-
Notifications
You must be signed in to change notification settings - Fork 60
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Transferred MSP from FSC to TokenSDK
Signed-off-by: Alexandros Filios <alexandros.filios@ibm.com>
- Loading branch information
1 parent
11efbce
commit 26133bd
Showing
53 changed files
with
3,156 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package idemix | ||
|
||
import ( | ||
"encoding/json" | ||
|
||
csp "github.com/IBM/idemix/bccsp/types" | ||
"github.com/hyperledger-labs/fabric-smart-client/pkg/utils/proto" | ||
m "github.com/hyperledger/fabric-protos-go/msp" | ||
"github.com/pkg/errors" | ||
) | ||
|
||
type AuditInfo struct { | ||
EidNymAuditData *csp.AttrNymAuditData | ||
RhNymAuditData *csp.AttrNymAuditData | ||
Attributes [][]byte | ||
Csp csp.BCCSP `json:"-"` | ||
IssuerPublicKey csp.Key `json:"-"` | ||
} | ||
|
||
func (a *AuditInfo) Bytes() ([]byte, error) { | ||
return json.Marshal(a) | ||
} | ||
|
||
func (a *AuditInfo) FromBytes(raw []byte) error { | ||
return json.Unmarshal(raw, a) | ||
} | ||
|
||
func (a *AuditInfo) EnrollmentID() string { | ||
return string(a.Attributes[2]) | ||
} | ||
|
||
func (a *AuditInfo) RevocationHandle() string { | ||
return string(a.Attributes[3]) | ||
} | ||
|
||
func (a *AuditInfo) Match(id []byte) error { | ||
si := &m.SerializedIdentity{} | ||
err := proto.Unmarshal(id, si) | ||
if err != nil { | ||
return errors.Wrap(err, "failed to unmarshal to msp.SerializedIdentity{}") | ||
} | ||
|
||
serialized := new(m.SerializedIdemixIdentity) | ||
err = proto.Unmarshal(si.IdBytes, serialized) | ||
if err != nil { | ||
return errors.Wrap(err, "could not deserialize a SerializedIdemixIdentity") | ||
} | ||
|
||
// Audit EID | ||
valid, err := a.Csp.Verify( | ||
a.IssuerPublicKey, | ||
serialized.Proof, | ||
nil, | ||
&csp.EidNymAuditOpts{ | ||
EidIndex: EIDIndex, | ||
EnrollmentID: string(a.Attributes[EIDIndex]), | ||
RNymEid: a.EidNymAuditData.Rand, | ||
}, | ||
) | ||
if err != nil { | ||
return errors.Wrap(err, "error while verifying the nym eid") | ||
} | ||
if !valid { | ||
return errors.New("invalid nym rh") | ||
} | ||
|
||
// Audit RH | ||
valid, err = a.Csp.Verify( | ||
a.IssuerPublicKey, | ||
serialized.Proof, | ||
nil, | ||
&csp.RhNymAuditOpts{ | ||
RhIndex: RHIndex, | ||
RevocationHandle: string(a.Attributes[RHIndex]), | ||
RNymRh: a.RhNymAuditData.Rand, | ||
}, | ||
) | ||
if err != nil { | ||
return errors.Wrap(err, "error while verifying the nym rh") | ||
} | ||
if !valid { | ||
return errors.New("invalid nym eid") | ||
} | ||
|
||
return nil | ||
} | ||
|
||
func DeserializeAuditInfo(raw []byte) (*AuditInfo, error) { | ||
auditInfo := &AuditInfo{} | ||
err := auditInfo.FromBytes(raw) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return auditInfo, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,132 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package idemix | ||
|
||
import ( | ||
"runtime" | ||
"sync" | ||
"time" | ||
|
||
"github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" | ||
"github.com/hyperledger-labs/fabric-smart-client/platform/view/view" | ||
"go.uber.org/zap/zapcore" | ||
) | ||
|
||
type IdentityCacheBackendFunc func(opts *driver.IdentityOptions) (view.Identity, []byte, error) | ||
|
||
type identityCacheEntry struct { | ||
Identity view.Identity | ||
Audit []byte | ||
} | ||
|
||
type IdentityCache struct { | ||
once sync.Once | ||
backed IdentityCacheBackendFunc | ||
cache chan identityCacheEntry | ||
opts *driver.IdentityOptions | ||
} | ||
|
||
func NewIdentityCache(backed IdentityCacheBackendFunc, size int, opts *driver.IdentityOptions) *IdentityCache { | ||
ci := &IdentityCache{ | ||
backed: backed, | ||
