python source code of user

fabric-sdk-py-master
- .github
  - settings.yml
- MAINTAINERS.md
- .env
- Makefile
- .coveragerc
- requirements-test.txt
- LICENSE
- test
  - fixtures
    - ca
      - enroll-csr.pem
      - fabric-ca-server
        ca-key.pem
        keystore
        abf37b94a9cd3153da7cc232014c53975e81548e9dc7a46e16a14f01837fe1bf_sk
        ca-cert.pem
        fabric-ca-server-config.yaml
      - docker-compose.yml
    - Makefile
    - docker-compose-2orgs-4peers-mutual-tls.yaml
    - docker-compose-1peer-notls.yaml
    - docker-compose-2orgs-4peers-tls-cli.yaml
    - peer-mutual-tls.yaml
    - orderer-base.yaml
    - docker-compose-couch.yaml
    - network.json
    - peer-base.yaml
    - scripts
      - script.sh
      - clean.sh
      - gen_config.sh
      - gen_channelArtifacts.sh
      - variables.sh
    - network-mutual-tls.json
    - e2e_cli
      - examples
        chaincode
        go
        chaincode_example02
        chaincode_example02.go
      - crypto-config.yaml
      - channel-artifacts
        Org2MSPanchors.tx
        Org1MSP.json
        channel.json
        Org2MSP.json
        businesschannel_4.block.json
        businesschannel_4.block
        orderer.genesis.block
        channel.tx
        Org1MSPanchors.tx
      - configtx.yaml
      - crypto-config
        ordererOrganizations
        example.com
        ca
        ca.example.com-cert.pem
        aa8c8e8a6092e6c3e76a5d240b1d5ca00a123679af65c7f7cf90d9a03ceeb1c9_sk
        orderers
        orderer.example.com
        msp
        keystore
        579ef4ad61833c83fa607b01edda25f656854080f9fb9bca60d4ae53cbcc23ed_sk
        cacerts
        ca.example.com-cert.pem
        admincerts
        Admin@example.com-cert.pem
        tlscacerts
        tlsca.example.com-cert.pem
        signcerts
        orderer.example.com-cert.pem
        tls
        ca.crt
        server.key
        server.crt
        msp
        cacerts
        ca.example.com-cert.pem
        admincerts
        Admin@example.com-cert.pem
        tlscacerts
        tlsca.example.com-cert.pem
        users
        Admin@example.com
        msp
        keystore
        630e3767a6e1d3c8e646460123d397455103a900efb4d6fb679a9d9c481841fc_sk
        cacerts
        ca.example.com-cert.pem
        admincerts
        Admin@example.com-cert.pem
        tlscacerts
        tlsca.example.com-cert.pem
        signcerts
        Admin@example.com-cert.pem
        tls
        ca.crt
        client.key
        client.crt
        tlsca
        tlsca.example.com-cert.pem
        fa29dc9fd9ffa8829ce444ca4db67bc3ca7d88a0d120800d1642a688c9d2bb18_sk
        peerOrganizations
        org2.example.com
        ca
        eeda870d2890d5d879ad5e72d1439a6cb396fa396e0e098c08e8734cfa11398c_sk
        ca.org2.example.com-cert.pem
        msp
        cacerts
        ca.org2.example.com-cert.pem
        config.yaml
        admincerts
        Admin@org2.example.com-cert.pem
        tlscacerts
        tlsca.org2.example.com-cert.pem
        users
        Admin@org2.example.com
        msp
        keystore
        7e0b1c172161fe0f33603106935d2584918e12af955108e429dd63d4c043067a_sk
        cacerts
        ca.org2.example.com-cert.pem
        admincerts
        Admin@org2.example.com-cert.pem
        tlscacerts
        tlsca.org2.example.com-cert.pem
        signcerts
        Admin@org2.example.com-cert.pem
        tls
        ca.crt
        client.key
        client.crt
        User1@org2.example.com
        msp
        keystore
        73beefad9003c589064deb2128c4f0831ba8003f1233102cc52a188afd05fe61_sk
        cacerts
        ca.org2.example.com-cert.pem
        admincerts
        User1@org2.example.com-cert.pem
        tlscacerts
        tlsca.org2.example.com-cert.pem
        signcerts
        User1@org2.example.com-cert.pem
        tls
        ca.crt
        client.key
        client.crt
        peers
        peer1.org2.example.com
        msp
        keystore
        0de2bbefd2666557aabaa9d995ed9fb47795b39135c01b8845503d5e1018c45e_sk
        cacerts
        ca.org2.example.com-cert.pem
        config.yaml
        admincerts
        Admin@org2.example.com-cert.pem
        tlscacerts
        tlsca.org2.example.com-cert.pem
        signcerts
        peer1.org2.example.com-cert.pem
        tls
        ca.crt
        server.key
        server.crt
        peer0.org2.example.com
        msp
        keystore
        9d9d34fe240af601bfb3ee59bf3156f3dd941553973aacc0672e0b206651e617_sk
        cacerts
        ca.org2.example.com-cert.pem
        config.yaml
        admincerts
        Admin@org2.example.com-cert.pem
