Enrollment info part of client config

Updated the client config template to include enrollment
information. Simplified reenroll command to not require
optional CSR file, it will now be read from client config.

Enroll command will now be the only command that can be executed first.
Once client has successfully enrolled and enrollment information
exists then other client commands can be executed

https://jira.hyperledger.org/browse/FAB-2433

Change-Id: I10b654c36c8c4b39b612fcb2048348074a81e9b6
Signed-off-by: Saad Karim <skarim@us.ibm.com>

cmd/fabric-ca-client/config.go

@@ -125,6 +125,14 @@ id:
   attributes:
     - name:
       value:
+
+#############################################################################
+#  Enrollment section used to enroll a user with fabric-ca server
+#############################################################################
+enrollment:
+  hosts:
+  profile:
+  label:
 `
 )
 
@@ -136,7 +144,7 @@ var (
 	clientCfg *lib.ClientConfig
 )
 
-func configInit() error {
+func configInit(command string) error {
 
 	var err error
 
@@ -152,6 +160,13 @@ func configInit() error {
 		}
 	}
 
+	if command != "enroll" {
+		err = checkForEnrollment()
+		if err != nil {
+			return err
+		}
+	}
+
 	// If the config file doesn't exist, create a default one
 	if !util.FileExists(cfgFileName) {
 		err = createDefaultConfigFile()
@@ -186,6 +201,7 @@ func configInit() error {
 	clientCfg.TLS.Enabled = purl.Scheme == "https"
 
 	processCertFiles(&clientCfg.TLS)
+
 	if clientCfg.ID.Attr != "" {
 		processAttributes()
 	}
@@ -203,17 +219,19 @@ func createDefaultConfigFile() error {
 		if err != nil {
 			return err
 		}
-		fabricCAServerURL = fmt.Sprintf("%s://%s", URL.Scheme, URL.Host) // URL.Scheme + "://" + URL.Host
+		fabricCAServerURL = fmt.Sprintf("%s://%s", URL.Scheme, URL.Host)
 	}
 
 	myhost := viper.GetString("myhost")
 
 	// Do string subtitution to get the default config
 	cfg = strings.Replace(defaultCfgTemplate, "<<<URL>>>", fabricCAServerURL, 1)
 	cfg = strings.Replace(cfg, "<<<MYHOST>>>", myhost, 1)
+	user, _, err := util.GetUser()
+	cfg = strings.Replace(cfg, "<<<ENROLLMENT_ID>>>", user, 1)
 
 	// Now write the file
-	err := os.MkdirAll(filepath.Dir(cfgFileName), 0755)
+	err = os.MkdirAll(filepath.Dir(cfgFileName), 0755)
 	if err != nil {
 		return err
 	}
@@ -223,6 +241,7 @@ func createDefaultConfigFile() error {
 
 // processCertFiles parses comma seperated string to generate a string array
 func processCertFiles(cfg *tls.ClientTLSConfig) {
+	log.Debug("Process comma seperated cert files")
 	CertFiles := strings.Split(cfg.CertFiles, ",")
 	cfg.CertFilesList = make([]string, 0)
 
@@ -237,3 +256,14 @@ func processAttributes() {
 	clientCfg.ID.Attributes[0].Name = splitAttr[0]
 	clientCfg.ID.Attributes[0].Value = strings.Join(splitAttr[1:], "")
 }
+
+func checkForEnrollment() error {
+	log.Debug("Checking for enrollment")
+
+	client := lib.Client{
+		HomeDir: filepath.Dir(cfgFileName),
+		Config:  clientCfg,
+	}
+
+	return client.Enrollment()
+}

cmd/fabric-ca-client/enroll.go

@@ -23,8 +23,8 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cfssl/log"
+	"github.com/hyperledger/fabric-ca/util"
 	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
 )
 
 var (
@@ -42,7 +42,7 @@ var enrollCmd = &cobra.Command{
 			return nil
 		}
 
-		err := runEnroll()
+		err := runEnroll(cmd)
 		if err != nil {
 			return err
 		}
@@ -56,15 +56,26 @@ func init() {
 }
 
