fabric-gateway 0.1.0 → 0.2.0

data/lib/fabric/client.rb

@@ -0,0 +1,134 @@
+# frozen_string_literal: true
+
+module Fabric
+  #
+  # Gateway Client represents the connection to a Hyperledger Fabric Gateway.
+  #
+  class Client
+    attr_reader :grpc_client, :default_call_options
+
+    #
+    # Initializes a client
+    #
+    # @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:initialize
+    #
+    # @param [Gateway::Gateway::Stub] grpc_client grpc gateway client stub
+    # @param [string] host hostname and port of the gateway
+    # @param [GRPC::Core::ChannelCredentials|GRPC::Core::XdsChannelCredentials|Symbol] creds channel credentials
+    #                                                                                  (usually the CA certificate)
+    # @param [Hash] default_call_options call options to use by default for different operations
+    # @option default_call_options [Hash] :endorse_options default options for endorse call; @see keyword arguments in https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    # @option default_call_options [Hash] :evaluate_options default options for evaluate call; @see keyword arguments in
+    #                                              https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    # @option default_call_options [Hash] :submit_options default options for submit call; @see keyword arguments in https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    # @option default_call_options [Hash] :commit_status_options default options for commit_status call;
+    #                                     @see keyword arguments in https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    # @option default_call_options [Hash] :chaincode_events_options default options for chaincode_events call;
+    #                                     @see keyword arguments in https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    # @param [Hash] **client_opts client initialization options; @see keyword arguments at https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:initialize
+    #
+    def initialize(grpc_client: nil, host: nil, creds: nil, default_call_options: {}, **client_opts)
+      if grpc_client
+        init_stub grpc_client
+      elsif host && creds
+        init_grpc_args(host, creds, **client_opts)
+      else
+        raise InvalidArgument, 'Must pass a Gateway::Gateway::Stub or <host>, <creds>, <client_opts>'
+      end
+      init_call_options(default_call_options)
+    end
+
+    #
+    # Submits an evaluate_request to the gateway to be evaluted.
+    #
+    # @param [Gateway::EvaluateRequest] evaluate_request
+    # @param [Hash] options gRPC call options (merged with default options) @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    #
+    # @return [Gateway::EvaluateResponse] evaluate_response
+    #
+    def evaluate(evaluate_request, options = {})
+      @grpc_client.evaluate(evaluate_request, @default_call_options[:evaluate_options].merge(options))
+    end
+
+    #
+    # Submits an endorse_request to the gateway to be evaluted.
+    #
+    # @param [Gateway::EndorseRequest] endorse_request
+    # @param [Hash] options gRPC call options (merged with default options) @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    #
+    # @return [Gateway::EndorseResponse] endorse_response
+    #
+    def endorse(endorse_request, options = {})
+      @grpc_client.endorse(endorse_request, @default_call_options[:endorse_options].merge(options))
+    end
+
+    #
+    # Submits an submit_request to the gateway to be evaluted.
+    #
+    # @param [Gateway::SubmitRequest] submit_request
+    # @param [Hash] options gRPC call options (merged with default options) @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    #
+    # @return [Gateway::SubmitResponse] submit_response
+    #
+    def submit(submit_request, options = {})
+      @grpc_client.submit(submit_request, @default_call_options[:submit_options].merge(options))
+    end
+
+    #
+    # Submits an commit_status_request to the gateway to be evaluted.
+    #
+    # @param [Gateway::CommitStatusRequest] commit_status_request
+    # @param [Hash] options gRPC call options (merged with default options) @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:request_response
+    #
+    # @return [Gateway::CommitStatusResponse] commit_status_response
+    #
+    def commit_status(commit_status_request, options = {})
+      @grpc_client.commit_status(commit_status_request, @default_call_options[:commit_status_options].merge(options))
+    end
+
+    #
+    # Subscribe to chaincode events
+    #
+    # @NOTE: This function has never been utilized or tested. This function is probably wrong, missing a block.
+    # @TODO: add testing!
+    #
+    # @param [Gateway::ChaincodeEventsRequest] chaincode_events_request
+    # @param [Hash] options gRPC call options (merged with default options) @see https://www.rubydoc.info/gems/grpc/GRPC%2FClientStub:server_streamer
+    #
+    # @return [Gateway::ChaincodeEventsResponse] commit_status_response (probably wrong, this is a stream.)
+    #
+    def chaincode_events(chaincode_events_request, options = {}, &block)
+      @grpc_client.chaincode_events(chaincode_events_request,
+                                    @default_call_options[:chaincode_events_options].merge(options), &block)
+    end
+
+    private
+
+    def init_stub(stub)
+      unless stub.is_a? ::Gateway::Gateway::Stub
+        raise InvalidArgument, 'Must pass a Gateway::Gateway::Stub or <host>, <creds>, <client_opts>'
+      end
+
+      @grpc_client = stub
+    end
+
+    def init_grpc_args(host, creds, **client_opts)
+      unless creds.is_a?(GRPC::Core::ChannelCredentials) ||
+             creds.is_a?(GRPC::Core::XdsChannelCredentials) ||
+             creds.is_a?(Symbol)
+        raise InvalidArgument, 'creds is not a ChannelCredentials, XdsChannelCredentials, or Symbol'
+      end
+
+      @grpc_client = ::Gateway::Gateway::Stub.new(host, creds, **client_opts)
+    end
+
+    def init_call_options(call_options)
+      @default_call_options = call_options
+      @default_call_options[:endorse_options] ||= {}
+      @default_call_options[:evaluate_options] ||= {}
+      @default_call_options[:submit_options] ||= {}
+      @default_call_options[:commit_status_options] ||= {}
+      @default_call_options[:chaincode_events_options] ||= {}
+    end
+  end
+end

