Examples with LedgerSecurityManager com.jd.blockchain.ledger.core.LedgerSecurityManager used on opensource projects

Example 1 with LedgerSecurityManager

use of com.jd.blockchain.ledger.core.LedgerSecurityManager in project jdchain-core by blockchain-jd-com.

the class ContractLedgerQueryService method getUserPrivileges.

@Override
public UserPrivilegeSet getUserPrivileges(String userAddress) {
    LedgerDataSet ledgerDataQuery = ledgerQuery.getLedgerDataSet();
    LedgerAdminDataSet previousAdminDataset = ledgerDataQuery.getAdminDataset();
    LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(previousAdminDataset.getAdminSettings().getRolePrivileges(), previousAdminDataset.getAdminSettings().getAuthorizations(), previousAdminDataset.getParticipantDataset(), ledgerDataQuery.getUserAccountSet());
    UserPrivilegeSet userPrivilegeSet = securityManager.getUserRolesPrivilegs(Bytes.fromBase58(userAddress));
    return userPrivilegeSet;
}

Example 2 with LedgerSecurityManager

use of com.jd.blockchain.ledger.core.LedgerSecurityManager in project jdchain-core by blockchain-jd-com.

the class LedgerSecurityManagerTest method testGetSecurityPolicy.

@Test
public void testGetSecurityPolicy() {
    MemoryKVStorage testStorage = new MemoryKVStorage();
    // 定义不同角色用户的 keypair；
    final BlockchainKeypair kpManager = BlockchainKeyGenerator.getInstance().generate();
    final BlockchainKeypair kpEmployee = BlockchainKeyGenerator.getInstance().generate();
    final BlockchainKeypair kpDevoice = BlockchainKeyGenerator.getInstance().generate();
    final BlockchainKeypair kpPlatform = BlockchainKeyGenerator.getInstance().generate();
    // 定义角色和权限；
    final String ROLE_ADMIN = "ID_ADMIN";
    final String ROLE_OPERATOR = "OPERATOR";
    final String ROLE_DATA_COLLECTOR = "DATA_COLLECTOR";
    final String ROLE_PLATFORM = "PLATFORM";
    // 定义管理员角色的权限：【账本权限只允许：注册用户、注册数据账户】【交易权限只允许：调用账本直接操作】
    final Privileges PRIVILEGES_ADMIN = Privileges.configure().enable(LedgerPermission.REGISTER_USER, LedgerPermission.REGISTER_DATA_ACCOUNT).enable(TransactionPermission.DIRECT_OPERATION);
    // 定义操作员角色的权限：【账本权限只允许：写入数据账户】【交易权限只允许：调用合约】
    final Privileges PRIVILEGES_OPERATOR = Privileges.configure().enable(LedgerPermission.WRITE_DATA_ACCOUNT).enable(TransactionPermission.CONTRACT_OPERATION);
    // 定义数据收集器角色的权限：【账本权限只允许：写入数据账户】【交易权限只允许：调用账本直接操作】
    final Privileges PRIVILEGES_DATA_COLLECTOR = Privileges.configure().enable(LedgerPermission.WRITE_DATA_ACCOUNT).enable(TransactionPermission.DIRECT_OPERATION);
    // 定义平台角色的权限：【账本权限只允许：签署合约】 (只允许作为节点签署交易，不允许作为终端发起交易指令)
    final Privileges PRIVILEGES_PLATFORM = Privileges.configure().enable(LedgerPermission.APPROVE_TX);
    RolePrivilegeDataset rolePrivilegeDataset = createRolePrivilegeDataset(testStorage);
    long v = rolePrivilegeDataset.addRolePrivilege(ROLE_ADMIN, PRIVILEGES_ADMIN);
    assertTrue(v > -1);
    v = rolePrivilegeDataset.addRolePrivilege(ROLE_OPERATOR, PRIVILEGES_OPERATOR);
    assertTrue(v > -1);
    v = rolePrivilegeDataset.addRolePrivilege(ROLE_DATA_COLLECTOR, PRIVILEGES_DATA_COLLECTOR);
    assertTrue(v > -1);
    v = rolePrivilegeDataset.addRolePrivilege(ROLE_PLATFORM, PRIVILEGES_PLATFORM);
    assertTrue(v > -1);
    rolePrivilegeDataset.commit();
    // 为用户分配角色；
    String[] managerRoles = new String[] { ROLE_ADMIN, ROLE_OPERATOR };
    String[] employeeRoles = new String[] { ROLE_OPERATOR };
    String[] devoiceRoles = new String[] { ROLE_DATA_COLLECTOR };
    String[] platformRoles = new String[] { ROLE_PLATFORM };
    UserRoleDatasetEditor userRolesDataset = createUserRoleDataset(testStorage);
    userRolesDataset.addUserRoles(kpManager.getAddress(), RolesPolicy.UNION, managerRoles);
    userRolesDataset.addUserRoles(kpEmployee.getAddress(), RolesPolicy.UNION, employeeRoles);
    userRolesDataset.addUserRoles(kpDevoice.getAddress(), RolesPolicy.UNION, devoiceRoles);
    userRolesDataset.addUserRoles(kpPlatform.getAddress(), RolesPolicy.UNION, platformRoles);
    userRolesDataset.commit();
    ParticipantCollection partisQuery = Mockito.mock(ParticipantCollection.class);
    UserAccountSet usersQuery = Mockito.mock(UserAccountSet.class);
    // 创建安全管理器；
    LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset, partisQuery, usersQuery);
    // 定义终端用户列表；终端用户一起共同具有 ADMIN、OPERATOR 角色；
    final Map<Bytes, BlockchainKeypair> endpoints = new HashMap<>();
    endpoints.put(kpManager.getAddress(), kpManager);
    endpoints.put(kpEmployee.getAddress(), kpEmployee);
    // 定义节点参与方列表；
    final Map<Bytes, BlockchainKeypair> nodes = new HashMap<>();
    nodes.put(kpPlatform.getAddress(), kpPlatform);
    // 创建一项与指定的终端用户和节点参与方相关的安全策略；
    SecurityPolicy policy = securityManager.getSecurityPolicy(endpoints.keySet(), nodes.keySet());
    // 校验安全策略的正确性；
    LedgerPermission[] ledgerPermissions = LedgerPermission.values();
    for (LedgerPermission p : ledgerPermissions) {
        // 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限；
        if (p == LedgerPermission.REGISTER_USER || p == LedgerPermission.REGISTER_DATA_ACCOUNT || p == LedgerPermission.WRITE_DATA_ACCOUNT) {
            assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
        } else {
            assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
        }
        if (p == LedgerPermission.APPROVE_TX) {
            // 共识参与方只有 PLATFORM 角色的权限：核准交易；
            assertTrue(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
        } else {
            assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
        }
    }
    TransactionPermission[] transactionPermissions = TransactionPermission.values();
    for (TransactionPermission p : transactionPermissions) {
        // 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限；
        if (p == TransactionPermission.DIRECT_OPERATION || p == TransactionPermission.CONTRACT_OPERATION) {
            assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
        } else {
            assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
        }
        assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
    }
}

