fabric-gateway 0.0.1 → 0.3.0

data/lib/fabric/ec_crypto_suite.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+# Adapted from:
+# https://github.com/kirshin/hyperledger-fabric-sdk/blob/95a5a1a37001852312df25946e960a9ff149207e/lib/fabric/crypto_suite.rb
+module Fabric
+  #
+  # Elliptic-curve Crypto Suite using OpenSSL
+  #
+  # @todo missing tests
+  class ECCryptoSuite # rubocop:disable Metrics/ClassLength
+    DEFAULT_KEY_SIZE = 256
+    DEFAULT_DIGEST_ALGORITHM = 'SHA256'
+    DEFAULT_AES_KEY_SIZE = 128
+
+    EC_CURVES = { 256 => 'prime256v1', 384 => 'secp384r1' }.freeze
+
+    CIPHER = 'aes-256-cbc'
+
+    attr_reader :key_size, :digest_algorithm, :digest_instance, :curve, :cipher
+
+    def initialize(opts = {})
+      @key_size = opts[:key_size] || DEFAULT_KEY_SIZE
+      @digest_algorithm = opts[:digest_algorithm] || DEFAULT_DIGEST_ALGORITHM
+      @digest_instance = OpenSSL::Digest.new digest_algorithm
+      @curve = EC_CURVES[key_size]
+      @cipher = opts[:cipher] || CIPHER
+    end
+
+    def sign(private_key, message)
+      digest = digest message
+      key = pkey_from_private_key private_key
+      signature = key.dsa_sign_asn1 digest
+      sequence = OpenSSL::ASN1.decode signature
+      sequence = prevent_malleability sequence, key.group.order
+
+      sequence.to_der
+    end
+
+    def verify(public_key, message, signature)
+      digest = digest message
+      openssl_pkey = openssl_pkey_from_public_key public_key
+      sequence = OpenSSL::ASN1.decode signature
+      return false unless check_malleability sequence, openssl_pkey.group.order
+
+      openssl_pkey.dsa_verify_asn1(digest, signature)
+    end
+
+    def generate_private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.generate_key!
+
+      key.private_key.to_s(16).downcase
+    end
+
+    def generate_csr(private_key, attrs = [])
+      key = pkey_from_private_key private_key
+
+      req = OpenSSL::X509::Request.new
+      req.public_key = key
+      req.subject = OpenSSL::X509::Name.new attrs
+      req.sign key, @digest_instance
+
+      req
+    end
+
+    def generate_nonce(length = 24)
+      OpenSSL::Random.random_bytes length
+    end
+
+    def hexdigest(message)
+      @digest_instance.hexdigest message
+    end
+
+    def digest(message)
+      @digest_instance.digest message
+    end
+
+    def encode_hex(bytes)
+      bytes.unpack1('H*')
+    end
+
+    def decode_hex(string)
+      [string].pack('H*')
+    end
+
+    def restore_public_key(private_key)
+      private_bn = OpenSSL::BN.new private_key, 16
+      group = OpenSSL::PKey::EC::Group.new curve
+      public_bn = group.generator.mul(private_bn).to_bn
+      public_bn = OpenSSL::PKey::EC::Point.new(group, public_bn).to_bn
+
+      public_bn.to_s(16).downcase
+    end
+
+    def address_from_public_key(public_key)
+      bytes = decode_hex public_key
+      address_bytes = digest(bytes[1..])[-20..]
