Merge pull request #316 from VRamakrishna/main

Fabric Interoperation Chaincode Upgrade for Attested Foreign Identities

Author: sandeepnRES

.github/workflows/test_asset-exchange-fabric.yml

@@ -21,7 +21,7 @@ on:
 jobs:
 
   asset-exchange-fabric:
-    # if: ${{ false }}  # disable
+    if: ${{ false }}  # disable
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 

.github/workflows/test_asset-transfer.yml

@@ -20,7 +20,7 @@ on:
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:   
   fabric-asset-transfer:
-    # if: ${{ false }}  # disable
+    if: ${{ false }}  # disable
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 

.github/workflows/test_data-sharing.yml

@@ -20,7 +20,7 @@ on:
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   data-sharing:
-    # if: ${{ false }}  # disable
+    if: ${{ false }}  # disable
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
 

common/protos-go/identity/agent.pb.go

@@ -29,30 +29,31 @@ message SecurityDomainMemberIdentity {
 }
 
 message SecurityDomainMemberIdentityRequest {
-    SecurityDomainMemberIdentity source_network = 1;
-    SecurityDomainMemberIdentity requesting_network = 2;
-    string nonce = 3;
+  SecurityDomainMemberIdentity source_network = 1;
+  SecurityDomainMemberIdentity requesting_network = 2;
+  string nonce = 3;
 }
 
 // Association of signature (over arbitrary data) and signer identity
 message Attestation {
   SecurityDomainMemberIdentity unit_identity = 1;
   string certificate = 2;
   string signature = 3;
+  string nonce = 4;
 }
 
 // Attested security domain membership by a single member
 message AttestedMembership {
-  common.membership.Membership membership = 1;
+  string membership = 1;         // 'common.membership.Membership': Serialized and Base64-encoded
   Attestation attestation = 2;
 }
 
 // Counter attestation over security domain membership attested by its participants
 message CounterAttestedMembership {
   message AttestedMembershipSet {
-    common.membership.Membership membership = 1;
+    string membership = 1;                   // 'common.membership.Membership': Serialized and Base64-encoded
     repeated Attestation attestations = 2;
   }
-  AttestedMembershipSet attested_membership_set = 1;
+  string attested_membership_set = 1;        // 'AttestedMembershipSet': Serialized and Base64-encoded
   repeated Attestation attestations = 2;
 }

common/protos/identity/agent.proto

@@ -26,6 +26,7 @@ build-refresh-dependencies: github.properties
 .PHONY: image-local
 image-local: build-local
 	docker build -f Dockerfile.local -t $(DOCKER_IMAGE_NAME):$(DOCKER_TAG) .
+	docker tag $(DOCKER_IMAGE_NAME):$(DOCKER_TAG) $(DOCKER_IMAGE_NAME):latest
 
 .PHONY: image
 image: github.properties

core/drivers/corda-driver/makefile

@@ -43,6 +43,7 @@ build-image-local: protos-js weaver-fabric-interop-sdk
 		(mv package-remote.json package.json && exit 1) # Only if fails
 	mv package-remote.json package.json # Only if success
 	rm -rf protos-js
+	docker tag ${DOCKER_IMAGE_NAME}:$(DOCKER_TAG) $(DOCKER_IMAGE_NAME):latest
 
 build-image: .npmrc
 	docker build --build-arg BUILD_TAG="remote" --build-arg GIT_URL=$(GIT_URL) -t ${DOCKER_IMAGE_NAME}:$(DOCKER_TAG) -f fabricDriver.dockerfile .

core/drivers/fabric-driver/makefile

@@ -90,9 +90,9 @@ func verifyCaCertificate(cert *x509.Certificate, memberCertificate string) error
 	return nil
 }
 
-/* This function works for a Corda network's configuration
-   The assumption is that a Corda network has a single Root CA and Doorman CA, and one or more Node CAs corresponding to nodes.
-   This function will receive arguments for exactly one node with the following cert chain assumed: <root cert> -> <int cert 0> -> <int cert 1>
+/* This function will receive arguments for exactly one node with the following cert chain assumed: <root cert> -> <int cert 0> -> <int cert 1> -> ......
+   In a Fabric network, we assume that there are multiple MSPs, each having one or more Root CAs and zero or more Intermediate CAs.
+   In a Corda network, we assume that there is a single Root CA and Doorman CA, and one or more Node CAs corresponding to nodes.
 */
 func verifyCertificateChain(cert *x509.Certificate, certPEMs []string) error {
 	var parentCert *x509.Certificate
@@ -227,7 +227,7 @@ func validateSignature(message string, cert *x509.Certificate, signature string)
 	pubKey := getECDSAPublicKeyFromCertificate(cert)
 	if pubKey != nil {
 		// Construct the message that was signed
-		hashed, err := computeSHA2Hash([]byte(message), 256)
+		hashed, err := computeSHA2Hash([]byte(message), pubKey.Params().BitSize)
 		if err != nil {
 			return err
 		}
@@ -241,6 +241,7 @@ func validateSignature(message string, cert *x509.Certificate, signature string)
 		return errors.New("Missing or unsupported public key type")
 	}
 }
+
 func parseCert(certString string) (*x509.Certificate, error) {
 	certBytes, _ := pem.Decode([]byte(certString))
 

core/network/fabric-interop-cc/contracts/interop/certificate_utils.go

@@ -12,10 +12,14 @@
 package main
 
 import (
+	"encoding/base64"
 	"encoding/json"
 	"strings"
+	"fmt"
 
 	"github.com/hyperledger-labs/weaver-dlt-interoperability/common/protos-go/common"
+	"github.com/hyperledger-labs/weaver-dlt-interoperability/common/protos-go/identity"
+	protoV2 "google.golang.org/protobuf/proto"
 )
 
 func decodeMembership(jsonBytes []byte) (*common.Membership, error) {
@@ -29,6 +33,19 @@ func decodeMembership(jsonBytes []byte) (*common.Membership, error) {
 	return &decodeObj, nil
 }
 
+func decodeCounterAttestedMembership(protoBytesBase64 string) (*identity.CounterAttestedMembership, error) {
+	var decodeObj identity.CounterAttestedMembership
+	protoBytes, err := base64.StdEncoding.DecodeString(protoBytesBase64)
+	if err != nil {
+		return nil, fmt.Errorf("Counter attested membership could not be decoded from base64: %s", err.Error())
+	}
+	err = protoV2.Unmarshal(protoBytes, &decodeObj)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to unmarshal counter attested membership: %s", err.Error())
+	}
+	return &decodeObj, nil
+}
+
 func decodeVerificationPolicy(jsonBytes []byte) (*common.VerificationPolicy, error) {
 	var decodeObj common.VerificationPolicy
 	dec := json.NewDecoder(strings.NewReader(string(jsonBytes)))

core/network/fabric-interop-cc/contracts/interop/decoders.go

@@ -181,6 +181,7 @@ func testHandleExternalRequestSignatureCertificateMismatch(t *testing.T, query *
 
 	_, err = interopcc.HandleExternalRequest(ctx, string(b64QueryBytes))
 	require.EqualError(t, err, fmt.Sprintf("Invalid Signature: asn1: structure error: tags don't match (16 vs {class:1 tag:19 length:105 isCompound:false}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} ECDSASignature @2"))
+	//require.EqualError(t, err, "Invalid Signature: Signature Verification failed. ECDSA VERIFY")
 }
 
 func testHandleExternalRequestInvalidCert(t *testing.T, query *common.Query) {