Nodes can be organized into private networks, access to which is possible only for the owners of the private key stored by the network user in the form of a certificate.
In order to require key authorization to connect to the chain network, a section [private]
must be added in the network configuration file for each node included in it.
Currently, one type of authorization is available:
type=ca
Currently, three access lists are available, which are activated by the corresponding parameters of the section.
The specified hashes of the public keys for signing the request to the private network will be considered valid to gain access to it.
acl_accept_ca_list=[hash1,hash2,...,hashN]
The hashes of the public keys for signing the request to the private network, the list of which has been previously entered into the specified GDB group, will be considered valid. The list of commands for working with this group is below.
acl_accept_ca_gdb=[GDB_group_name]
Currently, this list is formed from all certificates loaded into the RAM of the node.
acl_accept_ca_chains=all
There are three commands in total.
./cellframe-node-cli net -net <chain net name> ca add {-cert <cert name> | -hash <cert hash>}\n
Example:
./cellframe-node-cli net -net kelvin-testnet ca add -cert mycert
./cellframe-node-cli net -net <chain net name> ca del -hash <cert hash>
Example:
./cellframe-node-cli net -net kelvin-testnet ca del -hash 0xB2D398DF51D63918907350A1729CD063F812A89C04244FFEBBB587E65E1FFBD6
./cellframe-node-cli net -net <chain net name> ca list
Example:
./cellframe-node-cli net -net kelvin-testnet ca list
0xB2D398DF51D63918907350A1729CD063F812A89C04244FFEBBB587E65E1FFBD6
To access a private network, an authorization certificate must be passed to the dap_client_t performing network exchange. This can be done by calling the function dap_client_set_auth_cert(dap_client_t * a_client, dap_cert_t *a_cert)
There is no command interface for this at the time of this writing.