hyperledger-labs
diff --git a/‎token/authorization.go
Lines changed: 15 additions & 0 deletions b/‎token/authorization.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎token/core/common/authrorization.go
Lines changed: 113 additions & 0 deletions b/‎token/core/common/authrorization.go
Lines changed: 113 additions & 0 deletions
diff --git a/‎token/core/common/tms.go
Lines changed: 7 additions & 0 deletions b/‎token/core/common/tms.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎token/core/fabtoken/driver/driver.go
Lines changed: 6 additions & 1 deletion b/‎token/core/fabtoken/driver/driver.go
Lines changed: 6 additions & 1 deletion
diff --git a/‎token/core/fabtoken/service.go
Lines changed: 2 additions & 0 deletions b/‎token/core/fabtoken/service.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎token/core/zkatdlog/nogh/driver/driver.go
Lines changed: 6 additions & 0 deletions b/‎token/core/zkatdlog/nogh/driver/driver.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎token/core/zkatdlog/nogh/service.go
Lines changed: 2 additions & 0 deletions b/‎token/core/zkatdlog/nogh/service.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎token/driver/tms.go
Lines changed: 1 addition & 0 deletions b/‎token/driver/tms.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎token/driver/wallet.go
Lines changed: 14 additions & 0 deletions b/‎token/driver/wallet.go
Lines changed: 14 additions & 0 deletions
diff --git a/‎token/sdk/dig/sdk.go
Lines changed: 0 additions & 6 deletions b/‎token/sdk/dig/sdk.go
Lines changed: 0 additions & 6 deletions
diff --git a/‎token/sdk/tokens/authrorization.go
Lines changed: 0 additions & 87 deletions b/‎token/sdk/tokens/authrorization.go
Lines changed: 0 additions & 87 deletions
@@ -0,0 +1,15 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package token
+
+import "github.com/hyperledger-labs/fabric-token-sdk/token/driver"
+
+// Authorization defines method to check the relation between a token
+// and wallets (owner, auditor, etc.)
+type Authorization struct {
+	driver.Authorization
+}
@@ -0,0 +1,113 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package common
+
+import (
+	"github.com/hyperledger-labs/fabric-token-sdk/token"
+	"github.com/hyperledger-labs/fabric-token-sdk/token/driver"
+	"github.com/hyperledger-labs/fabric-token-sdk/token/services/identity"
+	token2 "github.com/hyperledger-labs/fabric-token-sdk/token/token"
+)
+
+type Authorization interface {
+	// IsMine returns true if the passed token is owned by an owner wallet in the passed TMS
+	IsMine(tok *token2.Token) ([]string, bool)
+	// AmIAnAuditor return true if the passed TMS contains an auditor wallet for any of the auditor identities
+	// defined in the public parameters of the passed TMS.
+	AmIAnAuditor() bool
+	// Issued returns true if the passed issuer issued the passed token
+	Issued(issuer token.Identity, tok *token2.Token) bool
+}
+
+// WalletBasedAuthorization is a wallet-based authorization implementation
+type WalletBasedAuthorization struct {
+	PublicParameters driver.PublicParameters
+	WalletService    driver.WalletService
+	amIAnAuditor     bool
+}
+
+func NewTMSAuthorization(publicParameters driver.PublicParameters, walletService driver.WalletService) *WalletBasedAuthorization {
+	amIAnAuditor := false
+	for _, identity := range publicParameters.Auditors() {
+		if _, err := walletService.AuditorWallet(identity); err == nil {
+			amIAnAuditor = true
+			break
+		}
+	}
+	return &WalletBasedAuthorization{PublicParameters: publicParameters, WalletService: walletService, amIAnAuditor: amIAnAuditor}
+}
+
+// IsMine returns true if the passed token is owned by an owner wallet in the passed TMS
+func (w *WalletBasedAuthorization) IsMine(tok *token2.Token) ([]string, bool) {
+	wallet, err := w.WalletService.OwnerWallet(tok.Owner.Raw)
+	if err != nil {
+		return nil, false
+	}
+	return []string{wallet.ID()}, true
+}
+
+// AmIAnAuditor return true if the passed TMS contains an auditor wallet for any of the auditor identities
+// defined in the public parameters of the passed TMS.
+func (w *WalletBasedAuthorization) AmIAnAuditor() bool {
+	return w.amIAnAuditor
+}
+
+func (w *WalletBasedAuthorization) Issued(issuer token.Identity, tok *token2.Token) bool {
+	_, err := w.WalletService.IssuerWallet(issuer)
+	return err == nil
+}
+
+// AuthorizationMultiplexer iterates over multiple authorization checker
+type AuthorizationMultiplexer struct {
+	authorizations []Authorization
+}
+
+// NewAuthorizationMultiplexer returns a new AuthorizationMultiplexer for the passed ownership checkers
+func NewAuthorizationMultiplexer(ownerships ...Authorization) *AuthorizationMultiplexer {
+	return &AuthorizationMultiplexer{authorizations: ownerships}
+}
+
+// IsMine returns true it there exists an authorization checker that returns true
+func (o *AuthorizationMultiplexer) IsMine(tok *token2.Token) ([]string, bool) {
+	for _, authorization := range o.authorizations {
+		ids, mine := authorization.IsMine(tok)
+		if mine {
+			return ids, true
+		}
+	}
+	return nil, false
+}
+
+// AmIAnAuditor returns true it there exists an authorization checker that returns true
+func (o *AuthorizationMultiplexer) AmIAnAuditor() bool {
+	for _, authorization := range o.authorizations {
+		yes := authorization.AmIAnAuditor()
+		if yes {
+			return true
+		}
+	}
+	return false
+}
+
+func (o *AuthorizationMultiplexer) Issued(issuer token.Identity, tok *token2.Token) bool {
+	for _, authorization := range o.authorizations {
+		yes := authorization.Issued(issuer, tok)
+		if yes {
+			return true
+		}
+	}
+	return false
+}
+
+// OwnerType returns the type of owner (e.g. 'idemix' or 'htlc') and the identity bytes
+func (o *AuthorizationMultiplexer) OwnerType(raw []byte) (string, []byte, error) {
+	owner, err := identity.UnmarshalTypedIdentity(raw)
+	if err != nil {
+		return "", nil, err
+	}
+	return owner.Type, owner.Identity, nil
+}
@@ -30,6 +30,7 @@ type Service[T driver.PublicParameters] struct {
 	transferService         driver.TransferService
 	auditorService          driver.AuditorService
 	tokensService           driver.TokensService
+	authorization           driver.Authorization
 }
 
