v2.3.0链上存在过期的证书发送的交易,且过期证书创建的合约无法调用,提示证书失效
【问题分类】
- bug
- P2P网络相关(包含libp2p,liquid)
- 链账户身份与权限相关(证书问题、public、多签投票问题)
- 核心交易引擎相关(交易池、DAG)
- 共识相关
- 智能合约相关
- 存储相关
- SDK相关
- 长安链CMC工具
- 长安链管理台
- 长安链浏览器
- 长安链合约IDE
- 长安链web签名插件
- 跨链相关
- 轻节点相关
- 隐私计算相关
- 密码学相关
- 环境依赖
- 其他补充:
【问题描述】(请对问题进行描述,方便定位问题)
最近发送交易时,发现有一个账户调用合约出现失败,提示: new member failed: not ac valid certificate from trusted CAs: x509: certificate has expired or is not yet valid,
但是发送交易的证书是在有效期内的,进一步排查发现,部署该合约的证书已经过期;
查询该合约下的交易,发现某些交易的发送方使用了过期的证书,但是交易却成功了(怀疑是链上缓存了证书);其中一笔交易内容如下:
"block_hash": "T59lAC1AfArgZyZr01R1/WIl3ZeXb023HK+rfKWHbjs=",
"block_height": 286371,
"block_timestamp": 1723531810,
"rw_set": {
"tx_id": "c7bdc969a21e4b2690d709a923a027cb10c4b5fdc49848788ad530d3a03298ea",
"tx_reads": [
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MjI1YjFlYzNhN2M3MTYxZGJhNDkwMTM2NjE1M2RiNzU3MTM1MTRmM2RlZWQzZGU5MjQxMTM0N2EyZjhlZTE2ZA==",
"value": "Bg=="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MzdlZjgyMTk2M2M5MjYyMTIyODFhNzZhZGM3MWExMDM2MGVlZWNiNmEwN2M1MzYyMTJiZTM2YmU1YWRkMGIwMw==",
"value": "sRVNWZ4XxeU/LrxmWKwoChh5lb4="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "N2NhNjRlZDQzN2UzZmViMWE5MTY1ZWJhZDhkYTdmMWY1ODNjMGQxNjliNDc2ZGMxNWZiYTY5NGZjMjMyMmM1ZQ==",
"value": "Ahk="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "YWYxNjRjYzE5MDZlODUyOWQ1YzE4YWZmOTM4YTcxNTkxOWQ0MzgwNDJlNGUwMzkyOWQ2ZmI2OTk0YmMwMDYwZA=="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "ZGU2MmVlZTE2OGM2MGNlMjY5NzhiNWJlNjUwZWYwZmE2ODM0YWMzOWM4MmZmYTlkOTZmNWY0MWFmMmU3MTFiYg==",
"value": "BB0="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "ZTQ0ZTc5NTQ0Mzc4ZDk5MmRiMDQwNGFlNjRhMmU3ZGUwMWEyMjc1MjJmZmQxMmE3YmM5OGQ0ZmU0MzE3NGRiMg==",
"value": "DTcC/KW3YAA="
}
],
"tx_writes": [
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MGFjYzVlNmQzNDQ3MmM2N2U0NTNmYjhlNzZjNzYxYTliNDgyYzMzZThiMTU3ZmU3OTFlMDJlNTgzZjE0MDM1MQ==",
"value": "DTcC/KW3YAA="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MTE3YTFlYmMwZGQ2ZmU5MDdhNGJlMDc2YTQxMGVkODIzNjQ0ZjZiZTNlM2MxYjM3YjA4YzViNjVkMzA4YjQ0NQ==",
"value": "Ahk="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MTFkY2Y2MDdhZTIxNjYyYjNhZjA1NzNmMTFhNWU1YmU4MGZiODU2Y2YyZDY3ZGZlMTI2NDNjMjZmMWIyNjZkMA==",
"value": "DTcC+zD3YAA="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MjI1YjFlYzNhN2M3MTYxZGJhNDkwMTM2NjE1M2RiNzU3MTM1MTRmM2RlZWQzZGU5MjQxMTM0N2EyZjhlZTE2ZA==",
"value": "Bw=="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "MzdlZjgyMTk2M2M5MjYyMTIyODFhNzZhZGM3MWExMDM2MGVlZWNiNmEwN2M1MzYyMTJiZTM2YmU1YWRkMGIwMw==",
