Security Module Plugin API #713
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
usmansaleem
commented
Apr 15, 2020
usmansaleem
commented
Apr 15, 2020
besu/src/main/java/org/hyperledger/besu/cli/subcommands/PublicKeySubCommand.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <[email protected]>
usmansaleem
commented
Apr 15, 2020
besu/src/main/java/org/hyperledger/besu/controller/BesuControllerBuilder.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
rain-on
reviewed
Apr 15, 2020
...s/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ThreadBesuNodeRunner.java
Outdated
Show resolved
Hide resolved
besu/src/main/java/org/hyperledger/besu/cli/subcommands/PublicKeySubCommand.java
Outdated
Show resolved
Hide resolved
besu/src/main/java/org/hyperledger/besu/services/SecurityModuleServiceImpl.java
Outdated
Show resolved
Hide resolved
besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
Outdated
Show resolved
Hide resolved
besu/src/test/java/org/hyperledger/besu/cli/PublicKeySubCommandTest.java
Outdated
Show resolved
Hide resolved
crypto/src/main/java/org/hyperledger/besu/crypto/BouncyCastleSecurityModule.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <[email protected]>
usmansaleem
changed the title
Signed-off-by: Usman Saleem <[email protected]>
|
|
||
| private File nodePrivateKeyFile() { | ||
| final Optional<File> nodePrivateKeyFile = | ||
| isDocker ? Optional.empty() : Optional.ofNullable(standaloneCommands.nodePrivateKeyFile); |
There was a problem hiding this comment.
There should no be any docker specific behaviour
There was a problem hiding this comment.
This whole file is using docker specific behavior using org/hyperledger/besu/cli/BesuCommand.java:2103
private boolean isFullInstantiation() {
return !isDocker;
}
There was a problem hiding this comment.
It's garbage code to be deleted. We don't provide the parameter in the docker image since 29c3c14#diff-ebacf6f6ae4ee68078bb16454b23247dL19 so this part of the code is dead since July 2019. It was discussed about removing it but it was not a priority. Now, if it's confusing, it should be a priority IMO.
There was a problem hiding this comment.
👍 I have created #785 and will clean it out in a separate PR.
There was a problem hiding this comment.
👍 Its a shame the docker code wasn't cleaned out before now - but the removal shouldn't be part of this work.
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
jframe
reviewed
Apr 24, 2020
crypto/src/main/java/org/hyperledger/besu/crypto/KeyPairSecurityModule.java
Outdated
Show resolved
Hide resolved
crypto/src/main/java/org/hyperledger/besu/crypto/KeyPairSecurityModule.java
Outdated
Show resolved
Hide resolved
crypto/src/main/java/org/hyperledger/besu/crypto/ECPointUtil.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
jframe
approved these changes
Apr 24, 2020
Conflicts: plugin-api/build.gradle Signed-off-by: Usman Saleem <[email protected]>
rain-on
reviewed
Apr 26, 2020
|
|
||
| private File nodePrivateKeyFile() { | ||
| final Optional<File> nodePrivateKeyFile = | ||
| isDocker ? Optional.empty() : Optional.ofNullable(standaloneCommands.nodePrivateKeyFile); |
There was a problem hiding this comment.
👍 Its a shame the docker code wasn't cleaned out before now - but the removal shouldn't be part of this work.
crypto/src/main/java/org/hyperledger/besu/crypto/ECPointUtil.java
Outdated
Show resolved
Hide resolved
| private final SECP256K1.KeyPair keyPair; | ||
| private final PublicKey publicKey; | ||
|
|
||
| public KeyPairSecurityModule(final SECP256K1.KeyPair keyPair) { |
There was a problem hiding this comment.
nit: given there's crypto operations happening here, do we want to move this to a static creator? which passes in a privkey and a PublicKey?
There was a problem hiding this comment.
we only require SECP256K1.KeyPair. The PublicKey is the interface (with ECPoint) that is meant to be converted from SECP256K1's PublicKey. The other option would be to initialize public key on the first access via getPublicKey. I don't feel the need of creator factory method.
| /** | ||
| * Registers a provider of security modules. | ||
| * | ||
| * @param name The name to identify the Security Provider Supplier Function |
There was a problem hiding this comment.
Suggested change
| * @param name The name to identify the Security Provider Supplier Function | |
| * @param name The name to identify the Security Provider Supplier |
plugin-api/src/main/java/org/hyperledger/besu/plugin/services/SecurityModuleService.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <[email protected]>
…rityModuleService Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
jframe
reviewed
Apr 27, 2020
Signed-off-by: Usman Saleem <[email protected]>
Signed-off-by: Usman Saleem <[email protected]>
rain-on
approved these changes
Apr 27, 2020
Signed-off-by: Usman Saleem <[email protected]>
usmansaleem
added a commit
that referenced
this pull request
Apr 29, 2020
Signed-off-by: Usman Saleem <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR description
Introduce Security Module Plugin API. This allows to switch to a different security module provider to provide cryptographic function that can be used by NodeKey (such as sign, ECDHKeyAgreement etc.). By default register KeyPairSecurityModule otherwise attempt to load Security Module via plugin API.
CLI Options:
--security-module=<name>. (defaults tolocalfile)