// ReadCertificate reads a transaction certificate from the TCA. // func (tcap *TCAP) ReadCertificate(ctx context.Context, req *pb.TCertReadReq) (*pb.Cert, error) { Trace.Println("grpc TCAP:ReadCertificate") id := req.Id.Id raw, err := tcap.tca.eca.readCertificate(id, x509.KeyUsageDigitalSignature) if err != nil { return nil, err } cert, err := x509.ParseCertificate(raw) if err != nil { return nil, err } sig := req.Sig req.Sig = nil r, s := big.NewInt(0), big.NewInt(0) r.UnmarshalText(sig.R) s.UnmarshalText(sig.S) hash := sha3.New384() raw, _ = proto.Marshal(req) hash.Write(raw) if ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), r, s) == false { return nil, errors.New("signature does not verify") } raw, err = tcap.tca.readCertificate1(id, req.Ts.Seconds) if err != nil { return nil, err } return &pb.Cert{raw}, nil }
// ReadCertificate reads a transaction certificate from the TCA. // func (tcap *TCAP) ReadCertificate(ctx context.Context, in *pb.TCertReadReq) (*pb.Cert, error) { Trace.Println("grpc TCAP:ReadCertificate") req := in.Req.Id id := in.Id.Id if req != id && tcap.tca.eca.readRole(req)&(int(pb.Role_VALIDATOR)|int(pb.Role_AUDITOR)) == 0 { return nil, errors.New("access denied") } raw, err := tcap.tca.eca.readCertificate(req, x509.KeyUsageDigitalSignature) if err != nil { return nil, err } cert, err := x509.ParseCertificate(raw) if err != nil { return nil, err } sig := in.Sig in.Sig = nil r, s := big.NewInt(0), big.NewInt(0) r.UnmarshalText(sig.R) s.UnmarshalText(sig.S) hash := sha3.New384() raw, _ = proto.Marshal(in) hash.Write(raw) if ecdsa.Verify(cert.PublicKey.(*ecdsa.PublicKey), hash.Sum(nil), r, s) == false { return nil, errors.New("signature does not verify") } if in.Ts.Seconds != 0 { raw, err = tcap.tca.readCertificate1(id, in.Ts.Seconds) } else { raw, err = tcap.tca.readCertificateByHash(in.Hash.Hash) } if err != nil { return nil, err } return &pb.Cert{raw}, nil }