use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions in project besu by hyperledger.
the class RunnerBuilder method build.
public Runner build() {
Preconditions.checkNotNull(besuController);
final DiscoveryConfiguration discoveryConfiguration = DiscoveryConfiguration.create().setBindHost(p2pListenInterface).setBindPort(p2pListenPort).setAdvertisedHost(p2pAdvertisedHost);
if (discovery) {
final List<EnodeURL> bootstrap;
if (ethNetworkConfig.getBootNodes() == null) {
bootstrap = EthNetworkConfig.getNetworkConfig(NetworkName.MAINNET).getBootNodes();
} else {
bootstrap = ethNetworkConfig.getBootNodes();
}
discoveryConfiguration.setBootnodes(bootstrap);
discoveryConfiguration.setDnsDiscoveryURL(ethNetworkConfig.getDnsDiscoveryUrl());
} else {
discoveryConfiguration.setActive(false);
}
final NodeKey nodeKey = besuController.getNodeKey();
final SubProtocolConfiguration subProtocolConfiguration = besuController.getSubProtocolConfiguration();
final ProtocolSchedule protocolSchedule = besuController.getProtocolSchedule();
final ProtocolContext context = besuController.getProtocolContext();
final List<SubProtocol> subProtocols = subProtocolConfiguration.getSubProtocols();
final List<ProtocolManager> protocolManagers = subProtocolConfiguration.getProtocolManagers();
final Set<Capability> supportedCapabilities = protocolManagers.stream().flatMap(protocolManager -> protocolManager.getSupportedCapabilities().stream()).collect(Collectors.toSet());
final RlpxConfiguration rlpxConfiguration = RlpxConfiguration.create().setBindHost(p2pListenInterface).setBindPort(p2pListenPort).setMaxPeers(maxPeers).setSupportedProtocols(subProtocols).setClientId(BesuInfo.nodeName(identityString)).setLimitRemoteWireConnectionsEnabled(limitRemoteWireConnectionsEnabled).setFractionRemoteWireConnectionsAllowed(fractionRemoteConnectionsAllowed);
networkingConfiguration.setRlpx(rlpxConfiguration).setDiscovery(discoveryConfiguration);
final PeerPermissionsDenylist bannedNodes = PeerPermissionsDenylist.create();
bannedNodeIds.forEach(bannedNodes::add);
final List<EnodeURL> bootnodes = discoveryConfiguration.getBootnodes();
final Synchronizer synchronizer = besuController.getSynchronizer();
final TransactionSimulator transactionSimulator = new TransactionSimulator(context.getBlockchain(), context.getWorldStateArchive(), protocolSchedule);
final Bytes localNodeId = nodeKey.getPublicKey().getEncodedBytes();
final Optional<NodePermissioningController> nodePermissioningController = buildNodePermissioningController(bootnodes, synchronizer, transactionSimulator, localNodeId, context.getBlockchain());
final PeerPermissions peerPermissions = nodePermissioningController.map(nodePC -> new PeerPermissionsAdapter(nodePC, bootnodes, context.getBlockchain())).map(nodePerms -> PeerPermissions.combine(nodePerms, bannedNodes)).orElse(bannedNodes);
LOG.info("Detecting NAT service.");
final boolean fallbackEnabled = natMethod == NatMethod.AUTO || natMethodFallbackEnabled;
final NatService natService = new NatService(buildNatManager(natMethod), fallbackEnabled);
final NetworkBuilder inactiveNetwork = caps -> new NoopP2PNetwork();
final NetworkBuilder activeNetwork = caps -> DefaultP2PNetwork.builder().vertx(vertx).nodeKey(nodeKey).config(networkingConfiguration).peerPermissions(peerPermissions).metricsSystem(metricsSystem).supportedCapabilities(caps).natService(natService).randomPeerPriority(randomPeerPriority).storageProvider(storageProvider).forkIdSupplier(forkIdSupplier).p2pTLSConfiguration(p2pTLSConfiguration).build();
final NetworkRunner networkRunner = NetworkRunner.builder().protocolManagers(protocolManagers).subProtocols(subProtocols).network(p2pEnabled ? activeNetwork : inactiveNetwork).metricsSystem(metricsSystem).build();
