fabric: github.com/hyperledger/fabric/core/comm Index | Files | Directories

package comm

import "github.com/hyperledger/fabric/core/comm"

Index

Package Files

client.go config.go connection.go creds.go metrics.go producer.go server.go serverstatshandler.go throttle.go util.go

Variables

var (
    // Max send and receive bytes for grpc clients and servers
    MaxRecvMsgSize = 100 * 1024 * 1024
    MaxSendMsgSize = 100 * 1024 * 1024
    // Default peer keepalive options
    DefaultKeepaliveOptions = &KeepaliveOptions{
        ClientInterval:    time.Duration(1) * time.Minute,
        ClientTimeout:     time.Duration(20) * time.Second,
        ServerInterval:    time.Duration(2) * time.Hour,
        ServerTimeout:     time.Duration(20) * time.Second,
        ServerMinInterval: time.Duration(1) * time.Minute,
    }
    // strong TLS cipher suites
    DefaultTLSCipherSuites = []uint16{
        tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
        tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    }
    // default connection timeout
    DefaultConnectionTimeout = 5 * time.Second
)

Configuration defaults

var (
    ClientHandshakeNotImplError = errors.New("core/comm: Client handshakes" +
        "are not implemented with serverCreds")
    OverrrideHostnameNotSupportedError = errors.New(
        "core/comm: OverrideServerName is " +
            "not supported")
    MissingServerConfigError = errors.New(
        "core/comm: `serverConfig` cannot be nil")
)
var EndpointDisableInterval = time.Second * 10

func AddPemToCertPool Uses

func AddPemToCertPool(pemCerts []byte, pool *x509.CertPool) error

AddPemToCertPool adds PEM-encoded certs to a cert pool

func ClientKeepaliveOptions Uses

func ClientKeepaliveOptions(ka *KeepaliveOptions) []grpc.DialOption

ClientKeepaliveOptions returns gRPC keepalive options for clients. If opts is nil, the default keepalive options are returned

func ExtractCertificateFromContext Uses

func ExtractCertificateFromContext(ctx context.Context) *x509.Certificate

ExtractCertificateFromContext returns the TLS certificate (if applicable) from the given context of a gRPC stream

func ExtractCertificateHashFromContext Uses

func ExtractCertificateHashFromContext(ctx context.Context) []byte

ExtractCertificateHashFromContext extracts the hash of the certificate from the given context. If the certificate isn't present, nil is returned

func ExtractRawCertificateFromContext Uses

func ExtractRawCertificateFromContext(ctx context.Context) []byte

ExtractRawCertificateFromContext returns the raw TLS certificate (if applicable) from the given context of a gRPC stream

func InitTLSForShim Uses

func InitTLSForShim(key, certStr string) credentials.TransportCredentials

func NewClientConnectionWithAddress Uses

func NewClientConnectionWithAddress(peerAddress string, block bool, tslEnabled bool,
    creds credentials.TransportCredentials, ka *KeepaliveOptions) (*grpc.ClientConn, error)

NewClientConnectionWithAddress Returns a new grpc.ClientConn to the given address

func NewServerTransportCredentials Uses

func NewServerTransportCredentials(
    serverConfig *tls.Config,
    logger *flogging.FabricLogger) credentials.TransportCredentials

NewServerTransportCredentials returns a new initialized grpc/credentials.TransportCredentials

func ServerKeepaliveOptions Uses

func ServerKeepaliveOptions(ka *KeepaliveOptions) []grpc.ServerOption

ServerKeepaliveOptions returns gRPC keepalive options for server. If opts is nil, the default keepalive options are returned

type BindingInspector Uses

type BindingInspector func(context.Context, proto.Message) error

BindingInspector receives as parameters a gRPC context and an Envelope, and verifies whether the message contains an appropriate binding to the context

func NewBindingInspector Uses

func NewBindingInspector(mutualTLS bool, extractTLSCertHash CertHashExtractor) BindingInspector

