Skip to content

Commit

Permalink
go/registry: Drop support for v0 node descriptor
Browse files Browse the repository at this point in the history
  • Loading branch information
kostko committed Jun 1, 2020
1 parent 603e3d8 commit ffbe3e9
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 174 deletions.
1 change: 1 addition & 0 deletions .changelog/2918.breaking.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
go/registry: Drop support for v0 node descriptor
2 changes: 0 additions & 2 deletions go/oasis-test-runner/scenario/e2e/e2e.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,8 +127,6 @@ func RegisterScenarios() error {
Debond,
// Late start test.
LateStart,
// Restore from v20.6 genesis file.
RestoreV206,
// KeymanagerUpgrade test.
KeymanagerUpgrade,
} {
Expand Down
59 changes: 0 additions & 59 deletions go/oasis-test-runner/scenario/e2e/restore_previous.go

This file was deleted.

70 changes: 21 additions & 49 deletions go/registry/api/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -594,57 +594,30 @@ func VerifyRegisterNodeArgs( // nolint: gocyclo
}

// Validate TLSInfo.
if n.DescriptorVersion == 0 {
// Old descriptor that used full TLS certificates instead of just public keys. We allow old
// descriptors iff this is the chain being initialized from genesis and the node only has
// the validator role (because validators do not expose any TLS services).
// TODO: Drop support for node descriptor version 0 (oasis-core#2918).
if !isGenesis && !isSanityCheck {
return nil, nil, fmt.Errorf("%w: v0 descriptor only allowed at genesis time", ErrInvalidArgument)
}
if !n.OnlyHasRoles(node.RoleValidator) {
logger.Error("RegisterNode: v0 descriptor for non-validator node",
"node", n,
)
return nil, nil, fmt.Errorf("%w: v0 descriptor for non-validator node", ErrInvalidArgument)
}

legacyTLSKey, err := nodeV0parseTLSPubKey(logger, sigNode)
if err != nil {
return nil, nil, err
}

logger.Warn("RegisterNode: using v0 node descriptor",
if !n.TLS.PubKey.IsValid() {
logger.Error("RegisterNode: invalid TLS public key",
"node", n,
)
return nil, nil, fmt.Errorf("%w: invalid TLS public key", ErrInvalidArgument)
}
tlsAddressRequired := n.HasRoles(TLSAddressRequiredRoles)
if err := verifyAddresses(params, tlsAddressRequired, n.TLS.Addresses); err != nil {
addrs, _ := json.Marshal(n.TLS.Addresses)
logger.Error("RegisterNode: missing/invalid committee addresses",
"node", n,
"committee_addrs", addrs,
)
return nil, nil, err
}

expectedSigners = append(expectedSigners, legacyTLSKey)
} else {
if !n.TLS.PubKey.IsValid() {
logger.Error("RegisterNode: invalid TLS public key",
"node", n,
)
return nil, nil, fmt.Errorf("%w: invalid TLS public key", ErrInvalidArgument)
}
tlsAddressRequired := n.HasRoles(TLSAddressRequiredRoles)
if err := verifyAddresses(params, tlsAddressRequired, n.TLS.Addresses); err != nil {
addrs, _ := json.Marshal(n.TLS.Addresses)
logger.Error("RegisterNode: missing/invalid committee addresses",
"node", n,
"committee_addrs", addrs,
)
return nil, nil, err
}

if !sigNode.MultiSigned.IsSignedBy(n.TLS.PubKey) {
logger.Error("RegisterNode: not signed by TLS certificate key",
"signed_node", sigNode,
"node", n,
)
return nil, nil, fmt.Errorf("%w: registration not signed by TLS certificate key", ErrInvalidArgument)
}
expectedSigners = append(expectedSigners, n.TLS.PubKey)
if !sigNode.MultiSigned.IsSignedBy(n.TLS.PubKey) {
logger.Error("RegisterNode: not signed by TLS certificate key",
"signed_node", sigNode,
"node", n,
)
return nil, nil, fmt.Errorf("%w: registration not signed by TLS certificate key", ErrInvalidArgument)
}
expectedSigners = append(expectedSigners, n.TLS.PubKey)

// Validate P2PInfo.
if !n.P2P.ID.IsValid() {
Expand Down Expand Up @@ -724,8 +697,7 @@ func VerifyRegisterNodeArgs( // nolint: gocyclo
)
return nil, nil, ErrInvalidArgument
}
// TODO: Drop support for node descriptor version 0 (oasis-core#2918).
if existingNode != nil && existingNode.ID != n.ID && n.DescriptorVersion != 0 {
if existingNode != nil && existingNode.ID != n.ID {
logger.Error("RegisterNode: duplicate node TLS public key",
"node_id", n.ID,
"existing_node_id", existingNode.ID,
Expand Down
64 changes: 0 additions & 64 deletions go/registry/api/legacy_v0.go

This file was deleted.

0 comments on commit ffbe3e9

Please sign in to comment.