Example 1 with CryptoConfigInfo
use of com.jd.blockchain.ledger.json.CryptoConfigInfo in project jdchain-core by blockchain-jd-com.
the class ManagementController method authenticateGateway.
/**
* 接入认证;
*
* @param authRequest
* @return
*/
@RequestMapping(path = URL_AUTH_GATEWAY, method = RequestMethod.POST, consumes = BinaryMessageConverter.CONTENT_TYPE_VALUE)
@Override
public GatewayAuthResponse authenticateGateway(@RequestBody GatewayAuthRequest authRequest) {
if (ledgerPeers.size() == 0 || authRequest == null) {
return null;
}
HashDigest[] authLedgers = authRequest.getLedgers();
ClientCredential[] clientCredentialOfRequests = authRequest.getCredentials();
if (authLedgers == null || authLedgers.length == 0 || clientCredentialOfRequests == null || clientCredentialOfRequests.length == 0) {
return null;
}
GatewayAuthResponse gatewayAuthResponse = new GatewayAuthResponse();
List<LedgerIncomingSettings> ledgerIncomingList = new ArrayList<LedgerIncomingSettings>();
int i = -1;
for (HashDigest ledgerHash : authLedgers) {
i++;
NodeServer peer = ledgerPeers.get(ledgerHash);
if (peer == null) {
continue;
}
String peerProviderName = peer.getProviderName();
ConsensusProvider provider = ConsensusProviders.getProvider(peer.getProviderName());
ClientIncomingSettings clientIncomingSettings = null;
ClientCredential clientRedential = clientCredentialOfRequests[i];
if (!peerProviderName.equalsIgnoreCase(clientRedential.getProviderName())) {
// 忽略掉不匹配的“共识客户端提供者程序”认证信息;
continue;
}
// 用户账户校验,必须为非移除状态的共识节点
LedgerRepository ledgerRepo = (LedgerRepository) ledgerQuerys.get(ledgerHash);
if (null == ledgerRepo) {
continue;
}
boolean isParticipantNode = false;
PubKey clientPubKey = clientRedential.getPubKey();
for (ParticipantNode participantNode : ledgerRepo.getAdminInfo().getParticipants()) {
if (participantNode.getPubKey().equals(clientPubKey) && participantNode.getParticipantNodeState() != ParticipantNodeState.DEACTIVATED) {
isParticipantNode = true;
break;
}
}
if (!isParticipantNode) {
continue;
}
try {
UserAccount peerAccount = ledgerRepo.getUserAccountSet().getAccount(ledgerCurrNodes.get(ledgerHash).getAddress());
if (peerAccount.getState() != AccountState.NORMAL) {
LOGGER.error(String.format("Authenticate ledger[%s] error ! peer state is [%s]", ledgerHash.toBase58(), peerAccount.getState()));
continue;
}
UserAccount gwAccount = ledgerRepo.getUserAccountSet().getAccount(AddressEncoding.generateAddress(clientPubKey));
if (gwAccount.getState() != AccountState.NORMAL) {
LOGGER.error(String.format("Authenticate ledger[%s] error ! gateway state is [%s]", ledgerHash.toBase58(), peerAccount.getState()));
continue;
}
// 证书模式下认证校验
if (ledgerIdMode.get(ledgerHash) == IdentityMode.CA) {
// 当前Peer证书
X509Certificate peerCA = CertificateUtils.parseCertificate(peerAccount.getCertificate());
CertificateUtils.checkCertificateRole(peerCA, CertificateRole.PEER);
CertificateUtils.checkValidity(peerCA);
X509Certificate[] ledgerCAs = CertificateUtils.parseCertificates(ledgerRepo.getAdminInfo().getMetadata().getLedgerCertificates());
Arrays.stream(ledgerCAs).forEach(issuer -> CertificateUtils.checkCACertificate(issuer));
// 当前账本证书中当前节点证书发布者
X509Certificate[] peerIssuers = CertificateUtils.findIssuers(peerCA, ledgerCAs);
CertificateUtils.checkValidityAny(peerIssuers);
// 接入网关CA
X509Certificate gwCA = CertificateUtils.parseCertificate(gwAccount.getCertificate());
CertificateUtils.checkCertificateRole(gwCA, CertificateRole.GW);
CertificateUtils.checkValidity(gwCA);
X509Certificate[] gwIssuers = CertificateUtils.findIssuers(gwCA, ledgerCAs);
CertificateUtils.checkValidityAny(gwIssuers);
}
clientIncomingSettings = peer.getClientAuthencationService().authencateIncoming(clientRedential);
} catch (Exception e) {
// 个别账本的认证失败不应该影响其它账本的认证;
LOGGER.error(String.format("Authenticate ledger[%s] error !", ledgerHash.toBase58()), e);
continue;
}
byte[] clientIncomingBytes = provider.getSettingsFactory().getIncomingSettingsEncoder().encode(clientIncomingSettings);
String base64ClientIncomingSettings = ByteArray.toBase64(clientIncomingBytes);
LedgerIncomingSettings ledgerIncomingSetting = new LedgerIncomingSettings();
ledgerIncomingSetting.setLedgerHash(ledgerHash);
// 使用非代理对象,防止JSON序列化异常
ledgerIncomingSetting.setCryptoSetting(new CryptoConfigInfo(ledgerCryptoSettings.get(ledgerHash)));
ledgerIncomingSetting.setConsensusClientSettings(base64ClientIncomingSettings);
ledgerIncomingSetting.setProviderName(peerProviderName);
ledgerIncomingList.add(ledgerIncomingSetting);
}
gatewayAuthResponse.setLedgers(ledgerIncomingList.toArray(new LedgerIncomingSettings[ledgerIncomingList.size()]));
return gatewayAuthResponse;
}
Also used :
GatewayAuthResponse(com.jd.blockchain.setting.GatewayAuthResponse)
LedgerIncomingSettings(com.jd.blockchain.setting.LedgerIncomingSettings)
ServiceEndpoint(com.jd.httpservice.agent.ServiceEndpoint)
X509Certificate(java.security.cert.X509Certificate)
BusinessException(utils.BusinessException)
CryptoConfigInfo(com.jd.blockchain.ledger.json.CryptoConfigInfo)
Example 2 with CryptoConfigInfo
use of com.jd.blockchain.ledger.json.CryptoConfigInfo in project jdchain-core by blockchain-jd-com.
