[FAB-187] VSCC uses policies specified upon deploy

This change-set provides support for endorsement policies. At chaincode deploy
time, the deployer can specify the endorsement policy it requires from command
line. The cc deploy tx is sent to lccc which stores the policy. Later, the
validator can extract the policy and send it to VSCC.

Change-Id: Ic1bc0e492a9070a355cfba83dfa56d121902c543
Signed-off-by: Alessandro Sorniotti <[email protected]>

Author: ale-linux

core/chaincode/ccproviderimpl.go

@@ -19,6 +19,8 @@ package chaincode
 import (
 	"context"
 
+	"fmt"
+
 	"github.com/hyperledger/fabric/core/common/ccprovider"
 	"github.com/hyperledger/fabric/core/ledger"
 	pb "github.com/hyperledger/fabric/protos/peer"
@@ -72,18 +74,23 @@ func (c *ccProviderImpl) GetCCContext(cid, name, version, txid string, syscc boo
 
 // GetCCValidationInfoFromLCCC returns the VSCC and the policy listed in LCCC for the supplied chaincode
 func (c *ccProviderImpl) GetCCValidationInfoFromLCCC(ctxt context.Context, txid string, prop *pb.Proposal, chainID string, chaincodeID string) (string, []byte, error) {
+	// LCCC does not have any notion about its own
+	// endorsing policy - we should never call this
+	// function with lccc as the chaincodeID
+	if chaincodeID == "lccc" {
+		panic("GetCCValidationInfoFromLCCC invoke for LCCC")
+	}
+
 	data, err := GetChaincodeDataFromLCCC(ctxt, txid, prop, chainID, chaincodeID)
 	if err != nil {
 		return "", nil, err
 	}
 
-	vscc := "vscc"
-	// Check whenever VSCC defined for chaincode data
-	if data != nil && data.Vscc != "" {
-		vscc = data.Vscc
+	if data == nil || data.Vscc == "" || data.Policy == nil {
+		return "", nil, fmt.Errorf("Incorrect validation info in LCCC")
 	}
 
-	return vscc, data.Policy, nil
+	return data.Vscc, data.Policy, nil
 }
 
 // ExecuteChaincode executes the chaincode specified in the context with the specified arguments

core/chaincode/exectransaction_test.go

@@ -141,7 +141,7 @@ func endTxSimulationCDS(chainID string, txid string, txsim ledger.TxSimulator, p
 		return err
 	}
 	// get a proposal - we need it to get a transaction
-	prop, err := putils.CreateDeployProposalFromCDS(txid, chainID, cds, ss)
+	prop, err := putils.CreateDeployProposalFromCDS(txid, chainID, cds, ss, nil, nil, nil)
 	if err != nil {
 		return err
 	}

core/committer/txvalidator/validator.go

@@ -20,18 +20,17 @@ import (
 	"fmt"
 
 	"github.com/golang/protobuf/proto"
-	"github.com/hyperledger/fabric/common/cauthdsl"
 	coreUtil "github.com/hyperledger/fabric/common/util"
 	"github.com/hyperledger/fabric/core/chaincode/shim"
 	"github.com/hyperledger/fabric/core/common/ccprovider"
 	"github.com/hyperledger/fabric/core/common/validation"
 	"github.com/hyperledger/fabric/core/ledger"
 	ledgerUtil "github.com/hyperledger/fabric/core/ledger/util"
 	"github.com/hyperledger/fabric/msp"
+
 	"github.com/hyperledger/fabric/protos/common"
 	"github.com/hyperledger/fabric/protos/utils"
 	"github.com/op/go-logging"
-	"github.com/syndtr/goleveldb/leveldb/errors"
 )
 
 // Support provides all of the needed to evaluate the VSCC
@@ -177,41 +176,6 @@ func (v *txValidator) Validate(block *common.Block) error {
 	return nil
 }
 
