feat(quorum): private transaction support

[travis-payne]

Fixes #951

[petermetz]

@travis-payne Where are these being used? (meaning the whole network-files directory)

[travis-payne]

As below, not all the files are being used, but figured I'd leave them all there in case someone wants to expand on functionality that I might not foresee right now. Can remove if it useless though.

https://github.com/hyperledger/cactus/blob/24e3b0dd08fff550cbba7785566eea19daee1edd/packages/cactus-plugin-ledger-connector-quorum/src/test/typescript/integration/plugin-ledger-connector-quorum/deploy-contract/v2.3.0-deploy-contract-from-json-private.test.ts#L201

[petermetz]

@travis-payne Only saw this by accident just now, please tag me otherwise it doesn't show up on my mentions feed.
I'd throw everything out that's not being used because we don't know when that future date will come and if these files will be outdated by then which would also lead to some additional confusion.

[codecov-commenter]

Codecov Report

Merging #1337 (dc890f8) into main (5140fe8) will increase coverage by 0.02%.
The diff coverage is 71.17%.

@@            Coverage Diff             @@
##             main    #1337      +/-   ##
==========================================
+ Coverage   71.33%   71.35%   +0.02%     
==========================================
  Files         308      309       +1     
  Lines       11264    11371     +107     
  Branches     1383     1400      +17     
==========================================
+ Hits         8035     8114      +79     
- Misses       2475     2490      +15     
- Partials      754      767      +13     

Impacted Files	Coverage Δ
...pescript/generated/openapi/typescript-axios/api.ts	60.31% <ø> (ø)
.../main/typescript/plugin-ledger-connector-quorum.ts	75.18% <54.54%> (-1.62%)	⬇️
...rc/main/typescript/quorum/quorum-mp-test-ledger.ts	74.11% <74.11%> (ø)
...ypescript/web-services/invoke-contract-endpoint.ts	87.09% <100.00%> (ø)
...ypescript/web-services/run-transaction-endpoint.ts	87.09% <100.00%> (ø)
...tus-test-tooling/src/main/typescript/public-api.ts	100.00% <100.00%> (ø)
...main/typescript/rustc-container/rustc-container.ts	68.53% <0.00%> (+2.24%)	⬆️
...main/typescript/plugin-factory-ledger-connector.ts	100.00% <0.00%> (+25.00%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5140fe8...dc890f8. Read the comment docs.

[petermetz]

@travis-payne Does this still works if you switch from throws to rejects ?

throws is for sync functions and I suspect the only thing it does here is asserting that a promise was returned without throwing, but it does not check if said promise would reject or resolve (even with the await keyword baked in there - could be wrong though so I'm just asking to double check)

[travis-payne]

throws works here but running rejects seems to crash out.

[petermetz]

throws works here but running rejects seems to crash out.

@travis-payne Please attach the logs that it crashes with.

[travis-payne]

# member3 should not be able to call contract
not ok 14 member3Contract.methods.getName().call() throws exception
  ---
    operator: throws
    expected: undefined
    actual:   undefined
    at: <anonymous> (/home/travispayne/cactus-fork/node_modules/tape-promise/index.compiled.js:43:12)
    stack: |-
      Error: member3Contract.methods.getName().call() throws exception
          at Test.assert [as _assert] (/home/travispayne/cactus-fork/node_modules/tape/lib/test.js:311:54)
          at Test.bound [as _assert] (/home/travispayne/cactus-fork/node_modules/tape/lib/test.js:96:32)
          at Test.throws (/home/travispayne/cactus-fork/node_modules/tape/lib/test.js:676:10)
          at Test.bound [as throws] (/home/travispayne/cactus-fork/node_modules/tape/lib/test.js:96:32)
          at /home/travispayne/cactus-fork/node_modules/tape-promise/index.compiled.js:43:12
          at processTicksAndRejections (internal/process/task_queues.js:95:5)
          at async /home/travispayne/cactus-fork/packages/cactus-plugin-ledger-connector-quorum/src/test/typescript/integration/plugin-ledger-connector-quorum/deploy-contract/v2.3.0-deploy-contract-from-json-private.test.ts:292:3

[travis-payne]

@petermetz sorry its a little delayed, but logs attached

[petermetz]

@travis-payne The logs you attached look like they were generated by throws not rejects (based on the call stack) could you please double check if these are the logs for rejects crashing for sure?

