diff --git a/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java b/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java index 7358ba4e..0baf7b40 100644 --- a/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java +++ b/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java @@ -54,6 +54,14 @@ public interface DataCodes { public static final int TX_RESPONSE = 0x350; public static final int TX_OP_RESULT = 0x360; + + public static final int TX_OP_ROLE_CONFIGURE = 0x370; + + public static final int TX_OP_ROLE_CONFIGURE_ENTRY = 0x371; + + public static final int TX_OP_USER_ROLE_AUTHORIZE = 0x372; + + public static final int TX_OP_USER_ROLE_AUTHORIZE_ENTRY = 0x373; // enum types of permissions; public static final int ENUM_TX_PERMISSION = 0x401; diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/PrivilegeBitset.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/PrivilegeBitset.java index aea812f9..1282530d 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/PrivilegeBitset.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/PrivilegeBitset.java @@ -86,6 +86,7 @@ public class PrivilegeBitset> implements Privilege, BytesSe * @param privileges * @return */ + @SuppressWarnings("unchecked") public Privilege union(PrivilegeBitset... privileges) { return union(privileges, 0, privileges.length); } @@ -112,6 +113,7 @@ public class PrivilegeBitset> implements Privilege, BytesSe * @param privileges * @return */ + @SuppressWarnings("unchecked") public Privilege intersect(PrivilegeBitset... privileges) { return intersect(privileges, 0, privileges.length); } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolesConfigureOperation.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolesConfigureOperation.java new file mode 100644 index 00000000..1e448740 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/RolesConfigureOperation.java @@ -0,0 +1,39 @@ +package com.jd.blockchain.ledger; + +import com.jd.blockchain.binaryproto.DataContract; +import com.jd.blockchain.binaryproto.DataField; +import com.jd.blockchain.binaryproto.PrimitiveType; +import com.jd.blockchain.consts.DataCodes; + +/** + * 角色配置操作; + * + * @author huanghaiquan + * + */ +@DataContract(code = DataCodes.TX_OP_ROLE_CONFIGURE) +public interface RolesConfigureOperation extends Operation { + + @DataField(order = 2, refContract = true, list = true) + RolePrivilegeEntry[] getRoles(); + + @DataContract(code = DataCodes.TX_OP_ROLE_CONFIGURE_ENTRY) + public static interface RolePrivilegeEntry { + + @DataField(order = 1, primitiveType = PrimitiveType.TEXT) + String getRoleName(); + + @DataField(order = 2, refEnum = true, list = true) + LedgerPermission[] getEnableLedgerPermissions(); + + @DataField(order = 3, refEnum = true, list = true) + LedgerPermission[] getDisableLedgerPermissions(); + + @DataField(order = 4, refEnum = true, list = true) + TransactionPermission[] getEnableTransactionPermissions(); + + @DataField(order = 5, refEnum = true, list = true) + TransactionPermission[] getDisableTransactionPermissions(); + + } +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/SecurityUtils.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/SecurityUtils.java new file mode 100644 index 00000000..b0175fc5 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/SecurityUtils.java @@ -0,0 +1,28 @@ +package com.jd.blockchain.ledger; + +public class SecurityUtils { + + public static final int MAX_ROLE_NAMES = 20; + + /** + * 校验角色名称的有效性,并格式化角色名称:去掉两端空白字符,统一为大写字符; + * + * @param roleName + * @return + */ + public static String formatRoleName(String roleName) { + if (roleName == null) { + throw new IllegalArgumentException("Role name is empty!"); + } + roleName = roleName.trim(); + if (roleName.length() > MAX_ROLE_NAMES) { + throw new IllegalArgumentException("Role name exceeds max length!"); + } + if (roleName.length() == 0) { + throw new IllegalArgumentException("Role name is empty!"); + } + + return roleName.toUpperCase(); + } + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserInfoSetOperation.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserInfoSetOperation.java index b9a92317..c6372b78 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserInfoSetOperation.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserInfoSetOperation.java @@ -1,33 +1,29 @@ -//package com.jd.blockchain.ledger; -// -//import com.jd.blockchain.binaryproto.DataContract; -// -///** -// * @author huanghaiquan -// * -// */ -//@DataContract(code=LedgerCodes.TX_OP_USER_INFO_SET) -//public interface UserInfoSetOperation extends Operation { -// -// @Override -// default OperationType getType() { -// return OperationType.SET_USER_INFO; -// } -// -// String getUserAddress(); -// -// KVEntry[] getPropertiesWriteSet(); -// -// -// @DataContract(code=LedgerCodes.TX_OP_USER_INFO_SET_KV) -// public static interface KVEntry{ -// -// String getKey(); -// -// String getValue(); -// -// long getExpectedVersion(); -// } -// -// -//} +package com.jd.blockchain.ledger; + +import com.jd.blockchain.binaryproto.DataContract; +import com.jd.blockchain.consts.DataCodes; + +/** + * @author huanghaiquan + * + */ +@DataContract(code=DataCodes.TX_OP_USER_INFO_SET) +public interface UserInfoSetOperation extends Operation { + + String getUserAddress(); + + KVEntry[] getPropertiesWriteSet(); + + + @DataContract(code=DataCodes.TX_OP_USER_INFO_SET_KV) + public static interface KVEntry{ + + String getKey(); + + String getValue(); + + long getExpectedVersion(); + } + + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRegisterOperation.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRegisterOperation.java index f325085e..caa642de 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRegisterOperation.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRegisterOperation.java @@ -4,10 +4,10 @@ import com.jd.blockchain.binaryproto.DataContract; import com.jd.blockchain.binaryproto.DataField; import com.jd.blockchain.consts.DataCodes; -@DataContract(code= DataCodes.TX_OP_USER_REG) +@DataContract(code = DataCodes.TX_OP_USER_REG) public interface UserRegisterOperation extends Operation { - - @DataField(order=2, refContract = true) - BlockchainIdentity getUserID(); + @DataField(order = 2, refContract = true) + BlockchainIdentity getUserID(); + } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java new file mode 100644 index 00000000..12b230f0 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java @@ -0,0 +1,53 @@ +package com.jd.blockchain.ledger; + +import com.jd.blockchain.binaryproto.DataContract; +import com.jd.blockchain.binaryproto.DataField; +import com.jd.blockchain.binaryproto.PrimitiveType; +import com.jd.blockchain.consts.DataCodes; +import com.jd.blockchain.utils.Bytes; + +/** + * 角色配置操作; + * + * @author huanghaiquan + * + */ +@DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE) +public interface UserRoleAuthorizeOperation extends Operation { + + @DataField(order = 2, refContract = true, list = true) + UserRoleAuthEntry[] getUserRoleAuthorizations(); + + @DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE_ENTRY) + public static interface UserRoleAuthEntry { + + @DataField(order = 0, primitiveType = PrimitiveType.BYTES) + Bytes getUserAddress(); + + @DataField(order = 2, primitiveType = PrimitiveType.INT64) + long getExplectedVersion(); + + /** + * 要更新的多角色权限策略; + * @return + */ + RolesPolicy getRolesPolicy(); + + /** + * 授权的角色清单; + * + * @return + */ + @DataField(order = 1, primitiveType = PrimitiveType.TEXT) + String[] getAuthRoles(); + + /** + * 取消授权的角色清单; + * + * @return + */ + @DataField(order = 1, primitiveType = PrimitiveType.TEXT) + String[] getUnauthRoles(); + + } +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java index ef9b138a..d95a3d1f 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java @@ -22,6 +22,8 @@ import com.jd.blockchain.utils.Bytes; * */ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOperator { + + private static final SecurityOperationBuilderImpl SECURITY_OP_BUILDER = new SecurityOperationBuilderImpl(); private static final LedgerInitOperationBuilderImpl LEDGER_INIT_OP_BUILDER = new LedgerInitOperationBuilderImpl(); @@ -32,6 +34,8 @@ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOpe private static final ContractCodeDeployOperationBuilderImpl CONTRACT_CODE_DEPLOY_OP_BUILDER = new ContractCodeDeployOperationBuilderImpl(); // private static final ContractEventSendOperationBuilderImpl CONTRACT_EVENT_SEND_OP_BUILDER = new ContractEventSendOperationBuilderImpl(); + + private SecurityOperationBuilderFilter securityOpBuilder = new SecurityOperationBuilderFilter(); private LedgerInitOperationBuilder ledgerInitOpBuilder = new LedgerInitOperationBuilderFilter(); @@ -52,6 +56,11 @@ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOpe public LedgerInitOperationBuilder ledgers() { return ledgerInitOpBuilder; } + + @Override + public SecurityOperationBuilder security() { + return securityOpBuilder; + } @Override public UserRegisterOperationBuilder users() { @@ -156,6 +165,18 @@ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOpe } } + + private class SecurityOperationBuilderFilter implements SecurityOperationBuilder { + + @Override + public RolesConfigurer roles() { + RolesConfigurer rolesConfigurer = SECURITY_OP_BUILDER.roles(); + operationList.add(rolesConfigurer.getOperation()); + return rolesConfigurer; + } + + + } private class DataAccountRegisterOperationBuilderFilter implements DataAccountRegisterOperationBuilder { diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/ClientOperator.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/ClientOperator.java index 5e47ef89..2aec03bc 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/ClientOperator.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/ClientOperator.java @@ -6,6 +6,7 @@ package com.jd.blockchain.transaction; * @author huanghaiquan * */ -public interface ClientOperator extends UserOperator, DataAccountOperator, ContractOperator, EventOperator { +public interface ClientOperator + extends SecurityOperator, UserOperator, DataAccountOperator, ContractOperator, EventOperator { } \ No newline at end of file diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java new file mode 100644 index 00000000..cfdd3a6f --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java @@ -0,0 +1,19 @@ +package com.jd.blockchain.transaction; + +import com.jd.blockchain.ledger.LedgerPermission; +import com.jd.blockchain.ledger.TransactionPermission; + +public interface RolePrivilegeConfigurer { + + String getRoleName(); + + RolePrivilegeConfigurer disable(TransactionPermission... permissions); + + RolePrivilegeConfigurer enable(TransactionPermission... permissions); + + RolePrivilegeConfigurer disable(LedgerPermission... permissions); + + RolePrivilegeConfigurer enable(LedgerPermission... permissions); + + RolePrivilegeConfigurer configure(String roleName); +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigureOpTemplate.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigureOpTemplate.java new file mode 100644 index 00000000..5ff5fea0 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigureOpTemplate.java @@ -0,0 +1,137 @@ +package com.jd.blockchain.transaction; + +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import com.jd.blockchain.binaryproto.DataContractRegistry; +import com.jd.blockchain.ledger.LedgerPermission; +import com.jd.blockchain.ledger.RolesConfigureOperation; +import com.jd.blockchain.ledger.SecurityUtils; +import com.jd.blockchain.ledger.TransactionPermission; +import com.jd.blockchain.ledger.UserRegisterOperation; +import com.jd.blockchain.utils.ArrayUtils; + +public class RolesConfigureOpTemplate implements RolesConfigurer, RolesConfigureOperation { + + static { + DataContractRegistry.register(UserRegisterOperation.class); + } + + private Map rolesMap = Collections + .synchronizedMap(new LinkedHashMap()); + + public RolesConfigureOpTemplate() { + } + + boolean isEmpty() { + return rolesMap.isEmpty(); + } + + @Override + public RolePrivilegeEntry[] getRoles() { + return rolesMap.values().toArray(new RolePrivilegeEntry[rolesMap.size()]); + } + + @Override + public RolesConfigureOperation getOperation() { + return this; + } + + @Override + public RolePrivilegeConfigurer configure(String roleName) { + roleName = SecurityUtils.formatRoleName(roleName); + + RolePrivilegeConfig roleConfig = rolesMap.get(roleName); + if (roleConfig == null) { + roleConfig = new RolePrivilegeConfig(roleName); + rolesMap.put(roleName, roleConfig); + } + return roleConfig; + } + + private class RolePrivilegeConfig implements RolePrivilegeConfigurer, RolePrivilegeEntry { + + private String roleName; + + private Set enableLedgerPermissions = new LinkedHashSet(); + private Set disableLedgerPermissions = new LinkedHashSet(); + + private Set enableTxPermissions = new LinkedHashSet(); + private Set disableTxPermissions = new LinkedHashSet(); + + private RolePrivilegeConfig(String roleName) { + this.roleName = roleName; + } + + @Override + public String getRoleName() { + return roleName; + } + + @Override + public LedgerPermission[] getEnableLedgerPermissions() { + return