[BE-847] Single Line TLSCA Cert PEM in CA

Signed-off-by: Binoy Mathew <binoy123@gmail.com>
hyperledger-labs · Nov 25, 2020 · 3cf09c3 · 3cf09c3
1 parent fdc8d11
commit 3cf09c3
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 23 deletions.
diff --git a/app/platform/fabric/FabricConfig.ts b/app/platform/fabric/FabricConfig.ts
@@ -331,21 +331,25 @@ export class FabricConfig {
 	 * @returns
 	 * @memberof FabricConfig
 	 */
-	getCertificateAuthorities() {
-		const caURL = [];
-		let serverCertPath = null;
-
-		if (this.config.certificateAuthorities) {
-			for (const x in this.config.certificateAuthorities) {
-				if (this.config.certificateAuthorities[x].tlsCACerts) {
-					serverCertPath = this.config.certificateAuthorities[x].tlsCACerts.path;
-				}
-				if (this.config.certificateAuthorities[x].url) {
-					caURL.push(this.config.certificateAuthorities[x].url);
-				}
-			}
+	getTlsCACertsPem(certificateAuthority) {
+		const tlsCACerts = this.config.certificateAuthorities[certificateAuthority]
+			.tlsCACerts;
+		if (
+			tlsCACerts === undefined ||
+			(tlsCACerts.path === undefined && tlsCACerts.pem === undefined)
+		) {
+			logger.error(
+				`Not found tlsCACerts configuration: ${certificateAuthority.url}`
+			);
+			return '';
 		}
-		return { caURL, serverCertPath };
+		if (tlsCACerts.path !== undefined) {
+			return fs.readFileSync(
+				path.resolve(__dirname, '../../..', tlsCACerts.path),
+				'utf8'
+			);
+		}
+		return tlsCACerts.pem;
 	}
 
 	/**

diff --git a/app/platform/fabric/gateway/FabricGateway.ts b/app/platform/fabric/gateway/FabricGateway.ts
@@ -139,7 +139,9 @@ export class FabricGateway {
 			// Connect to gateway
 			await this.gateway.connect(this.config, connectionOptions);
 		} catch (error) {
-			logger.error(`${explorerError.ERROR_1010}: ${JSON.stringify(error, null, 2)}`);
+			logger.error(
+				`${explorerError.ERROR_1010}: ${JSON.stringify(error, null, 2)}`
+			);
 			throw new ExplorerError(explorerError.ERROR_1010);
 		}
 	}
@@ -193,13 +195,15 @@ export class FabricGateway {
 		}
 
 		try {
-			const caConfig = this.fabricConfig.getCertificateAuthorities();
-			const tlsCACert = fs.readFileSync(caConfig.serverCertPath, 'utf8');
-
-			const ca = new FabricCAServices(caConfig.caURL[0], {
-				trustedRoots: tlsCACert,
-				verify: false
-			});
+			const caName = this.config.organizations[this.fabricConfig.getOrganization()]
+				.certificateAuthorities[0];
+			const ca = new FabricCAServices(
+				this.config.certificateAuthorities[caName].url,
+				{
+					trustedRoots: this.fabricConfig.getTlsCACertsPem(caName),
+					verify: false
+				}
+			);
 
 			const enrollment = await ca.enroll({
 				enrollmentID: this.fabricConfig.getCaAdminUser(),
@@ -378,7 +382,10 @@ export class FabricGateway {
 			const client = new Client('discovery client');
 			if (this.clientTlsIdentity) {
 				logger.info('client TLS enabled');
-				client.setTlsClientCertAndKey(this.clientTlsIdentity.credentials.certificate, this.clientTlsIdentity.credentials.privateKey);
+				client.setTlsClientCertAndKey(
+					this.clientTlsIdentity.credentials.certificate,
+					this.clientTlsIdentity.credentials.privateKey
+				);
 			} else {
 				client.setTlsClientCertAndKey();
 			}