From 7cf4d49599fc3c61180d1b63a79279aa6c02a19d Mon Sep 17 00:00:00 2001 From: Aditya Kulkarni Date: Wed, 20 May 2020 21:45:08 -0700 Subject: [PATCH] Remove --dangerous option --- README.md | 2 +- cli/src/lib.rs | 9 +---- cli/src/main.rs | 3 +- lib/Cargo.toml | 2 +- lib/src/grpcconnector.rs | 73 ++++++++++++------------------------ lib/src/lightclient.rs | 19 ++++------ lib/src/lightwallet/tests.rs | 2 - 7 files changed, 38 insertions(+), 72 deletions(-) diff --git a/README.md b/README.md index e8f81db..3dcfa94 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ Run `zecwallet-cli help` to see a list of all commands. ## Notes: * The wallet connects to the mainnet by default. To connect to testnet, please pass `--server https://lightd-test.zecwallet.co:443` -* If you want to run your own server, please see [zecwallet lightwalletd](https://github.com/adityapk00/lightwalletd), and then run `./zecwallet-cli --server http://127.0.0.1:9067`. You might also need to pass `--dangerous` if you are using a self-signed TLS certificate. +* If you want to run your own server, please see [zecwallet lightwalletd](https://github.com/adityapk00/lightwalletd), and then run `./zecwallet-cli --server http://127.0.0.1:9067`. * The log file is in `~/.zcash/zecwallet-light-wallet.debug.log`. Wallet is stored in `~/.zcash/zecwallet-light-wallet.dat` diff --git a/cli/src/lib.rs b/cli/src/lib.rs index 7e8d56f..b81f592 100644 --- a/cli/src/lib.rs +++ b/cli/src/lib.rs @@ -14,10 +14,6 @@ pub mod version; macro_rules! configure_clapapp { ( $freshapp: expr ) => { $freshapp.version(VERSION) - .arg(Arg::with_name("dangerous") - .long("dangerous") - .help("Disable server TLS certificate verification. Use this if you're running a local lightwalletd with a self-signed certificate. WARNING: This is dangerous, don't use it with a server that is not your own.") - .takes_value(false)) .arg(Arg::with_name("nosync") .help("By default, zecwallet-cli will sync the wallet at startup. Pass --nosync to prevent the automatic sync at startup.") .long("nosync") @@ -81,10 +77,10 @@ pub fn report_permission_error() { } } -pub fn startup(server: http::Uri, dangerous: bool, seed: Option, birthday: u64, first_sync: bool, print_updates: bool) +pub fn startup(server: http::Uri, seed: Option, birthday: u64, first_sync: bool, print_updates: bool) -> io::Result<(Sender<(String, Vec)>, Receiver)> { // Try to get the configuration - let (config, latest_block_height) = LightClientConfig::create(server.clone(), dangerous)?; + let (config, latest_block_height) = LightClientConfig::create(server.clone())?; let lightclient = match seed { Some(phrase) => Arc::new(LightClient::new_from_phrase(phrase, &config, birthday, false)?), @@ -246,7 +242,6 @@ pub fn attempt_recover_seed(password: Option) { sapling_activation_height: 0, consensus_branch_id: "000000".to_string(), anchor_offset: 0, - no_cert_verification: false, data_dir: None, }; diff --git a/cli/src/main.rs b/cli/src/main.rs index 1e2881c..269476c 100644 --- a/cli/src/main.rs +++ b/cli/src/main.rs @@ -51,9 +51,8 @@ pub fn main() { return; } - let dangerous = matches.is_present("dangerous"); let nosync = matches.is_present("nosync"); - let (command_tx, resp_rx) = match startup(server, dangerous, seed, birthday, !nosync, command.is_none()) { + let (command_tx, resp_rx) = match startup(server, seed, birthday, !nosync, command.is_none()) { Ok(c) => c, Err(e) => { let emsg = format!