Merge pull request #412 from rsksmart/get-rid-of-hsm-version-integration

Fix block selection. Remove HSM version 3

Author: marcos-iov

src/main/java/co/rsk/federate/FedNodeRunner.java

@@ -22,6 +22,7 @@
 import co.rsk.NodeRunner;
 import co.rsk.bitcoinj.core.BtcECKey;
 import co.rsk.core.RskAddress;
+import co.rsk.federate.signing.hsm.HSMUnsupportedVersionException;
 import co.rsk.federate.signing.hsm.HSMVersion;
 import co.rsk.peg.constants.BridgeConstants;
 import co.rsk.federate.adapter.ThinConverter;
@@ -162,15 +163,22 @@ private void startBookkeepingServices() throws SignerException, HSMClientExcepti
         HSMClientProtocol protocol =
             hsmClientProtocolFactory.buildHSMClientProtocolFromConfig(powHsmConfig);
 
-        int hsmVersion = protocol.getVersion();
-        logger.debug("[run] Using HSM version {}", hsmVersion);
+        int version = protocol.getVersion();
+        if (!HSMVersion.isValidHSMVersion(version)) {
+            throw new HSMUnsupportedVersionException("Unsupported HSM version " + version);
+        }
+
+        logger.debug("[run] Using HSM version {}", version);
 
-        if (HSMVersion.isPowHSM(hsmVersion)) {
-            hsmBookkeepingClient = buildBookKeepingClient(
-                protocol, powHsmConfig);
-            hsmBookkeepingService = buildBookKeepingService(
-                hsmBookkeepingClient, powHsmConfig);
+        // Only start bookkeeping services for PoW HSMs. HSM version 1 doesn't support bookkeeping.
+        if (!HSMVersion.isPowHSM(version)) {
+            return;
         }
+
+        hsmBookkeepingClient = buildBookKeepingClient(
+            protocol, powHsmConfig);
+        hsmBookkeepingService = buildBookKeepingService(
+            hsmBookkeepingClient, powHsmConfig);
     }
 
     private void configureFederatorSupport() throws SignerException {

src/main/java/co/rsk/federate/signing/ECDSAHSMSigner.java

@@ -46,7 +46,7 @@
  */
 public class ECDSAHSMSigner implements ECDSASigner {
 
-    private static final Logger LOGGER = LoggerFactory.getLogger(ECDSAHSMSigner.class);
+    private static final Logger logger = LoggerFactory.getLogger(ECDSAHSMSigner.class);
 
     private final HSMSigningClientProvider clientProvider;
     private final Map<KeyId, String> keyIdMapping;
@@ -78,7 +78,8 @@ public ECDSASignerCheckResult check() {
         try {
             ensureHsmClient();
         } catch (HSMClientException e) {
-            String keysIds = keyIdMapping.keySet().stream().map(keyId -> keyId.toString()).collect(Collectors.joining(", "));
+            logger.error("[check] Unable to create HSM client", e);
+            String keysIds = keyIdMapping.keySet().stream().map(KeyId::toString).collect(Collectors.joining(", "));
             return new ECDSASignerCheckResult(Collections.singletonList("HSM "+ keysIds + " Signer: " + e.getMessage()));
         }
 
@@ -90,7 +91,7 @@ public ECDSASignerCheckResult check() {
                 client.getPublicKey(mapping.getValue());
             } catch (HSMClientException e) {
                 messages.add(e.getMessage());
-                LOGGER.error("[check] Unable to retrieve public key", e);
+                logger.error("[check] Unable to retrieve public key", e);
             }
         }
 
@@ -107,10 +108,11 @@ public ECPublicKey getPublicKey(KeyId keyId) throws SignerException {
 
     @Override
     public int getVersionForKeyId(KeyId keyId) throws SignerException {
-        int version = 0;
         if (!canSignWith(keyId)) {
             throw new SignerException(String.format("Can't find version for this key for the requested signing key: %s", keyId));
         }
+
+        int version;
         try {
             ensureHsmClient();
             version = client.getVersion();
@@ -130,7 +132,7 @@ public ECKey.ECDSASignature sign(KeyId keyId, SignerMessage message) throws Sign
 
