github.com/xiaqingdoc/fabric@v2.1.1+incompatible/core/handlers/auth/filter/expiration.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package filter 8 9 import ( 10 "context" 11 "time" 12 13 "github.com/hyperledger/fabric-protos-go/peer" 14 "github.com/hyperledger/fabric/common/crypto" 15 "github.com/hyperledger/fabric/core/handlers/auth" 16 "github.com/hyperledger/fabric/protoutil" 17 "github.com/pkg/errors" 18 ) 19 20 // NewExpirationCheckFilter creates a new Filter that checks identity expiration 21 func NewExpirationCheckFilter() auth.Filter { 22 return &expirationCheckFilter{} 23 } 24 25 type expirationCheckFilter struct { 26 next peer.EndorserServer 27 } 28 29 // Init initializes the Filter with the next EndorserServer 30 func (f *expirationCheckFilter) Init(next peer.EndorserServer) { 31 f.next = next 32 } 33 34 func validateProposal(signedProp *peer.SignedProposal) error { 35 prop, err := protoutil.UnmarshalProposal(signedProp.ProposalBytes) 36 if err != nil { 37 return errors.Wrap(err, "failed parsing proposal") 38 } 39 40 hdr, err := protoutil.UnmarshalHeader(prop.Header) 41 if err != nil { 42 return errors.Wrap(err, "failed parsing header") 43 } 44 45 sh, err := protoutil.UnmarshalSignatureHeader(hdr.SignatureHeader) 46 if err != nil { 47 return errors.Wrap(err, "failed parsing signature header") 48 } 49 expirationTime := crypto.ExpiresAt(sh.Creator) 50 if !expirationTime.IsZero() && time.Now().After(expirationTime) { 51 return errors.New("identity expired") 52 } 53 return nil 54 } 55 56 // ProcessProposal processes a signed proposal 57 func (f *expirationCheckFilter) ProcessProposal(ctx context.Context, signedProp *peer.SignedProposal) (*peer.ProposalResponse, error) { 58 if err := validateProposal(signedProp); err != nil { 59 return nil, err 60 } 61 return f.next.ProcessProposal(ctx, signedProp) 62 }