Ejemplo n.º 1
0
// TransactionPreValidation verifies that the transaction is
// well formed with the respect to the security layer
// prescriptions (i.e. signature verification).
func (peer *peerImpl) TransactionPreValidation(tx *obc.Transaction) (*obc.Transaction, error) {
	if !peer.isInitialized {
		return nil, utils.ErrNotInitialized
	}

	peer.node.log.Debug("Pre validating [%s].", tx.String())
	peer.node.log.Debug("Tx confdential level [%s].", tx.ConfidentialityLevel.String())

	if tx.Cert != nil && tx.Signature != nil {
		// Verify the transaction
		// 1. Unmarshal cert
		cert, err := utils.DERToX509Certificate(tx.Cert)
		if err != nil {
			peer.node.log.Error("TransactionPreExecution: failed unmarshalling cert [%s] [%s].", err.Error())
			return tx, err
		}
		// TODO: verify cert

		// 3. Marshall tx without signature
		signature := tx.Signature
		tx.Signature = nil
		rawTx, err := proto.Marshal(tx)
		if err != nil {
			peer.node.log.Error("TransactionPreExecution: failed marshaling tx [%s] [%s].", err.Error())
			return tx, err
		}
		tx.Signature = signature

		// 2. Verify signature
		ok, err := peer.node.verify(cert.PublicKey, rawTx, tx.Signature)
		if err != nil {
			peer.node.log.Error("TransactionPreExecution: failed marshaling tx [%s] [%s].", err.Error())
			return tx, err
		}

		if !ok {
			return tx, utils.ErrInvalidTransactionSignature
		}
	} else {
		if tx.Cert == nil {
			return tx, utils.ErrTransactionCertificate
		}

		if tx.Signature == nil {
			return tx, utils.ErrTransactionSignature
		}
	}

	return tx, nil
}
Ejemplo n.º 2
0
// TransactionPreValidation verifies that the transaction is
// well formed with the respect to the security layer
// prescriptions (i.e. signature verification). If this is the case,
// the method prepares the transaction to be executed.
func (validator *validatorImpl) TransactionPreExecution(tx *obc.Transaction) (*obc.Transaction, error) {
	if !validator.isInitialized {
		return nil, utils.ErrNotInitialized
	}

	validator.peer.node.log.Debug("Pre executing [%s].", tx.String())
	validator.peer.node.log.Debug("Tx confdential level [%s].", tx.ConfidentialityLevel.String())

	switch tx.ConfidentialityLevel {
	case obc.ConfidentialityLevel_PUBLIC:
		validator.peer.node.log.Debug("Deep cloning.")

		// Nothing to do here. Clone tx.
		clone, err := validator.deepCloneTransaction(tx)
		if err != nil {
			validator.peer.node.log.Error("Failed deep cloning [%s].", err.Error())
			return nil, err
		}

		return clone, nil
	case obc.ConfidentialityLevel_CONFIDENTIAL:
		validator.peer.node.log.Debug("Clone and Decrypt.")

		// Clone the transaction and decrypt it
		newTx, err := validator.decryptTx(tx)
		if err != nil {
			validator.peer.node.log.Error("Failed decrypting [%s].", err.Error())

			return nil, err
		}

		// TODO: Validate confidentiality level. Must be the same on tx and newTx.Spec

		return newTx, nil
	default:
		return nil, utils.ErrInvalidConfidentialityLevel
	}

}