NewBindingInspector returns a BindingInspector according to whether mutualTLS is configured or not, and according to a function that extracts TLS certificate hashes from proto messages

type CertHashExtractor Uses

type CertHashExtractor func(proto.Message) []byte

CertHashExtractor extracts a certificate from a proto.Message message

type CertificateBundle Uses

type CertificateBundle [][]byte

CertificateBundle bundles certificates

type ClientConfig Uses

type ClientConfig struct {
    // SecOpts defines the security parameters
    SecOpts *SecureOptions
    // KaOpts defines the keepalive parameters
    KaOpts *KeepaliveOptions
    // Timeout specifies how long the client will block when attempting to
    // establish a connection
    Timeout time.Duration
    // AsyncConnect makes connection creation non blocking
    AsyncConnect bool
}

ClientConfig defines the parameters for configuring a GRPCClient instance

func (ClientConfig) Clone Uses

func (cc ClientConfig) Clone() ClientConfig

Clone clones this ClientConfig

type ConnProducer Uses

type ConnProducer struct {
    sync.RWMutex
    // contains filtered or unexported fields
}

ConnProducer produces connections

func NewConnectionProducer Uses

func NewConnectionProducer(factory ConnectionFactory, endpoints []EndpointCriteria) *ConnProducer

NewConnectionProducer creates a new ConnectionProducer with given endpoints and connection factory. It returns nil, if the given endpoints slice is empty.

func (*ConnProducer) GetEndpoints Uses

func (cp *ConnProducer) GetEndpoints() []EndpointCriteria

GetEndpoints returns configured endpoint criteria for ordering service

func (*ConnProducer) NewConnection Uses

func (cp *ConnProducer) NewConnection() (*grpc.ClientConn, string, error)

NewConnection creates a new connection. Returns the connection, the endpoint selected, nil on success. Returns nil, "", error on failure

func (*ConnProducer) UpdateEndpoints Uses

func (cp *ConnProducer) UpdateEndpoints(endpoints []EndpointCriteria)

UpdateEndpoints updates the endpoints of the ConnectionProducer to be the given endpoints

type ConnectionFactory Uses

type ConnectionFactory func(criteria EndpointCriteria) (*grpc.ClientConn, error)

ConnectionFactory creates a connection to a certain endpoint

type ConnectionProducer Uses

type ConnectionProducer interface {
    // NewConnection creates a new connection.
    // Returns the connection, the endpoint selected, nil on success.
    // Returns nil, "", error on failure
    NewConnection() (*grpc.ClientConn, string, error)
    // UpdateEndpoints updates the endpoint criteria of the ConnectionProducer
    // to be the given endpoints.
    UpdateEndpoints(endpoints []EndpointCriteria)
    // GetEndpoints return ordering service endpoint criteria.
    GetEndpoints() []EndpointCriteria
}

ConnectionProducer produces connections out of a set of predefined endpoints

type CredentialSupport Uses

type CredentialSupport struct {
    sync.RWMutex
    AppRootCAsByChain           map[string]CertificateBundle
    OrdererRootCAsByChainAndOrg OrgRootCAs
    ClientRootCAs               CertificateBundle
    ServerRootCAs               CertificateBundle
    // contains filtered or unexported fields
}

CredentialSupport type manages credentials used for gRPC client connections

func GetCredentialSupport Uses

func GetCredentialSupport() *CredentialSupport

GetCredentialSupport returns the singleton CredentialSupport instance

func (*CredentialSupport) GetClientCertificate Uses

func (cs *CredentialSupport) GetClientCertificate() tls.Certificate

GetClientCertificate returns the client certificate of the CredentialSupport

func (*CredentialSupport) GetDeliverServiceCredentials Uses

func (cs *CredentialSupport) GetDeliverServiceCredentials(
    channelID string,
    appendStaticRoots bool,
    orgs []string,
) (credentials.TransportCredentials, error)

