Search in sources :

Example 1 with PeerPermissionsDenylist

use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist in project besu by hyperledger.

the class P2PPlainNetworkTest method rejectIncomingConnectionFromBlacklistedPeer.

@Test
public void rejectIncomingConnectionFromBlacklistedPeer() throws Exception {
    final PeerPermissionsDenylist localBlacklist = PeerPermissionsDenylist.create();
    try (final P2PNetwork localNetwork = builder("partner1client1").peerPermissions(localBlacklist).build();
        final P2PNetwork remoteNetwork = builder("partner2client1").build()) {
        localNetwork.start();
        remoteNetwork.start();
        final EnodeURL localEnode = localNetwork.getLocalEnode().get();
        final Bytes localId = localEnode.getNodeId();
        final int localPort = localEnode.getListeningPort().get();
        final EnodeURL remoteEnode = remoteNetwork.getLocalEnode().get();
        final Bytes remoteId = remoteEnode.getNodeId();
        final int remotePort = remoteEnode.getListeningPort().get();
        final Peer localPeer = createPeer(localId, localPort);
        final Peer remotePeer = createPeer(remoteId, remotePort);
        // Blacklist the remote peer
        localBlacklist.add(remotePeer);
        // Setup disconnect listener
        final CompletableFuture<PeerConnection> peerFuture = new CompletableFuture<>();
        final CompletableFuture<DisconnectReason> reasonFuture = new CompletableFuture<>();
        remoteNetwork.subscribeDisconnect((peerConnection, reason, initiatedByPeer) -> {
            peerFuture.complete(peerConnection);
            reasonFuture.complete(reason);
        });
        // Remote connect to local
        final CompletableFuture<PeerConnection> connectFuture = remoteNetwork.connect(localPeer);
        // Check connection is made, and then a disconnect is registered at remote
        Assertions.assertThat(connectFuture.get(5L, TimeUnit.SECONDS).getPeerInfo().getNodeId()).isEqualTo(localId);
        Assertions.assertThat(peerFuture.get(5L, TimeUnit.SECONDS).getPeerInfo().getNodeId()).isEqualTo(localId);
        assertThat(reasonFuture.get(5L, TimeUnit.SECONDS)).isEqualByComparingTo(DisconnectReason.UNKNOWN);
    }
}
Also used : EnodeURL(org.hyperledger.besu.plugin.data.EnodeURL) Bytes(org.apache.tuweni.bytes.Bytes) PeerPermissionsDenylist(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist) CompletableFuture(java.util.concurrent.CompletableFuture) PeerConnection(org.hyperledger.besu.ethereum.p2p.rlpx.connections.PeerConnection) DisconnectReason(org.hyperledger.besu.ethereum.p2p.rlpx.wire.messages.DisconnectMessage.DisconnectReason) Peer(org.hyperledger.besu.ethereum.p2p.peers.Peer) DefaultPeer(org.hyperledger.besu.ethereum.p2p.peers.DefaultPeer) Test(org.junit.Test)

Example 2 with PeerPermissionsDenylist

use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist in project besu by hyperledger.

the class PeerDiscoveryControllerTest method shouldNotBondWithBlacklistedPeer.

@Test
public void shouldNotBondWithBlacklistedPeer() {
    final List<DiscoveryPeer> peers = createPeersInLastBucket(localPeer, 3);
    final DiscoveryPeer discoPeer = peers.get(0);
    final DiscoveryPeer otherPeer = peers.get(1);
    final DiscoveryPeer otherPeer2 = peers.get(2);
    final PeerPermissionsDenylist blacklist = PeerPermissionsDenylist.create();
    final OutboundMessageHandler outboundMessageHandler = mock(OutboundMessageHandler.class);
    controller = getControllerBuilder().peers(discoPeer).peerPermissions(blacklist).outboundMessageHandler(outboundMessageHandler).build();
    final Endpoint localEndpoint = localPeer.getEndpoint();
    // Setup ping to be sent to discoPeer
    List<NodeKey> nodeKeys = PeerDiscoveryTestHelper.generateNodeKeys(1);
    PingPacketData pingPacketData = PingPacketData.create(Optional.ofNullable(localEndpoint), discoPeer.getEndpoint(), UInt64.ONE);
    final Packet discoPeerPing = Packet.create(PacketType.PING, pingPacketData, nodeKeys.get(0));
    mockPingPacketCreation(discoPeer, discoPeerPing);
    controller.start();
    verify(outboundMessageHandler, times(1)).send(any(), matchPacketOfType(PacketType.PING));
    final Packet pongFromDiscoPeer = MockPacketDataFactory.mockPongPacket(discoPeer, discoPeerPing.getHash());
    controller.onMessage(pongFromDiscoPeer, discoPeer);
    verify(outboundMessageHandler, times(1)).send(eq(discoPeer), matchPacketOfType(PacketType.FIND_NEIGHBORS));
    // Setup ping to be sent to otherPeer after neighbors packet is received
    nodeKeys = PeerDiscoveryTestHelper.generateNodeKeys(1);
    pingPacketData = PingPacketData.create(Optional.ofNullable(localEndpoint), otherPeer.getEndpoint(), UInt64.ONE);
    final Packet pingPacket = Packet.create(PacketType.PING, pingPacketData, nodeKeys.get(0));
    mockPingPacketCreation(otherPeer, pingPacket);
    // Setup ping to be sent to otherPeer2 after neighbors packet is received
    nodeKeys = PeerDiscoveryTestHelper.generateNodeKeys(1);
    pingPacketData = PingPacketData.create(Optional.ofNullable(localEndpoint), otherPeer2.getEndpoint(), UInt64.ONE);
    final Packet pingPacket2 = Packet.create(PacketType.PING, pingPacketData, nodeKeys.get(0));
    mockPingPacketCreation(otherPeer2, pingPacket2);
    // Blacklist peer
    blacklist.add(otherPeer);
    final Packet neighborsPacket = MockPacketDataFactory.mockNeighborsPacket(discoPeer, otherPeer, otherPeer2);
    controller.onMessage(neighborsPacket, discoPeer);
    verify(controller, times(0)).bond(otherPeer);
    verify(controller, times(1)).bond(otherPeer2);
}
Also used : PeerPermissionsDenylist(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist) DiscoveryPeer(org.hyperledger.besu.ethereum.p2p.discovery.DiscoveryPeer) Endpoint(org.hyperledger.besu.ethereum.p2p.discovery.Endpoint) NodeKey(org.hyperledger.besu.crypto.NodeKey) Test(org.junit.Test)