data/lib/fabric/constants.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+module Fabric
+  module Constants
+    ## Variables
+    CHANNEL_HEADER_VERSION = 1
+  end
+end

data/lib/fabric/contract.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+
+module Fabric
+  #
+  # Contract represents a smart contract, and allows applications to:
+  #
+  # - Evaluate transactions that query state from the ledger using the EvaluateTransaction() method.
+  #
+  # - Submit transactions that store state to the ledger using the SubmitTransaction() method.
+  #
+  # For more complex transaction invocations, such as including transient data, transactions can be evaluated or
+  # submitted using the Evaluate() or Submit() methods respectively. The result of a submitted transaction can be
+  # accessed prior to its commit to the ledger using SubmitAsync().
+  #
+  # By default, proposal, transaction and commit status messages will be signed using the signing implementation
+  # specified when connecting the Gateway. In cases where an external client holds the signing credentials, a signing
+  # implementation can be omitted when connecting the Gateway and off-line signing can be carried out by:
+  #
+  # 1. Returning the serialized proposal, transaction or commit status   along with its digest to the client for
+  # them to generate a signature.
+  #
+  # 2. With the serialized message and signature received from the client to create a signed proposal, transaction or
+  # commit using the Gateway's NewSignedProposal(), NewSignedTransaction() or NewSignedCommit() methods respectively.
+  #
+  class Contract
+    attr_reader :network, :chaincode_name, :contract_name
+
+    def initialize(network, chaincode_name, contract_name = '')
+      @network = network
+      @chaincode_name = chaincode_name
+      @contract_name = contract_name
+    end
+
+    def client
+      network.client
+    end
+
+    def signer
+      network.signer
+    end
+
+    def gateway
+      network.gateway
+    end
+
+    def network_name
+      network.name
+    end
+
+    #
+    # Evaluate a transaction function and return its results. A transaction proposal will be evaluated on endorsing
+    # peers but the transaction will not be sent to the ordering service and so will not be committed to the ledger.
+    # This can be used for querying the world state.
+    #
+    # @param [String] transaction_name
+    # @param [Array] arguments array of arguments to pass to the transaction
+    #
+    # @return [String] raw payload of the transaction response
+    #
+    def evaluate_transaction(transaction_name, arguments = [])
+      evaluate(transaction_name, { arguments: arguments })
+    end
+
+    #
+    # Submit a transaction to the ledger and return its result only after it is committed to the ledger. The
+    # transaction function will be evaluated on endorsing peers and then submitted to the ordering service to be
+    # committed to the ledger.
+    #
+    # @TODO: Not yet complete
+    #
+    # @param [String] transaction_name
+    # @param [Array] arguments array of arguments to pass to the transaction
+    #
+    # @return [String] raw payload of the transaction response
+    #
+    def submit_transaction(transaction_name, arguments = [])
+      submit(transaction_name, { arguments: arguments })
+    end
+
+    #
+    # Evaluate a transaction function and return its result. This method provides greater control over the transaction
+    # proposal content and the endorsing peers on which it is evaluated. This allows transaction functions to be
+    # evaluated where the proposal must include transient data, or that will access ledger data with key-based
+    # endorsement policies.
