Remove P2P TLS (experimental) feature (#7942)

Author: macfarla

CHANGELOG.md

@@ -4,6 +4,7 @@
 
 ### Breaking Changes
 - Removed Retesteth rpc service and commands [#7833](https://github.com/hyperledger/besu/pull/7783)
+- TLS for P2P (early access feature) has been removed [#7942](https://github.com/hyperledger/besu/pull/7942)
 - With the upgrade of the Prometheus Java Metrics library, there are the following changes:
   - Gauge names are not allowed to end with `total`, therefore the metric `besu_blockchain_difficulty_total` is losing the `_total` suffix
   - The `_created` timestamps are not returned by default, you can set the env var `BESU_OPTS="-Dio.prometheus.exporter.includeCreatedTimestamps=true"` to enable them

acceptance-tests/dsl/build.gradle

@@ -18,8 +18,6 @@ dependencies {
   implementation project(':ethereum:permissioning')
   implementation project(':ethereum:rlp')
   implementation project(':metrics:core')
-  implementation project(':pki')
-  implementation project(path: ':pki', configuration: 'testArtifacts')
   implementation project(':plugin-api')
   implementation project(':plugins:rocksdb')
   implementation project(':services:kvstore')

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/BesuNode.java

@@ -32,7 +32,6 @@
 import org.hyperledger.besu.ethereum.core.Util;
 import org.hyperledger.besu.ethereum.eth.transactions.TransactionPoolConfiguration;
 import org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration;
-import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
@@ -96,7 +95,6 @@ public class BesuNode implements NodeConfiguration, RunnableNode, AutoCloseable
   private final Properties portsProperties = new Properties();
   private final Boolean p2pEnabled;
   private final int p2pPort;
-  private final Optional<TLSConfiguration> tlsConfiguration;
   private final NetworkingConfiguration networkingConfiguration;
   private final boolean revertReasonEnabled;
 
@@ -156,7 +154,6 @@ public BesuNode(
       final GenesisConfigurationProvider genesisConfigProvider,
       final boolean p2pEnabled,
       final int p2pPort,
-      final Optional<TLSConfiguration> tlsConfiguration,
       final NetworkingConfiguration networkingConfiguration,
       final boolean discoveryEnabled,
       final boolean bootnodeEligible,
@@ -207,7 +204,6 @@ public BesuNode(
     this.network = network;
     this.p2pEnabled = p2pEnabled;
     this.p2pPort = p2pPort;
-    this.tlsConfiguration = tlsConfiguration;
     this.networkingConfiguration = networkingConfiguration;
     this.discoveryEnabled = discoveryEnabled;
     this.bootnodeEligible = bootnodeEligible;
@@ -659,10 +655,6 @@ public boolean isP2pEnabled() {
     return p2pEnabled;
   }
 
-  public Optional<TLSConfiguration> getTLSConfiguration() {
-    return tlsConfiguration;
-  }
-
   public NetworkingConfiguration getNetworkingConfiguration() {
     return networkingConfiguration;
   }

