!27150 code sync in mindspore fl

Merge pull request !27150 from tan-wei-cheng-3260/develop-twc-sync2

mindspore/ccsrc/fl/server/cert_verify.cc

@@ -28,6 +28,8 @@ namespace ps {
 namespace server {
 #ifndef _WIN32
 static int64_t replayAttackTimeDiff;
+static int64_t certStartTimeDiff = -600;
+
 X509 *CertVerify::readCertFromFile(const std::string &certPath) {
   BIO *bio = BIO_new_file(certPath.c_str(), "r");
   X509 *certObj = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
@@ -69,9 +71,12 @@ bool CertVerify::verifyCertTime(const X509 *cert) const {
   if (ret != 1) {
     return false;
   }
-
-  if (day < 0 || sec < 0) {
-    MS_LOG(ERROR) << "cert start time is later than now time.";
+  if (day < 0) {
+    MS_LOG(ERROR) << "cert start day time is later than now day time, day is" << day;
+    return false;
+  }
+  if (day == 0 && sec < certStartTimeDiff) {
+    MS_LOG(ERROR) << "cert start second time is later than 600 second, second is" << sec;
     return false;
   }
   day = 0;
@@ -85,7 +90,7 @@ bool CertVerify::verifyCertTime(const X509 *cert) const {
     MS_LOG(ERROR) << "cert end time is sooner than now time.";
     return false;
   }
-
+  MS_LOG(INFO) << "verify cert time success.";
   return true;
 }
 
@@ -480,7 +485,7 @@ bool CertVerify::verifyTimeStamp(const std::string &flID, const std::string &tim
   MS_LOG(INFO) << "flID: " << flID.c_str() << ",now time: " << now << ",requestTime: " << requestTime;
 
   int64_t diff = now - requestTime;
-  if (diff > replayAttackTimeDiff || diff < 0) {
+  if (abs(diff) > replayAttackTimeDiff) {
     return false;
   }
   MS_LOG(INFO) << "verifyTimeStamp success.";

mindspore/ccsrc/ps/core/scheduler_node.cc

@@ -607,6 +607,9 @@ bool SchedulerNode::Stop() {
         client->Stop();
       }
     }
+    if (client_to_scheduler_ != nullptr) {
+      client_to_scheduler_->Stop();
+    }
     if (client_thread_ != nullptr && client_thread_->joinable()) {
       client_thread_->join();
     }

tests/st/fl/albert/config.json

@@ -1,17 +1,22 @@
 {
     "recovery": {
         "storage_type": 1,
-        "storage_file_path": "recovery.json"
+        "storage_file_path": "recovery.json",
+        "scheduler_storage_file_path": "scheduler_recovery.json"
     },
     "server_cert_path": "server.p12",
     "crl_path": "",
     "client_cert_path": "client.p12",
     "ca_cert_path": "ca.crt",
-    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK",
+    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:DHE-RSA-CHACHA20-POLY1305:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
     "cert_expire_warning_time_in_day": 90,
-    "connection_num": 10000,
+    "connection_num":10000,
     "metrics": {
         "storage_type": 1,
         "storage_file_path": "metrics.json"
+    },
+    "server_recovery": {
+        "storage_type": 1,
+        "storage_file_path": "../server_recovery.json"
     }
 }

tests/st/fl/cross_silo_faster_rcnn/config.json

@@ -1,7 +1,22 @@
 {
     "recovery": {
         "storage_type": 1,
-        "storage_file_path": "recovery.json"
+        "storage_file_path": "recovery.json",
+        "scheduler_storage_file_path": "scheduler_recovery.json"
+    },
+    "server_cert_path": "server.p12",
+    "crl_path": "",
+    "client_cert_path": "client.p12",
+    "ca_cert_path": "ca.crt",
+    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:DHE-RSA-CHACHA20-POLY1305:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
+    "cert_expire_warning_time_in_day": 90,
+    "connection_num":10000,
+    "metrics": {
+        "storage_type": 1,
+        "storage_file_path": "metrics.json"
+    },
+    "server_recovery": {
+        "storage_type": 1,
+        "storage_file_path": "../server_recovery.json"
     }
-}
-
+}

