github.com/renegr87/renegr87@v2.1.1+incompatible/core/common/privdata/store.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package privdata
     8  
     9  import (
    10  	"fmt"
    11  
    12  	"github.com/golang/protobuf/proto"
    13  	"github.com/hyperledger/fabric-protos-go/peer"
    14  	pb "github.com/hyperledger/fabric-protos-go/peer"
    15  	"github.com/hyperledger/fabric/core/ledger"
    16  	"github.com/hyperledger/fabric/msp"
    17  	mspmgmt "github.com/hyperledger/fabric/msp/mgmt"
    18  	"github.com/hyperledger/fabric/protoutil"
    19  	"github.com/pkg/errors"
    20  )
    21  
    22  // State retrieves data from the state.
    23  type State interface {
    24  	// GetState retrieves the value for the given key in the given namespace
    25  	GetState(namespace string, key string) ([]byte, error)
    26  }
    27  
    28  type NoSuchCollectionError CollectionCriteria
    29  
    30  func (f NoSuchCollectionError) Error() string {
    31  	return fmt.Sprintf("collection %s/%s/%s could not be found", f.Channel, f.Namespace, f.Collection)
    32  }
    33  
    34  // A QueryExecutorFactory is responsible for creating ledger.QueryExectuor
    35  // instances.
    36  type QueryExecutorFactory interface {
    37  	NewQueryExecutor() (ledger.QueryExecutor, error)
    38  }
    39  
    40  // ChaincodeInfoProvider provides information about deployed chaincode.
    41  // LSCC module is expected to provide an implementation for this dependencys
    42  type ChaincodeInfoProvider interface {
    43  	// ChaincodeInfo returns the info about a deployed chaincode.
    44  	ChaincodeInfo(channelName, chaincodeName string, qe ledger.SimpleQueryExecutor) (*ledger.DeployedChaincodeInfo, error)
    45  	// CollectionInfo returns the proto msg that defines the named collection.
    46  	// This function can be used for both explicit and implicit collections.
    47  	CollectionInfo(channelName, chaincodeName, collectionName string, qe ledger.SimpleQueryExecutor) (*peer.StaticCollectionConfig, error)
    48  	// AllCollectionsConfigPkg returns a combined collection config pkg that contains both explicit and implicit collections
    49  	AllCollectionsConfigPkg(channelName, chaincodeName string, qe ledger.SimpleQueryExecutor) (*peer.CollectionConfigPackage, error)
    50  }
    51  
    52  // IdentityDeserializerFactory creates msp.IdentityDeserializer for
    53  // a chain.
    54  type IdentityDeserializerFactory interface {
    55  	GetIdentityDeserializer(chainID string) msp.IdentityDeserializer
    56  }
    57  
    58  // IdentityDeserializerFactoryFunc is a function adapater for
    59  // IdentityDeserializerFactory.
    60  type IdentityDeserializerFactoryFunc func(chainID string) msp.IdentityDeserializer
    61  
    62  func (i IdentityDeserializerFactoryFunc) GetIdentityDeserializer(chainID string) msp.IdentityDeserializer {
    63  	return i(chainID)
    64  }
    65  
    66  // CollectionCriteria defines an element of a private data that corresponds
    67  // to a certain transaction and collection
    68  type CollectionCriteria struct {
    69  	Channel    string
    70  	Collection string
    71  	Namespace  string
    72  }
    73  
    74  type SimpleCollectionStore struct {
    75  	qeFactory             QueryExecutorFactory
    76  	ccInfoProvider        ChaincodeInfoProvider
    77  	idDeserializerFactory IdentityDeserializerFactory
    78  }
    79  
    80  func NewSimpleCollectionStore(qeFactory QueryExecutorFactory, ccInfoProvider ChaincodeInfoProvider) *SimpleCollectionStore {
    81  	return &SimpleCollectionStore{
    82  		qeFactory:      qeFactory,
    83  		ccInfoProvider: ccInfoProvider,
    84  		idDeserializerFactory: IdentityDeserializerFactoryFunc(func(chainID string) msp.IdentityDeserializer {