        tlscacerts
        tlsca.org2.example.com-cert.pem
        signcerts
        peer0.org2.example.com-cert.pem
        tls
        ca.crt
        server.key
        server.crt
        tlsca
        ae9decbba6938fa4675e57f890f629c6ba0d40a270ca304e613d1db339d70e75_sk
        tlsca.org2.example.com-cert.pem
        org1.example.com
        ca
        ca.org1.example.com-cert.pem
        6bac601566378fcd9b83c68b96990d41adb51532640deb0e84f83cec1d5897d2_sk
        msp
        cacerts
        ca.org1.example.com-cert.pem
        config.yaml
        admincerts
        Admin@org1.example.com-cert.pem
        tlscacerts
        tlsca.org1.example.com-cert.pem
        users
        User1@org1.example.com
        msp
        keystore
        da72fd6c0f4595d33eb9ae6f6d06cd171ebc3882fc856960c244b9b5c2b35a90_sk
        cacerts
        ca.org1.example.com-cert.pem
        admincerts
        User1@org1.example.com-cert.pem
        tlscacerts
        tlsca.org1.example.com-cert.pem
        signcerts
        User1@org1.example.com-cert.pem
        tls
        ca.crt
        client.key
        client.crt
        Admin@org1.example.com
        msp
        keystore
        c76527489d5820bd04da80a84c07033ca574413f80614091e04f05c276fb6896_sk
        cacerts
        ca.org1.example.com-cert.pem
        admincerts
        Admin@org1.example.com-cert.pem
        tlscacerts
        tlsca.org1.example.com-cert.pem
        signcerts
        Admin@org1.example.com-cert.pem
        tls
        ca.crt
        client.key
        client.crt
        peers
        peer0.org1.example.com
        msp
        keystore
        f7e9609aa5707aa057b1cb9109326795b183cbb7ec9508054820e30e7878e1c0_sk
        cacerts
        ca.org1.example.com-cert.pem
        config.yaml
        admincerts
        Admin@org1.example.com-cert.pem
        tlscacerts
        tlsca.org1.example.com-cert.pem
        signcerts
        peer0.org1.example.com-cert.pem
        tls
        ca.crt
        server.key
        server.crt
        peer1.org1.example.com
        msp
        keystore
        223f3e7aa2f8f5d9c6a9255ac2c6a3f00896676e3301e2f024eb2f337c479ec5_sk
        cacerts
        ca.org1.example.com-cert.pem
        config.yaml
        admincerts
        Admin@org1.example.com-cert.pem
        tlscacerts
        tlsca.org1.example.com-cert.pem
        signcerts
        peer1.org1.example.com-cert.pem
        tls
        ca.crt
        server.key
        server.crt
        tlsca
        tlsca.org1.example.com-cert.pem
        ba426937e5f4908822fccac99bcfd4e48b54b178addf08e7087c6cac399ebf89_sk
    - docker-compose-2orgs-4peers-tls.yaml
    - chaincode
      - docker-compose-simple.yml
      - src
        github.com
        marbles_cc
        marbles.go
        marbles_cc_private
        marbles.go
        example_cc
        example_cc.go
        example_cc_with_event
        example_cc_with_event.go
  - integration
    - e2e_mutual_tls_test.py
    - ca_test.py
    - query_block_test.py
    - inmemorywalletstore_test.py
    - e2e_test.py
    - certificates_service_test.py
    - gateway_test.py
    - config.py
    - query_chain_info_test.py
    - wallet_test.py
    - chaincode_invoke_test.py
    - utils_test.py
    - couchdbwalletstore_test.py
    - chaincode_instantiate_test.py
    - identity_service_test.py
    - e2e_utils.py
    - e2e_private_data_test.py
    - affiliation_service_test.py
    - query_instantiated_chaincodes_test.py
    - user_test.py
    - __init__.py
    - discovery_test.py
    - utils.py
    - query_transaction_test.py
  - __init__.py
  - unit
    - ca_test.py
    - policies_test.py
    - client_test.py
    - orderer_test.py
    - msp
      - __init__.py
    - peer_test.py
    - channel
      - instantiation_test.py
      - channel_configuration_test.py
      - channel_event_hub_test.py
      - invocation_test.py
      - __init__.py
      - channel_test.py
    - block_decoder_test.py
    - user_test.py
    - __init__.py
    - crypto_test.py
    - keyvaluestore_test.py
- hfc
  - fabric_ca
    - affiliationService.py
    - __init__.py
    - caservice.py
    - certificateService.py
    - identityService.py
  - version.py
  - protos
    - transientstore
      - transientstore_pb2.py
      - transientstore_pb2_grpc.py
      - __init__.py
      - transientstore.proto
    - ledger
      - rwset
        kvrwset
        kv_rwset_pb2.py
        kv_rwset.proto
        __init__.py
        kv_rwset_pb2_grpc.py
        rwset_pb2.py
        __init__.py
        rwset.proto
        rwset_pb2_grpc.py
      - __init__.py
      - queryresult
        kv_query_result.proto
