Merge remote-tracking branch 'origin/main' into siliev/fix-fees

ten-protocol · Dec 4, 2024 · ac744ae · ac744ae
2 parents 395c482 + 28cc79e
commit ac744ae
Show file tree

Hide file tree

Showing 7 changed files with 171 additions and 20 deletions.
diff --git a/go.sum b/go.sum
@@ -2,14 +2,8 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU=
 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v0.21.1/go.mod h1:fBF9PQNqB8scdgpZ3ufzaLntG0AG7C1WjPMsiFOmfHM=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.0.0/go.mod h1:uGG2W01BaETf0Ozp+QxxKJdMBNRWPdstHG0Fmdwn1/U=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.6.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M=
 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.0.0/go.mod h1:+6sju8gk8FRmSajX3Oz4G5Gm7P+mbqE9FVaXXFYTkCM=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0/go.mod h1:OQeznEEkTZ9OrhHJoDD8ZDq51FHgXjqtP9z6bEwBq9U=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc=
 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg=
 github.com/Azure/azure-sdk-for-go/sdk/data/azcosmos v1.1.0 h1:c726lgbwpwFBuj+Fyrwuh/vUilqFo+hUAOUNjsKj5DI=
@@ -419,8 +413,6 @@ golang.org/x/arch v0.11.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
 golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
 golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
 golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
@@ -443,8 +435,6 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
 golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -468,16 +458,12 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
 golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
 golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=

diff --git a/go/enclave/crypto/rpc_key_service.go b/go/enclave/crypto/rpc_key_service.go
@@ -1,6 +1,8 @@
 package crypto
 
 import (
+	"fmt"
+
 	gethcrypto "github.com/ethereum/go-ethereum/crypto"
 	"github.com/ethereum/go-ethereum/crypto/ecies"
 	gethlog "github.com/ethereum/go-ethereum/log"
@@ -47,6 +49,9 @@ func (s *RPCKeyService) DecryptRPCRequest(bytes []byte) ([]byte, error) {
 	return s.privKey.Decrypt(bytes, nil, nil)
 }
 
-func (s *RPCKeyService) PublicKey() []byte {
-	return gethcrypto.CompressPubkey(s.privKey.PublicKey.ExportECDSA())
+func (s *RPCKeyService) PublicKey() ([]byte, error) {
+	if s.privKey == nil {
+		return nil, fmt.Errorf("rpc key service is not initialised")
+	}
+	return gethcrypto.CompressPubkey(s.privKey.PublicKey.ExportECDSA()), nil
 }
diff --git a/go/enclave/enclave_init_service.go b/go/enclave/enclave_init_service.go
@@ -147,5 +147,9 @@ func (e *enclaveInitService) EnclaveID(context.Context) (common.EnclaveID, commo
 }
 
 func (e *enclaveInitService) RPCEncryptionKey(ctx context.Context) ([]byte, common.SystemError) {
-	return e.rpcKeyService.PublicKey(), nil
+	k, err := e.rpcKeyService.PublicKey()
+	if err != nil {
+		return nil, responses.ToInternalError(err)
+	}
+	return k, nil
 }
diff --git a/go/enclave/nodetype/sequencer.go b/go/enclave/nodetype/sequencer.go
@@ -198,6 +198,7 @@ func (s *sequencer) createNewHeadBatch(ctx context.Context, l1HeadBlock *types.H
 	limiter := limiters.NewBatchSizeLimiter(s.settings.MaxBatchSize)
 	pendingTransactions := s.mempool.PendingTransactions()
 	var transactions []*types.Transaction
+txLoop:
 	for _, group := range pendingTransactions {
 		// lazily resolve transactions until the batch runs out of space
 		for _, lazyTx := range group {
@@ -206,7 +207,7 @@ func (s *sequencer) createNewHeadBatch(ctx context.Context, l1HeadBlock *types.H
 				if err != nil {
 					s.logger.Info("Unable to accept transaction", log.TxKey, tx.Hash(), log.ErrKey, err)
 					if errors.Is(err, limiters.ErrInsufficientSpace) { // Batch ran out of space
-						break
+						break txLoop
 					}
 					// Limiter encountered unexpected error
 					return fmt.Errorf("limiter encountered unexpected error - %w", err)

