Skip to content

Commit

Permalink
FAB-2564 crypto configuration
Browse files Browse the repository at this point in the history 
PS 5 Addressed Jim's review.

Change-Id: Iabc0f86962e63f3a0828e5399f6a5f0e322e80c0
Signed-off-by: rickr <cr22rc@gmail.com>
  • Loading branch information
@cr22rc
cr22rc committed Oct 3, 2017
1 parent 9282be9 commit 1ceab9a
Show file tree
Hide file tree
Showing 20 changed files with 885 additions and 476 deletions.
17 changes: 15 additions & 2 deletions src/main/java/org/hyperledger/fabric/sdk/HFClient.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,10 @@ public class HFClient {

private CryptoSuite cryptoSuite;


static {


if (null == System.getProperty("org.hyperledger.fabric.sdk.logGRPC")) {
// Turn this off by default!
Logger.getLogger("io.netty").setLevel(Level.OFF);
Expand Down Expand Up @@ -87,16 +89,26 @@ public CryptoSuite getCryptoSuite() {
}

public void setCryptoSuite(CryptoSuite cryptoSuite) throws CryptoException, InvalidArgumentException {
if (this.cryptoSuite != null) {
if (null == cryptoSuite) {
throw new InvalidArgumentException("CryptoSuite paramter is null.");
}
if (this.cryptoSuite != null && cryptoSuite != this.cryptoSuite) {
throw new InvalidArgumentException("CryptoSuite may only be set once.");

}
// if (cryptoSuiteFactory == null) {
// cryptoSuiteFactory = cryptoSuite.getCryptoSuiteFactory();
// } else {
// if (cryptoSuiteFactory != cryptoSuite.getCryptoSuiteFactory()) {
// throw new InvalidArgumentException("CryptoSuite is not derivied from cryptosuite factory");
// }
// }

cryptoSuite.init();
this.cryptoSuite = cryptoSuite;

}


/**
* createNewInstance create a new instance of the HFClient
*
Expand Down Expand Up @@ -592,6 +604,7 @@ private void clientCheck() throws InvalidArgumentException {
throw new InvalidArgumentException("No cryptoSuite has been set.");
}


userContextCheck(userContext);

}
Expand Down
12 changes: 8 additions & 4 deletions src/main/java/org/hyperledger/fabric/sdk/SDKUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,17 +47,21 @@ private SDKUtils() {
* @throws IOException
* @throws InvalidArgumentException
*/
public static byte[] calculateBlockHash(long blockNumber, byte[] previousHash, byte[] dataHash) throws IOException, InvalidArgumentException {
public static byte[] calculateBlockHash(HFClient client, long blockNumber, byte[] previousHash, byte[] dataHash) throws IOException, InvalidArgumentException {

if (previousHash == null) {
throw new InvalidArgumentException("previousHash parameter is null.");
}
if (dataHash == null) {
throw new InvalidArgumentException("dataHash parameter is null.");
}
if (null == client) {
throw new InvalidArgumentException("client parameter is null.");
}

if (null == suite) {
suite = CryptoSuite.Factory.getCryptoSuite();
CryptoSuite cryptoSuite = client.getCryptoSuite();
if (null == client) {
throw new InvalidArgumentException("Client crypto suite has not been set.");
}

ByteArrayOutputStream s = new ByteArrayOutputStream();
Expand All @@ -66,7 +70,7 @@ public static byte[] calculateBlockHash(long blockNumber, byte[] previousHash, b
seq.addObject(new DEROctetString(previousHash));
seq.addObject(new DEROctetString(dataHash));
seq.close();
return suite.hash(s.toByteArray());
return cryptoSuite.hash(s.toByteArray());

}

Expand Down
159 changes: 114 additions & 45 deletions src/main/java/org/hyperledger/fabric/sdk/helper/Config.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,17 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.log4j.Level;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import static java.lang.String.format;

/**
* Config allows for a global config of the toolkit. Central location for all
Expand All @@ -37,28 +43,40 @@ public class Config {

