diff --git a/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java b/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java index 0baf7b40..3a2055f8 100644 --- a/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java +++ b/source/base/src/main/java/com/jd/blockchain/consts/DataCodes.java @@ -59,7 +59,7 @@ public interface DataCodes { public static final int TX_OP_ROLE_CONFIGURE_ENTRY = 0x371; - public static final int TX_OP_USER_ROLE_AUTHORIZE = 0x372; + public static final int TX_OP_USER_ROLES_AUTHORIZE = 0x372; public static final int TX_OP_USER_ROLE_AUTHORIZE_ENTRY = 0x373; diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserAuthorizeOperation.java similarity index 55% rename from source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java rename to source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserAuthorizeOperation.java index 12b230f0..d46bd1a6 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserRoleAuthorizeOperation.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/ledger/UserAuthorizeOperation.java @@ -12,42 +12,46 @@ import com.jd.blockchain.utils.Bytes; * @author huanghaiquan * */ -@DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE) -public interface UserRoleAuthorizeOperation extends Operation { +@DataContract(code = DataCodes.TX_OP_USER_ROLES_AUTHORIZE) +public interface UserAuthorizeOperation extends Operation { @DataField(order = 2, refContract = true, list = true) - UserRoleAuthEntry[] getUserRoleAuthorizations(); + UserRolesEntry[] getUserRolesAuthorizations(); @DataContract(code = DataCodes.TX_OP_USER_ROLE_AUTHORIZE_ENTRY) - public static interface UserRoleAuthEntry { + public static interface UserRolesEntry { + /** + * 用户地址; + * + * @return + */ @DataField(order = 0, primitiveType = PrimitiveType.BYTES) Bytes getUserAddress(); - @DataField(order = 2, primitiveType = PrimitiveType.INT64) - long getExplectedVersion(); - /** * 要更新的多角色权限策略; + * * @return */ - RolesPolicy getRolesPolicy(); + @DataField(order = 2, refEnum = true) + RolesPolicy getPolicy(); /** * 授权的角色清单; * * @return */ - @DataField(order = 1, primitiveType = PrimitiveType.TEXT) - String[] getAuthRoles(); - + @DataField(order = 3, primitiveType = PrimitiveType.TEXT, list = true) + String[] getAuthorizedRoles(); + /** * 取消授权的角色清单; * * @return */ - @DataField(order = 1, primitiveType = PrimitiveType.TEXT) - String[] getUnauthRoles(); + @DataField(order = 4, primitiveType = PrimitiveType.TEXT, list = true) + String[] getUnauthorizedRoles(); } } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java index d95a3d1f..efd2ead2 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/BlockchainOperationFactory.java @@ -175,7 +175,12 @@ public class BlockchainOperationFactory implements ClientOperator, LedgerInitOpe return rolesConfigurer; } - + @Override + public UserAuthorizer authorziations() { + UserAuthorizer userAuthorizer = SECURITY_OP_BUILDER.authorziations(); + operationList.add(userAuthorizer.getOperation()); + return userAuthorizer; + } } private class DataAccountRegisterOperationBuilderFilter implements DataAccountRegisterOperationBuilder { diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java index cb39f6b6..bba464e3 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/PreparedTx.java @@ -7,13 +7,8 @@ import java.util.Comparator; import org.springframework.cglib.proxy.UndeclaredThrowableException; -import com.jd.blockchain.binaryproto.BinaryProtocol; import com.jd.blockchain.crypto.AsymmetricKeypair; -import com.jd.blockchain.crypto.Crypto; import com.jd.blockchain.crypto.HashDigest; -import com.jd.blockchain.crypto.PrivKey; -import com.jd.blockchain.crypto.SignatureDigest; -import com.jd.blockchain.crypto.SignatureFunction; import com.jd.blockchain.ledger.DigitalSignature; import com.jd.blockchain.ledger.OperationResult; import