github.com/true-sqn/fabric@v2.1.1+incompatible/msp/msp.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package msp
     8  
     9  import (
    10  	"time"
    11  
    12  	"github.com/hyperledger/fabric-protos-go/msp"
    13  )
    14  
    15  // IdentityDeserializer is implemented by both MSPManger and MSP
    16  type IdentityDeserializer interface {
    17  	// DeserializeIdentity deserializes an identity.
    18  	// Deserialization will fail if the identity is associated to
    19  	// an msp that is different from this one that is performing
    20  	// the deserialization.
    21  	DeserializeIdentity(serializedIdentity []byte) (Identity, error)
    22  
    23  	// IsWellFormed checks if the given identity can be deserialized into its provider-specific form
    24  	IsWellFormed(identity *msp.SerializedIdentity) error
    25  }
    26  
    27  // Membership service provider APIs for Hyperledger Fabric:
    28  //
    29  // By "membership service provider" we refer to an abstract component of the
    30  // system that would provide (anonymous) credentials to clients, and peers for
    31  // them to participate in Hyperledger/fabric network. Clients use these
    32  // credentials to authenticate their transactions, and peers use these credentials
    33  // to authenticate transaction processing results (endorsements). While
    34  // strongly connected to the transaction processing components of the systems,
    35  // this interface aims to have membership services components defined, in such
    36  // a way such that alternate implementations of this can be smoothly plugged in
    37  // without modifying the core of transaction processing components of the system.
    38  //
    39  // This file includes Membership service provider interface that covers the
    40  // needs of a peer membership service provider interface.
    41  
    42  // MSPManager is an interface defining a manager of one or more MSPs. This
    43  // essentially acts as a mediator to MSP calls and routes MSP related calls
    44  // to the appropriate MSP.
    45  // This object is immutable, it is initialized once and never changed.
    46  type MSPManager interface {
    47  
    48  	// IdentityDeserializer interface needs to be implemented by MSPManager
    49  	IdentityDeserializer
    50  
    51  	// Setup the MSP manager instance according to configuration information
    52  	Setup(msps []MSP) error
    53  
    54  	// GetMSPs Provides a list of Membership Service providers
    55  	GetMSPs() (map[string]MSP, error)
    56  }
    57  
    58  // MSP is the minimal Membership Service Provider Interface to be implemented
    59  // to accommodate peer functionality
    60  type MSP interface {
    61  
    62  	// IdentityDeserializer interface needs to be implemented by MSP
    63  	IdentityDeserializer
    64  
    65  	// Setup the MSP instance according to configuration information
    66  	Setup(config *msp.MSPConfig) error
    67  
    68  	// GetVersion returns the version of this MSP
    69  	GetVersion() MSPVersion
    70  
    71  	// GetType returns the provider type
    72  	GetType() ProviderType
    73  
    74  	// GetIdentifier returns the provider identifier
    75  	GetIdentifier() (string, error)
    76  
    77  	// GetSigningIdentity returns a signing identity corresponding to the provided identifier
    78  	GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error)
    79  
    80  	// GetDefaultSigningIdentity returns the default signing identity
    81  	GetDefaultSigningIdentity() (SigningIdentity, error)
    82  
    83  	// GetTLSRootCerts returns the TLS root certificates for this MSP
    84  	GetTLSRootCerts() [][]byte
    85  
    86  	// GetTLSIntermediateCerts returns the TLS intermediate root certificates for this MSP
    87  	GetTLSIntermediateCerts() [][]byte
    88  
    89  	// Validate checks whether the supplied identity is valid
    90  	Validate(id Identity) error
    91  
    92  	// SatisfiesPrincipal checks whether the identity matches
    93  	// the description supplied in MSPPrincipal. The check may
    94  	// involve a byte-by-byte comparison (if the principal is
    95  	// a serialized identity) or may require MSP validation
    96  	SatisfiesPrincipal(id Identity, principal *msp.MSPPrincipal) error
    97  }
    98  
    99  // OUIdentifier represents an organizational unit and
   100  // its related chain of trust identifier.
   101  type OUIdentifier struct {
   102  	// CertifiersIdentifier is the hash of certificates chain of trust
   103  	// related to this organizational unit
   104  	CertifiersIdentifier []byte
   105  	// OrganizationUnitIdentifier defines the organizational unit under the
   106  	// MSP identified with MSPIdentifier
   107  	OrganizationalUnitIdentifier string
   108  }
   109  
   110  // From this point on, there are interfaces that are shared within the peer and client API
   111  // of the membership service provider.
   112  
   113  // Identity interface defining operations associated to a "certificate".
