[FAB-1639] [FAB-1580] Rework validator

This change-set has removed calls to the txvalidator that were issued right
after the peer (the leader) receives blocks from the orderers. The validator
is now called to validate messages received from the gossip layer. In order
to fix an import cycle, we have introduced the ChaincodeProvider interface
in core/common/ccprovider/ccprovider.go, an implementation and a factory.
This way, code that needs to use functions from the chaincode package
without importing it can simply use (and possibly extend) the
ChaincodeProvider interface and implementation.

Furthermore, this drop has introduced protocol-level message validation for
config transactions that was lacking before.

Change-Id: I5906a6fe3da8410b05b5079dd7f0b9d28d20bb85
Signed-off-by: Alessandro Sorniotti <ale.linux@sopit.net>

Author: ale-linux

common/configtx/template.go

@@ -22,7 +22,10 @@ import (
 	ab "github.com/hyperledger/fabric/protos/orderer"
 	"github.com/hyperledger/fabric/protos/utils"
 
+	"fmt"
+
 	"github.com/golang/protobuf/proto"
+	"github.com/hyperledger/fabric/msp"
 )
 
 const (
@@ -150,16 +153,29 @@ func join(sets ...[]*cb.SignedConfigurationItem) []*cb.SignedConfigurationItem {
 }
 
 // MakeChainCreationTransaction is a handy utility function for creating new chain transactions using the underlying Template framework
-func MakeChainCreationTransaction(creationPolicy string, chainID string, templates ...Template) (*cb.Envelope, error) {
+func MakeChainCreationTransaction(creationPolicy string, chainID string, signer msp.SigningIdentity, templates ...Template) (*cb.Envelope, error) {
 	newChainTemplate := NewChainCreationTemplate(creationPolicy, NewCompositeTemplate(templates...))
 	signedConfigItems, err := newChainTemplate.Items(chainID)
 	if err != nil {
 		return nil, err
 	}
 
+	sSigner, err := signer.Serialize()
+	if err != nil {
+		return nil, fmt.Errorf("Serialization of identity failed, err %s", err)
+	}
+
 	payloadChainHeader := utils.MakeChainHeader(cb.HeaderType_CONFIGURATION_TRANSACTION, msgVersion, chainID, epoch)
-	payloadSignatureHeader := utils.MakeSignatureHeader(nil, utils.CreateNonceOrPanic())
+	payloadSignatureHeader := utils.MakeSignatureHeader(sSigner, utils.CreateNonceOrPanic())
 	payloadHeader := utils.MakePayloadHeader(payloadChainHeader, payloadSignatureHeader)
 	payload := &cb.Payload{Header: payloadHeader, Data: utils.MarshalOrPanic(utils.MakeConfigurationEnvelope(signedConfigItems...))}
-	return &cb.Envelope{Payload: utils.MarshalOrPanic(payload), Signature: nil}, nil
+	paylBytes := utils.MarshalOrPanic(payload)
+
+	// sign the payload
+	sig, err := signer.Sign(paylBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	return &cb.Envelope{Payload: paylBytes, Signature: sig}, nil
 }

common/configtx/test/helper.go

@@ -28,6 +28,11 @@ import (
 	"github.com/golang/protobuf/proto"
 )
 
+const (
+	// AcceptAllPolicyKey is the key of the AcceptAllPolicy.
+	AcceptAllPolicyKey = "AcceptAllPolicy"
+)
+
 var template configtx.Template
 
 var genesisFactory genesis.Factory

core/chaincode/ccproviderimpl.go

@@ -0,0 +1,81 @@
+package chaincode
+
+import (
+	"context"
+
+	"github.com/hyperledger/fabric/core/common/ccprovider"
+	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/protos/peer"
+)
+
+// ccProviderFactory implements the ccprovider.ChaincodeProviderFactory
+// interface and returns instances of ccprovider.ChaincodeProvider
+type ccProviderFactory struct {
+}
+
+// NewChaincodeProvider returns pointers to ccProviderImpl as an
+// implementer of the ccprovider.ChaincodeProvider interface
+func (c *ccProviderFactory) NewChaincodeProvider() ccprovider.ChaincodeProvider {
+	return &ccProviderImpl{}
+}
+
+// init is called when this package is loaded. This implementation registers the factory
+func init() {
+	ccprovider.RegisterChaincodeProviderFactory(&ccProviderFactory{})
+}
+
+// ccProviderImpl is an implementation of the ccprovider.ChaincodeProvider interface
+type ccProviderImpl struct {
+	txsim ledger.TxSimulator
+}
+
+// ccProviderContextImpl contains the state that is passed around to calls to methods of ccProviderImpl
+type ccProviderContextImpl struct {
+	ctx *CCContext
+}
+
+// GetContext returns a context for the supplied ledger, with the appropriate tx simulator
+func (c *ccProviderImpl) GetContext(ledger ledger.ValidatedLedger) (context.Context, error) {
+	var err error
+	// get context for the chaincode execution
+	c.txsim, err = ledger.NewTxSimulator()
+	if err != nil {
+		return nil, err
+	}
+	ctxt := context.WithValue(context.Background(), TXSimulatorKey, c.txsim)
+	return ctxt, nil
+}
+
+// GetCCContext returns an interface that encapsulates a
+// chaincode context; the interface is required to avoid
+// referencing the chaincode package from the interface definition
+func (c *ccProviderImpl) GetCCContext(cid, name, version, txid string, syscc bool, prop *peer.Proposal) interface{} {
+	ctx := NewCCContext(cid, name, version, txid, syscc, prop)
+	return &ccProviderContextImpl{ctx: ctx}
+}
+
+// GetVSCCFromLCCC returns the VSCC listed in LCCC for the supplied chaincode
+func (c *ccProviderImpl) GetVSCCFromLCCC(ctxt context.Context, txid string, prop *peer.Proposal, chainID string, chaincodeID string) (string, error) {
+	data, err := GetChaincodeDataFromLCCC(ctxt, txid, prop, chainID, chaincodeID)
+	if err != nil {
+		return "", err
+	}
+
+	vscc := "vscc"
+	// Check whenever VSCC defined for chaincode data
+	if data != nil && data.Vscc != "" {
+		vscc = data.Vscc
+	}
+
+	return vscc, nil
+}
+
+// ExecuteChaincode executes the chaincode specified in the context with the specified arguments
+func (c *ccProviderImpl) ExecuteChaincode(ctxt context.Context, cccid interface{}, args [][]byte) ([]byte, *peer.ChaincodeEvent, error) {
+	return ExecuteChaincode(ctxt, cccid.(*ccProviderContextImpl).ctx, args)
+}
+
+// ReleaseContext frees up resources held by the context
+func (c *ccProviderImpl) ReleaseContext() {
+	c.txsim.Done()
+}

