Add TLS certificate field to Peer

Signed-off-by: Leonid Lygin <ionagamed@gmail.com> Signed-off-by: Mikhail Boldyrev <miboldyrev@gmail.com>
hyperledger · Oct 9, 2019 · 218cc8c · 218cc8c
1 parent 0a7be00
commit 218cc8c
Show file tree

Hide file tree

Showing 34 changed files with 297 additions and 68 deletions.
diff --git a/irohad/ametsuchi/impl/mutable_storage_impl.cpp b/irohad/ametsuchi/impl/mutable_storage_impl.cpp
@@ -48,8 +48,13 @@ namespace iroha {
         std::shared_ptr<const shared_model::interface::Block> block,
         MutableStoragePredicate predicate) {
       auto execute_transaction = [this](auto &transaction) -> bool {
-        return expected::hasValue(
-            transaction_executor_->execute(transaction, false));
+        auto result = transaction_executor_->execute(transaction, false);
+        auto error = expected::resultToOptionalError(result);
+        if (error) {
+          log_->error(error->command_error.toString());
+        }
+        auto ok = !error;
+        return ok;
       };
 
       log_->info("Applying block: height {}, hash {}",

diff --git a/irohad/ametsuchi/impl/postgres_command_executor.cpp b/irohad/ametsuchi/impl/postgres_command_executor.cpp
@@ -449,6 +449,13 @@ namespace iroha {
         arguments_string_builder_.append(argument_name, value);
       }
 
+      void addArgumentToString(const std::string &argument_name,
+                               const boost::optional<std::string> &value) {
+        if (value) {
+          addArgumentToString(argument_name, *value);
+        }
+      }
+
       template <typename T>
       std::enable_if_t<std::is_arithmetic<T>::value> addArgumentToString(
           const std::string &argument_name, const T &value) {
@@ -563,9 +570,9 @@ namespace iroha {
           R"(
           WITH %s
             inserted AS (
-                INSERT INTO peer(public_key, address)
+                INSERT INTO peer(public_key, address, tls_certificate)
                 (
-                    SELECT :pubkey, :address
+                    SELECT :pubkey, :address, :tls_certificate
                     %s
                 ) RETURNING (1)
             )
@@ -1411,6 +1418,7 @@ namespace iroha {
       executor.use("creator", creator_account_id);
       executor.use("address", peer.address());
       executor.use("pubkey", peer.pubkey().hex());
+      executor.use("tls_certificate", peer.tlsCertificate());
 
       return executor.execute();
     }

diff --git a/irohad/ametsuchi/impl/postgres_specific_query_executor.cpp b/irohad/ametsuchi/impl/postgres_specific_query_executor.cpp
@@ -1331,13 +1331,14 @@ namespace iroha {
         const shared_model::interface::GetPeers &q,
         const shared_model::interface::types::AccountIdType &creator_id,
         const shared_model::interface::types::HashType &query_hash) {
-      using QueryTuple =
-          QueryType<std::string, shared_model::interface::types::AddressType>;
+      using QueryTuple = QueryType<std::string,
+                                   shared_model::interface::types::AddressType,
+                                   std::string>;
       using PermissionTuple = boost::tuple<int>;
 
       auto cmd = (boost::format(
                       R"(WITH has_perms AS (%s)
-      SELECT public_key, address, perm FROM peer
+      SELECT public_key, address, tls_certificate, perm FROM peer
       RIGHT OUTER JOIN has_perms ON TRUE
       )") % getAccountRolePermissionCheckSql(Role::kGetPeers))
                      .str();
@@ -1349,16 +1350,26 @@ namespace iroha {
           },
           query_hash,
           [&](auto range, auto &) {
-            auto range_without_nulls = resultWithoutNulls(std::move(range));
             shared_model::interface::types::PeerList peers;
-            for (const auto &row : range_without_nulls) {
+            for (const auto &row : range) {
               iroha::ametsuchi::apply(
-                  row, [&peers](auto &peer_key, auto &address) {
-                    peers.push_back(std::make_shared<shared_model::plain::Peer>(
-                        address,
-                        shared_model::interface::types::PubkeyType{
-                            shared_model::crypto::Blob::fromHexString(
-                                peer_key)}));
+                  row,
+                  [this, &peers](
+                      auto &peer_key, auto &address, auto &tls_certificate) {
+                    if (peer_key and address) {
+                      peers.push_back(
+                          std::make_shared<shared_model::plain::Peer>(
+                              *address,
+                              shared_model::interface::types::PubkeyType{
+                                  shared_model::crypto::Blob::fromHexString(
+                                      *peer_key)},
+                              tls_certificate));
+                    } else {
+                      log_->error(
+                          "Address or public key not set for some peer!");
+                      assert(peer_key);
+                      assert(address);
+                    }
                   });
             }
             return query_response_factory_->createPeersResponse(peers,

