UNPKG

amazon-qldb-kvs-nodejs

Version:

A helper module, simplifying basic interactions with Amazon Quantum Ledger Database for Node.js through a simple key-value store interface.

github.com/aws-samples/amazon-qldb-kvs-nodejs

aws-samples/amazon-qldb-kvs-nodejs

129 lines (126 loc) 7.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
"use strict"; /* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * You may obtain a copy of the License at * http://www.apache.org/licenses/LICENSE-2.0 * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", { value: true }); exports.verifyDocumentMetadataWithUserData = exports.verifyDocumentMetadataWithLedgerData = void 0; const ion_js_1 = require("ion-js"); const BlockAddress_1 = require("./BlockAddress"); const Logging_1 = require("./Logging"); const logger = Logging_1.log.getLogger("qldb-helper"); const Util_1 = require("./Util"); const Verifier_1 = require("./Verifier"); const GetMetadata_1 = require("./GetMetadata"); const GetRevision_1 = require("./GetRevision"); /** * Verify a version of the document metadata for a given Key by retrieving it from the ledger. * @param txn The {@linkcode TransactionExecutor} for lambda execute. * @param ledgerName The ledger to get the digest from. * @param tableName The table name to query. * @param keyAttributeName A keyAttributeName to query. * @param keyAttributeValue The key of the given keyAttributeName. * @param qldbClient The QLDB control plane client to use. * @returns Promise which fulfills with void. * @throws Error: When verification fails. */ function verifyDocumentMetadataWithLedgerData(txn, ledgerName, tableName, keyAttributeName, keyAttributeValue, qldbClient) { return __awaiter(this, void 0, void 0, function* () { logger.debug(`Let's verify the document with "${keyAttributeName}" = ${keyAttributeValue}, in ledger = ${ledgerName}.`); const result = yield (0, GetMetadata_1.getDocumentLedgerMetadata)(txn, ledgerName, tableName, keyAttributeName, keyAttributeValue, qldbClient); const digestBase64 = result.LedgerDigest.Digest; const digestTipAddress = result.LedgerDigest.DigestTipAddress; const blockAddress = result.BlockAddress; const documentId = result.DocumentId; const revisionResponse = yield (0, GetRevision_1.getRevision)(ledgerName, documentId, blockAddress, digestTipAddress, qldbClient); const revision = ion_js_1.dom.load(revisionResponse.Revision.IonText); const documentHash = (0, Util_1.getBlobValue)(revision, "hash"); const proof = revisionResponse.Proof; logger.debug(`Got back a proof: ${(0, Util_1.valueHolderToString)(proof)}.`); let verified = (0, Verifier_1.verifyDocumentMetadata)(documentHash, digestBase64, proof); if (!verified) { throw new Error("Document revision is not verified."); } else { logger.debug("Success! The document is verified."); } const alteredDocumentHash = (0, Verifier_1.flipRandomBit)(documentHash); logger.debug(`Flipping one bit in the document's hash and assert that the document is NOT verified. The altered document hash is: ${(0, ion_js_1.toBase64)(alteredDocumentHash)}`); verified = (0, Verifier_1.verifyDocumentMetadata)(alteredDocumentHash, digestBase64, proof); if (verified) { throw new Error("Expected altered document hash to not be verified against digest."); } else { logger.debug("Success! As expected flipping a bit in the document hash causes verification to fail."); } logger.debug(`Finished verifying the registration with "${keyAttributeName}" = ${keyAttributeValue} in ledger = ${ledgerName}.`); }); } exports.verifyDocumentMetadataWithLedgerData = verifyDocumentMetadataWithLedgerData; /** * Verify a version of the document metadata for the given Key using metadata provided by the user. * @param ledgerName The ledger to get the digest from. * @param qldbClient The QLDB control plane client to use. * @param userLedgerMetadata The {@linkcode LedgerMetadata} object to verify against the ledger. * @returns Promise which fulfills with boolean. * @throws Error: When verification fails. */ function verifyDocumentMetadataWithUserData(ledgerName, qldbClient, userLedgerMetadata) { return __awaiter(this, void 0, void 0, function* () { const fcnName = "[VerifyDocumentMetadata verifyDocumentMetadataWithUserData]"; try { logger.debug(`${fcnName} Verifying the document with Id = ${userLedgerMetadata.DocumentId}, in ledger = ${ledgerName}.`); logger.debug(`${fcnName} User Ledger Metadata: ${JSON.stringify(userLedgerMetadata)}`); const userRevisionHash = userLedgerMetadata.RevisionHash; const userRevisionId = userLedgerMetadata.DocumentId; const userBlockAddress = userLedgerMetadata.BlockAddress; //const userProof: ValueHolder = userLedgerMetadata.Proof; const userDigestBase64 = userLedgerMetadata.LedgerDigest.Digest; const revisionResponse = yield (0, GetRevision_1.getRevision)(ledgerName, userLedgerMetadata.DocumentId, userLedgerMetadata.BlockAddress, userLedgerMetadata.LedgerDigest.DigestTipAddress, qldbClient); logger.debug(`${fcnName} Got revision: ${JSON.stringify(revisionResponse)}`); const revision = ion_js_1.dom.load(revisionResponse.Revision.IonText); const blockAddress = (0, BlockAddress_1.blockAddressToValueHolder)(revision); const revisionHash = (0, Util_1.getBlobValue)(revision, "hash"); const revisionId = revision.get("metadata", "id").stringValue(); const proof = revisionResponse.Proof; if ((userRevisionHash) !== (0, ion_js_1.toBase64)(revisionHash)) { throw new Error(`${fcnName} Revision hashes do not match. Received from user: ${userRevisionHash}; Received from Ledger: ${(0, ion_js_1.toBase64)(revisionHash)}`); } logger.debug(`${fcnName} Revision hash match with the ledger.`); logger.debug(`${fcnName} Got back the proof: ${(0, Util_1.valueHolderToString)(proof)}.`); const userRevisionHashBinary = Buffer.from(userRevisionHash, 'base64'); const verifiedDocument = (0, Verifier_1.verifyDocumentMetadata)(userRevisionHashBinary, userDigestBase64, proof); if (!verifiedDocument) { throw new Error(`${fcnName} Document revision is not verified.`); } else { logger.debug(`${fcnName} Success! The document is verified.`); } logger.debug(`${fcnName} Finished verifying document with Id = ${userLedgerMetadata.DocumentId}, in ledger = ${ledgerName}.`); return verifiedDocument; } catch (err) { throw `${fcnName} ${err} `; } }); } exports.verifyDocumentMetadataWithUserData = verifyDocumentMetadataWithUserData;