core/committer/committer_impl.go

@@ -17,6 +17,7 @@ limitations under the License.
 package committer
 
 import (
+	"github.com/hyperledger/fabric/core/committer/txvalidator"
 	"github.com/hyperledger/fabric/core/ledger"
 	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
@@ -38,16 +39,21 @@ func init() {
 // it keeps the reference to the ledger to commit blocks and retreive
 // chain information
 type LedgerCommitter struct {
-	ledger ledger.ValidatedLedger
+	ledger    ledger.ValidatedLedger
+	validator txvalidator.Validator
 }
 
 // NewLedgerCommitter is a factory function to create an instance of the committer
-func NewLedgerCommitter(ledger ledger.ValidatedLedger) *LedgerCommitter {
-	return &LedgerCommitter{ledger}
+func NewLedgerCommitter(ledger ledger.ValidatedLedger, validator txvalidator.Validator) *LedgerCommitter {
+	return &LedgerCommitter{ledger: ledger, validator: validator}
 }
 
 // CommitBlock commits block to into the ledger
 func (lc *LedgerCommitter) CommitBlock(block *common.Block) error {
+	// Validate and mark invalid transactions
+	logger.Debug("Validating block")
+	lc.validator.Validate(block)
+
 	if err := lc.ledger.Commit(block); err != nil {
 		return err
 	}

core/committer/committer_test.go

@@ -24,6 +24,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
+	"github.com/hyperledger/fabric/core/mocks/validator"
 	pb "github.com/hyperledger/fabric/protos/peer"
 )
 
@@ -35,7 +36,7 @@ func TestKVLedgerBlockStorage(t *testing.T) {
 	assert.NoError(t, err, "Error while creating ledger: %s", err)
 	defer ledger.Close()
 
-	committer := NewLedgerCommitter(ledger)
+	committer := NewLedgerCommitter(ledger, &validator.MockValidator{})
 	height, err := committer.LedgerHeight()
 	assert.Equal(t, uint64(0), height)
 	assert.NoError(t, err)

core/committer/txvalidator/txvalidator_test.go

@@ -24,28 +24,22 @@ import (
 	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
 	"github.com/hyperledger/fabric/core/ledger/testutil"
 	"github.com/hyperledger/fabric/core/ledger/util"
+	"github.com/hyperledger/fabric/core/mocks/validator"
 	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
 	"github.com/spf13/viper"
 	"github.com/stretchr/testify/assert"
 )
 
-type mockVsccValidator struct {
-}
-
-func (v *mockVsccValidator) VSCCValidateTx(payload *common.Payload, envBytes []byte) error {
-	return nil
-}
-
 func TestKVLedgerBlockStorage(t *testing.T) {
 	viper.Set("peer.fileSystemPath", "/tmp/fabric/txvalidatortest")
 	ledgermgmt.InitializeTestEnv()
 	defer ledgermgmt.CleanupTestEnv()
 	ledger, _ := ledgermgmt.CreateLedger("TestLedger")
 	defer ledger.Close()
 
-	validator := &txValidator{ledger, &mockVsccValidator{}}
+	validator := &txValidator{ledger, &validator.MockVsccValidator{}}
 
 	bcInfo, _ := ledger.GetBlockchainInfo()
 	testutil.AssertEquals(t, bcInfo, &pb.BlockchainInfo{
@@ -76,7 +70,7 @@ func TestNewTxValidator_DuplicateTransactions(t *testing.T) {
 	ledger, _ := ledgermgmt.CreateLedger("TestLedger")
 	defer ledger.Close()
 
-	validator := &txValidator{ledger, &mockVsccValidator{}}
+	validator := &txValidator{ledger, &validator.MockVsccValidator{}}
 
 	// Create simeple endorsement transaction
 	payload := &common.Payload{

core/committer/txvalidator/validator.go

@@ -17,15 +17,14 @@ limitations under the License.
 package txvalidator
 
 import (
-	"context"
 	"fmt"
 