-// getSemiHardcodedPolicy returns a policy that requests
-// one valid signature from the first MSP in this
-// chain's MSP manager
-// FIXME: this needs to be removed as soon as we extract the policy from LCCC
-func getSemiHardcodedPolicy(chainID string, mspMgr msp.MSPManager) ([]byte, error) {
-	// 1) determine the MSP identifier for the first MSP in this chain
-	var msp msp.MSP
-	msps, err := mspMgr.GetMSPs()
-	if err != nil {
-		return nil, fmt.Errorf("Could not retrieve the MSPs for the chain manager, err %s", err)
-	}
-	if len(msps) == 0 {
-		return nil, errors.New("At least one MSP was expected")
-	}
-	for _, m := range msps {
-		msp = m
-		break
-	}
-	mspid, err := msp.GetIdentifier()
-	if err != nil {
-		return nil, fmt.Errorf("Failure getting the msp identifier, err %s", err)
-	}
-
-	// 2) get the policy
-	p := cauthdsl.SignedByMspMember(mspid)
-
-	// 3) marshal it and return it
-	b, err := proto.Marshal(p)
-	if err != nil {
-		return nil, fmt.Errorf("Could not marshal policy, err %s", err)
-	}
-
-	return b, err
-}
-
 func (v *vsccValidatorImpl) VSCCValidateTx(payload *common.Payload, envBytes []byte) error {
 	// Chain ID
 	chainID := payload.Header.ChainHeader.ChainID
@@ -230,21 +194,6 @@ func (v *vsccValidatorImpl) VSCCValidateTx(payload *common.Payload, envBytes []b
 		return err
 	}
 
-	// TODO: temporary workaround until the policy is specified
-	// by the deployer and can be retrieved via LCCC: we create
-	// a policy that requests 1 valid signature from this chain's
-	// MSP
-	policy, err := getSemiHardcodedPolicy(chainID, v.support.MSPManager())
-	if err != nil {
-		return err
-	}
-
-	// build arguments for VSCC invocation
-	// args[0] - function name (not used now)
-	// args[1] - serialized Envelope
-	// args[2] - serialized policy
-	args := [][]byte{[]byte(""), envBytes, policy}
-
 	ctxt, err := v.ccprovider.GetContext(v.support.Ledger())
 	if err != nil {
 		logger.Errorf("Cannot obtain context for txid=%s, err %s", txid, err)
@@ -258,22 +207,32 @@ func (v *vsccValidatorImpl) VSCCValidateTx(payload *common.Payload, envBytes []b
 		return err
 	}
 
-	// TODO: Temporary solution until FAB-1422 get resolved
-	// Explanation: we actually deploying chaincode transaction,
-	// hence no lccc yet to query for the data, therefore currently
-	// introducing a workaround to skip obtaining LCCC data.
-	vscc := "vscc"
-	if hdrExt.ChaincodeID.Name != "lccc" {
-		// Extracting vscc from lccc
-		// TODO: extract policy as well when available; it's the second argument returned by GetCCValidationInfoFromLCCC
-		vscc, _, err = v.ccprovider.GetCCValidationInfoFromLCCC(ctxt, txid, nil, chainID, hdrExt.ChaincodeID.Name)
-		if err != nil {
-			logger.Errorf("Unable to get chaincode data from LCCC for txid %s, due to %s", txid, err)
-			return err
-		}
+	// LCCC should not undergo standard VSCC type of
+	// validation. It should instead go through system
+	// policy validation to determine whether the issuer
+	// is entitled to deploy a chaincode on our chain
+	// VSCCValidateTx should
+	if hdrExt.ChaincodeID.Name == "lccc" {
+		// TODO: until FAB-1934 is in, we need to stop here
+		logger.Infof("Invocation of LCCC detected, no further VSCC validation necessary")
+		return nil
+	}
+
+	// obtain name of the VSCC and the policy from LCCC
+	vscc, policy, err := v.ccprovider.GetCCValidationInfoFromLCCC(ctxt, txid, nil, chainID, hdrExt.ChaincodeID.Name)
+	if err != nil {
+		logger.Errorf("Unable to get chaincode data from LCCC for txid %s, due to %s", txid, err)
+		return err
 	}
 
