added peer tls cert providers

Signed-off-by: Mikhail Boldyrev <miboldyrev@gmail.com>

irohad/main/CMakeLists.txt

@@ -47,6 +47,7 @@ add_library(application
     )
 target_link_libraries(application
     PRIVATE
+    peer_tls_certificates_providers
     tls_credentials
     yac
     yac_transport

irohad/main/application.cpp

@@ -41,6 +41,8 @@
 #include "multi_sig_transactions/transport/mst_transport_stub.hpp"
 #include "network/impl/block_loader_impl.hpp"
 #include "network/impl/peer_communication_service_impl.hpp"
+#include "network/impl/peer_tls_certificates_provider_root.hpp"
+#include "network/impl/peer_tls_certificates_provider_wsv.hpp"
 #include "network/impl/tls_credentials.hpp"
 #include "ordering/impl/kick_out_proposal_creation_strategy.hpp"
 #include "ordering/impl/on_demand_common.hpp"
@@ -155,6 +157,7 @@ Irohad::RunResult Irohad::init() {
   }
   | [this]{ return restoreWsv();}
   | [this]{ return initTlsCredentials();}
+  | [this]{ return initPeerCertProvider();}
   | [this]{ return initCryptoProvider();}
   | [this]{ return initBatchParser();}
   | [this]{ return initValidators();}
@@ -353,6 +356,71 @@ Irohad::RunResult Irohad::initTlsCredentials() {
       };
 }
 
+/**
+ * Initializing peers' certificates provider.
+ */
+Irohad::RunResult Irohad::initPeerCertProvider() {
+  using namespace iroha::expected;
+
+  if (not inter_peer_tls_config_) {
+    return {};
+  }
+
+  static const auto read_file =
+      [](const std::string &path) -> Result<std::string, std::string> {
+    try {
+      std::ifstream certificate_file(path);
+      std::stringstream ss;
+      ss << certificate_file.rdbuf();
+      return makeValue(ss.str());
+    } catch (const std::exception &e) {
+      return makeError(e.what());
+    }
+  };
+
+  using OptionalPeerCertProvider =
+      boost::optional<std::unique_ptr<const PeerTlsCertificatesProvider>>;
+  using PeerCertProviderResult = Result<OptionalPeerCertProvider, std::string>;
+
+  return iroha::visit_in_place(
+             inter_peer_tls_config_->peer_certificates,
+             [this](const IrohadConfig::InterPeerTls::RootCert &root)
+                 -> PeerCertProviderResult {
+               return read_file(root.path) |
+                   [&root, this](std::string &&root_cert) {
+                     log_->debug("Loaded root TLS certificate from '{}'.",
+                                 root.path);
+                     return OptionalPeerCertProvider{
+                         std::make_unique<PeerTlsCertificatesProviderRoot>(
+                             root_cert)};
+                   };
+             },
+             [this](const IrohadConfig::InterPeerTls::FromWsv &)
+                 -> PeerCertProviderResult {
+               auto opt_peer_query = this->storage->createPeerQuery();
+               if (not opt_peer_query) {
+                 return makeError(std::string{"Failed to get peer query."});
+               }
+               log_->debug("Prepared WSV peer certificate provider.");
+               return boost::make_optional(
+                   std::make_unique<PeerTlsCertificatesProviderWsv>(
+                       std::move(opt_peer_query).value()));
+             },
+             [this](const IrohadConfig::InterPeerTls::None &)
+                 -> PeerCertProviderResult {
+               log_->debug("Peer certificate provider not initialized.");
+               return OptionalPeerCertProvider{};
+             },
+             [](const auto &) -> PeerCertProviderResult {
+               return makeError("Unimplemented peer certificate provider.");
+             })
+             | [this](OptionalPeerCertProvider &&opt_peer_cert_provider)
+             -> RunResult {
+    this->peer_tls_certificates_provider_ = std::move(opt_peer_cert_provider);
+    return {};
+  };
+}
+
 /**
  * Initializing crypto provider
  */

irohad/main/application.hpp

@@ -41,9 +41,10 @@ namespace iroha {
   namespace network {
     class BlockLoader;
     class ConsensusGate;
-    class PeerCommunicationService;
     class MstTransport;
     class OrderingGate;
+    class PeerCommunicationService;
+    class PeerTlsCertificatesProvider;
     struct TlsCredentials;
   }  // namespace network
   namespace simulator {
@@ -162,6 +163,8 @@ class Irohad {
 
   RunResult initTlsCredentials();
 
