From 1f00d240b41f9ed965445216a71d1bc396111731 Mon Sep 17 00:00:00 2001 From: ruzell22 Date: Thu, 6 Apr 2023 11:13:55 +0800 Subject: [PATCH] refactor(cmd-api-server): clean up configuration parameters #720 BREAKING CHANGE: Removed the `keyPairPem` parameter from the API server configuration. fixes: #720 Parameters cleaned up are: cactusNodeId, consortiumId, keychainSuffixKeyPairPem Cleaning the three mentioned parameters are backwards compatible with tags versions: v1.0.0-rc.3 and v1.0.0 The latest tag being used as of this change is v1.0.0-25-gdda3f00c Signed-off-by: ruzell22 Signed-off-by: Peter Somogyvari --- .../example-config.json | 4 - examples/carbon-accounting/Dockerfile | 2 - examples/supply-chain-app/Dockerfile | 2 - examples/supply-chain-app/process.env | 2 - packages/cactus-cmd-api-server/Dockerfile | 2 - .../main/typescript/config/config-service.ts | 104 ++---------------- .../get-node-jws-endpoint-v1.test.ts | 4 +- .../docker/besu-all-in-one/docker-compose.yml | 2 - whitepaper/whitepaper.md | 10 +- whitepaper/whitepaper_zh-CN.md | 15 +-- 10 files changed, 18 insertions(+), 129 deletions(-) diff --git a/examples/cactus-example-carbon-accounting-backend/example-config.json b/examples/cactus-example-carbon-accounting-backend/example-config.json index bf88de16e5b..eaa5ec4995b 100644 --- a/examples/cactus-example-carbon-accounting-backend/example-config.json +++ b/examples/cactus-example-carbon-accounting-backend/example-config.json @@ -1,8 +1,6 @@ { "configFile": ".config.json", "authorizationConfigJson" : {}, - "cactusNodeId": "972b1aec-a027-4dfb-bf0f-3811ad8d15e4", - "consortiumId": "fb3edae7-46db-4e84-837e-c66f6f2bc78e", "logLevel": "debug", "minNodeVersion": "12.0.0", "tlsDefaultMaxVersion": "TLSv1.3", @@ -25,8 +23,6 @@ "cockpitTlsCertPem": "-----BEGIN CERTIFICATE-----\r\nMIIGjjCCBHagAwIBAgIKDv1M8Cl8RNkaBDANBgkqhkiG9w0BAQ0FADCBrzESMBAG\r\nA1UEAxMJbG9jYWxob3N0MREwDwYDVQQGEwhVbml2ZXJzZTESMBAGA1UECBMJTWls\r\na3kgV2F5MRUwEwYDVQQHEwxQbGFuZXQgRWFydGgxFDASBgNVBAoTC0h5cGVybGVk\r\nZ2VyMQ8wDQYDVQQLEwZDYWN0dXMxNDAyBgkqhkiG9w0BCQITJUNhY3R1cyBEdW1t\r\neSBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZXMwHhcNMjEwNDE0MDYwOTU2WhcNMjIw\r\nNDE0MDYwOTU2WjCBrzESMBAGA1UEAxMJbG9jYWxob3N0MREwDwYDVQQGEwhVbml2\r\nZXJzZTESMBAGA1UECBMJTWlsa3kgV2F5MRUwEwYDVQQHEwxQbGFuZXQgRWFydGgx\r\nFDASBgNVBAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZDYWN0dXMxNDAyBgkqhkiG\r\n9w0BCQITJUNhY3R1cyBEdW1teSBTZWxmIFNpZ25lZCBDZXJ0aWZpY2F0ZXMwggIi\r\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyV5sVXZm5J/8Sx8MhoCPeybfw\r\nJ7Iqxsi1rl1cawbAPRLfxXixU5ByzXlXxFh6vMMc8P4jPV2SEhU7sT1Ms97GuEdu\r\nLTRaCr5LBRxDNF3XrCWTFZ4r5z4tF4SLLx7833mApShu0lfpzoX4zkEg7Jlm6P4p\r\nV7DCFEP1wVsI6uK8IDNXtkA3adosR/8TeS6KY84E5rkhjGMongLXC4xdpYY0mn2R\r\nLBtgVuWpykTJ/QiE9gmmwIwarDAxeZJavkwTrxhApD/au+/y53s4pXPypLAmsVqy\r\nd2hS2VnhrP58xEy1UFTALXGrhI7trl+KJySVpnZnb6ghwaNHuYZMtaA9ylC0Lwie\r\nc/jl24X4H5D4/QK4