Browse Source

Refactored the process of ledger init operation: uniquely processed by TransactionBatchProcessor;

tags/1.1.0
huanghaiquan 5 years ago
parent
commit
a418cf05fa
27 changed files with 724 additions and 325 deletions
  1. +0
    -4
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java
  2. +69
    -36
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java
  3. +209
    -0
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java
  4. +98
    -0
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java
  5. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java
  6. +18
    -15
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java
  7. +0
    -125
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java
  8. +134
    -32
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java
  9. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIDsPolicy.java
  10. +3
    -1
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java
  11. +41
    -8
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java
  12. +36
    -43
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java
  13. +6
    -4
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java
  14. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java
  15. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java
  16. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java
  17. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java
  18. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java
  19. +27
    -0
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java
  20. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java
  21. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java
  22. +2
    -2
      source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java
  23. +11
    -8
      source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/ContractInvokingTest.java
  24. +16
    -10
      source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerSecurityManagerTest.java
  25. +4
    -4
      source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java
  26. +28
    -11
      source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java
  27. +4
    -4
      source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java

+ 0
- 4
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java View File

@@ -70,10 +70,6 @@ public class AccountSet implements Transactional, MerkleProvable {
this.accessPolicy = accessPolicy;
}
// public HashDigest getAccountRootHash() {
// return merkleDataset.getRootHash();
// }
@Override
public HashDigest getRootHash() {
return merkleDataset.getRootHash();


+ 69
- 36
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java View File

@@ -1,20 +1,31 @@
package com.jd.blockchain.ledger.core;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.concurrent.ConcurrentHashMap;

import org.springframework.stereotype.Component;

import com.jd.blockchain.ledger.LedgerException;
import com.jd.blockchain.ledger.Operation;
import com.jd.blockchain.ledger.core.handles.ContractCodeDeployOperationHandle;
import com.jd.blockchain.ledger.core.handles.DataAccountKVSetOperationHandle;
import com.jd.blockchain.ledger.core.handles.DataAccountRegisterOperationHandle;
import com.jd.blockchain.ledger.core.handles.JVMContractEventSendOperationHandle;
import com.jd.blockchain.ledger.core.handles.LedgerInitOperationHandle;
import com.jd.blockchain.ledger.core.handles.RolesConfigureOperationHandle;
import com.jd.blockchain.ledger.core.handles.UserAuthorizeOperationHandle;
import com.jd.blockchain.ledger.core.handles.UserRegisterOperationHandle;
import com.jd.blockchain.transaction.ContractCodeDeployOpTemplate;
import com.jd.blockchain.transaction.ContractEventSendOpTemplate;
import com.jd.blockchain.transaction.DataAccountKVSetOpTemplate;
import com.jd.blockchain.transaction.DataAccountRegisterOpTemplate;
import com.jd.blockchain.transaction.LedgerInitOpTemplate;
import com.jd.blockchain.transaction.RolesConfigureOpTemplate;
import com.jd.blockchain.transaction.UserAuthorizeOpTemplate;
import com.jd.blockchain.transaction.UserRegisterOpTemplate;

@Component
public class DefaultOperationHandleRegisteration implements OperationHandleRegisteration {
@@ -23,51 +34,74 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis

private Map<Class<?>, OperationHandle> handles = new ConcurrentHashMap<>();

private Map<Class<?>, OperationHandle> cacheMapping = new ConcurrentHashMap<>();

static {
addDefaultHandle(new RolesConfigureOperationHandle());
addDefaultHandle(new UserAuthorizeOperationHandle());
addDefaultHandle(new DataAccountKVSetOperationHandle());
addDefaultHandle(new DataAccountRegisterOperationHandle());
addDefaultHandle(new UserRegisterOperationHandle());
addDefaultHandle(new ContractCodeDeployOperationHandle());
addDefaultHandle(new JVMContractEventSendOperationHandle());
registerDefaultHandle(new LedgerInitOperationHandle());

registerDefaultHandle(new RolesConfigureOperationHandle());

registerDefaultHandle(new UserAuthorizeOperationHandle());

registerDefaultHandle(new UserRegisterOperationHandle());

registerDefaultHandle(new DataAccountKVSetOperationHandle());

registerDefaultHandle(new DataAccountRegisterOperationHandle());

registerDefaultHandle(new ContractCodeDeployOperationHandle());

registerDefaultHandle(new JVMContractEventSendOperationHandle());
}

private static void addDefaultHandle(OperationHandle handle) {
private static void registerDefaultHandle(OperationHandle handle) {
DEFAULT_HANDLES.put(handle.getOperationType(), handle);
}

/**
* 以最高优先级插入一个操作处理器;
* 注册操作处理器;此方法将覆盖默认的操作处理器配置
*
* @param handle
*/
public void registerHandle(OperationHandle handle) {
List<Class<?>> opTypes = new ArrayList<Class<?>>();
for (Class<?> opType : handles.keySet()) {
if (opType.isAssignableFrom(handle.getOperationType())) {
opTypes.add(opType);
}
}

for (Class<?> opType : opTypes) {
handles.put(opType, handle);
}
handles.put(handle.getOperationType(), handle);
}

private OperationHandle getRegisteredHandle(Class<?> operationType) {
OperationHandle hdl = handles.get(operationType);
if (hdl == null) {
for (Entry<Class<?>, OperationHandle> entry : handles.entrySet()) {
if (entry.getKey().isAssignableFrom(operationType)) {
hdl = entry.getValue();
hdl = DEFAULT_HANDLES.get(operationType);
//按“操作类型”的继承关系匹配;
if (hdl == null) {
for (Class<?> opType : handles.keySet()) {
if (opType.isAssignableFrom(operationType)) {
hdl = handles.get(opType);
break;
}
}
}
}
return hdl;
}

private OperationHandle getDefaultHandle(Class<?> operationType) {
OperationHandle hdl = DEFAULT_HANDLES.get(operationType);
if (hdl == null) {
for (Entry<Class<?>, OperationHandle> entry : DEFAULT_HANDLES.entrySet()) {
if (entry.getKey().isAssignableFrom(operationType)) {
hdl = entry.getValue();
if (hdl == null) {
for (Class<?> opType : DEFAULT_HANDLES.keySet()) {
if (opType.isAssignableFrom(operationType)) {
hdl = DEFAULT_HANDLES.get(opType);
break;
}
}
}
if (hdl != null) {
handles.put(operationType, hdl);
}
}
return hdl;
}
@@ -80,20 +114,19 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis
* java.lang.Class)
*/
@Override
public OperationHandle getHandle(Class<?> operationType) {
OperationHandle hdl = cacheMapping.get(operationType);
if (hdl != null) {
return hdl;
}
hdl = getRegisteredHandle(operationType);
public OperationHandle getHandle(Class<? extends Operation> operationType) {
OperationHandle hdl = getRegisteredHandle(operationType);
if (hdl == null) {
hdl = getDefaultHandle(operationType);
if (hdl == null) {
throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!");
}
throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!");
}
cacheMapping.put(operationType, hdl);
return hdl;
}

private static class OpHandleStub {

private Class<? extends Operation> operationType;

private OperationHandle operationHandle;

