forked from hyperledger/fabric-sdk-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
membership.go
163 lines (133 loc) · 4.38 KB
/
membership.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
/*
Copyright SecureKey Technologies Inc. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package membership
import (
"crypto/x509"
"encoding/pem"
"github.com/golang/protobuf/proto"
"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/msp"
"github.com/hyperledger/fabric-sdk-go/pkg/common/logging"
"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/fab"
mb "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/msp"
"github.com/pkg/errors"
)
var logger = logging.NewLogger("fabsdk/fab")
type identityImpl struct {
mspManager msp.MSPManager
}
// Context holds the providers
type Context struct {
core.Providers
}
// New member identity
func New(ctx Context, cfg fab.ChannelCfg) (fab.ChannelMembership, error) {
m, err := createMSPManager(ctx, cfg)
if err != nil {
return nil, err
}
return &identityImpl{mspManager: m}, nil
}
func (i *identityImpl) Validate(serializedID []byte) error {
id, err := i.mspManager.DeserializeIdentity(serializedID)
if err != nil {
return err
}
return id.Validate()
}
func (i *identityImpl) Verify(serializedID []byte, msg []byte, sig []byte) error {
id, err := i.mspManager.DeserializeIdentity(serializedID)
if err != nil {
return err
}
return id.Verify(msg, sig)
}
func createMSPManager(ctx Context, cfg fab.ChannelCfg) (msp.MSPManager, error) {
mspManager := msp.NewMSPManager()
if len(cfg.MSPs()) > 0 {
msps, err := loadMSPs(cfg.MSPs(), ctx.CryptoSuite())
if err != nil {
return nil, errors.WithMessage(err, "load MSPs from config failed")
}
if err := mspManager.Setup(msps); err != nil {
return nil, errors.WithMessage(err, "MSPManager Setup failed")
}
for _, msp := range msps {
for _, cert := range msp.GetTLSRootCerts() {
addCertsToConfig(ctx.Config(), cert)
}
for _, cert := range msp.GetTLSIntermediateCerts() {
addCertsToConfig(ctx.Config(), cert)
}
}
}
return mspManager, nil
}
func loadMSPs(mspConfigs []*mb.MSPConfig, cs core.CryptoSuite) ([]msp.MSP, error) {
logger.Debugf("loadMSPs - start number of msps=%d", len(mspConfigs))
msps := []msp.MSP{}
for _, config := range mspConfigs {
mspType := msp.ProviderType(config.Type)
if mspType != msp.FABRIC {
return nil, errors.Errorf("MSP type not supported: %v", mspType)
}
if len(config.Config) == 0 {
return nil, errors.Errorf("MSP configuration missing the payload in the 'Config' property")
}
fabricConfig := &mb.FabricMSPConfig{}
err := proto.Unmarshal(config.Config, fabricConfig)
if err != nil {
return nil, errors.Wrap(err, "unmarshal FabricMSPConfig from config failed")
}
if fabricConfig.Name == "" {
return nil, errors.New("MSP Configuration missing name")
}
// with this method we are only dealing with verifying MSPs, not local MSPs. Local MSPs are instantiated
// from user enrollment materials (see User class). For verifying MSPs the root certificates are always
// required
if len(fabricConfig.RootCerts) == 0 {
return nil, errors.New("MSP Configuration missing root certificates required for validating signing certificates")
}
// get the application org names
var orgs []string
orgUnits := fabricConfig.OrganizationalUnitIdentifiers
for _, orgUnit := range orgUnits {
logger.Debugf("loadMSPs - found org of :: %s", orgUnit.OrganizationalUnitIdentifier)
orgs = append(orgs, orgUnit.OrganizationalUnitIdentifier)
}
// TODO: Do something with orgs
// TODO: Configure MSP version (rather than MSP 1.0)
newMSP, err := msp.NewBccspMsp(msp.MSPv1_0, cs)
if err != nil {
return nil, errors.Wrap(err, "instantiate MSP failed")
}
if err := newMSP.Setup(config); err != nil {
return nil, errors.Wrap(err, "configure MSP failed")
}
mspID, _ := newMSP.GetIdentifier()
logger.Debugf("loadMSPs - adding msp=%s", mspID)
msps = append(msps, newMSP)
}
logger.Debugf("loadMSPs - loaded %d MSPs", len(msps))
return msps, nil
}
//addCertsToConfig adds cert bytes to config TLSCACertPool
func addCertsToConfig(config core.Config, pemCerts []byte) {
for len(pemCerts) > 0 {
var block *pem.Block
block, pemCerts = pem.Decode(pemCerts)
if block == nil {
break
}
if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
continue
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
continue
}
config.TLSCACertPool(cert)
}
}