O3C5Jrn9kV4zinxLaDTXCJoBTBZYDoG54oJaFhz8/k3WLHFs\r\nJijyFpvGJ/b/IP0bZs1LQmUu5PEujy4gmrqd35j3Iaxf6fHbMuOyHo7ALcyI3aNS\r\n/Cp/7gHlrdwRdER+4GVg6i2iDg6ZbU3g3xg2V/wEn4CXNU2P8Ua1paIcC7dAb2f7\r\nRgRu567B8TPmgk59koJ53nlw4Q2jTdux6v7GIhpAYWXqtlvgvv5mTynjmyCCRlCt\r\ndnQx0gZ+P1dDTXKZr31kvNBvherH0vCYGpR7rsebtMBEExD7SfafV5iVnhEIkb5g\r\nX0d8qkyncS6JRfOcjwIDAQABo4GpMIGmMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD\r\nAgL0MDsGA1UdJQQ0MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG\r\nAQUFBwMEBggrBgEFBQcDCDARBglghkgBhvhCAQEEBAMCAPcwGgYDVR0RBBMwEYYJ\r\nbG9jYWxob3N0hwR/AAABMB0GA1UdDgQWBBSNc0D8/jL/P6n9mRr9mAp/Vu2csjAN\r\nBgkqhkiG9w0BAQ0FAAOCAgEAnQXIYTnZ1ZFmU+KZDwyttVk3StCMiECmZTlxOf6d\r\na5y3wH+OyJsTPoXBWQaWfqtUnQ2SOvwEDejvFqiDTIcOjYm6vI3iGqXQ7zxGmsh0\r\n/+YBu8awa8f1HP3ZTAp68+FH1NlatjfXJdrrw1afkNUQGOwg6SNZhsOvZV8VjC1g\r\nCuCdVwNk/9vA+u6NPIB2G1JCS3qRdXiK9MO14QYyvxhQWztLRpoilkYyBJvjMXxI\r\nsP7JatcbgkzgXvH2aZo1QD59ZONvM3eWJ7ychFUxC98uCNSaCE1h6fPNVodcSQtC\r\n2wuVEVVc4331yf9P6moNe0dwbDcOUyP9yjV1hyCFNygyND4YafHSU4FSDM8MGRl4\r\n7UoqT3hX3SXCzmLLeyvcguRcK1JqRpX4jDchSJln75Qdb+wk4cLQPsTiFm4BLdRr\r\nyvYugmrz3REtRiT5X5lLmti+tqRaq6JkvDiBd9DirXIklq42evOP2UBVTvYO9nR4\r\n8U1VbT3fb3PwzWnBEmLvp6TO0gXa3UkcJ62dX+V8lV/SQ4WGkXuC33QyoN3Q/ozX\r\nPf2rp9o9qnPLrx0hx0rHgFRozxNbzoQ46CODVkyrE0qUv/Y0HjiYVKfCHpbe7vyX\r\nIXnGMPk+K7ijX7+htrIg8oREKKeMlW9SPuqyJaXmLheW4ovvrMT+Aod5AS1ikD6Q\r\nCJ8=\r\n-----END CERTIFICATE-----\r\n", "cockpitTlsKeyPem": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIJKAIBAAKCAgEAslebFV2ZuSf/EsfDIaAj3sm38CeyKsbIta5dXGsGwD0S38V4\r\nsVOQcs15V8RYerzDHPD+Iz1dkhIVO7E9TLPexrhHbi00Wgq+SwUcQzRd16wlkxWe\r\nK+c+LReEiy8e/N95gKUobtJX6c6F+M5BIOyZZuj+KVewwhRD9cFbCOrivCAzV7ZA\r\nN2naLEf/E3kuimPOBOa5IYxjKJ4C1wuMXaWGNJp9kSwbYFblqcpEyf0IhPYJpsCM\r\nGqwwMXmSWr5ME68YQKQ/2rvv8ud7OKVz8qSwJrFasndoUtlZ4az+fMRMtVBUwC1x\r\nq4SO7a5fiicklaZ2Z2+oIcGjR7mGTLWgPcpQtC8InnP45duF+B+Q+P0CuDtwuSa5\r\n/ZFeM4p8S2g01wiaAUwWWA6BueKCWhYc/P5N1ixxbCYo8habxif2/yD9G2bNS0Jl\r\nLuTxLo8uIJq6nd+Y9yGsX+nx2zLjsh6OwC3MiN2jUvwqf+4B5a3cEXREfuBlYOot\r\nog4OmW1N4N8YNlf8BJ+AlzVNj/FGtaWiHAu3QG9n+0YEbueuwfEz5oJOfZKCed55\r\ncOENo03bser+xiIaQGFl6rZb4L7+Zk8p45sggkZQrXZ0MdIGfj9XQ01yma99ZLzQ\r\nb4Xqx9LwmBqUe67Hm7TARBMQ+0n2n1eYlZ4RCJG+YF9HfKpMp3EuiUXznI8CAwEA\r\nAQKCAgBl6oKJty++DAlMZjQw5x8YlhYze7vpjiftC3P2+IKnIT/D+Ul7rNGDicCq\r\nU15s5apqw5237b2nWAYiUqtBRhktXuoTIGomerU8kfMQxMBMG+htIZF+bWuuwR3R\r\nnGANCniY98kfa70ptAgDo3q8ofkYQlXcsmwkvQgJTTIE6pYgBBbTLSeNg0RWwd4W\r\n9s2N8HMvgdqSPXP9Ji9hTQwuCAWl0hOn/pi2eXJNkXW2KI/Ry/i//pESPQxdeagV\r\ni2JWbV1is3p6OaRqH7bfLE4Sf+Laecfm7S4FCoi+2umjy1o602lbWZz384zqbxfS\r\nD4RssPBBNCHVCJ+SwYbqF3E3XoK3QUCayxdQ9lFraqUM5tzME9LVoPSMz2/t6vEJ\r\nll2yofxksW9DfiU+YCwxpZwZAIZgWFgF79JJu9v9vHuX/csN80ZhrAtpIcGxFEp7\r\nZcIt22LIg1zKOvji9W2L343d2Ngn5xwP2LgNw7p5PvRbWj5loAUV01iMUp/LcGJ+\r\nTUF9C20rK8D6OXg8vqPyr+en8mbwifTuu3SMKrItIvug5TpgLnUbUFsFZ0tusaQn\r\nzP4QuGeqHCsphTI4oe2ro2QlefpqjDR6eL8eyepBRrwsZgnThsIQwjcxJRP0fVrd\r\