forked from tw-bc-group/fabric
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sa.go
78 lines (63 loc) · 2.66 KB
/
sa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package gossip
import (
"github.com/hyperledger/fabric/common/flogging"
"github.com/hyperledger/fabric/gossip/api"
"github.com/hyperledger/fabric/msp/mgmt"
)
var saLogger = flogging.MustGetLogger("peer.gossip.sa")
// mspSecurityAdvisor implements the SecurityAdvisor interface
// using peer's MSPs.
//
// In order for the system to be secure it is vital to have the
// MSPs to be up-to-date. Channels' MSPs are updated via
// configuration transactions distributed by the ordering service.
//
// This implementation assumes that these mechanisms are all in place and working.
type mspSecurityAdvisor struct {
deserializer mgmt.DeserializersManager
}
// NewSecurityAdvisor creates a new instance of mspSecurityAdvisor
// that implements MessageCryptoService
func NewSecurityAdvisor(deserializer mgmt.DeserializersManager) api.SecurityAdvisor {
return &mspSecurityAdvisor{deserializer: deserializer}
}
// OrgByPeerIdentity returns the OrgIdentityType
// of a given peer identity.
// If any error occurs, nil is returned.
// This method does not validate peerIdentity.
// This validation is supposed to be done appropriately during the execution flow.
func (advisor *mspSecurityAdvisor) OrgByPeerIdentity(peerIdentity api.PeerIdentityType) api.OrgIdentityType {
// Validate arguments
if len(peerIdentity) == 0 {
saLogger.Error("Invalid Peer Identity. It must be different from nil.")
return nil
}
// Notice that peerIdentity is assumed to be the serialization of an identity.
// So, first step is the identity deserialization
// TODO: This method should return a structure consisting of two fields:
// one of the MSPidentifier of the MSP the identity belongs to,
// and then a list of organization units this identity is in possession of.
// For gossip use, it is the first part that we would need for now,
// namely the identity's MSP identifier be returned (Identity.GetMSPIdentifier())
// First check against the local MSP.
identity, err := advisor.deserializer.GetLocalDeserializer().DeserializeIdentity([]byte(peerIdentity))
if err == nil {
return []byte(identity.GetMSPIdentifier())
}
// Check against managers
for chainID, mspManager := range advisor.deserializer.GetChannelDeserializers() {
// Deserialize identity
identity, err := mspManager.DeserializeIdentity([]byte(peerIdentity))
if err != nil {
saLogger.Debugf("Failed deserialization identity [% x] on [%s]: [%s]", peerIdentity, chainID, err)
continue
}
return []byte(identity.GetMSPIdentifier())
}
saLogger.Warningf("Peer Identity [% x] cannot be desirialized. No MSP found able to do that.", peerIdentity)
return nil
}