diff --git a/irohad/ametsuchi/impl/postgres_wsv_command.cpp b/irohad/ametsuchi/impl/postgres_wsv_command.cpp
@@ -313,15 +313,14 @@ namespace iroha {
     WsvCommandResult PostgresWsvCommand::insertPeer(
         const shared_model::interface::Peer &peer) {
       soci::statement st = sql_.prepare
-          << "INSERT INTO peer(public_key, address) VALUES (:pk, :address)";
+          << "INSERT INTO peer(public_key, address, tls_certificate)"
+             " VALUES (:pk, :address, :tls_certificate)";
       st.exchange(soci::use(peer.pubkey().hex()));
       st.exchange(soci::use(peer.address()));
+      st.exchange(soci::use(peer.tlsCertificate()));
 
       auto msg = [&] {
-        return (boost::format(
-                    "failed to insert peer, public key: '%s', address: '%s'")
-                % peer.pubkey().hex() % peer.address())
-            .str();
+        return (boost::format("failed to insert %s") % peer.toString()).str();
       };
       return execute(st, msg);
     }

diff --git a/irohad/ametsuchi/impl/postgres_wsv_query.cpp b/irohad/ametsuchi/impl/postgres_wsv_query.cpp
@@ -18,12 +18,14 @@ namespace {
   getPeersFromSociRowSet(T &&rowset) {
     return iroha::ametsuchi::flatMapValues<
         std::vector<std::shared_ptr<shared_model::interface::Peer>>>(
-        std::forward<T>(rowset), [&](auto &public_key, auto &address) {
+        std::forward<T>(rowset),
+        [&](auto &public_key, auto &address, auto &tls_certificate) {
           return boost::make_optional(
               std::make_shared<shared_model::plain::Peer>(
                   address,
                   shared_model::crypto::PublicKey{
-                      shared_model::crypto::Blob::fromHexString(public_key)}));
+                      shared_model::crypto::Blob::fromHexString(public_key)},
+                  tls_certificate));
         });
   }
 }  // namespace
@@ -34,6 +36,7 @@ namespace iroha {
     using shared_model::interface::types::AccountIdType;
     using shared_model::interface::types::AddressType;
     using shared_model::interface::types::PubkeyType;
+    using shared_model::interface::types::TLSCertificateType;
 
     PostgresWsvQuery::PostgresWsvQuery(soci::session &sql,
                                        logger::LoggerPtr log)
@@ -71,20 +74,23 @@ namespace iroha {
 
     boost::optional<std::vector<std::shared_ptr<shared_model::interface::Peer>>>
     PostgresWsvQuery::getPeers() {
-      using T = boost::tuple<std::string, AddressType>;
+      using T = boost::
+          tuple<std::string, AddressType, boost::optional<TLSCertificateType>>;
       auto result = execute<T>([&] {
-        return (sql_.prepare << "SELECT public_key, address FROM peer");
+        return (sql_.prepare
+                << "SELECT public_key, address, tls_certificate FROM peer");
       });
 
