From 0ef87b5108e435d30c4ad2e43e700f9c63a5e13c Mon Sep 17 00:00:00 2001 From: huanghaiquan Date: Mon, 26 Aug 2019 22:59:19 +0800 Subject: [PATCH] Refactored ; --- .../core/LedgerSecurityManagerImpl.java | 13 +++- .../core/LedgerTransactionalEditor.java | 4 -- .../ledger/core/RolePrivilegeDataset.java | 10 ++- .../ledger/core/UserRoleDataset.java | 5 ++ .../ledger/core/LedgerAdminDatasetTest.java | 36 +++++----- .../ledger/RolePrivilegeSettings.java | 66 +++++++++++++------ .../blockchain/ledger/UserRoleSettings.java | 43 +++++++----- 7 files changed, 110 insertions(+), 67 deletions(-) diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java index 37e07998..6b74c2ce 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java @@ -7,6 +7,7 @@ import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; +import com.jd.blockchain.ledger.LedgerInitSetting; import com.jd.blockchain.ledger.LedgerPermission; import com.jd.blockchain.ledger.LedgerSecurityException; import com.jd.blockchain.ledger.RolePrivilegeSettings; @@ -29,9 +30,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { private UserRoleSettings userRolesSettings; - //用户的权限配置 + // 用户的权限配置 private Map userPrivilegesCache = new ConcurrentHashMap<>(); - + private Map userRolesCache = new ConcurrentHashMap<>(); private Map rolesPrivilegeCache = new ConcurrentHashMap<>(); @@ -39,7 +40,13 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { this.rolePrivilegeSettings = rolePrivilegeSettings; this.userRolesSettings = userRolesSettings; } - + + + public static void initSecuritySettings(LedgerInitSetting initSettings, LedgerEditor editor) { + + } + + @Override public SecurityPolicy createSecurityPolicy(Set endpoints, Set nodes) { Map endpointPrivilegeMap = new HashMap<>(); diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerTransactionalEditor.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerTransactionalEditor.java index a6395d92..70658ae2 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerTransactionalEditor.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerTransactionalEditor.java @@ -8,7 +8,6 @@ import com.jd.blockchain.crypto.HashDigest; import com.jd.blockchain.ledger.BlockBody; import com.jd.blockchain.ledger.BlockRollbackException; import com.jd.blockchain.ledger.CryptoSetting; -import com.jd.blockchain.ledger.DigitalSignature; import com.jd.blockchain.ledger.IllegalTransactionException; import com.jd.blockchain.ledger.LedgerBlock; import com.jd.blockchain.ledger.LedgerDataSnapshot; @@ -16,15 +15,12 @@ import com.jd.blockchain.ledger.LedgerInitSetting; import com.jd.blockchain.ledger.LedgerSettings; import com.jd.blockchain.ledger.LedgerTransaction; import com.jd.blockchain.ledger.OperationResult; -import com.jd.blockchain.ledger.TransactionContent; import com.jd.blockchain.ledger.TransactionRequest; import com.jd.blockchain.ledger.TransactionRollbackException; import com.jd.blockchain.ledger.TransactionState; import com.jd.blockchain.storage.service.ExPolicyKVStorage; import com.jd.blockchain.storage.service.VersioningKVStorage; import com.jd.blockchain.storage.service.utils.BufferedKVStorage; -import com.jd.blockchain.transaction.SignatureUtils; -import com.jd.blockchain.transaction.TxBuilder; import com.jd.blockchain.utils.Bytes; import com.jd.blockchain.utils.codec.Base58Utils; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/RolePrivilegeDataset.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/RolePrivilegeDataset.java index 8798ca66..c5685ecf 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/RolePrivilegeDataset.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/RolePrivilegeDataset.java @@ -92,7 +92,7 @@ public class RolePrivilegeDataset implements Transactional, MerkleProvable, Role } /** - * 设置角色授权;
+ * 设置角色权限;
* 如果版本校验不匹配,则返回 -1; * * @param roleAuth @@ -108,7 +108,7 @@ public class RolePrivilegeDataset implements Transactional, MerkleProvable, Role } /** - * 更新角色授权;
+ * 更新角色权限;
* 如果指定的角色不存在,或者版本不匹配,则引发 {@link LedgerException} 异常; * * @param participant @@ -242,7 +242,7 @@ public class RolePrivilegeDataset implements Transactional, MerkleProvable, Role } /** - * 查询角色授权; + * 查询角色权限; * *
