Update BesuController to use the NodeKey, rather than working with KeyPair - which in turn allows the crypto operations to be injected.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
It was identified that during the creation of injectable crypto, that the NodeKey effectively offered duplicated functionality between ECDH and ECIES key agreements. The ECIES was superfluous and has been removed.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
Update the Handhshaking classes to use an injected NodeKey object for ECIES encryption.
This has necessitated an update of NodeKey to support the creation of Key and ECIES agreement creation.
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
The NodeKey class is now used through the Discovery protocol (as well as the IBFT2).
However RLPx continues to access the node's keyPair (and underlying private key).
Signed-off-by: Trent Mohay <trent.mohay@consensys.net>
This PR introduces functionality to conform with ECIP-1061
https://ecips.ethereumclassic.org/ECIPs/ecip-1061
Signed-off-by: edwardmack <ed@edwardmack.com>
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Co-authored-by: Danno Ferrin <danno.ferrin@shemnon.com>
Removes as many Gradle 7.0 compatibility issues as possible
* `baseName` -> `archiveBaseName`
* `extension` -> `archiveExtension`
* `destinationDir` -> `destinationDirectory`
* `runtime` -> `runtimeOnly`
* Change some log4j-api and log4j-core dependencies
* Remove an unneeded and outdated plugin (`net.ltgt.apt`)
* tweak the plugin-api change detector's property annotations.
Warnings still exist with one external plugin used for license file
checking that we do not control the source code for.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This was turned off a number of months ago because of long build times.
However it appears either because of code structure changes or fixed
errorprone that this finishes in a reasonable time now.
Code that violated this check is also fixed.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
Update dependencies to most current version
- except picocli which is a major version update
Alphabetize dependencies
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
There are a whole class of errors in the deframer that come from
IllegalArgumentExceptions. Those are thrown when Besu validates incoming
data. Because Besu is not the source of these errors we should not log
them any higher than DEBUG.
The most common one is `Caused by: java.lang.IllegalArgumentException:
Invalid node id. Expected id of length: 64 bytes.` and this is coming
from a non-conforming client connecting to Besu.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
(a) Setting classic block to zero requires all blocks at zero to have the mainnet 1920000 hash. That will never happen. No clients will sync as long as this is in place
(b) a full sync fails
```
2019-11-18 10:46:51.301-07:00 | EthScheduler-Services-5 (importBlock) | WARN | MainnetBlockBodyValidator | Invalid block: state root mismatch (expected=0xb8df31366db4c4dd0076bc0ddaffdeceba6c882681108cc000db9bc5f85c300c, actual=0xf4344e62f031897ff61f9e02a465b3d13f983220f52f1e452690448dc366a2ee)
```
Probably a bug in besu code, but until that bug is sussed out we can't support mordor.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This includes code to address reading config for classic network and
kotti test network.
ClassicForkPeerValidator checks peers at classicForkBlock (same as Dao
Fork Block) and connects with peers that did not do the Dao Fork and
continued on the classic network.
Signed-off-by: edwardmack <ed@edwardmack.com>
When setting the p2p port to zero and turning on UPNP nat an attempt is
made to map port zero. This should actually map the opened port
instead.
The core logic is also now set up to throw an exception if a zero local
port is requested.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
* adding in spdx-license-identifier & updated check for the same; removing license check from spotless
Signed-off-by: Joshua Fernandes <joshua.fernandes@consensys.net>
* Change CheckSpdxHeader to a task.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Update discovery logic to consider a peer with an unknown discovery endpoint to be unknown regardless of whether we've encountered a peer with the same node id before. This makes the discovery logic more forgiving in the face of node restarts.
If nodeA bonds with nodeB, then nodeB leaves the network and later comes back with a different ip address or listening port, nodeA would previously continue trying to communicate with nodeB at its original address. With these changes, nodeA will now treat the restarted nodeB as a new peer and communicate with it on its updated endpoint. Additionally, nodeB's information will be updated in the peer table so that neighbors requests return updated information on this node.
Signed-off-by: Danno Ferrin <danno.ferrin@gmail.com>
This reverts commit 814b36e4
The needed chantes to get rid of Instant.now (which is also needed to get rid
of the wall clock dependency) are too deep and intrusive into IBFT to try and
speed patch them in that some APIs require re-work, so in the interst of test
stability this gets sheleved until it is all ready.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
To allow us to reset the timestamp in the blockchain for Retesteth support
we need to pass a Clock to affected APIs and use that instead of the static method
System.currentTimeMillis(). The most consistent way to do this that will ensure
that the API does not sneak back in is to ban the method via ErrorProne.
TestClock.fixed() was altered to return the "now" time of the first time the fixed clock was requested, needed for many header validation tasks validating headers are not from the future.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* Fix bugs
Fix remote connection fraction calculation (order of operations bug),
remove early return, allow all remote connections to be prohibited,
change disconnect reason to TOO_MANY_PEERS.
* Fix comment
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
* [PAN-1683] Limit the fraction of wire connections initiated by peers
To protect against eclipse attacks, we should not allow all of our wire connections to be initiated from network peers. Some fraction of wire connections should be initiated by our node by connecting to peers in our discovery peer table. This PR ensures the fraction abides the limit.
* change fraction default value and add tests
* make fraction of remote wire connections configurable
- add a cli option to configure the fraction: `--fraction-remote-connections-allowed`
- introduce `Fraction` class to handle the conversion of the CLI option to a double and check if the value is between 0.0 and 1.0
- add tests
- fix broken tests
* remove unused local variable
* fix RunnerTest
* set fraction to 1.0 in PantheonFactoryConfigurationBuilder
* update test
* Introduce --limit-remote-wire-connections-enabled
* fix unused field
* fix conflict
* Update ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Co-Authored-By: Danno Ferrin <danno.ferrin@shemnon.com>
* Update ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Co-Authored-By: Danno Ferrin <danno.ferrin@shemnon.com>
* Update ethereum/p2p/src/main/java/tech/pegasys/pantheon/ethereum/p2p/rlpx/RlpxAgent.java
Co-Authored-By: Danno Ferrin <danno.ferrin@shemnon.com>
* fix PR discussion and tests
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Add support for working within Network Address Translation (NAT) environments.
This adds a CLI flag `--nat-method` with two options, `NONE` (the default and
current behavior) and `UPNP.` `--nat-method` will affect what IP address and
ports are advertised via the P2P discovery and other APIs that report the
address and port for P2P actions.
`UPNP` is intended for a typical home or small office environment where a
wireless router or modem provides NAT isolation.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
- Update SyncStatusNodePermissioningProvider to use URI (without discovery port) instead of EnodeURI to allow optimised permission checking of static nodes
- Add EnodeURL.toURIWithoutDiscoveryPort
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Query params can be used to adjust the number of peers required and number of blocks tolerance to be considered in sync.
Signed-off-by: Adrian Sutton <adrian.sutton@consensys.net>
Trent Mohay
Ratan Rai Sur
/raw PONG _GHMoaCXLT
Edward Mack
Danno Ferrin
Karim T
Antoine Toulme
Gregory Markou
Talha Cross
mbaxter
CJ Hare
Joshua Fernandes
mbaxter
mark-terry
Adrian Sutton
Danno Ferrin
Abdelhamid Bakhta
Stephen Shelton
Usman Saleem