GetDeliverServiceCredentials returns gRPC transport credentials for given channel to be used by gRPC clients which communicate with ordering service endpoints. If appendStaticRoots is set to true, ServerRootCAs are also included in the credentials. If the channel isn't found, an error is returned.

func (*CredentialSupport) GetPeerCredentials Uses

func (cs *CredentialSupport) GetPeerCredentials() credentials.TransportCredentials

GetPeerCredentials returns gRPC transport credentials for use by gRPC clients which communicate with remote peer endpoints.

func (*CredentialSupport) SetClientCertificate Uses

func (cs *CredentialSupport) SetClientCertificate(cert tls.Certificate)

SetClientCertificate sets the tls.Certificate to use for gRPC client connections

type EndpointCriteria Uses

type EndpointCriteria struct {
    Endpoint      string
    Organizations []string
}

EndpointCriteria defines an endpoint, and a list of trusted organizations it corresponds to.

func (EndpointCriteria) Equals Uses

func (ec EndpointCriteria) Equals(other EndpointCriteria) bool

Equals returns whether this EndpointCriteria is equivalent to the given other EndpointCriteria

type GRPCClient Uses

type GRPCClient struct {
    // contains filtered or unexported fields
}

func NewGRPCClient Uses

func NewGRPCClient(config ClientConfig) (*GRPCClient, error)

NewGRPCClient creates a new implementation of GRPCClient given an address and client configuration

func (*GRPCClient) Certificate Uses

func (client *GRPCClient) Certificate() tls.Certificate

Certificate returns the tls.Certificate used to make TLS connections when client certificates are required by the server

func (*GRPCClient) MutualTLSRequired Uses

func (client *GRPCClient) MutualTLSRequired() bool

MutualTLSRequired is a flag indicating whether the client must send a certificate when making TLS connections

func (*GRPCClient) NewConnection Uses

func (client *GRPCClient) NewConnection(address string, serverNameOverride string) (
    *grpc.ClientConn, error)

NewConnection returns a grpc.ClientConn for the target address and overrides the server name used to verify the hostname on the certificate returned by a server when using TLS

func (*GRPCClient) SetMaxRecvMsgSize Uses

func (client *GRPCClient) SetMaxRecvMsgSize(size int)

SetMaxRecvMsgSize sets the maximum message size the client can receive

func (*GRPCClient) SetMaxSendMsgSize Uses

func (client *GRPCClient) SetMaxSendMsgSize(size int)

SetMaxSendMsgSize sets the maximum message size the client can send

func (*GRPCClient) SetServerRootCAs Uses

func (client *GRPCClient) SetServerRootCAs(serverRoots [][]byte) error

SetServerRootCAs sets the list of authorities used to verify server certificates based on a list of PEM-encoded X509 certificate authorities

func (*GRPCClient) TLSEnabled Uses

func (client *GRPCClient) TLSEnabled() bool

TLSEnabled is a flag indicating whether to use TLS for client connections

type GRPCServer Uses

type GRPCServer struct {
    // contains filtered or unexported fields
}

func NewGRPCServer Uses

func NewGRPCServer(address string, serverConfig ServerConfig) (*GRPCServer, error)

NewGRPCServer creates a new implementation of a GRPCServer given a listen address

func NewGRPCServerFromListener Uses

func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig) (*GRPCServer, error)

NewGRPCServerFromListener creates a new implementation of a GRPCServer given an existing net.Listener instance using default keepalive

func (*GRPCServer) Address Uses

func (gServer *GRPCServer) Address() string

Address returns the listen address for this GRPCServer instance

func (*GRPCServer) AppendClientRootCAs Uses

func (gServer *GRPCServer) AppendClientRootCAs(clientRoots [][]byte) error

AppendClientRootCAs appends PEM-encoded X509 certificate authorities to the list of authorities used to verify client certificates

func (*GRPCServer) Listener Uses

func (gServer *GRPCServer) Listener() net.Listener

Listener returns the net.Listener for the GRPCServer instance

func (*GRPCServer) MutualTLSRequired Uses

func (gServer *GRPCServer) MutualTLSRequired() bool

MutualTLSRequired is a flag indicating whether or not client certificates are required for this GRPCServer instance

