github.com/renegr87/renegr87@v2.1.1+incompatible/core/common/privdata/util.go

github.com/renegr87/renegr87@v2.1.1+incompatible/core/common/privdata/util.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package privdata
     8  
     9  import (
    10  	"github.com/golang/protobuf/proto"
    11  	mspp "github.com/hyperledger/fabric-protos-go/msp"
    12  	"github.com/hyperledger/fabric-protos-go/peer"
    13  	"github.com/hyperledger/fabric/common/cauthdsl"
    14  	"github.com/hyperledger/fabric/common/policies"
    15  	"github.com/hyperledger/fabric/msp"
    16  	"github.com/pkg/errors"
    17  )
    18  
    19  // getPolicy creates a new policy from the policy envelope. It will return an error if the envelope has invalid policy config.
    20  // Some caller (e.g., MembershipProvider.AsMemberOf) may drop the error and treat it as a RejectAll policy.
    21  // In the future, we must revisit the callers if this method will return different types of errors.
    22  func getPolicy(collectionPolicyConfig *peer.CollectionPolicyConfig, deserializer msp.IdentityDeserializer) (policies.Policy, error) {
    23  	if collectionPolicyConfig == nil {
    24  		return nil, errors.New("collection policy config is nil")
    25  	}
    26  	accessPolicyEnvelope := collectionPolicyConfig.GetSignaturePolicy()
    27  	if accessPolicyEnvelope == nil {
    28  		return nil, errors.New("collection config access policy is nil")
    29  	}
    30  	// create access policy from the envelope
    31  
    32  	pp := cauthdsl.EnvelopeBasedPolicyProvider{Deserializer: deserializer}
    33  	accessPolicy, err := pp.NewPolicy(accessPolicyEnvelope)
    34  	if err != nil {
    35  		return nil, errors.WithMessage(err, "failed constructing policy object out of collection policy config")
    36  	}
    37  
    38  	return accessPolicy, nil
    39  }
    40  
    41  // getMemberOrgs returns a map containing member orgs from a list of MSPPrincipals,
    42  // it will skip identities it fails to process
    43  func getMemberOrgs(identities []*mspp.MSPPrincipal, deserializer msp.IdentityDeserializer) map[string]struct{} {
    44  	memberOrgs := map[string]struct{}{}
    45  
    46  	// get member org MSP IDs from the envelope
    47  	for _, principal := range identities {
    48  		switch principal.PrincipalClassification {
    49  		case mspp.MSPPrincipal_ROLE:
    50  			// Principal contains the msp role
    51  			mspRole := &mspp.MSPRole{}
    52  			err := proto.Unmarshal(principal.Principal, mspRole)
    53  			if err == nil {
    54  				memberOrgs[mspRole.MspIdentifier] = struct{}{}
    55  			}
    56  		case mspp.MSPPrincipal_IDENTITY:
    57  			principalId, err := deserializer.DeserializeIdentity(principal.Principal)
    58  			if err == nil {
    59  				memberOrgs[principalId.GetMSPIdentifier()] = struct{}{}
    60  			}
    61  		case mspp.MSPPrincipal_ORGANIZATION_UNIT:
    62  			OU := &mspp.OrganizationUnit{}
    63  			err := proto.Unmarshal(principal.Principal, OU)
    64  			if err == nil {
    65  				memberOrgs[OU.MspIdentifier] = struct{}{}
    66  			}
    67  		}
    68  	}
    69  	return memberOrgs
    70  }