From a418cf05fa9a2de95219042d47c4d508914b9b2e Mon Sep 17 00:00:00 2001 From: huanghaiquan Date: Sun, 8 Sep 2019 16:05:29 +0800 Subject: [PATCH] Refactored the process of ledger init operation: uniquely processed by TransactionBatchProcessor; --- .../jd/blockchain/ledger/core/AccountSet.java | 4 - .../DefaultOperationHandleRegisteration.java | 105 ++++++--- .../ledger/core/EmptyLedgerDataset.java | 209 ++++++++++++++++++ .../core/FullPermissionedSecurityManager.java | 98 ++++++++ .../ledger/core/LedgerAdminDataset.java | 4 +- .../ledger/core/LedgerInitializer.java | 33 +-- .../ledger/core/LedgerRepositoryImpl.java | 125 ----------- .../core/LedgerSecurityManagerImpl.java | 166 +++++++++++--- ...ultiIdsPolicy.java => MultiIDsPolicy.java} | 4 +- .../core/OperationHandleRegisteration.java | 4 +- .../ledger/core/SecurityPolicy.java | 49 +++- .../core/TransactionBatchProcessor.java | 79 +++---- .../ledger/core/TransactionEngineImpl.java | 10 +- .../AbstractLedgerOperationHandle.java | 4 +- ...tractContractEventSendOperationHandle.java | 4 +- .../ContractCodeDeployOperationHandle.java | 4 +- .../DataAccountKVSetOperationHandle.java | 4 +- .../DataAccountRegisterOperationHandle.java | 4 +- .../handles/LedgerInitOperationHandle.java | 27 +++ .../RolesConfigureOperationHandle.java | 4 +- .../handles/UserAuthorizeOperationHandle.java | 4 +- .../handles/UserRegisterOperationHandle.java | 4 +- .../ledger/core/ContractInvokingTest.java | 19 +- .../core/LedgerSecurityManagerTest.java | 26 ++- .../core/TransactionBatchProcessorTest.java | 8 +- .../intgr/perf/LedgerPerformanceTest.java | 39 +++- .../blockchain/mocker/MockerNodeContext.java | 8 +- 27 files changed, 724 insertions(+), 325 deletions(-) create mode 100644 source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java create mode 100644 source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java rename source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/{MultiIdsPolicy.java => MultiIDsPolicy.java} (74%) create mode 100644 source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java index 341e22cc..dc4a59cd 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java @@ -70,10 +70,6 @@ public class AccountSet implements Transactional, MerkleProvable { this.accessPolicy = accessPolicy; } - // public HashDigest getAccountRootHash() { - // return merkleDataset.getRootHash(); - // } - @Override public HashDigest getRootHash() { return merkleDataset.getRootHash(); diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java index 7ab3b129..6dd34e0a 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java @@ -1,20 +1,31 @@ package com.jd.blockchain.ledger.core; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; import org.springframework.stereotype.Component; import com.jd.blockchain.ledger.LedgerException; +import com.jd.blockchain.ledger.Operation; import com.jd.blockchain.ledger.core.handles.ContractCodeDeployOperationHandle; import com.jd.blockchain.ledger.core.handles.DataAccountKVSetOperationHandle; import com.jd.blockchain.ledger.core.handles.DataAccountRegisterOperationHandle; import com.jd.blockchain.ledger.core.handles.JVMContractEventSendOperationHandle; +import com.jd.blockchain.ledger.core.handles.LedgerInitOperationHandle; import com.jd.blockchain.ledger.core.handles.RolesConfigureOperationHandle; import com.jd.blockchain.ledger.core.handles.UserAuthorizeOperationHandle; import com.jd.blockchain.ledger.core.handles.UserRegisterOperationHandle; +import com.jd.blockchain.transaction.ContractCodeDeployOpTemplate; +import com.jd.blockchain.transaction.ContractEventSendOpTemplate; +import com.jd.blockchain.transaction.DataAccountKVSetOpTemplate; +import com.jd.blockchain.transaction.DataAccountRegisterOpTemplate; +import com.jd.blockchain.transaction.LedgerInitOpTemplate; +import com.jd.blockchain.transaction.RolesConfigureOpTemplate; +import com.jd.blockchain.transaction.UserAuthorizeOpTemplate; +import com.jd.blockchain.transaction.UserRegisterOpTemplate; @Component public class DefaultOperationHandleRegisteration implements OperationHandleRegisteration { @@ -23,51 +34,74 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis private Map, OperationHandle> handles = new ConcurrentHashMap<>(); - private Map, OperationHandle> cacheMapping = new ConcurrentHashMap<>(); - static { - addDefaultHandle(new RolesConfigureOperationHandle()); - addDefaultHandle(new UserAuthorizeOperationHandle()); - addDefaultHandle(new DataAccountKVSetOperationHandle()); - addDefaultHandle(new DataAccountRegisterOperationHandle()); - addDefaultHandle(new UserRegisterOperationHandle()); - addDefaultHandle(new ContractCodeDeployOperationHandle()); - addDefaultHandle(new JVMContractEventSendOperationHandle()); + registerDefaultHandle(new LedgerInitOperationHandle()); + + registerDefaultHandle(new RolesConfigureOperationHandle()); + + registerDefaultHandle(new UserAuthorizeOperationHandle()); + + registerDefaultHandle(new UserRegisterOperationHandle()); + + registerDefaultHandle(new DataAccountKVSetOperationHandle()); + + registerDefaultHandle(new DataAccountRegisterOperationHandle()); + + registerDefaultHandle(new ContractCodeDeployOperationHandle()); + + registerDefaultHandle(new JVMContractEventSendOperationHandle()); } - private static void addDefaultHandle(OperationHandle handle) { + private static void registerDefaultHandle(OperationHandle handle) { DEFAULT_HANDLES.put(handle.getOperationType(), handle); } /** - * 以最高优先级插入一个操作处理器; + * 注册操作处理器;此方法将覆盖默认的操作处理器配置; * * @param handle */ public void registerHandle(OperationHandle handle) { + List> opTypes = new ArrayList>(); + for (Class opType : handles.keySet()) { + if (opType.isAssignableFrom(handle.getOperationType())) { + opTypes.add(opType); + } + } + + for (Class opType : opTypes) { + handles.put(opType, handle); + } handles.put(handle.getOperationType(), handle); } private OperationHandle getRegisteredHandle(Class operationType) { OperationHandle hdl = handles.get(operationType); if (hdl == null) { - for (Entry, OperationHandle> entry : handles.entrySet()) { - if (entry.getKey().isAssignableFrom(operationType)) { - hdl = entry.getValue(); + hdl = DEFAULT_HANDLES.get(operationType); + + //按“操作类型”的继承关系匹配; + if (hdl == null) { + for (Class opType : handles.keySet()) { + if (opType.isAssignableFrom(operationType)) { + hdl = handles.get(opType); + break; + } } } - } - return hdl; - } - - private OperationHandle getDefaultHandle(Class operationType) { - OperationHandle hdl = DEFAULT_HANDLES.get(operationType); - if (hdl == null) { - for (Entry, OperationHandle> entry : DEFAULT_HANDLES.entrySet()) { - if (entry.getKey().isAssignableFrom(operationType)) { - hdl = entry.getValue(); + + if (hdl == null) { + for (Class opType : DEFAULT_HANDLES.keySet()) { + if (opType.isAssignableFrom(operationType)) { + hdl = DEFAULT_HANDLES.get(opType); + break; + } } } + + if (hdl != null) { + handles.put(operationType, hdl); + } } return hdl; } @@ -80,20 +114,19 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis * java.lang.Class) */ @Override - public OperationHandle getHandle(Class operationType) { - OperationHandle hdl = cacheMapping.get(operationType); - if (hdl != null) { - return hdl; - } - hdl = getRegisteredHandle(operationType); + public OperationHandle getHandle(Class operationType) { + OperationHandle hdl = getRegisteredHandle(operationType); if (hdl == null) { - hdl = getDefaultHandle(operationType); - if (hdl == null) { - throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!"); - } + throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!"); } - cacheMapping.put(operationType, hdl); return hdl; } + private static class OpHandleStub { + + private Class operationType; + + private OperationHandle operationHandle; + + } } diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java