Example 3 with PeerPermissionsDenylist

use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist in project besu by hyperledger.

the class PeerDiscoveryControllerTest method shouldNotAddNewPeerWhenReceivedPongFromBlacklistedPeer.

@Test
public void shouldNotAddNewPeerWhenReceivedPongFromBlacklistedPeer() {
    final List<DiscoveryPeer> peers = createPeersInLastBucket(localPeer, 3);
    final DiscoveryPeer discoPeer = peers.get(0);
    final DiscoveryPeer otherPeer = peers.get(1);
    final DiscoveryPeer otherPeer2 = peers.get(2);
    final PeerPermissionsDenylist blacklist = PeerPermissionsDenylist.create();
    final OutboundMessageHandler outboundMessageHandler = mock(OutboundMessageHandler.class);
    controller = getControllerBuilder().peers(discoPeer).peerPermissions(blacklist).outboundMessageHandler(outboundMessageHandler).build();
    final Endpoint localEndpoint = localPeer.getEndpoint();
    // Setup ping to be sent to discoPeer
    List<NodeKey> nodeKeys = PeerDiscoveryTestHelper.generateNodeKeys(1);
    PingPacketData pingPacketData = PingPacketData.create(Optional.ofNullable(localEndpoint), discoPeer.getEndpoint(), UInt64.ONE);
    final Packet discoPeerPing = Packet.create(PacketType.PING, pingPacketData, nodeKeys.get(0));
    mockPingPacketCreation(discoPeer, discoPeerPing);
    controller.start();
    verify(outboundMessageHandler, times(1)).send(eq(peers.get(0)), matchPacketOfType(PacketType.PING));
    final Packet pongFromDiscoPeer = MockPacketDataFactory.mockPongPacket(discoPeer, discoPeerPing.getHash());
    controller.onMessage(pongFromDiscoPeer, discoPeer);
    verify(outboundMessageHandler, times(1)).send(eq(discoPeer), matchPacketOfType(PacketType.FIND_NEIGHBORS));
    // Setup ping to be sent to otherPeer after neighbors packet is received
    nodeKeys = PeerDiscoveryTestHelper.generateNodeKeys(1);
    pingPacketData = PingPacketData.create(Optional.ofNullable(localEndpoint), otherPeer.getEndpoint(), UInt64.ONE);
    final Packet pingPacket = Packet.create(PacketType.PING, pingPacketData, nodeKeys.get(0));
    mockPingPacketCreation(otherPeer, pingPacket);
    // Setup ping to be sent to otherPeer2 after neighbors packet is received
    nodeKeys = PeerDiscoveryTestHelper.generateNodeKeys(1);
    pingPacketData = PingPacketData.create(Optional.ofNullable(localEndpoint), otherPeer2.getEndpoint(), UInt64.ONE);
    final Packet pingPacket2 = Packet.create(PacketType.PING, pingPacketData, nodeKeys.get(0));
    mockPingPacketCreation(otherPeer2, pingPacket2);
    final Packet neighborsPacket = MockPacketDataFactory.mockNeighborsPacket(discoPeer, otherPeer, otherPeer2);
    controller.onMessage(neighborsPacket, discoPeer);
    verify(outboundMessageHandler, times(peers.size())).send(any(), matchPacketOfType(PacketType.PING));
    final Packet pongPacket = MockPacketDataFactory.mockPongPacket(otherPeer, pingPacket.getHash());
    controller.onMessage(pongPacket, otherPeer);
    // Blacklist otherPeer2 before sending return pong
    blacklist.add(otherPeer2);
    final Packet pongPacket2 = MockPacketDataFactory.mockPongPacket(otherPeer2, pingPacket2.getHash());
    controller.onMessage(pongPacket2, otherPeer2);
    assertThat(controller.streamDiscoveredPeers()).hasSize(2);
    assertThat(controller.streamDiscoveredPeers()).contains(discoPeer);
    assertThat(controller.streamDiscoveredPeers()).contains(otherPeer);
    assertThat(controller.streamDiscoveredPeers()).doesNotContain(otherPeer2);
}
Also used : PeerPermissionsDenylist(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist) DiscoveryPeer(org.hyperledger.besu.ethereum.p2p.discovery.DiscoveryPeer) Endpoint(org.hyperledger.besu.ethereum.p2p.discovery.Endpoint) NodeKey(org.hyperledger.besu.crypto.NodeKey) Test(org.junit.Test)

Example 4 with PeerPermissionsDenylist

use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist in project besu by hyperledger.

the class RunnerBuilder method build.

