ARCHIVE/xahaud
3
0
Fork 0
mirror of https://github.com/Xahau/xahaud.git synced 2025-12-06 17:27:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
58d71b8c962805d7d63a7f7b3540f5ed369d210b
xahaud/src/test/overlay/ProtocolVersion_test.cpp
Nik Bougalis 5a15229eeb Improve detection & handling of duplicate Node ID: 
Each node on the network is supposed to have a unique cryptographic
identity. Typically, this identity is generated randomly at startup
and stored for later reuse in the (poorly named) file `wallet.db`.

If the file is copied, it is possible for two nodes to share the
same node identity. This is generally not desirable and existing
servers will detect and reject connections to other servers that
have the same key.

This commit achives three things:

1. It improves the detection code to pinpoint instances where two
   distinct servers with the same key connect with each other. In
   that case, servers will log an appropriate error and shut down
   pending intervention by the server's operator.
2. It makes it possible for server administrators to securely and
   easily generate new cryptographic identities for servers using
   the new `--newnodeid` command line arguments. When a server is
   started using this command, it will generate and save a random
   secure identity.
3. It makes it possible to configure the identity using a command
   line option, which makes it possible to derive it from data or
   parameters associated with the container or hardware where the
   instance is running by passing the `--nodeid` option, followed
   by a single argument identifying the infomation from which the
   node's identity is derived. For example, the following command
   will result in nodes with different hostnames having different
   node identities: `rippled --nodeid $HOSTNAME`

The last option is particularly useful for automated cloud-based
deployments that minimize the need for storing state and provide
unique deployment identifiers.

**Important note for server operators:**
Depending on variables outside of the the control of this code,
such as operating system version or configuration, permissions,
and more, it may be possible for other users or programs to be
able to access the command line arguments of other processes
on the system.

If you are operating in a shared environment, you should avoid
using this option, preferring instead to use the `[node_seed]`
option in the configuration file, and use permissions to limit
exposure of the node seed.

A user who gains access to the value used to derive the node's
unique identity could impersonate that node.

The commit also updates the minimum supported server protocol
version to `XRPL/2.1`, which has been supported since version
1.5.0 and eliminates support for `XPRL/2.0`.
2022-08-25 08:49:14 -07:00

103 lines
3.6 KiB
C++
Raw Blame History

//------------------------------------------------------------------------------
/*
This file is part of rippled: https://github.com/ripple/rippled
Copyright (c) 2019 Ripple Labs Inc.
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL , DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
//==============================================================================
#include <ripple/beast/unit_test.h>
#include <ripple/overlay/impl/ProtocolVersion.h>
namespace ripple {
class ProtocolVersion_test : public beast::unit_test::suite
{
private:
void
check(std::string const& s, std::string const& answer)
{
auto join = [](auto first, auto last) {
std::string result;
if (first != last)
{
result = to_string(*first++);
while (first != last)
result += "," + to_string(*first++);
}
return result;
};
auto const result = parseProtocolVersions(s);
BEAST_EXPECT(join(result.begin(), result.end()) == answer);
}
public:
void
run() override
{
testcase("Convert protocol version to string");
BEAST_EXPECT(to_string(make_protocol(1, 3)) == "XRPL/1.3");
BEAST_EXPECT(to_string(make_protocol(2, 0)) == "XRPL/2.0");
BEAST_EXPECT(to_string(make_protocol(2, 1)) == "XRPL/2.1");
BEAST_EXPECT(to_string(make_protocol(10, 10)) == "XRPL/10.10");
{
testcase("Convert strings to protocol versions");
// Empty string
check("", "");
// clang-format off
check(
"RTXP/1.1,RTXP/1.2,RTXP/1.3,XRPL/2.1,XRPL/2.0,/XRPL/3.0",
"XRPL/2.0,XRPL/2.1");
check(
"RTXP/0.9,RTXP/1.01,XRPL/0.3,XRPL/2.01,websocket",
"");
check(
"XRPL/2.0,XRPL/2.0,XRPL/19.4,XRPL/7.89,XRPL/XRPL/3.0,XRPL/2.01",
"XRPL/2.0,XRPL/7.89,XRPL/19.4");
check(
"XRPL/2.0,XRPL/3.0,XRPL/4,XRPL/,XRPL,OPT XRPL/2.2,XRPL/5.67",
"XRPL/2.0,XRPL/3.0,XRPL/5.67");
// clang-format on
}
{
testcase("Protocol version negotiation");
BEAST_EXPECT(negotiateProtocolVersion("RTXP/1.2") == std::nullopt);
BEAST_EXPECT(
negotiateProtocolVersion("RTXP/1.2, XRPL/2.0, XRPL/2.1") ==
make_protocol(2, 1));
BEAST_EXPECT(
negotiateProtocolVersion("XRPL/2.2") == make_protocol(2, 2));
BEAST_EXPECT(
negotiateProtocolVersion(
"RTXP/1.2, XRPL/2.2, XRPL/2.3, XRPL/999.999") ==
make_protocol(2, 2));
BEAST_EXPECT(
negotiateProtocolVersion("XRPL/999.999, WebSocket/1.0") ==
std::nullopt);
BEAST_EXPECT(negotiateProtocolVersion("") == std::nullopt);
}
}
};
BEAST_DEFINE_TESTSUITE(ProtocolVersion, overlay, ripple);
} // namespace ripple
Reference in New Issue View Git Blame Copy Permalink