[FAB-10341] Identity load fails with only Idemix

When the Fabric CA client tries to load the identity, it fails if only an idemix credential is present. The logic first checked to see if x509 credential existed, and if not it would error out without checking to see an Idemix credential was present. Change-Id: Iece5f7e954fb0ed56dc0e37913dae7c1e866cb0c Signed-off-by: Saad Karim <skarim@us.ibm.com>
hyperledger · May 28, 2018 · 9b49be6 · 9b49be6
1 parent 69d5be1
commit 9b49be6
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 9 deletions.
diff --git a/lib/client.go b/lib/client.go
@@ -554,21 +554,31 @@ func (c *Client) LoadIdentity(keyFile, certFile, idemixCredFile string) (*Identi
 	if err != nil {
 		return nil, err
 	}
+
+	var creds []credential.Credential
+	var x509Found, idemixFound bool
 	x509Cred := x509cred.NewCredential(certFile, keyFile, c)
 	err = x509Cred.Load()
-	if err != nil {
-		return nil, errors.WithMessage(err, "Failed to load X509 credential")
+	if err == nil {
+		x509Found = true
+		creds = append(creds, x509Cred)
+	} else {
+		log.Debugf("No X509 credential found at %s, %s", keyFile, certFile)
 	}
-	creds := []credential.Credential{x509Cred}
-	_, err = os.Stat(idemixCredFile)
+
+	idemixCred := idemixcred.NewCredential(idemixCredFile, c)
+	err = idemixCred.Load()
 	if err == nil {
-		idemixCred := idemixcred.NewCredential(idemixCredFile, c)
-		err = idemixCred.Load()
-		if err != nil {
-			log.Debugf("No idemix credential found at %s", idemixCredFile)
-		}
+		idemixFound = true
 		creds = append(creds, idemixCred)
+	} else {
+		log.Debugf("No Idemix credential found at %s", idemixCredFile)
 	}
+
+	if !x509Found && !idemixFound {
+		return nil, errors.New("Identity does not posses any enrollment credentials")
+	}
+
 	return c.NewIdentity(creds)
 }
 

diff --git a/lib/client_test.go b/lib/client_test.go
@@ -227,9 +227,17 @@ func TestIdemixEnroll(t *testing.T) {
 	if err != nil {
 		t.Fatalf("Failed to store idenditity: %s", err.Error())
 	}
+
 	_, err = client.LoadIdentity("", filepath.Join(clientHome, "msp/signcerts/cert.pem"), filepath.Join(clientHome, "msp/user/SignerConfig"))
 	assert.NoError(t, err, "Failed to load identity that has both X509 and Idemix credentials")
 
+	_, err = client.LoadIdentity("", "", filepath.Join(clientHome, "msp/user/SignerConfig"))
+	assert.NoError(t, err, "Failed to load identity that only has Idemix credential")
+
+	// Error case, invalid x509 and Idemix credential
+	_, err = client.LoadIdentity("fake-key.pem", "fake-cert.pem", "fakeIdemixCred")
+	util.ErrorContains(t, err, "Identity does not posses any enrollment credentials", "Should have failed to load identity that has no valid credentials")
+
 	err = client.CheckEnrollment()
 	assert.NoError(t, err, "CheckEnrollment should not return an error")