+    #
+    # @param [String] transaction_name
+    # @param [Hash] proposal_options
+    # @option proposal_options [Array] :arguments array of arguments to pass to the transaction
+    # @option proposal_options [Hash] :transient_data Private data passed to the transaction function but not recorded
+    #                                                 on the ledger.
+    # @option proposal_options [Array] :endorsing_organizations Specifies the set of organizations that will attempt to
+    #                                                           endorse the proposal.
+    #
+    # @return [String] Raw evaluation response payload
+    #
+    def evaluate(transaction_name, proposal_options = {})
+      new_proposal(transaction_name, **proposal_options).evaluate
+    end
+
+    #
+    # Submit a transaction to the ledger and return its result only after it is committed to the ledger. The
+    # transaction function will be evaluated on endorsing peers and then submitted to the ordering service to be
+    # committed to the ledger.
+    #
+    # @TODO: Implement Me! - LEFT OFF HERE!
+    #
+    # @param [String] transaction_name
+    # @param [Hash] proposal_options
+    # @option proposal_options [Array] :arguments array of arguments to pass to the transaction
+    # @option proposal_options [Hash] :transient_data Private data passed to the transaction function but not recorded
+    #                                                 on the ledger.
+    # @option proposal_options [Array] :endorsing_organizations Specifies the set of organizations that will attempt to
+    #                                                           endorse the proposal.
+    #
+    # @return [String] Raw evaluation response payload
+    #
+    def submit(transaction_name, proposal_options = {})
+      transaction = new_proposal(transaction_name, **proposal_options).endorse
+      submitted = transaction.submit
+
+      status = submitted.get_status
+
+      raise CommitError, status unless status.get_status == ::GRPC::Core::StatusCodes::OK
+    end
+
+    #
+    # @TODO: unimplemented, not sure if this can be implemented because
+    # the official grpc ruby client does not support non-blocking async
+    # calls (https://github.com/grpc/grpc/issues/10973)
+    #
+    # not 100% sure if grpc support is necessary for this.
+    #
+    def submit_async
+      raise NotYetImplemented
+    end
+
+    #
+    # Creates a transaction proposal that can be evaluated or endorsed. Supports off-line signing flow.
+    #
+    # @param [String] transaction_name transaction name (first argument unshifted into the argument array)
+    # @param [Array<String>] arguments array of arguments to pass to the transaction
+    # @param [Hash] transient_data Private data passed to the transaction function but not recorded on the ledger.
+    # @param [Array] endorsing_organizations Specifies the set of organizations that will attempt to endorse the
+    #                                        proposal.
+    #
+    # @return [Fabric::Proposal] signed unexecuted proposal
+    #
+    def new_proposal(transaction_name, arguments: [], transient_data: {}, endorsing_organizations: [])
+      proposed_transaction = ProposedTransaction.new(
+        self,
+        qualified_transaction_name(transaction_name),
+        arguments: arguments,
+        transient_data: transient_data,
+        endorsing_organizations: endorsing_organizations
+      )
+      Proposal.new(proposed_transaction)
+    end
+
+    def qualified_transaction_name(transaction_name)
+      contract_name.nil? || contract_name.empty? ? transaction_name : "#{contract_name}:#{transaction_name}"
+    end
+  end
+end

