[FAB-1575] Add orderer egress policy shared config

https://jira.hyperledger.org/browse/FAB-1575

This changeset is the first in a series to enforce Deliver signatures.

This changeset adds an orderer shared config item called EgressPolicy
which is a reference to a backing policy which is to be used to filter
deliver requests.

Change-Id: I76443378f5c8ade31bd543c31d4093ded0684f73
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

bddtests/steps/bootstrap_util.py

@@ -229,6 +229,7 @@ class BootstrapHelper:
     KEY_CHAIN_CREATORS = "ChainCreators"
     KEY_ACCEPT_ALL_POLICY = "AcceptAllPolicy"
     KEY_INGRESS_POLICY = "IngressPolicy"
+    KEY_EGRESS_POLICY = "EgressPolicy"
     KEY_BATCH_SIZE = "BatchSize"
 
     DEFAULT_MODIFICATION_POLICY_ID = "DefaultModificationPolicy"
@@ -296,6 +297,13 @@ def  encodeChainCreators(self):
             value=orderer_dot_configuration_pb2.ChainCreators(policies=BootstrapHelper.DEFAULT_CHAIN_CREATORS).SerializeToString())
         return self.signConfigItem(configItem)
 
+    def  encodeEgressPolicy(self):
+        configItem = self.getConfigItem(
+            commonConfigType=common_dot_configuration_pb2.ConfigurationItem.ConfigurationType.Value("Orderer"),
+            key=BootstrapHelper.KEY_EGRESS_POLICY,
+            value=orderer_dot_configuration_pb2.EgressPolicy(name=BootstrapHelper.KEY_ACCEPT_ALL_POLICY).SerializeToString())
+        return self.signConfigItem(configItem)
+
     def  encodeIngressPolicy(self):
         configItem = self.getConfigItem(
             commonConfigType=common_dot_configuration_pb2.ConfigurationItem.ConfigurationType.Value("Orderer"),

orderer/common/bootstrap/provisional/envelope.go

@@ -29,6 +29,7 @@ func (cbs *commonBootstrapper) makeGenesisConfigEnvelope() *cb.ConfigurationEnve
 		cbs.encodeChainCreators(),
 		cbs.encodeAcceptAllPolicy(),
 		cbs.encodeIngressPolicy(),
+		cbs.encodeEgressPolicy(),
 		cbs.lockDefaultModificationPolicy(),
 	)
 }
@@ -42,6 +43,7 @@ func (kbs *kafkaBootstrapper) makeGenesisConfigEnvelope() *cb.ConfigurationEnvel
 		kbs.encodeChainCreators(),
 		kbs.encodeAcceptAllPolicy(),
 		kbs.encodeIngressPolicy(),
+		kbs.encodeEgressPolicy(),
 		kbs.lockDefaultModificationPolicy(),
 	)
 }

orderer/common/bootstrap/provisional/item.go

@@ -85,6 +85,16 @@ func (cbs *commonBootstrapper) encodeIngressPolicy() *cb.SignedConfigurationItem
 	return &cb.SignedConfigurationItem{ConfigurationItem: utils.MarshalOrPanic(configItem), Signatures: nil}
 }
 
+func (cbs *commonBootstrapper) encodeEgressPolicy() *cb.SignedConfigurationItem {
+	configItemKey := sharedconfig.EgressPolicyKey
+	configItemValue := utils.MarshalOrPanic(&ab.EgressPolicy{Name: AcceptAllPolicyKey})
+	modPolicy := configtx.DefaultModificationPolicyID
+
+	configItemChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_ITEM, msgVersion, cbs.chainID, epoch)
+	configItem := utils.MakeConfigurationItem(configItemChainHeader, cb.ConfigurationItem_Orderer, lastModified, modPolicy, configItemKey, configItemValue)
+	return &cb.SignedConfigurationItem{ConfigurationItem: utils.MarshalOrPanic(configItem), Signatures: nil}
+}
+
 func (cbs *commonBootstrapper) lockDefaultModificationPolicy() *cb.SignedConfigurationItem {
 	// Lock down the default modification policy to prevent any further policy modifications
 	configItemKey := configtx.DefaultModificationPolicyID

orderer/common/sharedconfig/sharedconfig.go

@@ -48,6 +48,9 @@ const (
 
 	// IngressPolicyKey is the cb.ConfigurationItem type key name for the IngressPolicy message
 	IngressPolicyKey = "IngressPolicy"
+
+	// EgressPolicyKey is the cb.ConfigurationItem type key name for the EgressPolicy message
+	EgressPolicyKey = "EgressPolicy"
 )
 
 var logger = logging.MustGetLogger("orderer/common/sharedconfig")
@@ -77,6 +80,9 @@ type Manager interface {
 