 // The client enroll main logic
-func runEnroll() error {
+func runEnroll(cmd *cobra.Command) error {
 	log.Debug("Entered Enroll")
 
-	rawurl := viper.GetString("url")
-	ID, err := clientCfg.Enroll(rawurl, filepath.Dir(cfgFileName))
+	_, _, err := util.GetUser()
 	if err != nil {
 		return err
 	}
 
+	err = configInit(cmd.Name())
+	if err != nil {
+		return err
+	}
+
+	ID, err := clientCfg.Enroll(clientCfg.URL, filepath.Dir(cfgFileName))
+	if err != nil {
+		return err
+	}
+
+	log.Debugf("Client configuration settings: %+v", clientCfg)
+
 	cfgFile, err := ioutil.ReadFile(cfgFileName)
 	if err != nil {
 		return err

cmd/fabric-ca-client/main.go

@@ -33,15 +33,8 @@ var rootCmd = &cobra.Command{
 	Use:   cmdName,
 	Short: longName,
 	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
-		err := configInit()
-		if err != nil {
-			return err
-		}
-
 		util.CmdRunBegin()
 
-		log.Debugf("Client configuration settings: %+v", clientCfg)
-
 		return nil
 	},
 }

cmd/fabric-ca-client/main_test.go

@@ -56,9 +56,9 @@ func TestCreateDefaultConfigFile(t *testing.T) {
 	defYaml = util.GetDefaultConfigFile("fabric-ca-client")
 	os.Remove(defYaml)
 
-	fabricCAServerURL := "http://localhost:7058"
+	enrollURL := "http://admin:admin2@localhost:7058"
 
-	err := RunMain([]string{cmdName, "enroll", "-u", fabricCAServerURL, "-m", myhost})
+	err := RunMain([]string{cmdName, "enroll", "-u", enrollURL, "-m", myhost})
 	if err == nil {
 		t.Errorf("No username/password provided, should have errored")
 	}
@@ -70,7 +70,7 @@ func TestCreateDefaultConfigFile(t *testing.T) {
 
 	configFile := string(fileBytes)
 
-	if !strings.Contains(configFile, fabricCAServerURL) {
+	if !strings.Contains(configFile, "localhost:7058") {
 		t.Error("Failed to update default config file with url")
 	}
 
@@ -110,7 +110,6 @@ func TestClientCommandsNoTLS(t *testing.T) {
 	}
 
 	testEnroll(t)
-	testReenroll(t)
 	testRegisterConfigFile(t)
 	testRegisterEnvVar(t)
 	testRegisterCommandLine(t)
@@ -149,7 +148,7 @@ func testEnroll(t *testing.T) {
 	t.Log("Testing Enroll CMD")
 	defYaml = util.GetDefaultConfigFile("fabric-ca-client")
 
-	os.RemoveAll(defYaml) // Clean up any left over config file
+	os.Remove(defYaml) // Clean up any left over config file
 
 	// Negative test case, enroll command without username/password
 	err := RunMain([]string{cmdName, "enroll", "-d"})
@@ -162,7 +161,7 @@ func testEnroll(t *testing.T) {
 		t.Errorf("client enroll -u failed: %s", err)
 	}
 
-	os.Remove(defYaml)
+	testReenroll(t)
 
 	err = RunMain([]string{cmdName, "enroll", "-u", "http://admin2:adminpw2@localhost:7055"})
 	if err == nil {
@@ -177,7 +176,7 @@ func testReenroll(t *testing.T) {
 	t.Log("Testing Reenroll CMD")
 	defYaml = util.GetDefaultConfigFile("fabric-ca-client")
 
-	err := RunMain([]string{cmdName, "reenroll", "-u", "http://localhost:7054"})
+	err := RunMain([]string{cmdName, "reenroll", "-u", "http://localhost:7054", "--enrollment.hosts", "host1,host2"})
 	if err != nil {
 		t.Errorf("client reenroll --url -f failed: %s", err)
 	}
@@ -342,7 +341,7 @@ func TestClientCommandsTLSEnvVar(t *testing.T) {
 	os.Setenv(clientKeyEnvVar, tlsClientKeyFile)
 	os.Setenv(clientCertEnvVar, tlsClientCertFile)
 
-	err = RunMain([]string{cmdName, "enroll", "-c", testYaml, "-u", "https://admin:adminpw@localhost:7054", "-d"})
+	err = RunMain([]string{cmdName, "enroll", "-d", "-c", testYaml, "-u", "https://admin:adminpw@localhost:7054", "-d"})
 	if err != nil {
 		t.Errorf("client enroll -c -u failed: %s", err)
 	}
@@ -355,7 +354,6 @@ func TestClientCommandsTLSEnvVar(t *testing.T) {
 	os.Unsetenv(rootCertEnvVar)
 	os.Unsetenv(clientKeyEnvVar)
 	os.Unsetenv(clientCertEnvVar)
-
 }
 
 func TestClientCommandsTLS(t *testing.T) {
@@ -376,15 +374,15 @@ func TestClientCommandsTLS(t *testing.T) {
 
 	srv.HomeDir = tdDir
 	srv.Config.TLS.Enabled = true
-	srv.Config.TLS.CertFile = "tls_server-cert.pem"
-	srv.Config.TLS.KeyFile = "tls_server-key.pem"
+	srv.Config.TLS.CertFile = tlsCertFile
+	srv.Config.TLS.KeyFile = tlsKeyFile
 
 	err = srv.Start()
 	if err != nil {
 		t.Errorf("Server start failed: %s", err)
 	}
 
-	err = RunMain([]string{cmdName, "enroll", "-c", "../../testdata/test.yaml", "--tls.certfiles", "root.pem", "--tls.client.keyfile", "tls_client-key.pem", "--tls.client.certfile", "tls_client-cert.pem", "-u", "https://admin:adminpw@localhost:7054", "-d"})
+	err = RunMain([]string{cmdName, "enroll", "-c", testYaml, "--tls.certfiles", rootCert, "--tls.client.keyfile", tlsClientKeyFile, "--tls.client.certfile", tlsClientCertFile, "-u", "https://admin:adminpw@localhost:7054", "-d"})
 	if err != nil {
 		t.Errorf("client enroll -c -u failed: %s", err)
 	}
@@ -401,3 +399,10 @@ func TestCleanUp(t *testing.T) {
 	os.Remove(testYaml)
 	os.Remove(fabricCADB)
 }
+
+func TestRegisterWithoutEnroll(t *testing.T) {
+	err := RunMain([]string{cmdName, "register", "-c", testYaml})
+	if err == nil {
+		t.Errorf("Should have failed, as no enrollment information should exist. Enroll commands needs to be the first command to be executed")
+	}
+}

cmd/fabric-ca-client/reenroll.go

@@ -31,6 +31,16 @@ var reenrollCmd = &cobra.Command{
 	Use:   "reenroll",
 	Short: "Reenroll user",
 	Long:  "Reenroll user with fabric-ca server",
+	PreRunE: func(cmd *cobra.Command, args []string) error {
+		err := configInit(cmd.Name())
+		if err != nil {
+			return err
+		}
+
+		log.Debugf("Client configuration settings: %+v", clientCfg)
+
+		return nil
+	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		if len(args) > 0 {
 			cmd.Help()
@@ -48,9 +58,6 @@ var reenrollCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(reenrollCmd)
-	reenrollFlags := reenrollCmd.Flags()
-	reenrollFlags.StringVarP(&csrFile, "csrfile", "f", "", "Certificate Signing Request information (Optional)")
-
 }
 