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ProcessBesuNodeRunner.java

@@ -22,7 +22,6 @@
 import org.hyperledger.besu.cli.options.storage.DataStorageOptions;
 import org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcConfiguration;
 import org.hyperledger.besu.ethereum.eth.transactions.ImmutableTransactionPoolConfiguration;
-import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
 import org.hyperledger.besu.plugin.services.metrics.MetricCategory;
@@ -365,26 +364,6 @@ private List<String> commandlineArgs(final BesuNode node, final Path dataDir) {
       final List<String> networkConfigParams =
           NetworkingOptions.fromConfig(node.getNetworkingConfiguration()).getCLIOptions();
       params.addAll(networkConfigParams);
-      if (node.getTLSConfiguration().isPresent()) {
-        final TLSConfiguration config = node.getTLSConfiguration().get();
-        params.add("--Xp2p-tls-enabled");
-        params.add("--Xp2p-tls-keystore-type");
-        params.add(config.getKeyStoreType());
-        params.add("--Xp2p-tls-keystore-file");
-        params.add(config.getKeyStorePath().toAbsolutePath().toString());
-        params.add("--Xp2p-tls-keystore-password-file");
-        params.add(config.getKeyStorePasswordPath().toAbsolutePath().toString());
-        params.add("--Xp2p-tls-crl-file");
-        params.add(config.getCrlPath().toAbsolutePath().toString());
-        if (null != config.getTrustStoreType()) {
-          params.add("--Xp2p-tls-truststore-type");
-          params.add(config.getTrustStoreType());
-          params.add("--Xp2p-tls-truststore-file");
-          params.add(config.getTrustStorePath().toAbsolutePath().toString());
-          params.add("--Xp2p-tls-truststore-password-file");
-          params.add(config.getTrustStorePasswordPath().toAbsolutePath().toString());
-        }
-      }
     }
 
     if (node.isRevertReasonEnabled()) {

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/ThreadBesuNodeRunner.java

@@ -197,7 +197,6 @@ public void startNode(final BesuNode node) {
         .permissioningService(permissioningService)
         .metricsConfiguration(node.getMetricsConfiguration())
         .p2pEnabled(node.isP2pEnabled())
-        .p2pTLSConfiguration(node.getTLSConfiguration())
         .graphQLConfiguration(GraphQLConfiguration.createDefault())
         .staticNodes(node.getStaticNodes().stream().map(EnodeURLImpl::fromString).toList())
         .besuPluginContext(besuPluginContext)

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfiguration.java

@@ -25,7 +25,6 @@
 import org.hyperledger.besu.ethereum.core.PrivacyParameters;
 import org.hyperledger.besu.ethereum.eth.transactions.TransactionPoolConfiguration;
 import org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration;
-import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
@@ -56,7 +55,6 @@ public class BesuNodeConfiguration {
   private final GenesisConfigurationProvider genesisConfigProvider;
   private final boolean p2pEnabled;
   private final int p2pPort;
-  private final Optional<TLSConfiguration> tlsConfiguration;
   private final NetworkingConfiguration networkingConfiguration;
   private final boolean discoveryEnabled;
   private final boolean bootnodeEligible;
@@ -95,7 +93,6 @@ public class BesuNodeConfiguration {
       final GenesisConfigurationProvider genesisConfigProvider,
       final boolean p2pEnabled,
       final int p2pPort,
-      final Optional<TLSConfiguration> tlsConfiguration,
       final NetworkingConfiguration networkingConfiguration,
       final boolean discoveryEnabled,
       final boolean bootnodeEligible,
@@ -131,7 +128,6 @@ public class BesuNodeConfiguration {
     this.genesisConfigProvider = genesisConfigProvider;
     this.p2pEnabled = p2pEnabled;
     this.p2pPort = p2pPort;
-    this.tlsConfiguration = tlsConfiguration;
     this.networkingConfiguration = networkingConfiguration;
     this.discoveryEnabled = discoveryEnabled;
     this.bootnodeEligible = bootnodeEligible;
@@ -226,10 +222,6 @@ public int getP2pPort() {
     return p2pPort;
   }
 
-  public Optional<TLSConfiguration> getTLSConfiguration() {
-    return tlsConfiguration;
-  }
-
   public NetworkingConfiguration getNetworkingConfiguration() {
     return networkingConfiguration;
   }