com.jd.blockchain.ledger.PreparedTransaction; diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java index cfdd3a6f..13539536 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolePrivilegeConfigurer.java @@ -3,7 +3,7 @@ package com.jd.blockchain.transaction; import com.jd.blockchain.ledger.LedgerPermission; import com.jd.blockchain.ledger.TransactionPermission; -public interface RolePrivilegeConfigurer { +public interface RolePrivilegeConfigurer extends RolesConfigure { String getRoleName(); @@ -15,5 +15,4 @@ public interface RolePrivilegeConfigurer { RolePrivilegeConfigurer enable(LedgerPermission... permissions); - RolePrivilegeConfigurer configure(String roleName); } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigure.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigure.java new file mode 100644 index 00000000..4626fa5a --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigure.java @@ -0,0 +1,7 @@ +package com.jd.blockchain.transaction; + +public interface RolesConfigure { + + RolePrivilegeConfigurer configure(String roleName); + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java index 16adf9a3..0621a626 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/RolesConfigurer.java @@ -2,10 +2,8 @@ package com.jd.blockchain.transaction; import com.jd.blockchain.ledger.RolesConfigureOperation; -public interface RolesConfigurer { +public interface RolesConfigurer extends RolesConfigure { RolesConfigureOperation getOperation(); - - RolePrivilegeConfigurer configure(String roleName); } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java index 692a08e7..f3b6622c 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilder.java @@ -3,14 +3,17 @@ package com.jd.blockchain.transaction; public interface SecurityOperationBuilder { /** - * 注册; + * 配置角色; * - * @param id - * 区块链身份; - * @param stateType - * 负载类型; * @return */ RolesConfigurer roles(); + /** + * 授权用户; + * + * @return + */ + UserAuthorizer authorziations(); + } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java index dd5a87e5..ce271fce 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/SecurityOperationBuilderImpl.java @@ -7,4 +7,9 @@ public class SecurityOperationBuilderImpl implements SecurityOperationBuilder{ return new RolesConfigureOpTemplate(); } + @Override + public UserAuthorizer authorziations() { + return new UserAuthorizeOpTemplate(); + } + } diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java index ef4df764..d8627974 100644 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/TxRequestBuilder.java @@ -7,9 +7,6 @@ import com.jd.blockchain.binaryproto.BinaryProtocol; import com.jd.blockchain.crypto.AsymmetricKeypair; import com.jd.blockchain.crypto.Crypto; import com.jd.blockchain.crypto.HashDigest; -import com.jd.blockchain.crypto.PrivKey; -import com.jd.blockchain.crypto.PubKey; -import com.jd.blockchain.crypto.SignatureDigest; import com.jd.blockchain.ledger.DigitalSignature; import com.jd.blockchain.ledger.NodeRequest; import com.jd.blockchain.ledger.TransactionContent; diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorize.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorize.java new file mode 100644 index 00000000..deb184d3 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorize.java @@ -0,0 +1,12 @@ +package com.jd.blockchain.transaction; + +import com.jd.blockchain.ledger.BlockchainIdentity; +import com.jd.blockchain.utils.Bytes; + +public interface UserAuthorize { + + UserRolesAuthorizer forUser(BlockchainIdentity userId); + + UserRolesAuthorizer forUser(Bytes userAddress); + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java new file mode 100644 index 00000000..40670e8c --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizeOpTemplate.java @@ -0,0 +1,131 @@ +package com.jd.blockchain.transaction; + +import java.util.Collections; +import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Set; + +import