Example 3 with LedgerSecurityManager

use of com.jd.blockchain.ledger.core.LedgerSecurityManager in project jdchain-core by blockchain-jd-com.

the class ContractInvokingTest method deploy.

private void deploy(LedgerRepository ledgerRepo, LedgerManager ledgerManager, DefaultOperationHandleRegisteration opReg, HashDigest ledgerHash, BlockchainKeypair contractKey) {
    // 创建新区块的交易处理器；
    LedgerBlock preBlock = ledgerRepo.getLatestBlock();
    LedgerDataSet previousBlockDataset = ledgerRepo.getLedgerDataSet(preBlock);
    // 加载合约
    LedgerEditor newBlockEditor = ledgerRepo.createNextBlock();
    LedgerSecurityManager securityManager = getSecurityManager();
    TransactionBatchProcessor txbatchProcessor = new TransactionBatchProcessor(securityManager, newBlockEditor, ledgerRepo, opReg);
    // 构建基于接口调用合约的交易请求，用于测试合约调用；
    CryptoSetting cryptoSetting = ledgerRepo.getAdminInfo().getSettings().getCryptoSetting();
    TxBuilder txBuilder = new TxBuilder(ledgerHash, cryptoSetting.getHashAlgorithm());
    txBuilder.contracts().deploy(contractKey.getIdentity(), chainCode());
    TransactionRequestBuilder txReqBuilder = txBuilder.prepareRequest();
    txReqBuilder.signAsEndpoint(parti0);
    txReqBuilder.signAsNode(parti0);
    TransactionRequest txReq = txReqBuilder.buildRequest();
    TransactionResponse resp = txbatchProcessor.schedule(txReq);
    OperationResult[] opResults = resp.getOperationResults();
    assertNull(opResults);
    // 提交区块；
    TransactionBatchResultHandle txResultHandle = txbatchProcessor.prepare();
    txResultHandle.commit();
}

Example 4 with LedgerSecurityManager

use of com.jd.blockchain.ledger.core.LedgerSecurityManager in project jdchain-core by blockchain-jd-com.

the class BlockFullRollBackTest method getSecurityManager.

private static LedgerSecurityManager getSecurityManager() {
    LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);
    SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
    when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
    when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
    when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
    when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);
    when(securityManager.getSecurityPolicy(any(), any())).thenReturn(securityPolicy);
    return securityManager;
}

Example 5 with LedgerSecurityManager

use of com.jd.blockchain.ledger.core.LedgerSecurityManager in project jdchain-core by blockchain-jd-com.

the class TransactionBatchProcessorTest method getSecurityManager.

private static LedgerSecurityManager getSecurityManager() {
    LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);
    SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
    when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
    when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
    when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
    when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);
    when(securityManager.getSecurityPolicy(any(), any())).thenReturn(securityPolicy);
    return securityManager;
}