// TransactionPreValidation verifies that the transaction is
// well formed with the respect to the security layer
// prescriptions (i.e. signature verification).
func (peer *peerImpl) TransactionPreValidation(tx *obc.Transaction) (*obc.Transaction, error) {
if !peer.isInitialized {
return nil, utils.ErrNotInitialized
}
peer.node.log.Debug("Pre validating [%s].", tx.String())
peer.node.log.Debug("Tx confdential level [%s].", tx.ConfidentialityLevel.String())
if tx.Cert != nil && tx.Signature != nil {
// Verify the transaction
// 1. Unmarshal cert
cert, err := utils.DERToX509Certificate(tx.Cert)
if err != nil {
peer.node.log.Error("TransactionPreExecution: failed unmarshalling cert [%s] [%s].", err.Error())
return tx, err
}
// TODO: verify cert
// 3. Marshall tx without signature
signature := tx.Signature
tx.Signature = nil
rawTx, err := proto.Marshal(tx)
if err != nil {
peer.node.log.Error("TransactionPreExecution: failed marshaling tx [%s] [%s].", err.Error())
return tx, err
}
tx.Signature = signature
// 2. Verify signature
ok, err := peer.node.verify(cert.PublicKey, rawTx, tx.Signature)
if err != nil {
peer.node.log.Error("TransactionPreExecution: failed marshaling tx [%s] [%s].", err.Error())
return tx, err
}
if !ok {
return tx, utils.ErrInvalidTransactionSignature
}
} else {
if tx.Cert == nil {
return tx, utils.ErrTransactionCertificate
}
if tx.Signature == nil {
return tx, utils.ErrTransactionSignature
}
}
return tx, nil
}
// TransactionPreValidation verifies that the transaction is
// well formed with the respect to the security layer
// prescriptions (i.e. signature verification). If this is the case,
// the method prepares the transaction to be executed.
func (validator *validatorImpl) TransactionPreExecution(tx *obc.Transaction) (*obc.Transaction, error) {
if !validator.isInitialized {
return nil, utils.ErrNotInitialized
}
validator.peer.node.log.Debug("Pre executing [%s].", tx.String())
validator.peer.node.log.Debug("Tx confdential level [%s].", tx.ConfidentialityLevel.String())
switch tx.ConfidentialityLevel {
case obc.ConfidentialityLevel_PUBLIC:
validator.peer.node.log.Debug("Deep cloning.")
// Nothing to do here. Clone tx.
clone, err := validator.deepCloneTransaction(tx)
if err != nil {
validator.peer.node.log.Error("Failed deep cloning [%s].", err.Error())
return nil, err
}
return clone, nil
case obc.ConfidentialityLevel_CONFIDENTIAL:
validator.peer.node.log.Debug("Clone and Decrypt.")
// Clone the transaction and decrypt it
newTx, err := validator.decryptTx(tx)
if err != nil {
validator.peer.node.log.Error("Failed decrypting [%s].", err.Error())
return nil, err
}
// TODO: Validate confidentiality level. Must be the same on tx and newTx.Spec
return newTx, nil
default:
return nil, utils.ErrInvalidConfidentialityLevel
}
}