Merge pull request #310 from VRamakrishna/main

Basic code and documentation for Cross-Network Identity Sync Protocol

Author: sandeepnRES

common/protos-go/identity/agent.pb.go

@@ -3,6 +3,7 @@ syntax = "proto3";
 package identity.agent;
 
 import "common/ack.proto";
+import "common/membership.proto";
 
 option java_package = "com.weaver.protos.identity.agent";
 option go_package = "github.com/hyperledger-labs/weaver-dlt-interoperability/common/protos-go/identity";
@@ -14,17 +15,39 @@ service IINAgent {
   // Requesting network unit's state from a foreign IIN agent.
   rpc RequestIdentityConfiguration(NetworkUnitIdentity) returns (common.ack.Ack){}
   // Handling network unit's state sent by a foreign IIN agent.
-  rpc SendIdentityConfiguration(NetworkUnitIdentity) returns (common.ack.Ack){}
-  // user or agent triggers a flow to collect signatures attesting an
-  // external/foreign network unit's state and recording to ledger
-  rpc FlowAndRecordAttestations(NetworkUnitIdentity) returns (common.ack.Ack) {}
+  rpc SendIdentityConfiguration(AttestedMembership) returns (common.ack.Ack){}
   // Requesting attestation from a local IIN agent.
-  rpc RequestAttestation(NetworkUnitIdentity) returns (common.ack.Ack){}
+  rpc RequestAttestation(AttestedSecurityDomain) returns (common.ack.Ack){}
   // Handling attestation sent by a local IIN agent.
-  rpc SendAttestation(NetworkUnitIdentity) returns (common.ack.Ack){}
+  rpc SendAttestation(AttestedSecurityDomain) returns (common.ack.Ack){}
 }
 
+// Unique identifier for a unit of a network that runs an IIN agent
 message NetworkUnitIdentity {
   string network_id = 1;
   string participant_id = 2;
+  string nonce = 3;
+}
+
+// Association of signature (over arbitrary data) and signer identity
+message Attestation {
+  NetworkUnitIdentity unit_identity = 1;
+  string certificate = 2;
+  string signature = 3;
+}
+
+// Attested security domain membership by a single member
+message AttestedMembership {
+  common.membership.Membership membership = 1;
+  Attestation attestation = 2;
+}
+
+// Counter attestation over security domain membership attested by its participants
+message AttestedSecurityDomain {
+  message AttestedMembershipSet {
+    common.membership.Membership membership = 1;
+    repeated Attestation attestations = 2;
+  }
+  AttestedMembershipSet security_domain = 1;
+  repeated Attestation attestations = 2;
 }

common/protos-go/identity/agent_grpc.pb.go

@@ -51,7 +51,9 @@ async function subscribeEventHelper(
                     const errorString: string = `${JSON.stringify(err)}`;
                     console.error(errorString);
                 }
-                ack_send.setMessage('Event subscription error: listener registration failed');
+                const errorString2 = JSON.stringify(error);
+                console.error(errorString2);
+                ack_send.setMessage(`Event subscription error: listener registration failed with error: ${errorString2}`);
                 ack_send.setStatus(ack_pb.Ack.STATUS.ERROR);
             } else {
                 ack_send.setMessage('Event subscription is successful!');

common/protos/identity/agent.proto

@@ -1,12 +1,16 @@
+/*
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
 export class LedgerBase {
     ledgerId: string;                   // Unique ID of a ledger in which the Weaver interoperation module is installed
     contractId: string;                 // Unique ID of the contract corresponding to the Weaver interoperation module installed in 'ledgerId'
-    private _isConnected: boolean       // Flag indicating whether we are ready to invoke contracts on the ledger
 
     constructor(ledgerId: string, contractId: string) {
         this.ledgerId = ledgerId;
         this.contractId = contractId;
-        this._isConnected = false;
     }
 
     getLedgerID(): string {
@@ -17,17 +21,13 @@ export class LedgerBase {
         return this.contractId;
     }
 
