-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
224 additions
and
0 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
ledger-model/src/main/java/com/jd/blockchain/ledger/MultiIDsPolicy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package com.jd.blockchain.ledger; | ||
|
||
/** | ||
* 多重身份的校验策略; | ||
* | ||
* @author huanghaiquan | ||
* | ||
*/ | ||
public enum MultiIDsPolicy { | ||
|
||
/** | ||
* 至少有一个都能通过; | ||
*/ | ||
AT_LEAST_ONE, | ||
|
||
/** | ||
* 每一个都能通过; | ||
*/ | ||
ALL | ||
|
||
} |
33 changes: 33 additions & 0 deletions
33
ledger-model/src/main/java/com/jd/blockchain/ledger/SecurityContext.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package com.jd.blockchain.ledger; | ||
|
||
import com.jd.blockchain.ledger.SecurityPolicy; | ||
|
||
public class SecurityContext { | ||
|
||
private static ThreadLocal<SecurityPolicy> policyHolder = new ThreadLocal<SecurityPolicy>(); | ||
|
||
public static void setContextUsersPolicy(SecurityPolicy policy) { | ||
policyHolder.set(policy); | ||
} | ||
|
||
public static SecurityPolicy removeContextUsersPolicy() { | ||
SecurityPolicy p = policyHolder.get(); | ||
policyHolder.remove(); | ||
return p; | ||
} | ||
|
||
public static SecurityPolicy getContextUsersPolicy() { | ||
return policyHolder.get(); | ||
} | ||
|
||
/** | ||
* 把上下文安全策略切换为指定的策略,并执行参数指定的 {@link Runnable} 操作,当操作完成后恢复原来的上下文策略; | ||
* | ||
* @param contextUsersPolicy | ||
* @param runnable | ||
*/ | ||
public static void switchContextUsersPolicy(SecurityPolicy contextUsersPolicy, Runnable runnable) { | ||
|
||
} | ||
|
||
} |
170 changes: 170 additions & 0 deletions
170
ledger-model/src/main/java/com/jd/blockchain/ledger/SecurityPolicy.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,170 @@ | ||
package com.jd.blockchain.ledger; | ||
|
||
import utils.Bytes; | ||
|
||
import java.util.Set; | ||
|
||
/** | ||
* 针对特定交易请求的账本安全策略; | ||
* | ||
* @author huanghaiquan | ||
*/ | ||
public interface SecurityPolicy { | ||
|
||
/** | ||
* 签署交易的终端用户的地址列表;(来自{@link TransactionRequest#getEndpointSignatures()}) | ||
* | ||
* @return | ||
*/ | ||
Set<Bytes> getEndpoints(); | ||
|
||
/** | ||
* 签署交易的节点参与方的地址列表(来自{@link TransactionRequest#getNodeSignatures()}) | ||
* | ||
* @return | ||
*/ | ||
Set<Bytes> getNodes(); | ||
|
||
/** | ||
* 终端身份是否合法; | ||
* | ||
* @param midPolicy | ||
* @return | ||
*/ | ||
boolean isEndpointValid(MultiIDsPolicy midPolicy); | ||
|
||
/** | ||
* 节点身份是否合法; | ||
* | ||
* @param midPolicy | ||
* @return | ||
*/ | ||
boolean isNodeValid(MultiIDsPolicy midPolicy); | ||
|
||
/** | ||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | ||
* | ||
* @param permission 要检查的权限; | ||
* @param midPolicy 针对多个签名用户的权限策略; | ||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | ||
*/ | ||
boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy); | ||
|
||
/** | ||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | ||
* | ||
* @param permission 要检查的权限; | ||
* @param midPolicy 针对多个签名用户的权限策略; | ||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | ||
*/ | ||
boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy); | ||
|
||
/** | ||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | ||
* | ||
* @param permission 要检查的权限; | ||
* @param midPolicy 针对多个签名用户的权限策略; | ||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | ||
*/ | ||
boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy); | ||
|
||
/** | ||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | ||
* | ||
* @param permission 要检查的权限; | ||
* @param midPolicy 针对多个签名用户的权限策略; | ||
* @return 返回 true 表示获得授权; 返回 false 表示未获得授权; | ||
*/ | ||
boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy); | ||
|
||
/** | ||
* 检查终端身份的合法性; | ||
* | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查节点身份的合法性; | ||
* | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | ||
* 如果未获授权,方法将引发 {@link LedgerSecurityException} 异常; | ||
* | ||
* @param permission 要检查的权限; | ||
* @param midPolicy 针对多个签名用户的权限策略; | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限;<br> | ||
* 如果未获授权,方法将引发 {@link LedgerSecurityException} 异常; | ||
* | ||
* @param permission | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy) | ||
throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | ||
* 如果未获授权,方法将引发 {@link LedgerSecurityException} 异常; | ||
* | ||
* @param permission | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限;<br> | ||
* 如果未获授权,方法将引发 {@link LedgerSecurityException} 异常; | ||
* | ||
* @param permission | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的数据集权限中;<br> | ||
* 如果未获授权,方法将引发 {@link LedgerSecurityException} 异常; | ||
* | ||
* @param permission 要检查的数据权限信息; | ||
* @param permissionType 要检查的数据权限类型; | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkDataPermission(DataPermission permission, DataPermissionType permissionType) throws LedgerSecurityException; | ||
|
||
/** | ||
* 检查签署交易的终端用户是否在权限所有者列表中 | ||
* | ||
* @param permission 要检查的数据权限信息; | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkDataOwners(DataPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 终端用户(证书)状态检查; | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkEndpointState(MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
/** | ||
* 节点用户(证书)状态检查; | ||
* @param midPolicy | ||
* @throws LedgerSecurityException | ||
*/ | ||
void checkNodeState(MultiIDsPolicy midPolicy) throws LedgerSecurityException; | ||
|
||
} |