diff --git a/build.sbt b/build.sbt index b12e0bf0..54701c5a 100644 --- a/build.sbt +++ b/build.sbt @@ -68,6 +68,7 @@ libraryDependencies += "org.apache.hadoop" % "hadoop-common" % "3.2.0" libraryDependencies += "org.javatuples" % "javatuples" % "1.2" //add java encrpto for bc libraryDependencies += "org.bouncycastle" % "bcpkix-jdk15on" % "1.67" +libraryDependencies += "cglib" % "cglib" % "3.3.0" libraryDependencies ++= Seq( // "io.swagger" % "swagger-jaxrs" % "1.6.0", diff --git a/conf/genesis.conf b/conf/genesis.conf index 316cc9ac..442159e8 100644 --- a/conf/genesis.conf +++ b/conf/genesis.conf @@ -1,9 +1,9 @@ system{ - name = "121000005l35120456.node1" + name = "215159697776981712.node1" transaction-signer = [ - {name = "951002007l78123233.super_admin" + {name = "257091603041653856.super_admin" pwd = "super_admin"}, - {name = "121000005l35120456.node1" + {name = "215159697776981712.node1" pwd = "123"} ] @@ -16,46 +16,46 @@ system{ contract-name="RdidOperateAuthorizeTPL" contract-version=1 //版本号需要配置为整数 contract-code-path="src/main/scala/rep/sc/tpl/did/RdidOperateAuthorizeTPL.scala" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" } //账户注册时,账户的证书要放到相应的位置,如:在国际密码体系下(jks/{netword-id}/{account-name}.{account-cert-name}.cer) account-registration=[ { account-cert-name="super_admin" - account-name="951002007l78123233" + account-name="257091603041653856" phone-code="18912345678" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { account-cert-name="node1" - account-name="121000005l35120456" + account-name="215159697776981712" phone-code="18912345678" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { account-cert-name="node2" - account-name="12110107bi45jh675g" + account-name="904703631549900672" phone-code="18912345678" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { account-cert-name="node3" - account-name="122000002n00123567" + account-name="989038588418990208" phone-code="18912345678" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { account-cert-name="node4" - account-name="921000005k36123789" + account-name="645377164372772928" phone-code="18912345678" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { account-cert-name="node5" - account-name="921000006e0012v696" + account-name="379552050023903168" phone-code="18912345678" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" } ] //操作注册 @@ -65,98 +65,98 @@ system{ operate-desc="注册RDID" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.updateSignerStatus" operate-desc="禁用或启用RDID" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.updateSigner" operate-desc="更新信息" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.signUpCertificate" operate-desc="用户注册证书" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.updateCertificateStatus" operate-desc="用户禁用或启用证书" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.signUpAllTypeCertificate" operate-desc="用户可为所有人注册证书,需授权" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.updateAllTypeCertificateStatus" operate-desc="用户可为所有人禁用或启用证书,需授权,super_admin特殊处理" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.signUpOperate" operate-desc="注册操作,自己注册自己" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.updateOperateStatus" operate-desc="禁用或启用操作,自己更新自己名下的操作" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.grantOperate" operate-desc="授权操作" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.updateGrantOperateStatus" operate-desc="禁用或启用授权" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="RdidOperateAuthorizeTPL.bindCertToAuthorize" operate-desc="绑定证书到授权操作" is-publish=true is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="*.deploy" operate-desc="发布合约操作" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="*.setState" operate-desc="改变合约状态操作" is-publish=false is-contract-operate=true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, @@ -167,119 +167,119 @@ system{ operate-desc="获取链信息" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="chaininfo.node" operate-desc="返回组网节点数量" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="chaininfo.getcachetransnumber" operate-desc="返回系统缓存交易数量" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="chaininfo.getAcceptedTransNumber" operate-desc="返回系统接收到的交易数量" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="block.hash" operate-desc="返回指定id的区块" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="block.blockHeight" operate-desc="返回指定高度的区块" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="block.getTransNumberOfBlock" operate-desc="返回指定高度区块包含的交易数" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="block.blocktime" operate-desc="返回指定高度的区块的出块时间" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="block.blocktimeoftran" operate-desc="返回指定交易的入块时间" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="block.stream" operate-desc="返回指定高度的区块字节流" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="transaction" operate-desc="返回指定id的交易" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="transaction.stream" operate-desc="返回指定id的交易字节流" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="transaction.postTranByString" operate-desc="提交带签名的交易" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="transaction.postTranStream" operate-desc="提交带签名的交易字节流" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="transaction.postTran" operate-desc="提交交易" is-publish=true is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="transaction.tranInfoAndHeight" operate-desc="回指定id的交易信息及所在区块高度" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" }, { operate-name="db.query" operate-desc="查询合约存储在DB中的数据" is-publish=false is-contract-operate=false - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" } ] @@ -317,9 +317,9 @@ system{ ,"transaction.postTran" ,"transaction.tranInfoAndHeight" ,"db.query"] - grantees = ["121000005l35120456","12110107bi45jh675g","122000002n00123567","921000005k36123789","921000006e0012v696"] + grantees = ["215159697776981712","12110107bi45jh675g","122000002n00123567","921000005k36123789","921000006e0012v696"] is-transfer = true - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" } ] //自定义调用合约,在DID合约中,目前没有自定义调用 @@ -332,7 +332,7 @@ system{ contract-name="ContractAssetsTPL" contract-version=1 //版本号需要配置为整数 contract-code-path="src/main/scala/rep/sc/tpl/ContractAssetsTPL.scala" - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" } operate-registration=[ { @@ -340,21 +340,21 @@ system{ operate-desc="转账交易" is-publish=true is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="ContractAssetsTPL.set" operate-desc="初始化账户" is-publish=false is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="ContractAssetsTPL.putProof" operate-desc="存证" is-publish=true is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" } ] custom-contract-invokes=[ @@ -362,8 +362,8 @@ system{ contract-name="ContractAssetsTPL" contract-version=1 //版本号需要配置为整数 method-name="set" - method-parameter=""api_req/json/set.json"" //调用合约的参数从json文件中读取 - transaction-signer="951002007l78123233.super_admin" + method-parameter=""api_req/json/gm/setGm.json"" //调用合约的参数从json文件中读取 + transaction-signer="257091603041653856.super_admin" } ] }, @@ -372,7 +372,7 @@ system{ contract-name="RVerifiableCredentialTPL" contract-version=1 //版本号需要配置为整数 contract-code-path="src/main/scala/rep/sc/tpl/did/RVerifiableCredentialTPL.scala" - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" } operate-registration=[ { @@ -380,35 +380,35 @@ system{ operate-desc="注册可验证凭据属性结构" is-publish=true is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="RVerifiableCredentialTPL.updateCCSStatus" operate-desc="更新可验证凭据属性结构有效状态" is-publish=false is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="RVerifiableCredentialTPL.signupVCStatus" operate-desc="注册可验证凭据状态" is-publish=true is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="RVerifiableCredentialTPL.updateVCStatus" operate-desc="更新可验证凭据状态" is-publish=true is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="RVerifiableCredentialTPL.revokeVCClaims" operate-desc="撤销可验证凭据属性状态" is-publish=true is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" } ] custom-contract-invokes=[ @@ -419,7 +419,7 @@ system{ contract-name="InterfaceCooperation" contract-version=1 //版本号需要配置为整数 contract-code-path="src/main/scala/rep/sc/tpl/cooper/InterfaceCooperation.scala" - transaction-signer="951002007l78123233.super_admin" + transaction-signer="257091603041653856.super_admin" } operate-registration=[ { @@ -427,28 +427,28 @@ system{ operate-desc="注册接口定义" is-publish=false is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="InterfaceCooperation.registerApiService" operate-desc="注册接口服务" is-publish=false is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="InterfaceCooperation.registerApiAckReceive" operate-desc="注册接口应答" is-publish=false is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" }, { operate-name="InterfaceCooperation.reqAckProof" operate-desc="请求应答存证" is-publish=false is-contract-operate=true - transaction-signer="121000005l35120456.node1" + transaction-signer="215159697776981712.node1" } ] custom-contract-invokes=[ diff --git a/conf/genesis_gm.conf b/conf/genesis_gm.conf new file mode 100644 index 00000000..442159e8 --- /dev/null +++ b/conf/genesis_gm.conf @@ -0,0 +1,458 @@ +system{ + name = "215159697776981712.node1" + transaction-signer = [ + {name = "257091603041653856.super_admin" + pwd = "super_admin"}, + {name = "215159697776981712.node1" + pwd = "123"} + ] + + did-contract { + //以下合约名和版本号必须跟部署里面的合约名以及版本号必须一致,在业务链中可以不用部署,但是可以用来注册账户、操作、授权功能 + contract-name="RdidOperateAuthorizeTPL" + contract-version=1 //版本号需要配置为整数 + //如果是在单纯的业务链的创世块中,可以不用定义以下部分。 + deploy{ + contract-name="RdidOperateAuthorizeTPL" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/did/RdidOperateAuthorizeTPL.scala" + transaction-signer="257091603041653856.super_admin" + } + + //账户注册时,账户的证书要放到相应的位置,如:在国际密码体系下(jks/{netword-id}/{account-name}.{account-cert-name}.cer) + account-registration=[ + { + account-cert-name="super_admin" + account-name="257091603041653856" + phone-code="18912345678" + transaction-signer="257091603041653856.super_admin" + }, + { + account-cert-name="node1" + account-name="215159697776981712" + phone-code="18912345678" + transaction-signer="257091603041653856.super_admin" + }, + { + account-cert-name="node2" + account-name="904703631549900672" + phone-code="18912345678" + transaction-signer="257091603041653856.super_admin" + }, + { + account-cert-name="node3" + account-name="989038588418990208" + phone-code="18912345678" + transaction-signer="257091603041653856.super_admin" + }, + { + account-cert-name="node4" + account-name="645377164372772928" + phone-code="18912345678" + transaction-signer="257091603041653856.super_admin" + }, + { + account-cert-name="node5" + account-name="379552050023903168" + phone-code="18912345678" + transaction-signer="257091603041653856.super_admin" + } + ] + //操作注册 + operate-registration=[ + { + operate-name="RdidOperateAuthorizeTPL.signUpSigner" + operate-desc="注册RDID" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateSignerStatus" + operate-desc="禁用或启用RDID" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateSigner" + operate-desc="更新信息" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.signUpCertificate" + operate-desc="用户注册证书" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateCertificateStatus" + operate-desc="用户禁用或启用证书" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.signUpAllTypeCertificate" + operate-desc="用户可为所有人注册证书,需授权" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateAllTypeCertificateStatus" + operate-desc="用户可为所有人禁用或启用证书,需授权,super_admin特殊处理" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.signUpOperate" + operate-desc="注册操作,自己注册自己" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateOperateStatus" + operate-desc="禁用或启用操作,自己更新自己名下的操作" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.grantOperate" + operate-desc="授权操作" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateGrantOperateStatus" + operate-desc="禁用或启用授权" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.bindCertToAuthorize" + operate-desc="绑定证书到授权操作" + is-publish=true + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="*.deploy" + operate-desc="发布合约操作" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="*.setState" + operate-desc="改变合约状态操作" + is-publish=false + is-contract-operate=true + transaction-signer="257091603041653856.super_admin" + }, + + + + + { + operate-name="chaininfo.chaininfo" + operate-desc="获取链信息" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="chaininfo.node" + operate-desc="返回组网节点数量" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="chaininfo.getcachetransnumber" + operate-desc="返回系统缓存交易数量" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="chaininfo.getAcceptedTransNumber" + operate-desc="返回系统接收到的交易数量" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="block.hash" + operate-desc="返回指定id的区块" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="block.blockHeight" + operate-desc="返回指定高度的区块" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="block.getTransNumberOfBlock" + operate-desc="返回指定高度区块包含的交易数" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="block.blocktime" + operate-desc="返回指定高度的区块的出块时间" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="block.blocktimeoftran" + operate-desc="返回指定交易的入块时间" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="block.stream" + operate-desc="返回指定高度的区块字节流" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="transaction" + operate-desc="返回指定id的交易" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="transaction.stream" + operate-desc="返回指定id的交易字节流" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="transaction.postTranByString" + operate-desc="提交带签名的交易" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="transaction.postTranStream" + operate-desc="提交带签名的交易字节流" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="transaction.postTran" + operate-desc="提交交易" + is-publish=true + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="transaction.tranInfoAndHeight" + operate-desc="回指定id的交易信息及所在区块高度" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + }, + { + operate-name="db.query" + operate-desc="查询合约存储在DB中的数据" + is-publish=false + is-contract-operate=false + transaction-signer="257091603041653856.super_admin" + } + ] + + //授权注册 + authorizes-registration = [ + { + actions-Granteds = ["RdidOperateAuthorizeTPL.signUpSigner" + ,"RdidOperateAuthorizeTPL.updateSignerStatus" + ,"RdidOperateAuthorizeTPL.updateSigner" + ,"RdidOperateAuthorizeTPL.signUpCertificate" + ,"RdidOperateAuthorizeTPL.updateCertificateStatus" + ,"RdidOperateAuthorizeTPL.signUpAllTypeCertificate" + ,"RdidOperateAuthorizeTPL.updateAllTypeCertificateStatus" + ,"RdidOperateAuthorizeTPL.signUpOperate" + ,"RdidOperateAuthorizeTPL.updateOperateStatus" + ,"RdidOperateAuthorizeTPL.grantOperate" + ,"RdidOperateAuthorizeTPL.updateGrantOperateStatus" + ,"RdidOperateAuthorizeTPL.bindCertToAuthorize" + ,"*.deploy" + ,"*.setState" + ,"chaininfo.chaininfo" + ,"chaininfo.node" + ,"chaininfo.getcachetransnumber" + ,"chaininfo.getAcceptedTransNumber" + ,"block.hash" + ,"block.blockHeight" + ,"block.getTransNumberOfBlock" + ,"block.blocktime" + ,"block.blocktimeoftran" + ,"block.stream" + ,"transaction" + ,"transaction.stream" + ,"transaction.postTranByString" + ,"transaction.postTranStream" + ,"transaction.postTran" + ,"transaction.tranInfoAndHeight" + ,"db.query"] + grantees = ["215159697776981712","12110107bi45jh675g","122000002n00123567","921000005k36123789","921000006e0012v696"] + is-transfer = true + transaction-signer="257091603041653856.super_admin" + } + ] + //自定义调用合约,在DID合约中,目前没有自定义调用 + custom-contract-invokes=[] + } + + custom-contracts=[ + { + deploy{ + contract-name="ContractAssetsTPL" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/ContractAssetsTPL.scala" + transaction-signer="215159697776981712.node1" + } + operate-registration=[ + { + operate-name="ContractAssetsTPL.transfer" + operate-desc="转账交易" + is-publish=true + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="ContractAssetsTPL.set" + operate-desc="初始化账户" + is-publish=false + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="ContractAssetsTPL.putProof" + operate-desc="存证" + is-publish=true + is-contract-operate=true + transaction-signer="215159697776981712.node1" + } + ] + custom-contract-invokes=[ + { + contract-name="ContractAssetsTPL" + contract-version=1 //版本号需要配置为整数 + method-name="set" + method-parameter=""api_req/json/gm/setGm.json"" //调用合约的参数从json文件中读取 + transaction-signer="257091603041653856.super_admin" + } + ] + }, + { + deploy{ + contract-name="RVerifiableCredentialTPL" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/did/RVerifiableCredentialTPL.scala" + transaction-signer="215159697776981712.node1" + } + operate-registration=[ + { + operate-name="RVerifiableCredentialTPL.signupCCS" + operate-desc="注册可验证凭据属性结构" + is-publish=true + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="RVerifiableCredentialTPL.updateCCSStatus" + operate-desc="更新可验证凭据属性结构有效状态" + is-publish=false + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="RVerifiableCredentialTPL.signupVCStatus" + operate-desc="注册可验证凭据状态" + is-publish=true + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="RVerifiableCredentialTPL.updateVCStatus" + operate-desc="更新可验证凭据状态" + is-publish=true + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="RVerifiableCredentialTPL.revokeVCClaims" + operate-desc="撤销可验证凭据属性状态" + is-publish=true + is-contract-operate=true + transaction-signer="215159697776981712.node1" + } + ] + custom-contract-invokes=[ + ] + }, + { + deploy{ + contract-name="InterfaceCooperation" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/cooper/InterfaceCooperation.scala" + transaction-signer="257091603041653856.super_admin" + } + operate-registration=[ + { + operate-name="InterfaceCooperation.registerApiDefinition" + operate-desc="注册接口定义" + is-publish=false + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="InterfaceCooperation.registerApiService" + operate-desc="注册接口服务" + is-publish=false + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="InterfaceCooperation.registerApiAckReceive" + operate-desc="注册接口应答" + is-publish=false + is-contract-operate=true + transaction-signer="215159697776981712.node1" + }, + { + operate-name="InterfaceCooperation.reqAckProof" + operate-desc="请求应答存证" + is-publish=false + is-contract-operate=true + transaction-signer="215159697776981712.node1" + } + ] + custom-contract-invokes=[ + ] + } + ] +} \ No newline at end of file diff --git a/conf/genesis_internaltional.conf b/conf/genesis_internaltional.conf new file mode 100644 index 00000000..cd6a3cf5 --- /dev/null +++ b/conf/genesis_internaltional.conf @@ -0,0 +1,458 @@ +system{ + name = "121000005l35120456.node1" + transaction-signer = [ + {name = "951002007l78123233.super_admin" + pwd = "super_admin"}, + {name = "121000005l35120456.node1" + pwd = "123"} + ] + + did-contract { + //以下合约名和版本号必须跟部署里面的合约名以及版本号必须一致,在业务链中可以不用部署,但是可以用来注册账户、操作、授权功能 + contract-name="RdidOperateAuthorizeTPL" + contract-version=1 //版本号需要配置为整数 + //如果是在单纯的业务链的创世块中,可以不用定义以下部分。 + deploy{ + contract-name="RdidOperateAuthorizeTPL" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/did/RdidOperateAuthorizeTPL.scala" + transaction-signer="951002007l78123233.super_admin" + } + + //账户注册时,账户的证书要放到相应的位置,如:在国际密码体系下(jks/{netword-id}/{account-name}.{account-cert-name}.cer) + account-registration=[ + { + account-cert-name="super_admin" + account-name="951002007l78123233" + phone-code="18912345678" + transaction-signer="951002007l78123233.super_admin" + }, + { + account-cert-name="node1" + account-name="121000005l35120456" + phone-code="18912345678" + transaction-signer="951002007l78123233.super_admin" + }, + { + account-cert-name="node2" + account-name="12110107bi45jh675g" + phone-code="18912345678" + transaction-signer="951002007l78123233.super_admin" + }, + { + account-cert-name="node3" + account-name="122000002n00123567" + phone-code="18912345678" + transaction-signer="951002007l78123233.super_admin" + }, + { + account-cert-name="node4" + account-name="921000005k36123789" + phone-code="18912345678" + transaction-signer="951002007l78123233.super_admin" + }, + { + account-cert-name="node5" + account-name="921000006e0012v696" + phone-code="18912345678" + transaction-signer="951002007l78123233.super_admin" + } + ] + //操作注册 + operate-registration=[ + { + operate-name="RdidOperateAuthorizeTPL.signUpSigner" + operate-desc="注册RDID" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateSignerStatus" + operate-desc="禁用或启用RDID" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateSigner" + operate-desc="更新信息" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.signUpCertificate" + operate-desc="用户注册证书" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateCertificateStatus" + operate-desc="用户禁用或启用证书" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.signUpAllTypeCertificate" + operate-desc="用户可为所有人注册证书,需授权" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateAllTypeCertificateStatus" + operate-desc="用户可为所有人禁用或启用证书,需授权,super_admin特殊处理" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.signUpOperate" + operate-desc="注册操作,自己注册自己" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateOperateStatus" + operate-desc="禁用或启用操作,自己更新自己名下的操作" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.grantOperate" + operate-desc="授权操作" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.updateGrantOperateStatus" + operate-desc="禁用或启用授权" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="RdidOperateAuthorizeTPL.bindCertToAuthorize" + operate-desc="绑定证书到授权操作" + is-publish=true + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="*.deploy" + operate-desc="发布合约操作" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="*.setState" + operate-desc="改变合约状态操作" + is-publish=false + is-contract-operate=true + transaction-signer="951002007l78123233.super_admin" + }, + + + + + { + operate-name="chaininfo.chaininfo" + operate-desc="获取链信息" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="chaininfo.node" + operate-desc="返回组网节点数量" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="chaininfo.getcachetransnumber" + operate-desc="返回系统缓存交易数量" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="chaininfo.getAcceptedTransNumber" + operate-desc="返回系统接收到的交易数量" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="block.hash" + operate-desc="返回指定id的区块" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="block.blockHeight" + operate-desc="返回指定高度的区块" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="block.getTransNumberOfBlock" + operate-desc="返回指定高度区块包含的交易数" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="block.blocktime" + operate-desc="返回指定高度的区块的出块时间" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="block.blocktimeoftran" + operate-desc="返回指定交易的入块时间" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="block.stream" + operate-desc="返回指定高度的区块字节流" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="transaction" + operate-desc="返回指定id的交易" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="transaction.stream" + operate-desc="返回指定id的交易字节流" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="transaction.postTranByString" + operate-desc="提交带签名的交易" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="transaction.postTranStream" + operate-desc="提交带签名的交易字节流" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="transaction.postTran" + operate-desc="提交交易" + is-publish=true + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="transaction.tranInfoAndHeight" + operate-desc="回指定id的交易信息及所在区块高度" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + }, + { + operate-name="db.query" + operate-desc="查询合约存储在DB中的数据" + is-publish=false + is-contract-operate=false + transaction-signer="951002007l78123233.super_admin" + } + ] + + //授权注册 + authorizes-registration = [ + { + actions-Granteds = ["RdidOperateAuthorizeTPL.signUpSigner" + ,"RdidOperateAuthorizeTPL.updateSignerStatus" + ,"RdidOperateAuthorizeTPL.updateSigner" + ,"RdidOperateAuthorizeTPL.signUpCertificate" + ,"RdidOperateAuthorizeTPL.updateCertificateStatus" + ,"RdidOperateAuthorizeTPL.signUpAllTypeCertificate" + ,"RdidOperateAuthorizeTPL.updateAllTypeCertificateStatus" + ,"RdidOperateAuthorizeTPL.signUpOperate" + ,"RdidOperateAuthorizeTPL.updateOperateStatus" + ,"RdidOperateAuthorizeTPL.grantOperate" + ,"RdidOperateAuthorizeTPL.updateGrantOperateStatus" + ,"RdidOperateAuthorizeTPL.bindCertToAuthorize" + ,"*.deploy" + ,"*.setState" + ,"chaininfo.chaininfo" + ,"chaininfo.node" + ,"chaininfo.getcachetransnumber" + ,"chaininfo.getAcceptedTransNumber" + ,"block.hash" + ,"block.blockHeight" + ,"block.getTransNumberOfBlock" + ,"block.blocktime" + ,"block.blocktimeoftran" + ,"block.stream" + ,"transaction" + ,"transaction.stream" + ,"transaction.postTranByString" + ,"transaction.postTranStream" + ,"transaction.postTran" + ,"transaction.tranInfoAndHeight" + ,"db.query"] + grantees = ["121000005l35120456","12110107bi45jh675g","122000002n00123567","921000005k36123789","921000006e0012v696"] + is-transfer = true + transaction-signer="951002007l78123233.super_admin" + } + ] + //自定义调用合约,在DID合约中,目前没有自定义调用 + custom-contract-invokes=[] + } + + custom-contracts=[ + { + deploy{ + contract-name="ContractAssetsTPL" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/ContractAssetsTPL.scala" + transaction-signer="121000005l35120456.node1" + } + operate-registration=[ + { + operate-name="ContractAssetsTPL.transfer" + operate-desc="转账交易" + is-publish=true + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="ContractAssetsTPL.set" + operate-desc="初始化账户" + is-publish=false + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="ContractAssetsTPL.putProof" + operate-desc="存证" + is-publish=true + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + } + ] + custom-contract-invokes=[ + { + contract-name="ContractAssetsTPL" + contract-version=1 //版本号需要配置为整数 + method-name="set" + method-parameter=""api_req/json/set.json"" //调用合约的参数从json文件中读取 + transaction-signer="951002007l78123233.super_admin" + } + ] + }, + { + deploy{ + contract-name="RVerifiableCredentialTPL" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/did/RVerifiableCredentialTPL.scala" + transaction-signer="121000005l35120456.node1" + } + operate-registration=[ + { + operate-name="RVerifiableCredentialTPL.signupCCS" + operate-desc="注册可验证凭据属性结构" + is-publish=true + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="RVerifiableCredentialTPL.updateCCSStatus" + operate-desc="更新可验证凭据属性结构有效状态" + is-publish=false + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="RVerifiableCredentialTPL.signupVCStatus" + operate-desc="注册可验证凭据状态" + is-publish=true + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="RVerifiableCredentialTPL.updateVCStatus" + operate-desc="更新可验证凭据状态" + is-publish=true + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="RVerifiableCredentialTPL.revokeVCClaims" + operate-desc="撤销可验证凭据属性状态" + is-publish=true + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + } + ] + custom-contract-invokes=[ + ] + }, + { + deploy{ + contract-name="InterfaceCooperation" + contract-version=1 //版本号需要配置为整数 + contract-code-path="src/main/scala/rep/sc/tpl/cooper/InterfaceCooperation.scala" + transaction-signer="951002007l78123233.super_admin" + } + operate-registration=[ + { + operate-name="InterfaceCooperation.registerApiDefinition" + operate-desc="注册接口定义" + is-publish=false + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="InterfaceCooperation.registerApiService" + operate-desc="注册接口服务" + is-publish=false + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="InterfaceCooperation.registerApiAckReceive" + operate-desc="注册接口应答" + is-publish=false + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + }, + { + operate-name="InterfaceCooperation.reqAckProof" + operate-desc="请求应答存证" + is-publish=false + is-contract-operate=true + transaction-signer="121000005l35120456.node1" + } + ] + custom-contract-invokes=[ + ] + } + ] +} \ No newline at end of file diff --git a/conf/gm/215159697776981712.node1/system.conf b/conf/gm/215159697776981712.node1/system.conf new file mode 100644 index 00000000..a2187605 --- /dev/null +++ b/conf/gm/215159697776981712.node1/system.conf @@ -0,0 +1,229 @@ +akka { + actor { + warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on + default-mailbox { + #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 + mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" + } + + default-dispatcher { + #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 + parallelism-min = 2 #最小的线程数 + parallelism-factor = 4.0 #并行因子配置 + parallelism-max = 20 #最大的线程数 + throughput = 10 + } + } + + remote { + #artery模式下的配置 + artery { + #canonical.hostname = "192.168.10.155" + #canonical.hostname = "192.168.31.155" + canonical.hostname = "127.0.0.1" + canonical.port = 22522 + ssl { + #节点的ssl配置,主要设置密码,密钥、证书、信任证书路径在程序中动态设置 + config-ssl-engine { + key-password = "123" + key-store-password = "123" + trust-store-password = "changeme" + } + } + } + } + + #以下两项配置是针对集群节点出现不可达是来配置的 在akka 2.6.13中适应 + #coordinated-shutdown.exit-jvm = on + #coordinated-shutdown.exit-code = 0 + cluster { + #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// + #artery模式下的配置 + #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] + #seed-nodes = ["akka://Repchain@192.168.31.155:22522", "akka://Repchain@192.168.31.155:22523", "akka://Repchain@192.168.31.155:22526"] + seed-nodes = ["akka://Repchain@127.0.0.1:22522"] + + } +} + +akka.http { + #akka 与http服务相关的配置 + idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 + server { + server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 + idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 + request-timeout = 100s #请求对超时时间 + max-connections = 1024#最大对连接数 + } + client { + idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 + connecting-timeout = 100s#建立连接对超时时间 + } + tls-session-info-header = off + ssl-session-attribute = off +} + +system { + #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 + #genesis_node_name_jks = "121000005l35120456.node1" + #chain_cert_name_jks = "951002007l78123233.super_admin" + + genesis_node_name = "215159697776981712.node1" + chain_cert_name = "identity-net:257091603041653856.super_admin" + chain_network_id = "identity-net" #组网id,组网id的命名不能包含"_"这样的字符 + basic_chain_id = "identity-net" + #api是否开启 + api{ + ws_enable = 1#api 0,不开启;1,开启 + http_mode = 0 #http协议模式 0,http;1,https 默认使用http + is_need_client_auth = 0 #当http的模式设置为https时有效,该配置指https时是否需要客户端验证;0=不验证;1=验证 + #实时图的事件是否发送,如果不发送,前端实时图将收不到任何消息。 + real_time_graph_enable = 1#0 unable;1 enable; default 1 + http_service_port = 9081#http服务的端口号,默认为8081 + } + + #交易生产方式 + trans_create_type = 0#0,手动;1,自动 + #是否进行TPS测试 + statistic_enable = 0 # 0,unable;able + + + http_service_actor_number = 5 //接收http请求的actor数量 + is_broadcast_transaction = 1//是否广播交易,1=广播;0:不广播 + check_cert_validate = 0#设置是否检查证书的有效性,默认为0 0=不校验,1=校验 + contract_operation_mode = 1#设置合约的运行方式,0=debug方式,1=deploy,默认为debug方式,如果发布部署,必须使用deploy方式。 + + number_of_transProcessor = 10# + + has_preload_trans_of_api = true#API接收交易时,是否做交易的预执行检查。默认值true + + is_verify_of_endorsement = true#在出块时,背书节点是否验证交易,默认值true + + number_of_endorsement = 2#该参数确认背书比例,可选值:1,2,3;如果等于1, 表示有一个出块签名就可以了;如果等于2,表示达成共识需要大于节点的1/2;如果等于3,表示达成共识需要大于节点的2/3;默认值是2. + + is_persistence_tx_to_db = 0 #0,不持久化缓存交易到数据库;1,持久化缓存交易到数据库 + + block { + #块内交易的最大数量 + trans_num_limit = 200 + #块内交易标准最小数量 + trans_num_min = 1 + #交易数量不足,重试次数 + retry_time = 10 + #区块的最大长度,不能大于传输的消息的最大长度,单位是字节 + block_length = 2400000 + } + + vote { + #最低投票人数量 + vote_node_min = 4 + #参与共识的节点别名 + vote_node_list_jks = ["121000005l35120456.node1", "12110107bi45jh675g.node2", + "122000002n00123567.node3", "921000005k36123789.node4" + #] + , "921000006e0012v696.node5"] + vote_node_list = ["215159697776981712.node1","904703631549900672.node2","989038588418990208.node3", + "645377164372772928.node4","379552050023903168.node5"] + } + account { + chain_code_name = "RdidOperateAuthorizeTPL"#账户管理合约的名称,使用did配置:RdidOperateAuthorizeTPL;使用非did配置:ContractCert + chain_code_version = 1 + cache_size = 10000 //账户权限信息缓存大小,默认10000 + } + + member_management{ + contract_name = "ManageNodeCert" + contract_method = "updateNodeCert" + contract_vote_method = "updateVoteList" + } + + disk_space_manager { + disk_space_alarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 + } + + transaction { + #辅助自动创建交易的间隔 + tran_create_dur = 100 #millis + #最大交易缓存量 + max_cache_num = 100000 + } + + cluster { + #节点入网稳定时间 + node_stable_delay = 5000 #millis + } + + storage { + db_type = "LevelDB" #支持数据库的类型:LevelDB、RocksDB + db_path = "./repchaindata/data/leveldbdata" + db_name = "215159697776981712.node1" + db_cache_size=48 #数据库读写缓存,单位为M + + block_file_type = "localFileSystem" + block_file_path = "./repchaindata/data/blockdata" + block_file_name = "215159697776981712.node1" + file_max_length = 100 #单位为M + } + + gm{ + #是否使用国密算法,默认为false,使用java国际标准密码体系;true使用中国国家密码算法 + is_use_gm = true + #jce密码算法提供者的类名 + gm_jce_provider = "org.bouncycastle.jce.provider.BouncyCastleProvider" + #密码算法提供者注册时的注册名称 + gm_jce_provider_name = "BC" + gm_jsse_provider = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider" + gm_jsse_provider_name = "BCJSSE" + gm_pfx_sign_key_name = "Sig" + } + + output_alert{ + is_output_alert = false + core_threads = 2 + max_threads = 4 + alive_time = 10 //unit second + prisma_url = "http://localhost/" + } + + time { + #通用稳定延迟 + stable_time_dur = 5000 #millis,确保block模块能够接收到confirm的块数据 + + block { + #投票选举重试间隔 + vote_retry_delay = 200 + #投票重试无果后等待时间 + #waiting_delay = 3600000 + waiting_delay = 3600 + } + + #超时策略:1,手动;0,自动 + timeout_policy_type = 1 + + timeout { + #Unit : Second 以下的超时时间一般采用默认配置 + #For auto 自动采用的超时时间 + #base_preload = 30#交易预执行的超时时间,单位是s + #base_vote = 20#内部消息传递速度快,抽签的超时时间 + #base_sync = 20#没有耗时操作,没有大块传输的情况下 + #base_addition = 0#冗余量,不用配置 + + #For config manually 手工设置超时时间,系统主动采用手工设置的时间,可以不用设置 + block = 90#出块的超时时间 + endorse = 20#背书超时时间,单位为秒 + endorse_resend_times = 3#背书失败的次数,超过该次数就等待出块超时 + transaction_preload = 12 + sync_chain = 15#链同步的超时时间 + transaction_waiting = 900#交易在交易池中等待入块到的超时时间,单位是秒 + } + } + + consensus { + #共识类型,目前只支持一种 + type = "CFRD"//内置三种共识协议,CFRD、RAFT、PBFT、CFRDINSTREAM + synch_type="CFRD"//内置两种同步类型,CFRD最高的高度的节点数大于一半;RAFT按照最高高度进行同步 + block_number_of_raft = 3 + is_stream = 1 + } + +} diff --git a/conf/gm/379552050023903168.node5/system.conf b/conf/gm/379552050023903168.node5/system.conf new file mode 100644 index 00000000..889f3a83 --- /dev/null +++ b/conf/gm/379552050023903168.node5/system.conf @@ -0,0 +1,229 @@ +akka { + actor { + warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on + default-mailbox { + #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 + mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" + } + + default-dispatcher { + #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 + parallelism-min = 2 #最小的线程数 + parallelism-factor = 4.0 #并行因子配置 + parallelism-max = 20 #最大的线程数 + throughput = 10 + } + } + + remote { + #artery模式下的配置 + artery { + #canonical.hostname = "192.168.10.155" + #canonical.hostname = "192.168.31.155" + canonical.hostname = "127.0.0.1" + canonical.port = 22523 + ssl { + #节点的ssl配置,主要设置密码,密钥、证书、信任证书路径在程序中动态设置 + config-ssl-engine { + key-password = "123" + key-store-password = "123" + trust-store-password = "changeme" + } + } + } + } + + #以下两项配置是针对集群节点出现不可达是来配置的 在akka 2.6.13中适应 + #coordinated-shutdown.exit-jvm = on + #coordinated-shutdown.exit-code = 0 + cluster { + #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// + #artery模式下的配置 + #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] + #seed-nodes = ["akka://Repchain@192.168.31.155:22522", "akka://Repchain@192.168.31.155:22523", "akka://Repchain@192.168.31.155:22526"] + seed-nodes = ["akka://Repchain@127.0.0.1:22522"] + + } +} + +akka.http { + #akka 与http服务相关的配置 + idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 + server { + server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 + idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 + request-timeout = 100s #请求对超时时间 + max-connections = 1024#最大对连接数 + } + client { + idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 + connecting-timeout = 100s#建立连接对超时时间 + } + tls-session-info-header = off + ssl-session-attribute = off +} + +system { + #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 + #genesis_node_name_jks = "121000005l35120456.node1" + #chain_cert_name_jks = "951002007l78123233.super_admin" + + genesis_node_name = "215159697776981712.node1" + chain_cert_name = "identity-net:257091603041653856.super_admin" + chain_network_id = "identity-net" #组网id,组网id的命名不能包含"_"这样的字符 + basic_chain_id = "identity-net" + #api是否开启 + api{ + ws_enable = 1#api 0,不开启;1,开启 + http_mode = 0 #http协议模式 0,http;1,https 默认使用http + is_need_client_auth = 0 #当http的模式设置为https时有效,该配置指https时是否需要客户端验证;0=不验证;1=验证 + #实时图的事件是否发送,如果不发送,前端实时图将收不到任何消息。 + real_time_graph_enable = 1#0 unable;1 enable; default 1 + http_service_port = 9085#http服务的端口号,默认为8081 + } + + #交易生产方式 + trans_create_type = 0#0,手动;1,自动 + #是否进行TPS测试 + statistic_enable = 0 # 0,unable;able + + + http_service_actor_number = 5 //接收http请求的actor数量 + is_broadcast_transaction = 1//是否广播交易,1=广播;0:不广播 + check_cert_validate = 0#设置是否检查证书的有效性,默认为0 0=不校验,1=校验 + contract_operation_mode = 1#设置合约的运行方式,0=debug方式,1=deploy,默认为debug方式,如果发布部署,必须使用deploy方式。 + + number_of_transProcessor = 10# + + has_preload_trans_of_api = true#API接收交易时,是否做交易的预执行检查。默认值true + + is_verify_of_endorsement = true#在出块时,背书节点是否验证交易,默认值true + + number_of_endorsement = 2#该参数确认背书比例,可选值:1,2,3;如果等于1, 表示有一个出块签名就可以了;如果等于2,表示达成共识需要大于节点的1/2;如果等于3,表示达成共识需要大于节点的2/3;默认值是2. + + is_persistence_tx_to_db = 0 #0,不持久化缓存交易到数据库;1,持久化缓存交易到数据库 + + block { + #块内交易的最大数量 + trans_num_limit = 200 + #块内交易标准最小数量 + trans_num_min = 1 + #交易数量不足,重试次数 + retry_time = 10 + #区块的最大长度,不能大于传输的消息的最大长度,单位是字节 + block_length = 2400000 + } + + vote { + #最低投票人数量 + vote_node_min = 4 + #参与共识的节点别名 + vote_node_list_jks = ["121000005l35120456.node1", "12110107bi45jh675g.node2", + "122000002n00123567.node3", "921000005k36123789.node4" + #] + , "921000006e0012v696.node5"] + vote_node_list = ["215159697776981712.node1","904703631549900672.node2","989038588418990208.node3", + "645377164372772928.node4","379552050023903168.node5"] + } + account { + chain_code_name = "RdidOperateAuthorizeTPL"#账户管理合约的名称,使用did配置:RdidOperateAuthorizeTPL;使用非did配置:ContractCert + chain_code_version = 1 + cache_size = 10000 //账户权限信息缓存大小,默认10000 + } + + member_management{ + contract_name = "ManageNodeCert" + contract_method = "updateNodeCert" + contract_vote_method = "updateVoteList" + } + + disk_space_manager { + disk_space_alarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 + } + + transaction { + #辅助自动创建交易的间隔 + tran_create_dur = 100 #millis + #最大交易缓存量 + max_cache_num = 100000 + } + + cluster { + #节点入网稳定时间 + node_stable_delay = 5000 #millis + } + + storage { + db_type = "LevelDB" #支持数据库的类型:LevelDB、RocksDB + db_path = "./repchaindata/data/leveldbdata" + db_name = "215159697776981712.node1" + db_cache_size=48 #数据库读写缓存,单位为M + + block_file_type = "localFileSystem" + block_file_path = "./repchaindata/data/blockdata" + block_file_name = "215159697776981712.node1" + file_max_length = 100 #单位为M + } + + gm{ + #是否使用国密算法,默认为false,使用java国际标准密码体系;true使用中国国家密码算法 + is_use_gm = true + #jce密码算法提供者的类名 + gm_jce_provider = "org.bouncycastle.jce.provider.BouncyCastleProvider" + #密码算法提供者注册时的注册名称 + gm_jce_provider_name = "BC" + gm_jsse_provider = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider" + gm_jsse_provider_name = "BCJSSE" + gm_pfx_sign_key_name = "Sig" + } + + output_alert{ + is_output_alert = false + core_threads = 2 + max_threads = 4 + alive_time = 10 //unit second + prisma_url = "http://localhost/" + } + + time { + #通用稳定延迟 + stable_time_dur = 5000 #millis,确保block模块能够接收到confirm的块数据 + + block { + #投票选举重试间隔 + vote_retry_delay = 200 + #投票重试无果后等待时间 + #waiting_delay = 3600000 + waiting_delay = 3600 + } + + #超时策略:1,手动;0,自动 + timeout_policy_type = 1 + + timeout { + #Unit : Second 以下的超时时间一般采用默认配置 + #For auto 自动采用的超时时间 + #base_preload = 30#交易预执行的超时时间,单位是s + #base_vote = 20#内部消息传递速度快,抽签的超时时间 + #base_sync = 20#没有耗时操作,没有大块传输的情况下 + #base_addition = 0#冗余量,不用配置 + + #For config manually 手工设置超时时间,系统主动采用手工设置的时间,可以不用设置 + block = 90#出块的超时时间 + endorse = 20#背书超时时间,单位为秒 + endorse_resend_times = 3#背书失败的次数,超过该次数就等待出块超时 + transaction_preload = 12 + sync_chain = 15#链同步的超时时间 + transaction_waiting = 900#交易在交易池中等待入块到的超时时间,单位是秒 + } + } + + consensus { + #共识类型,目前只支持一种 + type = "CFRD"//内置三种共识协议,CFRD、RAFT、PBFT、CFRDINSTREAM + synch_type="CFRD"//内置两种同步类型,CFRD最高的高度的节点数大于一半;RAFT按照最高高度进行同步 + block_number_of_raft = 3 + is_stream = 1 + } + +} diff --git a/conf/gm/645377164372772928.node4/system.conf b/conf/gm/645377164372772928.node4/system.conf new file mode 100644 index 00000000..2489f3c4 --- /dev/null +++ b/conf/gm/645377164372772928.node4/system.conf @@ -0,0 +1,229 @@ +akka { + actor { + warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on + default-mailbox { + #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 + mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" + } + + default-dispatcher { + #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 + parallelism-min = 2 #最小的线程数 + parallelism-factor = 4.0 #并行因子配置 + parallelism-max = 20 #最大的线程数 + throughput = 10 + } + } + + remote { + #artery模式下的配置 + artery { + #canonical.hostname = "192.168.10.155" + #canonical.hostname = "192.168.31.155" + canonical.hostname = "127.0.0.1" + canonical.port = 22524 + ssl { + #节点的ssl配置,主要设置密码,密钥、证书、信任证书路径在程序中动态设置 + config-ssl-engine { + key-password = "123" + key-store-password = "123" + trust-store-password = "changeme" + } + } + } + } + + #以下两项配置是针对集群节点出现不可达是来配置的 在akka 2.6.13中适应 + #coordinated-shutdown.exit-jvm = on + #coordinated-shutdown.exit-code = 0 + cluster { + #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// + #artery模式下的配置 + #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] + #seed-nodes = ["akka://Repchain@192.168.31.155:22522", "akka://Repchain@192.168.31.155:22523", "akka://Repchain@192.168.31.155:22526"] + seed-nodes = ["akka://Repchain@127.0.0.1:22522"] + + } +} + +akka.http { + #akka 与http服务相关的配置 + idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 + server { + server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 + idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 + request-timeout = 100s #请求对超时时间 + max-connections = 1024#最大对连接数 + } + client { + idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 + connecting-timeout = 100s#建立连接对超时时间 + } + tls-session-info-header = off + ssl-session-attribute = off +} + +system { + #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 + #genesis_node_name_jks = "121000005l35120456.node1" + #chain_cert_name_jks = "951002007l78123233.super_admin" + + genesis_node_name = "215159697776981712.node1" + chain_cert_name = "identity-net:257091603041653856.super_admin" + chain_network_id = "identity-net" #组网id,组网id的命名不能包含"_"这样的字符 + basic_chain_id = "identity-net" + #api是否开启 + api{ + ws_enable = 1#api 0,不开启;1,开启 + http_mode = 0 #http协议模式 0,http;1,https 默认使用http + is_need_client_auth = 0 #当http的模式设置为https时有效,该配置指https时是否需要客户端验证;0=不验证;1=验证 + #实时图的事件是否发送,如果不发送,前端实时图将收不到任何消息。 + real_time_graph_enable = 1#0 unable;1 enable; default 1 + http_service_port = 9084#http服务的端口号,默认为8081 + } + + #交易生产方式 + trans_create_type = 0#0,手动;1,自动 + #是否进行TPS测试 + statistic_enable = 0 # 0,unable;able + + + http_service_actor_number = 5 //接收http请求的actor数量 + is_broadcast_transaction = 1//是否广播交易,1=广播;0:不广播 + check_cert_validate = 0#设置是否检查证书的有效性,默认为0 0=不校验,1=校验 + contract_operation_mode = 1#设置合约的运行方式,0=debug方式,1=deploy,默认为debug方式,如果发布部署,必须使用deploy方式。 + + number_of_transProcessor = 10# + + has_preload_trans_of_api = true#API接收交易时,是否做交易的预执行检查。