}
}

+ 209
- 0
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java View File

@@ -0,0 +1,209 @@
package com.jd.blockchain.ledger.core;

import com.jd.blockchain.crypto.HashDigest;
import com.jd.blockchain.ledger.AccountHeader;
import com.jd.blockchain.ledger.LedgerAdminInfo;
import com.jd.blockchain.ledger.MerkleProof;
import com.jd.blockchain.ledger.ParticipantDataQuery;
import com.jd.blockchain.ledger.ParticipantNode;
import com.jd.blockchain.utils.Bytes;

public class EmptyLedgerDataset implements LedgerDataQuery {
private static final LedgerAdminDataQuery EMPTY_ADMIN_DATA = new EmptyAdminData();
private static final UserAccountQuery EMPTY_USER_ACCOUNTS = new EmptyUserAccountSet();
private static final DataAccountQuery EMPTY_DATA_ACCOUNTS = new EmptyDataAccountSet();
private static final ContractAccountQuery EMPTY_CONTRACT_ACCOUNTS = new EmptyContractAccountSet();

private static final ParticipantDataQuery EMPTY_PARTICIPANTS = new EmptyParticipantData();

@Override
public LedgerAdminDataQuery getAdminDataset() {
return EMPTY_ADMIN_DATA;
}

@Override
public UserAccountQuery getUserAccountSet() {
return EMPTY_USER_ACCOUNTS;
}

@Override
public DataAccountQuery getDataAccountSet() {
return EMPTY_DATA_ACCOUNTS;
}

@Override
public ContractAccountQuery getContractAccountset() {
return EMPTY_CONTRACT_ACCOUNTS;
}


private static class EmptyAdminData implements LedgerAdminDataQuery{

@Override
public LedgerAdminInfo getAdminInfo() {
return null;
}

@Override
public ParticipantDataQuery getParticipantDataset() {
return EMPTY_PARTICIPANTS;
}
}
private static class EmptyParticipantData implements ParticipantDataQuery{

@Override
public HashDigest getRootHash() {
return null;
}

@Override
public MerkleProof getProof(Bytes key) {
return null;
}

@Override
public long getParticipantCount() {
return 0;
}

@Override
public boolean contains(Bytes address) {
return false;
}

@Override
public ParticipantNode getParticipant(Bytes address) {
return null;
}

@Override
public ParticipantNode[] getParticipants() {
return null;
}
}
private static class EmptyUserAccountSet implements UserAccountQuery{

@Override
public AccountHeader[] getAccounts(int fromIndex, int count) {
return null;
}

@Override
public long getTotalCount() {
return 0;
}

@Override
public HashDigest getRootHash() {
return null;
}

@Override
public MerkleProof getProof(Bytes key) {
return null;
}

@Override
public UserAccount getUser(String address) {
return null;
}

@Override
public UserAccount getUser(Bytes address) {
return null;
}

@Override
public boolean contains(Bytes address) {
return false;
}

@Override
public UserAccount getUser(Bytes address, long version) {
return null;
}
}
private static class EmptyDataAccountSet implements DataAccountQuery{

@Override
public AccountHeader[] getAccounts(int fromIndex, int count) {
return null;
}

@Override
public HashDigest getRootHash() {
return null;
}

@Override
public long getTotalCount() {
return 0;
}

@Override
public MerkleProof getProof(Bytes address) {
return null;
}

@Override
public DataAccount getDataAccount(Bytes address) {
return null;
}

@Override
public DataAccount getDataAccount(Bytes address, long version) {
return null;
}
}

private static class EmptyContractAccountSet implements ContractAccountQuery{

@Override
public AccountHeader[] getAccounts(int fromIndex, int count) {
return null;
}

@Override
public HashDigest getRootHash() {
return null;
}

@Override
public long getTotalCount() {
return 0;
}

@Override
public MerkleProof getProof(Bytes address) {
return null;
}

@Override
public boolean contains(Bytes address) {
return false;
}

@Override
public ContractAccount getContract(Bytes address) {
return null;
}

@Override
public ContractAccount getContract(Bytes address, long version) {
return null;
}
}
}

+ 98
- 0
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java View File

@@ -0,0 +1,98 @@
package com.jd.blockchain.ledger.core;

import java.util.Set;

import com.jd.blockchain.ledger.LedgerPermission;
import com.jd.blockchain.ledger.LedgerSecurityException;
import com.jd.blockchain.ledger.TransactionPermission;
import com.jd.blockchain.utils.Bytes;

class FullPermissionedSecurityManager implements LedgerSecurityManager {

public static final FullPermissionedSecurityManager INSTANCE = new FullPermissionedSecurityManager();

@Override
public SecurityPolicy createSecurityPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) {
return new FullPermissionedPolicy(endpoints, nodes);
}

private static class FullPermissionedPolicy implements SecurityPolicy {

private Set<Bytes> endpoints;
private Set<Bytes> nodes;

public FullPermissionedPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) {
this.endpoints = endpoints;
this.nodes = nodes;
}

@Override
public Set<Bytes> getEndpoints() {
return endpoints;
}

@Override
public Set<Bytes> getNodes() {
return nodes;
}

@Override
public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
}

@Override
public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
}

@Override
public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException {
}

@Override
public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
}

@Override
public boolean isEndpointValid(MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isNodeValid(MultiIDsPolicy midPolicy) {
return true;
}

@Override
public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
}

@Override
public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
}

}

}

+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java View File

@@ -108,7 +108,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery,
public UserRolesSettings getUserRoles() {
return userRoles;
}
@Override
public LedgerAdminInfo getAdminInfo() {
return this;
@@ -392,7 +392,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery,
return;
}
participants.cancel();
metadata = new LedgerMetadataInfo(origMetadata);
metadata =origMetadata == null ? new LedgerMetadataInfo() : new LedgerMetadataInfo(origMetadata);
}
public static class LedgerMetadataInfo implements LedgerMetadata_V2 {


