Merge pull request #916 from kyonRay/master-2.0

Release v2.10.1

Changelog.md

@@ -1,3 +1,26 @@
+## v2.10.1
+
+(2024-04-25)
+
+请参考文档：
+
+* [英文版用户手册](https://fisco-bcos-documentation.readthedocs.io/en/latest/docs/sdk/java_sdk/index.html)
+* [中文版用户手册](https://fisco-bcos-documentation.readthedocs.io/zh_CN/latest/docs/sdk/java_sdk/index.html#)
+* [中文版WIKI](https://github.com/FISCO-BCOS/java-sdk/wiki)
+
+新增：
+
+- 新增启动配置fisco.netty.enable.openssl.provider，置为true时使用openssl provider，置为false时使用JDK provider。
+
+更新：
+
+- Java SDK不再强依赖tcnative，解决在部分环境下无法加载tcnative的问题。
+- 非国密环境下默认采用JDK的provider模式建立ssl连接。需要能提供给更高性能的openssl provider时，可以通过开关切换。
+
+修复：
+
+- 修复部分场景不能配置相对路径的问题。
+
 ## v2.10.0
 
 (2024-03-08)

build.gradle

@@ -35,7 +35,7 @@ ext {
 // integrationTest.mustRunAfter test
 allprojects {
     group = 'org.fisco-bcos.java-sdk'
-    version = '2.10.0'
+    version = '2.10.1-SNAPSHOT'
     apply plugin: 'maven'
     apply plugin: 'maven-publish'
     apply plugin: 'idea'

sdk-codegen/src/main/java/org/fisco/bcos/sdk/codegen/CodeGenUtils.java

@@ -77,7 +77,7 @@ public static List<ABIDefinition> loadContractAbiDefinition(String abi) throws I
     public static byte[] readBytes(File file) throws CodeGenException, IOException {
         byte[] bytes = new byte[(int) file.length()];
         FileInputStream fileInputStream = null;
-        if (!file.canRead() || file.getPath().contains("..")) {
+        if (!file.canRead()) {
             throw new CodeGenException(
                     "file " + file + " is not readable or contains invalid characters");
         }

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/ConfigProperty.java

@@ -105,7 +105,6 @@ public static InputStream getConfigInputStream(String configFilePath) throws Con
         }
         InputStream inputStream = null;
         try {
-            configFilePath = configFilePath.replace("..", "");
             inputStream = new FileInputStream(configFilePath);
             if (inputStream != null) {
                 return inputStream;

sdk-core/src/main/java/org/fisco/bcos/sdk/network/ConnectionManager.java

@@ -28,16 +28,11 @@
 import io.netty.channel.socket.SocketChannel;
 import io.netty.channel.socket.nio.NioSocketChannel;
 import io.netty.handler.codec.LengthFieldBasedFrameDecoder;
-import io.netty.handler.ssl.SMSslClientContextFactory;
 import io.netty.handler.ssl.SslContext;
-import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
-import io.netty.handler.ssl.SslProvider;
 import io.netty.handler.timeout.IdleStateHandler;
 import io.netty.util.concurrent.Future;
-import java.io.IOException;
 import java.nio.channels.ClosedChannelException;
-import java.security.Security;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -70,6 +65,9 @@ public class ConnectionManager {
     private EventLoopGroup workerGroup;
     private Boolean running = false;
     private Bootstrap bootstrap = new Bootstrap();
+
+    private SslContextInitializer sslContextInitializer = new SslContextInitializer();
+
     private List<ChannelFuture> connChannelFuture = new ArrayList<ChannelFuture>();
     private ScheduledExecutorService reconnSchedule = new ScheduledThreadPoolExecutor(1);
     private int cryptoType;
@@ -228,85 +226,6 @@ public ChannelHandlerContext getConnectionCtx(String peer) {
         return availableConnections.get(peer);
     }
 