       return getPeersFromSociRowSet(result);
     }
 
     boost::optional<std::shared_ptr<shared_model::interface::Peer>>
     PostgresWsvQuery::getPeerByPublicKey(const PubkeyType &public_key) {
-      using T = boost::tuple<std::string, AddressType>;
+      using T = boost::
+          tuple<std::string, AddressType, boost::optional<TLSCertificateType>>;
       auto result = execute<T>([&] {
         return (sql_.prepare << R"(
-            SELECT public_key, address
+            SELECT public_key, address, tls_certificate
             FROM peer
             WHERE public_key = :public_key)",
                 soci::use(public_key.hex(), "public_key"));

diff --git a/irohad/main/CMakeLists.txt b/irohad/main/CMakeLists.txt
@@ -94,8 +94,9 @@ add_library(iroha_conf_loader iroha_conf_loader.cpp)
 target_link_libraries(iroha_conf_loader
     iroha_conf_literals
     logger_manager
+    libs_files
     rapidjson
-)
+    )
 
 add_library(iroha_conf_literals iroha_conf_literals.cpp)
 target_link_libraries(iroha_conf_literals

diff --git a/irohad/main/impl/pg_connection_init.cpp b/irohad/main/impl/pg_connection_init.cpp
@@ -244,6 +244,7 @@ CREATE TABLE IF NOT EXISTS account_has_signatory (
 CREATE TABLE IF NOT EXISTS peer (
     public_key varchar NOT NULL,
     address character varying(261) NOT NULL UNIQUE,
+    tls_certificate varchar,
     PRIMARY KEY (public_key)
 );
 CREATE TABLE IF NOT EXISTS asset (

diff --git a/irohad/main/iroha_conf_literals.cpp b/irohad/main/iroha_conf_literals.cpp
@@ -40,4 +40,5 @@ namespace config_members {
   const char *Address = "address";
   const char *PublicKey = "public_key";
   const char *InitialPeers = "initial_peers";
+  const char *TlsCertificatePath = "tls_certificate_path";
 }  // namespace config_members
diff --git a/irohad/main/iroha_conf_literals.hpp b/irohad/main/iroha_conf_literals.hpp
@@ -40,6 +40,7 @@ namespace config_members {
   extern const char *InitialPeers;
   extern const char *Address;
   extern const char *PublicKey;
+  extern const char *TlsCertificatePath;
 
 }  // namespace config_members
 

diff --git a/irohad/main/iroha_conf_loader.cpp b/irohad/main/iroha_conf_loader.cpp
@@ -15,6 +15,7 @@
 #include <rapidjson/rapidjson.h>
 #include <boost/algorithm/string/join.hpp>
 #include <boost/range/adaptor/map.hpp>
+#include "common/files.hpp"
 #include "cryptography/public_key.hpp"
 #include "main/iroha_conf_literals.hpp"
 #include "torii/tls_params.hpp"
@@ -336,11 +337,28 @@ JsonDeserializerImpl::getVal<std::unique_ptr<shared_model::interface::Peer>>(
   getValByKey(path, address, obj, config_members::Address);
   std::string public_key_str;
   getValByKey(path, public_key_str, obj, config_members::PublicKey);
+  boost::optional<std::string> tls_certificate_path =
+      getOptValByKey<std::string>(
+          path, obj, config_members::TlsCertificatePath);
+
+  boost::optional<std::string> tls_certificate_str;
+  if (tls_certificate_path) {
+    iroha::readFile(*tls_certificate_path)
+        .match([&tls_certificate_str](
+                   const auto &v) { tls_certificate_str = v.value; },
+               [this, &path](const auto &e) {
+                 this->assert_fatal(false,
+                                    "Error reading file specified in " + path
+                                        + ": " + e.error);
+               });
+  }
+
   common_objects_factory_
       ->createPeer(
           address,
           shared_model::crypto::PublicKey(
-              shared_model::crypto::Blob::fromHexString(public_key_str)))
+              shared_model::crypto::Blob::fromHexString(public_key_str)),
+          tls_certificate_str)
       .match([&dest](auto &&v) { dest = std::move(v.value); },
              [&path](const auto &error) {
                throw std::runtime_error("Failed to create a peer at '" + path

diff --git a/libs/common/files.cpp b/libs/common/files.cpp
@@ -6,10 +6,20 @@
 #include "common/files.hpp"
 