+
+      encode_hex address_bytes
+    end
+
+    def build_shared_key(private_key, public_key)
+      pkey = pkey_from_private_key private_key
+      public_bn = OpenSSL::BN.new public_key, 16
+      group = OpenSSL::PKey::EC::Group.new curve
+      public_point = OpenSSL::PKey::EC::Point.new group, public_bn
+
+      encode_hex pkey.dh_compute_key(public_point)
+    end
+
+    def encrypt(secret, data)
+      aes = OpenSSL::Cipher.new cipher
+      aes.encrypt
+      aes.key = decode_hex(secret)
+      iv = aes.random_iv
+      aes.iv = iv
+
+      Base64.strict_encode64(iv + aes.update(data) + aes.final)
+    end
+
+    def decrypt(secret, data)
+      return unless data
+
+      encrypted_data = Base64.strict_decode64 data
+      aes = OpenSSL::Cipher.new cipher
+      aes.decrypt
+      aes.key = decode_hex(secret)
+      aes.iv = encrypted_data[0..15]
+      encrypted_data = encrypted_data[16..]
+
+      aes.update(encrypted_data) + aes.final
+    end
+
+    def pkey_pem_from_private_key(private_key)
+      public_key = restore_public_key private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.private_key = OpenSSL::BN.new private_key, 16
+      key.public_key = OpenSSL::PKey::EC::Point.new key.group,
+                                                    OpenSSL::BN.new(public_key, 16)
+
+      pkey = OpenSSL::PKey::EC.new(key.public_key.group)
+      pkey.public_key = key.public_key
+
+      pkey.to_pem
+    end
+
+    def key_from_pem(pem)
+      key = OpenSSL::PKey::EC.new(pem)
+      key.private_key.to_s(16).downcase
+    end
+
+    def pkey_from_x509_certificate(certificate)
+      cert = OpenSSL::X509::Certificate.new(certificate)
+      cert.public_key.public_key.to_bn.to_s(16).downcase
+    end
+
+    def openssl_pkey_from_public_key(public_key)
+      pkey = OpenSSL::PKey::EC.new curve
+      pkey.public_key = OpenSSL::PKey::EC::Point.new(pkey.group, OpenSSL::BN.new(public_key, 16))
+
+      pkey
+    end
+
+    private
+
+    def pkey_from_private_key(private_key)
+      public_key = restore_public_key private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.private_key = OpenSSL::BN.new private_key, 16
+      key.public_key = OpenSSL::PKey::EC::Point.new key.group,
+                                                    OpenSSL::BN.new(public_key, 16)
+
+      key
+    end
+
+    # barely understand this code - this link provides a good explanation:
+    # http://coders-errand.com/malleability-ecdsa-signatures/
+    def prevent_malleability(sequence, order)
+      half_order = order >> 1
+
+      if (half_key = sequence.value[1].value) > half_order
+        sequence.value[1].value = order - half_key
+      end
+
+      sequence
+    end
+
+    # ported from python code, understanding extremely limited.
+    # from what I gather, sequence.value[0] and sequence.value[1]
+    # are the r and s values from the python implementation
+    # https://github.com/hyperledger/fabric-sdk-py/blob/25209f61518873da68d28313582607c29b5bae7d/hfc/util/crypto/crypto.py#L259
+    def check_malleability(sequence, order)
+      half_order = order >> 1
+      sequence.value[1].value <= half_order
+    end
+  end
+end

data/lib/fabric/entities/envelope.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+module Fabric
+  #
+  # Encapsulates an Envelop protobuf message
+  #
+  class Envelope
+    # @return [Common::Envelope] transaction envelope
+    attr_reader :envelope
+
+    #
+    # Creates a new Envelope instance.
+    #
+    # @param [Common::Envelope] envelope
+    #
+    def initialize(envelope)
+      @envelope = envelope
+    end
+
+    #
+    # Checks if the envelope has been signed.
+    #
+    # @return [Boolean] true if the envelope has been signed; otherwise false.
+    #
+    def signed?
+      !envelope.signature.empty?
+    end
+
+    #
+    # The protobuffer serialized form of the envelope payload.
+    #
+    # @return [String] serialized payload
+    #
+    def payload_bytes
+      envelope.payload
+    end
+
+    #
+    # The digest of the payload.