tests/st/fl/cross_silo_femnist/config.json

@@ -1,6 +1,22 @@
 {
     "recovery": {
         "storage_type": 1,
-        "storage_file_path": "recovery.json"
+        "storage_file_path": "recovery.json",
+        "scheduler_storage_file_path": "scheduler_recovery.json"
+    },
+    "server_cert_path": "server.p12",
+    "crl_path": "",
+    "client_cert_path": "client.p12",
+    "ca_cert_path": "ca.crt",
+    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:DHE-RSA-CHACHA20-POLY1305:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
+    "cert_expire_warning_time_in_day": 90,
+    "connection_num":10000,
+    "metrics": {
+        "storage_type": 1,
+        "storage_file_path": "metrics.json"
+    },
+    "server_recovery": {
+        "storage_type": 1,
+        "storage_file_path": "../server_recovery.json"
     }
 }

tests/st/fl/cross_silo_lenet/config.json

@@ -1,6 +1,22 @@
 {
     "recovery": {
         "storage_type": 1,
-        "storage_file_path": "recovery.json"
+        "storage_file_path": "recovery.json",
+        "scheduler_storage_file_path": "scheduler_recovery.json"
+    },
+    "server_cert_path": "server.p12",
+    "crl_path": "",
+    "client_cert_path": "client.p12",
+    "ca_cert_path": "ca.crt",
+    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:DHE-RSA-CHACHA20-POLY1305:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
+    "cert_expire_warning_time_in_day": 90,
+    "connection_num":10000,
+    "metrics": {
+        "storage_type": 1,
+        "storage_file_path": "metrics.json"
+    },
+    "server_recovery": {
+        "storage_type": 1,
+        "storage_file_path": "../server_recovery.json"
     }
 }

tests/st/fl/hybrid_lenet/config.json

@@ -1,17 +1,22 @@
 {
     "recovery": {
         "storage_type": 1,
-        "storage_file_path": "recovery.json"
+        "storage_file_path": "recovery.json",
+        "scheduler_storage_file_path": "scheduler_recovery.json"
     },
     "server_cert_path": "server.p12",
     "crl_path": "",
     "client_cert_path": "client.p12",
     "ca_cert_path": "ca.crt",
-    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK",
+    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:DHE-RSA-CHACHA20-POLY1305:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
     "cert_expire_warning_time_in_day": 90,
-    "connection_num": 10000,
+    "connection_num":10000,
     "metrics": {
         "storage_type": 1,
         "storage_file_path": "metrics.json"
+    },
+    "server_recovery": {
+        "storage_type": 1,
+        "storage_file_path": "../server_recovery.json"
     }
 }

tests/st/fl/mobile/config.json

@@ -1,17 +1,22 @@
 {
     "recovery": {
         "storage_type": 1,
-        "storage_file_path": "recovery.json"
+        "storage_file_path": "recovery.json",
+        "scheduler_storage_file_path": "scheduler_recovery.json"
     },
     "server_cert_path": "server.p12",
     "crl_path": "",
     "client_cert_path": "client.p12",
     "ca_cert_path": "ca.crt",
-    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK",
+    "cipher_list": "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-RSA-AES128-CCM:DHE-RSA-AES256-CCM:DHE-RSA-CHACHA20-POLY1305:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305",
     "cert_expire_warning_time_in_day": 90,
-    "connection_num": 10000,
+    "connection_num":10000,
     "metrics": {
         "storage_type": 1,
         "storage_file_path": "metrics.json"
+    },
+    "server_recovery": {
+        "storage_type": 1,
+        "storage_file_path": "../server_recovery.json"
     }
 }