Introduce client Signing Identity default implementation #102

go.mod

@@ -21,7 +21,7 @@ require (
 	github.com/dgraph-io/badger/v3 v3.2011.1
 	github.com/docker/docker v20.10.7+incompatible
 	github.com/docker/go-connections v0.4.0
-	github.com/fsnotify/fsnotify v1.5.0 // indirect
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
 	github.com/fsouza/go-dockerclient v1.6.1
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/protobuf v1.5.2

go.sum

@@ -368,6 +368,8 @@ github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.5.0 h1:NO5hkcB+srp1x6QmwvNZLeaOgbM8cmBTN32THzjvu2k=
 github.com/fsnotify/fsnotify v1.5.0/go.mod h1:BX0DCEr5pT4jm2CnQdVP1lFV521fcCNcyEeNp4DQQDk=
+github.com/fsnotify/fsnotify v1.5.1 h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=
+github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU=
 github.com/fsouza/go-dockerclient v1.4.1 h1:W7wuJ3IB48WYZv/UBk9dCTIb9oX805+L9KIm65HcUYs=
 github.com/fsouza/go-dockerclient v1.4.1/go.mod h1:PUNHxbowDqRXfRgZqMz1OeGtbWC6VKyZvJ99hDjB0qs=
 github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA=

integration/nwo/api/api.go

@@ -10,7 +10,6 @@ import (
 	"github.com/tedsuo/ifrit/grouper"
 	"gopkg.in/yaml.v2"
 
-	"github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fsc/identity"
 	"github.com/hyperledger-labs/fabric-smart-client/pkg/api"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/client/view"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc"
@@ -58,8 +57,8 @@ type Context interface {
 	AddIdentityAlias(name string, alias string)
 	TopologyByName(name string) Topology
 	SetConnectionConfig(name string, cc *grpc.ConnectionConfig)
-	SetClientSigningIdentity(name string, id identity.SigningIdentity)
-	SetAdminSigningIdentity(name string, id identity.SigningIdentity)
+	SetClientSigningIdentity(name string, id view.SigningIdentity)
+	SetAdminSigningIdentity(name string, id view.SigningIdentity)
 	SetViewIdentity(name string, cert []byte)
 	ConnectionConfig(name string) *grpc.ConnectionConfig
 	ClientSigningIdentity(name string) view.SigningIdentity

integration/nwo/common/context/context.go

@@ -8,7 +8,6 @@ package context
 
 import (
 	"github.com/hyperledger-labs/fabric-smart-client/integration/nwo/api"
-	"github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fsc/identity"
 	view2 "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/client/view"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/grpc"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/view/view"
@@ -90,11 +89,11 @@ func (c *Context) SetConnectionConfig(name string, cc *grpc.ConnectionConfig) {
 	c.ConnectionConfigs[name] = cc
 }
 
-func (c *Context) SetClientSigningIdentity(name string, id identity.SigningIdentity) {
+func (c *Context) SetClientSigningIdentity(name string, id view2.SigningIdentity) {
 	c.ClientSigningIdentities[name] = id
 }
 
-func (c *Context) SetAdminSigningIdentity(name string, id identity.SigningIdentity) {
+func (c *Context) SetAdminSigningIdentity(name string, id view2.SigningIdentity) {
 	c.AdminSigningIdentities[name] = id
 }
 

integration/nwo/fsc/fsc.go

@@ -8,9 +8,6 @@ package fsc
 
 import (
 	"bytes"
-	"crypto/ecdsa"
-	"crypto/x509"
-	"encoding/pem"
 	"fmt"
 	"go/build"
 	"io"
@@ -36,7 +33,6 @@ import (
 	"github.com/hyperledger-labs/fabric-smart-client/integration/nwo/common"
 	runner2 "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/common/runner"
 	"github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fsc/commands"
-	"github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fsc/identity"
 	node2 "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fsc/node"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/fabric/services/crypto"
 	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/client/view"
@@ -635,44 +631,12 @@ func (p *platform) Peer(orgName, peerName string) *node2.Peer {
 	return nil
 }
 
-func (p *platform) GetSigningIdentity(peer *node2.Peer) (identity.SigningIdentity, error) {
-	cert, err := ioutil.ReadFile(p.LocalMSPIdentityCert(peer))
-	if err != nil {
-		return nil, err
-	}
-	sk, err := ioutil.ReadFile(p.LocalMSPPrivateKey(peer))
-	if err != nil {
-		return nil, err
-	}
-	block, _ := pem.Decode(sk)
-	if block == nil {
-		return nil, fmt.Errorf("failed decoding PEM. Block must be different from nil. [% x]", sk)
-	}
-	k, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-	if err != nil {
-		return nil, err
-	}
-	return identity.NewSigningIdentity(cert, k.(*ecdsa.PrivateKey)), nil
+func (p *platform) GetSigningIdentity(peer *node2.Peer) (view.SigningIdentity, error) {
+	return view.NewX509SigningIdentity(p.LocalMSPIdentityCert(peer), p.LocalMSPPrivateKey(peer))
 }
 
