// EXP_PrepareForTx prepares a binding/TXHandler pair to be used in subsequent TX
func (d *Devops) EXP_PrepareForTx(ctx context.Context, secret *pb.Secret) (*pb.Response, error) {
var sec crypto.Client
var err error
var txHandler crypto.TransactionHandler
var binding []byte
if d.isSecurityEnabled {
if devopsLogger.IsEnabledFor(logging.DEBUG) {
devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId)
}
sec, err = crypto.InitClient(secret.EnrollId, nil)
defer crypto.CloseClient(sec)
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
devopsLogger.Debug("Getting TXHandler for id: %s", secret.EnrollId)
tcertHandler, err := sec.GetTCertificateHandlerNext()
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
txHandler, err = tcertHandler.GetTransactionHandler()
binding, err = txHandler.GetBinding()
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
// Now add to binding map
d.bindingMap.addBinding(binding, txHandler)
return &pb.Response{Status: pb.Response_SUCCESS, Msg: binding}, nil
}
devopsLogger.Warning("Security NOT enabled")
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil
// TODO: Handle timeout and expiration
}
// EXP_GetApplicationTCert retrieves an application TCert for the supplied user
func (d *Devops) EXP_GetApplicationTCert(ctx context.Context, secret *pb.Secret) (*pb.Response, error) {
var sec crypto.Client
var err error
if d.isSecurityEnabled {
if devopsLogger.IsEnabledFor(logging.DEBUG) {
devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId)
}
sec, err = crypto.InitClient(secret.EnrollId, nil)
defer crypto.CloseClient(sec)
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
devopsLogger.Debug("Getting TCert for id: %s", secret.EnrollId)
tcertHandler, err := sec.GetTCertificateHandlerNext()
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
certDER := tcertHandler.GetCertificate()
return &pb.Response{Status: pb.Response_SUCCESS, Msg: certDER}, nil
}
devopsLogger.Warning("Security NOT enabled")
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil
// TODO: Handle timeout and expiration
}
func transferOwnership(owner crypto.Client, ownerCert crypto.CertificateHandler, asset string, newOwnerCert crypto.CertificateHandler) error {
// Get a transaction handler to be used to submit the execute transaction
// and bind the chaincode access control logic using the binding
submittingCertHandler, err := owner.GetTCertificateHandlerNext()
if err != nil {
return err
}
txHandler, err := submittingCertHandler.GetTransactionHandler()
if err != nil {
return err
}
binding, err := txHandler.GetBinding()
if err != nil {
return err
}
chaincodeInput := &pb.ChaincodeInput{Function: "transfer", Args: []string{asset, string(newOwnerCert.GetCertificate())}}
chaincodeInputRaw, err := proto.Marshal(chaincodeInput)
if err != nil {
return err
}
// Access control. Owner signs chaincodeInputRaw || binding to confirm his identity
sigma, err := ownerCert.Sign(append(chaincodeInputRaw, binding...))
if err != nil {
return err
}
// Prepare spec and submit
spec := &pb.ChaincodeSpec{
Type: 1,
ChaincodeID: &pb.ChaincodeID{Name: "mycc"},
CtorMsg: chaincodeInput,
Metadata: sigma, // Proof of identity
ConfidentialityLevel: pb.ConfidentialityLevel_PUBLIC,
}
var ctx = context.Background()
chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec}
tid := chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name
// Now create the Transactions message and send to Peer.
transaction, err := txHandler.NewChaincodeExecute(chaincodeInvocationSpec, tid)
if err != nil {
return fmt.Errorf("Error deploying chaincode: %s ", err)
}
ledger, err := ledger.GetLedger()
ledger.BeginTxBatch("1")
_, err = chaincode.Execute(ctx, chaincode.GetChain(chaincode.DefaultChain), transaction)
if err != nil {
return fmt.Errorf("Error deploying chaincode: %s", err)
}
ledger.CommitTxBatch("1", []*pb.Transaction{transaction}, nil, nil)
return err
}
func transferOwnership(owner crypto.Client, ownerCert crypto.CertificateHandler, fromAttributes string,
newOwnerCert crypto.CertificateHandler, toAttributes string, amount string) error {
// Get a transaction handler to be used to submit the execute transaction
// and bind the chaincode access control logic using the binding
submittingCertHandler, err := owner.GetTCertificateHandlerNext("role")
if err != nil {
return err
}
txHandler, err := submittingCertHandler.GetTransactionHandler()
if err != nil {
return err
}
chaincodeInput := &pb.ChaincodeInput{Args: util.ToChaincodeArgs(
"transferOwnership",
base64.StdEncoding.EncodeToString(ownerCert.GetCertificate()),
fromAttributes,
base64.StdEncoding.EncodeToString(newOwnerCert.GetCertificate()),
toAttributes,
amount)}
// Prepare spec and submit
spec := &pb.ChaincodeSpec{
Type: 1,
ChaincodeID: &pb.ChaincodeID{Name: "mycc"},
CtorMsg: chaincodeInput,
ConfidentialityLevel: pb.ConfidentialityLevel_PUBLIC,
}
var ctx = context.Background()
chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec}
tid := chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name
// Now create the Transactions message and send to Peer.