+  RunResult initPeerCertProvider();
+
   virtual RunResult initCryptoProvider();
 
   virtual RunResult initBatchParser();
@@ -230,6 +233,9 @@ class Irohad {
       my_inter_peer_tls_creds_;
   boost::optional<std::shared_ptr<const iroha::network::TlsCredentials>>
       torii_tls_creds_;
+  boost::optional<
+      std::shared_ptr<const iroha::network::PeerTlsCertificatesProvider>>
+      peer_tls_certificates_provider_;
 
   std::unique_ptr<iroha::PendingTransactionStorageInit>
       pending_txs_storage_init;

irohad/main/iroha_conf_literals.cpp

@@ -10,6 +10,11 @@ namespace config_members {
   const char *ToriiPort = "torii_port";
   const char *ToriiTlsParams = "torii_tls_params";
   const char *InterPeerTls = "inter_peer_tls";
+  const char *PeerCertProvider = "peer_certificates";
+  const char *RootCert = "root_certificate";
+  const char *InLengerCerts = "from_ledger";
+  const char *Type = "type";
+  const char *Path = "path";
   const char *InternalPort = "internal_port";
   const char *KeyPairPath = "key_pair_path";
   const char *PgOpt = "pg_opt";

irohad/main/iroha_conf_literals.hpp

@@ -16,6 +16,11 @@ namespace config_members {
   extern const char *ToriiPort;
   extern const char *ToriiTlsParams;
   extern const char *InterPeerTls;
+  extern const char *PeerCertProvider;
+  extern const char *RootCert;
+  extern const char *InLengerCerts;
+  extern const char *Type;
+  extern const char *Path;
   extern const char *InternalPort;
   extern const char *KeyPairPath;
   extern const char *PgOpt;

irohad/main/iroha_conf_loader.cpp

@@ -385,6 +385,30 @@ inline void JsonDeserializerImpl::getVal<IrohadConfig::InterPeerTls>(
   assert_fatal(src.IsObject(), path + " must be a dictionary");
   const auto obj = src.GetObject();
   getValByKey(path, dest.my_tls_creds_path, obj, config_members::KeyPairPath);
+  getValByKey(
+      path, dest.peer_certificates, obj, config_members::PeerCertProvider);
+}
+
+template <>
+inline void
+JsonDeserializerImpl::getVal<IrohadConfig::InterPeerTls::PeerCertProvider>(
+    const std::string &path,
+    IrohadConfig::InterPeerTls::PeerCertProvider &dest,
+    const rapidjson::Value &src) {
+  assert_fatal(src.IsObject(), path + " must be a dictionary");
+  const auto obj = src.GetObject();
+  std::string type;
+  getValByKey(path, type, obj, config_members::Type);
+  if (type == config_members::RootCert) {
+    IrohadConfig::InterPeerTls::RootCert root_cert;
+    getValByKey(path, root_cert.path, obj, config_members::Path);
+    dest = std::move(root_cert);
+  } else if (type == config_members::InLengerCerts) {
+    dest = IrohadConfig::InterPeerTls::FromWsv{};
+  } else {
+    throw std::runtime_error{std::string{
+        "Unimplemented peer certificate provider type: '" + type + "'"}};
+  }
 }
 
 template <>

irohad/main/iroha_conf_loader.hpp

@@ -25,7 +25,15 @@ struct IrohadConfig {
   };
 
   struct InterPeerTls {
+    struct RootCert {
+      std::string path;
+    };
+    struct FromWsv {};
+    struct None {};
+    using PeerCertProvider = boost::variant<RootCert, FromWsv, None>;
+
     boost::optional<std::string> my_tls_creds_path;
+    PeerCertProvider peer_certificates;
   };
 
   // TODO: block_store_path is now optional, change docs IR-576

irohad/network/CMakeLists.txt

@@ -47,3 +47,12 @@ add_library(tls_credentials
 target_link_libraries(tls_credentials
     common
     )
+
+add_library(peer_tls_certificates_providers
+    impl/peer_tls_certificates_provider_root.cpp
+    impl/peer_tls_certificates_provider_wsv.cpp
+    )
+target_link_libraries(peer_tls_certificates_providers
+    logger
+    shared_model_interfaces
+    )

irohad/network/impl/peer_tls_certificates_provider_root.cpp

@@ -0,0 +1,24 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "network/impl/peer_tls_certificates_provider_root.hpp"
+
+using namespace iroha::network;
+using namespace iroha::expected;
+using namespace shared_model::interface::types;
+
+PeerTlsCertificatesProviderRoot::PeerTlsCertificatesProviderRoot(
+    TLSCertificateType root_certificate)
+    : root_certificate_(std::move(root_certificate)) {}
+
+Result<TLSCertificateType, std::string> PeerTlsCertificatesProviderRoot::get(
+    const shared_model::interface::Peer &) const {
+  return makeValue(root_certificate_);
+}
+
+Result<TLSCertificateType, std::string> PeerTlsCertificatesProviderRoot::get(
+    const PubkeyType &) const {
+  return makeValue(root_certificate_);
+}

