Mostly to support let's encrypt. It requires to switch from native-tls and friends to rustls and friends, which perhap is a good thing per se, rustls looks more modern and for sure more Rusty.
Alternative would be manually convert pkcs12 certificates to pem, which requires openssl tools to be installed and make transparent integration whith let's encrypt much harder (this is out of the scope for now, perhaps in near future)
* Allow TLS for Wallet APIs
This PR adds an optional support of TLS for wallet APIs. Only PKCS12 format is supported, will address .pem support in next PR and provide some documentation.
Address #1425
* Add api_secret
* Add to base64 method
* Add basic auth in API
* Add Basic Auth to owner API
* Add flag to enable disable basic auth
* Add .api_secret file
* Make grin.toml config optional. Mirror exisiting config parameters in grin.toml to source code, so binary can run without a config file. Add test for it.
* fixup! Make grin.toml config optional
* beginnings of transaction log for db
* add migrate utility for file-wallet to db wallet
* rustfmt + missing file
* update transaction log entry status on confirmed txs, add basic tests for transaction log
* beginnings to testclient implementation for more complete wallet API testing
* rework TestWalletClient to be message-based proxy
* test fix
* wallet tests now exercising the API directly as much as possible, capable of instantiating multiple wallets
* test in place to run both file and db wallets
* ensure all wallet api functions lock wallet as needed. Split up transaction creation from posting to chain
* Migrate main node store to LMDB
In preparation to using LMDB as a wallet database, migrate the
node db. There's no point in having 2 key-value stores.
In addition LMDB provides a few advantages as a node db, namely a
much faster build (compared to RocksDb), lesser dependencies and
transactions.
* Migrated p2p store to lmdb, stuff compiles
* More fixes, chain tests starting to pass
* Fixed txhashset rollback messing with block save and general batch delimitation. Chain tests passing.
* rustfmt
* LMDB max map size of 10MB isn't really workable. Half TB seems reasonable.
* Fix wallet tests
* Rather crucial commit was missing
* rustfmt
* Fixing new merged tests following lmdb changes
* rustfmt
* * Make txhashset validation read-only on fast sync to avoid having
a really long open transaction.
* Fix deadlock in new block processing, batch should always be
created within a txhashset lock (when they interact).
* Comment about batch and txhashset interlacing
* Fix store tests to use batch
* Externalize wallet config and seed
* Converted direct read access to file outputs map to an iterator
* Cleaned up and simplified wallet Backend trait:
* No more direct mutable access to internal structures (HashMap)
* Batch interface for all writes
* Remove unneeded read wrapper (read_wallet)
* rustfmt
* First (incomplete) pass at wallet LMDB backend
* Progressing on lmdb backent iml
* Added batch impl for LMDB wallet backend. Pretty much done with it, but not sure how to deal with commit (owned).
* rustfmt
* Wrapping LMDB batch around a refcell to work around borrow rules
* Compilation up to grin chain
* remove context object from aggsig and transaction libs
* fix to aggsig, and remove unnecessary warnings
* put tx_fee function into libwallet::transaction
* Error cleanup, and creating libwallet error type
* remove some unwraps
* checker bug
* ensure transaction tests checks sender's wallet
* Beginning to rework aggsig library workflow
* more refactoring of transaction api
* whoever does round 1 first creates offset
* slate finalisation now context-free, so anyone can do it
* remove concept of transaction phase
* remove slate phase enum
* update actual send/receive code with new transaction lib workflow
* refactoring transaction building code
* serialise return transaction
* move shared functions into transactions, ensure wallet manipulation is only done outside of aggsig transaction lib
* remove unneeded wallet config from fn
* adding test functions to facilitate libwallet transaction testing
* rustfmt
* refactoring checker somewhat, adding ability to create and transactions against local copy of chain for simpler testing
* finish transaction testing functionality which verifies transactions work properly
* Remove wallet output manipulation from transaction building lib
* ensure sender expects full transaction back on last phase
* ensure sender expects full transaction back on last phase
* beginning to refactor keychain into wallet lib
* rustfmt
* more refactor of aggsig lib, simplify aggsig context manager, hold instance statically for now
* clean some warnings
* clean some warnings
* fix wallet send test a bit
* fix core tests, move wallet dependent tests into integration tests
* repair chain tests
* refactor/fix pool tests
* fix wallet tests, moved from keychain
* add wallet tests
It looks like lockfile implementation did still suffer from a race
condition. Only when creating the file with O_EXCL, file creation fails
if the file does already exist. One could use O_EXCL, but Windows
might use another flag to achieve the same. Moreover, O_EXCL doesn't
work as expected if the files are accessed over NFS.
