Security Module Plugin API #713
Conversation
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
besu/src/main/java/org/hyperledger/besu/cli/subcommands/PublicKeySubCommand.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <usman@usmans.info>
besu/src/main/java/org/hyperledger/besu/controller/BesuControllerBuilder.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
...s/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ThreadBesuNodeRunner.java
Outdated
Show resolved
Hide resolved
besu/src/main/java/org/hyperledger/besu/cli/subcommands/PublicKeySubCommand.java
Outdated
Show resolved
Hide resolved
besu/src/main/java/org/hyperledger/besu/services/SecurityModuleServiceImpl.java
Outdated
Show resolved
Hide resolved
besu/src/test/java/org/hyperledger/besu/cli/BesuCommandTest.java
Outdated
Show resolved
Hide resolved
besu/src/test/java/org/hyperledger/besu/cli/PublicKeySubCommandTest.java
Outdated
Show resolved
Hide resolved
crypto/src/main/java/org/hyperledger/besu/crypto/BouncyCastleSecurityModule.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <usman@usmans.info>
usmansaleem
changed the title
|
|
||
| private File nodePrivateKeyFile() { | ||
| final Optional<File> nodePrivateKeyFile = | ||
| isDocker ? Optional.empty() : Optional.ofNullable(standaloneCommands.nodePrivateKeyFile); |
There was a problem hiding this comment.
There should no be any docker specific behaviour
There was a problem hiding this comment.
This whole file is using docker specific behavior using org/hyperledger/besu/cli/BesuCommand.java:2103
private boolean isFullInstantiation() {
return !isDocker;
}
There was a problem hiding this comment.
It's garbage code to be deleted. We don't provide the parameter in the docker image since 29c3c14#diff-ebacf6f6ae4ee68078bb16454b23247dL19 so this part of the code is dead since July 2019. It was discussed about removing it but it was not a priority. Now, if it's confusing, it should be a priority IMO.
There was a problem hiding this comment.
👍 I have created #785 and will clean it out in a separate PR.
There was a problem hiding this comment.
👍 Its a shame the docker code wasn't cleaned out before now - but the removal shouldn't be part of this work.
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
crypto/src/main/java/org/hyperledger/besu/crypto/KeyPairSecurityModule.java
Outdated
Show resolved
Hide resolved
crypto/src/main/java/org/hyperledger/besu/crypto/KeyPairSecurityModule.java
Outdated
Show resolved
Hide resolved
crypto/src/main/java/org/hyperledger/besu/crypto/ECPointUtil.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Conflicts: plugin-api/build.gradle Signed-off-by: Usman Saleem <usman@usmans.info>
|
|
||
| private File nodePrivateKeyFile() { | ||
| final Optional<File> nodePrivateKeyFile = | ||
| isDocker ? Optional.empty() : Optional.ofNullable(standaloneCommands.nodePrivateKeyFile); |
There was a problem hiding this comment.
👍 Its a shame the docker code wasn't cleaned out before now - but the removal shouldn't be part of this work.
crypto/src/main/java/org/hyperledger/besu/crypto/ECPointUtil.java
Outdated
Show resolved
Hide resolved
| private final SECP256K1.KeyPair keyPair; | ||
| private final PublicKey publicKey; | ||
|
|
||
| public KeyPairSecurityModule(final SECP256K1.KeyPair keyPair) { |
There was a problem hiding this comment.
nit: given there's crypto operations happening here, do we want to move this to a static creator? which passes in a privkey and a PublicKey?
There was a problem hiding this comment.
we only require SECP256K1.KeyPair. The PublicKey is the interface (with ECPoint) that is meant to be converted from SECP256K1's PublicKey. The other option would be to initialize public key on the first access via getPublicKey. I don't feel the need of creator factory method.
| /** | ||
| * Registers a provider of security modules. | ||
| * | ||
| * @param name The name to identify the Security Provider Supplier Function |
There was a problem hiding this comment.
| * @param name The name to identify the Security Provider Supplier Function | |
| * @param name The name to identify the Security Provider Supplier |
plugin-api/src/main/java/org/hyperledger/besu/plugin/services/SecurityModuleService.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Usman Saleem <usman@usmans.info>
…rityModuleService Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
Signed-off-by: Usman Saleem <usman@usmans.info>
PR description
Introduce Security Module Plugin API. This allows to switch to a different security module provider to provide cryptographic function that can be used by NodeKey (such as sign, ECDHKeyAgreement etc.). By default register KeyPairSecurityModule otherwise attempt to load Security Module via plugin API.
CLI Options:
--security-module=<name>. (defaults tolocalfile)