github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/core/common/privdata/collection.go (about) 1 /* 2 Copyright hechain. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package privdata 8 9 import ( 10 "strings" 11 12 "github.com/hechain20/hechain/core/ledger" 13 "github.com/hechain20/hechain/protoutil" 14 "github.com/hyperledger/fabric-protos-go/peer" 15 ) 16 17 // Collection defines a common interface for collections 18 type Collection interface { 19 // SetTxContext configures the tx-specific ephemeral collection info, such 20 // as txid, nonce, creator -- for future use 21 // SetTxContext(parameters ...interface{}) 22 23 // CollectionID returns this collection's ID 24 CollectionID() string 25 26 // GetEndorsementPolicy returns the endorsement policy for validation -- for 27 // future use 28 // GetEndorsementPolicy() string 29 30 // MemberOrgs returns the collection's members as MSP IDs. This serves as 31 // a human-readable way of quickly identifying who is part of a collection. 32 MemberOrgs() map[string]struct{} 33 } 34 35 // CollectionAccessPolicy encapsulates functions for the access policy of a collection 36 type CollectionAccessPolicy interface { 37 // AccessFilter returns a member filter function for a collection 38 AccessFilter() Filter 39 40 // The minimum number of peers private data will be sent to upon 41 // endorsement. The endorsement would fail if dissemination to at least 42 // this number of peers is not achieved. 43 RequiredPeerCount() int 44 45 // The maximum number of peers that private data will be sent to 46 // upon endorsement. This number has to be bigger than RequiredPeerCount(). 47 MaximumPeerCount() int 48 49 // MemberOrgs returns the collection's members as MSP IDs. This serves as 50 // a human-readable way of quickly identifying who is part of a collection. 51 MemberOrgs() map[string]struct{} 52 53 // IsMemberOnlyRead returns a true if only collection members can read 54 // the private data 55 IsMemberOnlyRead() bool 56 57 // IsMemberOnlyWrite returns a true if only collection members can write 58 // the private data 59 IsMemberOnlyWrite() bool 60 } 61 62 // CollectionPersistenceConfigs encapsulates configurations related to persistence of a collection 63 type CollectionPersistenceConfigs interface { 64 // BlockToLive returns the number of blocks after which the collection data expires. 65 // For instance if the value is set to 10, a key last modified by block number 100 66 // will be purged at block number 111. A zero value is treated same as MaxUint64 67 BlockToLive() uint64 68 } 69 70 // Filter defines a rule that filters peers according to data signed by them. 71 // The Identity in the SignedData is a SerializedIdentity of a peer. 72 // The Data is a message the peer signed, and the Signature is the corresponding 73 // Signature on that Data. 74 // Returns: True, if the policy holds for the given signed data. 75 // False otherwise 76 type Filter func(protoutil.SignedData) bool 77 78 // CollectionStore provides various APIs to retrieves stored collections and perform 79 // membership check & read permission check based on the collection's properties. 80 // TODO: Refactor CollectionStore - FAB-13082 81 // (1) function such as RetrieveCollection() and RetrieveCollectionConfigPackage() are 82 // never used except in mocks and test files. 83 // (2) in gossip, at least in 7 different places, the following 3 operations 84 // are repeated which can be avoided by introducing a API called IsAMemberOf(). 85 // (i) retrieves collection access policy by calling RetrieveCollectionAccessPolicy() 86 // (ii) get the access filter func from the collection access policy 87 // (iii) create the evaluation policy and check for membership 88 // (3) we would need a cache in collection store to avoid repeated crypto operation. 89 // This would be simple to implement when we introduce IsAMemberOf() APIs. 90 type CollectionStore interface { 91 // RetrieveCollection retrieves the collection in the following way: 92 // If the TxID exists in the ledger, the collection that is returned has the 93 // latest configuration that was committed into the ledger before this txID 94 // was committed. 95 // Else - it's the latest configuration for the collection. 96 RetrieveCollection(CollectionCriteria) (Collection, error) 97 98 // RetrieveCollectionAccessPolicy retrieves a collection's access policy 99 RetrieveCollectionAccessPolicy(CollectionCriteria) (CollectionAccessPolicy, error) 100 101 // RetrieveCollectionConfig retrieves a collection's config 102 RetrieveCollectionConfig(CollectionCriteria) (*peer.StaticCollectionConfig, error) 103 104 // RetrieveCollectionConfigPackage retrieves the whole configuration package 105 // for the chaincode with the supplied criteria 106 RetrieveCollectionConfigPackage(CollectionCriteria) (*peer.CollectionConfigPackage, error) 107 108 // RetrieveCollectionPersistenceConfigs retrieves the collection's persistence related configurations 109 RetrieveCollectionPersistenceConfigs(CollectionCriteria) (CollectionPersistenceConfigs, error) 110 111 // RetrieveReadWritePermission retrieves the read-write permission of the creator of the 112 // signedProposal for a given collection using collection access policy and flags such as 113 // memberOnlyRead & memberOnlyWrite 114 RetrieveReadWritePermission(CollectionCriteria, *peer.SignedProposal, ledger.QueryExecutor) (bool, bool, error) 115 116 CollectionFilter 117 } 118 119 type CollectionFilter interface { 120 // AccessFilter retrieves the collection's filter that matches a given channel and a collectionPolicyConfig 121 AccessFilter(channelName string, collectionPolicyConfig *peer.CollectionPolicyConfig) (Filter, error) 122 } 123 124 const ( 125 // Collection-specific constants 126 127 // CollectionSeparator is the separator used to build the KVS 128 // key storing the collections of a chaincode; note that we are 129 // using as separator a character which is illegal for either the 130 // name or the version of a chaincode so there cannot be any 131 // collisions when choosing the name 132 collectionSeparator = "~" 133 // collectionSuffix is the suffix of the KVS key storing the 134 // collections of a chaincode 135 collectionSuffix = "collection" 136 ) 137 138 // BuildCollectionKVSKey constructs the collection config key for a given chaincode name 139 func BuildCollectionKVSKey(ccname string) string { 140 return ccname + collectionSeparator + collectionSuffix 141 } 142 143 // IsCollectionConfigKey detects if a key is a collection key 144 func IsCollectionConfigKey(key string) bool { 145 return strings.Contains(key, collectionSeparator) 146 } 147 148 // GetCCNameFromCollectionConfigKey returns the chaincode name given a collection config key 149 func GetCCNameFromCollectionConfigKey(key string) string { 150 splittedKey := strings.Split(key, collectionSeparator) 151 return splittedKey[0] 152 }