final P2PNetwork network = networkRunner.getNetwork();
// ForkId in Ethereum Node Record needs updating when we transition to a new protocol spec
context.getBlockchain().observeBlockAdded(blockAddedEvent -> {
if (protocolSchedule.streamMilestoneBlocks().anyMatch(blockNumber -> blockNumber == blockAddedEvent.getBlock().getHeader().getNumber())) {
network.updateNodeRecord();
}
});
nodePermissioningController.ifPresent(n -> n.setInsufficientPeersPermissioningProvider(new InsufficientPeersPermissioningProvider(network, bootnodes)));
final TransactionPool transactionPool = besuController.getTransactionPool();
final MiningCoordinator miningCoordinator = besuController.getMiningCoordinator();
final BlockchainQueries blockchainQueries = new BlockchainQueries(context.getBlockchain(), context.getWorldStateArchive(), Optional.of(dataDir.resolve(CACHE_PATH)), Optional.of(besuController.getProtocolManager().ethContext().getScheduler()), apiConfiguration);
final PrivacyParameters privacyParameters = besuController.getPrivacyParameters();
final FilterManager filterManager = new FilterManagerBuilder().blockchainQueries(blockchainQueries).transactionPool(transactionPool).privacyParameters(privacyParameters).build();
vertx.deployVerticle(filterManager);
createPrivateTransactionObserver(filterManager, privacyParameters);
final P2PNetwork peerNetwork = networkRunner.getNetwork();
final MiningParameters miningParameters = besuController.getMiningParameters();
Optional<StratumServer> stratumServer = Optional.empty();
if (miningParameters.isStratumMiningEnabled()) {
var powMiningCoordinator = miningCoordinator;
if (miningCoordinator instanceof TransitionCoordinator) {
LOG.debug("fetching powMiningCoordinator from TransitionCoordinator");
powMiningCoordinator = ((TransitionCoordinator) miningCoordinator).getPreMergeObject();
}
stratumServer = Optional.of(new StratumServer(vertx, powMiningCoordinator, miningParameters.getStratumPort(), miningParameters.getStratumNetworkInterface(), miningParameters.getStratumExtranonce(), metricsSystem));
miningCoordinator.addEthHashObserver(stratumServer.get());
LOG.debug("added ethash observer: {}", stratumServer.get());
}
sanitizePeers(network, staticNodes).map(DefaultPeer::fromEnodeURL).forEach(peerNetwork::addMaintainedConnectionPeer);
final Optional<NodeLocalConfigPermissioningController> nodeLocalConfigPermissioningController = nodePermissioningController.flatMap(NodePermissioningController::localConfigController);
final Optional<AccountPermissioningController> accountPermissioningController = buildAccountPermissioningController(permissioningConfiguration, besuController, transactionSimulator, context.getBlockchain());
final Optional<AccountLocalConfigPermissioningController> accountLocalConfigPermissioningController = accountPermissioningController.flatMap(AccountPermissioningController::getAccountLocalConfigPermissioningController);
Optional<JsonRpcHttpService> jsonRpcHttpService = Optional.empty();
if (jsonRpcConfiguration.isEnabled()) {
final Map<String, JsonRpcMethod> nonEngineMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, jsonRpcConfiguration.getRpcApis().stream().filter(apiGroup -> !apiGroup.toLowerCase().startsWith("engine")).collect(Collectors.toList()), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, jsonRpcConfiguration, webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
jsonRpcHttpService = Optional.of(new JsonRpcHttpService(vertx, dataDir, jsonRpcConfiguration, metricsSystem, natService, nonEngineMethods, new HealthService(new LivenessCheck()), new HealthService(new ReadinessCheck(peerNetwork, synchronizer))));
