fabric-gateway 0.0.2 → 0.4.0

data/lib/fabric/ec_crypto_suite.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+# Adapted from:
+# https://github.com/kirshin/hyperledger-fabric-sdk/blob/95a5a1a37001852312df25946e960a9ff149207e/lib/fabric/crypto_suite.rb
+module Fabric
+  #
+  # Elliptic-curve Crypto Suite using OpenSSL
+  #
+  # @todo missing tests
+  class ECCryptoSuite # rubocop:disable Metrics/ClassLength
+    DEFAULT_KEY_SIZE = 256
+    DEFAULT_DIGEST_ALGORITHM = 'SHA256'
+    DEFAULT_AES_KEY_SIZE = 128
+
+    EC_CURVES = { 256 => 'prime256v1', 384 => 'secp384r1' }.freeze
+
+    CIPHER = 'aes-256-cbc'
+
+    attr_reader :key_size, :digest_algorithm, :digest_instance, :curve, :cipher
+
+    def initialize(opts = {})
+      @key_size = opts[:key_size] || DEFAULT_KEY_SIZE
+      @digest_algorithm = opts[:digest_algorithm] || DEFAULT_DIGEST_ALGORITHM
+      @digest_instance = OpenSSL::Digest.new digest_algorithm
+      @curve = EC_CURVES[key_size]
+      @cipher = opts[:cipher] || CIPHER
+    end
+
+    def sign(private_key, message)
+      digest = digest message
+      key = pkey_from_private_key private_key
+      signature = key.dsa_sign_asn1 digest
+      sequence = OpenSSL::ASN1.decode signature
+      sequence = prevent_malleability sequence, key.group.order
+
+      sequence.to_der
+    end
+
+    def verify(public_key, message, signature)
+      digest = digest message
+      openssl_pkey = openssl_pkey_from_public_key public_key
+      sequence = OpenSSL::ASN1.decode signature
+      return false unless check_malleability sequence, openssl_pkey.group.order
+
+      openssl_pkey.dsa_verify_asn1(digest, signature)
+    end
+
+    def generate_private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.generate_key!
+
+      key.private_key.to_s(16).downcase
+    end
+
+    def generate_csr(private_key, attrs = [])
+      key = pkey_from_private_key private_key
+
+      req = OpenSSL::X509::Request.new
+      req.public_key = key
+      req.subject = OpenSSL::X509::Name.new attrs
+      req.sign key, @digest_instance
+
+      req
+    end
+
+    def generate_nonce(length = 24)
+      OpenSSL::Random.random_bytes length
+    end
+
+    def hexdigest(message)
+      @digest_instance.hexdigest message
+    end
+
+    def digest(message)
+      @digest_instance.digest message
+    end
+
+    def encode_hex(bytes)
+      bytes.unpack1('H*')
+    end
+
+    def decode_hex(string)
+      [string].pack('H*')
+    end
+
+    def restore_public_key(private_key)
+      private_bn = OpenSSL::BN.new private_key, 16
+      group = OpenSSL::PKey::EC::Group.new curve
+      public_bn = group.generator.mul(private_bn).to_bn
+      public_bn = OpenSSL::PKey::EC::Point.new(group, public_bn).to_bn
+
+      public_bn.to_s(16).downcase
+    end
+
+    def address_from_public_key(public_key)
+      bytes = decode_hex public_key
+      address_bytes = digest(bytes[1..])[-20..]
+
+      encode_hex address_bytes
+    end
+
+    def build_shared_key(private_key, public_key)
+      pkey = pkey_from_private_key private_key
+      public_bn = OpenSSL::BN.new public_key, 16
+      group = OpenSSL::PKey::EC::Group.new curve
+      public_point = OpenSSL::PKey::EC::Point.new group, public_bn
+
+      encode_hex pkey.dh_compute_key(public_point)
+    end
+
+    def encrypt(secret, data)
+      aes = OpenSSL::Cipher.new cipher
+      aes.encrypt
+      aes.key = decode_hex(secret)
+      iv = aes.random_iv
+      aes.iv = iv
+
+      Base64.strict_encode64(iv + aes.update(data) + aes.final)
+    end
+
+    def decrypt(secret, data)
+      return unless data
+
+      encrypted_data = Base64.strict_decode64 data
+      aes = OpenSSL::Cipher.new cipher
+      aes.decrypt
+      aes.key = decode_hex(secret)
+      aes.iv = encrypted_data[0..15]
+      encrypted_data = encrypted_data[16..]
