feat(cactus-plugin-ledger-connector-fabric): support delegated (offline) signatures

- Add new `RunDelegatedSignTransactionEndpointV1` endpoint for delegated / offline signing.
    Takes `signerCertificate` and `signerMspID`, uses `signCallback` on connector to sign messages.
    Sign must be implemented by a user, can contain any logic
    (contacting 3'rd party services, reading from secure sources, etc…).
    Interface is similar to transact. Supports private transactions.
- Refactor transact endpoint: Use common logic for handling response format. with delegated transact
- Refactor logic of choosing ednorsers in transact endpoint. Previously both `endorsingPeers`
    and `endorsingParties` were selecting organizations in sligly different way under different
    circumstances. Now `endorsingPeers` selectes peers and `endorsingOrgs` selects orgs for all
    cases (query, send, privatesend) in both transact and transact with delegated sign.
    This is more consistent and predictable.
- Add new socketio endpoint `SubscribeDelegatedSign` for monitoring new blocks with delegated sign.
- Use common error handling in getblock, transact and transact delgated endpoints.
- Add functional tests for delegated signing feature.

Depends on: #2598

Signed-off-by: Michal Bajer <[email protected]>

Author: outSH

.cspell.json

@@ -21,6 +21,8 @@
         "cafile",
         "caio",
         "cccs",
+        "ccep",
+        "cccg",
         "cbdc",
         "Cbdc",
         "ccid",
@@ -64,6 +66,7 @@
         "HTLC",
         "Hursley",
         "HyperLedger",
+        "immalleable",
         "ipaddress",
         "ipfs",
         "Iroha",
@@ -86,6 +89,7 @@
         "miekg",
         "mitchellh",
         "MSPCONFIGPATH",
+        "Mspids",
         "MSPID",
         "MSPIDSCOPEALLFORTX",
         "MSPIDSCOPEANYFORTX",

.github/workflows/ci.yaml

@@ -134,11 +134,11 @@ jobs:
         uses: actions/[email protected]
         with:
           script: |
-            const failMsg = "yarn codegen script produced version control " + 
-              "side-effects: source files have been changed by it that are " + 
-              "otherwise are under version control. " + 
-              "This means (99% of the time) that you need to run the " + 
-              "yarn codegen script locally and then include the changes it " + 
+            const failMsg = "yarn codegen script produced version control " +
+              "side-effects: source files have been changed by it that are " +
+              "otherwise are under version control. " +
+              "This means (99% of the time) that you need to run the " +
+              "yarn codegen script locally and then include the changes it " +
               "makes in your own commit when submitting your pull request.";
             core.setFailed(failMsg)
 
@@ -1608,13 +1608,13 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-yarn-${{ hashFiles('./yarn.lock') }}
       - run: ./tools/ci.sh
-      
+
       - name: Install Foundry
         uses: foundry-rs/foundry-toolchain@v1
 
       - name: Run solidity tests
         run: cd packages/cactus-plugin-htlc-eth-besu && forge test -vvvvv
-              
+
   cactus-test-plugin-htlc-eth-besu-erc20:
     continue-on-error: false
     env:

packages/cactus-plugin-ledger-connector-fabric/README.md

@@ -13,6 +13,8 @@
   - [1.5 Monitoring new blocks (WatchBlocks)](#15-monitoring-new-blocks-watchblocks)
     - [1.5.1 Example](#151-example)
     - [1.5.2 Listener Type](#152-listener-type)
+  - [1.6 Delegated Signature](#16-delegated-signature)
+    - [1.6.1 Example](#161-example)
 - [2. Architecture](#2-architecture)
   - [2.1. run-transaction-endpoint](#21-run-transaction-endpoint)
 - [3. Containerization](#3-containerization)
@@ -329,6 +331,47 @@ Corresponds directly to `BlockType` from `fabric-common`:
   - `WatchBlocksListenerTypeV1.Full`,
   - `WatchBlocksListenerTypeV1.Private`,
 
+### 1.6 Delegated Signature
+- Custom signature callback can be used when increased security is needed or currently available options are not sufficient.
+- Signature callback is used whenever fabric request must be signed.
+- To use delegate signature instead of identity supplied directly / through keychain use `transactDelegatedSign` (for transact) or `watchBlocksDelegatedSignV1` for block monitoring.
+- `uniqueTransactionData` can be passed to each delegate sign method on connector. This data is passed to signCallback to identify and verify the request. It can be used to pass signing tokens or any other data needed for performing the signing (e.g. user, scopes, etc...).
+- `signProposal` method from this package can be used to sign the requests in offline location.
+- For more complex examples see tests: `delegate-signing-methods.test` and `fabric-watch-blocks-delegated-sign-v1-endpoint.test`.
+
+#### 1.6.1 Example
+```typescript
+// Setup - supply callback when instantiating the connector plugin
+fabricConnectorPlugin = new PluginLedgerConnectorFabric({
+  instanceId: uuidv4(),
+  // ...
+  signCallback: async (payload, txData) => {
+    log.debug("signCallback called with txData (token):", txData);
+    return signProposal(adminIdentity.credentials.privateKey, payload);
+  },
+});
+
+// Run transactions
+await apiClient.runDelegatedSignTransactionV1({
+  signerCertificate: adminIdentity.credentials.certificate,
+  signerMspID: adminIdentity.mspId,
+  channelName: ledgerChannelName,
+  contractName: assetTradeContractName,
+  invocationType: FabricContractInvocationType.Call,
+  methodName: "ReadAsset",
+  params: ["asset1"],
+  uniqueTransactionData: myJwtToken,
+});
+
+// Monitor for transactions:
+apiClient.watchBlocksDelegatedSignV1({
+  type: WatchBlocksListenerTypeV1.CactusTransactions,
+  signerCertificate: adminIdentity.credentials.certificate,
+  signerMspID: adminIdentity.mspId,
+  channelName: ledgerChannelName,
+})
+```
+
 ##### Cactus (custom)
 Parses the data and returns custom formatted block.
 - `WatchBlocksListenerTypeV1.CactusTransactions`: Returns transactions summary. Compatible with legacy `fabric-socketio` monitoring operation.

packages/cactus-plugin-ledger-connector-fabric/package.json

@@ -77,6 +77,7 @@
     "node-vault": "0.9.22",
     "openapi-types": "9.1.0",
     "prom-client": "13.2.0",
+    "run-time-error": "1.4.0",
     "rxjs": "7.8.1",
     "sanitize-filename": "1.6.3",
     "sanitize-html": "2.7.0",