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeConfigurationBuilder.java

@@ -16,9 +16,6 @@
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static java.util.Collections.singletonList;
-import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_JKS;
-import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_PKCS11;
-import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_PKCS12;
 
 import org.hyperledger.besu.cli.config.NetworkName;
 import org.hyperledger.besu.crypto.KeyPair;
@@ -31,20 +28,17 @@
 import org.hyperledger.besu.ethereum.api.jsonrpc.authentication.JwtAlgorithm;
 import org.hyperledger.besu.ethereum.api.jsonrpc.ipc.JsonRpcIpcConfiguration;
 import org.hyperledger.besu.ethereum.api.jsonrpc.websocket.WebSocketConfiguration;
-import org.hyperledger.besu.ethereum.api.tls.FileBasedPasswordProvider;
 import org.hyperledger.besu.ethereum.core.AddressHelpers;
 import org.hyperledger.besu.ethereum.core.ImmutableMiningConfiguration;
 import org.hyperledger.besu.ethereum.core.ImmutableMiningConfiguration.MutableInitValues;
 import org.hyperledger.besu.ethereum.core.MiningConfiguration;
 import org.hyperledger.besu.ethereum.core.PrivacyParameters;
 import org.hyperledger.besu.ethereum.eth.transactions.TransactionPoolConfiguration;
 import org.hyperledger.besu.ethereum.p2p.config.NetworkingConfiguration;
-import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration;
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
 import org.hyperledger.besu.metrics.prometheus.MetricsConfiguration;
 import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.genesis.GenesisConfigurationProvider;
-import org.hyperledger.besu.tests.acceptance.dsl.node.configuration.pki.PKCS11Utils;
 
 import java.io.File;
 import java.net.URISyntaxException;
@@ -84,7 +78,6 @@ public class BesuNodeConfigurationBuilder {
   private GenesisConfigurationProvider genesisConfigProvider = ignore -> Optional.empty();
   private Boolean p2pEnabled = true;
   private int p2pPort = 0;
-  private Optional<TLSConfiguration> tlsConfiguration = Optional.empty();
   private final NetworkingConfiguration networkingConfiguration = NetworkingConfiguration.create();
   private boolean discoveryEnabled = true;
   private boolean bootnodeEligible = true;
@@ -381,64 +374,6 @@ public BesuNodeConfigurationBuilder p2pPort(final int p2pPort) {
     return this;
   }
 
-  private static Path toPath(final String path) throws Exception {
-    return Path.of(BesuNodeConfigurationBuilder.class.getResource(path).toURI());
-  }
-
-  public BesuNodeConfigurationBuilder p2pTLSEnabled(final String name, final String type) {
-    final TLSConfiguration.Builder builder = TLSConfiguration.Builder.tlsConfiguration();
-    try {
-      final String nsspin = "/pki-certs/%s/nsspin.txt";
-      final String truststore = "/pki-certs/%s/truststore.p12";
-      final String crl = "/pki-certs/crl/crl.pem";
-      switch (type) {
-        case KEYSTORE_TYPE_JKS:
-          builder
-              .withKeyStoreType(type)
-              .withKeyStorePath(toPath(String.format("/pki-certs/%s/%<s.jks", name)))
-              .withKeyStorePasswordSupplier(
-                  new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
-              .withKeyStorePasswordPath(toPath(String.format(nsspin, name)))
-              .withTrustStoreType(KEYSTORE_TYPE_PKCS12)
-              .withTrustStorePath(toPath(String.format(truststore, name)))
-              .withTrustStorePasswordSupplier(
-                  new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
-              .withTrustStorePasswordPath(toPath(String.format(nsspin, name)))
-              .withCrlPath(toPath(crl));
-          break;
-        case KEYSTORE_TYPE_PKCS12:
-          builder
-              .withKeyStoreType(type)
-              .withKeyStorePath(toPath(String.format("/pki-certs/%s/%<s.p12", name)))
-              .withKeyStorePasswordSupplier(
-                  new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
-              .withKeyStorePasswordPath(toPath(String.format(nsspin, name)))
-              .withTrustStoreType(KEYSTORE_TYPE_PKCS12)
-              .withTrustStorePath(toPath(String.format(truststore, name)))
-              .withTrustStorePasswordSupplier(
-                  new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
-              .withTrustStorePasswordPath(toPath(String.format(nsspin, name)))
-              .withCrlPath(toPath(crl));
-          break;
-        case KEYSTORE_TYPE_PKCS11:
-          builder
-              .withKeyStoreType(type)
-              .withKeyStorePath(
-                  PKCS11Utils.initNSSConfigFile(
-                      toPath(String.format("/pki-certs/%s/nss.cfg", name))))
-              .withKeyStorePasswordSupplier(
-                  new FileBasedPasswordProvider(toPath(String.format(nsspin, name))))
-              .withKeyStorePasswordPath(toPath(String.format(nsspin, name)))
-              .withCrlPath(toPath(crl));
-          break;
-      }
-    } catch (final Exception e) {
-      throw new RuntimeException(e);
-    }
-    this.tlsConfiguration = Optional.of(builder.build());
-    return this;
-  }
-
   public BesuNodeConfigurationBuilder discoveryEnabled(final boolean discoveryEnabled) {
     this.discoveryEnabled = discoveryEnabled;
     return this;
@@ -545,7 +480,6 @@ public BesuNodeConfiguration build() {
         genesisConfigProvider,
         p2pEnabled,
         p2pPort,
-        tlsConfiguration,
         networkingConfiguration,
         discoveryEnabled,
         bootnodeEligible,