("Error during startup:{}\nIf you repeatedly run into this issue, you might have to restore your wallet from your seed phrase.", e); diff --git a/lib/Cargo.toml b/lib/Cargo.toml index e0a63e4..151635f 100644 --- a/lib/Cargo.toml +++ b/lib/Cargo.toml @@ -29,7 +29,7 @@ bytes = "0.4" prost = "0.6" prost-types = "0.6" tokio = { version = "0.2", features = ["rt-threaded", "time", "stream", "fs", "macros", "uds", "full"] } -tokio-rustls = { version = "0.13.0", features = ["dangerous_configuration"] } +tokio-rustls = { version = "0.13.0" } webpki = "0.21.0" webpki-roots = "0.18.0" diff --git a/lib/src/grpcconnector.rs b/lib/src/grpcconnector.rs index 0a77d8d..ae3a448 100644 --- a/lib/src/grpcconnector.rs +++ b/lib/src/grpcconnector.rs @@ -1,5 +1,4 @@ use log::{error}; -use std::sync::Arc; use zcash_primitives::transaction::{TxId}; use crate::grpc_client::{ChainSpec, BlockId, BlockRange, RawTransaction, @@ -11,24 +10,7 @@ use tonic::{Request}; use crate::PubCertificate; use crate::grpc_client::compact_tx_streamer_client::CompactTxStreamerClient; -mod danger { - use tokio_rustls::rustls; - use webpki; - - pub struct NoCertificateVerification {} - - impl rustls::ServerCertVerifier for NoCertificateVerification { - fn verify_server_cert(&self, - _roots: &rustls::RootCertStore, - _presented_certs: &[rustls::Certificate], - _dns_name: webpki::DNSNameRef<'_>, - _ocsp: &[u8]) -> Result { - Ok(rustls::ServerCertVerified::assertion()) - } - } -} - -async fn get_client(uri: &http::Uri, no_cert: bool) -> Result, Box> { +async fn get_client(uri: &http::Uri) -> Result, Box> { let channel = if uri.scheme_str() == Some("http") { //println!("http"); Channel::builder(uri.clone()).connect().await? @@ -40,11 +22,6 @@ async fn get_client(uri: &http::Uri, no_cert: bool) -> Result Result Result> { - let mut client = get_client(uri, no_cert).await?; +async fn get_lightd_info(uri: &http::Uri) -> Result> { + let mut client = get_client(uri).await?; let request = Request::new(Empty {}); @@ -72,17 +49,17 @@ async fn get_lightd_info(uri: &http::Uri, no_cert: bool) -> Result Result { +pub fn get_info(uri: &http::Uri) -> Result { let mut rt = tokio::runtime::Runtime::new().map_err(|e| e.to_string())?; - rt.block_on(get_lightd_info(uri, no_cert)).map_err( |e| e.to_string()) + rt.block_on(get_lightd_info(uri)).map_err( |e| e.to_string()) } -async fn get_block_range(uri: &http::Uri, start_height: u64, end_height: u64, no_cert: bool, mut c: F) +async fn get_block_range(uri: &http::Uri, start_height: u64, end_height: u64, mut c: F) -> Result<(), Box> where F : FnMut(&[u8], u64) { - let mut client = get_client(uri, no_cert).await?; + let mut client = get_client(uri).await?; let bs = BlockId{ height: start_height, hash: vec!()}; let be = BlockId{ height: end_height, hash: vec!()}; @@ -102,7 +79,7 @@ where F : FnMut(&[u8], u64) { Ok(()) } -pub fn fetch_blocks(uri: &http::Uri, start_height: u64, end_height: u64, no_cert: bool, c: F) +pub fn fetch_blocks(uri: &http::Uri, start_height: u64, end_height: u64, c: F) where F : FnMut(&[u8], u64) { let mut rt = match tokio::runtime::Runtime::new() { @@ -114,16 +91,16 @@ pub fn fetch_blocks(uri: &http::Uri, start_heig } }; - rt.block_on(get_block_range(uri, start_height, end_height, no_cert, c)).unwrap(); + rt.block_on(get_block_range(uri, start_height, end_height, c)).unwrap(); } // get_address_txids GRPC call async fn get_address_txids(uri: &http::Uri, address: String, - start_height: u64, end_height: u64, no_cert: bool, c: F) -> Result<(), Box> + start_height: u64, end_height: u64, c: F) -> Result<(), Box> where F : Fn(&[u8], u64) { - let mut client = get_client(uri, no_cert).await?; + let mut client = get_client(uri).await?; let start = Some(BlockId{ height: start_height, hash: vec!()}); let end = Some(BlockId{ height: end_height, hash: vec!