public Runner build() {
    Preconditions.checkNotNull(besuController);
    final DiscoveryConfiguration discoveryConfiguration = DiscoveryConfiguration.create().setBindHost(p2pListenInterface).setBindPort(p2pListenPort).setAdvertisedHost(p2pAdvertisedHost);
    if (discovery) {
        final List<EnodeURL> bootstrap;
        if (ethNetworkConfig.getBootNodes() == null) {
            bootstrap = EthNetworkConfig.getNetworkConfig(NetworkName.MAINNET).getBootNodes();
        } else {
            bootstrap = ethNetworkConfig.getBootNodes();
        }
        discoveryConfiguration.setBootnodes(bootstrap);
        discoveryConfiguration.setDnsDiscoveryURL(ethNetworkConfig.getDnsDiscoveryUrl());
    } else {
        discoveryConfiguration.setActive(false);
    }
    final NodeKey nodeKey = besuController.getNodeKey();
    final SubProtocolConfiguration subProtocolConfiguration = besuController.getSubProtocolConfiguration();
    final ProtocolSchedule protocolSchedule = besuController.getProtocolSchedule();
    final ProtocolContext context = besuController.getProtocolContext();
    final List<SubProtocol> subProtocols = subProtocolConfiguration.getSubProtocols();
    final List<ProtocolManager> protocolManagers = subProtocolConfiguration.getProtocolManagers();
    final Set<Capability> supportedCapabilities = protocolManagers.stream().flatMap(protocolManager -> protocolManager.getSupportedCapabilities().stream()).collect(Collectors.toSet());
    final RlpxConfiguration rlpxConfiguration = RlpxConfiguration.create().setBindHost(p2pListenInterface).setBindPort(p2pListenPort).setMaxPeers(maxPeers).setSupportedProtocols(subProtocols).setClientId(BesuInfo.nodeName(identityString)).setLimitRemoteWireConnectionsEnabled(limitRemoteWireConnectionsEnabled).setFractionRemoteWireConnectionsAllowed(fractionRemoteConnectionsAllowed);
    networkingConfiguration.setRlpx(rlpxConfiguration).setDiscovery(discoveryConfiguration);
    final PeerPermissionsDenylist bannedNodes = PeerPermissionsDenylist.create();
    bannedNodeIds.forEach(bannedNodes::add);
    final List<EnodeURL> bootnodes = discoveryConfiguration.getBootnodes();
    final Synchronizer synchronizer = besuController.getSynchronizer();
    final TransactionSimulator transactionSimulator = new TransactionSimulator(context.getBlockchain(), context.getWorldStateArchive(), protocolSchedule);
    final Bytes localNodeId = nodeKey.getPublicKey().getEncodedBytes();
    final Optional<NodePermissioningController> nodePermissioningController = buildNodePermissioningController(bootnodes, synchronizer, transactionSimulator, localNodeId, context.getBlockchain());
    final PeerPermissions peerPermissions = nodePermissioningController.map(nodePC -> new PeerPermissionsAdapter(nodePC, bootnodes, context.getBlockchain())).map(nodePerms -> PeerPermissions.combine(nodePerms, bannedNodes)).orElse(bannedNodes);
    LOG.info("Detecting NAT service.");
    final boolean fallbackEnabled = natMethod == NatMethod.AUTO || natMethodFallbackEnabled;
    final NatService natService = new NatService(buildNatManager(natMethod), fallbackEnabled);
    final NetworkBuilder inactiveNetwork = caps -> new NoopP2PNetwork();
    final NetworkBuilder activeNetwork = caps -> DefaultP2PNetwork.builder().vertx(vertx).nodeKey(nodeKey).config(networkingConfiguration).peerPermissions(peerPermissions).metricsSystem(metricsSystem).supportedCapabilities(caps).natService(natService).randomPeerPriority(randomPeerPriority).storageProvider(storageProvider).forkIdSupplier(forkIdSupplier).p2pTLSConfiguration(p2pTLSConfiguration).build();
    final NetworkRunner networkRunner = NetworkRunner.builder().protocolManagers(protocolManagers).subProtocols(subProtocols).network(p2pEnabled ? activeNetwork : inactiveNetwork).metricsSystem(metricsSystem).build();
    final P2PNetwork network = networkRunner.getNetwork();
    // ForkId in Ethereum Node Record needs updating when we transition to a new protocol spec
    context.getBlockchain().observeBlockAdded(blockAddedEvent -> {
        if (protocolSchedule.streamMilestoneBlocks().anyMatch(blockNumber -> blockNumber == blockAddedEvent.getBlock().getHeader().getNumber())) {
            network.updateNodeRecord();
        }
    });
    nodePermissioningController.ifPresent(n -> n.setInsufficientPeersPermissioningProvider(new InsufficientPeersPermissioningProvider(network, bootnodes)));
    final TransactionPool transactionPool = besuController.getTransactionPool();
    final MiningCoordinator miningCoordinator = besuController.getMiningCoordinator();
    final BlockchainQueries blockchainQueries = new BlockchainQueries(context.getBlockchain(), context.getWorldStateArchive(), Optional.of(dataDir.resolve(CACHE_PATH)), Optional.of(besuController.getProtocolManager().ethContext().getScheduler()), apiConfiguration);
    final PrivacyParameters privacyParameters = besuController.getPrivacyParameters();
    final FilterManager filterManager = new FilterManagerBuilder().blockchainQueries(blockchainQueries).transactionPool(transactionPool).privacyParameters(privacyParameters).build();
    vertx.deployVerticle(filterManager);
    createPrivateTransactionObserver(filterManager, privacyParameters);
    final P2PNetwork peerNetwork = networkRunner.getNetwork();
    final MiningParameters miningParameters = besuController.getMiningParameters();
    Optional<StratumServer> stratumServer = Optional.empty();
    if (miningParameters.isStratumMiningEnabled()) {
        var powMiningCoordinator = miningCoordinator;
        if (miningCoordinator instanceof TransitionCoordinator) {
