Release 1.1.1

Release 1.1.1

Changelog.md

@@ -1,3 +1,11 @@
+### v1.1.1
+
+(2021-04-02)
+
+**更改**
+
+* 优化区块头验证代码结构
+
 ### v1.1.0
 
 (2021-02-02）
@@ -22,7 +30,7 @@
     * 发交易新增交易号UUID用于去重
     * 不允许call事务中的资源
     * 优化部分接口命名与定义
- 
+
 ### v1.0.0-rc4
 
 (2020-08-05)

build.gradle

@@ -14,7 +14,7 @@ apply plugin: 'java'
 apply plugin: 'jacoco'
 apply plugin: 'com.github.johnrengelman.shadow'
 group 'com.webank.wecross'
-version '1.1.0'
+version '1.1.1'
 
 sourceCompatibility = 1.8
 

release_note.txt

@@ -1 +1 @@
-v1.1.0
+v1.1.1

src/main/java/com/webank/wecross/common/FabricType.java

@@ -2,6 +2,7 @@
 
 public class FabricType {
     public static final String STUB_NAME = "Fabric1.4";
+    public static final String FABRIC_VERIFIER = "VERIFIER";
 
     public static final class Account {
         public static final String FABRIC_ACCOUNT = STUB_NAME;

src/main/java/com/webank/wecross/stub/fabric/FabricBlock.java

@@ -7,6 +7,7 @@
 import com.webank.wecross.exception.WeCrossException;
 import com.webank.wecross.stub.BlockHeader;
 import com.webank.wecross.stub.ObjectMapperFactory;
+import com.webank.wecross.utils.FabricUtils;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -24,6 +25,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.regex.Pattern;
 import org.apache.commons.codec.binary.Hex;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.DEROctetString;
@@ -233,16 +235,29 @@ public boolean verify(String blockVerifierString) {
                     getMapperInVerifierString(blockVerifierString, "ordererCA");
             Map<String, String> endorserCAMap =
                     getMapperInVerifierString(blockVerifierString, "endorserCA");
-            if (ordererCAMap == null && endorserCAMap == null) {
+            if (ordererCAMap == null
+                    || endorserCAMap == null
+                    || endorserCAMap.size() == 0
+                    || ordererCAMap.size() == 0) {
                 logger.error(
                         "Did not full config Fabric Block Verifier, will skip block verification on what field didn't config.");
                 return false;
             }
-            if (ordererCAMap != null && !verifyBlockCreator(ordererCAMap)) {
+            // CAMap: <MSP, cert path> => <MSP, cert content>
+            ordererCAMap = FabricUtils.readFileInMap(ordererCAMap);
+            endorserCAMap = FabricUtils.readFileInMap(endorserCAMap);
+            if (logger.isDebugEnabled()) {
+                ObjectMapper objectMapper = new ObjectMapper();
+                logger.debug(
+                        "ordererCA:{}, endorserCA:{}",
+                        objectMapper.writeValueAsString(ordererCAMap),
+                        objectMapper.writeValueAsString(endorserCAMap));
+            }
+            if (!verifyBlockCreator(ordererCAMap)) {
                 logger.warn("Verify creator in block {} failed.", header.getNumber());
                 return false;
             }
-            if (endorserCAMap != null && !verifyTransactions(endorserCAMap)) {
+            if (!verifyTransactions(endorserCAMap)) {
                 logger.warn("Verify transaction in block {} failed.", header.getNumber());
                 return false;
             }
@@ -253,6 +268,9 @@ public boolean verify(String blockVerifierString) {
                     e.getMessage(),
                     e.getCause());
             return false;
+        } catch (Exception e) {
+            logger.error("Verify block error, error: ", e);
+            return false;
         }
         return true;
     }
@@ -284,7 +302,7 @@ public boolean verifyBlockCreator(Map<String, String> ordererCAs) {
                 String mspId = serializedIdentity.getMspid();
                 if (ordererCAs.containsKey(mspId)
                         && checkCert(
-                                ordererCAs.get(mspId).getBytes(),
+                                ordererCAs.get(mspId),
                                 serializedIdentity.getIdBytes().toByteArray())) {
                     if (!verifySignature(
                             serializedIdentity.getIdBytes(), signBytes, plainText.toByteArray())) {
@@ -383,7 +401,7 @@ public boolean verifyTransactions(Map<String, String> endorserCAs) {
                         // verify endorser certificate
                         if (endorserCAs.containsKey(mspId)
                                 && checkCert(
-                                        endorserCAs.get(mspId).getBytes(),
+                                        endorserCAs.get(mspId),
                                         endorserCertificate.toByteArray())) {
                             if (!verifySignature(
                                     endorserCertificate, signBytes, plainText.toByteArray())) {
@@ -433,13 +451,20 @@ private boolean verifySignature(ByteString identity, byte[] signBytes, byte[] da
         }
     }
 
