[FABG-768] Import latest fabric code

Change-Id: I3dd4abd58db10f643b2ae07c29efe86bd4d11f6b
Signed-off-by: Troy Ronda <troy@troyronda.com>

Author: troyronda

Gopkg.lock

@@ -28,10 +28,6 @@
   name = "github.com/cloudflare/cfssl"
   version = "1.3.1"
 
-[[constraint]]
-  name = "github.com/golang/groupcache"
-  branch = "master"
-
 [[constraint]]
   name = "github.com/Knetic/govaluate"
   version = "3.0.0"

Gopkg.toml

@@ -68,9 +68,9 @@ FABRIC_DEV_REGISTRY_PRE_CMD ?= docker login -u docker -p docker nexus3.hyperledg
 
 # Upstream fabric patching (overridable)
 THIRDPARTY_FABRIC_CA_BRANCH ?= master
-THIRDPARTY_FABRIC_CA_COMMIT ?= 54f3bcfd95cf028baac9792eee426ab793dc80bc
+THIRDPARTY_FABRIC_CA_COMMIT ?= 16877b8e0301ea1484af61ad5323ee1cbc0c3dd9
 THIRDPARTY_FABRIC_BRANCH    ?= master
-THIRDPARTY_FABRIC_COMMIT    ?= 89eb2cbe445e452daa8d008598352fe483f23071
+THIRDPARTY_FABRIC_COMMIT    ?= 846dcd6213db8d5da55ee6453538e7f8c63056f8
 
 # Force removal of images in cleanup (overridable)
 FIXTURE_DOCKER_REMOVE_FORCE ?= false

Makefile

@@ -91,9 +91,11 @@ type PKCS11Opts struct {
 	Label      string `mapstructure:"label" json:"label"`
 	Pin        string `mapstructure:"pin" json:"pin"`
 	SoftVerify bool   `mapstructure:"softwareverify,omitempty" json:"softwareverify,omitempty"`
+	Immutable  bool   `mapstructure:"immutable,omitempty" json:"immutable,omitempty"`
 }
 
-// FileKeystoreOpts is needed for File Based Key Store. Since currently only ECDSA operations // go to PKCS11, need a keystore still Pluggable Keystores, could add JKS, P12, etc..
+// FileKeystoreOpts currently only ECDSA operations go to PKCS11, need a keystore still
+// Pluggable Keystores, could add JKS, P12, etc..
 type FileKeystoreOpts struct {
 	KeyStorePath string `mapstructure:"keystore" json:"keystore" yaml:"KeyStore"`
 }

internal/github.com/hyperledger/fabric/bccsp/pkcs11/conf.go

@@ -65,6 +65,8 @@ type impl struct {
 
 	pkcs11Ctx  *sdkp11.ContextHandle
 	softVerify bool
+	//Immutable flag makes object immutable
+	immutable bool
 }
 
 // KeyGen generates a key using opts.

internal/github.com/hyperledger/fabric/bccsp/pkcs11/impl.go

@@ -190,6 +190,32 @@ func (csp *impl) generateECKey(curve asn1.ObjectIdentifier, ephemeral bool) (ski
 		return nil, nil, fmt.Errorf("P11: set-ID-to-SKI[private] failed [%s]", err)
 	}
 
+	//Set CKA_Modifible to false for both public key and private keys
+	if csp.immutable {
+		setCKAModifiable := []*pkcs11.Attribute{
+			pkcs11.NewAttribute(pkcs11.CKA_MODIFIABLE, false),
+		}
+
+		_, pubCopyerror := csp.pkcs11Ctx.CopyObject(session, pub, setCKAModifiable)
+		if pubCopyerror != nil {
+			return nil, nil, fmt.Errorf("P11: Public Key copy failed with error [%s] . Please contact your HSM vendor", pubCopyerror)
+		}
+
+		pubKeyDestroyError := csp.pkcs11Ctx.DestroyObject(session, pub)
+		if pubKeyDestroyError != nil {
+			return nil, nil, fmt.Errorf("P11: Public Key destroy failed with error [%s]. Please contact your HSM vendor", pubCopyerror)
+		}
+
+		_, prvCopyerror := csp.pkcs11Ctx.CopyObject(session, prv, setCKAModifiable)
+		if prvCopyerror != nil {
+			return nil, nil, fmt.Errorf("P11: Private Key copy failed with error [%s]. Please contact your HSM vendor", prvCopyerror)
+		}
+		prvKeyDestroyError := csp.pkcs11Ctx.DestroyObject(session, prv)
+		if pubKeyDestroyError != nil {
+			return nil, nil, fmt.Errorf("P11: Private Key destroy failed with error [%s]. Please contact your HSM vendor", prvKeyDestroyError)
+		}
+	}
+
 	nistCurve := namedCurveFromOID(curve)
 	if curve == nil {
 		return nil, nil, fmt.Errorf("Cound not recognize Curve from OID")