data/lib/fabric/ec_crypto_suite.rb

@@ -0,0 +1,199 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+# Adapted from:
+# https://github.com/kirshin/hyperledger-fabric-sdk/blob/95a5a1a37001852312df25946e960a9ff149207e/lib/fabric/crypto_suite.rb
+module Fabric
+  #
+  # Elliptic-curve Crypto Suite using OpenSSL
+  #
+  # @TODO missing tests
+  class ECCryptoSuite # rubocop:disable Metrics/ClassLength
+    DEFAULT_KEY_SIZE = 256
+    DEFAULT_DIGEST_ALGORITHM = 'SHA256'
+    DEFAULT_AES_KEY_SIZE = 128
+
+    EC_CURVES = { 256 => 'prime256v1', 384 => 'secp384r1' }.freeze
+
+    CIPHER = 'aes-256-cbc'
+
+    attr_reader :key_size, :digest_algorithm, :digest_instance, :curve, :cipher
+
+    def initialize(opts = {})
+      @key_size = opts[:key_size] || DEFAULT_KEY_SIZE
+      @digest_algorithm = opts[:digest_algorithm] || DEFAULT_DIGEST_ALGORITHM
+      @digest_instance = OpenSSL::Digest.new digest_algorithm
+      @curve = EC_CURVES[key_size]
+      @cipher = opts[:cipher] || CIPHER
+    end
+
+    def sign(private_key, message)
+      digest = digest message
+      key = pkey_from_private_key private_key
+      signature = key.dsa_sign_asn1 digest
+      sequence = OpenSSL::ASN1.decode signature
+      sequence = prevent_malleability sequence, key.group.order
+
+      sequence.to_der
+    end
+
+    def verify(public_key, message, signature)
+      digest = digest message
+      openssl_pkey = openssl_pkey_from_public_key public_key
+      sequence = OpenSSL::ASN1.decode signature
+      return false unless check_malleability sequence, openssl_pkey.group.order
+
+      openssl_pkey.dsa_verify_asn1(digest, signature)
+    end
+
+    def generate_private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.generate_key!
+
+      key.private_key.to_s(16).downcase
+    end
+
+    def generate_csr(private_key, attrs = [])
+      key = pkey_from_private_key private_key
+
+      req = OpenSSL::X509::Request.new
+      req.public_key = key
+      req.subject = OpenSSL::X509::Name.new attrs
+      req.sign key, @digest_instance
+
+      req
+    end
+
+    def generate_nonce(length = 24)
+      OpenSSL::Random.random_bytes length
+    end
+
+    def hexdigest(message)
+      @digest_instance.hexdigest message
+    end
+
+    def digest(message)
+      @digest_instance.digest message
+    end
+
+    def encode_hex(bytes)
+      bytes.unpack1('H*')
+    end
+
+    def decode_hex(string)
+      [string].pack('H*')
+    end
+
+    def restore_public_key(private_key)
+      private_bn = OpenSSL::BN.new private_key, 16
+      group = OpenSSL::PKey::EC::Group.new curve
+      public_bn = group.generator.mul(private_bn).to_bn
+      public_bn = OpenSSL::PKey::EC::Point.new(group, public_bn).to_bn
+
+      public_bn.to_s(16).downcase
+    end
+
+    def address_from_public_key(public_key)
+      bytes = decode_hex public_key
+      address_bytes = digest(bytes[1..])[-20..]
+
+      encode_hex address_bytes
+    end
+
+    def build_shared_key(private_key, public_key)
+      pkey = pkey_from_private_key private_key