new file mode 100644 index 00000000..64e08117 --- /dev/null +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java @@ -0,0 +1,209 @@ +package com.jd.blockchain.ledger.core; + +import com.jd.blockchain.crypto.HashDigest; +import com.jd.blockchain.ledger.AccountHeader; +import com.jd.blockchain.ledger.LedgerAdminInfo; +import com.jd.blockchain.ledger.MerkleProof; +import com.jd.blockchain.ledger.ParticipantDataQuery; +import com.jd.blockchain.ledger.ParticipantNode; +import com.jd.blockchain.utils.Bytes; + +public class EmptyLedgerDataset implements LedgerDataQuery { + + private static final LedgerAdminDataQuery EMPTY_ADMIN_DATA = new EmptyAdminData(); + + private static final UserAccountQuery EMPTY_USER_ACCOUNTS = new EmptyUserAccountSet(); + + private static final DataAccountQuery EMPTY_DATA_ACCOUNTS = new EmptyDataAccountSet(); + + private static final ContractAccountQuery EMPTY_CONTRACT_ACCOUNTS = new EmptyContractAccountSet(); + + private static final ParticipantDataQuery EMPTY_PARTICIPANTS = new EmptyParticipantData(); + + @Override + public LedgerAdminDataQuery getAdminDataset() { + return EMPTY_ADMIN_DATA; + } + + @Override + public UserAccountQuery getUserAccountSet() { + return EMPTY_USER_ACCOUNTS; + } + + @Override + public DataAccountQuery getDataAccountSet() { + return EMPTY_DATA_ACCOUNTS; + } + + @Override + public ContractAccountQuery getContractAccountset() { + return EMPTY_CONTRACT_ACCOUNTS; + } + + + private static class EmptyAdminData implements LedgerAdminDataQuery{ + + + @Override + public LedgerAdminInfo getAdminInfo() { + return null; + } + + @Override + public ParticipantDataQuery getParticipantDataset() { + return EMPTY_PARTICIPANTS; + } + + } + + private static class EmptyParticipantData implements ParticipantDataQuery{ + + @Override + public HashDigest getRootHash() { + return null; + } + + @Override + public MerkleProof getProof(Bytes key) { + return null; + } + + @Override + public long getParticipantCount() { + return 0; + } + + @Override + public boolean contains(Bytes address) { + return false; + } + + @Override + public ParticipantNode getParticipant(Bytes address) { + return null; + } + + @Override + public ParticipantNode[] getParticipants() { + return null; + } + + } + + private static class EmptyUserAccountSet implements UserAccountQuery{ + + @Override + public AccountHeader[] getAccounts(int fromIndex, int count) { + return null; + } + + @Override + public long getTotalCount() { + return 0; + } + + @Override + public HashDigest getRootHash() { + return null; + } + + @Override + public MerkleProof getProof(Bytes key) { + return null; + } + + @Override + public UserAccount getUser(String address) { + return null; + } + + @Override + public UserAccount getUser(Bytes address) { + return null; + } + + @Override + public boolean contains(Bytes address) { + return false; + } + + @Override + public UserAccount getUser(Bytes address, long version) { + return null; + } + + + } + + private static class EmptyDataAccountSet implements DataAccountQuery{ + + @Override + public AccountHeader[] getAccounts(int fromIndex, int count) { + return null; + } + + @Override + public HashDigest getRootHash() { + return null; + } + + @Override + public long getTotalCount() { + return 0; + } + + @Override + public MerkleProof getProof(Bytes address) { + return null; + } + + @Override + public DataAccount getDataAccount(Bytes address) { + return null; + } + + @Override + public DataAccount getDataAccount(Bytes address, long version) { + return null; + } + + } + + private static class EmptyContractAccountSet implements ContractAccountQuery{ + + @Override + public AccountHeader[] getAccounts(int fromIndex, int count) { + return null; + } + + @Override + public HashDigest getRootHash() { + return null; + } + + @Override + public long getTotalCount() { + return 0; + } + + @Override + public MerkleProof getProof(Bytes address) { + return null; + } + + @Override + public boolean contains(Bytes address) { + return false; + } + + @Override + public ContractAccount getContract(Bytes address) { + return null; + } + + @Override + public ContractAccount getContract(Bytes address, long version) { + return null; + } + } +} diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java new file mode 100644 index 00000000..c217ee34 --- /dev/null +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java @@ -0,0 +1,98 @@ +package com.jd.blockchain.ledger.core; + +import java.util.Set; + +import com.jd.blockchain.ledger.LedgerPermission; +import com.jd.blockchain.ledger.LedgerSecurityException; +import com.jd.blockchain.ledger.TransactionPermission; +import com.jd.blockchain.utils.Bytes; + +class FullPermissionedSecurityManager implements LedgerSecurityManager { + + public static final FullPermissionedSecurityManager INSTANCE = new FullPermissionedSecurityManager(); + + @Override + public SecurityPolicy createSecurityPolicy(Set endpoints, Set nodes) { + return new FullPermissionedPolicy(endpoints, nodes); + } + + private static class FullPermissionedPolicy implements SecurityPolicy { + + private Set endpoints; + private Set nodes; + + public FullPermissionedPolicy(Set endpoints, Set nodes) { + this.endpoints = endpoints; + this.nodes = nodes; + } + + @Override + public Set getEndpoints() { + return endpoints; + } + + @Override + public Set getNodes() { + return nodes; + } + + @Override + public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) + throws LedgerSecurityException { + } + + @Override + public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) + throws LedgerSecurityException { + } + + @Override + public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { + } + + @Override + public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) + throws LedgerSecurityException { + } + + @Override + public boolean isEndpointValid(MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public boolean isNodeValid(MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { + } + + @Override + public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { + } + + } + +} \ No newline at end of file diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java index 1d2c1023..c4961b12 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java @@ -108,7 +108,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery, public UserRolesSettings getUserRoles() { return userRoles; } - + @Override public LedgerAdminInfo getAdminInfo() { return this; @@ -392,7 +392,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery, return; } participants.cancel(); - metadata = new LedgerMetadataInfo(origMetadata); + metadata =origMetadata == null ? new LedgerMetadataInfo() : new LedgerMetadataInfo(origMetadata); } public static class LedgerMetadataInfo implements LedgerMetadata_V2 { diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java index 8c503494..0f506716 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java @@ -9,14 +9,12 @@ import com.jd.blockchain.ledger.DigitalSignature; import com.jd.blockchain.ledger.LedgerBlock; import com.jd.blockchain.ledger.LedgerInitException; import com.jd.blockchain.ledger.LedgerInitSetting; -import com.jd.blockchain.ledger.Operation; import com.jd.blockchain.ledger.ParticipantNode; import com.jd.blockchain.ledger.SecurityInitSettings; import com.jd.blockchain.ledger.TransactionBuilder; import com.jd.blockchain.ledger.TransactionContent; import com.jd.blockchain.ledger.TransactionRequest; -import com.jd.blockchain.ledger.TransactionState; -import com.jd.blockchain.ledger.UserRegisterOperation; +import com.jd.blockchain.service.TransactionBatchResultHandle; import com.jd.blockchain.storage.service.KVStorageService; import com.jd.blockchain.transaction.SignatureUtils; import com.jd.blockchain.transaction.TxBuilder; @@ -24,6 +22,14 @@ import com.jd.blockchain.transaction.TxRequestBuilder; public class LedgerInitializer { + private static final FullPermissionedSecurityManager FULL_PERMISSION_SECURITY_MANAGER = new FullPermissionedSecurityManager(); + + private static final LedgerDataQuery EMPTY_LEDGER_DATA_QUERY = new EmptyLedgerDataset(); + + private static final OperationHandleRegisteration DEFAULT_OP_HANDLE_REG = new DefaultOperationHandleRegisteration(); + + private LedgerService EMPTY_LEDGERS = new LedgerManager(); + private LedgerInitSetting initSetting; private TransactionContent initTxContent; @@ -36,6 +42,8 @@ public class LedgerInitializer { private volatile boolean canceled = false; + private TransactionBatchResultHandle txResultsHandle; + /** * 初始化生成的账本hash;
* @@ -115,7 +123,7 @@ public class LedgerInitializer { throw new LedgerInitException("The ledger has been canceled!"); } committed = true; - this.ledgerEditor.commit(); + this.txResultsHandle.commit(); } public void cancel() { @@ -148,18 +156,13 @@ public class LedgerInitializer { TransactionRequest txRequest = txReqBuilder.buildRequest(); - LedgerTransactionContext txCtx = ledgerEditor.newTransaction(txRequest); - Operation[] ops = txRequest.getTransactionContent().getOperations(); - // 注册用户; 注:第一个操作是 LedgerInitOperation; - // TODO:暂时只支持注册用户的初始化操作; - for (int i = 1; i < ops.length; i++) { - UserRegisterOperation userRegOP = (UserRegisterOperation) ops[i]; - txCtx.getDataset().getUserAccountSet().register(userRegOP.getUserID().getAddress(), - userRegOP.getUserID().getPubKey()); - } + TransactionBatchProcessor txProcessor = new TransactionBatchProcessor(FULL_PERMISSION_SECURITY_MANAGER, + ledgerEditor, EMPTY_LEDGER_DATA_QUERY, DEFAULT_OP_HANDLE_REG, EMPTY_LEDGERS); - txCtx.commit(TransactionState.SUCCESS, null); + txProcessor.schedule(txRequest); - return ledgerEditor.prepare(); + txResultsHandle = txProcessor.prepare(); + return txResultsHandle.getBlock(); } + } diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java index 32053225..55c9d6d6 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java @@ -109,16 +109,6 @@ class LedgerRepositoryImpl implements LedgerRepository { return latestState.block; } -// private LedgerState getLatestState() { -// LedgerState state = latestState; -// if (state == null) { -// LedgerBlock latestBlock = innerGetBlock(innerGetLatestBlockHeight()); -// state = new LedgerState(latestBlock); -// latestState = state; -// } -// return state; -// } - /** * 重新检索加载最新的状态; * @@ -264,20 +254,7 @@ class LedgerRepositoryImpl implements LedgerRepository { @Override public TransactionSet getTransactionSet(LedgerBlock block) { long height = getLatestBlockHeight(); -// TransactionSet transactionSet = null; if (height == block.getHeight()) { -// // 缓存最近一个区块的数据; -// LedgerState state = getLatestState(); -// transactionSet = state.transactionSet; -// if (transactionSet == null) { -// LedgerAdminInfo adminAccount = getAdminInfo(block); -// transactionSet = loadTransactionSet(block.getTransactionSetHash(), -// adminAccount.getSettings().getCryptoSetting(), keyPrefix, exPolicyStorage, versioningStorage, -// true); -// state.transactionSet = transactionSet; -// } -// return transactionSet; - // 从缓存中返回最新区块的数据集; return latestState.getTransactionSet(); } @@ -290,18 +267,7 @@ class LedgerRepositoryImpl implements LedgerRepository { @Override public LedgerAdminDataset getAdminInfo(LedgerBlock block) { long height = getLatestBlockHeight(); -// LedgerAdminDataset adminAccount = null; if (height == block.getHeight()) { -// // 缓存读; -// LedgerState state = getLatestState(); -// adminAccount = state.adminAccount; -// if (adminAccount == null) { -// adminAccount = new LedgerAdminDataset(block.getAdminAccountHash(), keyPrefix, exPolicyStorage, -// versioningStorage, true); -// state.adminAccount = adminAccount; -// } -// return adminAccount; - return latestState.getAdminDataset(); } @@ -315,20 +281,7 @@ class LedgerRepositoryImpl implements LedgerRepository { @Override public UserAccountQuery getUserAccountSet(LedgerBlock block) { long height = getLatestBlockHeight(); -// UserAccountSet userAccountSet = null; if (height == block.getHeight()) { -// // 缓存读; -// LedgerState state = getLatestState(); -// userAccountSet = state.userAccountSet; -// if (userAccountSet == null) { -// LedgerAdminDataset adminAccount = getAdminInfo(block); -// userAccountSet = loadUserAccountSet(block.getUserAccountSetHash(), -// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage, -// versioningStorage, true); -// state.userAccountSet = userAccountSet; -// } -// return userAccountSet; - return latestState.getUserAccountSet(); } LedgerAdminDataset adminAccount = getAdminInfo(block); @@ -343,20 +296,7 @@ class LedgerRepositoryImpl implements LedgerRepository { @Override public DataAccountQuery getDataAccountSet(LedgerBlock block) { long height = getLatestBlockHeight(); -// DataAccountSet dataAccountSet = null; if (height == block.getHeight()) { -// // 缓存读; -// LedgerState state = getLatestState(); -// dataAccountSet = state.dataAccountSet; -// if (dataAccountSet == null) { -// LedgerAdminDataset adminAccount = getAdminInfo(block); -// dataAccountSet = loadDataAccountSet(block.getDataAccountSetHash(), -// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage, -// versioningStorage, true); -// state.dataAccountSet = dataAccountSet; -// } -// return dataAccountSet; - return latestState.getDataAccountSet(); } @@ -372,20 +312,7 @@ class LedgerRepositoryImpl implements LedgerRepository { @Override public ContractAccountQuery getContractAccountSet(LedgerBlock block) { long height = getLatestBlockHeight(); -// ContractAccountSet contractAccountSet = null; if (height == block.getHeight()) { -// // 缓存读; -// LedgerState state = getLatestState(); -// contractAccountSet = state.contractAccountSet; -// if (contractAccountSet == null) { -// LedgerAdminDataset adminAccount = getAdminInfo(block); -// contractAccountSet = loadContractAccountSet(block.getContractAccountSetHash(), -// adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage, -// versioningStorage, true); -// state.contractAccountSet = contractAccountSet; -// } -// return contractAccountSet; - return latestState.getContractAccountSet(); } @@ -401,17 +328,7 @@ class LedgerRepositoryImpl implements LedgerRepository { @Override public LedgerDataset getDataSet(LedgerBlock block) { long height = getLatestBlockHeight(); -// LedgerDataSet ledgerDataSet = null; if (height == block.getHeight()) { -// // 缓存读; -// LedgerState state = getLatestState(); -// ledgerDataSet = state.ledgerDataSet; -// if (ledgerDataSet == null) { -// ledgerDataSet = innerDataSet(block); -// state.ledgerDataSet = ledgerDataSet; -// } -// return ledgerDataSet; - return latestState.getLedgerDataset(); } @@ -463,15 +380,10 @@ class LedgerRepositoryImpl implements LedgerRepository { } static Bytes encodeLedgerIndexKey(HashDigest ledgerHash) { - // return LEDGER_PREFIX + Base58Utils.encode(ledgerHash.toBytes()); - // return new Bytes(ledgerHash.toBytes()).concatTo(LEDGER_PREFIX); return LEDGER_PREFIX.concat(ledgerHash); } static Bytes encodeBlockStorageKey(HashDigest blockHash) { - // String key = ByteArray.toBase58(blockHash.toBytes()); - // return BLOCK_PREFIX + key; - return BLOCK_PREFIX.concat(blockHash); } @@ -483,29 +395,13 @@ class LedgerRepositoryImpl implements LedgerRepository { String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX; String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX; String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX; - // String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX; - // UserAccountSet userAccountSet = new - // UserAccountSet(adminAccount.getSetting().getCryptoSetting(), - // PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage), - // PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage), - // DEFAULT_ACCESS_POLICY); UserAccountSet userAccountSet = new UserAccountSet(adminAccount.getSettings().getCryptoSetting(), usersetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY); - // DataAccountSet dataAccountSet = new - // DataAccountSet(adminAccount.getSetting().getCryptoSetting(), - // PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage), - // PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage), - // DEFAULT_ACCESS_POLICY); DataAccountSet dataAccountSet = new DataAccountSet(adminAccount.getSettings().getCryptoSetting(), datasetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY); - // ContractAccountSet contractAccountSet = new - // ContractAccountSet(adminAccount.getSetting().getCryptoSetting(), - // PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage), - // PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage), - // DEFAULT_ACCESS_POLICY); ContractAccountSet contractAccountSet = new ContractAccountSet(adminAccount.getSettings().getCryptoSetting(), contractsetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY); @@ -517,10 +413,6 @@ class LedgerRepositoryImpl implements LedgerRepository { static TransactionSet newTransactionSet(LedgerSettings ledgerSetting, String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage) { - // TransactionSet transactionSet = new - // TransactionSet(ledgerSetting.getCryptoSetting(), - // PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage), - // PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage)); String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX; @@ -534,8 +426,6 @@ class LedgerRepositoryImpl implements LedgerRepository { LedgerAdminDataset adminAccount = new LedgerAdminDataset(dataSnapshot.getAdminAccountHash(), keyPrefix, ledgerExStorage, ledgerVerStorage, readonly); -// CryptoSetting cryptoSetting = adminAccount.getPreviousSetting().getCryptoSetting(); - UserAccountSet userAccountSet = loadUserAccountSet(dataSnapshot.getUserAccountSetHash(), cryptoSetting, keyPrefix, ledgerExStorage, ledgerVerStorage, readonly); @@ -554,10 +444,6 @@ class LedgerRepositoryImpl implements LedgerRepository { static UserAccountSet loadUserAccountSet(HashDigest userAccountSetHash, CryptoSetting cryptoSetting, String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) { - // return new UserAccountSet(userAccountSetHash, cryptoSetting, - // PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage), - // PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage), readonly, - // DEFAULT_ACCESS_POLICY); String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX; return new UserAccountSet(userAccountSetHash, cryptoSetting, usersetKeyPrefix, ledgerExStorage, @@ -567,10 +453,6 @@ class LedgerRepositoryImpl implements LedgerRepository { static DataAccountSet loadDataAccountSet(HashDigest dataAccountSetHash, CryptoSetting cryptoSetting, String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) { - // return new DataAccountSet(dataAccountSetHash, cryptoSetting, - // PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage, - // PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage), readonly, - // DEFAULT_ACCESS_POLICY); String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX; return new DataAccountSet(dataAccountSetHash, cryptoSetting, datasetKeyPrefix, ledgerExStorage, @@ -580,10 +462,6 @@ class LedgerRepositoryImpl implements LedgerRepository { static ContractAccountSet loadContractAccountSet(HashDigest contractAccountSetHash, CryptoSetting cryptoSetting, String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) { - // return new ContractAccountSet(contractAccountSetHash, cryptoSetting, - // PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage, - // PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage), readonly, - // DEFAULT_ACCESS_POLICY); String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX; return new ContractAccountSet(contractAccountSetHash, cryptoSetting, contractsetKeyPrefix, ledgerExStorage, @@ -592,9 +470,6 @@ class LedgerRepositoryImpl implements LedgerRepository { static TransactionSet loadTransactionSet(HashDigest txsetHash, CryptoSetting cryptoSetting, String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) { - // return new TransactionSet(txsetHash, cryptoSetting, - // PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage), - // PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage), readonly); String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX; return new TransactionSet(txsetHash, cryptoSetting, txsetKeyPrefix, ledgerExStorage, ledgerVerStorage, diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java index 0a26de4c..e0987732 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java @@ -7,15 +7,17 @@ import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; -import com.jd.blockchain.ledger.LedgerInitSetting; import com.jd.blockchain.ledger.LedgerPermission; import com.jd.blockchain.ledger.LedgerSecurityException; +import com.jd.blockchain.ledger.ParticipantDataQuery; +import com.jd.blockchain.ledger.ParticipantDoesNotExistException; import com.jd.blockchain.ledger.RolePrivilegeSettings; import com.jd.blockchain.ledger.RolePrivileges; import com.jd.blockchain.ledger.RolesPolicy; import com.jd.blockchain.ledger.TransactionPermission; -import com.jd.blockchain.ledger.UserRolesSettings; +import com.jd.blockchain.ledger.UserDoesNotExistException; import com.jd.blockchain.ledger.UserRoles; +import com.jd.blockchain.ledger.UserRolesSettings; import com.jd.blockchain.utils.Bytes; /** @@ -36,17 +38,17 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { private Map userRolesCache = new ConcurrentHashMap<>(); private Map rolesPrivilegeCache = new ConcurrentHashMap<>(); - public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings) { + private ParticipantDataQuery participantsQuery; + private UserAccountQuery userAccountsQuery; + + public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings, + ParticipantDataQuery participantsQuery, UserAccountQuery userAccountsQuery) { this.rolePrivilegeSettings = rolePrivilegeSettings; this.userRolesSettings = userRolesSettings; + this.participantsQuery = participantsQuery; + this.userAccountsQuery = userAccountsQuery; } - - - public static void initSecuritySettings(LedgerInitSetting initSettings, LedgerEditor editor) { - - } - - + @Override public SecurityPolicy createSecurityPolicy(Set endpoints, Set nodes) { Map endpointPrivilegeMap = new HashMap<>(); @@ -62,7 +64,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { nodePrivilegeMap.put(userAddress, userPrivileges); } - return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap); + return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap, participantsQuery, userAccountsQuery); } private UserRolesPrivileges getUserRolesPrivilegs(Bytes userAddress) { @@ -142,15 +144,22 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { */ private Map nodePrivilegeMap = new HashMap<>(); + private ParticipantDataQuery participantsQuery; + + private UserAccountQuery userAccountsQuery; + public UserRolesSecurityPolicy(Map endpointPrivilegeMap, - Map nodePrivilegeMap) { + Map nodePrivilegeMap, ParticipantDataQuery participantsQuery, + UserAccountQuery userAccountsQuery) { this.endpointPrivilegeMap = endpointPrivilegeMap; this.nodePrivilegeMap = nodePrivilegeMap; + this.participantsQuery = participantsQuery; + this.userAccountsQuery = userAccountsQuery; } @Override - public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) { - if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { + public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { // 至少一个; for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { if (p.getLedgerPrivileges().isEnable(permission)) { @@ -158,7 +167,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } } return false; - } else if (MultiIdsPolicy.ALL == midPolicy) { + } else if (MultiIDsPolicy.ALL == midPolicy) { // 全部; for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { if (!p.getLedgerPrivileges().isEnable(permission)) { @@ -172,8 +181,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) { - if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { + public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { // 至少一个; for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { if (p.getTransactionPrivileges().isEnable(permission)) { @@ -181,7 +190,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } } return false; - } else if (MultiIdsPolicy.ALL == midPolicy) { + } else if (MultiIDsPolicy.ALL == midPolicy) { // 全部; for (UserRolesPrivileges p : endpointPrivilegeMap.values()) { if (!p.getTransactionPrivileges().isEnable(permission)) { @@ -195,8 +204,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) { - if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { + public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { // 至少一个; for (UserRolesPrivileges p : nodePrivilegeMap.values()) { if (p.getLedgerPrivileges().isEnable(permission)) { @@ -204,7 +213,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } } return false; - } else if (MultiIdsPolicy.ALL == midPolicy) { + } else if (MultiIDsPolicy.ALL == midPolicy) { // 全部; for (UserRolesPrivileges p : nodePrivilegeMap.values()) { if (!p.getLedgerPrivileges().isEnable(permission)) { @@ -218,8 +227,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) { - if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) { + public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { // 至少一个; for (UserRolesPrivileges p : nodePrivilegeMap.values()) { if (p.getTransactionPrivileges().isEnable(permission)) { @@ -227,7 +236,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } } return false; - } else if (MultiIdsPolicy.ALL == midPolicy) { + } else if (MultiIDsPolicy.ALL == midPolicy) { // 全部; for (UserRolesPrivileges p : nodePrivilegeMap.values()) { if (!p.getTransactionPrivileges().isEnable(permission)) { @@ -241,9 +250,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) + public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { - if (!isEnableToEndpoints(permission, midPolicy)) { + if (!isEndpointEnable(permission, midPolicy)) { throw new LedgerSecurityException(String.format( "The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!", permission, midPolicy)); @@ -251,9 +260,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) + public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { - if (!isEnableToEndpoints(permission, midPolicy)) { + if (!isEndpointEnable(permission, midPolicy)) { throw new LedgerSecurityException(String.format( "The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!", permission, midPolicy)); @@ -261,8 +270,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException { - if (!isEnableToNodes(permission, midPolicy)) { + public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) + throws LedgerSecurityException { + if (!isNodeEnable(permission, midPolicy)) { throw new LedgerSecurityException(String.format( "The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!", permission, midPolicy)); @@ -270,9 +280,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { } @Override - public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) + public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { - if (!isEnableToNodes(permission, midPolicy)) { + if (!isNodeEnable(permission, midPolicy)) { throw new LedgerSecurityException(String.format( "The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!", permission, midPolicy)); @@ -289,6 +299,98 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager { return nodePrivilegeMap.keySet(); } + @Override + public boolean isEndpointValid(MultiIDsPolicy midPolicy) { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { + // 至少一个; + for (Bytes address : getEndpoints()) { + if (userAccountsQuery.contains(address)) { + return true; + } + } + return false; + } else if (MultiIDsPolicy.ALL == midPolicy) { + // 全部; + for (Bytes address : getEndpoints()) { + if (!userAccountsQuery.contains(address)) { + return false; + } + } + return true; + } else { + throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); + } + } + + @Override + public boolean isNodeValid(MultiIDsPolicy midPolicy) { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { + // 至少一个; + for (Bytes address : getNodes()) { + if (participantsQuery.contains(address)) { + return true; + } + } + return false; + } else if (MultiIDsPolicy.ALL == midPolicy) { + // 全部; + for (Bytes address : getNodes()) { + if (!participantsQuery.contains(address)) { + return false; + } + } + return true; + } else { + throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); + } + } + + @Override + public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { + // 至少一个; + for (Bytes address : getEndpoints()) { + if (userAccountsQuery.contains(address)) { + return; + } + } + throw new UserDoesNotExistException("All endpoint signers were not registered!"); + } else if (MultiIDsPolicy.ALL == midPolicy) { + // 全部; + for (Bytes address : getEndpoints()) { + if (!userAccountsQuery.contains(address)) { + throw new UserDoesNotExistException("The endpoint signer[" + address + "] was not registered!"); + } + } + return; + } else { + throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); + } + } + + @Override + public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { + if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) { + // 至少一个; + for (Bytes address : getNodes()) { + if (participantsQuery.contains(address)) { + return; + } + } + throw new ParticipantDoesNotExistException("All node signers were not registered as participant!"); + } else if (MultiIDsPolicy.ALL == midPolicy) { + // 全部; + for (Bytes address : getNodes()) { + if (!participantsQuery.contains(address)) { + throw new ParticipantDoesNotExistException( + "The node signer[" + address + "] was not registered as participant!"); + } + } + } else { + throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!"); + } + } + } } diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIdsPolicy.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIDsPolicy.java similarity index 74% rename from source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIdsPolicy.java rename to source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIDsPolicy.java index 974eb203..20f1caab 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIdsPolicy.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIDsPolicy.java @@ -1,12 +1,12 @@ package com.jd.blockchain.ledger.core; /** - * 多身份的权限校验策略; + * 多重身份的校验策略; * * @author huanghaiquan * */ -public enum MultiIdsPolicy { +public enum MultiIDsPolicy { /** * 至少有一个都能通过; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java index 2953f945..1b783eb0 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java @@ -1,7 +1,9 @@ package com.jd.blockchain.ledger.core; +import com.jd.blockchain.ledger.Operation; + public interface OperationHandleRegisteration { - OperationHandle getHandle(Class operationType); + OperationHandle getHandle(Class operationType); } \ No newline at end of file diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java index 78b85564..17d487dd 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java @@ -30,6 +30,22 @@ public interface SecurityPolicy { */ Set getNodes(); + /** + * 终端身份是否合法; + * + * @param midPolicy + * @return + */ + boolean isEndpointValid(MultiIDsPolicy midPolicy); + + /** + * 节点身份是否合法; + * + * @param midPolicy + * @return + */ + boolean isNodeValid(MultiIDsPolicy midPolicy); + /** * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;
