-
Notifications
You must be signed in to change notification settings - Fork 8.8k
/
validator_validity_period.go
95 lines (74 loc) · 2.79 KB
/
validator_validity_period.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/*
Copyright IBM Corp. 2016 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package crypto
import (
"errors"
"strconv"
"time"
"github.com/spf13/viper"
"github.com/hyperledger/fabric/core/crypto/primitives"
"github.com/hyperledger/fabric/core/ledger"
obc "github.com/hyperledger/fabric/protos"
)
//We are temporarily disabling the validity period functionality
var allowValidityPeriodVerification = false
func validityPeriodVerificationEnabled() bool {
// If the verification of the validity period is enabled in the configuration file return the configured value
if viper.IsSet("peer.validator.validity-period.verification") {
return viper.GetBool("peer.validator.validity-period.verification")
}
// Validity period verification is enabled by default if no configuration was specified.
return true
}
func (validator *validatorImpl) verifyValidityPeriod(tx *obc.Transaction) (*obc.Transaction, error) {
if tx.Cert != nil && tx.Signature != nil {
// Unmarshal cert
cert, err := primitives.DERToX509Certificate(tx.Cert)
if err != nil {
validator.Errorf("verifyValidityPeriod: failed unmarshalling cert %s:", err)
return tx, err
}
cid := viper.GetString("pki.validity-period.chaincodeHash")
ledger, err := ledger.GetLedger()
if err != nil {
validator.Errorf("verifyValidityPeriod: failed getting access to the ledger %s:", err)
return tx, err
}
vpBytes, err := ledger.GetState(cid, "system.validity.period", true)
if err != nil {
validator.Errorf("verifyValidityPeriod: failed reading validity period from the ledger %s:", err)
return tx, err
}
i, err := strconv.ParseInt(string(vpBytes[:]), 10, 64)
if err != nil {
validator.Errorf("verifyValidityPeriod: failed to parse validity period %s:", err)
return tx, err
}
vp := time.Unix(i, 0)
var errMsg string
// Verify the validity period of the TCert
switch {
case cert.NotAfter.Before(cert.NotBefore):
errMsg = "verifyValidityPeriod: certificate validity period is invalid"
case vp.Before(cert.NotBefore):
errMsg = "verifyValidityPeriod: certificate validity period is in the future"
case vp.After(cert.NotAfter):
errMsg = "verifyValidityPeriod: certificate validity period is in the past"
}
if errMsg != "" {
validator.Error(errMsg)
return tx, errors.New(errMsg)
}
}
return tx, nil
}