fabric-chaincode-node icon indicating copy to clipboard operation
fabric-chaincode-node copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

KeyEndorsementPolicy class useful for working with State Based Endorsement is not documented in the node reference docs

Open davidkel opened this issue 3 years ago • 1 comments
trafficstars

I looked on https://hyperledger.github.io/fabric-chaincode-node/release-2.2/api/index.html

and cannot find this class documented yet it is important for users who want to use state based endorsement

davidkel avatar Dec 08 '21 12:12 davidkel

Class: ProposalCreator (alias / legacy name, returned by getCreator())

Note: In the current Fabric chaincode-node API, getCreator() returns a SerializedIdentity. Some older or auto-generated JSDoc pages refer to ProposalCreator as a class, but that is misleading — you should treat this as a read-only structure provided by the runtime, and not something you normally instantiate.

Constructor

new ProposalCreator()

  • Although documented (in older JSDoc) as constructible, you should not use new ProposalCreator(). The endorsing peer/runtime constructs and populates the instance, and returns it in stub.getCreator() or equivalent.

  • The constructor may exist for legacy JSDoc generation, but application/chaincode code should not rely on constructing it manually.

Properties

Name | Type | Description -- | -- | -- mspid | string | The MSP (Membership Service Provider) identifier for the submitter’s organization. idBytes (or id_bytes in older JSDoc) | Uint8Array | The raw identity bytes (i.e. the certificate). In practice, this is often the PEM-encoded X.509 certificate (in UTF-8 form).

  • Note: In TypeScript the property is idBytes (camelCase). Some older documentation uses id_bytes; that is incorrect or outdated and should be normalized to idBytes.

Methods / Behavior

  • There are no methods on this object (beyond what JavaScript gives you). It is purely a data container.

  • The runtime guarantees that the certificate and MSP ID are valid and correspond to the identity that submitted the proposal.

  • For verification or parsing, chaincode code can interpret idBytes (e.g. converting to string, parsing as X.509, extracting subject, etc.).

Interaction with ChaincodeStub.getCreator() / ctx.stub.getCreator()

const identity: SerializedIdentity = ctx.stub.getCreator();
const msp = identity.mspid;
const certPem = Buffer.from(identity.idBytes).toString('utf8');
// e.g. parse cert

  • getCreator() returns the identity of the chaincode invocation’s submitter.

  • This identity is used, for example, in verifying custom signatures, enforcing access control, or combining with state-based endorsement logic (e.g. ensuring that only certain identities can modify endorsement parameters, etc.).

Using in State-Based Endorsement Context

State-based endorsement allows per-key (or per-private-data-key) endorsement policies. The relevant APIs in the fabric-shim stub include:

  • stub.getStateValidationParameter(key)

  • stub.setStateValidationParameter(key, endorsementPolicyBytes)

  • (For private data) stub.getPrivateDataValidationParameter(collection, key) and stub.setPrivateDataValidationParameter(...)

When your chaincode is operating under a state-based endorsement model, you may wish to check or enforce that the transaction submitter is allowed to modify the endorsement parameters of a given key. In that scenario:

  1. Use getCreator() to retrieve the submitter’s identity (mspid + idBytes).

  2. Parse their certificate (e.g. subject, attributes) if needed.

  3. Compare against your access rules (e.g. only org Org1MSP certificate with certain OU or CN allowed).

  4. If allowed, call setStateValidationParameter(...) (or private variant) to update endorsement policy for that particular key.

Thus, accurate documentation of the ProposalCreator / serialized identity is important for state-based endorsement workflows.

Suggested JSDoc / Markdown to Add to Fabric chaincode-node docs

### Class: fabric-shim.ProposalCreator / SerializedIdentity

This object is returned by 
stub.getCreator() (or ctx.stub.getCreator()) and carries the identity of the transaction submitter (the client that proposed the transaction). It is used, for instance, when enforcing access control or implementing state-based endorsement logic.

#### Properties

- mspid: string

The MSP ID of the organization that the submitter belongs to.

- idBytes: Uint8Array

The raw identity bytes of the submitter (typically an X.509 certificate in PEM form). Convert to UTF-8 string to obtain the PEM certificate text.

#### Behavior & Usage

- Do not instantiate this class manually via new ProposalCreator().
- The peer runtime populates mspid and idBytes and supplies it to chaincode via getCreator().
- Use this identity to enforce logic such as “only this MSP or specific user certificate may modify state endorsement parameters.”
- Example in TypeScript:

```ts
const identity = ctx.stub.getCreator();
const msp = identity.mspid;
const pem = Buffer.from(identity.idBytes).toString('utf8');
// parse the certificate if needed, e.g. with an X.509 library


if (msp !== 'Org1MSP') {
throw new Error('Only Org1 is permitted to change endorsement policy');
}


// then update endorsement parameters for a key:
await ctx.stub.setStateValidationParameter(myKey, newPolicyBytes);

Jatkingmodern avatar Oct 04 '25 09:10 Jatkingmodern