Allow use a external JWT public key in authenticated APIs

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/net/ExpectNetVersionPermissionJsonRpcUnauthorizedResponse.java → acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/login/ExpectLoginDisabled.java

@@ -12,23 +12,16 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  */
-package org.hyperledger.besu.tests.acceptance.dsl.condition.net;
+package org.hyperledger.besu.tests.acceptance.dsl.condition.login;
 
 import org.hyperledger.besu.tests.acceptance.dsl.condition.Condition;
 import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
-import org.hyperledger.besu.tests.acceptance.dsl.transaction.net.NetVersionTransaction;
+import org.hyperledger.besu.tests.acceptance.dsl.transaction.login.LoginDisabledTransaction;
 
-public class ExpectNetVersionPermissionJsonRpcUnauthorizedResponse implements Condition {
-
-  private final NetVersionTransaction transaction;
-
-  public ExpectNetVersionPermissionJsonRpcUnauthorizedResponse(
-      final NetVersionTransaction transaction) {
-    this.transaction = transaction;
-  }
+public class ExpectLoginDisabled implements Condition {
 
   @Override
   public void verify(final Node node) {
-    node.execute(transaction);
+    node.execute(new LoginDisabledTransaction());
   }
 }

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/login/LoginConditions.java

@@ -27,6 +27,10 @@ public Condition failure(final String username, final String password) {
     return new ExpectLoginUnauthorized(username, password);
   }
 
+  public Condition disabled() {
+    return new ExpectLoginDisabled();
+  }
+
   public Condition awaitResponse(final String username, final String password) {
     return new AwaitLoginResponse<>(new LoginTransaction(username, password));
   }

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/net/ExpectNetVersionConnectionExceptionWithCause.java → acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/net/ExpectUnauthorized.java

@@ -19,22 +19,20 @@
 
 import org.hyperledger.besu.tests.acceptance.dsl.condition.Condition;
 import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
-import org.hyperledger.besu.tests.acceptance.dsl.transaction.net.NetVersionTransaction;
+import org.hyperledger.besu.tests.acceptance.dsl.transaction.Transaction;
 
-public class ExpectNetVersionConnectionExceptionWithCause implements Condition {
+public class ExpectUnauthorized implements Condition {
 
-  private final NetVersionTransaction transaction;
-  private final Class<? extends Throwable> cause;
+  private static final String UNAUTHORIZED = "Unauthorized";
+  private final Transaction<?> transaction;
 
-  public ExpectNetVersionConnectionExceptionWithCause(
-      final NetVersionTransaction transaction, final Class<? extends Throwable> cause) {
+  public ExpectUnauthorized(final Transaction<?> transaction) {
     this.transaction = transaction;
-    this.cause = cause;
   }
 
   @Override
   public void verify(final Node node) {
     final Throwable thrown = catchThrowable(() -> node.execute(transaction));
-    assertThat(thrown).isInstanceOf(cause);
+    assertThat(thrown.getMessage()).contains(UNAUTHORIZED);
   }
 }

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/net/NetConditions.java

@@ -35,6 +35,10 @@ public Condition netServicesOnlyJsonRpcEnabled() {
     return new ExpectNetServicesReturnsOnlyJsonRpcActive(transactions.netServices());
   }
 
+  public Condition netServicesUnauthorized() {
+    return new ExpectUnauthorized(transactions.netServices());
+  }
+
   public Condition netVersion() {
     return new ExpectNetVersionIsNotBlank(transactions.netVersion());
   }
@@ -47,16 +51,8 @@ public Condition netVersionExceptional(final String expectedMessage) {
     return new ExpectNetVersionConnectionException(transactions.netVersion(), expectedMessage);
   }
 
-  public Condition netVersionExceptional(final Class<? extends Throwable> cause) {
-    return new ExpectNetVersionConnectionExceptionWithCause(transactions.netVersion(), cause);
-  }
-
-  public Condition netVersionUnauthorizedExceptional(final String expectedMessage) {
-    return new ExpectNetVersionPermissionException(transactions.netVersion(), expectedMessage);
-  }
-
-  public Condition netVersionUnauthorizedResponse() {
-    return new ExpectNetVersionPermissionJsonRpcUnauthorizedResponse(transactions.netVersion());
+  public Condition netVersionUnauthorized() {
+    return new ExpectUnauthorized(transactions.netVersion());
   }
 
   public Condition awaitPeerCountExceptional() {

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java

@@ -132,6 +132,10 @@ public void startNode(final BesuNode node) {
         params.add("--rpc-http-authentication-credentials-file");
         params.add(node.jsonRpcConfiguration().getAuthenticationCredentialsFile());
       }
+      if (node.jsonRpcConfiguration().getAuthenticationPublicKeyFile() != null) {
+        params.add("--rpc-http-authentication-jwt-public-key-file");
+        params.add(node.jsonRpcConfiguration().getAuthenticationPublicKeyFile().getAbsolutePath());
+      }
     }
 
     if (node.wsRpcEnabled()) {
@@ -149,6 +153,11 @@ public void startNode(final BesuNode node) {
         params.add("--rpc-ws-authentication-credentials-file");
         params.add(node.webSocketConfiguration().getAuthenticationCredentialsFile());
       }
+      if (node.webSocketConfiguration().getAuthenticationPublicKeyFile() != null) {
+        params.add("--rpc-ws-authentication-jwt-public-key-file");
+        params.add(
+            node.webSocketConfiguration().getAuthenticationPublicKeyFile().getAbsolutePath());
+      }
     }
 
     if (node.isMetricsEnabled()) {

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfigurationBuilder.java

@@ -26,6 +26,7 @@
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.genesis.GenesisConfigurationProvider;
 