+    #
+    # @return [String] payload digest
+    #
+    def payload_digest
+      Fabric.crypto_suite.digest(envelope.payload)
+    end
+
+    #
+    # Sets the envelope signature.
+    #
+    # @param [String] signature
+    #
+    # @return [Void]
+    #
+    def signature=(signature)
+      envelope.signature = signature
+    end
+
+    def result
+      @result ||= parse_result_from_payload
+    end
+
+    #
+    # Returns the deserialized payload.
+    #
+    # @return [Common::Payload] Envelope payload
+    #
+    def payload
+      @payload ||= Common::Payload.decode(envelope.payload)
+    end
+
+    #
+    # Returns the envelope payload header.
+    #
+    # Envelope => Payload => Header
+    #
+    # @return [Common::Header] Envelope Payload Header
+    #
+    def header
+      raise Fabric::Error, 'Missing header' if payload.header.nil?
+
+      @header ||= payload.header
+    end
+
+    #
+    # Returns the deserialized transaction channel header
+    #
+    # Envelope => Payload => Header => ChannelHeader
+    #
+    # @return [Common::ChannelHeader] envelop payload header channel header
+    #
+    def channel_header
+      @channel_header ||= Common::ChannelHeader.decode(header.channel_header)
+    end
+
+    #
+    # Grabs the channel_name frmo the depths of the envelope.
+    #
+    # @return [String] channel name
+    #
+    def channel_name
+      channel_header.channel_id
+    end
+
+    #
+    # Returns the deserialized transaction
+    #
+    # @return [Protos::Transaction] transaction
+    #
+    def transaction
+      @transaction ||= Protos::Transaction.decode(payload.data)
+    end
+
+    private
+
+    #
+    # Parse the transaction actinos from the payload looking for the transaction result payload.
+    #
+    # @return [String] result payload
+    # @raise [Fabric::Error] if the transaction result payload is not found
+    #
+    def parse_result_from_payload
+      errors = []
+      transaction.actions.each do |action|
+        return parse_result_from_transaction_action(action)
+      rescue Fabric::Error => e
+        errors << e
+      end
+
+      raise Fabric::Error, "No proposal response found: #{errors.inspect}"
+    end
+
+    #
+    # Parse a single transaction action looking for the transaction result payload.
+    #
+    # @param [Protos::TransactionAction] transaction_action
+    #
+    # @return [Payload] transaction result payload
+    # @raise [Fabric::Error] if the endorsed_action is missing or the chaincode response is missing
+    #
+    def parse_result_from_transaction_action(transaction_action)
+      action_payload = Protos::ChaincodeActionPayload.decode(transaction_action.payload)
+      endorsed_action = action_payload.action
+      raise Fabric::Error, 'Missing endorsed action' if endorsed_action.nil?
+
+      response_payload = Protos::ProposalResponsePayload.decode(endorsed_action.proposal_response_payload)
+      chaincode_action = Protos::ChaincodeAction.decode(response_payload.extension)
+      chaincode_response = chaincode_action.response
+      raise Fabric::Error, 'Missing chaincode response' if chaincode_response.nil?
