Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sc-6427 Demote protocol errors to warnings #101

Merged
merged 2 commits into from
Jun 29, 2022
Merged

sc-6427 Demote protocol errors to warnings #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0a3859e
demote protocol errors to warnings
pdeziel Jun 28, 2022
6a8c4d4
review comments
pdeziel Jun 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion pkg/rvasp/async.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ txloop:

// Acknowledge the transaction with the originator
if err = s.acknowledgeTransaction(&tx); err != nil {
log.Error().Err(err).Uint("id", tx.ID).Msg("could not acknowledge transaction")
log.Warn().Err(err).Uint("id", tx.ID).Msg("could not acknowledge transaction")
tx.State = pb.TransactionState_FAILED
}

Expand Down
62 changes: 31 additions & 31 deletions pkg/rvasp/rvasp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -266,14 +266,14 @@ func (s *Server) sendTransfer(req *pb.TransferRequest, account db.Account, parti
// Conduct a GDS lookup if necessary to get the endpoint
var peer *peers.Peer
if peer, err = s.peers.Search(beneficiary.Provider.Name); err != nil {
log.Error().Err(err).Msg("could not search peer from directory service")
return nil, status.Errorf(codes.Internal, "could not search peer from directory service: %s", err)
log.Warn().Err(err).Msg("could not search peer from directory service")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should remain Error since we're returning codes.Internal here and we may want to look at why the rVASP cannot connect to the directory service.

Copy link
Collaborator Author

@pdeziel pdeziel Jun 29, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it could just be that the given beneficiary VASP doesn't exist in the directory service?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's one possibility (the other is cannot connect) - we should return not found instead of internal if the beneficiary VASP doesn't exist in the directory; Internal otherwise?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like that idea, but peers.Search doesn't give us an easy way to distinguish the two currently. Should we just keep it as an internal error for now?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gotcha, this is Peers from the trisacrypto/trisa repo right? Let's shift to FailedPrecondition instead of internal then (kind of the middle ground between not found and internal) and keep it as warn.

return nil, status.Errorf(codes.FailedPrecondition, "could not search peer from directory service: %s", err)
}

// Ensure that the local RVASP has signing keys for the remote, otherwise perform key exchange
var signKey *rsa.PublicKey
if signKey, err = peer.ExchangeKeys(true); err != nil {
log.Error().Err(err).Msg("could not exchange keys with remote peer")
log.Warn().Err(err).Msg("could not exchange keys with remote peer")
return nil, status.Errorf(codes.FailedPrecondition, "could not exchange keys with remote peer: %s", err)
}

Expand Down Expand Up @@ -317,7 +317,7 @@ func (s *Server) sendTransfer(req *pb.TransferRequest, account db.Account, parti
} else {
// If partial is false then retrieve the full beneficiary account
if err = s.db.LookupAnyAccount(beneficiary.Address).First(&beneficiaryAccount).Error; err != nil {
log.Error().Err(err).Msg("could not lookup remote beneficiary account")
log.Warn().Err(err).Msg("could not lookup remote beneficiary account")
return nil, status.Errorf(codes.FailedPrecondition, "could not lookup remote beneficiary account: %s", err)
}
}
Expand All @@ -336,27 +336,27 @@ func (s *Server) sendTransfer(req *pb.TransferRequest, account db.Account, parti
// Secure the envelope with the remote beneficiary's signing keys
msg, _, err := envelope.Seal(payload, envelope.WithEnvelopeID(xfer.Envelope), envelope.WithRSAPublicKey(signKey))
if err != nil {
log.Error().Err(err).Msg("TRISA protocol error while sealing envelope")
log.Warn().Err(err).Msg("TRISA protocol error while sealing envelope")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

// Conduct the TRISA transaction, handle errors and send back to user
if msg, err = peer.Transfer(msg); err != nil {
log.Error().Err(err).Msg("could not perform TRISA exchange")
log.Warn().Err(err).Msg("could not perform TRISA exchange")
return nil, status.Errorf(codes.FailedPrecondition, "could not perform TRISA exchange: %s", err)
}

