github.com/lzy4123/fabric@v2.1.1+incompatible/internal/peer/gossip/sa.go

github.com/lzy4123/fabric@v2.1.1+incompatible/internal/peer/gossip/sa.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package gossip
     8  
     9  import (
    10  	"github.com/hyperledger/fabric/common/flogging"
    11  	"github.com/hyperledger/fabric/gossip/api"
    12  	"github.com/hyperledger/fabric/msp/mgmt"
    13  )
    14  
    15  var saLogger = flogging.MustGetLogger("peer.gossip.sa")
    16  
    17  // mspSecurityAdvisor implements the SecurityAdvisor interface
    18  // using peer's MSPs.
    19  //
    20  // In order for the system to be secure it is vital to have the
    21  // MSPs to be up-to-date. Channels' MSPs are updated via
    22  // configuration transactions distributed by the ordering service.
    23  //
    24  // This implementation assumes that these mechanisms are all in place and working.
    25  type mspSecurityAdvisor struct {
    26  	deserializer mgmt.DeserializersManager
    27  }
    28  
    29  // NewSecurityAdvisor creates a new instance of mspSecurityAdvisor
    30  // that implements MessageCryptoService
    31  func NewSecurityAdvisor(deserializer mgmt.DeserializersManager) api.SecurityAdvisor {
    32  	return &mspSecurityAdvisor{deserializer: deserializer}
    33  }
    34  
    35  // OrgByPeerIdentity returns the OrgIdentityType
    36  // of a given peer identity.
    37  // If any error occurs, nil is returned.
    38  // This method does not validate peerIdentity.
    39  // This validation is supposed to be done appropriately during the execution flow.
    40  func (advisor *mspSecurityAdvisor) OrgByPeerIdentity(peerIdentity api.PeerIdentityType) api.OrgIdentityType {
    41  	// Validate arguments
    42  	if len(peerIdentity) == 0 {
    43  		saLogger.Error("Invalid Peer Identity. It must be different from nil.")
    44  
    45  		return nil
    46  	}
    47  
    48  	// Notice that peerIdentity is assumed to be the serialization of an identity.
    49  	// So, first step is the identity deserialization
    50  
    51  	// TODO: This method should return a structure consisting of two fields:
    52  	// one of the MSPidentifier of the MSP the identity belongs to,
    53  	// and then a list of organization units this identity is in possession of.
    54  	// For gossip use, it is the first part that we would need for now,
    55  	// namely the identity's MSP identifier be returned (Identity.GetMSPIdentifier())
    56  
    57  	// First check against the local MSP.
    58  	identity, err := advisor.deserializer.GetLocalDeserializer().DeserializeIdentity([]byte(peerIdentity))
    59  	if err == nil {
    60  		return []byte(identity.GetMSPIdentifier())
    61  	}
    62  
    63  	// Check against managers
    64  	for chainID, mspManager := range advisor.deserializer.GetChannelDeserializers() {
    65  		// Deserialize identity
    66  		identity, err := mspManager.DeserializeIdentity([]byte(peerIdentity))
    67  		if err != nil {
    68  			saLogger.Debugf("Failed deserialization identity [% x] on [%s]: [%s]", peerIdentity, chainID, err)
    69  			continue
    70  		}
    71  
    72  		return []byte(identity.GetMSPIdentifier())
    73  	}
    74  
    75  	saLogger.Warningf("Peer Identity [% x] cannot be desirialized. No MSP found able to do that.", peerIdentity)
    76  
    77  	return nil
    78  }