github.com/yacovm/fabric@v2.0.0-alpha.0.20191128145320-c5d4087dc723+incompatible/common/cauthdsl/cauthdsl_builder.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package cauthdsl 8 9 import ( 10 "sort" 11 12 "github.com/golang/protobuf/proto" 13 cb "github.com/hyperledger/fabric-protos-go/common" 14 "github.com/hyperledger/fabric-protos-go/msp" 15 "github.com/hyperledger/fabric/protoutil" 16 ) 17 18 // AcceptAllPolicy always evaluates to true 19 var AcceptAllPolicy *cb.SignaturePolicyEnvelope 20 21 // MarshaledAcceptAllPolicy is the Marshaled version of AcceptAllPolicy 22 var MarshaledAcceptAllPolicy []byte 23 24 // RejectAllPolicy always evaluates to false 25 var RejectAllPolicy *cb.SignaturePolicyEnvelope 26 27 // MarshaledRejectAllPolicy is the Marshaled version of RejectAllPolicy 28 var MarshaledRejectAllPolicy []byte 29 30 func init() { 31 var err error 32 33 AcceptAllPolicy = Envelope(NOutOf(0, []*cb.SignaturePolicy{}), [][]byte{}) 34 MarshaledAcceptAllPolicy, err = proto.Marshal(AcceptAllPolicy) 35 if err != nil { 36 panic("Error marshaling trueEnvelope") 37 } 38 39 RejectAllPolicy = Envelope(NOutOf(1, []*cb.SignaturePolicy{}), [][]byte{}) 40 MarshaledRejectAllPolicy, err = proto.Marshal(RejectAllPolicy) 41 if err != nil { 42 panic("Error marshaling falseEnvelope") 43 } 44 } 45 46 // Envelope builds an envelope message embedding a SignaturePolicy 47 func Envelope(policy *cb.SignaturePolicy, identities [][]byte) *cb.SignaturePolicyEnvelope { 48 ids := make([]*msp.MSPPrincipal, len(identities)) 49 for i := range ids { 50 ids[i] = &msp.MSPPrincipal{PrincipalClassification: msp.MSPPrincipal_IDENTITY, Principal: identities[i]} 51 } 52 53 return &cb.SignaturePolicyEnvelope{ 54 Version: 0, 55 Rule: policy, 56 Identities: ids, 57 } 58 } 59 60 // SignedBy creates a SignaturePolicy requiring a given signer's signature 61 func SignedBy(index int32) *cb.SignaturePolicy { 62 return &cb.SignaturePolicy{ 63 Type: &cb.SignaturePolicy_SignedBy{ 64 SignedBy: index, 65 }, 66 } 67 } 68 69 // SignedByMspMember creates a SignaturePolicyEnvelope 70 // requiring 1 signature from any member of the specified MSP 71 func SignedByMspMember(mspId string) *cb.SignaturePolicyEnvelope { 72 return signedByFabricEntity(mspId, msp.MSPRole_MEMBER) 73 } 74 75 // SignedByMspClient creates a SignaturePolicyEnvelope 76 // requiring 1 signature from any client of the specified MSP 77 func SignedByMspClient(mspId string) *cb.SignaturePolicyEnvelope { 78 return signedByFabricEntity(mspId, msp.MSPRole_CLIENT) 79 } 80 81 // SignedByMspPeer creates a SignaturePolicyEnvelope 82 // requiring 1 signature from any peer of the specified MSP 83 func SignedByMspPeer(mspId string) *cb.SignaturePolicyEnvelope { 84 return signedByFabricEntity(mspId, msp.MSPRole_PEER) 85 } 86 87 // SignedByFabricEntity creates a SignaturePolicyEnvelope 88 // requiring 1 signature from any fabric entity, having the passed role, of the specified MSP 89 func signedByFabricEntity(mspId string, role msp.MSPRole_MSPRoleType) *cb.SignaturePolicyEnvelope { 90 // specify the principal: it's a member of the msp we just found 91 principal := &msp.MSPPrincipal{ 92 PrincipalClassification: msp.MSPPrincipal_ROLE, 93 Principal: protoutil.MarshalOrPanic(&msp.MSPRole{Role: role, MspIdentifier: mspId})} 94 95 // create the policy: it requires exactly 1 signature from the first (and only) principal 96 p := &cb.SignaturePolicyEnvelope{ 97 Version: 0, 98 Rule: NOutOf(1, []*cb.SignaturePolicy{SignedBy(0)}), 99 Identities: []*msp.MSPPrincipal{principal}, 100 } 101 102 return p 103 } 104 105 // SignedByMspAdmin creates a SignaturePolicyEnvelope 106 // requiring 1 signature from any admin of the specified MSP 107 func