From ccb23ab9a0d20312df6cd49ab7085bd15b4b8763 Mon Sep 17 00:00:00 2001 From: Fabio Di Fabio Date: Sun, 16 Feb 2025 00:58:24 +0100 Subject: [PATCH] Fix the cleanup of subprocesses after each AT (#8306) Signed-off-by: Fabio Di Fabio --- .github/workflows/acceptance-tests.yml | 2 +- .../dsl/node/ProcessBesuNodeRunner.java | 4 +- .../acceptance/bftsoak/BftMiningSoakTest.java | 2 + .../ClusterNoDiscoveryAcceptanceTest.java | 2 + ...ClusterThreadNodeRunnerAcceptanceTest.java | 2 + .../bootstrap/P2pDisabledAcceptanceTest.java | 2 + .../crypto/SECP256R1AcceptanceTest.java | 2 + ...ctJsonRpcAuthenticationAcceptanceTest.java | 168 ++++++++++++++++++ ...onRpcHttpAuthenticationAcceptanceTest.java | 147 +-------------- ...WebsocketAuthenticationAcceptanceTest.java | 147 +-------------- ...ntractPermissioningAcceptanceTestBase.java | 3 + ...ocalConfigPermissioningAcceptanceTest.java | 2 + ...ntractPermissioningAcceptanceTestBase.java | 3 + ...ractPermissioningV2AcceptanceTestBase.java | 3 + 14 files changed, 196 insertions(+), 293 deletions(-) create mode 100644 acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/AbstractJsonRpcAuthenticationAcceptanceTest.java diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index 7e8ade219..54ac5b28c 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -79,7 +79,7 @@ jobs: name: test-args-${{ matrix.runner_index }}.txt path: '*.txt' - name: run acceptance tests - run: ./gradlew --max-workers 1 acceptanceTestNotPrivacy `cat gradleArgs.txt` -Dorg.gradle.caching=true + run: ./gradlew acceptanceTestNotPrivacy `cat gradleArgs.txt` -Dorg.gradle.caching=true - name: Remove downloaded test results run: rm -rf tmp/junit-xml-reports-downloaded - name: Upload Acceptance Test Results diff --git a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java index 2aa1d3e81..d549743ce 100644 --- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java +++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java @@ -48,6 +48,7 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; +import java.util.stream.Stream; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -529,8 +530,7 @@ public class ProcessBesuNodeRunner implements BesuNodeRunner { return; } - process - .descendants() + Stream.concat(process.descendants(), Stream.of(process.toHandle())) .peek( processHandle -> LOG.info("Killing {} process, pid {}", processHandle.info(), processHandle.pid())) diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bftsoak/BftMiningSoakTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bftsoak/BftMiningSoakTest.java index 7d19a5be0..0dc4ff82c 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bftsoak/BftMiningSoakTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bftsoak/BftMiningSoakTest.java @@ -30,6 +30,7 @@ import java.time.temporal.ChronoUnit; import com.fasterxml.jackson.databind.node.ObjectNode; import org.assertj.core.api.Assertions; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; @@ -344,6 +345,7 @@ public class BftMiningSoakTest extends ParameterizedBftTestBase { Thread.sleep(TEN_SECONDS); } + @AfterEach @Override public void tearDownAcceptanceTestBase() { cluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterNoDiscoveryAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterNoDiscoveryAcceptanceTest.java index 3a7da4f47..5aba3dc10 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterNoDiscoveryAcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterNoDiscoveryAcceptanceTest.java @@ -20,6 +20,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfiguration; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurationBuilder; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -44,6 +45,7 @@ public class ClusterNoDiscoveryAcceptanceTest extends AcceptanceTestBase { fullNode.verify(net.awaitPeerCount(0)); } + @AfterEach @Override public void tearDownAcceptanceTestBase() { noDiscoveryCluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterThreadNodeRunnerAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterThreadNodeRunnerAcceptanceTest.java index e13fbc2f1..832d69af7 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterThreadNodeRunnerAcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/ClusterThreadNodeRunnerAcceptanceTest.java @@ -31,6 +31,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurati import java.util.List; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -79,6 +80,7 @@ public class ClusterThreadNodeRunnerAcceptanceTest extends AcceptanceTestBase { miner.verify(recipient.balanceEquals(2)); } + @AfterEach @Override public void tearDownAcceptanceTestBase() { noDiscoveryCluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/P2pDisabledAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/P2pDisabledAcceptanceTest.java index 67a9bf275..4ef57e181 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/P2pDisabledAcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/bootstrap/P2pDisabledAcceptanceTest.java @@ -20,6 +20,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfiguration; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurationBuilder; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -37,6 +38,7 @@ public class P2pDisabledAcceptanceTest extends AcceptanceTestBase { p2pDisabledCluster.start(node); } + @AfterEach @Override public void tearDownAcceptanceTestBase() { p2pDisabledCluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/crypto/SECP256R1AcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/crypto/SECP256R1AcceptanceTest.java index cc2d1a36b..7b4bd6f5d 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/crypto/SECP256R1AcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/crypto/SECP256R1AcceptanceTest.java @@ -31,6 +31,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurati import java.util.List; import org.apache.tuweni.bytes.Bytes32; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -93,6 +94,7 @@ public class SECP256R1AcceptanceTest extends AcceptanceTestBase { noDiscoveryCluster.verify(recipient.balanceEquals(5)); } + @AfterEach @Override public void tearDownAcceptanceTestBase() { super.tearDownAcceptanceTestBase(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/AbstractJsonRpcAuthenticationAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/AbstractJsonRpcAuthenticationAcceptanceTest.java new file mode 100644 index 000000000..ffdb65784 --- /dev/null +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/AbstractJsonRpcAuthenticationAcceptanceTest.java @@ -0,0 +1,168 @@ +/* + * Copyright contributors to Besu. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on + * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the + * specific language governing permissions and limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ +package org.hyperledger.besu.tests.acceptance.jsonrpc; + +import org.hyperledger.besu.tests.acceptance.dsl.AcceptanceTestBase; +import org.hyperledger.besu.tests.acceptance.dsl.node.BesuNode; +import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster; + +import java.util.Arrays; +import java.util.List; + +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Test; + +public abstract class AbstractJsonRpcAuthenticationAcceptanceTest extends AcceptanceTestBase { + protected Cluster authenticatedCluster; + protected BesuNode nodeUsingAuthFile; + protected BesuNode nodeUsingRsaJwtPublicKey; + protected BesuNode nodeUsingEcdsaJwtPublicKey; + protected BesuNode nodeUsingAuthFileWithNoAuthApi; + protected static final String AUTH_FILE = "authentication/auth.toml"; + + // token with payload{"iat": 1516239022,"exp": 4729363200,"permissions": ["net:peerCount"]} + protected static final String RSA_TOKEN_ALLOWING_NET_PEER_COUNT = + "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6NDcyOTM2MzIwMCwicGVybWl" + + "zc2lvbnMiOlsibmV0OnBlZXJDb3VudCJdfQ.Y6mNV0nvjzOdqAgMgxknFAOUTKoeRAo4aifNgNrWtuXbJJgz6-" + + "H_0GvLgjlToohPiDZbBJXJJlgb4zzLLB-sRtFnGoPaMgz_d_6z958GjFD7x_Fl0HW-WrTjRNenZNfTyD86OEAf" + + "XHy-7N3OYY2a5yeDbppTJy6nnHTq9hY-ad22-oWL1RbK3T_hnUJII_uXCZ9bJggSfu5m-NNUrm3TeqdnQzIaIz" + + "DqHlL0wNZwVPB4cFGN7zKghReBpkRJ8OFlxexQ491Q5eSpuYquhef-yGCIaMfy7GVtpDSD3Y-hjOErr7gUNCUh" + + "1wlc3Rb7ru_0qNgCWTBPJeRK32GppYotwQ"; + + protected static final String ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT = + "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6NDcyOTM2MzIwMCwicGVybWlz" + + "c2lvbnMiOlsibmV0OnBlZXJDb3VudCJdfQ.pWXniN6XQ7G8b1nawy8sviPCMxrfbcI6c7UFzeXm26CMGMUEZxiC" + + "JjRntB8ueuZcsxnGlEhCHt-KngpFEmx5TA"; + + protected static final List NO_AUTH_API_METHODS = Arrays.asList("net_services"); + + @Test + public void shouldFailLoginWithWrongCredentials() { + nodeUsingAuthFile.verify(login.failure("user", "badpassword")); + nodeUsingAuthFileWithNoAuthApi.verify(login.failure("user", "badpassword")); + } + + @Test + public void shouldSucceedLoginWithCorrectCredentials() { + nodeUsingAuthFile.verify(login.success("user", "pegasys")); + nodeUsingAuthFileWithNoAuthApi.verify(login.success("user", "pegasys")); + } + + @Test + public void jsonRpcMethodShouldSucceedWithAuthenticatedUserAndPermission() { + String token = + nodeUsingAuthFile.execute( + permissioningTransactions.createSuccessfulLogin("user", "pegasys")); + nodeUsingAuthFile.useAuthenticationTokenInHeaderForJsonRpc(token); + nodeUsingAuthFile.verify(net.awaitPeerCount(3)); + + token = + nodeUsingAuthFileWithNoAuthApi.execute( + permissioningTransactions.createSuccessfulLogin("user", "pegasys")); + nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); + nodeUsingAuthFileWithNoAuthApi.verify(net.awaitPeerCount(3)); + } + + @Test + public void jsonRpcMethodShouldFailOnNonPermittedMethod() { + String token = + nodeUsingAuthFile.execute( + permissioningTransactions.createSuccessfulLogin("user", "pegasys")); + nodeUsingAuthFile.useAuthenticationTokenInHeaderForJsonRpc(token); + nodeUsingAuthFile.verify(net.netVersionUnauthorized()); + nodeUsingAuthFile.verify(net.netServicesUnauthorized()); + + token = + nodeUsingAuthFileWithNoAuthApi.execute( + permissioningTransactions.createSuccessfulLogin("user", "pegasys")); + nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); + nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); + } + + @Test + public void jsonRpcMethodsNotIncludedInNoAuthListShouldFailWithoutToken() { + nodeUsingAuthFile.verify(net.netVersionUnauthorized()); + nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); + } + + @Test + public void noAuthJsonRpcMethodShouldSucceedWithoutToken() { + nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); + } + + @Test + public void noAuthJsonRpcConfiguredNodeShouldWorkAsIntended() { + // No token -> all methods other than specified no auth methods should fail + nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); + nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); + + // Should behave the same with valid token + String token = + nodeUsingAuthFileWithNoAuthApi.execute( + permissioningTransactions.createSuccessfulLogin("user", "pegasys")); + nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); + nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); + nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); + nodeUsingAuthFileWithNoAuthApi.verify(net.awaitPeerCount(3)); + } + + @Test + public void externalRsaJwtPublicKeyUsedOnJsonRpcMethodShouldSucceed() { + nodeUsingRsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( + RSA_TOKEN_ALLOWING_NET_PEER_COUNT); + nodeUsingRsaJwtPublicKey.verify(net.awaitPeerCount(3)); + } + + @Test + public void externalRsaJwtPublicKeyUsedOnJsonRpcMethodShouldFailOnNonPermittedMethod() { + nodeUsingRsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( + RSA_TOKEN_ALLOWING_NET_PEER_COUNT); + nodeUsingRsaJwtPublicKey.verify(net.netVersionUnauthorized()); + nodeUsingRsaJwtPublicKey.verify(net.netServicesUnauthorized()); + } + + @Test + public void externalEcdsaJwtPublicKeyUsedOnJsonRpcMethodShouldSucceed() { + nodeUsingEcdsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( + ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT); + nodeUsingEcdsaJwtPublicKey.verify(net.awaitPeerCount(3)); + } + + @Test + public void externalEcdsaJwtPublicKeyUsedOnJsonRpcMethodShouldFailOnNonPermittedMethod() { + nodeUsingEcdsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( + ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT); + nodeUsingEcdsaJwtPublicKey.verify(net.netVersionUnauthorized()); + nodeUsingEcdsaJwtPublicKey.verify(net.netServicesUnauthorized()); + } + + @Test + public void jsonRpcMethodShouldFailWhenThereIsNoToken() { + nodeUsingRsaJwtPublicKey.verify(net.netVersionUnauthorized()); + nodeUsingRsaJwtPublicKey.verify(net.netServicesUnauthorized()); + } + + @Test + public void loginShouldBeDisabledWhenUsingExternalJwtPublicKey() { + nodeUsingRsaJwtPublicKey.verify(login.disabled()); + } + + @AfterEach + @Override + public void tearDownAcceptanceTestBase() { + authenticatedCluster.stop(); + super.tearDownAcceptanceTestBase(); + } +} diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcHttpAuthenticationAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcHttpAuthenticationAcceptanceTest.java index 3ef383a52..dc88fdd82 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcHttpAuthenticationAcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcHttpAuthenticationAcceptanceTest.java @@ -14,43 +14,17 @@ */ package org.hyperledger.besu.tests.acceptance.jsonrpc; -import org.hyperledger.besu.tests.acceptance.dsl.AcceptanceTestBase; -import org.hyperledger.besu.tests.acceptance.dsl.node.BesuNode; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfiguration; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurationBuilder; import java.io.IOException; import java.net.URISyntaxException; -import java.util.Arrays; -import java.util.List; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -public class JsonRpcHttpAuthenticationAcceptanceTest extends AcceptanceTestBase { - private Cluster authenticatedCluster; - private BesuNode nodeUsingAuthFile; - private BesuNode nodeUsingRsaJwtPublicKey; - private BesuNode nodeUsingEcdsaJwtPublicKey; - private BesuNode nodeUsingAuthFileWithNoAuthApi; - private static final String AUTH_FILE = "authentication/auth.toml"; - - // token with payload{"iat": 1516239022,"exp": 4729363200,"permissions": ["net:peerCount"]} - private static final String RSA_TOKEN_ALLOWING_NET_PEER_COUNT = - "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6NDcyOTM2MzIwMCwicGVybWl" - + "zc2lvbnMiOlsibmV0OnBlZXJDb3VudCJdfQ.Y6mNV0nvjzOdqAgMgxknFAOUTKoeRAo4aifNgNrWtuXbJJgz6-" - + "H_0GvLgjlToohPiDZbBJXJJlgb4zzLLB-sRtFnGoPaMgz_d_6z958GjFD7x_Fl0HW-WrTjRNenZNfTyD86OEAf" - + "XHy-7N3OYY2a5yeDbppTJy6nnHTq9hY-ad22-oWL1RbK3T_hnUJII_uXCZ9bJggSfu5m-NNUrm3TeqdnQzIaIz" - + "DqHlL0wNZwVPB4cFGN7zKghReBpkRJ8OFlxexQ491Q5eSpuYquhef-yGCIaMfy7GVtpDSD3Y-hjOErr7gUNCUh" - + "1wlc3Rb7ru_0qNgCWTBPJeRK32GppYotwQ"; - - private static final String ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT = - "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6NDcyOTM2MzIwMCwicGVybWlz" - + "c2lvbnMiOlsibmV0OnBlZXJDb3VudCJdfQ.pWXniN6XQ7G8b1nawy8sviPCMxrfbcI6c7UFzeXm26CMGMUEZxiC" - + "JjRntB8ueuZcsxnGlEhCHt-KngpFEmx5TA"; - - private static final List NO_AUTH_API_METHODS = Arrays.asList("net_services"); +public class JsonRpcHttpAuthenticationAcceptanceTest + extends AbstractJsonRpcAuthenticationAcceptanceTest { @BeforeEach public void setUp() throws IOException, URISyntaxException { @@ -75,121 +49,4 @@ public class JsonRpcHttpAuthenticationAcceptanceTest extends AcceptanceTestBase nodeUsingEcdsaJwtPublicKey.verify(login.awaitResponse("user", "badpassword")); nodeUsingAuthFileWithNoAuthApi.verify(login.awaitResponse("user", "badpassword")); } - - @Test - public void shouldFailLoginWithWrongCredentials() { - nodeUsingAuthFile.verify(login.failure("user", "badpassword")); - nodeUsingAuthFileWithNoAuthApi.verify(login.failure("user", "badpassword")); - } - - @Test - public void shouldSucceedLoginWithCorrectCredentials() { - nodeUsingAuthFile.verify(login.success("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.verify(login.success("user", "pegasys")); - } - - @Test - public void jsonRpcMethodShouldSucceedWithAuthenticatedUserAndPermission() { - String token = - nodeUsingAuthFile.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFile.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFile.verify(net.awaitPeerCount(3)); - - token = - nodeUsingAuthFileWithNoAuthApi.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFileWithNoAuthApi.verify(net.awaitPeerCount(3)); - } - - @Test - public void jsonRpcMethodShouldFailOnNonPermittedMethod() { - String token = - nodeUsingAuthFile.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFile.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFile.verify(net.netVersionUnauthorized()); - nodeUsingAuthFile.verify(net.netServicesUnauthorized()); - - token = - nodeUsingAuthFileWithNoAuthApi.