            LOG.debug("fetching powMiningCoordinator from TransitionCoordinator");
            powMiningCoordinator = ((TransitionCoordinator) miningCoordinator).getPreMergeObject();
        }
        stratumServer = Optional.of(new StratumServer(vertx, powMiningCoordinator, miningParameters.getStratumPort(), miningParameters.getStratumNetworkInterface(), miningParameters.getStratumExtranonce(), metricsSystem));
        miningCoordinator.addEthHashObserver(stratumServer.get());
        LOG.debug("added ethash observer: {}", stratumServer.get());
    }
    sanitizePeers(network, staticNodes).map(DefaultPeer::fromEnodeURL).forEach(peerNetwork::addMaintainedConnectionPeer);
    final Optional<NodeLocalConfigPermissioningController> nodeLocalConfigPermissioningController = nodePermissioningController.flatMap(NodePermissioningController::localConfigController);
    final Optional<AccountPermissioningController> accountPermissioningController = buildAccountPermissioningController(permissioningConfiguration, besuController, transactionSimulator, context.getBlockchain());
    final Optional<AccountLocalConfigPermissioningController> accountLocalConfigPermissioningController = accountPermissioningController.flatMap(AccountPermissioningController::getAccountLocalConfigPermissioningController);
    Optional<JsonRpcHttpService> jsonRpcHttpService = Optional.empty();
    if (jsonRpcConfiguration.isEnabled()) {
        final Map<String, JsonRpcMethod> nonEngineMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, jsonRpcConfiguration.getRpcApis().stream().filter(apiGroup -> !apiGroup.toLowerCase().startsWith("engine")).collect(Collectors.toList()), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, jsonRpcConfiguration, webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
        jsonRpcHttpService = Optional.of(new JsonRpcHttpService(vertx, dataDir, jsonRpcConfiguration, metricsSystem, natService, nonEngineMethods, new HealthService(new LivenessCheck()), new HealthService(new ReadinessCheck(peerNetwork, synchronizer))));
    }
    Optional<JsonRpcService> engineJsonRpcService = Optional.empty();
    if (engineJsonRpcConfiguration.isPresent() && engineJsonRpcConfiguration.get().isEnabled()) {
        final Map<String, JsonRpcMethod> engineMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, engineJsonRpcConfiguration.get().getRpcApis(), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, engineJsonRpcConfiguration.get(), webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
        Optional<AuthenticationService> authToUse = engineJsonRpcConfiguration.get().isAuthenticationEnabled() ? Optional.of(new EngineAuthService(vertx, Optional.ofNullable(engineJsonRpcConfiguration.get().getAuthenticationPublicKeyFile()), dataDir)) : Optional.empty();
        WebSocketConfiguration engineSocketConfig = webSocketConfiguration.isEnabled() ? webSocketConfiguration : WebSocketConfiguration.createEngineDefault();
        engineJsonRpcService = Optional.of(new JsonRpcService(vertx, dataDir, engineJsonRpcConfiguration.orElse(JsonRpcConfiguration.createEngineDefault()), metricsSystem, natService, engineMethods, Optional.ofNullable(engineSocketConfig), besuController.getProtocolManager().ethContext().getScheduler(), authToUse, new HealthService(new LivenessCheck()), new HealthService(new ReadinessCheck(peerNetwork, synchronizer))));
    }
    Optional<GraphQLHttpService> graphQLHttpService = Optional.empty();
    if (graphQLConfiguration.isEnabled()) {
        final GraphQLDataFetchers fetchers = new GraphQLDataFetchers(supportedCapabilities, privacyParameters.getGoQuorumPrivacyParameters());
        final Map<GraphQLContextType, Object> graphQlContextMap = new ConcurrentHashMap<>();
        graphQlContextMap.putIfAbsent(GraphQLContextType.BLOCKCHAIN_QUERIES, blockchainQueries);
        graphQlContextMap.putIfAbsent(GraphQLContextType.PROTOCOL_SCHEDULE, protocolSchedule);
        graphQlContextMap.putIfAbsent(GraphQLContextType.TRANSACTION_POOL, transactionPool);
        graphQlContextMap.putIfAbsent(GraphQLContextType.MINING_COORDINATOR, miningCoordinator);
        graphQlContextMap.putIfAbsent(GraphQLContextType.SYNCHRONIZER, synchronizer);
        final GraphQL graphQL;
        try {
            graphQL = GraphQLProvider.buildGraphQL(fetchers);
        } catch (final IOException ioe) {
            throw new RuntimeException(ioe);
        }
        graphQLHttpService = Optional.of(new GraphQLHttpService(vertx, dataDir, graphQLConfiguration, graphQL, graphQlContextMap, besuController.getProtocolManager().ethContext().getScheduler()));
    }
    Optional<WebSocketService> webSocketService = Optional.empty();
    if (webSocketConfiguration.isEnabled()) {
        final Map<String, JsonRpcMethod> nonEngineMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, webSocketConfiguration.getRpcApis().stream().filter(apiGroup -> !apiGroup.toLowerCase().startsWith("engine")).collect(Collectors.toList()), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, jsonRpcConfiguration, webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
        final SubscriptionManager subscriptionManager = createSubscriptionManager(vertx, transactionPool, blockchainQueries);
        createLogsSubscriptionService(context.getBlockchain(), context.getWorldStateArchive(), subscriptionManager, privacyParameters);
        createNewBlockHeadersSubscriptionService(context.getBlockchain(), blockchainQueries, subscriptionManager);
        createSyncingSubscriptionService(synchronizer, subscriptionManager);