+ 18
- 15
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java View File

@@ -9,14 +9,12 @@ import com.jd.blockchain.ledger.DigitalSignature;
import com.jd.blockchain.ledger.LedgerBlock;
import com.jd.blockchain.ledger.LedgerInitException;
import com.jd.blockchain.ledger.LedgerInitSetting;
import com.jd.blockchain.ledger.Operation;
import com.jd.blockchain.ledger.ParticipantNode;
import com.jd.blockchain.ledger.SecurityInitSettings;
import com.jd.blockchain.ledger.TransactionBuilder;
import com.jd.blockchain.ledger.TransactionContent;
import com.jd.blockchain.ledger.TransactionRequest;
import com.jd.blockchain.ledger.TransactionState;
import com.jd.blockchain.ledger.UserRegisterOperation;
import com.jd.blockchain.service.TransactionBatchResultHandle;
import com.jd.blockchain.storage.service.KVStorageService;
import com.jd.blockchain.transaction.SignatureUtils;
import com.jd.blockchain.transaction.TxBuilder;
@@ -24,6 +22,14 @@ import com.jd.blockchain.transaction.TxRequestBuilder;

public class LedgerInitializer {

private static final FullPermissionedSecurityManager FULL_PERMISSION_SECURITY_MANAGER = new FullPermissionedSecurityManager();

private static final LedgerDataQuery EMPTY_LEDGER_DATA_QUERY = new EmptyLedgerDataset();

private static final OperationHandleRegisteration DEFAULT_OP_HANDLE_REG = new DefaultOperationHandleRegisteration();

private LedgerService EMPTY_LEDGERS = new LedgerManager();

private LedgerInitSetting initSetting;

private TransactionContent initTxContent;
@@ -36,6 +42,8 @@ public class LedgerInitializer {

private volatile boolean canceled = false;

private TransactionBatchResultHandle txResultsHandle;

/**
* 初始化生成的账本hash; <br>
*
@@ -115,7 +123,7 @@ public class LedgerInitializer {
throw new LedgerInitException("The ledger has been canceled!");
}
committed = true;
this.ledgerEditor.commit();
this.txResultsHandle.commit();
}

public void cancel() {
@@ -148,18 +156,13 @@ public class LedgerInitializer {

TransactionRequest txRequest = txReqBuilder.buildRequest();

LedgerTransactionContext txCtx = ledgerEditor.newTransaction(txRequest);
Operation[] ops = txRequest.getTransactionContent().getOperations();
// 注册用户; 注:第一个操作是 LedgerInitOperation;
// TODO:暂时只支持注册用户的初始化操作;
for (int i = 1; i < ops.length; i++) {
UserRegisterOperation userRegOP = (UserRegisterOperation) ops[i];
txCtx.getDataset().getUserAccountSet().register(userRegOP.getUserID().getAddress(),
userRegOP.getUserID().getPubKey());
}
TransactionBatchProcessor txProcessor = new TransactionBatchProcessor(FULL_PERMISSION_SECURITY_MANAGER,
ledgerEditor, EMPTY_LEDGER_DATA_QUERY, DEFAULT_OP_HANDLE_REG, EMPTY_LEDGERS);

txCtx.commit(TransactionState.SUCCESS, null);
txProcessor.schedule(txRequest);

return ledgerEditor.prepare();
txResultsHandle = txProcessor.prepare();
return txResultsHandle.getBlock();
}

}

+ 0
- 125
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java View File

@@ -109,16 +109,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
return latestState.block;
}

// private LedgerState getLatestState() {
// LedgerState state = latestState;
// if (state == null) {
// LedgerBlock latestBlock = innerGetBlock(innerGetLatestBlockHeight());
// state = new LedgerState(latestBlock);
// latestState = state;
// }
// return state;
// }

/**
* 重新检索加载最新的状态;
*
@@ -264,20 +254,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
@Override
public TransactionSet getTransactionSet(LedgerBlock block) {
long height = getLatestBlockHeight();
// TransactionSet transactionSet = null;
if (height == block.getHeight()) {
// // 缓存最近一个区块的数据;
// LedgerState state = getLatestState();
// transactionSet = state.transactionSet;
// if (transactionSet == null) {
// LedgerAdminInfo adminAccount = getAdminInfo(block);
// transactionSet = loadTransactionSet(block.getTransactionSetHash(),
// adminAccount.getSettings().getCryptoSetting(), keyPrefix, exPolicyStorage, versioningStorage,
// true);
// state.transactionSet = transactionSet;
// }
// return transactionSet;

// 从缓存中返回最新区块的数据集;
return latestState.getTransactionSet();
}
@@ -290,18 +267,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
@Override
public LedgerAdminDataset getAdminInfo(LedgerBlock block) {
long height = getLatestBlockHeight();
// LedgerAdminDataset adminAccount = null;
if (height == block.getHeight()) {
// // 缓存读;
// LedgerState state = getLatestState();
// adminAccount = state.adminAccount;
// if (adminAccount == null) {
// adminAccount = new LedgerAdminDataset(block.getAdminAccountHash(), keyPrefix, exPolicyStorage,
// versioningStorage, true);
// state.adminAccount = adminAccount;
// }
// return adminAccount;

return latestState.getAdminDataset();
}

@@ -315,20 +281,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
@Override
public UserAccountQuery getUserAccountSet(LedgerBlock block) {
long height = getLatestBlockHeight();
// UserAccountSet userAccountSet = null;
if (height == block.getHeight()) {
// // 缓存读;
// LedgerState state = getLatestState();
// userAccountSet = state.userAccountSet;
// if (userAccountSet == null) {
// LedgerAdminDataset adminAccount = getAdminInfo(block);
// userAccountSet = loadUserAccountSet(block.getUserAccountSetHash(),
// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage,
// versioningStorage, true);
// state.userAccountSet = userAccountSet;
// }
// return userAccountSet;

return latestState.getUserAccountSet();
}
LedgerAdminDataset adminAccount = getAdminInfo(block);
@@ -343,20 +296,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
@Override
public DataAccountQuery getDataAccountSet(LedgerBlock block) {
long height = getLatestBlockHeight();
// DataAccountSet dataAccountSet = null;
if (height == block.getHeight()) {
// // 缓存读;
// LedgerState state = getLatestState();
// dataAccountSet = state.dataAccountSet;
// if (dataAccountSet == null) {
// LedgerAdminDataset adminAccount = getAdminInfo(block);
// dataAccountSet = loadDataAccountSet(block.getDataAccountSetHash(),
// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage,
// versioningStorage, true);
// state.dataAccountSet = dataAccountSet;
// }
// return dataAccountSet;

