Privacy multitenancy cli option (#264)

Signed-off-by: Jason Frame <jasonwframe@gmail.com>
5 years ago · f33fe8f63d
parent ebb76dfdb6
commit f33fe8f63d
4 changed files with 86 additions and 2 deletions
--- a/besu/src/main/java/org/hyperledger/besu/cli/BesuCommand.java
+++ b/besu/src/main/java/org/hyperledger/besu/cli/BesuCommand.java
@ -657,6 +657,12 @@ public class BesuCommand implements DefaultCommandValues, Runnable {
      description = "Enable private transactions (default: ${DEFAULT-VALUE})")
  private final Boolean isPrivacyEnabled = false;

+  @Option(
+      names = {"--privacy-multi-tenancy-enabled"},
+      description = "Enable multi-tenant private transactions (default: ${DEFAULT-VALUE})",
+      hidden = true)
+  private final Boolean isPrivacyMultiTenancyEnabled = false;
+
  @Option(
      names = {"--revert-reason-enabled"},
      description =
@ -1359,7 +1365,11 @@ public class BesuCommand implements DefaultCommandValues, Runnable {
        commandLine,
        "--privacy-enabled",
        !isPrivacyEnabled,
-        asList("--privacy-url", "--privacy-public-key-file", "--privacy-precompiled-address"));
+        asList(
+            "--privacy-url",
+            "--privacy-public-key-file",
+            "--privacy-precompiled-address",
+            "--privacy-multi-tenancy-enabled"));

    final PrivacyParameters.Builder privacyParametersBuilder = new PrivacyParameters.Builder();
    if (isPrivacyEnabled) {
@ -1371,8 +1381,17 @@ public class BesuCommand implements DefaultCommandValues, Runnable {
        throw new ParameterException(commandLine, String.format("%s %s", "Pruning", errorSuffix));
      }

+      if (isPrivacyMultiTenancyEnabled
+          && !jsonRpcConfiguration.isAuthenticationEnabled()
+          && !webSocketConfiguration.isAuthenticationEnabled()) {
+        throw new ParameterException(
+            commandLine,
+            "Privacy multi-tenancy requires either http authentication to be enabled or WebSocket authentication to be enabled");
+      }
+
      privacyParametersBuilder.setEnabled(true);
      privacyParametersBuilder.setEnclaveUrl(privacyUrl);
+      privacyParametersBuilder.setMultiTenancyEnabled(isPrivacyMultiTenancyEnabled);
      if (privacyPublicKeyFile() != null) {
        try {
          privacyParametersBuilder.setEnclavePublicKeyUsingFile(privacyPublicKeyFile());
--- a/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
+++ b/besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
@ -113,6 +113,8 @@ public class BesuCommandTest extends CommandTestAbstract {
          .put("config", (new JsonObject()).put("chainId", GENESIS_CONFIG_TEST_CHAINID));
  private static final JsonObject GENESIS_INVALID_DATA =
      (new JsonObject()).put("config", new JsonObject());
+  private static final String ENCLAVE_PUBLIC_KEY_PATH =
+      BesuCommand.class.getResource("/orion_publickey.pub").getPath();

  private final String[] validENodeStrings = {
    "enode://" + VALID_NODE_ID + "@192.168.0.1:4567",
@ -2680,6 +2682,44 @@ public class BesuCommandTest extends CommandTestAbstract {
    assertThat(enclaveArg.getValue().isEnabled()).isEqualTo(false);
  }

