Backport to branch(3.10) : Fix to correctly validate authentication settings (#233)

Co-authored-by: Jun Nemoto <[email protected]>

Author: feeblefakie

client/src/main/java/com/scalar/dl/client/config/ClientConfig.java

@@ -155,17 +155,19 @@ public class ClientConfig {
   public static final String DS_PRIVATE_KEY_PEM = DS_IDENTITY_PREFIX + "private_key_pem";
   /**
    * <code>scalar.dl.client.authentication_method</code> (Optional)<br>
-   * The authentication method for a client and servers. Use {@code "digital-signature"} (default)
-   * or {@code "hmac"}.
+   * The authentication method for clients and Ledger/Auditor servers. {@code "digital-signature"}
+   * (default) or {@code "hmac"} can be specified. This must be consistent with the Ledger/Auditor
+   * configuration.
    *
    * @deprecated This variable will be deleted in release 5.0.0. Use {@code
    *     scalar.dl.client.authentication.method} instead.
    */
   public static final String DEPRECATED_AUTHENTICATION_METHOD = PREFIX + "authentication_method";
   /**
    * <code>scalar.dl.client.authentication.method</code> (Optional)<br>
-   * The authentication method for a client and servers. Use {@code "digital-signature"} (default)
-   * or {@code "hmac"}.
+   * The authentication method for clients and Ledger/Auditor servers. {@code "digital-signature"}
+   * (default) or {@code "hmac"} can be specified. This must be consistent with the Ledger/Auditor
+   * configuration.
    */
   public static final String AUTHENTICATION_METHOD = PREFIX + "authentication.method";
   /**

ledger/src/integration-test/java/com/scalar/dl/ledger/service/LedgerServiceEndToEndTest.java

@@ -2513,7 +2513,9 @@ public void execute_AuditorEnabledAndValidAuditorHmacSignatureGiven_ShouldExecut
     Properties props2 = createProperties();
     props2.put(LedgerConfig.AUDITOR_ENABLED, "true");
     props2.put(LedgerConfig.PROOF_ENABLED, "true");
-    props2.put(LedgerConfig.SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, SECRET_KEY_A);
+    props2.put(LedgerConfig.AUTHENTICATION_METHOD, AuthenticationMethod.HMAC.getMethod());
+    props2.put(LedgerConfig.AUTHENTICATION_HMAC_CIPHER_KEY, SOME_CIPHER_KEY);
+    props2.put(LedgerConfig.SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, SECRET_KEY_B);
     createServices(new LedgerConfig(props2));
     String nonce = UUID.randomUUID().toString();
     JsonNode contractArgument =
@@ -2524,18 +2526,18 @@ public void execute_AuditorEnabledAndValidAuditorHmacSignatureGiven_ShouldExecut
     String argument = Argument.format(contractArgument, nonce, Collections.emptyList());
 
     byte[] serialized =
-        ContractExecutionRequest.serialize(CREATE_CONTRACT_ID3, argument, ENTITY_ID_A, KEY_VERSION);
+        ContractExecutionRequest.serialize(CREATE_CONTRACT_ID3, argument, ENTITY_ID_C, KEY_VERSION);
     ContractExecutionRequest request =
         new ContractExecutionRequest(
             nonce,
-            ENTITY_ID_A,
+            ENTITY_ID_C,
             KEY_VERSION,
             CREATE_CONTRACT_ID3,
             argument,
             Collections.emptyList(),
             null,
-            dsSigner1.sign(serialized),
-            hmacSigner1.sign(nonce.getBytes(StandardCharsets.UTF_8)));
+            hmacSigner1.sign(serialized),
+            hmacSigner2.sign(nonce.getBytes(StandardCharsets.UTF_8)));
 
