cleos
cleos应用程序是用户端命令行交互模块,用于解析用户命令,执行钱包,账号等如下操作
cleos依赖keosd和nodeos等应用程序处理这些操作。
当keosd没有启动时,cleos会自动启动该程序,对应的代码如下:
void ensure_keosd_running() {
…
binPath.append("keosd"); // if cleos and keosd are in the same installation directory
if (boost::filesystem::exists(binPath)) {
//启动keosd
::boost::process::child keos(binPath, pargs,
bp::std_in.close(),
bp::std_out > bp::null,
bp::std_err > bp::null);
if (keos.running()) {
std::cerr << binPath << " launched" << std::endl;
keos.detach();
sleep(1);
} else {
}
} else {
}
}action&message&Transaction
目前在EOS中message和action的概念是一样的,实际上action是自3.0以后的新规范,message的概念已经可以抛弃,由于3.0版本发布不久,互联网上的大部分文字和材料依然使用message的概念.
一个transaction包含一个或者多个action, 和以太坊交易概念差不多。所以,你可以简单的把action看成以太坊的transaction
key
EOS里的key就是public key公钥,类似以太坊的地址。key是通过类似RSA,椭圆曲线算法生成的公钥。
$ cleos create key
Private key: 5JdchMrwMwD1PsZKCjpbaCQ4aJ3cFKzSWmCQfRzKCiGrDWds3PU
Public key: EOS7KBTMkUq4VPakqsZUnZfBbMbS2U7cn9qSa3q6G5ZzEeUeNSVgv以太坊地址可以收款,付款,而EOS的key只具备验证作用,只有account才具备收款,付款功能。
注意:cleos并不保存生成的私钥,所以得你自己记录private key,public key
钱包
钱包是一个私钥库,里面保存着私钥公钥对, 类似以太坊里的keystore信息。里面保存的私钥数据其实是私钥加密后数据,需要用户输入密码才能还原出真正的私钥。智能合约的action执行都需要钱包来解锁相关的公钥(key).所以钱包可以看成是钥匙箱。
创建默认钱包并导入key
- 创建钱包
$ cleos wallet create Creating wallet: default Save password to use in the future to unlock this wallet. Without password imported keys will not be retrievable. "PW5KWPhDnRCLBFjBuEBdUmFP4a2F8H36KvTv4DhtfHRZokrqAK9bT"钱包本身也是有密码的,用来加密钱包数据的
- 导入key
$ cleos wallet import 5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3 - 查看wallet里的keys
$ cleos wallet keys [[ "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV”, //公钥 “5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3” //私钥 ] ]创建其他钱包并导入key
$ cleos wallet create -n test Creating wallet: test Save password to use in the future to unlock this wallet. Without password imported keys will not be retrievable. “PW5KNZ27fR8qcYpsw2B5uM7yir1CnYVSejAi8R3sYdRK4DyW6BN6v"
$ cleos wallet import 5JdchMrwMwD1PsZKCjpbaCQ4aJ3cFKzSWmCQfRzKCiGrDWds3PU
$ build/programs/cleos/cleos wallet keys
[[
//这个是default钱包的key
"EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV",
“5KQwrPbwdL6PhXujxW37FSSQZ1JiwsST4cqQzDeyXtP79zkvFD3”
],[
//这个是test钱包的key
"EOS7KBTMkUq4VPakqsZUnZfBbMbS2U7cn9qSa3q6G5ZzEeUeNSVgv",
"5JdchMrwMwD1PsZKCjpbaCQ4aJ3cFKzSWmCQfRzKCiGrDWds3PU"
]
]
####列出所有钱包
```shell
$ build/programs/cleos/cleos wallet list
Wallets:
[
"default *",
"test *"
]解锁及锁定钱包
$ cleos wallet unlock -n test
$ cleos wallet lock -n test-n xxx是指定操作的钱包名字,如果不带-n xxx则是操作默认钱包
钱包数据文件
$ls ~/eosio-wallet/
config.ini default.wallet test.wallet
$ cat ~/eosio-wallet/default.wallet
{
"cipher_keys": "0bcea4c898817192773ca628e9f829eed0c1e5024bf3de3d5032e2e029842b9756b46e37357403858a6f38a67268f30d9f70d8ce45e930802927f227d65b0162615872173637142a645cb50f1816d47c187e6345f8ced73896efe5a5a636197595f457641379408afb501dc483b108c131cf4f7fdd3381497c6a3245b9773c02217a4cd77b30f4da23a519c5caa01e56"
}可见一个钱包对应~/eosio-wallet/的一个文件,文件里面的内容就是密码加密私钥后的内容
