QLight (#1363)

* qlight: introduce the qlight protocol, the corresponding server/client handlers and the configuration/initialization logic

* qlight: register server peers to the peer set to allow for graceful protocol manager shutdown

* qlight poc - add support for privacy marker transaction

* qlight: add rpc proxying

* qlight: sort out contract extension

* qlight: eliminate tx receipt checks and replace with RPC calls for private transactions which are not referenced in public chain data

* qlight: transfer private block data over the RPC connection (only private data notifications remain on the P2P connection)

* qlight: force max peers to 1 and disable the local P2P listener for the qlight clients

* qlight: add private state root checks, restructure client cache logic

* qlight: apply updates from handler.go

* qlight: refactor client-side handler
use pointer embedding, error on unexpected msg types, no-op tx broadcast loop

* qlight: refactor server-side handler
error on unexpected msg types, remove tx fetcher

* qlight: refactor server-side handler
remove un-initialised and unstarted downloader, add TODOs to note additional testing/checking

* qlight: refactor client & server-side handlers
remove unused handlers

* qlight: allow qlight client to start in "raft mode" and remove raft P2P checks which ensure that the P2P node is in the raft cluster

* qlight: refactor client handler
remove unnecessary start/stop code for a qlight client

* qlight: add NewBlockHashesMsg to the QLightServerProtocolManager to handle the end of sync block broadcast from the client

* qlight: separate qlight into it's own P2P server (QP2P) on the server side, reintroduce raft peer checks

* qlight: add basic tls configuration for qlight P2P

* qlight: add file based permissioning to the qserver (qlight P2P server)

* qlight: add client token cli parameter, one way tls for the RPC client, token validation on qlight server (if multitenancy is enabled)

* qlight: transfer private block info over P2P protocol, remove RPC private block transfer code

* qlight: remove server-side cache
this is no longer needed as we are now pushing private block data directly to clients using the qlite p2p protocol instead of the client requesting private block data using the RPC API

* qlight: cleanup & remove eth_getQuorumPayloadsForBlock API

* qlight: remove unnecessary intermediary type for private data
Fields were converted to strings, transported, and then converted back to byte slices etc.

* qlight: add transaction notifications as empty txs in the client cache (they are overwritten when private block data arrives)

* Fix error message formatting which was breaking unit test.

* qlight: move qlight initialization logic to private.InitializeConection

* qlight: remove RegisterIdlePeer and disconnect when a qlight server connects to another qlight server

* qlight: move tls.Config construction to the qlight package

* qlight: decouple private block data retrieval and authorisation from qlight_server_handler

* qlight: introduce the qlight protocol, the corresponding server/client handlers and the configuration/initialization logic

* qlight: add rpc proxying

* qlight: register server peers to the peer set to allow for graceful protocol manager shutdown

* qlight: sort out contract extension

* qlight: eliminate tx receipt checks and replace with RPC calls for private transactions which are not referenced in public chain data

* qlight: transfer private block data over the RPC connection (only private data notifications remain on the P2P connection)

* qlight: add private state root checks, restructure client cache logic

* qlight: allow qlight client to start in "raft mode" and remove raft P2P checks which ensure that the P2P node is in the raft cluster

* qlight: separate qlight into it's own P2P server (QP2P) on the server side, reintroduce raft peer checks

* qlight: add file based permissioning to the qserver (qlight P2P server)

* qlight: transfer private block info over P2P protocol, remove RPC private block transfer code

* qlight: remove server-side cache
this is no longer needed as we are now pushing private block data directly to clients using the qlite p2p protocol instead of the client requesting private block data using the RPC API

* qlight: cleanup & remove eth_getQuorumPayloadsForBlock API

* qlight: remove unnecessary intermediary type for private data
Fields were converted to strings, transported, and then converted back to byte slices etc.

* qlight: unit tests for clientCache and PrivateBlockDataResolver

* qlight: fix lint issues

* qlight: add auth provider tests

* qlight: move qlight p2p config properties under the qlight.server.p2p prefix

* qlight: add caching proxy tests

* qlight: rebase and handler rewrite

* qlight: add extra tls config params

* Separate qlight client options for clarity

* Correction to description of qlight maxpeers option.