private static final String DEFAULT_CONFIG = "config.properties";
public static final String ORG_HYPERLEDGER_FABRIC_SDK_CONFIGURATION = "org.hyperledger.fabric.sdk.configuration";
public static final String SECURITY_LEVEL = "org.hyperledger.fabric.sdk.security_level";
public static final String HASH_ALGORITHM = "org.hyperledger.fabric.sdk.hash_algorithm";
/**
* Timeout settings
**/
public static final String PROPOSAL_WAIT_TIME = "org.hyperledger.fabric.sdk.proposal.wait.time";
public static final String CHANNEL_CONFIG_WAIT_TIME = "org.hyperledger.fabric.sdk.channelconfig.wait_time";
public static final String ORDERER_RETRY_WAIT_TIME = "org.hyperledger.fabric.sdk.orderer_retry.wait_time";
public static final String ORDERER_WAIT_TIME = "org.hyperledger.fabric.sdk.orderer.ordererWaitTimeMilliSecs";
public static final String EVENTHUB_CONNECTION_WAIT_TIME = "org.hyperledger.fabric.sdk.eventhub_connection.wait_time";
public static final String PROPOSAL_CONSISTENCY_VALIDATION = "org.hyperledger.fabric.sdk.proposal.consistency_validation";
public static final String GENESISBLOCK_WAIT_TIME = "org.hyperledger.fabric.sdk.channel.genesisblock_wait_time";
/**
* Crypto configuration settings
**/
public static final String DEFAULT_CRYPTO_SUITE_FACTORY = "org.hyperledger.fabric.sdk.crypto.default_crypto_suite_factory";
public static final String SECURITY_LEVEL = "org.hyperledger.fabric.sdk.security_level";
public static final String SECURITY_PROVIDER_CLASS_NAME = "org.hyperledger.fabric.sdk.security_provider_class_name";
public static final String SECURITY_CURVE_MAPPING = "org.hyperledger.fabric.sdk.security_curve_mapping";
public static final String HASH_ALGORITHM = "org.hyperledger.fabric.sdk.hash_algorithm";
public static final String ASYMMETRIC_KEY_TYPE = "org.hyperledger.fabric.sdk.crypto.asymmetric_key_type";
public static final String KEY_AGREEMENT_ALGORITHM = "org.hyperledger.fabric.sdk.crypto.key_agreement_algorithm";
public static final String SYMMETRIC_KEY_TYPE = "org.hyperledger.fabric.sdk.crypto.symmetric_key_type";
public static final String SYMMETRIC_KEY_BYTE_COUNT = "org.hyperledger.fabric.sdk.crypto.symmetric_key_byte_count";
public static final String SYMMETRIC_ALGORITHM = "org.hyperledger.fabric.sdk.crypto.symmetric_algorithm";
public static final String MAC_KEY_BYTE_COUNT = "org.hyperledger.fabric.sdk.crypto.mac_key_byte_count";

public static final String CERTIFICATE_FORMAT = "org.hyperledger.fabric.sdk.crypto.certificate_format";
public static final String SIGNATURE_ALGORITHM = "org.hyperledger.fabric.sdk.crypto.default_signature_algorithm";
/**
* Logging settings
**/
public static final String MAX_LOG_STRING_LENGTH = "org.hyperledger.fabric.sdk.log.stringlengthmax";
public static final String EXTRALOGLEVEL = "org.hyperledger.fabric.sdk.log.extraloglevel";
public static final String LOGGERLEVEL = "org.hyperledger.fabric.sdk.loglevel"; // ORG_HYPERLEDGER_FABRIC_SDK_LOGLEVEL=TRACE,DEBUG
public static final String DIAGNOTISTIC_FILE_DIRECTORY = "org.hyperledger.fabric.sdk.diagnosticFileDir"; //ORG_HYPERLEDGER_FABRIC_SDK_DIAGNOSTICFILEDIR

/**
* Miscellaneous settings
**/
public static final String PROPOSAL_CONSISTENCY_VALIDATION = "org.hyperledger.fabric.sdk.proposal.consistency_validation";

private static Config config;
private static final Properties sdkProperties = new Properties();

Expand All @@ -69,39 +87,51 @@ private Config() {
try {
loadFile = new File(System.getProperty(ORG_HYPERLEDGER_FABRIC_SDK_CONFIGURATION, DEFAULT_CONFIG))
.getAbsoluteFile();
logger.debug(String.format("Loading configuration from %s and it is present: %b", loadFile.toString(),
logger.debug(format("Loading configuration from %s and it is present: %b", loadFile.toString(),
loadFile.exists()));
configProps = new FileInputStream(loadFile);
sdkProperties.load(configProps);

} catch (IOException e) {
logger.warn(String.format("Failed to load any configuration from: %s. Using toolkit defaults",
logger.warn(format("Failed to load any configuration from: %s. Using toolkit defaults",
DEFAULT_CONFIG));
} finally {

// Default values
/**
* Timeout settings
**/
defaultProperty(PROPOSAL_WAIT_TIME, "20000");
defaultProperty(CHANNEL_CONFIG_WAIT_TIME, "15000");
defaultProperty(ORDERER_RETRY_WAIT_TIME, "200");
defaultProperty(ORDERER_WAIT_TIME, "3000");
defaultProperty(EVENTHUB_CONNECTION_WAIT_TIME, "1000");
defaultProperty(GENESISBLOCK_WAIT_TIME, "5000");

/**
* Crypto configuration settings
**/
defaultProperty(DEFAULT_CRYPTO_SUITE_FACTORY, "org.hyperledger.fabric.sdk.security.HLSDKJCryptoSuiteFactory");
defaultProperty(SECURITY_LEVEL, "256");
defaultProperty(SECURITY_PROVIDER_CLASS_NAME, BouncyCastleProvider.class.getName());
defaultProperty(SECURITY_CURVE_MAPPING, "256=secp256r1:384=secp384r1");
defaultProperty(HASH_ALGORITHM, "SHA2");
defaultProperty(ASYMMETRIC_KEY_TYPE, "EC");
defaultProperty(KEY_AGREEMENT_ALGORITHM, "ECDH");
defaultProperty(SYMMETRIC_KEY_TYPE, "AES");
defaultProperty(SYMMETRIC_KEY_BYTE_COUNT, "32");
defaultProperty(SYMMETRIC_ALGORITHM, "AES/CFB/NoPadding");
defaultProperty(MAC_KEY_BYTE_COUNT, "32");