func (*GRPCServer) RemoveClientRootCAs Uses

func (gServer *GRPCServer) RemoveClientRootCAs(clientRoots [][]byte) error

RemoveClientRootCAs removes PEM-encoded X509 certificate authorities from the list of authorities used to verify client certificates

func (*GRPCServer) Server Uses

func (gServer *GRPCServer) Server() *grpc.Server

Server returns the grpc.Server for the GRPCServer instance

func (*GRPCServer) ServerCertificate Uses

func (gServer *GRPCServer) ServerCertificate() tls.Certificate

ServerCertificate returns the tls.Certificate used by the grpc.Server

func (*GRPCServer) SetClientRootCAs Uses

func (gServer *GRPCServer) SetClientRootCAs(clientRoots [][]byte) error

SetClientRootCAs sets the list of authorities used to verify client certificates based on a list of PEM-encoded X509 certificate authorities

func (*GRPCServer) SetServerCertificate Uses

func (gServer *GRPCServer) SetServerCertificate(cert tls.Certificate)

SetServerCertificate assigns the current TLS certificate to be the peer's server certificate

func (*GRPCServer) Start Uses

func (gServer *GRPCServer) Start() error

Start starts the underlying grpc.Server

func (*GRPCServer) Stop Uses

func (gServer *GRPCServer) Stop()

Stop stops the underlying grpc.Server

func (*GRPCServer) TLSEnabled Uses

func (gServer *GRPCServer) TLSEnabled() bool

TLSEnabled is a flag indicating whether or not TLS is enabled for the GRPCServer instance

type KeepaliveOptions Uses

type KeepaliveOptions struct {
    // ClientInterval is the duration after which if the client does not see
    // any activity from the server it pings the server to see if it is alive
    ClientInterval time.Duration
    // ClientTimeout is the duration the client waits for a response
    // from the server after sending a ping before closing the connection
    ClientTimeout time.Duration
    // ServerInterval is the duration after which if the server does not see
    // any activity from the client it pings the client to see if it is alive
    ServerInterval time.Duration
    // ServerTimeout is the duration the server waits for a response
    // from the client after sending a ping before closing the connection
    ServerTimeout time.Duration
    // ServerMinInterval is the minimum permitted time between client pings.
    // If clients send pings more frequently, the server will disconnect them
    ServerMinInterval time.Duration
}

KeepaliveOptions is used to set the gRPC keepalive settings for both clients and servers

type Metrics Uses

type Metrics struct {
    // OpenConnCounter keeps track of number of open connections
    OpenConnCounter metrics.Counter
    // ClosedConnCounter keeps track of number connections closed
    ClosedConnCounter metrics.Counter
}

type NewSemaphoreFunc Uses

type NewSemaphoreFunc func(size int) Semaphore

type OrgRootCAs Uses

type OrgRootCAs map[string]PerOrgCertificateBundle

OrgRootCAs defines root CA certificates of organizations, by their corresponding channels. channel --> organization --> certificates

func (OrgRootCAs) AppendCertificates Uses

func (orc OrgRootCAs) AppendCertificates(channel string, org string, rootCAs CertificateBundle)

AppendCertificates appends certificates that belong to the given organization in the context of the given channel. This operation isn't thread safe.

func (OrgRootCAs) CertificatesByChannelAndOrg Uses

func (orc OrgRootCAs) CertificatesByChannelAndOrg(channel string, org string) CertificateBundle

CertificatesByChannelAndOrg returns the certificates of the given organization in the context of the given channel.