com.jd.blockchain.binaryproto.DataContractRegistry; +import com.jd.blockchain.ledger.BlockchainIdentity; +import com.jd.blockchain.ledger.RolesPolicy; +import com.jd.blockchain.ledger.SecurityUtils; +import com.jd.blockchain.ledger.UserAuthorizeOperation; +import com.jd.blockchain.ledger.UserRegisterOperation; +import com.jd.blockchain.utils.ArrayUtils; +import com.jd.blockchain.utils.Bytes; + +public class UserAuthorizeOpTemplate implements UserAuthorizer, UserAuthorizeOperation { + + static { + DataContractRegistry.register(UserRegisterOperation.class); + } + + private Map userAuthMap = Collections + .synchronizedMap(new LinkedHashMap()); + + public UserAuthorizeOpTemplate() { + } + + public UserAuthorizeOpTemplate(BlockchainIdentity userID) { + } + + @Override + public UserRolesAuthorization[] getUserRolesAuthorizations() { + return ArrayUtils.toArray(userAuthMap.values(), UserRolesAuthorization.class); + } + + @Override + public UserAuthorizeOperation getOperation() { + return this; + } + + @Override + public UserRolesAuthorizer forUser(Bytes userAddress) { + UserRolesAuthorization userRolesAuth = userAuthMap.get(userAddress); + if (userRolesAuth == null) { + userRolesAuth = new UserRolesAuthorization(userAddress); + userAuthMap.put(userAddress, userRolesAuth); + } + return userRolesAuth; + } + + @Override + public UserRolesAuthorizer forUser(BlockchainIdentity userId) { + return forUser(userId.getAddress()); + } + + private class UserRolesAuthorization implements UserRolesAuthorizer, UserRolesEntry { + + private Bytes userAddress; + + private RolesPolicy policy = RolesPolicy.UNION; + + private Set authRoles = new LinkedHashSet(); + private Set unauthRoles = new LinkedHashSet(); + + private UserRolesAuthorization(Bytes userAddress) { + this.userAddress = userAddress; + } + + @Override + public Bytes getUserAddress() { + return userAddress; + } + + @Override + public RolesPolicy getPolicy() { + return policy; + } + + @Override + public String[] getAuthorizedRoles() { + return ArrayUtils.toArray(authRoles, String.class); + } + + @Override + public String[] getUnauthorizedRoles() { + return ArrayUtils.toArray(unauthRoles, String.class); + } + + @Override + public UserRolesAuthorizer setPolicy(RolesPolicy policy) { + this.policy = policy; + return this; + } + + @Override + public UserRolesAuthorizer authorize(String... roles) { + String roleName; + for (String r : roles) { + roleName = SecurityUtils.formatRoleName(r); + authRoles.add(roleName); + unauthRoles.remove(roleName); + } + + return this; + } + + @Override + public UserRolesAuthorizer unauthorize(String... roles) { + String roleName; + for (String r : roles) { + roleName = SecurityUtils.formatRoleName(r); + unauthRoles.add(roleName); + authRoles.remove(roleName); + } + + return this; + } + + @Override + public UserRolesAuthorizer forUser(BlockchainIdentity userId) { + return UserAuthorizeOpTemplate.this.forUser(userId); + } + + @Override + public UserRolesAuthorizer forUser(Bytes userAddress) { + return UserAuthorizeOpTemplate.this.forUser(userAddress); + } + } +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizer.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizer.java new file mode 100644 index 00000000..66f083c7 --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserAuthorizer.java @@ -0,0 +1,9 @@ +package com.jd.blockchain.transaction; + +import com.jd.blockchain.ledger.UserAuthorizeOperation; + +public interface UserAuthorizer extends UserAuthorize { + + UserAuthorizeOperation getOperation(); + +} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java deleted file mode 100644 index fc425987..00000000 --- a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRoleAuthorizeOpTemplate.java +++ /dev/null @@ -1,93 +0,0 @@ -package com.jd.blockchain.transaction; - -import java.util.Collection; -import