+
+      aes.update(encrypted_data) + aes.final
+    end
+
+    def pkey_pem_from_private_key(private_key)
+      public_key = restore_public_key private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.private_key = OpenSSL::BN.new private_key, 16
+      key.public_key = OpenSSL::PKey::EC::Point.new key.group,
+                                                    OpenSSL::BN.new(public_key, 16)
+
+      pkey = OpenSSL::PKey::EC.new(key.public_key.group)
+      pkey.public_key = key.public_key
+
+      pkey.to_pem
+    end
+
+    def key_from_pem(pem)
+      key = OpenSSL::PKey::EC.new(pem)
+      key.private_key.to_s(16).downcase
+    end
+
+    def pkey_from_x509_certificate(certificate)
+      cert = OpenSSL::X509::Certificate.new(certificate)
+      cert.public_key.public_key.to_bn.to_s(16).downcase
+    end
+
+    def openssl_pkey_from_public_key(public_key)
+      pkey = OpenSSL::PKey::EC.new curve
+      pkey.public_key = OpenSSL::PKey::EC::Point.new(pkey.group, OpenSSL::BN.new(public_key, 16))
+
+      pkey
+    end
+
+    private
+
+    def pkey_from_private_key(private_key)
+      public_key = restore_public_key private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.private_key = OpenSSL::BN.new private_key, 16
+      key.public_key = OpenSSL::PKey::EC::Point.new key.group,
+                                                    OpenSSL::BN.new(public_key, 16)
+
+      key
+    end
+
+    # barely understand this code - this link provides a good explanation:
+    # http://coders-errand.com/malleability-ecdsa-signatures/
+    def prevent_malleability(sequence, order)
+      half_order = order >> 1
+
+      if (half_key = sequence.value[1].value) > half_order
+        sequence.value[1].value = order - half_key
+      end
+
+      sequence
+    end
+
+    # ported from python code, understanding extremely limited.
+    # from what I gather, sequence.value[0] and sequence.value[1]
+    # are the r and s values from the python implementation
+    # https://github.com/hyperledger/fabric-sdk-py/blob/25209f61518873da68d28313582607c29b5bae7d/hfc/util/crypto/crypto.py#L259
+    def check_malleability(sequence, order)
+      half_order = order >> 1
+      sequence.value[1].value <= half_order
+    end
+  end
+end

data/lib/fabric/entities/chaincode_events_requests.rb

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+
+module Fabric
+  #
+  # Encapsulates a Chaincode Events Request protobuf message
+  #
+  class ChaincodeEventsRequest
+    attr_reader :contract,
+                :start_block
+
+    # @!parse include Fabric::Accessors::Network
+    # @!parse include Fabric::Accessors::Gateway
+    include Fabric::Accessors::Contract
+
+    #
+    # Creates a new ChaincodeEventsRequest
+    #
+    # @param [Fabric::Contract] contract an instance of a contract
+    # @param [Integer] start_block Block number at which to start reading chaincode events.
+    #
+    def initialize(contract, start_block: nil)
+      @contract = contract
+      @start_block = start_block
+    end
+
+    #
+    # Returns the signed request
+    #
+    # @return [Gateway::SignedChaincodeEventsRequest] generated signed request
+    #
+    def signed_request
+      @signed_request ||= ::Gateway::SignedChaincodeEventsRequest.new(request: chaincode_events_request.to_proto)
+    end
+
+    #
+    # Returns the chaincode events request
+    #
+    # @return [Gateway::ChaincodeEventsRequest] chaincode events request - controls what events are returned
+    #   from a chaincode events request
+    #
+    def chaincode_events_request
+      @chaincode_events_request ||= new_chaincode_events_request
+    end
+
+    #
+    # Get the serialized chaincode events request protobuffer message.
+    #
+    # @return [String] protobuffer serialized chaincode events request
+    #
+    def request_bytes
+      signed_request.request
+    end
+
+    #
+    # Get the digest of the chaincode events request. This is used to generate a digital signature.
+    #
+    # @return [String] chaincode events request digest
+    #
+    def request_digest
+      Fabric.crypto_suite.digest(request_bytes)
+    end
+
+    #
+    # Sets the signed request signature.
+    #
+    # @param [String] signature
+    #
+    # @return [void]
+    #
+    def signature=(signature)
+      signed_request.signature = signature
+    end
+
+    #
+    # Returns the signed_request signature
+    #
+    # @return [String] Raw byte string signature
+    #
+    def signature
+      signed_request.signature
+    end
+
+    #
+    # Sign the chaincode events request; Noop if request already signed.
+    #
+    # @return [void]
+    #
+    def sign
+      return if signed?
+
+      self.signature = signer.sign(request_bytes)
+    end
+
+    #
+    # Checks if the signed chaincode events has been signed.
+    #
+    # @return [Boolean] true if the signed chaincode events has been signed; otherwise false.