}
Optional<JsonRpcService> engineJsonRpcService = Optional.empty();
if (engineJsonRpcConfiguration.isPresent() && engineJsonRpcConfiguration.get().isEnabled()) {
final Map<String, JsonRpcMethod> engineMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, engineJsonRpcConfiguration.get().getRpcApis(), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, engineJsonRpcConfiguration.get(), webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
Optional<AuthenticationService> authToUse = engineJsonRpcConfiguration.get().isAuthenticationEnabled() ? Optional.of(new EngineAuthService(vertx, Optional.ofNullable(engineJsonRpcConfiguration.get().getAuthenticationPublicKeyFile()), dataDir)) : Optional.empty();
WebSocketConfiguration engineSocketConfig = webSocketConfiguration.isEnabled() ? webSocketConfiguration : WebSocketConfiguration.createEngineDefault();
engineJsonRpcService = Optional.of(new JsonRpcService(vertx, dataDir, engineJsonRpcConfiguration.orElse(JsonRpcConfiguration.createEngineDefault()), metricsSystem, natService, engineMethods, Optional.ofNullable(engineSocketConfig), besuController.getProtocolManager().ethContext().getScheduler(), authToUse, new HealthService(new LivenessCheck()), new HealthService(new ReadinessCheck(peerNetwork, synchronizer))));
}
Optional<GraphQLHttpService> graphQLHttpService = Optional.empty();
if (graphQLConfiguration.isEnabled()) {
final GraphQLDataFetchers fetchers = new GraphQLDataFetchers(supportedCapabilities, privacyParameters.getGoQuorumPrivacyParameters());
final Map<GraphQLContextType, Object> graphQlContextMap = new ConcurrentHashMap<>();
graphQlContextMap.putIfAbsent(GraphQLContextType.BLOCKCHAIN_QUERIES, blockchainQueries);
graphQlContextMap.putIfAbsent(GraphQLContextType.PROTOCOL_SCHEDULE, protocolSchedule);
graphQlContextMap.putIfAbsent(GraphQLContextType.TRANSACTION_POOL, transactionPool);
graphQlContextMap.putIfAbsent(GraphQLContextType.MINING_COORDINATOR, miningCoordinator);
graphQlContextMap.putIfAbsent(GraphQLContextType.SYNCHRONIZER, synchronizer);
final GraphQL graphQL;
try {
graphQL = GraphQLProvider.buildGraphQL(fetchers);
} catch (final IOException ioe) {
throw new RuntimeException(ioe);
}
graphQLHttpService = Optional.of(new GraphQLHttpService(vertx, dataDir, graphQLConfiguration, graphQL, graphQlContextMap, besuController.getProtocolManager().ethContext().getScheduler()));
}
Optional<WebSocketService> webSocketService = Optional.empty();
if (webSocketConfiguration.isEnabled()) {
final Map<String, JsonRpcMethod> nonEngineMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, webSocketConfiguration.getRpcApis().stream().filter(apiGroup -> !apiGroup.toLowerCase().startsWith("engine")).collect(Collectors.toList()), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, jsonRpcConfiguration, webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
final SubscriptionManager subscriptionManager = createSubscriptionManager(vertx, transactionPool, blockchainQueries);
createLogsSubscriptionService(context.getBlockchain(), context.getWorldStateArchive(), subscriptionManager, privacyParameters);
createNewBlockHeadersSubscriptionService(context.getBlockchain(), blockchainQueries, subscriptionManager);
createSyncingSubscriptionService(synchronizer, subscriptionManager);
webSocketService = Optional.of(createWebsocketService(vertx, webSocketConfiguration, subscriptionManager, nonEngineMethods, privacyParameters, protocolSchedule, blockchainQueries, DefaultAuthenticationService.create(vertx, webSocketConfiguration), metricsSystem));
createPrivateTransactionObserver(subscriptionManager, privacyParameters);
}