the class OperationDecoratorFactory method decorateLedgerInitOperation.
/**
* decorate LedgerInitOperation object
*
* @param op
* @return
*/
public static Operation decorateLedgerInitOperation(LedgerInitOperation op) {
LedgerInitData ledgerInitData = new LedgerInitData();
ledgerInitData.setConsensusSettings(op.getInitSetting().getConsensusSettings());
ledgerInitData.setCryptoSetting(new CryptoConfigInfo(op.getInitSetting().getCryptoSetting()));
ledgerInitData.setLedgerSeed(op.getInitSetting().getLedgerSeed());
ledgerInitData.setIdentityMode(op.getInitSetting().getIdentityMode());
if (op.getInitSetting().getIdentityMode() == IdentityMode.CA) {
ledgerInitData.setLedgerCertificates(op.getInitSetting().getLedgerCertificates());
}
ledgerInitData.setConsensusProvider(op.getInitSetting().getConsensusProvider());
ledgerInitData.setCreatedTime(op.getInitSetting().getCreatedTime());
ledgerInitData.setLedgerDataStructure(op.getInitSetting().getLedgerDataStructure());
ledgerInitData.setContractRuntimeConfig(new JVMContractRuntimeConfig(op.getInitSetting().getContractRuntimeConfig().getTimeout(), op.getInitSetting().getContractRuntimeConfig().getMaxStackDepth()));
ParticipantNode[] participantNodes = op.getInitSetting().getConsensusParticipants();
if (participantNodes != null && participantNodes.length > 0) {
ParticipantNode[] participants = new ParticipantNode[participantNodes.length];
for (int i = 0; i < participantNodes.length; i++) {
ParticipantNode participantNode = participantNodes[i];
ConsensusParticipantData participant = new ConsensusParticipantData();
participant.setId(participantNode.getId());
participant.setName(participantNode.getName());
participant.setPubKey(participantNode.getPubKey());
participant.setAddress(participantNode.getAddress());
participant.setParticipantState(participantNode.getParticipantNodeState());
participants[i] = participant;
}
GenesisUser[] gus = op.getInitSetting().getGenesisUsers();
if (null == gus || gus.length == 0) {
gus = new GenesisUserConfig[participantNodes.length];
for (int i = 0; i < participantNodes.length; i++) {
gus[i] = new GenesisUserConfig(participantNodes[i].getPubKey(), null, null, null);
}
}
GenesisUser[] genesisUsers = new GenesisUserConfig[gus.length];
for (int i = 0; i < gus.length; i++) {
genesisUsers[i] = new GenesisUserConfig(gus[i]);
}
ledgerInitData.setGenesisUsers(genesisUsers);
ledgerInitData.setConsensusParticipants(participants);
}
return new LedgerInitOpTemplate(ledgerInitData);
}
Also used :
JVMContractRuntimeConfig(com.jd.blockchain.contract.jvm.JVMContractRuntimeConfig)
CryptoConfigInfo(com.jd.blockchain.ledger.json.CryptoConfigInfo)
Aggregations
CryptoConfigInfo (com.jd.blockchain.ledger.json.CryptoConfigInfo)2
JVMContractRuntimeConfig (com.jd.blockchain.contract.jvm.JVMContractRuntimeConfig)1
GatewayAuthResponse (com.jd.blockchain.setting.GatewayAuthResponse)1
LedgerIncomingSettings (com.jd.blockchain.setting.LedgerIncomingSettings)1
ServiceEndpoint (com.jd.httpservice.agent.ServiceEndpoint)1
X509Certificate (java.security.cert.X509Certificate)1
BusinessException (utils.BusinessException)1
