func (validator *validatorImpl) deepCloneAndDecryptTx1_1(tx *obc.Transaction) (*obc.Transaction, error) {
if tx.Nonce == nil || len(tx.Nonce) == 0 {
return nil, errors.New("Failed decrypting payload. Invalid nonce.")
}
// clone tx
clone, err := validator.deepCloneTransaction(tx)
if err != nil {
validator.error("Failed deep cloning [%s].", err.Error())
return nil, err
}
// Derive root key
// client.enrollChainKey is an AES key represented as byte array
enrollChainKey := validator.enrollChainKey.([]byte)
key := utils.HMAC(enrollChainKey, clone.Nonce)
// validator.log.Info("Deriving from ", utils.EncodeBase64(validator.peer.node.enrollChainKey))
// validator.log.Info("Nonce ", utils.EncodeBase64(tx.Nonce))
// validator.log.Info("Derived key ", utils.EncodeBase64(key))
// validator.log.Info("Encrypted Payload ", utils.EncodeBase64(tx.EncryptedPayload))
// validator.log.Info("Encrypted ChaincodeID ", utils.EncodeBase64(tx.EncryptedChaincodeID))
// Decrypt Payload
payloadKey := utils.HMACTruncated(key, []byte{1}, utils.AESKeyLength)
payload, err := utils.CBCPKCS7Decrypt(payloadKey, utils.Clone(clone.Payload))
if err != nil {
validator.error("Failed decrypting payload [%s].", err.Error())
return nil, err
}
clone.Payload = payload
// Decrypt ChaincodeID
chaincodeIDKey := utils.HMACTruncated(key, []byte{2}, utils.AESKeyLength)
chaincodeID, err := utils.CBCPKCS7Decrypt(chaincodeIDKey, utils.Clone(clone.ChaincodeID))
if err != nil {
validator.error("Failed decrypting chaincode [%s].", err.Error())
return nil, err
}
clone.ChaincodeID = chaincodeID
// Decrypt metadata
if len(clone.Metadata) != 0 {
metadataKey := utils.HMACTruncated(key, []byte{3}, utils.AESKeyLength)
metadata, err := utils.CBCPKCS7Decrypt(metadataKey, utils.Clone(clone.Metadata))
if err != nil {
validator.error("Failed decrypting metadata [%s].", err.Error())
return nil, err
}
clone.Metadata = metadata
}
return clone, nil
}
func (ks *keyStore) init(node *nodeImpl, pwd []byte) error {
ks.m.Lock()
defer ks.m.Unlock()
if ks.isOpen {
return utils.ErrKeyStoreAlreadyInitialized
}
ks.node = node
ks.pwd = utils.Clone(pwd)
err := ks.createKeyStoreIfNotExists()
if err != nil {
return err
}
err = ks.openKeyStore()
if err != nil {
return err
}
return nil
}
func (ks *keyStore) init(logger *logging.Logger, conf *configuration, pwd []byte) error {
ks.m.Lock()
defer ks.m.Unlock()
if ks.isOpen {
return utils.ErrKeyStoreAlreadyInitialized
}
ks.log = logger
ks.conf = conf
ks.pwd = utils.Clone(pwd)
err := ks.createKeyStoreIfNotExists()
if err != nil {
return err
}
err = ks.openKeyStore()
if err != nil {
return err
}
return nil
}
// GetBinding returns an Binding to the underlying transaction layer
func (handler *eCertTransactionHandlerImpl) GetBinding() ([]byte, error) {
return utils.Clone(handler.binding), nil
}
// GetCertificate returns the TCert DER
func (handler *eCertHandlerImpl) GetCertificate() []byte {
return utils.Clone(handler.client.node.enrollCert.Raw)
}
// GetCertificate returns the TCert DER
func (handler *tCertHandlerImpl) GetCertificate() []byte {
return utils.Clone(handler.tCert.GetCertificate().Raw)
}
// GetID returns this peer's identifier
func (peer *peerImpl) GetID() []byte {
return utils.Clone(peer.id)
}