// EXP_PrepareForTx prepares a binding/TXHandler pair to be used in subsequent TX func (d *Devops) EXP_PrepareForTx(ctx context.Context, secret *pb.Secret) (*pb.Response, error) { var sec crypto.Client var err error var txHandler crypto.TransactionHandler var binding []byte if d.isSecurityEnabled { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId) } sec, err = crypto.InitClient(secret.EnrollId, nil) defer crypto.CloseClient(sec) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } devopsLogger.Debug("Getting TXHandler for id: %s", secret.EnrollId) tcertHandler, err := sec.GetTCertificateHandlerNext() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } txHandler, err = tcertHandler.GetTransactionHandler() binding, err = txHandler.GetBinding() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } // Now add to binding map d.bindingMap.addBinding(binding, txHandler) return &pb.Response{Status: pb.Response_SUCCESS, Msg: binding}, nil } devopsLogger.Warning("Security NOT enabled") return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil // TODO: Handle timeout and expiration }
// EXP_GetApplicationTCert retrieves an application TCert for the supplied user func (d *Devops) EXP_GetApplicationTCert(ctx context.Context, secret *pb.Secret) (*pb.Response, error) { var sec crypto.Client var err error if d.isSecurityEnabled { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId) } sec, err = crypto.InitClient(secret.EnrollId, nil) defer crypto.CloseClient(sec) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } devopsLogger.Debug("Getting TCert for id: %s", secret.EnrollId) tcertHandler, err := sec.GetTCertificateHandlerNext() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } certDER := tcertHandler.GetCertificate() return &pb.Response{Status: pb.Response_SUCCESS, Msg: certDER}, nil } devopsLogger.Warning("Security NOT enabled") return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil // TODO: Handle timeout and expiration }
func transferOwnership(owner crypto.Client, ownerCert crypto.CertificateHandler, asset string, newOwnerCert crypto.CertificateHandler) error { // Get a transaction handler to be used to submit the execute transaction // and bind the chaincode access control logic using the binding submittingCertHandler, err := owner.GetTCertificateHandlerNext() if err != nil { return err } txHandler, err := submittingCertHandler.GetTransactionHandler() if err != nil { return err } binding, err := txHandler.GetBinding() if err != nil { return err } chaincodeInput := &pb.ChaincodeInput{Function: "transfer", Args: []string{asset, string(newOwnerCert.GetCertificate())}} chaincodeInputRaw, err := proto.Marshal(chaincodeInput) if err != nil { return err } // Access control. Owner signs chaincodeInputRaw || binding to confirm his identity sigma, err := ownerCert.Sign(append(chaincodeInputRaw, binding...)) if err != nil { return err } // Prepare spec and submit spec := &pb.ChaincodeSpec{ Type: 1, ChaincodeID: &pb.ChaincodeID{Name: "mycc"}, CtorMsg: chaincodeInput, Metadata: sigma, // Proof of identity ConfidentialityLevel: pb.ConfidentialityLevel_PUBLIC, } var ctx = context.Background() chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec} tid := chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name // Now create the Transactions message and send to Peer. transaction, err := txHandler.NewChaincodeExecute(chaincodeInvocationSpec, tid) if err != nil { return fmt.Errorf("Error deploying chaincode: %s ", err) } ledger, err := ledger.GetLedger() ledger.BeginTxBatch("1") _, err = chaincode.Execute(ctx, chaincode.GetChain(chaincode.DefaultChain), transaction) if err != nil { return fmt.Errorf("Error deploying chaincode: %s", err) } ledger.CommitTxBatch("1", []*pb.Transaction{transaction}, nil, nil) return err }
func transferOwnership(owner crypto.Client, ownerCert crypto.CertificateHandler, fromAttributes string, newOwnerCert crypto.CertificateHandler, toAttributes string, amount string) error { // Get a transaction handler to be used to submit the execute transaction // and bind the chaincode access control logic using the binding submittingCertHandler, err := owner.GetTCertificateHandlerNext("role") if err != nil { return err } txHandler, err := submittingCertHandler.GetTransactionHandler() if err != nil { return err } chaincodeInput := &pb.ChaincodeInput{Args: util.ToChaincodeArgs( "transferOwnership", base64.StdEncoding.EncodeToString(ownerCert.GetCertificate()), fromAttributes, base64.StdEncoding.EncodeToString(newOwnerCert.GetCertificate()), toAttributes, amount)} // Prepare