 func NewTokenService[T driver.PublicParameters](
@@ -45,6 +46,7 @@ func NewTokenService[T driver.PublicParameters](
 	transferService driver.TransferService,
 	auditorService driver.AuditorService,
 	tokensService driver.TokensService,
+	authorization driver.Authorization,
 ) (*Service[T], error) {
 	s := &Service[T]{
 		Logger:                  logger,
@@ -59,6 +61,7 @@ func NewTokenService[T driver.PublicParameters](
 		transferService:         transferService,
 		auditorService:          auditorService,
 		tokensService:           tokensService,
+		authorization:           authorization,
 	}
 	return s, nil
 }
@@ -119,6 +122,10 @@ func (s *Service[T]) TokensService() driver.TokensService {
 	return s.tokensService
 }
 
+func (s *Service[T]) Authorization() driver.Authorization {
+	return s.authorization
+}
+
 // Done releases all the resources allocated by this service
 func (s *Service[T]) Done() error {
 	return nil
 
@@ -18,6 +18,7 @@ import (
 	"github.com/hyperledger-labs/fabric-token-sdk/token/driver"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/config"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/identity"
+	"github.com/hyperledger-labs/fabric-token-sdk/token/services/interop/htlc"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/network"
 	"github.com/pkg/errors"
 	"go.opentelemetry.io/otel/trace"
@@ -102,7 +103,10 @@ func (d *Driver) NewTokenService(_ driver.ServiceProvider, networkID string, cha
 
 	metricsProvider := metrics.NewTMSProvider(tmsConfig.ID(), d.metricsProvider)
 	tracerProvider := tracing2.NewTracerProviderWithBackingProvider(d.tracerProvider, metricsProvider)
-
+	authorization := common.NewAuthorizationMultiplexer(
+		common.NewTMSAuthorization(publicParamsManager.PublicParams(), ws),
+		htlc.NewScriptAuth(ws),
+	)
 	service, err := fabtoken.NewService(
 		logger,
 		ws,
@@ -124,6 +128,7 @@ func (d *Driver) NewTokenService(_ driver.ServiceProvider, networkID string, cha
 			observables.NewAudit(tracerProvider),
 		),
 		fabtoken.NewTokensService(),
+		authorization,
 	)
 	if err != nil {
 		return nil, errors.WithMessage(err, "failed to create token service")
 
@@ -33,6 +33,7 @@ func NewService(
 	transferService driver.TransferService,
 	auditorService driver.AuditorService,
 	tokensService driver.TokensService,
+	authorization driver.Authorization,
 ) (*Service, error) {
 	root, err := common.NewTokenService[*PublicParams](
 		logger,
@@ -47,6 +48,7 @@ func NewService(
 		transferService,
 		auditorService,
 		tokensService,
+		authorization,
 	)
 	if err != nil {
 		return nil, err
 
