
'number of blocks with key pair.',
block_header.previous_block_id[:8])
return False
# Verify that we are abiding by the block claim delay (i.e., waiting a
# certain number of blocks since our validator registry was added/
# updated).
if consensus_state.validator_is_claiming_too_early(
validator_info=validator_info,
block_number=block_header.block_num,
validator_registry_view=validator_registry_view,
poet_config_view=poet_config_view,
block_store=self._block_cache.block_store):
LOGGER.error(
'Reject building on block %s: Validator has not waited long '
'enough since registering validator information.',
block_header.previous_block_id[:8])
return False
# We need to create a wait timer for the block...this is what we
# will check when we are asked if it is time to publish the block
previous_certificate_id = \
utils.get_previous_certificate_id(
block_header=block_header,
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module)
wait_timer = \
WaitTimer.create_wait_timer(
poet_enclave_module=poet_enclave_module,
validator_address=block_header.signer_pubkey,
previous_certificate_id=previous_certificate_id,
consensus_state=consensus_state,
poet_config_view=poet_config_view)
# NOTE - we do the zTest after we create the wait timer because we
# need its population estimate to see if this block would be accepted
# by other validators based upon the zTest.
# Check to see if by chance we were to be able to claim this block
# if it would result in us winning more frequently than statistically
# expected. If so, then refuse to initialize the block because other
# validators will not accept anyway.
if consensus_state.validator_is_claiming_too_frequently(
validator_info=validator_info,
previous_block_id=block_header.previous_block_id,
poet_config_view=poet_config_view,
population_estimate=wait_timer.population_estimate(
poet_config_view=poet_config_view),
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module):
LOGGER.error(
'Reject building on block %s: Validator is claiming blocks '
'too frequently.',
block_header.previous_block_id[:8])
return False
# At this point, we know that if we are able to claim the block we are
# initializing, we will not be prevented from doing so because of PoET
# policies.
self._wait_timer = wait_timer
PoetBlockPublisher._previous_block_id = None
LOGGER.debug('Created wait timer: %s', self._wait_timer)
return True
def initialize_block(self, block_header):
"""Do initialization necessary for the consensus to claim a block,
this may include initiating voting activities, starting proof of work
hash generation, or create a PoET wait timer.
Args:
block_header (BlockHeader): The BlockHeader to initialize.
Returns:
Boolean: True if the candidate block should be built. False if
no candidate should be built.
"""
# If the previous block ID matches our cached one, that means that we
# have already determined that even if we initialize the requested
# block we would not be able to claim it. So, instead of wasting time
# doing all of the checking again, simply short-circuit the failure so
# that the validator can go do something more useful.
if block_header.previous_block_id == \
PoetBlockPublisher._previous_block_id:
return False
PoetBlockPublisher._previous_block_id = block_header.previous_block_id
# Using the current chain head, we need to create a state view so we
# can create a PoET enclave.
state_view = \
BlockWrapper.state_view_for_block(
block_wrapper=self._block_cache.block_store.chain_head,
state_view_factory=self._state_view_factory)
poet_enclave_module = \
factory.PoetEnclaveFactory.get_poet_enclave_module(
state_view=state_view,
config_dir=self._config_dir,
data_dir=self._data_dir)
# Get our validator registry entry to see what PoET public key
# other validators think we are using.
validator_registry_view = ValidatorRegistryView(state_view)
validator_info = None
try:
validator_id = block_header.signer_pubkey
validator_info = \
validator_registry_view.get_validator_info(
validator_id=validator_id)
except KeyError:
pass
# If we don't have a validator registry entry, then check the active
# key. If we don't have one, then we need to sign up.
# If we do have one, then our validator registry entry has not
# percolated through the system, so nothing to to but wait.
active_poet_public_key = self._poet_key_state_store.active_key
if validator_info is None:
if active_poet_public_key is None:
LOGGER.debug(
'No public key found, so going to register new signup '
'information')
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Otherwise, we have a current validator registry entry. In that
# case, we need to make sure that we are using the same PPK that the
# other validators think we are using. If not, then we need to switch
# the PoET enclave to using the correct keys.
elif validator_info.signup_info.poet_public_key != \
active_poet_public_key:
# Retrieve the key state corresponding to the PoET public key and
# use it to re-establish the key used by the enclave. Also update
# the active PoET public key.
poet_key_state = \
self._poet_key_state_store[
validator_info.signup_info.poet_public_key]
active_poet_public_key = \
SignupInfo.unseal_signup_data(
poet_enclave_module=poet_enclave_module,
sealed_signup_data=poet_key_state.sealed_signup_data)
self._poet_key_state_store.active_key = active_poet_public_key
assert active_poet_public_key == \
validator_info.signup_info.poet_public_key
LOGGER.debug(
'Switched to public key: %s...%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
LOGGER.debug(
'Unseal signup data: %s...%s',
poet_key_state.sealed_signup_data[:8],
poet_key_state.sealed_signup_data[-8:])
consensus_state = \
ConsensusState.consensus_state_for_block_id(
block_id=block_header.previous_block_id,
block_cache=self._block_cache,
state_view_factory=self._state_view_factory,
consensus_state_store=self._consensus_state_store,
poet_enclave_module=poet_enclave_module)
poet_settings_view = PoetSettingsView(state_view)
# If our signup information does not pass the freshness test, then we
# know that other validators will reject any blocks we try to claim so
# we need to try to sign up again.
if consensus_state.validator_signup_was_committed_too_late(
validator_info=validator_info,
poet_settings_view=poet_settings_view,
block_cache=self._block_cache):
LOGGER.info(
'Reject building on block %s: Validator signup information '
'not committed in a timely manner.',
block_header.previous_block_id[:8])
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
return False
# Using the consensus state for the block upon which we want to
# build, check to see how many blocks we have claimed on this chain
# with this PoET key. If we have hit the key block claim limit, then
# we need to check if the key has been refreshed.
if consensus_state.validator_has_claimed_block_limit(
validator_info=validator_info,
poet_settings_view=poet_settings_view):
# Because we have hit the limit, check to see if we have already
# submitted a validator registry transaction with new signup
# information, and therefore a new PoET public key. If not, then
# mark this PoET public key in the store as having been refreshed
# and register new signup information. Regardless, since we have
# hit the key block claim limit, we won't even bother initializing
# a block on this chain as it will be rejected by other
# validators.
poet_key_state = self._poet_key_state_store[active_poet_public_key]
if not poet_key_state.has_been_refreshed:
LOGGER.info(
'Reached block claim limit for key: %s...%s',
active_poet_public_key[:8],
active_poet_public_key[-8:])
sealed_signup_data = poet_key_state.sealed_signup_data
self._poet_key_state_store[active_poet_public_key] = \
PoetKeyState(
sealed_signup_data=sealed_signup_data,
has_been_refreshed=True)
self._register_signup_information(
block_header=block_header,
poet_enclave_module=poet_enclave_module)
LOGGER.info(
'Reject building on block %s: Validator has reached maximum '
'number of blocks with key pair.',
block_header.previous_block_id[:8])
return False
# Verify that we are abiding by the block claim delay (i.e., waiting a
# certain number of blocks since our validator registry was added/
# updated).
if consensus_state.validator_is_claiming_too_early(
validator_info=validator_info,
block_number=block_header.block_num,
validator_registry_view=validator_registry_view,
poet_settings_view=poet_settings_view,
block_store=self._block_cache.block_store):
LOGGER.info(
'Reject building on block %s: Validator has not waited long '
'enough since registering validator information.',
block_header.previous_block_id[:8])
return False
# We need to create a wait timer for the block...this is what we
# will check when we are asked if it is time to publish the block
previous_certificate_id = \
utils.get_previous_certificate_id(
block_header=block_header,
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module)
wait_timer = \
WaitTimer.create_wait_timer(
poet_enclave_module=poet_enclave_module,
validator_address=block_header.signer_pubkey,
previous_certificate_id=previous_certificate_id,
consensus_state=consensus_state,
poet_settings_view=poet_settings_view)
# NOTE - we do the zTest after we create the wait timer because we
# need its population estimate to see if this block would be accepted
# by other validators based upon the zTest.
# Check to see if by chance we were to be able to claim this block
# if it would result in us winning more frequently than statistically
# expected. If so, then refuse to initialize the block because other
# validators will not accept anyway.
if consensus_state.validator_is_claiming_too_frequently(
validator_info=validator_info,
previous_block_id=block_header.previous_block_id,
poet_settings_view=poet_settings_view,
population_estimate=wait_timer.population_estimate(
poet_settings_view=poet_settings_view),
block_cache=self._block_cache,
poet_enclave_module=poet_enclave_module):
LOGGER.info(
'Reject building on block %s: Validator is claiming blocks '
'too frequently.',
block_header.previous_block_id[:8])
return False
# At this point, we know that if we are able to claim the block we are
# initializing, we will not be prevented from doing so because of PoET
# policies.
self._wait_timer = wait_timer
PoetBlockPublisher._previous_block_id = None
LOGGER.debug('Created wait timer: %s', self._wait_timer)
return True
