class TestIdentityObserver(): def __init__(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache( self._identity_view_factory) self._identity_obsever = IdentityObserver( to_update=self._identity_cache.invalidate, forked=self._identity_cache.forked ) # Make sure IdentityCache has populated roles and policy self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self._identity_cache.get_role("network", "state_root") self._identity_cache.get_policy("policy1", "state_root") def _current_root_func(self): return "0000000000000000000000" def create_block(self, previous_block_id="0000000000000000"): block_header = BlockHeader( block_num=85, state_root_hash="0987654321fedcba", previous_block_id=previous_block_id) block = BlockWrapper( Block( header_signature="abcdef1234567890", header=block_header.SerializeToString())) return block
def setUp(self): self.private_key = signing.generate_private_key() self.public_key = signing.generate_public_key(self.private_key) self._identity_view_factory = MockIdentityViewFactory() self.permissions = {} self._identity_cache = IdentityCache(self._identity_view_factory, self._current_root_func) self.permission_verifier = \ PermissionVerifier( permissions=self.permissions, current_root_func=self._current_root_func, identity_cache=self._identity_cache)
def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache(self._identity_view_factory) self._identity_obsever = IdentityObserver( to_update=self._identity_cache.invalidate, forked=self._identity_cache.forked) # Make sure IdentityCache has populated roles and policy self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") self._identity_cache.get_role("network", lambda: "state_root") self._identity_cache.get_policy("policy1", lambda: "state_root")
def setUp(self): context = create_context('secp256k1') crypto_factory = CryptoFactory(context) private_key = context.new_random_private_key() self.signer = crypto_factory.new_signer(private_key) self._identity_view_factory = MockIdentityViewFactory() self.permissions = {} self._identity_cache = IdentityCache(self._identity_view_factory) self.permission_verifier = \ PermissionVerifier( permissions=self.permissions, current_root_func=self._current_root_func, identity_cache=self._identity_cache)
def setUp(self): context = create_context('secp256k1') crypto_factory = CryptoFactory(context) private_key = context.new_random_private_key() self.signer = crypto_factory.new_signer(private_key) self._identity_view_factory = MockIdentityViewFactory() self.permissions = {} self._identity_cache = IdentityCache( self._identity_view_factory) self.permission_verifier = \ PermissionVerifier( permissions=self.permissions, current_root_func=self._current_root_func, identity_cache=self._identity_cache)
def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache( self._identity_view_factory) self._identity_obsever = IdentityObserver( to_update=self._identity_cache.invalidate, forked=self._identity_cache.forked ) # Make sure IdentityCache has populated roles and policy self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self._identity_cache.get_role("network", "state_root") self._identity_cache.get_policy("policy1", "state_root")
class TestIdentityCache(unittest.TestCase): def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache(self._identity_view_factory, self._current_root_func) def _current_root_func(self): return "0000000000000000000000" def test_get_role(self): """ Test that a role can be fetched from the state. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") self.assertIsNone(self._identity_cache["network"]) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEquals( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) def test_get_policy(self): """ Test that a policy can be fetched from the state. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") self.assertIsNone(self._identity_cache["policy1"]) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEquals( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) def test_role_invalidate(self): """ Test that a role can be invalidated. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") self._identity_cache.invalidate("network") self.assertEquals(self._identity_cache["network"], None) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEquals( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) def test_policy_invalidate(self): """ Test that a policy can be invalidated. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") self._identity_cache.invalidate("policy1") self.assertEqual(self._identity_cache["policy1"], None) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEquals( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) def test_forked(self): """ Test that forked() invalidates all items in the cache, and they can be fetched from state. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") identity_view = \ self._identity_view_factory.create_identity_view("state_root") self._identity_cache.get_policy("policy1", "state_root") self._identity_cache.get_role("network", "state_root") self.assertEquals(len(self._identity_cache), 2) self._identity_cache.forked() self.assertEquals(self._identity_cache["network"], None) self.assertEquals(self._identity_cache["policy1"], None) self.assertEquals( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) self.assertEquals( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network"))
class TestIdentityObserver(unittest.TestCase): def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache(self._identity_view_factory, self._current_root_func) self._identity_obsever = IdentityObserver( to_update=self._identity_cache.invalidate, forked=self._identity_cache.forked) # Make sure IdentityCache has populated roles and policy self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role("network", "policy1") self._identity_cache.get_role("network", "state_root") self._identity_cache.get_policy("policy1", "state_root") def _current_root_func(self): return "0000000000000000000000" def create_block(self, previous_block_id="0000000000000000"): block_header = BlockHeader(block_num=85, state_root_hash="0987654321fedcba", previous_block_id=previous_block_id) block = BlockWrapper( Block(header_signature="abcdef1234567890", header=block_header.SerializeToString())) return block def test_chain_update(self): """ Test that if there is no fork and only one value is udpated, only that value is in validated in the catch. """ # Set up cache so it does not fork block1 = self.create_block() self._identity_obsever.chain_update(block1, []) self._identity_cache.get_role("network", "state_root") self._identity_cache.get_policy("policy1", "state_root") self.assertNotEqual(self._identity_cache["network"], None) self.assertNotEqual(self._identity_cache["policy1"], None) # Add next block and event that says network was updated. block2 = self.create_block("abcdef1234567890") event = Event( event_type="identity_update", attributes=[Event.Attribute(key="updated", value="network")]) receipts = TransactionReceipt(events=[event]) self._identity_obsever.chain_update(block2, [receipts]) # Check that only "network" was invalidated self.assertEquals(self._identity_cache["network"], None) self.assertNotEqual(self._identity_cache["policy1"], None) # check that the correct values can be fetched from state. identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEquals( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) self.assertEquals( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) def test_fork(self): """ Test that if there is a fork, all values in the cache will be invalidated and fetched from state. """ block = self.create_block() self._identity_obsever.chain_update(block, []) # Check that all items are invalid for key in self._identity_cache: self.assertEquals(self._identity_cache[key], None) # Check that the items can be fetched from state. identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEquals( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) self.assertEquals( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1"))
class TestPermissionVerifier(unittest.TestCase): def setUp(self): self.private_key = signing.generate_private_key() self.public_key = signing.generate_public_key(self.private_key) self._identity_view_factory = MockIdentityViewFactory() self.permissions = {} self._identity_cache = IdentityCache(self._identity_view_factory, self._current_root_func) self.permission_verifier = \ PermissionVerifier( permissions=self.permissions, current_root_func=self._current_root_func, identity_cache=self._identity_cache) def _current_root_func(self): return "0000000000000000000000" def _create_transactions(self, count): txn_list = [] for i in range(count): payload = {'Verb': 'set', 'Name': 'name', 'Value': 1} intkey_prefix = \ hashlib.sha512('intkey'.encode('utf-8')).hexdigest()[0:6] addr = intkey_prefix + \ hashlib.sha512(payload["Name"].encode('utf-8')).hexdigest() payload_encode = hashlib.sha512(cbor.dumps(payload)).hexdigest() header = TransactionHeader(signer_public_key=self.public_key, family_name='intkey', family_version='1.0', inputs=[addr], outputs=[addr], dependencies=[], payload_sha512=payload_encode) header.batcher_public_key = self.public_key header_bytes = header.SerializeToString() signature = signing.sign(header_bytes, self.private_key) transaction = Transaction(header=header_bytes, payload=cbor.dumps(payload), header_signature=signature) txn_list.append(transaction) return txn_list def _create_batches(self, batch_count, txn_count): batch_list = [] for i in range(batch_count): txn_list = self._create_transactions(txn_count) txn_sig_list = [txn.header_signature for txn in txn_list] batch_header = BatchHeader(signer_public_key=self.public_key) batch_header.transaction_ids.extend(txn_sig_list) header_bytes = batch_header.SerializeToString() signature = signing.sign(header_bytes, self.private_key) batch = Batch(header=header_bytes, transactions=txn_list, header_signature=signature) batch_list.append(batch) return batch_list def test_permission(self): """ Test that if no roles are set and no default policy is set, permit all is used. """ batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) def test_default_policy_permission(self): """ Test that if no roles are set, the default policy is used. 1. Set default policy to permit all. Batch should be allowed. 2. Set default policy to deny all. Batch should be rejected. """ self._identity_view_factory.add_policy("default", ["PERMIT_KEY *"]) batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("default", ["DENY_KEY *"]) batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_role(self): """ Test that role:"transactor" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + \ self.public_key]) self._identity_view_factory.add_role("transactor", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("transactor", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_batch_signer(self): """ Test that role: "transactor.batch_signer" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + \ self.public_key]) self._identity_view_factory.add_role("transactor.batch_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("transactor.batch_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_transaction_signer(self): """ Test that role: "transactor.transaction_signer" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + \ self.public_key]) self._identity_view_factory.add_role("transactor.transaction_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("transactor.transaction_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_transaction_siger_transaction_family(self): """ Test that role: "transactor.transaction_signer.intkey" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + \ self.public_key]) self._identity_view_factory.add_role( "transactor.transaction_signer.intkey", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role( "transactor.transaction_signer.intkey", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_off_chain_permissions(self): """ Test that if permissions are empty all signers are permitted. """ batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) def test_off_chain_transactor(self): """ Test that role:"transactor" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_off_chain_transactor_batch_signer(self): """ Test that role:"transactor.batch_signer" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor.batch_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor.batch_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_off_chain_transactor_transaction_signer(self): """ Test that role:"transactor.transaction_signer" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor.transaction_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor.transaction_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_off_chain_transactor_transaction_signer_family(self): """ Test that role:"transactor.transaction_signer.intkey" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor.transaction_signer.intkey"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor.transaction_signer.intkey"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_network(self): """ Test that if no roles are set and no default policy is set, permit all is used. """ allowed = self.permission_verifier.check_network_role(self.public_key) self.assertTrue(allowed) def test_network_default(self): """ Test that if no roles are set, the default policy is used. 1. Set default policy to permit all. Public key should be allowed. 2. Set default policy to deny all. Public key should be rejected. """ self._identity_view_factory.add_policy("default", ["PERMIT_KEY *"]) allowed = self.permission_verifier.check_network_role(self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("default", ["DENY_KEY *"]) allowed = self.permission_verifier.check_network_role(self.public_key) self.assertFalse(allowed) def test_network_role(self): """ Test that role:"network" is checked properly. 