@@ -70,10 +70,6 @@ public class AccountSet implements Transactional, MerkleProvable { | |||
this.accessPolicy = accessPolicy; | |||
} | |||
// public HashDigest getAccountRootHash() { | |||
// return merkleDataset.getRootHash(); | |||
// } | |||
@Override | |||
public HashDigest getRootHash() { | |||
return merkleDataset.getRootHash(); | |||
@@ -1,20 +1,31 @@ | |||
package com.jd.blockchain.ledger.core; | |||
import java.util.ArrayList; | |||
import java.util.HashMap; | |||
import java.util.List; | |||
import java.util.Map; | |||
import java.util.Map.Entry; | |||
import java.util.concurrent.ConcurrentHashMap; | |||
import org.springframework.stereotype.Component; | |||
import com.jd.blockchain.ledger.LedgerException; | |||
import com.jd.blockchain.ledger.Operation; | |||
import com.jd.blockchain.ledger.core.handles.ContractCodeDeployOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.DataAccountKVSetOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.DataAccountRegisterOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.JVMContractEventSendOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.LedgerInitOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.RolesConfigureOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.UserAuthorizeOperationHandle; | |||
import com.jd.blockchain.ledger.core.handles.UserRegisterOperationHandle; | |||
import com.jd.blockchain.transaction.ContractCodeDeployOpTemplate; | |||
import com.jd.blockchain.transaction.ContractEventSendOpTemplate; | |||
import com.jd.blockchain.transaction.DataAccountKVSetOpTemplate; | |||
import com.jd.blockchain.transaction.DataAccountRegisterOpTemplate; | |||
import com.jd.blockchain.transaction.LedgerInitOpTemplate; | |||
import com.jd.blockchain.transaction.RolesConfigureOpTemplate; | |||
import com.jd.blockchain.transaction.UserAuthorizeOpTemplate; | |||
import com.jd.blockchain.transaction.UserRegisterOpTemplate; | |||
@Component | |||
public class DefaultOperationHandleRegisteration implements OperationHandleRegisteration { | |||
@@ -23,51 +34,74 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis | |||
private Map<Class<?>, OperationHandle> handles = new ConcurrentHashMap<>(); | |||
private Map<Class<?>, OperationHandle> cacheMapping = new ConcurrentHashMap<>(); | |||
static { | |||
addDefaultHandle(new RolesConfigureOperationHandle()); | |||
addDefaultHandle(new UserAuthorizeOperationHandle()); | |||
addDefaultHandle(new DataAccountKVSetOperationHandle()); | |||
addDefaultHandle(new DataAccountRegisterOperationHandle()); | |||
addDefaultHandle(new UserRegisterOperationHandle()); | |||
addDefaultHandle(new ContractCodeDeployOperationHandle()); | |||
addDefaultHandle(new JVMContractEventSendOperationHandle()); | |||
registerDefaultHandle(new LedgerInitOperationHandle()); | |||
registerDefaultHandle(new RolesConfigureOperationHandle()); | |||
registerDefaultHandle(new UserAuthorizeOperationHandle()); | |||
registerDefaultHandle(new UserRegisterOperationHandle()); | |||
registerDefaultHandle(new DataAccountKVSetOperationHandle()); | |||
registerDefaultHandle(new DataAccountRegisterOperationHandle()); | |||
registerDefaultHandle(new ContractCodeDeployOperationHandle()); | |||
registerDefaultHandle(new JVMContractEventSendOperationHandle()); | |||
} | |||
private static void addDefaultHandle(OperationHandle handle) { | |||
private static void registerDefaultHandle(OperationHandle handle) { | |||
DEFAULT_HANDLES.put(handle.getOperationType(), handle); | |||
} | |||
/** | |||
* 以最高优先级插入一个操作处理器; | |||
* 注册操作处理器;此方法将覆盖默认的操作处理器配置; | |||
* | |||
* @param handle | |||
*/ | |||
public void registerHandle(OperationHandle handle) { | |||
List<Class<?>> opTypes = new ArrayList<Class<?>>(); | |||
for (Class<?> opType : handles.keySet()) { | |||
if (opType.isAssignableFrom(handle.getOperationType())) { | |||
opTypes.add(opType); | |||
} | |||
} | |||
for (Class<?> opType : opTypes) { | |||
handles.put(opType, handle); | |||
} | |||
handles.put(handle.getOperationType(), handle); | |||
} | |||
private OperationHandle getRegisteredHandle(Class<?> operationType) { | |||
OperationHandle hdl = handles.get(operationType); | |||
if (hdl == null) { | |||
for (Entry<Class<?>, OperationHandle> entry : handles.entrySet()) { | |||
if (entry.getKey().isAssignableFrom(operationType)) { | |||
hdl = entry.getValue(); | |||
hdl = DEFAULT_HANDLES.get(operationType); | |||
//按“操作类型”的继承关系匹配; | |||
if (hdl == null) { | |||
for (Class<?> opType : handles.keySet()) { | |||
if (opType.isAssignableFrom(operationType)) { | |||
hdl = handles.get(opType); | |||
break; | |||
} | |||
} | |||
} | |||
} | |||
return hdl; | |||
} | |||
private OperationHandle getDefaultHandle(Class<?> operationType) { | |||
OperationHandle hdl = DEFAULT_HANDLES.get(operationType); | |||
if (hdl == null) { | |||
for (Entry<Class<?>, OperationHandle> entry : DEFAULT_HANDLES.entrySet()) { | |||
if (entry.getKey().isAssignableFrom(operationType)) { | |||
hdl = entry.getValue(); | |||
if (hdl == null) { | |||
for (Class<?> opType : DEFAULT_HANDLES.keySet()) { | |||
if (opType.isAssignableFrom(operationType)) { | |||
hdl = DEFAULT_HANDLES.get(opType); | |||
break; | |||
} | |||
} | |||
} | |||
if (hdl != null) { | |||
handles.put(operationType, hdl); | |||
} | |||
} | |||
return hdl; | |||
} | |||
@@ -80,20 +114,19 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis | |||
* java.lang.Class) | |||
*/ | |||
@Override | |||
public OperationHandle getHandle(Class<?> operationType) { | |||
OperationHandle hdl = cacheMapping.get(operationType); | |||
if (hdl != null) { | |||
return hdl; | |||
} | |||
hdl = getRegisteredHandle(operationType); | |||
public OperationHandle getHandle(Class<? extends Operation> operationType) { | |||
OperationHandle hdl = getRegisteredHandle(operationType); | |||
if (hdl == null) { | |||
hdl = getDefaultHandle(operationType); | |||
if (hdl == null) { | |||
throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!"); | |||
} | |||
throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!"); | |||
} | |||
cacheMapping.put(operationType, hdl); | |||
return hdl; | |||
} | |||
private static class OpHandleStub { | |||
private Class<? extends Operation> operationType; | |||
private OperationHandle operationHandle; | |||
} | |||
} |
@@ -0,0 +1,209 @@ | |||
package com.jd.blockchain.ledger.core; | |||
import com.jd.blockchain.crypto.HashDigest; | |||
import com.jd.blockchain.ledger.AccountHeader; | |||
import com.jd.blockchain.ledger.LedgerAdminInfo; | |||
import com.jd.blockchain.ledger.MerkleProof; | |||
import com.jd.blockchain.ledger.ParticipantDataQuery; | |||
import com.jd.blockchain.ledger.ParticipantNode; | |||
import com.jd.blockchain.utils.Bytes; | |||
public class EmptyLedgerDataset implements LedgerDataQuery { | |||
private static final LedgerAdminDataQuery EMPTY_ADMIN_DATA = new EmptyAdminData(); | |||
private static final UserAccountQuery EMPTY_USER_ACCOUNTS = new EmptyUserAccountSet(); | |||
private static final DataAccountQuery EMPTY_DATA_ACCOUNTS = new EmptyDataAccountSet(); | |||
private static final ContractAccountQuery EMPTY_CONTRACT_ACCOUNTS = new EmptyContractAccountSet(); | |||
private static final ParticipantDataQuery EMPTY_PARTICIPANTS = new EmptyParticipantData(); | |||
@Override | |||
public LedgerAdminDataQuery getAdminDataset() { | |||
return EMPTY_ADMIN_DATA; | |||
} | |||
@Override | |||
public UserAccountQuery getUserAccountSet() { | |||
return EMPTY_USER_ACCOUNTS; | |||
} | |||
@Override | |||
public DataAccountQuery getDataAccountSet() { | |||
return EMPTY_DATA_ACCOUNTS; | |||
} | |||
@Override | |||
public ContractAccountQuery getContractAccountset() { | |||
return EMPTY_CONTRACT_ACCOUNTS; | |||
} | |||
private static class EmptyAdminData implements LedgerAdminDataQuery{ | |||