return latestState.getDataAccountSet();
}

@@ -372,20 +312,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
@Override
public ContractAccountQuery getContractAccountSet(LedgerBlock block) {
long height = getLatestBlockHeight();
// ContractAccountSet contractAccountSet = null;
if (height == block.getHeight()) {
// // 缓存读;
// LedgerState state = getLatestState();
// contractAccountSet = state.contractAccountSet;
// if (contractAccountSet == null) {
// LedgerAdminDataset adminAccount = getAdminInfo(block);
// contractAccountSet = loadContractAccountSet(block.getContractAccountSetHash(),
// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage,
// versioningStorage, true);
// state.contractAccountSet = contractAccountSet;
// }
// return contractAccountSet;

return latestState.getContractAccountSet();
}

@@ -401,17 +328,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
@Override
public LedgerDataset getDataSet(LedgerBlock block) {
long height = getLatestBlockHeight();
// LedgerDataSet ledgerDataSet = null;
if (height == block.getHeight()) {
// // 缓存读;
// LedgerState state = getLatestState();
// ledgerDataSet = state.ledgerDataSet;
// if (ledgerDataSet == null) {
// ledgerDataSet = innerDataSet(block);
// state.ledgerDataSet = ledgerDataSet;
// }
// return ledgerDataSet;

return latestState.getLedgerDataset();
}

@@ -463,15 +380,10 @@ class LedgerRepositoryImpl implements LedgerRepository {
}

static Bytes encodeLedgerIndexKey(HashDigest ledgerHash) {
// return LEDGER_PREFIX + Base58Utils.encode(ledgerHash.toBytes());
// return new Bytes(ledgerHash.toBytes()).concatTo(LEDGER_PREFIX);
return LEDGER_PREFIX.concat(ledgerHash);
}

static Bytes encodeBlockStorageKey(HashDigest blockHash) {
// String key = ByteArray.toBase58(blockHash.toBytes());
// return BLOCK_PREFIX + key;

return BLOCK_PREFIX.concat(blockHash);
}

@@ -483,29 +395,13 @@ class LedgerRepositoryImpl implements LedgerRepository {
String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX;
String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX;
String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX;
// String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX;

// UserAccountSet userAccountSet = new
// UserAccountSet(adminAccount.getSetting().getCryptoSetting(),
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage),
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage),
// DEFAULT_ACCESS_POLICY);
UserAccountSet userAccountSet = new UserAccountSet(adminAccount.getSettings().getCryptoSetting(),
usersetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY);

// DataAccountSet dataAccountSet = new
// DataAccountSet(adminAccount.getSetting().getCryptoSetting(),
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage),
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage),
// DEFAULT_ACCESS_POLICY);
DataAccountSet dataAccountSet = new DataAccountSet(adminAccount.getSettings().getCryptoSetting(),
datasetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY);

// ContractAccountSet contractAccountSet = new
// ContractAccountSet(adminAccount.getSetting().getCryptoSetting(),
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage),
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage),
// DEFAULT_ACCESS_POLICY);
ContractAccountSet contractAccountSet = new ContractAccountSet(adminAccount.getSettings().getCryptoSetting(),
contractsetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY);

@@ -517,10 +413,6 @@ class LedgerRepositoryImpl implements LedgerRepository {

static TransactionSet newTransactionSet(LedgerSettings ledgerSetting, String keyPrefix,
ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage) {
// TransactionSet transactionSet = new
// TransactionSet(ledgerSetting.getCryptoSetting(),
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage),
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage));

String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX;

@@ -534,8 +426,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
LedgerAdminDataset adminAccount = new LedgerAdminDataset(dataSnapshot.getAdminAccountHash(), keyPrefix,
ledgerExStorage, ledgerVerStorage, readonly);

// CryptoSetting cryptoSetting = adminAccount.getPreviousSetting().getCryptoSetting();

UserAccountSet userAccountSet = loadUserAccountSet(dataSnapshot.getUserAccountSetHash(), cryptoSetting,
keyPrefix, ledgerExStorage, ledgerVerStorage, readonly);

@@ -554,10 +444,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
static UserAccountSet loadUserAccountSet(HashDigest userAccountSetHash, CryptoSetting cryptoSetting,
String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage,
boolean readonly) {
// return new UserAccountSet(userAccountSetHash, cryptoSetting,
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage),
// PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage), readonly,
// DEFAULT_ACCESS_POLICY);

String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX;
return new UserAccountSet(userAccountSetHash, cryptoSetting, usersetKeyPrefix, ledgerExStorage,
@@ -567,10 +453,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
static DataAccountSet loadDataAccountSet(HashDigest dataAccountSetHash, CryptoSetting cryptoSetting,
String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage,
boolean readonly) {
// return new DataAccountSet(dataAccountSetHash, cryptoSetting,
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage,
// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage), readonly,
// DEFAULT_ACCESS_POLICY);

String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX;
return new DataAccountSet(dataAccountSetHash, cryptoSetting, datasetKeyPrefix, ledgerExStorage,
@@ -580,10 +462,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
static ContractAccountSet loadContractAccountSet(HashDigest contractAccountSetHash, CryptoSetting cryptoSetting,
String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage,
boolean readonly) {
// return new ContractAccountSet(contractAccountSetHash, cryptoSetting,
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage,
// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage), readonly,
// DEFAULT_ACCESS_POLICY);

String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX;
return new ContractAccountSet(contractAccountSetHash, cryptoSetting, contractsetKeyPrefix, ledgerExStorage,
@@ -592,9 +470,6 @@ class LedgerRepositoryImpl implements LedgerRepository {

static TransactionSet loadTransactionSet(HashDigest txsetHash, CryptoSetting cryptoSetting, String keyPrefix,
ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) {
// return new TransactionSet(txsetHash, cryptoSetting,
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage),
// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage), readonly);

String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX;
return new TransactionSet(txsetHash, cryptoSetting, txsetKeyPrefix, ledgerExStorage, ledgerVerStorage,


+ 134
- 32
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java View File

@@ -7,15 +7,17 @@ import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;

import com.jd.blockchain.ledger.LedgerInitSetting;
import com.jd.blockchain.ledger.LedgerPermission;
import com.jd.blockchain.ledger.LedgerSecurityException;
import com.jd.blockchain.ledger.ParticipantDataQuery;
import com.jd.blockchain.ledger.ParticipantDoesNotExistException;
import com.jd.blockchain.ledger.RolePrivilegeSettings;
import com.jd.blockchain.ledger.RolePrivileges;
import com.jd.blockchain.ledger.RolesPolicy;
import com.jd.blockchain.ledger.TransactionPermission;
import com.jd.blockchain.ledger.UserRolesSettings;
import com.jd.blockchain.ledger.UserDoesNotExistException;
import com.jd.blockchain.ledger.UserRoles;
import com.jd.blockchain.ledger.UserRolesSettings;
import com.jd.blockchain.utils.Bytes;