-    isConnected(): boolean {
-        return this._isConnected;
-    }
-
     // Setup a user (with wallet and one or more identities) with contract invocation credentials
     async setupWalletIdentity() {
     }
 
-    // Preliminary configuration as a prerequisite for contract invocation
-    async setupLedgerConnection() {
-        this._isConnected = true;
+    // Collect security domain membership info
+    async getSecurityDomainMembership(): Promise<object> {
+        return {};
     }
 
     // Invoke a contract to drive a transaction
@@ -36,6 +36,7 @@ export class LedgerBase {
     }
 
     // Query a contract to fetch information from the ledger
-    async queryContract() {
+    async queryContract(): Promise<string> {
+        return "";
     }
 }

core/drivers/fabric-driver/server/events.ts

@@ -0,0 +1,15 @@
+{
+    "admin":{
+        "name":"admin",
+        "secret":"adminpw"
+    },
+    "agent": {
+        "name":"iin-agent",
+        "affiliation":"org1.department1",
+        "role": "client",
+        "attrs": [{ "name": "iin-agent", "value": "true", "ecert": true }]
+    },
+    "mspId":"Org1MSP",
+    "ordererMspIds": ["OrdererMSP"],
+    "caUrl":""
+}

core/identity-management/iin-agent/src/common/ledgerBase.ts

@@ -0,0 +1,58 @@
+/*
+ * Copyright IBM Corp. All Rights Reserved.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { Contract } from 'fabric-network';
+import { LedgerBase } from '../common/ledgerBase';
+import { walletSetup } from './walletUtils';
+import { getAllMSPConfigurations, invokeFabricChaincode, queryFabricChaincode } from './networkUtils';
+import * as path from 'path';
+import * as fs from 'fs';
+
+export class FabricConnector extends LedgerBase {
+    connectionProfilePath: string;
+    configFilePath: string;
+    networkId: string;
+    orgMspId: string;
+    walletPath: string;
+
+    constructor(ledgerId: string, contractId: string, networkId: string, connectionProfilePath: string, configFilePath: string, walletPath: string) {
+        super(ledgerId, contractId);
+        this.connectionProfilePath = connectionProfilePath ? connectionProfilePath : path.resolve(__dirname, './', 'connection_profile.json');
+        this.configFilePath = configFilePath ? configFilePath : path.resolve(__dirname, './', 'config.json');
+        this.networkId = networkId ? networkId : 'network1';
+        if (!fs.existsSync(configFilePath)) {
+            throw new Error('Config does not exist at path: ' + configFilePath);
+        }
+        this.orgMspId = JSON.parse(fs.readFileSync(configFilePath, 'utf8').toString()).mspId;
+        this.walletPath = walletPath ? walletPath : path.join(process.cwd(), `wallet-${this.networkId}`);
+    }
+
+    // Setup a user (with wallet and one or more identities) with contract invocation credentials
+    async setupWalletIdentity() {
+        walletSetup(this.walletPath, this.connectionProfilePath, this.configFilePath, this.networkId);
+    }
+
+    // Collect security domain membership info
+    async getSecurityDomainMembership(): Promise<object> {
+        const memberships = getAllMSPConfigurations(this.walletPath, this.connectionProfilePath, this.configFilePath, this.ledgerId);
+        const securityDomainInfo = {
+            securityDomain: this.networkId,
+            members: memberships,
+        }
+        return securityDomainInfo;
+    }
+
+    // Invoke a contract to drive a transaction
+    // TODO: Add parameters corresponding to the output of a flow among IIN agents
+    async invokeContract(): Promise<any> {
+        return await invokeFabricChaincode(this.walletPath, this.connectionProfilePath, this.configFilePath, this.ledgerId, this.contractId, "", []);
+    }
+
+    // Query a contract to fetch information from the ledger
+    async queryContract(): Promise<string> {
+        return await queryFabricChaincode(this.walletPath, this.connectionProfilePath, this.configFilePath, this.ledgerId, this.contractId, "", []);
+    }
+}