Set reserved nodes with offchain worker.

Cargo.toml

@@ -88,6 +88,7 @@ members = [
 	"frame/metadata",
 	"frame/multisig",
 	"frame/nicks",
+	"frame/node-authorization",
 	"frame/offences",
 	"frame/proxy",
 	"frame/randomness-collective-flip",

client/authority-discovery/src/worker/tests.rs

@@ -28,6 +28,8 @@ use futures::task::LocalSpawn;
 use futures::poll;
 use libp2p::{kad, core::multiaddr, PeerId};
 
+use sc_network::config::identity;
+use sc_peerset::{Peerset, PeersetConfig, PeersetHandle};
 use sp_api::{ProvideRuntimeApi, ApiRef};
 use sp_core::{crypto::Public, testing::KeyStore};
 use sp_runtime::traits::{Zero, Block as BlockT, NumberFor};
@@ -219,6 +221,20 @@ impl NetworkStateInfo for TestNetwork {
 	fn external_addresses(&self) -> Vec<Multiaddr> {
 		self.external_addresses.clone()
 	}
+
+	fn local_public_key(&self) -> identity::PublicKey {
+		identity::Keypair::generate_ed25519().public()
+	}
+
+	fn peerset(&self) -> PeersetHandle {
+		Peerset::from_config(PeersetConfig {
+			in_peers: 25,
+			out_peers: 25,
+			bootnodes: vec![],
+			reserved_only: false,
+			priority_groups: vec![],
+		}).1
+	}
 }
 
 #[test]

client/network/src/lib.rs

@@ -270,6 +270,8 @@ pub use protocol::{event::{DhtEvent, Event, ObservedRole}, sync::SyncState, Peer
 pub use service::{NetworkService, NetworkWorker, RequestFailure, OutboundFailure};
 
 pub use sc_peerset::ReputationChange;
+use config::identity::PublicKey;
+use sc_peerset::PeersetHandle;
 use sp_runtime::traits::{Block as BlockT, NumberFor};
 
 /// The maximum allowed number of established connections per peer.
@@ -294,6 +296,12 @@ pub trait NetworkStateInfo {
 
 	/// Returns the local Peer ID.
 	fn local_peer_id(&self) -> PeerId;
+
+	/// Returns the local Peer PublicKey.
+	fn local_public_key(&self) -> PublicKey;
+
+	/// Returns the peerset
+	fn peerset(&self) -> PeersetHandle;
 }
 
 /// Overview status of the network.

client/network/src/service.rs

@@ -20,7 +20,7 @@
 //!
 //! There are two main structs in this module: [`NetworkWorker`] and [`NetworkService`].
 //! The [`NetworkWorker`] *is* the network and implements the `Future` trait. It must be polled in
-//! order fo the network to advance.
+//! order for the network to advance.
 //! The [`NetworkService`] is merely a shared version of the [`NetworkWorker`]. You can obtain an
 //! `Arc<NetworkService>` by calling [`NetworkWorker::service`].
 //!
@@ -30,7 +30,10 @@
 use crate::{
 	ExHashT, NetworkStateInfo,
 	behaviour::{self, Behaviour, BehaviourOut},
-	config::{parse_str_addr, NonReservedPeerMode, Params, Role, TransportConfig},
+	config::{
+		parse_str_addr, NonReservedPeerMode, Params, Role, TransportConfig,
+		identity::PublicKey,
+	},
 	DhtEvent,
 	discovery::DiscoveryConfig,
 	error::Error,
@@ -94,6 +97,8 @@ pub struct NetworkService<B: BlockT + 'static, H: ExHashT> {
 	is_major_syncing: Arc<AtomicBool>,
 	/// Local copy of the `PeerId` of the local node.
 	local_peer_id: PeerId,
+	/// Local copy of the `PublicKey` of the local node.
+	local_public_key: PublicKey,
 	/// Bandwidth logging system. Can be queried to know the average bandwidth consumed.
 	bandwidth: Arc<transport::BandwidthSinks>,
 	/// Peerset manager (PSM); manages the reputation of nodes and indicates the network which
@@ -317,7 +322,7 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkWorker<B, H> {
 					protocol,
 					params.role,
 					user_agent,
-					local_public,
+					local_public.clone(),
 					block_requests,
 					finality_proof_requests,
 					light_client_handler,
@@ -398,6 +403,7 @@ impl<B: BlockT + 'static, H: ExHashT> NetworkWorker<B, H> {
 			is_major_syncing: is_major_syncing.clone(),
 			peerset: peerset_handle,
 			local_peer_id,
+			local_public_key: local_public,
 			to_worker,
 			peers_notifications_sinks: peers_notifications_sinks.clone(),
 			protocol_name_by_engine,
@@ -1054,6 +1060,16 @@ impl<B, H> NetworkStateInfo for NetworkService<B, H>
 	fn local_peer_id(&self) -> PeerId {
 		self.local_peer_id.clone()
 	}
+
+	/// Returns the PublicKey of local peer.
+	fn local_public_key(&self) -> PublicKey {
+		self.local_public_key.clone()
+	}
+
+	/// Returns the peerset.
+	fn peerset(&self) -> PeersetHandle {
+		self.peerset.clone()
+	}
 }
 
