From aab22112789a13df81b70d5eea955d59c49ace1d Mon Sep 17 00:00:00 2001
From: "S m, Aruna" <aruna.mohan@walmart.com>
Date: Tue, 19 Dec 2023 13:19:49 -0600
Subject: [PATCH] Set default roles signature policy for each organization

Signed-off-by: S m, Aruna <aruna.mohan@walmart.com>
---
 .../service/impl/ChannelServiceImpl.java      | 75 +++++++++++++++++--
 1 file changed, 68 insertions(+), 7 deletions(-)

diff --git a/src/main/java/hlf/java/rest/client/service/impl/ChannelServiceImpl.java b/src/main/java/hlf/java/rest/client/service/impl/ChannelServiceImpl.java
index bc38f8e4..3d5f3ca3 100644
--- a/src/main/java/hlf/java/rest/client/service/impl/ChannelServiceImpl.java
+++ b/src/main/java/hlf/java/rest/client/service/impl/ChannelServiceImpl.java
@@ -353,15 +353,75 @@ private Configtx.ConfigGroup getMSPConfigGroup(hlf.java.rest.client.model.Peer p
     Map<String, Configtx.ConfigValue> valueMap = new HashMap<>();
     valueMap.put(FabricClientConstants.CHANNEL_CONFIG_GROUP_VALUE_MSP, getOrgMspValue(peer));
 
+    // Organization's role policy defines what role can perform what operation
+    // For example, there are typically four roles policies defined
+    // 1. Endorsement
+    // 2. Admin
+    // 3. Readers
+    // 4. Writers
+    // The policy type used would be signature, so that the role
+    // binding can be done.
     return Configtx.ConfigGroup.newBuilder()
         .setVersion(EMPTY_VERSION)
         .putAllGroups(new HashMap<>())
         .setModPolicy(EMPTY_MOD_POLICY)
-        .putAllPolicies(new HashMap<>())
+        .putAllPolicies(getDefaultRolePolicy(peer.getMspid())) // Organization's role policies
         .putAllValues(valueMap)
         .build();
   }
 
+  // The method returns a default policy for each organization
+  // that maps the roles. The policy type is signature. Roles
+  // are identified by their signatures, as those signatures
+  // represent the certificate.
+  private HashMap<String, Configtx.ConfigPolicy> getDefaultRolePolicy(String orgMSPId) {
+    HashMap<String, Configtx.ConfigPolicy> defaultOrgRolePolicy = new HashMap<>();
+    // add Admins, Readers, Writers and Endorsement policies
+    defaultOrgRolePolicy.put(
+        FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_ADMINS,
+        getDefaultRoleConfigPolicyForMSP(
+            FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_ADMINS, orgMSPId));
+    defaultOrgRolePolicy.put(
+        FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_READERS,
+        getDefaultRoleConfigPolicyForMSP(
+            FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_READERS, orgMSPId));
+    defaultOrgRolePolicy.put(
+        FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_WRITERS,
+        getDefaultRoleConfigPolicyForMSP(
+            FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_WRITERS, orgMSPId));
+    defaultOrgRolePolicy.put(
+        FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_ENDORSEMENT,
+        getDefaultRoleConfigPolicyForMSP(
+            FabricClientConstants.CHANNEL_CONFIG_POLICY_TYPE_ENDORSEMENT, orgMSPId));
+    return defaultOrgRolePolicy;
+  }
+
+  // The method returns a ConfigPolicy of type signature for the
+  // passed organization's MSP ID.
+  private Configtx.ConfigPolicy getDefaultRoleConfigPolicyForMSP(
+      String policyFor, String orgMSPId) {
+    // get the signature policy
+    Policies.SignaturePolicy signaturePolicy =
+        Policies.SignaturePolicy.newBuilder()
+            .setNOutOf(
+                Policies.SignaturePolicy.NOutOf.newBuilder()
+                    .setN(1)
+                    .setRules(0, Policies.SignaturePolicy.newBuilder().setSignedBy(0).build())
+                    .build())
+            .build();
+    // get the policy
+    Policies.Policy policy =
+        Policies.Policy.newBuilder()
+            .setType(Policies.Policy.PolicyType.SIGNATURE_VALUE)
+            .setValue(signaturePolicy.toByteString())
+            .build();
+    // create config policy and return
+    return Configtx.ConfigPolicy.newBuilder()
+        .setPolicy(policy)
+        .setModPolicy(FabricClientConstants.CHANNEL_CONFIG_MOD_POLICY_ADMINS)
+        .build();
+  }
+
   private Configtx.ConfigValue getOrgMspValue(hlf.java.rest.client.model.Peer peer) {
     return Configtx.ConfigValue.newBuilder()
         .setModPolicy(FabricClientConstants.CHANNEL_CONFIG_MOD_POLICY_ADMINS)
@@ -470,15 +530,15 @@ private void addDefaultImplicitMetaPolicy(Configtx.ConfigGroup.Builder builder)
   /**
    * get implicit meta policy
    *
-   * @param subPolicyName
+   * @param serializedSubPolicy
    * @param rule
    * @return
    */
-  private Policies.Policy getImplicitMetaPolicy(String subPolicyName, int rule) {
+  private Policies.Policy getImplicitMetaPolicy(String serializedSubPolicy, int rule) {
     Policies.ImplicitMetaPolicy metaPolicy =
         Policies.ImplicitMetaPolicy.newBuilder()
             .setRule(Policies.ImplicitMetaPolicy.Rule.forNumber(rule))
-            .setSubPolicy(subPolicyName)
+            .setSubPolicy(serializedSubPolicy)
             .build();
     return Policies.Policy.newBuilder()
         .setType(Policies.Policy.PolicyType.IMPLICIT_META_VALUE)
@@ -487,14 +547,15 @@ private Policies.Policy getImplicitMetaPolicy(String subPolicyName, int rule) {
   }
 
   /**
-   * @param subPolicyName
+   * @param serializedSubPolicy
    * @param rule
    * @param modPolicy
    * @return
    */
-  private Configtx.ConfigPolicy getConfigPolicy(String subPolicyName, int rule, String modPolicy) {
+  private Configtx.ConfigPolicy getConfigPolicy(
+      String serializedSubPolicy, int rule, String modPolicy) {
     return Configtx.ConfigPolicy.newBuilder()
-        .setPolicy(getImplicitMetaPolicy(subPolicyName, rule))
+        .setPolicy(getImplicitMetaPolicy(serializedSubPolicy, rule))
         .setModPolicy(modPolicy)
         .build();
   }