   114  // That is, the public part of the identity could be thought to be a certificate,
   115  // and offers solely signature verification capabilities. This is to be used
   116  // at the peer side when verifying certificates that transactions are signed
   117  // with, and verifying signatures that correspond to these certificates.///
   118  type Identity interface {
   119  
   120  	// ExpiresAt returns the time at which the Identity expires.
   121  	// If the returned time is the zero value, it implies
   122  	// the Identity does not expire, or that its expiration
   123  	// time is unknown
   124  	ExpiresAt() time.Time
   125  
   126  	// GetIdentifier returns the identifier of that identity
   127  	GetIdentifier() *IdentityIdentifier
   128  
   129  	// GetMSPIdentifier returns the MSP Id for this instance
   130  	GetMSPIdentifier() string
   131  
   132  	// Validate uses the rules that govern this identity to validate it.
   133  	// E.g., if it is a fabric TCert implemented as identity, validate
   134  	// will check the TCert signature against the assumed root certificate
   135  	// authority.
   136  	Validate() error
   137  
   138  	// GetOrganizationalUnits returns zero or more organization units or
   139  	// divisions this identity is related to as long as this is public
   140  	// information. Certain MSP implementations may use attributes
   141  	// that are publicly associated to this identity, or the identifier of
   142  	// the root certificate authority that has provided signatures on this
   143  	// certificate.
   144  	// Examples:
   145  	//  - if the identity is an x.509 certificate, this function returns one
   146  	//    or more string which is encoded in the Subject's Distinguished Name
   147  	//    of the type OU
   148  	// TODO: For X.509 based identities, check if we need a dedicated type
   149  	//       for OU where the Certificate OU is properly namespaced by the
   150  	//       signer's identity
   151  	GetOrganizationalUnits() []*OUIdentifier
   152  
   153  	// Anonymous returns true if this is an anonymous identity, false otherwise
   154  	Anonymous() bool
   155  
   156  	// Verify a signature over some message using this identity as reference
   157  	Verify(msg []byte, sig []byte) error
   158  
   159  	// Serialize converts an identity to bytes
   160  	Serialize() ([]byte, error)
   161  
   162  	// SatisfiesPrincipal checks whether this instance matches
   163  	// the description supplied in MSPPrincipal. The check may
   164  	// involve a byte-by-byte comparison (if the principal is
   165  	// a serialized identity) or may require MSP validation
   166  	SatisfiesPrincipal(principal *msp.MSPPrincipal) error
   167  }
   168  
   169  // SigningIdentity is an extension of Identity to cover signing capabilities.
   170  // E.g., signing identity should be requested in the case of a client who wishes
   171  // to sign transactions, or fabric endorser who wishes to sign proposal
   172  // processing outcomes.
   173  type SigningIdentity interface {
   174  
   175  	// Extends Identity
   176  	Identity
   177  
   178  	// Sign the message
   179  	Sign(msg []byte) ([]byte, error)
   180  
   181  	// GetPublicVersion returns the public parts of this identity
   182  	GetPublicVersion() Identity
   183  }
   184  
   185  // IdentityIdentifier is a holder for the identifier of a specific
   186  // identity, naturally namespaced, by its provider identifier.
   187  type IdentityIdentifier struct {
   188  
   189  	// The identifier of the associated membership service provider
   190  	Mspid string
   191  
   192  	// The identifier for an identity within a provider
   193  	Id string
   194  }
   195  
   196  // ProviderType indicates the type of an identity provider
   197  type ProviderType int
   198  
   199  // The ProviderType of a member relative to the member API
   200  const (
   201  	FABRIC ProviderType = iota // MSP is of FABRIC type
   202  	IDEMIX                     // MSP is of IDEMIX type
   203  	OTHER                      // MSP is of OTHER TYPE
   204  
   205  	// NOTE: as new types are added to this set,
   206  	// the mspTypes map below must be extended
   207  )
   208  
   209  var mspTypeStrings = map[ProviderType]string{
   210  	FABRIC: "bccsp",
   211  	IDEMIX: "idemix",
   212  }
   213  
   214  var Options = map[string]NewOpts{
   215  	ProviderTypeToString(FABRIC): &BCCSPNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_4_3}},
   216  	ProviderTypeToString(IDEMIX): &IdemixNewOpts{NewBaseOpts: NewBaseOpts{Version: MSPv1_1}},
   217  }
   218  
   219  // ProviderTypeToString returns a string that represents the ProviderType integer
   220  func ProviderTypeToString(id ProviderType) string {
   221  	if res, found := mspTypeStrings[id]; found {
   222  		return res
   223  	}
   224  
   225  	return ""
   226  }