-func (p *platform) GetAdminSigningIdentity(peer *node2.Peer) (identity.SigningIdentity, error) {
-	cert, err := ioutil.ReadFile(p.AdminLocalMSPIdentityCert(peer))
-	if err != nil {
-		return nil, err
-	}
-	sk, err := ioutil.ReadFile(p.AdminLocalMSPPrivateKey(peer))
-	if err != nil {
-		return nil, err
-	}
-	block, _ := pem.Decode(sk)
-	if block == nil {
-		return nil, fmt.Errorf("failed decoding PEM. Block must be different from nil. [% x]", sk)
-	}
-	k, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-	if err != nil {
-		return nil, err
-	}
-	return identity.NewSigningIdentity(cert, k.(*ecdsa.PrivateKey)), nil
+func (p *platform) GetAdminSigningIdentity(peer *node2.Peer) (view.SigningIdentity, error) {
+	return view.NewX509SigningIdentity(p.AdminLocalMSPIdentityCert(peer), p.AdminLocalMSPPrivateKey(peer))
 }
 
 func (p *platform) listTLSCACertificates() []string {

platform/view/services/client/view/si.go

@@ -0,0 +1,68 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package view
+
+import (
+	"crypto/ecdsa"
+	"crypto/x509"
+	"encoding/pem"
+	"io/ioutil"
+
+	"github.com/pkg/errors"
+
+	"github.com/hyperledger-labs/fabric-smart-client/platform/view/services/client/view/si"
+)
+
+func NewX509SigningIdentity(certPath, skPath string) (SigningIdentity, error) {
+	cert, err := ioutil.ReadFile(certPath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed reading certificate from [%s]", certPath)
+	}
+	sk, err := ioutil.ReadFile(skPath)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed reading secret key from [%s]", skPath)
+	}
+	block, _ := pem.Decode(sk)
+	if block == nil {
+		return nil, errors.Errorf("failed decoding PEM. Block must be different from nil. [% x]", sk)
+	}
+	k, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, errors.Wrapf(err, "failed parsing PKCS8 private key from [%v]", block.Bytes)
+	}
+
+	switch key := k.(type) {
+	case *ecdsa.PrivateKey:
+		return newSigningIdentity(cert, si.NewEcdsaSigner(key)), nil
+	default:
+		return nil, errors.Errorf("key type [%T] not recognized", key)
+	}
+}
+
+type Signer interface {
+	Sign(msg []byte) (signature []byte, err error)
+}
+
+type signingIdentity struct {
+	serialized []byte
+	signer     Signer
+}
+
+func newSigningIdentity(serialized []byte, signer Signer) *signingIdentity {
+	return &signingIdentity{
+		serialized: serialized,
+		signer:     signer,
+	}
+}
+
+func (s *signingIdentity) Serialize() ([]byte, error) {
+	return s.serialized, nil
+}
+
+func (s *signingIdentity) Sign(message []byte) ([]byte, error) {
+	return s.signer.Sign(message)
+}

integration/nwo/fsc/identity/ecdsa.go → platform/view/services/client/view/si/ecdsa.go

@@ -4,17 +4,16 @@ Copyright IBM Corp. All Rights Reserved.
 SPDX-License-Identifier: Apache-2.0
 */
 
-package identity
+package si
 
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/sha256"
+	"encoding/asn1"
 	"fmt"
 	"math/big"
-
-	"github.com/hyperledger/fabric/bccsp/utils"
 )
 
 var (
@@ -34,28 +33,31 @@ type ecdsaSignature struct {
 	R, S *big.Int
 }
 
-type edsaSigner struct {
+type ecdsaSigner struct {
 	sk *ecdsa.PrivateKey
 }
 
-func (d *edsaSigner) Sign(message []byte) ([]byte, error) {
+func NewEcdsaSigner(sk *ecdsa.PrivateKey) *ecdsaSigner {
+	return &ecdsaSigner{sk: sk}
+}
+
+func (d *ecdsaSigner) Sign(message []byte) ([]byte, error) {
 	dgst := sha256.Sum256(message)
 
 	r, s, err := ecdsa.Sign(rand.Reader, d.sk, dgst[:])
 	if err != nil {
 		return nil, err
 	}
 
-	s, _, err = ToLowS(&d.sk.PublicKey, s)
+	s, _, err = toLowS(&d.sk.PublicKey, s)
 	if err != nil {
 		return nil, err
 	}
 
-	return utils.MarshalECDSASignature(r, s)
+	return asn1.Marshal(ecdsaSignature{R: r, S: s})
 }
 
-// IsLowS checks that s is a low-S
-func IsLowS(k *ecdsa.PublicKey, s *big.Int) (bool, error) {
+func isLowS(k *ecdsa.PublicKey, s *big.Int) (bool, error) {
 	halfOrder, ok := curveHalfOrders[k.Curve]
 	if !ok {
 		return false, fmt.Errorf("curve not recognized [%s]", k.Curve)
@@ -65,8 +67,8 @@ func IsLowS(k *ecdsa.PublicKey, s *big.Int) (bool, error) {
 
 }
 
-func ToLowS(k *ecdsa.PublicKey, s *big.Int) (*big.Int, bool, error) {
-	lowS, err := IsLowS(k, s)
+func toLowS(k *ecdsa.PublicKey, s *big.Int) (*big.Int, bool, error) {
+	lowS, err := isLowS(k, s)
 	if err != nil {
 		return nil, false, err
 	}