@@ -20,6 +20,7 @@ import (
 	"github.com/hyperledger-labs/fabric-token-sdk/token/driver"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/config"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/identity"
+	"github.com/hyperledger-labs/fabric-token-sdk/token/services/interop/htlc"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/network"
 	"github.com/pkg/errors"
 	"go.opentelemetry.io/otel/trace"
@@ -102,6 +103,10 @@ func (d *Driver) NewTokenService(_ driver.ServiceProvider, networkID string, cha
 	ip := ws.IdentityProvider
 
 	tokDeserializer := &TokenDeserializer{}
+	authorization := common.NewAuthorizationMultiplexer(
+		common.NewTMSAuthorization(ppm.PublicParams(), ws),
+		htlc.NewScriptAuth(ws),
+	)
 
 	metricsProvider := metrics.NewTMSProvider(tmsConfig.ID(), d.metricsProvider)
 	tracerProvider := tracing2.NewTracerProviderWithBackingProvider(d.tracerProvider, metricsProvider)
@@ -141,6 +146,7 @@ func (d *Driver) NewTokenService(_ driver.ServiceProvider, networkID string, cha
 			observables.NewAudit(tracerProvider),
 		),
 		zkatdlog.NewTokensService(ppm),
+		authorization,
 	)
 	if err != nil {
 		return nil, errors.WithMessage(err, "failed to create token service")
 
@@ -44,6 +44,7 @@ func NewTokenService(
 	transferService driver.TransferService,
 	auditorService driver.AuditorService,
 	tokensService driver.TokensService,
+	authorization driver.Authorization,
 ) (*Service, error) {
 	root, err := common.NewTokenService[*crypto.PublicParams](
 		logger,
@@ -58,6 +59,7 @@ func NewTokenService(
 		transferService,
 		auditorService,
 		tokensService,
+		authorization,
 	)
 	if err != nil {
 		return nil, err
 
@@ -42,6 +42,7 @@ type TokenManagerService interface {
 	PublicParamsManager() PublicParamsManager
 	Configuration() Configuration
 	WalletService() WalletService
+	Authorization() Authorization
 	// Done releases all the resources allocated by this service
 	Done() error
 }
 
@@ -129,6 +129,20 @@ type IdentityConfiguration struct {
 // Ultimately, it is the token driver to decide which types are allowed.
 type WalletLookupID = any
 
+// Authorization defines method to check the relation between a token
+// and wallets (owner, auditor, etc.)
+type Authorization interface {
+	// IsMine returns true if the passed token is owned by an owner wallet in the passed TMS
+	IsMine(tok *token.Token) ([]string, bool)
+	// AmIAnAuditor return true if the passed TMS contains an auditor wallet for any of the auditor identities
+	// defined in the public parameters of the passed TMS.
+	AmIAnAuditor() bool
+	// Issued returns true if the passed issuer issued the passed token
+	Issued(issuer Identity, tok *token.Token) bool
+	// OwnerType returns the type of owner (e.g. 'idemix' or 'htlc') and the identity bytes
+	OwnerType(raw []byte) (string, []byte, error)
+}
+
 //go:generate counterfeiter -o mock/ws.go -fake-name WalletService . WalletService
 
 // WalletService models the wallet service that handles issuer, recipient, auditor and certifier wallets
 
@@ -30,7 +30,6 @@ import (
 	"github.com/hyperledger-labs/fabric-token-sdk/token/sdk/identity"
 	network2 "github.com/hyperledger-labs/fabric-token-sdk/token/sdk/network"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/sdk/tms"
-	tokens2 "github.com/hyperledger-labs/fabric-token-sdk/token/sdk/tokens"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/sdk/vault"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/auditdb"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/auditor"
@@ -39,7 +38,6 @@ import (
 	identity2 "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity"
 	kvs2 "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity/kvs"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/identitydb"
-	"github.com/hyperledger-labs/fabric-token-sdk/token/services/interop/htlc"
 	logging2 "github.com/hyperledger-labs/fabric-token-sdk/token/services/logging"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/network"
 	"github.com/hyperledger-labs/fabric-token-sdk/token/services/network/common"
@@ -126,10 +124,6 @@ func (p *SDK) Install() error {
 		p.Container().Provide(digutils.Identity[*identity.DBStorageProvider](), dig.As(new(identity2.StorageProvider))),
 		p.Container().Provide(auditor.NewManager),
 		p.Container().Provide(ttx.NewManager),
-		p.Container().Provide(func() *tokens2.AuthorizationMultiplexer {
-			return tokens2.NewAuthorizationMultiplexer(&tokens2.TMSAuthorization{}, &htlc.ScriptOwnership{})
-		}, dig.As(new(tokens.Authorization))),
-		p.Container().Provide(func() *tokens2.IssuedMultiplexer { return tokens2.NewIssuedMultiplexer(&tokens2.WalletIssued{}) }, dig.As(new(tokens.Issued))),
 		p.Container().Provide(tokens.NewManager),
 		p.Container().Provide(digutils.Identity[*tokens.Manager](), dig.As(new(ttx.TokensProvider), new(auditor.TokenDBProvider))),
 		p.Container().Provide(vault.NewVaultProvider),
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ type TokenManagerService interface {`
`42`	`42`	`PublicParamsManager() PublicParamsManager`
`43`	`43`	`Configuration() Configuration`
`44`	`44`	`WalletService() WalletService`
	`45`	`+ Authorization() Authorization`
`45`	`46`	`// Done releases all the resources allocated by this service`
`46`	`47`	`Done() error`
`47`	`48`	`}`