|
| 1 | +--- |
| 2 | +layout : default |
| 3 | +title : hyperledger_fabric_flutter_labs |
| 4 | +parent : RFCs |
| 5 | +--- |
| 6 | + |
| 7 | +- Feature Name : support for hyperledger fabric version 2.4 or later on |
| 8 | +flutter and dart platforms |
| 9 | +- Start Date : 2025-10-27 |
| 10 | +- RFC PR : |
| 11 | +https://github.com/LF-Decentralized-Trust-labs/LF-Decentralized-Trust-labs.github.io/pull/343 |
| 12 | +- Fabric Component : fabric-gateway |
| 13 | +- Fabric Issue : |
| 14 | +https://github.com/LF-Decentralized-Trust-labs/LF-Decentralized-Trust-labs.github.io/issues/344 |
| 15 | + |
| 16 | +# Summary |
| 17 | + |
| 18 | +bringing purely client side support on flutter and dart platforms ( e.g. |
| 19 | +android ) for hyperledger fabric through hyperlefger fabric gateway |
| 20 | +client api for java . |
| 21 | + |
| 22 | +# Motivation |
| 23 | + |
| 24 | +since the introduction of hyperledger fabric version 2.5 , earlier |
| 25 | +releases of hyperledger fabric sdks deprecated . |
| 26 | + |
| 27 | +some of the labs components are deprecated , too . this includes |
| 28 | +archived fabric_client_flutter and fabric-server-node . |
| 29 | + |
| 30 | +in reviving the outdated fabric_client_flutter lab in sight of the |
| 31 | +hyperledger community's interests in the last five years and bringing up |
| 32 | +the flutter and dart platforms up to date and separating from relaying |
| 33 | +on the sdk servers , new platforms and components for android platform ( |
| 34 | +e.g. offline tls ca certificate loading on android instead of requesting |
| 35 | +from a ca server over the internet ) will also be introduced for |
| 36 | +conveniency , eliminating the certificate signing request requirements . |
| 37 | + |
| 38 | +this is a conception proposal for the non-csr workflow of using the java |
| 39 | +bindings of jnigen from hyperledger fabric gateway client api for java |
| 40 | +on flutter and dart platforms to support offline signing and |
| 41 | +certificates loading on mobile devices . |
| 42 | + |
| 43 | +this will bring up mobile-only use cases for hyperledger fabric through |
| 44 | +the hyperledger fabric gateway client api . |
| 45 | + |
| 46 | +# Guide-level explanation |
| 47 | + |
| 48 | +let ' s look at the workflow first : |
| 49 | + |
| 50 | +workflow |
| 51 | + |
| 52 | +- the client device creates a self-signed x.509 certificate for identity |
| 53 | +. |
| 54 | +- the client then generates a key pair and create a signing |
| 55 | +implimentation based on the private key . |
| 56 | +- client identifies a uri for |
| 57 | +the grpc connection and loads the tls ca certificate installed on the |
| 58 | +device beforehand . |
| 59 | +- client connects to the gateway based on the |
| 60 | +client identity . |
| 61 | +- client performs crud and smart contract operations |
| 62 | +based on the identity . |
| 63 | + |
| 64 | +this workflow differs from the old fabric_client_flutter lab with |
| 65 | +offline tls ca certificate loading on device , high-level api calls for |
| 66 | +the hyperledger fabric gateway client api , added interations with the |
| 67 | +connected hyperledger fabric network via the identity , and eliminated |
| 68 | +requirements for csrs and server-side sdks . |
| 69 | + |
| 70 | +the new lab will only bring support for the android platform , since ios |
| 71 | +or apple platforms require an apple developer account to install and |
| 72 | +load a certificate from a device . |
| 73 | + |
| 74 | +# Reference-level explanation |
| 75 | + |
| 76 | +on flutter and dart platforms , android platform binding for dart |
| 77 | +language is achieved through kotlin and java , and for external |
| 78 | +third-party java api bindings is implemented via a dart package jnigen ( |
| 79 | +https://pub.dev/packages/jnigen ) . this will enable mobile platforms to |