 /// A `NotificationSender` allows for sending notifications to a peer with a chosen protocol.

client/offchain/Cargo.toml

@@ -29,6 +29,7 @@ rand = "0.7.2"
 sp-runtime = { version = "2.0.0-rc6", path = "../../primitives/runtime" }
 sp-utils = { version = "2.0.0-rc6", path = "../../primitives/utils" }
 sc-network = { version = "0.8.0-rc6", path = "../network" }
+sc-peerset = { version = "2.0.0-rc6", path = "../peerset" }
 sc-keystore = { version = "2.0.0-rc6", path = "../keystore" }
 
 [target.'cfg(not(target_os = "unknown"))'.dependencies]

client/offchain/src/api.rs

@@ -19,17 +19,19 @@ use std::{
 	sync::Arc,
 	convert::TryFrom,
 	thread::sleep,
+	collections::HashSet,
 };
 
 use sp_core::offchain::OffchainStorage;
 use futures::Future;
 use log::error;
-use sc_network::{PeerId, Multiaddr, NetworkStateInfo};
+use sc_network::{config::identity, PeerId, Multiaddr, NetworkStateInfo};
 use codec::{Encode, Decode};
 use sp_core::offchain::{
 	Externalities as OffchainExt, HttpRequestId, Timestamp, HttpRequestStatus, HttpError,
 	OpaqueNetworkState, OpaquePeerId, OpaqueMultiaddr, StorageKind,
 };
+use sp_core::NodePublicKey;
 pub use sp_offchain::STORAGE_PREFIX;
 pub use http::SharedClient;
 
@@ -180,6 +182,33 @@ impl<Storage: OffchainStorage> OffchainExt for Api<Storage> {
 	) -> Result<usize, HttpError> {
 		self.http.response_read_body(request_id, buffer, deadline)
 	}
+
+	fn get_node_public_key(&mut self) -> Result<NodePublicKey, ()> {
+		let public_key = self.network_state.local_public_key();
+		match public_key {
+			identity::PublicKey::Ed25519(public) =>
+				Ok(public.encode().into()),
+			_ => Err(()),
+		}
+	}
+
+	fn set_reserved_nodes(&mut self, nodes: Vec<NodePublicKey>, reserved_only: bool) {
+		let peer_ids: HashSet<PeerId> = nodes.iter()
+			.filter_map(|node|
+				match node {
+					NodePublicKey::Ed25519(public) =>
+						identity::ed25519::PublicKey::decode(&public.0).ok()
+				}
+			)
+			.map(|public|
+				identity::PublicKey::Ed25519(public).into_peer_id()
+			)
+			.collect();
+
+		let peerset = self.network_state.peerset();
+		peerset.set_reserved_peers(peer_ids);
+		peerset.set_reserved_only(reserved_only);
+	}
 }
 
 /// Information about the local node's network state.
@@ -292,7 +321,7 @@ mod tests {
 	use super::*;
 	use std::{convert::{TryFrom, TryInto}, time::SystemTime};
 	use sc_client_db::offchain::LocalStorage;
-	use sc_network::PeerId;
+	use sc_peerset::{Peerset, PeersetConfig, PeersetHandle};
 
 	struct MockNetworkStateInfo();
 
@@ -304,6 +333,20 @@ mod tests {
 		fn local_peer_id(&self) -> PeerId {
 			PeerId::random()
 		}
+
+		fn local_public_key(&self) -> identity::PublicKey {
+			identity::Keypair::generate_ed25519().public()
+		}
+
+		fn peerset(&self) -> PeersetHandle {
+			Peerset::from_config(PeersetConfig {
+				in_peers: 25,
+				out_peers: 25,
+				bootnodes: vec![],
+				reserved_only: false,
+				priority_groups: vec![],
+			}).1
+		}
 	}
 
 	fn offchain_api() -> (Api<LocalStorage>, AsyncApi) {
@@ -429,4 +472,14 @@ mod tests {
 		// then
 		assert_ne!(seed, [0; 32]);
 	}
+
+	#[test]
+	fn should_get_node_public_key() {
+		// given
+		let mut api = offchain_api().0;
+		let node_public_key = api.get_node_public_key();
+
+		// then
+		assert!(node_public_key.is_ok());
+	}
 }

