diff options
author | obscuren <geffobscura@gmail.com> | 2015-02-26 18:16:01 +0800 |
---|---|---|
committer | obscuren <geffobscura@gmail.com> | 2015-02-26 19:06:01 +0800 |
commit | 49ded3aa7752148ebfbacd4e6ff5f46dc9376f89 (patch) | |
tree | ebde269fc7a836b67eb8d7a2a95a90297d8c2435 /accounts | |
parent | 5ab0eaa06d2f5879b9b22778988410bd0c73dcc0 (diff) | |
parent | 9884eed0cf7c95074fd5b3d5f0f592a423810a8a (diff) | |
download | go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.tar go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.tar.gz go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.tar.bz2 go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.tar.lz go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.tar.xz go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.tar.zst go-tangerine-49ded3aa7752148ebfbacd4e6ff5f46dc9376f89.zip |
Merge branch 'develop' of github.com-obscure:ethereum/go-ethereum into develop
Conflicts:
accounts/account_manager.go
Diffstat (limited to 'accounts')
-rw-r--r-- | accounts/account_manager.go | 50 | ||||
-rw-r--r-- | accounts/accounts_test.go | 53 |
2 files changed, 92 insertions, 11 deletions
diff --git a/accounts/account_manager.go b/accounts/account_manager.go index f1ad450e6..3e9fa7799 100644 --- a/accounts/account_manager.go +++ b/accounts/account_manager.go @@ -35,24 +35,33 @@ package accounts import ( crand "crypto/rand" + "errors" + "sync" + "time" + "github.com/ethereum/go-ethereum/crypto" ) +var ErrLocked = errors.New("account is locked; please request passphrase") + // TODO: better name for this struct? type Account struct { Address []byte } type AccountManager struct { - keyStore crypto.KeyStore2 + keyStore crypto.KeyStore2 + unlockedKeys map[string]crypto.Key + unlockMilliseconds time.Duration + mutex sync.RWMutex } -// TODO: get key by addr - modify KeyStore2 GetKey to work with addr - -// TODO: pass through passphrase for APIs which require access to private key? -func NewAccountManager(keyStore crypto.KeyStore2) AccountManager { +func NewAccountManager(keyStore crypto.KeyStore2, unlockMilliseconds time.Duration) AccountManager { + keysMap := make(map[string]crypto.Key) am := &AccountManager{ - keyStore: keyStore, + keyStore: keyStore, + unlockedKeys: keysMap, + unlockMilliseconds: unlockMilliseconds, } return *am } @@ -61,11 +70,26 @@ func (am AccountManager) DeleteAccount(address []byte, auth string) error { return am.keyStore.DeleteKey(address, auth) } -func (am *AccountManager) Sign(fromAccount *Account, keyAuth string, toSign []byte) (signature []byte, err error) { +func (am *AccountManager) Sign(fromAccount *Account, toSign []byte) (signature []byte, err error) { + am.mutex.RLock() + unlockedKey := am.unlockedKeys[string(fromAccount.Address)] + am.mutex.RUnlock() + if unlockedKey.Address == nil { + return nil, ErrLocked + } + signature, err = crypto.Sign(toSign, unlockedKey.PrivateKey) + return signature, err +} + +func (am *AccountManager) SignLocked(fromAccount *Account, keyAuth string, toSign []byte) (signature []byte, err error) { key, err := am.keyStore.GetKey(fromAccount.Address, keyAuth) if err != nil { return nil, err } + am.mutex.RLock() + am.unlockedKeys[string(fromAccount.Address)] = *key + am.mutex.RUnlock() + go unlockLater(am, fromAccount.Address) signature, err = crypto.Sign(toSign, key.PrivateKey) return signature, err } @@ -81,8 +105,6 @@ func (am AccountManager) NewAccount(auth string) (*Account, error) { return ua, err } -// set of accounts == set of keys in given key store -// TODO: do we need persistence of accounts as well? func (am *AccountManager) Accounts() ([]Account, error) { addresses, err := am.keyStore.GetKeyAddresses() if err != nil { @@ -98,3 +120,13 @@ func (am *AccountManager) Accounts() ([]Account, error) { } return accounts, err } + +func unlockLater(am *AccountManager, addr []byte) { + select { + case <-time.After(time.Millisecond * am.unlockMilliseconds): + } + am.mutex.RLock() + // TODO: how do we know the key is actually gone from memory? + delete(am.unlockedKeys, string(addr)) + am.mutex.RUnlock() +} diff --git a/accounts/accounts_test.go b/accounts/accounts_test.go index 4e97de545..44d1d72f1 100644 --- a/accounts/accounts_test.go +++ b/accounts/accounts_test.go @@ -6,20 +6,69 @@ import ( "github.com/ethereum/go-ethereum/crypto" "github.com/ethereum/go-ethereum/crypto/randentropy" "github.com/ethereum/go-ethereum/ethutil" + "time" ) func TestAccountManager(t *testing.T) { ks := crypto.NewKeyStorePlain(ethutil.DefaultDataDir() + "/testaccounts") - am := NewAccountManager(ks) + am := NewAccountManager(ks, 100) pass := "" // not used but required by API a1, err := am.NewAccount(pass) toSign := randentropy.GetEntropyCSPRNG(32) - _, err = am.Sign(a1, pass, toSign) + _, err = am.SignLocked(a1, pass, toSign) if err != nil { t.Fatal(err) } // Cleanup + time.Sleep(time.Millisecond * 150) // wait for locking + + accounts, err := am.Accounts() + if err != nil { + t.Fatal(err) + } + for _, account := range accounts { + err := am.DeleteAccount(account.Address, pass) + if err != nil { + t.Fatal(err) + } + } +} + +func TestAccountManagerLocking(t *testing.T) { + ks := crypto.NewKeyStorePassphrase(ethutil.DefaultDataDir() + "/testaccounts") + am := NewAccountManager(ks, 200) + pass := "foo" + a1, err := am.NewAccount(pass) + toSign := randentropy.GetEntropyCSPRNG(32) + + // Signing without passphrase fails because account is locked + _, err = am.Sign(a1, toSign) + if err != ErrLocked { + t.Fatal(err) + } + + // Signing with passphrase works + _, err = am.SignLocked(a1, pass, toSign) + if err != nil { + t.Fatal(err) + } + + // Signing without passphrase works because account is temp unlocked + _, err = am.Sign(a1, toSign) + if err != nil { + t.Fatal(err) + } + + // Signing without passphrase fails after automatic locking + time.Sleep(time.Millisecond * time.Duration(250)) + + _, err = am.Sign(a1, toSign) + if err != ErrLocked { + t.Fatal(err) + } + + // Cleanup accounts, err := am.Accounts() if err != nil { t.Fatal(err) |