()}); @@ -141,7 +118,7 @@ async fn get_address_txids(uri: &http::Uri, add pub fn fetch_transparent_txids(uri: &http::Uri, address: String, - start_height: u64, end_height: u64, no_cert: bool, c: F) + start_height: u64, end_height: u64, c: F) where F : Fn(&[u8], u64) { let mut rt = match tokio::runtime::Runtime::new() { @@ -153,14 +130,14 @@ pub fn fetch_transparent_txids(uri: &http::Uri, } }; - rt.block_on(get_address_txids(uri, address, start_height, end_height, no_cert, c)).unwrap(); + rt.block_on(get_address_txids(uri, address, start_height, end_height, c)).unwrap(); } // get_transaction GRPC call -async fn get_transaction(uri: &http::Uri, txid: TxId, no_cert: bool) +async fn get_transaction(uri: &http::Uri, txid: TxId) -> Result> { - let mut client = get_client(uri, no_cert).await?; + let mut client = get_client(uri).await?; let request = Request::new(TxFilter { block: None, index: 0, hash: txid.0.to_vec() }); let response = client.get_transaction(request).await?; @@ -168,7 +145,7 @@ async fn get_transaction(uri: &http::Uri, txid: TxId, no_cert: bool) Ok(response.into_inner()) } -pub fn fetch_full_tx(uri: &http::Uri, txid: TxId, no_cert: bool, c: F) +pub fn fetch_full_tx(uri: &http::Uri, txid: TxId, c: F) where F : Fn(&[u8]) { let mut rt = match tokio::runtime::Runtime::new() { Ok(r) => r, @@ -179,7 +156,7 @@ pub fn fetch_full_tx(uri: &http::Uri, txid: TxI } }; - match rt.block_on(get_transaction(uri, txid, no_cert)) { + match rt.block_on(get_transaction(uri, txid)) { Ok(rawtx) => c(&rawtx.data), Err(e) => { error!("Error in get_transaction runtime {}", e.to_string()); @@ -191,8 +168,8 @@ pub fn fetch_full_tx(uri: &http::Uri, txid: TxI } // send_transaction GRPC call -async fn send_transaction(uri: &http::Uri, no_cert: bool, tx_bytes: Box<[u8]>) -> Result> { - let mut client = get_client(uri, no_cert).await?; +async fn send_transaction(uri: &http::Uri, tx_bytes: Box<[u8]>) -> Result> { + let mut client = get_client(uri).await?; let request = Request::new(RawTransaction {data: tx_bytes.to_vec(), height: 0}); @@ -211,15 +188,15 @@ async fn send_transaction(uri: &http::Uri, no_cert: bool, tx_bytes: Box<[u8]>) - } } -pub fn broadcast_raw_tx(uri: &http::Uri, no_cert: bool, tx_bytes: Box<[u8]>) -> Result { +pub fn broadcast_raw_tx(uri: &http::Uri, tx_bytes: Box<[u8]>) -> Result { let mut rt = tokio::runtime::Runtime::new().map_err(|e| e.to_string())?; - rt.block_on(send_transaction(uri, no_cert, tx_bytes)).map_err( |e| e.to_string()) + rt.block_on(send_transaction(uri, tx_bytes)).map_err( |e| e.to_string()) } // get_latest_block GRPC call -async fn get_latest_block(uri: &http::Uri, no_cert: bool) -> Result> { - let mut client = get_client(uri, no_cert).await?; +async fn get_latest_block(uri: &http::Uri) -> Result> { + let mut client = get_client(uri).await?; let request = Request::new(ChainSpec {}); @@ -228,7 +205,7 @@ async fn get_latest_block(uri: &http::Uri, no_cert: bool) -> Result(uri: &http::Uri, no_cert: bool, mut c : F) +pub fn fetch_latest_block(uri: &http::Uri, mut c : F) where F : FnMut(BlockId) { let mut rt = match tokio::runtime::Runtime::new() { Ok(r) => r, @@ -239,7 +216,7 @@ pub fn fetch_latest_block(uri: &http::Uri, no_c } }; - match rt.block_on(get_latest_block(uri, no_cert)) { + match rt.block_on(get_latest_block(uri)) { Ok(b) => c(b), Err(e) => { error!("Error getting latest block {}", e.to_string()); diff --git a/lib/src/lightclient.rs b/lib/src/lightclient.rs index 5a66543..d05a267 100644 --- a/lib/src/lightclient.rs +++ b/lib/src/lightclient.rs @@ -65,7 +65,6 @@ pub struct LightClientConfig { pub sapling_activation_height : u64, pub consensus_branch_id : String, pub anchor_offset : u32, - pub no_cert_verification : bool, pub data_dir : Option } @@ -79,12 +78,11 @@ impl LightClientConfig { sapling_activation_height : 0, consensus_branch_id : "".to_string(), anchor_offset : ANCHOR_OFFSET, - no_cert_verification : false, data_dir : dir, } } - pub fn create(server: http::Uri, dangerous: bool) -> io::Result<(LightClientConfig, u64)> { + pub fn create(server: http::Uri) -> io::Result<(LightClientConfig, u64)> { use std::net::ToSocketAddrs; // Test for a connection first format!