/**
@@ -36,17 +38,17 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
private Map<Bytes, UserRoles> userRolesCache = new ConcurrentHashMap<>();
private Map<String, RolePrivileges> rolesPrivilegeCache = new ConcurrentHashMap<>();

public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings) {
private ParticipantDataQuery participantsQuery;
private UserAccountQuery userAccountsQuery;

public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings,
ParticipantDataQuery participantsQuery, UserAccountQuery userAccountsQuery) {
this.rolePrivilegeSettings = rolePrivilegeSettings;
this.userRolesSettings = userRolesSettings;
this.participantsQuery = participantsQuery;
this.userAccountsQuery = userAccountsQuery;
}
public static void initSecuritySettings(LedgerInitSetting initSettings, LedgerEditor editor) {
}

@Override
public SecurityPolicy createSecurityPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) {
Map<Bytes, UserRolesPrivileges> endpointPrivilegeMap = new HashMap<>();
@@ -62,7 +64,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
nodePrivilegeMap.put(userAddress, userPrivileges);
}

return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap);
return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap, participantsQuery, userAccountsQuery);
}

private UserRolesPrivileges getUserRolesPrivilegs(Bytes userAddress) {
@@ -142,15 +144,22 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
*/
private Map<Bytes, UserRolesPrivileges> nodePrivilegeMap = new HashMap<>();

private ParticipantDataQuery participantsQuery;

private UserAccountQuery userAccountsQuery;

public UserRolesSecurityPolicy(Map<Bytes, UserRolesPrivileges> endpointPrivilegeMap,
Map<Bytes, UserRolesPrivileges> nodePrivilegeMap) {
Map<Bytes, UserRolesPrivileges> nodePrivilegeMap, ParticipantDataQuery participantsQuery,
UserAccountQuery userAccountsQuery) {
this.endpointPrivilegeMap = endpointPrivilegeMap;
this.nodePrivilegeMap = nodePrivilegeMap;
this.participantsQuery = participantsQuery;
this.userAccountsQuery = userAccountsQuery;
}

@Override
public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) {
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
if (p.getLedgerPrivileges().isEnable(permission)) {
@@ -158,7 +167,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}
}
return false;
} else if (MultiIdsPolicy.ALL == midPolicy) {
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
if (!p.getLedgerPrivileges().isEnable(permission)) {
@@ -172,8 +181,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) {
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
if (p.getTransactionPrivileges().isEnable(permission)) {
@@ -181,7 +190,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}
}
return false;
} else if (MultiIdsPolicy.ALL == midPolicy) {
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
if (!p.getTransactionPrivileges().isEnable(permission)) {
@@ -195,8 +204,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) {
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
if (p.getLedgerPrivileges().isEnable(permission)) {
@@ -204,7 +213,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}
}
return false;
} else if (MultiIdsPolicy.ALL == midPolicy) {
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
if (!p.getLedgerPrivileges().isEnable(permission)) {
@@ -218,8 +227,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) {
if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
if (p.getTransactionPrivileges().isEnable(permission)) {
@@ -227,7 +236,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}
}
return false;
} else if (MultiIdsPolicy.ALL == midPolicy) {
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
if (!p.getTransactionPrivileges().isEnable(permission)) {
@@ -241,9 +250,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy)
public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
if (!isEnableToEndpoints(permission, midPolicy)) {
if (!isEndpointEnable(permission, midPolicy)) {
throw new LedgerSecurityException(String.format(
"The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!",
permission, midPolicy));
@@ -251,9 +260,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy)
public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
if (!isEnableToEndpoints(permission, midPolicy)) {
if (!isEndpointEnable(permission, midPolicy)) {
throw new LedgerSecurityException(String.format(
"The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!",
permission, midPolicy));
@@ -261,8 +270,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException {
if (!isEnableToNodes(permission, midPolicy)) {
public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
if (!isNodeEnable(permission, midPolicy)) {
throw new LedgerSecurityException(String.format(
"The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!",
permission, midPolicy));
@@ -270,9 +280,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
}

@Override
public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy)
public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
if (!isEnableToNodes(permission, midPolicy)) {
if (!isNodeEnable(permission, midPolicy)) {
throw new LedgerSecurityException(String.format(
"The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!",
permission, midPolicy));
@@ -289,6 +299,98 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
return nodePrivilegeMap.keySet();
}

@Override
public boolean isEndpointValid(MultiIDsPolicy midPolicy) {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (Bytes address : getEndpoints()) {
if (userAccountsQuery.contains(address)) {
return true;
}
}
return false;
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (Bytes address : getEndpoints()) {
if (!userAccountsQuery.contains(address)) {
return false;
}
}
return true;
} else {
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
}
}

@Override
public boolean isNodeValid(MultiIDsPolicy midPolicy) {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (Bytes address : getNodes()) {
if (participantsQuery.contains(address)) {
return true;
}
}
return false;
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (Bytes address : getNodes()) {
if (!participantsQuery.contains(address)) {
return false;
}
}
return true;
} else {
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
}
}

@Override
public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (Bytes address : getEndpoints()) {
if (userAccountsQuery.contains(address)) {
return;
}
}
throw new UserDoesNotExistException("All endpoint signers were not registered!");
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (Bytes address : getEndpoints()) {
if (!userAccountsQuery.contains(address)) {
throw new UserDoesNotExistException("The endpoint signer[" + address + "] was not registered!");
}
}
return;
} else {
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
}
}

@Override
public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
// 至少一个;
for (Bytes address : getNodes()) {
if (participantsQuery.contains(address)) {
return;
}
}
throw new ParticipantDoesNotExistException("All node signers were not registered as participant!");
} else if (MultiIDsPolicy.ALL == midPolicy) {
// 全部;
for (Bytes address : getNodes()) {
if (!participantsQuery.contains(address)) {
throw new ParticipantDoesNotExistException(
"The node signer[" + address + "] was not registered as participant!");
}
}
} else {
throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
}
}

}

}

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIdsPolicy.java → source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIDsPolicy.java View File

@@ -1,12 +1,12 @@
package com.jd.blockchain.ledger.core;

/**
* 多身份的权限校验策略;
* 多身份的校验策略;
*
* @author huanghaiquan
*
*/
public enum MultiIdsPolicy {
public enum MultiIDsPolicy {

/**
* 至少有一个都能通过;

+ 3
- 1
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java View File

@@ -1,7 +1,9 @@
package com.jd.blockchain.ledger.core;

import com.jd.blockchain.ledger.Operation;

public interface OperationHandleRegisteration {

OperationHandle getHandle(Class<?> operationType);
OperationHandle getHandle(Class<? extends Operation> operationType);

}

+ 41
- 8
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java View File

@@ -30,6 +30,22 @@ public interface SecurityPolicy {
*/
Set<Bytes> getNodes();

