epistemophiliac/fabric-samples
1
0
Fork 0
mirror of https://github.com/hyperledger/fabric-samples.git synced 2026-06-17 15:35:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rename marbles_transfer to asset-transfer-secured-agreement

Browse source 
- Rename marbles_transfer to a more generic and streamlined asset
- Move sample to new directory
- Remove TODO for marbles by size query

Signed-off-by: Tiffany Harris <tiffany.harris@ibm.com>
This commit is contained in:
Tiffany Harris 2020-06-09 13:59:08 -04:00 committed by denyeart
parent a228b16364
commit 82eaaad954
10 changed files with 491 additions and 495 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

342
asset-transfer-secured-agreement/README.md Normal file
View file

@ -0,0 +1,342 @@
# Secured private asset transfer scenario
The private asset transfer smart contract demonstrates how an asset can be represented and traded between organizations in a Hyperledger Fabric blockchain channel, while keeping details of the asset and transaction private.
Each on-chain asset is a non-fungible token (NFT) that represents a specific asset having certain immutable metadata properties (such as size and color) with a unique owner. When the owner wants to sell the asset, both parties need to agree to the same price before the asset is transferred. The private asset transfer smart contract enforces that only the owner of the asset can transfer the asset. In the course of this tutorial, you will learn how Fabric features such as state based endorsement, private data, and access control come together to provide secured transactions that are both private and verifiable.
## Scenario requirements
The private asset transfer scenario is bound by the following requirements:
- A asset may be issued by the first owner's organization (in the real world issuance may be restricted to some authority that certifies a asset's properties).
- Ownership is managed at the organization level (the Fabric permissioning scheme would equally support ownership at an individual identity level within an organization).
- The asset identifier and owner is stored as public channel data for all channel members to see.
- The asset metadata properties however are private information known only to the asset owner (and prior owners).
- An interested buyer will want to verify a asset's private properties.
- An interested buyer will want to verify a asset's provenance, specifically the asset's origin and chain of custody. They will also want to verify that the asset has not changed since issuance, and that all prior transfers have been legitimate.
- To transfer a asset, a buyer and seller must first agree on a sales price.
- Only the current owner may transfer their asset to another organization.
- The actual private asset transfer must verify that the legitimate asset is being transferred, and verify that the price has been agreed to. Both buyer and seller must endorse the transfer.
## How privacy is maintained
The smart contract uses the following techniques to ensure that the asset properties remain private:
- The asset metadata properties are stored in the current owning organization's implicit private data collection on the organization's peers only. Each organization on a Fabric channel has a private data collection that their own organization can use. This collection is *implicit* because it does not need to be explicitly defined in the chaincode.
- Although a hash of the private properties is automatically stored on-chain for all channel members to see, a random salt is included in the private properties so that other channel members cannot guess the private data preimage through a dictionary attack.
- Smart contract requests utilize the transient field for private data so that private data does not get included in the final on-chain transaction.
- Private data queries must originate from a client whose org id matches the peer's org id, which must be the same as the asset owner's org id.
## How the transfer is implemented
Before we start using the private asset transfer smart contract we will provide an overview of the transaction flow and how Fabric features are used to protect the asset created on the blockchain:
**Step 1: Creating the asset**
The private asset transfer smart contract is deployed with an endorsement policy that requires an endorsement from any channel member. This allows any organization to create a asset that they own without requiring an endorsement from other channel members. The creation of the asset is the only transaction that uses the chaincode level endorsement policy. Transactions that update or transfer existing assets will be governed by state based endorsement policies or the endorsement policies of private data collections. Note that in other scenarios, you may want an issuing authority to also endorse create transactions.
The smart contract uses the following Fabric features to ensure that the asset can only be updated or transferred by the organization that owns the asset:
- When the asset is created, the smart contract gets the MSP ID of the organization that submitted the request, and stores the MSP ID as the owner in the asset key/value in the public chaincode world state. Subsequent smart contract requests to update or transfer the asset will use access control logic to verify that the requesting client is from the same organization. Note that in other scenarios, the ownership could be based on a specific client identity within an organization, rather than an organization itself.
- Also when the asset is created, the smart contract sets a state based endorsement policy for the asset key. The state based policy specifies that a peer from the organization that owns the asset must endorse a subsequent request to update or transfer the asset. This prevents any other organization from updating or transferring the asset using a smart contract that has been maliciously altered on their own peers.
**Step 2: Agreeing to the transfer.**
After a asset is created, channel members can use the smart contract to agree to transfer the asset:
- The owner of the asset can change the description in the public ownership record, for example to advertise that the asset is for sale. Smart contract access control enforces that this change needs to be submitted from a member of the asset owner organization. The state based endorsement policy enforces that this description change must be endorsed by a peer from the owner's organization.
<!--
- Interested buyers can ask the current owner for the private details, and then verify those details against the on-chain hash on their own trusted peer.
- An interested buyer can query the history of the public key. The response includes all transactions that updated the key. Each of those transactions can be inspected to verify the asset's origination, the chain of custody, and that the asset private details hash has not changed since issuance.
-->
The asset owner and the asset buyer agree to transfer the asset for a certain price:
- The price agreed to by the buyer and the seller is stored in each organization's implicit private data collection. The private data collection keeps the agreed price secret from other members of the channel. The endorsement policy of the private data collection ensures that the respective organization's peer endorsed the price agreement, and the smart contract access control logic ensures that the price agreement was submitted by a client of the associated organization.
- A hash of each price agreement is stored on the ledger. The two hashes will match only if the two organizations have agreed to the same price. This allows the organizations to verify that they have come to agreement on the transfer details before the transfer takes place. A random trade id is added to the price agreement, which serves as a *salt* to ensure that other channel members can not use the hash on the ledger to guess the price.
**Step 3: Transferring the asset**
After the two organizations have agreed to the same price, the asset owner can use the transfer function to transfer the asset to the buyer:
- Smart contract access control ensures that the transfer must be initiated by a member of the organization that owns the asset.
- The transfer function verifies that the asset details passed to the transfer function matches the on chain hash, to ensure that the asset owner is *selling* the same asset that they own.
- The transfer function uses the hash of the price agreement on the ledger to ensure that both organizations have agreed to the same price.
- If the transfer conditions are met, the transfer function adds the asset to the implicit private data collection of the buyer, and deletes the asset from the collection of the seller. The transfer also updates the owner in the public ownership record.
- Because of the endorsement policies of the seller and buyer implicit data collections, and the state based endorsement policy of the public record (requiring the seller to endorse), the transfer needs to be endorsed by peers from both buyer and seller.
- The state based endorsement policy of the public asset record is updated so that only a peer of the new owner of the asset can update or sell their new asset.
## Running the private asset transfer smart contract
You can use the Fabric test network to run the private asset transfer smart contract. The test network contains two peer organizations, Org1 and Org1, that operate one peer each. In this tutorial, we will deploy the smart contract to a channel of the test network joined by both organizations. We will first create a asset that is owned by Org1. After the two organizations agree on a asset price, we will transfer the asset from Org1 to Org2.
## Deploy the test network
We need to deploy an instance of the Fabric test network to run the smart contract. Open a command terminal and navigate to test network directory in your local clone of the `fabric-samples`. We will operate from the `test-network` directory for the remainder of the tutorial.
```
cd fabric-samples/test-network
```
You can then deploy the network with the following command:
```
./network.sh up createChannel
```
The script will deploy the nodes of the network create a single channel named `mychannel` with Org1 and Org2 as channel members. We will use this channel to deploy the smart contract and trade our asset.
### Set the environment variables to operate as Org1
In the course of running this sample, you need to interact with the network as both Org1 and Org2. To make the tutorial easier to use, we will use separate terminals for each organization. Open a new terminal and make sure that you are operating from the `test-network` directory. Set the following environment variables to operate the `peer` CLI as the Org1 admin:
```
export PATH=${PWD}/../bin:${PWD}:$PATH
export FABRIC_CFG_PATH=$PWD/../config/
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:7051
```
The environment variables also specify the endpoint information of the Org1 peer to submit requests.
### Set the environment variables to operate as Org2
Now that we have one terminal that we can operate as Org1, open a new terminal for Org2. Make sure that this terminal is also operating from the `test-network` directory. Set the following environment variables to operate as the Org2 admin:
```
export PATH=${PWD}/../bin:${PWD}:$PATH
export FABRIC_CFG_PATH=$PWD/../config/
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:9051
```
You will need switch between the two terminals as you go through the tutorial.
## Deploy the chaincode
Now that we can operate as both organizations, we need install the private asset transfer smart contract on the peers of Org1 and Org2, and deploy the chaincode to the channel approving and committing the chaincode definition.
### Install and approve the chaincode as Org1
Open the Org1 terminal. Run the following command to package the private asset transfer chaincode:
```
peer lifecycle chaincode package assets_transfer.tar.gz --path ../asset-transfer-secured-agreement --lang golang --label assets_transfer_1
```
The command creates a chaincode package named `assets_transfer.tar.gz`. We can now install this package on the Org1 peer:
```
peer lifecycle chaincode install assets_transfer.tar.gz
```
You will need the chaincode package ID in order to approve the chaincode definition. You can find the package ID by querying your peer:
```
peer lifecycle chaincode queryinstalled
```
Save the package ID as an environment variable. The package ID will not be the same for all users, so need to use the result that was returned by the previous command:
```
export PACKAGE_ID=assets_transfer_1:2a585633baa0a6ba0019965ac40d6f188194c50df1015010b080ef6ba426d266
```
You can now approve the chaincode as Org1:
```
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name assets_transfer --version 1 --package-id $PACKAGE_ID --sequence 1 --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --signature-policy "OR('Org1MSP.peer','Org2MSP.peer')"
```
Note we are approving a chaincode endorsement policy of `"OR('Org1MSP.peer','Org2MSP.peer')"`. This allows either organization to create a asset without receiving an endorsement from the other organization.
