【问题标题】:Sawtooth Invalid Batch or Signature锯齿无效批次或签名
【发布时间】:2018-07-04 19:03:15
【问题描述】:

我最近开始玩 Hyperledger Sawtooth,在 java 上提交事务时遇到了麻烦,而 python 代码似乎还可以。

我已经根据api docs here 编写了python 代码,然后尝试用java 编写一个。下面是java中的代码

import com.google.protobuf.ByteString;
import com.mashape.unirest.http.Unirest;
import sawtooth.sdk.processor.Utils;
import sawtooth.sdk.protobuf.*;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;

public class BatchSender {

    public static void main(String[] args) throws Exception{


        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        ECGenParameterSpec parameterSpec = new ECGenParameterSpec("secp256k1");

        keyPairGenerator.initialize(parameterSpec);

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");

        ecdsaSign.initSign(keyPair.getPrivate());


        byte[] publicKeyBytes = keyPair.getPublic().getEncoded();
        String publicKeyHex = Utils.hash512(publicKeyBytes);

        ByteString publicKeyByteString = ByteString.copyFrom(new String(publicKeyBytes),"UTF-8");


        String payload = "{'key':1, 'value':'value comes here'}";
        String payloadBytes = Utils.hash512(payload.getBytes());

        ByteString payloadByteString  = ByteString.copyFrom(payload.getBytes());


        TransactionHeader txnHeader = TransactionHeader.newBuilder().
                setBatcherPubkeyBytes(publicKeyByteString).
                setFamilyName("plain_info").
                setFamilyVersion("1.0").
                addInputs("1cf1266e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7").
                setNonce("1").
                addOutputs("1cf1266e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7").
                setPayloadEncoding("application/json").
                setPayloadSha512(payloadBytes).
                setSignerPubkey(publicKeyHex).build();


        ByteString txnHeaderBytes = txnHeader.toByteString();
        ecdsaSign.update(txnHeaderBytes.toByteArray());
        byte[] txnHeaderSignature = ecdsaSign.sign();



        Transaction txn = Transaction.newBuilder().setHeader(txnHeaderBytes).setPayload(payloadByteString).setHeaderSignature(Utils.hash512(txnHeaderSignature)).build();

        BatchHeader batchHeader = BatchHeader.newBuilder().setSignerPubkey(publicKeyHex).addTransactionIds(txn.getHeaderSignature()).build();

        ByteString batchHeaderBytes = batchHeader.toByteString();



        ecdsaSign.update(batchHeaderBytes.toByteArray());

        byte[] batchHeaderSignature = ecdsaSign.sign();

        Batch batch = Batch.newBuilder().setHeader(batchHeaderBytes).setHeaderSignature(Utils.hash512(batchHeaderSignature)).addTransactions(txn).build();


        BatchList batchList = BatchList.newBuilder().addBatches( batch).build();


        ByteString batchBytes = batchList.toByteString();


        String serverResponse =  Unirest.post("http://rest-api:8080/batches").header("Content-Type","application/octet-stream").body(batchBytes.toByteArray()).asString().getBody();

        System.out.println(serverResponse);
    }


}

一旦我运行它,我就会得到

{
  "error": {
    "code": 30,
    "message": "The submitted BatchList was rejected by the validator. It was poorly formed, or has an invalid signature.",
    "title": "Submitted Batches Invalid"
  }
}

在码头工人日志上,我可以看到

sawtooth-validator-default | [2017-11-21 08:20:09.842 DEBUG    interconnect] ServerThread receiving CLIENT_BATCH_SUBMIT_REQUEST message: 1242 bytes
sawtooth-validator-default | [2017-11-21 08:20:09.844 DEBUG    signature_verifier] batch failed signature validation: 30a2f4a24be3e624f5a35b17cb505b65cb8dd41600545c6dcfac7534205091552e171082922d4eb71f1bb186fe49163f349c604b631f64fa8f1cfea1c8bb2818
sawtooth-validator-default | [2017-11-21 08:20:09.844 DEBUG    interconnect] ServerThread sending CLIENT_BATCH_SUBMIT_RESPONSE to b'50b094689ac14b39'

我已经检查了密钥大小并验证了签名,看起来一切正常,但是,我找不到批次被拒绝的原因......

以前有没有人收到过类似的锯齿错误响应?是上面代码的批处理格式还是签名问题?

【问题讨论】:

  • 这个问题解决了吗?如果是这样,解决方法是什么?
  • @FrankC。不,没有解决
  • 你对在 iOS 中做同样的事情有什么想法吗?

