Documentation ¶
Index ¶
- func NewSecurityAdvisor(deserializer DeserializersManager) api.SecurityAdvisor
- type DeserializersManager
- type Hasher
- type MSPMessageCryptoService
- func (s *MSPMessageCryptoService) Expiration(peerIdentity api.PeerIdentityType) (time.Time, error)
- func (s *MSPMessageCryptoService) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType
- func (s *MSPMessageCryptoService) Sign(msg []byte) ([]byte, error)
- func (s *MSPMessageCryptoService) ValidateIdentity(peerIdentity api.PeerIdentityType) error
- func (s *MSPMessageCryptoService) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error
- func (s *MSPMessageCryptoService) VerifyBlock(chainID common.ChannelID, seqNum uint64, block *pcommon.Block) error
- func (s *MSPMessageCryptoService) VerifyByChannel(chainID common.ChannelID, peerIdentity api.PeerIdentityType, ...) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewSecurityAdvisor ¶
func NewSecurityAdvisor(deserializer DeserializersManager) api.SecurityAdvisor
NewSecurityAdvisor creates a new instance of mspSecurityAdvisor that implements MessageCryptoService
Types ¶
type DeserializersManager ¶
type DeserializersManager interface { // Deserialize receives SerializedIdentity bytes and returns the unmarshaled form // of the SerializedIdentity, or error on failure Deserialize(raw []byte) (*mspproto.SerializedIdentity, error) // GetLocalMSPIdentifier returns the local MSP identifier GetLocalMSPIdentifier() string // GetLocalDeserializer returns the local identity deserializer GetLocalDeserializer() msp.IdentityDeserializer // GetChannelDeserializers returns a map of the channel deserializers GetChannelDeserializers() map[string]msp.IdentityDeserializer }
DeserializersManager is a support interface to access the local and channel deserializers
func NewDeserializersManager ¶
func NewDeserializersManager(localMSP msp.MSP) DeserializersManager
NewDeserializersManager returns a new instance of DeserializersManager
type Hasher ¶
Hasher is the interface provides the hash function should be used for all gossip components.
type MSPMessageCryptoService ¶
type MSPMessageCryptoService struct {
// contains filtered or unexported fields
}
MSPMessageCryptoService implements the MessageCryptoService interface using the peer MSPs (local and channel-related)
In order for the system to be secure it is vital to have the MSPs to be up-to-date. Channels' MSPs are updated via configuration transactions distributed by the ordering service.
A similar mechanism needs to be in place to update the local MSP, as well. This implementation assumes that these mechanisms are all in place and working.
func NewMCS ¶
func NewMCS( channelPolicyManagerGetter policies.ChannelPolicyManagerGetter, localSigner identity.SignerSerializer, deserializer DeserializersManager, hasher Hasher, ) *MSPMessageCryptoService
NewMCS creates a new instance of MSPMessageCryptoService that implements MessageCryptoService. The method takes in input: 1. a policies.ChannelPolicyManagerGetter that gives access to the policy manager of a given channel via the Manager method. 2. an instance of identity.SignerSerializer 3. an identity deserializer manager
func (*MSPMessageCryptoService) Expiration ¶
func (s *MSPMessageCryptoService) Expiration(peerIdentity api.PeerIdentityType) (time.Time, error)
func (*MSPMessageCryptoService) GetPKIidOfCert ¶
func (s *MSPMessageCryptoService) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType
GetPKIidOfCert returns the PKI-ID of a peer's identity If any error occurs, the method return nil The PKid of a peer is computed as the SHA2-256 of peerIdentity which is supposed to be the serialized version of MSP identity. This method does not validate peerIdentity. This validation is supposed to be done appropriately during the execution flow.
func (*MSPMessageCryptoService) Sign ¶
func (s *MSPMessageCryptoService) Sign(msg []byte) ([]byte, error)
Sign signs msg with this peer's signing key and outputs the signature if no error occurred.
func (*MSPMessageCryptoService) ValidateIdentity ¶
func (s *MSPMessageCryptoService) ValidateIdentity(peerIdentity api.PeerIdentityType) error
ValidateIdentity validates the identity of a remote peer. If the identity is invalid, revoked, expired it returns an error. Else, returns nil
func (*MSPMessageCryptoService) Verify ¶
func (s *MSPMessageCryptoService) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error
Verify checks that signature is a valid signature of message under a peer's verification key. If the verification succeeded, Verify returns nil meaning no error occurred. If peerIdentity is nil, then the verification fails.
func (*MSPMessageCryptoService) VerifyBlock ¶
func (s *MSPMessageCryptoService) VerifyBlock(chainID common.ChannelID, seqNum uint64, block *pcommon.Block) error
VerifyBlock returns nil if the block is properly signed, and the claimed seqNum is the sequence number that the block's header contains. else returns error
func (*MSPMessageCryptoService) VerifyByChannel ¶
func (s *MSPMessageCryptoService) VerifyByChannel(chainID common.ChannelID, peerIdentity api.PeerIdentityType, signature, message []byte) error
VerifyByChannel checks that signature is a valid signature of message under a peer's verification key, but also in the context of a specific channel. If the verification succeeded, Verify returns nil meaning no error occurred. If peerIdentity is nil, then the verification fails.