// Open the response envelope with local private keys
payload, _, err = envelope.Open(msg, envelope.WithRSAPrivateKey(s.trisa.sign))
if err != nil {
log.Error().Err(err).Msg("TRISA protocol error while opening envelope")
log.Warn().Err(err).Msg("TRISA protocol error while opening envelope")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

// Parse the response payload
var pending *generic.Pending
if identity, transaction, pending, err = parsePayload(payload, true); err != nil {
log.Error().Err(err).Msg("TRISA protocol error while parsing payload")
log.Warn().Err(err).Msg("TRISA protocol error while parsing payload")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

Expand All @@ -372,41 +372,41 @@ func (s *Server) sendTransfer(req *pb.TransferRequest, account db.Account, parti
if pending != nil {
// Update the Transaction in the database with the pending timestamps
if xfer.NotBefore, err = time.Parse(time.RFC3339, pending.ReplyNotBefore); err != nil {
log.Error().Err(err).Msg("TRISA protocol error: could not parse ReplyNotBefore timestamp")
log.Warn().Err(err).Msg("TRISA protocol error: could not parse ReplyNotBefore timestamp")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: could not parse ReplyNotBefore timestamp in pending message: %s", err)
}

if xfer.NotAfter, err = time.Parse(time.RFC3339, pending.ReplyNotAfter); err != nil {
log.Error().Err(err).Msg("TRISA protocol error: could not parse ReplyNotAfter timestamp")
log.Warn().Err(err).Msg("TRISA protocol error: could not parse ReplyNotAfter timestamp")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: could not parse ReplyNotAfter timestamp in pending message: %s", err)
}
} else if transaction != nil {
if !partial {
// Validate that the beneficiary identity matches the original request
if identity.BeneficiaryVasp == nil || identity.BeneficiaryVasp.BeneficiaryVasp == nil {
log.Error().Msg("TRISA protocol error: missing beneficiary vasp identity")
log.Warn().Msg("TRISA protocol error: missing beneficiary vasp identity")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: missing beneficiary vasp identity")
}

beneficiaryInfo := identity.Beneficiary
if beneficiaryInfo == nil {
log.Error().Msg("TRISA protocol error: missing beneficiary identity")
log.Warn().Msg("TRISA protocol error: missing beneficiary identity")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: missing beneficiary identity")
}

if len(beneficiaryInfo.BeneficiaryPersons) != 1 {
log.Error().Int("persons", len(beneficiaryInfo.BeneficiaryPersons)).Msg("TRISA protocol error: unexpected number of beneficiary persons")
log.Warn().Int("persons", len(beneficiaryInfo.BeneficiaryPersons)).Msg("TRISA protocol error: unexpected number of beneficiary persons")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: unexpected number of beneficiary persons")
}

if len(beneficiaryInfo.AccountNumbers) != 1 {
log.Error().Int("accounts", len(beneficiaryInfo.AccountNumbers)).Msg("TRISA protocol error: unexpected number of beneficiary accounts")
log.Warn().Int("accounts", len(beneficiaryInfo.AccountNumbers)).Msg("TRISA protocol error: unexpected number of beneficiary accounts")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: unexpected number of beneficiary accounts")
}

// TODO: Validate that the actual address was returned
if beneficiaryInfo.AccountNumbers[0] == "" {
log.Error().Msg("TRISA protocol error: missing beneficiary address")
log.Warn().Msg("TRISA protocol error: missing beneficiary address")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: missing beneficiary address")
}
}
Expand Down Expand Up @@ -460,8 +460,8 @@ func (s *Server) sendError(req *pb.TransferRequest, account db.Account) (rep *pb
// Conduct a GDS lookup if necessary to get the endpoint
var peer *peers.Peer
if peer, err = s.peers.Search(beneficiary.Provider.Name); err != nil {
log.Error().Err(err).Msg("could not search peer from directory service")
return nil, status.Errorf(codes.Internal, "could not search peer from directory service: %s", err)
log.Warn().Err(err).Msg("could not search peer from directory service")
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See above - I think this should remain an Error since we return codes.Internal.