+import java.io.File;
 import java.net.URISyntaxException;
 import java.nio.file.Paths;
 import java.util.ArrayList;
@@ -114,6 +115,19 @@ public BesuNodeConfigurationBuilder jsonRpcAuthenticationEnabled() throws URISyn
     return this;
   }
 
+  public BesuNodeConfigurationBuilder jsonRpcAuthenticationUsingPublicKeyEnabled()
+      throws URISyntaxException {
+    final File jwtPublicKey =
+        Paths.get(ClassLoader.getSystemResource("authentication/jwt_public_key").toURI())
+            .toAbsolutePath()
+            .toFile();
+
+    this.jsonRpcConfiguration.setAuthenticationEnabled(true);
+    this.jsonRpcConfiguration.setAuthenticationPublicKeyFile(jwtPublicKey);
+
+    return this;
+  }
+
   public BesuNodeConfigurationBuilder webSocketConfiguration(
       final WebSocketConfiguration webSocketConfiguration) {
     this.webSocketConfiguration = webSocketConfiguration;
@@ -130,7 +144,7 @@ public BesuNodeConfigurationBuilder webSocketEnabled() {
     final WebSocketConfiguration config = WebSocketConfiguration.createDefault();
     config.setEnabled(true);
     config.setPort(0);
-    config.setHostsWhitelist(Collections.singleton("*"));
+    config.setHostsWhitelist(Collections.singletonList("*"));
 
     this.webSocketConfiguration = config;
     return this;
@@ -153,6 +167,19 @@ public BesuNodeConfigurationBuilder webSocketAuthenticationEnabled() throws URIS
     return this;
   }
 
+  public BesuNodeConfigurationBuilder webSocketAuthenticationUsingPublicKeyEnabled()
+      throws URISyntaxException {
+    final File jwtPublicKey =
+        Paths.get(ClassLoader.getSystemResource("authentication/jwt_public_key").toURI())
+            .toAbsolutePath()
+            .toFile();
+
+    this.webSocketConfiguration.setAuthenticationEnabled(true);
+    this.webSocketConfiguration.setAuthenticationPublicKeyFile(jwtPublicKey);
+
+    return this;
+  }
+
   public BesuNodeConfigurationBuilder permissioningConfiguration(
       final PermissioningConfiguration permissioningConfiguration) {
     this.permissioningConfiguration = Optional.of(permissioningConfiguration);

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeFactory.java

@@ -128,24 +128,27 @@ public BesuNode createArchiveNodeNetServicesDisabled(final String name) throws I
             .build());
   }
 
-  public BesuNode createArchiveNodeWithAuthentication(final String name)
+  public BesuNode createNodeWithAuthentication(final String name)
       throws IOException, URISyntaxException {
     return create(
         new BesuNodeConfigurationBuilder()
             .name(name)
             .jsonRpcEnabled()
             .jsonRpcAuthenticationEnabled()
             .webSocketEnabled()
+            .webSocketAuthenticationEnabled()
             .build());
   }
 
-  public BesuNode createArchiveNodeWithAuthenticationOverWebSocket(final String name)
+  public BesuNode createNodeWithAuthenticationUsingJwtPublicKey(final String name)
       throws IOException, URISyntaxException {
     return create(
         new BesuNodeConfigurationBuilder()
             .name(name)
+            .jsonRpcEnabled()
+            .jsonRpcAuthenticationUsingPublicKeyEnabled()
             .webSocketEnabled()
-            .webSocketAuthenticationEnabled()
+            .webSocketAuthenticationUsingPublicKeyEnabled()
             .build());
   }
 

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/transaction/login/LoginDisabledTransaction.java

@@ -0,0 +1,39 @@
+/*
+ * Copyright ConsenSys AG.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+package org.hyperledger.besu.tests.acceptance.dsl.transaction.login;
+
+import static org.assertj.core.api.Fail.fail;
+
+import org.hyperledger.besu.tests.acceptance.dsl.transaction.NodeRequests;
+import org.hyperledger.besu.tests.acceptance.dsl.transaction.Transaction;
+
+import java.io.IOException;
+
+import org.assertj.core.api.Assertions;
+
+public class LoginDisabledTransaction implements Transaction<Void> {
+
+  @Override
+  public Void execute(final NodeRequests node) {
+    try {
+      final String loginResponse = node.login().send("user", "password");
+      Assertions.assertThat(loginResponse).isEqualTo("Authentication not enabled");
+      return null;
+    } catch (final IOException e) {
+      fail("Login request failed with exception: ", e);
+      return null;
+    }
+  }
+}

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/transaction/net/NetServicesTransaction.java

@@ -37,6 +37,9 @@ public Map<String, Map<String, String>> execute(final NodeRequests requestFactor
     } catch (final Exception e) {
       throw new RuntimeException(e);
     }
+    if (netServicesResponse.hasError()) {
+      throw new RuntimeException(netServicesResponse.getError().getMessage());
+    }
     return netServicesResponse.getResult();
   }
 }

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/transaction/net/NetVersionTransaction.java

@@ -30,6 +30,9 @@ public String execute(final NodeRequests node) {
     try {
       final NetVersion result = node.net().netVersion().send();
       assertThat(result).isNotNull();
+      if (result.hasError()) {
+        throw new RuntimeException(result.getError().getMessage());
+      }
       return result.getNetVersion();
     } catch (final Exception e) {
       throw new RuntimeException(e);