+      public_bn = OpenSSL::BN.new public_key, 16
+      group = OpenSSL::PKey::EC::Group.new curve
+      public_point = OpenSSL::PKey::EC::Point.new group, public_bn
+
+      encode_hex pkey.dh_compute_key(public_point)
+    end
+
+    def encrypt(secret, data)
+      aes = OpenSSL::Cipher.new cipher
+      aes.encrypt
+      aes.key = decode_hex(secret)
+      iv = aes.random_iv
+      aes.iv = iv
+
+      Base64.strict_encode64(iv + aes.update(data) + aes.final)
+    end
+
+    def decrypt(secret, data)
+      return unless data
+
+      encrypted_data = Base64.strict_decode64 data
+      aes = OpenSSL::Cipher.new cipher
+      aes.decrypt
+      aes.key = decode_hex(secret)
+      aes.iv = encrypted_data[0..15]
+      encrypted_data = encrypted_data[16..]
+
+      aes.update(encrypted_data) + aes.final
+    end
+
+    def pkey_pem_from_private_key(private_key)
+      public_key = restore_public_key private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.private_key = OpenSSL::BN.new private_key, 16
+      key.public_key = OpenSSL::PKey::EC::Point.new key.group,
+                                                    OpenSSL::BN.new(public_key, 16)
+
+      pkey = OpenSSL::PKey::EC.new(key.public_key.group)
+      pkey.public_key = key.public_key
+
+      pkey.to_pem
+    end
+
+    def key_from_pem(pem)
+      key = OpenSSL::PKey::EC.new(pem)
+      key.private_key.to_s(16).downcase
+    end
+
+    def pkey_from_x509_certificate(certificate)
+      cert = OpenSSL::X509::Certificate.new(certificate)
+      cert.public_key.public_key.to_bn.to_s(16).downcase
+    end
+
+    def openssl_pkey_from_public_key(public_key)
+      pkey = OpenSSL::PKey::EC.new curve
+      pkey.public_key = OpenSSL::PKey::EC::Point.new(pkey.group, OpenSSL::BN.new(public_key, 16))
+
+      pkey
+    end
+
+    private
+
+    def pkey_from_private_key(private_key)
+      public_key = restore_public_key private_key
+      key = OpenSSL::PKey::EC.new curve
+      key.private_key = OpenSSL::BN.new private_key, 16
+      key.public_key = OpenSSL::PKey::EC::Point.new key.group,
+                                                    OpenSSL::BN.new(public_key, 16)
+
+      key
+    end
+
+    # barely understand this code - this link provides a good explanation:
+    # http://coders-errand.com/malleability-ecdsa-signatures/
+    def prevent_malleability(sequence, order)
+      half_order = order >> 1
+
+      if (half_key = sequence.value[1].value) > half_order
+        sequence.value[1].value = order - half_key
+      end
+
+      sequence
+    end
+
+    # ported from python code, understanding extremely limited.
+    # from what I gather, sequence.value[0] and sequence.value[1]
+    # are the r and s values from the python implementation
+    # https://github.com/hyperledger/fabric-sdk-py/blob/25209f61518873da68d28313582607c29b5bae7d/hfc/util/crypto/crypto.py#L259
+    def check_malleability(sequence, order)
+      half_order = order >> 1
+      sequence.value[1].value <= half_order
+    end
+  end
+end