nspbTNfptBZWrd685YpitSSEV6RkH6KmV6+IHDnPAH1vW3zx6YQKCAQEA3NYrCtan\r\n9c7kKfCeQMYgzxyJbaefPrScGrTsSpulv5kWiffahC6NPEsz6LqSxJxyfvP4YbKc\r\n3RqaWS5S6Tq3YNNgLI+J0D/9O0gi+s+vd47bqYBURxo2X3bly9IbUlMmc+pa+uGD\r\ndoufg7ywvjW+TJkaaykBZlfc0sIBxdrDEJCD62FdR41Vdm2Pvmi6sFqEYyIq+hXA\r\nHbX2M3/CC43XoHDIkX7Rgy0NHVUq+wasGKRUNVPIgMCBd0B8G936kGGvawSmGAQ4\r\n9e5HSUT9jqv1KziMCZ8TEYrabSAxmL56b/amz06XTND4v59astMCWo8w657NL+Xv\r\n7HJw853Z7beQgwKCAQEAzr1DnpmBeYkF0so3thK9GIG6Sru17PlIgkvWmk8B/Hsd\r\nruzw4pspVM0+D8LwxPnBveR8w471BaAqaPtVZgcoIRHO9iNegQcir7b3Fp/ai7BK\r\nZoAcNO9V++ofmS85KtVUT0iMBwcMaIgmHD/YCi0MNxdXzOzzsopR3FE0iwKYZxgC\r\nyfeKPeZa3C4I7Awvf7v5CoNF4/T5U9cAsaQJ/cVJY2s5c8LHYQsP4UUWsScQH1TS\r\nat2uRz565PDQdvD3TL+46zdsFlOYOiuM/6iMU4bYBj2FsFKA7TCkk/GghCgLfjXa\r\nrPARdunZWfWawe3bKEg6Az0kFfsimRYE0Rgey6zuBQKCAQAZPDwE7AybcT3vcPiU\r\njE95e1hU+H+hCcCA6MXLrMefAl5p+7GzwyIOjsVqxc85umr3COgMOf3k4kJbCIke\r\n77++x8jIrspfysAkQxUENjFl5yRA1VJMIbmu5QZTaToICUpumow0+QotxLzAsBI+\r\nWiPZ2vEC59eqG0Y3q0XKlzoNLYZ1olWndIYcl16CsrMKrf1M2r2wgEXI3183+VRy\r\nP44xXlH9FlHYvJAwFuhncRa/Zh/dTCqwU883kl3cTVxxnUgPYaOdQPZFXCo3PDQB\r\nVrMYckjGXLAwI/7b0373ZmTVYIklTWTKuWKDezFBGA2/zXcYpbfqzkrBaT5xCEu7\r\n92sDAoIBAFe3GZ+LBdIo/t2Gisinfq+NKxtWNUQMKGWQA8eIyhDzs45qXXHn30tp\r\noXFShpEsXrVQ4laeqvruD9BnAr69Ppt5UNRCAXDBNEhVWtSwkis+avK+XDlhapvt\r\no+Z8kMbJqHHTGAZLSUp4qaLGu8TlhA9Dyi7aQjN4WG8fzSlFup/TIivK6U6GE/rj\r\nVUnBic2qVWnOdLLZV4fo6xRzwwF22UJjVgb1l15nMR+lDpGvPznr5TMOR0lXCxFj\r\n0y8D4gkgNzclVqjKYwYbQEGgo5k01ycep0A+YRFB2DIlDLPFwcqU0ukZGm/XnC58\r\n9GJfpuKacnK5WDwzR2SoYPbOQxKrlnkCggEBANJLCqOibsezhhNa1vg+JpCL777C\r\nKAkE8bQd7rPoEZIFQqDDdapez0ZrzVWL4L8pgnpjyywxXe0p77PR5A2HRN5z1cFD\r\nDz5Kd0ZDL++5/IQ6KJgQ9EjftIy1zW+XnzBXThY+rpH0RZ15DwFoJxw+PCejjLC5\r\n7zYa2EOJ698N9WryGsxGkfPuViTbIDJKBed+4kXgLTT1hCTq53JFTJtHsO57gRkK\r\ngrPsa0O10EsJtKODFNFHzAiqwfmNxrVVcmUNmKYG4WXuJci+kw1VEJDD6GiSFyx2\r\n1MBhF3x64UtKdsj/7Cskdr6xnrxC9NHsRoZlmGGMZsSFL+MLovZv9MKl6W0=\r\n-----END RSA PRIVATE KEY-----\r\n", "cockpitTlsClientCaPem": "-", - "keyPairPem": "-----BEGIN PRIVATE KEY-----\nMIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgHy0hDxj3Uhz16F8aLiWq\nhf6bcqRU3fqAv2u2YvYdSF+hRANCAAQpvM3dbCigeGLDKs0JUTi0yf5UHGC2eSRD\nd3Dk1WpBjbJDLKGdSGVGE0h1Zys8o3Den3Xag8Y1EcTxDHDInMEc\n-----END PRIVATE KEY-----\n", - "keychainSuffixKeyPairPem": "CACTUS_NODE_KEY_PAIR_PEM", "plugins": [ { "packageName": "@hyperledger/cactus-plugin-keychain-memory", diff --git a/examples/carbon-accounting/Dockerfile b/examples/carbon-accounting/Dockerfile index cf74f0ead36..ceb08add3aa 100644 --- a/examples/carbon-accounting/Dockerfile +++ b/examples/carbon-accounting/Dockerfile @@ -46,8 +46,6 @@ COPY --chown=${APP_USER}:${APP_USER} ./examples/carbon-accounting/healthcheck.sh ENV AUTHORIZATION_CONFIG_JSON="{}" ENV AUTHORIZATION_PROTOCOL=NONE -ENV CACTUS_NODE_ID=- -ENV CONSORTIUM_ID=- ENV KEY_PAIR_PEM=- ENV COCKPIT_WWW_ROOT=/usr/src/app/node_modules/@hyperledger/cactus-example-carbon-accounting-frontend/www/ ENV COCKPIT_TLS_ENABLED=false diff --git a/examples/supply-chain-app/Dockerfile b/examples/supply-chain-app/Dockerfile index 89016aeaa42..ef0f7272c2d 100644 --- a/examples/supply-chain-app/Dockerfile +++ b/examples/supply-chain-app/Dockerfile @@ -47,8 +47,6 @@ COPY --chown=${APP_USER}:${APP_USER} ./examples/supply-chain-app/healthcheck.sh ENV AUTHORIZATION_CONFIG_JSON="{}" ENV AUTHORIZATION_PROTOCOL=NONE -ENV CACTUS_NODE_ID=- -ENV CONSORTIUM_ID=- ENV KEY_PAIR_PEM=- ENV COCKPIT_WWW_ROOT=/usr/src/app/node_modules/@hyperledger/cactus-example-supply-chain-frontend/www/ ENV COCKPIT_TLS_ENABLED=false diff --git a/examples/supply-chain-app/process.env b/examples/supply-chain-app/process.env index 23c2f0c1ee8..472e4b645a7 100644 --- a/examples/supply-chain-app/process.env +++ b/examples/supply-chain-app/process.env @@ -1,5 +1,3 @@ -CACTUS_NODE_ID=- -CONSORTIUM_ID=- KEY_PAIR_PEM=- COCKPIT_WWW_ROOT=./node_modules/@hyperledger/cactus-example-supply-chain-frontend/www/ COCKPIT_TLS_ENABLED=false diff --git a/packages/cactus-cmd-api-server/Dockerfile b/packages/cactus-cmd-api-server/Dockerfile index 91c690f3c22..f615a82b951 100644 --- a/packages/cactus-cmd-api-server/Dockerfile +++ b/packages/cactus-cmd-api-server/Dockerfile @@ -27,8 +27,6 @@ ARG NPM_PKG_VERSION=latest ENV TZ=Etc/UTC ENV NODE_ENV=production -ENV CACTUS_NODE_ID=- -ENV CONSORTIUM_ID=- ENV KEY_PAIR_PEM=- ENV COCKPIT_WWW_ROOT=${APP}node_modules/@hyperledger/cactus-cockpit/www/ ENV COCKPIT_TLS_ENABLED=false diff --git a/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts b/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts index 5f1864fdde9..34ff0a12404 100644 --- a/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts +++ b/packages/cactus-cmd-api-server/src/main/typescript/config/config-service.ts @@ -3,16 +3,8 @@ import { existsSync, readFileSync } from "fs"; import convict, { Schema, Config, SchemaObj } from "convict"; import { ipaddress } from "convict-format-with-validator"; import { v4 as uuidV4 } from "uuid"; -import { - generateKeyPair, - exportPKCS8, - exportSPKI, - importPKCS8, - GeneralSign, - generalVerify, -} from "jose"; +import { generateKeyPair, exportPKCS8, exportSPKI } from "jose"; import type { Params as ExpressJwtOptions } from "express-jwt"; -import jsonStableStringify from "json-stable-stringify"; import { LoggerProvider, Logger, @@ -39,8 +31,6 @@ export interface ICactusApiServerOptions { authorizationProtocol: AuthorizationProtocol; authorizationConfigJson: IAuthorizationConfig; configFile: string; - cactusNodeId: string; - consortiumId: string; logLevel: LogLevelDesc; tlsDefaultMaxVersion: SecureVersion; cockpitEnabled: boolean; @@ -65,8 +55,6 @@ export interface ICactusApiServerOptions { grpcPort: number; grpcMtlsEnabled: boolean; plugins: PluginImport[]; - keyPairPem: string; - keychainSuffixKeyPairPem: string; minNodeVersion: string; enableShutdownHook: boolean; } @@ -103,8 +91,7 @@ export class ConfigService { private static getConfigSchema(): Schema { return { pluginManagerOptionsJson: { - doc: - "Can be used to override npm registry and authentication details for example. See https://www.npmjs.com/package/live-plugin-manager#pluginmanagerconstructoroptions-partialpluginmanageroptions for further details.", + doc: "Can be used to override npm registry and authentication details for example. See https://www.npmjs.com/package/live-plugin-manager#pluginmanagerconstructoroptions-partialpluginmanageroptions for further details.", format: "*", default: "{}", env: "PLUGIN_MANAGER_OPTIONS_JSON", @@ -123,7 +110,7 @@ export class ConfigService { throw new Error(m); } }, - default: (null as unknown) as AuthorizationProtocol, + default: null as unknown as AuthorizationProtocol, env: "AUTHORIZATION_PROTOCOL", arg: "authorization-protocol", }, @@ -173,31 +160,12 @@ export class ConfigService { }, } as SchemaObj, configFile: { - doc: - "The path to a config file that holds the configuration itself which will be parsed and validated.", + doc: "The path to a config file that holds the configuration itself which will be parsed and validated.", format: "*", default: "", env: "CONFIG_FILE", arg: "config-file", }, - consortiumId: { - doc: - "Identifier of the consortium your node is part of. " + - " Can be any string of characters such as a UUID", - format: ConfigService.formatNonBlankString, - default: null as string | null, - env: "CONSORTIUM_ID", - arg: "consortium-id", - }, - cactusNodeId: { - doc: - "Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any " + - "given Cactus deployment. Can be any string of characters such as a UUID or an Int64", - format: ConfigService.formatNonBlankString, - default: null as string | null, - env: "CACTUS_NODE_ID", - arg: "cactus-node-id", - }, logLevel: { doc: "The level at which loggers should be configured. Supported values include the following: " + @@ -243,8 +211,7 @@ export class ConfigService { default: false, }, cockpitHost: { - doc: - "The host to bind the Cockpit webserver to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.", + doc: "The host to bind the Cockpit webserver to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.", format: "ipaddress", default: "127.0.0.1", env: "COCKPIT_HOST", @@ -258,8 +225,7 @@ export class ConfigService { default: 3000, }, cockpitWwwRoot: { - doc: - "The file-system path pointing to the static files of web application served as the cockpit by the API server.", + doc: "The file-system path pointing to the static files of web application served as the cockpit by the API server.", format: "*", env: "COCKPIT_WWW_ROOT", arg: "cockpit-www-root", @@ -331,8 +297,7 @@ export class ConfigService { default: null as string | null, }, apiHost: { - doc: - "The host to bind the API to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.", + doc: "The