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - } - - @Test - public void jsonRpcMethodsNotIncludedInNoAuthListShouldFailWithoutToken() { - nodeUsingAuthFile.verify(net.netVersionUnauthorized()); - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - } - - @Test - public void noAuthJsonRpcMethodShouldSucceedWithoutToken() { - nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); - } - - @Test - public void noAuthJsonRpcConfiguredNodeShouldWorkAsIntended() { - // No token -> all methods other than specified no auth methods should fail - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); - - // Should behave the same with valid token - String token = - nodeUsingAuthFileWithNoAuthApi.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); - nodeUsingAuthFileWithNoAuthApi.verify(net.awaitPeerCount(3)); - } - - @Test - public void externalRsaJwtPublicKeyUsedOnJsonRpcMethodShouldSucceed() { - nodeUsingRsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - RSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingRsaJwtPublicKey.verify(net.awaitPeerCount(3)); - } - - @Test - public void externalRsaJwtPublicKeyUsedOnJsonRpcMethodShouldFailOnNonPermittedMethod() { - nodeUsingRsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - RSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingRsaJwtPublicKey.verify(net.netVersionUnauthorized()); - nodeUsingRsaJwtPublicKey.verify(net.netServicesUnauthorized()); - } - - @Test - public void externalEcdsaJwtPublicKeyUsedOnJsonRpcMethodShouldSucceed() { - nodeUsingEcdsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingEcdsaJwtPublicKey.verify(net.awaitPeerCount(3)); - } - - @Test - public void externalEcdsaJwtPublicKeyUsedOnJsonRpcMethodShouldFailOnNonPermittedMethod() { - nodeUsingEcdsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingEcdsaJwtPublicKey.verify(net.netVersionUnauthorized()); - nodeUsingEcdsaJwtPublicKey.verify(net.netServicesUnauthorized()); - } - - @Test - public void jsonRpcMethodShouldFailWhenThereIsNoToken() { - nodeUsingRsaJwtPublicKey.verify(net.netVersionUnauthorized()); - nodeUsingRsaJwtPublicKey.verify(net.netServicesUnauthorized()); - } - - @Test - public void loginShouldBeDisabledWhenUsingExternalJwtPublicKey() { - nodeUsingRsaJwtPublicKey.verify(login.disabled()); - } - - @Override - public void tearDownAcceptanceTestBase() { - authenticatedCluster.stop(); - super.tearDownAcceptanceTestBase(); - } } diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcWebsocketAuthenticationAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcWebsocketAuthenticationAcceptanceTest.java index 47d236e5b..72d9dedc3 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcWebsocketAuthenticationAcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/jsonrpc/JsonRpcWebsocketAuthenticationAcceptanceTest.java @@ -14,43 +14,17 @@ */ package org.hyperledger.besu.tests.acceptance.jsonrpc; -import org.hyperledger.besu.tests.acceptance.dsl.AcceptanceTestBase; -import org.hyperledger.besu.tests.acceptance.dsl.node.BesuNode; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfiguration; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurationBuilder; import java.io.IOException; import java.net.URISyntaxException; -import java.util.Arrays; -import java.util.List; import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -public class JsonRpcWebsocketAuthenticationAcceptanceTest extends AcceptanceTestBase { - private BesuNode nodeUsingAuthFile; - private BesuNode nodeUsingRsaJwtPublicKey; - private BesuNode nodeUsingEcdsaJwtPublicKey; - private BesuNode nodeUsingAuthFileWithNoAuthApi; - private Cluster authenticatedCluster; - private static final String AUTH_FILE = "authentication/auth.toml"; - - private static final List NO_AUTH_API_METHODS = Arrays.asList("net_services"); - - // token with payload{"iat": 1516239022,"exp": 4729363200,"permissions": ["net:peerCount"]} - private static final String RSA_TOKEN_ALLOWING_NET_PEER_COUNT = - "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6NDcyOTM2MzIwMCwicGVybWl" - + "zc2lvbnMiOlsibmV0OnBlZXJDb3VudCJdfQ.Y6mNV0nvjzOdqAgMgxknFAOUTKoeRAo4aifNgNrWtuXbJJgz6-" - + "H_0GvLgjlToohPiDZbBJXJJlgb4zzLLB-sRtFnGoPaMgz_d_6z958GjFD7x_Fl0HW-WrTjRNenZNfTyD86OEAf" - + "XHy-7N3OYY2a5yeDbppTJy6nnHTq9hY-ad22-oWL1RbK3T_hnUJII_uXCZ9bJggSfu5m-NNUrm3TeqdnQzIaIz" - + "DqHlL0wNZwVPB4cFGN7zKghReBpkRJ8OFlxexQ491Q5eSpuYquhef-yGCIaMfy7GVtpDSD3Y-hjOErr7gUNCUh" - + "1wlc3Rb7ru_0qNgCWTBPJeRK32GppYotwQ"; - - private