PegaSysEng · lucassaldanha · Jul 11, 2019 · Jul 10, 2019 · Jul 11, 2019 · Jul 11, 2019
diff --git a/...java/tech/pegasys/pantheon/ethereum/permissioning/NodePermissioningControllerFactory.java b/...java/tech/pegasys/pantheon/ethereum/permissioning/NodePermissioningControllerFactory.java
@@ -26,8 +26,13 @@
 import java.util.List;
 import java.util.Optional;
 
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
 public class NodePermissioningControllerFactory {
 
+  private static final Logger LOG = LogManager.getLogger();
+
   public NodePermissioningController create(
       final PermissioningConfiguration permissioningConfiguration,
       final Synchronizer synchronizer,
@@ -75,6 +80,30 @@ public NodePermissioningController create(
     } else {
       syncStatusProviderOptional = Optional.empty();
     }
-    return new NodePermissioningController(syncStatusProviderOptional, providers);
+
+    NodePermissioningController nodePermissioningController =
+        new NodePermissioningController(syncStatusProviderOptional, providers);
+
+    validatePermissioningContract(nodePermissioningController);
+
+    return nodePermissioningController;
+  }
+
+  private void validatePermissioningContract(
+      final NodePermissioningController nodePermissioningController) {
+    LOG.debug("Validating onchain node permissioning smart contract configuration");
+
+    try {
+      // the enodeURLs don't matter. We just want to check if a call to the smart contract succeeds
+      nodePermissioningController.isPermitted(
+          EnodeURL.fromString(
+              "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@10.3.58.6:30303"),
+          EnodeURL.fromString(
+              "enode://6f8a80d14311c39f35f516fa664deaaaa13e85b2f7493f37f6144d86991ec012937307647bd3b9a82abe2974e1407241d54947bbb39763a4cac9f77166ad92a0@10.3.58.6:30303"));
+    } catch (Exception e) {
+      final String msg = "Error validating onchain node permissioning smart contract configuration";
+      LOG.error(msg + ":", e);
+      throw new IllegalStateException(msg, e);
+    }
   }
 }
diff --git a/.../tech/pegasys/pantheon/ethereum/permissioning/account/AccountPermissioningController.java b/.../tech/pegasys/pantheon/ethereum/permissioning/account/AccountPermissioningController.java
@@ -20,6 +20,7 @@
 
 import java.util.Optional;
 