* qlight: allow qlight to cope with un-retrievable private state roots caused by enabling the private state cache on the qlight server

* qlight: cleanup

* qlight: introduce periodic checks for the qlight client token (on the qlight server)

* qlight: fix config unit tests

* qlight: refactor qlight config logic

* qlight: fix rpc tls client config

* use only 1 cacert config

* qlight: error handling and constants

* qlight: allow the client token to be updated in a running process

* use disallowed wording

* structure qlight client config

* qlight: fix ExtraMetadata rlp decoding (initialize ACHashes map)

* qlight: add auth token config params

* qlight: merge fixes

* qlight: remove unnecessary break stmts

* Update eth/protocols/qlight/broadcast.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* qlight: use inclusive terms (black listed -> disallowed)

* qlight: fix case statements

* Update cmd/geth/config.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update cmd/geth/config.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update cmd/geth/config.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update internal/ethapi/proxy_api.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update eth/handler_qlight_client.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update internal/ethapi/proxy_api.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update internal/ethapi/proxy_api.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update internal/ethapi/proxy_api.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update node/config.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* Update node/node.go

Co-authored-by: baptiste-b-pegasys <[email protected]>

* qlight: review feedback

* qlight: add pmt unit test

* qlight: add pmt unit test (check returned err)

Co-authored-by: SatpalSandhu61 <[email protected]>
Co-authored-by: chris <[email protected]>
Co-authored-by: Nam Truong <[email protected]>
Co-authored-by: baptiste-b-pegasys <[email protected]>
Co-authored-by: Antony Denyer <[email protected]>
Co-authored-by: Krish Swaminathan <[email protected]>

cmd/geth/config.go

@@ -18,6 +18,7 @@ package main
 
 import (
 	"bufio"
+	"crypto/tls"
 	"errors"
 	"fmt"
 	"math/big"
@@ -34,9 +35,13 @@ import (
 	"github.com/ethereum/go-ethereum/log"
 	"github.com/ethereum/go-ethereum/metrics"
 	"github.com/ethereum/go-ethereum/node"
+	"github.com/ethereum/go-ethereum/p2p"
+	"github.com/ethereum/go-ethereum/p2p/enode"
 	"github.com/ethereum/go-ethereum/params"
+	"github.com/ethereum/go-ethereum/permission/core"
 	"github.com/ethereum/go-ethereum/private"
 	"github.com/ethereum/go-ethereum/private/engine"
+	"github.com/ethereum/go-ethereum/qlight"
 	"github.com/naoina/toml"
 	"gopkg.in/urfave/cli.v1"
 )
@@ -135,6 +140,8 @@ func makeConfigNode(ctx *cli.Context) (*node.Node, gethConfig) {
 
 	// Apply flags.
 	utils.SetNodeConfig(ctx, &cfg.Node)
+	utils.SetQLightConfig(ctx, &cfg.Node, &cfg.Eth)
+
 	stack, err := node.New(&cfg.Node)
 	if err != nil {
 		utils.Fatalf("Failed to create the protocol stack: %v", err)
@@ -144,10 +151,74 @@ func makeConfigNode(ctx *cli.Context) (*node.Node, gethConfig) {
 		cfg.Ethstats.URL = ctx.GlobalString(utils.EthStatsURLFlag.Name)
 	}
 	applyMetricConfig(ctx, &cfg)
+	if cfg.Eth.QuorumLightServer {
+		p2p.SetQLightTLSConfig(readQLightServerTLSConfig(ctx))
+		// permissioning for the qlight P2P server
+		stack.QServer().SetNewTransportFunc(p2p.NewQlightServerTransport)
+		if ctx.GlobalIsSet(utils.QuorumLightServerP2PPermissioningFlag.Name) {
+			prefix := "qlight"
+			if ctx.GlobalIsSet(utils.QuorumLightServerP2PPermissioningPrefixFlag.Name) {
+				prefix = ctx.GlobalString(utils.QuorumLightServerP2PPermissioningPrefixFlag.Name)
+			}
+			fbp := core.NewFileBasedPermissoningWithPrefix(prefix)
+			stack.QServer().SetIsNodePermissioned(fbp.IsNodePermissionedEnode)
+		}
+	}
+	if cfg.Eth.QuorumLightClient.Enabled() {
+		p2p.SetQLightTLSConfig(readQLightClientTLSConfig(ctx))
+		stack.Server().SetNewTransportFunc(p2p.NewQlightClientTransport)
+	}
 