### Install and approve the chaincode as Org2
We can now install and approve the chaincode as Org2. Open the Org2 terminal. Because the chaincode is already packaged on our local machine, we can go ahead and install the chaincode on the Org2 peer:`
```
peer lifecycle chaincode install assets_transfer.tar.gz
```
Query the package ID of the chaincode:
```
peer lifecycle chaincode queryinstalled
```
Save the result of the command as an environment variable in the Org2 command window:
```
export PACKAGE_ID=assets_transfer_1:2a585633baa0a6ba0019965ac40d6f188194c50df1015010b080ef6ba426d266
```
We can now approve the chaincode as the Org2 admin:
```
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name assets_transfer --version 1 --package-id $PACKAGE_ID --sequence 1 --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --signature-policy "OR('Org1MSP.peer','Org2MSP.peer')"
```
Now that a majority (2 out of 2) of channel members have approved the chaincode definition, Org2 can commit the chaincode definition to deploy the chaincode to the channel:
```
peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name assets_transfer --version 1 --sequence 1 --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --signature-policy "OR('Org1MSP.peer','Org2MSP.peer')"
```
We are now ready use the private asset transfer smart contract.
## Create a asset
Any channel member can use the smart contract to create a asset that is owned by their organization. The details of the asset will be stored in a private data collection, and can only accessed by the organization that owns the asset. A public record of the asset, its owner, and a public description is stored on the channel ledger. Any channel member can access the public ownership record to see who owns the asset, and can read the description to see if the asset is for sale.
### Operate from the Org1 terminal
Before we create the asset, we need to specify the details of what our asset will be. Issue the following command to create a JSON that will describe the asset. The `"salt"` parameter is a random string that would prevent another member of the channel from guessing the asset using the hash on the ledger. If there was no salt, a user could theoretically guess asset parameters until the hash of the of the guess and the hash on the ledger matched (this is known as a dictionary attack). This string is encoded in Base64 format so that it can be passed to the creation transaction as transient data.
```
export asset_PROPERTIES=$(echo -n "{\"object_type\":\"asset_properties\",\"asset_id\":\"asset1\",\"color\":\"blue\",\"size\":35,\"salt\":\"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3\"}" | base64 | tr -d \\n)
```
We can now use the following command to create a asset that belongs to Org1:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"IssueAsset","Args":["asset1"]}' --transient "{\"asset_properties\":\"$asset_PROPERTIES\"}"
```
We can can query the Org1 implicit data collection to see the asset that was created:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAssetPrivateProperties","Args":["asset1"]}'
```
When successful, the command will return the following result:
```
{"object_type":"asset_properties","asset_id":"asset1","color":"blue","size":35,"salt":"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"}
```
We can also query the ledger to see the public ownership record:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAsset","Args":["asset1"]}'
```
The command will return the record that the asset1 is owned by Org1:
```
{"object_type":"asset","asset_id":"asset1","owner_org":"Org1MSP","public_description":"A new asset for Org1MSP"}
```
Because the market for assets is hot, Org1 wants to flip this asset and put it up for sale. As the asset owner, Org1 can update the public description to advertise that the asset is for sale. Run the following command to change the asset description:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"ChangePublicDescription","Args":["asset1","This asset is for sale"]}'
```
Query the ledger again to see the updated description:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAsset","Args":["asset1"]}'
```
We can now see that the asset is for sale:
```
{"object_type":"asset","asset_id":"asset1","owner_org":"Org1MSP","public_description":"This asset is for sale"}
```
![Org1 creates a asset](images/transfer_assets_1.png)
*Figure 1: When Org1 creates a asset that they own, the asset details are stored in the Org1 implicit data collection on the Org1 peer. The public ownership record is stored in the channel world state, and is stored on both the Org1 and Org2 peers. A hash of the asset key and a hash the asset details are also visible in the channel world state and are stored on the peers of both organizations.*
### Operate from the Org2 terminal
If we operate from the Org2 terminal, we can use the smart contract query the public asset data:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAsset","Args":["asset1"]}'
```
From this query, Org2 learns that asset1 is for sale:
```
{"object_type":"asset","asset_id":"asset1","owner_org":"Org1MSP","public_description":"This asset is for sale"}
```
Any changes to the public description of the asset owned by Org1 needs to be endorsed by Org1. The endorsement policy is reinforced by an access control policy within the chaincode that any updated need to be submitted by the organization that owns the asset. Lets see what happens if Org2 tried to change the public description as a prank:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"ChangePublicDescription","Args":["asset1","the worst asset"]}'
```
The smart contract does not allow Org2 to access the public description of the asset.
```
Error: endorsement failure during invoke. response: status:500 message:"a client from Org2MSP cannot update the description of a asset owned by Org1MSP"
```
## Agree to sell the asset
To sell a asset, both the buyer and the seller must agree on a asset price. Each party stores the price that they agree to in their own private data collection. The private asset transfer smart contract enforces that both parties need to agree to the same price before the asset can be transferred.
## Agree to sell as Org1
Operate from the Org1 terminal. Org1 will agree to set the asset price as 110 dollars. The `trade_id` is used as salt to prevent a channel member that is not a buyer or a seller from guessing the price. This value needs to be passed out of band, through email or other communication, between the buyer and the seller. The buyer and the seller can also add salt to the asset key to prevent other members of the channel from guessing which asset is for sale.
```
export asset_PRICE=$(echo -n "{\"asset_id\":\"asset1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":110}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"AgreeToSell","Args":["asset1"]}' --transient "{\"asset_price\":\"$asset_PRICE\"}"
```
We can query the Org1 private data collection to read the agreed to selling price:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAssetSalesPrice","Args":["asset1"]}'
```
## Agree to buy as Org2
Operate from the Org2 terminal. Run the following command to verify the asset properties before agreeing to buy. The asset properties and salt would be passed out of band, through email or other communication, between the buyer and seller.
```
export asset_PROPERTIES=$(echo -n "{\"object_type\":\"asset_properties\",\"asset_id\":\"asset1\",\"color\":\"blue\",\"size\":35,\"salt\":\"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3\"}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"VerifyAssetProperties","Args":["asset1"]}' --transient "{\"asset_properties\":\"$asset_PROPERTIES\"}"
```
Run the following command to agree to buy asset1 for 100 dollars. As of now, Org2 will agree to a different price than Org2. Don't worry, the two organizations will agree to the same price in a future step. However, we we can use this temporary disagreement as a test of what happens if the buyer and the seller agree to a different price. Org2 needs to use the same `trade_id` as Org1.
```
export asset_PRICE=$(echo -n "{\"asset_id\":\"asset1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":100}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"AgreeToBuy","Args":["asset1"]}' --transient "{\"asset_price\":\"$asset_PRICE\"}"
```
You can read the agreed purchase price from the Org2 implicit data collection:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAssetBidPrice","Args":["asset1"]}'
```
![Org1 and Org2 agree on transfer](images/transfer_assets_2.png)
*Figure 2: After Org1 and Org2 agree to transfer the asset, the price agreed to by each organization is stored in their private data collections. A composite key for the seller and the buyer is used to prevent a collision with the asset details and asset ownership record. The price that is agreed to is only stored on the peers of each organization. However, the hash of both agreements is stored in the channel world state on every peer joined to the channel.*
## Transfer the asset from to Org2
After both organizations have agreed to their price, Org1 can attempt to transfer the asset to Org2. The private asset transfer function in the smart contract uses the hash on the ledger to check that both organizations have agreed to the same price. The function will also use the hash of the private asset details to check that the asset that is transferred is the same asset that Org1 owns.
### Transfer the asset as Org1
Operate from the Org1 terminal. The owner of the asset needs to initiate the transfer. Note that the command below uses the `--peerAddresses` flag to target the peers of both Org1 and Org2. Both organizations need to endorse the transfer.
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"TransferAsset","Args":["asset1","Org2MSP"]}' --transient "{\"asset_properties\":\"$asset_PROPERTIES\",\"asset_price\":\"$asset_PRICE\"}" --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
```
Because the two organizations have not agreed to the same price, the transfer cannot be completed:
```
Error: endorsement failure during invoke. response: status:500 message:"failed transfer verification: hash cf74b8ce092b637bd28f98f7cdd490534c102a0665e7c985d4f2ab9810e30b1c for passed price JSON {\"asset_id\":\"asset1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":110} does not match on-chain hash 09341dbb39e81fb50ccb3a81770254525318f777fad217ae49777487116cceb4, buyer hasn't agreed to the passed trade id and price"
```
As a result, Org1 and Org2 come to a new agreement on the price at which the asset will be purchased. Org1 drops the price of the asset to 100:
```
export asset_PRICE=$(echo -n "{\"asset_id\":\"asset1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":100}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"AgreeToSell","Args":["asset1"]}' --transient "{\"asset_price\":\"$asset_PRICE\"}"
```
Now that the buyer and seller have agreed to the same price, Org1 can transfer the asset to Org2.
