TLS testcases and process file names client config

If a file name in the client config file is not absolute,
it must be processed relative to the location of
the config file.

Added testcases to test TLS with the new CLI and config file.

3 scenarios tested:
1) Read from config file directly
2) Read from environment variable
3) Read from CLI flags

Added new tags to EnrollmentRequest struct for reflection. Added
support to be able to provide root CA certificate via command line
option for TLS configuration on client side.

https://jira.hyperledger.org/browse/FAB-1549

Change-Id: I4ffb52ab4b3b32befbc191a42d2a06dbdde5570e
Signed-off-by: Saad Karim <skarim@us.ibm.com>

api/client.go

@@ -52,17 +52,17 @@ type RegistrationResponse struct {
 // EnrollmentRequest is a request to enroll an identity
 type EnrollmentRequest struct {
 	// The identity name to enroll
-	Name string `json:"name"`
+	Name string `json:"name" skip:"true"`
 	// The secret returned via Register
-	Secret string `json:"secret,omitempty"`
+	Secret string `json:"secret,omitempty" skip:"true"`
 	// Hosts is a comma-separated host list in the CSR
-	Hosts string `json:"hosts,omitempty"`
+	Hosts string `json:"hosts,omitempty" help:"Comma-separated host list"`
 	// Profile is the name of the signing profile to use in issuing the certificate
-	Profile string `json:"profile,omitempty"`
+	Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"`
 	// Label is the label to use in HSM operations
-	Label string `json:"label,omitempty"`
+	Label string `json:"label,omitempty" help:"Label to use in HSM operations"`
 	// CSR is Certificate Signing Request info
-	CSR *CSRInfo `json:"csr,omitempty"`
+	CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"`
 }
 
 // ReenrollmentRequest is a request to reenroll an identity.

cli/server/config.go

@@ -180,7 +180,7 @@ func configInit(cfg *cli.Config) {
 // Make TLS client files absolute
 func absTLSClient(cfg *tls.ClientTLSConfig) {
 	for i := 0; i < len(cfg.CertFiles); i++ {
-		cfg.CertFiles[i] = abs(cfg.CertFiles[i])
+		cfg.CertFilesList[i] = abs(cfg.CertFilesList[i])
 	}
 	cfg.Client.CertFile = abs(cfg.Client.CertFile)
 	cfg.Client.KeyFile = abs(cfg.Client.KeyFile)

cmd/fabric-ca-client/config.go

@@ -26,6 +26,7 @@ import (
 
 	"github.com/cloudflare/cfssl/log"
 	"github.com/hyperledger/fabric-ca/lib"
+	"github.com/hyperledger/fabric-ca/lib/tls"
 	"github.com/hyperledger/fabric-ca/util"
 	"github.com/spf13/viper"
 )
@@ -76,39 +77,39 @@ const (
 #############################################################################
 
 # URL of the Fabric-ca-server (default: http://localhost:7054)
-serverURL: <<<URL>>>
+URL: <<<URL>>>
 
 #############################################################################
 #    TLS section for the client's listenting port
 #############################################################################
 tls:
-   # Enable TLS (default: false)
-   enabled: false
+  # Enable TLS (default: false)
+  enabled: false
 
-   # TLS for the client's listenting port (default: false)
-   certfiles:
-   client:
-      certfile:
-      keyfile:
+  # TLS for the client's listenting port (default: false)
+  certfiles: 				# Comma Separated (e.g. root.pem, root2.pem)
+  client:
+    certfile:
+    keyfile:
 
 #############################################################################
 #  Certificate Signing Request section for generating the CSR for
 #  an enrollment certificate (ECert)
 #############################################################################
 csr:
-   cn: <<<ENROLLMENT_ID>>>
-   names:
-      - C: US
-        ST: "North Carolina"
-        L:
-        O: Hyperledger
-        OU: Fabric
-   hosts:
-      - <<<MYHOST>>>
-   ca:
-      pathlen:
-      pathlenzero:
-      expiry:
+  cn: <<<ENROLLMENT_ID>>>
+  names:
+    - C: US
+      ST: "North Carolina"
+      L:
+      O: Hyperledger
+      OU: Fabric
+  hosts:
+    - <<<MYHOST>>>
+  ca:
+    pathlen:
+    pathlenzero:
+    expiry:
 `
 )
 
@@ -157,12 +158,20 @@ func configInit() error {
 	}
 
 	// Unmarshal the config into 'clientCfg'
-	clientCfg = new(lib.ClientConfig)
 	err = viper.Unmarshal(clientCfg)
 	if err != nil {
 		util.Fatal("Failed to unmarshall client config: %s", err)
 	}
 