type PerOrgCertificateBundle Uses

type PerOrgCertificateBundle map[string]CertificateBundle

PerOrgCertificateBundle maps organizations to CertificateBundles

type SecureOptions Uses

type SecureOptions struct {
    // VerifyCertificate, if not nil, is called after normal
    // certificate verification by either a TLS client or server.
    // If it returns a non-nil error, the handshake is aborted and that error results.
    VerifyCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error
    // PEM-encoded X509 public key to be used for TLS communication
    Certificate []byte
    // PEM-encoded private key to be used for TLS communication
    Key []byte
    // Set of PEM-encoded X509 certificate authorities used by clients to
    // verify server certificates
    ServerRootCAs [][]byte
    // Set of PEM-encoded X509 certificate authorities used by servers to
    // verify client certificates
    ClientRootCAs [][]byte
    // Whether or not to use TLS for communication
    UseTLS bool
    // Whether or not TLS client must present certificates for authentication
    RequireClientCert bool
    // CipherSuites is a list of supported cipher suites for TLS
    CipherSuites []uint16
    // TimeShift makes TLS handshakes time sampling shift to the past by a given duration
    TimeShift time.Duration
}

SecureOptions defines the security parameters (e.g. TLS) for a GRPCServer or GRPCClient instance

type Semaphore Uses

type Semaphore interface {
    Acquire(ctx context.Context) error
    Release()
}

type ServerConfig Uses

type ServerConfig struct {
    // ConnectionTimeout specifies the timeout for connection establishment
    // for all new connections
    ConnectionTimeout time.Duration
    // SecOpts defines the security parameters
    SecOpts *SecureOptions
    // KaOpts defines the keepalive parameters
    KaOpts *KeepaliveOptions
    // StreamInterceptors specifies a list of interceptors to apply to
    // streaming RPCs.  They are executed in order.
    StreamInterceptors []grpc.StreamServerInterceptor
    // UnaryInterceptors specifies a list of interceptors to apply to unary
    // RPCs.  They are executed in order.
    UnaryInterceptors []grpc.UnaryServerInterceptor
    // Logger specifies the logger the server will use
    Logger *flogging.FabricLogger
    // Metrics Provider
    MetricsProvider metrics.Provider
}

ServerConfig defines the parameters for configuring a GRPCServer instance

type ServerStatsHandler Uses

type ServerStatsHandler struct {
    OpenConnCounter   metrics.Counter
    ClosedConnCounter metrics.Counter
}

func NewServerStatsHandler Uses

func NewServerStatsHandler(p metrics.Provider) *ServerStatsHandler

func (*ServerStatsHandler) HandleConn Uses

func (h *ServerStatsHandler) HandleConn(ctx context.Context, s stats.ConnStats)

func (*ServerStatsHandler) HandleRPC Uses

func (h *ServerStatsHandler) HandleRPC(ctx context.Context, s stats.RPCStats)

func (*ServerStatsHandler) TagConn Uses

func (h *ServerStatsHandler) TagConn(ctx context.Context, info *stats.ConnTagInfo) context.Context

func (*ServerStatsHandler) TagRPC Uses

func (h *ServerStatsHandler) TagRPC(ctx context.Context, info *stats.RPCTagInfo) context.Context

type Throttle Uses

type Throttle struct {
    // contains filtered or unexported fields
}

func NewThrottle Uses

func NewThrottle(maxConcurrency int, options ...ThrottleOption) *Throttle

func (*Throttle) StreamServerInterceptor Uses

func (t *Throttle) StreamServerInterceptor(srv interface{}, ss grpc.ServerStream, info *grpc.StreamServerInfo, handler grpc.StreamHandler) error

func (*Throttle) UnaryServerIntercptor Uses

func (t *Throttle) UnaryServerIntercptor(ctx context.Context, req interface{}, info *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error)

type ThrottleOption Uses

type ThrottleOption func(t *Throttle)

func WithNewSemaphore Uses

func WithNewSemaphore(newSemaphore NewSemaphoreFunc) ThrottleOption

Directories

PathSynopsis
mockCode generated by counterfeiter.

Package comm imports 29 packages (graph) and is imported by 145 packages. Updated 2019-08-09. Refresh now. Tools for package owners.