host to bind the API to. Secure default is: 127.0.0.1. Use 0.0.0.0 to bind for any host.", format: "ipaddress", env: "API_HOST", arg: "api-host", @@ -417,27 +382,7 @@ export class ConfigService { arg: "grpc-tls-enabled", default: true, }, - keyPairPem: { - sensitive: true, - doc: - "Key pair (private+public) of this Cactus node in the standard " + - " PEM format.", - env: "KEY_PAIR_PEM", - arg: "key-pair-pem", - format: ConfigService.formatNonBlankString, - default: null as string | null, - }, - keychainSuffixKeyPairPem: { - doc: - "The key under which to store/retrieve the key pair PEM from the " + - " keychain of this Cactus node (API server) The complete lookup key" + - " is constructed from the ${CACTUS_NODE_ID}" + - "${KEYCHAIN_SUFFIX_KEY_PAIR_PEM} template.", - env: "KEYCHAIN_SUFFIX_KEY_PAIR_PEM", - arg: "keychain-suffix-key-pair-pem", - format: "*", - default: "CACTUS_NODE_KEY_PAIR_PEM", - }, + enableShutdownHook: { doc: "It will cause the API server to listen to OS process signals and will attempt " + @@ -613,8 +558,6 @@ export class ConfigService { authorizationProtocol: AuthorizationProtocol.JSON_WEB_TOKEN, authorizationConfigJson, configFile: ".config.json", - cactusNodeId: uuidV4(), - consortiumId: uuidV4(), logLevel: "debug", minNodeVersion: (schema.minNodeVersion as SchemaObj).default, tlsDefaultMaxVersion: "TLSv1.3", @@ -639,9 +582,6 @@ export class ConfigService { cockpitTlsCertPem: pkiServer.certificatePem, cockpitTlsKeyPem: pkiServer.privateKeyPem, cockpitTlsClientCaPem: "-", // Cockpit mTLS is off so this will not crash the server - keyPairPem, - keychainSuffixKeyPairPem: (schema.keychainSuffixKeyPairPem as SchemaObj) - .default, plugins, enableShutdownHook, }; @@ -661,7 +601,8 @@ export class ConfigService { env?: NodeJS.ProcessEnv; args?: string[]; }): Config { - const schema: Schema = ConfigService.getConfigSchema(); + const schema: Schema = + ConfigService.getConfigSchema(); ConfigService.config = (convict as any)(schema, options); // eslint-disable-next-line @typescript-eslint/ban-ts-comment if (ConfigService.config.get("configFile")) { @@ -680,29 +621,4 @@ export class ConfigService { logger.info("Configuration validation OK."); return ConfigService.config; } - - /** - * Validation that prevents operators from mistakenly deploying a key pair - * that they may not be operational for whatever reason. - * - * @throws If a dummy sign+verification operation fails for any reason. - */ - async validateKeyPairMatch(): Promise { - const fnTag = "ConfigService#validateKeyPairMatch()"; - // FIXME most of this lowever level crypto code should be in a commons package that's universal - const keyPairPem = ConfigService.config.get("keyPairPem"); - const keyPair = await importPKCS8(keyPairPem, "ES256K"); - - const payloadJson = jsonStableStringify({ hello: "world" }); - const encoder = new TextEncoder(); - const sign = new