+import com.google.common.annotations.VisibleForTesting;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -77,4 +78,10 @@ public boolean isPermitted(final Transaction transaction, final boolean includeO
       getAccountLocalConfigPermissioningController() {
     return accountLocalConfigPermissioningController;
   }
+
+  @VisibleForTesting
+  Optional<TransactionSmartContractPermissioningController>
+      getTransactionSmartContractPermissioningController() {
+    return transactionSmartContractPermissioningController;
+  }
 }
diff --git a/...egasys/pantheon/ethereum/permissioning/account/AccountPermissioningControllerFactory.java b/...egasys/pantheon/ethereum/permissioning/account/AccountPermissioningControllerFactory.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright 2019 ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package tech.pegasys.pantheon.ethereum.permissioning.account;
+
+import tech.pegasys.pantheon.crypto.SECP256K1;
+import tech.pegasys.pantheon.ethereum.core.Address;
+import tech.pegasys.pantheon.ethereum.core.Transaction;
+import tech.pegasys.pantheon.ethereum.core.Wei;
+import tech.pegasys.pantheon.ethereum.permissioning.AccountLocalConfigPermissioningController;
+import tech.pegasys.pantheon.ethereum.permissioning.LocalPermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.PermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.SmartContractPermissioningConfiguration;
+import tech.pegasys.pantheon.ethereum.permissioning.TransactionSmartContractPermissioningController;
+import tech.pegasys.pantheon.ethereum.transaction.TransactionSimulator;
+import tech.pegasys.pantheon.metrics.MetricsSystem;
+import tech.pegasys.pantheon.util.bytes.BytesValue;
+
+import java.util.Optional;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+public class AccountPermissioningControllerFactory {
+
+  private static final Logger LOG = LogManager.getLogger();
+
+  public static Optional<AccountPermissioningController> create(
+      final PermissioningConfiguration permissioningConfiguration,
+      final TransactionSimulator transactionSimulator,
+      final MetricsSystem metricsSystem) {
+
+    if (permissioningConfiguration == null) {
+      return Optional.empty();
+    }
+
+    final Optional<AccountLocalConfigPermissioningController>
+        accountLocalConfigPermissioningController =
+            buildLocalConfigPermissioningController(permissioningConfiguration, metricsSystem);
+
+    final Optional<TransactionSmartContractPermissioningController>
+        transactionSmartContractPermissioningController =
+            buildSmartContractPermissioningController(
+                permissioningConfiguration, transactionSimulator, metricsSystem);
+
+    if (accountLocalConfigPermissioningController.isPresent()
+        || transactionSmartContractPermissioningController.isPresent()) {
+      final AccountPermissioningController controller =
+          new AccountPermissioningController(
+              accountLocalConfigPermissioningController,
+              transactionSmartContractPermissioningController);
+
+      return Optional.of(controller);
+    } else {
+      return Optional.empty();
+    }
+  }
+
+  private static Optional<TransactionSmartContractPermissioningController>
+      buildSmartContractPermissioningController(
+          final PermissioningConfiguration permissioningConfiguration,
+          final TransactionSimulator transactionSimulator,
+          final MetricsSystem metricsSystem) {
+
+    if (permissioningConfiguration.getSmartContractConfig().isPresent()) {
+      final SmartContractPermissioningConfiguration smartContractPermissioningConfiguration =
+          permissioningConfiguration.getSmartContractConfig().get();
+
+      if (smartContractPermissioningConfiguration.isSmartContractAccountWhitelistEnabled()) {
+        final Address accountSmartContractAddress =
+            smartContractPermissioningConfiguration.getAccountSmartContractAddress();
+
+        Optional<TransactionSmartContractPermissioningController>
+            transactionSmartContractPermissioningController =
+                Optional.of(
+                    new TransactionSmartContractPermissioningController(
+                        accountSmartContractAddress, transactionSimulator, metricsSystem));
+        validatePermissioningContract(transactionSmartContractPermissioningController.get());
+
+        return transactionSmartContractPermissioningController;
+      }
+    }
+
+    return Optional.empty();
+  }
+
+  private static Optional<AccountLocalConfigPermissioningController>
+      buildLocalConfigPermissioningController(
+          final PermissioningConfiguration permissioningConfiguration,
+          final MetricsSystem metricsSystem) {
+
+    if (permissioningConfiguration.getLocalConfig().isPresent()) {
+      final LocalPermissioningConfiguration localPermissioningConfiguration =
+          permissioningConfiguration.getLocalConfig().get();
+
+      if (localPermissioningConfiguration.isAccountWhitelistEnabled()) {
+        return Optional.of(
+            new AccountLocalConfigPermissioningController(
+                localPermissioningConfiguration, metricsSystem));
+      }
+    }
+
+    return Optional.empty();
+  }
+
+  private static void validatePermissioningContract(
+      final TransactionSmartContractPermissioningController
+          transactionSmartContractPermissioningController) {
+    try {
+      LOG.debug("Validating onchain account permissioning smart contract configuration");
+
+      final SECP256K1.Signature FAKE_SIGNATURE =
+          SECP256K1.Signature.create(
+              SECP256K1.HALF_CURVE_ORDER, SECP256K1.HALF_CURVE_ORDER, (byte) 0);
+
+      final Transaction transaction =
+          Transaction.builder()
+              .sender(Address.ZERO)
+              .gasLimit(0)
+              .gasPrice(Wei.ZERO)
+              .value(Wei.ZERO)
+              .payload(BytesValue.EMPTY)
+              .nonce(0)
+              .signature(FAKE_SIGNATURE)
+              .build();
+
+      // We don't care about the validation result. All we need it to ensure the check doesn't fail
+      transactionSmartContractPermissioningController.isPermitted(transaction);
+    } catch (Exception e) {
+      final String msg =
+          "Error validating onchain account permissioning smart contract configuration";
+      LOG.error(msg + ":", e);
+      throw new IllegalStateException(msg, e);
+    }
+  }
+}