func ExtractChannelHeaderCertHash(msg proto.Message) []byte
ExtractChannelHeaderCertHash extracts the TLS cert hash from a channel header.
Chain encapsulates chain operations and data.
type Chain interface {
// Sequence returns the current config sequence number, can be used to detect config changes
Sequence() uint64
// PolicyManager returns the current policy manager as specified by the chain configuration
PolicyManager() policies.Manager
// Reader returns the chain Reader for the chain
Reader() blockledger.Reader
// Errored returns a channel which closes when the backing consenter has errored
Errored() <-chan struct{}
}
ChainManager provides a way for the Handler to look up the Chain.
type ChainManager interface {
GetChain(chainID string) Chain
}
ConfigSequencer provides the sequence number of the current config block.
type ConfigSequencer interface {
Sequence() uint64
}
ExpiresAtFunc is used to extract the time at which an identity expires.
type ExpiresAtFunc func(identityBytes []byte) time.Time
Filtered is a marker interface that indicates a response sender is configured to send filtered blocks
type Filtered interface {
IsFiltered() bool
}
Handler handles server requests.
type Handler struct {
ExpirationCheckFunc func(identityBytes []byte) time.Time
ChainManager ChainManager
TimeWindow time.Duration
BindingInspector Inspector
Metrics *Metrics
}
func NewHandler(cm ChainManager, timeWindow time.Duration, mutualTLS bool, metrics *Metrics, expirationCheckDisabled bool) *Handler
NewHandler creates an implementation of the Handler interface.
func (h *Handler) Handle(ctx context.Context, srv *Server) error
Handle receives incoming deliver requests.
Inspector verifies an appropriate binding between the message and the context.
type Inspector interface {
Inspect(context.Context, proto.Message) error
}
The InspectorFunc is an adapter that allows the use of an ordinary function as an Inspector.
type InspectorFunc func(context.Context, proto.Message) error
func (inspector InspectorFunc) Inspect(ctx context.Context, p proto.Message) error
Inspect calls inspector(ctx, p)
type Metrics struct {
StreamsOpened metrics.Counter
StreamsClosed metrics.Counter
RequestsReceived metrics.Counter
RequestsCompleted metrics.Counter
BlocksSent metrics.Counter
}
func NewMetrics(p metrics.Provider) *Metrics
PolicyChecker checks the envelope against the policy logic supplied by the function.
type PolicyChecker interface {
CheckPolicy(envelope *cb.Envelope, channelID string) error
}
The PolicyCheckerFunc is an adapter that allows the use of an ordinary function as a PolicyChecker.
type PolicyCheckerFunc func(envelope *cb.Envelope, channelID string) error
func (pcf PolicyCheckerFunc) CheckPolicy(envelope *cb.Envelope, channelID string) error
CheckPolicy calls pcf(envelope, channelID)
Receiver is used to receive enveloped seek requests.
type Receiver interface {
Recv() (*cb.Envelope, error)
}
ResponseSender defines the interface a handler must implement to send responses.
type ResponseSender interface {
SendStatusResponse(status cb.Status) error
SendBlockResponse(block *cb.Block) error
}
Server is a polymorphic structure to support generalization of this handler to be able to deliver different type of responses.
type Server struct {
Receiver
PolicyChecker
ResponseSender
}
SessionAccessControl holds access control related data for a common Envelope that is used to determine if a request is allowed for the identity associated with the request envelope.
type SessionAccessControl struct {
// contains filtered or unexported fields
}
func NewSessionAC(chain ConfigSequencer, env *common.Envelope, policyChecker PolicyChecker, channelID string, expiresAt ExpiresAtFunc) (*SessionAccessControl, error)
NewSessionAC creates an instance of SessionAccessControl. This constructor will return an error if a signature header cannot be extracted from the envelope.
func (ac *SessionAccessControl) Evaluate() error
Evaluate uses the PolicyChecker to determine if a request should be allowed. The decision is cached until the identity expires or the chain configuration changes.