From 4cc3e3c45057b6310ad178eeb510761d2baf2c4f Mon Sep 17 00:00:00 2001
From: liuyuanmu <liuyuanmu@jd.com>
Date: Sun, 14 Nov 2021 21:49:02 +0800
Subject: [PATCH] TLS for netty

---
 core                                                   |  2 +-
 .../main/resources/config/application-gw.properties    |  6 ++----
 .../src/main/resources/config/gateway.conf             | 18 +++++++++++++-----
 .../main/resources/config/application-peer.properties  |  8 ++++----
 .../src/main/resources/config/init/local.conf          |  9 +++++++++
 framework                                              |  2 +-
 libs/bft-smart                                         |  2 +-
 libs/httpservice                                       |  2 +-
 libs/utils                                             |  2 +-
 9 files changed, 33 insertions(+), 18 deletions(-)

diff --git a/core b/core
index d46976bf..6fd8177d 160000
--- a/core
+++ b/core
@@ -1 +1 @@
-Subproject commit d46976bf591f6015372f5ac5a1e5832130abfbaa
+Subproject commit 6fd8177da8c73a007efe4dd8e7b47a3ffca7b5b7
diff --git a/deploy/deploy-gateway/src/main/resources/config/application-gw.properties b/deploy/deploy-gateway/src/main/resources/config/application-gw.properties
index 18a85177..89ab714b 100644
--- a/deploy/deploy-gateway/src/main/resources/config/application-gw.properties
+++ b/deploy/deploy-gateway/src/main/resources/config/application-gw.properties
@@ -3,12 +3,10 @@ server.compression.enabled=true
 server.compression.mime-types=application/json,application/xml,text/html,text/xml,text/plain
 
 # TLS
-server.ssl.enabled=false
 server.ssl.key-store=
-server.ssl.key-store-type=
+server.ssl.key-store-type=PKCS12
 server.ssl.key-alias=
 server.ssl.key-store-password=
-server.ssl.client-auth=
 server.ssl.trust-store=
 server.ssl.trust-store-password=
-server.ssl.trust-store-type=
\ No newline at end of file
+server.ssl.trust-store-type=JKS
\ No newline at end of file
diff --git a/deploy/deploy-gateway/src/main/resources/config/gateway.conf b/deploy/deploy-gateway/src/main/resources/config/gateway.conf
index b56c0c39..5f103a70 100644
--- a/deploy/deploy-gateway/src/main/resources/config/gateway.conf
+++ b/deploy/deploy-gateway/src/main/resources/config/gateway.conf
@@ -2,21 +2,29 @@
 http.host=0.0.0.0
 #网关的HTTP服务端口；
 http.port=8080
+#网关服务是否启用安全证书；
+http.secure=false
+#网关服务SSL客户端认证模式
+https.client-auth=none
 #网关的HTTP服务上下文路径，可选；
 #http.context-path=
 
-#共识节点的服务地址（与该网关节点连接的Peer节点的IP地址）；
+#共识节点的管理服务地址（与该网关节点连接的Peer节点的IP地址）；
 peer.host=127.0.0.1
-#共识节点的服务端口（与该网关节点连接的Peer节点的端口，即在Peer节点的peer-startup.sh中定义的端口）；
+#共识节点的管理服务端口（与该网关节点连接的Peer节点的端口，即在Peer节点的peer-startup.sh中定义的端口）；
 peer.port=7080
-#共识节点的服务是否启用安全证书；
+#共识节点的管理服务是否启用安全证书；
 peer.secure=false
-#共识节点SSL客户端认证模式
-peer.client-auth=none
+
+#共识节点的共识服务是否启用安全证书；
+peer.consensus.secure=false
 
 #账本节点拓扑信息落盘，默认false
 topology.store=false
 
+#是否开启共识节点自动感知，默认true
+topology.aware=true
+
 #共识节点的服务提供解析器
 #BftSmart共识Provider：com.jd.blockchain.consensus.bftsmart.BftsmartConsensusProvider
 #简单消息共识Provider：com.jd.blockchain.consensus.mq.MsgQueueConsensusProvider
diff --git a/deploy/deploy-peer/src/main/resources/config/application-peer.properties b/deploy/deploy-peer/src/main/resources/config/application-peer.properties
index 18a85177..1b00fc08 100644
--- a/deploy/deploy-peer/src/main/resources/config/application-peer.properties
+++ b/deploy/deploy-peer/src/main/resources/config/application-peer.properties
@@ -2,13 +2,13 @@
 server.compression.enabled=true
 server.compression.mime-types=application/json,application/xml,text/html,text/xml,text/plain
 
-# TLS
+# 管理服务TLS配置
 server.ssl.enabled=false
+server.ssl.client-auth=none
 server.ssl.key-store=
-server.ssl.key-store-type=
+server.ssl.key-store-type=PKCS12
 server.ssl.key-alias=
 server.ssl.key-store-password=
-server.ssl.client-auth=
 server.ssl.trust-store=
 server.ssl.trust-store-password=
-server.ssl.trust-store-type=
\ No newline at end of file
+server.ssl.trust-store-type=JKS
\ No newline at end of file
diff --git a/deploy/deploy-peer/src/main/resources/config/init/local.conf b/deploy/deploy-peer/src/main/resources/config/init/local.conf
index 17615351..56ef3328 100644
--- a/deploy/deploy-peer/src/main/resources/config/init/local.conf
+++ b/deploy/deploy-peer/src/main/resources/config/init/local.conf
@@ -14,6 +14,15 @@ local.parti.privkey-path=
 #当前参与方的私钥解密密钥(原始口令的一次哈希，Base58格式)，如果不设置，则启动过程中需要从控制台输入;
 local.parti.pwd=
 
+#当前参与方的共识服务TLS配置
+local.parti.ssl.key-store=
+local.parti.ssl.key-store-type=
+local.parti.ssl.key-alias=
+local.parti.ssl.key-store-password=
+local.parti.ssl.trust-store=
+local.parti.ssl.trust-store-password=
+local.parti.ssl.trust-store-type=
+
 #账本初始化完成后生成的"账本绑定配置文件"的输出目录
 #推荐使用绝对路径，相对路径以当前文件(local.conf）所在目录为基准
 ledger.binding.out=../
diff --git a/framework b/framework
index 8e065744..7fbf914f 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 8e0657445ed0b8dde7f42de8912137896a50c649
+Subproject commit 7fbf914f2f742368b850aeb232e5912ecec4c1fd
diff --git a/libs/bft-smart b/libs/bft-smart
index d2060fbf..53805507 160000
--- a/libs/bft-smart
+++ b/libs/bft-smart
@@ -1 +1 @@
-Subproject commit d2060fbfa14b4e0e6f90a482d58dd754fd510524
+Subproject commit 538055070081ca5e3682953d2c89e2b44c1d923d
diff --git a/libs/httpservice b/libs/httpservice
index 84c10a5d..3bedf95c 160000
--- a/libs/httpservice
+++ b/libs/httpservice
@@ -1 +1 @@
-Subproject commit 84c10a5d61bd4c4ade7a06833ecd00755774bcc5
+Subproject commit 3bedf95cc6d82b7259a949357efc0a57d8612471
diff --git a/libs/utils b/libs/utils
index 6b2fee07..dee3099f 160000
--- a/libs/utils
+++ b/libs/utils
@@ -1 +1 @@
-Subproject commit 6b2fee074500d7233dc1134ffdf1327325abedff
+Subproject commit dee3099f65d59faeb1c1fc71ba85db230ae0176d