标签: java blockchain hyperledger java-security hyperledger-sawtooth


【解决方案1】:

问题在于设置批头签名和交易头签名。那些不应该对它们进行 sha-512 哈希处理。这些字节应编码为十六进制字符串。

使用 apache-commons-codec 库可以做到:

import org.apache.commons.codec.binary.Hex;

Transaction txn = Transaction.newBuilder()
                      .setHeader(txnHeaderBytes)
                      .setPayload(payloadByteString)
                      .setHeaderSignature(Hex.encodeHexString(txnHeaderSignature))
                    .build();

Utils.sha512 只能用于有效负载字节。

【讨论】:

【解决方案2】:

Sawtooth Java SDK 带有一个 Signing 类,可以帮助 生成私钥/公钥对和签名消息。

我已修改您的代码以使用指定的类,并将 Boyd Johnson's answer 的更改包含在一个工作示例中(这是使用 Sawtooth Java SDK 1.0 版):

import com.google.protobuf.ByteString;
import com.mashape.unirest.http.Unirest;
import com.mashape.unirest.http.exceptions.UnirestException;
import org.bitcoinj.core.ECKey;
import sawtooth.sdk.client.Signing;
import sawtooth.sdk.processor.Utils;
import sawtooth.sdk.protobuf.Batch;
import sawtooth.sdk.protobuf.BatchHeader;
import sawtooth.sdk.protobuf.BatchList;
import sawtooth.sdk.protobuf.Transaction;
import sawtooth.sdk.protobuf.TransactionHeader;

import java.security.SecureRandom;

public class BatchSender {

  public static void main(String []args) throws UnirestException {
    ECKey privateKey = Signing.generatePrivateKey(new SecureRandom());
    String publicKey = Signing.getPublicKey(privateKey);

    ByteString publicKeyByteString = ByteString.copyFromUtf8(publicKey);

    String payload = "{'key':1, 'value':'value comes here'}";
    String payloadBytes = Utils.hash512(payload.getBytes());
    ByteString payloadByteString  = ByteString.copyFrom(payload.getBytes());

    TransactionHeader txnHeader = TransactionHeader.newBuilder()
            .setBatcherPublicKeyBytes(publicKeyByteString)
            .setSignerPublicKeyBytes(publicKeyByteString)
            .setFamilyName("plain_info")
            .setFamilyVersion("1.0")
            .addInputs("1cf1266e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7")
            .setNonce("1")
            .addOutputs("1cf1266e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7")
            .setPayloadSha512(payloadBytes)
            .setSignerPublicKey(publicKey)
            .build();
    ByteString txnHeaderBytes = txnHeader.toByteString();
    String txnHeaderSignature = Signing.sign(privateKey, txnHeaderBytes.toByteArray());

    Transaction txn = Transaction.newBuilder()
            .setHeader(txnHeaderBytes)
            .setPayload(payloadByteString)
            .setHeaderSignature(txnHeaderSignature)
            .build();

    BatchHeader batchHeader = BatchHeader.newBuilder()
            .setSignerPublicKey(publicKey)
            .addTransactionIds(txn.getHeaderSignature())
            .build();
    ByteString batchHeaderBytes = batchHeader.toByteString();
    String batchHeaderSignature = Signing.sign(privateKey, batchHeaderBytes.toByteArray());

    Batch batch = Batch.newBuilder()
            .setHeader(batchHeaderBytes)
            .setHeaderSignature(batchHeaderSignature)
            .addTransactions(txn)
            .build();

    BatchList batchList = BatchList.newBuilder()
            .addBatches(batch)
            .build();
    ByteString batchBytes = batchList.toByteString();

    String serverResponse =  Unirest.post("http://localhost:8008/batches")
            .header("Content-Type","application/octet-stream")
            .body(batchBytes.toByteArray())
            .asString()
            .getBody();

    System.out.println(serverResponse);
  }
}

【讨论】:

  • 你对在 iOS 中做同样的事情有什么想法吗?
【解决方案3】:

我也遇到了同样的问题。就我而言,问题在于设置有效负载数据。

确保:

  • 您创建了 PayloadByteArray 的 sha512 哈希并将其传递给 TransactionHeader 创建
  • 您将 PayloadByteArray 传递给事务创建。

所以:

  • PayloadByteArray -> 交易创建
  • PayloadByteArray 的 sha512 Hash -> TransactionHeader 创建

【讨论】:

    猜你喜欢
    • 2019-11-14
    • 2013-01-02
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-09-30
    • 1970-01-01
    相关资源
    最近更新 更多