        kv_query_result_pb2.py
        __init__.py
        kv_query_result_pb2_grpc.py
    - gossip
      - message_pb2_grpc.py
      - message.proto
      - __init__.py
      - message_pb2.py
    - discovery
      - protocol_pb2_grpc.py
      - protocol_pb2.py
      - protocol.proto
      - __init__.py
    - common
      - policies_pb2.py
      - configuration.proto
      - collection.proto
      - configtx.proto
      - configuration_pb2_grpc.py
      - ledger_pb2.py
      - collection_pb2.py
      - policies_pb2_grpc.py
      - configuration_pb2.py
      - collection_pb2_grpc.py
      - common.proto
      - ledger.proto
      - common_pb2.py
      - __init__.py
      - configtx_pb2_grpc.py
      - configtx_pb2.py
      - common_pb2_grpc.py
      - policies.proto
      - ledger_pb2_grpc.py
    - msp
      - msp_principal_pb2_grpc.py
      - msp_config_pb2.py
      - msp_principal_pb2.py
      - identities_pb2_grpc.py
      - msp_config_pb2_grpc.py
      - identities_pb2.py
      - __init__.py
      - msp_principal.proto
      - msp_config.proto
      - identities.proto
    - idemix
      - idemix_pb2.py
      - idemix.proto
      - __init__.py
      - idemix_pb2_grpc.py
    - orderer
      - kafka.proto
      - ab_pb2.py
      - configuration.proto
      - cluster_pb2.py
      - kafka_pb2.py
      - ab.proto
      - kafka_pb2_grpc.py
      - configuration_pb2_grpc.py
      - ab_pb2_grpc.py
      - configuration_pb2.py
      - etcdraft
        configuration.proto
        testdata
        tls-server-2.pem
        tls-client-1.pem
        tls-server-3.pem
        tls-client-2.pem
        tls-client-3.pem
        tls-server-1.pem
      - __init__.py
      - cluster_pb2_grpc.py
      - cluster.proto
    - peer
      - transaction.proto
      - resources_pb2_grpc.py
      - chaincode_pb2.py
      - signed_cc_dep_spec_pb2_grpc.py
      - query.proto
      - configuration.proto
      - transaction_pb2.py
      - query_pb2_grpc.py
      - proposal_response_pb2.py
      - resources.proto
      - chaincode_event_pb2_grpc.py
      - policy_pb2_grpc.py
      - admin_pb2_grpc.py
      - signed_cc_dep_spec.proto
      - peer.proto
      - chaincode_event_pb2.py
      - configuration_pb2_grpc.py
      - lifecycle
        lifecycle_pb2_grpc.py
        lifecycle.proto
        lifecycle_pb2.py
        __init__.py
      - chaincode_pb2_grpc.py
      - policy.proto
      - peer_pb2.py
      - admin.proto
      - policy_pb2.py
      - peer_pb2_grpc.py
      - signed_cc_dep_spec_pb2.py
      - proposal_pb2.py
      - proposal_response.proto
      - admin_pb2.py
      - configuration_pb2.py
      - query_pb2.py
      - chaincode_shim_pb2_grpc.py
      - events.proto
      - transaction_pb2_grpc.py
      - __init__.py
      - chaincode.proto
      - proposal_response_pb2_grpc.py
      - proposal.proto
      - events_pb2_grpc.py
      - chaincode_shim.proto
      - events_pb2.py
      - chaincode_shim_pb2.py
      - resources_pb2.py
      - proposal_pb2_grpc.py
      - chaincode_event.proto
    - __init__.py
    - token
      - transaction.proto
      - prover_pb2_grpc.py
      - transaction_pb2.py
      - expectations.proto
      - prover_pb2.py
      - expectations_pb2_grpc.py
      - prover.proto
      - transaction_pb2_grpc.py
      - __init__.py
      - expectations_pb2.py
    - utils.py
  - util
    - crypto
      - crypto.py
      - __init__.py
    - channel.py
    - policies.py
    - keyvaluestore.py
    - __init__.py
    - utils.py
  - fabric
    - certificateAuthority.py
    - peer.py
    - transaction
      - tx_context.py
      - tx_proposal_request.py
      - __init__.py
    - client.py
    - user.py
    - msp
      - __init__.py
    - config
      - default.py
      - __init__.py
    - block_decoder.py
    - channel
      - channel.py
      - channel_eventhub.py
      - invocation.py
      - __init__.py
      - instantiation.py
      - channel_configuration.py
    - __init__.py
    - orderer.py
    - organization.py
  - __init__.py
  - fabric_network
    - inmemorywalletstore.py
    - wallet.py
    - couchdbwalletstore.py
    - contract.py
    - __init__.py
    - gateway.py
    - network.py
- CONTRIBUTING.md
- .coafile
- .gitattributes
- CHANGELOG.md
- SECURITY.md
- setup.py
- README.md
- scripts
  - check-env.sh
  - changelog.sh
- requirements.txt
- ci
  - azure-pipeline.yml
- CODEOWNERS
- Dockerfile
- .gitignore
- docs
  - Makefile
  - source
    - release_note.md
    - code_style.md
    - index.md
    - CONTRIBUTING.md
    - tutorial.md
    - conf.py
  - .nojekyll
  - README.md
  - requirements.txt
  - index.html
- .dockerignore
- tox.ini