cache: make(chan identityCacheEntry, size), | ||
opts: opts, | ||
} | ||
|
||
return ci | ||
} | ||
|
||
func (c *IdentityCache) Identity(opts *driver.IdentityOptions) (view.Identity, []byte, error) { | ||
if opts != nil { | ||
return c.fetchIdentityFromBackend(opts) | ||
} | ||
|
||
c.once.Do(func() { | ||
if cap(c.cache) > 0 { | ||
// Spin up as many background goroutines as we need to prepare identities in the background. | ||
for i := 0; i < runtime.NumCPU(); i++ { | ||
go c.provisionIdentities() | ||
} | ||
} | ||
}) | ||
|
||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
logger.Debugf("fetching identity from cache...") | ||
} | ||
|
||
return c.fetchIdentityFromCache(opts) | ||
|
||
} | ||
|
||
func (c *IdentityCache) fetchIdentityFromCache(opts *driver.IdentityOptions) (view.Identity, []byte, error) { | ||
var identity view.Identity | ||
var audit []byte | ||
|
||
var start time.Time | ||
|
||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
start = time.Now() | ||
} | ||
|
||
timeout := time.NewTimer(time.Second) | ||
defer timeout.Stop() | ||
|
||
select { | ||
|
||
case entry := <-c.cache: | ||
identity = entry.Identity | ||
audit = entry.Audit | ||
|
||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
logger.Debugf("fetching identity from cache [%s][%d] took %v", identity, len(audit), time.Since(start)) | ||
} | ||
|
||
case <-timeout.C: | ||
id, a, err := c.backed(opts) | ||
if err != nil { | ||
return nil, nil, err | ||
} | ||
identity = id | ||
audit = a | ||
|
||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
logger.Debugf("fetching identity from backend after a timeout [%s][%d] took %v", identity, len(audit), time.Since(start)) | ||
} | ||
} | ||
|
||
return identity, audit, nil | ||
} | ||
|
||
func (c *IdentityCache) fetchIdentityFromBackend(opts *driver.IdentityOptions) (view.Identity, []byte, error) { | ||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
logger.Debugf("fetching identity from backend") | ||
} | ||
id, audit, err := c.backed(opts) | ||
if err != nil { | ||
return nil, nil, err | ||
} | ||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
logger.Debugf("fetch identity from backend done [%s][%d]", id, len(audit)) | ||
} | ||
|
||
return id, audit, nil | ||
} | ||
|
||
func (c *IdentityCache) provisionIdentities() { | ||
count := 0 | ||
for { | ||
id, audit, err := c.backed(c.opts) | ||
if err != nil { | ||
logger.Errorf("failed to provision identity [%s]", err) | ||
continue | ||
} | ||
if logger.IsEnabledFor(zapcore.DebugLevel) { | ||
logger.Debugf("generated new idemix identity [%d]", count) | ||
} | ||
c.cache <- identityCacheEntry{Identity: id, Audit: audit} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
/* | ||
Copyright IBM Corp. All Rights Reserved. | ||
SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package idemix | ||
|
||
import ( | ||
"testing" | ||
|
||
api2 "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/driver" | ||
"github.com/hyperledger-labs/fabric-smart-client/platform/view/view" | ||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func TestIdentityCache(t *testing.T) { | ||
c := NewIdentityCache(func(opts *api2.IdentityOptions) (view.Identity, []byte, error) { | ||
return []byte("hello world"), []byte("audit"), nil | ||
}, 100, nil) | ||
id, audit, err := c.Identity(&api2.IdentityOptions{ | ||
EIDExtension: true, | ||
AuditInfo: nil, | ||
}) | ||
assert.NoError(t, err) | ||
assert.Equal(t, view.Identity([]byte("hello world")), id) | ||
assert.Equal(t, []byte("audit"), audit) | ||
|
||
id, audit, err = c.Identity(nil) | ||
assert.NoError(t, err) | ||
assert.Equal(t, view.Identity([]byte("hello world")), id) | ||
assert.Equal(t, []byte("audit"), audit) | ||
} |
Oops, something went wrong.