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"TransferAsset","Args":["asset1","Org2MSP"]}' --transient "{\"asset_properties\":\"$asset_PROPERTIES\",\"asset_price\":\"$asset_PRICE\"}" --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
```
You can query the asset ownership record to verify that the transfer was successful.
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAsset","Args":["asset1"]}'
```
The record now lists Org2 as the asset owner:
```
{"object_type":"asset","asset_id":"asset1","owner_org":"Org2MSP","public_description":"This asset is for sale"}
```
![Org1 transfers the asset to Org2](images/transfer_assets_3.png)
*Figure 3: After the asset is transferred, the asset details are placed in the Org2 implicit data collection and deleted from the Org1 implicit data collection. As a result, the asset details are now only stored on the Org2 peer. The asset ownership record on the ledger is updated to reflect that the asset is owned by Org1.*
### Update the asset description as Org2
Operate from the Org2 terminal. Now that Org2 owns the asset, we can read the asset details from the Org2 implicit data collection:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAssetPrivateProperties","Args":["asset1"]}'
```
Org2 can now update the asset public description:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"ChangePublicDescription","Args":["asset1","This asset is not for sale"]}'
```
Query the ledger to verify that the asset is no longer for sale:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n assets_transfer -c '{"function":"GetAsset","Args":["asset1"]}'
```
## Clean up
When you are finished transferring assets, you can bring down the test network. The command will remove all the nodes of the test network, and delete any ledger data that you created:
```
./network.sh down
```

230
chaincode/marbles_transfer/marbles_transfer.go → asset-transfer-secured-agreement/asset_transfer.go
View file

@ -32,20 +32,20 @@ import (
)
const (
typeMarbleForSale = "S"
typeMarbleBid = "B"
typeMarbleSaleReceipt = "SR"
typeMarbleBuyReceipt = "BR"
typeAssetForSale = "S"
typeAssetBid = "B"
typeAssetSaleReceipt = "SR"
typeAssetBuyReceipt = "BR"
)
type SmartContract struct {
contractapi.Contract
}
// Marble struct and properties must be exported (start with capitals) to work with contract api metadata
type Marble struct {
// Asset struct and properties must be exported (start with capitals) to work with contract api metadata
type Asset struct {
ObjectType string `json:"object_type"` // ObjectType is used to distinguish different object types in the same chaincode namespace
ID string `json:"marble_id"`
ID string `json:"asset_id"`
OwnerOrg string `json:"owner_org"`
PublicDescription string `json:"public_description"`
}
@ -55,18 +55,18 @@ type receipt struct {
timestamp time.Time
}
// IssueAsset creates a marble and sets it as owned by the client's org
func (s *SmartContract) IssueAsset(ctx contractapi.TransactionContextInterface, marbleID string) error {
// IssueAsset creates a asset and sets it as owned by the client's org
func (s *SmartContract) IssueAsset(ctx contractapi.TransactionContextInterface, assetID string) error {
transMap, err := ctx.GetStub().GetTransient()
if err != nil {
return fmt.Errorf("Error getting transient: " + err.Error())
}
// Marble properties are private, therefore they get passed in transient field
immutablePropertiesJSON, ok := transMap["marble_properties"]
// Asset properties are private, therefore they get passed in transient field
immutablePropertiesJSON, ok := transMap["asset_properties"]
if !ok {
return fmt.Errorf("marble_properties key not found in the transient map")
return fmt.Errorf("asset_properties key not found in the transient map")
}
// Get client org id and verify it matches peer org id.
@ -76,75 +76,75 @@ func (s *SmartContract) IssueAsset(ctx contractapi.TransactionContextInterface,
return fmt.Errorf("failed to get verified OrgID: %s", err.Error())
}
// Create and persit marble
// Create and persit asset
marble := Marble{
ObjectType: "marble",
ID: marbleID,
asset := Asset{
ObjectType: "asset",
ID: assetID,
OwnerOrg: clientOrgID,
PublicDescription: "A new marble for " + clientOrgID,
PublicDescription: "A new asset for " + clientOrgID,
}
marbleJSON, err := json.Marshal(marble)
assetJSON, err := json.Marshal(asset)
if err != nil {
return fmt.Errorf("failed to create marble JSON: %s", err.Error())
return fmt.Errorf("failed to create asset JSON: %s", err.Error())
}
err = ctx.GetStub().PutState(marble.ID, marbleJSON)
err = ctx.GetStub().PutState(asset.ID, assetJSON)
if err != nil {
return fmt.Errorf("failed to put Marble in public data: %s", err.Error())
return fmt.Errorf("failed to put Asset in public data: %s", err.Error())
}
// Set the endorsement policy such that an owner org peer is required to endorse future updates
err = setMarbleStateBasedEndorsement(ctx, marble.ID, clientOrgID)
err = setAssetStateBasedEndorsement(ctx, asset.ID, clientOrgID)
if err != nil {
return fmt.Errorf("failed setting state based endorsement for owner: %s", err.Error())
}
// Persist private immutable marble properties to owner's private data collection
// Persist private immutable asset properties to owner's private data collection
collection := buildCollectionName(clientOrgID)
err = ctx.GetStub().PutPrivateData(collection, marble.ID, []byte(immutablePropertiesJSON))
err = ctx.GetStub().PutPrivateData(collection, asset.ID, []byte(immutablePropertiesJSON))
if err != nil {
return fmt.Errorf("failed to put Marble private details: %s", err.Error())
return fmt.Errorf("failed to put Asset private details: %s", err.Error())
}
return nil
}
// ChangePublicDescription updates the marble public description. Only the current owner can update the public description
func (s *SmartContract) ChangePublicDescription(ctx contractapi.TransactionContextInterface, marbleID string, newDescription string) error {
// ChangePublicDescription updates the asset public description. Only the current owner can update the public description
func (s *SmartContract) ChangePublicDescription(ctx contractapi.TransactionContextInterface, assetID string, newDescription string) error {
// Get client org id
// No need to check client org id matches peer org id, rely on the marble ownership check instead.
// No need to check client org id matches peer org id, rely on the asset ownership check instead.
clientOrgID, err := getClientOrgID(ctx, false)
if err != nil {
return fmt.Errorf("failed to get verified OrgID: %s", err.Error())
}
marble, err := s.GetAsset(ctx, marbleID)
asset, err := s.GetAsset(ctx, assetID)
if err != nil {
return fmt.Errorf("failed to get marble: %s", err.Error())
return fmt.Errorf("failed to get asset: %s", err.Error())
}
// auth check to ensure that client's org actually owns the marble
if clientOrgID != marble.OwnerOrg {
return fmt.Errorf("a client from %s cannot update the description of a marble owned by %s", clientOrgID, marble.OwnerOrg)
// auth check to ensure that client's org actually owns the asset
if clientOrgID != asset.OwnerOrg {
return fmt.Errorf("a client from %s cannot update the description of a asset owned by %s", clientOrgID, asset.OwnerOrg)
}
marble.PublicDescription = newDescription
asset.PublicDescription = newDescription
updatedMarbleJSON, err := json.Marshal(marble)
updatedAssetJSON, err := json.Marshal(asset)
if err != nil {
return fmt.Errorf("failed to marshal marble: %s", err.Error())
return fmt.Errorf("failed to marshal asset: %s", err.Error())
}
return ctx.GetStub().PutState(marbleID, updatedMarbleJSON)
return ctx.GetStub().PutState(assetID, updatedAssetJSON)
}
// AgreeToSell adds seller's asking price to seller's implicit private data collection
func (s *SmartContract) AgreeToSell(ctx contractapi.TransactionContextInterface, marbleID string) error {
// Query marble and verify that this clientOrgId actually owns the marble.
marble, err := s.GetAsset(ctx, marbleID)
func (s *SmartContract) AgreeToSell(ctx contractapi.TransactionContextInterface, assetID string) error {
// Query asset and verify that this clientOrgId actually owns the asset.
asset, err := s.GetAsset(ctx, assetID)
if err != nil {
return err
}
@ -154,20 +154,20 @@ func (s *SmartContract) AgreeToSell(ctx contractapi.TransactionContextInterface,
return fmt.Errorf("failed to get verified OrgID: %s", err.Error())
}
if clientOrgID != marble.OwnerOrg {
return fmt.Errorf("a client from %s cannot sell a marble owned by %s", clientOrgID, marble.OwnerOrg)
if clientOrgID != asset.OwnerOrg {
return fmt.Errorf("a client from %s cannot sell a asset owned by %s", clientOrgID, asset.OwnerOrg)
}
return agreeToPrice(ctx, marbleID, typeMarbleForSale)
return agreeToPrice(ctx, assetID, typeAssetForSale)
}
// AgreeToBuy adds buyer's bid price to buyer's implicit private data collection
func (s *SmartContract) AgreeToBuy(ctx contractapi.TransactionContextInterface, marbleID string) error {
return agreeToPrice(ctx, marbleID, typeMarbleBid)
func (s *SmartContract) AgreeToBuy(ctx contractapi.TransactionContextInterface, assetID string) error {
return agreeToPrice(ctx, assetID, typeAssetBid)
}
// agreeToPrice adds a bid or ask price to caller's implicit private data collection
func agreeToPrice(ctx contractapi.TransactionContextInterface, marbleID string, priceType string) error {
func agreeToPrice(ctx contractapi.TransactionContextInterface, assetID string, priceType string) error {
// Get client org id and verify it matches peer org id.
