github.com/s7techlab/cckit@v0.10.5/extensions/encryption/middleware_pre.go (about) 1 package encryption 2 3 import ( 4 "fmt" 5 6 "github.com/hyperledger/fabric-protos-go/peer" 7 "go.uber.org/zap" 8 9 "github.com/s7techlab/cckit/response" 10 "github.com/s7techlab/cckit/router" 11 "github.com/s7techlab/cckit/state" 12 ) 13 14 // ArgsDecryptIfKeyProvided - pre middleware, decrypts chaincode method arguments if key provided in transient map 15 func ArgsDecryptIfKeyProvided(next router.ContextHandlerFunc, pos ...int) router.ContextHandlerFunc { 16 return argsDecryptor(next, false, nil) 17 } 18 19 // ArgsDecryptIfKeyProvided - pre middleware, decrypts chaincode method arguments, 20 // key must be provided in transient map 21 func ArgsDecrypt(next router.ContextHandlerFunc, pos ...int) router.ContextHandlerFunc { 22 return argsDecryptor(next, true, nil) 23 } 24 25 func ArgsDecryptExcept(exceptMethod ...string) router.ContextMiddlewareFunc { 26 return func(next router.ContextHandlerFunc, pos ...int) router.ContextHandlerFunc { 27 return argsDecryptor(next, true, exceptMethod) 28 } 29 } 30 31 func decryptReplaceArgs(key []byte, c router.Context) error { 32 args, err := DecryptArgs(key, c.GetArgs()) 33 if err != nil { 34 return fmt.Errorf(`decrypt chaincode invocation args: %w`, err) 35 } 36 c.ReplaceArgs(args) 37 return nil 38 } 39 40 func argsDecryptor(next router.ContextHandlerFunc, keyShouldBe bool, exceptMethod []string) router.ContextHandlerFunc { 41 42 return func(c router.Context) peer.Response { 43 44 // method exception - disable args decrypting 45 if len(exceptMethod) > 0 && len(c.GetArgs()) > 0 { 46 for _, m := range exceptMethod { 47 if c.Path() == m { 48 return next(c) 49 } 50 } 51 } 52 53 key, err := KeyFromTransient(c) 54 // no key provided 55 if err != nil { 56 c.Logger().Debug(`no decrypt key provided`, zap.Error(err)) 57 if err == ErrKeyNotDefinedInTransientMap && keyShouldBe { 58 return response.Error(err) 59 } 60 return next(c) 61 } 62 63 if err = decryptReplaceArgs(key, c); err != nil { 64 return response.Error(err) 65 } 66 67 return next(c) 68 } 69 } 70 71 // EncStateContext replaces default state with encrypted state 72 func EncStateContext(next router.HandlerFunc, pos ...int) router.HandlerFunc { 73 return func(c router.Context) (res interface{}, err error) { 74 if err = replaceStateEncrypted(c); err != nil { 75 return 76 } 77 return next(c) 78 } 79 } 80 81 func replaceStateEncrypted(c router.Context) (err error) { 82 var ( 83 s state.State 84 e state.Event 85 ) 86 87 if s, err = StateWithTransientKey(c); err != nil { 88 return err 89 } 90 91 if e, err = EventWithTransientKey(c); err != nil { 92 return err 93 } 94 95 c.UseState(s) 96 c.UseEvent(e) 97 return 98 } 99 100 // EncStateContext replaces default state with encrypted state 101 func EncStateContextIfKeyProvided(next router.HandlerFunc, pos ...int) router.HandlerFunc { 102 return func(c router.Context) (res interface{}, err error) { 103 if _, err = KeyFromTransient(c); err != nil { 104 // skip state changing 105 return next(c) 106 } 107 108 if err = replaceStateEncrypted(c); err != nil { 109 return 110 } 111 return next(c) 112 } 113 }