[travis-payne]

@petermetz yup, the following code chucks the same error:

const promise = member3Contract.methods.getName().call();
await t.rejects(promise,"member3 should not be able to call contract");

[petermetz]

@travis-payne Alright, I'll debug it on my machine then.
Please push a version of the code where it reproduces after a yarn configure && yarn ts-node packages/cactus-plugin-ledger-connector-quorum/src/test/typescript/integration/plugin-ledger-connector-quorum/deploy-contract/v2.3.0-deploy-contract-from-json-private.test.ts and then ping me here and I'll take a peek.

[petermetz]

https://chat.hyperledger.org/channel/cactus?msg=H3KZMTkHwG8n2kWS2

[johnhomantaring]

@petermetz can you assign me to this

[johnhomantaring]

@petermetz all changes has been merged and to give context on the changes done.

1.) Issue on multiple nonce error has been resolved.

• Based on my observation this is due to getTransactionCount method that uses incorrect signing account address. Before we are using the nonce created from the test script but using a different signing account. Instead of sending it from the test script and modify openAPI I just used privateKeytoAccount() method and created the nonce from the connector.

2.) Typings for web3js-quorum has been changed as well based on the latest update. Although this is not yet available in their latest release but available on their github repo. I modified some parts as well because there are some discrepancies on the examples and documentations.

3.) Modified the last part of the test script because Node3 is getting some error due to contracts deployed only in Node1 and Node2. Instead of truthy modified it to expect error.

[gitguardian]

⚠️ GitGuardian has uncovered 2 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	Secret	Commit	Filename
-	Elliptic Curve Private Key	3f43cef	contribs/Fujitsu-ConnectionChain/connection-chain/environment/base/cc_env/servers/cooperation/coreSide/ec1_adapter/CA/adapter.priv	View secret
-	Elliptic Curve Private Key	3f43cef	contribs/Fujitsu-ConnectionChain/connection-chain/environment/base/cc_env/servers/cooperation/coreSide/ec2_adapter/CA/adapter.priv	View secret

🛠 Guidelines to remediate hardcoded secrets

1. Understand the implications of revoking this secret by investigating where it is used in your code.
2. Replace and store your secrets safely. Learn here the best practices.
3. Revoke and rotate these secrets.
4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

• following these best practices for managing and storing secrets including API keys and other credentials
• install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

---

<sup>🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!</sup>

[jagpreetsinghsasan]

I see some crypto material like pub/priv keys in the code.
Can we not generate them within the code itself ?
Also, can you squash merge the commits?

[johnhomantaring]

I see some crypto material like pub/priv keys in the code. Can we not generate them within the code itself ? Also, can you squash merge the commits?

will do.. I'm not the original owner of the PR so I'm unable to put it in draft.. Currently working on the changes

[jagpreetsinghsasan]

@petermetz can we not simply close this PR and let @johnhomantaring create a fresh one?

[petermetz]

I see some crypto material like pub/priv keys in the code. Can we not generate them within the code itself ? Also, can you squash merge the commits?

@jagpreetsinghsasan All good ideas!

[petermetz]

@petermetz can we not simply close this PR and let @johnhomantaring create a fresh one?

@jagpreetsinghsasan Usually I'd not do that because then the work @travis-payne had put in would appear on the other PR, but what we can do is add him as an author to the commit that will end up being in that new PR. So yeah, @johnhomantaring Please just start a new PR so that permissions are not a problem but do make sure that @travis-payne gets credit in the commit for the contributions as well not just yourself.