irohad/network/impl/peer_tls_certificates_provider_root.hpp

@@ -0,0 +1,36 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef IROHA_PEER_TLS_CERTIFICATES_PROVIDER_ROOT_HPP
+#define IROHA_PEER_TLS_CERTIFICATES_PROVIDER_ROOT_HPP
+
+#include "network/peer_tls_certificates_provider.hpp"
+
+namespace iroha {
+  namespace network {
+
+    class PeerTlsCertificatesProviderRoot : public PeerTlsCertificatesProvider {
+     public:
+      PeerTlsCertificatesProviderRoot(
+          shared_model::interface::types::TLSCertificateType root_certificate);
+
+      iroha::expected::Result<
+          shared_model::interface::types::TLSCertificateType,
+          std::string>
+      get(const shared_model::interface::Peer &) const override;
+
+      iroha::expected::Result<
+          shared_model::interface::types::TLSCertificateType,
+          std::string>
+      get(const shared_model::interface::types::PubkeyType &) const override;
+
+     private:
+      shared_model::interface::types::TLSCertificateType root_certificate_;
+    };
+
+  }  // namespace network
+}  // namespace iroha
+
+#endif

irohad/network/impl/peer_tls_certificates_provider_wsv.cpp

@@ -0,0 +1,57 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include "network/impl/peer_tls_certificates_provider_wsv.hpp"
+
+#include <mutex>
+
+#include "ametsuchi/peer_query.hpp"
+#include "cryptography/public_key.hpp"
+#include "interfaces/common_objects/peer.hpp"
+
+using namespace iroha::expected;
+using namespace iroha::network;
+using namespace shared_model::interface::types;
+
+class PeerTlsCertificatesProviderWsv::Impl {
+ public:
+  Impl(std::shared_ptr<iroha::ametsuchi::PeerQuery> peer_query)
+      : peer_query_(std::move(peer_query)) {}
+
+  boost::optional<std::shared_ptr<shared_model::interface::Peer>>
+  getPeerFromWsv(
+      const shared_model::interface::types::PubkeyType &public_key) const {
+    std::lock_guard<std::mutex> lock(mutex_);
+    return peer_query_->getLedgerPeerByPublicKey(public_key);
+  }
+
+ private:
+  mutable std::mutex mutex_;
+  std::shared_ptr<iroha::ametsuchi::PeerQuery> peer_query_;
+};
+
+PeerTlsCertificatesProviderWsv::PeerTlsCertificatesProviderWsv(
+    std::shared_ptr<iroha::ametsuchi::PeerQuery> peer_query)
+    : impl_(std::make_unique<Impl>(std::move(peer_query))) {}
+
+PeerTlsCertificatesProviderWsv::~PeerTlsCertificatesProviderWsv() = default;
+
+Result<TLSCertificateType, std::string> PeerTlsCertificatesProviderWsv::get(
+    const shared_model::interface::Peer &peer) const {
+  if (not peer.tlsCertificate()) {
+    return makeError(peer.toString() + " does not have a certificate.");
+  }
+  return makeValue(peer.tlsCertificate().value());
+}
+
+Result<TLSCertificateType, std::string> PeerTlsCertificatesProviderWsv::get(
+    const shared_model::interface::types::PubkeyType &public_key) const {
+  auto opt_peer = impl_->getPeerFromWsv(public_key);
+  if (not opt_peer) {
+    return makeError(std::string{"Could not find peer by "}
+                     + public_key.toString());
+  }
+  return get(*opt_peer.value());
+}

irohad/network/impl/peer_tls_certificates_provider_wsv.hpp

@@ -0,0 +1,53 @@
+/**
+ * Copyright Soramitsu Co., Ltd. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef IROHA_PEER_TLS_CERTIFICATES_PROVIDER_WSV_HPP
+#define IROHA_PEER_TLS_CERTIFICATES_PROVIDER_WSV_HPP
+
+#include "network/peer_tls_certificates_provider.hpp"
+
+#include <memory>
+
+#include "interfaces/common_objects/types.hpp"
+
+namespace shared_model {
+  namespace interface {
+    class Peer;
+  }
+}  // namespace shared_model
+
+namespace iroha {
+  namespace ametsuchi {
+    class PeerQuery;
+  }
+  namespace network {
+
+    class PeerTlsCertificatesProviderWsv : public PeerTlsCertificatesProvider {
+     public:
+      PeerTlsCertificatesProviderWsv(
+          std::shared_ptr<iroha::ametsuchi::PeerQuery> peer_query);
+
+      ~PeerTlsCertificatesProviderWsv();
+
+      iroha::expected::Result<
+          shared_model::interface::types::TLSCertificateType,
+          std::string>
+      get(const shared_model::interface::Peer &peer) const override;
+
+      iroha::expected::Result<
+          shared_model::interface::types::TLSCertificateType,
+          std::string>
+      get(const shared_model::interface::types::PubkeyType &public_key)
+          const override;
+
+     private:
+      class Impl;
+      std::unique_ptr<Impl> impl_;
+    };
+
+  };  // namespace network
+};    // namespace iroha
+
+#endif