        webSocketService = Optional.of(createWebsocketService(vertx, webSocketConfiguration, subscriptionManager, nonEngineMethods, privacyParameters, protocolSchedule, blockchainQueries, DefaultAuthenticationService.create(vertx, webSocketConfiguration), metricsSystem));
        createPrivateTransactionObserver(subscriptionManager, privacyParameters);
    }
    Optional<MetricsService> metricsService = createMetricsService(vertx, metricsConfiguration);
    final Optional<EthStatsService> ethStatsService;
    if (!Strings.isNullOrEmpty(ethstatsUrl)) {
        ethStatsService = Optional.of(new EthStatsService(NetstatsUrl.fromParams(ethstatsUrl, ethstatsContact), blockchainQueries, besuController.getProtocolManager(), transactionPool, miningCoordinator, besuController.getSyncState(), vertx, BesuInfo.nodeName(identityString), besuController.getGenesisConfigOptions(), network));
    } else {
        ethStatsService = Optional.empty();
    }
    final Optional<JsonRpcIpcService> jsonRpcIpcService;
    if (jsonRpcIpcConfiguration.isEnabled()) {
        Map<String, JsonRpcMethod> ipcMethods = jsonRpcMethods(protocolSchedule, context, besuController, peerNetwork, blockchainQueries, synchronizer, transactionPool, miningCoordinator, metricsSystem, supportedCapabilities, jsonRpcIpcConfiguration.getEnabledApis().stream().filter(apiGroup -> !apiGroup.toLowerCase().startsWith("engine")).collect(Collectors.toList()), filterManager, accountLocalConfigPermissioningController, nodeLocalConfigPermissioningController, privacyParameters, jsonRpcConfiguration, webSocketConfiguration, metricsConfiguration, natService, besuPluginContext.getNamedPlugins(), dataDir, rpcEndpointServiceImpl);
        jsonRpcIpcService = Optional.of(new JsonRpcIpcService(vertx, jsonRpcIpcConfiguration.getPath(), new JsonRpcExecutor(new BaseJsonRpcProcessor(), ipcMethods)));
    } else {
        jsonRpcIpcService = Optional.empty();
    }
    return new Runner(vertx, networkRunner, natService, jsonRpcHttpService, engineJsonRpcService, graphQLHttpService, webSocketService, jsonRpcIpcService, stratumServer, metricsService, ethStatsService, besuController, dataDir, pidPath, autoLogBloomCaching ? blockchainQueries.getTransactionLogBloomCacher() : Optional.empty(), context.getBlockchain());
}
Also used : NoopP2PNetwork(org.hyperledger.besu.ethereum.p2p.network.NoopP2PNetwork) PermissioningConfiguration(org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration) NodeLocalConfigPermissioningController(org.hyperledger.besu.ethereum.permissioning.NodeLocalConfigPermissioningController) AuthenticationService(org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationService) WebSocketConfiguration(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketConfiguration) DockerDetector(org.hyperledger.besu.nat.docker.DockerDetector) FilterManagerBuilder(org.hyperledger.besu.ethereum.api.jsonrpc.internal.filter.FilterManagerBuilder) Map(java.util.Map) DiscoveryConfiguration(org.hyperledger.besu.ethereum.p2p.config.DiscoveryConfiguration) Objects.isNull(java.util.Objects.isNull) BesuPluginContextImpl(org.hyperledger.besu.services.BesuPluginContextImpl) NetworkUtility(org.hyperledger.besu.util.NetworkUtility) Path(java.nio.file.Path) ProtocolManager(org.hyperledger.besu.ethereum.p2p.network.ProtocolManager) PendingTransactionDroppedSubscriptionService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.pending.PendingTransactionDroppedSubscriptionService) FlexiblePrivacyPrecompiledContract(org.hyperledger.besu.ethereum.mainnet.precompiles.privacy.FlexiblePrivacyPrecompiledContract) NetworkingConfiguration(org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration) ReadinessCheck(org.hyperledger.besu.ethereum.api.jsonrpc.health.ReadinessCheck) BlockchainQueries(org.hyperledger.besu.ethereum.api.query.BlockchainQueries) PeerPermissionsDenylist(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist) Set(java.util.Set) GraphQLProvider(org.hyperledger.besu.ethereum.api.graphql.GraphQLProvider) P2PNetwork(org.hyperledger.besu.ethereum.p2p.network.P2PNetwork) PrivateTransactionObserver(org.hyperledger.besu.ethereum.privacy.PrivateTransactionObserver) Stream(java.util.stream.Stream) SyncingSubscriptionService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.syncing.SyncingSubscriptionService) NewBlockHeadersSubscriptionService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.blockheaders.NewBlockHeadersSubscriptionService) WebSocketService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketService) PendingTransactionSubscriptionService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.pending.PendingTransactionSubscriptionService) LogsSubscriptionService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.logs.LogsSubscriptionService) Capability(org.hyperledger.besu.ethereum.p2p.rlpx.wire.Capability) Predicate.not(java.util.function.Predicate.not) FLEXIBLE_PRIVACY(org.hyperledger.besu.ethereum.core.PrivacyParameters.FLEXIBLE_PRIVACY) JsonRpcExecutor(org.hyperledger.besu.ethereum.api.jsonrpc.execution.JsonRpcExecutor) LivenessCheck(org.hyperledger.besu.ethereum.api.jsonrpc.health.LivenessCheck) MetricsService(org.hyperledger.besu.metrics.MetricsService) JsonRpcProcessor(org.hyperledger.besu.ethereum.api.jsonrpc.execution.JsonRpcProcessor) AccountPermissioningController(org.hyperledger.besu.ethereum.permissioning.account.AccountPermissioningController) Bytes(org.apache.tuweni.bytes.Bytes) Supplier(java.util.function.Supplier) TLSConfiguration(org