-    private SslContext initSslContext(ConfigOption configOption) throws NetworkException {
-        try {
-            Security.setProperty("jdk.disabled.namedCurves", "");
-            System.setProperty("jdk.sunec.disableNative", "false");
-
-            // Get file, file existence is already checked when check config file.
-            // Init SslContext
-            logger.info(" build ECDSA ssl context with configured certificates ");
-            SslContext sslCtx =
-                    SslContextBuilder.forClient()
-                            .trustManager(configOption.getCryptoMaterialConfig().getCaInputStream())
-                            .keyManager(
-                                    configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
-                                    configOption
-                                            .getCryptoMaterialConfig()
-                                            .getSdkPrivateKeyInputStream())
-                            .sslProvider(SslProvider.OPENSSL)
-                            // .sslProvider(SslProvider.JDK)
-                            .build();
-            return sslCtx;
-        } catch (IOException e) {
-            logger.error(
-                    "initSslContext failed, caCert: {}, sslCert: {}, sslKey: {}, error: {}, e: {}",
-                    configOption.getCryptoMaterialConfig().getCaCertPath(),
-                    configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
-                    e.getMessage(),
-                    e);
-            throw new NetworkException(
-                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
-                            + e.getMessage(),
-                    NetworkException.INIT_CONTEXT_FAILED);
-        } catch (IllegalArgumentException e) {
-            logger.error("initSslContext failed, error: {}, e: {}", e.getMessage(), e);
-            throw new NetworkException(
-                    "SSL context init failed, error info: " + e.getMessage(),
-                    NetworkException.INIT_CONTEXT_FAILED);
-        }
-    }
-
-    private SslContext initSMSslContext(ConfigOption configOption) throws NetworkException {
-        try {
-            // Get file, file existence is already checked when check config file.
-            // Init SslContext
-            return SMSslClientContextFactory.build(
-                    configOption.getCryptoMaterialConfig().getCaInputStream(),
-                    configOption.getCryptoMaterialConfig().getEnSSLCertInputStream(),
-                    configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyInputStream(),
-                    configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
-                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyInputStream());
-        } catch (Exception e) {
-            if (configOption.getCryptoMaterialConfig().getCryptoProvider().equalsIgnoreCase(HSM)) {
-                logger.error(
-                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKeyIndex: {}, enCert: {}, enSslKeyIndex: {}, error: {}, e: {}",
-                        configOption.getCryptoMaterialConfig().getCaCertPath(),
-                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                        configOption.getCryptoMaterialConfig().getSslKeyIndex(),
-                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
-                        configOption.getCryptoMaterialConfig().getEnSslKeyIndex(),
-                        e.getMessage(),
-                        e);
-            } else {
-                logger.error(
-                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKey: {}, enCert: {}, enSslKey: {}, error: {}, e: {}",
-                        configOption.getCryptoMaterialConfig().getCaCertPath(),
-                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
-                        configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
-                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
-                        configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyPath(),
-                        e.getMessage(),
-                        e);
-            }
-            throw new NetworkException(
-                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
-                            + e.getMessage(),
-                    e);
-        }
-    }
-
     private void initNetty(ConfigOption configOption) throws NetworkException {
         workerGroup = new NioEventLoopGroup();
         bootstrap.group(workerGroup);
@@ -324,8 +243,8 @@ private void initNetty(ConfigOption configOption) throws NetworkException {
         }
         sslContext =
                 (sslCryptoType == CryptoType.ECDSA_TYPE
-                        ? initSslContext(configOption)
-                        : initSMSslContext(configOption));
+                        ? sslContextInitializer.initSslContext(configOption)
+                        : sslContextInitializer.initSMSslContext(configOption));
         SslContext finalSslContext = sslContext;
         ChannelInitializer<SocketChannel> initializer =
                 new ChannelInitializer<SocketChannel>() {