internal/github.com/hyperledger/fabric/bccsp/pkcs11/pkcs11.go

@@ -48,6 +48,12 @@ type ResultsIterator interface {
 	Close()
 }
 
+// QueryResultsIterator - an iterator for query result set
+type QueryResultsIterator interface {
+	ResultsIterator
+	GetBookmarkAndClose() string
+}
+
 // QueryResult - a general interface for supporting different types of query results. Actual types differ for different queries
 type QueryResult interface{}
 

internal/github.com/hyperledger/fabric/common/ledger/ledger_interface.go

@@ -21,15 +21,15 @@ import (
 	"time"
 
 	"github.com/cactus/go-statsd-client/statsd"
-	logging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge"
+	flogging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/uber-go/tally"
 	promreporter "github.com/uber-go/tally/prometheus"
 	statsdreporter "github.com/uber-go/tally/statsd"
 )
 
-var logger = logging.MustGetLogger("common/metrics/tally")
+var logger = flogging.MustGetLogger("common/metrics/tally")
 
 var scopeRegistryKey = tally.KeyForPrefixedStringMap
 

internal/github.com/hyperledger/fabric/common/metrics/tally_provider.go

@@ -11,6 +11,8 @@ Please review third_party pinning scripts and patches for more details.
 package ledger
 
 import (
+	"fmt"
+
 	"github.com/golang/protobuf/proto"
 	commonledger "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/common/ledger"
 	"github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/common"
@@ -23,6 +25,7 @@ import (
 type Initializer struct {
 	StateListeners                []StateListener
 	DeployedChaincodeInfoProvider DeployedChaincodeInfoProvider
+	MembershipInfoProvider        MembershipInfoProvider
 }
 
 // PeerLedgerProvider provides handle to ledger instances
@@ -124,15 +127,30 @@ type QueryExecutor interface {
 	GetStateMetadata(namespace, key string) (map[string][]byte, error)
 	// GetStateMultipleKeys gets the values for multiple keys in a single call
 	GetStateMultipleKeys(namespace string, keys []string) ([][]byte, error)
+	// GetStateRangeScanIteratorWithMetadata returns an iterator that contains all the key-values between given key ranges.
+	// startKey is included in the results and endKey is excluded. An empty startKey refers to the first available key
+	// and an empty endKey refers to the last available key. For scanning all the keys, both the startKey and the endKey
+	// can be supplied as empty strings. However, a full scan should be used judiciously for performance reasons.
+	// metadata is a map of additional query parameters
+	// The returned ResultsIterator contains results of type *KV which is defined in protos/ledger/queryresult.
+	GetStateRangeScanIteratorWithMetadata(namespace string, startKey, endKey string, metadata map[string]interface{}) (QueryResultsIterator, error)
 	// ExecuteQuery executes the given query and returns an iterator that contains results of type specific to the underlying data store.
 	// Only used for state databases that support query
 	// For a chaincode, the namespace corresponds to the chaincodeId
 	// The returned ResultsIterator contains results of type *KV which is defined in protos/ledger/queryresult.
 	ExecuteQuery(namespace, query string) (commonledger.ResultsIterator, error)
+	// ExecuteQueryWithMetadata executes the given query and returns an iterator that contains results of type specific to the underlying data store.
+	// metadata is a map of additional query parameters
+	// Only used for state databases that support query
+	// For a chaincode, the namespace corresponds to the chaincodeId
+	// The returned ResultsIterator contains results of type *KV which is defined in protos/ledger/queryresult.
+	ExecuteQueryWithMetadata(namespace, query string, metadata map[string]interface{}) (QueryResultsIterator, error)
 	// GetPrivateData gets the value of a private data item identified by a tuple <namespace, collection, key>
 	GetPrivateData(namespace, collection, key string) ([]byte, error)
 	// GetPrivateDataMetadata gets the metadata of a private data item identified by a tuple <namespace, collection, key>
 	GetPrivateDataMetadata(namespace, collection, key string) (map[string][]byte, error)
+	// GetPrivateDataMetadataByHash gets the metadata of a private data item identified by a tuple <namespace, collection, keyhash>
+	GetPrivateDataMetadataByHash(namespace, collection string, keyhash []byte) (map[string][]byte, error)
 	// GetPrivateDataMultipleKeys gets the values for the multiple private data items in a single call
 	GetPrivateDataMultipleKeys(namespace, collection string, keys []string) ([][]byte, error)
 	// GetPrivateDataRangeScanIterator returns an iterator that contains all the key-values between given key ranges.
@@ -196,6 +214,13 @@ type TxSimulator interface {
 	GetTxSimulationResults() (*TxSimulationResults, error)
 }
 