-    private boolean checkCert(byte[] caCert, byte[] cert) {
-        ByteArrayInputStream CAByteStream = new ByteArrayInputStream(caCert);
+    private boolean checkCert(String caCert, byte[] cert) throws WeCrossException {
+        if (!Pattern.compile(FabricUtils.CERT_PATTERN, Pattern.MULTILINE)
+                .matcher(caCert)
+                .matches()) {
+            throw new WeCrossException(
+                    WeCrossException.ErrorCode.UNEXPECTED_CONFIG,
+                    "Fabric cert pattern matches error, please check.");
+        }
+        ByteArrayInputStream caByteStream = new ByteArrayInputStream(caCert.getBytes());
         ByteArrayInputStream certByteStrean = new ByteArrayInputStream(cert);
         CertificateFactory cf = null;
         try {
             cf = CertificateFactory.getInstance("X.509");
-            X509Certificate caCertificate = (X509Certificate) cf.generateCertificate(CAByteStream);
+            X509Certificate caCertificate = (X509Certificate) cf.generateCertificate(caByteStream);
             X509Certificate certificate = (X509Certificate) cf.generateCertificate(certByteStrean);
             PublicKey caKey = caCertificate.getPublicKey();
             certificate.verify(caKey);

src/main/java/com/webank/wecross/stub/fabric/FabricDriver.java

@@ -387,7 +387,7 @@ public void asyncGetBlock(
         Request request = new Request();
         request.setType(FabricType.ConnectionMessage.FABRIC_GET_BLOCK);
         request.setData(numberBytes);
-        String blockVerifierString = connection.getProperties().get("VERIFIER");
+        String blockVerifierString = connection.getProperties().get(FabricType.FABRIC_VERIFIER);
         connection.asyncSend(
                 request,
                 response -> {

src/main/java/com/webank/wecross/utils/FabricUtils.java

@@ -1,6 +1,7 @@
 package com.webank.wecross.utils;
 
 import com.moandjiezana.toml.Toml;
+import com.webank.wecross.exception.WeCrossException;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileWriter;
@@ -11,14 +12,25 @@
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.Base64;
+import java.util.HashMap;
 import java.util.Map;
+import java.util.regex.Pattern;
 import org.hyperledger.fabric.sdk.ChaincodeEndorsementPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
 
 public class FabricUtils {
 
+    public static final String CERT_PATTERN =
+            "-+BEGIN\\s+.*CERTIFICATE[^-]*-+(?:\\s|\\r|\\n)+"
+                    + // Header
+                    "([A-Za-z0-9+/=\\r\\n]+)"
+                    + // Base64 text
+                    "-+END\\s+.*CERTIFICATE[^-]*-+\n"; // Footer
+
+    private static final Map<String, String> fileContentMap = new HashMap<>();
+
     public static byte[] longToBytes(long number) {
         BigInteger bigInteger = BigInteger.valueOf(number);
 
@@ -68,6 +80,43 @@ public static String readFileContent(String fileName) throws Exception {
         }
     }
 
+    public static Map<String, String> readFileInMap(Map<String, String> map)
+            throws WeCrossException {
+        if (map == null) return null;
+        // map: key => filePath
+        // resultMap: key => fileContent
+        Map<String, String> resultMap = new HashMap<>();
+        for (Map.Entry<String, String> entry : map.entrySet()) {
+            if (Pattern.compile(FabricUtils.CERT_PATTERN, Pattern.MULTILINE)
+                    .matcher(entry.getValue())
+                    .matches()) {
+                resultMap.put(entry.getKey(), entry.getValue());
+                continue;
+            }
+            if (!fileIsExists(entry.getValue())) {
+                String errorMessage = "File: " + entry.getValue() + " is not exists";
+                throw new WeCrossException(WeCrossException.ErrorCode.DIR_NOT_EXISTS, errorMessage);
+            }
+            String fileContent;
+            try {
+                // fileContentMap cache file content
+                if (fileContentMap.containsKey(entry.getValue())
+                        && fileContentMap.get(entry.getValue()) != null) {
+                    fileContent = fileContentMap.get(entry.getValue());
+                } else {
+                    fileContent = readFileContent(entry.getValue());
+                    fileContentMap.put(entry.getValue(), fileContent);
+                }
+                resultMap.put(entry.getKey(), fileContent);
+            } catch (Exception e) {
+                throw new WeCrossException(
+                        WeCrossException.ErrorCode.DIR_NOT_EXISTS,
+                        "Read Cert fail: " + entry.getKey() + entry.getValue());
+            }
+        }
+        return resultMap;
+    }
+
     public static Toml readToml(String fileName) throws Exception {
         return new Toml().read(readFileContent(fileName));
     }

src/test/java/com/webank/wecross/stub/fabric/FabricConnectionFactoryTest.java

@@ -14,7 +14,8 @@ public void buildTest() throws Exception {
 
         fabricConnection.start();
         List<ResourceInfo> resourceInfoList = fabricConnection.getResources();
-        Assert.assertTrue(resourceInfoList.size() > 1);
+        System.out.println(resourceInfoList.toString());
+        Assert.assertTrue(resourceInfoList.size() > 0);
     }
 
     @Test