默认值true + + is_verify_of_endorsement = true#在出块时,背书节点是否验证交易,默认值true + + number_of_endorsement = 2#该参数确认背书比例,可选值:1,2,3;如果等于1, 表示有一个出块签名就可以了;如果等于2,表示达成共识需要大于节点的1/2;如果等于3,表示达成共识需要大于节点的2/3;默认值是2. + + is_persistence_tx_to_db = 0 #0,不持久化缓存交易到数据库;1,持久化缓存交易到数据库 + + block { + #块内交易的最大数量 + trans_num_limit = 200 + #块内交易标准最小数量 + trans_num_min = 1 + #交易数量不足,重试次数 + retry_time = 10 + #区块的最大长度,不能大于传输的消息的最大长度,单位是字节 + block_length = 2400000 + } + + vote { + #最低投票人数量 + vote_node_min = 4 + #参与共识的节点别名 + vote_node_list_jks = ["121000005l35120456.node1", "12110107bi45jh675g.node2", + "122000002n00123567.node3", "921000005k36123789.node4" + #] + , "921000006e0012v696.node5"] + vote_node_list = ["215159697776981712.node1","904703631549900672.node2","989038588418990208.node3", + "645377164372772928.node4","379552050023903168.node5"] + } + account { + chain_code_name = "RdidOperateAuthorizeTPL"#账户管理合约的名称,使用did配置:RdidOperateAuthorizeTPL;使用非did配置:ContractCert + chain_code_version = 1 + cache_size = 10000 //账户权限信息缓存大小,默认10000 + } + + member_management{ + contract_name = "ManageNodeCert" + contract_method = "updateNodeCert" + contract_vote_method = "updateVoteList" + } + + disk_space_manager { + disk_space_alarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 + } + + transaction { + #辅助自动创建交易的间隔 + tran_create_dur = 100 #millis + #最大交易缓存量 + max_cache_num = 100000 + } + + cluster { + #节点入网稳定时间 + node_stable_delay = 5000 #millis + } + + storage { + db_type = "LevelDB" #支持数据库的类型:LevelDB、RocksDB + db_path = "./repchaindata/data/leveldbdata" + db_name = "215159697776981712.node1" + db_cache_size=48 #数据库读写缓存,单位为M + + block_file_type = "localFileSystem" + block_file_path = "./repchaindata/data/blockdata" + block_file_name = "215159697776981712.node1" + file_max_length = 100 #单位为M + } + + gm{ + #是否使用国密算法,默认为false,使用java国际标准密码体系;true使用中国国家密码算法 + is_use_gm = true + #jce密码算法提供者的类名 + gm_jce_provider = "org.bouncycastle.jce.provider.BouncyCastleProvider" + #密码算法提供者注册时的注册名称 + gm_jce_provider_name = "BC" + gm_jsse_provider = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider" + gm_jsse_provider_name = "BCJSSE" + gm_pfx_sign_key_name = "Sig" + } + + output_alert{ + is_output_alert = false + core_threads = 2 + max_threads = 4 + alive_time = 10 //unit second + prisma_url = "http://localhost/" + } + + time { + #通用稳定延迟 + stable_time_dur = 5000 #millis,确保block模块能够接收到confirm的块数据 + + block { + #投票选举重试间隔 + vote_retry_delay = 200 + #投票重试无果后等待时间 + #waiting_delay = 3600000 + waiting_delay = 3600 + } + + #超时策略:1,手动;0,自动 + timeout_policy_type = 1 + + timeout { + #Unit : Second 以下的超时时间一般采用默认配置 + #For auto 自动采用的超时时间 + #base_preload = 30#交易预执行的超时时间,单位是s + #base_vote = 20#内部消息传递速度快,抽签的超时时间 + #base_sync = 20#没有耗时操作,没有大块传输的情况下 + #base_addition = 0#冗余量,不用配置 + + #For config manually 手工设置超时时间,系统主动采用手工设置的时间,可以不用设置 + block = 90#出块的超时时间 + endorse = 20#背书超时时间,单位为秒 + endorse_resend_times = 3#背书失败的次数,超过该次数就等待出块超时 + transaction_preload = 12 + sync_chain = 15#链同步的超时时间 + transaction_waiting = 900#交易在交易池中等待入块到的超时时间,单位是秒 + } + } + + consensus { + #共识类型,目前只支持一种 + type = "CFRD"//内置三种共识协议,CFRD、RAFT、PBFT、CFRDINSTREAM + synch_type="CFRD"//内置两种同步类型,CFRD最高的高度的节点数大于一半;RAFT按照最高高度进行同步 + block_number_of_raft = 3 + is_stream = 1 + } + +} diff --git a/conf/gm/904703631549900672.node2/system.conf b/conf/gm/904703631549900672.node2/system.conf new file mode 100644 index 00000000..b531c523 --- /dev/null +++ b/conf/gm/904703631549900672.node2/system.conf @@ -0,0 +1,229 @@ +akka { + actor { + warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on + default-mailbox { + #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 + mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" + } + + default-dispatcher { + #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 + parallelism-min = 2 #最小的线程数 + parallelism-factor = 4.0 #并行因子配置 + parallelism-max = 20 #最大的线程数 + throughput = 10 + } + } + + remote { + #artery模式下的配置 + artery { + #canonical.hostname = "192.168.10.155" + #canonical.hostname = "192.168.31.155" + canonical.hostname = "127.0.0.1" + canonical.port = 22525 + ssl { + #节点的ssl配置,主要设置密码,密钥、证书、信任证书路径在程序中动态设置 + config-ssl-engine { + key-password = "123" + key-store-password = "123" + trust-store-password = "changeme" + } + } + } + } + + #以下两项配置是针对集群节点出现不可达是来配置的 在akka 2.6.13中适应 + #coordinated-shutdown.exit-jvm = on + #coordinated-shutdown.exit-code = 0 + cluster { + #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// + #artery模式下的配置 + #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] + #seed-nodes = ["akka://Repchain@192.168.31.155:22522", "akka://Repchain@192.168.31.155:22523", "akka://Repchain@192.168.31.155:22526"] + seed-nodes = ["akka://Repchain@127.0.0.1:22522"] + + } +} + +akka.http { + #akka 与http服务相关的配置 + idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 + server { + server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 + idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 + request-timeout = 100s #请求对超时时间 + max-connections = 1024#最大对连接数 + } + client { + idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 + connecting-timeout = 100s#建立连接对超时时间 + } + tls-session-info-header = off + ssl-session-attribute = off +} + +system { + #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 + #genesis_node_name_jks = "121000005l35120456.node1" + #chain_cert_name_jks = "951002007l78123233.super_admin" + + genesis_node_name = "215159697776981712.node1" + chain_cert_name = "identity-net:257091603041653856.super_admin" + chain_network_id = "identity-net" #组网id,组网id的命名不能包含"_"这样的字符 + basic_chain_id = "identity-net" + #api是否开启 + api{ + ws_enable = 1#api 0,不开启;1,开启 + http_mode = 0 #http协议模式 0,http;1,https 默认使用http + is_need_client_auth = 0 #当http的模式设置为https时有效,该配置指https时是否需要客户端验证;0=不验证;1=验证 + #实时图的事件是否发送,如果不发送,前端实时图将收不到任何消息。 + real_time_graph_enable = 1#0 unable;1 enable; default 1 + http_service_port = 9082#http服务的端口号,默认为8081 + } + + #交易生产方式 + trans_create_type = 0#0,手动;1,自动 + #是否进行TPS测试 + statistic_enable = 0 # 0,unable;able + + + http_service_actor_number = 5 //接收http请求的actor数量 + is_broadcast_transaction = 1//是否广播交易,1=广播;0:不广播 + check_cert_validate = 0#设置是否检查证书的有效性,默认为0 0=不校验,1=校验 + contract_operation_mode = 1#设置合约的运行方式,0=debug方式,1=deploy,默认为debug方式,如果发布部署,必须使用deploy方式。 + + number_of_transProcessor = 10# + + has_preload_trans_of_api = true#API接收交易时,是否做交易的预执行检查。默认值true + + is_verify_of_endorsement = true#在出块时,背书节点是否验证交易,默认值true + + number_of_endorsement = 2#该参数确认背书比例,可选值:1,2,3;如果等于1, 表示有一个出块签名就可以了;如果等于2,表示达成共识需要大于节点的1/2;如果等于3,表示达成共识需要大于节点的2/3;默认值是2. + + is_persistence_tx_to_db = 0 #0,不持久化缓存交易到数据库;1,持久化缓存交易到数据库 + + block { + #块内交易的最大数量 + trans_num_limit = 200 + #块内交易标准最小数量 + trans_num_min = 1 + #交易数量不足,重试次数 + retry_time = 10 + #区块的最大长度,不能大于传输的消息的最大长度,单位是字节 + block_length = 2400000 + } + + vote { + #最低投票人数量 + vote_node_min = 4 + #参与共识的节点别名 + vote_node_list_jks = ["121000005l35120456.node1", "12110107bi45jh675g.node2", + "122000002n00123567.node3", "921000005k36123789.node4" + #] + , "921000006e0012v696.node5"] + vote_node_list = ["215159697776981712.node1","904703631549900672.node2","989038588418990208.node3", + "645377164372772928.node4","379552050023903168.node5"] + } + account { + chain_code_name = "RdidOperateAuthorizeTPL"#账户管理合约的名称,使用did配置:RdidOperateAuthorizeTPL;使用非did配置:ContractCert + chain_code_version = 1 + cache_size = 10000 //账户权限信息缓存大小,默认10000 + } + + member_management{ + contract_name = "ManageNodeCert" + contract_method = "updateNodeCert" + contract_vote_method = "updateVoteList" + } + + disk_space_manager { + disk_space_alarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 + } + + transaction { + #辅助自动创建交易的间隔 + tran_create_dur = 100 #millis + #最大交易缓存量 + max_cache_num = 100000 + } + + cluster { + #节点入网稳定时间 + node_stable_delay = 5000 #millis + } + + storage { + db_type = "LevelDB" #支持数据库的类型:LevelDB、RocksDB + db_path = "./repchaindata/data/leveldbdata" + db_name = "215159697776981712.node1" + db_cache_size=48 #数据库读写缓存,单位为M + + block_file_type = "localFileSystem" + block_file_path = "./repchaindata/data/blockdata" + block_file_name = "215159697776981712.node1" + file_max_length = 100 #单位为M + } + + gm{ + #是否使用国密算法,默认为false,使用java国际标准密码体系;true使用中国国家密码算法 + is_use_gm = true + #jce密码算法提供者的类名 + gm_jce_provider = "org.bouncycastle.jce.provider.BouncyCastleProvider" + #密码算法提供者注册时的注册名称 + gm_jce_provider_name = "BC" + gm_jsse_provider = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider" + gm_jsse_provider_name = "BCJSSE" + gm_pfx_sign_key_name = "Sig" + } + + output_alert{ + is_output_alert = false + core_threads = 2 + max_threads = 4 + alive_time = 10 //unit second + prisma_url = "http://localhost/" + } + + time { + #通用稳定延迟 + stable_time_dur = 5000 #millis,确保block模块能够接收到confirm的块数据 + + block { + #投票选举重试间隔 + vote_retry_delay = 200 + #投票重试无果后等待时间 + #waiting_delay = 3600000 + waiting_delay = 3600 + } + + #超时策略:1,手动;0,自动 + timeout_policy_type = 1 + + timeout { + #Unit : Second 以下的超时时间一般采用默认配置 + #For auto 自动采用的超时时间 + #base_preload = 30#交易预执行的超时时间,单位是s + #base_vote = 20#内部消息传递速度快,抽签的超时时间 + #base_sync = 20#没有耗时操作,没有大块传输的情况下 + #base_addition = 0#冗余量,不用配置 + + #For config manually 手工设置超时时间,系统主动采用手工设置的时间,可以不用设置 + block = 90#出块的超时时间 + endorse = 20#背书超时时间,单位为秒 + endorse_resend_times = 3#背书失败的次数,超过该次数就等待出块超时 + transaction_preload = 12 + sync_chain = 15#链同步的超时时间 + transaction_waiting = 900#交易在交易池中等待入块到的超时时间,单位是秒 + } + } + + consensus { + #共识类型,目前只支持一种 + type = "CFRD"//内置三种共识协议,CFRD、RAFT、PBFT、CFRDINSTREAM + synch_type="CFRD"//内置两种同步类型,CFRD最高的高度的节点数大于一半;RAFT按照最高高度进行同步 + block_number_of_raft = 3 + is_stream = 1 + } + +} diff --git a/conf/gm/989038588418990208.node3/system.conf b/conf/gm/989038588418990208.node3/system.conf new file mode 100644 index 00000000..ed012fa1 --- /dev/null +++ b/conf/gm/989038588418990208.node3/system.conf @@ -0,0 +1,229 @@ +akka { + actor { + warn-about-java-serializer-usage = off#关闭Java序列化来序列化消息时的警告,建议不要开启。