Skip to content

Commit

Permalink
Remove P2P TLS (experimental) feature (hyperledger#7942)
Browse files Browse the repository at this point in the history
  • Loading branch information
macfarla authored Nov 29, 2024
1 parent 792c656 commit 63496db
Show file tree
Hide file tree
Showing 68 changed files with 20 additions and 4,208 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

### Breaking Changes
- Removed Retesteth rpc service and commands [#7833](https://github.com/hyperledger/besu/pull/7783)
- TLS for P2P (early access feature) has been removed [#7942](https://github.com/hyperledger/besu/pull/7942)
- With the upgrade of the Prometheus Java Metrics library, there are the following changes:
- Gauge names are not allowed to end with `total`, therefore the metric `besu_blockchain_difficulty_total` is losing the `_total` suffix
- The `_created` timestamps are not returned by default, you can set the env var `BESU_OPTS="-Dio.prometheus.exporter.includeCreatedTimestamps=true"` to enable them
Expand Down
2 changes: 0 additions & 2 deletions acceptance-tests/dsl/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@ dependencies {
implementation project(':ethereum:permissioning')
implementation project(':ethereum:rlp')
implementation project(':metrics:core')
implementation project(':pki')
implementation project(path: ':pki', configuration: 'testArtifacts')
implementation project(':plugin-api')
implementation project(':plugins:rocksdb')
implementation project(':services:kvstore')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@
import org.hyperledger.besu.ethereum.core.Util;
import org.hyperledger.besu.ethereum.eth.transactions.TransactionPoolConfiguration;
import org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration;
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
Expand Down Expand Up @@ -96,7 +95,6 @@ public class BesuNode implements NodeConfiguration, RunnableNode, AutoCloseable
private final Properties portsProperties = new Properties();
private final Boolean p2pEnabled;
private final int p2pPort;
private final Optional<TLSConfiguration> tlsConfiguration;
private final NetworkingConfiguration networkingConfiguration;
private final boolean revertReasonEnabled;

Expand Down Expand Up @@ -156,7 +154,6 @@ public BesuNode(
final GenesisConfigurationProvider genesisConfigProvider,
final boolean p2pEnabled,
final int p2pPort,
final Optional<TLSConfiguration> tlsConfiguration,
final NetworkingConfiguration networkingConfiguration,
final boolean discoveryEnabled,
final boolean bootnodeEligible,
Expand Down Expand Up @@ -207,7 +204,6 @@ public BesuNode(
this.network = network;
this.p2pEnabled = p2pEnabled;
this.p2pPort = p2pPort;
this.tlsConfiguration = tlsConfiguration;
this.networkingConfiguration = networkingConfiguration;
this.discoveryEnabled = discoveryEnabled;
this.bootnodeEligible = bootnodeEligible;
Expand Down Expand Up @@ -659,10 +655,6 @@ public boolean isP2pEnabled() {
return p2pEnabled;
}

public Optional<TLSConfiguration> getTLSConfiguration() {
return tlsConfiguration;
}

public NetworkingConfiguration getNetworkingConfiguration() {
return networkingConfiguration;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@
import org.hyperledger.besu.cli.options.storage.DataStorageOptions;
import org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcConfiguration;
import org.hyperledger.besu.ethereum.eth.transactions.ImmutableTransactionPoolConfiguration;
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
import org.hyperledger.besu.plugin.services.metrics.MetricCategory;
Expand Down Expand Up @@ -365,26 +364,6 @@ private List<String> commandlineArgs(final BesuNode node, final Path dataDir) {
final List<String> networkConfigParams =
NetworkingOptions.fromConfig(node.getNetworkingConfiguration()).getCLIOptions();
params.addAll(networkConfigParams);
if (node.getTLSConfiguration().isPresent()) {
final TLSConfiguration config = node.getTLSConfiguration().get();
params.add("--Xp2p-tls-enabled");
params.add("--Xp2p-tls-keystore-type");
params.add(config.getKeyStoreType());
params.add("--Xp2p-tls-keystore-file");
params.add(config.getKeyStorePath().toAbsolutePath().toString());
params.add("--Xp2p-tls-keystore-password-file");
params.add(config.getKeyStorePasswordPath().toAbsolutePath().toString());
params.add("--Xp2p-tls-crl-file");
params.add(config.getCrlPath().toAbsolutePath().toString());
if (null != config.getTrustStoreType()) {
params.add("--Xp2p-tls-truststore-type");
params.add(config.getTrustStoreType());
params.add("--Xp2p-tls-truststore-file");
params.add(config.getTrustStorePath().toAbsolutePath().toString());
params.add("--Xp2p-tls-truststore-password-file");
params.add(config.getTrustStorePasswordPath().toAbsolutePath().toString());
}
}
}