+// QueryResultsIterator - an iterator for query result set
+type QueryResultsIterator interface {
+	commonledger.ResultsIterator
+	// GetBookmarkAndClose returns a paging bookmark and releases resources occupied by the iterator
+	GetBookmarkAndClose() string
+}
+
 // TxPvtData encapsulates the transaction number and pvt write-set for a transaction
 type TxPvtData struct {
 	SeqInBlock uint64
@@ -207,18 +232,22 @@ type TxPvtData struct {
 // to the ledger at the commit of the corresponding block
 type MissingPrivateData struct {
 	TxId       string
-	SeqInBlock int
+	SeqInBlock uint64
 	Namespace  string
 	Collection string
-	Eligible   bool
+	IsEligible bool
+}
+
+type MissingPrivateDataList struct {
+	List []*MissingPrivateData
 }
 
 // BlockAndPvtData encapsulates the block and a map that contains the tuples <seqInBlock, *TxPvtData>
 // The map is expected to contain the entries only for the transactions that has associated pvt data
 type BlockAndPvtData struct {
 	Block        *common.Block
 	BlockPvtData map[uint64]*TxPvtData
-	Missing      []*MissingPrivateData
+	Missing      *MissingPrivateDataList
 }
 
 // BlockPvtData contains the private data for a block
@@ -227,6 +256,10 @@ type BlockPvtData struct {
 	WriteSets map[uint64]*TxPvtData
 }
 
+func (missing *MissingPrivateDataList) Add(txId string, txNum uint64, ns, coll string, isEligible bool) {
+	missing.List = append(missing.List, &MissingPrivateData{txId, txNum, ns, coll, isEligible})
+}
+
 // PvtCollFilter represents the set of the collection names (as keys of the map with value 'true')
 type PvtCollFilter map[string]bool
 
@@ -348,7 +381,7 @@ type MissingBlockPvtdataInfo map[uint64][]*MissingCollectionPvtDataInfo
 
 // MissingCollectionPvtDataInfo includes the name of the chaincode and collection for which private data is missing
 type MissingCollectionPvtDataInfo struct {
-	ChaincodeName, CollectionName string
+	Namespace, Collection string
 }
 
 // CollectionConfigInfo encapsulates a collection config for a chaincode and its committing block number
@@ -357,6 +390,23 @@ type CollectionConfigInfo struct {
 	CommittingBlockNum uint64
 }
 
+func (missingPvtDataInfo MissingPvtDataInfo) Add(blkNum, txNum uint64, ns, coll string) {
+	missingBlockPvtDataInfo, ok := missingPvtDataInfo[blkNum]
+	if !ok {
+		missingBlockPvtDataInfo = make(MissingBlockPvtdataInfo)
+		missingPvtDataInfo[blkNum] = missingBlockPvtDataInfo
+	}
+
+	if _, ok := missingBlockPvtDataInfo[txNum]; !ok {
+		missingBlockPvtDataInfo[txNum] = []*MissingCollectionPvtDataInfo{}
+	}
+
+	missingBlockPvtDataInfo[txNum] = append(missingBlockPvtDataInfo[txNum],
+		&MissingCollectionPvtDataInfo{
+			Namespace:  ns,
+			Collection: coll})
+}
+
 // ErrCollectionConfigNotYetAvailable is an error which is returned from the function
 // ConfigHistoryRetriever.CollectionConfigAt() if the latest block number committed
 // is lower than the block number specified in the request.
@@ -376,6 +426,26 @@ func (NotFoundInIndexErr) Error() string {
 	return "Entry not found in index"
 }
 
+// CollConfigNotDefinedError is returned whenever an operation
+// is requested on a collection whose config has not been defined
+type CollConfigNotDefinedError struct {
+	Ns string
+}
+
+func (e *CollConfigNotDefinedError) Error() string {
+	return fmt.Sprintf("collection config not defined for chaincode [%s], pass the collection configuration upon chaincode definition/instantiation", e.Ns)
+}
+
+// InvalidCollNameError is returned whenever an operation
+// is requested on a collection whose name is invalid
+type InvalidCollNameError struct {
+	Ns, Coll string
+}
+
+func (e *InvalidCollNameError) Error() string {
+	return fmt.Sprintf("collection [%s] not defined in the collection config for chaincode [%s]", e.Coll, e.Ns)
+}
+
 // PvtdataHashMismatch is used when the hash of private write-set
 // does not match the corresponding hash present in the block
 // See function `PeerLedger.CommitPvtData` for the usages
@@ -418,4 +488,11 @@ type ChaincodeLifecycleDetails struct {
 	CollectionsRemoved []string // names of the collections that are removed
 }
 
+// MembershipInfoProvider is a dependency that is used by ledger to determine whether the current peer is
+// a member of a collection. Gossip module is expected to provide the dependency to ledger
+type MembershipInfoProvider interface {
+	// AmMemberOf checks whether the current peer is a member of the given collection
+	AmMemberOf(channelName string, collectionPolicyConfig *common.CollectionPolicyConfig) (bool, error)
+}
+
 //go:generate counterfeiter -o mock/deployed_ccinfo_provider.go -fake-name DeployedChaincodeInfoProvider . DeployedChaincodeInfoProvider

internal/github.com/hyperledger/fabric/core/ledger/ledger_interface.go

@@ -11,12 +11,9 @@ Please review third_party pinning scripts and patches for more details.
 package cache
 
 import (
-	"fmt"
-	"sync"
-
-	"github.com/golang/groupcache/lru"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/msp"
 	flogging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge"
+	"github.com/pkg/errors"
 )
 
 const (
@@ -30,13 +27,13 @@ var mspLogger = flogging.MustGetLogger("msp")
 func New(o msp.MSP) (msp.MSP, error) {
 	mspLogger.Debugf("Creating Cache-MSP instance")
 	if o == nil {
-		return nil, fmt.Errorf("Invalid passed MSP. It must be different from nil.")
+		return nil, errors.Errorf("Invalid passed MSP. It must be different from nil.")
 	}
 
 	theMsp := &cachedMSP{MSP: o}
-	theMsp.deserializeIdentityCache = lru.New(deserializeIdentityCacheSize)
-	theMsp.satisfiesPrincipalCache = lru.New(satisfiesPrincipalCacheSize)
-	theMsp.validateIdentityCache = lru.New(validateIdentityCacheSize)
+	theMsp.deserializeIdentityCache = newSecondChanceCache(deserializeIdentityCacheSize)
+	theMsp.satisfiesPrincipalCache = newSecondChanceCache(satisfiesPrincipalCacheSize)
+	theMsp.validateIdentityCache = newSecondChanceCache(validateIdentityCacheSize)
 
 	return theMsp, nil
 }
@@ -45,20 +42,14 @@ type cachedMSP struct {
 	msp.MSP
 
 	// cache for DeserializeIdentity.
-	deserializeIdentityCache *lru.Cache
-
-	dicMutex sync.Mutex // synchronize access to cache
+	deserializeIdentityCache *secondChanceCache
 
 	// cache for validateIdentity
-	validateIdentityCache *lru.Cache
-
-	vicMutex sync.Mutex // synchronize access to cache
+	validateIdentityCache *secondChanceCache
 
 	// basically a map of principals=>identities=>stringified to booleans
 	// specifying whether this identity satisfies this principal
-	satisfiesPrincipalCache *lru.Cache
-
-	spcMutex sync.Mutex // synchronize access to cache
+	satisfiesPrincipalCache *secondChanceCache
 }
 
 type cachedIdentity struct {