In contrast, mkdir() is atomic in every of the mentioned cases.
Aside from using a lockdirectory, this patch also backups the current
wallet.dat contents to wallet.bck in case writing a possibly hefty
amount of JSON to the new wallet.dat fails. It is hoped that at least
one of the .bck and .dat files has usable contents in case failure.
* move some debug! to trace!
* more informative debugs
* standardising on always showing chain tips as "cumulative difficulty @ height [hash]"
* make 2 debug outputs into a single
* "no peers" as warning (not info) to let it stand out more clearly
* move fn param (used only in this one debug line)
* clarify difficulty "units"
* wip
* failing test for being too eager when pruning a sibling
* commit
* rustfmt
* [WIP] modified get_shift and get_leaf_shift to account for leaving "pruned but not compacted" leaves in place
Note: this currently breaks check_compact as nothing else is aware of the modified behavior
* rustfmt
* commit
* rustfmt
* basic prune/compact/shift working
* rustfmt
* commit
* rustfmt
* next_pruned_idx working (I think)
* commit
* horizon test uncovered some subtle issues - wip
* rustfmt
* cleanup
* rustfmt
* commit
* cleanup
* cleanup
* commit
* rustfmt
* contains -> binary_search
* rustfmt
* no need for height==0 special case
* wip - works for single compact, 2nd one breaks the mmr hashes
* commit
* rustfmt
* fixed it (needs a lot of cleanup)
we were not traversing all the way up to the peak if we pruned an entire tree
so rm_log and prune list were inconsistent
* multiple compact steps are working
data file not being copmacted currently (still to investigate)
* cleanup store tests
* cleanup
* cleanup up debug
* rustfmt
* take kernel offsets into account when summing kernels and outputs for full txhashset validation
validate chain state pre and post compaction
* rustfmt
* fix wallet refresh (we need block height to be refreshed on non-coinbase outputs)
otherwise we cannot spend them...
* rustfmt
* family_branch() to recursively call family() up the branch
todo
- we hit a peak, then we need to get to the root somehow
- actually get the hashes to build the proof
* wip
* some additional testing around merkle tree branches
* track left/right branch for each sibling as we build the merkle path up
* MerkleProof and basic (incomplete) verify fn
* I think a MerkleProof verifies correctly now
need to test on test case with multiple peaks
* basic pmmr merkle proof working
* MerkleProof now serializable/deserializable
* coinbase maturity via merkle proof basically working
* ser/deser merkle proof into hex in api and wallet.dat
* cleanup
* wip - temporarily saving merkle proofs to the commit index
* assert merkle proof in store matches the rewound version
there are cases where it does not...
* commit
* commit
* can successfully rewind the output PMMR and generate a Merkle proof
need to fix the tests up now
and cleanup the code
and add docs for functions etc.
* core tests passing
* fixup chain tests using merkle proofs
* pool tests working with merkle proofs
* api tests working with merkle proof
* fix the broken comapct block hashing behavior
made nonce for short_ids explicit to help with this
* cleanup and comment as necessary
* cleanup variety of TODOs
* Initial version
* store failure parameters inside ErrorKind variants
* continue failure transformation
* 4 errors left
* still two errors
* return old code back
* finally compiling
* Fix compilation and test errors after merge
* WIP - split the key in final tx step
store "offset" on transaction itself
* rebase
* commit
* tx with offset
* got a test tx validating successfully using a sig from a split key and the appropriate offset
* sum up the offset for the block_header
* fix size tests for blocks and compact blocks (header now includes offset)
* use txs with offsets in most of the core tests
some tests now failing
* build kernel from k1G (k2 stored on tx, sum stored on header)
* commit
* tx now has vec of kernels
rework tx and kernel validation
* add test for tx cut_through
* wip - working on splitting in aggsig
* split the key when creating the initial sender aggsig context
* cleanup
* cleanup
* code needs claning up but split keys working for sender/receiver aggsig flow
* cleanup debug logging
* fix tests
* fix merge and basic cleanup
* fix keychain tests to use new tx_id
* update mean cuda miner to latest trompcode, and added tweakable parameters to grin configuration file
* Added UUID for transactions, and store aggsig contexts indexed by transaction ID
* updating test framework to allow checking of wallet contents during test
* experiment with lock_heights on outputs
* playing around with lock_height as part of the switch commitment hash
* cleanup
* include features in the switch commit hash key
* commit
* rebase off master
* commit
* cleanup
* missing docs
* rework coinbase maturity test to build valid tx
* pool and chain tests passing (inputs have switch commitments)
* commit
* cleanup
* check inputs spending coinbase outputs have valid lock_heights
* wip - got it building (tests still failing)
* use zero key for non coinbase switch commit hash
* fees and height wrong order...