Optional<MetricsService> metricsService = createMetricsService(vertx, metricsConfiguration);
final Optional<EthStatsService> ethStatsService;
if (!Strings.isNullOrEmpty(ethstatsUrl)) {
ethStatsService = Optional.of(new EthStatsService(NetstatsUrl.fromParams(ethstatsUrl, ethstatsContact), blockchainQueries, besuController.getProtocolManager(), transactionPool, miningCoordinator, besuController.getSyncState(), vertx, BesuInfo.nodeName(identityString), besuController.getGenesisConfigOptions(), network));
} else {
ethStatsService = Optional.empty();
}
final Optional<JsonRpcIpcService> jsonRpcIpcService;
if (jsonRpcIpcConfiguration.isEnabled()) {
Map<String, JsonRpcMethod> ipcMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, jsonRpcIpcConfiguration.getEnabledApis().stream().filter(apiGroup -> !apiGroup.toLowerCase().startsWith("engine")).collect(Collectors.toList()), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, jsonRpcConfiguration, webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
jsonRpcIpcService = Optional.of(new JsonRpcIpcService(vertx, jsonRpcIpcConfiguration.getPath(), new JsonRpcExecutor(new BaseJsonRpcProcessor(), ipcMethods)));
} else {
jsonRpcIpcService = Optional.empty();
}
return new Runner(vertx, networkRunner, natService, jsonRpcHttpService, engineJsonRpcService, graphQLHttpService, webSocketService, jsonRpcIpcService, stratumServer, metricsService, ethStatsService, besuController, dataDir, pidPath, autoLogBloomCaching ? blockchainQueries.getTransactionLogBloomCacher() : Optional.empty(), context.getBlockchain());
}
use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions in project besu by hyperledger.
the class P2PPlainNetworkTest method rejectIncomingConnectionFromDisallowedPeer.
@Test
public void rejectIncomingConnectionFromDisallowedPeer() throws Exception {
final PeerPermissions peerPermissions = mock(PeerPermissions.class);
when(peerPermissions.isPermitted(any(), any(), any())).thenReturn(true);
try (final P2PNetwork localNetwork = builder("partner1client1").peerPermissions(peerPermissions).build();
final P2PNetwork remoteNetwork = builder("partner2client1").build()) {
localNetwork.start();
remoteNetwork.start();
final EnodeURL localEnode = localNetwork.getLocalEnode().get();
final Peer localPeer = DefaultPeer.fromEnodeURL(localEnode);
final Peer remotePeer = DefaultPeer.fromEnodeURL(remoteNetwork.getLocalEnode().get());
// Deny incoming connection permissions for remotePeer
when(peerPermissions.isPermitted(eq(localPeer), eq(remotePeer), eq(PeerPermissions.Action.RLPX_ALLOW_NEW_INBOUND_CONNECTION))).thenReturn(false);
// Setup disconnect listener
final CompletableFuture<PeerConnection> peerFuture = new CompletableFuture<>();
final CompletableFuture<DisconnectReason> reasonFuture = new CompletableFuture<>();
remoteNetwork.subscribeDisconnect((peerConnection, reason, initiatedByPeer) -> {
peerFuture.complete(peerConnection);
reasonFuture.complete(reason);
});
// Remote connect to local
final CompletableFuture<PeerConnection> connectFuture = remoteNetwork.connect(localPeer);
// Check connection is made, and then a disconnect is registered at remote
final Bytes localId = localEnode.getNodeId();
Assertions.assertThat(connectFuture.get(5L, TimeUnit.SECONDS).getPeerInfo().getNodeId()).isEqualTo(localId);
Assertions.assertThat(peerFuture.get(5L, TimeUnit.SECONDS).getPeerInfo().getNodeId()).isEqualTo(localId);
assertThat(reasonFuture.get(5L, TimeUnit.SECONDS)).isEqualByComparingTo(DisconnectReason.UNKNOWN);
}
}
use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions in project besu by hyperledger.
the class PeerDiscoveryAgentTest method peerTable_disallowPeer.
