package tezos-signer-backends
 sectionYPositions = computeSectionYPositions($el), 10)"
  x-init="setTimeout(() => sectionYPositions = computeSectionYPositions($el), 10)"
  >
  
  
  Tezos: remote-signature backends for `tezos-client`
Install
    
    dune-project
 Dependency
Authors
Maintainers
Sources
  
    
      tezos-17.3.tar.gz
    
    
        
    
  
  
  
    
  
  
    
  
        sha256=7062cd57addd452852598a2214ade393130efa087b99068d53713bdf912b3680
    
    
  sha512=08e4091144a03ce3c107fb91a66501bd8b65ca3278917c455a2eaac6df3e108ade63f6ab8340a4bb152d60f404326e464d0ec95d26cafe8e82f870465d24a5fc
    
    
  doc/src/tezos-signer-backends.unix/remote.ml.html
Source file remote.ml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229(*****************************************************************************) (* *) (* Open Source License *) (* Copyright (c) 2018 Dynamic Ledger Solutions, Inc. <contact@tezos.com> *) (* *) (* Permission is hereby granted, free of charge, to any person obtaining a *) (* copy of this software and associated documentation files (the "Software"),*) (* to deal in the Software without restriction, including without limitation *) (* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) (* and/or sell copies of the Software, and to permit persons to whom the *) (* Software is furnished to do so, subject to the following conditions: *) (* *) (* The above copyright notice and this permission notice shall be included *) (* in all copies or substantial portions of the Software. *) (* *) (* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) (* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) (* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) (* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) (* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) (* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) (* DEALINGS IN THE SOFTWARE. *) (* *) (*****************************************************************************) open Client_keys let scheme = "remote" module Make (RPC_client : RPC_client.S) (S : sig val default : Uri.t val authenticate : Tezos_crypto.Signature.Public_key_hash.t list -> Bytes.t -> Tezos_crypto.Signature.t tzresult Lwt.t val logger : RPC_client.logger end) = struct let scheme = scheme let title = "Built-in tezos-signer using remote wallet." let description = "Valid locators are of the form\n\ \ - remote://tz1...\n\ The key will be queried to current remote signer, which can be configured \ with the `--remote-signer` or `-R` options, or by defining the following \ environment variables:\n\ \ - $TEZOS_SIGNER_UNIX_PATH,\n\ \ - $TEZOS_SIGNER_TCP_HOST and $TEZOS_SIGNER_TCP_PORT (default: 7732),\n\ \ - $TEZOS_SIGNER_HTTP_HOST and $TEZOS_SIGNER_HTTP_PORT (default: 6732),\n\ \ - $TEZOS_SIGNER_HTTPS_HOST and $TEZOS_SIGNER_HTTPS_PORT (default: 443)." include Client_keys.Signature_type module Socket = Socket.Make (S) module Http = Http.Make (RPC_client) (S) module Https = Https.Make (RPC_client) (S) let get_remote () = match Uri.scheme S.default with | Some "unix" -> (module Socket.Unix : SIGNER) | Some "tcp" -> (module Socket.Tcp : SIGNER) | Some "http" -> (module Http : SIGNER) | Some "https" -> (module Https : SIGNER) | _ -> assert false module Remote = (val get_remote () : SIGNER) let key = match Uri.scheme S.default with | Some "unix" -> fun uri -> let key = Uri.path uri in Uri.add_query_param' S.default ("pkh", key) | Some "tcp" -> fun uri -> let key = Uri.path uri in Uri.with_path S.default key | Some ("https" | "http") -> ( fun uri -> let key = Uri.path uri in match Uri.path S.default with | "" -> Uri.with_path S.default key | path -> Uri.with_path S.default (path ^ "/" ^ key)) | _ -> assert false let public_key pk_uri = let open Lwt_result_syntax in let*? v = Client_keys.make_pk_uri (key (pk_uri : pk_uri :> Uri.t)) in Remote.public_key v let public_key_hash pk_uri = let open Lwt_result_syntax in let*? v = Client_keys.make_pk_uri (key (pk_uri : pk_uri :> Uri.t)) in Remote.public_key_hash v let