1. Set policy to permit signing key. Public key should be allowed. 2. Set policy to permit some other key. Public key should be rejected. """ self._identity_view_factory.add_policy( "policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role("network", "policy1") allowed = self.permission_verifier.check_network_role(self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy2", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("network", "policy2") allowed = self.permission_verifier.check_network_role(self.public_key) self.assertFalse(allowed) def test_network_consensus(self): """ Test that if no roles are set and no default policy is set, permit all is used. """ allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertTrue(allowed) def test_network_consensus_default(self): """ Test that if no roles are set, the default policy is used. 1. Set default policy to permit all. Public key should be allowed. 2. Set default policy to deny all. Public key should be rejected. """ self._identity_view_factory.add_policy("default", ["PERMIT_KEY *"]) allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("default", ["DENY_KEY *"]) allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertFalse(allowed) def test_network_consensus_role(self): """ Test that role:"network.consensus" is checked properly. 1. Set policy to permit signing key. Public key should be allowed. 2. Set policy to permit some other key. Public key should be rejected. """ self._identity_view_factory.add_policy( "policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role("network.consensus", "policy1") allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy2", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("network.consensus", "policy2") allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertFalse(allowed)
def __init__(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache( self._identity_view_factory)
class TestIdentityCache(unittest.TestCase): def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache( self._identity_view_factory) def test_get_role(self): """ Test that a role can be fetched from the state. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self.assertIsNone(self._identity_cache["network"]) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEqual( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) def test_get_policy(self): """ Test that a policy can be fetched from the state. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self.assertIsNone(self._identity_cache["policy1"]) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEqual( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) def test_role_invalidate(self): """ Test that a role can be invalidated. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self._identity_cache.invalidate("network") self.assertEqual(self._identity_cache["network"], None) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEqual( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) def test_policy_invalidate(self): """ Test that a policy can be invalidated. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self._identity_cache.invalidate("policy1") self.assertEqual(self._identity_cache["policy1"], None) identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEqual( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) def test_forked(self): """ Test that forked() invalidates all items in the cache, and they can be fetched from state. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") identity_view = \ self._identity_view_factory.create_identity_view("state_root") self._identity_cache.get_policy("policy1", "state_root") self._identity_cache.get_role("network", "state_root") self.assertEqual(len(self._identity_cache), 2) self._identity_cache.forked() self.assertEqual(self._identity_cache["network"], None) self.assertEqual(self._identity_cache["policy1"], None) self.assertEqual( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) self.assertEqual( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network"))
class TestIdentityObserver(unittest.TestCase): def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache( self._identity_view_factory) self._identity_obsever = IdentityObserver( to_update=self._identity_cache.invalidate, forked=self._identity_cache.forked ) # Make sure IdentityCache has populated roles and policy self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY key"]) self._identity_view_factory.add_role( "network", "policy1") self._identity_cache.get_role("network", "state_root") self._identity_cache.get_policy("policy1", "state_root") def _current_root_func(self): return "0000000000000000000000" def create_block(self, previous_block_id="0000000000000000"): block_header = BlockHeader( block_num=85, state_root_hash="0987654321fedcba", previous_block_id=previous_block_id) block = BlockWrapper( Block( header_signature="abcdef1234567890", header=block_header.SerializeToString())) return block def test_chain_update(self): """ Test that if there is no fork and only one value is udpated, only that value is in validated in the catch. """ # Set up cache so it does not fork block1 = self.create_block() self._identity_obsever.chain_update(block1, []) self._identity_cache.get_role("network", "state_root") self._identity_cache.get_policy("policy1", "state_root") self.assertNotEqual(self._identity_cache["network"], None) self.assertNotEqual(self._identity_cache["policy1"], None) # Add next block and event that says network was updated. block2 = self.create_block("abcdef1234567890") event = Event( event_type="identity/update", attributes=[Event.Attribute(key="updated", value="network")]) receipts = TransactionReceipt(events=[event]) self._identity_obsever.chain_update(block2, [receipts]) # Check that only "network" was invalidated self.assertEqual(self._identity_cache["network"], None) self.assertNotEqual(self._identity_cache["policy1"], None) # check that the correct values can be fetched from state. identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEqual( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) self.assertEqual( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1")) def test_fork(self): """ Test that if there is a fork, all values in the cache will be invalidated and fetched from state. """ block = self.create_block() self._identity_obsever.chain_update(block, []) # Check that all items are invalid for key in self._identity_cache: self.assertEqual(self._identity_cache[key], None) # Check that the items can be fetched from state. identity_view = \ self._identity_view_factory.create_identity_view("state_root") self.assertEqual( self._identity_cache.get_role("network", "state_root"), identity_view.get_role("network")) self.assertEqual( self._identity_cache.get_policy("policy1", "state_root"), identity_view.get_policy("policy1"))
