-
Notifications
You must be signed in to change notification settings - Fork 0
/
util.go
70 lines (62 loc) · 2.49 KB
/
util.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package privdata
import (
"github.com/golang/protobuf/proto"
mspp "github.com/hyperledger/fabric-protos-go/msp"
"github.com/hyperledger/fabric-protos-go/peer"
"github.com/hyperledger/fabric/common/cauthdsl"
"github.com/hyperledger/fabric/common/policies"
"github.com/hyperledger/fabric/msp"
"github.com/pkg/errors"
)
// getPolicy creates a new policy from the policy envelope. It will return an error if the envelope has invalid policy config.
// Some caller (e.g., MembershipProvider.AsMemberOf) may drop the error and treat it as a RejectAll policy.
// In the future, we must revisit the callers if this method will return different types of errors.
func getPolicy(collectionPolicyConfig *peer.CollectionPolicyConfig, deserializer msp.IdentityDeserializer) (policies.Policy, error) {
if collectionPolicyConfig == nil {
return nil, errors.New("collection policy config is nil")
}
accessPolicyEnvelope := collectionPolicyConfig.GetSignaturePolicy()
if accessPolicyEnvelope == nil {
return nil, errors.New("collection config access policy is nil")
}
// create access policy from the envelope
pp := cauthdsl.EnvelopeBasedPolicyProvider{Deserializer: deserializer}
accessPolicy, err := pp.NewPolicy(accessPolicyEnvelope)
if err != nil {
return nil, errors.WithMessage(err, "failed constructing policy object out of collection policy config")
}
return accessPolicy, nil
}
// getMemberOrgs returns a map containing member orgs from a list of MSPPrincipals,
// it will skip identities it fails to process
func getMemberOrgs(identities []*mspp.MSPPrincipal, deserializer msp.IdentityDeserializer) map[string]struct{} {
memberOrgs := map[string]struct{}{}
// get member org MSP IDs from the envelope
for _, principal := range identities {
switch principal.PrincipalClassification {
case mspp.MSPPrincipal_ROLE:
// Principal contains the msp role
mspRole := &mspp.MSPRole{}
err := proto.Unmarshal(principal.Principal, mspRole)
if err == nil {
memberOrgs[mspRole.MspIdentifier] = struct{}{}
}
case mspp.MSPPrincipal_IDENTITY:
principalId, err := deserializer.DeserializeIdentity(principal.Principal)
if err == nil {
memberOrgs[principalId.GetMSPIdentifier()] = struct{}{}
}
case mspp.MSPPrincipal_ORGANIZATION_UNIT:
OU := &mspp.OrganizationUnit{}
err := proto.Unmarshal(principal.Principal, OU)
if err == nil {
memberOrgs[OU.MspIdentifier] = struct{}{}
}
}
}
return memberOrgs
}