* @@ -37,7 +53,7 @@ public interface SecurityPolicy { * @param midPolicy 针对多个签名用户的权限策略; * @return 返回 true 表示获得授权; 返回 false 表示未获得授权; */ - boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy); + boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy); /** * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;
@@ -46,7 +62,7 @@ public interface SecurityPolicy { * @param midPolicy 针对多个签名用户的权限策略; * @return 返回 true 表示获得授权; 返回 false 表示未获得授权; */ - boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy); + boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy); /** * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;
@@ -55,7 +71,7 @@ public interface SecurityPolicy { * @param midPolicy 针对多个签名用户的权限策略; * @return 返回 true 表示获得授权; 返回 false 表示未获得授权; */ - boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy); + boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy); /** * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;
@@ -64,7 +80,23 @@ public interface SecurityPolicy { * @param midPolicy 针对多个签名用户的权限策略; * @return 返回 true 表示获得授权; 返回 false 表示未获得授权; */ - boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy); + boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy); + + /** + * 检查终端身份的合法性; + * + * @param midPolicy + * @throws LedgerSecurityException + */ + void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException; + + /** + * 检查节点身份的合法性; + * + * @param midPolicy + * @throws LedgerSecurityException + */ + void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException; /** * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;
@@ -74,7 +106,7 @@ public interface SecurityPolicy { * @param midPolicy 针对多个签名用户的权限策略; * @throws LedgerSecurityException */ - void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; + void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; /** * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;
@@ -84,7 +116,8 @@ public interface SecurityPolicy { * @param midPolicy * @throws LedgerSecurityException */ - void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; + void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) + throws LedgerSecurityException; /** * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;
@@ -94,7 +127,7 @@ public interface SecurityPolicy { * @param midPolicy * @throws LedgerSecurityException */ - void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; + void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; /** * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;
@@ -104,6 +137,6 @@ public interface SecurityPolicy { * @param midPolicy * @throws LedgerSecurityException */ - void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException; + void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; } diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java index 9a2ddcef..cab2a4e2 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java @@ -46,7 +46,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { private LedgerEditor newBlockEditor; - private LedgerDataQuery previousBlockDataset; + private LedgerDataQuery ledgerQueryer; private OperationHandleRegisteration opHandles; @@ -60,15 +60,15 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { private TransactionBatchResult batchResult; /** - * @param newBlockEditor 新区块的数据编辑器; - * @param previousBlockDataset 新区块的前一个区块的数据集;即未提交新区块之前的经过共识的账本最新数据集; - * @param opHandles 操作处理对象注册表; + * @param newBlockEditor 新区块的数据编辑器; + * @param ledgerQueryer 账本查询器,只包含新区块的前一个区块的数据集;即未提交新区块之前的经过共识的账本最新数据集; + * @param opHandles 操作处理对象注册表; */ public TransactionBatchProcessor(LedgerSecurityManager securityManager, LedgerEditor newBlockEditor, - LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles, LedgerService ledgerService) { + LedgerDataQuery ledgerQueryer, OperationHandleRegisteration opHandles, LedgerService ledgerService) { this.securityManager = securityManager; this.newBlockEditor = newBlockEditor; - this.previousBlockDataset = previousBlockDataset; + this.ledgerQueryer = ledgerQueryer; this.opHandles = opHandles; this.ledgerService = ledgerService; } @@ -95,7 +95,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { SecurityContext.setContextUsersPolicy(securityPolicy); // 安全校验; - checkSecurity(); + checkSecurity(securityPolicy); // 验证交易请求; checkRequest(reqExt); @@ -143,23 +143,26 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { } /** - * 验证交易的参与方的权限; + * 执行安全验证; */ - private void checkSecurity() { - SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - - // 验证当前交易请求的节点参与方是否具有权限; - securityPolicy.checkNodes(LedgerPermission.APPROVE_TX, MultiIdsPolicy.AT_LEAST_ONE); + private void checkSecurity(SecurityPolicy securityPolicy) { + // 验证节点和终端身份的合法性; + // 多重身份签署的必须全部身份都合法; + securityPolicy.checkEndpointValidity(MultiIDsPolicy.ALL); + securityPolicy.checkNodeValidity(MultiIDsPolicy.ALL); + + // 验证参与方节点是否具有核准交易的权限; + securityPolicy.checkNodePermission(LedgerPermission.APPROVE_TX, MultiIDsPolicy.AT_LEAST_ONE); } private void checkRequest(TransactionRequestExtension reqExt) { // TODO: 把验签和创建交易并行化; - checkTxContent(reqExt); + checkTxContentHash(reqExt); checkEndpointSignatures(reqExt); checkNodeSignatures(reqExt); } - private void checkTxContent(TransactionRequestExtension requestExt) { + private void checkTxContentHash(TransactionRequestExtension requestExt) { TransactionContent txContent = requestExt.getTransactionContent(); if (!TxBuilder.verifyTxContentHash(txContent, txContent.getHash())) { // 由于哈希校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求; @@ -169,44 +172,34 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { } } - private void checkEndpointSignatures(TransactionRequestExtension request) { + private void checkNodeSignatures(TransactionRequestExtension request) { TransactionContent txContent = request.getTransactionContent(); - Collection endpoints = request.getEndpoints(); - if (endpoints != null) { - for (Credential endpoint : endpoints) { - if (!previousBlockDataset.getUserAccountSet().contains(endpoint.getAddress())) { - throw new UserDoesNotExistException( - "The endpoint signer[" + endpoint.getAddress() + "] was not registered!"); - } - - if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(), - endpoint.getPubKey())) { + Collection nodes = request.getNodes(); + if (nodes != null) { + for (Credential node : nodes) { + if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(), + node.getPubKey())) { // 由于签名校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求; throw new IllegalTransactionException( - String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!", - request.getTransactionContent().getHash(), endpoint.getAddress()), + String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!", + request.getTransactionContent().getHash(), node.getAddress()), TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE); } } } } - private void checkNodeSignatures(TransactionRequestExtension request) { + private void checkEndpointSignatures(TransactionRequestExtension request) { TransactionContent txContent = request.getTransactionContent(); - Collection nodes = request.getNodes(); - if (nodes != null) { - for (Credential node : nodes) { - if (!previousBlockDataset.getAdminDataset().getParticipantDataset().contains(node.getAddress())) { - throw new ParticipantDoesNotExistException( - "The node signer[" + node.getAddress() + "] was not registered to the participant set!"); - } - - if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(), - node.getPubKey())) { + Collection endpoints = request.getEndpoints(); + if (endpoints != null) { + for (Credential endpoint : endpoints) { + if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(), + endpoint.getPubKey())) { // 