Problem: Missing secure gRPC channel

CHANGELOG.md

@@ -2,6 +2,11 @@
 
 This log documents all public API breaking backwards incompatible changes.
 
+## 2.2.0
+
+*Jan 5, 2022*
+[#24](https://github.com/crypto-org-chain/chainlibpy/pull/24) Fix unable to use secure gRPC channel to interact with chain
+
 *Dec 7, 2021*
 
 ## 2.1.0

README.md

@@ -13,7 +13,8 @@
 - [Usage](#usage)
  - [Generating a wallet](#generating-a-wallet)
  - [Signing and broadcasting a transaction](#signing-and-broadcasting-a-transaction)
- - [Acknowledgement](#acknowledgement)
+ - [Using secure gRPC channel](#using-secure-grpc-channel)
+- [Acknowledgement](#acknowledgement)
 - [Development](#development)
  - [Set up development environment](#set-up-development-environment)
  - [Generate gRPC code](#generate-grpc-code)
@@ -77,7 +78,11 @@ client.broadcast_tx(tx)
 
 You may also refer to `example/transaction.py` on how to use a high level function `bank_send()` to sign and broadcast a transaction
 
-### Acknowledgement<a name="acknowledgement"></a>
+### Using secure gRPC channel<a name="using-secure-grpc-channel"></a>
+
+Please refer to `example/secure_channel_example.py` on how to use secure gRPC channel with server certificate
+
+## Acknowledgement<a name="acknowledgement"></a>
 
 Thanks [cosmospy](https://github.com/hukkinj1/cosmospy) for the following:
 

chainlibpy/grpc_client.py

@@ -5,7 +5,7 @@
 from typing import List, Optional
 
 from google.protobuf.any_pb2 import Any as ProtoAny
-from grpc import insecure_channel
+from grpc import ChannelCredentials, insecure_channel, secure_channel
 
 from chainlibpy.generated.cosmos.auth.v1beta1.auth_pb2 import BaseAccount
 from chainlibpy.generated.cosmos.auth.v1beta1.query_pb2 import QueryAccountRequest
@@ -47,8 +47,17 @@
 class GrpcClient:
  DEFAULT_GAS_LIMIT = 200000
 
- def __init__(self, wallet: Wallet, chain_id: str, grpc_endpoint: str) -> None:
- channel = insecure_channel(grpc_endpoint)
+ def __init__(
+ self,
+ wallet: Wallet,
+ chain_id: str,
+ grpc_endpoint: str,
+ credentials: ChannelCredentials = None,
+ ) -> None:
+ if credentials is None:
+ channel = insecure_channel(grpc_endpoint)
+ else:
+ channel = secure_channel(grpc_endpoint, credentials)
 
  self.bank_client = BankGrpcClient(channel)
  self.tx_client = TxGrpcClient(channel)

example/secure_channel_example.py

@@ -0,0 +1,60 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import ssl
+
+import grpc
+
+from chainlibpy.grpc_client import GrpcClient
+from chainlibpy.wallet import Wallet
+
+DENOM = "basetcro"
+MNEMONIC_PHRASE = "first ... last"
+CHAIN_ID = "testnet-croeseid-4"
+
+SERVER_HOST = "testnet-croeseid-4.crypto.org"
+SERVER_PORT = "9090"
+GRPC_ENDPOINT = f"{SERVER_HOST}:{SERVER_PORT}"
+
+DEFAULT_DERIVATION_PATH = "m/44'/1'/0'/0/0"
+DEFAULT_BECH32_HRP = "tcro"
+
+
+def example_with_certificate_file():
+ wallet = Wallet(MNEMONIC_PHRASE, DEFAULT_DERIVATION_PATH, DEFAULT_BECH32_HRP)
+
+ # 1. .cer certificate file could be obtained from the browser
+ # more details could be found here https://stackoverflow.com/questions/25940396/how-to-export-certificate-from-chrome-on-a-mac/59466184#59466184 # noqa501
+ # 2. convert .cer file to .crt file
+ # `openssl x509 -inform DER -in cert.cer -out cert.crt``
+ with open("./cert.crt", "rb") as f:
+ creds = grpc.ssl_channel_credentials(f.read())
+
+ client = GrpcClient(wallet, CHAIN_ID, GRPC_ENDPOINT, creds)
+
+ from_address = wallet.address
+ res = client.get_balance(from_address, DENOM)
+ print(f"address {from_address} initial balance: {res.balance.amount}")
+
+
+def example_with_certificate_request():
+ wallet = Wallet(MNEMONIC_PHRASE, DEFAULT_DERIVATION_PATH, DEFAULT_BECH32_HRP)
+
+ # if server does not use Server Name Indication (SNI), commented code below is enough:
+ # creds = ssl.get_server_certificate((SERVER_HOST, SERVER_PORT))
+ conn = ssl.create_connection((SERVER_HOST, SERVER_PORT))
+ context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+ sock = context.wrap_socket(conn, server_hostname=SERVER_HOST)
+ certificate = ssl.DER_cert_to_PEM_cert(sock.getpeercert(True))
+ creds = grpc.ssl_channel_credentials(str.encode(certificate))
+
+ client = GrpcClient(wallet, CHAIN_ID, GRPC_ENDPOINT, creds)
+
+ from_address = wallet.address
+ res = client.get_balance(from_address, DENOM)
+ print(f"address {from_address} initial balance: {res.balance.amount}")
+
+
+if __name__ == "__main__":
+ example_with_certificate_file()
+ example_with_certificate_request()

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "chainlibpy"
-version = "2.1.0"
+version = "2.2.0"
 description = "Tools for Crypto.org Chain wallet management and offline transaction signing"
 authors = ["chain-dev-team <chain-dev@crypto.com>"]
 license = "Apache-2.0"