From a0b8c6a7542fca1b41e9c82a47ef91c512bceeb8 Mon Sep 17 00:00:00 2001 From: Aditya Kulkarni Date: Tue, 4 Feb 2020 10:06:23 -0800 Subject: [PATCH] Add --dangerous support --- lib/Cargo.toml | 2 +- lib/src/grpcconnector.rs | 59 ++++++++++++------- lib/src/lib.rs | 5 ++ lib/src/lightclient.rs | 2 +- .../lightwalletd-zecwallet-co-chain.pem | 0 5 files changed, 44 insertions(+), 24 deletions(-) rename lightwalletd-zecwallet-co-chain.pem => res/lightwalletd-zecwallet-co-chain.pem (100%) diff --git a/lib/Cargo.toml b/lib/Cargo.toml index 01afb71..dc2e2f7 100644 --- a/lib/Cargo.toml +++ b/lib/Cargo.toml @@ -28,7 +28,7 @@ bytes = "0.4" prost = "0.5" prost-types = "0.5" tokio = { version = "0.2", features = ["rt-threaded", "time", "stream", "fs", "macros", "uds", "full"] } -tokio-rustls = "0.12.1" +tokio-rustls = { version = "0.12.1", features = ["dangerous_configuration"] } webpki = "0.21.0" webpki-roots = "0.18.0" diff --git a/lib/src/grpcconnector.rs b/lib/src/grpcconnector.rs index e79928c..0a77d8d 100644 --- a/lib/src/grpcconnector.rs +++ b/lib/src/grpcconnector.rs @@ -1,5 +1,5 @@ use log::{error}; -use std::{io, fs}; +use std::sync::Arc; use zcash_primitives::transaction::{TxId}; use crate::grpc_client::{ChainSpec, BlockId, BlockRange, RawTransaction, @@ -8,9 +8,27 @@ use tonic::transport::{Channel, ClientTlsConfig}; use tokio_rustls::{rustls::ClientConfig}; use tonic::{Request}; +use crate::PubCertificate; use crate::grpc_client::compact_tx_streamer_client::CompactTxStreamerClient; -async fn get_client(uri: &http::Uri) -> Result, Box> { +mod danger { + use tokio_rustls::rustls; + use webpki; + + pub struct NoCertificateVerification {} + + impl rustls::ServerCertVerifier for NoCertificateVerification { + fn verify_server_cert(&self, + _roots: &rustls::RootCertStore, + _presented_certs: &[rustls::Certificate], + _dns_name: webpki::DNSNameRef<'_>, + _ocsp: &[u8]) -> Result { + Ok(rustls::ServerCertVerified::assertion()) + } + } +} + +async fn get_client(uri: &http::Uri, no_cert: bool) -> Result, Box> { let channel = if uri.scheme_str() == Some("http") { //println!("http"); Channel::builder(uri.clone()).connect().await? @@ -20,16 +38,13 @@ async fn get_client(uri: &http::Uri) -> Result, config.alpn_protocols.push(b"h2".to_vec()); config.root_store.add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + config.root_store.add_pem_file( + &mut PubCertificate::get("lightwalletd-zecwallet-co-chain.pem").unwrap().as_ref()).unwrap(); - let certfile = fs::File::open("lightwalletd-zecwallet-co-chain.pem").unwrap(); - let mut reader = io::BufReader::new(certfile); - //let crt = tokio_rustls::rustls::internal::pemfile::certs(&mut reader).expect("Read certs"); - //println!("length {}", crt.len()); - //config.root_store.add(crt.get(0).unwrap()).unwrap(); - config.root_store.add_pem_file(&mut reader).unwrap(); - //println!("{:?}", config.root_store.add_pem_file(&mut reader).unwrap()); - //println!("{:?}", config.root_store.len()); // 0 - + if no_cert { + config.dangerous() + .set_certificate_verifier(Arc::new(danger::NoCertificateVerification {})); + } let tls = ClientTlsConfig::new() .rustls_client_config(config) @@ -47,8 +62,8 @@ async fn get_client(uri: &http::Uri) -> Result, // ============== // GRPC code // ============== -async fn get_lightd_info(uri: &http::Uri) -> Result> { - let mut client = get_client(uri).await?; +async fn get_lightd_info(uri: &http::Uri, no_cert: bool) -> Result> { + let mut client = get_client(uri, no_cert).await?; let request = Request::new(Empty {}); @@ -60,14 +75,14 @@ async fn get_lightd_info(uri: &http::Uri) -> Result Result { let mut rt = tokio::runtime::Runtime::new().map_err(|e| e.to_string())?; - rt.block_on(get_lightd_info(uri)).map_err( |e| e.to_string()) + rt.block_on(get_lightd_info(uri, no_cert)).map_err( |e| e.to_string()) } async fn get_block_range(uri: &http::Uri, start_height: u64, end_height: u64, no_cert: bool, mut c: F) -> Result<(), Box> where F : FnMut(&[u8], u64) { - let mut client = get_client(uri).await?; + let mut client = get_client(uri, no_cert).await?; let bs = BlockId{ height: start_height, hash: vec!