ArrayUtils.toArray(enableLedgerPermissions, LedgerPermission.class); + } + + @Override + public LedgerPermission[] getDisableLedgerPermissions() { + return ArrayUtils.toArray(disableLedgerPermissions, LedgerPermission.class); + } + + @Override + public TransactionPermission[] getEnableTransactionPermissions() { + return ArrayUtils.toArray(enableTxPermissions, TransactionPermission.class); + } + + @Override + public TransactionPermission[] getDisableTransactionPermissions() { + return ArrayUtils.toArray(disableTxPermissions, TransactionPermission.class); + } + + @Override + public RolePrivilegeConfigurer enable(LedgerPermission... permissions) { + List permissionList = ArrayUtils.asList(permissions); + enableLedgerPermissions.addAll(permissionList); + disableLedgerPermissions.removeAll(permissionList); + + return this; + } + + @Override + public RolePrivilegeConfigurer disable(LedgerPermission... permissions) { + List permissionList = ArrayUtils.asList(permissions); + disableLedgerPermissions.addAll(permissionList); + enableLedgerPermissions.removeAll(permissionList); + + return this; + } + + @Override + public RolePrivilegeConfigurer enable(TransactionPermission... permissions) { + List permissionList = ArrayUtils.asList(permissions); + enableTxPermissions.addAll(permissionList); + disableTxPermissions.removeAll(permissionList); + + return this; + } + + @Override + public RolePrivilegeConfigurer disable(TransactionPermission... permissions) { + List permissionList = ArrayUtils.asList(permissions); + disableTxPermissions.addAll(permissionList); + enableTxPermissions.removeAll(permissionList); + + return this; + } + + @Override + public RolePrivilegeConfigurer configure(String roleName) { + return RolesConfigureOpTemplate.this.configure(roleName); + } + + } +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java new file mode 100644 index 00000000..16adf9a3 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java @@ -0,0 +1,11 @@ +package com.jd.blockchain.transaction; + +import com.jd.blockchain.ledger.RolesConfigureOperation; + +public interface RolesConfigurer { + + RolesConfigureOperation getOperation(); + + RolePrivilegeConfigurer configure(String roleName); + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java new file mode 100644 index 00000000..692a08e7 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java @@ -0,0 +1,16 @@ +package com.jd.blockchain.transaction; + +public interface SecurityOperationBuilder { + + /** + * 注册; + * + * @param id + * 区块链身份; + * @param stateType + * 负载类型; + * @return + */ + RolesConfigurer roles(); + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java new file mode 100644 index 00000000..dd5a87e5 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java @@ -0,0 +1,10 @@ +package com.jd.blockchain.transaction; + +public class SecurityOperationBuilderImpl implements SecurityOperationBuilder{ + + @Override + public RolesConfigurer roles() { + return new RolesConfigureOpTemplate(); + } + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperator.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperator.java new file mode 100644 index 00000000..a636c577 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperator.java @@ -0,0 +1,23 @@ +package com.jd.blockchain.transaction; + +/** + * 与安全配置相关的操作门面; + * + *
+ * + * 只能通过客户端接口直接操作;不支持通过合约操作; + * + * @author huanghaiquan + * + */ +public interface SecurityOperator { + + /** + * 注册账户操作; + * + * @return + */ + + SecurityOperationBuilder security(); + +} \ No newline at end of file diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxBuilder.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxBuilder.java index 1ff23a2f..8c582333 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxBuilder.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxBuilder.java @@ -75,6 +75,11 @@ public class TxBuilder implements TransactionBuilder { public Collection getReturnValuehandlers() { return opFactory.getReturnValuetHandlers(); } + + @Override + public SecurityOperationBuilder security() { + return opFactory.security(); + } @Override public LedgerInitOperationBuilder ledgers() { diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxTemplate.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxTemplate.java index 9777d238..40d7d3cd 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxTemplate.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxTemplate.java @@ -36,6 +36,12 @@ public class TxTemplate implements TransactionTemplate { } @Override + public SecurityOperationBuilder security() { + stateManager.operate(); + return txBuilder.security(); + } + + @Override public UserRegisterOperationBuilder users() { stateManager.operate(); return txBuilder.users(); @@ -80,9 +86,10 @@ public class TxTemplate implements TransactionTemplate { @Override public void close() throws IOException { if (!stateManager.close()) { - Collection handlers = txBuilder.getReturnValuehandlers(); + Collection handlers = txBuilder.getReturnValuehandlers(); if (handlers.size() > 0) { - TransactionCancelledExeption error = new TransactionCancelledExeption("Transaction template has been cancelled!"); + TransactionCancelledExeption error = new TransactionCancelledExeption( + "Transaction template has been cancelled!"); for (OperationResultHandle handle : handlers) { handle.complete(error); } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java new file mode 100644 index 00000000..fc425987 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java @@ -0,0 +1,93 @@ +package com.jd.blockchain.transaction; + +import java.util.Collection; +import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Set; + +import com.jd.blockchain.binaryproto.DataContractRegistry; +import com.jd.blockchain.ledger.BlockchainIdentity; +import com.jd.blockchain.ledger.RolesPolicy; +import com.jd.blockchain.ledger.UserRegisterOperation; +import com.jd.blockchain.ledger.UserRoleAuthorizeOperation; +import com.jd.blockchain.utils.ArrayUtils; +import com.jd.blockchain.utils.Bytes; + +public class UserRoleAuthorizeOpTemplate implements UserRoleAuthorizeOperation { + + static { + DataContractRegistry.register(UserRegisterOperation.class); + } + + private Map rolesMap = new LinkedHashMap(); + + public UserRoleAuthorizeOpTemplate() { + } + + public UserRoleAuthorizeOpTemplate(BlockchainIdentity userID) { + } + + @Override + public UserRoleAuthConfig[] getUserRoleAuthorizations() { + return ArrayUtils.toArray(rolesMap.values(), UserRoleAuthConfig.class); + } + + public static class UserRoleAuthConfig implements UserRoleAuthEntry { + + private Bytes userAddress; + + private long expectedVersion; + + private RolesPolicy rolePolicy; + + private Set authRoles = new LinkedHashSet(); + private Set unauthRoles = new LinkedHashSet(); + + private UserRoleAuthConfig(Bytes userAddress, long expectedVersion) { + this.userAddress = userAddress; + + } + + @Override + public Bytes getUserAddress() { + return userAddress; + } + + @Override + public long getExplectedVersion() { + return expectedVersion; + } + + @Override + public RolesPolicy getRolesPolicy() { + return rolePolicy; + } + + @Override + public String[] getAuthRoles() { + return ArrayUtils.toArray(authRoles, String.class); + } + + @Override + public String[] getUnauthRoles() { + return ArrayUtils.toArray(unauthRoles, String.class); + } + + public UserRoleAuthConfig authorize(String... roles) { + Collection roleList = ArrayUtils.asList(roles); + authRoles.addAll(roleList); + unauthRoles.removeAll(roleList); + + return this; + } + + public UserRoleAuthConfig unauthorize(String... roles) { + Collection roleList = ArrayUtils.asList(roles); + unauthRoles.addAll(roleList); + authRoles.removeAll(roleList); + + return this; + } + } +} diff --git a/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java b/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java new file mode 100644 index 00000000..5d78e92c --- /dev/null +++ b/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java @@ -0,0 +1,89 @@ +/** + * Copyright: Copyright 2016-2020 JD.COM All Right Reserved + * FileName: com.jd.blockchain.sdk.samples.SDKDemo_RegisterUser + * Author: shaozhuguang + * Department: 区块链研发部 + * Date: 2018/10/18 下午2:00 + * Description: 注册用户 + */ +package com.jd.blockchain.sdk.samples; + +import com.jd.blockchain.binaryproto.DataContractRegistry; +import com.jd.blockchain.crypto.AsymmetricKeypair; +import com.jd.blockchain.crypto.HashDigest; +import com.jd.blockchain.crypto.PrivKey; +import com.jd.blockchain.crypto.PubKey; +import com.jd.blockchain.ledger.