代码拉取完成,页面将自动刷新
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package endorsement
import (
"github.com/hyperledger/fabric/common/policies"
"github.com/hyperledger/fabric/core/common/privdata"
"github.com/hyperledger/fabric/gossip/api"
. "github.com/hyperledger/fabric/protos/discovery"
"github.com/pkg/errors"
)
func principalsFromCollectionConfig(configBytes []byte) (principalSetsByCollectionName, error) {
principalSetsByCollections := make(principalSetsByCollectionName)
if len(configBytes) == 0 {
return principalSetsByCollections, nil
}
ccp, err := privdata.ParseCollectionConfig(configBytes)
if err != nil {
return nil, errors.Wrapf(err, "invalid collection bytes")
}
for _, colConfig := range ccp.Config {
staticCol := colConfig.GetStaticCollectionConfig()
if staticCol == nil {
// Right now we only support static collections, so if we got something else
// we should refuse to process further
return nil, errors.Errorf("expected a static collection but got %v instead", colConfig)
}
if staticCol.MemberOrgsPolicy == nil {
return nil, errors.Errorf("MemberOrgsPolicy of %s is nil", staticCol.Name)
}
pol := staticCol.MemberOrgsPolicy.GetSignaturePolicy()
if pol == nil {
return nil, errors.Errorf("policy of %s is nil", staticCol.Name)
}
var principals policies.PrincipalSet
// We now extract all principals from the policy
for _, principal := range pol.Identities {
principals = append(principals, principal)
}
principalSetsByCollections[staticCol.Name] = principals
}
return principalSetsByCollections, nil
}
type principalSetsByCollectionName map[string]policies.PrincipalSet
// toIdentityFilter converts this principalSetsByCollectionName mapping to a filter
// which accepts or rejects identities of peers.
func (psbc principalSetsByCollectionName) toIdentityFilter(channel string, evaluator principalEvaluator, cc *ChaincodeCall) (identityFilter, error) {
var principalSets policies.PrincipalSets
for _, col := range cc.CollectionNames {
// Each collection we're interested in should exist in the principalSetsByCollectionName mapping.
// Otherwise, we have no way of computing a filter because we can't locate the principals the peer identities
// need to satisfy.
principalSet, exists := psbc[col]
if !exists {
return nil, errors.Errorf("collection %s doesn't exist in collection config for chaincode %s", col, cc.Name)
}
principalSets = append(principalSets, principalSet)
}
return filterForPrincipalSets(channel, evaluator, principalSets), nil
}
// filterForPrincipalSets creates a filter of peer identities out of the given PrincipalSets
func filterForPrincipalSets(channel string, evaluator principalEvaluator, sets policies.PrincipalSets) identityFilter {
return func(identity api.PeerIdentityType) bool {
// Iterate over all principal sets and ensure each principal set
// authorizes the identity.
for _, principalSet := range sets {
if !isIdentityAuthorizedByPrincipalSet(channel, evaluator, principalSet, identity) {
return false
}
}
return true
}
}
// isIdentityAuthorizedByPrincipalSet returns whether the given identity satisfies some principal out of the given PrincipalSet
func isIdentityAuthorizedByPrincipalSet(channel string, evaluator principalEvaluator, principalSet policies.PrincipalSet, identity api.PeerIdentityType) bool {
// We look for a principal which authorizes the identity
// among all principals in the principalSet
for _, principal := range principalSet {
err := evaluator.SatisfiesPrincipal(channel, identity, principal)
if err != nil {
continue
}
// Else, err is nil, so we found a principal which authorized
// the given identity.
return true
}
return false
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。