* send output lock_height over to wallet via api
* no more header by height index
workaround this for wallet refresh and wallet restore
* refresh heights for unspent wallet outputs where missing
* TODO - might be slow?
* simplify - do not pass around lock_height for non coinbase outputs
* commit
* fix tests after merge
* build input vs coinbase_input
switch commit hash key encodes lock_height
cleanup output by commit index (currently broken...)
* is_unspent and get_unspent cleanup - we have no outputs, only switch_commit_hashes
* separate concept of utxo vs output in the api
utxos come from the sumtrees (and only the sumtrees, limited info)
outputs come from blocks (and we need to look them up via block height)
* cleanup
* better api support for block outputs with range proofs
* basic wallet operations appear to work
restore is not working fully
refresh refreshes heights correctly (at least appears to)
* wallet refresh and wallet restore appear to be working now
* fix core tests
* fix some mine_simple_chain tests
* fixup chain tests
* rework so pool tests pass
* wallet restore now safely habndles duplicate commitments (reused wallet keys)
for coinbase outputs where lock_height is _very_ important
* wip
* validate_coinbase_maturity
got things building
tests are failing
* lite vs full versions of is_unspent
* builds and working locally
zero-conf - what to do here?
* handle zero-conf edge case (use latest block)
* introduce OutputIdentifier, avoid leaking SumCommit everywhere
* fix the bad merge
* pool verifies coinbase maturity via is_matured
this uses sumtree in a consistent way
* cleanup
* add docs, cleanup build warnings
* fix core tests
* fix chain tests
* fix pool tests
* cleanup debug logging that we no longer need
* make out_block optional on an input (only care about it for spending coinbase outputs)
* cleanup
* bump the build
* First steps converting transaction workflow to be aggsig-enable
* integrating updated version of aggsig, which gives greater control over the contents of e
* added wallet transaction test to testing framework to enable testing the whole thing, completed interaction as far as inital response from recipient
* more aggsig work, final signature is produced now
* Construction of aggsig transaction now working to the point of the signature being built
* aggsig transactions working end-to-end in the nominal case
* refactor aggsig verify from commit and fix some tests
* more cleanup and test fixing
* cleaning up automated tests
* test+formatting fix
* distinguish select (among futures) from select coins. Regex search in project for select\b shows we hardly use select, but maybe could use it to add timeouts more cleanly. ("Want to add a timeout to any future? Just do a select of that future and a timeout future!" from https://aturon.github.io/blog/2016/08/11/futures/)
* remove a trailing space
* FAQ.md - fix typo
* wallet: display problematic tx
* update FAQ build troubleshooting to cover #443
* stdout_log_level = Info
file_log_level = Debug
* sync: show total diff @ height when syncronization is completed
* better wallet send dest format error
* move INFO "Client conn ... lost" and "Connected to peer" down to Debug
* move some level=Info to Debug, add 1000-block outputs
* Make Get coinbase via wallet API error more self-help friendly. Also show the wallet API URL that failed to respond.
* spelling and rustfmt nit
* more informational output from `grin server stop`
* newcomer friendly error when wallet.seed isn't found
* grin wallet (info|outputs): better error message
* default wallet receive to listen on 127.0.0.1, optional flag on wallet command to listen on 0.0.0.0
* fix simulnet for new wallet port/interface config
Moved the HTTP APIs away from the REST endpoint abstraction and
to simpler Hyper handlers. Re-established all routes as v1.
Changed wallet receiver port to 13415 to avoid a gap in port
numbers.
Finally, rustfmt seems to have ignored specific files arguments,
running on everything.