From 29eef085d76307b0064b671035f1fb43b2e6373e Mon Sep 17 00:00:00 2001
From: Jernej Kos <jernej@kos.mx>
Date: Mon, 1 Jun 2020 14:07:30 +0200
Subject: [PATCH] go/registry: Drop support for v0 node descriptor

---
 .changelog/2918.breaking.md                   |  1 +
 go/oasis-test-runner/scenario/e2e/e2e.go      |  2 -
 .../scenario/e2e/restore_previous.go          | 59 ----------------
 go/registry/api/api.go                        | 70 ++++++-------------
 go/registry/api/legacy_v0.go                  | 64 -----------------
 5 files changed, 22 insertions(+), 174 deletions(-)
 create mode 100644 .changelog/2918.breaking.md
 delete mode 100644 go/oasis-test-runner/scenario/e2e/restore_previous.go
 delete mode 100644 go/registry/api/legacy_v0.go

diff --git a/.changelog/2918.breaking.md b/.changelog/2918.breaking.md
new file mode 100644
index 00000000000..b500e0be8ac
--- /dev/null
+++ b/.changelog/2918.breaking.md
@@ -0,0 +1 @@
+go/registry: Drop support for v0 node descriptor
diff --git a/go/oasis-test-runner/scenario/e2e/e2e.go b/go/oasis-test-runner/scenario/e2e/e2e.go
index f996f492085..963479578ba 100644
--- a/go/oasis-test-runner/scenario/e2e/e2e.go
+++ b/go/oasis-test-runner/scenario/e2e/e2e.go
@@ -127,8 +127,6 @@ func RegisterScenarios() error {
 		Debond,
 		// Late start test.
 		LateStart,
-		// Restore from v20.6 genesis file.
-		RestoreV206,
 		// KeymanagerUpgrade test.
 		KeymanagerUpgrade,
 	} {
diff --git a/go/oasis-test-runner/scenario/e2e/restore_previous.go b/go/oasis-test-runner/scenario/e2e/restore_previous.go
deleted file mode 100644
index a7ab5954a4a..00000000000
--- a/go/oasis-test-runner/scenario/e2e/restore_previous.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package e2e
-
-import (
-	"fmt"
-
-	"github.com/oasisprotocol/oasis-core/go/common/node"
-	"github.com/oasisprotocol/oasis-core/go/oasis-test-runner/env"
-	"github.com/oasisprotocol/oasis-core/go/oasis-test-runner/oasis"
-	"github.com/oasisprotocol/oasis-core/go/oasis-test-runner/scenario"
-)
-
-// RestoreV206 tests restoring from a v20.6 genesis document.
-var RestoreV206 scenario.Scenario = &restorePrevious{
-	runtimeImpl: *newRuntimeImpl("restore-v206", "simple-keyvalue-client", nil),
-	// Use the genesis document from v20.6 E2E tests (scenario: e2e/runtime/runtime).
-	genesisFile: "tests/fixture-data/restore-previous/genesis-v20.6.json",
-}
-
-type restorePrevious struct {
-	runtimeImpl
-
-	genesisFile string
-}
-
-func (sc *restorePrevious) Clone() scenario.Scenario {
-	return &restorePrevious{
-		runtimeImpl: *sc.runtimeImpl.Clone().(*runtimeImpl),
-		genesisFile: sc.genesisFile,
-	}
-}
-
-func (sc *restorePrevious) Fixture() (*oasis.NetworkFixture, error) {
-	f, err := sc.runtimeImpl.Fixture()
-	if err != nil {
-		return nil, err
-	}
-
-	if sc.genesisFile == "" {
-		return nil, fmt.Errorf("genesis file not specified in scenario")
-	}
-	f.Network.GenesisFile = sc.genesisFile
-	// Use deterministic identities so we can use the same keys.
-	f.Network.DeterministicIdentities = true
-
-	return f, nil
-}
-
-func (sc *restorePrevious) Run(childEnv *env.Env) error {
-	// Restore tests use a fixed genesis that only works on non-TEE environments.
-	tee, err := sc.getTEEHardware()
-	if err != nil {
-		return err
-	}
-	if tee != node.TEEHardwareInvalid {
-		sc.logger.Info("skipping test due to incompatible TEE hardware")
-		return nil
-	}
-	return sc.runtimeImpl.Run(childEnv)
-}
diff --git a/go/registry/api/api.go b/go/registry/api/api.go
index 68d19e331d0..537972f690d 100644
--- a/go/registry/api/api.go
+++ b/go/registry/api/api.go
@@ -594,57 +594,30 @@ func VerifyRegisterNodeArgs( // nolint: gocyclo
 	}
 
 	// Validate TLSInfo.
-	if n.DescriptorVersion == 0 {
-		// Old descriptor that used full TLS certificates instead of just public keys. We allow old
-		// descriptors iff this is the chain being initialized from genesis and the node only has
-		// the validator role (because validators do not expose any TLS services).
-		// TODO: Drop support for node descriptor version 0 (oasis-core#2918).
-		if !isGenesis && !isSanityCheck {
-			return nil, nil, fmt.Errorf("%w: v0 descriptor only allowed at genesis time", ErrInvalidArgument)
-		}
-		if !n.OnlyHasRoles(node.RoleValidator) {
-			logger.Error("RegisterNode: v0 descriptor for non-validator node",
-				"node", n,
-			)
-			return nil, nil, fmt.Errorf("%w: v0 descriptor for non-validator node", ErrInvalidArgument)
-		}
-
-		legacyTLSKey, err := nodeV0parseTLSPubKey(logger, sigNode)
-		if err != nil {
-			return nil, nil, err
-		}
-
-		logger.Warn("RegisterNode: using v0 node descriptor",
+	if !n.TLS.PubKey.IsValid() {
+		logger.Error("RegisterNode: invalid TLS public key",
 			"node", n,
 		)
+		return nil, nil, fmt.Errorf("%w: invalid TLS public key", ErrInvalidArgument)
+	}
+	tlsAddressRequired := n.HasRoles(TLSAddressRequiredRoles)
+	if err := verifyAddresses(params, tlsAddressRequired, n.TLS.Addresses); err != nil {
+		addrs, _ := json.Marshal(n.TLS.Addresses)
+		logger.Error("RegisterNode: missing/invalid committee addresses",
+			"node", n,
+			"committee_addrs", addrs,
+		)
+		return nil, nil, err
+	}
 