@Override | |||
public LedgerAdminInfo getAdminInfo() { | |||
return null; | |||
} | |||
@Override | |||
public ParticipantDataQuery getParticipantDataset() { | |||
return EMPTY_PARTICIPANTS; | |||
} | |||
} | |||
private static class EmptyParticipantData implements ParticipantDataQuery{ | |||
@Override | |||
public HashDigest getRootHash() { | |||
return null; | |||
} | |||
@Override | |||
public MerkleProof getProof(Bytes key) { | |||
return null; | |||
} | |||
@Override | |||
public long getParticipantCount() { | |||
return 0; | |||
} | |||
@Override | |||
public boolean contains(Bytes address) { | |||
return false; | |||
} | |||
@Override | |||
public ParticipantNode getParticipant(Bytes address) { | |||
return null; | |||
} | |||
@Override | |||
public ParticipantNode[] getParticipants() { | |||
return null; | |||
} | |||
} | |||
private static class EmptyUserAccountSet implements UserAccountQuery{ | |||
@Override | |||
public AccountHeader[] getAccounts(int fromIndex, int count) { | |||
return null; | |||
} | |||
@Override | |||
public long getTotalCount() { | |||
return 0; | |||
} | |||
@Override | |||
public HashDigest getRootHash() { | |||
return null; | |||
} | |||
@Override | |||
public MerkleProof getProof(Bytes key) { | |||
return null; | |||
} | |||
@Override | |||
public UserAccount getUser(String address) { | |||
return null; | |||
} | |||
@Override | |||
public UserAccount getUser(Bytes address) { | |||
return null; | |||
} | |||
@Override | |||
public boolean contains(Bytes address) { | |||
return false; | |||
} | |||
@Override | |||
public UserAccount getUser(Bytes address, long version) { | |||
return null; | |||
} | |||
} | |||
private static class EmptyDataAccountSet implements DataAccountQuery{ | |||
@Override | |||
public AccountHeader[] getAccounts(int fromIndex, int count) { | |||
return null; | |||
} | |||
@Override | |||
public HashDigest getRootHash() { | |||
return null; | |||
} | |||
@Override | |||
public long getTotalCount() { | |||
return 0; | |||
} | |||
@Override | |||
public MerkleProof getProof(Bytes address) { | |||
return null; | |||
} | |||
@Override | |||
public DataAccount getDataAccount(Bytes address) { | |||
return null; | |||
} | |||
@Override | |||
public DataAccount getDataAccount(Bytes address, long version) { | |||
return null; | |||
} | |||
} | |||
private static class EmptyContractAccountSet implements ContractAccountQuery{ | |||
@Override | |||
public AccountHeader[] getAccounts(int fromIndex, int count) { | |||
return null; | |||
} | |||
@Override | |||
public HashDigest getRootHash() { | |||
return null; | |||
} | |||
@Override | |||
public long getTotalCount() { | |||
return 0; | |||
} | |||
@Override | |||
public MerkleProof getProof(Bytes address) { | |||
return null; | |||
} | |||
@Override | |||
public boolean contains(Bytes address) { | |||
return false; | |||
} | |||
@Override | |||
public ContractAccount getContract(Bytes address) { | |||
return null; | |||
} | |||
@Override | |||
public ContractAccount getContract(Bytes address, long version) { | |||
return null; | |||
} | |||
} | |||
} |
@@ -0,0 +1,98 @@ | |||
package com.jd.blockchain.ledger.core; | |||
import java.util.Set; | |||
import com.jd.blockchain.ledger.LedgerPermission; | |||
import com.jd.blockchain.ledger.LedgerSecurityException; | |||
import com.jd.blockchain.ledger.TransactionPermission; | |||
import com.jd.blockchain.utils.Bytes; | |||
class FullPermissionedSecurityManager implements LedgerSecurityManager { | |||
public static final FullPermissionedSecurityManager INSTANCE = new FullPermissionedSecurityManager(); | |||
@Override | |||
public SecurityPolicy createSecurityPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) { | |||
return new FullPermissionedPolicy(endpoints, nodes); | |||
} | |||
private static class FullPermissionedPolicy implements SecurityPolicy { | |||
private Set<Bytes> endpoints; | |||
private Set<Bytes> nodes; | |||
public FullPermissionedPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) { | |||
this.endpoints = endpoints; | |||
this.nodes = nodes; | |||
} | |||
@Override | |||
public Set<Bytes> getEndpoints() { | |||
return endpoints; | |||
} | |||
@Override | |||
public Set<Bytes> getNodes() { | |||
return nodes; | |||
} | |||
@Override | |||
public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
} | |||
@Override | |||
public boolean isEndpointValid(MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isNodeValid(MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
} | |||
} | |||
} |
@@ -108,7 +108,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery, | |||
public UserRolesSettings getUserRoles() { | |||
return userRoles; | |||
} | |||
@Override | |||
public LedgerAdminInfo getAdminInfo() { | |||
return this; | |||
@@ -392,7 +392,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery, | |||
return; | |||
} | |||
participants.cancel(); | |||
metadata = new LedgerMetadataInfo(origMetadata); | |||
metadata =origMetadata == null ? new LedgerMetadataInfo() : new LedgerMetadataInfo(origMetadata); | |||
} | |||
public static class LedgerMetadataInfo implements LedgerMetadata_V2 { | |||
@@ -9,14 +9,12 @@ import com.jd.blockchain.ledger.DigitalSignature; | |||
import com.jd.blockchain.ledger.LedgerBlock; | |||
import com.jd.blockchain.ledger.LedgerInitException; | |||
import com.jd.blockchain.ledger.LedgerInitSetting; | |||
import com.jd.blockchain.ledger.Operation; | |||
import com.jd.blockchain.ledger.ParticipantNode; | |||
import com.jd.blockchain.ledger.SecurityInitSettings; | |||
import com.jd.blockchain.ledger.TransactionBuilder; | |||
import com.jd.blockchain.ledger.TransactionContent; | |||
import com.jd.blockchain.ledger.TransactionRequest; | |||
import com.jd.blockchain.ledger.TransactionState; | |||
import com.jd.blockchain.ledger.UserRegisterOperation; | |||
import com.jd.blockchain.service.TransactionBatchResultHandle; | |||
import com.jd.blockchain.storage.service.KVStorageService; | |||
import com.jd.blockchain.transaction.SignatureUtils; | |||
import com.jd.blockchain.transaction.TxBuilder; | |||
@@ -24,6 +22,14 @@ import com.jd.blockchain.transaction.TxRequestBuilder; | |||
public class LedgerInitializer { | |||
private static final FullPermissionedSecurityManager FULL_PERMISSION_SECURITY_MANAGER = new FullPermissionedSecurityManager(); | |||
private static final LedgerDataQuery EMPTY_LEDGER_DATA_QUERY = new EmptyLedgerDataset(); | |||
private static final OperationHandleRegisteration DEFAULT_OP_HANDLE_REG = new DefaultOperationHandleRegisteration(); | |||
private LedgerService EMPTY_LEDGERS = new LedgerManager(); | |||
private LedgerInitSetting initSetting; | |||
private TransactionContent initTxContent; | |||
@@ -36,6 +42,8 @@ public class LedgerInitializer { | |||
private volatile boolean canceled = false; | |||
private TransactionBatchResultHandle txResultsHandle; | |||
/** | |||
* 初始化生成的账本hash; <br> | |||
* | |||
@@ -115,7 +123,7 @@ public class LedgerInitializer { | |||
throw new LedgerInitException("The ledger has been canceled!"); | |||
} | |||
committed = true; | |||
this.ledgerEditor.commit(); | |||
this.txResultsHandle.commit(); | |||
} | |||
public void cancel() { | |||
@@ -148,18 +156,13 @@ public class LedgerInitializer { | |||
TransactionRequest txRequest = txReqBuilder.buildRequest(); | |||
LedgerTransactionContext txCtx = ledgerEditor.newTransaction(txRequest); | |||
Operation[] ops = txRequest.getTransactionContent().getOperations(); | |||
// 注册用户; 注:第一个操作是 LedgerInitOperation; | |||
// TODO:暂时只支持注册用户的初始化操作; | |||
for (int i = 1; i < ops.length; i++) { | |||
UserRegisterOperation userRegOP = (UserRegisterOperation) ops[i]; | |||
txCtx.getDataset().getUserAccountSet().register(userRegOP.getUserID().getAddress(), | |||