class TestPermissionVerifier(unittest.TestCase): def setUp(self): context = create_context('secp256k1') crypto_factory = CryptoFactory(context) private_key = context.new_random_private_key() self.signer = crypto_factory.new_signer(private_key) self._identity_view_factory = MockIdentityViewFactory() self.permissions = {} self._identity_cache = IdentityCache( self._identity_view_factory) self.permission_verifier = \ PermissionVerifier( permissions=self.permissions, current_root_func=self._current_root_func, identity_cache=self._identity_cache) @property def public_key(self): return self.signer.get_public_key().as_hex() def _current_root_func(self): return "0000000000000000000000" def _create_transactions(self, count): txn_list = [] for _ in range(count): payload = { 'Verb': 'set', 'Name': 'name', 'Value': 1, } intkey_prefix = \ hashlib.sha512('intkey'.encode('utf-8')).hexdigest()[0:6] addr = intkey_prefix + \ hashlib.sha512(payload["Name"].encode('utf-8')).hexdigest() payload_encode = hashlib.sha512(cbor.dumps(payload)).hexdigest() header = TransactionHeader( signer_public_key=self.public_key, family_name='intkey', family_version='1.0', inputs=[addr], outputs=[addr], dependencies=[], payload_sha512=payload_encode) header.batcher_public_key = self.public_key header_bytes = header.SerializeToString() signature = self.signer.sign(header_bytes) transaction = Transaction( header=header_bytes, payload=cbor.dumps(payload), header_signature=signature) txn_list.append(transaction) return txn_list def _create_batches(self, batch_count, txn_count): batch_list = [] for _ in range(batch_count): txn_list = self._create_transactions(txn_count) txn_sig_list = [txn.header_signature for txn in txn_list] batch_header = BatchHeader( signer_public_key=self.signer.get_public_key().as_hex()) batch_header.transaction_ids.extend(txn_sig_list) header_bytes = batch_header.SerializeToString() signature = self.signer.sign(header_bytes) batch = Batch( header=header_bytes, transactions=txn_list, header_signature=signature) batch_list.append(batch) return batch_list def test_permission(self): """ Test that if no roles are set and no default policy is set, permit all is used. """ batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) def test_default_policy_permission(self): """ Test that if no roles are set, the default policy is used. 1. Set default policy to permit all. Batch should be allowed. 2. Set default policy to deny all. Batch should be rejected. """ self._identity_view_factory.add_policy("default", ["PERMIT_KEY *"]) batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("default", ["DENY_KEY *"]) batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_role(self): """ Test that role:"transactor" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role("transactor", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("transactor", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_batch_signer(self): """ Test that role: "transactor.batch_signer" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role("transactor.batch_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("transactor.batch_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_transaction_signer(self): """ Test that role: "transactor.transaction_signer" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role("transactor.transaction_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role("transactor.transaction_signer", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_transactor_transaction_siger_transaction_family(self): """ Test that role: "transactor.transaction_signer.intkey" is checked properly. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role( "transactor.transaction_signer.intkey", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy1", ["PERMIT_KEY other"]) self._identity_view_factory.add_role( "transactor.transaction_signer.intkey", "policy1") batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.is_batch_signer_authorized(batch) self.assertFalse(allowed) def test_off_chain_permissions(self): """ Test that if permissions are empty all signers are permitted. """ batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) def test_off_chain_transactor(self): """ Test that role:"transactor" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_off_chain_transactor_batch_signer(self): """ Test that role:"transactor.batch_signer" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor.batch_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor.batch_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_off_chain_transactor_transaction_signer(self): """ Test that role:"transactor.transaction_signer" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor.transaction_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor.transaction_signer"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_off_chain_transactor_transaction_signer_family(self): """ Test that role:"transactor.transaction_signer.intkey" is checked properly if in permissions. 1. Set policy to permit signing key. Batch should be allowed. 2. Set policy to permit some other key. Batch should be rejected. """ policy = make_policy("policy1", ["PERMIT_KEY " + self.public_key]) self.permissions["transactor.transaction_signer.intkey"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertTrue(allowed) policy = make_policy("policy1", ["PERMIT_KEY other"]) self.permissions["transactor.transaction_signer.intkey"] = policy batch = self._create_batches(1, 1)[0] allowed = self.permission_verifier.check_off_chain_batch_roles(batch) self.assertFalse(allowed) def test_network(self): """ Test that if no roles are set and no default policy is set, permit all is used. """ allowed = self.permission_verifier.check_network_role(self.public_key) self.assertTrue(allowed) def test_network_default(self): """ Test that if no roles are set, the default policy is used. 1. Set default policy to permit all. Public key should be allowed. 2. Set default policy to deny all. Public key should be rejected. """ self._identity_view_factory.add_policy("default", ["PERMIT_KEY *"]) allowed = self.permission_verifier.check_network_role(self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("default", ["DENY_KEY *"]) allowed = self.permission_verifier.check_network_role(self.public_key) self.assertFalse(allowed) def test_network_role(self): """ Test that role:"network" is checked properly. 1. Set policy to permit signing key. Public key should be allowed. 2. Set policy to permit some other key. Public key should be rejected. """ self._identity_view_factory.add_policy( "policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role( "network", "policy1") allowed = self.permission_verifier.check_network_role(self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy2", ["PERMIT_KEY other"]) self._identity_view_factory.add_role( "network", "policy2") allowed = self.permission_verifier.check_network_role(self.public_key) self.assertFalse(allowed) def test_network_consensus(self): """ Test that if no roles are set and no default policy is set, permit all is used. """ allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertTrue(allowed) def test_network_consensus_default(self): """ Test that if no roles are set, the default policy is used. 1. Set default policy to permit all. Public key should be allowed. 