【fabric源码】fabric 1.4 ACL源码分析

文件功能说明

主要核心代码在core/aclmgmt、common/policies、commmon/cauthdsl、core/policy、core/policyprovider

  • core/aclmgmt目录
    • resources/resources.go,定义了用于ACL检查的fabric资源常量
    • aclmgmt.go,定义ACLProvider.CheckACL接口
    • aclmgmtimpl.go,实现CheckACL接口,持有resourceprovider(ACLProvider),实际调用resourceprovider.CheckACL
    • resourceprovider.go,定义了policyEvaluator.PolicyRefForAPI、policyEvaluator.Evaluate,aclmgmtPolicyProvider.GetPolicyName、aclmgmtPolicyProvider.CheckACL接口,和它们的实现policyEvaluatorImpl、aclmgmtPolicyProviderImpl;resourceProvider持有defaultProvider(ACLProvider)、ResourceGetter;resourceProvider.CheckACL实现中默认会取channel config,不会空则调用自身的实现 aclmgmtPolicyProviderImpl.checkACL,否则调用defaultACLProvider.checkACL
    • defaultaclprovider.go,定义了defaultACLProvider,实现了CheckACL接口,持有pResourcePolicyMap、cResourcePolicyMap、policy.PolicyChecker,initialize方法默认会初始化这三个成员,最终调用policyChecker.CheckPolicy检查策略
  • common/policies 目录
    • implicitmeta_util.go,根据指定的参数创建策略
    • implicitmeta.go,根据bytes创建策略,对signatureSet进行Evaluate
    • implicitmetaparser.go,根据字符串解析规则(ALL、ANY、MAJORITY)
    • policy.go, 定义了Policy.Evaluate、InquireablePolicy.SatisfiedBy、Manager.GetPolicy、Manager.Manager、Provider.NewPolicy、ChannelPolicyManagerGetter.Manager接口,policyLogger包装了Policy.Evaluate添加了日志打印,ManagerImpl实现了Manager接口,它自身持有多个ManagerImpl实例,根据Group有递归调用NewManagerImpl
    • util.go, 定义了ConfigPolicy.Key ConfigPolicy.Value接口及即接口实现StandardConfigPolicy,Value为protos/common.Policy
    • inquire目录,定义了inquireableSignaturePolicy,对common.SignaturePolicyEnvelope的包装;ComparablePrincipal,对MSPPrincipal的包装,可和其他主体比较、合并;
  • common/cauthdsl 目录
    • cauthdsl_builder.go,根据角色、身份、规则构造SignaturePolicyEnvelope,SignaturePolicy
    • cauthdsl.go, 定义了deduplicate,用于删除重复身份;compile,最终的策略执行,递归校验签名,返回一个函数,最终会赋值给policy.evaluator)
    • policy.go,定义了Identity.SatisfiesPrincipal、Identity.GetIdentifier、IdentityAndSignature.Identity、IdentityAndSignature.Verify接口;deserializeAndVerify实现了IdentityAndSignature,持有signedData、deserializer,根据deserializer、signedData.Identity可获得msp.Identity;provider和EnvelopeBasedPolicyProvider实现了Provider.NewPolicy接口,持有deserializer; policy实现了Policy.Evaluate,持有deserializer和evaluator,最终还是调用compile
    • policy_parser.go,定义了一些工具函数and、or、outOf、firstPass、secondPass、FromString
  • core/policy目录
    • policy.go,定义了PolicyChecker.CheckPolicy、 CheckPolicyBySignedData、CheckPolicyNoChannel和PolicyCheckerFactory.NewPolicyChecker接口,policyChecker实现了PolicyChecker,持有ChannelPolicyManagerGetter和IdentityDeserializer,CheckPolicy调用了CheckPolicyNoChannel、CheckPolicyBySignedData,CheckPolicyBySignedData最终调用policy.Evaluate;
  • core/policyprovider目录
    • provider.go,定义了defaultFactory,实现了PolicyCheckerFactory.NewPolicyChecker接口,对外暴露GetPolicyChecker函数

peer node start 中acl的引用

DeliverEventsServer:事件分发

peer/node/start/serve
NewDeliverEventsServer(policyCheckerProvider)->
Deliver->deliver.Handle->deliver.deliverBlocks->NewSessionAC->SessionAccessControl->Evaluate()->policyChecker.CheckPolicy

ChaincodeServer:链码服务

用户链码

peer/node/start/serve ->startChaincodeServer->registerChaincodeSupport->
、chaincode.NewChaincodeSupport(aclProvider)->用户链码启动
core/chaincode/chaincode_support/Register->
core/chaincode/chaincode_support/HandleChaincodeStream->
core/chaincode/hanlder/ProcessStream->handleMessage->handleMessageReadyState->HandleInvokeChaincode->checkACL->ACLProvider.CheckACL

系统链码
  • LSCC
    peer/node/start/serve ->startChaincodeServer->registerChaincodeSupport->
    lscc.New(aclProvider)->
    LifeCycleSysCC( PolicyChecker,ACLProvider)->
    Invoke->
    PolicyChecker.CheckPolicyNoChannel|ACLProvider.CheckACL->
    executeDeployOrUpgrade->
    1.putChaincodeCollectionData->checkCollectionMemberPolicy->policyProvider.NewPolicy
    2.supportImpl.CheckInstantiationPolicy->
    cauthdsl.NewPolicyProvider().NewPolicy().Evaluate()
  • CSCC
    peer/node/start/serve ->startChaincodeServer->registerChaincodeSupport->
    cscc.New(policyChecker,aclProvider)->
    Invoke->InvokeNoShim->policyChecker.CheckPolicyNoChannel| aclProvider.CheckACL
    TODO:policyChecker.CheckPolicyNoChannel后面会改为aclProvider.CheckACL
  • QSCC
    peer/node/start/serve ->startChaincodeServer->registerChaincodeSupport->
    qscc.New(aclProvider)->
    Invoke->aclProvider.CheckACL

EndorserServer: 背书服务

peer/node/start/serve
endorser.NewEndorserServer(endorserSupport(aclProvider))->
Endorser->ProcessProposal->

  1. preProcess->SupportImpl.checkACL()->ACLProvider.CheckACL
  2. SimulateProposal->SupportImpl.CheckInstantiationPolicy->
    ccprovider.CheckInstantiationPolicy

registerProverService: 证明服务 (1.4版本后废弃)

GossipService: 绯闻服务

initGossipService(policyMgr)->peergossip.NewMCS(policyMgr)->
service.InitGossipService->InitGossipServiceCustomDeliveryFactory->NewGossipComponent->NewGossipService->gossipServiceImpl->

  1. gossipServiceImpl.JoinChan->chanState.joinChannel->channel.NewGossipChannel->VerifyByChannel
  2. gossipServiceImpl.InitializeChannel->NewGossipStateProvider->VerifyByChannel
    3.gossipServiceImpl.start->acceptMessages->handleMessage->gossipChannel.HandleMessage->gossipChannel.verifyBlock
  3. VerifyByChannel->channelPolicyManagerGetter.Manager->GetPolicy(“Channel/Application/Readers”)->policy.Evaluate
  4. VerifyBlock->channelPolicyManagerGetter.Manager->GetPolicy(“Channel/Order/BlockValidation”)->policy.Evaluate

你可能感兴趣的:(fabric)