[FAB-2632] Default endorsement policy

ale-linux · ale-linux · commit 6a81ec18bcea · 2017-03-07T17:30:38.000+01:00
If no custom endorsement policy was specified, the peer used to set a default
endorsement policy requiring a signature from a member of MSP "DEFAULT".
However this MSP may not always exist. The solution is to default to the
following policy: a signature from a member of any of the application MSPs
specified for the channel.

Change-Id: Ie3d5876cc8593b5b91babb4ba21f3146338cd3bd
Signed-off-by: Alessandro Sorniotti &lt;ale.linux@sopit.net&gt;
diff --git a/core/peer/peer.go b/core/peer/peer.go
@@ -297,6 +297,30 @@ func GetCurrConfigBlock(cid string) *common.Block {
 	return nil
 }
 
+// GetMSPIDs returns the ID of each application MSP defined on this chain
+func GetMSPIDs(cid string) []string {
+	chains.RLock()
+	defer chains.RUnlock()
+	if c, ok := chains.list[cid]; ok {
+		if c == nil || c.cs == nil ||
+			c.cs.ApplicationConfig() == nil ||
+			c.cs.ApplicationConfig().Organizations() == nil {
+			return nil
+		}
+
+		orgs := c.cs.ApplicationConfig().Organizations()
+		toret := make([]string, len(orgs))
+		i := 0
+		for _, org := range orgs {
+			toret[i] = org.MSPID()
+			i++
+		}
+
+		return toret
+	}
+	return nil
+}
+
 // SetCurrConfigBlock sets the current config block of the specified chain
 func SetCurrConfigBlock(block *common.Block, cid string) error {
 	chains.Lock()
diff --git a/core/scc/lccc/lccc.go b/core/scc/lccc/lccc.go
@@ -26,6 +26,8 @@ import (
 	"github.com/hyperledger/fabric/core/chaincode/shim"
 	"github.com/hyperledger/fabric/core/common/ccprovider"
 	"github.com/hyperledger/fabric/core/common/sysccprovider"
+	"github.com/hyperledger/fabric/core/peer"
+	"github.com/hyperledger/fabric/protos/common"
 	pb "github.com/hyperledger/fabric/protos/peer"
 	"github.com/hyperledger/fabric/protos/utils"
 	"github.com/op/go-logging"
@@ -469,6 +471,33 @@ func (lccc *LifeCycleSysCC) Init(stub shim.ChaincodeStubInterface) pb.Response {
 	return shim.Success(nil)
 }
 
+// getDefaultEndorsementPolicy returns the default
+// endorsement policy for the specified chain; it
+// is used in case the deployer has not specified a
+// custom one
+func (lccc *LifeCycleSysCC) getDefaultEndorsementPolicy(chain string) []byte {
+	// we create an array of principals, one principal
+	// per application MSP defined on this chain
+	ids := peer.GetMSPIDs(chain)
+	principals := make([]*common.MSPPrincipal, len(ids))
+	sigspolicy := make([]*common.SignaturePolicy, len(ids))
+	for i, id := range ids {
+		principals[i] = &common.MSPPrincipal{
+			PrincipalClassification: common.MSPPrincipal_ROLE,
+			Principal:               utils.MarshalOrPanic(&common.MSPRole{Role: common.MSPRole_MEMBER, MspIdentifier: id})}
+		sigspolicy[i] = cauthdsl.SignedBy(int32(i))
+	}
+
+	// create the policy: it requires exactly 1 signature from any of the principals
+	p := &common.SignaturePolicyEnvelope{
+		Version:    0,
+		Policy:     cauthdsl.NOutOf(1, sigspolicy),
+		Identities: principals,
+	}
+
+	return utils.MarshalOrPanic(p)
+}
+
 // Invoke implements lifecycle functions "deploy", "start", "stop", "upgrade".
 // Deploy's arguments -  {[]byte("deploy"), []byte(<chainname>), <unmarshalled pb.ChaincodeDeploymentSpec>}
 //
@@ -515,11 +544,10 @@ func (lccc *LifeCycleSysCC) Invoke(stub shim.ChaincodeStubInterface) pb.Response
 		// args[4] is the name of escc
 		// args[5] is the name of vscc
 		var policy []byte
-		if len(args) > 3 && args[3] != nil {
+		if len(args) > 3 && len(args[3]) > 0 {
 			policy = args[3]
 		} else {
-			// FIXME: temporary workaround until all SDKs provide a policy
-			policy = utils.MarshalOrPanic(cauthdsl.SignedByMspMember("DEFAULT"))
+			policy = lccc.getDefaultEndorsementPolicy(chainname)
 		}
 
 		var escc []byte
@@ -558,11 +586,10 @@ func (lccc *LifeCycleSysCC) Invoke(stub shim.ChaincodeStubInterface) pb.Response
 		// args[4] is the name of escc
 		// args[5] is the name of vscc
 		var policy []byte
-		if len(args) > 3 && args[3] != nil {
+		if len(args) > 3 && len(args[3]) > 0 {
 			policy = args[3]
 		} else {
-			// FIXME: temporary workaround until all SDKs provide a policy
-			policy = utils.MarshalOrPanic(cauthdsl.SignedByMspMember("DEFAULT"))
+			policy = lccc.getDefaultEndorsementPolicy(chainname)
 		}
 
 		var escc []byte
diff --git a/peer/chaincode/common.go b/peer/chaincode/common.go
@@ -173,10 +173,6 @@ func checkChaincodeCmdParams(cmd *cobra.Command) error {
 				return fmt.Errorf("Invalid policy %s", policy)
 			}
 			policyMarhsalled = putils.MarshalOrPanic(p)
-		} else {
-			// FIXME: we need to get the default from somewhere
-			p := cauthdsl.SignedByMspMember("DEFAULT")
-			policyMarhsalled = putils.MarshalOrPanic(p)
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -173,10 +173,6 @@ func checkChaincodeCmdParams(cmd *cobra.Command) error {`
`173`	`173`	`return fmt.Errorf("Invalid policy %s", policy)`
`174`	`174`	`}`
`175`	`175`	`policyMarhsalled = putils.MarshalOrPanic(p)`
`176`		`- } else {`
`177`		`- // FIXME: we need to get the default from somewhere`
`178`		`- p := cauthdsl.SignedByMspMember("DEFAULT")`
`179`		`- policyMarhsalled = putils.MarshalOrPanic(p)`
`180`	`176`	`}`
`181`	`177`	`}`
`182`	`178`