userRegOP.getUserID().getPubKey()); | |||
} | |||
TransactionBatchProcessor txProcessor = new TransactionBatchProcessor(FULL_PERMISSION_SECURITY_MANAGER, | |||
ledgerEditor, EMPTY_LEDGER_DATA_QUERY, DEFAULT_OP_HANDLE_REG, EMPTY_LEDGERS); | |||
txCtx.commit(TransactionState.SUCCESS, null); | |||
txProcessor.schedule(txRequest); | |||
return ledgerEditor.prepare(); | |||
txResultsHandle = txProcessor.prepare(); | |||
return txResultsHandle.getBlock(); | |||
} | |||
} |
@@ -109,16 +109,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
return latestState.block; | |||
} | |||
// private LedgerState getLatestState() { | |||
// LedgerState state = latestState; | |||
// if (state == null) { | |||
// LedgerBlock latestBlock = innerGetBlock(innerGetLatestBlockHeight()); | |||
// state = new LedgerState(latestBlock); | |||
// latestState = state; | |||
// } | |||
// return state; | |||
// } | |||
/** | |||
* 重新检索加载最新的状态; | |||
* | |||
@@ -264,20 +254,7 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
@Override | |||
public TransactionSet getTransactionSet(LedgerBlock block) { | |||
long height = getLatestBlockHeight(); | |||
// TransactionSet transactionSet = null; | |||
if (height == block.getHeight()) { | |||
// // 缓存最近一个区块的数据; | |||
// LedgerState state = getLatestState(); | |||
// transactionSet = state.transactionSet; | |||
// if (transactionSet == null) { | |||
// LedgerAdminInfo adminAccount = getAdminInfo(block); | |||
// transactionSet = loadTransactionSet(block.getTransactionSetHash(), | |||
// adminAccount.getSettings().getCryptoSetting(), keyPrefix, exPolicyStorage, versioningStorage, | |||
// true); | |||
// state.transactionSet = transactionSet; | |||
// } | |||
// return transactionSet; | |||
// 从缓存中返回最新区块的数据集; | |||
return latestState.getTransactionSet(); | |||
} | |||
@@ -290,18 +267,7 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
@Override | |||
public LedgerAdminDataset getAdminInfo(LedgerBlock block) { | |||
long height = getLatestBlockHeight(); | |||
// LedgerAdminDataset adminAccount = null; | |||
if (height == block.getHeight()) { | |||
// // 缓存读; | |||
// LedgerState state = getLatestState(); | |||
// adminAccount = state.adminAccount; | |||
// if (adminAccount == null) { | |||
// adminAccount = new LedgerAdminDataset(block.getAdminAccountHash(), keyPrefix, exPolicyStorage, | |||
// versioningStorage, true); | |||
// state.adminAccount = adminAccount; | |||
// } | |||
// return adminAccount; | |||
return latestState.getAdminDataset(); | |||
} | |||
@@ -315,20 +281,7 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
@Override | |||
public UserAccountQuery getUserAccountSet(LedgerBlock block) { | |||
long height = getLatestBlockHeight(); | |||
// UserAccountSet userAccountSet = null; | |||
if (height == block.getHeight()) { | |||
// // 缓存读; | |||
// LedgerState state = getLatestState(); | |||
// userAccountSet = state.userAccountSet; | |||
// if (userAccountSet == null) { | |||
// LedgerAdminDataset adminAccount = getAdminInfo(block); | |||
// userAccountSet = loadUserAccountSet(block.getUserAccountSetHash(), | |||
// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage, | |||
// versioningStorage, true); | |||
// state.userAccountSet = userAccountSet; | |||
// } | |||
// return userAccountSet; | |||
return latestState.getUserAccountSet(); | |||
} | |||
LedgerAdminDataset adminAccount = getAdminInfo(block); | |||
@@ -343,20 +296,7 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
@Override | |||
public DataAccountQuery getDataAccountSet(LedgerBlock block) { | |||
long height = getLatestBlockHeight(); | |||
// DataAccountSet dataAccountSet = null; | |||
if (height == block.getHeight()) { | |||
// // 缓存读; | |||
// LedgerState state = getLatestState(); | |||
// dataAccountSet = state.dataAccountSet; | |||
// if (dataAccountSet == null) { | |||
// LedgerAdminDataset adminAccount = getAdminInfo(block); | |||
// dataAccountSet = loadDataAccountSet(block.getDataAccountSetHash(), | |||
// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage, | |||
// versioningStorage, true); | |||
// state.dataAccountSet = dataAccountSet; | |||
// } | |||
// return dataAccountSet; | |||
return latestState.getDataAccountSet(); | |||
} | |||
@@ -372,20 +312,7 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
@Override | |||
public ContractAccountQuery getContractAccountSet(LedgerBlock block) { | |||
long height = getLatestBlockHeight(); | |||
// ContractAccountSet contractAccountSet = null; | |||
if (height == block.getHeight()) { | |||
// // 缓存读; | |||
// LedgerState state = getLatestState(); | |||
// contractAccountSet = state.contractAccountSet; | |||
// if (contractAccountSet == null) { | |||
// LedgerAdminDataset adminAccount = getAdminInfo(block); | |||
// contractAccountSet = loadContractAccountSet(block.getContractAccountSetHash(), | |||
// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage, | |||
// versioningStorage, true); | |||
// state.contractAccountSet = contractAccountSet; | |||
// } | |||
// return contractAccountSet; | |||
return latestState.getContractAccountSet(); | |||
} | |||
@@ -401,17 +328,7 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
@Override | |||
public LedgerDataset getDataSet(LedgerBlock block) { | |||
long height = getLatestBlockHeight(); | |||
// LedgerDataSet ledgerDataSet = null; | |||
if (height == block.getHeight()) { | |||
// // 缓存读; | |||
// LedgerState state = getLatestState(); | |||
// ledgerDataSet = state.ledgerDataSet; | |||
// if (ledgerDataSet == null) { | |||
// ledgerDataSet = innerDataSet(block); | |||
// state.ledgerDataSet = ledgerDataSet; | |||
// } | |||
// return ledgerDataSet; | |||
return latestState.getLedgerDataset(); | |||
} | |||
@@ -463,15 +380,10 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
} | |||
static Bytes encodeLedgerIndexKey(HashDigest ledgerHash) { | |||
// return LEDGER_PREFIX + Base58Utils.encode(ledgerHash.toBytes()); | |||
// return new Bytes(ledgerHash.toBytes()).concatTo(LEDGER_PREFIX); | |||
return LEDGER_PREFIX.concat(ledgerHash); | |||
} | |||
static Bytes encodeBlockStorageKey(HashDigest blockHash) { | |||
// String key = ByteArray.toBase58(blockHash.toBytes()); | |||
// return BLOCK_PREFIX + key; | |||
return BLOCK_PREFIX.concat(blockHash); | |||
} | |||
@@ -483,29 +395,13 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX; | |||
String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX; | |||
String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX; | |||
// String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX; | |||
// UserAccountSet userAccountSet = new | |||
// UserAccountSet(adminAccount.getSetting().getCryptoSetting(), | |||
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage), | |||
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage), | |||
// DEFAULT_ACCESS_POLICY); | |||
UserAccountSet userAccountSet = new UserAccountSet(adminAccount.getSettings().getCryptoSetting(), | |||
usersetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY); | |||
// DataAccountSet dataAccountSet = new | |||
// DataAccountSet(adminAccount.getSetting().getCryptoSetting(), | |||
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage), | |||
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage), | |||
// DEFAULT_ACCESS_POLICY); | |||
DataAccountSet dataAccountSet = new DataAccountSet(adminAccount.getSettings().getCryptoSetting(), | |||
datasetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY); | |||
// ContractAccountSet contractAccountSet = new | |||
// ContractAccountSet(adminAccount.getSetting().getCryptoSetting(), | |||
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage), | |||
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage), | |||
// DEFAULT_ACCESS_POLICY); | |||