@Test
public void peerTable_disallowPeer() {
// Setup peer
final MockPeerDiscoveryAgent otherNode = helper.startDiscoveryAgent();
assertThat(otherNode.getAdvertisedPeer().isPresent()).isTrue();
final DiscoveryPeer remotePeer = otherNode.getAdvertisedPeer().get();
final PeerPermissions peerPermissions = mock(PeerPermissions.class);
final MockPeerDiscoveryAgent agent = helper.createDiscoveryAgent(helper.agentBuilder().bootstrapPeers(remotePeer).peerPermissions(peerPermissions));
when(peerPermissions.isPermitted(any(), any(), any())).thenReturn(true);
when(peerPermissions.isPermitted(any(), eq(remotePeer), eq(Action.DISCOVERY_ALLOW_IN_PEER_TABLE))).thenReturn(false);
agent.start(999);
assertThat(agent.streamDiscoveredPeers()).hasSize(0);
}
use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions in project besu by hyperledger.
the class PeerDiscoveryAgentTest method bond_supplyGenericPeer.
@Test
public void bond_supplyGenericPeer() {
final MockPeerDiscoveryAgent otherNode = helper.startDiscoveryAgent();
assertThat(otherNode.getAdvertisedPeer().isPresent()).isTrue();
final DiscoveryPeer remotePeer = otherNode.getAdvertisedPeer().get();
final Peer genericPeer = DefaultPeer.fromEnodeURL(remotePeer.getEnodeURL());
final PeerPermissions peerPermissions = mock(PeerPermissions.class);
final MockPeerDiscoveryAgent agent = helper.createDiscoveryAgent(helper.agentBuilder().peerPermissions(peerPermissions));
when(peerPermissions.isPermitted(any(), any(), any())).thenReturn(true);
// Start agent and bond
assertThat(agent.start(30303)).isCompleted();
assertThat(agent.streamDiscoveredPeers()).isEmpty();
agent.bond(genericPeer);
// We should send an outgoing ping
List<IncomingPacket> remoteIncomingPackets = otherNode.getIncomingPackets();
assertThat(remoteIncomingPackets).hasSize(2);
final IncomingPacket firstMsg = remoteIncomingPackets.get(0);
assertThat(firstMsg.packet.getType()).isEqualTo(PacketType.PING);
// The remote peer will send a PING and we'll respond with a return PONG
assertThat(firstMsg.fromAgent).isEqualTo(agent);
final IncomingPacket secondMsg = remoteIncomingPackets.get(1);
assertThat(secondMsg.packet.getType()).isEqualTo(PacketType.PONG);
assertThat(secondMsg.fromAgent).isEqualTo(agent);
// The peer should now be bonded
assertThat(agent.streamDiscoveredPeers()).contains(remotePeer);
}
use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions in project besu by hyperledger.
the class PeerDiscoveryAgentTest method peerTable_allowPeer.
@Test
public void peerTable_allowPeer() {
// Setup peer
final MockPeerDiscoveryAgent otherNode = helper.startDiscoveryAgent();
assertThat(otherNode.getAdvertisedPeer().isPresent()).isTrue();
final DiscoveryPeer remotePeer = otherNode.getAdvertisedPeer().get();
final PeerPermissions peerPermissions = mock(PeerPermissions.class);
final MockPeerDiscoveryAgent agent = helper.createDiscoveryAgent(helper.agentBuilder().bootstrapPeers(remotePeer).peerPermissions(peerPermissions));
when(peerPermissions.isPermitted(any(), any(), any())).thenReturn(false);
when(peerPermissions.isPermitted(any(), eq(remotePeer), eq(Action.DISCOVERY_ALLOW_IN_PEER_TABLE))).thenReturn(true);
agent.start(999);
assertThat(agent.streamDiscoveredPeers()).hasSize(1);
}
Aggregations