 	return stack, cfg
 }
 
+func readQLightClientTLSConfig(ctx *cli.Context) *tls.Config {
+	if !ctx.GlobalIsSet(utils.QuorumLightTLSFlag.Name) {
+		return nil
+	}
+	if !ctx.GlobalIsSet(utils.QuorumLightTLSCACertsFlag.Name) {
+		utils.Fatalf("QLight tls flag is set but no client certificate authorities has been provided")
+	}
+	tlsConfig, err := qlight.NewTLSConfig(&qlight.TLSConfig{
+		CACertFileName: ctx.GlobalString(utils.QuorumLightTLSCACertsFlag.Name),
+		CertFileName:   ctx.GlobalString(utils.QuorumLightTLSCertFlag.Name),
+		KeyFileName:    ctx.GlobalString(utils.QuorumLightTLSKeyFlag.Name),
+		ServerName:     enode.MustParse(ctx.GlobalString(utils.QuorumLightClientServerNodeFlag.Name)).IP().String(),
+		CipherSuites:   ctx.GlobalString(utils.QuorumLightTLSCipherSuitesFlag.Name),
+	})
+
+	if err != nil {
+		utils.Fatalf("Unable to load the specified tls configuration: %v", err)
+	}
+	return tlsConfig
+}
+
+func readQLightServerTLSConfig(ctx *cli.Context) *tls.Config {
+	if !ctx.GlobalIsSet(utils.QuorumLightTLSFlag.Name) {
+		return nil
+	}
+	if !ctx.GlobalIsSet(utils.QuorumLightTLSCertFlag.Name) {
+		utils.Fatalf("QLight TLS is enabled but no server certificate has been provided")
+	}
+	if !ctx.GlobalIsSet(utils.QuorumLightTLSKeyFlag.Name) {
+		utils.Fatalf("QLight TLS is enabled but no server key has been provided")
+	}
+
+	tlsConfig, err := qlight.NewTLSConfig(&qlight.TLSConfig{
+		CertFileName:         ctx.GlobalString(utils.QuorumLightTLSCertFlag.Name),
+		KeyFileName:          ctx.GlobalString(utils.QuorumLightTLSKeyFlag.Name),
+		ClientCACertFileName: ctx.GlobalString(utils.QuorumLightTLSCACertsFlag.Name),
+		ClientAuth:           ctx.GlobalInt(utils.QuorumLightTLSClientAuthFlag.Name),
+		CipherSuites:         ctx.GlobalString(utils.QuorumLightTLSCipherSuitesFlag.Name),
+	})
+
+	if err != nil {
+		utils.Fatalf("QLight TLS - unable to read server tls configuration: %v", err)
+	}
+
+	return tlsConfig
+}
+
 // makeFullNode loads geth configuration and creates the Ethereum backend.
 func makeFullNode(ctx *cli.Context) (*node.Node, ethapi.Backend) {
 	stack, cfg := makeConfigNode(ctx)
@@ -174,7 +245,7 @@ func makeFullNode(ctx *cli.Context) (*node.Node, ethapi.Backend) {
 		utils.RegisterPermissionService(stack, ctx.Bool(utils.RaftDNSEnabledFlag.Name), backend.ChainConfig().ChainID)
 	}
 
-	if ctx.GlobalBool(utils.RaftModeFlag.Name) {
+	if ctx.GlobalBool(utils.RaftModeFlag.Name) && !cfg.Eth.QuorumLightClient.Enabled() {
 		utils.RegisterRaftService(stack, ctx, &cfg.Node, ethService)
 	}
 
