[release/4.x] Cherry pick: Make GenesisGenerator methods static (#5333

) (#5741)

src/enclave/enclave.h

@@ -44,7 +44,6 @@ namespace ccf
     std::unique_ptr<oversized::WriterFactory> writer_factory;
     RingbufferLogger* ringbuffer_logger = nullptr;
     ccf::NetworkState network;
-    ccf::ShareManager share_manager;
     std::shared_ptr<RPCMap> rpc_map;
     std::shared_ptr<RPCSessions> rpcsessions;
     std::unique_ptr<ccf::NodeState> node;
@@ -91,7 +90,6 @@ namespace ccf
       writer_factory(std::move(writer_factory_)),
       ringbuffer_logger(ringbuffer_logger_),
       network(),
-      share_manager(network),
       rpc_map(std::make_shared<RPCMap>()),
       rpcsessions(std::make_shared<RPCSessions>(*writer_factory, rpc_map))
     {
@@ -126,7 +124,7 @@ namespace ccf
 
       LOG_TRACE_FMT("Creating node");
       node = std::make_unique<ccf::NodeState>(
-        *writer_factory, network, rpcsessions, share_manager, curve_id);
+        *writer_factory, network, rpcsessions, curve_id);
 
       LOG_TRACE_FMT("Creating context");
       context = std::make_unique<NodeContext>(node->get_node_id());
@@ -168,8 +166,7 @@ namespace ccf
 
       LOG_TRACE_FMT("Creating RPC actors / ffi");
       rpc_map->register_frontend<ccf::ActorsType::members>(
-        std::make_unique<ccf::MemberRpcFrontend>(
-          network, *context, share_manager));
+        std::make_unique<ccf::MemberRpcFrontend>(network, *context));
 
       rpc_map->register_frontend<ccf::ActorsType::users>(
         std::make_unique<ccf::UserRpcFrontend>(

src/indexing/test/indexing.cpp

@@ -257,11 +257,7 @@ kv::Version rekey(
   kv::Store& kv_store,
   const std::shared_ptr<ccf::LedgerSecrets>& ledger_secrets)
 {
-  // This isn't really used, but is needed for ShareManager, so can be recreated
-  // each time here
-  ccf::NetworkState network;
-  network.ledger_secrets = ledger_secrets;
-  ccf::ShareManager share_manager(network);
+  ccf::ShareManager share_manager(ledger_secrets);
 
   auto tx = kv_store.create_tx();
   auto new_ledger_secret = ccf::make_ledger_secret();

src/node/node_state.h

@@ -37,7 +37,7 @@
 #include "rpc/frontend.h"
 #include "rpc/serialization.h"
 #include "secret_broadcast.h"
-#include "service/genesis_gen.h"
+#include "service/internal_tables_access.h"
 #include "share_manager.h"
 #include "uvm_endorsements.h"
 
@@ -134,7 +134,7 @@ namespace ccf
     std::shared_ptr<kv::TxHistory> history;
     std::shared_ptr<kv::AbstractTxEncryptor> encryptor;
 
-    ShareManager& share_manager;
+    ShareManager share_manager;
     std::shared_ptr<Snapshotter> snapshotter;
 
     //
@@ -224,7 +224,6 @@ namespace ccf
       ringbuffer::AbstractWriterFactory& writer_factory,
       NetworkState& network,
       std::shared_ptr<RPCSessions> rpcsessions,
-      ShareManager& share_manager,
       crypto::CurveID curve_id_) :
       sm("NodeState", NodeStartupState::uninitialized),
       curve_id(curve_id_),
@@ -235,7 +234,7 @@ namespace ccf
       to_host(writer_factory.create_writer_to_outside()),
       network(network),
       rpcsessions(rpcsessions),
-      share_manager(share_manager)
+      share_manager(network.ledger_secrets)
     {}
 
     QuoteVerificationResult verify_quote(
@@ -1184,14 +1183,13 @@ namespace ccf
 
         // Clear recovery shares that were submitted to initiate the recovery
         // procedure
-        share_manager.clear_submitted_recovery_shares(tx);
+        ShareManager::clear_submitted_recovery_shares(tx);
 
         // Shares for the new ledger secret can only be issued now, once the
         // previous ledger secrets have been recovered
         share_manager.issue_recovery_shares(tx);
 
-        GenesisGenerator g(network, tx);
-        if (!g.open_service())
+        if (!InternalTablesAccess::open_service(tx))
         {
           throw std::logic_error("Service could not be opened");
         }
@@ -1493,7 +1491,7 @@ namespace ccf
       {
         // If the node is in public mode, start accepting member recovery
         // shares
-        share_manager.clear_submitted_recovery_shares(tx);
+        ShareManager::clear_submitted_recovery_shares(tx);
         service_info->status = ServiceStatus::WAITING_FOR_RECOVERY_SHARES;
         service->put(service_info.value());
         return;
@@ -1513,8 +1511,7 @@ namespace ccf
             fmt::format("Failed to issue recovery shares: {}", e.what()));
         }
 