ContractAccountSet contractAccountSet = new ContractAccountSet(adminAccount.getSettings().getCryptoSetting(), | |||
contractsetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY); | |||
@@ -517,10 +413,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
static TransactionSet newTransactionSet(LedgerSettings ledgerSetting, String keyPrefix, | |||
ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage) { | |||
// TransactionSet transactionSet = new | |||
// TransactionSet(ledgerSetting.getCryptoSetting(), | |||
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage), | |||
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage)); | |||
String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX; | |||
@@ -534,8 +426,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
LedgerAdminDataset adminAccount = new LedgerAdminDataset(dataSnapshot.getAdminAccountHash(), keyPrefix, | |||
ledgerExStorage, ledgerVerStorage, readonly); | |||
// CryptoSetting cryptoSetting = adminAccount.getPreviousSetting().getCryptoSetting(); | |||
UserAccountSet userAccountSet = loadUserAccountSet(dataSnapshot.getUserAccountSetHash(), cryptoSetting, | |||
keyPrefix, ledgerExStorage, ledgerVerStorage, readonly); | |||
@@ -554,10 +444,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
static UserAccountSet loadUserAccountSet(HashDigest userAccountSetHash, CryptoSetting cryptoSetting, | |||
String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, | |||
boolean readonly) { | |||
// return new UserAccountSet(userAccountSetHash, cryptoSetting, | |||
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage), | |||
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage), readonly, | |||
// DEFAULT_ACCESS_POLICY); | |||
String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX; | |||
return new UserAccountSet(userAccountSetHash, cryptoSetting, usersetKeyPrefix, ledgerExStorage, | |||
@@ -567,10 +453,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
static DataAccountSet loadDataAccountSet(HashDigest dataAccountSetHash, CryptoSetting cryptoSetting, | |||
String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, | |||
boolean readonly) { | |||
// return new DataAccountSet(dataAccountSetHash, cryptoSetting, | |||
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage, | |||
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage), readonly, | |||
// DEFAULT_ACCESS_POLICY); | |||
String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX; | |||
return new DataAccountSet(dataAccountSetHash, cryptoSetting, datasetKeyPrefix, ledgerExStorage, | |||
@@ -580,10 +462,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
static ContractAccountSet loadContractAccountSet(HashDigest contractAccountSetHash, CryptoSetting cryptoSetting, | |||
String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, | |||
boolean readonly) { | |||
// return new ContractAccountSet(contractAccountSetHash, cryptoSetting, | |||
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage, | |||
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage), readonly, | |||
// DEFAULT_ACCESS_POLICY); | |||
String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX; | |||
return new ContractAccountSet(contractAccountSetHash, cryptoSetting, contractsetKeyPrefix, ledgerExStorage, | |||
@@ -592,9 +470,6 @@ class LedgerRepositoryImpl implements LedgerRepository { | |||
static TransactionSet loadTransactionSet(HashDigest txsetHash, CryptoSetting cryptoSetting, String keyPrefix, | |||
ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) { | |||
// return new TransactionSet(txsetHash, cryptoSetting, | |||
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage), | |||
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage), readonly); | |||
String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX; | |||
return new TransactionSet(txsetHash, cryptoSetting, txsetKeyPrefix, ledgerExStorage, ledgerVerStorage, | |||
@@ -7,15 +7,17 @@ import java.util.Map; | |||
import java.util.Set; | |||
import java.util.concurrent.ConcurrentHashMap; | |||
import com.jd.blockchain.ledger.LedgerInitSetting; | |||
import com.jd.blockchain.ledger.LedgerPermission; | |||
import com.jd.blockchain.ledger.LedgerSecurityException; | |||
import com.jd.blockchain.ledger.ParticipantDataQuery; | |||
import com.jd.blockchain.ledger.ParticipantDoesNotExistException; | |||
import com.jd.blockchain.ledger.RolePrivilegeSettings; | |||
import com.jd.blockchain.ledger.RolePrivileges; | |||
import com.jd.blockchain.ledger.RolesPolicy; | |||
import com.jd.blockchain.ledger.TransactionPermission; | |||
import com.jd.blockchain.ledger.UserRolesSettings; | |||
import com.jd.blockchain.ledger.UserDoesNotExistException; | |||
import com.jd.blockchain.ledger.UserRoles; | |||
import com.jd.blockchain.ledger.UserRolesSettings; | |||
import com.jd.blockchain.utils.Bytes; | |||
/** | |||
@@ -36,17 +38,17 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
private Map<Bytes, UserRoles> userRolesCache = new ConcurrentHashMap<>(); | |||
private Map<String, RolePrivileges> rolesPrivilegeCache = new ConcurrentHashMap<>(); | |||
public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings) { | |||
private ParticipantDataQuery participantsQuery; | |||
private UserAccountQuery userAccountsQuery; | |||
public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings, | |||
ParticipantDataQuery participantsQuery, UserAccountQuery userAccountsQuery) { | |||
this.rolePrivilegeSettings = rolePrivilegeSettings; | |||
this.userRolesSettings = userRolesSettings; | |||
this.participantsQuery = participantsQuery; | |||
this.userAccountsQuery = userAccountsQuery; | |||
} | |||
public static void initSecuritySettings(LedgerInitSetting initSettings, LedgerEditor editor) { | |||
} | |||
@Override | |||
public SecurityPolicy createSecurityPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) { | |||
Map<Bytes, UserRolesPrivileges> endpointPrivilegeMap = new HashMap<>(); | |||
@@ -62,7 +64,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
nodePrivilegeMap.put(userAddress, userPrivileges); | |||
} | |||
return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap); | |||
return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap, participantsQuery, userAccountsQuery); | |||
} | |||
private UserRolesPrivileges getUserRolesPrivilegs(Bytes userAddress) { | |||
@@ -142,15 +144,22 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
*/ | |||
private Map<Bytes, UserRolesPrivileges> nodePrivilegeMap = new HashMap<>(); | |||
private ParticipantDataQuery participantsQuery; | |||
private UserAccountQuery userAccountsQuery; | |||
public UserRolesSecurityPolicy(Map<Bytes, UserRolesPrivileges> endpointPrivilegeMap, | |||
Map<Bytes, UserRolesPrivileges> nodePrivilegeMap) { | |||
Map<Bytes, UserRolesPrivileges> nodePrivilegeMap, ParticipantDataQuery participantsQuery, | |||
UserAccountQuery userAccountsQuery) { | |||
this.endpointPrivilegeMap = endpointPrivilegeMap; | |||
this.nodePrivilegeMap = nodePrivilegeMap; | |||
this.participantsQuery = participantsQuery; | |||
this.userAccountsQuery = userAccountsQuery; | |||
} | |||
@Override | |||
public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) { | |||
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { | |||
public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { | |||
if (p.getLedgerPrivileges().isEnable(permission)) { | |||
@@ -158,7 +167,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
} | |||
return false; | |||
} else if (MultiIdsPolicy.ALL == midPolicy) { | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { | |||
if (!p.getLedgerPrivileges().isEnable(permission)) { | |||
@@ -172,8 +181,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) { | |||
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { | |||
