The aim of this change set is to apply the well-established "Secure by
default" security principle to the way the validator validates transactions
in a block.

The current code behaves as follows: create an array of validation codes, set
by default to "all transactions are valid"; then perform validation which may
mark transactions as invalid. Furthermore, in other parts of the code, if no
array of validation codes is yet persent in the block, a new one is
indiscriminately created (again, marking all transactions as valid). This
approach is a security anti-pattern because it opens up to attacks where an
adversary may force the code through a path where the default "tx is valid"
validation code is maintained even for invalid txes.

This change set ensures that validation code arrays are created and set to a
new value (TxValidationCode_NOT_VALIDATED) which ensures that a transaction
that hasn't been validated cannot be mistaken for a valid one.

Change-Id: I5dbb18dd77af3cd14b168042ae660e4e27bf29dd
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>

Populate PrivatePayload gossip message with additional information about
simulation and collection configuration available at the endorsement
time to support distribution of private data in light of collections
membership changes.

Change-Id: I0542e85afbeb9b1a273e53ae34161977dc1bb4d4
Signed-off-by: Artem Barger <bartem@il.ibm.com>

Add two new fields to the PrivatePayload to include information about
the simulation time ledger height and the collection configuration
available at endorsement time.

Change-Id: Ie469d09c9155e65e4701ea9f2336f0bde1ef8f36
Signed-off-by: Artem Barger <bartem@il.ibm.com>

Change-Id: I763ede8583834fc419303c0989d4bfe79801bee5
Signed-off-by: Christopher Ferris <chrisfer@us.ibm.com>

In the current code, the transient store persists rwset.TxPvtReadWriteSet
as a value. This CR defines a new proto message in the `transientstore`
package named `TxPvtReadWriteSetWithConfigInfo` which encapsulates
rwset.TxPvtReadWriteSet and common.CollectionConfigPackage

Gossip will utilize this new proto message while supporting
dissemination with dynamic collections.

Change-Id: Ia178d27fba185ea620818a056c43dc575880a7a0
Signed-off-by: senthil <cendhu@gmail.com>

Search is broken in ReadtheDocs
due to a RTD bug. Setting the
sphinx-rtd-theme==v0.2.5b2

Change-Id: I04e9d726ee9046ad312826d5ac93e063ccc2f326
Signed-off-by: pama-ibm <pama@ibm.com>

The e2e_cli test was recently updated based on the assumption that the
project name was e2e (as newer versions of docker compose seem to handle
directories with underscores in their names differently).  However, this
CR failed to check in a new file (.env) which set this.  This CR
remedies the situation.

Change-Id: I04967011b33789cb51d81c3e7738ade6554d7962
Signed-off-by: Jason Yellick <jyellick@us.ibm.com>

* changes:
  [FAB-9755] Remove redundant empty cname check
  [FAB-9753] Normalize error reporting in runtime
  [FAB-9752] Wire registry into handler
  [FAB-9739] Introduce ACLProvider interface
  [FAB-9737] Introduce PackageProvider interface

- Fix some types and broken links
- Clarify the difference about endorsement validation between
  phase 1 and 3
- write_first_app and build_network are reordered to be consistent
  with the intro text

Change-Id: I16987b082021a110f86ed26d66bd2a48cf46784e
Signed-off-by: Hui Kang <kangh@us.ibm.com>

The getter will panic if the canonical name is not set.

Also, standardize "cname" for canonicalName/canName.

Change-Id: I1efe6a6a3754616893c1fd308071a70b0a98d176
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

Change-Id: I4572251da51a02de77b8420a9e45d0819fb18839
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

This sets up for additional refactoring and unit tests for the Handler.

Change-Id: Ib0db4a16463185b5ad1aa5608ca1156dfc5ced62
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

Pass the ACL provider to chaincode support instead of getting it from a
global out of the handler.

Change-Id: I4f58cea1b17db248d190a7f48cdd1f2da2030fce
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

Change-Id: Ic76e26eb9e8d145eb48c2d792c01c87e0e3c538a
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

In the current implementation, levelDB encodes the KVS version as part of
the KVS value, whereas couchDB encodes the KVS version as an additional
map entry. The code to package version and value into a byte array therefore
only belongs to the levelDB code, and not the generic stateDB code.

Change-Id: I673ff84d95c92b1829e9a0f37b536deb78314242
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>
Signed-off-by: Matthias Neugschwandtner <eug@zurich.ibm.com>

This change set introduces a new capability for key level validation (as
described in FAB-8812).

Change-Id: I1a517e61b0df7d3e3017866a457b2ee657109b18
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>
Signed-off-by: Matthias Neugschwandtner <eug@zurich.ibm.com>

Change-Id: I15d11c3b000b58abd26be460281748e515b2515d
Signed-off-by: Matthew Sykes <sykesmat@us.ibm.com>

This example was originally used by the e2e_cli. However,
long ago, the e2e_cli switched to using the chaincode in
the standard examples/chaincode/go directory.

This CR removes the dead example code to ensure anyone
wishing to modify the chaincode used by the e2e_cli is
sure they're modifying the chaincode that's actually being
used.

Change-Id: I511f72b73ccb4d7a936373d2d7166127e2f0552f
Signed-off-by: Will Lahti <wtlahti@us.ibm.com>

State operations require retrieving a query executor
which should be released.

Therefore, we need an indirection level when we obtain the state
in order to first obtain the query executor, execute the plugin
and finally call Done() to release the query executor's resources.

Change-Id: Idba69a2a8b1ba3d360bfc4858a0f98b6a11cc56e
Signed-off-by: yacovm <yacovm@il.ibm.com>