     @Override
     public String getVersionString() throws SignerException {
-        String keysIds = keyIdMapping.keySet().stream().map(keyId -> keyId.toString()).collect(Collectors.joining(", "));
+        String keysIds = keyIdMapping.keySet().stream().map(KeyId::toString).collect(Collectors.joining(", "));
         try {
             ensureHsmClient();
             return "HSM " + keysIds + " Signer Version:" + client.getVersion();
@@ -158,6 +160,7 @@ private <T> T invokeWithVersionRetry(KeyId keyId, SignerCall<T> call) throws Sig
             ensureHsmClient();
             return call.invoke(client);
         } catch(HSMChangedVersionException e) {
+            logger.debug("[invokeWithVersionRetry] HSM client version changed, retrying", e);
             client = null;
             return invokeWithVersionRetry(keyId, call);
         } catch (HSMClientException e) {

src/main/java/co/rsk/federate/signing/hsm/HSMVersion.java

@@ -6,7 +6,6 @@
 public enum HSMVersion {
     V1(1),
     V2(2),
-    V3(3),
     V4(4),
     V5(5),
     ;
@@ -22,14 +21,14 @@ public int getNumber() {
     }
 
     public static List<HSMVersion> getPowHSMVersions() {
-        return Arrays.asList(V2, V3, V4, V5);
+        return Arrays.asList(V2, V4, V5);
     }
 
     public static boolean isPowHSM(int version) {
         return getPowHSMVersions().stream().anyMatch(hsmVersion -> hsmVersion.number == version);
     }
 
-    public static boolean isPowHSM(HSMVersion version){
-        return getPowHSMVersions().contains(version);
+    public static boolean isValidHSMVersion(int version) {
+        return Arrays.stream(values()).anyMatch(hsmVersion -> hsmVersion.number == version);
     }
 }

src/main/java/co/rsk/federate/signing/hsm/advanceblockchain/ConfirmedBlocksProvider.java

@@ -6,6 +6,7 @@
 import java.util.ArrayList;
 import java.util.List;
 import org.ethereum.core.Block;
+import org.ethereum.core.BlockHeader;
 import org.ethereum.db.BlockStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -92,24 +93,28 @@ public List<Block> getConfirmedBlocks(Keccak256 startingPoint) {
         return confirmedBlocks;
     }
 
-    private BigInteger getBlockDifficultyToConsider(Block block) {
-        BigInteger blockDifficulty = block.getDifficulty().asBigInteger();
-        BigInteger difficultyToConsider = blockDifficulty;
-        if (hsmVersion >= HSMVersion.V3.getNumber()) {
-            BigInteger unclesDifficulty = block.getUncleList().stream()
-                .map(uncle -> uncle.getDifficulty().asBigInteger())
-                .reduce(BigInteger.ZERO, BigInteger::add);
-            blockDifficulty = blockDifficulty.add(unclesDifficulty);
-            difficultyToConsider = difficultyCap.min(blockDifficulty);
-        }
+    protected BigInteger getBlockDifficultyToConsider(Block block) {
         logger.trace(
-            "[getBlockDifficultyToConsider] Block {} (height {}), total difficulty {}, considering {}",
-            block.getHash(),
-            block.getNumber(),
-            blockDifficulty,
-            difficultyToConsider
+            "[getBlockDifficultyToConsider] Get difficulty for block {} at height {}", block.getHash(), block.getNumber()
         );
 
-        return difficultyToConsider;
+        BigInteger blockTotalDifficulty = block.getDifficulty().asBigInteger();
+        if (hsmVersion < HSMVersion.V4.getNumber()) {
+            logger.trace("[getBlockDifficultyToConsider] Considering block total difficulty {}", blockTotalDifficulty);
+            return blockTotalDifficulty;
+        }
+
+        // Considering uncles difficulty and cap
+        BigInteger blockDifficultyToConsider = difficultyCap.min(blockTotalDifficulty);
+        BigInteger unclesDifficultyToConsider = block.getUncleList().stream()
+            .map(uncle -> difficultyCap.min(uncle.getDifficulty().asBigInteger()))
+            .reduce(BigInteger.ZERO, BigInteger::add);
+
+        logger.trace(
+            "[getBlockDifficultyToConsider] Block difficulty {}, considering {}",
+            blockTotalDifficulty,
+            blockDifficultyToConsider
+        );
+        return blockDifficultyToConsider.add(unclesDifficultyToConsider);
     }
 }

src/main/java/co/rsk/federate/signing/hsm/advanceblockchain/HsmBookkeepingClientImpl.java

@@ -167,7 +167,7 @@ public void advanceBlockchain(List<Block> blocks) throws HSMClientException {
             ObjectNode payload = this.hsmClientProtocol.buildCommand(ADVANCE_BLOCKCHAIN.getCommand(), getVersion());
             addBlocksToPayload(payload, blockHeaderChunk);
 