| 80 | +use client-only device to communicate with the hyperledger fabric |
| 81 | +network through hyperledger fabric gateway client api for java , |
| 82 | +eliminating requirements for a sdk server or a third party acme server |
| 83 | +to communicate to get into the network . |
| 84 | + |
| 85 | +by referencing a pre-installed tls ca certificate and loading it on |
| 86 | +device , tls connection of the certification part is guaranteed |
| 87 | +attack-proof or mitm-proof , making the client-side application |
| 88 | +completely offline on cryptographic operations . thus a hardware |
| 89 | +security module and a pkcs # 11 interface aren ' t necessary for the |
| 90 | +client-side . |
| 91 | + |
| 92 | +# Drawbacks |
| 93 | + |
| 94 | +backward incompatibility with hyperledger fabric version earlier than |
| 95 | +2.4 . |
| 96 | + |
| 97 | +the drawback could be eliminated by reusing the old |
| 98 | +fabric_client_flutter lab for flutter and dart platforms . |
| 99 | + |
| 100 | +# Rationale and alternatives |
| 101 | + |
| 102 | +improving with the old fabric_client_flutter lab is possible . however , |
| 103 | +sdks of hyperledger fabric have diverged into two flows : v 2.4 or later |
| 104 | +and versions ealier than v 2.5 . so it ' s rationale to create a new lab |
| 105 | +and name it after version 2.4 for the hyperledger fabric sdks on |
| 106 | +high-level network interations , while keeping the old lab compatible |
| 107 | +with early sdks of hyperledger fabric or low-level interations with |
| 108 | +hyperledger fabric network . |
| 109 | + |
| 110 | +reusing the old lab for newly created sdk servers of hyperledger fabric |
| 111 | +version 2.4 or later is also permissive , whatsoever , there is still a |
| 112 | +requirement for creating a high-level workflow on the client side to |
| 113 | +interate with the hyperledger fabric network . there has been seen |
| 114 | +suggestions and improvement requests from the hyperledger community ( |
| 115 | +https://github.com/ghpZ54K8ZRwU62zGVSePPs97yAv9swuAY0mVDR4/fabric_client_flutter/issues |
| 116 | +) . |
| 117 | + |
| 118 | +# Prior art |
| 119 | + |
| 120 | +fabric_client_flutter : |
| 121 | +https://github.com/ghpZ54K8ZRwU62zGVSePPs97yAv9swuAY0mVDR4/fabric_client_flutter |
| 122 | +. |
| 123 | + |
| 124 | +fabric-server-node : |
| 125 | +https://github.com/ghpZ54K8ZRwU62zGVSePPs97yAv9swuAY0mVDR4/fabric-server-node |
| 126 | +. |
| 127 | + |
| 128 | +# Testing |
| 129 | + |
| 130 | +validate whether hyperledger fabric gateway client api for java supports |
| 131 | +on android platform , as the early low-level java sdk does not implement |
| 132 | +support for android . |
| 133 | + |
| 134 | +complete client workflow on high-level defined apis from hyperledger |
| 135 | +fabric gateway client api for java . |
| 136 | + |
| 137 | +# Dependencies |
| 138 | + |
| 139 | +fabric-gateway ( https://github.com/hyperledger/fabric-gateway ) . |
| 140 | + |
| 141 | +fabn-895 ( |
| 142 | +https://docs.google.com/document/d/1gj5XB7yS-pfjpvZEUQh5lBGSIE6aQemu8A69tAYQtTc |
| 143 | +) . |
| 144 | + |
| 145 | +# Unresolved questions |
| 146 | + |
| 147 | +- does fabric-gateway support for android platform ? |
| 148 | +- how does |
| 149 | +pre-installing a tls ca certificate on device work , either through a |
| 150 | +wired cable or over the internet ? |
| 151 | +- is loading from a signle tls ca |
| 152 | +certificate sufficient ? how does choosing and loading one work if |
| 153 | +multiple certificates are installed on device ? |
| 154 | +- does installing and |
| 155 | +loading pre-existed tls ca certificates work in absent of an apple |
| 156 | +developer account on ios ? |
| 157 | +- can the app be ported onto other platforms |
| 158 | +( e.g. ios ) without pre-requisites conditions ( apple developer account |
| 159 | +, etc. ) ? |
0 commit comments