github.com/darrenli6/fabric-sdk-example@v0.0.0-20220109053535-94b13b56df8c/msp/msp.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package msp 8 9 import ( 10 "github.com/hyperledger/fabric/protos/msp" 11 ) 12 13 // FIXME: we need better comments on the interfaces!! 14 // FIXME: we need better comments on the interfaces!! 15 // FIXME: we need better comments on the interfaces!! 16 17 // IdentityDeserializer is implemented by both MSPManger and MSP 18 type IdentityDeserializer interface { 19 // DeserializeIdentity deserializes an identity. 20 // Deserialization will fail if the identity is associated to 21 // an msp that is different from this one that is performing 22 // the deserialization. 23 DeserializeIdentity(serializedIdentity []byte) (Identity, error) 24 } 25 26 // Membership service provider APIs for Hyperledger Fabric: 27 // 28 // By "membership service provider" we refer to an abstract component of the 29 // system that would provide (anonymous) credentials to clients, and peers for 30 // them to participate in Hyperledger/fabric network. Clients use these 31 // credentials to authenticate their transactions, and peers use these credentials 32 // to authenticate transaction processing results (endorsements). While 33 // strongly connected to the transaction processing components of the systems, 34 // this interface aims to have membership services components defined, in such 35 // a way such that alternate implementations of this can be smoothly plugged in 36 // without modifying the core of transaction processing components of the system. 37 // 38 // This file includes Membership service provider interface that covers the 39 // needs of a peer membership service provider interface. 40 41 // MSPManager is an interface defining a manager of one or more MSPs. This 42 // essentially acts as a mediator to MSP calls and routes MSP related calls 43 // to the appropriate MSP. 44 // This object is immutable, it is initialized once and never changed. 45 type MSPManager interface { 46 47 // IdentityDeserializer interface needs to be implemented by MSPManager 48 IdentityDeserializer 49 50 // Setup the MSP manager instance according to configuration information 51 Setup(msps []MSP) error 52 53 // GetMSPs Provides a list of Membership Service providers 54 GetMSPs() (map[string]MSP, error) 55 } 56 57 // MSP is the minimal Membership Service Provider Interface to be implemented 58 // to accommodate peer functionality 59 type MSP interface { 60 61 // IdentityDeserializer interface needs to be implemented by MSP 62 IdentityDeserializer 63 64 // Setup the MSP instance according to configuration information 65 Setup(config *msp.MSPConfig) error 66 67 // GetType returns the provider type 68 GetType() ProviderType 69 70 // GetIdentifier returns the provider identifier 71 GetIdentifier() (string, error) 72 73 // GetSigningIdentity returns a signing identity corresponding to the provided identifier 74 GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error) 75 76 // GetDefaultSigningIdentity returns the default signing identity 77 GetDefaultSigningIdentity() (SigningIdentity, error) 78 79 // GetTLSRootCerts returns the TLS root certificates for this MSP 80 GetTLSRootCerts() [][]byte 81 82 // GetTLSIntermediateCerts returns the TLS intermediate root certificates for this MSP 83 GetTLSIntermediateCerts() [][]byte 84 85 // Validate checks whether the supplied identity is valid 86 Validate(id Identity) error 87 88 // SatisfiesPrincipal checks whether the identity matches 89 // the description supplied in MSPPrincipal. The check may 90 // involve a byte-by-byte comparison (if the principal is 91 // a serialized identity) or may require MSP validation 92 SatisfiesPrincipal(id Identity, principal *msp.MSPPrincipal) error 93 } 94 95 // OUIdentifier represents an organizational unit and 96 // its related chain of trust identifier. 97 type OUIdentifier struct { 98 // CertifiersIdentifier is the hash of certificates chain of trust 99 // related to this organizational unit 100 CertifiersIdentifier []byte 101 // OrganizationUnitIdentifier defines the organizational unit under the 102 // MSP identified with MSPIdentifier 103 OrganizationalUnitIdentifier string 104 } 105 106 // From this point on, there are interfaces that are shared within the peer and client API 107 // of the membership service provider. 108 109 // Identity interface defining operations associated to a "certificate". 110 // That is, the public part of the identity could be thought to be a certificate, 111 // and offers solely signature verification capabilities. This is to be used 112 // at the peer side when verifying certificates that transactions are signed 113 // with, and verifying signatures that correspond to these certificates./// 114 type Identity interface { 115 116 // GetIdentifier returns the identifier of that identity 117 GetIdentifier() *IdentityIdentifier 118 119 // GetMSPIdentifier returns the MSP Id for this instance 120 GetMSPIdentifier() string 121 122 // Validate uses the rules that govern this identity to validate it. 123 // E.g., if it is a fabric TCert implemented as identity, validate 124 // will check the TCert signature against the assumed root certificate 125 // authority. 126 Validate() error 127 128 // GetOrganizationalUnits returns zero or more organization units or 129 // divisions this identity is related to as long as this is public 130 // information. Certain MSP implementations may use attributes 131 // that are publicly associated to this identity, or the identifier of 132 // the root certificate authority that has provided signatures on this 133 // certificate. 134 // Examples: 135 // - if the identity is an x.509 certificate, this function returns one 136 // or more string which is encoded in the Subject's Distinguished Name 137 // of the type OU 138 // TODO: For X.509 based identities, check if we need a dedicated type 139 // for OU where the Certificate OU is properly namespaced by the 140 // signer's identity 141 GetOrganizationalUnits() []*OUIdentifier 142 143 // Verify a signature over some message using this identity as reference 144 Verify(msg []byte, sig []byte) error 145 146 // Serialize converts an identity to bytes 147 Serialize() ([]byte, error) 148 149 // SatisfiesPrincipal checks whether this instance matches 150 // the description supplied in MSPPrincipal. The check may 151 // involve a byte-by-byte comparison (if the principal is 152 // a serialized identity) or may require MSP validation 153 SatisfiesPrincipal(principal *msp.MSPPrincipal) error 154 } 155 156 // SigningIdentity is an extension of Identity to cover signing capabilities. 157 // E.g., signing identity should be requested in the case of a client who wishes 158 // to sign transactions, or fabric endorser who wishes to sign proposal 159 // processing outcomes. 160 type SigningIdentity interface { 161 162 // Extends Identity 163 Identity 164 165 // Sign the message 166 Sign(msg []byte) ([]byte, error) 167 168 // GetPublicVersion returns the public parts of this identity 169 GetPublicVersion() Identity 170 } 171 172 // IdentityIdentifier is a holder for the identifier of a specific 173 // identity, naturally namespaced, by its provider identifier. 174 type IdentityIdentifier struct { 175 176 // The identifier of the associated membership service provider 177 Mspid string 178 179 // The identifier for an identity within a provider 180 Id string 181 } 182 183 // ProviderType indicates the type of an identity provider 184 type ProviderType int 185 186 // The ProviderType of a member relative to the member API 187 const ( 188 FABRIC ProviderType = iota // MSP is of FABRIC type 189 OTHER // MSP is of OTHER TYPE 190 )