spec and submit spec := &pb.ChaincodeSpec{ Type: 1, ChaincodeID: &pb.ChaincodeID{Name: "mycc"}, CtorMsg: chaincodeInput, ConfidentialityLevel: pb.ConfidentialityLevel_PUBLIC, } var ctx = context.Background() chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec} tid := chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name // Now create the Transactions message and send to Peer. transaction, err := txHandler.NewChaincodeExecute(chaincodeInvocationSpec, tid) if err != nil { return fmt.Errorf("Error deploying chaincode: %s ", err) } ledger, err := ledger.GetLedger() ledger.BeginTxBatch("1") _, _, err = chaincode.Execute(ctx, chaincode.GetChain(chaincode.DefaultChain), transaction) if err != nil { return fmt.Errorf("Error deploying chaincode: %s", err) } ledger.CommitTxBatch("1", []*pb.Transaction{transaction}, nil, nil) return err }
func transferOwnershipInternal(owner crypto.Client, ownerCert crypto.CertificateHandler, asset string, newOwnerCert crypto.CertificateHandler) (resp *pb.Response, err error) { // Get a transaction handler to be used to submit the execute transaction // and bind the chaincode access control logic using the binding submittingCertHandler, err := owner.GetTCertificateHandlerNext() if err != nil { return nil, err } txHandler, err := submittingCertHandler.GetTransactionHandler() if err != nil { return nil, err } binding, err := txHandler.GetBinding() if err != nil { return nil, err } chaincodeInput := &pb.ChaincodeInput{ Function: "transfer", Args: []string{asset, base64.StdEncoding.EncodeToString(newOwnerCert.GetCertificate())}, } chaincodeInputRaw, err := proto.Marshal(chaincodeInput) if err != nil { return nil, err } // Access control. Owner signs chaincodeInputRaw || binding to confirm his identity sigma, err := ownerCert.Sign(append(chaincodeInputRaw, binding...)) if err != nil { return nil, err } // Prepare spec and submit spec := &pb.ChaincodeSpec{ Type: 1, ChaincodeID: &pb.ChaincodeID{Name: chaincodeName}, CtorMsg: chaincodeInput, Metadata: sigma, // Proof of identity ConfidentialityLevel: confidentialityLevel, } chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec} // Now create the Transactions message and send to Peer. transaction, err := txHandler.NewChaincodeExecute(chaincodeInvocationSpec, util.GenerateUUID()) if err != nil { return nil, fmt.Errorf("Error deploying chaincode: %s ", err) } return processTransaction(transaction) }
func read(invoker crypto.Client, invokerCert crypto.CertificateHandler) ([]byte, error) { // Get a transaction handler to be used to submit the query transaction // and bind the chaincode access control logic using the binding submittingCertHandler, err := invoker.GetTCertificateHandlerNext() if err != nil { return nil, err } txHandler, err := submittingCertHandler.GetTransactionHandler() if err != nil { return nil, err } binding, err := txHandler.GetBinding() if err != nil { return nil, err } chaincodeInput := &pb.ChaincodeInput{Args: util.ToChaincodeArgs("read")} chaincodeInputRaw, err := proto.Marshal(chaincodeInput) if err != nil { return nil, err } // Access control: // invokerCert signs invokerCert.GetCertificate() || chaincodeInputRaw || binding to confirm his identity sigma, err := invokerCert.Sign(append(invokerCert.GetCertificate(), append(chaincodeInputRaw, binding...)...)) if err != nil { return nil, err } rbacMetadata := RBACMetadata{invokerCert.GetCertificate(), sigma} rbacMetadataRaw, err := asn1.Marshal(rbacMetadata) if err != nil { return nil, err } // Prepare spec and submit spec := &pb.ChaincodeSpec{ Type: 1, ChaincodeID: &pb.ChaincodeID{Name: "mycc"}, CtorMsg: chaincodeInput, Metadata: rbacMetadataRaw, ConfidentialityLevel: pb.ConfidentialityLevel_PUBLIC, } var ctx = context.Background() chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec} tid := chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name // Now create the Transactions message and send to Peer. transaction, err := txHandler.NewChaincodeQuery(chaincodeInvocationSpec, tid) if err != nil { return nil, fmt.Errorf("Error deploying chaincode: %s ", err) } ledger, err := ledger.GetLedger() ledger.BeginTxBatch("1") result, _, err := chaincode.Execute(ctx, chaincode.GetChain(chaincode.DefaultChain), transaction) if err != nil { return nil, fmt.Errorf("Error deploying chaincode: %s", err) } ledger.CommitTxBatch("1", []*pb.Transaction{transaction}, nil, nil) return result, err }