Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bugfix/whitelist filter #992

Merged
merged 29 commits into from
Feb 7, 2020
Merged

Bugfix/whitelist filter #992

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
45d5c5a
Allow partyinfo to update existing key with new url. This was the beh…
namtruong Dec 31, 2019
97bc8b6
Update unit test for partyinfo service
namtruong Dec 31, 2019
cde9377
Merge remote-tracking branch 'origin/master'
namtruong Dec 31, 2019
fd55e8a
Make partyinfo requests asynchronous
namtruong Jan 2, 2020
a59dfb0
Fix race condition in unit test
namtruong Jan 3, 2020
878d23c
Fix race condition in unit test
namtruong Jan 6, 2020
9c4a152
Switch to using an executor and fix unit test
namtruong Jan 6, 2020
348c1c6
Merge remote-tracking branch 'origin/master'
namtruong Jan 7, 2020
233fe42
Switch to using newCachedThreadPool for more flexibility in terms of …
namtruong Jan 7, 2020
cfe944b
make partyinfo polling interval configurable
namtruong Jan 13, 2020
9b1c315
set p2p client connectTimeout and readTimeout based on polling interval
namtruong Jan 13, 2020
7f99179
remove unused imports
namtruong Jan 13, 2020
5ad4e43
set default value to 5000 milliseconds
namtruong Jan 13, 2020
82ea6e6
Merge remote-tracking branch 'origin/master'
namtruong Jan 14, 2020
6b4e9c1
Merge remote-tracking branch 'origin/master'
namtruong Jan 17, 2020
444df62
enforce whitelist filtering if peer auto-discovery is being disabled
namtruong Jan 17, 2020
9377afb
Merge remote-tracking branch 'origin/master'
namtruong Jan 17, 2020
19b0d12
Merge remote-tracking branch 'origin/master'
namtruong Jan 20, 2020
802e7e2
Merge remote-tracking branch 'origin/master'
namtruong Jan 22, 2020
d699ae7
Merge remote-tracking branch 'origin/master'
namtruong Jan 22, 2020
d383e5d
Separate p2pclient and resend client. Add factory and unit tests
namtruong Jan 22, 2020
f96969c
Add RestResendClient, Factory and unit test
namtruong Jan 22, 2020
7d3ec4c
Merge remote-tracking branch 'origin/master'
namtruong Feb 6, 2020
4a57cb0
remove whitelist filter on Q2T app as this whitelist is irrelevant fo…
namtruong Feb 7, 2020
d15c853
Remove unixsocket check. filter on q2t is now disabled.
namtruong Feb 7, 2020
3f2ad20
update unit tests
namtruong Feb 7, 2020
33dc0e5
fix acceptance test for whitelist
namtruong Feb 7, 2020
c36dac4
remove ipwhitelistfilter from q2t singletons
namtruong Feb 7, 2020
e7c3dbd
try downgrade commons-collections version in jacoco plugin to test tr…
namtruong Feb 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,13 @@
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.3</version>
<dependencies>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.1</version>
</dependency>
</dependencies>
</plugin>

<plugin>
Expand Down
10 changes: 5 additions & 5 deletions ...era-jaxrs/common-jaxrs/src/main/java/com/quorum/tessera/api/filter/IPWhitelistFilter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,6 @@ public void filter(final ContainerRequestContext requestContext) {
return;
}

// this is the unix socket request, so let it through the filter
if ("unixsocket".equals(requestContext.getUriInfo().getBaseUri().toString())) {
return;
}

try {

final Set<String> whitelisted =
Expand All @@ -74,6 +69,11 @@ public void filter(final ContainerRequestContext requestContext) {
.map(URL::getHost)
.collect(Collectors.toSet());

if (whitelisted.contains("localhost")) {
whitelisted.add("127.0.0.1");
whitelisted.add("0:0:0:0:0:0:0:1");
}

final String remoteAddress = httpServletRequest.getRemoteAddr();
final String remoteHost = httpServletRequest.getRemoteHost();

Expand Down
49 changes: 33 additions & 16 deletions ...jaxrs/common-jaxrs/src/test/java/com/quorum/tessera/api/filter/IPWhitelistFilterTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,6 @@ public void hostInWhitelistGetsAccepted() {

verify(request).getRemoteHost();
verify(request).getRemoteAddr();
verify(ctx).getUriInfo();
verifyNoMoreInteractions(ctx);
}

Expand All @@ -109,15 +108,15 @@ public void errorFilteringStopsFutureFilters() {
filter.filter(ctx);
verify(request).getRemoteHost();
verify(request).getRemoteAddr();
verify(ctx).getUriInfo();

verifyNoMoreInteractions(ctx);

// show the second one errors
final HttpServletRequest requestError = mock(HttpServletRequest.class);
doThrow(RuntimeException.class).when(requestError).getRemoteHost();
filter.setHttpServletRequest(requestError);
filter.filter(ctx);
verify(ctx, times(2)).getUriInfo();

verifyNoMoreInteractions(ctx);
verify(request).getRemoteAddr();

Expand All @@ -130,28 +129,46 @@ public void errorFilteringStopsFutureFilters() {
}