    85  			return mspmgmt.GetManagerForChain(chainID)
    86  		}),
    87  	}
    88  }
    89  
    90  func (c *SimpleCollectionStore) retrieveCollectionConfigPackage(cc CollectionCriteria, qe ledger.QueryExecutor) (*peer.CollectionConfigPackage, error) {
    91  	var err error
    92  	if qe == nil {
    93  		qe, err = c.qeFactory.NewQueryExecutor()
    94  		if err != nil {
    95  			return nil, errors.WithMessagef(err, "could not retrieve query executor for collection criteria %#v", cc)
    96  		}
    97  		defer qe.Done()
    98  	}
    99  	return c.ccInfoProvider.AllCollectionsConfigPkg(cc.Channel, cc.Namespace, qe)
   100  }
   101  
   102  // RetrieveCollectionConfigPackageFromState retrieves the collection config package from the given key from the given state
   103  func RetrieveCollectionConfigPackageFromState(cc CollectionCriteria, state State) (*peer.CollectionConfigPackage, error) {
   104  	cb, err := state.GetState("lscc", BuildCollectionKVSKey(cc.Namespace))
   105  	if err != nil {
   106  		return nil, errors.WithMessagef(err, "error while retrieving collection for collection criteria %#v", cc)
   107  	}
   108  	if cb == nil {
   109  		return nil, NoSuchCollectionError(cc)
   110  	}
   111  	conf, err := ParseCollectionConfig(cb)
   112  	if err != nil {
   113  		return nil, errors.Wrapf(err, "invalid configuration for collection criteria %#v", cc)
   114  	}
   115  	return conf, nil
   116  }
   117  
   118  // ParseCollectionConfig parses the collection configuration from the given serialized representation.
   119  func ParseCollectionConfig(colBytes []byte) (*peer.CollectionConfigPackage, error) {
   120  	collections := &peer.CollectionConfigPackage{}
   121  	err := proto.Unmarshal(colBytes, collections)
   122  	if err != nil {
   123  		return nil, errors.WithStack(err)
   124  	}
   125  
   126  	return collections, nil
   127  }
   128  
   129  // RetrieveCollectionConfig retrieves a collection's config
   130  func (c *SimpleCollectionStore) RetrieveCollectionConfig(cc CollectionCriteria) (*peer.StaticCollectionConfig, error) {
   131  	return c.retrieveCollectionConfig(cc, nil)
   132  }
   133  
   134  func (c *SimpleCollectionStore) retrieveCollectionConfig(cc CollectionCriteria, qe ledger.QueryExecutor) (*peer.StaticCollectionConfig, error) {
   135  	var err error
   136  	if qe == nil {
   137  		qe, err = c.qeFactory.NewQueryExecutor()
   138  		if err != nil {
   139  			return nil, errors.WithMessagef(err, "could not retrieve query executor for collection criteria %#v", cc)
   140  		}
   141  		defer qe.Done()
   142  	}
   143  	collConfig, err := c.ccInfoProvider.CollectionInfo(cc.Channel, cc.Namespace, cc.Collection, qe)
   144  	if err != nil {
   145  		return nil, err
   146  	}
   147  	if collConfig == nil {
   148  		return nil, NoSuchCollectionError(cc)
   149  	}
   150  	return collConfig, nil
   151  }
   152  
   153  func (c *SimpleCollectionStore) retrieveSimpleCollection(cc CollectionCriteria, qe ledger.QueryExecutor) (*SimpleCollection, error) {
   154  	staticCollectionConfig, err := c.retrieveCollectionConfig(cc, qe)
   155  	if err != nil {
   156  		return nil, err
   157  	}
   158  	sc := &SimpleCollection{}
   159  	err = sc.Setup(staticCollectionConfig, c.idDeserializerFactory.GetIdentityDeserializer(cc.Channel))
   160  	if err != nil {
   161  		return nil, errors.WithMessagef(err, "error setting up collection for collection criteria %#v", cc)
   162  	}
   163  	return sc, nil
   164  }
   165  
   166  func (c *SimpleCollectionStore) AccessFilter(channelName string, collectionPolicyConfig *peer.CollectionPolicyConfig) (Filter, error) {
   167  	sc := &SimpleCollection{}
