登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

peter / fabric

代码 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
identities.go 6.38 KB
一键复制 编辑 原始数据 按行查看 历史
yacovm 提交于 2017-08-10 18:22 . [FAB-5713] properly log x509 certs
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218
/*

Copyright IBM Corp. All Rights Reserved.



SPDX-License-Identifier: Apache-2.0

*/



package msp



import (

	"crypto"

	"crypto/rand"

	"crypto/x509"

	"encoding/hex"

	"encoding/pem"

	"errors"

	"fmt"



	"github.com/golang/protobuf/proto"

	"github.com/hyperledger/fabric/bccsp"

	"github.com/hyperledger/fabric/common/flogging"

	"github.com/hyperledger/fabric/protos/msp"

	"github.com/op/go-logging"

)



var mspIdentityLogger = flogging.MustGetLogger("msp/identity")



type identity struct {

	// id contains the identifier (MSPID and identity identifier) for this instance

	id *IdentityIdentifier



	// cert contains the x.509 certificate that signs the public key of this instance

	cert *x509.Certificate



	// this is the public key of this instance

	pk bccsp.Key



	// reference to the MSP that "owns" this identity

	msp *bccspmsp

}



func newIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) {

	mspIdentityLogger.Debugf("Creating identity instance for ID %s", certToPEM(cert))



	// Sanitize first the certificate

	cert, err := msp.sanitizeCert(cert)

	if err != nil {

		return nil, err

	}

	return &identity{id: id, cert: cert, pk: pk, msp: msp}, nil

}



// SatisfiesPrincipal returns null if this instance matches the supplied principal or an error otherwise

func (id *identity) SatisfiesPrincipal(principal *msp.MSPPrincipal) error {

	return id.msp.SatisfiesPrincipal(id, principal)

}



// GetIdentifier returns the identifier (MSPID/IDID) for this instance

func (id *identity) GetIdentifier() *IdentityIdentifier {

	return id.id

}



// GetMSPIdentifier returns the MSP identifier for this instance

func (id *identity) GetMSPIdentifier() string {

	return id.id.Mspid

}



// IsValid returns nil if this instance is a valid identity or an error otherwise

func (id *identity) Validate() error {

	return id.msp.Validate(id)

}



// GetOrganizationalUnits returns the OU for this instance

func (id *identity) GetOrganizationalUnits() []*OUIdentifier {

	if id.cert == nil {

		return nil

	}



	cid, err := id.msp.getCertificationChainIdentifier(id)

	if err != nil {

		mspIdentityLogger.Errorf("Failed getting certification chain identifier for [%v]: [%s]", id, err)



		return nil

	}



	res := []*OUIdentifier{}

	for _, unit := range id.cert.Subject.OrganizationalUnit {

		res = append(res, &OUIdentifier{

			OrganizationalUnitIdentifier: unit,

			CertifiersIdentifier:         cid,

		})

	}



	return res

}



// NewSerializedIdentity returns a serialized identity

// having as content the passed mspID and x509 certificate in PEM format.

// This method does not check the validity of certificate nor

// any consistency of the mspID with it.

func NewSerializedIdentity(mspID string, certPEM []byte) ([]byte, error) {

	// We serialize identities by prepending the MSPID

	// and appending the x509 cert in PEM format

	sId := &msp.SerializedIdentity{Mspid: mspID, IdBytes: certPEM}

	raw, err := proto.Marshal(sId)

	if err != nil {

		return nil, fmt.Errorf("Failed serializing identity [%s][% X]: [%s]", mspID, certPEM, err)

	}

	return raw, nil

}



// Verify checks against a signature and a message

// to determine whether this identity produced the

// signature; it returns nil if so or an error otherwise

func (id *identity) Verify(msg []byte, sig []byte) error {

	// mspIdentityLogger.Infof("Verifying signature")