"value": "XndbasXxEPpE2zLzgjThpFEFdB0="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "N2NhNjRlZDQzN2UzZmViMWE5MTY1ZWJhZDhkYTdmMWY1ODNjMGQxNjliNDc2ZGMxNWZiYTY5NGZjMjMyMmM1ZQ==",
"value": "Bg=="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "YWYxNjRjYzE5MDZlODUyOWQ1YzE4YWZmOTM4YTcxNTkxOWQ0MzgwNDJlNGUwMzkyOWQ2ZmI2OTk0YmMwMDYwZA=="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "ZGU2MmVlZTE2OGM2MGNlMjY5NzhiNWJlNjUwZWYwZmE2ODM0YWMzOWM4MmZmYTlkOTZmNWY0MWFmMmU3MTFiYg==",
"value": "BBw="
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"key": "ZTQ0ZTc5NTQ0Mzc4ZDk5MmRiMDQwNGFlNjRhMmU3ZGUwMWEyMjc1MjJmZmQxMmE3YmM5OGQ0ZmU0MzE3NGRiMg=="
}
]
},
"transaction": {
"payload": {
"chain_id": "chain1",
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"method": "23b872dd",
"parameters": [
{
"key": "data",
"value": "MjNiODcyZGQwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBiMTE1NGQ1OTllMTdjNWU1M2YyZWJjNjY1OGFjMjgwYTE4Nzk5NWJlMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwNWU3NzViNmFjNWYxMTBmYTQ0ZGIzMmYzODIzNGUxYTQ1MTA1NzQxZDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDBkMzcwMmZiMzBmNzYwMDA="
}
],
"timestamp": 1723531807,
"tx_id": "c7bdc969a21e4b2690d709a923a027cb10c4b5fdc49848788ad530d3a03298ea"
},
"result": {
"contract_result": {
"contract_event": [
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"contract_version": "1.0.0",
"event_data": [
"000000000000000000000000b1154d599e17c5e53f2ebc6658ac280a187995be",
"0000000000000000000000000000000000000000000000000000000000000000",
"0000000000000000000000000000000000000000000000000d3702fb30f76000",
""
],
"topic": "8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925",
"tx_id": "c7bdc969a21e4b2690d709a923a027cb10c4b5fdc49848788ad530d3a03298ea"
},
{
"contract_name": "07d6fa2492ba8e625d4cb9b1d7bce607403ff42d",
"contract_version": "1.0.0",
"event_data": [
"000000000000000000000000b1154d599e17c5e53f2ebc6658ac280a187995be",
"0000000000000000000000005e775b6ac5f110fa44db32f38234e1a45105741d",
"0000000000000000000000000000000000000000000000000d3702fb30f76000",
""
],
"topic": "ddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef",
"tx_id": "c7bdc969a21e4b2690d709a923a027cb10c4b5fdc49848788ad530d3a03298ea"
}
],
"gas_used": 76509
},
"rw_set_hash": "fkFo5WzBd9F/F9L3qPlW673RaPB60H4Js1QBeat5xqQ="
},
"sender": {
"signature": "MEQCIGKUOztr2W841QGmaN/I+R1GDiq/oqGbEdZiVsymXkSqAiBHVtBER1XWuamQk/l8e9U7fvKmEJOHAdPvXnCLwC7Kcg==",
"signer": {