   168  	err := sc.setupAccessPolicy(collectionPolicyConfig, c.idDeserializerFactory.GetIdentityDeserializer(channelName))
   169  	if err != nil {
   170  		return nil, err
   171  	}
   172  	return sc.AccessFilter(), nil
   173  }
   174  
   175  func (c *SimpleCollectionStore) RetrieveCollection(cc CollectionCriteria) (Collection, error) {
   176  	return c.retrieveSimpleCollection(cc, nil)
   177  }
   178  
   179  func (c *SimpleCollectionStore) RetrieveCollectionAccessPolicy(cc CollectionCriteria) (CollectionAccessPolicy, error) {
   180  	return c.retrieveSimpleCollection(cc, nil)
   181  }
   182  
   183  func (c *SimpleCollectionStore) RetrieveCollectionConfigPackage(cc CollectionCriteria) (*peer.CollectionConfigPackage, error) {
   184  	return c.retrieveCollectionConfigPackage(cc, nil)
   185  }
   186  
   187  // RetrieveCollectionPersistenceConfigs retrieves the collection's persistence related configurations
   188  func (c *SimpleCollectionStore) RetrieveCollectionPersistenceConfigs(cc CollectionCriteria) (CollectionPersistenceConfigs, error) {
   189  	staticCollectionConfig, err := c.retrieveCollectionConfig(cc, nil)
   190  	if err != nil {
   191  		return nil, err
   192  	}
   193  	return &SimpleCollectionPersistenceConfigs{staticCollectionConfig.BlockToLive}, nil
   194  }
   195  
   196  // RetrieveReadWritePermission retrieves the read-write persmission of the creator of the
   197  // signedProposal for a given collection using collection access policy and flags such as
   198  // memberOnlyRead & memberOnlyWrite
   199  func (c *SimpleCollectionStore) RetrieveReadWritePermission(
   200  	cc CollectionCriteria,
   201  	signedProposal *pb.SignedProposal,
   202  	qe ledger.QueryExecutor,
   203  ) (bool, bool, error) {
   204  	collection, err := c.retrieveSimpleCollection(cc, qe)
   205  	if err != nil {
   206  		return false, false, err
   207  	}
   208  
   209  	if canAnyoneReadAndWrite(collection) {
   210  		return true, true, nil
   211  	}
   212  
   213  	// all members have read-write persmission
   214  	if isAMember, err := isCreatorOfProposalAMember(signedProposal, collection); err != nil {
   215  		return false, false, err
   216  	} else if isAMember {
   217  		return true, true, nil
   218  	}
   219  
   220  	return !collection.IsMemberOnlyRead(), !collection.IsMemberOnlyWrite(), nil
   221  }
   222  
   223  func canAnyoneReadAndWrite(collection *SimpleCollection) bool {
   224  	if !collection.IsMemberOnlyRead() && !collection.IsMemberOnlyWrite() {
   225  		return true
   226  	}
   227  	return false
   228  }
   229  
   230  func isCreatorOfProposalAMember(signedProposal *pb.SignedProposal, collection *SimpleCollection) (bool, error) {
   231  	signedData, err := getSignedData(signedProposal)
   232  	if err != nil {
   233  		return false, err
   234  	}
   235  
   236  	accessFilter := collection.AccessFilter()
   237  	return accessFilter(signedData), nil
   238  }
   239  
   240  func getSignedData(signedProposal *pb.SignedProposal) (protoutil.SignedData, error) {
   241  	proposal, err := protoutil.UnmarshalProposal(signedProposal.ProposalBytes)
   242  	if err != nil {
   243  		return protoutil.SignedData{}, err
   244  	}
   245  
   246  	hdr, err := protoutil.UnmarshalHeader(proposal.Header)
   247  	if err != nil {
   248  		return protoutil.SignedData{}, err
   249  	}
   250  
   251  	shdr, err := protoutil.UnmarshalSignatureHeader(hdr.SignatureHeader)
   252  	if err != nil {
   253  		return protoutil.SignedData{}, err
   254  	}
   255  
   256  	return protoutil.SignedData{
   257  		Data:      signedProposal.ProposalBytes,
   258  		Identity:  shdr.Creator,
   259  		Signature: signedProposal.Signature,
   260  	}, nil
   261  }