public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { | |||
if (p.getTransactionPrivileges().isEnable(permission)) { | |||
@@ -181,7 +190,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
} | |||
return false; | |||
} else if (MultiIdsPolicy.ALL == midPolicy) { | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { | |||
if (!p.getTransactionPrivileges().isEnable(permission)) { | |||
@@ -195,8 +204,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) { | |||
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { | |||
public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (UserRolesPrivileges p : nodePrivilegeMap.values()) { | |||
if (p.getLedgerPrivileges().isEnable(permission)) { | |||
@@ -204,7 +213,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
} | |||
return false; | |||
} else if (MultiIdsPolicy.ALL == midPolicy) { | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (UserRolesPrivileges p : nodePrivilegeMap.values()) { | |||
if (!p.getLedgerPrivileges().isEnable(permission)) { | |||
@@ -218,8 +227,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) { | |||
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { | |||
public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (UserRolesPrivileges p : nodePrivilegeMap.values()) { | |||
if (p.getTransactionPrivileges().isEnable(permission)) { | |||
@@ -227,7 +236,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
} | |||
return false; | |||
} else if (MultiIdsPolicy.ALL == midPolicy) { | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (UserRolesPrivileges p : nodePrivilegeMap.values()) { | |||
if (!p.getTransactionPrivileges().isEnable(permission)) { | |||
@@ -241,9 +250,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) | |||
public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
if (!isEnableToEndpoints(permission, midPolicy)) { | |||
if (!isEndpointEnable(permission, midPolicy)) { | |||
throw new LedgerSecurityException(String.format( | |||
"The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!", | |||
permission, midPolicy)); | |||
@@ -251,9 +260,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) | |||
public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
if (!isEnableToEndpoints(permission, midPolicy)) { | |||
if (!isEndpointEnable(permission, midPolicy)) { | |||
throw new LedgerSecurityException(String.format( | |||
"The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!", | |||
permission, midPolicy)); | |||
@@ -261,8 +270,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException { | |||
if (!isEnableToNodes(permission, midPolicy)) { | |||
public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
if (!isNodeEnable(permission, midPolicy)) { | |||
throw new LedgerSecurityException(String.format( | |||
"The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!", | |||
permission, midPolicy)); | |||
@@ -270,9 +280,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
} | |||
@Override | |||
public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) | |||
public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
if (!isEnableToNodes(permission, midPolicy)) { | |||
if (!isNodeEnable(permission, midPolicy)) { | |||
throw new LedgerSecurityException(String.format( | |||
"The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!", | |||
permission, midPolicy)); | |||
@@ -289,6 +299,98 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { | |||
return nodePrivilegeMap.keySet(); | |||
} | |||
@Override | |||
public boolean isEndpointValid(MultiIDsPolicy midPolicy) { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (Bytes address : getEndpoints()) { | |||
if (userAccountsQuery.contains(address)) { | |||
return true; | |||
} | |||
} | |||
return false; | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (Bytes address : getEndpoints()) { | |||
if (!userAccountsQuery.contains(address)) { | |||
return false; | |||
} | |||
} | |||
return true; | |||
} else { | |||
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); | |||
} | |||
} | |||
@Override | |||
public boolean isNodeValid(MultiIDsPolicy midPolicy) { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (Bytes address : getNodes()) { | |||
if (participantsQuery.contains(address)) { | |||
return true; | |||
} | |||
} | |||
return false; | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (Bytes address : getNodes()) { | |||
if (!participantsQuery.contains(address)) { | |||
return false; | |||
} | |||
} | |||
return true; | |||
} else { | |||
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); | |||
} | |||
} | |||
@Override | |||
public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (Bytes address : getEndpoints()) { | |||
if (userAccountsQuery.contains(address)) { | |||
return; | |||
} | |||
} | |||
throw new UserDoesNotExistException("All endpoint signers were not registered!"); | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (Bytes address : getEndpoints()) { | |||
if (!userAccountsQuery.contains(address)) { | |||
throw new UserDoesNotExistException("The endpoint signer[" + address + "] was not registered!"); | |||
} | |||
} | |||
return; | |||
} else { | |||
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); | |||
} | |||
} | |||
@Override | |||
public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { | |||
// 至少一个; | |||
for (Bytes address : getNodes()) { | |||
if (participantsQuery.contains(address)) { | |||
return; | |||
} | |||
} | |||
throw new ParticipantDoesNotExistException("All node signers were not registered as participant!"); | |||
} else if (MultiIDsPolicy.ALL == midPolicy) { | |||
// 全部; | |||
for (Bytes address : getNodes()) { | |||
if (!participantsQuery.contains(address)) { | |||
throw new ParticipantDoesNotExistException( | |||
"The node signer[" + address + "] was not registered as participant!"); | |||
} | |||
} | |||
} else { | |||
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); | |||
} | |||
} | |||
} | |||
} |
@@ -1,12 +1,12 @@ | |||
package com.jd.blockchain.ledger.core; | |||
/** | |||
* 多身份的权限校验策略; | |||
* 多重身份的校验策略; | |||
* | |||
* @author huanghaiquan | |||
* | |||
*/ | |||
public enum MultiIdsPolicy { | |||
public enum MultiIDsPolicy { | |||
/** | |||
* 至少有一个都能通过; |
@@ -1,7 +1,9 @@ | |||
package com.jd.blockchain.ledger.core; | |||
import com.jd.blockchain.ledger.Operation; | |||
public interface OperationHandleRegisteration { | |||
OperationHandle getHandle(Class<?> operationType); | |||
OperationHandle getHandle(Class<? extends Operation> operationType); | |||
} |
@@ -30,6 +30,22 @@ public interface SecurityPolicy { | |||
*/ | |||
Set<Bytes> getNodes(); | |||
/** | |||
* 终端身份是否合法; | |||
* | |||
* @param midPolicy | |||
* @return | |||
*/ | |||
boolean isEndpointValid(MultiIDsPolicy midPolicy); | |||
/** | |||
* 节点身份是否合法; | |||
* | |||
* @param midPolicy | |||
* @return | |||
*/ | |||
boolean isNodeValid(MultiIDsPolicy midPolicy); | |||
/** | |||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | |||
* | |||
@@ -37,7 +53,7 @@ public interface SecurityPolicy { | |||
* @param midPolicy 针对多个签名用户的权限策略; | |||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | |||
*/ | |||
boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy); | |||
boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy); | |||
/** | |||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -46,7 +62,7 @@ public interface SecurityPolicy { | |||
* @param midPolicy 针对多个签名用户的权限策略; | |||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | |||
*/ | |||
boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy); | |||
boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy); | |||
/** | |||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -55,7 +71,7 @@ public interface SecurityPolicy { | |||