如果开启,开启值=on + default-mailbox { + #akka默认邮箱的选择,默认配置是akka.dispatch.SingleConsumerOnlyUnboundedMailbox,这是一个多生产者单消费者队列。建议不要修改此参数 + mailbox-type = "akka.dispatch.SingleConsumerOnlyUnboundedMailbox" + } + + default-dispatcher { + #akka dispatcher 配置,采用akka的默认的fork-join-executor,建议不要修改。 + parallelism-min = 2 #最小的线程数 + parallelism-factor = 4.0 #并行因子配置 + parallelism-max = 20 #最大的线程数 + throughput = 10 + } + } + + remote { + #artery模式下的配置 + artery { + #canonical.hostname = "192.168.10.155" + #canonical.hostname = "192.168.31.155" + canonical.hostname = "127.0.0.1" + canonical.port = 22526 + ssl { + #节点的ssl配置,主要设置密码,密钥、证书、信任证书路径在程序中动态设置 + config-ssl-engine { + key-password = "123" + key-store-password = "123" + trust-store-password = "changeme" + } + } + } + } + + #以下两项配置是针对集群节点出现不可达是来配置的 在akka 2.6.13中适应 + #coordinated-shutdown.exit-jvm = on + #coordinated-shutdown.exit-code = 0 + cluster { + #种子节点的配置,在单机单节点的情况下需要配置种子节点的信息akka:// + #artery模式下的配置 + #seed-nodes = ["akka://Repchain@192.168.10.155:22522","akka://Repchain@192.168.10.155:22523","akka://Repchain@192.168.10.155:22524"] + #seed-nodes = ["akka://Repchain@192.168.31.155:22522", "akka://Repchain@192.168.31.155:22523", "akka://Repchain@192.168.31.155:22526"] + seed-nodes = ["akka://Repchain@127.0.0.1:22522"] + + } +} + +akka.http { + #akka 与http服务相关的配置 + idle-timeout = 100s#一个空闲连接超时时间配置,当空闲连接超时之后,将被自动关闭 + server { + server-header = akka-http/${akka.http.version}#http服务头,建议不要修改 + idle-timeout = 100s#空闲连接超时时间,超时将自动关闭连接 + request-timeout = 100s #请求对超时时间 + max-connections = 1024#最大对连接数 + } + client { + idle-timeout = 100s #空闲连接超时时间,超时将自动关闭 + connecting-timeout = 100s#建立连接对超时时间 + } + tls-session-info-header = off + ssl-session-attribute = off +} + +system { + #创世节点的名称,在系统初始化时,将根据该节点是否是创世节点进行创世块的建立 + #genesis_node_name_jks = "121000005l35120456.node1" + #chain_cert_name_jks = "951002007l78123233.super_admin" + + genesis_node_name = "215159697776981712.node1" + chain_cert_name = "identity-net:257091603041653856.super_admin" + chain_network_id = "identity-net" #组网id,组网id的命名不能包含"_"这样的字符 + basic_chain_id = "identity-net" + #api是否开启 + api{ + ws_enable = 1#api 0,不开启;1,开启 + http_mode = 0 #http协议模式 0,http;1,https 默认使用http + is_need_client_auth = 0 #当http的模式设置为https时有效,该配置指https时是否需要客户端验证;0=不验证;1=验证 + #实时图的事件是否发送,如果不发送,前端实时图将收不到任何消息。 + real_time_graph_enable = 1#0 unable;1 enable; default 1 + http_service_port = 9083#http服务的端口号,默认为8081 + } + + #交易生产方式 + trans_create_type = 0#0,手动;1,自动 + #是否进行TPS测试 + statistic_enable = 0 # 0,unable;able + + + http_service_actor_number = 5 //接收http请求的actor数量 + is_broadcast_transaction = 1//是否广播交易,1=广播;0:不广播 + check_cert_validate = 0#设置是否检查证书的有效性,默认为0 0=不校验,1=校验 + contract_operation_mode = 1#设置合约的运行方式,0=debug方式,1=deploy,默认为debug方式,如果发布部署,必须使用deploy方式。 + + number_of_transProcessor = 10# + + has_preload_trans_of_api = true#API接收交易时,是否做交易的预执行检查。默认值true + + is_verify_of_endorsement = true#在出块时,背书节点是否验证交易,默认值true + + number_of_endorsement = 2#该参数确认背书比例,可选值:1,2,3;如果等于1, 表示有一个出块签名就可以了;如果等于2,表示达成共识需要大于节点的1/2;如果等于3,表示达成共识需要大于节点的2/3;默认值是2. + + is_persistence_tx_to_db = 0 #0,不持久化缓存交易到数据库;1,持久化缓存交易到数据库 + + block { + #块内交易的最大数量 + trans_num_limit = 200 + #块内交易标准最小数量 + trans_num_min = 1 + #交易数量不足,重试次数 + retry_time = 10 + #区块的最大长度,不能大于传输的消息的最大长度,单位是字节 + block_length = 2400000 + } + + vote { + #最低投票人数量 + vote_node_min = 4 + #参与共识的节点别名 + vote_node_list_jks = ["121000005l35120456.node1", "12110107bi45jh675g.node2", + "122000002n00123567.node3", "921000005k36123789.node4" + #] + , "921000006e0012v696.node5"] + vote_node_list = ["215159697776981712.node1","904703631549900672.node2","989038588418990208.node3", + "645377164372772928.node4","379552050023903168.node5"] + } + account { + chain_code_name = "RdidOperateAuthorizeTPL"#账户管理合约的名称,使用did配置:RdidOperateAuthorizeTPL;使用非did配置:ContractCert + chain_code_version = 1 + cache_size = 10000 //账户权限信息缓存大小,默认10000 + } + + member_management{ + contract_name = "ManageNodeCert" + contract_method = "updateNodeCert" + contract_vote_method = "updateVoteList" + } + + disk_space_manager { + disk_space_alarm = 5000#磁盘最少空间大小,单位M ,小于这个值系统将不能启动。 + } + + transaction { + #辅助自动创建交易的间隔 + tran_create_dur = 100 #millis + #最大交易缓存量 + max_cache_num = 100000 + } + + cluster { + #节点入网稳定时间 + node_stable_delay = 5000 #millis + } + + storage { + db_type = "LevelDB" #支持数据库的类型:LevelDB、RocksDB + db_path = "./repchaindata/data/leveldbdata" + db_name = "215159697776981712.node1" + db_cache_size=48 #数据库读写缓存,单位为M + + block_file_type = "localFileSystem" + block_file_path = "./repchaindata/data/blockdata" + block_file_name = "215159697776981712.node1" + file_max_length = 100 #单位为M + } + + gm{ + #是否使用国密算法,默认为false,使用java国际标准密码体系;true使用中国国家密码算法 + is_use_gm = true + #jce密码算法提供者的类名 + gm_jce_provider = "org.bouncycastle.jce.provider.BouncyCastleProvider" + #密码算法提供者注册时的注册名称 + gm_jce_provider_name = "BC" + gm_jsse_provider = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider" + gm_jsse_provider_name = "BCJSSE" + gm_pfx_sign_key_name = "Sig" + } + + output_alert{ + is_output_alert = false + core_threads = 2 + max_threads = 4 + alive_time = 10 //unit second + prisma_url = "http://localhost/" + } + + time { + #通用稳定延迟 + stable_time_dur = 5000 #millis,确保block模块能够接收到confirm的块数据 + + block { + #投票选举重试间隔 + vote_retry_delay = 200 + #投票重试无果后等待时间 + #waiting_delay = 3600000 + waiting_delay = 3600 + } + + #超时策略:1,手动;0,自动 + timeout_policy_type = 1 + + timeout { + #Unit : Second 以下的超时时间一般采用默认配置 + #For auto 自动采用的超时时间 + #base_preload = 30#交易预执行的超时时间,单位是s + #base_vote = 20#内部消息传递速度快,抽签的超时时间 + #base_sync = 20#没有耗时操作,没有大块传输的情况下 + #base_addition = 0#冗余量,不用配置 + + #For config manually 手工设置超时时间,系统主动采用手工设置的时间,可以不用设置 + block = 90#出块的超时时间 + endorse = 20#背书超时时间,单位为秒 + endorse_resend_times = 3#背书失败的次数,超过该次数就等待出块超时 + transaction_preload = 12 + sync_chain = 15#链同步的超时时间 + transaction_waiting = 900#交易在交易池中等待入块到的超时时间,单位是秒 + } + } + + consensus { + #共识类型,目前只支持一种 + type = "CFRD"//内置三种共识协议,CFRD、RAFT、PBFT、CFRDINSTREAM + synch_type="CFRD"//内置两种同步类型,CFRD最高的高度的节点数大于一半;RAFT按照最高高度进行同步 + block_number_of_raft = 3 + is_stream = 1 + } + +} diff --git a/conf/management/system.conf b/conf/management/system.conf index 278c1ba5..fb117014 100644 --- a/conf/management/system.conf +++ b/conf/management/system.conf @@ -67,6 +67,7 @@ system { gm_jce_provider_name = "BC" gm_jsse_provider = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider" gm_jsse_provider_name = "BCJSSE" + gm_pfx_sign_key_name = "Sig" } diff --git a/src/main/scala/rep/app/system/ClusterSystem.scala b/src/main/scala/rep/app/system/ClusterSystem.scala index 0f114a8b..a517da64 100644 --- a/src/main/scala/rep/app/system/ClusterSystem.scala +++ b/src/main/scala/rep/app/system/ClusterSystem.scala @@ -107,8 +107,8 @@ class ClusterSystem(sysTag: String, isStartupClusterSystem: Boolean) { RepLogger.info(RepLogger.System_Logger, "集群已经启动...") } //在测试信任证书动态改变测试与跟踪时启用代码 - /*val testTrustCertificate = new ReloadableTrustManagerTest4Inner(ctx) - testTrustCertificate.StartClusterStub*/ + //val testTrustCertificate = new ReloadableTrustManagerTest4Inner(ctx) + //testTrustCertificate.StartClusterStub RepLogger.trace(RepLogger.System_Logger, sysTag + "~" + "System" + " ~ " + s"System(${sysTag}) init successfully" + " ~ ") } diff --git a/src/main/scala/rep/crypto/TrustAllManager.java b/src/main/scala/rep/crypto/TrustAllManager.java deleted file mode 100644 index ddd4812c..00000000 --- a/src/main/scala/rep/crypto/TrustAllManager.java +++ /dev/null @@ -1,25 +0,0 @@ -package rep.crypto; - -import javax.net.ssl.X509TrustManager; -import java.security.cert.X509Certificate; - -public class TrustAllManager implements X509TrustManager -{ - private X509Certificate[] issuers; - - public TrustAllManager() - { - this.issuers = new X509Certificate[0]; - } - - public X509Certificate[] getAcceptedIssuers() - { - return issuers ; - } - - public void checkClientTrusted(X509Certificate[] chain, String authType) - {} - - public void checkServerTrusted(X509Certificate[] chain, String authType) - {} -} \ No newline at end of file diff --git a/src/main/scala/rep/crypto/X509ExtendedTrustManagerProxy.java b/src/main/scala/rep/crypto/X509ExtendedTrustManagerProxy.java new file mode 100644 index 00000000..b35ffb44 --- /dev/null +++ b/src/main/scala/rep/crypto/X509ExtendedTrustManagerProxy.java @@ -0,0 +1,73 @@ +package rep.crypto; + +import net.sf.cglib.proxy.Enhancer; +import net.sf.cglib.proxy.MethodInterceptor; +import net.sf.cglib.proxy.MethodProxy; +import rep.log.RepLogger; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509ExtendedTrustManager; +import java.lang.reflect.Method; +import java.util.concurrent.atomic.AtomicBoolean; + +public class X509ExtendedTrustManagerProxy implements MethodInterceptor { + private TrustManager manager = null; + private X509ExtendedTrustManager