[FAB-2007] Gossip: External and internal endpoints IV

In the previous commit we extended the comm layer to support deep scanning of remote peers in order to know whether anchor peers are indeed in the organization it is claimed (in the genesis block) they are. This commit connects between the gossip join-channel logic and this capability into the discovery layer, and makes the gossip logic pass a predicate into the Connect() method of the discovery layer that determines at runtime (as soon as the remote peer is available) - whether the anchor peer is indeed in our organization or not. Also changed the test in a way to check that such a spoofing doesn't work anymore: I added a 3rd anchor peer which is from orgB but is claimed to be in orgA. When I ran the test, it passed and the gossip code complained as follows: ---------------------------------------------------------- WARN 007 Anchor peer localhost:11616 isn't in our org, but is claimed to be Signed-off-by: Yacov Manevich <yacovm@il.ibm.com> Change-Id: I2d92628cc5428cc4194a0f3909eb13562b7588a4
hyperledger · Mar 8, 2017 · 19e07d7 · 19e07d7
1 parent 5eb459a
commit 19e07d7
Show file tree

Hide file tree

Showing 5 changed files with 22 additions and 7 deletions.
diff --git a/gossip/discovery/discovery.go b/gossip/discovery/discovery.go
@@ -117,6 +117,6 @@ type Discovery interface {
 
 	// Connect makes this instance to connect to a remote instance
 	// The sendInternalEndpoint param determines whether or not
-	// to include the internal endpoint in the membership request.
-	Connect(member NetworkMember, sendInternalEndpoint bool)
+	// to include the internal endpoint in the membership request,
+	Connect(member NetworkMember, sendInternalEndpoint func() bool)
 }
diff --git a/gossip/discovery/discovery_impl.go b/gossip/discovery/discovery_impl.go
@@ -132,18 +132,17 @@ func (d *gossipDiscoveryImpl) Lookup(PKIID common.PKIidType) *NetworkMember {
 	return nm
 }
 
-func (d *gossipDiscoveryImpl) Connect(member NetworkMember, sendInternalEndpoint bool) {
+func (d *gossipDiscoveryImpl) Connect(member NetworkMember, sendInternalEndpoint func() bool) {
 	d.logger.Debug("Entering", member)
 	defer d.logger.Debug("Exiting")
 
-	req := d.createMembershipRequest(sendInternalEndpoint).NoopSign()
-
 	go func() {
 		for i := 0; i < maxConnectionAttempts && !d.toDie(); i++ {
 			peer := &NetworkMember{
 				InternalEndpoint: member.InternalEndpoint,
 				Endpoint:         member.Endpoint,
 			}
+
 			if !d.comm.Ping(peer) {
 				if d.toDie() {
 					return
@@ -152,6 +151,7 @@ func (d *gossipDiscoveryImpl) Connect(member NetworkMember, sendInternalEndpoint
 				time.Sleep(getReconnectInterval())
 				continue
 			}
+			req := d.createMembershipRequest(sendInternalEndpoint()).NoopSign()
 			d.comm.SendToPeer(peer, req)
 			return
 		}

diff --git a/gossip/discovery/discovery_test.go b/gossip/discovery/discovery_test.go
@@ -355,7 +355,7 @@ func TestConnect(t *testing.T) {
 		j := (i + 1) % 10
 		endpoint := fmt.Sprintf("localhost:%d", 7611+j)
 		netMember2Connect2 := NetworkMember{Endpoint: endpoint, PKIid: []byte(endpoint)}
-		inst.Connect(netMember2Connect2, false)
+		inst.Connect(netMember2Connect2, func() bool { return false })
 	}
 
 	time.Sleep(time.Second * 3)

diff --git a/gossip/gossip/gossip_impl.go b/gossip/gossip/gossip_impl.go
@@ -196,8 +196,22 @@ func (g *gossipServiceImpl) JoinChan(joinMsg api.JoinChannelMessage, chainID com
 			g.logger.Infof("Anchor peer %s:%d isn't in our org(%v) and we have no external endpoint, skipping", ap.Host, ap.Port, string(ap.OrgID))
 			continue
 		}
+		anchorPeerOrg := ap.OrgID
+		isInOurOrg := func() bool {
+			identity, err := g.comm.Handshake(&comm.RemotePeer{Endpoint: endpoint})
+			if err != nil {
+				g.logger.Warning("Deep probe of", endpoint, "failed:", err)
+				return false
+			}
+			isAnchorPeerInMyOrg := bytes.Equal(g.selfOrg, g.secAdvisor.OrgByPeerIdentity(identity))
+			if bytes.Equal(anchorPeerOrg, g.selfOrg) && !isAnchorPeerInMyOrg {
+				g.logger.Warning("Anchor peer", endpoint, "isn't in our org, but is claimed to be")
+			}
+			return isAnchorPeerInMyOrg
+		}
+
 		g.disc.Connect(discovery.NetworkMember{
-			InternalEndpoint: endpoint, Endpoint: endpoint}, inOurOrg)
+			InternalEndpoint: endpoint, Endpoint: endpoint}, isInOurOrg)
 	}
 }
 

diff --git a/gossip/gossip/orgs_test.go b/gossip/gossip/orgs_test.go
@@ -195,6 +195,7 @@ func TestMultipleOrgEndpointLeakage(t *testing.T) {
 		anchorPeers: []api.AnchorPeer{
 			{Host: "localhost", Port: 11611, OrgID: api.OrgIdentityType(orgA)},
 			{Host: "localhost", Port: 11615, OrgID: api.OrgIdentityType(orgB)},
+			{Host: "localhost", Port: 11616, OrgID: api.OrgIdentityType(orgA)},
 		},
 	}