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/BesuNodeFactory.java

@@ -25,7 +25,6 @@
 import org.hyperledger.besu.ethereum.permissioning.LocalPermissioningConfiguration;
 import org.hyperledger.besu.ethereum.permissioning.PermissioningConfiguration;
 import org.hyperledger.besu.ethereum.worldstate.DataStorageConfiguration;
-import org.hyperledger.besu.pki.keystore.KeyStoreWrapper;
 import org.hyperledger.besu.plugin.services.storage.DataStorageFormat;
 import org.hyperledger.besu.tests.acceptance.dsl.node.BesuNode;
 import org.hyperledger.besu.tests.acceptance.dsl.node.Node;
@@ -69,7 +68,6 @@ public BesuNode create(final BesuNodeConfiguration config) throws IOException {
         config.getGenesisConfigProvider(),
         config.isP2pEnabled(),
         config.getP2pPort(),
-        config.getTLSConfiguration(),
         config.getNetworkingConfiguration(),
         config.isDiscoveryEnabled(),
         config.isBootnodeEligible(),
@@ -583,7 +581,6 @@ public BesuNode createQbftTLSNodeWithValidators(
         new BesuNodeConfigurationBuilder()
             .name(name)
             .miningEnabled()
-            .p2pTLSEnabled(name, type)
             .jsonRpcConfiguration(node.createJsonRpcWithIbft2EnabledConfig(false))
             .webSocketConfiguration(node.createWebSocketEnabledConfig())
             .devMode(false)
@@ -596,21 +593,6 @@ public BesuNode createQbftTLSNodeWithValidators(
             .build());
   }
 
-  public BesuNode createQbftTLSJKSNodeWithValidators(final String name, final String... validators)
-      throws IOException {
-    return createQbftTLSNodeWithValidators(name, KeyStoreWrapper.KEYSTORE_TYPE_JKS, validators);
-  }
-
-  public BesuNode createQbftTLSPKCS12NodeWithValidators(
-      final String name, final String... validators) throws IOException {
-    return createQbftTLSNodeWithValidators(name, KeyStoreWrapper.KEYSTORE_TYPE_PKCS12, validators);
-  }
-
-  public BesuNode createQbftTLSPKCS11NodeWithValidators(
-      final String name, final String... validators) throws IOException {
-    return createQbftTLSNodeWithValidators(name, KeyStoreWrapper.KEYSTORE_TYPE_PKCS11, validators);
-  }
-
   public BesuNode createQbftNodeWithValidators(final String name, final String... validators)
       throws IOException {
 

acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/node/configuration/pki/PKCS11Utils.java

@@ -34,7 +34,6 @@ dependencies {
   api 'org.slf4j:slf4j-api'
 
   implementation project(':config')
-  implementation project(':pki')
   implementation project(':consensus:clique')
   implementation project(':consensus:common')
   implementation project(':consensus:ibft')