+	purl, err := url.Parse(clientCfg.URL)
+	if err != nil {
+		return err
+	}
+
+	clientCfg.TLS.Enabled = purl.Scheme == "https"
+
+	processCertFiles(&clientCfg.TLS)
+
 	return nil
 }
 
@@ -194,3 +203,13 @@ func createDefaultConfigFile() error {
 	// Now write the file
 	return ioutil.WriteFile(cfgFileName, []byte(cfg), 0755)
 }
+
+// processCertFiles parses comma seperated string to generate a string array
+func processCertFiles(cfg *tls.ClientTLSConfig) {
+	CertFiles := strings.Split(cfg.CertFiles, ",")
+	cfg.CertFilesList = make([]string, 0)
+
+	for i := range CertFiles {
+		cfg.CertFilesList = append(cfg.CertFilesList, strings.TrimSpace(CertFiles[i]))
+	}
+}

cmd/fabric-ca-client/enroll.go

@@ -18,13 +18,13 @@ package main
 
 import (
 	"fmt"
+	"io/ioutil"
 	"path/filepath"
+	"strings"
 
 	"github.com/cloudflare/cfssl/log"
-	"github.com/hyperledger/fabric-ca/api"
-	"github.com/hyperledger/fabric-ca/lib"
-	"github.com/hyperledger/fabric-ca/util"
 	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )
 
 var (
@@ -59,22 +59,20 @@ func init() {
 func runEnroll() error {
 	log.Debug("Entered Enroll")
 
-	user, pass, err := util.GetUser()
+	rawurl := viper.GetString("url")
+	ID, err := clientCfg.Enroll(rawurl, filepath.Dir(cfgFileName))
 	if err != nil {
 		return err
 	}
 
-	req := &api.EnrollmentRequest{
-		Name:   user,
-		Secret: pass,
+	cfgFile, err := ioutil.ReadFile(cfgFileName)
+	if err != nil {
+		return err
 	}
 
-	client := lib.Client{
-		HomeDir: filepath.Dir(cfgFileName),
-		Config:  clientCfg,
-	}
+	cfg := strings.Replace(string(cfgFile), "<<<ENROLLMENT_ID>>>", ID.GetName(), 1)
 
-	ID, err := client.Enroll(req)
+	err = ioutil.WriteFile(cfgFileName, []byte(cfg), 0644)
 	if err != nil {
 		return err
 	}
@@ -85,7 +83,7 @@ func runEnroll() error {
 	}
 
 	log.Infof("Enrollment information was successfully stored in %s and %s",
-		client.GetMyKeyFile(), client.GetMyCertFile())
+		ID.GetMyKeyFile(), ID.GetMyCertFile())
 
 	return nil
 }

cmd/fabric-ca-client/main.go

@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	"github.com/cloudflare/cfssl/log"
+	"github.com/hyperledger/fabric-ca/lib"
 	"github.com/hyperledger/fabric-ca/util"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
@@ -38,6 +39,9 @@ var rootCmd = &cobra.Command{
 		}
 
 		util.CmdRunBegin()
+
+		log.Debugf("Client configuration settings: %+v", clientCfg)
+
 		return nil
 	},
 }
@@ -54,8 +58,6 @@ func init() {
 	viper.SetEnvPrefix(envVarPrefix)
 	viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
 
-	url := util.GetServerURL()
-
 	host, err := os.Hostname()
 	if err != nil {
 		log.Error(err)
@@ -64,10 +66,18 @@ func init() {
 	// Set global flags used by all commands
 	pflags := rootCmd.PersistentFlags()
 	pflags.StringVarP(&cfgFileName, "config", "c", cfg, "Configuration file")
-	util.FlagString(pflags, "url", "u", url, "URL of the Fabric-ca server")
 	util.FlagString(pflags, "myhost", "m", host,
 		"Hostname to include in the certificate signing request during enrollment")
-	util.FlagBool(pflags, "debug", "d", false, "Enable debug logging")
+
+	clientCfg = &lib.ClientConfig{}
+	tags := map[string]string{
+		"help.csr.cn":           "The common name field of the certificate signing request to a parent fabric-ca-server",
+		"help.csr.serialnumber": "The serial number in a certificate signing request to a parent fabric-ca-server",
+	}
+	err = util.RegisterFlags(pflags, clientCfg, tags)
+	if err != nil {
+		panic(err)
+	}
 
 }