Merge pull request #322 from meshplus/feat/add-certificate-validation-configuration

feat(*): add certificate validation configuration
2021-01-26 16:34:09 +08:00 · 2021-01-26 16:34:09 +08:00 · e7a1995c50
parent 809341fb63 6baebe469c
commit e7a1995c50
7 changed files with 93 additions and 10 deletions
--- a/config/bitxhub.toml
+++ b/config/bitxhub.toml
@ -45,6 +45,9 @@ server_key_path = "certs/server.key"

 [cert]
  verify = true
+  node_cert_path = "certs/node.cert"
+  agency_cert_path = "certs/agency.cert"
+  ca_cert_path = "certs/ca.cert"

 [order]
  plugin = "plugins/raft.so"
--- a/go.mod
+++ b/go.mod
@ -28,7 +28,7 @@ require (
 	github.com/meshplus/bitxhub-core v0.1.0-rc1.0.20210126064930-8245c5b45956
 	github.com/meshplus/bitxhub-kit v1.1.2-0.20210112075018-319e668d6359
 	github.com/meshplus/bitxhub-model v1.1.2-0.20210107045700-cee670a2e117
-	github.com/meshplus/go-libp2p-cert v0.0.0-20210120021632-1578cf63e06a
+	github.com/meshplus/go-libp2p-cert v0.0.0-20210125063330-7c25fd5b7a49
 	github.com/meshplus/go-lightp2p v0.0.0-20210120082108-df5a536a6192
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/multiformats/go-multiaddr v0.2.2
--- a/go.sum
+++ b/go.sum
@ -615,6 +615,8 @@ github.com/meshplus/bitxhub-model v1.1.2-0.20210107045700-cee670a2e117 h1:q1FT1D
 github.com/meshplus/bitxhub-model v1.1.2-0.20210107045700-cee670a2e117/go.mod h1:x3H+TL24wcByzHegenLfs+5PQkQGNsk8eCm31QJMa+Q=
 github.com/meshplus/go-libp2p-cert v0.0.0-20210120021632-1578cf63e06a h1:eg1BDjSOsz3cdH49kPE8c2XnIFlLTPEMJLqpofV/OEY=
 github.com/meshplus/go-libp2p-cert v0.0.0-20210120021632-1578cf63e06a/go.mod h1:rS4AYMqKypLn2IPEnHICP//V2v16SZo4CWUbwMdihl0=
+github.com/meshplus/go-libp2p-cert v0.0.0-20210125063330-7c25fd5b7a49 h1:F8dpLJZW6FxqinAQcZKTkoymZgxnqlNvTebNqWVMEYI=
+github.com/meshplus/go-libp2p-cert v0.0.0-20210125063330-7c25fd5b7a49/go.mod h1:rS4AYMqKypLn2IPEnHICP//V2v16SZo4CWUbwMdihl0=
 github.com/meshplus/go-lightp2p v0.0.0-20210120082108-df5a536a6192 h1:DyNmWuI8Awrd+OUFIXmJitSmvzywwoPygpSqAPjr85M=
 github.com/meshplus/go-lightp2p v0.0.0-20210120082108-df5a536a6192/go.mod h1:56+jusXmfu7IVTJtani81emdHL5zwGnoXUgJIjw3Ijo=
 github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
--- a/internal/repo/config.go
+++ b/internal/repo/config.go
@ -101,7 +101,10 @@ type Genesis struct {
 }

 type Cert struct {
-	Verify bool `toml:"verify" json:"verify"`
+	Verify         bool   `toml:"verify" json:"verify"`
+	NodeCertPath   string `mapstructure:"node_cert_path" json:"node_cert_path"`
+	AgencyCertPath string `mapstructure:"agency_cert_path" json:"agency_cert_path"`
+	CACertPath     string `mapstructure:"ca_cert_path" json:"ca_cert_path"`
 }

 type Txpool struct {
@ -152,7 +155,12 @@ func DefaultConfig() (*Config, error) {
 				CoreAPI:   "info",
 			},
 		},
-		Cert: Cert{Verify: true},
+		Cert: Cert{
+			Verify:         true,
+			NodeCertPath:   "certs/node.cert",
+			AgencyCertPath: "certs/agency.cert",
+			CACertPath:     "certs/ca.cert",
+		},
 		Txpool: Txpool{
 			BatchSize:    500,
 			BatchTimeout: 500 * time.Millisecond,
--- a/internal/repo/repo.go
+++ b/internal/repo/repo.go
@ -26,7 +26,7 @@ func Load(repoRoot string) (*Repo, error) {
 		return nil, fmt.Errorf("load network config: %w", err)
 	}

-	certs, err := libp2pcert.LoadCerts(repoRoot)
+	certs, err := libp2pcert.LoadCerts(repoRoot, config.NodeCertPath, config.AgencyCertPath, config.CACertPath)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/order/etcdraft/node_test.go
+++ b/pkg/order/etcdraft/node_test.go
@ -91,7 +91,7 @@ func TestNode_Start(t *testing.T) {

 func TestMulti_Node_Start(t *testing.T) {
 	peerCnt := 4
-	swarms, nodes := newSwarms(t, peerCnt)
+	swarms, nodes := newSwarms(t, peerCnt, true)