transaction, err := txHandler.NewChaincodeExecute(chaincodeInvocationSpec, tid)
if err != nil {
return fmt.Errorf("Error deploying chaincode: %s ", err)
}
ledger, err := ledger.GetLedger()
ledger.BeginTxBatch("1")
_, _, err = chaincode.Execute(ctx, chaincode.GetChain(chaincode.DefaultChain), transaction)
if err != nil {
return fmt.Errorf("Error deploying chaincode: %s", err)
}
ledger.CommitTxBatch("1", []*pb.Transaction{transaction}, nil, nil)
return err
}
func transferOwnershipInternal(owner crypto.Client, ownerCert crypto.CertificateHandler, asset string, newOwnerCert crypto.CertificateHandler) (resp *pb.Response, err error) {
// Get a transaction handler to be used to submit the execute transaction
// and bind the chaincode access control logic using the binding
submittingCertHandler, err := owner.GetTCertificateHandlerNext()
if err != nil {
return nil, err
}
txHandler, err := submittingCertHandler.GetTransactionHandler()
if err != nil {
return nil, err
}
binding, err := txHandler.GetBinding()
if err != nil {
return nil, err
}
chaincodeInput := &pb.ChaincodeInput{
Function: "transfer",
Args: []string{asset, base64.StdEncoding.EncodeToString(newOwnerCert.GetCertificate())},
}
chaincodeInputRaw, err := proto.Marshal(chaincodeInput)
if err != nil {
return nil, err
}
// Access control. Owner signs chaincodeInputRaw || binding to confirm his identity
sigma, err := ownerCert.Sign(append(chaincodeInputRaw, binding...))
if err != nil {
return nil, err
}
// Prepare spec and submit
spec := &pb.ChaincodeSpec{
Type: 1,
ChaincodeID: &pb.ChaincodeID{Name: chaincodeName},
CtorMsg: chaincodeInput,
Metadata: sigma, // Proof of identity
ConfidentialityLevel: confidentialityLevel,
}
chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec}
// Now create the Transactions message and send to Peer.
transaction, err := txHandler.NewChaincodeExecute(chaincodeInvocationSpec, util.GenerateUUID())
if err != nil {
return nil, fmt.Errorf("Error deploying chaincode: %s ", err)
}
return processTransaction(transaction)
}
func read(invoker crypto.Client, invokerCert crypto.CertificateHandler) ([]byte, error) {
// Get a transaction handler to be used to submit the query transaction
// and bind the chaincode access control logic using the binding
submittingCertHandler, err := invoker.GetTCertificateHandlerNext()
if err != nil {
return nil, err
}
txHandler, err := submittingCertHandler.GetTransactionHandler()
if err != nil {
return nil, err
}
binding, err := txHandler.GetBinding()
if err != nil {
return nil, err
}
chaincodeInput := &pb.ChaincodeInput{Args: util.ToChaincodeArgs("read")}
chaincodeInputRaw, err := proto.Marshal(chaincodeInput)
if err != nil {
return nil, err
}
// Access control:
// invokerCert signs invokerCert.GetCertificate() || chaincodeInputRaw || binding to confirm his identity
sigma, err := invokerCert.Sign(append(invokerCert.GetCertificate(), append(chaincodeInputRaw, binding...)...))
if err != nil {
return nil, err
}
rbacMetadata := RBACMetadata{invokerCert.GetCertificate(), sigma}
rbacMetadataRaw, err := asn1.Marshal(rbacMetadata)
if err != nil {
return nil, err
}
// Prepare spec and submit
spec := &pb.ChaincodeSpec{
Type: 1,
ChaincodeID: &pb.ChaincodeID{Name: "mycc"},
CtorMsg: chaincodeInput,
Metadata: rbacMetadataRaw,
ConfidentialityLevel: pb.ConfidentialityLevel_PUBLIC,
}
var ctx = context.Background()
chaincodeInvocationSpec := &pb.ChaincodeInvocationSpec{ChaincodeSpec: spec}
tid := chaincodeInvocationSpec.ChaincodeSpec.ChaincodeID.Name
// Now create the Transactions message and send to Peer.
transaction, err := txHandler.NewChaincodeQuery(chaincodeInvocationSpec, tid)
if err != nil {
return nil, fmt.Errorf("Error deploying chaincode: %s ", err)
}
ledger, err := ledger.GetLedger()
ledger.BeginTxBatch("1")
result, _, err := chaincode.Execute(ctx, chaincode.GetChain(chaincode.DefaultChain), transaction)
if err != nil {
return nil, fmt.Errorf("Error deploying chaincode: %s", err)
}
ledger.CommitTxBatch("1", []*pb.Transaction{transaction}, nil, nil)
return result, err
}