	// Compute Hash

	hashOpt, err := id.getHashOpt(id.msp.cryptoConfig.SignatureHashFamily)

	if err != nil {

		return fmt.Errorf("Failed getting hash function options [%s]", err)

	}



	digest, err := id.msp.bccsp.Hash(msg, hashOpt)

	if err != nil {

		return fmt.Errorf("Failed computing digest [%s]", err)

	}



	if mspIdentityLogger.IsEnabledFor(logging.DEBUG) {

		mspIdentityLogger.Debugf("Verify: digest = %s", hex.Dump(digest))

		mspIdentityLogger.Debugf("Verify: sig = %s", hex.Dump(sig))

	}



	valid, err := id.msp.bccsp.Verify(id.pk, sig, digest, nil)

	if err != nil {

		return fmt.Errorf("Could not determine the validity of the signature, err %s", err)

	} else if !valid {

		return errors.New("The signature is invalid")

	}



	return nil

}



// Serialize returns a byte array representation of this identity

func (id *identity) Serialize() ([]byte, error) {

	// mspIdentityLogger.Infof("Serializing identity %s", id.id)



	pb := &pem.Block{Bytes: id.cert.Raw}

	pemBytes := pem.EncodeToMemory(pb)

	if pemBytes == nil {

		return nil, fmt.Errorf("Encoding of identitiy failed")

	}



	// We serialize identities by prepending the MSPID and appending the ASN.1 DER content of the cert

	sId := &msp.SerializedIdentity{Mspid: id.id.Mspid, IdBytes: pemBytes}

	idBytes, err := proto.Marshal(sId)

	if err != nil {

		return nil, fmt.Errorf("Could not marshal a SerializedIdentity structure for identity %s, err %s", id.id, err)

	}



	return idBytes, nil

}



func (id *identity) getHashOpt(hashFamily string) (bccsp.HashOpts, error) {

	switch hashFamily {

	case bccsp.SHA2:

		return bccsp.GetHashOpt(bccsp.SHA256)

	case bccsp.SHA3:

		return bccsp.GetHashOpt(bccsp.SHA3_256)

	}

	return nil, fmt.Errorf("hash famility not recognized [%s]", hashFamily)

}



type signingidentity struct {

	// we embed everything from a base identity

	identity



	// signer corresponds to the object that can produce signatures from this identity

	signer crypto.Signer

}



func newSigningIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, signer crypto.Signer, msp *bccspmsp) (SigningIdentity, error) {

	//mspIdentityLogger.Infof("Creating signing identity instance for ID %s", id)

	mspId, err := newIdentity(id, cert, pk, msp)

	if err != nil {

		return nil, err

	}

	return &signingidentity{identity: *mspId.(*identity), signer: signer}, nil

}



// Sign produces a signature over msg, signed by this instance

func (id *signingidentity) Sign(msg []byte) ([]byte, error) {

	//mspIdentityLogger.Infof("Signing message")



	// Compute Hash

	hashOpt, err := id.getHashOpt(id.msp.cryptoConfig.SignatureHashFamily)

	if err != nil {

		return nil, fmt.Errorf("Failed getting hash function options [%s]", err)

	}



	digest, err := id.msp.bccsp.Hash(msg, hashOpt)

	if err != nil {

		return nil, fmt.Errorf("Failed computing digest [%s]", err)

	}



	if len(msg) < 32 {

		mspIdentityLogger.Debugf("Sign: plaintext: %X \n", msg)

	} else {

		mspIdentityLogger.Debugf("Sign: plaintext: %X...%X \n", msg[0:16], msg[len(msg)-16:])

	}

	mspIdentityLogger.Debugf("Sign: digest: %X \n", digest)



	// Sign

	return id.signer.Sign(rand.Reader, digest, nil)

}



func (id *signingidentity) GetPublicVersion() Identity {

	return &id.identity

}
1
https://gitee.com/peter_code_git/fabric.git
git@gitee.com:peter_code_git/fabric.git
peter_code_git
fabric
fabric
v1.0.6
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部