/**
* 终端身份是否合法;
*
* @param midPolicy
* @return
*/
boolean isEndpointValid(MultiIDsPolicy midPolicy);

/**
* 节点身份是否合法;
*
* @param midPolicy
* @return
*/
boolean isNodeValid(MultiIDsPolicy midPolicy);

/**
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br>
*
@@ -37,7 +53,7 @@ public interface SecurityPolicy {
* @param midPolicy 针对多个签名用户的权限策略;
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权;
*/
boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy);
boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy);

/**
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br>
@@ -46,7 +62,7 @@ public interface SecurityPolicy {
* @param midPolicy 针对多个签名用户的权限策略;
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权;
*/
boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy);
boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy);

/**
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br>
@@ -55,7 +71,7 @@ public interface SecurityPolicy {
* @param midPolicy 针对多个签名用户的权限策略;
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权;
*/
boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy);
boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy);

/**
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br>
@@ -64,7 +80,23 @@ public interface SecurityPolicy {
* @param midPolicy 针对多个签名用户的权限策略;
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权;
*/
boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy);
boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy);

/**
* 检查终端身份的合法性;
*
* @param midPolicy
* @throws LedgerSecurityException
*/
void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException;
/**
* 检查节点身份的合法性;
*
* @param midPolicy
* @throws LedgerSecurityException
*/
void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException;

/**
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br>
@@ -74,7 +106,7 @@ public interface SecurityPolicy {
* @param midPolicy 针对多个签名用户的权限策略;
* @throws LedgerSecurityException
*/
void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;

/**
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br>
@@ -84,7 +116,8 @@ public interface SecurityPolicy {
* @param midPolicy
* @throws LedgerSecurityException
*/
void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException;

/**
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br>
@@ -94,7 +127,7 @@ public interface SecurityPolicy {
* @param midPolicy
* @throws LedgerSecurityException
*/
void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;

/**
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br>
@@ -104,6 +137,6 @@ public interface SecurityPolicy {
* @param midPolicy
* @throws LedgerSecurityException
*/
void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;

}

+ 36
- 43
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java View File

@@ -46,7 +46,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {

private LedgerEditor newBlockEditor;

private LedgerDataQuery previousBlockDataset;
private LedgerDataQuery ledgerQueryer;

private OperationHandleRegisteration opHandles;

@@ -60,15 +60,15 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
private TransactionBatchResult batchResult;

/**
* @param newBlockEditor 新区块的数据编辑器;
* @param previousBlockDataset 新区块的前一个区块的数据集;即未提交新区块之前的经过共识的账本最新数据集;
* @param opHandles 操作处理对象注册表;
* @param newBlockEditor 新区块的数据编辑器;
* @param ledgerQueryer 账本查询器,只包含新区块的前一个区块的数据集;即未提交新区块之前的经过共识的账本最新数据集;
* @param opHandles 操作处理对象注册表;
*/
public TransactionBatchProcessor(LedgerSecurityManager securityManager, LedgerEditor newBlockEditor,
LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles, LedgerService ledgerService) {
LedgerDataQuery ledgerQueryer, OperationHandleRegisteration opHandles, LedgerService ledgerService) {
this.securityManager = securityManager;
this.newBlockEditor = newBlockEditor;
this.previousBlockDataset = previousBlockDataset;
this.ledgerQueryer = ledgerQueryer;
this.opHandles = opHandles;
this.ledgerService = ledgerService;
}
@@ -95,7 +95,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
SecurityContext.setContextUsersPolicy(securityPolicy);

// 安全校验;
checkSecurity();
checkSecurity(securityPolicy);

// 验证交易请求;
checkRequest(reqExt);
@@ -143,23 +143,26 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
}

/**
* 验证交易的参与方的权限
* 执行安全验证;
*/
private void checkSecurity() {
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();

// 验证当前交易请求的节点参与方是否具有权限;
securityPolicy.checkNodes(LedgerPermission.APPROVE_TX, MultiIdsPolicy.AT_LEAST_ONE);
private void checkSecurity(SecurityPolicy securityPolicy) {
// 验证节点和终端身份的合法性;
// 多重身份签署的必须全部身份都合法;
securityPolicy.checkEndpointValidity(MultiIDsPolicy.ALL);
securityPolicy.checkNodeValidity(MultiIDsPolicy.ALL);

// 验证参与方节点是否具有核准交易的权限;
securityPolicy.checkNodePermission(LedgerPermission.APPROVE_TX, MultiIDsPolicy.AT_LEAST_ONE);
}

private void checkRequest(TransactionRequestExtension reqExt) {
// TODO: 把验签和创建交易并行化;
checkTxContent(reqExt);
checkTxContentHash(reqExt);
checkEndpointSignatures(reqExt);
checkNodeSignatures(reqExt);
}

private void checkTxContent(TransactionRequestExtension requestExt) {
private void checkTxContentHash(TransactionRequestExtension requestExt) {
TransactionContent txContent = requestExt.getTransactionContent();
if (!TxBuilder.verifyTxContentHash(txContent, txContent.getHash())) {
// 由于哈希校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求;
@@ -169,44 +172,34 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
}
}

private void checkEndpointSignatures(TransactionRequestExtension request) {
private void checkNodeSignatures(TransactionRequestExtension request) {
TransactionContent txContent = request.getTransactionContent();
Collection<Credential> endpoints = request.getEndpoints();
if (endpoints != null) {
for (Credential endpoint : endpoints) {
if (!previousBlockDataset.getUserAccountSet().contains(endpoint.getAddress())) {
throw new UserDoesNotExistException(
"The endpoint signer[" + endpoint.getAddress() + "] was not registered!");
}

if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(),
endpoint.getPubKey())) {
Collection<Credential> nodes = request.getNodes();
if (nodes != null) {
for (Credential node : nodes) {
if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(),
node.getPubKey())) {
// 由于签名校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求;
throw new IllegalTransactionException(
String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!",
request.getTransactionContent().getHash(), endpoint.getAddress()),
String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!",
request.getTransactionContent().getHash(), node.getAddress()),
TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE);
}
}
}
}

private void checkNodeSignatures(TransactionRequestExtension request) {
private void checkEndpointSignatures(TransactionRequestExtension request) {
TransactionContent txContent = request.getTransactionContent();
Collection<Credential> nodes = request.getNodes();
if (nodes != null) {
for (Credential node : nodes) {
if (!previousBlockDataset.getAdminDataset().getParticipantDataset().contains(node.getAddress())) {
throw new ParticipantDoesNotExistException(
"The node signer[" + node.getAddress() + "] was not registered to the participant set!");
}