* @param midPolicy 针对多个签名用户的权限策略; | |||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | |||
*/ | |||
boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy); | |||
boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy); | |||
/** | |||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -64,7 +80,23 @@ public interface SecurityPolicy { | |||
* @param midPolicy 针对多个签名用户的权限策略; | |||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | |||
*/ | |||
boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy); | |||
boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy); | |||
/** | |||
* 检查终端身份的合法性; | |||
* | |||
* @param midPolicy | |||
* @throws LedgerSecurityException | |||
*/ | |||
void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException; | |||
/** | |||
* 检查节点身份的合法性; | |||
* | |||
* @param midPolicy | |||
* @throws LedgerSecurityException | |||
*/ | |||
void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException; | |||
/** | |||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -74,7 +106,7 @@ public interface SecurityPolicy { | |||
* @param midPolicy 针对多个签名用户的权限策略; | |||
* @throws LedgerSecurityException | |||
*/ | |||
void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; | |||
void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | |||
/** | |||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -84,7 +116,8 @@ public interface SecurityPolicy { | |||
* @param midPolicy | |||
* @throws LedgerSecurityException | |||
*/ | |||
void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; | |||
void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException; | |||
/** | |||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -94,7 +127,7 @@ public interface SecurityPolicy { | |||
* @param midPolicy | |||
* @throws LedgerSecurityException | |||
*/ | |||
void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; | |||
void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | |||
/** | |||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | |||
@@ -104,6 +137,6 @@ public interface SecurityPolicy { | |||
* @param midPolicy | |||
* @throws LedgerSecurityException | |||
*/ | |||
void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; | |||
void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | |||
} |
@@ -46,7 +46,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { | |||
private LedgerEditor newBlockEditor; | |||
private LedgerDataQuery previousBlockDataset; | |||
private LedgerDataQuery ledgerQueryer; | |||
private OperationHandleRegisteration opHandles; | |||
@@ -60,15 +60,15 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { | |||
private TransactionBatchResult batchResult; | |||
/** | |||
* @param newBlockEditor 新区块的数据编辑器; | |||
* @param previousBlockDataset 新区块的前一个区块的数据集;即未提交新区块之前的经过共识的账本最新数据集; | |||
* @param opHandles 操作处理对象注册表; | |||
* @param newBlockEditor 新区块的数据编辑器; | |||
* @param ledgerQueryer 账本查询器,只包含新区块的前一个区块的数据集;即未提交新区块之前的经过共识的账本最新数据集; | |||
* @param opHandles 操作处理对象注册表; | |||
*/ | |||
public TransactionBatchProcessor(LedgerSecurityManager securityManager, LedgerEditor newBlockEditor, | |||
LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles, LedgerService ledgerService) { | |||
LedgerDataQuery ledgerQueryer, OperationHandleRegisteration opHandles, LedgerService ledgerService) { | |||
this.securityManager = securityManager; | |||
this.newBlockEditor = newBlockEditor; | |||
this.previousBlockDataset = previousBlockDataset; | |||
this.ledgerQueryer = ledgerQueryer; | |||
this.opHandles = opHandles; | |||
this.ledgerService = ledgerService; | |||
} | |||
@@ -95,7 +95,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { | |||
SecurityContext.setContextUsersPolicy(securityPolicy); | |||
// 安全校验; | |||
checkSecurity(); | |||
checkSecurity(securityPolicy); | |||
// 验证交易请求; | |||
checkRequest(reqExt); | |||
@@ -143,23 +143,26 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { | |||
} | |||
/** | |||
* 验证交易的参与方的权限; | |||
* 执行安全验证; | |||
*/ | |||
private void checkSecurity() { | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
// 验证当前交易请求的节点参与方是否具有权限; | |||
securityPolicy.checkNodes(LedgerPermission.APPROVE_TX, MultiIdsPolicy.AT_LEAST_ONE); | |||
private void checkSecurity(SecurityPolicy securityPolicy) { | |||
// 验证节点和终端身份的合法性; | |||
// 多重身份签署的必须全部身份都合法; | |||
securityPolicy.checkEndpointValidity(MultiIDsPolicy.ALL); | |||
securityPolicy.checkNodeValidity(MultiIDsPolicy.ALL); | |||
// 验证参与方节点是否具有核准交易的权限; | |||
securityPolicy.checkNodePermission(LedgerPermission.APPROVE_TX, MultiIDsPolicy.AT_LEAST_ONE); | |||
} | |||
private void checkRequest(TransactionRequestExtension reqExt) { | |||
// TODO: 把验签和创建交易并行化; | |||
checkTxContent(reqExt); | |||
checkTxContentHash(reqExt); | |||
checkEndpointSignatures(reqExt); | |||
checkNodeSignatures(reqExt); | |||
} | |||
private void checkTxContent(TransactionRequestExtension requestExt) { | |||
private void checkTxContentHash(TransactionRequestExtension requestExt) { | |||
TransactionContent txContent = requestExt.getTransactionContent(); | |||
if (!TxBuilder.verifyTxContentHash(txContent, txContent.getHash())) { | |||
// 由于哈希校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求; | |||
@@ -169,44 +172,34 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { | |||
} | |||
} | |||
private void checkEndpointSignatures(TransactionRequestExtension request) { | |||
private void checkNodeSignatures(TransactionRequestExtension request) { | |||
TransactionContent txContent = request.getTransactionContent(); | |||
Collection<Credential> endpoints = request.getEndpoints(); | |||
if (endpoints != null) { | |||
for (Credential endpoint : endpoints) { | |||
if (!previousBlockDataset.getUserAccountSet().contains(endpoint.getAddress())) { | |||
throw new UserDoesNotExistException( | |||
"The endpoint signer[" + endpoint.getAddress() + "] was not registered!"); | |||
} | |||
if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(), | |||
endpoint.getPubKey())) { | |||
Collection<Credential> nodes = request.getNodes(); | |||
if (nodes != null) { | |||
for (Credential node : nodes) { | |||
if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(), | |||
node.getPubKey())) { | |||
// 由于签名校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求; | |||
throw new IllegalTransactionException( | |||
String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!", | |||
request.getTransactionContent().getHash(), endpoint.getAddress()), | |||
String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!", | |||
request.getTransactionContent().getHash(), node.getAddress()), | |||
TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE); | |||
} | |||
} | |||
} | |||
} | |||
private void checkNodeSignatures(TransactionRequestExtension request) { | |||
private void checkEndpointSignatures(TransactionRequestExtension request) { | |||
TransactionContent txContent = request.getTransactionContent(); | |||
Collection<Credential> nodes = request.getNodes(); | |||
if (nodes != null) { | |||
for (Credential node : nodes) { | |||
if (!previousBlockDataset.getAdminDataset().getParticipantDataset().contains(node.getAddress())) { | |||
throw new ParticipantDoesNotExistException( | |||
"The node signer[" + node.getAddress() + "] was not registered to the participant set!"); | |||
} | |||
if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(), | |||
node.getPubKey())) { | |||
Collection<Credential> endpoints = request.getEndpoints(); | |||
if (endpoints != null) { | |||
for (Credential endpoint : endpoints) { | |||
if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(), | |||
endpoint.getPubKey())) { | |||
// 由于签名校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求; | |||
throw new IllegalTransactionException( | |||
String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!", | |||