if (node.isRevertReasonEnabled()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,6 @@ public void startNode(final BesuNode node) {
.permissioningService(permissioningService)
.metricsConfiguration(node.getMetricsConfiguration())
.p2pEnabled(node.isP2pEnabled())
.p2pTLSConfiguration(node.getTLSConfiguration())
.graphQLConfiguration(GraphQLConfiguration.createDefault())
.staticNodes(node.getStaticNodes().stream().map(EnodeURLImpl::fromString).toList())
.besuPluginContext(besuPluginContext)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
import org.hyperledger.besu.ethereum.core.PrivacyParameters;
import org.hyperledger.besu.ethereum.eth.transactions.TransactionPoolConfiguration;
import org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration;
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
Expand Down Expand Up @@ -56,7 +55,6 @@ public class BesuNodeConfiguration {
private final GenesisConfigurationProvider genesisConfigProvider;
private final boolean p2pEnabled;
private final int p2pPort;
private final Optional<TLSConfiguration> tlsConfiguration;
private final NetworkingConfiguration networkingConfiguration;
private final boolean discoveryEnabled;
private final boolean bootnodeEligible;
Expand Down Expand Up @@ -95,7 +93,6 @@ public class BesuNodeConfiguration {
final GenesisConfigurationProvider genesisConfigProvider,
final boolean p2pEnabled,
final int p2pPort,
final Optional<TLSConfiguration> tlsConfiguration,
final NetworkingConfiguration networkingConfiguration,
final boolean discoveryEnabled,
final boolean bootnodeEligible,
Expand Down Expand Up @@ -131,7 +128,6 @@ public class BesuNodeConfiguration {
this.genesisConfigProvider = genesisConfigProvider;
this.p2pEnabled = p2pEnabled;
this.p2pPort = p2pPort;
this.tlsConfiguration = tlsConfiguration;
this.networkingConfiguration = networkingConfiguration;
this.discoveryEnabled = discoveryEnabled;
this.bootnodeEligible = bootnodeEligible;
Expand Down Expand Up @@ -226,10 +222,6 @@ public int getP2pPort() {
return p2pPort;
}

public Optional<TLSConfiguration> getTLSConfiguration() {
return tlsConfiguration;
}

public NetworkingConfiguration getNetworkingConfiguration() {
return networkingConfiguration;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,6 @@

import static com.google.common.base.Preconditions.checkNotNull;
import static java.util.Collections.singletonList;
import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_JKS;
import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_PKCS11;
import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_PKCS12;

import org.hyperledger.besu.cli.config.NetworkName;
import org.hyperledger.besu.crypto.KeyPair;
Expand All @@ -31,20 +28,17 @@
import org.hyperledger.besu.ethereum.api.jsonrpc.authentication.JwtAlgorithm;
import org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcConfiguration;
import org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketConfiguration;
import org.hyperledger.besu.ethereum.api.tls.FileBasedPasswordProvider;
import org.hyperledger.besu.ethereum.core.AddressHelpers;
import org.hyperledger.besu.ethereum.core.ImmutableMiningConfiguration;
import org.hyperledger.besu.ethereum.core.ImmutableMiningConfiguration.MutableInitValues;
import org.hyperledger.besu.ethereum.core.MiningConfiguration;
import org.hyperledger.besu.ethereum.core.PrivacyParameters;
import org.hyperledger.besu.ethereum.eth.transactions.TransactionPoolConfiguration;
import org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration;
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.genesis.GenesisConfigurationProvider;
import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.pki.PKCS11Utils;

import java.io.File;
import java.net.URISyntaxException;
Expand Down Expand Up @@ -84,7 +78,6 @@ public class BesuNodeConfigurationBuilder {
private GenesisConfigurationProvider genesisConfigProvider = ignore -> Optional.empty();
private Boolean p2pEnabled = true;
private int p2pPort = 0;
private Optional<TLSConfiguration> tlsConfiguration = Optional.empty();
private final NetworkingConfiguration networkingConfiguration = NetworkingConfiguration.create();
private boolean discoveryEnabled = true;
private boolean bootnodeEligible = true;
Expand Down Expand Up @@ -381,64 +374,6 @@ public BesuNodeConfigurationBuilder p2pPort(final int p2pPort) {
return this;
}

private static Path toPath(final String path) throws Exception {
return Path.of(BesuNodeConfigurationBuilder.class.getResource(path).toURI());
}