@Test
public void unixsocketIsWhitelisted() throws URISyntaxException {
public void defaultConstructor() {
when(configService.isUseWhiteList()).thenReturn(Boolean.TRUE);
MockServiceLocator mockServiceLocator = (MockServiceLocator) ServiceLocator.create();
mockServiceLocator.setServices(Collections.singleton(configService));

final HttpServletRequest requestError = mock(HttpServletRequest.class);
filter.setHttpServletRequest(requestError);
assertThat(new IPWhitelistFilter()).isNotNull();
}

final UriInfo uriInfo = mock(UriInfo.class);
when(uriInfo.getBaseUri()).thenReturn(new URI("unixsocket"));
when(ctx.getUriInfo()).thenReturn(uriInfo);
@Test
public void localhostIsWhiteListed() {

Peer peer = new Peer("http://localhost:8080");
when(configService.getPeers()).thenReturn(singletonList(peer));

final HttpServletRequest request = mock(HttpServletRequest.class);
doReturn("127.0.0.1").when(request).getRemoteAddr();

filter.setHttpServletRequest(request);

filter.filter(ctx);

verify(ctx).getUriInfo();
verify(request).getRemoteHost();
verify(request).getRemoteAddr();
verifyNoMoreInteractions(ctx);
verifyZeroInteractions(requestError);
}

@Test
public void defaultConstructor() {
when(configService.isUseWhiteList()).thenReturn(Boolean.TRUE);
MockServiceLocator mockServiceLocator = (MockServiceLocator) ServiceLocator.create();
mockServiceLocator.setServices(Collections.singleton(configService));
public void localhostIPv6IsAlsoWhiteListed() {
Peer peer = new Peer("http://localhost:8080");
when(configService.getPeers()).thenReturn(singletonList(peer));

assertThat(new IPWhitelistFilter()).isNotNull();
final HttpServletRequest request = mock(HttpServletRequest.class);
doReturn("0:0:0:0:0:0:0:1").when(request).getRemoteAddr();

filter.setHttpServletRequest(request);

filter.filter(ctx);

verify(request).getRemoteHost();
verify(request).getRemoteAddr();
verifyNoMoreInteractions(ctx);
}
}
6 changes: 1 addition & 5 deletions tessera-jaxrs/transaction-jaxrs/src/main/java/com/quorum/tessera/q2t/Q2TRestApp.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package com.quorum.tessera.q2t;

import com.quorum.tessera.api.filter.GlobalFilter;
import com.quorum.tessera.api.filter.IPWhitelistFilter;
import com.quorum.tessera.app.TesseraRestApplication;
import com.quorum.tessera.config.AppType;
import com.quorum.tessera.service.locator.ServiceLocator;
Expand All @@ -18,7 +16,6 @@
* locator
*/
@Api
@GlobalFilter
@ApplicationPath("/")
public class Q2TRestApp extends TesseraRestApplication {

Expand All @@ -35,10 +32,9 @@ public Q2TRestApp(ServiceLocator serviceLocator) {
@Override
public Set<Object> getSingletons() {

IPWhitelistFilter iPWhitelistFilter = new IPWhitelistFilter();
TransactionResource transactionResource = new TransactionResource();

return Stream.of(iPWhitelistFilter, transactionResource).collect(Collectors.toSet());
return Stream.of(transactionResource).collect(Collectors.toSet());
}

@Override
Expand Down
2 changes: 1 addition & 1 deletion tessera-jaxrs/transaction-jaxrs/src/test/java/com/quorum/tessera/q2t/Q2TRestAppTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public void getSingletons() {

Set<Object> results = q2TRestApp.getSingletons();

assertThat(results).hasSize(2);
assertThat(results).hasSize(1);
}

@Test
Expand Down
8 changes: 5 additions & 3 deletions tests/acceptance-test/src/test/java/transaction/whitelist/WhitelistSteps.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,9 +66,10 @@ public WhitelistSteps() {
.withNodeId("whitelist")
.withNodeNumber(5)
.withQ2TSocketType(SocketType.HTTP)
.withQt2Port(7001)
.withExecutionContext(executionContext)
.withP2pPort(port)
.withPeer("http://localhost:7000")
.withPeer("http://other:7000")
.withEncryptorConfig(
new EncryptorConfig() {
{
Expand All @@ -82,7 +83,8 @@ public WhitelistSteps() {
Config whiteListConfig = whiteListConfigBuilder.build();
whiteListConfig.setUseWhiteList(true);

Path configFile = Paths.get(System.getProperty("java.io.tmpdir")).resolve("white-list-config.json");
Path configFile =
Paths.get(System.getProperty("java.io.tmpdir")).resolve("white-list-config.json");

try (OutputStream out = Files.newOutputStream(configFile)) {
JaxbUtil.marshalWithNoValidation(whiteListConfig, out);
Expand Down Expand Up @@ -136,7 +138,7 @@ public WhitelistSteps() {
ServerStatusCheck serverStatusCheck =
ServerStatusCheck.create(
whiteListConfig.getServerConfigs().stream()
.filter(s -> s.getApp() == AppType.P2P)
.filter(s -> s.getApp() == AppType.Q2T)
.findAny()
.get());

Expand Down