[ES-100] refactor CLI option name from disabled to enabled

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/dsl/signer/EthSignerProcessRunner.java

@@ -238,22 +238,14 @@ private Collection<String> createDownstreamTlsArgs() {
               params.add(pkcsStoreConfig.getPasswordFile().toString());
             });
 
-    clientTlsOptions
-        .getTrustOptions()
-        .ifPresent(
-            downstreamTrustOptions -> {
-              downstreamTrustOptions
-                  .getKnownServerFile()
-                  .ifPresent(
-                      knownServerFile -> {
-                        params.add("--downstream-http-tls-known-servers-file");
-                        params.add(knownServerFile.toAbsolutePath().toString());
-                      });
-
-              if (!downstreamTrustOptions.isCaAuthRequired()) {
-                params.add("--downstream-http-tls-ca-auth-disabled");
-              }
-            });
+    if (clientTlsOptions.getKnownServersFile().isPresent()) {
+      params.add("--downstream-http-tls-known-servers-file");
+      params.add(clientTlsOptions.getKnownServersFile().get().toAbsolutePath().toString());
+    }
+    if (!clientTlsOptions.isCaAuthEnabled()) {
+      params.add("--downstream-http-tls-ca-auth-enabled");
+      params.add("false");
+    }
 
     return Collections.unmodifiableCollection(params);
   }

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/tls/ClientSideTlsAcceptanceTest.java

@@ -22,7 +22,6 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 import tech.pegasys.ethsigner.tests.dsl.node.NodeConfiguration;
 import tech.pegasys.ethsigner.tests.dsl.node.NodeConfigurationBuilder;
 import tech.pegasys.ethsigner.tests.dsl.node.NodePorts;
@@ -32,7 +31,6 @@
 import tech.pegasys.ethsigner.tests.tls.support.MockBalanceReporter;
 import tech.pegasys.ethsigner.tests.tls.support.TlsEnabledHttpServerFactory;
 import tech.pegasys.ethsigner.tests.tls.support.client.BasicClientTlsOptions;
-import tech.pegasys.ethsigner.tests.tls.support.client.BasicClientTlsTrustOptions;
 import tech.pegasys.ethsigner.tests.tls.support.client.BasicKeyStoreOptions;
 
 import java.io.IOException;
@@ -112,10 +110,8 @@ private Signer createSigner(
 
     final KeyStoreOptions keyStoreOptions =
         new BasicKeyStoreOptions(presentedCert.getPkcs12File().toPath(), clientPasswordFile);
-    final ClientTlsTrustOptions clientTlsTrustOptions =
-        new BasicClientTlsTrustOptions(fingerPrintFilePath, true);
     final ClientTlsOptions clientTlsOptions =
-        new BasicClientTlsOptions(keyStoreOptions, clientTlsTrustOptions);
+        new BasicClientTlsOptions(keyStoreOptions, Optional.of(fingerPrintFilePath), true);
     builder.withDownstreamTlsOptions(clientTlsOptions);
 
     builder.withHttpRpcPort(listenPort);

acceptance-tests/src/test/java/tech/pegasys/ethsigner/tests/tls/support/client/BasicClientTlsOptions.java

@@ -14,18 +14,22 @@
 
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 
+import java.nio.file.Path;
 import java.util.Optional;
 
 public class BasicClientTlsOptions implements ClientTlsOptions {
   private final Optional<KeyStoreOptions> tlsCertificateOptions;
-  private final Optional<ClientTlsTrustOptions> tlsTrustOptions;
+  private final Optional<Path> knownServersFile;
+  private final boolean caAuthEnabled;
 
   public BasicClientTlsOptions(
-      final KeyStoreOptions tlsCertificateOptions, final ClientTlsTrustOptions tlsTrustOptions) {
+      final KeyStoreOptions tlsCertificateOptions,
+      final Optional<Path> knownServersFile,
+      final boolean caAuthEnabled) {
     this.tlsCertificateOptions = Optional.ofNullable(tlsCertificateOptions);
-    this.tlsTrustOptions = Optional.ofNullable(tlsTrustOptions);
+    this.knownServersFile = knownServersFile;
+    this.caAuthEnabled = caAuthEnabled;
   }
 
   @Override
@@ -34,7 +38,12 @@ public Optional<KeyStoreOptions> getKeyStoreOptions() {
   }
 
   @Override
-  public Optional<ClientTlsTrustOptions> getTrustOptions() {
-    return tlsTrustOptions;
+  public Optional<Path> getKnownServersFile() {
+    return knownServersFile;
+  }
+
+  @Override
+  public boolean isCaAuthEnabled() {
+    return caAuthEnabled;
   }
 }

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/CommandlineParser.java

@@ -12,6 +12,7 @@
  */
 package tech.pegasys.ethsigner;
 
+import tech.pegasys.ethsigner.config.InvalidCommandLineOptionsException;
 import tech.pegasys.ethsigner.core.InitializationException;
 
 import java.io.PrintStream;
@@ -109,6 +110,8 @@ public R handleExecutionException(
           output.println("Failed to initialize EthSigner");
           output.println("Cause: " + ex.getCause().getMessage());
           throw (InitializationException) ex.getCause();
+        } else if (ex.getCause() instanceof InvalidCommandLineOptionsException) {
+          output.println(ex.getCause().getMessage());
         }
       }
       throw ex;

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/EthSignerBaseCommand.java

@@ -17,6 +17,7 @@
 import static tech.pegasys.ethsigner.DefaultCommandValues.MANDATORY_PATH_FORMAT_HELP;
 import static tech.pegasys.ethsigner.DefaultCommandValues.MANDATORY_PORT_FORMAT_HELP;
 