return nil, status.Errorf(codes.FailedPrecondition, "could not search peer from directory service: %s", err)
}

reject := protocol.Errorf(protocol.ComplianceCheckFail, "rVASP mock compliance check failed")
Expand All @@ -473,13 +473,13 @@ func (s *Server) sendError(req *pb.TransferRequest, account db.Account) (rep *pb

// Conduct the TRISA transaction, handle errors and send back to user
if msg, err = peer.Transfer(msg); err != nil {
log.Error().Err(err).Msg("could not perform TRISA exchange")
log.Warn().Err(err).Msg("could not perform TRISA exchange")
return nil, status.Errorf(codes.FailedPrecondition, "could not perform TRISA exchange: %s", err)
}

// Check for the TRISA rejection error
if state := envelope.Status(msg); state != envelope.Error {
log.Error().Uint("state", uint(state)).Msg("unexpected TRISA response, expected error envelope")
log.Warn().Uint("state", uint(state)).Msg("unexpected TRISA response, expected error envelope")
return nil, fmt.Errorf("expected TRISA rejection error, received envelope in state %d", state)
}
xfer.State = pb.TransactionState_FAILED
Expand All @@ -503,7 +503,7 @@ func (s *Server) respondAsync(peer *peers.Peer, payload *protocol.Payload, ident

// Verify that the transaction has not expired
if now.Before(xfer.NotBefore) || now.After(xfer.NotAfter) {
log.Error().Err(err).Msg("received expired async transaction")
log.Debug().Time("not_before", xfer.NotBefore).Time("not_after", xfer.NotAfter).Msg("received expired async transaction")
return nil, protocol.Errorf(protocol.ComplianceCheckFail, "received expired transaction")
}

Expand All @@ -516,7 +516,7 @@ func (s *Server) respondAsync(peer *peers.Peer, payload *protocol.Payload, ident
}
return out, nil
}
log.Error().Err(err).Msg("TRISA protocol error while sealing envelope")
log.Warn().Err(err).Msg("TRISA protocol error while sealing envelope")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

Expand All @@ -533,39 +533,39 @@ func (s *Server) respondAsync(peer *peers.Peer, payload *protocol.Payload, ident
// Ensure that the local RVASP has signing keys for the remote, otherwise perform key exchange
var signKey *rsa.PublicKey
if signKey, err = peer.ExchangeKeys(true); err != nil {
log.Error().Err(err).Msg("could not exchange keys with remote peer")
log.Warn().Err(err).Msg("could not exchange keys with remote peer")
return nil, status.Errorf(codes.FailedPrecondition, "could not exchange keys with remote peer: %s", err)
}

// Secure the envelope with the remote beneficiary's signing keys
msg, _, err := envelope.Seal(payload, envelope.WithEnvelopeID(xfer.Envelope), envelope.WithRSAPublicKey(signKey))
if err != nil {
log.Error().Err(err).Msg("TRISA protocol error while sealing envelope")
log.Warn().Err(err).Msg("TRISA protocol error while sealing envelope")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

// Conduct the TRISA transaction, handle errors and send back to user
if msg, err = peer.Transfer(msg); err != nil {
log.Error().Err(err).Msg("could not perform TRISA exchange")
log.Warn().Err(err).Msg("could not perform TRISA exchange")
return nil, status.Errorf(codes.FailedPrecondition, "could not perform TRISA exchange: %s", err)
}

// Open the response envelope with local private keys
payload, _, err = envelope.Open(msg, envelope.WithRSAPrivateKey(s.trisa.sign))
if err != nil {
log.Error().Err(err).Msg("TRISA protocol error while opening envelope")
log.Warn().Err(err).Msg("TRISA protocol error while opening envelope")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

// Parse the response payload
var pending *generic.Pending
if identity, _, pending, err = parsePayload(payload, true); err != nil {
log.Error().Err(err).Msg("TRISA protocol error while parsing payload")
log.Warn().Err(err).Msg("TRISA protocol error while parsing payload")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: %s", err)
}

if pending == nil {
log.Error().Msg("TRISA protocol error: expected pending response")
log.Warn().Msg("TRISA protocol error: expected pending response")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: expected pending response")
}