+  @Test
+  public void privacyMultiTenancyIsConfiguredWhenConfiguredWithNecessaryOptions() {
+    when(storageService.getByName("rocksdb-privacy"))
+        .thenReturn(Optional.of(rocksDBSPrivacyStorageFactory));
+
+    parseCommand(
+        "--privacy-enabled",
+        "--rpc-http-authentication-enabled",
+        "--privacy-multi-tenancy-enabled",
+        "--rpc-http-authentication-jwt-public-key-file",
+        "/non/existent/file",
+        "--privacy-public-key-file",
+        ENCLAVE_PUBLIC_KEY_PATH);
+
+    final ArgumentCaptor<PrivacyParameters> privacyParametersArgumentCaptor =
+        ArgumentCaptor.forClass(PrivacyParameters.class);
+
+    verify(mockControllerBuilder).privacyParameters(privacyParametersArgumentCaptor.capture());
+    verify(mockControllerBuilder).build();
+
+    assertThat(privacyParametersArgumentCaptor.getValue().isMultiTenancyEnabled()).isTrue();
+  }
+
+  @Test
+  public void privacyMultiTenancyWithoutAuthenticationFails() {
+    parseCommand(
+        "--privacy-enabled",
+        "--privacy-multi-tenancy-enabled",
+        "--rpc-http-authentication-jwt-public-key-file",
+        "/non/existent/file",
+        "--privacy-public-key-file",
+        ENCLAVE_PUBLIC_KEY_PATH);
+
+    assertThat(commandErrorOutput.toString())
+        .startsWith(
+            "Privacy multi-tenancy requires either http authentication to be enabled or WebSocket authentication to be enabled");
+  }
+
  private Path createFakeGenesisFile(final JsonObject jsonGenesis) throws IOException {
    final Path genesisFile = Files.createTempFile("genesisFile", "");
    Files.write(genesisFile, encodeJsonGenesis(jsonGenesis).getBytes(UTF_8));
--- a/besu/src/test/resources/everything_config.toml
+++ b/besu/src/test/resources/everything_config.toml
@ -105,6 +105,7 @@ permissions-accounts-contract-address="0x000000000000000000000000000000000000678
 privacy-url="http://127.0.0.1:8888"
 privacy-public-key-file="./pubKey.pub"
 privacy-enabled=false
+privacy-multi-tenancy-enabled=true
 privacy-precompiled-address=9
 privacy-marker-transaction-signing-key-file="./signerKey"

--- a/ethereum/core/src/main/java/org/hyperledger/besu/ethereum/core/PrivacyParameters.java
+++ b/ethereum/core/src/main/java/org/hyperledger/besu/ethereum/core/PrivacyParameters.java
@ -51,6 +51,7 @@ public class PrivacyParameters {
  private PrivacyStorageProvider privateStorageProvider;
  private WorldStateArchive privateWorldStateArchive;
  private PrivateStateStorage privateStateStorage;
+  private boolean multiTenancyEnabled;

  public Integer getPrivacyAddress() {
    return privacyAddress;
@ -132,9 +133,25 @@ public class PrivacyParameters {
    this.enclave = enclave;
  }

+  private void setMultiTenancyEnabled(final boolean multiTenancyEnabled) {
+    this.multiTenancyEnabled = multiTenancyEnabled;
+  }
+
+  public boolean isMultiTenancyEnabled() {
+    return multiTenancyEnabled;
+  }
+
  @Override
  public String toString() {
-    return "PrivacyParameters{" + "enabled=" + enabled + ", enclaveUri='" + enclaveUri + '\'' + '}';
+    return "PrivacyParameters{"
+        + "enabled="
+        + enabled
+        + ", multiTenancyEnabled = "
+        + multiTenancyEnabled
+        + ", enclaveUri='"
+        + enclaveUri
+        + '\''
+        + '}';
  }

  public static class Builder {
@ -147,6 +164,7 @@ public class PrivacyParameters {
    private Path privateKeyPath;
    private PrivacyStorageProvider storageProvider;
    private EnclaveFactory enclaveFactory;
+    private boolean multiTenancyEnabled;

    public Builder setPrivacyAddress(final Integer privacyAddress) {
      this.privacyAddress = privacyAddress;
@ -178,6 +196,11 @@ public class PrivacyParameters {
      return this;
    }

+    public Builder setMultiTenancyEnabled(final boolean multiTenancyEnabled) {
+      this.multiTenancyEnabled = multiTenancyEnabled;
+      return this;
+    }
+
    public PrivacyParameters build() throws IOException {
      final PrivacyParameters config = new PrivacyParameters();
      if (enabled) {
@ -204,6 +227,7 @@ public class PrivacyParameters {
      config.setEnabled(enabled);
      config.setEnclaveUri(enclaveUrl);
      config.setPrivacyAddress(privacyAddress);
+      config.setMultiTenancyEnabled(multiTenancyEnabled);
      return config;
    }