+    #
+    def signed?
+      !signed_request.signature.empty?
+    end
+
+    #
+    # Get chaincode events emitted by transaction functions of a specific chaincode.
+    #
+    # @see Fabric::Client#chaincode_events Fabric::Client#chaincode_events - explanation of the different return types
+    #   and example usage.
+    # @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:server_streamer Call options for options parameter
+    #
+    # @param [Hash] options gRPC call options (merged with default_call_options from initializer)
+    # @yield [chaincode_event] loops through the chaincode events
+    # @yieldparam [Gateway::ChaincodeEventsResponse] chaincode_event the chaincode event
+    #
+    # @return [Enumerator|GRPC::ActiveCall::Operation|nil] Dependent on parameters passed;
+    #   please see Fabric::Client#get_chaincode_events
+    #
+    def get_events(options = {}, &block)
+      sign
+
+      client.chaincode_events(signed_request, options, &block)
+    end
+
+    private
+
+    #
+    # Generates a new chaincode events request
+    #
+    # @return [Gateway::ChaincodeEventsRequest] chaincode events request - controls what events are returned
+    #
+    def new_chaincode_events_request
+      ::Gateway::ChaincodeEventsRequest.new(
+        channel_id: network_name,
+        chaincode_id: chaincode_name,
+        identity: signer.to_proto,
+        start_position: start_position
+      )
+    end
+
+    #
+    # Generates the start_position for the chaincode events request or returns the cached start_position
+    #
+    # @return [Orderer::SeekPosition] start position for the chaincode events request
+    #
+    def start_position
+      @start_position ||= new_start_position
+    end
+
+    #
+    # Generates the start position for the chaincode events request; if no start_block is specified,
+    # generates a seek next commit start position, otherwise generates a start_position to the start_block
+    #
+    # @return [Orderer::SeekPosition] start position for the chaincode events request
+    #
+    def new_start_position
+      specified = nil
+      next_commit = nil
+
+      if start_block
+        specified = ::Orderer::SeekSpecified.new(number: start_block)
+      else
+        next_commit = ::Orderer::SeekNextCommit.new
+      end
+      Orderer::SeekPosition.new(specified: specified, next_commit: next_commit)
+    end
+  end
+end

data/lib/fabric/entities/envelope.rb

@@ -0,0 +1,158 @@
+# frozen_string_literal: true
+
+module Fabric
+  #
+  # Encapsulates an Envelop protobuf message
+  #
+  class Envelope
+    # @return [Common::Envelope] transaction envelope
+    attr_reader :envelope
+
+    #
+    # Creates a new Envelope instance.
+    #
+    # @param [Common::Envelope] envelope
+    #
+    def initialize(envelope)
+      @envelope = envelope
+    end
+
+    #
+    # Checks if the envelope has been signed.
+    #
+    # @return [Boolean] true if the envelope has been signed; otherwise false.
+    #
+    def signed?
+      !envelope.signature.empty?
+    end
+
+    #
+    # The protobuffer serialized form of the envelope payload.
+    #
+    # @return [String] serialized payload
+    #
+    def payload_bytes
+      envelope.payload
+    end
+
+    #
+    # The digest of the payload.
+    #
+    # @return [String] payload digest
+    #
+    def payload_digest
+      Fabric.crypto_suite.digest(envelope.payload)
+    end
+
+    #
+    # Sets the envelope signature.
+    #
+    # @param [String] signature
+    #
+    # @return [void]
+    #
+    def signature=(signature)
+      envelope.signature = signature
+    end
+
+    #
+    # Returns the results from the transaction result payload.
+    #
+    # @return [Payload] transaction result payload
+    #
+    def result
+      @result ||= parse_result_from_payload
+    end
+
+    #
+    # Returns the deserialized payload.
+    #
+    # @return [Common::Payload] Envelope payload
+    #
+    def payload
+      @payload ||= Common::Payload.decode(envelope.payload)
+    end
+
+    #
+    # Returns the envelope payload header.
+    #
+    # Envelope => Payload => Header
+    #
+    # @return [Common::Header] Envelope Payload Header
+    #
+    def header
+      raise Fabric::Error, 'Missing header' if payload.header.nil?
+
+      @header ||= payload.header
+    end
+
+    #
+    # Returns the deserialized transaction channel header
+    #
+    # Envelope => Payload => Header => ChannelHeader
+    #
+    # @return [Common::ChannelHeader] envelop payload header channel header
+    #
+    def channel_header
+      @channel_header ||= Common::ChannelHeader.decode(header.channel_header)
+    end
+
+    #
+    # Grabs the channel_name frmo the depths of the envelope.