 	"github.com/golang/protobuf/proto"
 	coreUtil "github.com/hyperledger/fabric/common/util"
-	"github.com/hyperledger/fabric/core/chaincode"
+	"github.com/hyperledger/fabric/core/common/ccprovider"
+	"github.com/hyperledger/fabric/core/common/validation"
 	"github.com/hyperledger/fabric/core/ledger"
 	ledgerUtil "github.com/hyperledger/fabric/core/ledger/util"
-	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/protos/common"
 	"github.com/hyperledger/fabric/protos/utils"
 	"github.com/op/go-logging"
@@ -48,7 +47,8 @@ type vsccValidator interface {
 // vsccValidator implementation which used to call
 // vscc chaincode and validate block transactions
 type vsccValidatorImpl struct {
-	ledger ledger.ValidatedLedger
+	ledger     ledger.ValidatedLedger
+	ccprovider ccprovider.ChaincodeProvider
 }
 
 // implementation of Validator interface, keeps
@@ -69,7 +69,12 @@ func init() {
 // NewTxValidator creates new transactions validator
 func NewTxValidator(ledger ledger.ValidatedLedger) Validator {
 	// Encapsulates interface implementation
-	return &txValidator{ledger, &vsccValidatorImpl{ledger}}
+	return &txValidator{ledger, &vsccValidatorImpl{ledger: ledger, ccprovider: ccprovider.GetChaincodeProvider()}}
+}
+
+func (v *txValidator) chainExists(chain string) bool {
+	// TODO: implement this function!
+	return true
 }
 
 func (v *txValidator) Validate(block *common.Block) {
@@ -92,11 +97,19 @@ func (v *txValidator) Validate(block *common.Block) {
 				logger.Debug("Validating transaction peer.ValidateTransaction()")
 				var payload *common.Payload
 				var err error
-				if payload, _, err = peer.ValidateTransaction(env); err != nil {
+				if payload, err = validation.ValidateTransaction(env); err != nil {
 					logger.Errorf("Invalid transaction with index %d, error %s", tIdx, err)
 					continue
 				}
 
+				chain := payload.Header.ChainHeader.ChainID
+				logger.Debug("Transaction is for chain %s", chain)
+
+				if !v.chainExists(chain) {
+					logger.Errorf("Dropping transaction for non-existent chain %s", chain)
+					continue
+				}
+
 				if common.HeaderType(payload.Header.ChainHeader.Type) == common.HeaderType_ENDORSER_TRANSACTION {
 					// Check duplicate transactions
 					txID := payload.Header.ChainHeader.TxID
@@ -113,7 +126,13 @@ func (v *txValidator) Validate(block *common.Block) {
 						continue
 					}
 				} else if common.HeaderType(payload.Header.ChainHeader.Type) == common.HeaderType_CONFIGURATION_TRANSACTION {
-					logger.Warningf("Validation for common.HeaderType_CONFIGURATION_TRANSACTION %d pending JIRA-1639", tIdx)
+					// TODO: here we should call CSCC and pass it the config tx
+					// note that there is quite a bit more validation necessary
+					// on this tx, namely, validation that each config item has
+					// signature matching the policy required for the item from
+					// the existing configuration; this is taken care of nicely
+					// by configtx.Manager (see fabric/common/configtx).
+					logger.Debug("config transaction received for chain %s", chain)
 				}
 
 				if _, err := proto.Marshal(env); err != nil {
@@ -157,15 +176,12 @@ func (v *vsccValidatorImpl) VSCCValidateTx(payload *common.Payload, envBytes []b
 	// args[1] - serialized Envelope
 	args := [][]byte{[]byte(""), envBytes}
 
-	// get context for the chaincode execution
-	lgr := v.ledger
-	txsim, err := lgr.NewTxSimulator()
+	ctxt, err := v.ccprovider.GetContext(v.ledger)
 	if err != nil {
-		logger.Errorf("Cannot obtain tx simulator txid=%s, err %s", txid, err)
+		logger.Errorf("Cannot obtain context for txid=%s, err %s", txid, err)
 		return err
 	}
-	defer txsim.Done()
-	ctxt := context.WithValue(context.Background(), chaincode.TXSimulatorKey, txsim)
+	defer v.ccprovider.ReleaseContext()
 
 	// get header extensions so we have the visibility field
 	hdrExt, err := utils.GetChaincodeHeaderExtension(payload.Header)
@@ -177,31 +193,24 @@ func (v *vsccValidatorImpl) VSCCValidateTx(payload *common.Payload, envBytes []b
 	// Explanation: we actually deploying chaincode transaction,
 	// hence no lccc yet to query for the data, therefore currently
 	// introducing a workaround to skip obtaining LCCC data.
-	var data *chaincode.ChaincodeData
+	vscc := "vscc"
 	if hdrExt.ChaincodeID.Name != "lccc" {
 		// Extracting vscc from lccc
-		logger.Info("Extracting chaincode data from LCCC txid = ", txid, "chainID", chainID, "chaincode name", hdrExt.ChaincodeID.Name)
-		data, err = chaincode.GetChaincodeDataFromLCCC(ctxt, txid, nil, chainID, hdrExt.ChaincodeID.Name)
+		vscc, err = v.ccprovider.GetVSCCFromLCCC(ctxt, txid, nil, chainID, hdrExt.ChaincodeID.Name)
 		if err != nil {
 			logger.Errorf("Unable to get chaincode data from LCCC for txid %s, due to %s", txid, err)
 			return err
 		}
 	}
 
