HyperLedger Fabric中的授权 [英] Authorization in HyperLedger Fabric

问题描述

在Hyperledger Fabric上构建的应用程序中实现授权的最佳方法是什么?

What is best way to implement authorization in applications build on Hyperledger Fabric?

从此处考虑Marbles演示用例: https://github.com/IBM-Blockchain/弹珠

Consider the Marbles demo use case from here: https://github.com/IBM-Blockchain/marbles

如何/在何处实现以下功能?

How/Where should I implement the following functionality?

• 只有管理员用户才能创建和分配新弹珠
• 只应允许用户(此示例中的Amy，Alice，Ava)转移出他们拥有的大理石

推荐答案

可能您需要考虑利用GetCreator API提取创建交易建议的客户的证书.获得证书后，您就可以实现所需的功能，例如:

Probably you need to consider leveraging GetCreator API to extract certificate of the client which created transaction proposal. Once you will obtain certificate you can implement desired functionality, e.g.:

• 只有管理员用户才能创建和分配新弹珠

• Only admin user be able to create and allocate new marbles

仅允许用户(此示例中的Amy，Alice和Ava)转移出他们拥有的大理石

Users (Amy, Alice, Ava from this example) should be only allowed to transfer out the marbles that they own

以下是如何在链码中反序列化证书的示例:

Here is the example of how to desirialize certificate within chaincode:

func (*smartContract) Invoke(stub shim.ChaincodeStubInterface) peer.Response {
    fmt.Println("Invoke")

    serializedID, _ := stub.GetCreator()

    sId := &msp.SerializedIdentity{}
    err := proto.Unmarshal(serializedID, sId)
    if err != nil {
        return shim.Error(fmt.Sprintf("Could not deserialize a SerializedIdentity, err %s", err))
    }

    bl, _ := pem.Decode(sId.IdBytes)
    if bl == nil {
        return shim.Error(fmt.Sprintf("Could not decode the PEM structure"))
    }
    cert, err := x509.ParseCertificate(bl.Bytes)
    if err != nil {
        return shim.Error(fmt.Sprintf("ParseCertificate failed %s", err))
    }

    fmt.Println(cert)

    return shim.Success(nil)
}

这篇关于HyperLedger Fabric中的授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！