+
+      chaincode_response.payload
+    end
+  end
+end

data/lib/fabric/entities/identity.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'msp/identities_pb'
+require 'base64'
+
+# Adapted from:
+# https://github.com/kirshin/hyperledger-fabric-sdk/blob/95a5a1a37001852312df25946e960a9ff149207e/lib/fabric/identity.rb
+
+module Fabric
+  #
+  # @attr_reader [String] private_key raw private key in hex format
+  # @attr_reader [String] public_key raw public key in hex format
+  # @attr_reader [String] certificate raw certificate in pem format
+  # @attr_reader [String] msp_id MSP (Membership Service Provider) Identifier
+  #
+  class Identity
+    attr_reader :private_key,
+                :public_key,
+                :address, # TODO: possibly unnecessary
+                :crypto_suite
+
+    attr_accessor :certificate, :msp_id
+
+    def initialize(private_key: nil, public_key: nil, certificate: nil, msp_id: nil, crypto_suite: nil)
+      @crypto_suite = crypto_suite || Fabric.crypto_suite
+
+      @private_key = private_key || @crypto_suite.generate_private_key
+      @public_key = public_key || @crypto_suite.restore_public_key(@private_key)
+      @certificate = certificate
+      @msp_id = msp_id
+
+      @address = @crypto_suite.address_from_public_key @public_key
+
+      return unless @certificate
+
+      raise Fabric::Error, 'Key mismatch (public_key or certificate) for identity' unless validate_key_integrity
+    end
+
+    #
+    # Validates that the private_key, public_key, and certificate are valid and match
+    #
+    # @return [boolean] true if valid, false otherwise
+    #
+    def validate_key_integrity
+      cert_pubkey = @crypto_suite.pkey_from_x509_certificate(certificate)
+      priv_pubkey = @crypto_suite.restore_public_key(@private_key)
+
+      @public_key == cert_pubkey && @public_key == priv_pubkey
+    end
+
+    def generate_csr(attrs = [])
+      @crypto_suite.generate_csr private_key, attrs
+    end
+
+    def sign(message)
+      @crypto_suite.sign(private_key, message)
+    end
+
+    def digest(message)
+      @crypto_suite.digest message
+    end
+
+    # TODO: Do we need this?
+    def shared_secret_by(public_key)
+      @crypto_suite.build_shared_key private_key, public_key
+    end
+
+    def as_proto
+      @as_proto ||= Msp::SerializedIdentity.new(mspid: msp_id, id_bytes: certificate)
+    end
+
+    def to_proto
+      @to_proto ||= Msp::SerializedIdentity.new(mspid: msp_id, id_bytes: certificate).to_proto
+    end
+
+    #
+    # Creates a new gateway passing in the current identity
+    #
+    # @param [Fabric::Client] client
+    #
+    # @return [Fabric::Gateway] gateway
+    #
+    def new_gateway(client)
+      Fabric::Gateway.new(self, client)
+    end
+  end
+end

data/lib/fabric/entities/proposal.rb

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+module Fabric
+  #
+  # Proposal represents a transaction proposal that can be sent to peers for endorsement or evaluated as a query.
+  #
+  # Combined ProposalBuilder with Proposal. Utilizing instance variables and functions in proposal seem adaquate enough
+  # to fully create the proposal. ProposalBuilder did not seem like a native ruby design pattern.
+  class Proposal
+    attr_reader :proposed_transaction
+
+    #
+    # Instantiates a new Proposal
+    #
+    # @param [Fabric::ProposedTransaction] proposed_transaction ProposedTransaction container class
+    #
+    def initialize(proposed_transaction)
+      @proposed_transaction = proposed_transaction
+    end
+
+    def contract
+      @proposed_transaction.contract
+    end
+
+    include Fabric::Accessors::Contract
+
+    def transaction_id
+      proposed_transaction.transaction_id
+    end
+
+    #
+    # Returns the proposal message as a protobuf Message object.
+    #
+    # @return [Protos::Proposal|nil] Proposal message
+    #
+    def proposal
+      proposed_transaction.proposal
+    end
+
+    #
+    # Returns the signed proposal
+    #
+    # <rant>
+    # Fabric message naming scheme is a mess:
+    # ProposedTransaction has a Proposal which is a SignedProposal
+    #               which has a Proposal which is a Proposal
+    # so.... which proposal do you want to access? Adding this function for clarity
+    # </rant>
+    #
+    # @return [Protos::SignedProposal|nil] SignedProposal message
+    #
+    def signed_proposal
+      proposed_transaction.proposed_transaction.proposal
+    end
+
+    #
+    # Serialized bytes of the proposal message in proto3 format.
+    #
+    # @return [String] Binary representation of the proposal message.