2. Set default policy to deny all. Public key should be rejected. """ self._identity_view_factory.add_policy("default", ["PERMIT_KEY *"]) allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("default", ["DENY_KEY *"]) allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertFalse(allowed) def test_network_consensus_role(self): """ Test that role:"network.consensus" is checked properly. 1. Set policy to permit signing key. Public key should be allowed. 2. Set policy to permit some other key. Public key should be rejected. """ self._identity_view_factory.add_policy( "policy1", ["PERMIT_KEY " + self.public_key]) self._identity_view_factory.add_role( "network.consensus", "policy1") allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertTrue(allowed) self._identity_cache.forked() self._identity_view_factory.add_policy("policy2", ["PERMIT_KEY other"]) self._identity_view_factory.add_role( "network.consensus", "policy2") allowed = self.permission_verifier.check_network_consensus_role( self.public_key) self.assertFalse(allowed)
def __init__(self, bind_network, bind_component, endpoint, peering, seeds_list, peer_list, data_dir, config_dir, identity_signing_key, scheduler_type, permissions, network_public_key=None, network_private_key=None, roles=None, metrics_registry=None): """Constructs a validator instance. Args: bind_network (str): the network endpoint bind_component (str): the component endpoint endpoint (str): the zmq-style URI of this validator's publically reachable endpoint peering (str): The type of peering approach. Either 'static' or 'dynamic'. In 'static' mode, no attempted topology buildout occurs -- the validator only attempts to initiate peering connections with endpoints specified in the peer_list. In 'dynamic' mode, the validator will first attempt to initiate peering connections with endpoints specified in the peer_list and then attempt to do a topology buildout starting with peer lists obtained from endpoints in the seeds_list. In either mode, the validator will accept incoming peer requests up to max_peers. seeds_list (list of str): a list of addresses to connect to in order to perform the initial topology buildout peer_list (list of str): a list of peer addresses data_dir (str): path to the data directory config_dir (str): path to the config directory identity_signing_key (str): key validator uses for signing """ db_filename = os.path.join(data_dir, 'merkle-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('database file is %s', db_filename) merkle_db = LMDBNoLockDatabase(db_filename, 'c') delta_db_filename = os.path.join( data_dir, 'state-deltas-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('state delta store file is %s', delta_db_filename) state_delta_db = LMDBNoLockDatabase(delta_db_filename, 'c') receipt_db_filename = os.path.join( data_dir, 'txn_receipts-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('txn receipt store file is %s', receipt_db_filename) receipt_db = LMDBNoLockDatabase(receipt_db_filename, 'c') state_delta_store = StateDeltaStore(state_delta_db) receipt_store = TransactionReceiptStore(receipt_db) context_manager = ContextManager(merkle_db, state_delta_store) self._context_manager = context_manager state_view_factory = StateViewFactory(merkle_db) block_db_filename = os.path.join( data_dir, 'block-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('block store file is %s', block_db_filename) block_db = LMDBNoLockDatabase(block_db_filename, 'c') block_store = BlockStore(block_db) batch_tracker = BatchTracker(block_store) # setup network self._dispatcher = Dispatcher(metrics_registry=metrics_registry) thread_pool = ThreadPoolExecutor(max_workers=10) sig_pool = ThreadPoolExecutor(max_workers=3) self._thread_pool = thread_pool self._sig_pool = sig_pool self._service = Interconnect(bind_component, self._dispatcher, secured=False, heartbeat=False, max_incoming_connections=20, monitor=True, max_future_callback_workers=10, metrics_registry=metrics_registry) executor = TransactionExecutor( service=self._service, context_manager=context_manager, settings_view_factory=SettingsViewFactory( StateViewFactory(merkle_db)), scheduler_type=scheduler_type, invalid_observers=[batch_tracker], metrics_registry=metrics_registry) self._executor = executor self._service.set_check_connections(executor.check_connections) state_delta_processor = StateDeltaProcessor(self._service, state_delta_store, block_store) event_broadcaster = EventBroadcaster(self._service, block_store, receipt_store) zmq_identity = hashlib.sha512( time.time().hex().encode()).hexdigest()[:23] network_thread_pool = ThreadPoolExecutor(max_workers=10) self._network_thread_pool = network_thread_pool self._network_dispatcher = Dispatcher( metrics_registry=metrics_registry) secure = False if network_public_key is not None and network_private_key is not None: secure = True self._network = Interconnect( bind_network, dispatcher=self._network_dispatcher, zmq_identity=zmq_identity, secured=secure, server_public_key=network_public_key, server_private_key=network_private_key, heartbeat=True, public_endpoint=endpoint, connection_timeout=30, max_incoming_connections=100, max_future_callback_workers=10, authorize=True, public_key=signing.generate_pubkey(identity_signing_key), priv_key=identity_signing_key, roles=roles, metrics_registry=metrics_registry) self._gossip = Gossip(self._network, endpoint=endpoint, peering_mode=peering, initial_seed_endpoints=seeds_list, initial_peer_endpoints=peer_list, minimum_peer_connectivity=3, maximum_peer_connectivity=10, topology_check_frequency=1) completer = Completer(block_store, self._gossip) block_sender = BroadcastBlockSender(completer, self._gossip) batch_sender = BroadcastBatchSender(completer, self._gossip) chain_id_manager = ChainIdManager(data_dir) identity_view_factory = IdentityViewFactory( StateViewFactory(merkle_db)) id_cache = IdentityCache(identity_view_factory, block_store.chain_head_state_root) permission_verifier = PermissionVerifier( permissions, block_store.chain_head_state_root, id_cache) identity_observer = IdentityObserver(to_update=id_cache.invalidate, forked=id_cache.forked) # Create and configure journal self._journal = Journal( block_store=block_store, state_view_factory=StateViewFactory(merkle_db), block_sender=block_sender, batch_sender=batch_sender, transaction_executor=executor, squash_handler=context_manager.get_squash_handler(), identity_signing_key=identity_signing_key, chain_id_manager=chain_id_manager, data_dir=data_dir, config_dir=config_dir, permission_verifier=permission_verifier, check_publish_block_frequency=0.1, block_cache_purge_frequency=30, block_cache_keep_time=300, batch_observers=[batch_tracker], chain_observers=[ state_delta_processor, event_broadcaster, receipt_store, batch_tracker, identity_observer ], metrics_registry=metrics_registry) self._genesis_controller = GenesisController( context_manager=context_manager, transaction_executor=executor, completer=completer, block_store=block_store, state_view_factory=state_view_factory, identity_key=identity_signing_key, data_dir=data_dir, config_dir=config_dir, chain_id_manager=chain_id_manager, batch_sender=batch_sender) responder = Responder(completer) completer.set_on_batch_received(self._journal.on_batch_received) completer.set_on_block_received(self._journal.on_block_received) self._dispatcher.add_handler( validator_pb2.Message.TP_ADD_RECEIPT_DATA_REQUEST, tp_state_handlers.TpAddReceiptDataHandler(context_manager), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.TP_ADD_EVENT_REQUEST, tp_state_handlers.TpAddEventHandler(context_manager), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.TP_STATE_DEL_REQUEST, tp_state_handlers.TpStateDeleteHandler(context_manager), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.TP_STATE_GET_REQUEST, tp_state_handlers.TpStateGetHandler(context_manager), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.TP_STATE_SET_REQUEST, tp_state_handlers.TpStateSetHandler(context_manager), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.TP_REGISTER_REQUEST, processor_handlers.ProcessorRegisterHandler(executor.processors), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.TP_UNREGISTER_REQUEST, processor_handlers.ProcessorUnRegisterHandler(executor.processors), thread_pool) # Set up base network handlers self._network_dispatcher.add_handler( validator_pb2.Message.NETWORK_PING, PingHandler(network=self._network), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.NETWORK_CONNECT, ConnectHandler(network=self._network), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.NETWORK_DISCONNECT, DisconnectHandler(network=self._network), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.AUTHORIZATION_VIOLATION, AuthorizationViolationHandler(network=self._network, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.AUTHORIZATION_TRUST_REQUEST, AuthorizationTrustRequestHandler( network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.AUTHORIZATION_CHALLENGE_REQUEST, AuthorizationChallengeRequestHandler(network=self._network), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.AUTHORIZATION_CHALLENGE_SUBMIT, AuthorizationChallengeSubmitHandler( network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) # Set up gossip handlers self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_GET_PEERS_REQUEST, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_GET_PEERS_REQUEST, GetPeersRequestHandler(gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_GET_PEERS_RESPONSE, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_GET_PEERS_RESPONSE, GetPeersResponseHandler(gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_REGISTER, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_REGISTER, PeerRegisterHandler(gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_UNREGISTER, PeerUnregisterHandler(gossip=self._gossip), network_thread_pool) # GOSSIP_MESSAGE 1) Sends acknowledgement to the sender self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, GossipMessageHandler(), network_thread_pool) # GOSSIP_MESSAGE 2) Verify Network Permissions self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) # GOSSIP_MESSAGE 3) Verifies signature self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, signature_verifier.GossipMessageSignatureVerifier(), sig_pool) # GOSSIP_MESSAGE 4) Verifies batch structure self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, structure_verifier.GossipHandlerStructureVerifier(), network_thread_pool) # GOSSIP_MESSAGE 4) Verifies that the node is allowed to publish a # block self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, NetworkConsensusPermissionHandler( network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) # GOSSIP_MESSAGE 5) Determines if we should broadcast the # message to our peers. It is important that this occur prior # to the sending of the message to the completer, as this step # relies on whether the gossip message has previously been # seen by the validator to determine whether or not forwarding # should occur self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, GossipBroadcastHandler(gossip=self._gossip, completer=completer), network_thread_pool) # GOSSIP_MESSAGE 6) Send message to completer self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_MESSAGE, CompleterGossipHandler(completer), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_REQUEST, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_REQUEST, BlockResponderHandler(responder, self._gossip), network_thread_pool) # GOSSIP_BLOCK_RESPONSE 1) Sends ack to the sender self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_RESPONSE, GossipBlockResponseHandler(), network_thread_pool) # GOSSIP_MESSAGE 2) Verify Network Permissions self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_RESPONSE, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) # GOSSIP_BLOCK_RESPONSE 3) Verifies signature self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_RESPONSE, signature_verifier.GossipBlockResponseSignatureVerifier(), sig_pool) # GOSSIP_BLOCK_RESPONSE 4) Check batch structure self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_RESPONSE, structure_verifier.GossipBlockResponseStructureVerifier(), network_thread_pool) # GOSSIP_BLOCK_RESPONSE 5) Send message to completer self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_RESPONSE, CompleterGossipBlockResponseHandler(completer), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BLOCK_RESPONSE, ResponderBlockResponseHandler(responder, self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_BY_BATCH_ID_REQUEST, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_BY_BATCH_ID_REQUEST, BatchByBatchIdResponderHandler(responder, self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_BY_TRANSACTION_ID_REQUEST, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_BY_TRANSACTION_ID_REQUEST, BatchByTransactionIdResponderHandler(responder, self._gossip), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_RESPONSE, NetworkPermissionHandler(network=self._network, permission_verifier=permission_verifier, gossip=self._gossip), network_thread_pool) # GOSSIP_BATCH_RESPONSE 1) Sends ack to the sender self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_RESPONSE, GossipBatchResponseHandler(), network_thread_pool) # GOSSIP_BATCH_RESPONSE 2) Verifies signature