fixup! go/common/crypto/signature/signers/remote: Initial import

go/common/crypto/signature/signer.go

@@ -127,6 +127,12 @@ func UnsafeAllowUnregisteredContexts() {
 	allowUnregisteredContexts = true
 }
 
+// IsUnsafeUnregisteredContextsAllowed returns true iff context registration
+// checks are bypassed.
+func IsUnsafeUnregisteredContextsAllowed() bool {
+	return allowUnregisteredContexts
+}
+
 // SetChainContext configures the chain domain separation context that is
 // used with any contexts constructed using the WithChainSeparation option.
 func SetChainContext(rawContext string) {

go/common/crypto/signature/signers/remote/grpc.go

@@ -122,11 +122,10 @@ func handlerSign( // nolint: golint
 
 // RegisterService registers a new remote signer backend service with the given
 // gRPC server.
-//
-// WARNING: NEVER call this from the actual node.
 func RegisterService(server *grpc.Server, signerFactory signature.SignerFactory) {
-	// Not sure if this is the best place to do this.
-	signature.UnsafeAllowUnregisteredContexts()
+	if !signature.IsUnsafeUnregisteredContextsAllowed() {
+		panic("signature/signer/remote: context registration bypass is required")
+	}
 
 	// Load all signers, ignoring errors.
 	w := &wrapper{

go/oasis-remote-signer/cmd/root.go

@@ -12,8 +12,8 @@ import (
 	flag "github.com/spf13/pflag"
 	"github.com/spf13/viper"
 
+	"github.com/oasislabs/oasis-core/go/common"
 	"github.com/oasislabs/oasis-core/go/common/crypto/signature"
-	"github.com/oasislabs/oasis-core/go/common/crypto/signature/signers/file"
 	"github.com/oasislabs/oasis-core/go/common/crypto/signature/signers/remote"
 	"github.com/oasislabs/oasis-core/go/common/crypto/tls"
 	"github.com/oasislabs/oasis-core/go/common/grpc"
@@ -23,6 +23,7 @@ import (
 	cmdCommon "github.com/oasislabs/oasis-core/go/oasis-node/cmd/common"
 	cmdBackground "github.com/oasislabs/oasis-core/go/oasis-node/cmd/common/background"
 	cmdGrpc "github.com/oasislabs/oasis-core/go/oasis-node/cmd/common/grpc"
+	cmdSigner "github.com/oasislabs/oasis-core/go/oasis-node/cmd/common/signer"
 )
 
 const cfgClientCertificate = "client.certificate"
@@ -68,6 +69,16 @@ func ensureDataDir() (string, error) {
 	return dataDir, nil
 }
 
+func ensureSignerDir() (string, error) {
+	// The cmdSigner.DirOrPwd function is bad for this use case.
+	signerDir := viper.GetString(cmdSigner.CfgSignerDir)
+	if signerDir == "" {
+		signerDir = cmdCommon.DataDir()
+	}
+
+	return signerDir, common.Mkdir(signerDir)
+}
+
 func doServerInit(cmd *cobra.Command, args []string) {
 	if _, _, err := serverInit(); err != nil {
 		logger.Error("failed to initialize server keys",
@@ -83,9 +94,12 @@ func serverInit() (signature.SignerFactory, *goTls.Certificate, error) {
 		return nil, nil, err
 	}
 
-	// Initialize the actual signer.
-	// TODO: Make the backend configurable (ideally plugin based).
-	sf, err := file.NewFactory(dataDir, signature.SignerRoles...)
+	signerDir, err := ensureSignerDir()
+	if err != nil {
+		return nil, nil, err
+	}
+
+	sf, err := cmdSigner.NewFactory(cmdSigner.Backend(), signerDir, signature.SignerRoles...)
 	if err != nil {
 		logger.Error("failed to create signer factory",
 			"err", err,
@@ -171,6 +185,7 @@ func runRoot(cmd *cobra.Command, args []string) error {
 		)
 		return err
 	}
+	signature.UnsafeAllowUnregisteredContexts()
 	remote.RegisterService(svr.Server(), sf)
 
 	// Run the gRPC server.
@@ -196,8 +211,14 @@ func init() {
 	rootFlags.String(cfgClientCertificate, "client_cert.pem", "client TLS certificate (REQUIRED)")
 	_ = viper.BindPFlags(rootFlags)
 
+	// The directory flag's help message reflects the brain dead current
+	// working directory default behavior that this command does not use.
+	dirFlag := cmdSigner.SignerFlags.Lookup(cmdSigner.CfgSignerDir)
+	dirFlag.Usage = "path to directory containing the signer files (default: datadir)"
+
 	rootCmd.PersistentFlags().AddFlagSet(cmdCommon.RootFlags)
 	rootCmd.Flags().AddFlagSet(cmdGrpc.ServerTCPFlags)
+	rootCmd.Flags().AddFlagSet(cmdSigner.SignerFlags)
 	rootCmd.Flags().AddFlagSet(rootFlags)
 
 	rootCmd.AddCommand(initServerCmd)