Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractChannelHeaderCertHash ¶
ExtractChannelHeaderCertHash extracts the TLS cert hash from a channel header.
Types ¶
type Chain ¶
type Chain interface { // Sequence returns the current config sequence number, can be used to detect config changes Sequence() uint64 // PolicyManager returns the current policy manager as specified by the chain configuration PolicyManager() policies.Manager // Reader returns the chain Reader for the chain Reader() blockledger.Reader // Errored returns a channel which closes when the backing consenter has errored Errored() <-chan struct{} }
Chain encapsulates chain operations and data.
type ChainManager ¶
ChainManager provides a way for the Handler to look up the Chain.
type ConfigSequencer ¶
type ConfigSequencer interface {
Sequence() uint64
}
ConfigSequencer provides the sequence number of the current config block.
type ExpiresAtFunc ¶
ExpiresAtFunc is used to extract the time at which an identity expires.
type Handler ¶
type Handler struct { ChainManager ChainManager TimeWindow time.Duration BindingInspector Inspector }
Handler handles server requests.
func NewHandler ¶
func NewHandler(cm ChainManager, timeWindow time.Duration, mutualTLS bool) *Handler
NewHandler creates an implementation of the Handler interface.
type InspectorFunc ¶
The InspectorFunc is an adapter that allows the use of an ordinary function as an Inspector.
type PolicyChecker ¶
PolicyChecker checks the envelope against the policy logic supplied by the function.
type PolicyCheckerFunc ¶
The PolicyCheckerFunc is an adapter that allows the use of an ordinary function as a PolicyChecker.
func (PolicyCheckerFunc) CheckPolicy ¶
func (pcf PolicyCheckerFunc) CheckPolicy(envelope *cb.Envelope, channelID string) error
CheckPolicy calls pcf(envelope, channelID)
type ResponseSender ¶
type ResponseSender interface { SendStatusResponse(status cb.Status) error SendBlockResponse(block *cb.Block) error }
ResponseSender defines the interface a handler must implement to send responses.
type Server ¶
type Server struct { Receiver PolicyChecker ResponseSender }
Server is a polymorphic structure to support generalization of this handler to be able to deliver different type of responses.
type SessionAccessControl ¶
type SessionAccessControl struct {
// contains filtered or unexported fields
}
SessionAccessControl holds access control related data for a common Envelope that is used to determine if a request is allowed for the identity associated with the request envelope.
func NewSessionAC ¶
func NewSessionAC(chain ConfigSequencer, env *common.Envelope, policyChecker PolicyChecker, channelID string, expiresAt ExpiresAtFunc) (*SessionAccessControl, error)
NewSessionAC creates an instance of SessionAccessControl. This constructor will return an error if a signature header cannot be extracted from the envelope.
func (*SessionAccessControl) Evaluate ¶
func (ac *SessionAccessControl) Evaluate() error
Evaluate uses the PolicyChecker to determine if a request should be allowed. The decision is cached until the identity expires or the chain configuration changes.