-        GenesisGenerator g(network, tx);
-        g.open_service();
+        InternalTablesAccess::open_service(tx);
         trigger_snapshot(tx);
         return;
       }
@@ -1716,8 +1713,10 @@ namespace ccf
       // startup of the first recovery node
       // - On recovery, historical ledger secrets can only be looked up in the
       // ledger once all ledger secrets have been restored
-      GenesisGenerator g(network, tx);
-      if (g.get_service_status().value() != ServiceStatus::OPEN)
+      const auto service_status = InternalTablesAccess::get_service_status(tx);
+      if (
+        !service_status.has_value() ||
+        service_status.value() != ServiceStatus::OPEN)
       {
         LOG_FAIL_FMT("Cannot rekey ledger while the service is not open");
         return false;

src/node/rpc/member_frontend.h

@@ -23,7 +23,7 @@
 #include "node/rpc/serialization.h"
 #include "node/share_manager.h"
 #include "node_interface.h"
-#include "service/genesis_gen.h"
+#include "service/internal_tables_access.h"
 #include "service/tables/config.h"
 #include "service/tables/endpoints.h"
 
@@ -560,16 +560,14 @@ namespace ccf
     }
 
     NetworkState& network;
-    ShareManager& share_manager;
+    ShareManager share_manager;
 
   public:
     MemberEndpoints(
-      NetworkState& network_,
-      ccfapp::AbstractNodeContext& context_,
-      ShareManager& share_manager_) :
+      NetworkState& network_, ccfapp::AbstractNodeContext& context_) :
       CommonEndpointRegistry(get_actor_prefix(ActorsType::members), context_),
       network(network_),
-      share_manager(share_manager_)
+      share_manager(network_.ledger_secrets)
     {
       openapi_info.title = "CCF Governance API";
       openapi_info.description =
@@ -706,10 +704,9 @@ namespace ccf
         }
 
         // update member status to ACTIVE
-        GenesisGenerator g(this->network, ctx.tx);
         try
         {
-          g.activate_member(member_id.value());
+          InternalTablesAccess::activate_member(ctx.tx, member_id.value());
         }
         catch (const std::logic_error& e)
         {
@@ -721,7 +718,7 @@ namespace ccf
           return;
         }
 
-        auto service_status = g.get_service_status();
+        auto service_status = InternalTablesAccess::get_service_status(ctx.tx);
         if (!service_status.has_value())
         {
           set_gov_error(
@@ -736,7 +733,7 @@ namespace ccf
         auto member_info = members->get(member_id.value());
         if (
           service_status.value() == ServiceStatus::OPEN &&
-          g.is_recovery_member(member_id.value()))
+          InternalTablesAccess::is_recovery_member(ctx.tx, member_id.value()))
         {
           // When the service is OPEN and the new active member is a recovery
           // member, all recovery members are allocated new recovery shares
@@ -948,9 +945,9 @@ namespace ccf
           cose_auth_id ? cose_auth_id->content :
                          ctx.rpc_ctx->get_request_body());
 
-        GenesisGenerator g(this->network, ctx.tx);
         if (
-          g.get_service_status() != ServiceStatus::WAITING_FOR_RECOVERY_SHARES)
+          InternalTablesAccess::get_service_status(ctx.tx) !=
+          ServiceStatus::WAITING_FOR_RECOVERY_SHARES)
         {
           set_gov_error(
             ctx.rpc_ctx,
@@ -1001,14 +998,16 @@ namespace ccf
         }
         OPENSSL_cleanse(raw_recovery_share.data(), raw_recovery_share.size());
 
-        if (submitted_shares_count < g.get_recovery_threshold())
+        if (
+          submitted_shares_count <
+          InternalTablesAccess::get_recovery_threshold(ctx.tx))
         {
           // The number of shares required to re-assemble the secret has not yet
           // been reached
           auto recovery_share = SubmitRecoveryShare::Out{fmt::format(
             "{}/{} recovery shares successfully submitted.",
             submitted_shares_count,
-            g.get_recovery_threshold())};
+            InternalTablesAccess::get_recovery_threshold(ctx.tx))};
           ctx.rpc_ctx->set_response_header(
             http::headers::CONTENT_TYPE, http::headervalues::contenttype::JSON);
           ctx.rpc_ctx->set_response_body(nlohmann::json(recovery_share).dump());
@@ -1017,7 +1016,8 @@ namespace ccf
         }
 
