-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsigneddata.go
116 lines (99 loc) · 3.59 KB
/
signeddata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package protoutil
import (
"bytes"
"crypto/x509"
"encoding/pem"
"fmt"
"strings"
"github.com/hyperledger/fabric-protos-go-apiv2/common"
"github.com/hyperledger/fabric-protos-go-apiv2/msp"
"google.golang.org/protobuf/proto"
)
// SignedData is used to represent the general triplet required to verify a signature
// This is intended to be generic across crypto schemes, while most crypto schemes will
// include the signing identity and a nonce within the Data, this is left to the crypto
// implementation.
type SignedData struct {
Data []byte
Identity []byte
Signature []byte
}
// ConfigUpdateEnvelopeAsSignedData returns the set of signatures for the
// ConfigUpdateEnvelope as SignedData or an error indicating why this was not
// possible.
func ConfigUpdateEnvelopeAsSignedData(ce *common.ConfigUpdateEnvelope) ([]*SignedData, error) {
if ce == nil {
return nil, fmt.Errorf("No signatures for nil SignedConfigItem")
}
result := make([]*SignedData, len(ce.Signatures))
for i, configSig := range ce.Signatures {
sigHeader := &common.SignatureHeader{}
err := proto.Unmarshal(configSig.SignatureHeader, sigHeader)
if err != nil {
return nil, err
}
result[i] = &SignedData{
Data: bytes.Join([][]byte{configSig.SignatureHeader, ce.ConfigUpdate}, nil),
Identity: sigHeader.Creator,
Signature: configSig.Signature,
}
}
return result, nil
}
// EnvelopeAsSignedData returns the signatures for the Envelope as SignedData
// slice of length 1 or an error indicating why this was not possible.
func EnvelopeAsSignedData(env *common.Envelope) ([]*SignedData, error) {
if env == nil {
return nil, fmt.Errorf("No signatures for nil Envelope")
}
payload := &common.Payload{}
err := proto.Unmarshal(env.Payload, payload)
if err != nil {
return nil, err
}
if payload.Header == nil /* || payload.Header.SignatureHeader == nil */ {
return nil, fmt.Errorf("Missing Header")
}
shdr := &common.SignatureHeader{}
err = proto.Unmarshal(payload.Header.SignatureHeader, shdr)
if err != nil {
return nil, fmt.Errorf("GetSignatureHeaderFromBytes failed, err %s", err)
}
return []*SignedData{{
Data: env.Payload,
Identity: shdr.Creator,
Signature: env.Signature,
}}, nil
}
// LogMessageForSerializedIdentity returns a string with seriealized identity information,
// or a string indicating why the serialized identity information cannot be returned.
// Any errors are intentially returned in the return strings so that the function can be used in single-line log messages with minimal clutter.
func LogMessageForSerializedIdentity(serializedIdentity []byte) string {
id := &msp.SerializedIdentity{}
err := proto.Unmarshal(serializedIdentity, id)
if err != nil {
return fmt.Sprintf("Could not unmarshal serialized identity: %s", err)
}
pemBlock, _ := pem.Decode(id.IdBytes)
if pemBlock == nil {
// not all identities are certificates so simply log the serialized
// identity bytes
return fmt.Sprintf("serialized-identity=%x", serializedIdentity)
}
cert, err := x509.ParseCertificate(pemBlock.Bytes)
if err != nil {
return fmt.Sprintf("Could not parse certificate: %s", err)
}
return fmt.Sprintf("(mspid=%s subject=%s issuer=%s serialnumber=%d)", id.Mspid, cert.Subject, cert.Issuer, cert.SerialNumber)
}
func LogMessageForSerializedIdentities(signedData []*SignedData) (logMsg string) {
var identityMessages []string
for _, sd := range signedData {
identityMessages = append(identityMessages, LogMessageForSerializedIdentity(sd.Identity))
}
return strings.Join(identityMessages, ", ")
}