* 如果不存在,则返回 null; @@ -279,4 +279,8 @@ public class RolePrivilegeDataset implements Transactional, MerkleProvable, Role return getRolePrivileges(0, (int) getRoleCount()); } + @Override + public boolean isReadonly() { + return dataset.isReadonly(); + } } diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/UserRoleDataset.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/UserRoleDataset.java index 0c6d72d1..355f5973 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/UserRoleDataset.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/UserRoleDataset.java @@ -166,4 +166,9 @@ public class UserRoleDataset implements Transactional, MerkleProvable, UserRoleS return pns; } + @Override + public boolean isReadonly() { + return dataset.isReadonly(); + } + } diff --git a/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerAdminDatasetTest.java b/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerAdminDatasetTest.java index 1967b0c0..3c31a02e 100644 --- a/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerAdminDatasetTest.java +++ b/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerAdminDatasetTest.java @@ -88,45 +88,45 @@ public class LedgerAdminDatasetTest { MemoryKVStorage testStorage = new MemoryKVStorage(); // Create intance with init setting; - LedgerAdminDataset ledgerAdminAccount = new LedgerAdminDataset(initSetting, keyPrefix, testStorage, + LedgerAdminDataset ledgerAdminDataset = new LedgerAdminDataset(initSetting, keyPrefix, testStorage, testStorage); - ledgerAdminAccount.getRolePrivileges().addRolePrivilege("DEFAULT", + ledgerAdminDataset.getRolePrivileges().addRolePrivilege("DEFAULT", new LedgerPermission[] { LedgerPermission.AUTHORIZE_ROLES, LedgerPermission.REGISTER_USER, LedgerPermission.APPROVE_TX }, new TransactionPermission[] { TransactionPermission.DIRECT_OPERATION, TransactionPermission.CONTRACT_OPERATION }); - ledgerAdminAccount.getUserRoles().addUserRoles(parties[0].getAddress(), RolesPolicy.UNION, "DEFAULT"); + ledgerAdminDataset.getUserRoles().addUserRoles(parties[0].getAddress(), RolesPolicy.UNION, "DEFAULT"); // New created instance is updated until being committed; - assertTrue(ledgerAdminAccount.isUpdated()); + assertTrue(ledgerAdminDataset.isUpdated()); // Hash of account is null until being committed; - assertNull(ledgerAdminAccount.getHash()); + assertNull(ledgerAdminDataset.getHash()); - LedgerMetadata_V2 meta = ledgerAdminAccount.getMetadata(); + LedgerMetadata_V2 meta = ledgerAdminDataset.getMetadata(); assertNull(meta.getParticipantsHash()); // Commit, and check the storage keys; - ledgerAdminAccount.commit(); + ledgerAdminDataset.commit(); // New created instance isn't updated after being committed; - assertFalse(ledgerAdminAccount.isUpdated()); + assertFalse(ledgerAdminDataset.isUpdated()); // Hash of account isn't null after being committed; - assertNotNull(ledgerAdminAccount.getHash()); + assertNotNull(ledgerAdminDataset.getHash()); - meta = ledgerAdminAccount.getMetadata(); + meta = ledgerAdminDataset.getMetadata(); assertNotNull(meta.getParticipantsHash()); assertNotNull(meta.getSettingsHash()); assertNotNull(meta.getRolePrivilegesHash()); assertNotNull(meta.getUserRolesHash()); - assertNotNull(ledgerAdminAccount.getRolePrivileges().getRolePrivilege("DEFAULT")); + assertNotNull(ledgerAdminDataset.getRolePrivileges().getRolePrivilege("DEFAULT")); // ---------------------- // Reload account from storage with readonly mode, and check the integrity of // data; - HashDigest adminAccHash = ledgerAdminAccount.getHash(); + HashDigest adminAccHash = ledgerAdminDataset.getHash(); LedgerAdminDataset reloadAdminAccount1 = new LedgerAdminDataset(adminAccHash, keyPrefix, testStorage, testStorage, true); @@ -137,15 +137,15 @@ public class LedgerAdminDatasetTest { assertNotNull(meta2.getUserRolesHash()); // verify realod settings of admin account; - verifyRealoadingSettings(reloadAdminAccount1, adminAccHash, ledgerAdminAccount.getMetadata(), - ledgerAdminAccount.getSettings()); + verifyRealoadingSettings(reloadAdminAccount1, adminAccHash, ledgerAdminDataset.getMetadata(), + ledgerAdminDataset.getSettings()); // verify the consensus participant list; verifyRealoadingParities(reloadAdminAccount1, parties1); // It will throw exeception because of this account is