if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(),
node.getPubKey())) {
Collection<Credential> endpoints = request.getEndpoints();
if (endpoints != null) {
for (Credential endpoint : endpoints) {
if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(),
endpoint.getPubKey())) {
// 由于签名校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求;
throw new IllegalTransactionException(
String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!",
request.getTransactionContent().getHash(), node.getAddress()),
String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!",
request.getTransactionContent().getHash(), endpoint.getAddress()),
TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE);
}
}
@@ -236,14 +229,14 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
// assert; Instance of operation are one of User related operations or
// DataAccount related operations;
OperationHandle hdl = opHandles.getHandle(operation.getClass());
hdl.process(operation, dataset, request, previousBlockDataset, this, ledgerService);
hdl.process(operation, dataset, request, ledgerQueryer, this, ledgerService);
}
};
OperationHandle opHandle;
int opIndex = 0;
for (Operation op : ops) {
opHandle = opHandles.getHandle(op.getClass());
BytesValue opResult = opHandle.process(op, dataset, request, previousBlockDataset, handleContext,
BytesValue opResult = opHandle.process(op, dataset, request, ledgerQueryer, handleContext,
ledgerService);
if (opResult != null) {
operationResults.add(new OperationResultData(opIndex, opResult));


+ 6
- 4
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java View File

@@ -43,8 +43,10 @@ public class TransactionEngineImpl implements TransactionEngine {
LedgerDataQuery previousBlockDataset = ledgerRepo.getDataSet(ledgerBlock);

LedgerAdminDataQuery previousAdminDataset = previousBlockDataset.getAdminDataset();
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(previousAdminDataset.getAdminInfo().getRolePrivileges(),
previousAdminDataset.getAdminInfo().getUserRoles());
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(
previousAdminDataset.getAdminInfo().getRolePrivileges(),
previousAdminDataset.getAdminInfo().getUserRoles(), previousAdminDataset.getParticipantDataset(),
previousBlockDataset.getUserAccountSet());
batch = new InnerTransactionBatchProcessor(ledgerHash, securityManager, newBlockEditor, previousBlockDataset,
opHdlRegs, ledgerService, ledgerBlock.getHeight());
batchs.put(ledgerHash, batch);
@@ -75,8 +77,8 @@ public class TransactionEngineImpl implements TransactionEngine {
* @param opHandles 操作处理对象注册表;
*/
public InnerTransactionBatchProcessor(HashDigest ledgerHash, LedgerSecurityManager securityManager,
LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles,
LedgerService ledgerService, long blockHeight) {
LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset,
OperationHandleRegisteration opHandles, LedgerService ledgerService, long blockHeight) {
super(securityManager, newBlockEditor, previousBlockDataset, opHandles, ledgerService);
this.ledgerHash = ledgerHash;
this.blockHeight = blockHeight;


+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java View File

@@ -7,7 +7,7 @@ import com.jd.blockchain.ledger.TransactionPermission;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandle;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
@@ -49,7 +49,7 @@ public abstract class AbstractLedgerOperationHandle<T extends Operation> impleme
OperationHandleContext handleContext, LedgerService ledgerService) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(TransactionPermission.DIRECT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(TransactionPermission.DIRECT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
@SuppressWarnings("unchecked")


+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java View File

@@ -15,7 +15,7 @@ import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerQueryService;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandle;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
@@ -35,7 +35,7 @@ public abstract class AbtractContractEventSendOperationHandle implements Operati
LedgerDataQuery previousBlockDataset, OperationHandleContext opHandleContext, LedgerService ledgerService) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(TransactionPermission.CONTRACT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(TransactionPermission.CONTRACT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
ContractEventSendOperation contractOP = (ContractEventSendOperation) op;


+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java View File

@@ -5,7 +5,7 @@ import com.jd.blockchain.ledger.LedgerPermission;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -26,7 +26,7 @@ public class ContractCodeDeployOperationHandle extends AbstractLedgerOperationHa

// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(LedgerPermission.UPGRADE_CONTRACT, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(LedgerPermission.UPGRADE_CONTRACT, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
ContractCodeDeployOperation contractOP = (ContractCodeDeployOperation) op;


+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java View File

@@ -9,7 +9,7 @@ import com.jd.blockchain.ledger.core.DataAccount;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -27,7 +27,7 @@ public class DataAccountKVSetOperationHandle extends AbstractLedgerOperationHand
OperationHandleContext handleContext, LedgerService ledgerService) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
DataAccount account = newBlockDataset.getDataAccountSet().getDataAccount(kvWriteOp.getAccountAddress());


+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java View File

@@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.LedgerPermission;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -25,7 +25,7 @@ public class DataAccountRegisterOperationHandle extends AbstractLedgerOperationH

// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
DataAccountRegisterOperation dataAccountRegOp = (DataAccountRegisterOperation) op;


+ 27
- 0
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java View File

@@ -0,0 +1,27 @@
package com.jd.blockchain.ledger.core.handles;

import com.jd.blockchain.ledger.BytesValue;
import com.jd.blockchain.ledger.LedgerInitOperation;
import com.jd.blockchain.ledger.Operation;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.OperationHandle;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.TransactionRequestExtension;

public class LedgerInitOperationHandle implements OperationHandle {

@Override
public Class<?> getOperationType() {
return LedgerInitOperation.class;
}

@Override
public BytesValue process(Operation op, LedgerDataset newBlockDataset, TransactionRequestExtension requestContext,
LedgerDataQuery previousBlockDataset, OperationHandleContext handleContext, LedgerService ledgerService) {
// 对初始化操作不需要做任何处理;
return null;
}

}

+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java View File

@@ -8,7 +8,7 @@ import com.jd.blockchain.ledger.RolesConfigureOperation.RolePrivilegeEntry;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -25,7 +25,7 @@ public class RolesConfigureOperationHandle extends AbstractLedgerOperationHandle
OperationHandleContext handleContext, LedgerService ledgerService) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
RolePrivilegeEntry[] rpcfgs = operation.getRoles();


+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java View File

@@ -13,7 +13,7 @@ import com.jd.blockchain.ledger.UserRolesSettings;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -30,7 +30,7 @@ public class UserAuthorizeOperationHandle extends AbstractLedgerOperationHandle<
OperationHandleContext handleContext, LedgerService ledgerService) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;



+ 2
- 2
source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java View File

@@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.UserRegisterOperation;
import com.jd.blockchain.ledger.core.LedgerDataQuery;
import com.jd.blockchain.ledger.core.LedgerDataset;
import com.jd.blockchain.ledger.core.LedgerService;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.OperationHandleContext;
import com.jd.blockchain.ledger.core.SecurityContext;
import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -24,7 +24,7 @@ public class UserRegisterOperationHandle extends AbstractLedgerOperationHandle<U
OperationHandleContext handleContext, LedgerService ledgerService) {
// 权限校验;
SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
securityPolicy.checkEndpoints(LedgerPermission.REGISTER_USER, MultiIdsPolicy.AT_LEAST_ONE);
securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_USER, MultiIDsPolicy.AT_LEAST_ONE);