GeneralSign(encoder.encode(payloadJson)); - sign.addSignature(keyPair).setProtectedHeader({ alg: "ES256K" }); - const jws = await sign.sign(); - - try { - await generalVerify(jws, keyPair); - } catch (ex) { - throw new Error(`${fnTag} Invalid key pair PEM: ${ex && ex.stack}`); - } - } } diff --git a/packages/cactus-plugin-consortium-manual/src/test/typescript/unit/consortium/get-node-jws-endpoint-v1.test.ts b/packages/cactus-plugin-consortium-manual/src/test/typescript/unit/consortium/get-node-jws-endpoint-v1.test.ts index fba793c5114..ea558ed2eae 100644 --- a/packages/cactus-plugin-consortium-manual/src/test/typescript/unit/consortium/get-node-jws-endpoint-v1.test.ts +++ b/packages/cactus-plugin-consortium-manual/src/test/typescript/unit/consortium/get-node-jws-endpoint-v1.test.ts @@ -59,9 +59,7 @@ describe(testCase, () => { consortiumDatabase: db, }; - const pluginConsortiumManual: PluginConsortiumManual = new PluginConsortiumManual( - options, - ); + const pluginConsortiumManual = new PluginConsortiumManual(options); // Setting up of the api-server for hosting the endpoints defined in the openapi specs // of the plugin diff --git a/tools/docker/besu-all-in-one/docker-compose.yml b/tools/docker/besu-all-in-one/docker-compose.yml index e42d5a46bc0..d088901c7b3 100644 --- a/tools/docker/besu-all-in-one/docker-compose.yml +++ b/tools/docker/besu-all-in-one/docker-compose.yml @@ -17,8 +17,6 @@ services: cactus-api-server: image: ghcr.io/hyperledger/cactus-cmd-api-server:2021-08-15--refactor-1222 environment: - CACTUS_NODE_ID: "-" - CONSORTIUM_ID: "-" KEY_PAIR_PEM: "-" COCKPIT_WWW_ROOT: ${APP}node_modules/@hyperledger/cactus-cockpit/www/ COCKPIT_TLS_ENABLED: "false" diff --git a/whitepaper/whitepaper.md b/whitepaper/whitepaper.md index b3a2cc49318..5729c94a041 100644 --- a/whitepaper/whitepaper.md +++ b/whitepaper/whitepaper.md @@ -1077,11 +1077,6 @@ Configuration Parameters Default: Mandatory parameter without a default value. Env: CONFIG_FILE CLI: --config-file - cactusNodeId: - Description: Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any given Cactus deployment. Can be any string of characters such as a UUID or an Int64 - Default: Mandatory parameter without a default value. - Env: CACTUS_NODE_ID - CLI: --cactus-node-id logLevel: Description: The level at which loggers should be configured. Supported values include the following: error, warn, info, debug, trace Default: warn @@ -1128,12 +1123,12 @@ Configuration Parameters Env: PRIVATE_KEY CLI: --private-key keychainSuffixPrivateKey: - Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. + Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. Default: CACTUS_NODE_PRIVATE_KEY Env: KEYCHAIN_SUFFIX_PRIVATE_KEY CLI: --keychain-suffix-private-key keychainSuffixPublicKey: - Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. + Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. Default: CACTUS_NODE_PUBLIC_KEY Env: KEYCHAIN_SUFFIX_PUBLIC_KEY CLI: --keychain-suffix-public-key @@ -1447,7 +1442,6 @@ seen below: { "packageName": "@hyperledger/cactus-plugin-consortium-manual", "options": { - "keyPairPem": "-----BEGIN PRIVATE KEY-----\nREDACTED\n-----END PRIVATE KEY-----\n", "consortium": { "name": "Example Cactus Consortium", "id": "2ae136f6-f9f7-40a2-9f6c-92b1b5d5046c", diff --git a/whitepaper/whitepaper_zh-CN.md b/whitepaper/whitepaper_zh-CN.md index 30ed742fbb5..06479fef189 100644 --- a/whitepaper/whitepaper_zh-CN.md +++ b/whitepaper/whitepaper_zh-CN.md @@ -46,8 +46,8 @@ Photo by Pontus Wellgraf on Unsplash - [2.2 数据托管出售](#22-数据托管出售) - [2.3 货币兑换](#23-货币兑换) - [2.4 稳定币和其他货币的铆定](#24-稳定币和其他货币的铆定) - - [2.4.1 和非授权区块链(BTC)](#241-和非授权区块链btc) - - [2.4.2 和法定货币](#242-和法定货币) + - [2.4.1 和非授权区块链兑换](#241-和非授权区块链兑换) + - [2.4.2 和法定货币兑换](#242-和法定货币兑换) - [2.5 带有访问控制列表的医疗保健数据共享](#25-带有访问控制列表的医疗保健数据共享) - [2.6 集成现有的食品溯源解决方案](#26-集成现有的食品溯源解决方案) - [2.7 终端用户钱包身份验证/授权](#27-终端用户钱包身份验证授权) @@ -81,7 +81,7 @@ Photo by Pontus Wellgraf on Unsplash - [4.3 技术架构](#43-技术架构) - [4.3.1 Monorepo包](#431-monorepo包) - [4.3.1.1 cmd-api-server](#4311-cmd-api-server) - - [4.3.1.1.1 运行时配置解析和验证](#43111-运行时配置解析和验证) + - [4.3.1.1.1 运行时配置解析和验证](#43111--运行时配置解析和验证) - [4.3.1.1.2 配置模式 - API 服务器](#43112-配置模式---api-服务器) - [4.3.1.1.4 插件加载/验证](#43114-插件加载验证) - [4.3.1.2 core-api](#4312-core-api) @@ -511,11 +511,6 @@ $ npx ts-node -e "import {ConfigService} from './packages/cactus-cmd-api-server/ Default: Mandatory parameter without a default value. Env: CONFIG_FILE CLI: --config-file - cactusNodeId: - Description: Identifier of this particular Cactus node. Must be unique among the total set of Cactus nodes running in any given Cactus deployment. Can be any string of characters such as a UUID or an Int64 - Default: Mandatory parameter without a default value. - Env: CACTUS_NODE_ID - CLI: --cactus-node-id logLevel: Description: The level at which loggers should be configured. Supported values include the following: error, warn, info, debug, trace Default: warn @@ -562,12 +557,12 @@ $ npx ts-node -e "import {ConfigService} from './packages/cactus-cmd-api-server/ Env: PRIVATE_KEY CLI: --private-key keychainSuffixPrivateKey: - Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. + Description: The key under which to store/retrieve the private key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. Default: CACTUS_NODE_PRIVATE_KEY Env: KEYCHAIN_SUFFIX_PRIVATE_KEY CLI: --keychain-suffix-private-key keychainSuffixPublicKey: - Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${CACTUS_NODE_ID}${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. + Description: The key under which to store/retrieve the public key from the keychain of this Cactus node (API server)The complete lookup key is constructed from the ${KEYCHAIN_SUFFIX_PRIVATE_KEY} template. Default: CACTUS_NODE_PUBLIC_KEY Env: KEYCHAIN_SUFFIX_PUBLIC_KEY CLI: --keychain-suffix-public-key