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration) KubernetesNatManager(org.hyperledger.besu.nat.kubernetes.KubernetesNatManager) ArrayList(java.util.ArrayList) ProtocolSchedule(org.hyperledger.besu.ethereum.mainnet.ProtocolSchedule) PrivacyQueries(org.hyperledger.besu.ethereum.api.query.PrivacyQueries) Strings(com.google.common.base.Strings) FilterManager(org.hyperledger.besu.ethereum.api.jsonrpc.internal.filter.FilterManager) JsonRpcMethodsFactory(org.hyperledger.besu.ethereum.api.jsonrpc.methods.JsonRpcMethodsFactory) MiningCoordinator(org.hyperledger.besu.ethereum.blockcreation.MiningCoordinator) InsufficientPeersPermissioningProvider(org.hyperledger.besu.ethereum.permissioning.node.InsufficientPeersPermissioningProvider) DefaultAuthenticationService(org.hyperledger.besu.ethereum.api.jsonrpc.authentication.DefaultAuthenticationService) TransactionSimulator(org.hyperledger.besu.ethereum.transaction.TransactionSimulator) JsonRpcHttpService(org.hyperledger.besu.ethereum.api.jsonrpc.JsonRpcHttpService) StratumServer(org.hyperledger.besu.ethereum.stratum.StratumServer) Vertx(io.vertx.core.Vertx) Predicate.isEqual(java.util.function.Predicate.isEqual) NatMethod(org.hyperledger.besu.nat.NatMethod) GraphQLConfiguration(org.hyperledger.besu.ethereum.api.graphql.GraphQLConfiguration) IOException(java.io.IOException) MetricsConfiguration(org.hyperledger.besu.metrics.prometheus.MetricsConfiguration) DockerNatManager(org.hyperledger.besu.nat.docker.DockerNatManager) TransitionCoordinator(org.hyperledger.besu.consensus.merge.blockcreation.TransitionCoordinator) AccountPermissioningControllerFactory(org.hyperledger.besu.ethereum.permissioning.account.AccountPermissioningControllerFactory) NetworkBuilder(org.hyperledger.besu.ethereum.p2p.network.NetworkRunner.NetworkBuilder) WebSocketMethodsFactory(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.methods.WebSocketMethodsFactory) Preconditions(com.google.common.base.Preconditions) PrivacyParameters(org.hyperledger.besu.ethereum.core.PrivacyParameters) PrivateWebSocketMethodsFactory(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.methods.PrivateWebSocketMethodsFactory) BesuPlugin(org.hyperledger.besu.plugin.BesuPlugin) LoggerFactory(org.slf4j.LoggerFactory) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) JsonRpcIpcService(org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcService) StorageProvider(org.hyperledger.besu.ethereum.storage.StorageProvider) Synchronizer(org.hyperledger.besu.ethereum.core.Synchronizer) NetworkName(org.hyperledger.besu.cli.config.NetworkName) DefaultP2PNetwork(org.hyperledger.besu.ethereum.p2p.network.DefaultP2PNetwork) WebSocketMessageHandler(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketMessageHandler) Collection(java.util.Collection) Blockchain(org.hyperledger.besu.ethereum.chain.Blockchain) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) MiningParameters(org.hyperledger.besu.ethereum.core.MiningParameters) Collectors(java.util.stream.Collectors) GraphQLHttpService(org.hyperledger.besu.ethereum.api.graphql.GraphQLHttpService) EthStatsService(org.hyperledger.besu.ethstats.EthStatsService) List(java.util.List) UpnpNatManager(org.hyperledger.besu.nat.upnp.UpnpNatManager) Optional(java.util.Optional) KubernetesDetector(org.hyperledger.besu.nat.kubernetes.KubernetesDetector) NodeKey(org.hyperledger.besu.crypto.NodeKey) ApiConfiguration(org.hyperledger.besu.ethereum.api.ApiConfiguration) GraphQLContextType(org.hyperledger.besu.ethereum.api.graphql.GraphQLContextType) SubProtocolConfiguration(org.hyperledger.besu.ethereum.p2p.config.SubProtocolConfiguration) NatManager(org.hyperledger.besu.nat.core.NatManager) GraphQL(graphql.GraphQL) EthNetworkConfig(org.hyperledger.besu.cli.config.EthNetworkConfig) CACHE_PATH(org.hyperledger.besu.controller.BesuController.CACHE_PATH) EngineAuthService(org.hyperledger.besu.ethereum.api.jsonrpc.authentication.EngineAuthService) NodePermissioningController(org.hyperledger.besu.ethereum.permissioning.node.NodePermissioningController) SubProtocol(org.hyperledger.besu.ethereum.p2p.rlpx.wire.SubProtocol) NetworkRunner(org.hyperledger.besu.ethereum.p2p.network.NetworkRunner) BesuController(org.hyperledger.besu.controller.BesuController) PermissioningServiceImpl(org.hyperledger.besu.services.PermissioningServiceImpl) JsonRpcConfiguration(org.hyperledger.besu.ethereum.api.jsonrpc.JsonRpcConfiguration) RpcEndpointServiceImpl(org.hyperledger.besu.services.RpcEndpointServiceImpl) DefaultPeer(org.hyperledger.besu.ethereum.p2p.peers.DefaultPeer) HealthService(org.hyperledger.besu.ethereum.api.jsonrpc.health.HealthService) WorldStateArchive(org.hyperledger.besu.ethereum.worldstate.WorldStateArchive) BaseJsonRpcProcessor(org.hyperledger.besu.ethereum.api.jsonrpc.execution.BaseJsonRpcProcessor) RlpxConfiguration(org.hyperledger.besu.ethereum.p2p.config.RlpxConfiguration) TransactionPool(org.hyperledger.besu.ethereum.eth.transactions.TransactionPool) Logger(org.slf4j.Logger) NodePermissioningControllerFactory(org.hyperledger.besu.ethereum.permissioning.NodePermissioningControllerFactory) PeerPermissionsAdapter(org.hyperledger.besu.ethereum.permissioning.node.PeerPermissionsAdapter) NetstatsUrl(org.hyperledger.besu.ethstats.util.NetstatsUrl) AccountLocalConfigPermissioningController(org.hyperledger.besu.ethereum.permissioning.AccountLocalConfigPermissioningController) GraphQLDataFetchers(org.hyperledger.besu.ethereum.api.graphql.GraphQLDataFetchers) EnodeURL(org.hyperledger.besu.plugin.data.EnodeURL) JsonRpcService(org.hyperledger.besu.ethereum.api.jsonrpc.JsonRpcService) SubscriptionManager(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.SubscriptionManager) JsonRpcIpcConfiguration(org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcConfiguration) ObservableMetricsSystem(org.hyperledger.besu.metrics.ObservableMetricsSystem) ProtocolContext(org.hyperledger.besu.ethereum.ProtocolContext) PeerPermissions(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Collections(java.util.Collections) JsonRpcMethod(org.hyperledger.besu.ethereum.api.jsonrpc.internal.methods.JsonRpcMethod) NatService(org.hyperledger.besu.nat.NatService) AuthenticatedJsonRpcProcessor(org.hyperledger.besu.ethereum.api.jsonrpc.execution.AuthenticatedJsonRpcProcessor) StratumServer(org.hyperledger.besu.ethereum.stratum.StratumServer) DiscoveryConfiguration(org.hyperledger.besu.ethereum.p2p.config.DiscoveryConfiguration) AccountLocalConfigPermissioningController(org.hyperledger.besu.ethereum.permissioning.AccountLocalConfigPermissioningController) SubscriptionManager(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.subscription.SubscriptionManager) RlpxConfiguration(org.hyperledger.besu.ethereum.p2p.config.RlpxConfiguration) EnodeURL(org.hyperledger.besu.plugin.data.EnodeURL) Bytes(org.apache.tuweni.bytes.Bytes) MiningParameters(org.hyperledger.besu.ethereum.core.MiningParameters) ReadinessCheck(org.hyperledger.besu.ethereum.api.jsonrpc.health.ReadinessCheck) HealthService(org.hyperledger.besu.ethereum.api.jsonrpc.health.HealthService) LivenessCheck(org.hyperledger.besu.ethereum.api.jsonrpc.health.LivenessCheck) SubProtocol(org.hyperledger.besu.ethereum.p2p.rlpx.wire.SubProtocol) EngineAuthService(org.hyperledger.besu.ethereum.api.jsonrpc.authentication.EngineAuthService) ProtocolContext(org.hyperledger.besu.ethereum.ProtocolContext) TransactionSimulator(org.hyperledger.besu.ethereum.transaction.TransactionSimulator) NodeKey(org.hyperledger.besu.crypto.NodeKey) JsonRpcExecutor(org.hyperledger.besu.ethereum.api.jsonrpc.execution.JsonRpcExecutor) PeerPermissionsAdapter(org.hyperledger.besu.ethereum.permissioning.node.PeerPermissionsAdapter) Synchronizer(org.hyperledger.besu.ethereum.core.Synchronizer) TransactionPool(org.hyperledger.besu.ethereum.eth.transactions.TransactionPool) Capability(org.hyperledger.besu.ethereum.p2p.rlpx.wire.Capability) WebSocketConfiguration(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketConfiguration) NatService(org.hyperledger.besu.nat.NatService) GraphQL(graphql.GraphQL) ProtocolSchedule(org.hyperledger.besu.ethereum.mainnet.ProtocolSchedule) PrivacyParameters(org.hyperledger.besu.ethereum.core.PrivacyParameters) JsonRpcIpcService(org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcService) SubProtocolConfiguration(org.hyperledger.besu.ethereum.p2p.config.SubProtocolConfiguration) ProtocolManager(org.hyperledger.besu.ethereum.p2p.network.ProtocolManager) NodePermissioningController(org.hyperledger.besu.ethereum.permissioning.node.NodePermissioningController) GraphQLDataFetchers(org.hyperledger.besu.ethereum.api.graphql.GraphQLDataFetchers) JsonRpcHttpService(org.hyperledger.besu.ethereum.api.jsonrpc.JsonRpcHttpService) EthStatsService(org.hyperledger.besu.ethstats.EthStatsService) NetworkRunner(org.hyperledger.besu.ethereum.p2p.network.NetworkRunner) GraphQLHttpService(org.hyperledger.besu.ethereum.api.graphql.GraphQLHttpService) NodeLocalConfigPermissioningController(org.hyperledger.besu.ethereum.permissioning.NodeLocalConfigPermissioningController) MiningCoordinator(org.hyperledger.besu.ethereum.blockcreation.MiningCoordinator) FilterManager(org.hyperledger.besu.ethereum.api.jsonrpc.internal.filter.FilterManager) AccountPermissioningController(org.hyperledger.besu.ethereum.permissioning.account.AccountPermissioningController) PeerPermissionsDenylist(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist) BaseJsonRpcProcessor(org.hyperledger.besu.ethereum.api.jsonrpc.execution.BaseJsonRpcProcessor) NetworkBuilder(org.hyperledger.besu.ethereum.p2p.network.NetworkRunner.NetworkBuilder) TransitionCoordinator(org.hyperledger.besu.consensus.merge.blockcreation.TransitionCoordinator) BlockchainQueries(org.hyperledger.besu.ethereum.api.query.BlockchainQueries) WebSocketService(org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketService) NetworkRunner(org.hyperledger.besu.ethereum.p2p.network.NetworkRunner) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) InsufficientPeersPermissioningProvider(org.hyperledger.besu.ethereum.permissioning.node.InsufficientPeersPermissioningProvider) NoopP2PNetwork(org.hyperledger.besu.ethereum.p2p.network.NoopP2PNetwork) MetricsService(org.hyperledger.besu.metrics.MetricsService) NoopP2PNetwork(org.hyperledger.besu.ethereum.p2p.network.NoopP2PNetwork) P2PNetwork(org.hyperledger.besu.ethereum.p2p.network.P2PNetwork) DefaultP2PNetwork(org.hyperledger.besu.ethereum.p2p.network.DefaultP2PNetwork) FilterManagerBuilder(org.hyperledger.besu.ethereum.api.jsonrpc.internal.filter.FilterManagerBuilder) IOException(java.io.IOException) GraphQLContextType(org.hyperledger.besu.ethereum.api.graphql.GraphQLContextType) JsonRpcService(org.hyperledger.besu.ethereum.api.jsonrpc.JsonRpcService) JsonRpcMethod(org.hyperledger.besu.ethereum.api.jsonrpc.internal.methods.JsonRpcMethod) PeerPermissions(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissions) AuthenticationService(org.hyperledger.besu.ethereum.api.jsonrpc.authentication.AuthenticationService) DefaultAuthenticationService(org.hyperledger.besu.ethereum.api.jsonrpc.authentication.DefaultAuthenticationService)

