PAN-2729: Account Smart Contract Permissioning ATs

acceptance-tests/simple-permissioning-smart-contract/contracts/SimpleAccountPermissioning.sol

@@ -4,6 +4,7 @@ pragma solidity >=0.4.0 <0.6.0;
 
 contract SimpleAccountPermissioning {
     mapping (address => bool) private whitelist;
+    uint256 private size;
 
     function transactionAllowed(
         address sender,
@@ -12,16 +13,34 @@ contract SimpleAccountPermissioning {
         uint256 gasPrice,
         uint256 gasLimit,
         bytes memory payload)
-        public view returns (bool) {
+    public view returns (bool) {
         return whitelistContains(sender);
     }
+
     function addAccount(address account) public {
-        whitelist[account] = true;
+        if (!whitelist[account]) {
+            whitelist[account] = true;
+            size++;
+        }
     }
+
     function removeAccount(address account) public {
-        whitelist[account] = false;
+        if (whitelist[account]) {
+            whitelist[account] = false;
+            size--;
+        }
     }
+
+    // For testing purposes, this will return true if the whitelist is empty
     function whitelistContains(address account) public view returns(bool) {
-        return whitelist[account];
+        if (size == 0) {
+            return true;
+        } else {
+            return whitelist[account];
+        }
+    }
+
+    function getSize() public view returns(uint256) {
+        return size;
     }
-}
+}

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/account/Account.java

@@ -19,6 +19,7 @@
 import tech.pegasys.pantheon.tests.acceptance.dsl.blockchain.Amount;
 import tech.pegasys.pantheon.tests.acceptance.dsl.condition.Condition;
 import tech.pegasys.pantheon.tests.acceptance.dsl.condition.account.ExpectAccountBalance;
+import tech.pegasys.pantheon.tests.acceptance.dsl.condition.account.ExpectAccountBalanceNotChanging;
 import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.eth.EthTransactions;
 import tech.pegasys.pantheon.util.bytes.Bytes32;
 
@@ -76,6 +77,14 @@ public Condition balanceEquals(final Amount expectedBalance) {
         eth, this, expectedBalance.getValue(), expectedBalance.getUnit());
   }
 
+  public Condition balanceDoesNotChange(final String startingBalance, final Unit balanceUnit) {
+    return new ExpectAccountBalanceNotChanging(eth, this, startingBalance, balanceUnit);
+  }
+
+  public Condition balanceDoesNotChange(final int startingBalance) {
+    return balanceDoesNotChange(String.valueOf(startingBalance), Unit.ETHER);
+  }
+
   @Override
   public String toString() {
     return "Account{"

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/condition/account/ExpectAccountBalanceNotChanging.java

@@ -0,0 +1,56 @@
+/*
+ * Copyright 2018 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.pantheon.tests.acceptance.dsl.condition.account;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.web3j.utils.Convert.toWei;
+
+import tech.pegasys.pantheon.tests.acceptance.dsl.account.Account;
+import tech.pegasys.pantheon.tests.acceptance.dsl.condition.Condition;
+import tech.pegasys.pantheon.tests.acceptance.dsl.node.Node;
+import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.eth.EthTransactions;
+
+import java.util.concurrent.TimeUnit;
+
+import org.awaitility.Awaitility;
+import org.web3j.utils.Convert.Unit;
+
+public class ExpectAccountBalanceNotChanging implements Condition {
+
+  private final EthTransactions eth;
+  private final Account account;
+  private final String startBalance;
+  private final Unit balanceUnit;
+
+  public ExpectAccountBalanceNotChanging(
+      final EthTransactions eth,
+      final Account account,
+      final String startBalance,
+      final Unit balanceUnit) {
+    this.startBalance = startBalance;
+    this.balanceUnit = balanceUnit;
+    this.account = account;
+    this.eth = eth;
+  }
+
+  @Override
+  public void verify(final Node node) {
+    Awaitility.await()
+        .ignoreExceptions()
+        .pollDelay(5, TimeUnit.SECONDS)
+        .untilAsserted(
+            () ->
+                assertThat(node.execute(eth.getBalance((account))))
+                    .isEqualTo(toWei(startBalance, balanceUnit).toBigIntegerExact()));
+  }
+}

