[FAB-7291] Set default value for Chainfile attribute

Anil Ambati · Anil Ambati · commit 1c6ef1227fe1 · 2017-12-08T09:27:47.000-05:00
In a fabric CA cluster that has two servers, if the cluster members are started in parallel, there is a chance one server will initialize before the other. When this happens, first server will enroll and get a CA cert, private key and a CA chain and store them on the shared file system. The second server will skip the enrollment since enrollment was done by the first server, so getCACert method is not invoked. Since the cfg.CA.Chainfile variable is set in the getCACert method, its value will remain as an empty string. This causes an error when getcacerts request is sent to the second server. Fix is to set the cfg.CA.Chainfile to default value "ca-chain.pem" if a value is not specified by the user. With this change, cluster fvt test passes. This problem was introduced by the change set: https://gerrit.hyperledger.org/r/c/15373/. The problem was uncovered by cluster_test.sh fvt script. This script did not exist when first patch set for 15373 was submitted. Since there was no conflict between these two changes, the Gerrit did not complain. Change-Id: I1eb8db05fc9f79b7cbb989188c4f65bb8655ded1 Signed-off-by: Anil Ambati <aambati@us.ibm.com>
diff --git a/lib/ca.go b/lib/ca.go
@@ -316,13 +316,6 @@ func (ca *CA) getCACert() (cert []byte, err error) {
 		cert = ecert.Cert()
 		// Store the chain file as the concatenation of the parent's chain plus the cert.
 		chainPath := ca.Config.CA.Chainfile
-		if chainPath == "" {
-			chainPath, err = util.MakeFileAbs("ca-chain.pem", ca.HomeDir)
-			if err != nil {
-				return nil, errors.WithMessage(err, "Failed to create intermediate chain file path")
-			}
-			ca.Config.CA.Chainfile = chainPath
-		}
 		chain, err := ca.concatChain(resp.ServerInfo.CAChain, cert)
 		if err != nil {
 			return nil, err
@@ -441,6 +434,9 @@ func (ca *CA) initConfig() (err error) {
 	if cfg.CA.Keyfile == "" {
 		cfg.CA.Keyfile = "ca-key.pem"
 	}
+	if cfg.CA.Chainfile == "" {
+		cfg.CA.Chainfile = "ca-chain.pem"
+	}
 	if cfg.CSR.CA == nil {
 		cfg.CSR.CA = &cfcsr.CAConfig{}
 	}
diff --git a/lib/caconfig.go b/lib/caconfig.go
@@ -109,7 +109,7 @@ type CAInfo struct {
 	Name      string `opt:"n" help:"Certificate Authority name"`
 	Keyfile   string `help:"PEM-encoded CA key file"`
 	Certfile  string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
-	Chainfile string `help:"PEM-encoded CA chain file"`
+	Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
 }
 
 // CAConfigDB is the database part of the server's config
diff --git a/scripts/fvt/cluster_test.sh b/scripts/fvt/cluster_test.sh
@@ -270,12 +270,12 @@ EOF
       if test "$SERVER" = "$INTERMEDIATE_PROXY_PORT"; then
          dbname=$INTDBNAME
          userdir=$INTUSERDIR
-         stype=root
+         stype=intermediate
          backend=intserver
       else
          dbname=$DBNAME
          userdir=$ROOTUSERDIR
-         stype=intermediate
+         stype=root
          backend=server
       fi
 

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ type CAInfo struct {`
`109`	`109`	Name string `opt:"n" help:"Certificate Authority name"`
`110`	`110`	Keyfile string `help:"PEM-encoded CA key file"`
`111`	`111`	Certfile string `def:"ca-cert.pem" help:"PEM-encoded CA certificate file"`
`112`		- Chainfile string `help:"PEM-encoded CA chain file"`
	`112`	+ Chainfile string `def:"ca-chain.pem" help:"PEM-encoded CA chain file"`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`// CAConfigDB is the database part of the server's config`