-
Notifications
You must be signed in to change notification settings - Fork 0
/
expiration.go
62 lines (51 loc) · 1.63 KB
/
expiration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package filter
import (
"time"
"github.com/hyperledger/fabric/common/crypto"
"github.com/hyperledger/fabric/core/handlers/auth"
"github.com/hyperledger/fabric/protos/peer"
"github.com/hyperledger/fabric/protos/utils"
"github.com/pkg/errors"
"golang.org/x/net/context"
)
// NewExpirationCheckFilter creates a new Filter that checks identity expiration
func NewExpirationCheckFilter() auth.Filter {
return &expirationCheckFilter{}
}
type expirationCheckFilter struct {
next peer.EndorserServer
}
// Init initializes the Filter with the next EndorserServer
func (f *expirationCheckFilter) Init(next peer.EndorserServer) {
f.next = next
}
func validateProposal(signedProp *peer.SignedProposal) error {
prop, err := utils.GetProposal(signedProp.ProposalBytes)
if err != nil {
return errors.Wrap(err, "failed parsing proposal")
}
hdr, err := utils.GetHeader(prop.Header)
if err != nil {
return errors.Wrap(err, "failed parsing header")
}
sh, err := utils.GetSignatureHeader(hdr.SignatureHeader)
if err != nil {
return errors.Wrap(err, "failed parsing signature header")
}
expirationTime := crypto.ExpiresAt(sh.Creator)
if !expirationTime.IsZero() && time.Now().After(expirationTime) {
return errors.New("identity expired")
}
return nil
}
// ProcessProposal processes a signed proposal
func (f *expirationCheckFilter) ProcessProposal(ctx context.Context, signedProp *peer.SignedProposal) (*peer.ProposalResponse, error) {
if err := validateProposal(signedProp); err != nil {
return nil, err
}
return f.next.ProcessProposal(ctx, signedProp)
}