support hsm (#300)

* add hsm config methods and internal key support
SDF SM2 keypair add 04 prefix in public key hex string
use webank-blockchain-java-crypto instead of key-mini-toolkit

* supply hsm config example

Author: MaggieNgWu

.circleci/config.yml

@@ -16,6 +16,7 @@ jobs:
       - run:
           name: Compile
           command: |
+            bash gradlew --version
             bash gradlew build -x test -x integrationTest
       - run:
           name: Integration Test

build.gradle

@@ -24,7 +24,8 @@ ext {
     nettySMSSLContextVersion = "1.2.0"
     toml4jVersion = "0.7.2"
     bcprovJDK15onVersion = "1.60"
-    keyMiniToolkit = "1.0.3"
+    webankJavaCryptoVersion = "1.0.0-005-SNAPSHOT"
+    webankHsmCryptoVersion = "1.0.0-008-SNAPSHOT"
 
     slf4jVersion = "1.7.30"
     junitVersion = "4.12"
@@ -66,6 +67,7 @@ allprojects {
         maven { url "http://maven.aliyun.com/nexus/content/groups/public/" }
         maven { url "https://oss.sonatype.org/service/local/staging/deploy/maven2"}
         maven { url "https://oss.sonatype.org/content/repositories/snapshots" }
+        maven {url "https://plugins.gradle.org/m2/"}
     }
 
     dependencies {
@@ -193,9 +195,9 @@ dependencies {
     compile ("commons-io:commons-io:${commonsIOVersion}")
     compile ("com.squareup:javapoet:${javapoetVersion}")
     compile ("info.picocli:picocli:${picocliVersion}")
-    compile ("com.webank:key-mini-toolkit:${keyMiniToolkit}")
+    compile ("com.webank:webank-blockchain-java-crypto:${webankJavaCryptoVersion}")
     compile ("com.moandjiezana.toml:toml4j:${toml4jVersion}")
-
+    compile ("com.webank:webank-blockchain-hsm-crypto:${webankHsmCryptoVersion}")
     testCompile ("org.apache.commons:commons-collections4:${commonsCollections4Version}")
     testCompile ("com.google.guava:guava:${guavaVersion}")
 }

sdk-core/src/main/java/org/fisco/bcos/sdk/config/ConfigOption.java

@@ -21,6 +21,7 @@
 import org.fisco.bcos.sdk.config.model.AmopConfig;
 import org.fisco.bcos.sdk.config.model.ConfigProperty;
 import org.fisco.bcos.sdk.config.model.CryptoMaterialConfig;
+import org.fisco.bcos.sdk.config.model.CryptoProviderConfig;
 import org.fisco.bcos.sdk.config.model.NetworkConfig;
 import org.fisco.bcos.sdk.config.model.ThreadPoolConfig;
 import org.fisco.bcos.sdk.model.CryptoType;
@@ -37,6 +38,7 @@ public class ConfigOption {
     private AmopConfig amopConfig;
     private NetworkConfig networkConfig;
     private ThreadPoolConfig threadPoolConfig;
+    private CryptoProviderConfig cryptoProviderConfig;
     private ConfigProperty configProperty;
 
     public ConfigOption(ConfigProperty configProperty) throws ConfigException {
@@ -54,6 +56,8 @@ public ConfigOption(ConfigProperty configProperty, int cryptoType) throws Config
         networkConfig = new NetworkConfig(configProperty);
         // load threadPoolConfig
         threadPoolConfig = new ThreadPoolConfig(configProperty);
+        // load cryptoProviderConfig
+        cryptoProviderConfig = new CryptoProviderConfig(configProperty);
         // init configProperty
         this.configProperty = configProperty;
     }
@@ -101,4 +105,12 @@ public ThreadPoolConfig getThreadPoolConfig() {
     public void setThreadPoolConfig(ThreadPoolConfig threadPoolConfig) {
         this.threadPoolConfig = threadPoolConfig;
     }
+
+    public CryptoProviderConfig getCryptoProviderConfig() {
+        return cryptoProviderConfig;
+    }
+
+    public void setCryptoProviderConfig(CryptoProviderConfig cryptoProviderConfig) {
+        this.cryptoProviderConfig = cryptoProviderConfig;
+    }
 }

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/AccountConfig.java

@@ -15,6 +15,10 @@
 
 package org.fisco.bcos.sdk.config.model;
 
+import static org.fisco.bcos.sdk.model.CryptoProviderType.HSM;
+import static org.fisco.bcos.sdk.model.CryptoProviderType.SSM;
+
+import java.util.Map;
 import java.util.Objects;
 import org.fisco.bcos.sdk.config.exceptions.ConfigException;
 