[johnhomantaring]

@petermetz can we not simply close this PR and let @johnhomantaring create a fresh one?

@jagpreetsinghsasan Usually I'd not do that because then the work @travis-payne had put in would appear on the other PR, but what we can do is add him as an author to the commit that will end up being in that new PR. So yeah, @johnhomantaring Please just start a new PR so that permissions are not a problem but do make sure that @travis-payne gets credit in the commit for the contributions as well not just yourself.

@petermetz can we not simply close this PR and let @johnhomantaring create a fresh one?

@jagpreetsinghsasan Usually I'd not do that because then the work @travis-payne had put in would appear on the other PR, but what we can do is add him as an author to the commit that will end up being in that new PR. So yeah, @johnhomantaring Please just start a new PR so that permissions are not a problem but do make sure that @travis-payne gets credit in the commit for the contributions as well not just yourself.

created a new branch related to this PR based from the latest code base and added the fixes done.. Will put credit to @travis-payne on the new PR once done with testing

[jagpreetsinghsasan]

Hi @petermetz , @johnhomantaring
I was investigating this PR, and I found out that there needs to have a major, quite significant code refactoring as the implementation is wrong.

These are few major issues with the code

1. At all places, its assumed that the transactions are private transactions (private transactions should be supported as a feature, with something like an entirely different endpoint). In this process, lots of code generation of openapi is messed up, along with irrelevant objects getting passed through the api endpoints.
   For instance

• The use of privateUrl keyword in the PR code is redundant as there is no code in place supporting its use.

• The RunTransactionRequest and Receipt are modified. Instead we should rather have something like RunPrivateTransactionRequest and corresponding Receipt with a seperate endpoint (like run-private-transaction)

• Passing of excessive, unnecessary data to the endpoints (line 496, 507 of the screenshot has 2 huge objects)
  

2. At places privateTransactionConfig field is used as if the field is optional (first screenshot) whereas at some places its used as a mandatory field (second screenshot)
   

We can definitely re-use many of the code pieces from the PR, but as the refactoring needs to happen from the openapi.json level, almost all the newly generated interfaces, classes etc etc will be very different and thus a re-do is required.

[petermetz]

Hi @petermetz , @johnhomantaring I was investigating this PR, and I found out that there needs to have a major, quite significant code refactoring as the implementation is wrong.

These are few major issues with the code

1. At all places, its assumed that the transactions are private transactions (private transactions should be supported as a feature, with something like an entirely different endpoint). In this process, lots of code generation of openapi is messed up, along with irrelevant objects getting passed through the api endpoints.
   For instance

• The use of privateUrl keyword in the PR code is redundant as there is no code in place supporting its use.
• The RunTransactionRequest and Receipt are modified. Instead we should rather have something like RunPrivateTransactionRequest and corresponding Receipt with a seperate endpoint (like run-private-transaction)
• Passing of excessive, unnecessary data to the endpoints (line 496, 507 of the screenshot has 2 huge objects)
  

2. At places privateTransactionConfig field is used as if the field is optional (first screenshot) whereas at some places its used as a mandatory field (second screenshot)
   

We can definitely re-use many of the code pieces from the PR, but as the refactoring needs to happen from the openapi.json level, almost all the newly generated interfaces, classes etc etc will be very different and thus a re-do is required.

@jagpreetsinghsasan Fair enough. If that's the case then a re-work can be done on it eventually but first I really want to see the tests passing with a minimal set of fixes to the original work and then work our way backwards from there. Otherwise we'll fight the war on 2 fronts (one is trying to make the tests work to begin with and the second one is refactoring everything at the same time).
So, first please work with @johnhomantaring and figure out why the tests are not passing and then make not of a specific commit hash on the branch that has the "minimum viable fix" for making private txes work.
Then move on to the larger refactoring before we do a final review.