// In this scenario, client is only authorized to read/write private data from its own peer.
@ -184,54 +184,54 @@ func agreeToPrice(ctx contractapi.TransactionContextInterface, marbleID string,
// Price hash will get verfied later, therefore always pass and persist the JSON bytes as-is,
// so that there is no risk of nondeterministic marshaling.
priceJSON, ok := transMap["marble_price"]
priceJSON, ok := transMap["asset_price"]
if !ok {
return fmt.Errorf("marble_price key not found in the transient map")
return fmt.Errorf("asset_price key not found in the transient map")
}
collection := buildCollectionName(clientOrgID)
// Persist the agreed to price in a collection sub-namespace based on priceType key prefix,
// to avoid collisions between private marble properties, sell price, and buy price
marblePriceKey, err := ctx.GetStub().CreateCompositeKey(priceType, []string{marbleID})
// to avoid collisions between private asset properties, sell price, and buy price
assetPriceKey, err := ctx.GetStub().CreateCompositeKey(priceType, []string{assetID})
if err != nil {
return fmt.Errorf("failed to create composite key: %s", err.Error())
}
err = ctx.GetStub().PutPrivateData(collection, marblePriceKey, priceJSON)
err = ctx.GetStub().PutPrivateData(collection, assetPriceKey, priceJSON)
if err != nil {
return fmt.Errorf("failed to put marble bid: %s", err.Error())
return fmt.Errorf("failed to put asset bid: %s", err.Error())
}
return nil
}
// VerifyAssetProperties implement function to verify marble properties using the hash
// VerifyAssetProperties implement function to verify asset properties using the hash
// Allows a buyer to validate the properties of an asset against the owner's implicit private data collection
func (s *SmartContract) VerifyAssetProperties(ctx contractapi.TransactionContextInterface, marbleID string) (bool, error) {
func (s *SmartContract) VerifyAssetProperties(ctx contractapi.TransactionContextInterface, assetID string) (bool, error) {
transMap, err := ctx.GetStub().GetTransient()
if err != nil {
return false, fmt.Errorf("Error getting transient: " + err.Error())
}
// Marble properties are private, therefore they get passed in transient field
immutablePropertiesJSON, ok := transMap["marble_properties"]
// Asset properties are private, therefore they get passed in transient field
immutablePropertiesJSON, ok := transMap["asset_properties"]
if !ok {
return false, fmt.Errorf("marble_properties key not found in the transient map")
return false, fmt.Errorf("asset_properties key not found in the transient map")
}
marble, err := s.GetAsset(ctx, marbleID)
asset, err := s.GetAsset(ctx, assetID)
if err != nil {
return false, fmt.Errorf("failed to get marble: %s", err.Error())
return false, fmt.Errorf("failed to get asset: %s", err.Error())
}
collectionOwner := buildCollectionName(marble.OwnerOrg)
immutablePropertiesOnChainHash, err := ctx.GetStub().GetPrivateDataHash(collectionOwner, marbleID)
collectionOwner := buildCollectionName(asset.OwnerOrg)
immutablePropertiesOnChainHash, err := ctx.GetStub().GetPrivateDataHash(collectionOwner, assetID)
if err != nil {
return false, fmt.Errorf("failed to read marble private properties hash from seller's collection: %s", err.Error())
return false, fmt.Errorf("failed to read asset private properties hash from seller's collection: %s", err.Error())
}
if immutablePropertiesOnChainHash == nil {
return false, fmt.Errorf("marble private properties hash does not exist: %s", marbleID)
return false, fmt.Errorf("asset private properties hash does not exist: %s", assetID)
}
// get sha256 hash of passed immutable properties
@ -247,9 +247,9 @@ func (s *SmartContract) VerifyAssetProperties(ctx contractapi.TransactionContext
return true, nil
}
// TransferAsset checks transfer conditions and then transfers marble state to buyer.
// TransferAsset checks transfer conditions and then transfers asset state to buyer.
// TransferAsset can only be called by current owner
func (s *SmartContract) TransferAsset(ctx contractapi.TransactionContextInterface, marbleID string, buyerOrgID string) error {
func (s *SmartContract) TransferAsset(ctx contractapi.TransactionContextInterface, assetID string, buyerOrgID string) error {
// Get client org id and verify it matches peer org id.
// For a transfer, selling client must get endorsement from their own peer and from buyer peer, therefore don't verify client org id matches peer org id
@ -263,14 +263,14 @@ func (s *SmartContract) TransferAsset(ctx contractapi.TransactionContextInterfac
return fmt.Errorf("Error getting transient: " + err.Error())
}
immutablePropertiesJSON, ok := transMap["marble_properties"]
immutablePropertiesJSON, ok := transMap["asset_properties"]
if !ok {
return fmt.Errorf("marble_properties key not found in the transient map")
return fmt.Errorf("asset_properties key not found in the transient map")
}
priceJSON, ok := transMap["marble_price"]
priceJSON, ok := transMap["asset_price"]
if !ok {
return fmt.Errorf("marble_price key not found in the transient map")
return fmt.Errorf("asset_price key not found in the transient map")
}
var agreement Agreement
@ -279,44 +279,44 @@ func (s *SmartContract) TransferAsset(ctx contractapi.TransactionContextInterfac
return fmt.Errorf("failed to unmarshal price JSON: %s", err.Error())
}
marble, err := s.GetAsset(ctx, marbleID)
asset, err := s.GetAsset(ctx, assetID)
if err != nil {
return fmt.Errorf("failed to get marble: %s", err.Error())
return fmt.Errorf("failed to get asset: %s", err.Error())
}
err = verifyTransferConditions(ctx, marble, immutablePropertiesJSON, clientOrgID, buyerOrgID, priceJSON)
err = verifyTransferConditions(ctx, asset, immutablePropertiesJSON, clientOrgID, buyerOrgID, priceJSON)
if err != nil {
return fmt.Errorf("failed transfer verification: %s", err.Error())
}
err = transferMarbleState(ctx, marble, immutablePropertiesJSON, clientOrgID, buyerOrgID, agreement.Price)
err = transferAssetState(ctx, asset, immutablePropertiesJSON, clientOrgID, buyerOrgID, agreement.Price)
if err != nil {
return fmt.Errorf("failed marble transfer: %s", err.Error())
return fmt.Errorf("failed asset transfer: %s", err.Error())
}
return nil
}
// verifyTransferConditions checks that client org currently owns marble and that both parties have agreed on price
func verifyTransferConditions(ctx contractapi.TransactionContextInterface, marble *Marble, immutablePropertiesJSON []byte, clientOrgID string, buyerOrgID string, priceJSON []byte) error {
// verifyTransferConditions checks that client org currently owns asset and that both parties have agreed on price
func verifyTransferConditions(ctx contractapi.TransactionContextInterface, asset *Asset, immutablePropertiesJSON []byte, clientOrgID string, buyerOrgID string, priceJSON []byte) error {
// CHECK1: auth check to ensure that client's org actually owns the marble
// CHECK1: auth check to ensure that client's org actually owns the asset
if clientOrgID != marble.OwnerOrg {
return fmt.Errorf("a client from %s cannot transfer a marble owned by %s", clientOrgID, marble.OwnerOrg)
if clientOrgID != asset.OwnerOrg {
return fmt.Errorf("a client from %s cannot transfer a asset owned by %s", clientOrgID, asset.OwnerOrg)
}
// CHECK2: verify that the hash of the passed immutable properties matches the on-chain hash
// get on chain hash
collectionSeller := buildCollectionName(clientOrgID)
immutablePropertiesOnChainHash, err := ctx.GetStub().GetPrivateDataHash(collectionSeller, marble.ID)
immutablePropertiesOnChainHash, err := ctx.GetStub().GetPrivateDataHash(collectionSeller, asset.ID)
if err != nil {
return fmt.Errorf("failed to read marble private properties hash from seller's collection: %s", err.Error())
return fmt.Errorf("failed to read asset private properties hash from seller's collection: %s", err.Error())
}
if immutablePropertiesOnChainHash == nil {
return fmt.Errorf("marble private properties hash does not exist: %s", marble.ID)
return fmt.Errorf("asset private properties hash does not exist: %s", asset.ID)
}
// get sha256 hash of passed immutable properties
@ -332,30 +332,30 @@ func verifyTransferConditions(ctx contractapi.TransactionContextInterface, marbl
// CHECK3: verify that seller and buyer agreed on the same price
// get seller (current owner) asking price
marbleForSaleKey, err := ctx.GetStub().CreateCompositeKey(typeMarbleForSale, []string{marble.ID})
assetForSaleKey, err := ctx.GetStub().CreateCompositeKey(typeAssetForSale, []string{asset.ID})
if err != nil {
return fmt.Errorf("failed to create composite key: %s", err.Error())
}
sellerPriceHash, err := ctx.GetStub().GetPrivateDataHash(collectionSeller, marbleForSaleKey)
sellerPriceHash, err := ctx.GetStub().GetPrivateDataHash(collectionSeller, assetForSaleKey)
if err != nil {
return fmt.Errorf("failed to get seller price hash: %s", err.Error())
}
if sellerPriceHash == nil {
return fmt.Errorf("seller price for %s does not exist", marble.ID)
return fmt.Errorf("seller price for %s does not exist", asset.ID)
}
// get buyer bid price
collectionBuyer := buildCollectionName(buyerOrgID)
marbleBidKey, err := ctx.GetStub().CreateCompositeKey(typeMarbleBid, []string{marble.ID})
assetBidKey, err := ctx.GetStub().CreateCompositeKey(typeAssetBid, []string{asset.ID})
if err != nil {
return fmt.Errorf("failed to create composite key: %s", err.Error())
}
buyerPriceHash, err := ctx.GetStub().GetPrivateDataHash(collectionBuyer, marbleBidKey)
buyerPriceHash, err := ctx.GetStub().GetPrivateDataHash(collectionBuyer, assetBidKey)
