Documentation ¶
Index ¶
- func ExtractChannelHeaderCertHash(msg proto.Message) []byte
- type BindingInspector
- type CertHashExtractor
- type Chain
- type ChainManager
- type ConfigSequencer
- type ExpiresAtFunc
- type Filtered
- type Handler
- type Inspector
- type InspectorFunc
- type Metrics
- type PolicyChecker
- type PolicyCheckerFunc
- type Receiver
- type ResponseSender
- type Server
- type SessionAccessControl
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractChannelHeaderCertHash ¶
ExtractChannelHeaderCertHash extracts the TLS cert hash from a channel header.
Types ¶
type BindingInspector ¶
BindingInspector receives as parameters a gRPC context and an Envelope, and verifies whether the message contains an appropriate binding to the context
func NewBindingInspector ¶
func NewBindingInspector(mutualTLS bool, extractTLSCertHash CertHashExtractor) BindingInspector
NewBindingInspector returns a BindingInspector according to whether mutualTLS is configured or not, and according to a function that extracts TLS certificate hashes from proto messages
type CertHashExtractor ¶
CertHashExtractor extracts a certificate from a proto.Message message
type Chain ¶
type Chain interface { // Sequence returns the current config sequence number, can be used to detect config changes Sequence() uint64 // PolicyManager returns the current policy manager as specified by the chain configuration PolicyManager() policies.Manager // Reader returns the chain Reader for the chain Reader() blockledger.Reader // Errored returns a channel which closes when the backing consenter has errored Errored() <-chan struct{} }
Chain encapsulates chain operations and data.
type ChainManager ¶
ChainManager provides a way for the Handler to look up the Chain.
type ConfigSequencer ¶
type ConfigSequencer interface {
Sequence() uint64
}
ConfigSequencer provides the sequence number of the current config block.
type ExpiresAtFunc ¶
ExpiresAtFunc is used to extract the time at which an identity expires.
type Filtered ¶
type Filtered interface {
IsFiltered() bool
}
Filtered is a marker interface that indicates a response sender is configured to send filtered blocks Note: this is replaced by "data_type" label. Keep it for now until we decide how to take care of compatibility issue.
type Handler ¶
type Handler struct { ExpirationCheckFunc func(identityBytes []byte) time.Time ChainManager ChainManager TimeWindow time.Duration BindingInspector Inspector Metrics *Metrics }
Handler handles server requests.
func NewHandler ¶
func NewHandler(cm ChainManager, timeWindow time.Duration, mutualTLS bool, metrics *Metrics, expirationCheckDisabled bool) *Handler
NewHandler creates an implementation of the Handler interface.
type InspectorFunc ¶
The InspectorFunc is an adapter that allows the use of an ordinary function as an Inspector.
type Metrics ¶
type Metrics struct { StreamsOpened metrics.Counter StreamsClosed metrics.Counter RequestsReceived metrics.Counter RequestsCompleted metrics.Counter BlocksSent metrics.Counter }
func NewMetrics ¶
type PolicyChecker ¶
PolicyChecker checks the envelope against the policy logic supplied by the function.
type PolicyCheckerFunc ¶
The PolicyCheckerFunc is an adapter that allows the use of an ordinary function as a PolicyChecker.
func (PolicyCheckerFunc) CheckPolicy ¶
func (pcf PolicyCheckerFunc) CheckPolicy(envelope *cb.Envelope, channelID string) error
CheckPolicy calls pcf(envelope, channelID)
type ResponseSender ¶
type ResponseSender interface { // SendStatusResponse sends completion status to the client. SendStatusResponse(status cb.Status) error // SendBlockResponse sends the block and optionally private data to the client. SendBlockResponse(data *cb.Block, channelID string, chain Chain, signedData *protoutil.SignedData) error // DataType returns the data type sent by the sender DataType() string }
ResponseSender defines the interface a handler must implement to send responses.
type Server ¶
type Server struct { Receiver PolicyChecker ResponseSender }
Server is a polymorphic structure to support generalization of this handler to be able to deliver different type of responses.
type SessionAccessControl ¶
type SessionAccessControl struct {
// contains filtered or unexported fields
}
SessionAccessControl holds access control related data for a common Envelope that is used to determine if a request is allowed for the identity associated with the request envelope.
func NewSessionAC ¶
func NewSessionAC(chain ConfigSequencer, env *common.Envelope, policyChecker PolicyChecker, channelID string, expiresAt ExpiresAtFunc) (*SessionAccessControl, error)
NewSessionAC creates an instance of SessionAccessControl. This constructor will return an error if a signature header cannot be extracted from the envelope.
func (*SessionAccessControl) Evaluate ¶
func (ac *SessionAccessControl) Evaluate() error
Evaluate uses the PolicyChecker to determine if a request should be allowed. The decision is cached until the identity expires or the chain configuration changes.