// EXP_GetApplicationTCert retrieves an application TCert for the supplied user func (d *Devops) EXP_GetApplicationTCert(ctx context.Context, secret *pb.Secret) (*pb.Response, error) { var sec crypto.Client var err error if d.isSecurityEnabled { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId) } sec, err = crypto.InitClient(secret.EnrollId, nil) defer crypto.CloseClient(sec) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } devopsLogger.Debug("Getting TCert for id: %s", secret.EnrollId) tcertHandler, err := sec.GetTCertificateHandlerNext() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } certDER := tcertHandler.GetCertificate() return &pb.Response{Status: pb.Response_SUCCESS, Msg: certDER}, nil } devopsLogger.Warning("Security NOT enabled") return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil // TODO: Handle timeout and expiration }
// EXP_PrepareForTx prepares a binding/TXHandler pair to be used in subsequent TX func (d *Devops) EXP_PrepareForTx(ctx context.Context, secret *pb.Secret) (*pb.Response, error) { var sec crypto.Client var err error var txHandler crypto.TransactionHandler var binding []byte if d.isSecurityEnabled { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId) } sec, err = crypto.InitClient(secret.EnrollId, nil) defer crypto.CloseClient(sec) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } devopsLogger.Debug("Getting TXHandler for id: %s", secret.EnrollId) tcertHandler, err := sec.GetTCertificateHandlerNext() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } txHandler, err = tcertHandler.GetTransactionHandler() binding, err = txHandler.GetBinding() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } // Now add to binding map d.bindingMap.addBinding(binding, txHandler) return &pb.Response{Status: pb.Response_SUCCESS, Msg: binding}, nil } devopsLogger.Warning("Security NOT enabled") return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil // TODO: Handle timeout and expiration }
func createTransaction(invokeTx bool, spec *pb.ChaincodeInvocationSpec, uuid string) (*pb.Transaction, error) { var tx *pb.Transaction var err error var sec crypto.Client if nil != sec { sec, err = crypto.InitClient(spec.ChaincodeSpec.SecureContext, nil) defer crypto.CloseClient(sec) if nil != err { return nil, err } if invokeTx { tx, err = sec.NewChaincodeExecute(spec, uuid) } else { tx, err = sec.NewChaincodeQuery(spec, uuid) } if nil != err { return nil, err } } else { var t pb.Transaction_Type if invokeTx { t = pb.Transaction_CHAINCODE_INVOKE } else { t = pb.Transaction_CHAINCODE_QUERY } tx, err = pb.NewChaincodeExecute(spec, uuid, t) if nil != err { return nil, err } } return tx, nil }
// Deploy deploys the supplied chaincode image to the validators through a transaction func (d *Devops) Deploy(ctx context.Context, spec *pb.ChaincodeSpec) (*pb.ChaincodeDeploymentSpec, error) { // get the deployment spec chaincodeDeploymentSpec, err := d.getChaincodeBytes(ctx, spec) if err != nil { devopsLogger.Error(fmt.Sprintf("Error deploying chaincode spec: %v\n\n error: %s", spec, err)) return nil, err } // Now create the Transactions message and send to Peer. transID := chaincodeDeploymentSpec.ChaincodeSpec.ChaincodeID.Name var tx *pb.Transaction var sec crypto.Client if peer.SecurityEnabled() { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debugf("Initializing secure devops using context %s", spec.SecureContext) } sec, err = crypto.InitClient(spec.SecureContext, nil) defer crypto.CloseClient(sec) // remove the security context since we are no longer need it down stream spec.SecureContext = "" if nil != err { return nil, err } if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debugf("Creating secure transaction %s", transID) } tx, err = sec.NewChaincodeDeployTransaction(chaincodeDeploymentSpec, transID, spec.Attributes...) if nil != err { return nil, err } } else { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debugf("Creating deployment transaction (%s)", transID) } tx, err = pb.NewChaincodeDeployTransaction(chaincodeDeploymentSpec, transID) if err != nil { return nil, fmt.Errorf("Error deploying chaincode: %s ", err) } } if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debugf("Sending deploy transaction (%s) to validator", tx.Uuid) } resp := d.coord.ExecuteTransaction(tx) if resp.Status == pb.Response_FAILURE { err = fmt.Errorf(string(resp.Msg)) } return chaincodeDeploymentSpec, err }
