识别Hyperledger Fabric V1.0链码中的调用同级/组织

Question

有什么方法可以知道Hyperledger Fabric V1.0的 golang 链 代码中的调用方和组织吗？

Answer 1

Currently all API's available for chaincode is described in interface.go file. At the moment there is no API which will allow you to identify invoking peer and organization inside the chaincode. I think the main reason for that is that chaincode has to be agnostic to that type of information, since all ACL's managed by the peer and chaincode should stay agnostic to it, preserve deterministic behavior regardless of whoever invoking it and be stateless.

If need you probably could try to leverage the identity of the client who created transaction proposal request, by using GetCreator API:

    // GetCreator returns `SignatureHeader.Creator` (e.g. an identity)
    // of the `SignedProposal`. This is the identity of the agent (or user)
    // submitting the transaction.
    GetCreator() ([]byte, error)

And then to parse client certificate to learn about the client, also you can also consider to use transient fields to make client to put there relevant information which could be read by chaincode later:

// GetTransient returns the `ChaincodeProposalPayload.Transient` field.
// It is a map that contains data (e.g. cryptographic material)
// that might be used to implement some form of application-level
// confidentiality. The contents of this field, as prescribed by
// `ChaincodeProposalPayload`, are supposed to always
// be omitted from the transaction and excluded from the ledger.
GetTransient() (map[string][]byte, error)

Answer 2

In fabric 1.1, there seems a new lib cid can reach to your requirements.

Getting the client's ID

// GetID returns the ID associated with the invoking identity.  This ID
// is guaranteed to be unique within the MSP.
func GetID(stub ChaincodeStubInterface) (string, error) 

Getting the MSP ID

// GetMSPID returns the ID of the MSP associated with the identity that
// submitted the transaction
func GetMSPID(stub ChaincodeStubInterface) (string, error)

For full information your can refer Client Identity Chaincode Library

Answer 3

The client identity chaincode library enables developers to write chaincode which makes access control decisions based on the identity of the client (ie the invoker of the chaincode).

You can get the id of the calling client by using GetID function available in the cid package.

Few other functions available that you may find useful in the above-mentioned package are:

• GetX509Certificate It can be used to get the X509 certificate of the client.
• GetAttributeValue to get the attributes that were associated with the client during the time of his registration.

Other than the functions available in cid package, you may find these functions helpful too.

• GetSignedProposal It returns the signed proposal object, which contains all data elements part of a transaction proposal.
• GetCreator It returns SignatureHeader.Creator (eg an identity) of the SignedProposal . This is the identity of the agent (or user) submitting the transaction.

Answer 4

I ended up on this question by looking for a way to restrict non-members of private data collections to query private data from a peer. I was considering adding a verifier in the chaincode to see if the client belonged to the same organization as the peer.

If you are looking to do the same, use the memberOnlyRead attribute when creating the private data collection. You might be able to build more advanced restrictions using this technique.