-	vscc := "vscc"
-	// Check whenever VSCC defined for chaincode data
-	if data != nil && data.Vscc != "" {
-		vscc = data.Vscc
-	}
-
 	vscctxid := coreUtil.GenerateUUID()
 	// Get chaincode version
 	version := coreUtil.GetSysCCVersion()
-	cccid := chaincode.NewCCContext(chainID, vscc, version, vscctxid, true, nil)
+	cccid := v.ccprovider.GetCCContext(chainID, vscc, version, vscctxid, true, nil)
 
 	// invoke VSCC
 	logger.Info("Invoking VSCC txid", txid, "chaindID", chainID)
-	_, _, err = chaincode.ExecuteChaincode(ctxt, cccid, args)
+	_, _, err = v.ccprovider.ExecuteChaincode(ctxt, cccid, args)
 	if err != nil {
 		logger.Errorf("VSCC check failed for transaction txid=%s, error %s", txid, err)
 		return err

core/common/ccprovider/ccprovider.go

@@ -0,0 +1,49 @@
+package ccprovider
+
+import (
+	"context"
+
+	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/protos/peer"
+)
+
+// ChaincodeProvider provides an abstraction layer that is
+// used for different packages to interact with code in the
+// chaincode package without importing it; more methods
+// should be added below if necessary
+type ChaincodeProvider interface {
+	// GetContext returns a ledger context
+	GetContext(ledger ledger.ValidatedLedger) (context.Context, error)
+	// GetCCContext returns an opaque chaincode context
+	GetCCContext(cid, name, version, txid string, syscc bool, prop *peer.Proposal) interface{}
+	// GetVSCCFromLCCC returns the VSCC listed by LCCC for the supplied chaincode
+	GetVSCCFromLCCC(ctxt context.Context, txid string, prop *peer.Proposal, chainID string, chaincodeID string) (string, error)
+	// ExecuteChaincode executes the chaincode given context and args
+	ExecuteChaincode(ctxt context.Context, cccid interface{}, args [][]byte) ([]byte, *peer.ChaincodeEvent, error)
+	// ReleaseContext releases the context returned previously by GetContext
+	ReleaseContext()
+}
+
+var ccFactory ChaincodeProviderFactory
+
+// ChaincodeProviderFactory defines a factory interface so
+// that the actual implementation can be injected
+type ChaincodeProviderFactory interface {
+	NewChaincodeProvider() ChaincodeProvider
+}
+
+// RegisterChaincodeProviderFactory is to be called once to set
+// the factory that will be used to obtain instances of ChaincodeProvider
+func RegisterChaincodeProviderFactory(ccfact ChaincodeProviderFactory) {
+	ccFactory = ccfact
+}
+
+// GetChaincodeProvider returns instances of ChaincodeProvider;
+// the actual implementation is controlled by the factory that
+// is registered via RegisterChaincodeProviderFactory
+func GetChaincodeProvider() ChaincodeProvider {
+	if ccFactory == nil {
+		panic("The factory must be set first via RegisterChaincodeProviderFactory")
+	}
+	return ccFactory.NewChaincodeProvider()
+}

core/common/validation/config_test.go

@@ -0,0 +1,44 @@
+/*
+Copyright IBM Corp. 2016 All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+		 http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"testing"
+
+	"github.com/hyperledger/fabric/common/configtx"
+	"github.com/hyperledger/fabric/common/configtx/test"
+	"github.com/hyperledger/fabric/common/util"
+	"github.com/hyperledger/fabric/protos/utils"
+)
+
+func TestValidateConfigTx(t *testing.T) {
+	chainID := util.GetTestChainID()
+	oTemplate := test.GetOrdererTemplate()
+	mspcfg := configtx.NewSimpleTemplate(utils.EncodeMSPUnsigned(chainID))
+	chCrtTemp := configtx.NewCompositeTemplate(oTemplate, mspcfg)
+	chCrtEnv, err := configtx.MakeChainCreationTransaction(test.AcceptAllPolicyKey, chainID, signer, chCrtTemp)
+	if err != nil {
+		t.Fatalf("MakeChainCreationTransaction failed, err %s", err)
+		return
+	}
+
+	_, err = ValidateTransaction(chCrtEnv)
+	if err != nil {
+		t.Fatalf("ValidateTransaction failed, err %s", err)
+		return
+	}
+}

core/peer/fullflow_test.go core/common/validation/fullflow_test.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package peer
+package validation
 
 import (
 	"math/rand"
@@ -82,12 +82,20 @@ func TestGoodPath(t *testing.T) {
 	}
 
 	// validate the transaction
-	_, act, err := ValidateTransaction(tx)
+	payl, err := ValidateTransaction(tx)
 	if err != nil {
 		t.Fatalf("ValidateTransaction failed, err %s", err)
 		return
 	}
 
+	txx, err := utils.GetTransaction(payl.Data)
+	if err != nil {
+		t.Fatalf("GetTransaction failed, err %s", err)
+		return
+	}
+
+	act := txx.Actions
+
 	// expect one single action
 	if len(act) != 1 {
 		t.Fatalf("Ivalid number of TransactionAction, expected 1, got %d", len(act))
@@ -210,7 +218,7 @@ func TestBadTx(t *testing.T) {
 	corrupt(tx.Payload)
 