public BesuNodeConfigurationBuilder p2pTLSEnabled(final String name, final String type) {
final TLSConfiguration.Builder builder = TLSConfiguration.Builder.tlsConfiguration();
try {
final String nsspin = "/pki-certs/%s/nsspin.txt";
final String truststore = "/pki-certs/%s/truststore.p12";
final String crl = "/pki-certs/crl/crl.pem";
switch (type) {
case KEYSTORE_TYPE_JKS:
builder
.withKeyStoreType(type)
.withKeyStorePath(toPath(String.format("/pki-certs/%s/%<s.jks", name)))
.withKeyStorePasswordSupplier(
new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
.withKeyStorePasswordPath(toPath(String.format(nsspin, name)))
.withTrustStoreType(KEYSTORE_TYPE_PKCS12)
.withTrustStorePath(toPath(String.format(truststore, name)))
.withTrustStorePasswordSupplier(
new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
.withTrustStorePasswordPath(toPath(String.format(nsspin, name)))
.withCrlPath(toPath(crl));
break;
case KEYSTORE_TYPE_PKCS12:
builder
.withKeyStoreType(type)
.withKeyStorePath(toPath(String.format("/pki-certs/%s/%<s.p12", name)))
.withKeyStorePasswordSupplier(
new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
.withKeyStorePasswordPath(toPath(String.format(nsspin, name)))
.withTrustStoreType(KEYSTORE_TYPE_PKCS12)
.withTrustStorePath(toPath(String.format(truststore, name)))
.withTrustStorePasswordSupplier(
new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
.withTrustStorePasswordPath(toPath(String.format(nsspin, name)))
.withCrlPath(toPath(crl));
break;
case KEYSTORE_TYPE_PKCS11:
builder
.withKeyStoreType(type)
.withKeyStorePath(
PKCS11Utils.initNSSConfigFile(
toPath(String.format("/pki-certs/%s/nss.cfg", name))))
.withKeyStorePasswordSupplier(
new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
.withKeyStorePasswordPath(toPath(String.format(nsspin, name)))
.withCrlPath(toPath(crl));
break;
}
} catch (final Exception e) {
throw new RuntimeException(e);
}
this.tlsConfiguration = Optional.of(builder.build());
return this;
}

public BesuNodeConfigurationBuilder discoveryEnabled(final boolean discoveryEnabled) {
this.discoveryEnabled = discoveryEnabled;
return this;
Expand Down Expand Up @@ -545,7 +480,6 @@ public BesuNodeConfiguration build() {
genesisConfigProvider,
p2pEnabled,
p2pPort,
tlsConfiguration,
networkingConfiguration,
discoveryEnabled,
bootnodeEligible,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
import org.hyperledger.besu.ethereum.permissioning.LocalPermissioningConfiguration;
import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
import org.hyperledger.besu.pki.keystore.KeyStoreWrapper;
import org.hyperledger.besu.plugin.services.storage.DataStorageFormat;
import org.hyperledger.besu.tests.acceptance.dsl.node.BesuNode;
import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
Expand Down Expand Up @@ -69,7 +68,6 @@ public BesuNode create(final BesuNodeConfiguration config) throws IOException {
config.getGenesisConfigProvider(),
config.isP2pEnabled(),
config.getP2pPort(),
config.getTLSConfiguration(),
config.getNetworkingConfiguration(),
config.isDiscoveryEnabled(),
config.isBootnodeEligible(),
Expand Down Expand Up @@ -583,7 +581,6 @@ public BesuNode createQbftTLSNodeWithValidators(
new BesuNodeConfigurationBuilder()
.name(name)
.miningEnabled()
.p2pTLSEnabled(name, type)
.jsonRpcConfiguration(node.createJsonRpcWithIbft2EnabledConfig(false))
.webSocketConfiguration(node.createWebSocketEnabledConfig())
.devMode(false)
Expand All @@ -596,21 +593,6 @@ public BesuNode createQbftTLSNodeWithValidators(
.build());
}

public BesuNode createQbftTLSJKSNodeWithValidators(final String name, final String... validators)
throws IOException {
return createQbftTLSNodeWithValidators(name, KeyStoreWrapper.KEYSTORE_TYPE_JKS, validators);
}

public BesuNode createQbftTLSPKCS12NodeWithValidators(
final String name, final String... validators) throws IOException {
return createQbftTLSNodeWithValidators(name, KeyStoreWrapper.KEYSTORE_TYPE_PKCS12, validators);
}

public BesuNode createQbftTLSPKCS11NodeWithValidators(
final String name, final String... validators) throws IOException {
return createQbftTLSNodeWithValidators(name, KeyStoreWrapper.KEYSTORE_TYPE_PKCS11, validators);
}

public BesuNode createQbftNodeWithValidators(final String name, final String... validators)
throws IOException {

Expand Down

This file was deleted.

1 change: 0 additions & 1 deletion besu/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,6 @@ dependencies {
api 'org.slf4j:slf4j-api'

implementation project(':config')
implementation project(':pki')
implementation project(':consensus:clique')
implementation project(':consensus:common')
implementation project(':consensus:ibft')
Expand Down
Loading

0 comments on commit 63496db

Please sign in to comment.