Account(账号)
EOS的账号对应以太坊的智能合约地址,它扩展了账号的概念,一个账号由智能合约+权限管理构成。
权限管理
权限管理模块可以精细的定义一个Account/key或者几个Account/key(比如多重签名机制)对账号数据的访问权限。目前有两个默认的权限类型
- owner权限
可以修改任意账号和key的权限 - active
可转账,DPOS投票,及其它上层定义的权限修改
用户也可自定义权限类型。同时引入了权重和阈值的概念,该机制使得多重签名实现非常简单,也更有扩展性,permission格式如下{ "threshold": 100,/*An integer that defines cumulative signature weight required for authorization*/ "keys": [], /*An array made up of individual permissions defined with an EOS PUBLIC KEY*/ "accounts": [] /*An array made up of individual permissions defined with an EOS ACCOUNT*/ }
配置示例如下
默认权限配置:
| Permission | Accounts/Keys | Weight | Threshold |
|---|---|---|---|
| owner | 1 | ||
| EOS7KBTMkUq4VPakqsZUnZfBbMbS2U7cn9qSa3q6G5ZzEeUeNSVgv | 1 | ||
| active | 1 | ||
| EOS7KBTMkUq4VPakqsZUnZfBbMbS2U7cn9qSa3q6G5ZzEeUeNSVgv | 1 |
组合和自定义权限
| Permission | Accounts/Keys | Weight | Threshold |
|---|---|---|---|
| owner | 2 | ||
| @bob | 1 | ||
| @stacy | 1 | ||
| active | 1 | ||
| @bob | 1 | ||
| @stacy | 1 | ||
| publish | 2 | ||
| @bob | 2 | ||
| @stacy | 1 | ||
| EOS7KBTMkUq4VPakqsZUnZfBbMbS2U7cn9qSa3q6G5ZzEeUeNSVgv | 1 |
-
bob和stacy两个账号一起才能行使owner权限
-
bob, stacy两个账号的任一一个都可以行使active权限
-
bob可以行使publish权限,但是stacy和”EOS7KBTMkU…"没法单独行使publish权限,但是他们一起可以行使publish权限
这些权限的检测一般在执行action操作时执行。创建账号account
cleos create account [OPTIONS] creator name OwnerKey ActiveKey该命令本身是一个action,会产生一个transaction,最后会保存在链上的,所以该操作依赖nodeos程序,必须启动nodeos程序。上面的OwnerKey,ActiveKey都是公钥。creator必须是一个已经存在的账号,这里就有个问题了,我们第一次创建账号,从哪里获取这个creator账号?这个账号就是eosio, eosio这个特殊账号是在nodeos启动时自动生成的,且这个账号的private key,和public key是hardcode固定的。当然搭建私有网络你可以通过修改config文件来修改这两个值,但是你同时也得修改这个私有网络的其他节点对应的private key, public key值。
$ cleos create account -j eosio testaccount EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV { "transaction_id": "18440905e1dc17eecee17eaa50f5c589f703c3c4f66738316c2f56d12ce7ec84", "action_traces": [{ ... "data": { "creator": "eosio", "name": "testaccount", "owner": { "threshold": 1, "keys": [{ "key": "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV", "weight": 1 } ], "accounts": [], "waits": [] }, "active": { "threshold": 1, "keys": [{ "key": "EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV", "weight": 1 } ], "accounts": [], "waits": [] } }, …. }, ... } ], } }会产生两种默认权限owner和active
创建账号其实就是创建一个actionchain::action create_newaccount(const name& creator, const name& newaccount, public_key_type owner, public_key_type active) { return action { tx_permission.empty() ? vector<chain::permission_level>{{creator,config::active_name}} : get_account_permissions(tx_permission), eosio::chain::newaccount{ .creator = creator, .name = newaccount, .owner = eosio::chain::authority{1, {{owner, 1}}, {}}, .active = eosio::chain::authority{1, {{active, 1}}, {}} } }; }你在nodeos程序端会看到一个trxs
1254502ms thread-0 producer_plugin.cpp:585 block_production_loo ] Produced block 000006d1c28d6c68... #1745 @ 2018-05-22T02:20:54.500 signed by eosio [trxs: 1, lib: 1744, confirmed: 0]查看账号信息