()}; let be = BlockId{ height: end_height, hash: vec!()}; @@ -87,7 +102,7 @@ where F : FnMut(&[u8], u64) { Ok(()) } -pub fn fetch_blocks(uri: &http::Uri, start_height: u64, end_height: u64, no_cert: bool, mut c: F) +pub fn fetch_blocks(uri: &http::Uri, start_height: u64, end_height: u64, no_cert: bool, c: F) where F : FnMut(&[u8], u64) { let mut rt = match tokio::runtime::Runtime::new() { @@ -108,7 +123,7 @@ async fn get_address_txids(uri: &http::Uri, add start_height: u64, end_height: u64, no_cert: bool, c: F) -> Result<(), Box> where F : Fn(&[u8], u64) { - let mut client = get_client(uri).await?; + let mut client = get_client(uri, no_cert).await?; let start = Some(BlockId{ height: start_height, hash: vec!()}); let end = Some(BlockId{ height: end_height, hash: vec!()}); @@ -145,7 +160,7 @@ pub fn fetch_transparent_txids(uri: &http::Uri, // get_transaction GRPC call async fn get_transaction(uri: &http::Uri, txid: TxId, no_cert: bool) -> Result> { - let mut client = get_client(uri).await?; + let mut client = get_client(uri, no_cert).await?; let request = Request::new(TxFilter { block: None, index: 0, hash: txid.0.to_vec() }); let response = client.get_transaction(request).await?; @@ -177,7 +192,7 @@ pub fn fetch_full_tx(uri: &http::Uri, txid: TxI // send_transaction GRPC call async fn send_transaction(uri: &http::Uri, no_cert: bool, tx_bytes: Box<[u8]>) -> Result> { - let mut client = get_client(uri).await?; + let mut client = get_client(uri, no_cert).await?; let request = Request::new(RawTransaction {data: tx_bytes.to_vec(), height: 0}); @@ -203,8 +218,8 @@ pub fn broadcast_raw_tx(uri: &http::Uri, no_cert: bool, tx_bytes: Box<[u8]>) -> } // get_latest_block GRPC call -async fn get_latest_block(uri: &http::Uri) -> Result> { - let mut client = get_client(uri).await?; +async fn get_latest_block(uri: &http::Uri, no_cert: bool) -> Result> { + let mut client = get_client(uri, no_cert).await?; let request = Request::new(ChainSpec {}); @@ -224,7 +239,7 @@ pub fn fetch_latest_block(uri: &http::Uri, no_c } }; - match rt.block_on(get_latest_block(uri)) { + match rt.block_on(get_latest_block(uri, no_cert)) { Ok(b) => c(b), Err(e) => { error!("Error getting latest block {}", e.to_string()); diff --git a/lib/src/lib.rs b/lib/src/lib.rs index e03aad0..ca28d24 100644 --- a/lib/src/lib.rs +++ b/lib/src/lib.rs @@ -11,6 +11,11 @@ pub mod commands; #[folder = "zcash-params/"] pub struct SaplingParams; +#[derive(RustEmbed)] +#[folder = "res/"] +pub struct PubCertificate; + + pub const ANCHOR_OFFSET: u32 = 4; pub mod grpc_client { diff --git a/lib/src/lightclient.rs b/lib/src/lightclient.rs index f5a2afc..6532fe1 100644 --- a/lib/src/lightclient.rs +++ b/lib/src/lightclient.rs @@ -37,7 +37,7 @@ use crate::ANCHOR_OFFSET; mod checkpoints; -pub const DEFAULT_SERVER: &str = "https://lightd-main.zecwallet.co:443"; +pub const DEFAULT_SERVER: &str = "https://lightwalletd.zecwallet.co:1443"; pub const WALLET_NAME: &str = "zecwallet-light-wallet.dat"; pub const LOGFILE_NAME: &str = "zecwallet-light-wallet.debug.log"; diff --git a/lightwalletd-zecwallet-co-chain.pem b/res/lightwalletd-zecwallet-co-chain.pem similarity index 100% rename from lightwalletd-zecwallet-co-chain.pem rename to res/lightwalletd-zecwallet-co-chain.pem