         GOV_DEBUG_FMT(
-          "Reached recovery threshold {}", g.get_recovery_threshold());
+          "Reached recovery threshold {}",
+          InternalTablesAccess::get_recovery_threshold(ctx.tx));
 
         try
         {
@@ -1030,7 +1030,7 @@ namespace ccf
           constexpr auto error_msg = "Failed to initiate private recovery.";
           GOV_FAIL_FMT(error_msg);
           GOV_DEBUG_FMT("Error: {}", e.what());
-          share_manager.clear_submitted_recovery_shares(ctx.tx);
+          ShareManager::clear_submitted_recovery_shares(ctx.tx);
           ctx.rpc_ctx->set_apply_writes(true);
           set_gov_error(
             ctx.rpc_ctx,
@@ -1044,7 +1044,7 @@ namespace ccf
           "{}/{} recovery shares successfully submitted. End of recovery "
           "procedure initiated.",
           submitted_shares_count,
-          g.get_recovery_threshold())};
+          InternalTablesAccess::get_recovery_threshold(ctx.tx))};
         ctx.rpc_ctx->set_response_header(
           http::headers::CONTENT_TYPE, http::headervalues::contenttype::JSON);
         ctx.rpc_ctx->set_response_body(nlohmann::json(recovery_share).dump());
@@ -1853,11 +1853,9 @@ namespace ccf
 
   public:
     MemberRpcFrontend(
-      NetworkState& network,
-      ccfapp::AbstractNodeContext& context,
-      ShareManager& share_manager) :
+      NetworkState& network, ccfapp::AbstractNodeContext& context) :
       RpcFrontend(*network.tables, member_endpoints, context),
-      member_endpoints(network, context, share_manager)
+      member_endpoints(network, context)
     {}
   };
 } // namespace ccf

src/node/rpc/node_frontend.h

@@ -22,7 +22,7 @@
 #include "node/rpc/serialization.h"
 #include "node/session_metrics.h"
 #include "node_interface.h"
-#include "service/genesis_gen.h"
+#include "service/internal_tables_access.h"
 #include "service/tables/previous_service_identity.h"
 
 namespace ccf
@@ -1464,20 +1464,19 @@ namespace ccf
 
         const auto in = params.get<CreateNetworkNodeToNode::In>();
 
-        GenesisGenerator g(this->network, ctx.tx);
-        if (g.is_service_created(in.service_cert))
+        if (InternalTablesAccess::is_service_created(ctx.tx, in.service_cert))
         {
           return make_error(
             HTTP_STATUS_FORBIDDEN,
             ccf::errors::InternalError,
             "Service is already created.");
         }
 
-        g.create_service(
-          in.service_cert, in.create_txid, in.service_data, recovering);
+        InternalTablesAccess::create_service(
+          ctx.tx, in.service_cert, in.create_txid, in.service_data, recovering);
 
         // Retire all nodes, in case there are any (i.e. post recovery)
-        g.retire_active_nodes();
+        InternalTablesAccess::retire_active_nodes(ctx.tx);
 
         // Genesis transaction (i.e. not after recovery)
         if (in.genesis_info.has_value())
@@ -1487,11 +1486,13 @@ namespace ccf
           // recovery member is added before the service is opened.
           for (const auto& info : in.genesis_info->members)
           {
-            g.add_member(info);
+            InternalTablesAccess::add_member(ctx.tx, info);
           }
 
-          g.init_configuration(in.genesis_info->service_configuration);
-          g.set_constitution(in.genesis_info->constitution);
+          InternalTablesAccess::init_configuration(
+            ctx.tx, in.genesis_info->service_configuration);
+          InternalTablesAccess::set_constitution(
+            ctx.tx, in.genesis_info->constitution);
         }
         else
         {
@@ -1518,21 +1519,24 @@ namespace ccf
           in.certificate_signing_request,
           in.public_key,
           in.node_data};
-        g.add_node(in.node_id, node_info);
+        InternalTablesAccess::add_node(ctx.tx, in.node_id, node_info);
         if (
           in.quote_info.format != QuoteFormat::amd_sev_snp_v1 ||
           !in.snp_uvm_endorsements.has_value())
         {
           // For improved serviceability on SNP, do not record trusted
           // measurements if UVM endorsements are available
-          g.trust_node_measurement(in.measurement, in.quote_info.format);
+          InternalTablesAccess::trust_node_measurement(
+            ctx.tx, in.measurement, in.quote_info.format);
         }
         if (in.quote_info.format == QuoteFormat::amd_sev_snp_v1)
         {
           auto host_data =
             AttestationProvider::get_host_data(in.quote_info).value();
-          g.trust_node_host_data(host_data, in.snp_security_policy);
-          g.trust_node_uvm_endorsements(in.snp_uvm_endorsements);
+          InternalTablesAccess::trust_node_host_data(
+            ctx.tx, host_data, in.snp_security_policy);
+          InternalTablesAccess::trust_node_uvm_endorsements(
+            ctx.tx, in.snp_uvm_endorsements);
         }
 
         LOG_INFO_FMT("Created service");