request.getTransactionContent().getHash(), node.getAddress()), | |||
String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!", | |||
request.getTransactionContent().getHash(), endpoint.getAddress()), | |||
TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE); | |||
} | |||
} | |||
@@ -236,14 +229,14 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { | |||
// assert; Instance of operation are one of User related operations or | |||
// DataAccount related operations; | |||
OperationHandle hdl = opHandles.getHandle(operation.getClass()); | |||
hdl.process(operation, dataset, request, previousBlockDataset, this, ledgerService); | |||
hdl.process(operation, dataset, request, ledgerQueryer, this, ledgerService); | |||
} | |||
}; | |||
OperationHandle opHandle; | |||
int opIndex = 0; | |||
for (Operation op : ops) { | |||
opHandle = opHandles.getHandle(op.getClass()); | |||
BytesValue opResult = opHandle.process(op, dataset, request, previousBlockDataset, handleContext, | |||
BytesValue opResult = opHandle.process(op, dataset, request, ledgerQueryer, handleContext, | |||
ledgerService); | |||
if (opResult != null) { | |||
operationResults.add(new OperationResultData(opIndex, opResult)); | |||
@@ -43,8 +43,10 @@ public class TransactionEngineImpl implements TransactionEngine { | |||
LedgerDataQuery previousBlockDataset = ledgerRepo.getDataSet(ledgerBlock); | |||
LedgerAdminDataQuery previousAdminDataset = previousBlockDataset.getAdminDataset(); | |||
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(previousAdminDataset.getAdminInfo().getRolePrivileges(), | |||
previousAdminDataset.getAdminInfo().getUserRoles()); | |||
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl( | |||
previousAdminDataset.getAdminInfo().getRolePrivileges(), | |||
previousAdminDataset.getAdminInfo().getUserRoles(), previousAdminDataset.getParticipantDataset(), | |||
previousBlockDataset.getUserAccountSet()); | |||
batch = new InnerTransactionBatchProcessor(ledgerHash, securityManager, newBlockEditor, previousBlockDataset, | |||
opHdlRegs, ledgerService, ledgerBlock.getHeight()); | |||
batchs.put(ledgerHash, batch); | |||
@@ -75,8 +77,8 @@ public class TransactionEngineImpl implements TransactionEngine { | |||
* @param opHandles 操作处理对象注册表; | |||
*/ | |||
public InnerTransactionBatchProcessor(HashDigest ledgerHash, LedgerSecurityManager securityManager, | |||
LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles, | |||
LedgerService ledgerService, long blockHeight) { | |||
LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset, | |||
OperationHandleRegisteration opHandles, LedgerService ledgerService, long blockHeight) { | |||
super(securityManager, newBlockEditor, previousBlockDataset, opHandles, ledgerService); | |||
this.ledgerHash = ledgerHash; | |||
this.blockHeight = blockHeight; | |||
@@ -7,7 +7,7 @@ import com.jd.blockchain.ledger.TransactionPermission; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandle; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
@@ -49,7 +49,7 @@ public abstract class AbstractLedgerOperationHandle<T extends Operation> impleme | |||
OperationHandleContext handleContext, LedgerService ledgerService) { | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(TransactionPermission.DIRECT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(TransactionPermission.DIRECT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
@SuppressWarnings("unchecked") | |||
@@ -15,7 +15,7 @@ import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerQueryService; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandle; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
@@ -35,7 +35,7 @@ public abstract class AbtractContractEventSendOperationHandle implements Operati | |||
LedgerDataQuery previousBlockDataset, OperationHandleContext opHandleContext, LedgerService ledgerService) { | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(TransactionPermission.CONTRACT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(TransactionPermission.CONTRACT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
ContractEventSendOperation contractOP = (ContractEventSendOperation) op; | |||
@@ -5,7 +5,7 @@ import com.jd.blockchain.ledger.LedgerPermission; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
@@ -26,7 +26,7 @@ public class ContractCodeDeployOperationHandle extends AbstractLedgerOperationHa | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(LedgerPermission.UPGRADE_CONTRACT, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(LedgerPermission.UPGRADE_CONTRACT, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
ContractCodeDeployOperation contractOP = (ContractCodeDeployOperation) op; | |||
@@ -9,7 +9,7 @@ import com.jd.blockchain.ledger.core.DataAccount; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
@@ -27,7 +27,7 @@ public class DataAccountKVSetOperationHandle extends AbstractLedgerOperationHand | |||
OperationHandleContext handleContext, LedgerService ledgerService) { | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
DataAccount account = newBlockDataset.getDataAccountSet().getDataAccount(kvWriteOp.getAccountAddress()); | |||
@@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.LedgerPermission; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
@@ -25,7 +25,7 @@ public class DataAccountRegisterOperationHandle extends AbstractLedgerOperationH | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
DataAccountRegisterOperation dataAccountRegOp = (DataAccountRegisterOperation) op; | |||
@@ -0,0 +1,27 @@ | |||
package com.jd.blockchain.ledger.core.handles; | |||
import com.jd.blockchain.ledger.BytesValue; | |||
import com.jd.blockchain.ledger.LedgerInitOperation; | |||
import com.jd.blockchain.ledger.Operation; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.OperationHandle; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.TransactionRequestExtension; | |||
public class LedgerInitOperationHandle implements OperationHandle { | |||
@Override | |||
public Class<?> getOperationType() { | |||
return LedgerInitOperation.class; | |||
} | |||
@Override | |||
public BytesValue process(Operation op, LedgerDataset newBlockDataset, TransactionRequestExtension requestContext, | |||
LedgerDataQuery previousBlockDataset, OperationHandleContext handleContext, LedgerService ledgerService) { | |||
// 对初始化操作不需要做任何处理; | |||
return null; | |||
} | |||
} |
@@ -8,7 +8,7 @@ import com.jd.blockchain.ledger.RolesConfigureOperation.RolePrivilegeEntry; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
@@ -25,7 +25,7 @@ public class RolesConfigureOperationHandle extends AbstractLedgerOperationHandle | |||
OperationHandleContext handleContext, LedgerService ledgerService) { | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
RolePrivilegeEntry[] rpcfgs = operation.getRoles(); | |||
@@ -13,7 +13,7 @@ import com.jd.blockchain.ledger.UserRolesSettings; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
@@ -30,7 +30,7 @@ public class UserAuthorizeOperationHandle extends AbstractLedgerOperationHandle< | |||
OperationHandleContext handleContext, LedgerService ledgerService) { | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
@@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.UserRegisterOperation; | |||
import com.jd.blockchain.ledger.core.LedgerDataQuery; | |||
import com.jd.blockchain.ledger.core.LedgerDataset; | |||
import com.jd.blockchain.ledger.core.LedgerService; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.OperationHandleContext; | |||
import com.jd.blockchain.ledger.core.SecurityContext; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
@@ -24,7 +24,7 @@ public class UserRegisterOperationHandle extends AbstractLedgerOperationHandle<U | |||
OperationHandleContext handleContext, LedgerService ledgerService) { | |||
