3 Star 6 Fork 7

Gitee 极速下载/Hyperledger fabric

加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
此仓库是为了提升国内下载速度的镜像仓库,每日同步一次。 原始仓库: https://github.com/hyperledger/fabric
克隆/下载
access.go 3.41 KB
一键复制 编辑 原始数据 按行查看 历史
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package accesscontrol
import (
"errors"
"fmt"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric/common/flogging"
pb "github.com/hyperledger/fabric/protos/peer"
"google.golang.org/grpc"
)
var logger = flogging.MustGetLogger("accessControl")
// Authenticator wraps a chaincode service and authenticates
// chaincode shims (containers)
type Authenticator interface {
// DisableAccessCheck disables the access control
// enforcement of the Authenticator
DisableAccessCheck()
// Generate returns a pair of certificate and private key,
// and associates the hash of the certificate with the given
// chaincode name
Generate(ccName string) (*CertAndPrivKeyPair, error)
// ChaincodeSupportServer - The Authenticator is registered
// as a chaincode service
pb.ChaincodeSupportServer
}
// CertAndPrivKeyPair contains a certificate
// and its corresponding private key in base64 format
type CertAndPrivKeyPair struct {
// Cert - an x509 certificate encoded in base64
Cert string
// Key - a private key of the corresponding certificate
Key string
}
type authenticator struct {
bypass bool
mapper *certMapper
pb.ChaincodeSupportServer
}
// NewAuthenticator returns a new authenticator that would wrap the given chaincode service
func NewAuthenticator(srv pb.ChaincodeSupportServer, ca CA) Authenticator {
auth := &authenticator{
mapper: newCertMapper(ca.newClientCertKeyPair),
}
auth.ChaincodeSupportServer = newInterceptor(srv, auth.authenticate)
return auth
}
// DisableAccessCheck disables the access control
// enforcement of the Authenticator
func (ac *authenticator) DisableAccessCheck() {
ac.bypass = true
}
// Generate returns a pair of certificate and private key,
// and associates the hash of the certificate with the given
// chaincode name
func (ac *authenticator) Generate(ccName string) (*CertAndPrivKeyPair, error) {
cert, err := ac.mapper.genCert(ccName)
if err != nil {
return nil, err
}
return &CertAndPrivKeyPair{
Key: cert.privKeyString(),
Cert: cert.pubKeyString(),
}, nil
}
func (ac *authenticator) authenticate(msg *pb.ChaincodeMessage, stream grpc.ServerStream) error {
if ac.bypass {
return nil
}
if msg.Type != pb.ChaincodeMessage_REGISTER {
logger.Warning("Got message", msg, "but expected a ChaincodeMessage_REGISTER message")
return errors.New("First message needs to be a register")
}
chaincodeID := &pb.ChaincodeID{}
err := proto.Unmarshal(msg.Payload, chaincodeID)
if err != nil {
logger.Warning("Failed unmarshaling message:", err)
return err
}
ccName := chaincodeID.Name
// Obtain certificate from stream
hash := extractCertificateHashFromContext(stream.Context())
if len(hash) == 0 {
errMsg := fmt.Sprintf("TLS is active but chaincode %s didn't send certificate", ccName)
logger.Warning(errMsg)
return errors.New(errMsg)
}
// Look it up in the mapper
registeredName := ac.mapper.lookup(certHash(hash))
if registeredName == "" {
errMsg := fmt.Sprintf("Chaincode %s with given certificate hash %v not found in registry", ccName, hash)
logger.Warning(errMsg)
return errors.New(errMsg)
}
if registeredName != ccName {
errMsg := fmt.Sprintf("Chaincode %s with given certificate hash %v belongs to a different chaincode", ccName, hash)
logger.Warning(errMsg)
return fmt.Errorf(errMsg)
}
logger.Debug("Chaincode", ccName, "'s authentication is authorized")
return nil
}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/mirrors/fabric.git
git@gitee.com:mirrors/fabric.git
mirrors
fabric
Hyperledger fabric
v1.1.0

搜索帮助