+	// build arguments for VSCC invocation
+	// args[0] - function name (not used now)
+	// args[1] - serialized Envelope
+	// args[2] - serialized policy
+	args := [][]byte{[]byte(""), envBytes, policy}
+
 	vscctxid := coreUtil.GenerateUUID()
+
 	// Get chaincode version
 	version := coreUtil.GetSysCCVersion()
 	cccid := v.ccprovider.GetCCContext(chainID, vscc, version, vscctxid, true, nil)

core/common/sysccprovider/sysccprovider.go

@@ -0,0 +1,50 @@
+/*
+Copyright IBM Corp. 2017 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package sysccprovider
+
+// SystemChaincodeProvider provides an abstraction layer that is
+// used for different packages to interact with code in the
+// system chaincode package without importing it; more methods
+// should be added below if necessary
+type SystemChaincodeProvider interface {
+	// IsSysCC returns true if the supplied chaincode is a system chaincode
+	IsSysCC(name string) bool
+}
+
+var sccFactory SystemChaincodeProviderFactory
+
+// SystemChaincodeProviderFactory defines a factory interface so
+// that the actual implementation can be injected
+type SystemChaincodeProviderFactory interface {
+	NewSystemChaincodeProvider() SystemChaincodeProvider
+}
+
+// RegisterSystemChaincodeProviderFactory is to be called once to set
+// the factory that will be used to obtain instances of ChaincodeProvider
+func RegisterSystemChaincodeProviderFactory(sccfact SystemChaincodeProviderFactory) {
+	sccFactory = sccfact
+}
+
+// GetSystemChaincodeProvider returns instances of SystemChaincodeProvider;
+// the actual implementation is controlled by the factory that
+// is registered via RegisterSystemChaincodeProviderFactory
+func GetSystemChaincodeProvider() SystemChaincodeProvider {
+	if sccFactory == nil {
+		panic("The factory must be set first via RegisterSystemChaincodeProviderFactory")
+	}
+	return sccFactory.NewSystemChaincodeProvider()
+}

core/endorser/endorser.go

@@ -128,7 +128,7 @@ func (e *Endorser) callChaincode(ctxt context.Context, chainID string, version s
 	//
 	//NOTE that if there's an error all simulation, including the chaincode
 	//table changes in lccc will be thrown away
-	if cid.Name == "lccc" && len(cis.ChaincodeSpec.Input.Args) == 3 && (string(cis.ChaincodeSpec.Input.Args[0]) == "deploy" || string(cis.ChaincodeSpec.Input.Args[0]) == "upgrade") {
+	if cid.Name == "lccc" && len(cis.ChaincodeSpec.Input.Args) >= 3 && (string(cis.ChaincodeSpec.Input.Args[0]) == "deploy" || string(cis.ChaincodeSpec.Input.Args[0]) == "upgrade") {
 		var ccVersion string
 		switch string(cis.ChaincodeSpec.Input.Args[0]) {
 		case "deploy":

core/peer/peer.go

@@ -34,6 +34,7 @@ import (
 	"github.com/hyperledger/fabric/core/ledger"
 	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
 	"github.com/hyperledger/fabric/gossip/service"
+	"github.com/hyperledger/fabric/msp"
 	mspmgmt "github.com/hyperledger/fabric/msp/mgmt"
 	"github.com/hyperledger/fabric/peer/sharedconfig"
 	"github.com/hyperledger/fabric/protos/common"
@@ -255,6 +256,17 @@ func GetLedger(cid string) ledger.PeerLedger {
 	return nil
 }
 
+// GetMSPMgr returns the MSP manager of the chain with chain ID.
+// Note that this call returns nil if chain cid has not been created.
+func GetMSPMgr(cid string) msp.MSPManager {
+	chains.RLock()
+	defer chains.RUnlock()
+	if c, ok := chains.list[cid]; ok {
+		return c.cs.MSPManager()
+	}
+	return nil
+}
+
 // GetCommitter returns the committer of the chain with chain ID. Note that this
 // call returns nil if chain cid has not been created.
 func GetCommitter(cid string) committer.Committer {