 	// IngressPolicy returns the name of the policy to validate incoming broadcast messages against
 	IngressPolicy() string
+
+	// EgressPolicy returns the name of the policy to validate incoming broadcast messages against
+	EgressPolicy() string
 }
 
 type ordererConfig struct {
@@ -86,6 +92,7 @@ type ordererConfig struct {
 	chainCreators []string
 	kafkaBrokers  []string
 	ingressPolicy string
+	egressPolicy  string
 }
 
 // ManagerImpl is an implementation of Manager and configtx.ConfigHandler
@@ -135,6 +142,11 @@ func (pm *ManagerImpl) IngressPolicy() string {
 	return pm.config.ingressPolicy
 }
 
+// EgressPolicy returns the name of the policy to validate incoming deliver seeks against
+func (pm *ManagerImpl) EgressPolicy() string {
+	return pm.config.egressPolicy
+}
+
 // BeginConfig is used to start a new configuration proposal
 func (pm *ManagerImpl) BeginConfig() {
 	if pm.pendingConfig != nil {
@@ -212,6 +224,12 @@ func (pm *ManagerImpl) ProposeConfig(configItem *cb.ConfigurationItem) error {
 			return fmt.Errorf("Unmarshaling error for IngressPolicy: %s", err)
 		}
 		pm.pendingConfig.ingressPolicy = ingressPolicy.Name
+	case EgressPolicyKey:
+		egressPolicy := &ab.EgressPolicy{}
+		if err := proto.Unmarshal(configItem.Value, egressPolicy); err != nil {
+			return fmt.Errorf("Unmarshaling error for EgressPolicy: %s", err)
+		}
+		pm.pendingConfig.egressPolicy = egressPolicy.Name
 	case KafkaBrokersKey:
 		kafkaBrokers := &ab.KafkaBrokers{}
 		if err := proto.Unmarshal(configItem.Value, kafkaBrokers); err != nil {

orderer/common/sharedconfig/sharedconfig_test.go

@@ -339,3 +339,44 @@ func TestIngressPolicy(t *testing.T) {
 		t.Fatalf("IngressPolicy should have ended as %s but was %s", endPolicy, nowPolicy)
 	}
 }
+
+func TestEgressPolicy(t *testing.T) {
+	endPolicy := "foo"
+	invalidMessage :=
+		&cb.ConfigurationItem{
+			Type:  cb.ConfigurationItem_Orderer,
+			Key:   EgressPolicyKey,
+			Value: []byte("Garbage Data"),
+		}
+	validMessage := &cb.ConfigurationItem{
+		Type:  cb.ConfigurationItem_Orderer,
+		Key:   EgressPolicyKey,
+		Value: utils.MarshalOrPanic(&ab.EgressPolicy{Name: endPolicy}),
+	}
+	m := NewManagerImpl()
+	m.BeginConfig()
+
+	err := m.ProposeConfig(validMessage)
+	if err != nil {
+		t.Fatalf("Error applying valid config: %s", err)
+	}
+
+	m.CommitConfig()
+	m.BeginConfig()
+
+	err = m.ProposeConfig(invalidMessage)
+	if err == nil {
+		t.Fatalf("Should have failed on invalid message")
+	}
+
+	err = m.ProposeConfig(validMessage)
+	if err != nil {
+		t.Fatalf("Error re-applying valid config: %s", err)
+	}
+
+	m.CommitConfig()
+
+	if nowPolicy := m.EgressPolicy(); nowPolicy != endPolicy {
+		t.Fatalf("EgressPolicy should have ended as %s but was %s", endPolicy, nowPolicy)
+	}
+}

orderer/mocks/sharedconfig/sharedconfig.go

@@ -33,6 +33,8 @@ type Manager struct {
 	KafkaBrokersVal []string
 	// IngressPolicyVal is returned as the result of IngressPolicy()
 	IngressPolicyVal string
+	// EgressPolicyVal is returned as the result of EgressPolicy()
+	EgressPolicyVal string
 }
 
 // ConsensusType returns the ConsensusTypeVal
@@ -64,3 +66,8 @@ func (scm *Manager) KafkaBrokers() []string {
 func (scm *Manager) IngressPolicy() string {
 	return scm.IngressPolicyVal
 }
+
+// EgressPolicy returns the EgressPolicyVal
+func (scm *Manager) EgressPolicy() string {
+	return scm.EgressPolicyVal
+}

protos/orderer/configuration.proto

@@ -66,6 +66,11 @@ message IngressPolicy {
     string name = 1;
 }
 
+// EgressPolicy is the name of the policy which incoming Deliver messages are filtered against
+message EgressPolicy {
+    string name = 1;
+}
+
 message ChainCreators {
     // A list of policies, any of which may be specified as the chain creation
     // policy in a chain creation request