-		expectedSigners = append(expectedSigners, legacyTLSKey)
-	} else {
-		if !n.TLS.PubKey.IsValid() {
-			logger.Error("RegisterNode: invalid TLS public key",
-				"node", n,
-			)
-			return nil, nil, fmt.Errorf("%w: invalid TLS public key", ErrInvalidArgument)
-		}
-		tlsAddressRequired := n.HasRoles(TLSAddressRequiredRoles)
-		if err := verifyAddresses(params, tlsAddressRequired, n.TLS.Addresses); err != nil {
-			addrs, _ := json.Marshal(n.TLS.Addresses)
-			logger.Error("RegisterNode: missing/invalid committee addresses",
-				"node", n,
-				"committee_addrs", addrs,
-			)
-			return nil, nil, err
-		}
-
-		if !sigNode.MultiSigned.IsSignedBy(n.TLS.PubKey) {
-			logger.Error("RegisterNode: not signed by TLS certificate key",
-				"signed_node", sigNode,
-				"node", n,
-			)
-			return nil, nil, fmt.Errorf("%w: registration not signed by TLS certificate key", ErrInvalidArgument)
-		}
-		expectedSigners = append(expectedSigners, n.TLS.PubKey)
+	if !sigNode.MultiSigned.IsSignedBy(n.TLS.PubKey) {
+		logger.Error("RegisterNode: not signed by TLS certificate key",
+			"signed_node", sigNode,
+			"node", n,
+		)
+		return nil, nil, fmt.Errorf("%w: registration not signed by TLS certificate key", ErrInvalidArgument)
 	}
+	expectedSigners = append(expectedSigners, n.TLS.PubKey)
 
 	// Validate P2PInfo.
 	if !n.P2P.ID.IsValid() {
@@ -724,8 +697,7 @@ func VerifyRegisterNodeArgs( // nolint: gocyclo
 		)
 		return nil, nil, ErrInvalidArgument
 	}
-	// TODO: Drop support for node descriptor version 0 (oasis-core#2918).
-	if existingNode != nil && existingNode.ID != n.ID && n.DescriptorVersion != 0 {
+	if existingNode != nil && existingNode.ID != n.ID {
 		logger.Error("RegisterNode: duplicate node TLS public key",
 			"node_id", n.ID,
 			"existing_node_id", existingNode.ID,
diff --git a/go/registry/api/legacy_v0.go b/go/registry/api/legacy_v0.go
deleted file mode 100644
index 64d60c572e6..00000000000
--- a/go/registry/api/legacy_v0.go
+++ /dev/null
@@ -1,64 +0,0 @@
-package api
-
-// TODO: Remove this when dropping support for node descriptor version 0 (oasis-core#2918).
-
-import (
-	goEd25519 "crypto/ed25519"
-	"crypto/x509"
-	"fmt"
-
-	"github.com/oasisprotocol/oasis-core/go/common/cbor"
-	"github.com/oasisprotocol/oasis-core/go/common/crypto/signature"
-	"github.com/oasisprotocol/oasis-core/go/common/logging"
-	"github.com/oasisprotocol/oasis-core/go/common/node"
-)
-
-func nodeV0parseTLSPubKey(logger *logging.Logger, sigNode *node.MultiSignedNode) (signature.PublicKey, error) {
-	var (
-		cert    *x509.Certificate
-		certPub signature.PublicKey
-		err     error
-	)
-	type v0Node struct {
-		// We are only interested in the old "committee certificate" field.
-		Committee struct {
-			Certificate []byte `json:"certificate"`
-		} `json:"committee"`
-	}
-	var node v0Node
-	if err = cbor.Unmarshal(sigNode.Blob, &node); err != nil {
-		logger.Error("RegisterNode: invalid v0 node descriptor",
-			"node", node,
-			"err", err,
-		)
-		return certPub, ErrInvalidArgument
-	}
-
-	cert, err = x509.ParseCertificate(node.Committee.Certificate)
-	if err != nil {
-		logger.Error("RegisterNode: failed to parse v0 committee certificate",
-			"err", err,
-			"node", node,
-		)
-		return certPub, fmt.Errorf("%w: failed to parse v0 committee certificate", ErrInvalidArgument)
-	}
-
-	edPub, ok := cert.PublicKey.(goEd25519.PublicKey)
-	if !ok {
-		logger.Error("RegisterNode: incorrect v0 committee certifiate signing algorithm",
-			"node", node,
-		)
-		return certPub, fmt.Errorf("%w: incorrect v0 committee certificate signing algorithm", ErrInvalidArgument)
-	}
-
-	if err = certPub.UnmarshalBinary(edPub); err != nil {
-		// This should NEVER happen.
-		logger.Error("RegisterNode: malformed v0 committee certificate signing key",
-			"err", err,
-			"node", node,
-		)
-		return certPub, fmt.Errorf("%w: malformed v0 committee certificate signing key", ErrInvalidArgument)
-	}
-
-	return certPub, nil
-}