+import tech.pegasys.ethsigner.config.InvalidCommandLineOptionsException;
 import tech.pegasys.ethsigner.config.PicoCliTlsServerOptions;
 import tech.pegasys.ethsigner.config.tls.client.PicoCliClientTlsOptions;
 import tech.pegasys.ethsigner.core.config.Config;
@@ -191,4 +192,16 @@ public String toString() {
         .add("clientTlsOptions", clientTlsOptions)
         .toString();
   }
+
+  void validateArgs() {
+    if (getClientTlsOptions().isPresent()) {
+      final boolean caAuth = getClientTlsOptions().get().isCaAuthEnabled();
+      final Optional<Path> optionsKnownServerFile =
+          getClientTlsOptions().get().getKnownServersFile();
+      if (optionsKnownServerFile.isEmpty() && !caAuth) {
+        throw new InvalidCommandLineOptionsException(
+            "Missing required argument(s): --downstream-http-tls-known-servers-file must be specified if --downstream-http-tls-ca-auth-enabled=false");
+      }
+    }
+  }
 }

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/SignerSubCommand.java

@@ -13,6 +13,7 @@
 package tech.pegasys.ethsigner;
 
 import tech.pegasys.ethsigner.core.EthSigner;
+import tech.pegasys.ethsigner.core.InitializationException;
 import tech.pegasys.ethsigner.core.signing.TransactionSignerProvider;
 
 import org.apache.logging.log4j.LogManager;
@@ -31,8 +32,17 @@ public abstract TransactionSignerProvider createSignerFactory()
 
   public abstract String getCommandName();
 
+  protected void validateArgs() throws InitializationException {
+    if (config != null) {
+      config.validateArgs();
+    }
+  }
+
   @Override
   public void run() throws TransactionSignerInitializationException {
+
+    validateArgs();
+
     // set log level per CLI flags
     System.out.println("Setting logging level to " + config.getLogLevel().name());
     Configurator.setAllLevels("", config.getLogLevel());

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/config/InvalidCommandLineOptionsException.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2020 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.ethsigner.config;
+
+public class InvalidCommandLineOptionsException extends RuntimeException {
+
+  public InvalidCommandLineOptionsException() {}
+
+  public InvalidCommandLineOptionsException(final String message) {
+    super(message);
+  }
+
+  public InvalidCommandLineOptionsException(final String message, final Throwable cause) {
+    super(message, cause);
+  }
+
+  public InvalidCommandLineOptionsException(final Throwable cause) {
+    super(cause);
+  }
+
+  public InvalidCommandLineOptionsException(
+      final String message,
+      final Throwable cause,
+      final boolean enableSuppression,
+      final boolean writableStackTrace) {
+    super(message, cause, enableSuppression, writableStackTrace);
+  }
+}

ethsigner/commandline/src/main/java/tech/pegasys/ethsigner/config/tls/client/PicoCliClientTlsOptions.java

@@ -12,10 +12,12 @@
  */
 package tech.pegasys.ethsigner.config.tls.client;
 
+import static tech.pegasys.ethsigner.DefaultCommandValues.MANDATORY_FILE_FORMAT_HELP;
+
 import tech.pegasys.ethsigner.core.config.KeyStoreOptions;
 import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsOptions;
-import tech.pegasys.ethsigner.core.config.tls.client.ClientTlsTrustOptions;
 
+import java.nio.file.Path;
 import java.util.Optional;
 
 import picocli.CommandLine.ArgGroup;
@@ -25,24 +27,41 @@ public class PicoCliClientTlsOptions implements ClientTlsOptions {
   @SuppressWarnings("UnusedVariable")
   @Option(
       names = "--downstream-http-tls-enabled",
-      description = "Flag to enable TLS connection to web3 provider. Defaults to disabled",
+      description = "Flag to enable TLS connection to web3 provider. Defaults to disabled.",
       arity = "0",
       required = true)
   private boolean tlsEnabled = false;
 
   @ArgGroup(exclusive = false)
   private PicoCliKeyStoreOptions keyStoreOptions;
 
-  @ArgGroup(exclusive = false)
-  private PicoCliClientTlsTrustOptions trustOptions;
+  @Option(
+      names = "--downstream-http-tls-known-servers-file",
+      description =
+          "Path to a file containing the hostname, port and certificate fingerprints of web3 providers to trust. Must be specified if CA auth is disabled.",
+      paramLabel = MANDATORY_FILE_FORMAT_HELP,
+      arity = "1")
+  private Path knownServersFile;
+
+  @Option(
+      names = "--downstream-http-tls-ca-auth-enabled",
+      description =
+          "If set, will use the system's CA to validate received server certificates. Defaults to enabled.",
+      arity = "1")
+  private boolean caAuthEnabled = true;
 
   @Override
   public Optional<KeyStoreOptions> getKeyStoreOptions() {
     return Optional.ofNullable(keyStoreOptions);
   }
 
   @Override
-  public Optional<ClientTlsTrustOptions> getTrustOptions() {
-    return Optional.ofNullable(trustOptions);
+  public boolean isCaAuthEnabled() {
+    return caAuthEnabled;
+  }
+
+  @Override
+  public Optional<Path> getKnownServersFile() {
+    return Optional.ofNullable(knownServersFile);
   }
 }

ethsigner/commandline/src/test-support/java/tech/pegasys/ethsigner/CmdlineHelpers.java

@@ -29,7 +29,7 @@ public static String validBaseCommandOptions() {
         + "--downstream-http-tls-enabled "
         + "--downstream-http-tls-keystore-file=./test.ks "
         + "--downstream-http-tls-keystore-password-file=./test.pass "
-        + "--downstream-http-tls-ca-auth-disabled "
+        + "--downstream-http-tls-ca-auth-enabled=false "
         + "--downstream-http-tls-known-servers-file=./test.txt ";
   }