[johnhomantaring]

@petermetz The issue of txCount reoccur again because of the same issue of trying to do the old flow of private txn.. I'm also checking how besu is doing the private txn and their code is more simplier without excessive codes. I think it would be best to do the recode like what @jagpreetsinghsasan mentioned since we could based it more with "web3js-quorum" rather than the old "web3js-eea".

[jagpreetsinghsasan]

@johnhomantaring I have found out the issue (removed the previous messages as this is my final finding).
For quorum specifically, the Web3JsQuorum library initialisation is different.
https://consensys.net/docs/goquorum/en/stable/develop/client-libraries/#initialize-the-web3js-quorum-client

This wasnt the case with Besu, as by default isQuorum is set to false.

I tried our code and it works perfectly fine with the above change, the only challenge is with the typescript code of this (The js version works fine for me).
The enclave options are not optional and are not getting passed properly here,

But they are working fine in the corresponding js code (the highlighted code)

[jagpreetsinghsasan]

I made it work using the quorum-js library.
Needed the validator privateKey as well. Attaching the complete test case for reference.
https://github.com/jagpreetsinghsasan/cactus/blob/feature-1337/packages/cactus-plugin-ledger-connector-quorum/src/test/typescript/integration/plugin-ledger-connector-quorum/deploy-contract/alpha.ts

(Maybe we need the validator priv key for web3js-quorum as well, but currently facing technical challenges with the initialisation itself, as mentioned above)

[aldousalvarez]

Good Day @petermetz and @jagpreetsinghsasan.

I would like to work on this one and @johnhomantaring assigned this to me to continue working on this issue

[jagpreetsinghsasan]

Good Day @petermetz and @jagpreetsinghsasan.

I would like to work on this one and @johnhomantaring assigned this to me to continue working on this issue

Hi there!
So for this, are you continuing using the web3jsQuorum lib or quorum-js lib ?
Also, I have made the code work with web3jsQuorum as well.
You can check this commit for reference (Added accountKeyStore of validator1)
jagpreetsinghsasan@7dadf7b

[jagpreetsinghsasan]

Hi @aldousalvarez
Any updates on this PR?

[aldousalvarez]

@jagpreetsinghsasan After using some of your codes and minor modifications on my end of the private transaction is already passing with web3jsQuorum. Do you have any remaining tests on your end that I should include because I will be cleaning up the codes to start the PR and commit my changes.

[jagpreetsinghsasan]

Cool @aldousalvarez . The current tests included in the packages/cactus-plugin-ledger-connector-quorum/src/test/typescript/integration/plugin-ledger-connector-quorum/ path are self-sufficient. Just one point while cleaning up, is to have your changes in a single commit, on the top of the currently existing commits (the latest commit ID being f8bef7a). Once done, we can have all the previous commits squashed (the current 9 commits) into one (will need @petermetz help in this) and add your fix+cleanup (single) commit over it. This way, we will neither loose any previous contributions nor yours. Thankyou for the update!

[jagpreetsinghsasan]

Hi @aldousalvarez
Any updates on this PR?

[aldousalvarez]

Hello @jagpreetsinghsasan currently working with the merging and clean up. As of now I am encountering issue with some conflicts on merging of previous commits. Targeting to complete the cleanup by Jan 27 or earlier and will commit once done with my testing.

[jagpreetsinghsasan]

Hello @jagpreetsinghsasan currently working with the merging and clean up. As of now I am encountering issue with some conflicts on merging of previous commits. Targeting to complete the cleanup by Jan 27 or earlier and will commit once done with my testing.

Thankyou for the update!

[jagpreetsinghsasan]

Hi @aldousalvarez
Any further updates on this ?

[petermetz]

@johnhomantaring @jagpreetsinghsasan @aldousalvarez Closing this so that the discussion is moved over to the new PR at #2293

@travis-payne We'll credit you for that one as well, thanks for putting in the initial work on this one.