if err != nil {
return fmt.Errorf("failed to get buyer price hash: %s", err.Error())
}
if buyerPriceHash == nil {
return fmt.Errorf("buyer price for %s does not exist", marble.ID)
return fmt.Errorf("buyer price for %s does not exist", asset.ID)
}
// get sha256 hash of passed price
@ -377,63 +377,63 @@ func verifyTransferConditions(ctx contractapi.TransactionContextInterface, marbl
return nil
}
// transferMarbleState makes the public and private state updates for the transferred marble
func transferMarbleState(ctx contractapi.TransactionContextInterface, marble *Marble, immutablePropertiesJSON []byte, clientOrgID string, buyerOrgID string, price int) error {
// transferAssetState makes the public and private state updates for the transferred asset
func transferAssetState(ctx contractapi.TransactionContextInterface, asset *Asset, immutablePropertiesJSON []byte, clientOrgID string, buyerOrgID string, price int) error {
// save the marble with the new owner
marble.OwnerOrg = buyerOrgID
// save the asset with the new owner
asset.OwnerOrg = buyerOrgID
updatedMarbleJSON, _ := json.Marshal(marble)
updatedAssetJSON, _ := json.Marshal(asset)
err := ctx.GetStub().PutState(marble.ID, updatedMarbleJSON)
err := ctx.GetStub().PutState(asset.ID, updatedAssetJSON)
if err != nil {
return fmt.Errorf("failed to write marble for buyer: %s", err.Error())
return fmt.Errorf("failed to write asset for buyer: %s", err.Error())
}
// Change the endorsement policy to the new owner
err = setMarbleStateBasedEndorsement(ctx, marble.ID, buyerOrgID)
err = setAssetStateBasedEndorsement(ctx, asset.ID, buyerOrgID)
if err != nil {
return fmt.Errorf("failed setting state based endorsement for new owner: %s", err.Error())
}
// Transfer the private properties (delete from seller collection, create in buyer collection)
collectionSeller := buildCollectionName(clientOrgID)
err = ctx.GetStub().DelPrivateData(collectionSeller, marble.ID)
err = ctx.GetStub().DelPrivateData(collectionSeller, asset.ID)
if err != nil {
return fmt.Errorf("failed to delete Marble private details from seller: %s", err.Error())
return fmt.Errorf("failed to delete Asset private details from seller: %s", err.Error())
}
collectionBuyer := buildCollectionName(buyerOrgID)
err = ctx.GetStub().PutPrivateData(collectionBuyer, marble.ID, immutablePropertiesJSON)
err = ctx.GetStub().PutPrivateData(collectionBuyer, asset.ID, immutablePropertiesJSON)
if err != nil {
return fmt.Errorf("failed to put Marble private properties for buyer: %s", err.Error())
return fmt.Errorf("failed to put Asset private properties for buyer: %s", err.Error())
}
// Delete the price records for seller
marblePriceKey, err := ctx.GetStub().CreateCompositeKey(typeMarbleForSale, []string{marble.ID})
assetPriceKey, err := ctx.GetStub().CreateCompositeKey(typeAssetForSale, []string{asset.ID})
if err != nil {
return fmt.Errorf("failed to create composite key for seller: %s", err.Error())
}
err = ctx.GetStub().DelPrivateData(collectionSeller, marblePriceKey)
err = ctx.GetStub().DelPrivateData(collectionSeller, assetPriceKey)
if err != nil {
return fmt.Errorf("failed to delete marble price from implicit private data collection for seller: %s", err.Error())
return fmt.Errorf("failed to delete asset price from implicit private data collection for seller: %s", err.Error())
}
// Delete the price records for buyer
marblePriceKey, err = ctx.GetStub().CreateCompositeKey(typeMarbleBid, []string{marble.ID})
assetPriceKey, err = ctx.GetStub().CreateCompositeKey(typeAssetBid, []string{asset.ID})
if err != nil {
return fmt.Errorf("failed to create composite key for buyer: %s", err.Error())
}
err = ctx.GetStub().DelPrivateData(collectionBuyer, marblePriceKey)
err = ctx.GetStub().DelPrivateData(collectionBuyer, assetPriceKey)
if err != nil {
return fmt.Errorf("failed to delete marble price from implicit private data collection for buyer: %s", err.Error())
return fmt.Errorf("failed to delete asset price from implicit private data collection for buyer: %s", err.Error())
}
// Keep record for a 'receipt' in both buyer and seller private data collection to record the sales price and date
// Persist the agreed to price in a collection sub-namespace based on receipt key prefix
receiptBuyKey, err := ctx.GetStub().CreateCompositeKey(typeMarbleBuyReceipt, []string{marble.ID, ctx.GetStub().GetTxID()})
receiptBuyKey, err := ctx.GetStub().CreateCompositeKey(typeAssetBuyReceipt, []string{asset.ID, ctx.GetStub().GetTxID()})
if err != nil {
return fmt.Errorf("failed to create composite key for receipt: %s", err.Error())
}
@ -458,7 +458,7 @@ func transferMarbleState(ctx contractapi.TransactionContextInterface, marble *Ma
return fmt.Errorf("failed to put private asset receipt for buyer: %s", err.Error())
}
receiptSaleKey, err := ctx.GetStub().CreateCompositeKey(typeMarbleSaleReceipt, []string{ctx.GetStub().GetTxID(), marble.ID})
receiptSaleKey, err := ctx.GetStub().CreateCompositeKey(typeAssetSaleReceipt, []string{ctx.GetStub().GetTxID(), asset.ID})
if err != nil {
return fmt.Errorf("failed to create composite key for receipt: %s", err.Error())
}
@ -473,7 +473,7 @@ func transferMarbleState(ctx contractapi.TransactionContextInterface, marble *Ma
// getClientOrgID gets the client org ID.
// The client org ID can optionally be verified against the peer org ID, to ensure that a client from another org doesn't attempt to read or write private data from this peer.
// The only exception in this scenario is for TransferMarble, since the current owner needs to get an endorsement from the buyer's peer.
// The only exception in this scenario is for TransferAsset, since the current owner needs to get an endorsement from the buyer's peer.
func getClientOrgID(ctx contractapi.TransactionContextInterface, verifyOrg bool) (string, error) {
clientOrgID, err := ctx.GetClientIdentity().GetMSPID()
@ -505,8 +505,8 @@ func verifyClientOrgMatchesPeerOrg(clientOrgID string) error {
return nil
}
// setMarbleStateBasedEndorsement adds an endorsement policy to a marble so that only a peer from an owning org can update or transfer the marble.
func setMarbleStateBasedEndorsement(ctx contractapi.TransactionContextInterface, marbleID string, orgToEndorse string) error {
// setAssetStateBasedEndorsement adds an endorsement policy to a asset so that only a peer from an owning org can update or transfer the asset.
func setAssetStateBasedEndorsement(ctx contractapi.TransactionContextInterface, assetID string, orgToEndorse string) error {
endorsementPolicy, err := statebased.NewStateEP(nil)
@ -518,9 +518,9 @@ func setMarbleStateBasedEndorsement(ctx contractapi.TransactionContextInterface,
if err != nil {
return fmt.Errorf("failed to create endorsement policy bytes from org: %s", err.Error())
}
err = ctx.GetStub().SetStateValidationParameter(marbleID, epBytes)
err = ctx.GetStub().SetStateValidationParameter(assetID, epBytes)
if err != nil {
return fmt.Errorf("failed to set validation parameter on marble: %s", err.Error())
return fmt.Errorf("failed to set validation parameter on asset: %s", err.Error())
}
return nil
@ -549,11 +549,11 @@ func main() {
chaincode, err := contractapi.NewChaincode(new(SmartContract))
if err != nil {
fmt.Printf("Error create transfer marble chaincode: %s", err.Error())
fmt.Printf("Error create transfer asset chaincode: %s", err.Error())
return
}
if err := chaincode.Start(); err != nil {
fmt.Printf("Error starting marble chaincode: %s", err.Error())
fmt.Printf("Error starting asset chaincode: %s", err.Error())
}
}

72
chaincode/marbles_transfer/marbles_transfer_queries.go → asset-transfer-secured-agreement/asset_transfer_queries.go
View file

@ -29,38 +29,38 @@ import (
// QueryResult structure used for handling result of query
type QueryResult struct {
Record *Marble
Record *Asset
TxId string `json:"txId"`
Timestamp time.Time `json:"timestamp"`
}
type Agreement struct {
ID string `json:"marble_id"`
ID string `json:"asset_id"`
Price int `json:"price"`
TradeID string `json:"trade_id"`
}
// GetAsset returns the public marble data
func (s *SmartContract) GetAsset(ctx contractapi.TransactionContextInterface, marbleID string) (*Marble, error) {
// GetAsset returns the public asset data
func (s *SmartContract) GetAsset(ctx contractapi.TransactionContextInterface, assetID string) (*Asset, error) {
// since only public data is accessed in this function, no access control is required
marbleJSON, err := ctx.GetStub().GetState(marbleID)
assetJSON, err := ctx.GetStub().GetState(assetID)
if err != nil {
return nil, fmt.Errorf("failed to read from world state: %s", err.Error())
}
if marbleJSON == nil {
return nil, fmt.Errorf("%s does not exist", marbleID)
if assetJSON == nil {
return nil, fmt.Errorf("%s does not exist", assetID)
}
marble := new(Marble)
_ = json.Unmarshal(marbleJSON, marble)
asset := new(Asset)
_ = json.Unmarshal(assetJSON, asset)
return marble, nil
return asset, nil
}
// GetAssetPrivateProperties returns the immutable marble properties from owner's private data collection
func (s *SmartContract) GetAssetPrivateProperties(ctx contractapi.TransactionContextInterface, marbleID string) (string, error) {
// GetAssetPrivateProperties returns the immutable asset properties from owner's private data collection
func (s *SmartContract) GetAssetPrivateProperties(ctx contractapi.TransactionContextInterface, assetID string) (string, error) {
// Get client org id and verify it matches peer org id.