sdk-core/src/main/java/org/fisco/bcos/sdk/network/SslContextInitializer.java

@@ -0,0 +1,142 @@
+package org.fisco.bcos.sdk.network;
+
+import static org.fisco.bcos.sdk.model.CryptoProviderType.HSM;
+
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslProvider;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.Method;
+import java.security.Security;
+import org.fisco.bcos.sdk.config.ConfigOption;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class SslContextInitializer {
+
+    private static Logger logger = LoggerFactory.getLogger(SslContextInitializer.class);
+
+    private static boolean enableNettyOpenSSLProvider = false;
+
+    static {
+        String property = System.getProperty("fisco.netty.enable.openssl.provider");
+        if (property != null) {
+            enableNettyOpenSSLProvider = Boolean.valueOf(property);
+            logger.info("load `fisco.netty.enable.openssl.provider` value: {}", property);
+        }
+    }
+
+    public SslContext initSslContext(ConfigOption configOption) throws NetworkException {
+        try {
+            Security.setProperty("jdk.disabled.namedCurves", "");
+            System.setProperty("jdk.sunec.disableNative", "false");
+
+            // Get file, file existence is already checked when check config file.
+            // Init SslContext
+            logger.info(" build ECDSA ssl context with configured certificates ");
+
+            SslProvider sslProvider = SslProvider.JDK;
+            if (enableNettyOpenSSLProvider) {
+                sslProvider = SslProvider.OPENSSL;
+            }
+
+            logger.info("sslProvider: {}", sslProvider);
+
+            SslContext sslCtx =
+                    SslContextBuilder.forClient()
+                            .trustManager(configOption.getCryptoMaterialConfig().getCaInputStream())
+                            .keyManager(
+                                    configOption.getCryptoMaterialConfig().getSdkCertInputStream(),
+                                    configOption
+                                            .getCryptoMaterialConfig()
+                                            .getSdkPrivateKeyInputStream())
+                            // .sslProvider(SslProvider.OPENSSL)
+                            .sslProvider(sslProvider)
+                            .build();
+            return sslCtx;
+        } catch (IOException e) {
+            logger.error(
+                    "initSslContext failed, caCert: {}, sslCert: {}, sslKey: {}, error: {}, e: {}",
+                    configOption.getCryptoMaterialConfig().getCaCertPath(),
+                    configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
+                    e.getMessage(),
+                    e);
+            throw new NetworkException(
+                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
+                            + e.getMessage(),
+                    NetworkException.INIT_CONTEXT_FAILED);
+        } catch (IllegalArgumentException e) {
+            logger.error("initSslContext failed, error: {}, e: {}", e.getMessage(), e);
+            throw new NetworkException(
+                    "SSL context init failed, error info: " + e.getMessage(),
+                    NetworkException.INIT_CONTEXT_FAILED);
+        }
+    }
+
+    public SslContext initSMSslContext(ConfigOption configOption) throws NetworkException {
+        try {
+            // Get file, file existence is already checked when check config file.
+            InputStream caInputStream = configOption.getCryptoMaterialConfig().getCaInputStream();
+            InputStream enSSLCertInputStream =
+                    configOption.getCryptoMaterialConfig().getEnSSLCertInputStream();
+            InputStream enSSLPrivateKeyInputStream =
+                    configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyInputStream();
+            InputStream sdkCertInputStream =
+                    configOption.getCryptoMaterialConfig().getSdkCertInputStream();
+            InputStream sdkPrivateKeyInputStream =
+                    configOption.getCryptoMaterialConfig().getSdkPrivateKeyInputStream();
+
+            String smContextFactoryClassName = "io.netty.handler.ssl.SMSslClientContextFactory";
+
+            Class<?> smContextFactoryClass = Class.forName(smContextFactoryClassName);
+            logger.info("加载类`{}`成功", smContextFactoryClassName);
+            Method buildMethod =
+                    smContextFactoryClass.getMethod(
+                            "build",
+                            InputStream.class,
+                            InputStream.class,
+                            InputStream.class,
+                            InputStream.class,
+                            InputStream.class);
+            SslContext sslContext =
+                    (SslContext)
+                            buildMethod.invoke(
+                                    null,
+                                    caInputStream,
+                                    enSSLCertInputStream,
+                                    enSSLPrivateKeyInputStream,
+                                    sdkCertInputStream,
+                                    sdkPrivateKeyInputStream);
+
+            return sslContext;
+        } catch (Exception e) {
+            if (configOption.getCryptoMaterialConfig().getCryptoProvider().equalsIgnoreCase(HSM)) {
+                logger.error(
+                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKeyIndex: {}, enCert: {}, enSslKeyIndex: {}, error: {}, e: {}",
+                        configOption.getCryptoMaterialConfig().getCaCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                        configOption.getCryptoMaterialConfig().getSslKeyIndex(),
+                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
+                        configOption.getCryptoMaterialConfig().getEnSslKeyIndex(),
+                        e.getMessage(),
+                        e);
+            } else {
+                logger.error(
+                        "initSMSslContext failed, caCert:{}, sslCert: {}, sslKey: {}, enCert: {}, enSslKey: {}, error: {}, e: {}",
+                        configOption.getCryptoMaterialConfig().getCaCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkCertPath(),
+                        configOption.getCryptoMaterialConfig().getSdkPrivateKeyPath(),
+                        configOption.getCryptoMaterialConfig().getEnSSLCertPath(),
+                        configOption.getCryptoMaterialConfig().getEnSSLPrivateKeyPath(),
+                        e.getMessage(),
+                        e);
+            }
+            throw new NetworkException(
+                    "SSL context init failed, please make sure your cert and key files are properly configured. error info: "
+                            + e.getMessage(),
+                    e);
+        }
+    }
+}

