Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(connector-iroha): add tls encryption #2202

Closed
wants to merge 1 commit into from
Closed

feat(connector-iroha): add tls encryption #2202

wants to merge 1 commit into from

Conversation

yashrajdesai
Copy link
Contributor

Enable TLS encryption in the Iroha-cactus connector plugin.
Referred: https://iroha.readthedocs.io/en/develop/configure/torii-tls.html

Signed-off-by: yashrajdesai yashrajdesai30@gmail.com

@yashrajdesai
feat(connector-iroha): add tls encryption
ed760fe 
Signed-off-by: yashrajdesai <yashrajdesai30@gmail.com>
@yashrajdesai
Copy link
Contributor Author

@baziorek @petermetz Please help to test the TLS connection.

@baziorek
Copy link
Member

This PR is related to the issue: #1251

@petermetz
Copy link
Member

@baziorek @petermetz Please help to test the TLS connection.

@yashrajdesai Please try specifying the protocol prior to the hostname as https:// to see if that makes it work (based on the crashlog I obtained at the pair programming session this morning)

baziorek
baziorek reviewed Nov 16, 2022
View reviewed changes
Copy link
Member

@baziorek baziorek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If You are using default Iroha docker container, probably You are using default config files. The default config is here:
https://github.com/hyperledger/iroha/blob/main/example/config.docker
The default config does not contain TLS configuration, so You need to add its to the file:

"torii_tls_params": {
    "port": 55552,
    "key_pair_path": "/path/to/server"
}

according to the documentation:
https://iroha.readthedocs.io/en/develop/configure/torii-tls.html#configuring-irohad

I assume that the file would be here:

/opt/iroha_data/config.docker

just change the file before starting iroha container and everything should work.

...es/cactus-plugin-ledger-connector-iroha/src/main/typescript/plugin-ledger-connector-iroha.ts
@@ -685,8 +685,10 @@ export class PluginLedgerConnectorIroha
const irohaHostPort = `${baseConfig.irohaHost}:${baseConfig.irohaPort}`;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is different port for normal (not TLS) connection and TLS connection.
Those settings are in config file:
https://iroha.readthedocs.io/en/develop/configure/index.html

  • torii_port - is for normal connection
"torii_tls_params": {
    "port": 55552,
    "key_pair_path": "/path/to/server"
}

  • is for TLS

  • for normal connection there is

...n-ledger-connector-iroha/src/test/typescript/integration/run-transaction-endpoint-v1.test.ts
@@ -81,6 +83,8 @@ test(testCase, async (t: Test) => {
postgresHost: postgresHost,
postgresPort: postgresPort,
logLevel: logLevel,
tlsCert: "/opt/iroha_data/torii_tls/server",
tlsKey: "/opt/iroha_data/torii_tls/server",
});
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding certificates does not make Iroha server to use them, You need to set up those patches and port to config file:

"torii_tls_params": {
    "port": 55552,
    "key_pair_path": "/path/to/server"
}

@petermetz
Copy link
Member

@yashrajdesai @baziorek Closing this for now because we are tidying up stale PRs in the queue. Feel free to re-open anytime in the future!

@petermetz petermetz closed this Aug 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@baziorek baziorek baziorek left review comments

@petermetz petermetz Awaiting requested review from petermetz petermetz will be requested when the pull request is marked ready for review petermetz is a code owner

@takeutak takeutak Awaiting requested review from takeutak takeutak will be requested when the pull request is marked ready for review takeutak is a code owner

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 will be requested when the pull request is marked ready for review izuru0 is a code owner

@jagpreetsinghsasan jagpreetsinghsasan Awaiting requested review from jagpreetsinghsasan jagpreetsinghsasan will be requested when the pull request is marked ready for review jagpreetsinghsasan is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna will be requested when the pull request is marked ready for review VRamakrishna is a code owner

@sandeepnRES sandeepnRES Awaiting requested review from sandeepnRES sandeepnRES will be requested when the pull request is marked ready for review sandeepnRES is a code owner

@outSH outSH Awaiting requested review from outSH outSH will be requested when the pull request is marked ready for review outSH is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@yashrajdesai @baziorek @petermetz