由于签名校验失败,引发IllegalTransactionException,使外部调用抛弃此交易请求; throw new IllegalTransactionException( - String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!", - request.getTransactionContent().getHash(), node.getAddress()), + String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!", + request.getTransactionContent().getHash(), endpoint.getAddress()), TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE); } } @@ -236,14 +229,14 @@ public class TransactionBatchProcessor implements TransactionBatchProcess { // assert; Instance of operation are one of User related operations or // DataAccount related operations; OperationHandle hdl = opHandles.getHandle(operation.getClass()); - hdl.process(operation, dataset, request, previousBlockDataset, this, ledgerService); + hdl.process(operation, dataset, request, ledgerQueryer, this, ledgerService); } }; OperationHandle opHandle; int opIndex = 0; for (Operation op : ops) { opHandle = opHandles.getHandle(op.getClass()); - BytesValue opResult = opHandle.process(op, dataset, request, previousBlockDataset, handleContext, + BytesValue opResult = opHandle.process(op, dataset, request, ledgerQueryer, handleContext, ledgerService); if (opResult != null) { operationResults.add(new OperationResultData(opIndex, opResult)); diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java index 900b6f28..928997fd 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java @@ -43,8 +43,10 @@ public class TransactionEngineImpl implements TransactionEngine { LedgerDataQuery previousBlockDataset = ledgerRepo.getDataSet(ledgerBlock); LedgerAdminDataQuery previousAdminDataset = previousBlockDataset.getAdminDataset(); - LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(previousAdminDataset.getAdminInfo().getRolePrivileges(), - previousAdminDataset.getAdminInfo().getUserRoles()); + LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl( + previousAdminDataset.getAdminInfo().getRolePrivileges(), + previousAdminDataset.getAdminInfo().getUserRoles(), previousAdminDataset.getParticipantDataset(), + previousBlockDataset.getUserAccountSet()); batch = new InnerTransactionBatchProcessor(ledgerHash, securityManager, newBlockEditor, previousBlockDataset, opHdlRegs, ledgerService, ledgerBlock.getHeight()); batchs.put(ledgerHash, batch); @@ -75,8 +77,8 @@ public class TransactionEngineImpl implements TransactionEngine { * @param opHandles 操作处理对象注册表; */ public InnerTransactionBatchProcessor(HashDigest ledgerHash, LedgerSecurityManager securityManager, - LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles, - LedgerService ledgerService, long blockHeight) { + LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset, + OperationHandleRegisteration opHandles, LedgerService ledgerService, long blockHeight) { super(securityManager, newBlockEditor, previousBlockDataset, opHandles, ledgerService); this.ledgerHash = ledgerHash; this.blockHeight = blockHeight; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java index 58444d3b..36a2a0ae 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java @@ -7,7 +7,7 @@ import com.jd.blockchain.ledger.TransactionPermission; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandle; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; @@ -49,7 +49,7 @@ public abstract class AbstractLedgerOperationHandle impleme OperationHandleContext handleContext, LedgerService ledgerService) { // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(TransactionPermission.DIRECT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(TransactionPermission.DIRECT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; @SuppressWarnings("unchecked") diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java index ccbce284..af1d95b4 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java @@ -15,7 +15,7 @@ import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerQueryService; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandle; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; @@ -35,7 +35,7 @@ public abstract class AbtractContractEventSendOperationHandle implements Operati LedgerDataQuery previousBlockDataset, OperationHandleContext opHandleContext, LedgerService ledgerService) { // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(TransactionPermission.CONTRACT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(TransactionPermission.CONTRACT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; ContractEventSendOperation contractOP = (ContractEventSendOperation) op; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java index 9d975227..e054a1e2 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java @@ -5,7 +5,7 @@ import com.jd.blockchain.ledger.LedgerPermission; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; import com.jd.blockchain.ledger.core.SecurityPolicy; @@ -26,7 +26,7 @@ public class ContractCodeDeployOperationHandle extends AbstractLedgerOperationHa // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(LedgerPermission.UPGRADE_CONTRACT, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(LedgerPermission.UPGRADE_CONTRACT, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; ContractCodeDeployOperation contractOP = (ContractCodeDeployOperation) op; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java index 6fd498e2..6661a6d5 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java @@ -9,7 +9,7 @@ import com.jd.blockchain.ledger.core.DataAccount; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; import com.jd.blockchain.ledger.core.SecurityPolicy; @@ -27,7 +27,7 @@ public class DataAccountKVSetOperationHandle extends AbstractLedgerOperationHand OperationHandleContext handleContext, LedgerService ledgerService) { // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; DataAccount account = newBlockDataset.getDataAccountSet().getDataAccount(kvWriteOp.getAccountAddress()); diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java index 2e0f872e..0c031d5d 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java @@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.LedgerPermission; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; import com.jd.blockchain.ledger.core.SecurityPolicy; @@ -25,7 +25,7 @@ public class DataAccountRegisterOperationHandle extends AbstractLedgerOperationH // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; DataAccountRegisterOperation dataAccountRegOp = (DataAccountRegisterOperation) op; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java new file mode 100644 index 00000000..39862be0 --- /dev/null +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java @@ -0,0 +1,27 @@ +package com.jd.blockchain.ledger.core.handles; + +import com.jd.blockchain.ledger.BytesValue; +import com.jd.blockchain.ledger.LedgerInitOperation; +import com.jd.blockchain.ledger.Operation; +import com.jd.blockchain.ledger.core.LedgerDataQuery; +import com.jd.blockchain.ledger.core.LedgerDataset; +import com.jd.blockchain.ledger.core.LedgerService; +import com.jd.blockchain.ledger.core.OperationHandle; +import com.jd.blockchain.ledger.core.OperationHandleContext; +import com.jd.blockchain.ledger.core.TransactionRequestExtension; + +public class LedgerInitOperationHandle implements OperationHandle { + + @Override + public Class getOperationType() { + return LedgerInitOperation.class; + } + + @Override + public BytesValue process(Operation op, LedgerDataset newBlockDataset, TransactionRequestExtension requestContext, + LedgerDataQuery previousBlockDataset, OperationHandleContext handleContext, LedgerService ledgerService) { + // 对初始化操作不需要做任何处理; + return null; + } + +} diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java index 7f3c51bb..3ae02b4e 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java @@ -8,7 +8,7 @@ import