Merge branch 'dev' into 1923-single-worker-ci

litentry · Oct 11, 2023 · 236b7b9 · 236b7b9
2 parents 22968db + 627c04e
commit 236b7b9
Show file tree

Hide file tree

Showing 22 changed files with 393 additions and 286 deletions.
diff --git a/primitives/core/src/network.rs b/primitives/core/src/network.rs
@@ -19,7 +19,7 @@ use scale_info::TypeInfo;
 use sp_runtime::{traits::ConstU32, BoundedVec};
 use sp_std::{hash::Hash, vec::Vec};
 use strum::IntoEnumIterator;
-use strum_macros::EnumIter;
+use strum_macros::{EnumIter, IntoStaticStr};
 
 pub const MAX_WEB3NETWORK_LEN: u32 = 128;
 pub type BoundedWeb3Network = BoundedVec<Web3Network, ConstU32<MAX_WEB3NETWORK_LEN>>;
@@ -45,6 +45,7 @@ pub type BoundedWeb3Network = BoundedVec<Web3Network, ConstU32<MAX_WEB3NETWORK_L
  TypeInfo,
  MaxEncodedLen,
  EnumIter,
+ IntoStaticStr,
 )]
 pub enum Web3Network {
  // substrate
@@ -61,6 +62,16 @@ pub enum Web3Network {
  Bsc,
 }
 
+// mainly used in CLI
+impl TryFrom<&str> for Web3Network {
+ type Error = ();
+ fn try_from(value: &str) -> Result<Self, Self::Error> {
+ Web3Network::iter()
+ .find(|n| <Self as Into<&'static str>>::into(*n).to_lowercase() == value.to_lowercase())
+ .ok_or(())
+ }
+}
+
 impl Web3Network {
  pub fn is_substrate(&self) -> bool {
  matches!(
@@ -138,4 +149,14 @@ mod tests {
  )
  })
  }
+
+ #[test]
+ fn try_from_str_works() {
+ let mut n: Result<Web3Network, ()> = "polkadot".try_into();
+ assert_eq!(n.unwrap(), Web3Network::Polkadot);
+ n = "poLkAdOt".try_into();
+ assert_eq!(n.unwrap(), Web3Network::Polkadot);
+ n = "NonExist".try_into();
+ assert_eq!(n, Err(()))
+ }
 }
diff --git a/tee-worker/Cargo.lock b/tee-worker/Cargo.lock
diff --git a/tee-worker/app-libs/stf/Cargo.toml b/tee-worker/app-libs/stf/Cargo.toml
@@ -8,6 +8,7 @@ edition = "2021"
 # crates.io
 codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" }
 derive_more = { version = "0.99.5" }
+hex-literal = { version = "0.4" }
 log = { version = "0.4", default-features = false }
 rlp = { version = "0.5", default-features = false }
 sha3 = { version = "0.10", default-features = false }

diff --git a/tee-worker/app-libs/stf/src/getter.rs b/tee-worker/app-libs/stf/src/getter.rs
@@ -20,7 +20,7 @@ use codec::{Decode, Encode};
 use ita_sgx_runtime::System;
 use itp_stf_interface::ExecuteGetter;
 use itp_stf_primitives::types::KeyPair;
-use itp_utils::stringify::account_id_to_string;
+use itp_utils::{if_production_or, stringify::account_id_to_string};
 use litentry_primitives::{Identity, LitentryMultiSignature};
 use log::*;
 use std::prelude::v1::*;
@@ -34,6 +34,9 @@ use crate::evm_helpers::{get_evm_account, get_evm_account_codes, get_evm_account
 #[cfg(feature = "evm")]
 use sp_core::{H160, H256};
 
+#[cfg(not(feature = "production"))]
+use crate::helpers::ALICE_ACCOUNTID32;
+
 #[derive(Encode, Decode, Clone, Debug, PartialEq, Eq)]
 #[allow(non_camel_case_types)]
 pub enum Getter {
@@ -113,8 +116,20 @@ impl TrustedGetterSigned {
  }
 
  pub fn verify_signature(&self) -> bool {
- self.signature
- .verify(self.getter.encode().as_slice(), self.getter.sender_identity())
+ // in non-prod, we accept signature from Alice too
+ if_production_or!(
+ {
+ self.signature
+ .verify(self.getter.encode().as_slice(), self.getter.sender_identity())
+ },
+ {
+ self.signature
+ .verify(self.getter.encode().as_slice(), self.getter.sender_identity())
+ || self
+ .signature
+ .verify(self.getter.encode().as_slice(), &ALICE_ACCOUNTID32.into())
+ }
+ )
  }
 }
 

diff --git a/tee-worker/app-libs/stf/src/helpers.rs b/tee-worker/app-libs/stf/src/helpers.rs
@@ -19,6 +19,7 @@ use crate::{StfError, StfResult, ENCLAVE_ACCOUNT_KEY};
 
 use codec::{Decode, Encode};
 use frame_support::ensure;
+use hex_literal::hex;
 use itp_storage::{storage_double_map_key, storage_map_key, storage_value_key, StorageHasher};
 use itp_types::Index;
 use itp_utils::stringify::account_id_to_string;
@@ -28,8 +29,12 @@ use litentry_primitives::{
 };
 use log::*;
 use sp_core::blake2_256;
+use sp_runtime::AccountId32;
 use std::prelude::v1::*;
 
+pub const ALICE_ACCOUNTID32: AccountId32 =
+ AccountId32::new(hex!["d43593c715fdd31c61141abd04a99fd6822c8558854ccde39a5684e7a56da27d"]);
+
 pub fn get_storage_value<V: Decode>(
  storage_prefix: &'static str,
  storage_key_name: &'static str,
@@ -112,6 +117,13 @@ pub fn set_block_number(block_number: u32) {
  sp_io::storage::set(&storage_value_key("System", "Number"), &block_number.encode());
 }
 
+pub fn ensure_self<AccountId: Encode + Decode + PartialEq>(
+ signer: &AccountId,
+ who: &AccountId,
+) -> bool {
+ signer == who
+}
+
 pub fn ensure_enclave_signer_or_self<AccountId: Encode + Decode + PartialEq>(
  signer: &AccountId,
  who: Option<AccountId>,
@@ -123,11 +135,14 @@ pub fn ensure_enclave_signer_or_self<AccountId: Encode + Decode + PartialEq>(
  }
 }
 
-pub fn ensure_self<AccountId: Encode + Decode + PartialEq>(
- signer: &AccountId,
- who: &AccountId,
-) -> bool {
- signer == who
+#[cfg(not(feature = "production"))]
+pub fn ensure_alice(signer: &AccountId32) -> bool {
+ signer == &ALICE_ACCOUNTID32
+}
+
+#[cfg(not(feature = "production"))]
+pub fn ensure_enclave_signer_or_alice(signer: &AccountId32) -> bool {
+ signer == &enclave_signer_account::<AccountId32>() || ensure_alice(signer)
 }
 
 // verification message format: