fix mobile issue: Sync is hanging in "syncing devices" stage (#4010)

align another time of cert addressed feedback from @Samyoul @igor-sirotin add logger move line fix mobile issue #17223
2023-09-11 20:19:26 +08:00 · 2023-09-11 20:19:26 +08:00 · eda1f5482b
parent e77fc59f5e
commit eda1f5482b
4 changed files with 45 additions and 21 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-0.166.7
+0.166.8
--- a/server/pairing/certs.go
+++ b/server/pairing/certs.go
@ -19,6 +19,8 @@ import (
 	"github.com/status-im/status-go/server"
 )

+const CertificateMaxClockDrift = time.Minute
+
 func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
 	h := sha256.New()
 	h.Write(append(pk.D.Bytes(), append(pk.Y.Bytes(), pk.X.Bytes()...)...))
@ -27,7 +29,7 @@ func makeSerialNumberFromKey(pk *ecdsa.PrivateKey) *big.Int {
 }

 func GenerateCertFromKey(pk *ecdsa.PrivateKey, from time.Time, IPAddresses []net.IP, DNSNames []string) (tls.Certificate, []byte, error) {
-	cert := server.GenerateX509Cert(makeSerialNumberFromKey(pk), from, from.Add(time.Hour), IPAddresses, DNSNames)
+	cert := server.GenerateX509Cert(makeSerialNumberFromKey(pk), from.Add(-CertificateMaxClockDrift), from.Add(time.Hour), IPAddresses, DNSNames)
 	certPem, keyPem, err := server.GenerateX509PEMs(cert, pk)
 	if err != nil {
 		return tls.Certificate{}, nil, err
--- a/server/pairing/client.go
+++ b/server/pairing/client.go
@ -11,6 +11,9 @@ import (
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+	"time"
+
+	"go.uber.org/zap"

 	"github.com/status-im/status-go/api"
 	"github.com/status-im/status-go/logutils"
@ -35,22 +38,18 @@ type BaseClient struct {
 	challengeTaker *ChallengeTaker
 }

-// NewBaseClient returns a fully qualified BaseClient from the given ConnectionParams
-func NewBaseClient(c *ConnectionParams) (*BaseClient, error) {
-
+func findServerCert(c *ConnectionParams) (*url.URL, *x509.Certificate, error) {
+	netIps, err := server.FindReachableAddressesForPairingClient(c.netIPs)
+	if err != nil {
+		return nil, nil, err
+	}
 	var baseAddress *url.URL
 	var serverCert *x509.Certificate
 	var certErrs error
-
-	netIps, err := server.FindReachableAddressesForPairingClient(c.netIPs)
-	if err != nil {
-		return nil, err
-	}
-
 	for i := range netIps {
 		u, err := c.URL(i)
 		if err != nil {
-			return nil, err
+			return nil, nil, err
 		}

 		serverCert, err = getServerCert(u)
@ -66,6 +65,26 @@ func NewBaseClient(c *ConnectionParams) (*BaseClient, error) {
 		baseAddress = u
 		break
 	}
+	return baseAddress, serverCert, certErrs
+}
+
+// NewBaseClient returns a fully qualified BaseClient from the given ConnectionParams
+func NewBaseClient(c *ConnectionParams, logger *zap.Logger) (*BaseClient, error) {
+	var baseAddress *url.URL
+	var serverCert *x509.Certificate
+	var certErrs error
+
+	maxRetries := 3
+	for i := 0; i < maxRetries; i++ {
+		baseAddress, serverCert, certErrs = findServerCert(c)
+		if serverCert == nil {
+			certErrs = fmt.Errorf("failed to connect to any of given addresses. %w", certErrs)
+			time.Sleep(1 * time.Second)
+			logger.Warn("failed to connect to any of given addresses. Retrying...", zap.Error(certErrs))
+		} else {
+			break
+		}
+	}

 	if serverCert == nil {
 		certErrs = fmt.Errorf("failed to connect to any of given addresses. %w", certErrs)
@ -76,7 +95,7 @@ func NewBaseClient(c *ConnectionParams) (*BaseClient, error) {
 	// No error on the dial out then the URL.Host is accessible
 	signal.SendLocalPairingEvent(Event{Type: EventConnectionSuccess, Action: ActionConnect})

-	err = verifyCert(serverCert, c.publicKey)
+	err := verifyCert(serverCert, c.publicKey)
 	if err != nil {
 		return nil, err
 	}
@ -149,7 +168,7 @@ func NewSenderClient(backend *api.GethStatusBackend, c *ConnectionParams, config
 	logger := logutils.ZapLogger().Named("SenderClient")
 	pe := NewPayloadEncryptor(c.aesKey)

-	bc, err := NewBaseClient(c)
+	bc, err := NewBaseClient(c, logger)
 	if err != nil {
 		return nil, err
 	}
@ -320,12 +339,13 @@ type ReceiverClient struct {

 // NewReceiverClient returns a fully qualified ReceiverClient created with the incoming parameters
 func NewReceiverClient(backend *api.GethStatusBackend, c *ConnectionParams, config *ReceiverClientConfig) (*ReceiverClient, error) {
-	bc, err := NewBaseClient(c)
+	logger := logutils.ZapLogger().Named("ReceiverClient")
+
+	bc, err := NewBaseClient(c, logger)
 	if err != nil {
 		return nil, err
 	}

-	logger := logutils.ZapLogger().Named("ReceiverClient")
 	pe := NewPayloadEncryptor(c.aesKey)

 	ar, rmr, imr, err := NewPayloadReceivers(logger, pe, backend, config.ReceiverConfig)
@ -526,12 +546,11 @@ type KeystoreFilesReceiverClient struct {
 }

 func NewKeystoreFilesReceiverClient(backend *api.GethStatusBackend, c *ConnectionParams, config *KeystoreFilesReceiverClientConfig) (*KeystoreFilesReceiverClient, error) {
-	bc, err := NewBaseClient(c)
+	logger := logutils.ZapLogger().Named("ReceiverClient")
+	bc, err := NewBaseClient(c, logger)
 	if err != nil {
 		return nil, err
 	}
-
-	logger := logutils.ZapLogger().Named("ReceiverClient")
 	pe := NewPayloadEncryptor(c.aesKey)

 	kfrc, err := NewKeystoreFilesPayloadReceiver(backend, pe, config.ReceiverConfig, logger)
--- a/server/pairing/preflight/preflight.go
+++ b/server/pairing/preflight/preflight.go
@ -11,6 +11,8 @@ import (
 	"sync"
 	"time"

+	"github.com/status-im/status-go/server/pairing"
+
 	"go.uber.org/zap"

 	"github.com/status-im/status-go/logutils"
@ -34,8 +36,9 @@ func preflightHandler(w http.ResponseWriter, r *http.Request) {
 }

 func makeCert(address net.IP) (*tls.Certificate, []byte, error) {
-	notBefore := time.Now()
-	notAfter := notBefore.Add(time.Minute)
+	now := time.Now()
+	notBefore := now.Add(-pairing.CertificateMaxClockDrift)
+	notAfter := now.Add(pairing.CertificateMaxClockDrift)
 	return server.GenerateTLSCert(notBefore, notAfter, []net.IP{address}, []string{})
 }
 @ -1 +1 @@
 .166.7
 .166.8