     // Act
     Throwable thrown = catchThrowable(() -> ledgerService.execute(request));
@@ -2551,6 +2553,8 @@ public void execute_AuditorEnabledAndValidAuditorHmacSignatureGiven_ShouldExecut
     Properties props2 = createProperties();
     props2.put(LedgerConfig.AUDITOR_ENABLED, "true");
     props2.put(LedgerConfig.PROOF_ENABLED, "true");
+    props2.put(LedgerConfig.AUTHENTICATION_METHOD, AuthenticationMethod.HMAC.getMethod());
+    props2.put(LedgerConfig.AUTHENTICATION_HMAC_CIPHER_KEY, SOME_CIPHER_KEY);
     props2.put(LedgerConfig.SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, SECRET_KEY_A);
     createServices(new LedgerConfig(props2));
     String nonce = UUID.randomUUID().toString();
@@ -2562,17 +2566,17 @@ public void execute_AuditorEnabledAndValidAuditorHmacSignatureGiven_ShouldExecut
     String argument = Argument.format(contractArgument, nonce, Collections.emptyList());
 
     byte[] serialized =
-        ContractExecutionRequest.serialize(CREATE_CONTRACT_ID3, argument, ENTITY_ID_A, KEY_VERSION);
+        ContractExecutionRequest.serialize(CREATE_CONTRACT_ID3, argument, ENTITY_ID_C, KEY_VERSION);
     ContractExecutionRequest request =
         new ContractExecutionRequest(
             nonce,
-            ENTITY_ID_A,
+            ENTITY_ID_C,
             KEY_VERSION,
             CREATE_CONTRACT_ID3,
             argument,
             Collections.emptyList(),
             null,
-            dsSigner1.sign(serialized),
+            hmacSigner1.sign(serialized),
             hmacSigner2.sign(nonce.getBytes(StandardCharsets.UTF_8))); // invalid HMAC signature
 
     // Act

ledger/src/main/java/com/scalar/dl/ledger/config/LedgerConfig.java

@@ -66,8 +66,8 @@ public class LedgerConfig implements ServerConfig, ServersHmacAuthenticatable {
   public static final String NAMESPACE = PREFIX + "namespace";
   /**
    * <code>scalar.dl.ledger.authentication.method</code> (Optional)<br>
-   * The authentication method for a client and servers. ("digital-signature" by default) This has
-   * to be consistent with the client configuration.
+   * The authentication method for clients and Ledger servers. {@code "digital-signature"} (default)
+   * or {@code "hmac"} can be specified.
    */
   public static final String AUTHENTICATION_METHOD = PREFIX + "authentication.method";
   /**
@@ -449,14 +449,13 @@ private void load() {
       }
       serversAuthHmacSecretKey =
           ConfigUtils.getString(props, SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, null);
-      if (serversAuthHmacSecretKey == null && proofPrivateKey == null) {
+      if (authenticationMethod == AuthenticationMethod.DIGITAL_SIGNATURE
+          && proofPrivateKey == null) {
         throw new IllegalArgumentException(
             LedgerError.CONFIG_INVALID_AUTHENTICATION_SETTING_BETWEEN_LEDGER_AUDITOR.buildMessage(
-                SERVERS_AUTHENTICATION_HMAC_SECRET_KEY,
-                PROOF_PRIVATE_KEY_PATH,
-                PROOF_PRIVATE_KEY_PEM));
-      }
-      if (authenticationMethod == AuthenticationMethod.HMAC && serversAuthHmacSecretKey == null) {
+                PROOF_PRIVATE_KEY_PATH, PROOF_PRIVATE_KEY_PEM));
+      } else if (authenticationMethod == AuthenticationMethod.HMAC
+          && serversAuthHmacSecretKey == null) {
         throw new IllegalArgumentException(
             LedgerError.CONFIG_INVALID_AUTHENTICATION_SETTING_BETWEEN_LEDGER_AUDITOR_HMAC
                 .buildMessage(SERVERS_AUTHENTICATION_HMAC_SECRET_KEY));

ledger/src/main/java/com/scalar/dl/ledger/error/LedgerError.java

@@ -137,7 +137,7 @@ public enum LedgerError implements ScalarDlError {
   CONFIG_INVALID_AUTHENTICATION_SETTING_BETWEEN_LEDGER_AUDITOR(
       StatusCode.INVALID_ARGUMENT,
       "003",
-      "Authentication between Ledger and Auditor is not correctly configured. Set %s or set a private key with %s or %s.",
+      "Authentication between Ledger and Auditor is not correctly configured. Set a private key with %s or %s if you use digital signature authentication with Auditor enabled.",
       "",
       ""),
   CONFIG_INVALID_AUTHENTICATION_SETTING_BETWEEN_LEDGER_AUDITOR_HMAC(

ledger/src/test/java/com/scalar/dl/ledger/config/LedgerConfigTest.java

@@ -450,20 +450,6 @@ public void constructor_AuditorAndProofEnabledAndPrivateKeyGiven_ShouldConstruct
     assertThat(thrown).doesNotThrowAnyException();
   }
 