+    #
+    def to_proto
+      proposed_transaction.to_proto
+    end
+
+    #
+    # Proposal digest which can be utilized for offline signing.
+    # If signing offline, call signature= to set signature once
+    # computed.
+    #
+    # @return [String] raw binary digest of the proposal message.
+    #
+    def digest
+      Fabric.crypto_suite.digest(proposal.to_proto)
+    end
+
+    #
+    # Sets the signature of the signed proposal in the proposed transaction
+    #
+    # @param [String] signature raw byte string signature of the proposal message
+    #                 (should be the signature of the proposed message digest)
+    #
+    def signature=(signature)
+      proposed_transaction.signed_proposal.signature = signature
+    end
+
+    #
+    # Returns the signed proposal signature
+    #
+    # @return [String] Raw byte string signature
+    #
+    def signature
+      proposed_transaction.signed_proposal.signature
+    end
+
+    #
+    # Returns true if the signed proposal has a signature
+    #
+    # @return [Boolean] true|false
+    #
+    def signed?
+      # signature cannot be nil because google protobuf won't let it
+      !proposed_transaction.signed_proposal.signature.empty?
+    end
+
+    #
+    # Utilizes the signer to sign the proposal message if it has not been signed yet.
+    #
+    def sign
+      return if signed?
+
+      self.signature = signer.sign proposal.to_proto
+    end
+
+    #
+    # Evaluate the transaction proposal and obtain its result, without updating the ledger. This runs the transaction
+    # on a peer to obtain a transaction result, but does not submit the endorsed transaction to the orderer to be
+    # committed to the ledger.
+    #
+    # @param [Hash] options gRPC call options @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    #
+    # @return [String] The result returned by the transaction function
+    #
+    def evaluate(options = {})
+      sign
+
+      evaluate_response = client.evaluate(new_evaluate_request, options)
+      evaluate_response.result.payload
+    end
+
+    #
+    # Obtain endorsement for the transaction proposal from sufficient peers to allow it to be committed to the ledger.
+    #
+    # @param [Hash] options gRPC call options @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    #
+    # @return [Fabric::Transaction] An endorsed transaction that can be submitted to the ledger.
+    #
+    def endorse(options = {})
+      sign
+      endorse_response = client.endorse(new_endorse_request, options)
+
+      raise Fabric::Error, 'Missing transaction envelope' if endorse_response.prepared_transaction.nil?
+
+      prepared_transaction = new_prepared_transaction(endorse_response.prepared_transaction)
+
+      Fabric::Transaction.new(network, prepared_transaction)
+    end
+
+    #
+    # Generates an evaluate request from this proposal.
+    #
+    # @return [Gateway::EvaluateRequest] evaluation request with the current proposal
+    #
+    def new_evaluate_request
+      ::Gateway::EvaluateRequest.new(
+        channel_id: network_name,
+        proposed_transaction: signed_proposal,
+        target_organizations: proposed_transaction.endorsing_organizations
+      )
+    end
+
+    #
+    # Creates a new endorse request from this proposal.
+    #
+    # @return [Gateway::EndorseRequest] EndorseRequest protobuf message
+    #
+    def new_endorse_request
+      ::Gateway::EndorseRequest.new(
+        transaction_id: transaction_id,
+        channel_id: network_name,
+        proposed_transaction: signed_proposal,
+        endorsing_organizations: proposed_transaction.endorsing_organizations
+      )
+    end
+
+    #
+    # Creates a new prepared transaction from a transaction envelope.
+    #
+    # @param [Common::Envelope] envelope transaction envelope
+    #
+    # @return [Gateway::PreparedTransaction] prepared transaction protobuf message
+    #
+    def new_prepared_transaction(envelope)
+      ::Gateway::PreparedTransaction.new(
+        transaction_id: transaction_id,
+        envelope: envelope
+      )
+    end
+  end
+end