-
Notifications
You must be signed in to change notification settings - Fork 6
/
grpc_query_verify_signature.go
95 lines (73 loc) · 2.95 KB
/
grpc_query_verify_signature.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package keeper
import (
"context"
"cosmossdk.io/errors"
"encoding/base64"
"github.com/chain4energy/c4e-chain/x/cfesignature/types"
"github.com/chain4energy/c4e-chain/x/cfesignature/util"
sdk "github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
func (k Keeper) VerifySignature(goCtx context.Context, req *types.QueryVerifySignatureRequest) (*types.QueryVerifySignatureResponse, error) {
if req == nil {
return nil, status.Error(codes.InvalidArgument, "invalid request")
}
ctx := sdk.UnwrapSDKContext(goCtx)
// TODO: Process the query
_ = ctx
referenceId := req.ReferenceId
targetAccAddress := req.TargetAccAddress
var signature *types.Signature
queryCreateStorageKeyRequest := types.QueryCreateStorageKeyRequest{TargetAccAddress: req.TargetAccAddress, ReferenceId: referenceId}
// fetch storage keys for signature and document hash
storageKeySignature, err := k.CreateStorageKey(goCtx, &queryCreateStorageKeyRequest)
if err != nil {
//it is safe to forward local errors
return nil, err
}
// get signature object from the ledger
signature, err = k.GetSignature(ctx, storageKeySignature.StorageKey)
if err != nil {
// it is safe to forward local errors
return nil, err
}
// fetch reference payload link
referencePayloadLink, err := k.GetPayloadLink(ctx, req.ReferenceId)
if err != nil {
// it is safe to forward local errors
return nil, err
}
// reconstruct signature payload
signaturePayload := util.CalculateHash(util.HashConcat(targetAccAddress, referenceId, referencePayloadLink))
validationError := k.isValidSignature(goCtx, targetAccAddress, signaturePayload, signature.Signature, signature.Algorithm, signature.Certificate)
if validationError != nil {
// it is safe to forward local errors
return nil, validationError
}
return &types.QueryVerifySignatureResponse{Signature: signature.Signature, Algorithm: signature.Algorithm, Certificate: signature.Signature,
Timestamp: signature.Timestamp, Valid: "valid"}, nil
}
func (k Keeper) isValidSignature(goCtx context.Context, targetAccAddress, signaturePayload, signature, signatureAlgorithm, certificate string) error {
// decode signature from base64
signatureBytes, err := base64.StdEncoding.DecodeString(signature)
if err != nil {
return errors.Wrap(sdkerrors.ErrLogic, "failed to decode signature string")
}
x509signatureAlgorithm, err := util.GetSignatureAlgorithmFromString(signatureAlgorithm)
if err != nil {
// it is safe to forward local errors
return err
}
userCert, err := util.GetUserCertificateFromString([]byte(certificate))
if err != nil {
// it is safe to forward local errors
return err
}
// verifies that signature is a valid signature
if err = userCert.CheckSignature(x509signatureAlgorithm, []byte(signaturePayload), signatureBytes); err != nil {
return errors.Wrap(sdkerrors.ErrInvalidRequest, "signature validation failed")
}
return nil
}