java.util.LinkedHashMap; -import java.util.LinkedHashSet; -import java.util.Map; -import java.util.Set; - -import com.jd.blockchain.binaryproto.DataContractRegistry; -import com.jd.blockchain.ledger.BlockchainIdentity; -import com.jd.blockchain.ledger.RolesPolicy; -import com.jd.blockchain.ledger.UserRegisterOperation; -import com.jd.blockchain.ledger.UserRoleAuthorizeOperation; -import com.jd.blockchain.utils.ArrayUtils; -import com.jd.blockchain.utils.Bytes; - -public class UserRoleAuthorizeOpTemplate implements UserRoleAuthorizeOperation { - - static { - DataContractRegistry.register(UserRegisterOperation.class); - } - - private Map rolesMap = new LinkedHashMap(); - - public UserRoleAuthorizeOpTemplate() { - } - - public UserRoleAuthorizeOpTemplate(BlockchainIdentity userID) { - } - - @Override - public UserRoleAuthConfig[] getUserRoleAuthorizations() { - return ArrayUtils.toArray(rolesMap.values(), UserRoleAuthConfig.class); - } - - public static class UserRoleAuthConfig implements UserRoleAuthEntry { - - private Bytes userAddress; - - private long expectedVersion; - - private RolesPolicy rolePolicy; - - private Set authRoles = new LinkedHashSet(); - private Set unauthRoles = new LinkedHashSet(); - - private UserRoleAuthConfig(Bytes userAddress, long expectedVersion) { - this.userAddress = userAddress; - - } - - @Override - public Bytes getUserAddress() { - return userAddress; - } - - @Override - public long getExplectedVersion() { - return expectedVersion; - } - - @Override - public RolesPolicy getRolesPolicy() { - return rolePolicy; - } - - @Override - public String[] getAuthRoles() { - return ArrayUtils.toArray(authRoles, String.class); - } - - @Override - public String[] getUnauthRoles() { - return ArrayUtils.toArray(unauthRoles, String.class); - } - - public UserRoleAuthConfig authorize(String... roles) { - Collection roleList = ArrayUtils.asList(roles); - authRoles.addAll(roleList); - unauthRoles.removeAll(roleList); - - return this; - } - - public UserRoleAuthConfig unauthorize(String... roles) { - Collection roleList = ArrayUtils.asList(roles); - unauthRoles.addAll(roleList); - authRoles.removeAll(roleList); - - return this; - } - } -} diff --git a/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRolesAuthorizer.java b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRolesAuthorizer.java new file mode 100644 index 00000000..2a58858a --- /dev/null +++ b/source/ledger/ledger-model/src/main/java/com/jd/blockchain/transaction/UserRolesAuthorizer.java @@ -0,0 +1,13 @@ +package com.jd.blockchain.transaction; + +import com.jd.blockchain.ledger.RolesPolicy; + +public interface UserRolesAuthorizer extends UserAuthorize { + + UserRolesAuthorizer authorize(String... roles); + + UserRolesAuthorizer unauthorize(String... roles); + + UserRolesAuthorizer setPolicy(RolesPolicy rolePolicy); + +} diff --git a/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java b/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java index 5d78e92c..d7d2170b 100644 --- a/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java +++ b/source/sdk/sdk-samples/src/main/java/com/jd/blockchain/sdk/samples/SDKDemo_ConfigureSecurity.java @@ -66,11 +66,19 @@ public class SDKDemo_ConfigureSecurity { // 注册 txTemp.users().register(user.getIdentity()); - txTemp.security().roles().configure("ADMIN") + txTemp.security().roles() + .configure("ADMIN") .enable(LedgerPermission.REGISTER_USER, LedgerPermission.REGISTER_DATA_ACCOUNT) - .enable(TransactionPermission.DIRECT_OPERATION).configure("GUEST") + .enable(TransactionPermission.DIRECT_OPERATION) + .configure("GUEST") .enable(TransactionPermission.CONTRACT_OPERATION); + txTemp.security().authorziations() + .forUser(user.getIdentity()) + .authorize("ADMIN", "MANAGER") + .forUser(CLIENT_CERT.getAddress()) + .authorize("GUEST"); + // TX 准备就绪; PreparedTransaction prepTx = txTemp.prepare();