Removing core/chaincode/shim/crypto

This change-set removes the crypto package under
core/chaincode/shim. All of its functions have
been moved to the accesscontrol package and
the chaincode examples using it have been updated
to use the new package.

Notice that the accesscontrol package is still
under development. More change-sets will be
submitted to shape it.

This change-set comes in the context of
https://jira.hyperledger.org/browse/FAB-831

Change-Id: I42bc59265f1a84aae71e971c063d119a410eb361
Signed-off-by: Angelo De Caro <[email protected]>

Author: adecaro

accesscontrol/crypto/ecdsa/ecdsa.go

@@ -21,7 +21,7 @@ import (
 	"encoding/asn1"
 	"math/big"
 
-	"github.com/hyperledger/fabric/core/chaincode/shim/crypto"
+	"github.com/hyperledger/fabric/accesscontrol/crypto"
 )
 
 type x509ECDSASignatureVerifierImpl struct {

accesscontrol/impl/chaincode.go

@@ -0,0 +1,70 @@
+package impl
+
+import (
+	"github.com/hyperledger/fabric/accesscontrol"
+	"github.com/hyperledger/fabric/accesscontrol/crypto/attr"
+	"github.com/hyperledger/fabric/accesscontrol/crypto/ecdsa"
+	"github.com/hyperledger/fabric/core/chaincode/shim"
+	"github.com/hyperledger/fabric/core/crypto/primitives"
+)
+
+// NewAccessControlShim create a new AccessControlShim instance
+func NewAccessControlShim(stub shim.ChaincodeStubInterface) *AccessControlShim {
+	// TODO: The package accesscontrol still depends on the initialization
+	// of the primitives package.
+	// This has to be removed by using the BCCSP which will carry this information.
+	// A similar approach has been used to remove the calls
+	// to InitSecurityLevel and SetSecurityLevel from the core.
+	primitives.SetSecurityLevel("SHA2", 256)
+
+	return &AccessControlShim{stub}
+}
+
+// AccessControlShim wraps the object passed to chaincode for shim side handling of
+// APIs to provide access control capabilities.
+type AccessControlShim struct {
+	stub shim.ChaincodeStubInterface
+}
+
+//ReadCertAttribute is used to read an specific attribute from the transaction certificate, *attributeName* is passed as input parameter to this function.
+// Example:
+//  attrValue,error:=stub.ReadCertAttribute("position")
+func (shim *AccessControlShim) ReadCertAttribute(attributeName string) ([]byte, error) {
+	attributesHandler, err := attr.NewAttributesHandlerImpl(shim.stub)
+	if err != nil {
+		return nil, err
+	}
+	return attributesHandler.GetValue(attributeName)
+}
+
+//VerifyAttribute is used to verify if the transaction certificate has an attribute with name *attributeName* and value *attributeValue* which are the input parameters received by this function.
+//Example:
+//    containsAttr, error := stub.VerifyAttribute("position", "Software Engineer")
+func (shim *AccessControlShim) VerifyAttribute(attributeName string, attributeValue []byte) (bool, error) {
+	attributesHandler, err := attr.NewAttributesHandlerImpl(shim.stub)
+	if err != nil {
+		return false, err
+	}
+	return attributesHandler.VerifyAttribute(attributeName, attributeValue)
+}
+
+//VerifyAttributes does the same as VerifyAttribute but it checks for a list of attributes and their respective values instead of a single attribute/value pair
+// Example:
+//    containsAttrs, error:= stub.VerifyAttributes(&attr.Attribute{"position",  "Software Engineer"}, &attr.Attribute{"company", "ACompany"})
+func (shim *AccessControlShim) VerifyAttributes(attrs ...*accesscontrol.Attribute) (bool, error) {
+	attributesHandler, err := attr.NewAttributesHandlerImpl(shim.stub)
+	if err != nil {
+		return false, err
+	}
+	return attributesHandler.VerifyAttributes(attrs...)
+}
+
+// VerifySignature verifies the transaction signature and returns `true` if
+// correct and `false` otherwise
+func (shim *AccessControlShim) VerifySignature(certificate, signature, message []byte) (bool, error) {
+	// Instantiate a new SignatureVerifier
+	sv := ecdsa.NewX509ECDSASignatureVerifier()
+
+	// Verify the signature
+	return sv.Verify(certificate, signature, message)
+}

core/chaincode/shim/chaincode.go

@@ -30,8 +30,6 @@ import (
 
 	"github.com/golang/protobuf/proto"
 	"github.com/golang/protobuf/ptypes/timestamp"
-	"github.com/hyperledger/fabric/core/chaincode/shim/crypto/attr"
-	"github.com/hyperledger/fabric/core/chaincode/shim/crypto/ecdsa"
 	"github.com/hyperledger/fabric/core/comm"
 	"github.com/hyperledger/fabric/core/util"
 	pb "github.com/hyperledger/fabric/protos/peer"
@@ -315,39 +313,6 @@ func (stub *ChaincodeStub) DelState(key string) error {
 	return stub.handler.handleDelState(key, stub.TxID)
 }
 
-//ReadCertAttribute is used to read an specific attribute from the transaction certificate, *attributeName* is passed as input parameter to this function.
-// Example:
-//  attrValue,error:=stub.ReadCertAttribute("position")
-func (stub *ChaincodeStub) ReadCertAttribute(attributeName string) ([]byte, error) {
-	attributesHandler, err := attr.NewAttributesHandlerImpl(stub)
-	if err != nil {
-		return nil, err
-	}
-	return attributesHandler.GetValue(attributeName)
-}
-
-//VerifyAttribute is used to verify if the transaction certificate has an attribute with name *attributeName* and value *attributeValue* which are the input parameters received by this function.
-//Example:
-//    containsAttr, error := stub.VerifyAttribute("position", "Software Engineer")
-func (stub *ChaincodeStub) VerifyAttribute(attributeName string, attributeValue []byte) (bool, error) {
-	attributesHandler, err := attr.NewAttributesHandlerImpl(stub)
-	if err != nil {
-		return false, err
-	}
-	return attributesHandler.VerifyAttribute(attributeName, attributeValue)
-}
-
-//VerifyAttributes does the same as VerifyAttribute but it checks for a list of attributes and their respective values instead of a single attribute/value pair
-// Example:
-//    containsAttrs, error:= stub.VerifyAttributes(&attr.Attribute{"position",  "Software Engineer"}, &attr.Attribute{"company", "ACompany"})
-func (stub *ChaincodeStub) VerifyAttributes(attrs ...*attr.Attribute) (bool, error) {
-	attributesHandler, err := attr.NewAttributesHandlerImpl(stub)
-	if err != nil {
-		return false, err
-	}
-	return attributesHandler.VerifyAttributes(attrs...)
-}
-
 // StateRangeQueryIterator allows a chaincode to iterate over a range of
 // key/value pairs in the state.
 type StateRangeQueryIterator struct {
@@ -688,16 +653,6 @@ func deleteRowInternal(stub ChaincodeStubInterface, tableName string, key []Colu
 	return nil
 }
 
-// VerifySignature verifies the transaction signature and returns `true` if
-// correct and `false` otherwise
-func (stub *ChaincodeStub) VerifySignature(certificate, signature, message []byte) (bool, error) {
-	// Instantiate a new SignatureVerifier
-	sv := ecdsa.NewX509ECDSASignatureVerifier()
-
-	// Verify the signature
-	return sv.Verify(certificate, signature, message)
-}
-
 // GetCallerCertificate returns caller certificate
 func (stub *ChaincodeStub) GetCallerCertificate() ([]byte, error) {
 	return nil, nil