 	// validate the transaction it should fail
-	_, _, err = ValidateTransaction(tx)
+	_, err = ValidateTransaction(tx)
 	if err == nil {
 		t.Fatalf("ValidateTransaction should have failed")
 		return
@@ -227,7 +235,7 @@ func TestBadTx(t *testing.T) {
 	corrupt(tx.Signature)
 
 	// validate the transaction it should fail
-	_, _, err = ValidateTransaction(tx)
+	_, err = ValidateTransaction(tx)
 	if err == nil {
 		t.Fatalf("ValidateTransaction should have failed")
 		return
@@ -268,7 +276,7 @@ func Test2EndorsersAgree(t *testing.T) {
 	}
 
 	// validate the transaction
-	_, _, err = ValidateTransaction(tx)
+	_, err = ValidateTransaction(tx)
 	if err != nil {
 		t.Fatalf("ValidateTransaction failed, err %s", err)
 		return
@@ -315,7 +323,7 @@ var signerSerialized []byte
 func TestMain(m *testing.M) {
 	// setup crypto algorithms
 	// setup the MSP manager so that we can sign/verify
-	mspMgrConfigDir := "../../msp/sampleconfig/"
+	mspMgrConfigDir := "../../../msp/sampleconfig/"
 	err := mspmgmt.LoadFakeSetupWithLocalMspAndTestChainMsp(mspMgrConfigDir)
 	if err != nil {
 		fmt.Printf("Could not initialize msp, err %s", err)

core/peer/msgvalidation.go core/common/validation/msgvalidation.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package peer
+package validation
 
 import (
 	"fmt"
@@ -192,8 +192,6 @@ func validateChainHeader(cHdr *common.ChainHeader) error {
 
 	// TODO: validate epoch in cHdr.Epoch
 
-	// TODO: validate type in cHdr.Type
-
 	// TODO: validate version in cHdr.Version
 
 	return nil
@@ -218,125 +216,150 @@ func validateCommonHeader(hdr *common.Header) error {
 	return nil
 }
 
+// validateConfigTransaction validates the payload of a
+// transaction assuming its type is CONFIGURATION_TRANSACTION
+func validateConfigTransaction(data []byte, hdr *common.Header) error {
+	putilsLogger.Infof("validateConfigTransaction starts for data %p, header %s", data, hdr)
+
+	// check for nil argument
+	if data == nil || hdr == nil {
+		return fmt.Errorf("Nil arguments")
+	}
+
+	// if the type is CONFIGURATION_TRANSACTION we unmarshal a ConfigurationEnvelope message
+	ce, err := utils.GetConfigurationEnvelope(data)
+	if err != nil {
+		return fmt.Errorf("GetConfigurationEnvelope failed, err %s", err)
+	}
+
+	// check that we have at least one configuration item
+	if ce.Items == nil || len(ce.Items) == 0 {
+		return fmt.Errorf("At least one configuration item is necessary")
+	}
+
+	for _, item := range ce.Items {
+		if item.ConfigurationItem == nil {
+			return fmt.Errorf("ConfigurationItem cannot be nil")
+		}
+	}
+
+	return nil
+}
+
 // validateEndorserTransaction validates the payload of a
 // transaction assuming its type is ENDORSER_TRANSACTION
-func validateEndorserTransaction(data []byte, hdr *common.Header) ([]*pb.TransactionAction, error) {
+func validateEndorserTransaction(data []byte, hdr *common.Header) error {
 	putilsLogger.Infof("validateEndorserTransaction starts for data %p, header %s", data, hdr)
 
 	// check for nil argument
 	if data == nil || hdr == nil {
-		return nil, fmt.Errorf("Nil arguments")
+		return fmt.Errorf("Nil arguments")
 	}
 
 	// if the type is ENDORSER_TRANSACTION we unmarshal a Transaction message
 	tx, err := utils.GetTransaction(data)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	// check for nil argument
 	if tx == nil {
-		return nil, fmt.Errorf("Nil transaction")
+		return fmt.Errorf("Nil transaction")
 	}
 
 	// TODO: validate tx.Version
 
 	// TODO: validate ChaincodeHeaderExtension
 
 	if len(tx.Actions) == 0 {
-		return nil, fmt.Errorf("At least one TransactionAction is required")
+		return fmt.Errorf("At least one TransactionAction is required")
 	}
 
 	putilsLogger.Infof("validateEndorserTransaction info: there are %d actions", len(tx.Actions))
 
 	for _, act := range tx.Actions {
 		// check for nil argument
 		if act == nil {
-			return nil, fmt.Errorf("Nil action")
+			return fmt.Errorf("Nil action")
 		}
 
 		// if the type is ENDORSER_TRANSACTION we unmarshal a SignatureHeader
 		sHdr, err := utils.GetSignatureHeader(act.Header)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		// validate the SignatureHeader - here we actually only
 		// care about the nonce since the creator is in the outer header
 		err = validateSignatureHeader(sHdr)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		putilsLogger.Infof("validateEndorserTransaction info: signature header is valid")
 