# Copyright IBM Corp. 2017 All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
import binascii
import logging
import pickle

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.serialization import load_pem_private_key

from hfc.fabric_ca.caservice import Enrollment
from hfc.util.crypto.crypto import ecies

_logger = logging.getLogger(__name__ + ".user")


class User(object):
    """The default implementation of user."""

    def __init__(self, name, org, state_store):
        """Constructor for a user.

        :param name: name
        :param org: org
        :param state_store: persistent state store as a cache
        :return: An instance of user object
        """
        self._name = name
        self._org = org
        self._state_store = state_store
        self._state_store_key = "user." + name + "." + org
        self._roles = []
        self._account = None
        self._affiliation = None
        self._enrollment_secret = None
        self._enrollment = None
        self._msp_id = None
        self._cryptoSuite = None

        user_state = state_store.get_value(self._state_store_key)

        if not user_state:
            self._save_state()
        else:
            self._restore_state()

    @property
    def name(self):
        """Get the user name
        :return: The user name
        """
        return self._name

    @property
    def org(self):
        """Get the org
        :return: The org
        """
        return self._org

    @property
    def roles(self):
        """Get the roles
        :return: The roles
        """
        return self._roles

    @roles.setter
    def roles(self, roles):
        """Set the roles

        :param roles: the roles
        :return:
        """
        self._roles = roles
        self._save_state()

    @property
    def account(self):
        """Get the account
        :return: The account
        """
        return self._account

    @account.setter
    def account(self, account):
        """Set the account

        :param account: the account
        :return:
        """
        self._account = account
        self._save_state()

    @property
    def affiliation(self):
        """Get the affiliation
        :return: The affiliation
        """
        return self._affiliation

    @affiliation.setter
    def affiliation(self, affiliation):
        """Set the affiliation

        :param affiliation: the affiliation
        :return:
        """
        self._affiliation = affiliation
        self._save_state()

    @property
    def enrollment(self):
        """Get the enrollment"""
        return self._enrollment

    @enrollment.setter
    def enrollment(self, enrollment):
        """Set the enrollment

        :param enrollment: the enrollment
        :return:
        """
        self._enrollment = enrollment
        self._save_state()

    @property
    def enrollment_secret(self):
        """Get the enrollment_secret"""
        return self._enrollment_secret

    @enrollment_secret.setter
    def enrollment_secret(self, enrollment_secret):
        """Set the enrollment_secret

        :param enrollment_secret: the enrollment_secret
        :return:
        """
        self._enrollment_secret = enrollment_secret
        self._save_state()

    @property
    def msp_id(self):
        """Get the msp_id"""
        return self._msp_id