@@ -25,6 +29,7 @@ public class AccountConfig {
     private String accountFileFormat;
     private String accountPassword;
     private String accountFilePath;
+    private String accountKeyIndex;
 
     public AccountConfig(ConfigProperty configProperty) throws ConfigException {
         this.keyStoreDir =
@@ -38,13 +43,25 @@ public AccountConfig(ConfigProperty configProperty) throws ConfigException {
         this.accountPassword = ConfigProperty.getValue(configProperty.getAccount(), "password", "");
         this.accountFilePath =
                 ConfigProperty.getValue(configProperty.getAccount(), "accountFilePath", "");
+        this.accountKeyIndex =
+                ConfigProperty.getValue(configProperty.getAccount(), "accountKeyIndex", "");
         if (!this.accountFilePath.equals("")) {
             this.accountFilePath = ConfigProperty.getConfigFilePath(this.accountFilePath);
         }
-        checkAccountConfig();
-    }
-
-    private void checkAccountConfig() throws ConfigException {
+        checkAccountConfig(configProperty);
+    }
+
+    private void checkAccountConfig(ConfigProperty configProperty) throws ConfigException {
+        Map<String, Object> cryptoProvider = configProperty.getCryptoProvider();
+        if (cryptoProvider != null) {
+            String cryptoType = ConfigProperty.getValue(cryptoProvider, "type", SSM);
+            if (cryptoType != null && cryptoType.equals(HSM)) {
+                if (!this.accountKeyIndex.equals("") && this.accountPassword.equals("")) {
+                    throw new ConfigException(
+                            "cannot load hsm inner key, please config the password");
+                }
+            }
+        }
         if (this.accountAddress.equals("")) {
             return;
         }
@@ -97,6 +114,14 @@ public void setAccountPassword(String accountPassword) {
         this.accountPassword = accountPassword;
     }
 
+    public String getAccountKeyIndex() {
+        return accountKeyIndex;
+    }
+
+    public void setAccountKeyIndex(String accountKeyIndex) {
+        this.accountKeyIndex = accountKeyIndex;
+    }
+
     @Override
     public String toString() {
         return "AccountConfig{"

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/ConfigProperty.java

@@ -41,8 +41,8 @@ public class ConfigProperty {
     public Map<String, Object> network;
     public List<AmopTopic> amop;
     public Map<String, Object> account;
-
     public Map<String, Object> threadPool;
+    public Map<String, Object> cryptoProvider;
 
     public Map<String, Object> getCryptoMaterial() {
         return cryptoMaterial;
@@ -84,6 +84,14 @@ public void setThreadPool(Map<String, Object> threadPool) {
         this.threadPool = threadPool;
     }
 
+    public Map<String, Object> getCryptoProvider() {
+        return cryptoProvider;
+    }
+
+    public void setCryptoProvider(Map<String, Object> cryptoProvider) {
+        this.cryptoProvider = cryptoProvider;
+    }
+
     public static String getValue(Map<String, Object> config, String key, String defaultValue) {
         if (config == null || config.get(key) == null) {
             return defaultValue;

sdk-core/src/main/java/org/fisco/bcos/sdk/config/model/CryptoProviderConfig.java

@@ -0,0 +1,31 @@
+package org.fisco.bcos.sdk.config.model;
+
+import static org.fisco.bcos.sdk.model.CryptoProviderType.SSM;
+
+import java.util.Map;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class CryptoProviderConfig {
+    private static Logger logger = LoggerFactory.getLogger(CryptoProviderConfig.class);
+    private String type;
+
+    protected CryptoProviderConfig() {}
+
+    public CryptoProviderConfig(ConfigProperty configProperty) {
+        Map<String, Object> cryptoProvider = configProperty.getCryptoProvider();
+        if (cryptoProvider != null) {
+            this.type = ConfigProperty.getValue(cryptoProvider, "type", SSM);
+        } else {
+            type = SSM;
+        }
+    }
+
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+}

sdk-core/src/main/java/org/fisco/bcos/sdk/model/CryptoProviderType.java

@@ -0,0 +1,6 @@
+package org.fisco.bcos.sdk.model;
+
+public class CryptoProviderType {
+    public static final String HSM = "hsm"; // Hardware secure module
+    public static final String SSM = "ssm"; // Software secure module
+}

sdk-core/src/main/java/org/fisco/bcos/sdk/model/CryptoType.java

@@ -22,4 +22,7 @@ public class CryptoType {
 
     // vrf related crypto type(1000-1999)
     public static final int ED25519_VRF_TYPE = 1000;
+
+    // hardware secure module type (2000-2999)
+    public static final int SM_HSM_TYPE = 2001;
 }

sdk-core/src/test/resources/config-example.toml

@@ -1,5 +1,4 @@
 [cryptoMaterial]
-
 certPath = "conf"                           # The certification path  
 
 # The following configurations take the certPath by default:

sdk-crypto/build.gradle

@@ -5,7 +5,8 @@ plugins {
 dependencies {
     compile project(':sdk-core')
     compile ("org.bouncycastle:bcprov-jdk15on:${bcprovJDK15onVersion}")
-    compile ("com.webank:key-mini-toolkit:${keyMiniToolkit}")
+    compile ("com.webank:webank-blockchain-java-crypto:${webankJavaCryptoVersion}")
+    compile ("com.webank:webank-blockchain-hsm-crypto:${webankHsmCryptoVersion}")
 }
 
 task sourcesJar(type: Jar) {