Nc 1942 Add account whitelisting and refactor into permissioning package (#460)

* WS sync subscription delay added * WS sync subscription delay added with unit testing * WS sync subscription delay added with unit testing * changed number to a constant in constructor * Use default from websocket class instead of making new one * Removed magic numbers * Added Controller * Refactor permissioning config and account whitelist into permissioning package * Refactor permissioning config and account whitelist into permissioning package * Refactor permissioning config and account whitelist into permissioning package * Merge branch 'master' of https://github.com/PegaSysEng/pantheon into NC-1942 # Conflicts: # consensus/ibft/src/test/java/tech/pegasys/pantheon/consensus/ibft/statemachine/IbftControllerTest.java # docs/Getting-Started/ExplorerBlockDetails.png # docs/Getting-Started/ExplorerSearch.png # docs/Getting-Started/ExplorerSummary.png # ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfiguration.java # ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfigurationTest.java # pantheon/src/main/java/tech/pegasys/pantheon/cli/PantheonCommand.java # pantheon/src/test/java/tech/pegasys/pantheon/cli/PantheonCommandTest.java * Merge branch 'master' of https://github.com/PegaSysEng/pantheon into NC-1942 # Conflicts: # consensus/ibft/src/test/java/tech/pegasys/pantheon/consensus/ibft/statemachine/IbftControllerTest.java # docs/Getting-Started/ExplorerBlockDetails.png # docs/Getting-Started/ExplorerSearch.png # docs/Getting-Started/ExplorerSummary.png # ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfiguration.java # ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfigurationTest.java # pantheon/src/main/java/tech/pegasys/pantheon/cli/PantheonCommand.java # pantheon/src/test/java/tech/pegasys/pantheon/cli/PantheonCommandTest.java * Iron out merge conflict introduced bugs * Iron out merge conflict introduced bugs * Iron out merge conflict introduced bugs * PR Change request actioned * PR Change request actioned * PR Change request actioned * PR Change request actioned * updated node whitelist acceptance test to conform to refactored permissioning package * text change Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
6 years ago · 27c3ad5f78
parent 882acca983
commit 27c3ad5f78
33 changed files with 271 additions and 30 deletions
--- a/acceptance-tests/build.gradle
+++ b/acceptance-tests/build.gradle
@ -23,7 +23,7 @@ dependencies {
  testImplementation project(':ethereum:core')
  testImplementation project(':ethereum:blockcreation')
  testImplementation project(':ethereum:jsonrpc')
-  testImplementation project(':ethereum:p2p')
+  testImplementation project(':ethereum:permissioning')
  testImplementation project(':metrics')
  testImplementation project(':pantheon')
  testImplementation project(':util')
--- a/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/PantheonNode.java
+++ b/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/PantheonNode.java
@ -22,7 +22,7 @@ import tech.pegasys.pantheon.ethereum.core.MiningParameters;
 import tech.pegasys.pantheon.ethereum.core.Util;
 import tech.pegasys.pantheon.ethereum.jsonrpc.JsonRpcConfiguration;
 import tech.pegasys.pantheon.ethereum.jsonrpc.websocket.WebSocketConfiguration;
-import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.tests.acceptance.dsl.condition.Condition;
 import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.PantheonWeb3j;
 import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.Transaction;
--- a/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/ProcessPantheonNodeRunner.java
+++ b/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/ProcessPantheonNodeRunner.java
@ -17,7 +17,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 import tech.pegasys.pantheon.cli.EthNetworkConfig;
 import tech.pegasys.pantheon.ethereum.jsonrpc.RpcApi;
 import tech.pegasys.pantheon.ethereum.jsonrpc.RpcApis;
-import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import java.io.File;
 import java.io.IOException;
--- a/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/factory/PantheonFactoryConfiguration.java
+++ b/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/factory/PantheonFactoryConfiguration.java
@ -15,7 +15,7 @@ package tech.pegasys.pantheon.tests.acceptance.dsl.node.factory;
 import tech.pegasys.pantheon.ethereum.core.MiningParameters;
 import tech.pegasys.pantheon.ethereum.jsonrpc.JsonRpcConfiguration;
 import tech.pegasys.pantheon.ethereum.jsonrpc.websocket.WebSocketConfiguration;
-import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.tests.acceptance.dsl.node.GenesisConfigProvider;
 class PantheonFactoryConfiguration {
--- a/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/factory/PantheonFactoryConfigurationBuilder.java
+++ b/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/factory/PantheonFactoryConfigurationBuilder.java
@ -18,7 +18,7 @@ import tech.pegasys.pantheon.ethereum.core.MiningParameters;
 import tech.pegasys.pantheon.ethereum.core.MiningParametersTestBuilder;
 import tech.pegasys.pantheon.ethereum.jsonrpc.JsonRpcConfiguration;
 import tech.pegasys.pantheon.ethereum.jsonrpc.websocket.WebSocketConfiguration;
-import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.tests.acceptance.dsl.node.GenesisConfigProvider;
 import java.util.Optional;
--- a/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/factory/PantheonNodeFactory.java
+++ b/acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/factory/PantheonNodeFactory.java
@ -22,7 +22,7 @@ import tech.pegasys.pantheon.ethereum.core.Address;
 import tech.pegasys.pantheon.ethereum.jsonrpc.JsonRpcConfiguration;
 import tech.pegasys.pantheon.ethereum.jsonrpc.RpcApi;
 import tech.pegasys.pantheon.ethereum.jsonrpc.websocket.WebSocketConfiguration;
-import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.tests.acceptance.dsl.node.PantheonNode;
 import tech.pegasys.pantheon.tests.acceptance.dsl.node.RunnableNode;
--- a/ethereum/core/build.gradle
+++ b/ethereum/core/build.gradle
@ -30,6 +30,7 @@ dependencies {
  implementation project(':crypto')
  implementation project(':ethereum:rlp')
  implementation project(':ethereum:trie')
  implementation project(':ethereum:permissioning')
  implementation project(':metrics')
  implementation project(':services:kvstore')
--- a/ethereum/core/src/main/java/tech/pegasys/pantheon/ethereum/core/TransactionPool.java
+++ b/ethereum/core/src/main/java/tech/pegasys/pantheon/ethereum/core/TransactionPool.java
@ -24,12 +24,14 @@ import tech.pegasys.pantheon.ethereum.mainnet.ProtocolSchedule;
 import tech.pegasys.pantheon.ethereum.mainnet.TransactionValidator;
 import tech.pegasys.pantheon.ethereum.mainnet.TransactionValidator.TransactionInvalidReason;
 import tech.pegasys.pantheon.ethereum.mainnet.ValidationResult;
 import tech.pegasys.pantheon.ethereum.permissioning.AccountWhitelistController;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Comparator;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
 import org.apache.logging.log4j.Logger;
@ -47,6 +49,7 @@ public class TransactionPool implements BlockAddedObserver {
  private final ProtocolSchedule<?> protocolSchedule;
  private final ProtocolContext<?> protocolContext;
  private final TransactionBatchAddedListener transactionBatchAddedListener;
  private Optional<AccountWhitelistController> accountWhitelistController = Optional.empty();
  public TransactionPool(
      final PendingTransactions pendingTransactions,
@ -131,6 +134,13 @@ public class TransactionPool implements BlockAddedObserver {
      return basicValidationResult;
    }
    String sender = transaction.getSender().toString();
    if (accountIsNotWhitelisted(sender)) {
      return ValidationResult.invalid(
          TransactionInvalidReason.TX_SENDER_NOT_AUTHORIZED,
          String.format("Sender %s is not on the Account Whitelist", sender));
    }
    final BlockHeader chainHeadBlockHeader = getChainHeadBlockHeader();
    if (transaction.getGasLimit() > chainHeadBlockHeader.getGasLimit()) {
      return ValidationResult.invalid(
@ -147,6 +157,20 @@ public class TransactionPool implements BlockAddedObserver {
            pendingTransactions.getNextNonceForSender(transaction.getSender()));
  }
  private boolean accountIsNotWhitelisted(final String account) {
    if (useWhitelist()) {
      if (!accountWhitelistController.get().contains(account)) {
        return true;
      }
    }
    return false;
  }
  public boolean useWhitelist() {
    return (accountWhitelistController.isPresent()
        && accountWhitelistController.get().isAccountWhiteListSet());
  }
  private Account getSenderAccount(
      final Transaction transaction, final BlockHeader chainHeadHeader) {
    final WorldState worldState =
@ -163,4 +187,8 @@ public class TransactionPool implements BlockAddedObserver {
    void onTransactionsAdded(Iterable<Transaction> transactions);
  }
  public void setAccountWhitelist(AccountWhitelistController accountWhitelist) {
    accountWhitelistController = Optional.of(accountWhitelist);
  }
 }
--- a/ethereum/core/src/main/java/tech/pegasys/pantheon/ethereum/mainnet/TransactionValidator.java
+++ b/ethereum/core/src/main/java/tech/pegasys/pantheon/ethereum/mainnet/TransactionValidator.java
@ -55,6 +55,7 @@ public interface TransactionValidator {
    NONCE_TOO_LOW,
    INCORRECT_NONCE,
    INTRINSIC_GAS_EXCEEDS_GAS_LIMIT,
-    EXCEEDS_BLOCK_GAS_LIMIT
+    EXCEEDS_BLOCK_GAS_LIMIT,
    TX_SENDER_NOT_AUTHORIZED
  }
 }
--- a/ethereum/core/src/test/java/tech/pegasys/pantheon/ethereum/core/TransactionPoolTest.java
+++ b/ethereum/core/src/test/java/tech/pegasys/pantheon/ethereum/core/TransactionPoolTest.java
@ -30,6 +30,7 @@ import static org.mockito.Mockito.verifyZeroInteractions;
 import static org.mockito.Mockito.when;
 import static tech.pegasys.pantheon.ethereum.mainnet.TransactionValidator.TransactionInvalidReason.EXCEEDS_BLOCK_GAS_LIMIT;
 import static tech.pegasys.pantheon.ethereum.mainnet.TransactionValidator.TransactionInvalidReason.NONCE_TOO_LOW;
 import static tech.pegasys.pantheon.ethereum.mainnet.TransactionValidator.TransactionInvalidReason.TX_SENDER_NOT_AUTHORIZED;
 import static tech.pegasys.pantheon.ethereum.mainnet.ValidationResult.valid;
 import tech.pegasys.pantheon.crypto.SECP256K1.KeyPair;
@ -40,6 +41,7 @@ import tech.pegasys.pantheon.ethereum.mainnet.ProtocolSchedule;
 import tech.pegasys.pantheon.ethereum.mainnet.ProtocolSpec;
 import tech.pegasys.pantheon.ethereum.mainnet.TransactionValidator;
 import tech.pegasys.pantheon.ethereum.mainnet.ValidationResult;
 import tech.pegasys.pantheon.ethereum.permissioning.AccountWhitelistController;
 import tech.pegasys.pantheon.util.uint.UInt256;
 import java.util.List;
@ -70,6 +72,8 @@ public class TransactionPoolTest {
  private final Transaction transaction2 = createTransaction(2);
  private TransactionPool transactionPool;
  private long genesisBlockGasLimit;
  private final AccountWhitelistController accountWhitelistController =
      mock(AccountWhitelistController.class);
  @Before
  public void setUp() {
@ -355,6 +359,45 @@ public class TransactionPoolTest {
    verifyZeroInteractions(batchAddedListener);
  }
  @Test
  public void shouldAllowWhitelistedTransactionWhenWhitelistEnabled() {
    transactionPool.setAccountWhitelist(accountWhitelistController);
    givenTransactionIsValid(transaction1);
    when(accountWhitelistController.isAccountWhiteListSet()).thenReturn(true);
    when(accountWhitelistController.contains(transaction1.getSender().toString())).thenReturn(true);
    assertThat(transactionPool.addLocalTransaction(transaction1)).isEqualTo(valid());
    assertTransactionPending(transaction1);
  }
  @Test
  public void shouldRejectNonWhitelistedTransactionWhenWhitelistEnabled() {
    transactionPool.setAccountWhitelist(accountWhitelistController);
    givenTransactionIsValid(transaction1);
    when(accountWhitelistController.isAccountWhiteListSet()).thenReturn(true);
    when(accountWhitelistController.contains(transaction1.getSender().toString()))
        .thenReturn(false);
    assertThat(transactionPool.addLocalTransaction(transaction1))
        .isEqualTo(ValidationResult.invalid(TX_SENDER_NOT_AUTHORIZED));
    assertTransactionNotPending(transaction1);
    verifyZeroInteractions(batchAddedListener);
  }
  @Test
  public void shouldAllowTransactionWhenAccountWhitelistControllerIsNotPresent() {
    givenTransactionIsValid(transaction1);
    assertThat(transactionPool.useWhitelist()).isFalse();
    assertThat(transactionPool.addLocalTransaction(transaction1)).isEqualTo(valid());
    assertTransactionPending(transaction1);
  }
  private void assertTransactionPending(final Transaction t) {
    assertThat(transactions.getTransactionByHash(t.hash())).contains(t);
  }
--- a/ethereum/eth/build.gradle
+++ b/ethereum/eth/build.gradle
@ -29,6 +29,7 @@ dependencies {
  implementation project(':ethereum:core')
  implementation project(':ethereum:p2p')
  implementation project(':ethereum:rlp')
  implementation project(':ethereum:permissioning')
  implementation project(':metrics')
  implementation project(':services:kvstore')
--- a/ethereum/eth/src/test/java/tech/pegasys/pantheon/ethereum/eth/transactions/TestNode.java
+++ b/ethereum/eth/src/test/java/tech/pegasys/pantheon/ethereum/eth/transactions/TestNode.java
@ -37,7 +37,6 @@ import tech.pegasys.pantheon.ethereum.p2p.api.P2PNetwork;
 import tech.pegasys.pantheon.ethereum.p2p.api.PeerConnection;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.NetworkingConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.RlpxConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.netty.NettyP2PNetwork;
 import tech.pegasys.pantheon.ethereum.p2p.peers.DefaultPeer;
@ -46,6 +45,7 @@ import tech.pegasys.pantheon.ethereum.p2p.peers.Peer;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.p2p.wire.messages.DisconnectMessage.DisconnectReason;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.metrics.noop.NoOpMetricsSystem;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
--- a/ethereum/p2p/build.gradle
+++ b/ethereum/p2p/build.gradle
@ -28,6 +28,7 @@ jar {
 dependencies {
  implementation project(':crypto')
  implementation project(':ethereum:core')
  implementation project(':ethereum:permissioning')
  implementation project(':ethereum:rlp')
  implementation project(':metrics')
--- a/ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/permissioning/NodeWhitelistController.java
+++ b/ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/permissioning/NodeWhitelistController.java
@ -12,9 +12,9 @@
 */
 package tech.pegasys.pantheon.ethereum.p2p.permissioning;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.peers.DefaultPeer;
 import tech.pegasys.pantheon.ethereum.p2p.peers.Peer;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import java.net.URI;
 import java.util.ArrayList;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/NettyP2PNetworkTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/NettyP2PNetworkTest.java
@ -25,7 +25,6 @@ import tech.pegasys.pantheon.ethereum.p2p.api.P2PNetwork;
 import tech.pegasys.pantheon.ethereum.p2p.api.PeerConnection;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.NetworkingConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.RlpxConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.netty.NettyP2PNetwork;
 import tech.pegasys.pantheon.ethereum.p2p.netty.exceptions.IncompatiblePeerException;
@ -38,6 +37,7 @@ import tech.pegasys.pantheon.ethereum.p2p.wire.Capability;
 import tech.pegasys.pantheon.ethereum.p2p.wire.PeerInfo;
 import tech.pegasys.pantheon.ethereum.p2p.wire.SubProtocol;
 import tech.pegasys.pantheon.ethereum.p2p.wire.messages.DisconnectMessage.DisconnectReason;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.metrics.noop.NoOpMetricsSystem;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/NetworkingServiceLifecycleTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/NetworkingServiceLifecycleTest.java
@ -22,11 +22,11 @@ import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.api.P2PNetwork;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.NetworkingConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.PeerDiscoveryServiceException;
 import tech.pegasys.pantheon.ethereum.p2p.netty.NettyP2PNetwork;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.metrics.noop.NoOpMetricsSystem;
 import tech.pegasys.pantheon.util.NetworkUtility;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/AbstractPeerDiscoveryTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/AbstractPeerDiscoveryTest.java
@ -16,13 +16,13 @@ import static io.vertx.core.Vertx.vertx;
 import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.Packet;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PacketType;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PingPacketData;
 import tech.pegasys.pantheon.ethereum.p2p.peers.Endpoint;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
 import java.util.List;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/PeerDiscoveryAgentTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/PeerDiscoveryAgentTest.java
@ -19,7 +19,6 @@ import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.api.MessageData;
 import tech.pegasys.pantheon.ethereum.p2p.api.PeerConnection;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.FindNeighborsPacketData;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.NeighborsPacketData;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.Packet;
@ -31,6 +30,7 @@ import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.p2p.wire.Capability;
 import tech.pegasys.pantheon.ethereum.p2p.wire.PeerInfo;
 import tech.pegasys.pantheon.ethereum.p2p.wire.messages.DisconnectMessage.DisconnectReason;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
 import java.net.SocketAddress;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/PeerDiscoveryObserversTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/PeerDiscoveryObserversTest.java
@ -19,11 +19,11 @@ import static org.awaitility.Awaitility.await;
 import static tech.pegasys.pantheon.ethereum.p2p.NetworkingTestHelper.configWithRandomPorts;
 import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.PeerDiscoveryEvent.PeerBondedEvent;
 import tech.pegasys.pantheon.ethereum.p2p.peers.Peer;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import java.util.ArrayList;
 import java.util.Collections;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/PeerDiscoveryTimestampsTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/PeerDiscoveryTimestampsTest.java
@ -18,7 +18,6 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.Packet;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PacketType;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PeerDiscoveryController;
@ -26,6 +25,7 @@ import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PeerTable;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PingPacketData;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import java.util.Collections;
 import java.util.concurrent.TimeUnit;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/internal/PeerDiscoveryControllerTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/internal/PeerDiscoveryControllerTest.java
@ -28,7 +28,6 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.DiscoveryPeer;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.PeerDiscoveryAgent;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.PeerDiscoveryStatus;
@ -37,6 +36,7 @@ import tech.pegasys.pantheon.ethereum.p2p.peers.Endpoint;
 import tech.pegasys.pantheon.ethereum.p2p.peers.Peer;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.util.bytes.Bytes32;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
 import tech.pegasys.pantheon.util.bytes.MutableBytesValue;
--- a/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/internal/PeerDiscoveryTableRefreshTest.java
+++ b/ethereum/p2p/src/test/java/tech/pegasys/pantheon/ethereum/p2p/discovery/internal/PeerDiscoveryTableRefreshTest.java
@ -23,12 +23,12 @@ import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import tech.pegasys.pantheon.crypto.SECP256K1;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.DiscoveryPeer;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.PeerDiscoveryAgent;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.PeerDiscoveryTestHelper;
 import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
 import java.util.ArrayList;
--- a/ethereum/permissioning/build.gradle
+++ b/ethereum/permissioning/build.gradle
@ -0,0 +1,33 @@
 /*
 * Copyright 2018 ConsenSys AG.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
 apply plugin: 'java-library'
 jar {
  baseName 'pantheon-permissioning'
  manifest {
    attributes(
      'Specification-Title': baseName,
      'Specification-Version': project.version,
      'Implementation-Title': baseName,
      'Implementation-Version': calculateVersion()
      )
  }
 }
 dependencies {
  testImplementation 'junit:junit'
  testImplementation 'org.assertj:assertj-core'
  testImplementation 'org.mockito:mockito-core'
 }
--- a/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistController.java
+++ b/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/AccountWhitelistController.java
@ -0,0 +1,51 @@
 /*
 * Copyright 2018 ConsenSys AG.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
 package tech.pegasys.pantheon.ethereum.permissioning;
 import java.util.ArrayList;
 import java.util.List;
 public class AccountWhitelistController {
  private final List<String> accountWhitelist;
  private boolean accountWhitelistSet = false;
  public AccountWhitelistController(final PermissioningConfiguration configuration) {
    accountWhitelist = new ArrayList<>();
    if (configuration != null && configuration.getAccountWhitelist() != null) {
      for (String hexString : configuration.getAccountWhitelist()) {
        accountWhitelist.add(hexString);
      }
      if (configuration.isNodeWhitelistSet()) {
        accountWhitelistSet = true;
      }
    }
  }
  public boolean addAccount(final String account) {
    accountWhitelistSet = true;
    return accountWhitelist.add(account);
  }
  public boolean removeAccount(final String account) {
    return accountWhitelist.remove(account);
  }
  public boolean contains(final String account) {
    return (!accountWhitelistSet || (accountWhitelistSet && accountWhitelist.contains(account)));
  }
  public boolean isAccountWhiteListSet() {
    return accountWhitelistSet;
  }
 }
--- a/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfiguration.java
+++ b/ethereum/permissioning/src/main/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfiguration.java
@ -10,7 +10,7 @@
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
-package tech.pegasys.pantheon.ethereum.p2p.config;
+package tech.pegasys.pantheon.ethereum.permissioning;
 import java.net.URI;
 import java.util.ArrayList;
@ -19,7 +19,9 @@ import java.util.List;
 public class PermissioningConfiguration {
  private List<URI> nodeWhitelist;
  private List<String> accountWhitelist;
  private boolean nodeWhitelistSet;
  private boolean accountWhitelistSet;
  public List<URI> getNodeWhitelist() {
    return nodeWhitelist;
@ -28,6 +30,7 @@ public class PermissioningConfiguration {
  public static PermissioningConfiguration createDefault() {
    final PermissioningConfiguration config = new PermissioningConfiguration();
    config.nodeWhitelist = new ArrayList<>();
    config.accountWhitelist = new ArrayList<>();
    return config;
  }
@ -42,7 +45,18 @@ public class PermissioningConfiguration {
    return nodeWhitelistSet;
  }
-  public boolean contains(final URI node) {
+  public List<String> getAccountWhitelist() {
-    return !isNodeWhitelistSet() || nodeWhitelist.contains(node);
+    return accountWhitelist;
  }
  public void setAccountWhitelist(final Collection<String> accountWhitelist) {
    if (accountWhitelist != null) {
      this.accountWhitelist.addAll(accountWhitelist);
      this.accountWhitelistSet = true;
    }
  }
  public boolean isAccountWhitelistSet() {
    return accountWhitelistSet;
  }
 }
--- a/ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfigurationTest.java
+++ b/ethereum/permissioning/src/test/java/tech/pegasys/pantheon/ethereum/permissioning/PermissioningConfigurationTest.java
@ -10,7 +10,7 @@
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
-package tech.pegasys.pantheon.ethereum.p2p.config;
+package tech.pegasys.pantheon.ethereum.permissioning;
 import static org.assertj.core.api.Assertions.assertThat;
@ -32,6 +32,8 @@ public class PermissioningConfigurationTest {
    final PermissioningConfiguration configuration = PermissioningConfiguration.createDefault();
    assertThat(configuration.getNodeWhitelist()).isEmpty();
    assertThat(configuration.isNodeWhitelistSet()).isFalse();
    assertThat(configuration.getAccountWhitelist()).isEmpty();
    assertThat(configuration.isAccountWhitelistSet()).isFalse();
  }
  @Test
@ -43,7 +45,7 @@ public class PermissioningConfigurationTest {
  }
  @Test
-  public void setNodeWhiteListPassingNullShouldNotChangeWhitelistSetFlag() {
+  public void setNodeWhiteListPassingNull() {
    final PermissioningConfiguration configuration = PermissioningConfiguration.createDefault();
    configuration.setNodeWhitelist(null);
    assertThat(configuration.getNodeWhitelist()).isEmpty();
@ -51,9 +53,19 @@ public class PermissioningConfigurationTest {
  }
  @Test
-  public void contains() {
+  public void setAccountWhitelist() {
    final String[] accounts = {"1111111111111111", "2222222222222222", "ffffffffffffffff"};
    final PermissioningConfiguration configuration = PermissioningConfiguration.createDefault();
-    configuration.setNodeWhitelist(Arrays.asList(nodes));
+    configuration.setAccountWhitelist(Arrays.asList(accounts));
-    assertThat(configuration.contains(URI.create("enode://001@123:4567"))).isTrue();
+    assertThat(configuration.getAccountWhitelist()).containsExactlyInAnyOrder(accounts);
    assertThat(configuration.isAccountWhitelistSet()).isTrue();
  }
  @Test
  public void setAccountWhiteListPassingNull() {
    final PermissioningConfiguration configuration = PermissioningConfiguration.createDefault();
    configuration.setAccountWhitelist(null);
    assertThat(configuration.getAccountWhitelist()).isEmpty();
    assertThat(configuration.isAccountWhitelistSet()).isFalse();
  }
 }
--- a/pantheon/build.gradle
+++ b/pantheon/build.gradle
@ -36,6 +36,7 @@ dependencies {
  implementation project(':ethereum:core')
  implementation project(':ethereum:eth')
  implementation project(':ethereum:jsonrpc')
  implementation project(':ethereum:permissioning')
  implementation project(':ethereum:p2p')
  implementation project(':ethereum:rlp')
  implementation project(':metrics')
--- a/pantheon/src/main/java/tech/pegasys/pantheon/RunnerBuilder.java
+++ b/pantheon/src/main/java/tech/pegasys/pantheon/RunnerBuilder.java
@ -43,7 +43,6 @@ import tech.pegasys.pantheon.ethereum.p2p.NetworkRunner;
 import tech.pegasys.pantheon.ethereum.p2p.api.ProtocolManager;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.NetworkingConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.RlpxConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.SubProtocolConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.discovery.internal.PeerRequirement;
@ -52,6 +51,8 @@ import tech.pegasys.pantheon.ethereum.p2p.peers.PeerBlacklist;
 import tech.pegasys.pantheon.ethereum.p2p.permissioning.NodeWhitelistController;
 import tech.pegasys.pantheon.ethereum.p2p.wire.Capability;
 import tech.pegasys.pantheon.ethereum.p2p.wire.SubProtocol;
 import tech.pegasys.pantheon.ethereum.permissioning.AccountWhitelistController;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.metrics.MetricsSystem;
 import tech.pegasys.pantheon.util.bytes.BytesValue;
@ -221,6 +222,12 @@ public class RunnerBuilder {
    final TransactionPool transactionPool = pantheonController.getTransactionPool();
    final MiningCoordinator miningCoordinator = pantheonController.getMiningCoordinator();
    if (permissioningConfiguration.isAccountWhitelistSet()) {
      AccountWhitelistController accountWhitelistController =
          new AccountWhitelistController(permissioningConfiguration);
      transactionPool.setAccountWhitelist(accountWhitelistController);
    }
    final FilterManager filterManager = createFilterManager(vertx, context, transactionPool);
    Optional<JsonRpcHttpService> jsonRpcHttpService = Optional.empty();
--- a/pantheon/src/main/java/tech/pegasys/pantheon/cli/PantheonCommand.java
+++ b/pantheon/src/main/java/tech/pegasys/pantheon/cli/PantheonCommand.java
@ -35,9 +35,9 @@ import tech.pegasys.pantheon.ethereum.jsonrpc.RpcApi;
 import tech.pegasys.pantheon.ethereum.jsonrpc.RpcApis;
 import tech.pegasys.pantheon.ethereum.jsonrpc.websocket.WebSocketConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.DiscoveryConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.peers.DefaultPeer;
 import tech.pegasys.pantheon.ethereum.p2p.peers.Peer;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.util.InvalidConfigurationException;
 import tech.pegasys.pantheon.metrics.MetricsSystem;
 import tech.pegasys.pantheon.metrics.prometheus.PrometheusMetricsSystem;
@ -404,13 +404,25 @@ public class PantheonCommand implements DefaultCommandValues, Runnable {
    names = {"--nodes-whitelist"},
    paramLabel = "<enode://id@host:port>",
    description =
-        "Comma separated enode URLs for permissioned networks. Not intended to be used with mainnet or public testnets.",
+        "Comma separated enode URLs for permissioned networks. "
            + "Not intended to be used with mainnet or public testnets.",
    split = ",",
    arity = "0..*",
    converter = EnodeToURIPropertyConverter.class
  )
  private final Collection<URI> nodesWhitelist = null;
  @Option(
    names = {"--accounts-whitelist"},
    paramLabel = "<hex string of account public key>",
    description =
        "Comma separated hex strings of account public keys "
            + "for permissioned/role-based transactions. You may specify an empty list.",
    split = ",",
    arity = "0..*"
  )
  private final Collection<String> accountsWhitelist = null;
  public PantheonCommand(
      final BlockImporter blockImporter,
      final RunnerBuilder runnerBuilder,
@ -570,6 +582,7 @@ public class PantheonCommand implements DefaultCommandValues, Runnable {
    final PermissioningConfiguration permissioningConfiguration =
        PermissioningConfiguration.createDefault();
    permissioningConfiguration.setNodeWhitelist(nodesWhitelist);
    permissioningConfiguration.setAccountWhitelist(accountsWhitelist);
    return permissioningConfiguration;
  }
--- a/pantheon/src/test/java/tech/pegasys/pantheon/RunnerTest.java
+++ b/pantheon/src/test/java/tech/pegasys/pantheon/RunnerTest.java
@ -33,8 +33,8 @@ import tech.pegasys.pantheon.ethereum.mainnet.HeaderValidationMode;
 import tech.pegasys.pantheon.ethereum.mainnet.MainnetProtocolSchedule;
 import tech.pegasys.pantheon.ethereum.mainnet.ProtocolSchedule;
 import tech.pegasys.pantheon.ethereum.mainnet.ProtocolSpec;
 import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.p2p.peers.DefaultPeer;
 import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.ethereum.storage.StorageProvider;
 import tech.pegasys.pantheon.ethereum.storage.keyvalue.RocksDbStorageProvider;
 import tech.pegasys.pantheon.metrics.MetricsSystem;
--- a/pantheon/src/test/java/tech/pegasys/pantheon/cli/CommandTestAbstract.java
+++ b/pantheon/src/test/java/tech/pegasys/pantheon/cli/CommandTestAbstract.java
@ -22,7 +22,7 @@ import tech.pegasys.pantheon.controller.PantheonController;
 import tech.pegasys.pantheon.ethereum.eth.sync.SynchronizerConfiguration;
 import tech.pegasys.pantheon.ethereum.jsonrpc.JsonRpcConfiguration;
 import tech.pegasys.pantheon.ethereum.jsonrpc.websocket.WebSocketConfiguration;
-import tech.pegasys.pantheon.ethereum.p2p.config.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.util.BlockImporter;
 import java.io.ByteArrayOutputStream;
--- a/pantheon/src/test/java/tech/pegasys/pantheon/cli/PantheonCommandTest.java
+++ b/pantheon/src/test/java/tech/pegasys/pantheon/cli/PantheonCommandTest.java
@ -533,6 +533,40 @@ public class PantheonCommandTest extends CommandTestAbstract {
    assertThat(commandErrorOutput.toString()).isEmpty();
  }
  @Test
  public void callingWithAccountsWhitelistOptionButNoValueMustNotError() {
    parseCommand("--accounts-whitelist");
    verify(mockRunnerBuilder)
        .permissioningConfiguration(permissioningConfigurationArgumentCaptor.capture());
    verify(mockRunnerBuilder).build();
    assertThat(permissioningConfigurationArgumentCaptor.getValue().getAccountWhitelist()).isEmpty();
    assertThat(permissioningConfigurationArgumentCaptor.getValue().isAccountWhitelistSet())
        .isTrue();
    assertThat(commandOutput.toString()).isEmpty();
    assertThat(commandErrorOutput.toString()).isEmpty();
  }
  @Test
  public void accountsWhitelistOptionMustBeUsed() {
    final String[] accounts = {"1111111111111111", "2222222222222222", "ffffffffffffffff"};
    parseCommand("--accounts-whitelist", String.join(",", accounts));
    verify(mockRunnerBuilder)
        .permissioningConfiguration(permissioningConfigurationArgumentCaptor.capture());
    verify(mockRunnerBuilder).build();
    assertThat(permissioningConfigurationArgumentCaptor.getValue().getAccountWhitelist())
        .containsExactlyInAnyOrder(accounts);
    assertThat(permissioningConfigurationArgumentCaptor.getValue().isAccountWhitelistSet())
        .isTrue();
    assertThat(commandOutput.toString()).isEmpty();
    assertThat(commandErrorOutput.toString()).isEmpty();
  }
  @Test
  public void nodesWhitelistOptionMustIncludeBootnodes() {
    parseCommand(
--- a/settings.gradle
+++ b/settings.gradle
@ -25,6 +25,7 @@ include 'crypto'
 include 'ethereum:p2p'
 include 'ethereum:mock-p2p'
 include 'ethereum:jsonrpc'
 include 'ethereum:permissioning'
 include 'ethereum:referencetests'
 include 'ethereum:core'
 include 'ethereum:blockcreation'