// 操作账本;
UserRegisterOperation userRegOp = (UserRegisterOperation) op;


+ 11
- 8
source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/ContractInvokingTest.java View File

@@ -102,7 +102,13 @@ public class ContractInvokingTest {
// 创建和加载合约实例;
BlockchainKeypair contractKey = BlockchainKeyGenerator.getInstance().generate();
Bytes contractAddress = contractKey.getAddress();

TestContract contractInstance = Mockito.mock(TestContract.class);
final String asset = "AK";
final long issueAmount = new Random().nextLong();
when(contractInstance.issue(anyString(), anyLong())).thenReturn(issueAmount);

// 装载合约;
contractInvokingHandle.setup(contractAddress, TestContract.class, contractInstance);

// 注册合约处理器;
@@ -124,11 +130,8 @@ public class ContractInvokingTest {
// 构建基于接口调用合约的交易请求,用于测试合约调用;
TxBuilder txBuilder = new TxBuilder(ledgerHash);
TestContract contractProxy = txBuilder.contract(contractAddress, TestContract.class);
TestContract contractProxy1 = txBuilder.contract(contractAddress, TestContract.class);

String asset = "AK";
long issueAmount = new Random().nextLong();
when(contractInstance.issue(anyString(), anyLong())).thenReturn(issueAmount);
// 构造调用合约的交易;
contractProxy.issue(asset, issueAmount);

TransactionRequestBuilder txReqBuilder = txBuilder.prepareRequest();
@@ -475,10 +478,10 @@ public class ContractInvokingTest {
LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);

SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);

when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);



+ 16
- 10
source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerSecurityManagerTest.java View File

@@ -1,6 +1,5 @@
package test.com.jd.blockchain.ledger.core;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;

@@ -8,6 +7,7 @@ import java.util.HashMap;
import java.util.Map;

import org.junit.Test;
import org.mockito.Mockito;

import com.jd.blockchain.crypto.Crypto;
import com.jd.blockchain.crypto.CryptoAlgorithm;
@@ -18,15 +18,17 @@ import com.jd.blockchain.ledger.BlockchainKeyGenerator;
import com.jd.blockchain.ledger.BlockchainKeypair;
import com.jd.blockchain.ledger.CryptoSetting;
import com.jd.blockchain.ledger.LedgerPermission;
import com.jd.blockchain.ledger.ParticipantDataQuery;
import com.jd.blockchain.ledger.Privileges;
import com.jd.blockchain.ledger.RolesPolicy;
import com.jd.blockchain.ledger.TransactionPermission;
import com.jd.blockchain.ledger.core.CryptoConfig;
import com.jd.blockchain.ledger.core.LedgerSecurityManager;
import com.jd.blockchain.ledger.core.LedgerSecurityManagerImpl;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.RolePrivilegeDataset;
import com.jd.blockchain.ledger.core.SecurityPolicy;
import com.jd.blockchain.ledger.core.UserAccountQuery;
import com.jd.blockchain.ledger.core.UserRoleDataset;
import com.jd.blockchain.storage.service.utils.MemoryKVStorage;
import com.jd.blockchain.utils.Bytes;
@@ -125,8 +127,12 @@ public class LedgerSecurityManagerTest {
userRolesDataset.addUserRoles(kpPlatform.getAddress(), RolesPolicy.UNION, platformRoles);
userRolesDataset.commit();

ParticipantDataQuery partisQuery = Mockito.mock(ParticipantDataQuery.class);
UserAccountQuery usersQuery = Mockito.mock(UserAccountQuery.class);

// 创建安全管理器;
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset);
LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset,
partisQuery, usersQuery);

// 定义终端用户列表;终端用户一起共同具有 ADMIN、OPERATOR 角色;
final Map<Bytes, BlockchainKeypair> endpoints = new HashMap<>();
@@ -146,16 +152,16 @@ public class LedgerSecurityManagerTest {
// 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限;
if (p == LedgerPermission.REGISTER_USER || p == LedgerPermission.REGISTER_DATA_ACCOUNT
|| p == LedgerPermission.WRITE_DATA_ACCOUNT) {
assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
} else {
assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
}

if (p == LedgerPermission.APPROVE_TX) {
// 共识参与方只有 PLATFORM 角色的权限:核准交易;
assertTrue(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE));
assertTrue(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
} else {
assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE));
assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
}
}

@@ -163,12 +169,12 @@ public class LedgerSecurityManagerTest {
for (TransactionPermission p : transactionPermissions) {
// 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限;
if (p == TransactionPermission.DIRECT_OPERATION || p == TransactionPermission.CONTRACT_OPERATION) {
assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
} else {
assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
}

assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE));
assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
}
}



+ 4
- 4
source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java View File

@@ -122,10 +122,10 @@ public class TransactionBatchProcessorTest {
LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);

SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);

when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);



+ 28
- 11
source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java View File

@@ -45,7 +45,7 @@ import com.jd.blockchain.ledger.core.LedgerEditor;
import com.jd.blockchain.ledger.core.LedgerManager;
import com.jd.blockchain.ledger.core.LedgerRepository;
import com.jd.blockchain.ledger.core.LedgerSecurityManager;
import com.jd.blockchain.ledger.core.MultiIdsPolicy;
import com.jd.blockchain.ledger.core.MultiIDsPolicy;
import com.jd.blockchain.ledger.core.SecurityPolicy;
import com.jd.blockchain.ledger.core.TransactionBatchProcessor;
import com.jd.blockchain.service.TransactionBatchResultHandle;
@@ -676,44 +676,61 @@ public class LedgerPerformanceTest {
}

@Override
public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) {
public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) {
public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) {
public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) {
// TODO Auto-generated method stub
return false;
public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
return true;
}

@Override
public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy)
public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
}

@Override
public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy)
public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
}

@Override
public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException {
public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException {
}

@Override
public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy)
public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
throws LedgerSecurityException {
}

@Override
public boolean isEndpointValid(MultiIDsPolicy midPolicy) {
return true;
}

@Override
public boolean isNodeValid(MultiIDsPolicy midPolicy) {
return true;
}

@Override
public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
}

@Override
public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
}

}
}

+ 4
- 4
source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java View File

@@ -451,10 +451,10 @@ public class MockerNodeContext implements BlockchainQueryService {
LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);

SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);

when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);



Loading…
Cancel
Save