 #include <ciso646>
+#include <fstream>
+#include <sstream>
 
 #include <boost/filesystem.hpp>
+#include <boost/format.hpp>
 #include "logger/logger.hpp"
 
+namespace {
+  auto makeCannotReadFileError(const std::string &path) {
+    return iroha::expected::makeError(
+        (boost::format("File '%1%' could not be read") % path).str());
+  }
+}  // namespace
+
 void iroha::remove_dir_contents(const std::string &dir,
                                 const logger::LoggerPtr &log) {
   boost::system::error_code error_code;
@@ -40,3 +50,18 @@ void iroha::remove_dir_contents(const std::string &dir,
       log->error("{}", error_code.message());
   }
 }
+
+iroha::expected::Result<std::string, std::string> iroha::readFile(
+    const std::string &path) {
+  std::ifstream file(path);
+  if (!file) {
+    return makeCannotReadFileError(path);
+  }
+
+  std::stringstream ss;
+  ss << file.rdbuf();
+  if (!ss) {
+    return makeCannotReadFileError(path);
+  }
+  return iroha::expected::makeValue(ss.str());
+}
diff --git a/libs/common/files.hpp b/libs/common/files.hpp
@@ -8,6 +8,7 @@
 
 #include <string>
 
+#include "common/result.hpp"
 #include "logger/logger_fwd.hpp"
 
 /**
@@ -23,5 +24,13 @@ namespace iroha {
    */
   void remove_dir_contents(const std::string &dir,
                            const logger::LoggerPtr &log);
+
+  /**
+   * Read file, and either return its contents as a string
+   * or return the error as a string
+   * @param path - path to the file
+   */
+  iroha::expected::Result<std::string, std::string> readFile(
+      const std::string &path);
 }  // namespace iroha
 #endif  // IROHA_FILES_HPP
diff --git a/shared_model/backend/plain/impl/peer.cpp b/shared_model/backend/plain/impl/peer.cpp
@@ -9,8 +9,12 @@ using namespace shared_model;
 using namespace shared_model::plain;
 
 Peer::Peer(const interface::types::AddressType &address,
-           const interface::types::PubkeyType &public_key)
-    : address_(address), public_key_(public_key) {}
+           const interface::types::PubkeyType &public_key,
+           const boost::optional<interface::types::TLSCertificateType>
+               &tls_certificate)
+    : address_(address),
+      public_key_(public_key),
+      tls_certificate_(tls_certificate) {}
 
 const shared_model::interface::types::AddressType &Peer::address() const {
   return address_;
@@ -19,3 +23,8 @@ const shared_model::interface::types::AddressType &Peer::address() const {
 const shared_model::interface::types::PubkeyType &Peer::pubkey() const {
   return public_key_;
 }
+
+const boost::optional<shared_model::interface::types::TLSCertificateType>
+    &Peer::tlsCertificate() const {
+  return tls_certificate_;
+}
diff --git a/shared_model/backend/plain/peer.hpp b/shared_model/backend/plain/peer.hpp
@@ -9,21 +9,30 @@
 #include "cryptography/public_key.hpp"
 #include "interfaces/common_objects/peer.hpp"
 
+#include <boost/optional.hpp>
+
 namespace shared_model {
   namespace plain {
 
     class Peer final : public interface::Peer {
      public:
       Peer(const interface::types::AddressType &address,
-           const interface::types::PubkeyType &public_key);
+           const interface::types::PubkeyType &public_key,
+           const boost::optional<interface::types::TLSCertificateType>
+               &tls_certificate);
 
       const interface::types::AddressType &address() const override;
 
       const interface::types::PubkeyType &pubkey() const override;
 
+      const boost::optional<interface::types::TLSCertificateType>
+          &tlsCertificate() const override;
+
      private:
       const interface::types::AddressType address_;
       const interface::types::PubkeyType public_key_;
+      const boost::optional<interface::types::TLSCertificateType>
+          tls_certificate_;
     };
 
   }  // namespace plain