SignedByMspAdmin(mspId string) *cb.SignaturePolicyEnvelope { 108 // specify the principal: it's a member of the msp we just found 109 principal := &msp.MSPPrincipal{ 110 PrincipalClassification: msp.MSPPrincipal_ROLE, 111 Principal: protoutil.MarshalOrPanic(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: mspId})} 112 113 // create the policy: it requires exactly 1 signature from the first (and only) principal 114 p := &cb.SignaturePolicyEnvelope{ 115 Version: 0, 116 Rule: NOutOf(1, []*cb.SignaturePolicy{SignedBy(0)}), 117 Identities: []*msp.MSPPrincipal{principal}, 118 } 119 120 return p 121 } 122 123 //wrapper for generating "any of a given role" type policies 124 func signedByAnyOfGivenRole(role msp.MSPRole_MSPRoleType, ids []string) *cb.SignaturePolicyEnvelope { 125 return SignedByNOutOfGivenRole(1, role, ids) 126 } 127 128 func SignedByNOutOfGivenRole(n int32, role msp.MSPRole_MSPRoleType, ids []string) *cb.SignaturePolicyEnvelope { 129 // we create an array of principals, one principal 130 // per application MSP defined on this chain 131 sort.Strings(ids) 132 principals := make([]*msp.MSPPrincipal, len(ids)) 133 sigspolicy := make([]*cb.SignaturePolicy, len(ids)) 134 for i, id := range ids { 135 principals[i] = &msp.MSPPrincipal{ 136 PrincipalClassification: msp.MSPPrincipal_ROLE, 137 Principal: protoutil.MarshalOrPanic(&msp.MSPRole{Role: role, MspIdentifier: id})} 138 sigspolicy[i] = SignedBy(int32(i)) 139 } 140 141 // create the policy: it requires exactly 1 signature from any of the principals 142 p := &cb.SignaturePolicyEnvelope{ 143 Version: 0, 144 Rule: NOutOf(n, sigspolicy), 145 Identities: principals, 146 } 147 148 return p 149 } 150 151 // SignedByAnyMember returns a policy that requires one valid 152 // signature from a member of any of the orgs whose ids are 153 // listed in the supplied string array 154 func SignedByAnyMember(ids []string) *cb.SignaturePolicyEnvelope { 155 return signedByAnyOfGivenRole(msp.MSPRole_MEMBER, ids) 156 } 157 158 // SignedByAnyClient returns a policy that requires one valid 159 // signature from a client of any of the orgs whose ids are 160 // listed in the supplied string array 161 func SignedByAnyClient(ids []string) *cb.SignaturePolicyEnvelope { 162 return signedByAnyOfGivenRole(msp.MSPRole_CLIENT, ids) 163 } 164 165 // SignedByAnyPeer returns a policy that requires one valid 166 // signature from an orderer of any of the orgs whose ids are 167 // listed in the supplied string array 168 func SignedByAnyPeer(ids []string) *cb.SignaturePolicyEnvelope { 169 return signedByAnyOfGivenRole(msp.MSPRole_PEER, ids) 170 } 171 172 // SignedByAnyAdmin returns a policy that requires one valid 173 // signature from a admin of any of the orgs whose ids are 174 // listed in the supplied string array 175 func SignedByAnyAdmin(ids []string) *cb.SignaturePolicyEnvelope { 176 return signedByAnyOfGivenRole(msp.MSPRole_ADMIN, ids) 177 } 178 179 // And is a convenience method which utilizes NOutOf to produce And equivalent behavior 180 func And(lhs, rhs *cb.SignaturePolicy) *cb.SignaturePolicy { 181 return NOutOf(2, []*cb.SignaturePolicy{lhs, rhs}) 182 } 183 184 // Or is a convenience method which utilizes NOutOf to produce Or equivalent behavior 185 func Or(lhs, rhs *cb.SignaturePolicy) *cb.SignaturePolicy { 186 return NOutOf(1, []*cb.SignaturePolicy{lhs, rhs}) 187 } 188 189 // NOutOf creates a policy which requires N out of the slice of policies to evaluate to true 190 func NOutOf(n int32, policies []*cb.SignaturePolicy) *cb.SignaturePolicy { 191 return &cb.SignaturePolicy{ 192 Type: &cb.SignaturePolicy_NOutOf_{ 193 NOutOf: &cb.SignaturePolicy_NOutOf{ 194 N: n, 195 Rules: policies, 196 }, 197 }, 198 } 199 }