Feature privacy #10267
Feature privacy #10267
Conversation
extend block_header_state
Needed to remove a line
1) Removed unused code 2) Clarified comments 3) Disabled cmake processing until a test is added
EPE-672: Added unit test framework
Adding security group cache manager and unittest
…istration-intrinsic
certificate generation scripts for tests added
| auto pkey = options["p2p-tls-private-key-file"].as<bfs::path>(); | ||
| auto ca_cert = options["p2p-tls-security-group-ca-file"].as<bfs::path>(); |
There was a problem hiding this comment.
Should make sure key file and CA are configured if certificate is configured and print out the error, as user can make mistakes and forgets to configure all of them.
There was a problem hiding this comment.
it is not a bug, it is feature.
we allow SSL without security groups and hence without CA.
However in that case on we may need that upon security group activation we have CA configured.
@brianjohnson5972
There was a problem hiding this comment.
I fixed error check to require both certificate file and private key file be set to the same value and also require certificate file be set if security group cca file is set
…t up reading and writing locks.
| @@ -62,7 +62,7 @@ namespace eosio { namespace chain { | |||
| */ | |||
| class global_property_object : public chainbase::object<global_property_object_type, global_property_object> | |||
| { | |||
| OBJECT_CTOR(global_property_object, (proposed_schedule)) | |||
| OBJECT_CTOR(global_property_object, (proposed_schedule)(proposed_security_group_participants)(transaction_hooks)) | |||
There was a problem hiding this comment.
remove transaction_hooks
| template<typename Iter> | ||
| void set_transaction_hooks(Iter begin, Iter end) { | ||
| transaction_hooks = {begin, end, transaction_hooks.get_allocator()}; | ||
| } |
|
|
||
| block_num_type proposed_security_group_block_num = 0; | ||
| flat_set<account_name> proposed_security_group_participants; | ||
| vector<transaction_hook> transaction_hooks; |
| return snapshot_global_property_object::extension_v0{ | ||
| gpo.proposed_security_group_block_num, | ||
| {gpo.proposed_security_group_participants.begin(), gpo.proposed_security_group_participants.end()}, | ||
| {gpo.transaction_hooks.begin(), gpo.transaction_hooks.end()}}; |
There was a problem hiding this comment.
remove transaction_hooks
| gpo.proposed_security_group_block_num = ext.proposed_security_group_block_num; | ||
| gpo.set_proposed_security_group_participants(ext.proposed_security_group_participants.begin(), | ||
| ext.proposed_security_group_participants.end()); | ||
| gpo.set_transaction_hooks(ext.transaction_hooks.begin(), ext.transaction_hooks.end()); |
There was a problem hiding this comment.
remove transaction_hooks
| @@ -172,6 +245,7 @@ CHAINBASE_SET_INDEX_TYPE(eosio::chain::dynamic_global_property_object, | |||
|
|
|||
| FC_REFLECT(eosio::chain::global_property_object, | |||
| (proposed_schedule_block_num)(proposed_schedule)(configuration)(chain_id)(kv_configuration)(wasm_configuration) | |||
| (proposed_security_group_block_num)(proposed_security_group_participants)(transaction_hooks) | |||
There was a problem hiding this comment.
remove transaction_hooks
| @@ -479,4 +489,5 @@ namespace chainbase { | |||
| } | |||
| } | |||
|
|
|||
| FC_REFLECT(eosio::chain::transaction_hook, (type)(contract)(action)) | |||
There was a problem hiding this comment.
remove transaction_hook
Change Description
Added feature to prevent sending blocks and transactions to peers that are not part of the security group that has been defined. The security group is maintained in the block_header_state. add_security_group_participant and remove_security_group_participant intrinsics cause the current security group's state to be copied to the global_property_object and edited to create the proposed security group. When the block for the last called intrinsic becomes irreversible, it promotes the proposed security group from the global_property_object to the proposed_block_header_state when the block is started and then to the block_header_state when the block is completed.
net_plugin caches the security_group state on accept block and then sets a flag on each connection to indicate if that connection's participant is participating in the network or not.
Change Type
Select ONE:
Testing Changes
Select ANY that apply:
Consensus Changes
API Changes
Documentation Additions