diff --git a/tools/walletextension/storage/cert_storage.go b/tools/walletextension/storage/cert_storage.go
@@ -0,0 +1,22 @@
+package storage
+
+import (
+	gethlog "github.com/ethereum/go-ethereum/log"
+	"github.com/ten-protocol/go-ten/tools/walletextension/storage/database/cosmosdb"
+	"golang.org/x/crypto/acme/autocert"
+)
+
+// CertStorage defines the interface for certificate storage
+type CertStorage interface {
+	autocert.Cache
+}
+
+// NewCertStorage creates a new certificate storage instance based on the database type
+func NewCertStorage(dbType, dbConnectionURL string, randomKey []byte, logger gethlog.Logger) (CertStorage, error) {
+	switch dbType {
+	case "cosmosDB":
+		return cosmosdb.NewCertStorageCosmosDB(dbConnectionURL, randomKey)
+	default:
+		return autocert.DirCache("/data/certs"), nil
+	}
+}
diff --git a/tools/walletextension/storage/database/cosmosdb/cert_storage_cosmos.go b/tools/walletextension/storage/database/cosmosdb/cert_storage_cosmos.go
@@ -0,0 +1,128 @@
+package cosmosdb
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/Azure/azure-sdk-for-go/sdk/data/azcosmos"
+	"github.com/ten-protocol/go-ten/tools/walletextension/encryption"
+	"golang.org/x/crypto/acme/autocert"
+)
+
+const (
+	CERT_CONTAINER_NAME = "certificates"
+)
+
+// CertStorageCosmosDB implements autocert.Cache interface using CosmosDB
+type CertStorageCosmosDB struct {
+	client         *azcosmos.Client
+	certsContainer *azcosmos.ContainerClient
+	encryptor      encryption.Encryptor
+}
+
+// EncryptedCertDocument represents the structure of a certificate document in CosmosDB
+type EncryptedCertDocument struct {
+	ID   string `json:"id"`
+	Data []byte `json:"data"`
+}
+
+// NewCertStorageCosmosDB creates a new CosmosDB-based certificate storage
+func NewCertStorageCosmosDB(connectionString string, encryptionKey []byte) (*CertStorageCosmosDB, error) {
+	encryptor, err := encryption.NewEncryptor(encryptionKey)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create encryptor: %w", err)
+	}
+
+	client, err := azcosmos.NewClientFromConnectionString(connectionString, nil)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create CosmosDB client: %w", err)
+	}
+
+	// Ensure database exists
+	ctx := context.Background()
+	_, err = client.CreateDatabase(ctx, azcosmos.DatabaseProperties{ID: DATABASE_NAME}, nil)
+	if err != nil && !strings.Contains(err.Error(), "Conflict") {
+		return nil, fmt.Errorf("failed to create database: %w", err)
+	}
+
+	// Create container for certificates
+	certsContainer, err := client.NewContainer(DATABASE_NAME, CERT_CONTAINER_NAME)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create certificates container: %w", err)
+	}
+
+	return &CertStorageCosmosDB{
+		client:         client,
+		certsContainer: certsContainer,
+		encryptor:      *encryptor,
+	}, nil
+}
+
+// Get retrieves a certificate data for the given key
+func (c *CertStorageCosmosDB) Get(ctx context.Context, key string) ([]byte, error) {
+	keyString, partitionKey := c.dbKey([]byte(key))
+
+	itemResponse, err := c.certsContainer.ReadItem(ctx, partitionKey, keyString, nil)
+	if err != nil {
+		if strings.Contains(err.Error(), "NotFound") {
+			return nil, autocert.ErrCacheMiss
+		}
+		return nil, err
+	}
+
+	var doc EncryptedCertDocument
+	err = json.Unmarshal(itemResponse.Value, &doc)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal document: %w", err)
+	}
+
+	return c.encryptor.Decrypt(doc.Data)
+}
+
+// Put stores certificate data with the given key
+func (c *CertStorageCosmosDB) Put(ctx context.Context, key string, data []byte) error {
+	keyString, partitionKey := c.dbKey([]byte(key))
+
+	encryptedData, err := c.encryptor.Encrypt(data)
+	if err != nil {
+		return fmt.Errorf("failed to encrypt certificate data: %w", err)
+	}
+
+	doc := EncryptedCertDocument{
+		ID:   keyString,
+		Data: encryptedData,
+	}
+
+	docJSON, err := json.Marshal(doc)
+	if err != nil {
+		return fmt.Errorf("failed to marshal document: %w", err)
+	}
+
+	_, err = c.certsContainer.UpsertItem(ctx, partitionKey, docJSON, nil)
+	if err != nil {
+		return fmt.Errorf("failed to upsert certificate: %w", err)
+	}
+
+	return nil
+}
+
+// Delete removes certificate data for the given key
+func (c *CertStorageCosmosDB) Delete(ctx context.Context, key string) error {
+	keyString, partitionKey := c.dbKey([]byte(key))
+
+	_, err := c.certsContainer.DeleteItem(ctx, partitionKey, keyString, nil)
+	if err != nil && !strings.Contains(err.Error(), "NotFound") {
+		return fmt.Errorf("failed to delete certificate: %w", err)
+	}
+
+	return nil
+}
+
+// dbKey generates a consistent key for CosmosDB storage
+func (c *CertStorageCosmosDB) dbKey(key []byte) (string, azcosmos.PartitionKey) {
+	keyString := string(key)
+	partitionKey := azcosmos.NewPartitionKeyString(keyString)
+	return keyString, partitionKey
+}
diff --git a/tools/walletextension/walletextension_container.go b/tools/walletextension/walletextension_container.go
@@ -80,12 +80,17 @@ func NewContainerFromConfig(config wecommon.Config, logger gethlog.Logger) *Cont
 		// Certificate Signing Request (CRS) is generated
 		// CRS is sent to CA (Let's Encrypt) via ACME (automated certificate management environment) client
 		// CA verifies CRS and issues a certificate
-		// we store store certificate and private key (in memory and also in on a mounted volume attached to docker container - /data/certs/)
+		// Store certificate and private key in certificate storage based on the database type
+		certStorage, err := storage.NewCertStorage(config.DBType, config.DBConnectionURL, encryptionKey, logger)
+		if err != nil {
+			logger.Crit("unable to create certificate storage", log.ErrKey, err)
+			os.Exit(1)
+		}
 
 		certManager := &autocert.Manager{
 			Prompt:     autocert.AcceptTOS,
 			HostPolicy: autocert.HostWhitelist(config.TLSDomain),
-			Cache:      autocert.DirCache("/data/certs"),
+			Cache:      certStorage,
 		}
 
 		// Create HTTP-01 challenge handler