Skip to content
This repository has been archived by the owner on Aug 2, 2022. It is now read-only.

Feature privacy #10267

Merged
merged 194 commits into from
Apr 30, 2021
Merged

Feature privacy #10267

merged 194 commits into from
Apr 30, 2021

Conversation

brianjohnson5972
Copy link
Contributor

@brianjohnson5972 brianjohnson5972 commented Apr 19, 2021

Change Description

Added feature to prevent sending blocks and transactions to peers that are not part of the security group that has been defined. The security group is maintained in the block_header_state. add_security_group_participant and remove_security_group_participant intrinsics cause the current security group's state to be copied to the global_property_object and edited to create the proposed security group. When the block for the last called intrinsic becomes irreversible, it promotes the proposed security group from the global_property_object to the proposed_block_header_state when the block is started and then to the block_header_state when the block is completed.
net_plugin caches the security_group state on accept block and then sets a flag on each connection to indicate if that connection's participant is participating in the network or not.

Change Type

Select ONE:

  • Documentation
  • Stability bug fix
  • Other
  • Other - special case

Testing Changes

Select ANY that apply:

  • New Tests
  • Existing Tests
  • Test Framework
  • CI System
  • Other

Consensus Changes

  • Consensus Changes

API Changes

  • API Changes

Documentation Additions

  • Documentation Additions

huangminghuang and others added 30 commits February 26, 2021 15:19
Needed to remove a line
1) Removed unused code
2) Clarified comments
3) Disabled cmake processing until a test is added
EPE-672: Added unit test framework
Adding security group cache manager and unittest
certificate generation scripts for tests added
Comment on lines +4062 to +4063
auto pkey = options["p2p-tls-private-key-file"].as<bfs::path>();
auto ca_cert = options["p2p-tls-security-group-ca-file"].as<bfs::path>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should make sure key file and CA are configured if certificate is configured and print out the error, as user can make mistakes and forgets to configure all of them.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it is not a bug, it is feature.
we allow SSL without security groups and hence without CA.
However in that case on we may need that upon security group activation we have CA configured.
@brianjohnson5972

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fixed error check to require both certificate file and private key file be set to the same value and also require certificate file be set if security group cca file is set

@@ -62,7 +62,7 @@ namespace eosio { namespace chain {
*/
class global_property_object : public chainbase::object<global_property_object_type, global_property_object>
{
OBJECT_CTOR(global_property_object, (proposed_schedule))
OBJECT_CTOR(global_property_object, (proposed_schedule)(proposed_security_group_participants)(transaction_hooks))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove transaction_hooks

template<typename Iter>
void set_transaction_hooks(Iter begin, Iter end) {
transaction_hooks = {begin, end, transaction_hooks.get_allocator()};
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove


block_num_type proposed_security_group_block_num = 0;
flat_set<account_name> proposed_security_group_participants;
vector<transaction_hook> transaction_hooks;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove

return snapshot_global_property_object::extension_v0{
gpo.proposed_security_group_block_num,
{gpo.proposed_security_group_participants.begin(), gpo.proposed_security_group_participants.end()},
{gpo.transaction_hooks.begin(), gpo.transaction_hooks.end()}};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove transaction_hooks

gpo.proposed_security_group_block_num = ext.proposed_security_group_block_num;
gpo.set_proposed_security_group_participants(ext.proposed_security_group_participants.begin(),
ext.proposed_security_group_participants.end());
gpo.set_transaction_hooks(ext.transaction_hooks.begin(), ext.transaction_hooks.end());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove transaction_hooks

@@ -172,6 +245,7 @@ CHAINBASE_SET_INDEX_TYPE(eosio::chain::dynamic_global_property_object,

FC_REFLECT(eosio::chain::global_property_object,
(proposed_schedule_block_num)(proposed_schedule)(configuration)(chain_id)(kv_configuration)(wasm_configuration)
(proposed_security_group_block_num)(proposed_security_group_participants)(transaction_hooks)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove transaction_hooks

@@ -479,4 +489,5 @@ namespace chainbase {
}
}

FC_REFLECT(eosio::chain::transaction_hook, (type)(contract)(action))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove transaction_hook

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants