Address comments

Signed-off-by: senthil <cendhu@gmail.com>

Author: cendhu

api/protoblocktx/block_tx.pb.go

@@ -70,7 +70,7 @@ message Identity {
 
   oneof creator {
     // The full raw bytes of the creator's certificate (e.g., an X.509 certificate).
-    bytes certificate= 2;
+    bytes certificate = 2;
 
     // An identifier for a certificate that is pre-stored or known by the committer.
     string certificate_id = 3;
@@ -79,19 +79,10 @@ message Identity {
 
 // Represents a namespace policy.
 message NamespacePolicy {
-    PolicyType type = 1;    // The type of policy used.
-    bytes policy = 2;       // The policy rule.
-}
-
-enum PolicyType {
-    // A policy for verifying a single signature that was generated via a Threshold Signature
-    // Scheme (TSS). In a TSS, a threshold (T) of N parties must cooperate to
-    // collectively compute and produce the single signature.
-    THRESHOLD_RULE = 0;
-
-    // A policy defined by an explicit rule that evaluates one or more required signatures.
-    // For example: "OR('Org1MSP.admin', 'Org2MSP.admin')"
-    SIGNATURE_RULE = 1;
+  oneof rule {
+    ThresholdRule threshold_rule = 1;
+    bytes signature_rule = 2; 
+  }
 }
 
 message ThresholdRule {
@@ -127,7 +118,7 @@ message NamespacePolicies {
 
 message PolicyItem {
     string namespace = 1;
-    bytes policy = 2; // This holds the complete NamespacePolicy.
+    NamespacePolicy policy = 2;
     uint64 version = 3;
 }
 

api/protoblocktx/block_tx.proto

@@ -9,7 +9,7 @@ go 1.24.3
 require (
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cockroachdb/errors v1.12.0
-	github.com/consensys/gnark-crypto v0.14.0
+	github.com/consensys/gnark-crypto v0.18.0
 	github.com/docker/docker v28.0.0+incompatible
 	github.com/docker/go-connections v0.5.0
 	github.com/fsouza/go-dockerclient v1.12.0

go.mod

@@ -681,8 +681,8 @@ github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b h1:r6VH0faHjZe
 github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b/go.mod h1:Vz9DsVWQQhf3vs21MhPMZpMGSht7O/2vFW2xusFUVOs=
 github.com/cockroachdb/redact v1.1.5 h1:u1PMllDkdFfPWaNGMyLD1+so+aq3uUItthCFqzwPJ30=
 github.com/cockroachdb/redact v1.1.5/go.mod h1:BVNblN9mBWFyMyqK1k3AAiSxhvhfK2oOZZ2lK+dpvRg=
-github.com/consensys/gnark-crypto v0.18.1 h1:RyLV6UhPRoYYzaFnPQA4qK3DyuDgkTgskDdoGqFt3fI=
-github.com/consensys/gnark-crypto v0.18.1/go.mod h1:L3mXGFTe1ZN+RSJ+CLjUt9x7PNdx8ubaYfDROyp2Z8c=
+github.com/consensys/gnark-crypto v0.18.0 h1:vIye/FqI50VeAr0B3dx+YjeIvmc3LWz4yEfbWBpTUf0=
+github.com/consensys/gnark-crypto v0.18.0/go.mod h1:L3mXGFTe1ZN+RSJ+CLjUt9x7PNdx8ubaYfDROyp2Z8c=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=

go.sum

@@ -13,7 +13,6 @@ import (
 
 	"github.com/onsi/gomega"
 	"github.com/stretchr/testify/require"
-	"google.golang.org/protobuf/proto"
 
 	"github.com/hyperledger/fabric-x-committer/api/protoblocktx"
 	"github.com/hyperledger/fabric-x-committer/api/protoloadgen"
@@ -88,13 +87,11 @@ func TestConfigUpdate(t *testing.T) {
 
 	c.AddOrUpdateNamespaces(t, types.MetaNamespaceID)
 	metaPolicy := c.TxBuilder.TxSigner.HashSigners[types.MetaNamespaceID].GetVerificationPolicy()
-	key := &protoblocktx.ThresholdRule{}
-	require.NoError(t, proto.Unmarshal(metaPolicy.Policy, key))
 	submitConfigBlock := func(endpoints []*ordererconn.Endpoint) {
 		ordererEnv.SubmitConfigBlock(t, &workload.ConfigBlock{
 			ChannelID:                    c.SystemConfig.Policy.ChannelID,
 			OrdererEndpoints:             endpoints,
-			MetaNamespaceVerificationKey: key.PublicKey,
+			MetaNamespaceVerificationKey: metaPolicy.GetThresholdRule().PublicKey,
 		})
 	}
 	submitConfigBlock(ordererEnv.AllRealOrdererEndpoints())

integration/test/config_update_test.go

@@ -11,7 +11,6 @@ import (
 
 	"github.com/cockroachdb/errors"
 	"golang.org/x/sync/errgroup"
-	"google.golang.org/protobuf/proto"
 
 	"github.com/hyperledger/fabric-x-committer/api/protoblocktx"
 	"github.com/hyperledger/fabric-x-committer/api/protosigverifierservice"
@@ -101,15 +100,11 @@ func createUpdate(policy *workload.PolicyProfile) (*protosigverifierservice.Upda
 		if ns == types.MetaNamespaceID {
 			continue
 		}
-		policyBytes, err := proto.Marshal(p.GetVerificationPolicy())
-		if err != nil {
-			return nil, errors.Wrap(err, "failed to serialize policy")
-		}
 		updateMsg.NamespacePolicies.Policies = append(
 			updateMsg.NamespacePolicies.Policies,
 			&protoblocktx.PolicyItem{
 				Namespace: ns,
-				Policy:    policyBytes,
+				Policy:    p.GetVerificationPolicy(),
 			},
 		)
 	}

loadgen/adapters/sigverifier.go

@@ -92,12 +92,12 @@ func CreateConfigBlock(policy *PolicyProfile) (*common.Block, error) {
 		MetaNamespaceVerificationKey: policyNamespaceSigner.pubKey,
 		OrdererEndpoints:             policy.OrdererEndpoints,
 		ChannelID:                    policy.ChannelID,
-	})
+	}, genesisconfig.TwoOrgsSampleFabricX)
 }
 
 // CreateDefaultConfigBlock creates a config block with default values.
-func CreateDefaultConfigBlock(conf *ConfigBlock) (*common.Block, error) {
-	configBlock := genesisconfig.Load(genesisconfig.TwoOrgsSampleFabricX, configtest.GetDevConfigDir())
+func CreateDefaultConfigBlock(conf *ConfigBlock, profileName string) (*common.Block, error) {
+	configBlock := genesisconfig.Load(profileName, configtest.GetDevConfigDir())
 	tlsCertPath := filepath.Join(configtest.GetDevConfigDir(), "msp", "tlscacerts", "tlsroot.pem")
 	for _, consenter := range configBlock.Orderer.ConsenterMapping {
 		consenter.Identity = tlsCertPath

loadgen/workload/config_tx.go

@@ -10,7 +10,6 @@ import (
 	"os"
 
 	"github.com/cockroachdb/errors"
-	"github.com/hyperledger/fabric-x-common/protoutil"
 
 	"github.com/hyperledger/fabric-x-committer/api/protoblocktx"
 	"github.com/hyperledger/fabric-x-committer/api/types"
@@ -132,11 +131,11 @@ func (e *HashSignerVerifier) Verify(txID string, tx *protoblocktx.Tx, nsIndex in
 // GetVerificationPolicy returns the verification policy.
 func (e *HashSignerVerifier) GetVerificationPolicy() *protoblocktx.NamespacePolicy {
 	return &protoblocktx.NamespacePolicy{
-		Type: protoblocktx.PolicyType_THRESHOLD_RULE,
-		Policy: protoutil.MarshalOrPanic(&protoblocktx.ThresholdRule{
-			Scheme:    e.scheme,
-			PublicKey: e.pubKey,
-		}),
+		Rule: &protoblocktx.NamespacePolicy_ThresholdRule{
+			ThresholdRule: &protoblocktx.ThresholdRule{
+				Scheme: e.scheme, PublicKey: e.pubKey,
+			},
+		},
 	}
 }
 

loadgen/workload/sign.go

@@ -12,6 +12,7 @@ import (
 	"testing"
 
 	"github.com/hyperledger/fabric-protos-go-apiv2/common"
+	"github.com/hyperledger/fabric-x-common/internaltools/configtxgen/genesisconfig"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/grpc"
 
@@ -179,7 +180,7 @@ func (e *OrdererTestEnv) SubmitConfigBlock(t *testing.T, conf *workload.ConfigBl
 	if conf.MetaNamespaceVerificationKey == nil {
 		conf.MetaNamespaceVerificationKey = e.TestConfig.MetaNamespaceVerificationKey
 	}
-	configBlock, err := workload.CreateDefaultConfigBlock(conf)
+	configBlock, err := workload.CreateDefaultConfigBlock(conf, genesisconfig.TwoOrgsSampleFabricX)
 	require.NoError(t, err)
 	e.Orderer.SubmitBlock(t.Context(), configBlock)
 	return configBlock

mock/test_exports.go

@@ -15,7 +15,6 @@ import (
 	"time"
 
 	"github.com/google/uuid"
-	"github.com/hyperledger/fabric-x-common/protoutil"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
@@ -26,10 +25,10 @@ import (
 	"github.com/hyperledger/fabric-x-committer/mock"
 	"github.com/hyperledger/fabric-x-committer/service/coordinator/dependencygraph"
 	"github.com/hyperledger/fabric-x-committer/service/vc"
+	"github.com/hyperledger/fabric-x-committer/service/verifier/policy"
 	"github.com/hyperledger/fabric-x-committer/utils/channel"
 	"github.com/hyperledger/fabric-x-committer/utils/connection"
 	"github.com/hyperledger/fabric-x-committer/utils/monitoring"
-	"github.com/hyperledger/fabric-x-committer/utils/signature"
 	"github.com/hyperledger/fabric-x-committer/utils/test"
 )
 
@@ -157,14 +156,7 @@ func (e *coordinatorTestEnv) ensureStreamActive(t *testing.T) {
 
 func (e *coordinatorTestEnv) createNamespaces(t *testing.T, blkNum int, nsIDs ...string) {
 	t.Helper()
-	p := &protoblocktx.NamespacePolicy{
-		Type: protoblocktx.PolicyType_THRESHOLD_RULE,
-		Policy: protoutil.MarshalOrPanic(&protoblocktx.ThresholdRule{
-			Scheme:    signature.Ecdsa,
-			PublicKey: []byte("publicKey"),
-		}),
-	}
-	pBytes, err := proto.Marshal(p)
+	pBytes, err := proto.Marshal(policy.MakeECDSAThresholdRuleNsPolicy([]byte("publicKey")))
 	require.NoError(t, err)
 
 	blockNum := uint64(blkNum) //nolint:gosec // int -> uint64.
@@ -258,14 +250,7 @@ func TestCoordinatorServiceValidTx(t *testing.T) {
 
 	preMetricsValue := test.GetIntMetricValue(t, env.coordinator.metrics.transactionReceivedTotal)
 
-	p := &protoblocktx.NamespacePolicy{
-		Type: protoblocktx.PolicyType_THRESHOLD_RULE,
-		Policy: protoutil.MarshalOrPanic(&protoblocktx.ThresholdRule{
-			Scheme:    signature.Ecdsa,
-			PublicKey: []byte("publicKey"),
-		}),
-	}
-	pBytes, err := proto.Marshal(p)
+	pBytes, err := proto.Marshal(policy.MakeECDSAThresholdRuleNsPolicy([]byte("publicKey")))
 	require.NoError(t, err)
 	err = env.csStream.Send(&protocoordinatorservice.Batch{
 		Txs: []*protocoordinatorservice.Tx{
@@ -378,14 +363,7 @@ func TestCoordinatorServiceDependentOrderedTxs(t *testing.T) {
 	utNsVersion := uint64(0)
 	mainKey := []byte("main-key")
 	subKey := []byte("sub-key")
-	p := &protoblocktx.NamespacePolicy{
-		Type: protoblocktx.PolicyType_THRESHOLD_RULE,
-		Policy: protoutil.MarshalOrPanic(&protoblocktx.ThresholdRule{
-			Scheme:    signature.Ecdsa,
-			PublicKey: []byte("public-key"),
-		}),
-	}
-	pBytes, err := proto.Marshal(p)
+	pBytes, err := proto.Marshal(policy.MakeECDSAThresholdRuleNsPolicy([]byte("publicKey")))
 	require.NoError(t, err)
 
 	// We send a block with a series of TXs with apparent conflicts, but all should be committed successfully if
@@ -595,13 +573,7 @@ func TestCoordinatorRecovery(t *testing.T) {
 	// To simulate a failure scenario in which a block is partially committed, we first create block 2
 	// with two transaction but actual block 2 is supposed to have four transactions. Once the partial block 2
 	// is committed, we will restart the service and send a full block 2 with all four transactions.
-	nsPolicy, err := proto.Marshal(&protoblocktx.NamespacePolicy{
-		Type: protoblocktx.PolicyType_THRESHOLD_RULE,
-		Policy: protoutil.MarshalOrPanic(&protoblocktx.ThresholdRule{
-			Scheme:    signature.Ecdsa,
-			PublicKey: []byte("publicKey"),
-		}),
-	})
+	nsPolicy, err := proto.Marshal(policy.MakeECDSAThresholdRuleNsPolicy([]byte("publicKey")))
 	require.NoError(t, err)
 	block2 := &protocoordinatorservice.Batch{
 		Txs: []*protocoordinatorservice.Tx{