+    #
+    # @return [String] channel name
+    #
+    def channel_name
+      channel_header.channel_id
+    end
+
+    #
+    # Returns the deserialized transaction
+    #
+    # @return [Protos::Transaction] transaction
+    #
+    def transaction
+      @transaction ||= Protos::Transaction.decode(payload.data)
+    end
+
+    private
+
+    #
+    # Parse the transaction actions from the payload looking for the transaction result payload.
+    #
+    # @return [String] result payload
+    # @raise [Fabric::Error] if the transaction result payload is not found
+    #
+    def parse_result_from_payload
+      errors = []
+      transaction.actions.each do |action|
+        return parse_result_from_transaction_action(action)
+      rescue Fabric::Error => e
+        errors << e
+      end
+
+      raise Fabric::Error, "No proposal response found: #{errors.inspect}"
+    end
+
+    #
+    # Parse a single transaction action looking for the transaction result payload.
+    #
+    # @param [Protos::TransactionAction] transaction_action
+    #
+    # @return [Payload] transaction result payload
+    # @raise [Fabric::Error] if the endorsed_action is missing or the chaincode response is missing
+    #
+    def parse_result_from_transaction_action(transaction_action)
+      action_payload = Protos::ChaincodeActionPayload.decode(transaction_action.payload)
+      endorsed_action = action_payload.action
+      raise Fabric::Error, 'Missing endorsed action' if endorsed_action.nil?
+
+      response_payload = Protos::ProposalResponsePayload.decode(endorsed_action.proposal_response_payload)
+      chaincode_action = Protos::ChaincodeAction.decode(response_payload.extension)
+      chaincode_response = chaincode_action.response
+      raise Fabric::Error, 'Missing chaincode response' if chaincode_response.nil?
+
+      chaincode_response.payload
+    end
+  end
+end

data/lib/fabric/entities/identity.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'msp/identities_pb'
+require 'base64'
+
+# Adapted from:
+# https://github.com/kirshin/hyperledger-fabric-sdk/blob/95a5a1a37001852312df25946e960a9ff149207e/lib/fabric/identity.rb
+
+module Fabric
+  #
+  # @attr_reader [String] private_key raw private key in hex format
+  # @attr_reader [String] public_key raw public key in hex format
+  # @attr_reader [String] certificate raw certificate in pem format
+  # @attr_reader [String] msp_id MSP (Membership Service Provider) Identifier
+  #
+  class Identity
+    attr_reader :private_key,
+                :public_key,
+                :address, # TODO: possibly unnecessary
+                :crypto_suite
+
+    attr_accessor :certificate, :msp_id
+
+    def initialize(private_key: nil, public_key: nil, certificate: nil, msp_id: nil, crypto_suite: nil)
+      @crypto_suite = crypto_suite || Fabric.crypto_suite
+
+      @private_key = private_key || @crypto_suite.generate_private_key
+      @public_key = public_key || @crypto_suite.restore_public_key(@private_key)
+      @certificate = certificate
+      @msp_id = msp_id
+
+      @address = @crypto_suite.address_from_public_key @public_key
+
+      return unless @certificate
+
+      raise Fabric::Error, 'Key mismatch (public_key or certificate) for identity' unless validate_key_integrity
+    end
+
+    #
+    # Validates that the private_key, public_key, and certificate are valid and match
+    #
+    # @return [boolean] true if valid, false otherwise
+    #
+    def validate_key_integrity
+      cert_pubkey = @crypto_suite.pkey_from_x509_certificate(certificate)
+      priv_pubkey = @crypto_suite.restore_public_key(@private_key)
+
+      @public_key == cert_pubkey && @public_key == priv_pubkey
+    end
+
+    def generate_csr(attrs = [])
+      @crypto_suite.generate_csr private_key, attrs
+    end
+
+    def sign(message)
+      @crypto_suite.sign(private_key, message)
+    end
+
+    def digest(message)
+      @crypto_suite.digest message
+    end
+
+    # TODO: Do we need this?
+    def shared_secret_by(public_key)
+      @crypto_suite.build_shared_key private_key, public_key
+    end
+
+    def as_proto
+      @as_proto ||= Msp::SerializedIdentity.new(mspid: msp_id, id_bytes: certificate)
+    end
+
+    def to_proto
+      @to_proto ||= Msp::SerializedIdentity.new(mspid: msp_id, id_bytes: certificate).to_proto
+    end
+
+    #
+    # Creates a new gateway passing in the current identity
+    #
+    # @param [Fabric::Client] client
+    #
+    # @return [Fabric::Gateway] gateway
+    #
+    def new_gateway(client)
+      Fabric::Gateway.new(self, client)
+    end
+  end
+end