"member_info": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNpekNDQWpLZ0F3SUJBZ0lJT0V4K2Vtc0pqUEF3Q2dZSUtvWkl6ajBFQXdJd2dZWXhDekFKQmdOVkJBWVQKQWtOT01SQXdEZ1lEVlFRSUV3ZENaV2xxYVc1bk1SQXdEZ1lEVlFRSEV3ZENaV2xxYVc1bk1SMHdHd1lEVlFRSwpFeFJ0WVc1bmIyTm9ZV2x1TVM1dFozUjJMbU52YlRFU01CQUdBMVVFQ3hNSmNtOXZkQzFqWlhKME1TQXdIZ1lEClZRUURFeGRqWVM1dFlXNW5iMk5vWVdsdU1TNXRaM1IyTG1OdmJUQWVGdzB5TWpBM01ERXdNekUzTUROYUZ3MHkKTkRBMk16QXdNekUzTUROYU1JR0FNUXN3Q1FZRFZRUUdFd0pEVGpFUU1BNEdBMVVFQ0JNSFFtVnBhbWx1WnpFUQpNQTRHQTFVRUJ4TUhRbVZwYW1sdVp6RWRNQnNHQTFVRUNoTVViV0Z1WjI5amFHRnBiakV1YldkMGRpNWpiMjB4CkR6QU5CZ05WQkFzVEJtTnNhV1Z1ZERFZE1Cc0dBMVVFQXhNVVkyRjJObW94Y3pGck9UaDFOSEpoYm05MGJqQXcKV1RBVEJnY3Foa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVNWdmFyZkN4VU9HMnp0QXdYUTRWVFpLaW5zYU5mcwpXNUk2cTJ0d2hORmRQTUZaV2YxWWZGTU5tS0VpTGZPSGhsUUphMEt6aS9lTi9sSHU3SDI5dmJGWG80R05NSUdLCk1BNEdBMVVkRHdFQi93UUVBd0lEK0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFqQXBCZ05WSFE0RUlnUWcKdG0xcWR2OWVpYUk0T0tZOXkzdjJMWVFGbTNNOURaaVZ1R1Q5akwvUlBZQXdLd1lEVlIwakJDUXdJb0FnZHlUaApiUjRGbkxEaTBta1pvcW5UR2txeXZrS09aa1A0ZnN2Y0RtRHdkZUV3Q3dZRFZSMFJCQVF3QW9JQU1Bb0dDQ3FHClNNNDlCQU1DQTBjQU1FUUNJQkJQTHoxYnFmQXFwdjc4WVNweDVKa2llTnZ6alZTajhHL0gySmpSU1llM0FpQVcKU3lUcWJHaVlKVnFmMG1QYS8rK0ZLMDBEOGlTaDArVk45VFkrd2grUEdBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
"org_id": "隐藏"
}
}
}
}使用其他用户未过期的证书,调用该合约也会失败,提示错误也一样,更新合约创建者证书(私钥不变),调用也是返回该错误;
进一步沟通得知,该过期证书早已经替换,之后一直使用新的证书发送交易,但是查询该用户发送的交易,显示的证书都是过期的老证书。
当前有两个问题: 第一:过期的证书仍然作为sender发送交易? 第二:为什么合约创建者过期后,调用该合约会提示错误(证书过期)?
【相关日志文件】(如果有报错日志请贴图,或者上传附件)
chainmaker-go 的 log/system.log & bin/panic.log file *
以下为正常证书调用该合约打印的debug/error日志
2024-10-10 11:17:16.577 [INFO] [Vm] @mangochain certmgr/cert_manage_contract.go:225 certManage query success certHashes[e7a96e5735385b014db5f2aeedf3592e3d941f49bc662a1151b51c01387b3d69]
2024-10-10 11:17:16.580 [DEBUG] [Vm] @mangochain v2@v2.3.1/vm_factory.go:299 invoke user contract[07d6fa2492ba8e625d4cb9b1d7bce607403ff42d], tx id:17fcf9178eeb0c83ca38103903eb5996823d4047105b4c72b6f0b741ab142e0f, runtime:EVM, method:ownerOf
2024-10-10 11:17:16.580 [DEBUG] [Vm] @mangochain v2@v2.3.1/vm_factory.go:378 invoke vm, tx id:17fcf9178eeb0c83ca38103903eb5996823d4047105b4c72b6f0b741ab142e0f, tx type:QUERY_CONTRACT, contractId:name:"07d6fa2492ba8e625d4cb9b1d7bce607403ff42d" version:"1.0.0" runtime_type:EVM creator:<org_id:"mangochain1.mgtv.com" member_info:"-----BEGIN CERTIFICATE-----\nMIICizCCAjKgAwIBAgIIOEx+emsJjPAwCgYIKoZIzj0EAwIwgYYxCzAJBgNVBAYT\nAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAwDgYDVQQHEwdCZWlqaW5nMR0wGwYDVQQK\nExRtYW5nb2NoYWluMS5tZ3R2LmNvbTESMBAGA1UECxMJcm9vdC1jZXJ0MSAwHgYD\nVQQDExdjYS5tYW5nb2NoYWluMS5tZ3R2LmNvbTAeFw0yMjA3MDEwMzE3MDNaFw0y\nNDA2MzAwMzE3MDNaMIGAMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQ\nMA4GA1UEBxMHQmVpamluZzEdMBsGA1UEChMUbWFuZ29jaGFpbjEubWd0di5jb20x\nDzANBgNVBAsTBmNsaWVudDEdMBsGA1UEAxMUY2F2NmoxczFrOTh1NHJhbm90bjAw\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASVvarfCxUOG2ztAwXQ4VTZKinsaNfs\nW5I6q2twhNFdPMFZWf1YfFMNmKEiLfOHhlQJa0Kzi/eN/lHu7H29vbFXo4GNMIGK\nMA4GA1UdDwEB/wQEAwID+DATBgNVHSUEDDAKBggrBgEFBQcDAjApBgNVHQ4EIgQg\ntm1qdv9eiaI4OKY9y3v2LYQFm3M9DZiVuGT9jL/RPYAwKwYDVR0jBCQwIoAgdyTh\nbR4FnLDi0mkZoqnTGkqyvkKOZkP4fsvcDmDwdeEwCwYDVR0RBAQwAoIAMAoGCCqG\nSM49BAMCA0cAMEQCIBBPLz1bqfAqpv78YSpx5JkieNvzjVSj8G/H2JjRSYe3AiAW\nSyTqbGiYJVqf0mPa/++FK00D8iSh0+VN9TY+wh+PGA==\n-----END CERTIFICATE-----\n" member_id:"cav6j1s1k98u4ranotn0" role:"CLIENT" uid:"b66d6a76ff5e89a23838a63dcb7bf62d84059b733d0d9895b864fd8cbfd13d80" > address:"83f02a08c7562e4d9e2fa6187013e7ab97f2a586" , method:ownerOf, runtime type:EVM, byte code len:13495, params:10
2024-10-10 11:17:16.580 [DEBUG] [Vm] @mangochain v2@v2.3.1/runtime.go:232 evm runtime start to run contract, tx id:17fcf9178eeb0c83ca38103903eb5996823d4047105b4c72b6f0b741ab142e0f
2024-10-10 11:17:16.580 [DEBUG] [Vm] @mangochain v2@v2.3.1/runtime.go:254 evm runtime begin to process params, tx id:17fcf9178eeb0c83ca38103903eb5996823d4047105b4c72b6f0b741ab142e0f
2024-10-10 11:17:16.581 [DEBUG] [Vm] @mangochain v2@v2.3.1/runtime.go:293 evm runtime begin to get creator, sender and contract addresses, tx id:17fcf9178eeb0c83ca38103903eb5996823d4047105b4c72b6f0b741ab142e0f
2024-10-10 11:17:16.581 [ERROR] [Vm] @mangochain v2@v2.3.1/runtime.go:504 new member failed: not ac valid certificate from trusted CAs: x509: certificate has expired or is not yet valid, new member failed: not ac valid certificate from trusted CAs: x509: certificate has expired or is not yet valid
2024-10-10 11:17:16.581 [WARN] [Rpc] rpcserver/api_service.go:295 txStatusCode:4, resultCode:1, contractName[07d6fa2492ba8e625d4cb9b1d7bce607403ff42d] method[ownerOf] txType[QUERY_CONTRACT], new member failed: not ac valid certificate from trusted CAs: x509: certificate has expired or is not yet valid, new member failed: not ac valid certificate from trusted CAs: x509: certificate has expired or is not yet valid查看代码发现,程序将会使用合约creator的证书构造一个Member对象,但是在调用verifyMember的时候会报错,因为这个creator的证书事实上已经过期了。
SDK 的 sdk.log file
【系统信息】(请填写系统信息,方便定位问题)
- chainmaker-go version * : [v2.3.0]
- **OS & version * : Centos7 **
- docker镜像 version:
-
管理台 version:
- 如果是管理台的相关问题,请附带管理台版本,如果不是可忽略。
-
区块浏览器 version:
- 如果是浏览器的相关问题,请附带浏览器版本,如果不是可忽略。
-
合约IDE version:
- 如果是合约IDE的相关问题,请附带合约IDE版本,如果不是可忽略。
-
web签名插件 version:
- 如果是web签名插件的相关问题,请附带web签名插件版本,如果不是可忽略。
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information