github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/orderer/common/msgprocessor/expiration.go (about) 1 /* 2 Copyright hechain. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package msgprocessor 8 9 import ( 10 "time" 11 12 "github.com/hechain20/hechain/common/channelconfig" 13 "github.com/hechain20/hechain/common/crypto" 14 "github.com/hechain20/hechain/protoutil" 15 "github.com/hyperledger/fabric-protos-go/common" 16 "github.com/pkg/errors" 17 ) 18 19 type resources interface { 20 // OrdererConfig returns the config.Orderer for the channel 21 // and whether the Orderer config exists 22 OrdererConfig() (channelconfig.Orderer, bool) 23 } 24 25 // NewExpirationRejectRule returns a rule that rejects messages signed by identities 26 // who's identities have expired, given the capability is active 27 func NewExpirationRejectRule(filterSupport resources) Rule { 28 return &expirationRejectRule{filterSupport: filterSupport} 29 } 30 31 type expirationRejectRule struct { 32 filterSupport resources 33 } 34 35 // Apply checks whether the identity that created the envelope has expired 36 func (exp *expirationRejectRule) Apply(message *common.Envelope) error { 37 ordererConf, ok := exp.filterSupport.OrdererConfig() 38 if !ok { 39 logger.Panic("Programming error: orderer config not found") 40 } 41 if !ordererConf.Capabilities().ExpirationCheck() { 42 return nil 43 } 44 signedData, err := protoutil.EnvelopeAsSignedData(message) 45 if err != nil { 46 return errors.Errorf("could not convert message to signedData: %s", err) 47 } 48 expirationTime := crypto.ExpiresAt(signedData[0].Identity) 49 // Identity cannot expire, or identity has not expired yet 50 if expirationTime.IsZero() || time.Now().Before(expirationTime) { 51 return nil 52 } 53 return errors.New("broadcast client identity expired") 54 }