github.com/anjalikarhana/fabric@v2.1.1+incompatible/orderer/common/msgprocessor/expiration.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package msgprocessor 8 9 import ( 10 "time" 11 12 "github.com/hyperledger/fabric-protos-go/common" 13 "github.com/hyperledger/fabric/common/channelconfig" 14 "github.com/hyperledger/fabric/common/crypto" 15 "github.com/hyperledger/fabric/protoutil" 16 "github.com/pkg/errors" 17 ) 18 19 type resources interface { 20 // OrdererConfig returns the config.Orderer for the channel 21 // and whether the Orderer config exists 22 OrdererConfig() (channelconfig.Orderer, bool) 23 } 24 25 // NewExpirationRejectRule returns a rule that rejects messages signed by identities 26 // who's identities have expired, given the capability is active 27 func NewExpirationRejectRule(filterSupport resources) Rule { 28 return &expirationRejectRule{filterSupport: filterSupport} 29 } 30 31 type expirationRejectRule struct { 32 filterSupport resources 33 } 34 35 // Apply checks whether the identity that created the envelope has expired 36 func (exp *expirationRejectRule) Apply(message *common.Envelope) error { 37 ordererConf, ok := exp.filterSupport.OrdererConfig() 38 if !ok { 39 logger.Panic("Programming error: orderer config not found") 40 } 41 if !ordererConf.Capabilities().ExpirationCheck() { 42 return nil 43 } 44 signedData, err := protoutil.EnvelopeAsSignedData(message) 45 46 if err != nil { 47 return errors.Errorf("could not convert message to signedData: %s", err) 48 } 49 expirationTime := crypto.ExpiresAt(signedData[0].Identity) 50 // Identity cannot expire, or identity has not expired yet 51 if expirationTime.IsZero() || time.Now().Before(expirationTime) { 52 return nil 53 } 54 return errors.New("identity expired") 55 }