Alessandro Sorniotti
Alessandro Sorniotti
The code to create a GRPC client does not permit setting the option to present a client certificate -- effectively forbidding mutual TLS for GRPC endpoints. The code is [here](https://github.com/hyperledger-labs/fabric-smart-client/blob/main/platform/view/services/grpc/client.go#L151)
[This](https://github.ibm.com/decentralized-trust-research/fscx/blob/net_test/integration/fabricx/net/net_test.go) test case tests the behaviour of the net stack when the server has a certificate with a correct and incorrect SANS extension, against both GRPC and webrpc. In both...
The implementation defines the TLS configuration for all clients in `newClient` [here](https://github.com/hyperledger-labs/fabric-smart-client/blob/main/platform/view/services/comm/host/rest/client.go). The `caCertPool` argument is however always `nil` (see call [here](https://github.com/hyperledger-labs/fabric-smart-client/blob/main/platform/view/services/comm/host/rest/provider.go)). As a result, the client will never actually...
The server is started [here](https://github.com/hyperledger-labs/fabric-smart-client/blob/main/platform/view/services/comm/host/rest/server.go) by calling `ListenAndServeTLS`. This way of creating the server only enables server-side TLS, which means that the server will never verify any client certificate.
The `CollectEndorsementsView` is responsible for the retrieval of signatures from 3rd parties. This for example happens when the node requests signatures over issues, transfers and endorsement acks. The responders to...
The view is responsible for endorsing the transaction. As such, it should also extract the proposal, determine that the action and the read-write set (and the token actions) are related...
The `CollectEndorsementsView` view contains the following code ```go func (c *CollectEndorsementsView) Call(context view.Context) (interface{}, error) { metrics := GetMetrics(context) externalWallets := make(map[string]ExternalWalletSigner) // 1. First collect signatures on the token...
The identity service maintains a cache of signers, as shown below: ```go func (p *Provider) getSigner(ctx context.Context, identity driver.Identity, idHash string) (driver.Signer, error) { // check again the cache entry,...
`CollectEndorsementsView` needs to determine whether the local node can sign a transfer. The code calls ```go signer, err := c.tx.TokenService().SigService().GetSigner(context.Context(), signerIdentity) ``` If the backend is idemix, this code leads...