 		// if the type is ENDORSER_TRANSACTION we unmarshal a ChaincodeActionPayload
 		cap, err := utils.GetChaincodeActionPayload(act.Payload)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		// extract the proposal response payload
 		prp, err := utils.GetProposalResponsePayload(cap.Action.ProposalResponsePayload)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		// build the original header by stitching together
 		// the common ChainHeader and the per-action SignatureHeader
 		hdrOrig := &common.Header{ChainHeader: hdr.ChainHeader, SignatureHeader: sHdr}
 		hdrBytes, err := utils.GetBytesHeader(hdrOrig) // FIXME: here we hope that hdrBytes will be the same one that the endorser had
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		// compute proposalHash
 		pHash, err := utils.GetProposalHash2(hdrBytes, cap.ChaincodeProposalPayload)
 		if err != nil {
-			return nil, err
+			return err
 		}
 
 		// ensure that the proposal hash matches
 		if bytes.Compare(pHash, prp.ProposalHash) != 0 {
-			return nil, fmt.Errorf("proposal hash does not match")
+			return fmt.Errorf("proposal hash does not match")
 		}
 	}
 
-	return tx.Actions, nil
+	return nil
 }
 
 // ValidateTransaction checks that the transaction envelope is properly formed
-func ValidateTransaction(e *common.Envelope) (*common.Payload, []*pb.TransactionAction, error) {
+func ValidateTransaction(e *common.Envelope) (*common.Payload, error) {
 	putilsLogger.Infof("ValidateTransactionEnvelope starts for envelope %p", e)
 
 	// check for nil argument
 	if e == nil {
-		return nil, nil, fmt.Errorf("Nil Envelope")
+		return nil, fmt.Errorf("Nil Envelope")
 	}
 
 	// get the payload from the envelope
 	payload, err := utils.GetPayload(e)
 	if err != nil {
-		return nil, nil, fmt.Errorf("Could not extract payload from envelope, err %s", err)
+		return nil, fmt.Errorf("Could not extract payload from envelope, err %s", err)
 	}
 
 	putilsLogger.Infof("Header is %s", payload.Header)
 
-	if common.HeaderType(payload.Header.ChainHeader.Type) == common.HeaderType_CONFIGURATION_TRANSACTION {
-		putilsLogger.Warningf("Skipping common.HeaderType_CONFIGURATION_TRANSACTION validation pending JIRA-1639\n")
-		return payload, nil, nil
-	}
-
 	// validate the header
 	err = validateCommonHeader(payload.Header)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	// validate the signature in the envelope
 	err = checkSignatureFromCreator(payload.Header.SignatureHeader.Creator, e.Signature, e.Payload, payload.Header.ChainHeader.ChainID)
 	if err != nil {
-		return nil, nil, err
+		return nil, err
 	}
 
 	// TODO: ensure that creator can transact with us (some ACLs?) which set of APIs is supposed to give us this info?
@@ -346,10 +369,14 @@ func ValidateTransaction(e *common.Envelope) (*common.Payload, []*pb.Transaction
 	// continue the validation in a way that depends on the type specified in the header
 	switch common.HeaderType(payload.Header.ChainHeader.Type) {
 	case common.HeaderType_ENDORSER_TRANSACTION:
-		rv, err := validateEndorserTransaction(payload.Data, payload.Header)
-		putilsLogger.Infof("ValidateTransactionEnvelope returns %p, err %s", rv, err)
-		return payload, rv, err
+		err = validateEndorserTransaction(payload.Data, payload.Header)
+		putilsLogger.Infof("ValidateTransactionEnvelope returns err %s", err)
+		return payload, err
+	case common.HeaderType_CONFIGURATION_TRANSACTION:
+		err = validateConfigTransaction(payload.Data, payload.Header)
+		putilsLogger.Infof("ValidateTransactionEnvelope returns err %s", err)
+		return payload, err
 	default:
-		return nil, nil, fmt.Errorf("Unsupported transaction payload type %d", common.HeaderType(payload.Header.ChainHeader.Type))
+		return nil, fmt.Errorf("Unsupported transaction payload type %d", common.HeaderType(payload.Header.ChainHeader.Type))
 	}
 }

core/deliverservice/client.go

@@ -22,8 +22,6 @@ import (
 
 	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric/core/committer"
-	"github.com/hyperledger/fabric/core/committer/txvalidator"
-	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/events/producer"
 	gossipcommon "github.com/hyperledger/fabric/gossip/common"
 	gossip_proto "github.com/hyperledger/fabric/gossip/proto"
@@ -208,12 +206,6 @@ func (d *DeliverService) readUntilClose() {
 		case *orderer.DeliverResponse_Block:
 			seqNum := t.Block.Header.Number
 
-			// Create new transactions validator
-			validator := txvalidator.NewTxValidator(peer.GetLedger(d.chainID))
-			// Validate and mark invalid transactions
-			logger.Debug("Validating block, chainID", d.chainID)
-			validator.Validate(t.Block)
-
 			numberOfPeers := len(service.GetGossipService().PeersOfChannel(gossipcommon.ChainID(d.chainID)))
 			// Create payload with a block received
 			payload := createPayload(seqNum, t.Block)