// 权限校验; | |||
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); | |||
securityPolicy.checkEndpoints(LedgerPermission.REGISTER_USER, MultiIdsPolicy.AT_LEAST_ONE); | |||
securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_USER, MultiIDsPolicy.AT_LEAST_ONE); | |||
// 操作账本; | |||
UserRegisterOperation userRegOp = (UserRegisterOperation) op; | |||
@@ -102,7 +102,13 @@ public class ContractInvokingTest { | |||
// 创建和加载合约实例; | |||
BlockchainKeypair contractKey = BlockchainKeyGenerator.getInstance().generate(); | |||
Bytes contractAddress = contractKey.getAddress(); | |||
TestContract contractInstance = Mockito.mock(TestContract.class); | |||
final String asset = "AK"; | |||
final long issueAmount = new Random().nextLong(); | |||
when(contractInstance.issue(anyString(), anyLong())).thenReturn(issueAmount); | |||
// 装载合约; | |||
contractInvokingHandle.setup(contractAddress, TestContract.class, contractInstance); | |||
// 注册合约处理器; | |||
@@ -124,11 +130,8 @@ public class ContractInvokingTest { | |||
// 构建基于接口调用合约的交易请求,用于测试合约调用; | |||
TxBuilder txBuilder = new TxBuilder(ledgerHash); | |||
TestContract contractProxy = txBuilder.contract(contractAddress, TestContract.class); | |||
TestContract contractProxy1 = txBuilder.contract(contractAddress, TestContract.class); | |||
String asset = "AK"; | |||
long issueAmount = new Random().nextLong(); | |||
when(contractInstance.issue(anyString(), anyLong())).thenReturn(issueAmount); | |||
// 构造调用合约的交易; | |||
contractProxy.issue(asset, issueAmount); | |||
TransactionRequestBuilder txReqBuilder = txBuilder.prepareRequest(); | |||
@@ -475,10 +478,10 @@ public class ContractInvokingTest { | |||
LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class); | |||
SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class); | |||
when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy); | |||
@@ -1,6 +1,5 @@ | |||
package test.com.jd.blockchain.ledger.core; | |||
import static org.junit.Assert.assertEquals; | |||
import static org.junit.Assert.assertFalse; | |||
import static org.junit.Assert.assertTrue; | |||
@@ -8,6 +7,7 @@ import java.util.HashMap; | |||
import java.util.Map; | |||
import org.junit.Test; | |||
import org.mockito.Mockito; | |||
import com.jd.blockchain.crypto.Crypto; | |||
import com.jd.blockchain.crypto.CryptoAlgorithm; | |||
@@ -18,15 +18,17 @@ import com.jd.blockchain.ledger.BlockchainKeyGenerator; | |||
import com.jd.blockchain.ledger.BlockchainKeypair; | |||
import com.jd.blockchain.ledger.CryptoSetting; | |||
import com.jd.blockchain.ledger.LedgerPermission; | |||
import com.jd.blockchain.ledger.ParticipantDataQuery; | |||
import com.jd.blockchain.ledger.Privileges; | |||
import com.jd.blockchain.ledger.RolesPolicy; | |||
import com.jd.blockchain.ledger.TransactionPermission; | |||
import com.jd.blockchain.ledger.core.CryptoConfig; | |||
import com.jd.blockchain.ledger.core.LedgerSecurityManager; | |||
import com.jd.blockchain.ledger.core.LedgerSecurityManagerImpl; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.RolePrivilegeDataset; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
import com.jd.blockchain.ledger.core.UserAccountQuery; | |||
import com.jd.blockchain.ledger.core.UserRoleDataset; | |||
import com.jd.blockchain.storage.service.utils.MemoryKVStorage; | |||
import com.jd.blockchain.utils.Bytes; | |||
@@ -125,8 +127,12 @@ public class LedgerSecurityManagerTest { | |||
userRolesDataset.addUserRoles(kpPlatform.getAddress(), RolesPolicy.UNION, platformRoles); | |||
userRolesDataset.commit(); | |||
ParticipantDataQuery partisQuery = Mockito.mock(ParticipantDataQuery.class); | |||
UserAccountQuery usersQuery = Mockito.mock(UserAccountQuery.class); | |||
// 创建安全管理器; | |||
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset); | |||
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset, | |||
partisQuery, usersQuery); | |||
// 定义终端用户列表;终端用户一起共同具有 ADMIN、OPERATOR 角色; | |||
final Map<Bytes, BlockchainKeypair> endpoints = new HashMap<>(); | |||
@@ -146,16 +152,16 @@ public class LedgerSecurityManagerTest { | |||
// 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限; | |||
if (p == LedgerPermission.REGISTER_USER || p == LedgerPermission.REGISTER_DATA_ACCOUNT | |||
|| p == LedgerPermission.WRITE_DATA_ACCOUNT) { | |||
assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} else { | |||
assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} | |||
if (p == LedgerPermission.APPROVE_TX) { | |||
// 共识参与方只有 PLATFORM 角色的权限:核准交易; | |||
assertTrue(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertTrue(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} else { | |||
assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} | |||
} | |||
@@ -163,12 +169,12 @@ public class LedgerSecurityManagerTest { | |||
for (TransactionPermission p : transactionPermissions) { | |||
// 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限; | |||
if (p == TransactionPermission.DIRECT_OPERATION || p == TransactionPermission.CONTRACT_OPERATION) { | |||
assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} else { | |||
assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} | |||
assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE)); | |||
assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); | |||
} | |||
} | |||
@@ -122,10 +122,10 @@ public class TransactionBatchProcessorTest { | |||
LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class); | |||
SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class); | |||
when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy); | |||
@@ -45,7 +45,7 @@ import com.jd.blockchain.ledger.core.LedgerEditor; | |||
import com.jd.blockchain.ledger.core.LedgerManager; | |||
import com.jd.blockchain.ledger.core.LedgerRepository; | |||
import com.jd.blockchain.ledger.core.LedgerSecurityManager; | |||
import com.jd.blockchain.ledger.core.MultiIdsPolicy; | |||
import com.jd.blockchain.ledger.core.MultiIDsPolicy; | |||
import com.jd.blockchain.ledger.core.SecurityPolicy; | |||
import com.jd.blockchain.ledger.core.TransactionBatchProcessor; | |||
import com.jd.blockchain.service.TransactionBatchResultHandle; | |||
@@ -676,44 +676,61 @@ public class LedgerPerformanceTest { | |||
} | |||
@Override | |||
public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) { | |||
public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) { | |||
public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) { | |||
public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) { | |||
// TODO Auto-generated method stub | |||
return false; | |||
public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) | |||
public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) | |||
public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException { | |||
public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) | |||
public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | |||
throws LedgerSecurityException { | |||
} | |||
@Override | |||
public boolean isEndpointValid(MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public boolean isNodeValid(MultiIDsPolicy midPolicy) { | |||
return true; | |||
} | |||
@Override | |||
public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
} | |||
@Override | |||
public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { | |||
} | |||
} | |||
} |
@@ -451,10 +451,10 @@ public class MockerNodeContext implements BlockchainQueryService { | |||
LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class); | |||
SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class); | |||
when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true); | |||
when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true); | |||
when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy); | |||