標籤:yaml iat 相關 身份認證 序列化 區塊 信任 吊銷 指定
3、MSP介面實現MSP介面實現,即bccspmsp結構體及方法,bccspmsp定義如下:
type bccspmsp struct {????rootCerts []Identity //信任的CA認證列表????intermediateCerts []Identity //信任的中間認證列表????tlsRootCerts [][]byte //信任的CA TLS 認證列表????tlsIntermediateCerts [][]byte //信任的中間TLS 認證列表????certificationTreeInternalNodesMap map[string]bool //待定????signer SigningIdentity //簽名身份????admins []Identity //管理身份列表????bccsp bccsp.BCCSP //Data Encryption Service提供者????name string //MSP名字????opts *x509.VerifyOptions //MSP成員驗證選項????CRL []*pkix.CertificateList //憑證撤銷清單????ouIdentifiers map[string][][]byte //組織列表????cryptoConfig *m.FabricCryptoConfig //加密選項}//代碼在msp/mspimpl.go涉及方法如下:
func NewBccspMsp() (MSP, error) //建立bccsp執行個體,以及建立並初始化bccspmsp執行個體func (msp *bccspmsp) Setup(conf1 *m.MSPConfig) error ////根據MSPConfig設定MSP執行個體func (msp *bccspmsp) GetType() ProviderType //擷取MSP類型,即FABRICfunc (msp *bccspmsp) GetIdentifier() (string, error) //擷取MSP名字func (msp *bccspmsp) GetTLSRootCerts() [][]byte //擷取信任的CA TLS 認證列表msp.tlsRootCertsfunc (msp *bccspmsp) GetTLSIntermediateCerts() [][]byte //擷取信任的中間TLS 認證列表msp.tlsIntermediateCertsfunc (msp *bccspmsp) GetDefaultSigningIdentity() (SigningIdentity, error) ////擷取預設的簽名身份msp.signerfunc (msp *bccspmsp) GetSigningIdentity(identifier *IdentityIdentifier) (SigningIdentity, error) //暫未實現,可忽略func (msp *bccspmsp) Validate(id Identity) error //校正身份是否有效,調取msp.validateIdentity(id)實現func (msp *bccspmsp) DeserializeIdentity(serializedID []byte) (Identity, error) //身份還原序列化func (msp *bccspmsp) SatisfiesPrincipal(id Identity, principal *m.MSPPrincipal) error //驗證給定的身份與principal中所描述的類型是否相匹配//代碼在msp/mspimpl.gofunc (msp bccspmsp) Setup(conf1 m.MSPConfig) error代碼如下:
conf := &m.FabricMSPConfig{}err := proto.Unmarshal(conf1.Config, conf) //將conf1.Config []byte解碼為FabricMSPConfigmsp.name = conf.Nameerr := msp.setupCrypto(conf) //設定加密選項msp.cryptoConfigerr := msp.setupCAs(conf) //設定MSP成員驗證選項msp.opts,並添加信任的CA認證msp.rootCerts和信任的中間認證msp.intermediateCertserr := msp.setupAdmins(conf) //設定管理身份列表msp.adminserr := msp.setupCRLs(conf) //設定憑證撤銷清單msp.CRLerr := msp.finalizeSetupCAs(conf); err != nil //設定msp.certificationTreeInternalNodesMaperr := msp.setupSigningIdentity(conf) //設定簽名身份msp.signererr := msp.setupOUs(conf) //設定組織列表msp.ouIdentifierserr := msp.setupTLSCAs(conf) //設定並添加信任的CA TLS 認證列表msp.tlsRootCerts,以及信任的CA TLS 認證列表msp.tlsIntermediateCertsfor i, admin := range msp.admins {????err = admin.Validate() //確保管理員是有效成員}//代碼在msp/mspimpl.gofunc (msp bccspmsp) validateIdentity(id identity)代碼如下:
validationChain, err := msp.getCertificationChainForBCCSPIdentity(id) //擷取BCCSP身份認證鏈err = msp.validateIdentityAgainstChain(id, validationChain) //根據鏈驗證身份err = msp.validateIdentityOUs(id) //驗證身份中所攜帶的組織資訊有效//代碼在msp/mspimpl.go結構體定義:
type mspManagerImpl struct {????mspsMap map[string]MSP //MSP的映射????up bool //是否正常啟用}//代碼在msp/mspmgrimpl.go方法:
func NewMSPManager() MSPManager //建立mspManagerImpl執行個體func (mgr *mspManagerImpl) Setup(msps []MSP) error //將msps裝入mgr.mspsMapfunc (mgr *mspManagerImpl) GetMSPs() (map[string]MSP, error) //擷取mgr.mspsMapfunc (mgr *mspManagerImpl) DeserializeIdentity(serializedID []byte) (Identity, error) //調用msp.DeserializeIdentity()實現身份還原序列化//代碼在msp/mspmgrimpl.goidentity結構體定義(身份):
type identity struct {????id *IdentityIdentifier //身份標識符(含Mspid和Id,均為string)????cert *x509.Certificate //代表身份的x509認證????pk bccsp.Key //身份公開金鑰????msp *bccspmsp //擁有此執行個體的MSP執行個體}//代碼在msp/identities.go補充IdentityIdentifier結構體定義(身份標識符):
type IdentityIdentifier struct {????Mspid string //Msp id????Id string //Id}//代碼在msp/msp.goidentity結構體涉及方法如下:
func newIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, error) //建立identity執行個體func NewSerializedIdentity(mspID string, certPEM []byte) ([]byte, error) //建立身份SerializedIdentity並序列化func (id *identity) SatisfiesPrincipal(principal *msp.MSPPrincipal) error //調用msp的SatisfiesPrincipal檢查身份與principal中所描述的類型是否匹配func (id *identity) GetIdentifier() *IdentityIdentifier //擷取id.idfunc (id *identity) GetMSPIdentifier() string //擷取id.id.Mspidfunc (id *identity) Validate() error //調取id.msp.Validate(id)校正身份是否有效func (id *identity) GetOrganizationalUnits() []*OUIdentifier //擷取組織單元func (id *identity) Verify(msg []byte, sig []byte) error //用這個身份校正訊息簽名func (id *identity) Serialize() ([]byte, error)//身份序列化func (id *identity) getHashOpt(hashFamily string) (bccsp.HashOpts, error) //調取bccsp.GetHashOpt//代碼在msp/identities.gosigningidentity結構體定義(簽名身份):
type signingidentity struct {????identity //嵌入identity????signer crypto.Signer //crypto標準庫中Signer介面}//代碼在msp/identities.gosigningidentity結構體涉及方法如下:
//建立signingidentity執行個體func newSigningIdentity(id *IdentityIdentifier, cert *x509.Certificate, pk bccsp.Key, signer crypto.Signer, msp *bccspmsp) (SigningIdentity, error) func (id *signingidentity) Sign(msg []byte) ([]byte, error) //簽名msgfunc (id *signingidentity) GetPublicVersion() Identity //擷取id.identity//代碼在msp/identities.goMSPConfig相關結構體定義:
FabricMSPConfig定義與bccspmsp接近,FabricMSPConfig序列化後以[]byte存入MSPConfig.Config中。
type MSPConfig struct {????Type int32????Config []byte}type FabricMSPConfig struct {????Name string //MSP名字????RootCerts [][]byte //信任的CA認證列表????IntermediateCerts [][]byte //信任的中間認證列表????Admins [][]byte //管理身份列表????RevocationList [][]byte //憑證撤銷清單????SigningIdentity *SigningIdentityInfo //簽名身份????OrganizationalUnitIdentifiers []*FabricOUIdentifier //組織列表????CryptoConfig *FabricCryptoConfig //加密選項????TlsRootCerts [][]byte //信任的CA TLS 認證列表????TlsIntermediateCerts [][]byte //信任的中間TLS 認證列表}//代碼在protos/msp/msp_config.pb.go涉及的方法如下:
func GetLocalMspConfig(dir string, bccspConfig *factory.FactoryOpts, ID string) (*msp.MSPConfig, error) //擷取本地MSP配置//代碼在protos/msp/configbuilder.gofunc GetLocalMspConfig(dir string, bccspConfig factory.FactoryOpts, ID string) (msp.MSPConfig, error)實現代碼如下:
SetupBCCSPKeystoreConfig()核心代碼為bccspConfig.SwOpts.FileKeystore = &factory.FileKeystoreOpts{KeyStorePath: keystoreDir},目的是在FileKeystore或KeyStorePath為空白時設定預設值。
signcertDir := filepath.Join(dir, signcerts) //signcerts為"signcerts",signcertDir即/etc/hyperledger/fabric/msp/signcerts/keystoreDir := filepath.Join(dir, keystore) //keystore為"keystore",keystoreDir即/etc/hyperledger/fabric/msp/keystore/bccspConfig = SetupBCCSPKeystoreConfig(bccspConfig, keystoreDir) //設定bccspConfig.SwOpts.Ephemeral = false和bccspConfig.SwOpts.FileKeystore = &factory.FileKeystoreOpts{KeyStorePath: keystoreDir}????//bccspConfig.SwOpts.Ephemeral是否短暫的err := factory.InitFactories(bccspConfig) //初始化bccsp factory,並建立bccsp執行個體signcert, err := getPemMaterialFromDir(signcertDir) //讀取X.509認證的PEM檔案sigid := &msp.SigningIdentityInfo{PublicSigner: signcert[0], PrivateSigner: nil} //構造SigningIdentityInforeturn getMspConfig(dir, ID, sigid) //分別讀取cacerts、admincerts、tlscacerts檔案,以及config.yaml中組織資訊,構造msp.FabricMSPConfig,序列化後用於構造msp.MSPConfig//代碼在msp/configbuilder.gomgmt涉及方法如下:
func LoadLocalMsp(dir string, bccspConfig *factory.FactoryOpts, mspID string) error //從指定目錄載入本地MSPfunc GetLocalMSP() msp.MSP //調取msp.NewBccspMsp()建立bccspmsp執行個體func GetLocalSigningIdentityOrPanic() msp.SigningIdentity //GetLocalMSP().GetDefaultSigningIdentity()//代碼在msp/mgmt/mgmt.gofunc LoadLocalMsp(dir string, bccspConfig *factory.FactoryOpts, mspID string) error代碼如下:
conf, err := msp.GetLocalMspConfig(dir, bccspConfig, mspID) //擷取本地MSP配置,序列化後寫入msp.MSPConfig,即confreturn GetLocalMSP().Setup(conf) //調取msp.NewBccspMsp()建立bccspmsp執行個體,調取bccspmsp.Setup(conf)解碼conf.Config並設定bccspmsp//代碼在msp/mgmt/mgmt.go區塊鏈教程Fabric1.0原始碼分析MSP成員關係服務提供者二
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