core/endorser/endorser.go

@@ -25,6 +25,7 @@ import (
 
 	"github.com/hyperledger/fabric/common/util"
 	"github.com/hyperledger/fabric/core/chaincode"
+	"github.com/hyperledger/fabric/core/common/validation"
 	"github.com/hyperledger/fabric/core/ledger"
 	"github.com/hyperledger/fabric/core/peer"
 	"github.com/hyperledger/fabric/msp"
@@ -280,7 +281,7 @@ func (e *Endorser) endorseProposal(ctx context.Context, chainID string, txid str
 // ProcessProposal process the Proposal
 func (e *Endorser) ProcessProposal(ctx context.Context, signedProp *pb.SignedProposal) (*pb.ProposalResponse, error) {
 	// at first, we check whether the message is valid
-	prop, _, hdrExt, err := peer.ValidateProposalMessage(signedProp)
+	prop, _, hdrExt, err := validation.ValidateProposalMessage(signedProp)
 	if err != nil {
 		return &pb.ProposalResponse{Response: &pb.Response{Status: 500, Message: err.Error()}}, err
 	}

core/mocks/ccprovider/ccprovider.go

@@ -0,0 +1,50 @@
+package ccprovider
+
+import (
+	"context"
+
+	"github.com/hyperledger/fabric/core/common/ccprovider"
+	"github.com/hyperledger/fabric/core/ledger"
+	"github.com/hyperledger/fabric/protos/peer"
+)
+
+// MockCcProviderFactory is a factory that returns
+// mock implementations of the ccprovider.ChaincodeProvider interface
+type MockCcProviderFactory struct {
+}
+
+// NewChaincodeProvider returns a mock implementation of the ccprovider.ChaincodeProvider interface
+func (c *MockCcProviderFactory) NewChaincodeProvider() ccprovider.ChaincodeProvider {
+	return &mockCcProviderImpl{}
+}
+
+// mockCcProviderImpl is a mock implementation of the chaincode provider
+type mockCcProviderImpl struct {
+}
+
+type mockCcProviderContextImpl struct {
+}
+
+// GetContext does nothing
+func (c *mockCcProviderImpl) GetContext(ledger ledger.ValidatedLedger) (context.Context, error) {
+	return nil, nil
+}
+
+// GetCCContext does nothing
+func (c *mockCcProviderImpl) GetCCContext(cid, name, version, txid string, syscc bool, prop *peer.Proposal) interface{} {
+	return &mockCcProviderContextImpl{}
+}
+
+// GetVSCCFromLCCC does nothing
+func (c *mockCcProviderImpl) GetVSCCFromLCCC(ctxt context.Context, txid string, prop *peer.Proposal, chainID string, chaincodeID string) (string, error) {
+	return "vscc", nil
+}
+
+// ExecuteChaincode does nothing
+func (c *mockCcProviderImpl) ExecuteChaincode(ctxt context.Context, cccid interface{}, args [][]byte) ([]byte, *peer.ChaincodeEvent, error) {
+	return nil, nil, nil
+}
+
+// ReleaseContext does nothing
+func (c *mockCcProviderImpl) ReleaseContext() {
+}

core/mocks/validator/validator.go

@@ -0,0 +1,20 @@
+package validator
+
+import "github.com/hyperledger/fabric/protos/common"
+
+// MockValidator implements a mock validation useful for testing
+type MockValidator struct {
+}
+
+// Validate does nothing
+func (m *MockValidator) Validate(block *common.Block) {
+}
+
+// MockVsccValidator is a mock implementation of the VSCC validation interface
+type MockVsccValidator struct {
+}
+
+// VSCCValidateTx does nothing
+func (v *MockVsccValidator) VSCCValidateTx(payload *common.Payload, envBytes []byte) error {
+	return nil
+}

core/peer/peer.go

@@ -29,6 +29,7 @@ import (
 
 	"github.com/hyperledger/fabric/core/comm"
 	"github.com/hyperledger/fabric/core/committer"
+	"github.com/hyperledger/fabric/core/committer/txvalidator"
 	"github.com/hyperledger/fabric/core/ledger"
 	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
 	"github.com/hyperledger/fabric/core/peer/msp"
@@ -144,7 +145,7 @@ func getCurrConfigBlockFromLedger(ledger ledger.ValidatedLedger) (*common.Block,
 
 // createChain creates a new chain object and insert it into the chains
 func createChain(cid string, ledger ledger.ValidatedLedger, cb *common.Block) error {
-	c := committer.NewLedgerCommitter(ledger)
+	c := committer.NewLedgerCommitter(ledger, txvalidator.NewTxValidator(ledger))
 
 	mgr, err := mspmgmt.GetMSPManagerFromBlock(cid, cb)
 	if err != nil {

core/peer/peer_test.go

@@ -27,12 +27,17 @@ import (
 	"google.golang.org/grpc"
 
 	configtxtest "github.com/hyperledger/fabric/common/configtx/test"
+	ccp "github.com/hyperledger/fabric/core/common/ccprovider"
+	"github.com/hyperledger/fabric/core/mocks/ccprovider"
 	"github.com/hyperledger/fabric/gossip/service"
 )
 
 func TestInitialize(t *testing.T) {
 	viper.Set("peer.fileSystemPath", "/var/hyperledger/test/")
 
+	// we mock this because we can't import the chaincode package lest we create an import cycle
+	ccp.RegisterChaincodeProviderFactory(&ccprovider.MockCcProviderFactory{})
+
 	Initialize(nil)
 }
 

core/system_chaincode/escc/endorser_onevalidsignature_test.go

@@ -25,7 +25,7 @@ import (
 
 	"github.com/hyperledger/fabric/common/util"
 	"github.com/hyperledger/fabric/core/chaincode/shim"
-	"github.com/hyperledger/fabric/core/peer"
+	"github.com/hyperledger/fabric/core/common/validation"
 	"github.com/hyperledger/fabric/core/peer/msp"
 	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
@@ -266,7 +266,7 @@ func validateProposalResponse(prBytes []byte, proposal *pb.Proposal, visibility
 	}
 