target = null; + private X509ExtendedTrustManager update = null; + private AtomicBoolean isUpdated = new AtomicBoolean(false); + private Object lock = new Object(); + private String systemName = null; + + public X509ExtendedTrustManagerProxy(String systemName,X509ExtendedTrustManager target){ + this.systemName = systemName; + this.target = target; + } + + @Override + public Object intercept(Object obj, Method method, Object[] args, MethodProxy proxy) throws Throwable { + if(this.isUpdated.get()){ + synchronized (this.lock) { + if(this.isUpdated.get()){ + this.target = this.update; + this.isUpdated.set(false); + System.out.println(systemName+" X509TrustManagerProxy 调用时接收改变,method="+method.getName()); + RepLogger.trace(RepLogger.System_Logger(), "X509TrustManagerProxy 调用时接收改变,method="+method.getName()); + } + return method.invoke(this.target,args); + } + }else{ + System.out.println(systemName+" X509TrustManagerProxy 直接调用,没有改变,method="+method.getName()); + RepLogger.trace(RepLogger.System_Logger(), "X509TrustManagerProxy 直接调用,没有改变,method="+method.getName()); + return method.invoke(target,args); + } + } + + public void setTarget(X509ExtendedTrustManager input){ + synchronized (this.lock) { + this.update = input; + if(this.target == null){ + this.target = this.update; + } + this.isUpdated.set(true); + System.out.println(systemName+" X509TrustManagerProxy 通知更新"); + RepLogger.trace(RepLogger.System_Logger(), "X509TrustManagerProxy 通知更新"); + } + } + + private X509ExtendedTrustManager getRepresentedObject(){ + return this.target; + } + + public synchronized TrustManager Wrapper(){ + if(this.manager == null){ + Enhancer enhancer = new Enhancer(); + enhancer.setSuperclass(X509ExtendedTrustManager.class); + enhancer.setCallback(this); + Object obj = enhancer.create(); + this.manager = (TrustManager)obj; + /*X509ExtendedTrustManager xtm = this.getRepresentedObject(); + Object obj = Proxy.newProxyInstance(xtm.getClass().getClassLoader(), xtm.getClass().getInterfaces(),this); + this.manager = (TrustManager)obj;*/ + } + return this.manager; + } +} diff --git a/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManager.scala b/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManager.scala index 5ab1261b..929f2342 100644 --- a/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManager.scala +++ b/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManager.scala @@ -3,17 +3,17 @@ package rep.crypto.nodedynamicmanagement import java.security.{KeyStore, KeyStoreException} import java.security.cert.Certificate import java.util.concurrent.ConcurrentHashMap - import javax.net.ssl.{TrustManager, TrustManagerFactory, X509ExtendedTrustManager} +import org.bouncycastle.jsse.BCX509ExtendedTrustManager import rep.app.system.RepChainSystemContext +import rep.crypto.X509ExtendedTrustManagerProxy import rep.crypto.cert.{CertificateUtil, CryptoMgr} import rep.log.RepLogger - import scala.collection.mutable.{ArrayBuffer, HashMap} import scala.util.control.Breaks.{break, breakable} class ReloadableTrustManager private(ctx: RepChainSystemContext){ - private var proxy : X509TrustManagerProxy = null + private var proxy : X509ExtendedTrustManagerProxy = null private var trustCertificates: HashMap[String, Certificate] = new HashMap[String, Certificate]() private val lock: Object = new Object initializa @@ -63,8 +63,6 @@ class ReloadableTrustManager private(ctx: RepChainSystemContext){ else CertificateUtil.loadTrustCertificateFromBytes(updateCertInfo) val certsOfDeleted = findDeleteCerts(tmpTrustCerts, oldCertificates) - val keyStore = loadTrustStores(tmpTrustCerts) - val tm = loadTrustManager(keyStore) //发送更新给systemcertList和SignTool //ctx.getSystemCertList.updateCertList(tmpTrustCerts.keySet.toArray) @@ -74,11 +72,15 @@ class ReloadableTrustManager private(ctx: RepChainSystemContext){ ctx.shutDownNode(certsOfDeleted) } this.trustCertificates = tmpTrustCerts + + val keyStore = loadTrustStores(tmpTrustCerts) + val tm = loadTrustManager(keyStore) if(this.proxy == null){ - this.proxy = new X509TrustManagerProxy(ctx.getSystemName,tm) + this.proxy = new X509ExtendedTrustManagerProxy(ctx.getSystemName,tm) }else{ this.proxy.setTarget(tm) } + RepLogger.trace(RepLogger.System_Logger, "ReloadableTrustManager 装载更新数据,certs=" + tmpTrustCerts.mkString(",")) } catch { case ex: Exception => @@ -104,8 +106,12 @@ class ReloadableTrustManager private(ctx: RepChainSystemContext){ val Store = if(ctx.getConfig.isUseGM) KeyStore.getInstance(CryptoMgr.keyStoreTypeInGM,ctx.getConfig.getGMProviderNameOfJCE) else KeyStore.getInstance(KeyStore.getDefaultType()) Store.load(null, null) recentCerts.foreach(f => { - val k = f._1 + var k = f._1 val cert = f._2 + + if(k.lastIndexOf(".cer") > 0){ + k = k.substring(0,k.lastIndexOf(".cer")) + } Store.setCertificateEntry(k, cert); }) Store @@ -132,6 +138,25 @@ class ReloadableTrustManager private(ctx: RepChainSystemContext){ } rtm } + + private def loadGMTrustManager(recentStore: KeyStore): BCX509ExtendedTrustManager = { + var rtm: BCX509ExtendedTrustManager = null + val tmf: TrustManagerFactory = if(ctx.getConfig.isUseGM) TrustManagerFactory.getInstance("PKIX", ctx.getConfig.getGMJsseProviderName) else TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(recentStore) + val tm: Array[TrustManager] = tmf.getTrustManagers() + if (tm != null) { + breakable( + tm.foreach(manager => { + if (manager.isInstanceOf[BCX509ExtendedTrustManager]) { + rtm = manager.asInstanceOf[BCX509ExtendedTrustManager] + break + } + }) + ) + } + rtm + } + ///////////////////////信任证书装载--完成///////////////////////////////////////////////////////////////////// } object ReloadableTrustManager{ diff --git a/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManagerTest4Inner.scala b/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManagerTest4Inner.scala index 9ae8eb9e..96fdfba0 100644 --- a/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManagerTest4Inner.scala +++ b/src/main/scala/rep/crypto/nodedynamicmanagement/ReloadableTrustManagerTest4Inner.scala @@ -12,7 +12,7 @@ import scala.collection.mutable class ReloadableTrustManagerTest4Inner(ctx:RepChainSystemContext) { var scheduledExecutorService = Executors.newSingleThreadScheduledExecutor - private val testName = "921000006e0012v696.node5" + private val testName = "379552050023903168.node5"//"921000006e0012v696.node5" private val hm = getCertificates private val testNode = (testName,hm(testName)) diff --git a/src/main/scala/rep/crypto/nodedynamicmanagement/X509TrustManagerProxy.java b/src/main/scala/rep/crypto/nodedynamicmanagement/X509TrustManagerProxy.java index 81269048..11dfd840 100644 --- a/src/main/scala/rep/crypto/nodedynamicmanagement/X509TrustManagerProxy.java +++ b/src/main/scala/rep/crypto/nodedynamicmanagement/X509TrustManagerProxy.java @@ -8,7 +8,7 @@ import java.lang.reflect.Method; import java.lang.reflect.Proxy; import java.util.concurrent.atomic.AtomicBoolean; -public class X509TrustManagerProxy implements InvocationHandler { +public class X509TrustManagerProxy implements InvocationHandler { private TrustManager manager = null; private X509ExtendedTrustManager target = null; private X509ExtendedTrustManager update = null; diff --git a/src/main/scala/rep/crypto/nodedynamicmanagement4gm/CustomGMSSLEngine.scala b/src/main/scala/rep/crypto/nodedynamicmanagement4gm/CustomGMSSLEngine.scala index e25a59c9..ba752f26 100644 --- a/src/main/scala/rep/crypto/nodedynamicmanagement4gm/CustomGMSSLEngine.scala +++ b/src/main/scala/rep/crypto/nodedynamicmanagement4gm/CustomGMSSLEngine.scala @@ -10,7 +10,6 @@ import akka.stream.TLSRole import com.typesafe.config.Config import javax.net.ssl.{SSLContext, SSLEngine, SSLSession} import rep.app.system.RepChainSystemContext -import rep.crypto.cert.CertificateUtil class CustomGMSSLEngine (protected val config: Config, protected val log: MarkerLoggingAdapter) extends SSLEngineProvider @@ -26,10 +25,9 @@ class CustomGMSSLEngine (protected val config: Config, protected val log: Marke ctx = RepChainSystemContext.getCtx(sysName) ////////////静态装载信任列表方法///////////////////////////////////// - val tmpTrustCerts = CertificateUtil.loadTrustCertificate(ctx) + //val tmpTrustCerts = CertificateUtil.loadTrustCertificate(ctx) //发送更新给systemcertList和SignTool - //ctx.getSystemCertList.updateCertList(tmpTrustCerts.keySet.toArray) - ctx.getSignTool.updateCertList(tmpTrustCerts) + //ctx.getSignTool.updateCertList(tmpTrustCerts) ////////////静态装载信任列表方法///////////////////////////////////// val SSLEnabledAlgorithms: Set[String] = ctx.getConfig.getAlgorithm @@ -53,7 +51,7 @@ class CustomGMSSLEngine (protected val config: Config, protected val log: Marke } private def constructContext(): SSLContext = { - GMJsseContextHelper.createGMContext(ctx.getConfig,false,ctx.getConfig.getSystemName) + GMJsseContextHelper.createGMContext(ctx.getConfig,true,ctx.getConfig.getSystemName) } def createSecureRandom(): SecureRandom = {