simple account permissioning (#1409)

* simple account permissioning

acceptance-tests/simple-permissioning-smart-contract/contracts/SimpleAccountPermissioning.sol

@@ -0,0 +1,27 @@
+pragma solidity >=0.4.0 <0.6.0;
+// THIS CONTRACT IS FOR TESTING PURPOSES ONLY
+// DO NOT USE THIS CONTRACT IN PRODUCTION APPLICATIONS
+
+contract SimpleAccountPermissioning {
+    mapping (address => bool) private whitelist;
+
+    function transactionAllowed(
+        address sender,
+        address target,
+        uint256 value,
+        uint256 gasPrice,
+        uint256 gasLimit,
+        bytes memory payload)
+        public view returns (bool) {
+        return whitelistContains(sender);
+    }
+    function addAccount(address account) public {
+        whitelist[account] = true;
+    }
+    function removeAccount(address account) public {
+        whitelist[account] = false;
+    }
+    function whitelistContains(address account) public view returns(bool) {
+        return whitelist[account];
+    }
+}

acceptance-tests/simple-permissioning-smart-contract/contracts/SimplePermissioning.sol → acceptance-tests/simple-permissioning-smart-contract/contracts/SimpleNodePermissioning.sol

@@ -2,7 +2,7 @@ pragma solidity >=0.4.0 <0.6.0;
 // THIS CONTRACT IS FOR TESTING PURPOSES ONLY
 // DO NOT USE THIS CONTRACT IN PRODUCTION APPLICATIONS
 
-contract SimplePermissioning {
+contract SimpleNodePermissioning {
     struct Enode {
         bytes32 enodeHigh;
         bytes32 enodeLow;

acceptance-tests/simple-permissioning-smart-contract/migrations/2_deploy_contracts.js

@@ -1,5 +1,7 @@
-var SimplePermissioning = artifacts.require("SimplePermissioning");
+var SimpleNodePermissioning = artifacts.require("SimpleNodePermissioning");
+var SimpleAccountPermissioning = artifacts.require("SimpleAccountPermissioning");
 
 module.exports = function(deployer) {
-  deployer.deploy(SimplePermissioning);
+  deployer.deploy(SimpleNodePermissioning);
+  deployer.deploy(SimpleAccountPermissioning);
 };

acceptance-tests/simple-permissioning-smart-contract/test/test-account-permissioning.js

@@ -0,0 +1,43 @@
+const TestPermissioning = artifacts.require('SimpleAccountPermissioning.sol');
+var proxy;
+
+var address1 = "0x627306090abaB3A6e1400e9345bC60c78a8BEf57";
+var address2 = "0xfe3b557e8fb62b89f4916b721be55ceb828dbd73";
+
+var value = 99;
+var gasPrice = 88;
+var gasLimit = 77;
+var payload = "0x1234";
+
+contract('Permissioning: Accounts', () => {
+  it('Should NOT permit any transaction when account whitelist is empty', async () => {
+    proxy = await TestPermissioning.new();
+    let permitted = await proxy.transactionAllowed(address1, address2, value, gasPrice, gasLimit, payload);
+    assert.equal(permitted, false, 'expected tx NOT permitted');
+  });
+
+  it('Should add an account to the whitelist and then permit that node', async () => {
+    await proxy.addAccount(address1);
+    let permitted = await proxy.transactionAllowed(address1, address2, value, gasPrice, gasLimit, payload);
+    assert.equal(permitted, true, 'added address1: expected tx1 to be permitted');
+
+    // await another
+    await proxy.addAccount(address2);
+    permitted = await proxy.transactionAllowed(address2, address1, value, gasPrice, gasLimit, payload);
+    assert.equal(permitted, true, 'added address2: expected tx2 to be permitted');
+
+    // first one still permitted
+    permitted = await proxy.transactionAllowed(address1, address2, value, gasPrice, gasLimit, payload);
+    assert.equal(permitted, true, 'expected tx from address1 to still be permitted');
+  });
+
+  it('Should remove an account from the whitelist and then NOT permit that account to send tx', async () => {
+    await proxy.removeAccount(address2);
+    let permitted = await proxy.transactionAllowed(address2, address1, value, gasPrice, gasLimit, payload);
+    assert.equal(permitted, false, 'expected removed account (address2) NOT permitted to send tx');
+
+    // first one still permitted
+    permitted = await proxy.transactionAllowed(address1, address2, value, gasPrice, gasLimit, payload);
+    assert.equal(permitted, true, 'expected tx from address1 to still be permitted');
+  });
+});

acceptance-tests/simple-permissioning-smart-contract/test/test-node-permissioning.js