data/lib/fabric/gateway.rb

@@ -1,21 +1,35 @@
-require "fabric/gateway/client"
-require "fabric/gateway/constants"
-require 'fabric/gateway/ec_crypto_suite'
-require 'fabric/gateway/identity'
-require "fabric/gateway/proposal"
-require "fabric/gateway/version"
-
-
-require "gateway/gateway_pb"
-require "gateway/gateway_services_pb"
+# frozen_string_literal: true
 
 module Fabric
-  module Gateway
-    class Error < StandardError; end
+  #
+  # Gateway represents the connection of a specific client identity to a Fabric Gateway.
+  #
+  class Gateway
+    attr_reader :signer, :client
 
+    #
+    # Initialize a new Gateway
+    #
+    # @param [Fabric::Identity] signer identity utilized to sign transactions
+    # @param [Fabric::Client] client Gateway Client
+    #
+    def initialize(signer, client)
+      raise InvalidArgument, 'signer must be Fabric::Identity' unless signer.is_a? Fabric::Identity
+      raise InvalidArgument, 'client must be Fabric::Client' unless client.is_a? Fabric::Client
+
+      @signer = signer
+      @client = client
+    end
 
-    def self.crypto_suite(opts = {})
-      @crypto_suite ||= Fabric::Gateway::ECCryptoSuite.new opts
+    #
+    # Initialize new network from the Gateway
+    #
+    # @param [string] name channel name
+    #
+    # @return [Fabric::Network] returns a new network
+    #
+    def new_network(name)
+      Network.new(self, name)
     end
   end
 end

data/lib/fabric/identity.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+require 'msp/identities_pb'
+require 'base64'
+
+# Adapted from:
+# https://github.com/kirshin/hyperledger-fabric-sdk/blob/95a5a1a37001852312df25946e960a9ff149207e/lib/fabric/identity.rb
+
+module Fabric
+  #
+  # @attr_reader [String] private_key raw private key in hex format
+  # @attr_reader [String] public_key raw public key in hex format
+  # @attr_reader [String] certificate raw certificate in pem format
+  # @attr_reader [String] msp_id MSP (Membership Service Provider) Identifier
+  #
+  class Identity
+    attr_reader :private_key,
+                :public_key,
+                :address, # TODO: possibly unnecessary
+                :crypto_suite
+
+    attr_accessor :certificate, :msp_id
+
+    def initialize(private_key: nil, public_key: nil, certificate: nil, msp_id: nil, crypto_suite: nil)
+      @crypto_suite = crypto_suite || Fabric.crypto_suite
+
+      @private_key = private_key || @crypto_suite.generate_private_key
+      @public_key = public_key || @crypto_suite.restore_public_key(@private_key)
+      @certificate = certificate
+      @msp_id = msp_id
+
+      @address = @crypto_suite.address_from_public_key @public_key
+
+      return unless @certificate
+
+      raise Fabric::Error, 'Key mismatch (public_key or certificate) for identity' unless validate_key_integrity
+    end
+
+    #
+    # Validates that the private_key, public_key, and certificate are valid and match
+    #
+    # @return [boolean] true if valid, false otherwise
+    #
+    def validate_key_integrity
+      cert_pubkey = @crypto_suite.pkey_from_x509_certificate(certificate)
+      priv_pubkey = @crypto_suite.restore_public_key(@private_key)
+
+      @public_key == cert_pubkey && @public_key == priv_pubkey
+    end
+
+    def generate_csr(attrs = [])
+      @crypto_suite.generate_csr private_key, attrs
+    end
+
+    def sign(message)
+      @crypto_suite.sign(private_key, message)
+    end
+
+    def digest(message)
+      @crypto_suite.digest message
+    end
+
+    # TODO: Do we need this?
+    def shared_secret_by(public_key)
+      @crypto_suite.build_shared_key private_key, public_key
+    end
+
+    def as_proto
+      @as_proto ||= Msp::SerializedIdentity.new(mspid: msp_id, id_bytes: certificate)
+    end
+
+    def to_proto
+      @to_proto ||= Msp::SerializedIdentity.new(mspid: msp_id, id_bytes: certificate).to_proto
+    end
+
+    #
+    # Creates a new gateway passing in the current identity
+    #
+    # @param [Gateway::Gateway::Stub] connection <description>
+    #
+    # @return [Fabric::Gateway] <description>
+    #
+    def new_gateway(client)
+      Fabric::Gateway.new(self, client)
+    end
+  end
+end