-            if (getVersion() >= HSMVersion.V3.getNumber()) {
+            if (getVersion() >= HSMVersion.V4.getNumber()) {
                 List<String[]> brothers = getBrothers(blockHeaderChunk, message);
                 addBrothersToPayload(payload, brothers);
             }

src/test/java/co/rsk/federate/FedNodeRunnerTest.java

@@ -17,6 +17,7 @@
 
 import co.rsk.NodeRunner;
 import co.rsk.bitcoinj.core.NetworkParameters;
+import co.rsk.federate.signing.hsm.HSMUnsupportedVersionException;
 import co.rsk.federate.signing.hsm.HSMVersion;
 import co.rsk.peg.constants.BridgeConstants;
 import co.rsk.federate.btcreleaseclient.BtcReleaseClient;
@@ -50,6 +51,7 @@
 import java.util.Collections;
 import java.util.List;
 import org.ethereum.config.Constants;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
@@ -82,7 +84,7 @@ void setUp() throws IOException, HSMClientException {
         when(constants.getBridgeConstants()).thenReturn(bridgeConstants);
         when(bridgeConstants.getBtcParamsString()).thenReturn(NetworkParameters.ID_REGTEST);
 
-        int hsmVersion = HSMVersion.V3.getNumber();
+        int hsmVersion = HSMVersion.V4.getNumber();
         HSMClientProtocol protocol = mock(HSMClientProtocol.class);
         when(protocol.getVersion()).thenReturn(hsmVersion);
         HSMClientProtocolFactory hsmClientProtocolFactory = mock(HSMClientProtocolFactory.class);
@@ -189,6 +191,36 @@ void test_with_hsm_v1_config() throws Exception {
         assertNull(bookkeepingService);
     }
 
+    @Test
+    void hsm_v3_config_shouldFail() throws Exception {
+        SignerConfigBuilder configBuilder = SignerConfigBuilder.builder()
+            .withHsmSigner("m/44'/0'/0'/0/0");
+        SignerConfig btcSignerConfig = configBuilder.build(BTC);
+
+        when(fedNodeSystemProperties.signerConfig(BTC.getId())).thenReturn(btcSignerConfig);
+        HSMClientProtocol protocol = mock(HSMClientProtocol.class);
+        when(protocol.getVersion()).thenReturn(3);
+        HSMClientProtocolFactory hsmClientProtocolFactory = mock(HSMClientProtocolFactory.class);
+        when(hsmClientProtocolFactory.buildHSMClientProtocolFromConfig(any())).thenReturn(protocol);
+
+        fedNodeRunner = new FedNodeRunner(
+            mock(BtcToRskClient.class),
+            mock(BtcToRskClient.class),
+            mock(BtcReleaseClient.class),
+            mock(FederationWatcher.class),
+            mock(FederatorSupport.class),
+            mock(FederateLogger.class),
+            mock(RskLogMonitor.class),
+            mock(NodeRunner.class),
+            fedNodeSystemProperties,
+            hsmClientProtocolFactory,
+            mock(HSMBookKeepingClientProvider.class),
+            mock(FedNodeContext.class)
+        );
+
+        Assertions.assertThrows(HSMUnsupportedVersionException.class, fedNodeRunner::run, "Unsupported HSM version 3");
+    }
+
     @Test
     void test_with_hsm_config_without_btc() throws Exception {
         SignerConfig rskSignerConfig = getHSMRSKSignerConfig();
@@ -486,12 +518,12 @@ private SignerConfig getHSMBTCSignerConfig(HSMVersion version) throws HSMClientE
                 new BigInteger("4405500"), 500000L, 1000, 100, true);
         }
 
-        if (version.getNumber() >= 3) {
+        if (version.getNumber() >= 4) {
             when(hsmBookkeepingClient.getBlockchainParameters()).thenReturn(
                 new PowHSMBlockchainParameters(
                     createHash(1).toHexString(),
                     new BigInteger("4405500"),
-                    NetworkParameters.ID_UNITTESTNET.toString()));
+                    NetworkParameters.ID_UNITTESTNET));
         }
 
         return configBuilder.build(PowPegNodeKeyId.BTC);

src/test/java/co/rsk/federate/signing/ECDSAHSMSignerTest.java

@@ -257,18 +257,11 @@ void getVersionForKeyId_HSMClientException() throws HSMClientException {
     @Test
     void getVersionForKeyId_SignerException() throws HSMClientException {
         KeyId key = new KeyId("keyAB");
-        int version = HSMVersion.V3.getNumber();
-        when(providerMock.getSigningClient()).thenReturn(clientMock);
-        when(clientMock.getVersion()).thenReturn( version);
 
-        try {
-            signer.getVersionForKeyId(key);
-            fail();
-        } catch (SignerException e) {
-            assertEquals(e.getMessage(),String.format("Can't find version for this key for the requested signing key: %s", key));
-        }
+        when(providerMock.getSigningClient()).thenReturn(clientMock);
 
-        verify(clientMock,times(0)).getVersion();
+        assertThrows(SignerException.class, () -> signer.getVersionForKeyId(key), "No mapped HSM key id found");
+        verify(clientMock,never()).getVersion();
     }
 
     @Test