@@ -0,0 +1,59 @@
+const TestPermissioning = artifacts.require('SimpleNodePermissioning.sol');
+var proxy;
+
+var node1High = "0x9bd359fdc3a2ed5df436c3d8914b1532740128929892092b7fcb320c1b62f375";
+var node1Low = "0x892092b7fcb320c1b62f3759bd359fdc3a2ed5df436c3d8914b1532740128929";
+var node1Host = "0x9bd359fdc3a2ed5df436c3d8914b1532";
+var node1Port = 30303;
+
+var node2High = "0x892092b7fcb320c1b62f3759bd359fdc3a2ed5df436c3d8914b1532740128929";
+var node2Low = "0x892092b7fcb320c1b62f3759bd359fdc3a2ed5df436c3d8914b1532740128929";
+var node2Host = "0x596c3d8914b1532fdc3a2ed5df439bd3";
+var node2Port = 30304;
+
+contract('Permissioning: Nodes', () => {
+  it('Should NOT permit any node when none have been added', async () => {
+    proxy = await TestPermissioning.new();
+    let permitted = await proxy.enodeAllowed(node1High, node1Low, node1Host, node1Port);
+    assert.equal(permitted, false, 'expected node NOT permitted');
+  });
+
+  it('Should compute key', async () => {
+    let key1 = await proxy.computeKey(node1High, node1Low, node1Host, node1Port);
+    let key2 = await proxy.computeKey(node1High, node1Low, node1Host, node1Port);
+    assert.equal(key1, key2, "computed keys should be the same");
+
+    let key3 = await proxy.computeKey(node1High, node1Low, node1Host, node2Port);
+    assert(key3 != key2, "keys for different ports should be different");
+  });
+
+  it('Should add a node to the whitelist and then permit that node', async () => {
+    await proxy.addEnode(node1High, node1Low, node1Host, node1Port);
+    let permitted = await proxy.enodeAllowed(node1High, node1Low, node1Host, node1Port);
+    assert.equal(permitted, true, 'expected node added to be permitted');
+
+    // await another
+    await proxy.addEnode(node2High, node2Low, node2Host, node2Port);
+    permitted = await proxy.enodeAllowed(node2High, node2Low, node2Host, node2Port);
+    assert.equal(permitted, true, 'expected node 2 added to be permitted');
+
+    // first one still permitted
+    permitted = await proxy.enodeAllowed(node1High, node1Low, node1Host, node1Port);
+    assert.equal(permitted, true, 'expected node 1 added to be permitted');
+  });
+
+  it('Should allow a connection between 2 added nodes', async () => {
+    let permitted = await proxy.connectionAllowed(node1High, node1Low, node1Host, node1Port, node2High, node2Low, node2Host, node2Port);
+    assert.equal(permitted, '0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff', 'expected 2 added nodes to work as source <> destination');
+  });
+
+  it('Should remove a node from the whitelist and then NOT permit that node', async () => {
+    await proxy.removeEnode(node1High, node1Low, node1Host, node1Port);
+    let permitted = await proxy.enodeAllowed(node1High, node1Low, node1Host, node1Port);
+    assert.equal(permitted, false, 'expected removed node NOT permitted');
+
+    permitted = await proxy.connectionAllowed(node1High, node1Low, node1Host, node1Port, node2High, node2Low, node2Host, node2Port);
+    assert.equal(permitted, '0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff', 'expected source disallowed since it was removed');
+
+  });
+});

acceptance-tests/src/test/java/tech/pegasys/pantheon/tests/acceptance/permissioning/SmartContractNodePermissioningAcceptanceTest.java

@@ -30,7 +30,7 @@ public void setUp() {
     bootnode = bootnode("bootnode");
     forbiddenNode = node("forbidden-node");
     allowedNode = node("allowed-node");
-    permissionedNode = permissionedNode("pemissioned-node");
+    permissionedNode = permissionedNode("permissioned-node");
 
     permissionedCluster.start(bootnode, forbiddenNode, allowedNode, permissionedNode);