登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

妥協 / fabric

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
policy.go 6.61 KB
一键复制 编辑 原始数据 按行查看 历史
Alessandro Sorniotti 提交于 2019-09-11 19:56 . [FAB-16565] Rename policy.Evaluate function
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174
/*

Copyright IBM Corp. 2017 All Rights Reserved.



SPDX-License-Identifier: Apache-2.0

*/



package policy



import (

	"errors"

	"fmt"



	pb "github.com/hyperledger/fabric-protos-go/peer"

	"github.com/hyperledger/fabric/common/policies"

	"github.com/hyperledger/fabric/msp"

	"github.com/hyperledger/fabric/msp/mgmt"

	"github.com/hyperledger/fabric/protoutil"

)



// PolicyChecker offers methods to check a signed proposal against a specific policy

// defined in a channel or not.

type PolicyChecker interface {

	// CheckPolicy checks that the passed signed proposal is valid with the respect to

	// passed policy on the passed channel.

	// If no channel is passed, CheckPolicyNoChannel is invoked directly.

	CheckPolicy(channelID, policyName string, signedProp *pb.SignedProposal) error



	// CheckPolicyBySignedData checks that the passed signed data is valid with the respect to

	// passed policy on the passed channel.

	// If no channel is passed, the method will fail.

	CheckPolicyBySignedData(channelID, policyName string, sd []*protoutil.SignedData) error



	// CheckPolicyNoChannel checks that the passed signed proposal is valid with the respect to

	// passed policy on the local MSP.

	CheckPolicyNoChannel(policyName string, signedProp *pb.SignedProposal) error

}



type policyChecker struct {

	channelPolicyManagerGetter policies.ChannelPolicyManagerGetter

	localMSP                   msp.IdentityDeserializer

	principalGetter            mgmt.MSPPrincipalGetter

}



// NewPolicyChecker creates a new instance of PolicyChecker

func NewPolicyChecker(channelPolicyManagerGetter policies.ChannelPolicyManagerGetter, localMSP msp.IdentityDeserializer, principalGetter mgmt.MSPPrincipalGetter) PolicyChecker {

	return &policyChecker{channelPolicyManagerGetter, localMSP, principalGetter}

}



// CheckPolicy checks that the passed signed proposal is valid with the respect to

// passed policy on the passed channel.

func (p *policyChecker) CheckPolicy(channelID, policyName string, signedProp *pb.SignedProposal) error {

	if channelID == "" {

		return p.CheckPolicyNoChannel(policyName, signedProp)

	}



	if policyName == "" {

		return fmt.Errorf("Invalid policy name during check policy on channel [%s]. Name must be different from nil.", channelID)

	}



	if signedProp == nil {

		return fmt.Errorf("Invalid signed proposal during check policy on channel [%s] with policy [%s]", channelID, policyName)

	}



	// Get Policy

	policyManager := p.channelPolicyManagerGetter.Manager(channelID)

	if policyManager == nil {

		return fmt.Errorf("Failed to get policy manager for channel [%s]", channelID)

	}



	// Prepare SignedData

	proposal, err := protoutil.UnmarshalProposal(signedProp.ProposalBytes)

	if err != nil {

		return fmt.Errorf("Failing extracting proposal during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)

	}



	header, err := protoutil.UnmarshalHeader(proposal.Header)

	if err != nil {

		return fmt.Errorf("Failing extracting header during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)

	}



	shdr, err := protoutil.UnmarshalSignatureHeader(header.SignatureHeader)

	if err != nil {

		return fmt.Errorf("Invalid Proposal's SignatureHeader during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)

	}



	sd := []*protoutil.SignedData{{

		Data:      signedProp.ProposalBytes,

		Identity:  shdr.Creator,

		Signature: signedProp.Signature,

	}}



	return p.CheckPolicyBySignedData(channelID, policyName, sd)

}



// CheckPolicyNoChannel checks that the passed signed proposal is valid with the respect to

// passed policy on the local MSP.

func (p *policyChecker) CheckPolicyNoChannel(policyName string, signedProp *pb.SignedProposal) error {

	if policyName == "" {

		return errors.New("Invalid policy name during channelless check policy. Name must be different from nil.")

	}



	if signedProp == nil {

		return fmt.Errorf("Invalid signed proposal during channelless check policy with policy [%s]", policyName)

	}



	proposal, err := protoutil.UnmarshalProposal(signedProp.ProposalBytes)

	if err != nil {

		return fmt.Errorf("Failing extracting proposal during channelless check policy with policy [%s]: [%s]", policyName, err)

	}



	header, err := protoutil.UnmarshalHeader(proposal.Header)

	if err != nil {

		return fmt.Errorf("Failing extracting header during channelless check policy with policy [%s]: [%s]", policyName, err)

	}



	shdr, err := protoutil.UnmarshalSignatureHeader(header.SignatureHeader)

	if err != nil {

		return fmt.Errorf("Invalid Proposal's SignatureHeader during channelless check policy with policy [%s]: [%s]", policyName, err)

	}



	// Deserialize proposal's creator with the local MSP

	id, err := p.localMSP.DeserializeIdentity(shdr.Creator)

	if err != nil {

		return fmt.Errorf("Failed deserializing proposal creator during channelless check policy with policy [%s]: [%s]", policyName, err)

	}



	// Load MSPPrincipal for policy

	principal, err := p.principalGetter.Get(policyName)

	if err != nil {

		return fmt.Errorf("Failed getting local MSP principal during channelless check policy with policy [%s]: [%s]", policyName, err)

	}



	// Verify that proposal's creator satisfies the principal

	err = id.SatisfiesPrincipal(principal)

	if err != nil {

		return fmt.Errorf("Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [%s]: [%s]", policyName, err)

	}



	// Verify the signature

	return id.Verify(signedProp.ProposalBytes, signedProp.Signature)

}



// CheckPolicyBySignedData checks that the passed signed data is valid with the respect to

// passed policy on the passed channel.

func (p *policyChecker) CheckPolicyBySignedData(channelID, policyName string, sd []*protoutil.SignedData) error {

	if channelID == "" {

		return errors.New("Invalid channel ID name during check policy on signed data. Name must be different from nil.")

	}



	if policyName == "" {

		return fmt.Errorf("Invalid policy name during check policy on signed data on channel [%s]. Name must be different from nil.", channelID)

	}



	if sd == nil {

		return fmt.Errorf("Invalid signed data during check policy on channel [%s] with policy [%s]", channelID, policyName)

	}



	// Get Policy

	policyManager := p.channelPolicyManagerGetter.Manager(channelID)

	if policyManager == nil {

		return fmt.Errorf("Failed to get policy manager for channel [%s]", channelID)

	}



	// Recall that get policy always returns a policy object

	policy, _ := policyManager.GetPolicy(policyName)



	// Evaluate the policy

	err := policy.EvaluateSignedData(sd)

	if err != nil {

		return fmt.Errorf("Failed evaluating policy on signed data during check policy on channel [%s] with policy [%s]: [%s]", channelID, policyName, err)

	}



	return nil

}
1
https://gitee.com/liurenhao/fabric.git
git@gitee.com:liurenhao/fabric.git
liurenhao
fabric
fabric
v2.1.1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部