sdk-core/src/main/java/org/fisco/bcos/sdk/utils/SystemInformation.java

@@ -20,7 +20,7 @@
 
 public class SystemInformation {
     // Note: must update the version if publish new-version
-    private static final String sdkVersion = "2.10.0";
+    private static final String sdkVersion = "2.10.1";
     public static final String connectionFaqIssueUrl =
             "https://github.com/FISCO-BCOS/java-sdk/issues/536";
     public static final String connectionFaqDocUrl =

sdk-crypto/src/main/java/org/fisco/bcos/sdk/crypto/keystore/KeyTool.java

@@ -272,7 +272,6 @@ public static void storePublicKeyWithPem(PrivateKey privateKey, String privateKe
     public static void storePublicKeyWithPem(PublicKey publicKey, String privateKeyFilePath)
             throws IOException {
         String publicKeyPath = privateKeyFilePath + ".pub";
-        publicKeyPath = publicKeyPath.replace("..", "");
         try (PemWriter writer = new PemWriter(new FileWriter(publicKeyPath))) {
             writer.writeObject(new PemObject("PUBLIC KEY", publicKey.getEncoded()));
             writer.flush();
@@ -289,8 +288,7 @@ public static void storePublicKeyWithPem(PublicKey publicKey, String privateKeyF
     /** load information from the keyStoreFile */
     protected void load() {
         try {
-            String safeFile = keyStoreFile.replace("..", "");
-            InputStream keyStoreFileInputStream = new FileInputStream(safeFile);
+            InputStream keyStoreFileInputStream = new FileInputStream(keyStoreFile);
             this.load(keyStoreFileInputStream);
         } catch (FileNotFoundException | org.bouncycastle.util.encoders.DecoderException e) {
             String errorMessage =

sdk-crypto/src/main/java/org/fisco/bcos/sdk/crypto/keystore/P12KeyStore.java

@@ -150,7 +150,6 @@ public static void storeKeyPairWithP12Format(
             Certificate[] certChain = new Certificate[1];
             certChain[0] = generateSelfSignedCertificate(keyPair, signatureAlgorithm);
             keyStore.setKeyEntry(NAME, privateKey, password.toCharArray(), certChain);
-            privateKeyFilePath = privateKeyFilePath.replace("..", "");
             keyStore.store(new FileOutputStream(privateKeyFilePath), password.toCharArray());
             // store the public key
             storePublicKeyWithPem(privateKey, privateKeyFilePath);

sdk-crypto/src/main/java/org/fisco/bcos/sdk/crypto/keystore/PEMKeyStore.java

@@ -69,7 +69,6 @@ public static void storeKeyPairWithPemFormat(
         try {
             KeyPair keyPair = convertHexedStringToKeyPair(hexedPrivateKey, curveName);
             // save the private key
-            privateKeyFilePath = privateKeyFilePath.replace("..", "");
             PemWriter writer = new PemWriter(new FileWriter(privateKeyFilePath));
             BCECPrivateKey bcecPrivateKey = (BCECPrivateKey) (keyPair.getPrivate());
             writer.writeObject(new PemObject(PRIVATE_KEY, bcecPrivateKey.getEncoded()));