("{}:{}", server.host().unwrap(), server.port().unwrap()) @@ -93,7 +91,7 @@ impl LightClientConfig { .ok_or(std::io::Error::new(ErrorKind::ConnectionRefused, "Couldn't resolve server!"))?; // Do a getinfo first, before opening the wallet - let info = grpcconnector::get_info(&server, dangerous) + let info = grpcconnector::get_info(&server) .map_err(|e| std::io::Error::new(ErrorKind::ConnectionRefused, e))?; // Create a Light Client Config @@ -103,7 +101,6 @@ impl LightClientConfig { sapling_activation_height : info.sapling_activation_height, consensus_branch_id : info.consensus_branch_id, anchor_offset : ANCHOR_OFFSET, - no_cert_verification : dangerous, data_dir : None, }; @@ -681,7 +678,7 @@ impl LightClient { } pub fn do_info(&self) -> String { - match get_info(&self.get_server_uri(), self.config.no_cert_verification) { + match get_info(&self.get_server_uri()) { Ok(i) => { let o = object!{ "version" => i.version, @@ -993,7 +990,7 @@ impl LightClient { // This will hold the latest block fetched from the RPC let latest_block_height = Arc::new(AtomicU64::new(0)); let lbh = latest_block_height.clone(); - fetch_latest_block(&self.get_server_uri(), self.config.no_cert_verification, + fetch_latest_block(&self.get_server_uri(), move |block: BlockId| { lbh.store(block.height, Ordering::SeqCst); }); @@ -1067,7 +1064,7 @@ impl LightClient { let last_invalid_height = Arc::new(AtomicI32::new(0)); let last_invalid_height_inner = last_invalid_height.clone(); - fetch_blocks(&self.get_server_uri(), start_height, end_height, self.config.no_cert_verification, + fetch_blocks(&self.get_server_uri(), start_height, end_height, move |encoded_block: &[u8], height: u64| { // Process the block only if there were no previous errors if last_invalid_height_inner.load(Ordering::SeqCst) > 0 { @@ -1137,7 +1134,7 @@ impl LightClient { let wallet = self.wallet.clone(); let block_times_inner = block_times.clone(); - fetch_transparent_txids(&self.get_server_uri(), address, start_height, end_height, self.config.no_cert_verification, + fetch_transparent_txids(&self.get_server_uri(), address, start_height, end_height, move |tx_bytes: &[u8], height: u64| { let tx = Transaction::read(tx_bytes).unwrap(); @@ -1195,7 +1192,7 @@ impl LightClient { let light_wallet_clone = self.wallet.clone(); info!("Fetching full Tx: {}", txid); - fetch_full_tx(&self.get_server_uri(), txid, self.config.no_cert_verification, move |tx_bytes: &[u8] | { + fetch_full_tx(&self.get_server_uri(), txid,move |tx_bytes: &[u8] | { let tx = Transaction::read(tx_bytes).unwrap(); light_wallet_clone.read().unwrap().scan_full_tx(&tx, height, 0); @@ -1224,7 +1221,7 @@ impl LightClient { ); match rawtx { - Ok(txbytes) => broadcast_raw_tx(&self.get_server_uri(), self.config.no_cert_verification, txbytes), + Ok(txbytes) => broadcast_raw_tx(&self.get_server_uri(), txbytes), Err(e) => Err(format!("Error: No Tx to broadcast. Error was: {}", e)) } } diff --git a/lib/src/lightwallet/tests.rs b/lib/src/lightwallet/tests.rs index db594f9..c333586 100644 --- a/lib/src/lightwallet/tests.rs +++ b/lib/src/lightwallet/tests.rs @@ -656,7 +656,6 @@ fn get_test_config() -> LightClientConfig { sapling_activation_height: 0, consensus_branch_id: "000000".to_string(), anchor_offset: 0, - no_cert_verification: false, data_dir: None, } } @@ -1763,7 +1762,6 @@ fn test_t_derivation() { sapling_activation_height: 0, consensus_branch_id: "000000".to_string(), anchor_offset: 1, - no_cert_verification: false, data_dir: None, };