static final String ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT = - "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE1MTYyMzkwMjIsImV4cCI6NDcyOTM2MzIwMCwicGVybWlz" - + "c2lvbnMiOlsibmV0OnBlZXJDb3VudCJdfQ.pWXniN6XQ7G8b1nawy8sviPCMxrfbcI6c7UFzeXm26CMGMUEZxiC" - + "JjRntB8ueuZcsxnGlEhCHt-KngpFEmx5TA"; +public class JsonRpcWebsocketAuthenticationAcceptanceTest + extends AbstractJsonRpcAuthenticationAcceptanceTest { @BeforeEach public void setUp() throws IOException, URISyntaxException { @@ -78,121 +52,4 @@ public class JsonRpcWebsocketAuthenticationAcceptanceTest extends AcceptanceTest nodeUsingEcdsaJwtPublicKey.verify(login.awaitResponse("user", "badpassword")); nodeUsingAuthFileWithNoAuthApi.verify(login.awaitResponse("user", "badpassword")); } - - @Test - public void shouldFailLoginWithWrongCredentials() { - nodeUsingAuthFile.verify(login.failure("user", "badpassword")); - nodeUsingAuthFileWithNoAuthApi.verify(login.failure("user", "badpassword")); - } - - @Test - public void shouldSucceedLoginWithCorrectCredentials() { - nodeUsingAuthFile.verify(login.success("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.verify(login.success("user", "pegasys")); - } - - @Test - public void jsonRpcMethodShouldSucceedWithAuthenticatedUserAndPermission() { - String token = - nodeUsingAuthFile.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFile.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFile.verify(net.awaitPeerCount(3)); - - token = - nodeUsingAuthFileWithNoAuthApi.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFileWithNoAuthApi.verify(net.awaitPeerCount(3)); - } - - @Test - public void jsonRpcMethodShouldFailOnNonPermittedMethod() { - String token = - nodeUsingAuthFile.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFile.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFile.verify(net.netVersionUnauthorized()); - nodeUsingAuthFile.verify(net.netServicesUnauthorized()); - - token = - nodeUsingAuthFileWithNoAuthApi.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - } - - @Test - public void jsonRpcMethodsNotIncludedInNoAuthListShouldFailWithoutToken() { - nodeUsingAuthFile.verify(net.netVersionUnauthorized()); - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - } - - @Test - public void noAuthJsonRpcMethodShouldSucceedWithoutToken() { - nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); - } - - @Test - public void noAuthJsonRpcConfiguredNodeShouldWorkAsIntended() { - // No token -> all methods other than specified no auth methods should fail - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); - - // Should behave the same with valid token - String token = - nodeUsingAuthFileWithNoAuthApi.execute( - permissioningTransactions.createSuccessfulLogin("user", "pegasys")); - nodeUsingAuthFileWithNoAuthApi.useAuthenticationTokenInHeaderForJsonRpc(token); - nodeUsingAuthFileWithNoAuthApi.verify(net.netVersionUnauthorized()); - nodeUsingAuthFileWithNoAuthApi.verify(net.netServicesAllActive()); - nodeUsingAuthFileWithNoAuthApi.verify(net.awaitPeerCount(3)); - } - - @Test - public void externalRsaJwtPublicKeyUsedOnJsonRpcMethodShouldSucceed() { - nodeUsingRsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - RSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingRsaJwtPublicKey.verify(net.awaitPeerCount(3)); - } - - @Test - public void externalRsaJwtPublicKeyUsedOnJsonRpcMethodShouldFailOnNonPermittedMethod() { - nodeUsingRsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - RSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingRsaJwtPublicKey.verify(net.netVersionUnauthorized()); - nodeUsingAuthFile.verify(net.netServicesUnauthorized()); - } - - @Test - public void externalEcdsaJwtPublicKeyUsedOnJsonRpcMethodShouldSucceed() { - nodeUsingEcdsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingEcdsaJwtPublicKey.verify(net.awaitPeerCount(3)); - } - - @Test - public void externalEcdsaJwtPublicKeyUsedOnJsonRpcMethodShouldFailOnNonPermittedMethod() { - nodeUsingEcdsaJwtPublicKey.useAuthenticationTokenInHeaderForJsonRpc( - ECDSA_TOKEN_ALLOWING_NET_PEER_COUNT); - nodeUsingEcdsaJwtPublicKey.verify(net.netVersionUnauthorized()); - nodeUsingEcdsaJwtPublicKey.verify(net.netServicesUnauthorized()); - } - - @Test - public void jsonRpcMethodShouldFailWhenThereIsNoToken() { - nodeUsingRsaJwtPublicKey.verify(net.netVersionUnauthorized()); - nodeUsingRsaJwtPublicKey.verify(net.netServicesUnauthorized()); - } - - @Test - public void loginShouldBeDisabledWhenUsingExternalJwtPublicKey() { - nodeUsingRsaJwtPublicKey.verify(login.disabled()); - } - - @Override - public void tearDownAcceptanceTestBase() { - authenticatedCluster.stop(); - super.tearDownAcceptanceTestBase(); - } } diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/AccountSmartContractPermissioningAcceptanceTestBase.