*; +import com.jd.blockchain.sdk.BlockchainService; +import com.jd.blockchain.sdk.client.GatewayServiceFactory; +import com.jd.blockchain.utils.ConsoleUtils; + +/** + * 注册用户 + * + * @author shaozhuguang + * @create 2018/10/18 + * @since 1.0.0 + */ + +public class SDKDemo_ConfigureSecurity { + public static void main(String[] args) { + + String GATEWAY_IPADDR = "127.0.0.1"; + int GATEWAY_PORT = 8081; + if (args != null && args.length == 2) { + GATEWAY_IPADDR = args[0]; + GATEWAY_PORT = Integer.parseInt(args[1]); + } + + // 注册相关class + DataContractRegistry.register(TransactionContent.class); + DataContractRegistry.register(TransactionContentBody.class); + DataContractRegistry.register(TransactionRequest.class); + DataContractRegistry.register(NodeRequest.class); + DataContractRegistry.register(EndpointRequest.class); + DataContractRegistry.register(TransactionResponse.class); + + PrivKey privKey = SDKDemo_Params.privkey1; + PubKey pubKey = SDKDemo_Params.pubKey1; + + BlockchainKeypair CLIENT_CERT = new BlockchainKeypair(SDKDemo_Params.pubKey0, SDKDemo_Params.privkey0); + + boolean SECURE = false; + GatewayServiceFactory serviceFactory = GatewayServiceFactory.connect(GATEWAY_IPADDR, GATEWAY_PORT, SECURE, + CLIENT_CERT); + BlockchainService service = serviceFactory.getBlockchainService(); + + HashDigest[] ledgerHashs = service.getLedgerHashs(); + // 在本地定义注册账号的 TX; + TransactionTemplate txTemp = service.newTransaction(ledgerHashs[0]); + + // existed signer + AsymmetricKeypair signer = getSigner(); + + BlockchainKeypair user = BlockchainKeyGenerator.getInstance().generate(); + + // 注册 + txTemp.users().register(user.getIdentity()); + + txTemp.security().roles().configure("ADMIN") + .enable(LedgerPermission.REGISTER_USER, LedgerPermission.REGISTER_DATA_ACCOUNT) + .enable(TransactionPermission.DIRECT_OPERATION).configure("GUEST") + .enable(TransactionPermission.CONTRACT_OPERATION); + + // TX 准备就绪; + PreparedTransaction prepTx = txTemp.prepare(); + + // 使用私钥进行签名; + prepTx.sign(signer); + + // 提交交易; + TransactionResponse transactionResponse = prepTx.commit(); + + ConsoleUtils.info("register user complete, result is [%s]", transactionResponse.isSuccess()); + } + + private static AsymmetricKeypair getSigner() { + return new BlockchainKeypair(SDKDemo_Params.pubKey1, SDKDemo_Params.privkey1); + } +} \ No newline at end of file diff --git a/source/tools/tools-initializer/src/main/java/com/jd/blockchain/tools/initializer/web/LedgerInitializeWebController.java b/source/tools/tools-initializer/src/main/java/com/jd/blockchain/tools/initializer/web/LedgerInitializeWebController.java index eab29145..2b930628 100644 --- a/source/tools/tools-initializer/src/main/java/com/jd/blockchain/tools/initializer/web/LedgerInitializeWebController.java +++ b/source/tools/tools-initializer/src/main/java/com/jd/blockchain/tools/initializer/web/LedgerInitializeWebController.java @@ -178,8 +178,7 @@ public class LedgerInitializeWebController implements LedgerInitProcess, LedgerI Properties csProps = ledgerInitProps.getConsensusConfig(); ConsensusProvider csProvider = ConsensusProviders.getProvider(ledgerInitProps.getConsensusProvider()); - ConsensusSettings csSettings = csProvider.getSettingsFactory() - .getConsensusSettingsBuilder() + ConsensusSettings csSettings = csProvider.getSettingsFactory().getConsensusSettingsBuilder() .createSettings(csProps, ledgerInitProps.getConsensusParticipantNodes()); setConsensusProvider(csProvider); @@ -405,6 +404,12 @@ public class LedgerInitializeWebController implements LedgerInitProcess, LedgerI return decision; } + /** + * 初始化账本数据,返回创始区块; + * + * @param ledgerEditor + * @return + */ private LedgerBlock initLedgerDataset(LedgerEditor ledgerEditor) { // 初始化时,自动将参与方注册为账本的用户; TxRequestBuilder txReqBuilder = new TxRequestBuilder(this.initTxContent); diff --git a/source/utils/utils-common/src/main/java/com/jd/blockchain/utils/ArrayUtils.java b/source/utils/utils-common/src/main/java/com/jd/blockchain/utils/ArrayUtils.java index c787a014..3f2c10a6 100644 --- a/source/utils/utils-common/src/main/java/com/jd/blockchain/utils/ArrayUtils.java +++ b/source/utils/utils-common/src/main/java/com/jd/blockchain/utils/ArrayUtils.java @@ -30,6 +30,13 @@ public abstract class ArrayUtils { return array; } + public static T[] toArray(Collection collection, Class clazz){ + @SuppressWarnings("unchecked") + T[] array = (T[]) Array.newInstance(clazz, collection.size()); + collection.toArray(array); + return array; + } + public static List asList(T[] array){ return asList(array, 0, array.length); }