// In this scenario, client is only authorized to read/write private data from its own peer.
@ -69,59 +69,59 @@ func (s *SmartContract) GetAssetPrivateProperties(ctx contractapi.TransactionCon
return "", err
}
immutableProperties, err := ctx.GetStub().GetPrivateData(collection, marbleID)
immutableProperties, err := ctx.GetStub().GetPrivateData(collection, assetID)
if err != nil {
return "", fmt.Errorf("failed to read marble private properties from client org's collection: %s", err.Error())
return "", fmt.Errorf("failed to read asset private properties from client org's collection: %s", err.Error())
}
if immutableProperties == nil {
return "", fmt.Errorf("marble private details does not exist in client org's collection: %s", marbleID)
return "", fmt.Errorf("asset private details does not exist in client org's collection: %s", assetID)
}
return string(immutableProperties), nil
}
// GetAssetSalesPrice returns the sales price as an integer
func (s *SmartContract) GetAssetSalesPrice(ctx contractapi.TransactionContextInterface, marbleID string) (string, error) {
return getAssetPrice(ctx, marbleID, typeMarbleForSale)
func (s *SmartContract) GetAssetSalesPrice(ctx contractapi.TransactionContextInterface, assetID string) (string, error) {
return getAssetPrice(ctx, assetID, typeAssetForSale)
}
// GetAssetBidPrice returns the bid price as an integer
func (s *SmartContract) GetAssetBidPrice(ctx contractapi.TransactionContextInterface, marbleID string) (string, error) {
return getAssetPrice(ctx, marbleID, typeMarbleBid)
func (s *SmartContract) GetAssetBidPrice(ctx contractapi.TransactionContextInterface, assetID string) (string, error) {
return getAssetPrice(ctx, assetID, typeAssetBid)
}
// getAssetPrice gets the bid or ask price from caller's implicit private data collection
func getAssetPrice(ctx contractapi.TransactionContextInterface, marbleID string, priceType string) (string, error) {
func getAssetPrice(ctx contractapi.TransactionContextInterface, assetID string, priceType string) (string, error) {
collection, err := getClientImplicitCollectionName(ctx)
if err != nil {
return "", err
}
marblePriceKey, err := ctx.GetStub().CreateCompositeKey(priceType, []string{marbleID})
assetPriceKey, err := ctx.GetStub().CreateCompositeKey(priceType, []string{assetID})
if err != nil {
return "", fmt.Errorf("failed to create composite key: %s", err.Error())
}
marblePriceJSON, err := ctx.GetStub().GetPrivateData(collection, marblePriceKey)
assetPriceJSON, err := ctx.GetStub().GetPrivateData(collection, assetPriceKey)
if err != nil {
return "", fmt.Errorf("failed to read marble price from implicit private data collection: %s", err.Error())
return "", fmt.Errorf("failed to read asset price from implicit private data collection: %s", err.Error())
}
if marblePriceJSON == nil {
return "", fmt.Errorf("marble price does not exist: %s", marbleID)
if assetPriceJSON == nil {
return "", fmt.Errorf("asset price does not exist: %s", assetID)
}
return string(marblePriceJSON), nil
return string(assetPriceJSON), nil
}
// QueryAssetSaleAgreements returns all of an organization's proposed sales
func (s *SmartContract) QueryAssetSaleAgreements(ctx contractapi.TransactionContextInterface) ([]Agreement, error) {
return queryAgreementsByType(ctx, typeMarbleForSale)
return queryAgreementsByType(ctx, typeAssetForSale)
}
// QueryAssetBuyAgreements returns all of an organization's proposed buys
func (s *SmartContract) QueryAssetBuyAgreements(ctx contractapi.TransactionContextInterface) ([]Agreement, error) {
return queryAgreementsByType(ctx, typeMarbleBid)
return queryAgreementsByType(ctx, typeAssetBid)
}
func queryAgreementsByType(ctx contractapi.TransactionContextInterface, agreeType string) ([]Agreement, error) {
@ -157,13 +157,9 @@ func queryAgreementsByType(ctx contractapi.TransactionContextInterface, agreeTyp
return agreements, nil
}
// TODO add a JSON index and query to return all of an organization's marbles larger than a certain size (only works when using CouchDB state database)
// hint: see sample index at https://github.com/hyperledger/fabric-samples/blob/master/chaincode/marbles02/go/META-INF/statedb/couchdb/indexes/indexOwner.json
// hint: see sample query at https://github.com/hyperledger/fabric-samples/blob/master/chaincode/marbles02/go/marbles_chaincode.go#L515
// QueryAssetHistory returns the chain of custody for a marble since issuance
func (s *SmartContract) QueryAssetHistory(ctx contractapi.TransactionContextInterface, marbleID string) ([]QueryResult, error) {
resultsIterator, err := ctx.GetStub().GetHistoryForKey(marbleID)
// QueryAssetHistory returns the chain of custody for a asset since issuance
func (s *SmartContract) QueryAssetHistory(ctx contractapi.TransactionContextInterface, assetID string) ([]QueryResult, error) {
resultsIterator, err := ctx.GetStub().GetHistoryForKey(assetID)
if err != nil {
return nil, err
}
@ -177,8 +173,8 @@ func (s *SmartContract) QueryAssetHistory(ctx contractapi.TransactionContextInte
return nil, err
}
marble := new(Marble)
err = json.Unmarshal(response.Value, marble)
asset := new(Asset)
err = json.Unmarshal(response.Value, asset)
if err != nil {
return nil, err
}
@ -186,7 +182,7 @@ func (s *SmartContract) QueryAssetHistory(ctx contractapi.TransactionContextInte
record := QueryResult{
TxId: response.TxId,
Timestamp: time.Unix(response.Timestamp.Seconds, int64(response.Timestamp.Nanos)),
Record: marble,
Record: asset,
}
records = append(records, record)
}

0
chaincode/marbles_transfer/go.mod → asset-transfer-secured-agreement/go.mod
View file

0
chaincode/marbles_transfer/go.sum → asset-transfer-secured-agreement/go.sum
View file

0
chaincode/marbles_transfer/images/transfer_marbles_1.png → asset-transfer-secured-agreement/images/transfer_assets_1.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 198 KiB

After

Width:  |  Height:  |  Size: 198 KiB

0
chaincode/marbles_transfer/images/transfer_marbles_2.png → asset-transfer-secured-agreement/images/transfer_assets_2.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 238 KiB

After

Width:  |  Height:  |  Size: 238 KiB

0
chaincode/marbles_transfer/images/transfer_marbles_3.png → asset-transfer-secured-agreement/images/transfer_assets_3.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 239 KiB

After

Width:  |  Height:  |  Size: 239 KiB

0
chaincode/marbles_transfer/images/transfer_marbles_images.pptx → asset-transfer-secured-agreement/images/transfer_assets_images.pptx
View file

342
chaincode/marbles_transfer/README.md
View file

@ -1,342 +0,0 @@
# Marbles private asset transfer scenario
The marbles transfer smart contract demonstrates how an asset can be represented and traded between organizations in a Hyperledger Fabric blockchain channel, while keeping details of the asset and transaction private.
Each on-chain marble is a non-fungible token (NFT) that represents a specific marble having certain immutable metadata properties (such as size and color) with a unique owner. When the owner wants to sell the marble, both parties need to agree to the same price before the marble is transferred. The marbles transfer smart contract enforces that only the owner of the marble can transfer the marble. In the course of this tutorial, you will learn how Fabric features such as state based endorsement, private data, and access control come together to provide secured transactions that are both private and verifiable.
## Scenario requirements
The marbles transfer scenario is bound by the following requirements:
- A marble may be issued by the first owner's organization (in the real world issuance may be restricted to some authority that certifies a marble's properties).
- Ownership is managed at the organization level (the Fabric permissioning scheme would equally support ownership at an individual identity level within an organization).
- The marble identifier and owner is stored as public channel data for all channel members to see.
- The marble metadata properties however are private information known only to the asset owner (and prior owners).
- An interested buyer will want to verify a marble's private properties.
