-
Notifications
You must be signed in to change notification settings - Fork 0
/
inquire.go
92 lines (81 loc) · 2.38 KB
/
inquire.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package inquire
import (
"fmt"
"github.com/hyperledger/fabric/common/flogging"
"github.com/hyperledger/fabric/common/graph"
"github.com/hyperledger/fabric/common/policies"
"github.com/hyperledger/fabric/protos/common"
)
var logger = flogging.MustGetLogger("policies.inquire")
const (
combinationsUpperBound = 10000
)
type inquireableSignaturePolicy struct {
sigPol *common.SignaturePolicyEnvelope
}
// NewInquireableSignaturePolicy creates a signature policy that can be inquired,
// from a policy and a signature policy.
func NewInquireableSignaturePolicy(sigPol *common.SignaturePolicyEnvelope) policies.InquireablePolicy {
return &inquireableSignaturePolicy{
sigPol: sigPol,
}
}
// SatisfiedBy returns a slice of PrincipalSets that each of them
// satisfies the policy.
func (isp *inquireableSignaturePolicy) SatisfiedBy() []policies.PrincipalSet {
rootId := fmt.Sprintf("%d", 0)
root := graph.NewTreeVertex(rootId, isp.sigPol.Rule)
computePolicyTree(root)
var res []policies.PrincipalSet
for _, perm := range root.ToTree().Permute(combinationsUpperBound) {
principalSet := principalsOfTree(perm, isp.sigPol.Identities)
if len(principalSet) == 0 {
return nil
}
res = append(res, principalSet)
}
return res
}
func principalsOfTree(tree *graph.Tree, principals policies.PrincipalSet) policies.PrincipalSet {
var principalSet policies.PrincipalSet
i := tree.BFS()
for {
v := i.Next()
if v == nil {
break
}
if !v.IsLeaf() {
continue
}
pol := v.Data.(*common.SignaturePolicy)
switch principalIndex := pol.Type.(type) {
case *common.SignaturePolicy_SignedBy:
if len(principals) <= int(principalIndex.SignedBy) {
logger.Warning("Failed computing principalsOfTree, index out of bounds")
return nil
}
principal := principals[principalIndex.SignedBy]
principalSet = append(principalSet, principal)
default:
// Leaf vertex is not of type SignedBy
logger.Warning("Leaf vertex", v.Id, "is of type", pol.GetType())
return nil
}
}
return principalSet
}
func computePolicyTree(v *graph.TreeVertex) {
sigPol := v.Data.(*common.SignaturePolicy)
if p := sigPol.GetNOutOf(); p != nil {
v.Threshold = int(p.N)
for i, rule := range p.Rules {
id := fmt.Sprintf("%s.%d", v.Id, i)
u := v.AddDescendant(graph.NewTreeVertex(id, rule))
computePolicyTree(u)
}
}
}