 	// validate the transaction
-	_, _, err = peer.ValidateTransaction(tx)
+	_, err = validation.ValidateTransaction(tx)
 	if err != nil {
 		return err
 	}

gossip/state/state_test.go

@@ -28,6 +28,7 @@ import (
 	"github.com/hyperledger/fabric/common/util"
 	"github.com/hyperledger/fabric/core/committer"
 	"github.com/hyperledger/fabric/core/ledger/ledgermgmt"
+	"github.com/hyperledger/fabric/core/mocks/validator"
 	"github.com/hyperledger/fabric/gossip/api"
 	"github.com/hyperledger/fabric/gossip/comm"
 	"github.com/hyperledger/fabric/gossip/common"
@@ -162,7 +163,7 @@ func newGossipInstance(config *gossip.Config) gossip.Gossip {
 // Create new instance of KVLedger to be used for testing
 func newCommitter(id int) committer.Committer {
 	ledger, _ := ledgermgmt.CreateLedger(strconv.Itoa(id))
-	return committer.NewLedgerCommitter(ledger)
+	return committer.NewLedgerCommitter(ledger, &validator.MockValidator{})
 }
 
 // Constructing pseudo peer node, simulating only gossip and state transfer part

orderer/multichain/manager_test.go

@@ -30,7 +30,9 @@ import (
 	ab "github.com/hyperledger/fabric/protos/orderer"
 	"github.com/hyperledger/fabric/protos/utils"
 
+	"github.com/hyperledger/fabric/msp"
 	logging "github.com/op/go-logging"
+	"github.com/stretchr/testify/assert"
 )
 
 var conf *config.TopLevel
@@ -197,8 +199,11 @@ func TestNewChain(t *testing.T) {
 	items := generator.TemplateItems()
 	simpleTemplate := configtx.NewSimpleTemplate(items...)
 
+	signer, err := msp.NewNoopMsp().GetDefaultSigningIdentity()
+	assert.NoError(t, err)
+
 	newChainID := "TestNewChain"
-	newChainMessage, err := configtx.MakeChainCreationTransaction(provisional.AcceptAllPolicyKey, newChainID, simpleTemplate)
+	newChainMessage, err := configtx.MakeChainCreationTransaction(provisional.AcceptAllPolicyKey, newChainID, signer, simpleTemplate)
 	if err != nil {
 		t.Fatalf("Error producing configuration transaction: %s", err)
 	}

orderer/sample_clients/broadcast_config/newchain.go

@@ -18,6 +18,7 @@ package main
 
 import (
 	"github.com/hyperledger/fabric/common/configtx"
+	"github.com/hyperledger/fabric/msp"
 	"github.com/hyperledger/fabric/orderer/common/bootstrap/provisional"
 	cb "github.com/hyperledger/fabric/protos/common"
 )
@@ -28,7 +29,12 @@ func newChainRequest(consensusType, creationPolicy, newChainID string) *cb.Envel
 	items := generator.TemplateItems()
 	simpleTemplate := configtx.NewSimpleTemplate(items...)
 
-	env, err := configtx.MakeChainCreationTransaction(creationPolicy, newChainID, simpleTemplate)
+	signer, err := msp.NewNoopMsp().GetDefaultSigningIdentity()
+	if err != nil {
+		panic(err)
+	}
+
+	env, err := configtx.MakeChainCreationTransaction(creationPolicy, newChainID, signer, simpleTemplate)
 	if err != nil {
 		panic(err)
 	}

peer/channel/create.go

@@ -27,6 +27,7 @@ import (
 	"github.com/hyperledger/fabric/protos/utils"
 
 	"github.com/golang/protobuf/proto"
+	"github.com/hyperledger/fabric/core/peer/msp"
 	"github.com/spf13/cobra"
 )
 
@@ -51,7 +52,12 @@ func sendCreateChainTransaction(cf *ChannelCmdFactory) error {
 
 	chCrtTemp := configtx.NewCompositeTemplate(oTemplate, mspcfg)
 
-	chCrtEnv, err := configtx.MakeChainCreationTransaction(provisional.AcceptAllPolicyKey, chainID, chCrtTemp)
+	signer, err := mspmgmt.GetLocalMSP().GetDefaultSigningIdentity()
+	if err != nil {
+		return err
+	}
+
+	chCrtEnv, err := configtx.MakeChainCreationTransaction(provisional.AcceptAllPolicyKey, chainID, signer, chCrtTemp)
 
 	if err != nil {
 		return err

protos/utils/proputils.go

@@ -131,6 +131,17 @@ func GetPayload(e *common.Envelope) (*common.Payload, error) {
 	return payload, nil
 }
 
+// GetConfigurationEnvelope returns a ConfigurationEnvelope from bytes
+func GetConfigurationEnvelope(bytes []byte) (*common.ConfigurationEnvelope, error) {
+	ce := &common.ConfigurationEnvelope{}
+	err := proto.Unmarshal(bytes, ce)
+	if err != nil {
+		return nil, err
+	}
+
+	return ce, nil
+}
+
 // GetTransaction Get Transaction from bytes
 func GetTransaction(txBytes []byte) (*peer.Transaction, error) {
 	tx := &peer.Transaction{}