readonly; verifyReadonlyState(reloadAdminAccount1); - verifyRealoadingRoleAuthorizations(reloadAdminAccount1, ledgerAdminAccount.getRolePrivileges(), - ledgerAdminAccount.getUserRoles()); + verifyRealoadingRoleAuthorizations(reloadAdminAccount1, ledgerAdminDataset.getRolePrivileges(), + ledgerAdminDataset.getUserRoles()); // -------------- // 重新加载,并进行修改; @@ -178,8 +178,8 @@ public class LedgerAdminDatasetTest { // load the last version of account and verify again; LedgerAdminDataset previousAdminAccount = new LedgerAdminDataset(adminAccHash, keyPrefix, testStorage, testStorage, true); - verifyRealoadingSettings(previousAdminAccount, adminAccHash, ledgerAdminAccount.getMetadata(), - ledgerAdminAccount.getSettings()); + verifyRealoadingSettings(previousAdminAccount, adminAccHash, ledgerAdminDataset.getMetadata(), + ledgerAdminDataset.getSettings()); verifyRealoadingParities(previousAdminAccount, parties1); verifyReadonlyState(previousAdminAccount); diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolePrivilegeSettings.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolePrivilegeSettings.java index 21e394e2..b678d644 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolePrivilegeSettings.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolePrivilegeSettings.java @@ -1,16 +1,55 @@ package com.jd.blockchain.ledger; public interface RolePrivilegeSettings { - + /** * 角色名称的最大 Unicode 字符数; */ public static final int MAX_ROLE_NAME_LENGTH = 20; + /** + * 角色的数量; + * + * @return + */ long getRoleCount(); - + + /** + * 查询角色权限; + * + *
+ * 如果不存在,则返回 null; + * + * @param address + * @return + */ + RolePrivileges getRolePrivilege(String roleName); + + /** + * 返回指定位置的角色权限; + * + * @param index + * @param count + * @return + */ + RolePrivileges[] getRolePrivileges(int index, int count); + /** - * 加入新的角色授权;
+ * 返回所有的角色权限; + * + * @return + */ + RolePrivileges[] getRolePrivileges(); + + /** + * 是否只读; + * + * @return + */ + boolean isReadonly(); + + /** + * 加入新的角色权限;
* * 如果指定的角色已经存在,则引发 {@link LedgerException} 异常; * @@ -21,7 +60,7 @@ public interface RolePrivilegeSettings { long addRolePrivilege(String roleName, Privileges privileges); /** - * 加入新的角色授权;
+ * 加入新的角色权限;
* * 如果指定的角色已经存在,则引发 {@link LedgerException} 异常; * @@ -32,7 +71,7 @@ public interface RolePrivilegeSettings { long addRolePrivilege(String roleName, LedgerPrivilege ledgerPrivilege, TransactionPrivilege txPrivilege); /** - * 加入新的角色授权;
+ * 加入新的角色权限;
* * 如果指定的角色已经存在,则引发 {@link LedgerException} 异常; * @@ -45,7 +84,7 @@ public interface RolePrivilegeSettings { long addRolePrivilege(String roleName, LedgerPermission[] ledgerPermissions, TransactionPermission[] txPermissions); /** - * 更新角色授权;
+ * 更新角色权限;
* 如果指定的角色不存在,或者版本不匹配,则引发 {@link LedgerException} 异常; * * @param participant @@ -116,19 +155,4 @@ public interface RolePrivilegeSettings { long disablePermissions(String roleName, LedgerPermission[] ledgerPermissions, TransactionPermission[] txPermissions); - /** - * 查询角色授权; - * - *
- * 如果不存在,则返回 null; - * - * @param address - * @return - */ - RolePrivileges getRolePrivilege(String roleName); - - RolePrivileges[] getRolePrivileges(int index, int count); - - RolePrivileges[] getRolePrivileges(); - } \ No newline at end of file diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleSettings.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleSettings.java index 15ef546c..f7426ccf 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleSettings.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleSettings.java @@ -16,6 +16,31 @@ public interface UserRoleSettings { */ long getUserCount(); + /** + * 查询角色授权; + * + *
+ * 如果不存在,则返回 null; + * + * @param address + * @return + */ + UserRoles getUserRoles(Bytes userAddress); + + /** + * 返回全部的用户授权; + * + * @return + */ + UserRoles[] getUserRoles(); + + /** + * 是否只读; + * + * @return + */ + boolean isReadonly(); + /** * 加入新的用户角色授权;
* @@ -46,22 +71,4 @@ public interface UserRoleSettings { */ long setRoles(Bytes userAddress, RolesPolicy policy, String... roles); - /** - * 查询角色授权; - * - *
- * 如果不存在,则返回 null; - * - * @param address - * @return - */ - UserRoles getUserRoles(Bytes userAddress); - - /** - * 返回全部的用户授权; - * - * @return - */ - UserRoles[] getUserRoles(); - } \ No newline at end of file