This repository has been archived by the owner on Jun 5, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vaultIdentity.go
147 lines (122 loc) · 3.81 KB
/
vaultIdentity.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
package manager
import (
"crypto/ecdsa"
"crypto/sha256"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"errors"
"fmt"
"github.com/golang/protobuf/proto" //nolint:staticcheck
"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/msp"
"github.com/hyperledger/fabric/bccsp/utils"
)
// VaultIdentity is an interface that provides access to the identity
type VaultIdentity struct {
MSPID string `protobuf:"bytes,1,opt,name=mspid,proto3" json:"mspid,omitempty"`
IDBytes []byte `protobuf:"bytes,2,opt,name=idBytes,proto3" json:"idBytes,omitempty"`
Manager Manager `json:"-"`
Key *CartridgeKey `json:"-"`
}
// Reset resets struct
func (m *VaultIdentity) Reset() {
*m = VaultIdentity{}
}
// String converts struct to string reprezentation
func (m *VaultIdentity) String() string {
return proto.CompactTextString(m)
}
// ProtoMessage indicates the identity is Protobuf serializable
func (m *VaultIdentity) ProtoMessage() {}
// Identifier returns the identifier of that identity
func (m *VaultIdentity) Identifier() *msp.IdentityIdentifier {
return &msp.IdentityIdentifier{
ID: m.MSPID,
MSPID: m.MSPID,
}
}
// Verify a signature over some message using this identity as reference
func (m *VaultIdentity) Verify(msg []byte, sig []byte) error {
hash := sha256.Sum256(msg)
return m.Manager.Verify(hash[:], sig, m.Key.PubKey)
}
// Serialize converts an identity to bytes
func (m *VaultIdentity) Serialize() ([]byte, error) {
ident, err := proto.Marshal(m)
if err != nil {
return nil, err
}
return ident, nil
}
// EnrollmentCertificate Returns the underlying ECert representing this user’s identity.
func (m *VaultIdentity) EnrollmentCertificate() []byte {
return m.IDBytes
}
// VaultSigningIdentity represents singing identity using Manager
type VaultSigningIdentity struct {
*VaultIdentity
}
// NewVaultSigningIdentity initializes VaultSigningIdentity
func NewVaultSigningIdentity(mspid, certname string, manager Manager) (*VaultSigningIdentity, error) {
cache := manager.Cache()
cert, err := cache.GetCrypto(certname)
if err != nil {
return nil, fmt.Errorf("failed to find certificate in memory, %w", err)
}
block, _ := pem.Decode(cert)
if block == nil {
return nil, errors.New("cannot decode cert")
}
pubCrt, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, err
}
ecdsaPubKey, ok := pubCrt.PublicKey.(*ecdsa.PublicKey)
if !ok {
return nil, errors.New("invalid key type, expecting ECDSA Public Key")
}
key := &CartridgeKey{PubKey: ecdsaPubKey}
privatekey, err := cache.GetCrypto(fmt.Sprintf("%s_sk", hex.EncodeToString(key.SKI())))
if err != nil {
return nil, fmt.Errorf("failed to find private key in memory, %w", err)
}
pkDecoded, err := PEMToPrivateKey(privatekey, nil)
if err != nil {
return nil, err
}
pkECDSA, ok := pkDecoded.(*ecdsa.PrivateKey)
if !ok {
return nil, errors.New("failed to assert private key PEM-encoded bytes under interface{} to []byte")
}
identity := &VaultSigningIdentity{
VaultIdentity: &VaultIdentity{
MSPID: mspid,
Manager: manager,
Key: &CartridgeKey{PrivKey: pkECDSA, PubKey: ecdsaPubKey},
IDBytes: cert,
},
}
return identity, nil
}
// Sign the message
func (m *VaultSigningIdentity) Sign(msg []byte) ([]byte, error) {
hash := sha256.Sum256(msg)
sig, err := m.Manager.Sign(hash[:], m.Key.PrivKey, m.Key.PubKey)
if err != nil {
return nil, err
}
sigLowS, err := utils.SignatureToLowS(m.Key.PubKey, sig)
if err != nil {
return nil, err
}
return sigLowS, nil
}
// PublicVersion returns the public parts of this identity
func (m *VaultSigningIdentity) PublicVersion() msp.Identity {
return m
}
// PrivateKey returns the crypto suite representation of the private key
func (m *VaultSigningIdentity) PrivateKey() core.Key {
return m.Key
}