 	//time.Sleep(3 * time.Second)
 	repoRoot, err := ioutil.TempDir("", "nodes")
@ -145,6 +145,61 @@ func TestMulti_Node_Start(t *testing.T) {
 	}
 }

+func TestMulti_Node_Start_Without_Cert_Verification(t *testing.T) {
+	peerCnt := 4
+	swarms, nodes := newSwarms(t, peerCnt, false)
+
+	repoRoot, err := ioutil.TempDir("", "nodes")
+	defer os.RemoveAll(repoRoot)
+
+	fileData, err := ioutil.ReadFile("../../../config/order.toml")
+	require.Nil(t, err)
+
+	orders := make([]order.Order, 0)
+	for i := 0; i < peerCnt; i++ {
+		nodePath := fmt.Sprintf("node%d", i)
+		nodeRepo := filepath.Join(repoRoot, nodePath)
+		err := os.Mkdir(nodeRepo, 0744)
+		require.Nil(t, err)
+		orderPath := filepath.Join(nodeRepo, "order.toml")
+		err = ioutil.WriteFile(orderPath, fileData, 0744)
+		require.Nil(t, err)
+
+		ID := i + 1
+		order, err := NewNode(
+			order.WithRepoRoot(nodeRepo),
+			order.WithID(uint64(ID)),
+			order.WithNodes(nodes),
+			order.WithPeerManager(swarms[i]),
+			order.WithStoragePath(repo.GetStoragePath(nodeRepo, "order")),
+			order.WithLogger(log.NewWithModule("consensus")),
+			order.WithGetBlockByHeightFunc(nil),
+			order.WithApplied(1),
+		)
+		require.Nil(t, err)
+		err = order.Start()
+		require.Nil(t, err)
+		orders = append(orders, order)
+		go listen(t, order, swarms[i])
+	}
+
+	for {
+		time.Sleep(200 * time.Millisecond)
+		err := orders[0].Ready()
+		if err == nil {
+			break
+		}
+	}
+	tx := generateTx()
+	err = orders[0].Prepare(tx)
+	require.Nil(t, err)
+	for i := 0; i < len(orders); i++ {
+		commitEvent := <-orders[i].Commit()
+		require.Equal(t, uint64(2), commitEvent.Block.BlockHeader.Number)
+		require.Equal(t, 1, len(commitEvent.Block.Transactions))
+	}
+}
+
 func listen(t *testing.T, order order.Order, swarm *peermgr.Swarm) {
 	orderMsgCh := make(chan events.OrderMessageEvent)
 	sub := swarm.SubscribeOrderMessage(orderMsgCh)
@ -234,7 +289,7 @@ func convertToLibp2pPrivKey(privateKey crypto.PrivateKey) (crypto2.PrivKey, erro
 	return libp2pPrivKey, nil
 }

-func newSwarms(t *testing.T, peerCnt int) ([]*peermgr.Swarm, map[uint64]*pb.VpInfo) {
+func newSwarms(t *testing.T, peerCnt int, certVerify bool) ([]*peermgr.Swarm, map[uint64]*pb.VpInfo) {
 	var swarms []*peermgr.Swarm
 	nodes := make(map[uint64]*pb.VpInfo)
 	nodeKeys, privKeys, addrs, ids := genKeysAndConfig(t, peerCnt)
@ -272,6 +327,13 @@ func newSwarms(t *testing.T, peerCnt int) ([]*peermgr.Swarm, map[uint64]*pb.VpIn
 				},
 			},
 		}
+
+		if certVerify {
+			repo.Config.Cert.Verify = true
+		} else {
+			repo.Config.Cert.Verify = false
+		}
+
 		idx := strings.LastIndex(addrs[i], "/p2p/")
 		local := addrs[i][:idx]
 		repo.NetworkConfig.LocalAddr = local
--- a/pkg/peermgr/swarm.go
+++ b/pkg/peermgr/swarm.go
@ -74,7 +74,8 @@ func New(repoConfig *repo.Repo, logger logrus.FieldLogger, ledger ledger.Ledger)
 	}

 	notifiee := newNotifiee(routers, logger)
-	p2p, err := network.New(
+
+	opts := []network.Option{
 		network.WithLocalAddr(repoConfig.NetworkConfig.LocalAddr),
 		network.WithPrivateKey(repoConfig.Key.Libp2pPrivKey),
 		network.WithProtocolIDs(protocolIDs),
@ -82,9 +83,16 @@ func New(repoConfig *repo.Repo, logger logrus.FieldLogger, ledger ledger.Ledger)
 		// enable discovery
 		network.WithBootstrap(bootstrap),
 		network.WithNotify(notifiee),
-		network.WithTransportId(libp2pcert.ID),
-		network.WithTransport(tpt),
-	)
+	}
+
+	if repoConfig.Config.Cert.Verify {
+		opts = append(opts,
+			network.WithTransportId(libp2pcert.ID),
+			network.WithTransport(tpt),
+		)
+	}
+
+	p2p, err := network.New(opts...)
 	if err != nil {
 		return nil, fmt.Errorf("create p2p: %w", err)
 	}