Documentation
¶
Index ¶
- func ExtractChannelHeaderCertHash(msg proto.Message) []byte
- type Chain
- type ChainManager
- type ConfigSequencer
- type ExpiresAtFunc
- type Filtered
- type Handler
- type Inspector
- type InspectorFunc
- type Metrics
- type PolicyChecker
- type PolicyCheckerFunc
- type Receiver
- type ResponseSender
- type Server
- type SessionAccessControl
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractChannelHeaderCertHash ¶
ExtractChannelHeaderCertHash extracts the TLS cert hash from a channel header.
Types ¶
type Chain ¶
type Chain interface {
// Sequence returns the current config sequence number, can be used to detect config changes
Sequence() uint64
// PolicyManager returns the current policy manager as specified by the chain configuration
PolicyManager() policies.Manager
// Reader returns the chain Reader for the chain
Reader() blockledger.Reader
// Errored returns a channel which closes when the backing consenter has errored
Errored() <-chan struct{}
}
Chain encapsulates chain operations and data.
type ChainManager ¶
ChainManager provides a way for the Handler to look up the Chain.
type ConfigSequencer ¶
type ConfigSequencer interface {
Sequence() uint64
}
ConfigSequencer provides the sequence number of the current config block.
type ExpiresAtFunc ¶
ExpiresAtFunc is used to extract the time at which an identity expires.
type Filtered ¶
type Filtered interface {
IsFiltered() bool
}
Filtered is a marker interface that indicates a response sender is configured to send filtered blocks
type Handler ¶
type Handler struct {
ExpirationCheckFunc func(identityBytes []byte) time.Time
ChainManager ChainManager
TimeWindow time.Duration
BindingInspector Inspector
Metrics *Metrics
}
Handler handles server requests.
func NewHandler ¶
func NewHandler(cm ChainManager, timeWindow time.Duration, mutualTLS bool, metrics *Metrics, expirationCheckDisabled bool) *Handler
NewHandler creates an implementation of the Handler interface.
type InspectorFunc ¶
The InspectorFunc is an adapter that allows the use of an ordinary function as an Inspector.
type Metrics ¶
type Metrics struct {
StreamsOpened metrics.Counter
StreamsClosed metrics.Counter
RequestsReceived metrics.Counter
RequestsCompleted metrics.Counter
BlocksSent metrics.Counter
}
func NewMetrics ¶
type PolicyChecker ¶
PolicyChecker checks the envelope against the policy logic supplied by the function.
type PolicyCheckerFunc ¶
The PolicyCheckerFunc is an adapter that allows the use of an ordinary function as a PolicyChecker.
func (PolicyCheckerFunc) CheckPolicy ¶
func (pcf PolicyCheckerFunc) CheckPolicy(envelope *cb.Envelope, channelID string) error
CheckPolicy calls pcf(envelope, channelID)
type ResponseSender ¶
type ResponseSender interface {
SendStatusResponse(status cb.Status) error
SendBlockResponse(block *cb.Block) error
}
ResponseSender defines the interface a handler must implement to send responses.
type Server ¶
type Server struct {
Receiver
PolicyChecker
ResponseSender
}
Server is a polymorphic structure to support generalization of this handler to be able to deliver different type of responses.
type SessionAccessControl ¶
type SessionAccessControl struct {
// contains filtered or unexported fields
}
SessionAccessControl holds access control related data for a common Envelope that is used to determine if a request is allowed for the identity associated with the request envelope.
func NewSessionAC ¶
func NewSessionAC(chain ConfigSequencer, env *common.Envelope, policyChecker PolicyChecker, channelID string, expiresAt ExpiresAtFunc) (*SessionAccessControl, error)
NewSessionAC creates an instance of SessionAccessControl. This constructor will return an error if a signature header cannot be extracted from the envelope.
func (*SessionAccessControl) Evaluate ¶
func (ac *SessionAccessControl) Evaluate() error
Evaluate uses the PolicyChecker to determine if a request should be allowed. The decision is cached until the identity expires or the chain configuration changes.
Source Files
Directories