func (d *Devops) invokeOrQuery(ctx context.Context, chaincodeInvocationSpec *pb.ChaincodeInvocationSpec, attributes []string, invoke bool) (*pb.Response, error) { if chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name == "" { return nil, fmt.Errorf("name not given for invoke/query") } // Now create the Transactions message and send to Peer. var customIDgenAlg = strings.ToLower(chaincodeInvocationSpec.IdGenerationAlg) var id string var generr error if customIDgenAlg != "" { id, generr = util.GenerateIDWithAlg(customIDgenAlg, chaincodeInvocationSpec.ChaincodeSpec.CtorMsg.Args[0]) if generr != nil { return nil, generr } } else { id = util.GenerateUUID() } devopsLogger.Infof("Transaction ID: %v", id) var transaction *pb.Transaction var err error var sec crypto.Client if peer.SecurityEnabled() { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debugf("Initializing secure devops using context %s", chaincodeInvocationSpec.ChaincodeSpec.SecureContext) } sec, err = crypto.InitClient(chaincodeInvocationSpec.ChaincodeSpec.SecureContext, nil) defer crypto.CloseClient(sec) // remove the security context since we are no longer need it down stream chaincodeInvocationSpec.ChaincodeSpec.SecureContext = "" if nil != err { return nil, err } } transaction, err = d.createExecTx(chaincodeInvocationSpec, attributes, id, invoke, sec) if err != nil { return nil, err } if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debugf("Sending invocation transaction (%s) to validator", transaction.Uuid) } resp := d.coord.ExecuteTransaction(transaction) if resp.Status == pb.Response_FAILURE { err = fmt.Errorf(string(resp.Msg)) } else { if !invoke && nil != sec && viper.GetBool("security.privacy") { if resp.Msg, err = sec.DecryptQueryResult(transaction, resp.Msg); nil != err { devopsLogger.Errorf("Failed decrypting query transaction result %s", string(resp.Msg[:])) //resp = &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())} } } } return resp, err }
// EXP_ProduceSigma produces a sigma as []byte and returns in response func (d *Devops) EXP_ProduceSigma(ctx context.Context, sigmaInput *pb.SigmaInput) (*pb.Response, error) { var sec crypto.Client var err error var sigma []byte secret := sigmaInput.Secret type RBACMetatdata struct { Cert []byte Sigma []byte } if d.isSecurityEnabled { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId) } sec, err = crypto.InitClient(secret.EnrollId, nil) defer crypto.CloseClient(sec) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } devopsLogger.Debug("Getting TCertHandler for id: %s, from DER = %s", secret.EnrollId, sigmaInput.AppTCert) tcertHandler, err := sec.GetTCertificateHandlerFromDER(sigmaInput.AppTCert) //tcertHandler, err := sec.GetTCertificateHandlerNext() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(fmt.Errorf("Error getting TCertHandler from DER: %s", err).Error())}, nil } tcert := sigmaInput.AppTCert //tcertHandler.GetCertificate() sigma, err = tcertHandler.Sign(append(tcert, sigmaInput.Data...)) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(fmt.Errorf("Error signing with TCertHandler from DER: %s", err).Error())}, nil } // Produce the SigmaOutput asn1Encoding, err := asn1.Marshal(RBACMetatdata{Cert: tcert, Sigma: sigma}) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } sigmaOutput := &pb.SigmaOutput{Tcert: tcert, Sigma: sigma, Asn1Encoding: asn1Encoding} sigmaOutputBytes, err := proto.Marshal(sigmaOutput) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } return &pb.Response{Status: pb.Response_SUCCESS, Msg: sigmaOutputBytes}, nil } devopsLogger.Warning("Security NOT enabled") return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil }
func createDeployTransaction(dspec *pb.ChaincodeDeploymentSpec, uuid string) (*pb.Transaction, error) { var tx *pb.Transaction var err error var sec crypto.Client if dspec.ChaincodeSpec.SecureContext != "" { sec, err = crypto.InitClient(dspec.ChaincodeSpec.SecureContext, nil) defer crypto.CloseClient(sec) if nil != err { return nil, err } tx, err = sec.NewChaincodeDeployTransaction(dspec, uuid) if nil != err { return nil, err } } else { tx, err = pb.NewChaincodeDeployTransaction(dspec, uuid) if err != nil { return nil, fmt.Errorf("Error deploying chaincode: %s ", err) } } return tx, nil }
func closeCryptoClient(client crypto.Client) { crypto.CloseClient(client) }