$ cleos get account testaccount privileged: false permissions: owner 1: 1 EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV active 1: 1 EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV memory: quota: -1 bytes used: 2.66 Kb net bandwidth: (averaged over 3 days) used: -1 bytes available: -1 bytes limit: -1 bytes cpu bandwidth: (averaged over 3 days) used: -1 us available: -1 us limit: -1 us修改权限命令格式
$ cleos set account permission [OPTIONS] account permission authority [parent] -
account,表示要修改的账户
-
permission 表示要设置的权限(上面的owner,active,publish)
-
authority 权限内容,JSON字符串
-
parent 上级权限
修改active权限
$ cleos set account permission testaccount active '{"threshold" : 1, "keys" : [], "accounts" : [{"permission":{"actor":"bob","permission":"active"},"weight":1}, {"permission":{"actor":"stacy","permission":"active"},"weight":1}]}’ owner executed transaction: b1bc9680a9ba615a6de8c3f7c692d7d28ff97edae245bb40f948692b14ea6c15 160 bytes 189 us # eosio <= eosio::updateauth {"account":"testaccount","permission":"active","parent":"owner","auth":{"threshold":1,"keys":[],"acc... warning: transaction executed locally, but may not be confirmed by the network yet $ build/programs/cleos/cleos get account testaccount privileged: false permissions: owner 1: 1 EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV active 1: 1 bob@active, 1 stacy@active, memory: quota: -1 bytes used: 2.674 Kb net bandwidth: (averaged over 3 days) used: -1 bytes available: -1 bytes limit: -1 bytes cpu bandwidth: (averaged over 3 days) used: -1 us available: -1 us limit: -1 us新增自定义权限
$ cleos set account permission testaccount publish '{"threshold" : 2, "keys" : [{"permission":{"key":"EOS8X7Mp7apQWtL6T2sfSZzBcQNUqZB7tARFEm9gA9Tn9nbMdsvBB","permission":"active"},"weight":1}], "accounts" : [{"permission":{"actor":"bob","permission":"active"},"weight":2}, {"permission":{"actor":"stacy","permission":"active"},"weight":1}]}’ active executed transaction: a0f8d79f92e375b13c6f6da55b5b1f1aeebcbf1240a9bd287d3c845fc6b6941d 200 bytes 171 us # eosio <= eosio::updateauth {"account":"testaccount","permission":"publish","parent":"active","auth":{"threshold":2,"keys":[{"ke... warning: transaction executed locally, but may not be confirmed by the network yet $ cleos get account testaccount privileged: false permissions: owner 1: 1 EOS6MRyAjQq8ud7hVNYcfnVPJqcVpscN5So8BhtHuGYqET5GDW5CV active 1: 1 bob@active, 1 stacy@active, publish 2: 1 EOS1111111111111111111111111111111114T1Anm2 bob@active, 1 stacy@active, memory: quota: -1 bytes used: 3.066 Kb net bandwidth: (averaged over 3 days) used: -1 bytes available: -1 bytes limit: -1 bytes cpu bandwidth: (averaged over 3 days) used: -1 us available: -1 us limit: -1 us权限应用场景
一个account(账号)可以有智能合约,智能合约有各种action,每个action可以指定permission,这样就可以限制action的执行权限了,具体细节我会在后面的博文里单独介绍
转载自:http://blog.csdn.net/itleaks
版权属于:区块链中文技术社区 / 转载原创者
本文链接:https://bcskill.com/index.php/archives/156.html
相关技术文章仅限于相关区块链底层技术研究,禁止用于非法用途,后果自负!本站严格遵守一切相关法律政策!
