-
Notifications
You must be signed in to change notification settings - Fork 39
/
Copy pathpolicy.go
133 lines (124 loc) · 3.57 KB
/
policy.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
/*
Copyright: Cognition Foundry. All Rights Reserved.
License: Apache License Version 2.0
*/
package gohfc
import (
"fmt"
"github.com/hyperledger/fabric/protos/common"
"github.com/hyperledger/fabric/protos/msp"
"github.com/golang/protobuf/proto"
"sort"
)
func defaultPolicy(mspid string) (*common.SignaturePolicyEnvelope, error) {
if len(mspid) == 0 {
return nil, ErrMspMissing
}
memberRole, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: mspid})
if err != nil {
return nil, fmt.Errorf("Error marshal MSPRole: %s", err)
}
onePrn := &msp.MSPPrincipal{
PrincipalClassification: msp.MSPPrincipal_ROLE,
Principal: memberRole,
}
signedBy := &common.SignaturePolicy{Type: &common.SignaturePolicy_SignedBy{SignedBy: 0}}
oneOfone := &common.SignaturePolicy{
Type: &common.SignaturePolicy_NOutOf_{
NOutOf: &common.SignaturePolicy_NOutOf{
N: 1, Rules: []*common.SignaturePolicy{signedBy},
},
},
}
p := &common.SignaturePolicyEnvelope{
Version: 0,
Rule: oneOfone,
Identities: []*msp.MSPPrincipal{onePrn},
}
return p, nil
}
func CollectionConfigToPolicy(col []CollectionConfig) ([]*common.CollectionConfig, error) {
// validation. Same names are not allowed, min/max peer count must be =>0, at least one org
collectionNames := make(map[string]bool)
for _, c := range col {
if len(c.Name) < 1 {
return nil, ErrCollectionNameMissing
}
if _, ok := collectionNames[c.Name]; ok {
return nil, ErrCollectionNameExists
}
if c.RequiredPeersCount < 0 {
return nil, ErrRequiredPeerCountNegative
}
if c.MaximumPeersCount < 0 {
return nil, ErrMaxPeerCountNegative
}
if c.MaximumPeersCount < c.RequiredPeersCount {
return nil, ErrMaxPeerCountLestThanMinimum
}
if len(c.Organizations) == 0 {
return nil, ErrAtLeastOneOrgNeeded
}
for _, org := range c.Organizations {
if len(org) == 0 {
return nil, ErrOrganizationNameMissing
}
}
collectionNames[c.Name] = true
}
result := make([]*common.CollectionConfig, 0, len(col))
for _, c := range col {
sig, err := signedByAnyOfGivenRole(msp.MSPRole_MEMBER, c.Organizations)
if err != nil {
return nil, err
}
collection := &common.CollectionConfig{
Payload: &common.CollectionConfig_StaticCollectionConfig{
StaticCollectionConfig: &common.StaticCollectionConfig{
Name: c.Name,
RequiredPeerCount: c.RequiredPeersCount,
MaximumPeerCount: c.MaximumPeersCount,
MemberOrgsPolicy: &common.CollectionPolicyConfig{
Payload: &common.CollectionPolicyConfig_SignaturePolicy{
SignaturePolicy: sig,
},
},
},
},
}
result = append(result, collection)
}
return result, nil
}
func signedByAnyOfGivenRole(role msp.MSPRole_MSPRoleType, ids []string) (*common.SignaturePolicyEnvelope, error) {
sort.Strings(ids)
principals := make([]*msp.MSPPrincipal, len(ids))
sigspolicy := make([]*common.SignaturePolicy, len(ids))
for i, id := range ids {
marshalPrincipal, err := proto.Marshal(&msp.MSPRole{Role: role, MspIdentifier: id})
if err != nil {
return nil, err
}
principals[i] = &msp.MSPPrincipal{
PrincipalClassification: msp.MSPPrincipal_ROLE,
Principal: marshalPrincipal}
sigspolicy[i] = &common.SignaturePolicy{
Type: &common.SignaturePolicy_SignedBy{
SignedBy: int32(i),
},
}
}
p := &common.SignaturePolicyEnvelope{
Version: 0,
Rule: &common.SignaturePolicy{
Type: &common.SignaturePolicy_NOutOf_{
NOutOf: &common.SignaturePolicy_NOutOf{
N: 1,
Rules: sigspolicy,
},
},
},
Identities: principals,
}
return p, nil
}