github.com/renegr87/renegr87@v2.1.1+incompatible/core/common/privdata/membershipinfo.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package privdata
     8  
     9  import (
    10  	"github.com/hyperledger/fabric-protos-go/peer"
    11  	"github.com/hyperledger/fabric/common/flogging"
    12  	"github.com/hyperledger/fabric/msp"
    13  	"github.com/hyperledger/fabric/protoutil"
    14  )
    15  
    16  var logger = flogging.MustGetLogger("common.privdata")
    17  
    18  // MembershipProvider can be used to check whether a peer is eligible to a collection or not
    19  type MembershipProvider struct {
    20  	mspID                       string
    21  	selfSignedData              protoutil.SignedData
    22  	IdentityDeserializerFactory func(chainID string) msp.IdentityDeserializer
    23  }
    24  
    25  // NewMembershipInfoProvider returns MembershipProvider
    26  func NewMembershipInfoProvider(mspID string, selfSignedData protoutil.SignedData, identityDeserializerFunc func(chainID string) msp.IdentityDeserializer) *MembershipProvider {
    27  	return &MembershipProvider{selfSignedData: selfSignedData, IdentityDeserializerFactory: identityDeserializerFunc}
    28  }
    29  
    30  // AmMemberOf checks whether the current peer is a member of the given collection config.
    31  // If getPolicy returns an error, it will drop the error and return false - same as a RejectAll policy.
    32  // It is used when a chaincode is upgraded to see if the peer's org has become eligible after	a collection
    33  // change.
    34  func (m *MembershipProvider) AmMemberOf(channelName string, collectionPolicyConfig *peer.CollectionPolicyConfig) (bool, error) {
    35  	deserializer := m.IdentityDeserializerFactory(channelName)
    36  
    37  	// Do a simple check to see if the mspid matches any principal identities in the SignaturePolicy - FAB-17059
    38  	if collectionPolicyConfig.GetSignaturePolicy() != nil {
    39  		memberOrgs := getMemberOrgs(collectionPolicyConfig.GetSignaturePolicy().GetIdentities(), deserializer)
    40  
    41  		if _, ok := memberOrgs[m.mspID]; ok {
    42  			return true, nil
    43  		}
    44  	}
    45  
    46  	// Fall back to default access policy evaluation otherwise
    47  	accessPolicy, err := getPolicy(collectionPolicyConfig, deserializer)
    48  	if err != nil {
    49  		// drop the error and return false - same as reject all policy
    50  		logger.Errorf("Reject all due to error getting policy: %s", err)
    51  		return false, nil
    52  	}
    53  	if err := accessPolicy.EvaluateSignedData([]*protoutil.SignedData{&m.selfSignedData}); err != nil {
    54  		return false, nil
    55  	}
    56  
    57  	return true, nil
    58  }