Example 5 with PeerPermissionsDenylist

use of org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist in project besu by hyperledger.

the class P2PNetworkTest method rejectIncomingConnectionFromDenylistedPeer.

@Test
public void rejectIncomingConnectionFromDenylistedPeer() throws Exception {
    final PeerPermissionsDenylist localDenylist = PeerPermissionsDenylist.create();
    try (final P2PNetwork localNetwork = builder().peerPermissions(localDenylist).build();
        final P2PNetwork remoteNetwork = builder().build()) {
        localNetwork.start();
        remoteNetwork.start();
        final EnodeURL localEnode = localNetwork.getLocalEnode().get();
        final Bytes localId = localEnode.getNodeId();
        final int localPort = localEnode.getListeningPort().get();
        final EnodeURL remoteEnode = remoteNetwork.getLocalEnode().get();
        final Bytes remoteId = remoteEnode.getNodeId();
        final int remotePort = remoteEnode.getListeningPort().get();
        final Peer localPeer = createPeer(localId, localPort);
        final Peer remotePeer = createPeer(remoteId, remotePort);
        // Denylist the remote peer
        localDenylist.add(remotePeer);
        // Setup disconnect listener
        final CompletableFuture<PeerConnection> peerFuture = new CompletableFuture<>();
        final CompletableFuture<DisconnectReason> reasonFuture = new CompletableFuture<>();
        remoteNetwork.subscribeDisconnect((peerConnection, reason, initiatedByPeer) -> {
            peerFuture.complete(peerConnection);
            reasonFuture.complete(reason);
        });
        // Remote connect to local
        final CompletableFuture<PeerConnection> connectFuture = remoteNetwork.connect(localPeer);
        // Check connection is made, and then a disconnect is registered at remote
        Assertions.assertThat(connectFuture.get(5L, TimeUnit.SECONDS).getPeerInfo().getNodeId()).isEqualTo(localId);
        Assertions.assertThat(peerFuture.get(5L, TimeUnit.SECONDS).getPeerInfo().getNodeId()).isEqualTo(localId);
        assertThat(reasonFuture.get(5L, TimeUnit.SECONDS)).isEqualByComparingTo(DisconnectReason.UNKNOWN);
    }
}
Also used : EnodeURL(org.hyperledger.besu.plugin.data.EnodeURL) Bytes(org.apache.tuweni.bytes.Bytes) PeerPermissionsDenylist(org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist) CompletableFuture(java.util.concurrent.CompletableFuture) PeerConnection(org.hyperledger.besu.ethereum.p2p.rlpx.connections.PeerConnection) DisconnectReason(org.hyperledger.besu.ethereum.p2p.rlpx.wire.messages.DisconnectMessage.DisconnectReason) Peer(org.hyperledger.besu.ethereum.p2p.peers.Peer) DefaultPeer(org.hyperledger.besu.ethereum.p2p.peers.DefaultPeer) Test(org.junit.Test)

Aggregations

PeerPermissionsDenylist (org.hyperledger.besu.ethereum.p2p.permissions.PeerPermissionsDenylist)12 Test (org.junit.Test)11 NodeKey (org.hyperledger.besu.crypto.NodeKey)7 DiscoveryPeer (org.hyperledger.besu.ethereum.p2p.discovery.DiscoveryPeer)6 Endpoint (org.hyperledger.besu.ethereum.p2p.discovery.Endpoint)6 Bytes (org.apache.tuweni.bytes.Bytes)5 DefaultPeer (org.hyperledger.besu.ethereum.p2p.peers.DefaultPeer)5 EnodeURL (org.hyperledger.besu.plugin.data.EnodeURL)5 CompletableFuture (java.util.concurrent.CompletableFuture)4 Peer (org.hyperledger.besu.ethereum.p2p.peers.Peer)4 PeerConnection (org.hyperledger.besu.ethereum.p2p.rlpx.connections.PeerConnection)4 DisconnectReason (org.hyperledger.besu.ethereum.p2p.rlpx.wire.messages.DisconnectMessage.DisconnectReason)4 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 Preconditions (com.google.common.base.Preconditions)1 Preconditions.checkArgument (com.google.common.base.Preconditions.checkArgument)1 Strings (com.google.common.base.Strings)1 GraphQL (graphql.GraphQL)1 Vertx (io.vertx.core.Vertx)1 IOException (java.io.IOException)1 Path (java.nio.file.Path)1