com.jd.blockchain.ledger.RolesConfigureOperation.RolePrivilegeEntry; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; import com.jd.blockchain.ledger.core.SecurityPolicy; @@ -25,7 +25,7 @@ public class RolesConfigureOperationHandle extends AbstractLedgerOperationHandle OperationHandleContext handleContext, LedgerService ledgerService) { // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; RolePrivilegeEntry[] rpcfgs = operation.getRoles(); diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java index b5fee9bb..b4747dbf 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java @@ -13,7 +13,7 @@ import com.jd.blockchain.ledger.UserRolesSettings; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; import com.jd.blockchain.ledger.core.SecurityPolicy; @@ -30,7 +30,7 @@ public class UserAuthorizeOperationHandle extends AbstractLedgerOperationHandle< OperationHandleContext handleContext, LedgerService ledgerService) { // 权限校验; SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy(); - securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE); + securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE); // 操作账本; diff --git a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java index 6307968d..3b8f043d 100644 --- a/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java +++ b/source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java @@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.UserRegisterOperation; import com.jd.blockchain.ledger.core.LedgerDataQuery; import com.jd.blockchain.ledger.core.LedgerDataset; import com.jd.blockchain.ledger.core.LedgerService; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.OperationHandleContext; import com.jd.blockchain.ledger.core.SecurityContext; import com.jd.blockchain.ledger.core.SecurityPolicy; @@ -24,7 +24,7 @@ public class UserRegisterOperationHandle extends AbstractLedgerOperationHandle endpoints = new HashMap<>(); @@ -146,16 +152,16 @@ public class LedgerSecurityManagerTest { // 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限; if (p == LedgerPermission.REGISTER_USER || p == LedgerPermission.REGISTER_DATA_ACCOUNT || p == LedgerPermission.WRITE_DATA_ACCOUNT) { - assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } else { - assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } if (p == LedgerPermission.APPROVE_TX) { // 共识参与方只有 PLATFORM 角色的权限:核准交易; - assertTrue(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertTrue(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } else { - assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } } @@ -163,12 +169,12 @@ public class LedgerSecurityManagerTest { for (TransactionPermission p : transactionPermissions) { // 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限; if (p == TransactionPermission.DIRECT_OPERATION || p == TransactionPermission.CONTRACT_OPERATION) { - assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } else { - assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } - assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE)); + assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE)); } } diff --git a/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java b/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java index 8e7b68b5..1f7dbbc1 100644 --- a/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java +++ b/source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java @@ -122,10 +122,10 @@ public class TransactionBatchProcessorTest { LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class); SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class); - when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true); - when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true); - when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true); - when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true); + when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true); + when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true); + when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true); + when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true); when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy); diff --git a/source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java b/source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java index c1ac727f..e8769ee4 100644 --- a/source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java +++ b/source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java @@ -45,7 +45,7 @@ import com.jd.blockchain.ledger.core.LedgerEditor; import com.jd.blockchain.ledger.core.LedgerManager; import com.jd.blockchain.ledger.core.LedgerRepository; import com.jd.blockchain.ledger.core.LedgerSecurityManager; -import com.jd.blockchain.ledger.core.MultiIdsPolicy; +import com.jd.blockchain.ledger.core.MultiIDsPolicy; import com.jd.blockchain.ledger.core.SecurityPolicy; import com.jd.blockchain.ledger.core.TransactionBatchProcessor; import com.jd.blockchain.service.TransactionBatchResultHandle; @@ -676,44 +676,61 @@ public class LedgerPerformanceTest { } @Override - public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) { + public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { return true; } @Override - public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) { + public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { return true; } @Override - public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) { + public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) { return true; } @Override - public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) { - // TODO Auto-generated method stub - return false; + public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) { + return true; } @Override - public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) + public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { } @Override - public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) + public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { } @Override - public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException { + public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { } @Override - public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) + public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException { } + @Override + public boolean isEndpointValid(MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public boolean isNodeValid(MultiIDsPolicy midPolicy) { + return true; + } + + @Override + public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { + } + + @Override + public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException { + } + } } diff --git a/source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java b/source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java index 26f54dc5..d062ea23 100644 --- a/source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java +++ b/source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java @@ -451,10 +451,10 @@ public class MockerNodeContext implements BlockchainQueryService { LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class); SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class); - when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true); - when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true); - when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true); - when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true); + when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true); + when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true); + when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true); + when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true); when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);