import_secret_key ~io:_ = public_key_hash let neuterize sk_uri = let open Lwt_result_syntax in let*? v = Client_keys.make_pk_uri (sk_uri : sk_uri :> Uri.t) in return v let sign ?watermark sk_uri msg = let open Lwt_result_syntax in let*? sk_uri = Client_keys.make_sk_uri (key (sk_uri : sk_uri :> Uri.t)) in Remote.sign ?watermark sk_uri msg let deterministic_nonce sk_uri msg = let open Lwt_result_syntax in let*? sk_uri = Client_keys.make_sk_uri (key (sk_uri : sk_uri :> Uri.t)) in Remote.deterministic_nonce sk_uri msg let deterministic_nonce_hash sk_uri msg = let open Lwt_result_syntax in let*? sk_uri = Client_keys.make_sk_uri (key (sk_uri : sk_uri :> Uri.t)) in Remote.deterministic_nonce_hash sk_uri msg let supports_deterministic_nonces sk_uri = let open Lwt_result_syntax in let*? v = Client_keys.make_sk_uri (key (sk_uri : sk_uri :> Uri.t)) in Remote.supports_deterministic_nonces v end let make_sk sk = Client_keys.make_sk_uri (Uri.make ~scheme ~path:(Tezos_crypto.Signature.Secret_key.to_b58check sk) ()) let make_pk pk = Client_keys.make_pk_uri (Uri.make ~scheme ~path:(Tezos_crypto.Signature.Public_key.to_b58check pk) ()) let read_base_uri_from_env () = let open Lwt_result_syntax in match ( Sys.getenv_opt "TEZOS_SIGNER_UNIX_PATH", Sys.getenv_opt "TEZOS_SIGNER_TCP_HOST", Sys.getenv_opt "TEZOS_SIGNER_HTTP_HOST", Sys.getenv_opt "TEZOS_SIGNER_HTTPS_HOST" ) with | None, None, None, None -> return_none | Some path, None, None, None -> return_some (Socket.make_unix_base path) | None, Some host, None, None -> ( try let port = match Sys.getenv_opt "TEZOS_SIGNER_TCP_PORT" with | None -> 7732 | Some port -> int_of_string port in return_some (Socket.make_tcp_base host port) with Invalid_argument _ -> failwith "Failed to parse TEZOS_SIGNER_TCP_PORT.@.") | None, None, Some host, None -> ( try let port = match Sys.getenv_opt "TEZOS_SIGNER_HTTP_PORT" with | None -> 6732 | Some port -> int_of_string port in return_some (Http.make_base host port) with Invalid_argument _ -> failwith "Failed to parse TEZOS_SIGNER_HTTP_PORT.@.") | None, None, None, Some host -> ( try let port = match Sys.getenv_opt "TEZOS_SIGNER_HTTPS_PORT" with | None -> 443 | Some port -> int_of_string port in return_some (Https.make_base host port) with Invalid_argument _ -> failwith "Failed to parse TEZOS_SIGNER_HTTPS_PORT.@.") | _, _, _, _ -> failwith "Only one the following environment variable must be defined: \ TEZOS_SIGNER_UNIX_PATH, TEZOS_SIGNER_TCP_HOST, \ TEZOS_SIGNER_HTTP_HOST, TEZOS_SIGNER_HTTPS_HOST@." type error += Invalid_remote_signer of string let () = register_error_kind `Branch ~id:"invalid_remote_signer" ~title:"Unexpected URI fot remote signer" ~description:"The provided remote signer is invalid." ~pp:(fun ppf s -> Format.fprintf ppf "@[<v 0>Value '%s' is not a valid URI for a remote signer.@,\ Supported URIs for remote signers are of the form:@,\ \ - unix:///path/to/socket/file@,\ \ - tcp://host:port@,\ \ - http://host[:port][/prefix]@,\ \ - https://host[:port][/prefix]@]" s) Data_encoding.(obj1 (req "uri" string)) (function Invalid_remote_signer s -> Some s | _ -> None) (fun s -> Invalid_remote_signer s) let parse_base_uri s = (* FIXME: documentation for [Uri.of_string] doesn't mention any exception. However, from reading the code it seems like [Not_found] can be raised (via some internal call to [Re.exec]. *) match Uri.of_string s with (* We keep [Invalid_argument] but this needs investigation because of the above comment *) | exception Invalid_argument msg -> error_with "Malformed URI: %s" msg | exception Not_found -> error_with "Malformed URI" | uri -> ( match Uri.scheme uri with | Some "http" -> Ok uri | Some "https" -> Ok uri | Some "tcp" -> Ok uri | Some "unix" -> Ok uri | Some scheme -> error_with "Unknown scheme: %s" scheme | None -> error_with "Unknown scheme: <empty>") let parse_base_uri s = parse_base_uri s |> record_trace (Invalid_remote_signer s) |> Lwt.return
 sectionYPositions = computeSectionYPositions($el), 10)"
  x-init="setTimeout(() => sectionYPositions = computeSectionYPositions($el), 10)"
  >