    @msp_id.setter
    def msp_id(self, msp_id):
        """Set the msp_id

        :param msp_id: the msp_id
        :return:
        """
        self._msp_id = msp_id
        self._save_state()

    @property
    def cryptoSuite(self):
        """Get the cryptoSuite"""
        return self._cryptoSuite

    @cryptoSuite.setter
    def cryptoSuite(self, cryptoSuite):
        """Set the cryptoSuite

        :param msp_id: the cryptoSuite
        :param cryptoSuite:
        :return:
        """
        self._cryptoSuite = cryptoSuite
        self._save_state()

    def is_registered(self):
        """Check if user registered

        :return: boolean
        """
        return self._enrollment_secret is not None

    def is_enrolled(self):
        """Check if user enrolled

        :return: boolean
        """
        return self._enrollment is not None

    def _save_state(self):
        """Persistent user state."""
        try:
            state = {
                'name': self.name, 'org': self.org, 'roles': self.roles,
                'affiliation': self.affiliation, 'account': self.account,
                'enrollment_secret': self.enrollment_secret,
                'msp_id': self.msp_id
            }

            if self.enrollment:
                enrollment = {
                    'private_key':
                        self.enrollment.private_key.private_bytes(
                            encoding=serialization.Encoding.PEM,
                            format=serialization.PrivateFormat.PKCS8,
                            encryption_algorithm=serialization.NoEncryption()
                        ),
                    'cert': self.enrollment.cert
                }

                state['enrollment'] = enrollment

            self._state_store.set_value(
                self._state_store_key,
                binascii.hexlify(pickle.dumps(state)).decode("utf-8"))
        except Exception as e:
            raise IOError("Cannot serialize the user", e)

    def _restore_state(self):
        """Restore user state."""
        try:
            state = self._state_store.get_value(self._state_store_key)
            state_dict = pickle.loads(
                binascii.unhexlify(state.encode("utf-8")))
            self._name = state_dict['name']
            self.enrollment_secret = state_dict['enrollment_secret']
            enrollment = state_dict['enrollment']
            if enrollment:
                private_key = serialization.load_pem_private_key(
                    enrollment['private_key'],
                    password=None,
                    backend=default_backend()
                )
                cert = enrollment['cert']
                self.enrollment = Enrollment(private_key, cert)
            self.affiliation = state_dict['affiliation']
            self.account = state_dict['account']
            self.roles = state_dict['roles']
            self._org = state_dict['org']
            self.msp_id = state_dict['msp_id']
        except Exception as e:
            raise IOError("Cannot deserialize the user", e)

    def get_attrs(self):
        return ",".join("{}={}"
                        .format(k, getattr(self, k))
                        for k in self.__dict__.keys())

    def __str__(self):
        return "[{}:{}]".format(self.__class__.__name__, self.get_attrs())


def validate(user):
    """Check the user.

    :param user: A user object
    :return: A validated user object
    :raises ValueError: When user property is invalid
    """
    if not user:
        raise ValueError("User cannot be empty.")

    if not user.name:
        raise ValueError("Missing user name.")

    enrollment = user.enrollment
    if not enrollment:
        raise ValueError("Missing user enrollment.")

    if not enrollment.cert:
        raise ValueError("Missing user enrollment cert.")

    if not enrollment.private_key:
        raise ValueError("Missing user enrollment key.")

    if not user.msp_id:
        raise ValueError("Missing msp id.")

    if not user.cryptoSuite:
        raise ValueError("Missing crypto suite.")

    return user


def create_user(name, org, state_store, msp_id, key_path, cert_path,
                crypto_suite=ecies()):
    """Create user

    :param name: user's name
    :param org: org name
    :param state_store: user state store
    :param msp_id: msp id for the user
    :param crypto_suite: the cryptoSuite used to store crypto and key store
         settings (Default value = ecies())
    :param key_path: identity private key path
    :param cert_path: identity public cert path
    :return: a user instance
    """

    _logger.debug("Create user with {}:{}:{}:{}:{}:{}".format(
        name, org, state_store, msp_id, key_path, cert_path
    ))
    with open(key_path, 'rb') as key:
        key_pem = key.read()

    with open(cert_path, 'rb') as cert:
        cert_pem = cert.read()

    private_key = load_pem_private_key(key_pem, None, default_backend())
    enrollment = Enrollment(private_key, cert_pem)

    user = User(name, org, state_store)
    user.enrollment = enrollment
    user.msp_id = msp_id
    user.cryptoSuite = crypto_suite

    return validate(user)