Merge pull request #358 from cyjseagull/dev-2.8.1

sync code from master

Author: cyjseagull

.ci/ci_check.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 set -e
+tag="v2.8.0"
 LOG_INFO() {
     local content=${1}
     echo -e "\033[32m ${content}\033[0m"
@@ -28,7 +29,6 @@ download_tassl()
 
 download_build_chain()
 {
-  tag=$(curl -sS "https://gitee.com/api/v5/repos/FISCO-BCOS/FISCO-BCOS/tags" | grep -oe "\"name\":\"v[2-9]*\.[0-9]*\.[0-9]*\"" | cut -d \" -f 4 | sort -V | tail -n 1)
   LOG_INFO "--- current tag: $tag"
   curl -LO "https://github.com/FISCO-BCOS/FISCO-BCOS/releases/download/${tag}/build_chain.sh" && chmod u+x build_chain.sh
 }

Changelog.md

@@ -1,3 +1,28 @@
+## v2.8.0
+(2021-07-27)
+Added:
+* Using Hardware Secure Module(HSM) to make cryptography operations.
+* Support use PCI crypto card or crypto machine to make SM2 SM3 calculation.
+* Support use HSM internal key to sign transaction.
+
+Update:
+* Update crypto dependency version of sdk-crypto module.
+* Support to read the certificate from the jar package.
+* The interface that sent the transaction returns the transaction hash.
+* Add VRF random number generation and random number verification interface.
+
+----
+添加:
+* 新增支持使用硬件加密模块进行密码计算。
+* 支持使用符合国密《GMT0018-2012密码设备应用接口规范》标准的PCI加密卡/加密机进行SM2，SM3运算。
+* 支持使用密码卡/密码机内部密钥进行交易签名。
+
+更新：
+* 更新sdk-crypto模块所使用的密码算法库版本。
+* 支持从jar包中读取证书。
+* 发送交易的接口返回交易哈希。
+* 添加VRF随机数生成和随机数验证接口。
+
 ## v2.7.2
 (2021-03-24)
 Please read documentation of Java SDK.

build.gradle

@@ -21,11 +21,11 @@ ext {
     javapoetVersion = "1.7.0"
     picocliVersion = "3.6.0"
     nettyVersion = "4.1.53.Final"
-    nettySMSSLContextVersion = "1.2.0"
+    nettySMSSLContextVersion = "1.3.0"
     toml4jVersion = "0.7.2"
     bcprovJDK15onVersion = "1.60"
-    webankJavaCryptoVersion = "1.0.0-005-SNAPSHOT"
-    webankHsmCryptoVersion = "1.0.0-008-SNAPSHOT"
+    webankJavaCryptoVersion = "1.0.0"
+    webankHsmCryptoVersion = "1.0.0-GMT0018"
 
     slf4jVersion = "1.7.30"
     junitVersion = "4.12"
@@ -37,7 +37,7 @@ ext {
 // integrationTest.mustRunAfter test
 allprojects {
     group = 'org.fisco-bcos.java-sdk'
-    version = '2.8.0-SNAPSHOT'
+    version = '2.8.0-GMT0018'
     apply plugin: 'maven'
     apply plugin: 'maven-publish'
     apply plugin: 'idea'
@@ -72,6 +72,7 @@ allprojects {
 
     dependencies {
         compile ("org.slf4j:slf4j-api:${slf4jVersion}")
+        compile ("org.slf4j:slf4j-log4j12:${slf4jVersion}")
 	    testCompile ("junit:junit:${junitVersion}")
     }
 

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/AccountConfig.java

@@ -52,15 +52,17 @@ public AccountConfig(ConfigProperty configProperty) throws ConfigException {
     }
 
     private void checkAccountConfig(ConfigProperty configProperty) throws ConfigException {
-        Map<String, Object> cryptoProvider = configProperty.getCryptoProvider();
-        if (cryptoProvider != null) {
-            String cryptoType = ConfigProperty.getValue(cryptoProvider, "type", SSM);
-            if (cryptoType != null && cryptoType.equals(HSM)) {
-                if (!this.accountKeyIndex.equals("") && this.accountPassword.equals("")) {
-                    throw new ConfigException(
-                            "cannot load hsm inner key, please config the password");
-                }
+        Map<String, Object> cryptoMaterial = configProperty.getCryptoMaterial();
+        String cryptoType = SSM;
+        if (cryptoMaterial != null) {
+            cryptoType = ConfigProperty.getValue(cryptoMaterial, "cryptoProvider", SSM);
+        }
+        if (cryptoType.equalsIgnoreCase(HSM)) {
+            if (accountKeyIndex == null) {
+                throw new ConfigException(
+                        "load account failed, you are using hardware secure moduele(HSM), please config accountKeyIndex.");
             }
+            return;
         }
         if (this.accountAddress.equals("")) {
             return;

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/CryptoMaterialConfig.java

@@ -15,6 +15,8 @@
 
 package org.fisco.bcos.sdk.config.model;
 