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/condition/perm/AccountSmartContractPermissioningConditions.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright 2019 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.pantheon.tests.acceptance.dsl.condition.perm;
+
+import tech.pegasys.pantheon.tests.acceptance.dsl.account.Account;
+import tech.pegasys.pantheon.tests.acceptance.dsl.condition.Condition;
+import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.perm.AccountSmartContractPermissioningTransactions;
+
+public class AccountSmartContractPermissioningConditions {
+
+  private final AccountSmartContractPermissioningTransactions transactions;
+
+  public AccountSmartContractPermissioningConditions(
+      final AccountSmartContractPermissioningTransactions transactions) {
+    this.transactions = transactions;
+  }
+
+  public Condition accountIsAllowed(final String address, final Account account) {
+    return new WaitForTrueResponse(transactions.isAccountAllowed(address, account));
+  }
+
+  public Condition accountIsForbidden(final String address, final Account account) {
+    return new WaitForFalseResponse(transactions.isAccountAllowed(address, account));
+  }
+}

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/ProcessPantheonNodeRunner.java

@@ -176,6 +176,13 @@ public void startNode(final PantheonNode node) {
                 params.add("--permissions-nodes-contract-address");
                 params.add(permissioningConfiguration.getNodeSmartContractAddress().toString());
               }
+              if (permissioningConfiguration.isSmartContractAccountWhitelistEnabled()) {
+                params.add("--permissions-accounts-contract-enabled");
+              }
+              if (permissioningConfiguration.getAccountSmartContractAddress() != null) {
+                params.add("--permissions-accounts-contract-address");
+                params.add(permissioningConfiguration.getAccountSmartContractAddress().toString());
+              }
             });
     params.addAll(node.getExtraCLIOptions());
 

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/ThreadPantheonNodeRunner.java

@@ -24,6 +24,7 @@
 import tech.pegasys.pantheon.ethereum.eth.sync.SynchronizerConfiguration;
 import tech.pegasys.pantheon.ethereum.eth.transactions.PendingTransactions;
 import tech.pegasys.pantheon.ethereum.graphql.GraphQLConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
 import tech.pegasys.pantheon.metrics.MetricsSystem;
 import tech.pegasys.pantheon.metrics.noop.NoOpMetricsSystem;
 import tech.pegasys.pantheon.plugin.services.PantheonEvents;
@@ -124,7 +125,12 @@ public void startNode(final PantheonNode node) {
     }
 
     final RunnerBuilder runnerBuilder = new RunnerBuilder();
-    node.getPermissioningConfiguration().ifPresent(runnerBuilder::permissioningConfiguration);
+    if (node.getPermissioningConfiguration().isPresent()) {
+      PermissioningConfiguration permissioningConfiguration =
+          node.getPermissioningConfiguration().get();
+
+      runnerBuilder.permissioningConfiguration(permissioningConfiguration);
+    }
 
     pantheonPluginContext.addService(
         PantheonEvents.class,

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/node/configuration/permissioning/PermissionedNodeBuilder.java

@@ -62,8 +62,11 @@ public class PermissionedNodeBuilder {
   private Path localConfigAccountsPermissioningFile = null;
   private Collection<String> localConfigPermittedAccounts = null;
 
-  private boolean smartContractPermissioningEnabled = false;
-  private String permissioningSmartContractAddress = null;
+  private boolean nodeSmartContractPermissioningEnabled = false;
+  private String nodePermissioningSmartContractAddress = null;
+
+  private boolean accountSmartContractPermissioningEnabled = false;
+  private String accountPermissioningSmartContractAddress = null;
 
   public PermissionedNodeBuilder name(final String name) {
     this.name = name;
@@ -115,8 +118,14 @@ public PermissionedNodeBuilder accountsPermittedInConfig(final List<String> acco
   }
 
   public PermissionedNodeBuilder nodesContractEnabled(final String address) {
-    this.smartContractPermissioningEnabled = true;
-    this.permissioningSmartContractAddress = address;
+    this.nodeSmartContractPermissioningEnabled = true;
+    this.nodePermissioningSmartContractAddress = address;
+    return this;
+  }
+
+  public PermissionedNodeBuilder accountsContractEnabled(final String address) {
+    this.accountSmartContractPermissioningEnabled = true;
+    this.accountPermissioningSmartContractAddress = address;
     return this;
   }
 