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/AccountSmartContractPermissioningAcceptanceTestBase.java index 7cad210dd..87e153c37 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/AccountSmartContractPermissioningAcceptanceTestBase.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/AccountSmartContractPermissioningAcceptanceTestBase.java @@ -30,6 +30,8 @@ import org.hyperledger.besu.tests.acceptance.dsl.transaction.perm.AccountSmartCo import java.io.IOException; import java.util.List; +import org.junit.jupiter.api.AfterEach; + class AccountSmartContractPermissioningAcceptanceTestBase extends AcceptanceTestBase { private final AccountSmartContractPermissioningTransactions smartContractAccountPermissioning; @@ -77,6 +79,7 @@ class AccountSmartContractPermissioningAcceptanceTestBase extends AcceptanceTest } } + @AfterEach @Override public void tearDownAcceptanceTestBase() { permissionedCluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeLocalConfigPermissioningAcceptanceTest.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeLocalConfigPermissioningAcceptanceTest.java index d889abb9f..bbc2c9f19 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeLocalConfigPermissioningAcceptanceTest.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeLocalConfigPermissioningAcceptanceTest.java @@ -20,6 +20,7 @@ import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.Cluster; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfiguration; import org.hyperledger.besu.tests.acceptance.dsl.node.cluster.ClusterConfigurationBuilder; +import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -80,6 +81,7 @@ public class NodeLocalConfigPermissioningAcceptanceTest extends AcceptanceTestBa permissionedNode.verify(net.awaitPeerCount(3)); } + @AfterEach @Override public void tearDownAcceptanceTestBase() { permissionedCluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningAcceptanceTestBase.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningAcceptanceTestBase.java index 094dc0886..24437ff65 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningAcceptanceTestBase.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningAcceptanceTestBase.java @@ -28,6 +28,8 @@ import org.hyperledger.besu.tests.acceptance.dsl.transaction.perm.NodeSmartContr import java.io.IOException; +import org.junit.jupiter.api.AfterEach; + class NodeSmartContractPermissioningAcceptanceTestBase extends AcceptanceTestBase { private final NodeSmartContractPermissioningTransactions smartContractNodePermissioning; @@ -97,6 +99,7 @@ class NodeSmartContractPermissioningAcceptanceTestBase extends AcceptanceTestBas } } + @AfterEach @Override public void tearDownAcceptanceTestBase() { permissionedCluster.stop(); diff --git a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2AcceptanceTestBase.java b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2AcceptanceTestBase.java index 21afa801d..080c42e64 100644 --- a/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2AcceptanceTestBase.java +++ b/acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/permissioning/NodeSmartContractPermissioningV2AcceptanceTestBase.java @@ -29,6 +29,8 @@ import org.hyperledger.besu.tests.acceptance.dsl.transaction.perm.NodeSmartContr import java.io.IOException; +import org.junit.jupiter.api.AfterEach; + class NodeSmartContractPermissioningV2AcceptanceTestBase extends AcceptanceTestBase { private final NodeSmartContractPermissioningV2Transactions smartContractNodePermissioningV2; @@ -93,6 +95,7 @@ class NodeSmartContractPermissioningV2AcceptanceTestBase extends AcceptanceTestB } } + @AfterEach @Override public void tearDownAcceptanceTestBase() { permissionedCluster.stop();