 // The client reenroll main logic
@@ -67,7 +74,12 @@ func runReenroll() error {
 		return err
 	}
 
-	req := &api.ReenrollmentRequest{}
+	req := &api.ReenrollmentRequest{
+		Hosts:   clientCfg.Enrollment.Hosts,
+		Label:   clientCfg.Enrollment.Label,
+		Profile: clientCfg.Enrollment.Profile,
+		CSR:     &clientCfg.CSR,
+	}
 
 	newID, err := id.Reenroll(req)
 	if err != nil {

cmd/fabric-ca-client/register.go

@@ -30,6 +30,16 @@ var registerCmd = &cobra.Command{
 	Use:   "register",
 	Short: "Register user",
 	Long:  "Register user with fabric-ca server",
+	PreRunE: func(cmd *cobra.Command, args []string) error {
+		err := configInit(cmd.Name())
+		if err != nil {
+			return err
+		}
+
+		log.Debugf("Client configuration settings: %+v", clientCfg)
+
+		return nil
+	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		if len(args) > 0 {
 			cmd.Help()

cmd/fabric-ca-client/revoke.go

@@ -33,6 +33,16 @@ var revokeCmd = &cobra.Command{
 	Use:   "revoke",
 	Short: "Revoke user",
 	Long:  "Revoke user with fabric-ca server",
+	PreRunE: func(cmd *cobra.Command, args []string) error {
+		err := configInit(cmd.Name())
+		if err != nil {
+			return err
+		}
+
+		log.Debugf("Client configuration settings: %+v", clientCfg)
+
+		return nil
+	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		if len(args) > 0 {
 			cmd.Help()

lib/client.go

@@ -20,6 +20,7 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -357,6 +358,14 @@ func (c *Client) getURL(endpoint string) (string, error) {
 	return rtn, nil
 }
 
+// Enrollment checks to see if client is enrolled (i.e. enrollment information exists)
+func (c *Client) Enrollment() error {
+	if !util.FileExists(c.GetMyCertFile()) || !util.FileExists(c.GetMyKeyFile()) {
+		return errors.New("Enrollment information does not exist. Please execute enroll command first. Example: fabric-ca-client enroll -u http://user:userpw@serverAddr:serverPort")
+	}
+	return nil
+}
+
 func (c *Client) getClientConfig(path string) ([]byte, error) {
 	log.Debug("Retrieving client config")
 	// fcaClient := filepath.Join(path, clientConfigFile)

lib/clientconfig.go

@@ -19,7 +19,6 @@ package lib
 import (
 	"net/url"
 
-	"github.com/cloudflare/cfssl/csr"
 	"github.com/hyperledger/fabric-ca/api"
 	"github.com/hyperledger/fabric-ca/lib/tls"
 )
@@ -30,7 +29,7 @@ type ClientConfig struct {
 	URL        string `def:"http://localhost:7054" opt:"u" help:"URL of fabric-ca-server"`
 	TLS        tls.ClientTLSConfig
 	Enrollment api.EnrollmentRequest
-	CSR        csr.CertificateRequest
+	CSR        api.CSRInfo
 	ID         api.RegistrationRequest
 }
 
@@ -51,6 +50,7 @@ func (c *ClientConfig) Enroll(rawurl, home string) (id *Identity, err error) {
 	}
 	c.URL = purl.String()
 	c.TLS.Enabled = purl.Scheme == "https"
+	c.Enrollment.CSR = &c.CSR
 	client := &Client{HomeDir: home, Config: c}
 	return client.Enroll(&c.Enrollment)
 }

lib/serverenroll.go

@@ -84,6 +84,8 @@ func (sh *signHandler) Handle(w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
+	log.Debugf("Enrollment request: %+v\n", req)
+
 	// Make any authorization checks needed, depending on the contents
 	// of the CSR (Certificate Signing Request)
 	err = csrAuthCheck(&req, r)