- An interested buyer will want to verify a marble's provenance, specifically the marble's origin and chain of custody. They will also want to verify that the marble has not changed since issuance, and that all prior transfers have been legitimate.
- To transfer a marble, a buyer and seller must first agree on a sales price.
- Only the current owner may transfer their marble to another organization.
- The actual marble transfer must verify that the legitimate marble is being transferred, and verify that the price has been agreed to. Both buyer and seller must endorse the transfer.
## How privacy is maintained
The smart contract uses the following techniques to ensure that the marble properties remain private:
- The marble metadata properties are stored in the current owning organization's implicit private data collection on the organization's peers only. Each organization on a Fabric channel has a private data collection that their own organization can use. This collection is *implicit* because it does not need to be explicitly defined in the chaincode.
- Although a hash of the private properties is automatically stored on-chain for all channel members to see, a random salt is included in the private properties so that other channel members cannot guess the private data preimage through a dictionary attack.
- Smart contract requests utilize the transient field for private data so that private data does not get included in the final on-chain transaction.
- Private data queries must originate from a client whose org id matches the peer's org id, which must be the same as the marble owner's org id.
## How the transfer is implemented
Before we start using the marbles transfer smart contract we will provide an overview of the transaction flow and how Fabric features are used to protect the asset created on the blockchain:
**Step 1: Creating the marble**
The marbles transfer smart contract is deployed with an endorsement policy that requires an endorsement from any channel member. This allows any organization to create a marble that they own without requiring an endorsement from other channel members. The creation of the marble is the only transaction that uses the chaincode level endorsement policy. Transactions that update or transfer existing marbles will be governed by state based endorsement policies or the endorsement policies of private data collections. Note that in other scenarios, you may want an issuing authority to also endorse create transactions.
The smart contract uses the following Fabric features to ensure that the Marble can only be updated or transferred by the organization that owns the marble:
- When the marble is created, the smart contract gets the MSP ID of the organization that submitted the request, and stores the MSP ID as the owner in the marble key/value in the public chaincode world state. Subsequent smart contract requests to update or transfer the marble will use access control logic to verify that the requesting client is from the same organization. Note that in other scenarios, the ownership could be based on a specific client identity within an organization, rather than an organization itself.
- Also when the marble is created, the smart contract sets a state based endorsement policy for the marble key. The state based policy specifies that a peer from the organization that owns the marble must endorse a subsequent request to update or transfer the marble. This prevents any other organization from updating or transferring the marble using a smart contract that has been maliciously altered on their own peers.
**Step 2: Agreeing to the transfer.**
After a marble is created, channel members can use the smart contract to agree to transfer the marble:
- The owner of the marble can change the description in the public ownership record, for example to advertise that the marble is for sale. Smart contract access control enforces that this change needs to be submitted from a member of the marble owner organization. The state based endorsement policy enforces that this description change must be endorsed by a peer from the owner's organization.
<!--
- Interested buyers can ask the current owner for the private details, and then verify those details against the on-chain hash on their own trusted peer.
- An interested buyer can query the history of the public key. The response includes all transactions that updated the key. Each of those transactions can be inspected to verify the marble's origination, the chain of custody, and that the marble private details hash has not changed since issuance.
-->
The marble owner and the marble buyer agree to transfer the marble for a certain price:
- The price agreed to by the buyer and the seller is stored in each organization's implicit private data collection. The private data collection keeps the agreed price secret from other members of the channel. The endorsement policy of the private data collection ensures that the respective organization's peer endorsed the price agreement, and the smart contract access control logic ensures that the price agreement was submitted by a client of the associated organization.
- A hash of each price agreement is stored on the ledger. The two hashes will match only if the two organizations have agreed to the same price. This allows the organizations to verify that they have come to agreement on the transfer details before the transfer takes place. A random trade id is added to the price agreement, which serves as a *salt* to ensure that other channel members can not use the hash on the ledger to guess the price.
**Step 3: Transferring the marble**
After the two organizations have agreed to the same price, the marble owner can use the transfer function to transfer the marble to the buyer:
- Smart contract access control ensures that the transfer must be initiated by a member of the organization that owns the marble.
- The transfer function verifies that the marble details passed to the transfer function matches the on chain hash, to ensure that the marble owner is *selling* the same marble that they own.
- The transfer function uses the hash of the price agreement on the ledger to ensure that both organizations have agreed to the same price.
- If the transfer conditions are met, the transfer function adds the marble to the implicit private data collection of the buyer, and deletes the marble from the collection of the seller. The transfer also updates the owner in the public ownership record.
- Because of the endorsement policies of the seller and buyer implicit data collections, and the state based endorsement policy of the public record (requiring the seller to endorse), the transfer needs to be endorsed by peers from both buyer and seller.
- The state based endorsement policy of the public marble record is updated so that only a peer of the new owner of the marble can update or sell their new marble.
## Running the marbles transfer smart contract
You can use the Fabric test network to run the marbles transfer smart contract. The test network contains two peer organizations, Org1 and Org1, that operate one peer each. In this tutorial, we will deploy the smart contract to a channel of the test network joined by both organizations. We will first create a marble that is owned by Org1. After the two organizations agree on a marble price, we will transfer the marble from Org1 to Org2.
## Deploy the test network
We need to deploy an instance of the Fabric test network to run the smart contract. Open a command terminal and navigate to test network directory in your local clone of the `fabric-samples`. We will operate from the `test-network` directory for the remainder of the tutorial.
```
cd fabric-samples/test-network
```
You can then deploy the network with the following command:
```
./network.sh up createChannel
```
The script will deploy the nodes of the network create a single channel named `mychannel` with Org1 and Org2 as channel members. We will use this channel to deploy the smart contract and trade our marble.
### Set the environment variables to operate as Org1
In the course of running this sample, you need to interact with the network as both Org1 and Org2. To make the tutorial easier to use, we will use separate terminals for each organization. Open a new terminal and make sure that you are operating from the `test-network` directory. Set the following environment variables to operate the `peer` CLI as the Org1 admin:
```
export PATH=${PWD}/../bin:${PWD}:$PATH
export FABRIC_CFG_PATH=$PWD/../config/
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:7051
```
The environment variables also specify the endpoint information of the Org1 peer to submit requests.
### Set the environment variables to operate as Org2
Now that we have one terminal that we can operate as Org1, open a new terminal for Org2. Make sure that this terminal is also operating from the `test-network` directory. Set the following environment variables to operate as the Org2 admin:
```
export PATH=${PWD}/../bin:${PWD}:$PATH
export FABRIC_CFG_PATH=$PWD/../config/
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:9051
```
You will need switch between the two terminals as you go through the tutorial.
## Deploy the chaincode
Now that we can operate as both organizations, we need install the marble transfer smart contract on the peers of Org1 and Org2, and deploy the chaincode to the channel approving and committing the chaincode definition.
### Install and approve the chaincode as Org1
Open the Org1 terminal. Run the following command to package the marbles transfer chaincode:
```
peer lifecycle chaincode package marbles_transfer.tar.gz --path ../chaincode/marbles_transfer --lang golang --label marbles_transfer_1
```
The command creates a chaincode package named `marbles_transfer.tar.gz`. We can now install this package on the Org1 peer:
```
peer lifecycle chaincode install marbles_transfer.tar.gz
```
You will need the chaincode package ID in order to approve the chaincode definition. You can find the package ID by querying your peer:
```
peer lifecycle chaincode queryinstalled
```
Save the package ID as an environment variable. The package ID will not be the same for all users, so need to use the result that was returned by the previous command:
```
export PACKAGE_ID=marbles_transfer_1:2a585633baa0a6ba0019965ac40d6f188194c50df1015010b080ef6ba426d266
```
You can now approve the chaincode as Org1:
```
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name marbles_transfer --version 1 --package-id $PACKAGE_ID --sequence 1 --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --signature-policy "OR('Org1MSP.peer','Org2MSP.peer')"
```
Note we are approving a chaincode endorsement policy of `"OR('Org1MSP.peer','Org2MSP.peer')"`. This allows either organization to create a marble without receiving an endorsement from the other organization.
### Install and approve the chaincode as Org2
We can now install and approve the chaincode as Org2. Open the Org2 terminal. Because the chaincode is already packaged on our local machine, we can go ahead and install the chaincode on the Org2 peer:`
```
peer lifecycle chaincode install marbles_transfer.tar.gz
```
Query the package ID of the chaincode:
```
peer lifecycle chaincode queryinstalled
```
Save the result of the command as an environment variable in the Org2 command window:
```
export PACKAGE_ID=marbles_transfer_1:2a585633baa0a6ba0019965ac40d6f188194c50df1015010b080ef6ba426d266
```
We can now approve the chaincode as the Org2 admin:
```
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name marbles_transfer --version 1 --package-id $PACKAGE_ID --sequence 1 --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --signature-policy "OR('Org1MSP.peer','Org2MSP.peer')"
```
Now that a majority (2 out of 2) of channel members have approved the chaincode definition, Org2 can commit the chaincode definition to deploy the chaincode to the channel:
```
peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name marbles_transfer --version 1 --sequence 1 --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --signature-policy "OR('Org1MSP.peer','Org2MSP.peer')"
```
We are now ready use the marbles transfer smart contract.
## Create a Marble
Any channel member can use the smart contract to create a marble that is owned by their organization. The details of the marble will be stored in a private data collection, and can only accessed by the organization that owns the marble. A public record of the marble, its owner, and a public description is stored on the channel ledger. Any channel member can access the public ownership record to see who owns the marble, and can read the description to see if the marble is for sale.
### Operate from the Org1 terminal
Before we create the marble, we need to specify the details of what our marble will be. Issue the following command to create a JSON that will describe the marble. The `"salt"` parameter is a random string that would prevent another member of the channel from guessing the marble using the hash on the ledger. If there was no salt, a user could theoretically guess marble parameters until the hash of the of the guess and the hash on the ledger matched (this is known as a dictionary attack). This string is encoded in Base64 format so that it can be passed to the creation transaction as transient data.
```
export MARBLE_PROPERTIES=$(echo -n "{\"object_type\":\"marble_properties\",\"marble_id\":\"marble1\",\"color\":\"blue\",\"size\":35,\"salt\":\"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3\"}" | base64 | tr -d \\n)
```
We can now use the following command to create a marble that belongs to Org1:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"IssueAsset","Args":["marble1"]}' --transient "{\"marble_properties\":\"$MARBLE_PROPERTIES\"}"
```
We can can query the Org1 implicit data collection to see the marble that was created:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAssetPrivateProperties","Args":["marble1"]}'
```
When successful, the command will return the following result:
```
{"object_type":"marble_properties","marble_id":"marble1","color":"blue","size":35,"salt":"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"}
```
We can also query the ledger to see the public ownership record:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAsset","Args":["marble1"]}'
```
The command will return the record that the marble1 is owned by Org1:
```
{"object_type":"marble","marble_id":"marble1","owner_org":"Org1MSP","public_description":"A new marble for Org1MSP"}
```
Because the market for marbles is hot, Org1 wants to flip this marble and put it up for sale. As the marble owner, Org1 can update the public description to advertise that the marble is for sale. Run the following command to change the marble description:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"ChangePublicDescription","Args":["marble1","This marble is for sale"]}'
```
Query the ledger again to see the updated description:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAsset","Args":["marble1"]}'
```
We can now see that the marble is for sale:
```
{"object_type":"marble","marble_id":"marble1","owner_org":"Org1MSP","public_description":"This marble is for sale"}
```
![Org1 creates a Marble](images/transfer_marbles_1.png)
*Figure 1: When Org1 creates a marble that they own, the marble details are stored in the Org1 implicit data collection on the Org1 peer. The public ownership record is stored in the channel world state, and is stored on both the Org1 and Org2 peers. A hash of the marble key and a hash the marble details are also visible in the channel world state and are stored on the peers of both organizations.*
### Operate from the Org2 terminal
If we operate from the Org2 terminal, we can use the smart contract query the public marble data:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAsset","Args":["marble1"]}'
```
From this query, Org2 learns that marble1 is for sale:
```
{"object_type":"marble","marble_id":"marble1","owner_org":"Org1MSP","public_description":"This marble is for sale"}
```
Any changes to the public description of the Marble owned by Org1 needs to be endorsed by Org1. The endorsement policy is reinforced by an access control policy within the chaincode that any updated need to be submitted by the organization that owns the marble. Lets see what happens if Org2 tried to change the public description as a prank:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"ChangePublicDescription","Args":["marble1","the worst marble"]}'
```
The smart contract does not allow Org2 to access the public description of the Marble.
```
Error: endorsement failure during invoke. response: status:500 message:"a client from Org2MSP cannot update the description of a marble owned by Org1MSP"
```
## Agree to sell the marble
To sell a marble, both the buyer and the seller must agree on a marble price. Each party stores the price that they agree to in their own private data collection. The marbles transfer smart contract enforces that both parties need to agree to the same price before the marble can be transferred.
## Agree to sell as Org1
Operate from the Org1 terminal. Org1 will agree to set the marble price as 110 dollars. The `trade_id` is used as salt to prevent a channel member that is not a buyer or a seller from guessing the price. This value needs to be passed out of band, through email or other communication, between the buyer and the seller. The buyer and the seller can also add salt to the marble key to prevent other members of the channel from guessing which marble is for sale.
```
export MARBLE_PRICE=$(echo -n "{\"marble_id\":\"marble1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":110}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"AgreeToSell","Args":["marble1"]}' --transient "{\"marble_price\":\"$MARBLE_PRICE\"}"
```
We can query the Org1 private data collection to read the agreed to selling price:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAssetSalesPrice","Args":["marble1"]}'
```
## Agree to buy as Org2
Operate from the Org2 terminal. Run the following command to verify the asset properties before agreeing to buy. The asset properties and salt would be passed out of band, through email or other communication, between the buyer and seller.
```
export MARBLE_PROPERTIES=$(echo -n "{\"object_type\":\"marble_properties\",\"marble_id\":\"marble1\",\"color\":\"blue\",\"size\":35,\"salt\":\"a94a8fe5ccb19ba61c4c0873d391e987982fbbd3\"}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"VerifyAsset","Args":["marble1"]}' --transient "{\"marble_properties\":\"$MARBLE_PROPERTIES\"}"
```
Run the following command to agree to buy marble1 for 100 dollars. As of now, Org2 will agree to a different price than Org2. Don't worry, the two organizations will agree to the same price in a future step. However, we we can use this temporary disagreement as a test of what happens if the buyer and the seller agree to a different price. Org2 needs to use the same `trade_id` as Org1.
```
export MARBLE_PRICE=$(echo -n "{\"marble_id\":\"marble1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":100}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"AgreeToBuy","Args":["marble1"]}' --transient "{\"marble_price\":\"$MARBLE_PRICE\"}"
```
You can read the agreed purchase price from the Org2 implicit data collection:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAssetBidPrice","Args":["marble1"]}'
```
![Org1 and Org2 agree on transfer](images/transfer_marbles_2.png)
*Figure 2: After Org1 and Org2 agree to transfer the marble, the price agreed to by each organization is stored in their private data collections. A composite key for the seller and the buyer is used to prevent a collision with the marble details and marble ownership record. The price that is agreed to is only stored on the peers of each organization. However, the hash of both agreements is stored in the channel world state on every peer joined to the channel.*
## Transfer the marble from to Org2
After both organizations have agreed to their price, Org1 can attempt to transfer the marble to Org2. The marbles transfer function in the smart contract uses the hash on the ledger to check that both organizations have agreed to the same price. The function will also use the hash of the private marble details to check that the marble that is transferred is the same marble that Org1 owns.
### Transfer the marble as Org1
Operate from the Org1 terminal. The owner of the marble needs to initiate the transfer. Note that the command below uses the `--peerAddresses` flag to target the peers of both Org1 and Org2. Both organizations need to endorse the transfer.
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"TransferAsset","Args":["marble1","Org2MSP"]}' --transient "{\"marble_properties\":\"$MARBLE_PROPERTIES\",\"marble_price\":\"$MARBLE_PRICE\"}" --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
```
Because the two organizations have not agreed to the same price, the transfer cannot be completed:
```
Error: endorsement failure during invoke. response: status:500 message:"failed transfer verification: hash cf74b8ce092b637bd28f98f7cdd490534c102a0665e7c985d4f2ab9810e30b1c for passed price JSON {\"marble_id\":\"marble1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":110} does not match on-chain hash 09341dbb39e81fb50ccb3a81770254525318f777fad217ae49777487116cceb4, buyer hasn't agreed to the passed trade id and price"
```
As a result, Org1 and Org2 come to a new agreement on the price at which the marble will be purchased. Org1 drops the price of the marble to 100:
```
export MARBLE_PRICE=$(echo -n "{\"marble_id\":\"marble1\",\"trade_id\":\"109f4b3c50d7b0df729d299bc6f8e9ef9066971f\",\"price\":100}" | base64)
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"AgreeToSell","Args":["marble1"]}' --transient "{\"marble_price\":\"$MARBLE_PRICE\"}"
```
Now that the buyer and seller have agreed to the same price, Org1 can transfer the marble to Org2.
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"TransferAsset","Args":["marble1","Org2MSP"]}' --transient "{\"marble_properties\":\"$MARBLE_PROPERTIES\",\"marble_price\":\"$MARBLE_PRICE\"}" --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
```
You can query the marble ownership record to verify that the transfer was successful.
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAsset","Args":["marble1"]}'
```
The record now lists Org2 as the Marble owner:
```
{"object_type":"marble","marble_id":"marble1","owner_org":"Org2MSP","public_description":"This marble is for sale"}
```
![Org1 transfers the marble to Org2](images/transfer_marbles_3.png)
*Figure 3: After the marble is transferred, the marble details are placed in the Org2 implicit data collection and deleted from the Org1 implicit data collection. As a result, the marble details are now only stored on the Org2 peer. The marble ownership record on the ledger is updated to reflect that the marble is owned by Org1.*
### Update the marble description as Org2
Operate from the Org2 terminal. Now that Org2 owns the marble, we can read the marble details from the Org2 implicit data collection:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAssetPrivateProperties","Args":["marble1"]}'
```
Org2 can now update the marble public description:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"ChangePublicDescription","Args":["marble1","This marble is not for sale"]}'
```
Query the ledger to verify that the marble is no longer for sale:
```
peer chaincode query -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n marbles_transfer -c '{"function":"GetAsset","Args":["marble1"]}'
```
## Clean up
When you are finished transferring marbles, you can bring down the test network. The command will remove all the nodes of the test network, and delete any ledger data that you created:
```
./network down
```