self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_RESPONSE, signature_verifier.GossipBatchResponseSignatureVerifier(), sig_pool) # GOSSIP_BATCH_RESPONSE 3) Check batch structure self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_RESPONSE, structure_verifier.GossipBatchResponseStructureVerifier(), network_thread_pool) # GOSSIP_BATCH_RESPONSE 4) Send message to completer self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_RESPONSE, CompleterGossipBatchResponseHandler(completer), network_thread_pool) self._network_dispatcher.add_handler( validator_pb2.Message.GOSSIP_BATCH_RESPONSE, ResponderBatchResponseHandler(responder, self._gossip), network_thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_SUBMIT_REQUEST, BatchListPermissionVerifier( permission_verifier=permission_verifier), sig_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_SUBMIT_REQUEST, signature_verifier.BatchListSignatureVerifier(), sig_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_SUBMIT_REQUEST, structure_verifier.BatchListStructureVerifier(), network_thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_SUBMIT_REQUEST, CompleterBatchListBroadcastHandler(completer, self._gossip), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_SUBMIT_REQUEST, client_handlers.BatchSubmitFinisher(batch_tracker), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_STATUS_REQUEST, client_handlers.BatchStatusRequest(batch_tracker), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_STATE_LIST_REQUEST, client_handlers.StateListRequest(merkle_db, self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_STATE_GET_REQUEST, client_handlers.StateGetRequest(merkle_db, self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BLOCK_LIST_REQUEST, client_handlers.BlockListRequest(self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BLOCK_GET_REQUEST, client_handlers.BlockGetRequest(self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_LIST_REQUEST, client_handlers.BatchListRequest(self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_BATCH_GET_REQUEST, client_handlers.BatchGetRequest(self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_TRANSACTION_LIST_REQUEST, client_handlers.TransactionListRequest( self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_TRANSACTION_GET_REQUEST, client_handlers.TransactionGetRequest( self._journal.get_block_store()), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_STATE_CURRENT_REQUEST, client_handlers.StateCurrentRequest( self._journal.get_current_root), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_RECEIPT_GET_REQUEST, ClientReceiptGetRequestHandler(receipt_store), thread_pool) # State Delta Subscription Handlers self._dispatcher.add_handler( validator_pb2.Message.STATE_DELTA_SUBSCRIBE_REQUEST, StateDeltaSubscriberValidationHandler(state_delta_processor), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.STATE_DELTA_SUBSCRIBE_REQUEST, StateDeltaAddSubscriberHandler(state_delta_processor), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.STATE_DELTA_UNSUBSCRIBE_REQUEST, StateDeltaUnsubscriberHandler(state_delta_processor), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.STATE_DELTA_GET_EVENTS_REQUEST, StateDeltaGetEventsHandler(block_store, state_delta_store), thread_pool) # Client Events Handlers self._dispatcher.add_handler( validator_pb2.Message.CLIENT_EVENTS_SUBSCRIBE_REQUEST, ClientEventsSubscribeValidationHandler(event_broadcaster), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_EVENTS_SUBSCRIBE_REQUEST, ClientEventsSubscribeHandler(event_broadcaster), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_EVENTS_UNSUBSCRIBE_REQUEST, ClientEventsUnsubscribeHandler(event_broadcaster), thread_pool) self._dispatcher.add_handler( validator_pb2.Message.CLIENT_EVENTS_GET_REQUEST, ClientEventsGetRequestHandler(event_broadcaster), thread_pool)
def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache(self._identity_view_factory)
def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache(self._identity_view_factory, self._current_root_func)
def __init__(self, bind_network, bind_component, bind_consensus, endpoint, peering, seeds_list, peer_list, data_dir, config_dir, identity_signer, scheduler_type, permissions, minimum_peer_connectivity, maximum_peer_connectivity, state_pruning_block_depth, network_public_key=None, network_private_key=None, roles=None): """Constructs a validator instance. Args: bind_network (str): the network endpoint bind_component (str): the component endpoint endpoint (str): the zmq-style URI of this validator's publically reachable endpoint peering (str): The type of peering approach. Either 'static' or 'dynamic'. In 'static' mode, no attempted topology buildout occurs -- the validator only attempts to initiate peering connections with endpoints specified in the peer_list. In 'dynamic' mode, the validator will first attempt to initiate peering connections with endpoints specified in the peer_list and then attempt to do a topology buildout starting with peer lists obtained from endpoints in the seeds_list. In either mode, the validator will accept incoming peer requests up to max_peers. seeds_list (list of str): a list of addresses to connect to in order to perform the initial topology buildout peer_list (list of str): a list of peer addresses data_dir (str): path to the data directory config_dir (str): path to the config directory identity_signer (str): cryptographic signer the validator uses for signing """ # -- Setup Global State Database and Factory -- # global_state_db_filename = os.path.join( data_dir, 'merkle-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('global state database file is %s', global_state_db_filename) global_state_db = NativeLmdbDatabase( global_state_db_filename, indexes=MerkleDatabase.create_index_configuration()) state_view_factory = StateViewFactory(global_state_db) # -- Setup Receipt Store -- # receipt_db_filename = os.path.join( data_dir, 'txn_receipts-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('txn receipt store file is %s', receipt_db_filename) receipt_db = LMDBNoLockDatabase(receipt_db_filename, 'c') receipt_store = TransactionReceiptStore(receipt_db) # -- Setup Block Store -- # block_db_filename = os.path.join( data_dir, 'block-{}.lmdb'.format(bind_network[-2:])) LOGGER.debug('block store file is %s', block_db_filename) block_db = IndexedDatabase( block_db_filename, BlockStore.serialize_block, BlockStore.deserialize_block, flag='c', indexes=BlockStore.create_index_configuration()) block_store = BlockStore(block_db) # The cache keep time for the journal's block cache must be greater # than the cache keep time used by the completer. base_keep_time = 1200 block_cache = BlockCache(block_store, keep_time=int(base_keep_time * 9 / 8), purge_frequency=30) # -- Setup Thread Pools -- # component_thread_pool = InstrumentedThreadPoolExecutor( max_workers=10, name='Component') network_thread_pool = InstrumentedThreadPoolExecutor(max_workers=10, name='Network') client_thread_pool = InstrumentedThreadPoolExecutor(max_workers=5, name='Client') sig_pool = InstrumentedThreadPoolExecutor(max_workers=3, name='Signature') # -- Setup Dispatchers -- # component_dispatcher = Dispatcher() network_dispatcher = Dispatcher() # -- Setup Services -- # component_service = Interconnect(bind_component, component_dispatcher, secured=False, heartbeat=False, max_incoming_connections=20, monitor=True, max_future_callback_workers=10) zmq_identity = hashlib.sha512( time.time().hex().encode()).hexdigest()[:23] secure = False if network_public_key is not None and network_private_key is not None: secure = True network_service = Interconnect(bind_network, dispatcher=network_dispatcher, zmq_identity=zmq_identity, secured=secure, server_public_key=network_public_key, server_private_key=network_private_key, heartbeat=True, public_endpoint=endpoint, connection_timeout=120, max_incoming_connections=100, max_future_callback_workers=10, authorize=True, signer=identity_signer, roles=roles) # -- Setup Transaction Execution Platform -- # context_manager = ContextManager(global_state_db) batch_tracker = BatchTracker(block_store) settings_cache = SettingsCache( SettingsViewFactory(state_view_factory), ) transaction_executor = TransactionExecutor( service=component_service, context_manager=context_manager, settings_view_factory=SettingsViewFactory(state_view_factory), scheduler_type=scheduler_type, invalid_observers=[batch_tracker]) component_service.set_check_connections( transaction_executor.check_connections) event_broadcaster = EventBroadcaster(component_service, block_store, receipt_store) # -- Setup P2P Networking -- # gossip = Gossip(network_service, settings_cache, lambda: block_store.chain_head, block_store.chain_head_state_root, endpoint=endpoint, peering_mode=peering, initial_seed_endpoints=seeds_list, initial_peer_endpoints=peer_list, minimum_peer_connectivity=minimum_peer_connectivity, maximum_peer_connectivity=maximum_peer_connectivity, topology_check_frequency=1) completer = Completer(block_store, gossip, cache_keep_time=base_keep_time, cache_purge_frequency=30, requested_keep_time=300) block_sender = BroadcastBlockSender(completer, gossip) batch_sender = BroadcastBatchSender(completer, gossip) chain_id_manager = ChainIdManager(data_dir) identity_view_factory = IdentityViewFactory( StateViewFactory(global_state_db)) id_cache = IdentityCache(identity_view_factory) # -- Setup Permissioning -- # permission_verifier = PermissionVerifier( permissions, block_store.chain_head_state_root, id_cache) identity_observer = IdentityObserver(to_update=id_cache.invalidate, forked=id_cache.forked) settings_observer = SettingsObserver( to_update=settings_cache.invalidate, forked=settings_cache.forked) # -- Consensus Engine -- # consensus_thread_pool = InstrumentedThreadPoolExecutor( max_workers=3, name='Consensus') consensus_dispatcher = Dispatcher() consensus_service = Interconnect(bind_consensus, consensus_dispatcher, secured=False, heartbeat=False, max_incoming_connections=20, monitor=True, max_future_callback_workers=10) consensus_notifier = ConsensusNotifier(consensus_service) # -- Setup Journal -- # batch_injector_factory = DefaultBatchInjectorFactory( block_cache=block_cache, state_view_factory=state_view_factory, signer=identity_signer) block_publisher = BlockPublisher( transaction_executor=transaction_executor, block_cache=block_cache, state_view_factory=state_view_factory, settings_cache=settings_cache, block_sender=block_sender, batch_sender=batch_sender, chain_head=block_store.chain_head, identity_signer=identity_signer, data_dir=data_dir, config_dir=config_dir, permission_verifier=permission_verifier, check_publish_block_frequency=0.1, batch_observers=[batch_tracker], batch_injector_factory=batch_injector_factory) block_publisher_batch_sender = block_publisher.batch_sender() block_validator = BlockValidator( block_cache=block_cache, state_view_factory=state_view_factory, transaction_executor=transaction_executor, identity_signer=identity_signer, data_dir=data_dir, config_dir=config_dir, permission_verifier=permission_verifier) chain_controller = ChainController( block_store=block_store, block_cache=block_cache, block_validator=block_validator, state_database=global_state_db, chain_head_lock=block_publisher.chain_head_lock, state_pruning_block_depth=state_pruning_block_depth, data_dir=data_dir, observers=[ event_broadcaster, receipt_store, batch_tracker, identity_observer, settings_observer ]) genesis_controller = GenesisController( context_manager=context_manager, transaction_executor=transaction_executor, completer=completer, block_store=block_store, state_view_factory=state_view_factory, identity_signer=identity_signer, data_dir=data_dir, config_dir=config_dir, chain_id_manager=chain_id_manager, batch_sender=batch_sender) responder = Responder(completer) completer.set_on_batch_received(block_publisher_batch_sender.send) completer.set_on_block_received(chain_controller.queue_block) completer.set_chain_has_block(chain_controller.has_block) # -- Register Message Handler -- # network_handlers.add(network_dispatcher, network_service, gossip, completer, responder, network_thread_pool, sig_pool, chain_controller.has_block, block_publisher.has_batch, permission_verifier, block_publisher, consensus_notifier) component_handlers.add(component_dispatcher, gossip, context_manager, transaction_executor, completer, block_store, batch_tracker, global_state_db, self.get_chain_head_state_root_hash, receipt_store, event_broadcaster, permission_verifier, component_thread_pool, client_thread_pool, sig_pool, block_publisher) # -- Store Object References -- # self._component_dispatcher = component_dispatcher self._component_service = component_service self._component_thread_pool = component_thread_pool self._network_dispatcher = network_dispatcher self._network_service = network_service self._network_thread_pool = network_thread_pool consensus_proxy = ConsensusProxy( block_cache=block_cache, chain_controller=chain_controller, block_publisher=block_publisher, gossip=gossip, identity_signer=identity_signer, settings_view_factory=SettingsViewFactory(state_view_factory), state_view_factory=state_view_factory) consensus_handlers.add(consensus_dispatcher, consensus_thread_pool, consensus_proxy) self._consensus_dispatcher = consensus_dispatcher self._consensus_service = consensus_service self._consensus_thread_pool = consensus_thread_pool self._client_thread_pool = client_thread_pool self._sig_pool = sig_pool self._context_manager = context_manager self._transaction_executor = transaction_executor self._genesis_controller = genesis_controller self._gossip = gossip self._block_publisher = block_publisher self._chain_controller = chain_controller self._block_validator = block_validator
def setUp(self): self._identity_view_factory = MockIdentityViewFactory() self._identity_cache = IdentityCache( self._identity_view_factory)