client/offchain/src/lib.rs

@@ -208,7 +208,8 @@ pub async fn notification_future<Client, Storage, Block, Spawner>(
 mod tests {
 	use super::*;
 	use std::sync::Arc;
-	use sc_network::{Multiaddr, PeerId};
+	use sc_network::{Multiaddr, PeerId, config::identity};
+	use sc_peerset::{Peerset, PeersetConfig, PeersetHandle};
 	use substrate_test_runtime_client::{TestClient, runtime::Block};
 	use sc_transaction_pool::{BasicPool, FullChainApi};
 	use sp_transaction_pool::{TransactionPool, InPoolTransaction};
@@ -223,6 +224,20 @@ mod tests {
 		fn local_peer_id(&self) -> PeerId {
 			PeerId::random()
 		}
+
+		fn local_public_key(&self) -> identity::PublicKey {
+			identity::Keypair::generate_ed25519().public()
+		}
+
+		fn peerset(&self) -> PeersetHandle {
+			Peerset::from_config(PeersetConfig {
+				in_peers: 25,
+				out_peers: 25,
+				bootnodes: vec![],
+				reserved_only: false,
+				priority_groups: vec![],
+			}).1
+		}
 	}
 
 	struct TestPool(

client/peerset/src/lib.rs

@@ -45,6 +45,7 @@ const FORGET_AFTER: Duration = Duration::from_secs(3600);
 enum Action {
 	AddReservedPeer(PeerId),
 	RemoveReservedPeer(PeerId),
+	SetReservedPeers(HashSet<PeerId>),
 	SetReservedOnly(bool),
 	ReportPeer(PeerId, ReputationChange),
 	SetPriorityGroup(String, HashSet<PeerId>),
@@ -102,6 +103,11 @@ impl PeersetHandle {
 	pub fn set_reserved_only(&self, reserved: bool) {
 		let _ = self.tx.unbounded_send(Action::SetReservedOnly(reserved));
 	}
+
+	/// Set reserved peers to the new set.
+	pub fn set_reserved_peers(&self, peer_ids: HashSet<PeerId>) {
+		let _ = self.tx.unbounded_send(Action::SetReservedPeers(peer_ids));
+	}
 
 	/// Reports an adjustment to the reputation of the given peer.
 	pub fn report_peer(&self, peer_id: PeerId, score_diff: ReputationChange) {
@@ -246,6 +252,10 @@ impl Peerset {
 	fn on_remove_reserved_peer(&mut self, peer_id: PeerId) {
 		self.on_remove_from_priority_group(RESERVED_NODES, peer_id);
 	}
+
+	fn on_set_reserved_peers(&mut self, peer_ids: HashSet<PeerId>) {
+		self.on_set_priority_group(RESERVED_NODES, peer_ids);
+	}
 
 	fn on_set_reserved_only(&mut self, reserved_only: bool) {
 		self.reserved_only = reserved_only;
@@ -655,6 +665,8 @@ impl Stream for Peerset {
 					self.on_add_reserved_peer(peer_id),
 				Action::RemoveReservedPeer(peer_id) =>
 					self.on_remove_reserved_peer(peer_id),
+				Action::SetReservedPeers(peer_ids) =>
+					self.on_set_reserved_peers(peer_ids),
 				Action::SetReservedOnly(reserved) =>
 					self.on_set_reserved_only(reserved),
 				Action::ReportPeer(peer_id, score_diff) =>

frame/node-authorization/Cargo.toml

@@ -0,0 +1,36 @@
+[package]
+name = "pallet-node-authorization"
+version = "2.0.0-rc6"
+authors = ["Parity Technologies <[email protected]>"]
+edition = "2018"
+license = "Apache-2.0"
+homepage = "https://substrate.dev"
+repository = "https://github.com/paritytech/substrate/"
+description = "FRAME pallet for node authorization"
+
+[package.metadata.docs.rs]
+targets = ["x86_64-unknown-linux-gnu"]
+
+[dependencies]
+serde = { version = "1.0.101", optional = true }
+codec = { package = "parity-scale-codec", version = "1.3.4", default-features = false, features = ["derive"] }
+frame-support = { version = "2.0.0-rc6", default-features = false, path = "../support" }
+frame-system = { version = "2.0.0-rc6", default-features = false, path = "../system" }
+sp-core = { version = "2.0.0-rc6", default-features = false, path = "../../primitives/core" }
+sp-io = { version = "2.0.0-rc6", default-features = false, path = "../../primitives/io" }
+sp-std = { version = "2.0.0-rc6", default-features = false, path = "../../primitives/std" }
+
+[dev-dependencies]
+sp-runtime = { version = "2.0.0-rc6", default-features = false, path = "../../primitives/runtime" }
+
+[features]
+default = ["std"]
+std = [
+	"serde",
+	"codec/std",
+	"frame-support/std",
+	"frame-system/std",
+	"sp-core/std",
+	"sp-io/std",
+	"sp-std/std",
+]