Expand All @@ -586,12 +586,12 @@ func (s *Server) respondAsync(peer *peers.Peer, payload *protocol.Payload, ident

// Update the Transaction in the database with the pending timestamps
if xfer.NotBefore, err = time.Parse(time.RFC3339, pending.ReplyNotBefore); err != nil {
log.Error().Err(err).Msg("TRISA protocol error: could not parse ReplyNotBefore timestamp")
log.Warn().Err(err).Msg("TRISA protocol error: could not parse ReplyNotBefore timestamp")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: could not parse ReplyNotBefore timestamp in pending message: %s", err)
}

if xfer.NotAfter, err = time.Parse(time.RFC3339, pending.ReplyNotAfter); err != nil {
log.Error().Err(err).Msg("TRISA protocol error: could not parse ReplyNotAfter timestamp")
log.Warn().Err(err).Msg("TRISA protocol error: could not parse ReplyNotAfter timestamp")
return nil, status.Errorf(codes.FailedPrecondition, "TRISA protocol error: could not parse ReplyNotAfter timestamp in pending message: %s", err)
}

Expand All @@ -600,7 +600,7 @@ func (s *Server) respondAsync(peer *peers.Peer, payload *protocol.Payload, ident
// The handshake is complete, finalize the transaction
var account db.Account
if err = s.db.LookupAccount(transaction.Originator).First(&account).Error; err != nil {
log.Error().Err(err).Msg("could not find originator account")
log.Warn().Err(err).Msg("could not find originator account")
return nil, protocol.Errorf(protocol.InternalError, "could not find originator account: %s", err)
Comment on lines +603 to 604
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Even though we're returning a protocol.InternalError, we're returning a response so I think this should remain an Warn.

}

Expand Down Expand Up @@ -639,7 +639,7 @@ func (s *Server) AccountStatus(ctx context.Context, req *pb.AccountRequest) (rep
log.Info().Err(err).Msg("account not found")
return nil, status.Error(codes.NotFound, "account not found")
}
log.Error().Err(err).Msg("could not lookup account")
log.Warn().Err(err).Msg("could not lookup account")
return nil, status.Errorf(codes.FailedPrecondition, "could not lookup account: %s", err)
}

Expand Down
6 changes: 3 additions & 3 deletions pkg/rvasp/transfer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ func parsePayload(payload *protocol.Payload, response bool) (identity *ivms101.I
// Parse the identity payload
identity = &ivms101.IdentityPayload{}
if err = payload.Identity.UnmarshalTo(identity); err != nil {
log.Error().Err(err).Msg("could not unmarshal identity")
log.Warn().Err(err).Msg("could not unmarshal identity")
return nil, nil, nil, fmt.Errorf("could non unmarshal identity: %s", err)
}

Expand All @@ -168,7 +168,7 @@ func parsePayload(payload *protocol.Payload, response bool) (identity *ivms101.I
// Parse the transaction message type
var msgTx proto.Message
if msgTx, err = payload.Transaction.UnmarshalNew(); err != nil {
log.Error().Err(err).Str("transaction_type", payload.Transaction.TypeUrl).Msg("could not unmarshal incoming transaction payload")
log.Warn().Err(err).Str("transaction_type", payload.Transaction.TypeUrl).Msg("could not unmarshal incoming transaction payload")
return nil, nil, nil, status.Errorf(codes.FailedPrecondition, "could not unmarshal transaction payload: %s", err)
}

Expand All @@ -185,7 +185,7 @@ func parsePayload(payload *protocol.Payload, response bool) (identity *ivms101.I
case *generic.Pending:
pending = tx
default:
log.Error().Str("transaction_type", payload.Transaction.TypeUrl).Msg("could not handle incoming transaction payload")
log.Warn().Str("transaction_type", payload.Transaction.TypeUrl).Msg("could not handle incoming transaction payload")
return nil, nil, nil, fmt.Errorf("unexpected transaction payload type: %s", payload.Transaction.TypeUrl)
}
return identity, transaction, pending, nil
Expand Down
Loading