-  @Test
-  public void constructor_AuditorAndProofEnabledAndSecretKeyGiven_ShouldConstructProperly() {
-    // Arrange
-    props.setProperty(LedgerConfig.AUDITOR_ENABLED, "true");
-    props.setProperty(LedgerConfig.PROOF_ENABLED, "true");
-    props.setProperty(LedgerConfig.SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, SOME_KEY);
-
-    // Act
-    Throwable thrown = catchThrowable(() -> new LedgerConfig(props));
-
-    // Assert
-    assertThat(thrown).doesNotThrowAnyException();
-  }
-
   @Test
   public void
       constructor_AuditorAndProofEnabledButNeitherPrivateKeyNorSecretKeyGiven_ShouldThrowIllegalArgumentException() {
@@ -525,12 +511,13 @@ public void constructor_AuditorEnabledButProofDisabled_ShouldThrowIllegalArgumen
 
   @Test
   public void
-      constructor_AuditorAndProofEnabledAndHmacConfiguredButSecretKeyNotGiven_ShouldThrowIllegalArgumentException() {
+      constructor_AuditorEnabledButProofDisabledWithHmacConfiguration_ShouldThrowIllegalArgumentException() {
     // Arrange
     props.setProperty(LedgerConfig.AUDITOR_ENABLED, "true");
     props.setProperty(LedgerConfig.PROOF_ENABLED, "false");
     props.setProperty(LedgerConfig.AUTHENTICATION_METHOD, AuthenticationMethod.HMAC.getMethod());
     props.setProperty(LedgerConfig.AUTHENTICATION_HMAC_CIPHER_KEY, SOME_CIPHER_KEY);
+    props.setProperty(LedgerConfig.SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, SOME_SECRET_KEY);
 
     // Act
     Throwable thrown = catchThrowable(() -> new LedgerConfig(props));
@@ -554,6 +541,40 @@ public void constructor_HmacEnabledButCipherKeyNotGiven_ShouldThrowIllegalArgume
     assertThat(thrown).isExactlyInstanceOf(IllegalArgumentException.class);
   }
 
+  @Test
+  public void
+      constructor_AuditorAndProofEnabledInDigitalSignatureConfigurationButPrivateKeyNotGiven_ShouldThrowIllegalArgumentException() {
+    // Arrange
+    props.setProperty(LedgerConfig.AUDITOR_ENABLED, "true");
+    props.setProperty(LedgerConfig.PROOF_ENABLED, "true");
+    props.setProperty(
+        LedgerConfig.AUTHENTICATION_METHOD, AuthenticationMethod.DIGITAL_SIGNATURE.getMethod());
+    props.setProperty(LedgerConfig.SERVERS_AUTHENTICATION_HMAC_SECRET_KEY, SOME_SECRET_KEY);
+
+    // Act
+    Throwable thrown = catchThrowable(() -> new LedgerConfig(props));
+
+    // Assert
+    assertThat(thrown).isExactlyInstanceOf(IllegalArgumentException.class);
+  }
+
+  @Test
+  public void
+      constructor_AuditorAndProofEnabledInHmacConfigurationButSecretKeyNotGiven_ShouldThrowIllegalArgumentException() {
+    // Arrange
+    props.setProperty(LedgerConfig.AUDITOR_ENABLED, "true");
+    props.setProperty(LedgerConfig.PROOF_ENABLED, "true");
+    props.setProperty(LedgerConfig.AUTHENTICATION_METHOD, AuthenticationMethod.HMAC.getMethod());
+    props.setProperty(LedgerConfig.AUTHENTICATION_HMAC_CIPHER_KEY, SOME_CIPHER_KEY);
+    props.setProperty(LedgerConfig.PROOF_PRIVATE_KEY_PEM, SOME_PEM);
+
+    // Act
+    Throwable thrown = catchThrowable(() -> new LedgerConfig(props));
+
+    // Assert
+    assertThat(thrown).isExactlyInstanceOf(IllegalArgumentException.class);
+  }
+
   @Test
   public void
       constructor_ConsensusCommitWithGroupCommitDisabledSpecified_ShouldConstructProperly() {