defaultProperty(CERTIFICATE_FORMAT, "X.509");
defaultProperty(SIGNATURE_ALGORITHM, "SHA256withECDSA");
defaultProperty(SECURITY_LEVEL, "256");
defaultProperty(HASH_ALGORITHM, "SHA2");
defaultProperty(PROPOSAL_CONSISTENCY_VALIDATION, "true");

defaultProperty(PROPOSAL_WAIT_TIME, "20000");
defaultProperty(GENESISBLOCK_WAIT_TIME, "5000");
/**
* Logging settings
**/
defaultProperty(MAX_LOG_STRING_LENGTH, "64");
defaultProperty(EXTRALOGLEVEL, "0");
defaultProperty(LOGGERLEVEL, null);
defaultProperty(DIAGNOTISTIC_FILE_DIRECTORY, null);
defaultProperty(CHANNEL_CONFIG_WAIT_TIME, "15000");
defaultProperty(ORDERER_RETRY_WAIT_TIME, "200");
defaultProperty(ORDERER_WAIT_TIME, "3000");
defaultProperty(EVENTHUB_CONNECTION_WAIT_TIME, "1000");
/**
* Miscellaneous settings
*/
defaultProperty(PROPOSAL_CONSISTENCY_VALIDATION, "true");

final String inLogLevel = sdkProperties.getProperty(LOGGERLEVEL);

Expand Down Expand Up @@ -171,7 +201,7 @@ private String getProperty(String property) {
String ret = sdkProperties.getProperty(property);

if (null == ret) {
logger.warn(String.format("No configuration value found for '%s'", property));
logger.warn(format("No configuration value found for '%s'", property));
}
return ret;
}
Expand Down Expand Up @@ -207,6 +237,16 @@ public int getSecurityLevel() {

}

/**
* Get the configured security provider.
* This is the security provider used for the default SDK crypto suite factory.
*
* @return the security provider.
*/
public String getSecurityProviderClassName() {
return getProperty(SECURITY_PROVIDER_CLASS_NAME);
}

/**
* Get the name of the configured hash algorithm, used for digital signatures.
*
Expand All @@ -217,6 +257,51 @@ public String getHashAlgorithm() {

}

private Map<Integer, String> curveMapping = null;

/**
* Get a mapping from strength to curve desired.
*
* @return mapping from strength to curve name to use.
*/
public Map<Integer, String> getSecurityCurveMapping() {

if (curveMapping == null) {

curveMapping = parseSecurityCurveMappings(getProperty(SECURITY_CURVE_MAPPING));
}

return Collections.unmodifiableMap(curveMapping);
}

public static Map<Integer, String> parseSecurityCurveMappings(final String property) {
Map<Integer, String> lcurveMapping = new HashMap<>(8);

if (property != null && !property.isEmpty()) { //empty will be caught later.

String[] cmaps = property.split("[ \t]*:[ \t]*");
for (String mape : cmaps) {

String[] ep = mape.split("[ \t]*=[ \t]*");
if (ep.length != 2) {
logger.warn(format("Bad curve mapping for %s in property %s", mape, SECURITY_CURVE_MAPPING));
continue;
}

try {
int parseInt = Integer.parseInt(ep[0]);
lcurveMapping.put(parseInt, ep[1]);
} catch (NumberFormatException e) {
logger.warn(format("Bad curve mapping. Integer needed for strength %s for %s in property %s",
ep[0], mape, SECURITY_CURVE_MAPPING));
}

}

}
return lcurveMapping;
}

/**
* Get the timeout for a single proposal request to endorser.
*
Expand Down Expand Up @@ -265,26 +350,6 @@ public String getAsymmetricKeyType() {
return getProperty(ASYMMETRIC_KEY_TYPE);
}

public String getKeyAgreementAlgorithm() {
return getProperty(KEY_AGREEMENT_ALGORITHM);
}

public String getSymmetricKeyType() {
return getProperty(SYMMETRIC_KEY_TYPE);
}

public int getSymmetricKeyByteCount() {
return Integer.parseInt(getProperty(SYMMETRIC_KEY_BYTE_COUNT));
}

public String getSymmetricAlgorithm() {
return getProperty(SYMMETRIC_ALGORITHM);
}

public int getMACKeyByteCount() {
return Integer.parseInt(getProperty(MAC_KEY_BYTE_COUNT));
}

public String getCertificateFormat() {
return getProperty(CERTIFICATE_FORMAT);
}
Expand All @@ -293,6 +358,10 @@ public String getSignatureAlgorithm() {
return getProperty(SIGNATURE_ALGORITHM);
}

public String getDefaultCryptoSuiteFactory() {
return getProperty(DEFAULT_CRYPTO_SUITE_FACTORY);
}

public int maxLogStringLength() {
return Integer.parseInt(getProperty(MAX_LOG_STRING_LENGTH));
}
Expand Down
Loading

0 comments on commit 1ceab9a

Please sign in to comment.