登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 1 Fork 0

Hyperledger Fabric 国密/fabric

代码 Issues 1 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
acl.go 2.22 KB
一键复制 编辑 原始数据 按行查看 历史
Jtyoui 提交于 2021-07-22 15:59 . 国密
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
/*

Copyright IBM Corp. All Rights Reserved.



SPDX-License-Identifier: Apache-2.0

*/



package deliver



import (

	"time"



	"gitee.com/hyperledger-fabric-gm/fabric/protos/common"

	"github.com/pkg/errors"

)



// ExpiresAtFunc is used to extract the time at which an identity expires.

type ExpiresAtFunc func(identityBytes []byte) time.Time



// ConfigSequencer provides the sequence number of the current config block.

type ConfigSequencer interface {

	Sequence() uint64

}



// NewSessionAC creates an instance of SessionAccessControl. This constructor will

// return an error if a signature header cannot be extracted from the envelope.

func NewSessionAC(chain ConfigSequencer, env *common.Envelope, policyChecker PolicyChecker, channelID string, expiresAt ExpiresAtFunc) (*SessionAccessControl, error) {

	signedData, err := env.AsSignedData()

	if err != nil {

		return nil, err

	}



	return &SessionAccessControl{

		envelope:       env,

		channelID:      channelID,

		sequencer:      chain,

		policyChecker:  policyChecker,

		sessionEndTime: expiresAt(signedData[0].Identity),

	}, nil

}



// SessionAccessControl holds access control related data for a common Envelope

// that is used to determine if a request is allowed for the identity

// associated with the request envelope.

type SessionAccessControl struct {

	sequencer          ConfigSequencer

	policyChecker      PolicyChecker

	channelID          string

	envelope           *common.Envelope

	lastConfigSequence uint64

	sessionEndTime     time.Time

	usedAtLeastOnce    bool

}



// Evaluate uses the PolicyChecker to determine if a request should be allowed.

// The decision is cached until the identity expires or the chain configuration

// changes.

func (ac *SessionAccessControl) Evaluate() error {

	if !ac.sessionEndTime.IsZero() && time.Now().After(ac.sessionEndTime) {

		return errors.Errorf("client identity expired %v before", time.Since(ac.sessionEndTime))

	}



	policyCheckNeeded := !ac.usedAtLeastOnce



	if currentConfigSequence := ac.sequencer.Sequence(); currentConfigSequence > ac.lastConfigSequence {

		ac.lastConfigSequence = currentConfigSequence

		policyCheckNeeded = true

	}



	if !policyCheckNeeded {

		return nil

	}



	ac.usedAtLeastOnce = true

	return ac.policyChecker.CheckPolicy(ac.envelope, ac.channelID)

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/hyperledger-fabric-gm/fabric.git
git@gitee.com:hyperledger-fabric-gm/fabric.git
hyperledger-fabric-gm
fabric
fabric
v1.4.9
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部