@@ -296,7 +367,7 @@ func quorumInitialisePrivacy(ctx *cli.Context) error {
 		return err
 	}
 
-	err = private.InitialiseConnection(cfg)
+	err = private.InitialiseConnection(cfg, ctx.GlobalIsSet(utils.QuorumLightClientFlag.Name))
 	if err != nil {
 		return err
 	}

cmd/geth/main.go

@@ -190,6 +190,30 @@ var (
 		utils.QuorumPTMTlsClientCertFlag,
 		utils.QuorumPTMTlsClientKeyFlag,
 		utils.QuorumPTMTlsInsecureSkipVerify,
+		utils.QuorumLightServerFlag,
+		utils.QuorumLightServerP2PListenPortFlag,
+		utils.QuorumLightServerP2PMaxPeersFlag,
+		utils.QuorumLightServerP2PNetrestrictFlag,
+		utils.QuorumLightServerP2PPermissioningFlag,
+		utils.QuorumLightServerP2PPermissioningPrefixFlag,
+		utils.QuorumLightClientFlag,
+		utils.QuorumLightClientPSIFlag,
+		utils.QuorumLightClientTokenEnabledFlag,
+		utils.QuorumLightClientTokenValueFlag,
+		utils.QuorumLightClientTokenManagementFlag,
+		utils.QuorumLightClientRPCTLSFlag,
+		utils.QuorumLightClientRPCTLSInsecureSkipVerifyFlag,
+		utils.QuorumLightClientRPCTLSCACertFlag,
+		utils.QuorumLightClientRPCTLSCertFlag,
+		utils.QuorumLightClientRPCTLSKeyFlag,
+		utils.QuorumLightClientServerNodeFlag,
+		utils.QuorumLightClientServerNodeRPCFlag,
+		utils.QuorumLightTLSFlag,
+		utils.QuorumLightTLSCertFlag,
+		utils.QuorumLightTLSKeyFlag,
+		utils.QuorumLightTLSCACertsFlag,
+		utils.QuorumLightTLSClientAuthFlag,
+		utils.QuorumLightTLSCipherSuitesFlag,
 		// End-Quorum
 	}
 

cmd/geth/usage.go

@@ -257,6 +257,35 @@ var AppHelpFlagGroups = []flags.FlagGroup{
 			utils.QuorumEnablePrivacyMarker,
 		},
 	},
+	{
+		Name: "QUORUM LIGHT CLIENT/SERVER",
+		Flags: []cli.Flag{
+			utils.QuorumLightServerFlag,
+			utils.QuorumLightServerP2PListenPortFlag,
+			utils.QuorumLightServerP2PMaxPeersFlag,
+			utils.QuorumLightServerP2PNetrestrictFlag,
+			utils.QuorumLightServerP2PPermissioningFlag,
+			utils.QuorumLightServerP2PPermissioningPrefixFlag,
+			utils.QuorumLightClientFlag,
+			utils.QuorumLightClientPSIFlag,
+			utils.QuorumLightClientTokenEnabledFlag,
+			utils.QuorumLightClientTokenValueFlag,
+			utils.QuorumLightClientTokenManagementFlag,
+			utils.QuorumLightClientRPCTLSFlag,
+			utils.QuorumLightClientRPCTLSInsecureSkipVerifyFlag,
+			utils.QuorumLightClientRPCTLSCACertFlag,
+			utils.QuorumLightClientRPCTLSCertFlag,
+			utils.QuorumLightClientRPCTLSKeyFlag,
+			utils.QuorumLightClientServerNodeFlag,
+			utils.QuorumLightClientServerNodeRPCFlag,
+			utils.QuorumLightTLSFlag,
+			utils.QuorumLightTLSCertFlag,
+			utils.QuorumLightTLSKeyFlag,
+			utils.QuorumLightTLSCACertsFlag,
+			utils.QuorumLightTLSClientAuthFlag,
+			utils.QuorumLightTLSCipherSuitesFlag,
+		},
+	},
 	{
 		Name: "QUORUM PRIVATE TRANSACTION MANAGER",
 		Flags: []cli.Flag{