+import static org.fisco.bcos.sdk.model.CryptoProviderType.SSM;
+
 import java.io.File;
 import java.io.InputStream;
 import java.util.Map;
@@ -32,6 +34,9 @@ public class CryptoMaterialConfig {
     private String sdkPrivateKeyPath;
     private String enSSLCertPath;
     private String enSSLPrivateKeyPath;
+    private String cryptoProvider = "ssm";
+    private String sslKeyIndex;
+    private String enSslKeyIndex;
 
     private InputStream caInputStream;
     private InputStream sdkCertInputStream;
@@ -113,6 +118,22 @@ public CryptoMaterialConfig(ConfigProperty configProperty, int cryptoType)
                                 cryptoMaterialProperty,
                                 "enSslKey",
                                 defaultCryptoMaterialConfig.getEnSSLPrivateKeyPath()));
+        this.cryptoProvider =
+                ConfigProperty.getValue(
+                        cryptoMaterialProperty,
+                        "cryptoProvider",
+                        defaultCryptoMaterialConfig.getCryptoProvider());
+        this.sslKeyIndex =
+                ConfigProperty.getValue(
+                        cryptoMaterialProperty,
+                        "sslKeyIndex",
+                        defaultCryptoMaterialConfig.getSslKeyIndex());
+        this.enSslKeyIndex =
+                ConfigProperty.getValue(
+                        cryptoMaterialProperty,
+                        "enSslKeyIndex",
+                        defaultCryptoMaterialConfig.getEnSslKeyIndex());
+
         logger.debug(
                 "Load cryptoMaterial, caCertPath: {}, sdkCertPath: {}, sdkPrivateKeyPath:{}, enSSLCertPath: {}, enSSLPrivateKeyPath:{}",
                 this.getCaCertPath(),
@@ -131,6 +152,7 @@ public CryptoMaterialConfig getDefaultCaCertPath(int cryptoType, String certPath
             cryptoMaterialConfig.setCaCertPath(certPath + File.separator + "ca.crt");
             cryptoMaterialConfig.setSdkCertPath(certPath + File.separator + "sdk.crt");
             cryptoMaterialConfig.setSdkPrivateKeyPath(certPath + File.separator + "sdk.key");
+            cryptoMaterialConfig.setCryptoProvider(SSM);
         } else if (cryptoType == CryptoType.SM_TYPE) {
             cryptoMaterialConfig.setCaCertPath(
                     certPath + File.separator + smDir + File.separator + "gmca.crt");
@@ -142,6 +164,7 @@ public CryptoMaterialConfig getDefaultCaCertPath(int cryptoType, String certPath
                     certPath + File.separator + smDir + File.separator + "gmensdk.crt");
             cryptoMaterialConfig.setEnSSLPrivateKeyPath(
                     certPath + File.separator + smDir + File.separator + "gmensdk.key");
+            cryptoMaterialConfig.setCryptoProvider(SSM);
         } else {
             throw new ConfigException(
                     "load CryptoMaterialConfig failed, only support ecdsa and sm now, expected 0 or 1, but provided "
@@ -246,6 +269,30 @@ public void setEnSSLPrivateKeyInputStream(InputStream enSSLPrivateKeyInputStream
         this.enSSLPrivateKeyInputStream = enSSLPrivateKeyInputStream;
     }
 
+    public String getCryptoProvider() {
+        return cryptoProvider;
+    }
+
+    public void setCryptoProvider(String cryptoProvider) {
+        this.cryptoProvider = cryptoProvider;
+    }
+
+    public String getSslKeyIndex() {
+        return sslKeyIndex;
+    }
+
+    public void setSslKeyIndex(String sslKeyIndex) {
+        this.sslKeyIndex = sslKeyIndex;
+    }
+
+    public String getEnSslKeyIndex() {
+        return enSslKeyIndex;
+    }
+
+    public void setEnSslKeyIndex(String enSslKeyIndex) {
+        this.enSslKeyIndex = enSslKeyIndex;
+    }
+
     @Override
     public String toString() {
         return "CryptoMaterialConfig{"

sdk-core/src/main/java/org/fisco/bcos/sdk/model/PrecompiledConstant.java

@@ -16,7 +16,7 @@
 
 public class PrecompiledConstant {
     // constant value
-    public static final int CNS_MAX_VERSION_LENGTH = 40;
+    public static final int CNS_MAX_VERSION_LENGTH = 128;
     public static final int TABLE_KEY_MAX_LENGTH = 255;
     public static final int TABLE_FIELD_NAME_MAX_LENGTH = 64;
     public static final int USER_TABLE_NAME_MAX_LENGTH = 48;

sdk-core/src/main/java/org/fisco/bcos/sdk/model/PrecompiledRetCode.java

@@ -38,7 +38,7 @@ public class PrecompiledRetCode {
     public static final RetCode CODE_COMMITTEE_MEMBER_CANNOT_BE_OPERATOR =
             new RetCode(-52005, "The committee member cannot be operator");
     public static final RetCode CODE_OPERATOR_CANNOT_BE_COMMITTEE_MEMBER =
-            new RetCode(-52004, "The operator cannot be committee member");
+            new RetCode(-52004, "The operator or cnsManager cannot be committee member");
     public static final RetCode CODE_INVALID_THRESHOLD =
             new RetCode(-52003, "Invalid threshold, threshold should from 0 to 99");
     public static final RetCode CODE_INVALID_REQUEST_PERMISSION_DENIED =
@@ -51,7 +51,8 @@ public class PrecompiledRetCode {
     // ContractLifeCyclePrecompiled -51999 ~ -51900
     public static final RetCode CODE_INVALID_REVOKE_LAST_AUTHORIZATION =
             new RetCode(
-                    -51907, "The permission of the last contract status manager can't be revoked");
+                    -51907,
+                    "There is only one contract status manager left, and the revoke operation cannot be performed");
     public static final RetCode CODE_INVALID_NON_EXIST_AUTHORIZATION =
             new RetCode(-51906, "The contract status manager doesn't exist");
     public static final RetCode CODE_INVALID_NO_AUTHORIZED =

sdk-core/src/main/java/org/fisco/bcos/sdk/network/ConnectionManager.java

@@ -15,6 +15,8 @@
 
 package org.fisco.bcos.sdk.network;
 
+import static org.fisco.bcos.sdk.model.CryptoProviderType.HSM;
+
 import io.netty.bootstrap.Bootstrap;
 import io.netty.channel.Channel;
 import io.netty.channel.ChannelFuture;
@@ -34,11 +36,7 @@
 import io.netty.handler.timeout.IdleStateHandler;
 import io.netty.util.concurrent.Future;
 import java.io.IOException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.Security;
-import java.security.cert.CertificateException;
-import java.security.spec.InvalidKeySpecException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -96,8 +94,13 @@ public void startConnect(ConfigOption configOption) throws NetworkException {
         }
         logger.debug(" start connect. ");
         /** init netty * */
-        initNetty(configOption);
-        running = true;
+        try {
+            initNetty(configOption);
+            running = true;
+        } catch (Exception e) {
+            logger.debug("init failed " + e.getMessage());
+            throw new NetworkException("init failed " + e.getMessage());
+        }
 
         /** try connection */
         for (ConnectionInfo connect : connectionInfoList) {
@@ -263,27 +266,34 @@ private SslContext initSMSslContext(ConfigOption configOption) throws NetworkExc
         try {
             // Get file, file existence is already checked when check config file.
             // Init SslContext
-            logger.info(" build SM ssl context with configured certificates ");
             return SMSslClientContextFactory.build(
                     configOption.getCryptoMaterialConfig().getCaInputStream(),
                     configOption.getCryptoMaterialConfig().getEnSSLCertInputStream(),
                     configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyInputStream(),
                     configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
                     configOption.getCryptoMaterialConfig().getSdkPrivateKeyInputStream());
-        } catch (IOException
-                | CertificateException
-                | NoSuchAlgorithmException
-                | InvalidKeySpecException
-                | NoSuchProviderException e) {
-            logger.error(
-                    "initSMSslContext failed, caCert:{}, sslCert: {}, sslKey: {}, enCert: {}, enKey: {}, error: {}, e: {}",
-                    configOption.getCryptoMaterialConfig().getCaCertPath(),
-                    configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
-                    configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
-                    configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyPath(),
-                    e.getMessage(),
-                    e);
+        } catch (Exception e) {
+            if (configOption.getCryptoMaterialConfig().getCryptoProvider().equalsIgnoreCase(HSM)) {
+                logger.error(
+                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKeyIndex: {}, enCert: {}, enSslKeyIndex: {}, error: {}, e: {}",
+                        configOption.getCryptoMaterialConfig().getCaCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                        configOption.getCryptoMaterialConfig().getSslKeyIndex(),
+                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
+                        configOption.getCryptoMaterialConfig().getEnSslKeyIndex(),
+                        e.getMessage(),
+                        e);
+            } else {
+                logger.error(
+                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKey: {}, enCert: {}, enSslKey: {}, error: {}, e: {}",
+                        configOption.getCryptoMaterialConfig().getCaCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
+                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
+                        configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyPath(),
+                        e.getMessage(),
+                        e);
+            }
             throw new NetworkException(
                     "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
                             + e.getMessage(),
@@ -299,7 +309,14 @@ private void initNetty(ConfigOption configOption) throws NetworkException {
         // set connection timeout
         bootstrap.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, (int) TimeoutConfig.connectTimeout);
         int sslCryptoType = configOption.getCryptoMaterialConfig().getSslCryptoType();
-        SslContext sslContext =
+        SslContext sslContext;
+        if (configOption.getCryptoMaterialConfig().getCryptoProvider() != null
+                && configOption.getCryptoMaterialConfig().getCryptoProvider().equalsIgnoreCase(HSM)
+                && sslCryptoType == CryptoType.ECDSA_TYPE) {
+            throw new NetworkException(
+                    "NON-SM not support hardware secure module yet, please do not config cryptoMatirial.cryptoProvider = hsm.");
+        }
+        sslContext =
                 (sslCryptoType == CryptoType.ECDSA_TYPE
                         ? initSslContext(configOption)
                         : initSMSslContext(configOption));