@@ -142,7 +151,7 @@ public PantheonNode build() {
     }
 
     Optional<SmartContractPermissioningConfiguration> smartContractPermConfig = Optional.empty();
-    if (smartContractPermissioningEnabled) {
+    if (nodeSmartContractPermissioningEnabled || accountSmartContractPermissioningEnabled) {
       smartContractPermConfig = Optional.of(smartContractPermissioningConfiguration());
     }
 
@@ -209,10 +218,18 @@ private LocalPermissioningConfiguration localConfigPermissioningConfiguration()
   private SmartContractPermissioningConfiguration smartContractPermissioningConfiguration() {
     SmartContractPermissioningConfiguration config =
         SmartContractPermissioningConfiguration.createDefault();
-    if (permissioningSmartContractAddress != null) {
-      config.setNodeSmartContractAddress(Address.fromHexString(permissioningSmartContractAddress));
+    if (nodePermissioningSmartContractAddress != null) {
+      config.setNodeSmartContractAddress(
+          Address.fromHexString(nodePermissioningSmartContractAddress));
       config.setSmartContractNodeWhitelistEnabled(true);
     }
+
+    if (accountPermissioningSmartContractAddress != null) {
+      config.setAccountSmartContractAddress(
+          Address.fromHexString(accountPermissioningSmartContractAddress));
+      config.setSmartContractAccountWhitelistEnabled(true);
+    }
+
     return config;
   }
 

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/dsl/transaction/perm/AccountSmartContractPermissioningAllowAccountTransaction.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2018 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.pantheon.tests.acceptance.dsl.transaction.perm;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static org.web3j.utils.Numeric.toHexString;
+
+import tech.pegasys.pantheon.ethereum.core.Address;
+import tech.pegasys.pantheon.ethereum.core.Hash;
+import tech.pegasys.pantheon.tests.acceptance.dsl.account.Account;
+import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.NodeRequests;
+import tech.pegasys.pantheon.tests.acceptance.dsl.transaction.Transaction;
+import tech.pegasys.pantheon.util.bytes.BytesValue;
+import tech.pegasys.pantheon.util.bytes.BytesValues;
+
+import java.io.IOException;
+import java.math.BigInteger;
+
+import org.web3j.crypto.RawTransaction;
+import org.web3j.crypto.TransactionEncoder;
+
+public class AccountSmartContractPermissioningAllowAccountTransaction implements Transaction<Hash> {
+
+  private static final BytesValue ADD_ACCOUNT_SIGNATURE =
+      tech.pegasys.pantheon.crypto.Hash.keccak256(
+              BytesValue.of("addAccount(address)".getBytes(UTF_8)))
+          .slice(0, 4);
+
+  private final Account sender;
+  private final Address contractAddress;
+  private final Address account;
+
+  public AccountSmartContractPermissioningAllowAccountTransaction(
+      final Account sender, final Address contractAddress, final Address account) {
+    this.sender = sender;
+    this.contractAddress = contractAddress;
+    this.account = account;
+  }
+
+  @Override
+  public Hash execute(final NodeRequests node) {
+    final String signedTransactionData = signedTransactionData();
+    try {
+      String hash =
+          node.eth().ethSendRawTransaction(signedTransactionData).send().getTransactionHash();
+      return Hash.fromHexString(hash);
+    } catch (final IOException e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  private String signedTransactionData() {
+    final BytesValue payload =
+        BytesValues.concatenate(
+            ADD_ACCOUNT_SIGNATURE, BytesValue.fromHexString("0x000000000000000000000000"), account);
+
+    final RawTransaction transaction =
+        RawTransaction.createTransaction(
+            sender.getNextNonce(),
+            BigInteger.valueOf(1000),
+            BigInteger.valueOf(100_000),
+            contractAddress.toString(),
+            payload.toString());
+
+    return toHexString(TransactionEncoder.signMessage(transaction, sender.web3jCredentials()));
+  }
+}