Skip to content

Commit

Permalink
[FAB-6290] Reduce imported Fabric CA code
Browse files Browse the repository at this point in the history
Change-Id: Ia31d5aca910e9cb9394704d7d435fbcd9aa47b67
Signed-off-by: Troy Ronda <troy.ronda@securekey.com>
  • Loading branch information
troyronda committed Oct 6, 2017
1 parent 80dc4fd commit e216f82
Show file tree
Hide file tree
Showing 16 changed files with 162 additions and 1,553 deletions.
22 changes: 5 additions & 17 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

134 changes: 2 additions & 132 deletions internal/github.com/hyperledger/fabric-ca/lib/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,33 +140,6 @@ type GetServerInfoResponse struct {
CAChain []byte
}

// GetCAInfo returns generic CA information
func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetServerInfoResponse, error) {
err := c.Init()
if err != nil {
return nil, err
}
body, err := util.Marshal(req, "GetCAInfo")
if err != nil {
return nil, err
}
cainforeq, err := c.newPost("cainfo", body)
if err != nil {
return nil, err
}
netSI := &serverInfoResponseNet{}
err = c.SendReq(cainforeq, netSI)
if err != nil {
return nil, err
}
localSI := &GetServerInfoResponse{}
err = c.net2LocalServerInfo(netSI, localSI)
if err != nil {
return nil, err
}
return localSI, nil
}

// Convert from network to local server information
func (c *Client) net2LocalServerInfo(net *serverInfoResponseNet, local *GetServerInfoResponse) error {
caChain, err := util.B64Decode(net.CAChain)
Expand Down Expand Up @@ -311,53 +284,6 @@ func (c *Client) newCertificateRequest(req *api.CSRInfo) *csr.CertificateRequest
return &cr
}

// LoadMyIdentity loads the client's identity from disk
func (c *Client) LoadMyIdentity() (*Identity, error) {
err := c.Init()
if err != nil {
return nil, err
}
return c.LoadIdentity(c.keyFile, c.certFile)
}

// StoreMyIdentity stores my identity to disk
func (c *Client) StoreMyIdentity(cert []byte) error {
err := c.Init()
if err != nil {
return err
}
err = util.WriteFile(c.certFile, cert, 0644)
if err != nil {
return errors.WithMessage(err, "Failed to store my certificate")
}
log.Infof("Stored client certificate at %s", c.certFile)
return nil
}

// LoadIdentity loads an identity from disk
func (c *Client) LoadIdentity(keyFile, certFile string) (*Identity, error) {
log.Debug("Loading identity: keyFile=%s, certFile=%s", keyFile, certFile)
err := c.Init()
if err != nil {
return nil, err
}
cert, err := util.ReadFile(certFile)
if err != nil {
log.Debugf("No cert found at %s", certFile)
return nil, err
}
key, _, _, err := util.GetSignerFromCertFile(certFile, c.csp)
if err != nil {
// Fallback: attempt to read out of keyFile and import
log.Debugf("No key found in BCCSP keystore, attempting fallback")
key, err = util.ImportBCCSPKeyFromPEM(keyFile, c.csp, true)
if err != nil {
return nil, errors.WithMessage(err, fmt.Sprintf("Could not find the private key in BCCSP keystore nor in keyfile %s", keyFile))
}
}
return c.NewIdentity(key, cert)
}

// NewIdentity creates a new identity
func (c *Client) NewIdentity(key bccsp.Key, cert []byte) (*Identity, error) {
name, err := util.GetEnrollmentIDFromPEM(cert)
Expand All @@ -367,39 +293,6 @@ func (c *Client) NewIdentity(key bccsp.Key, cert []byte) (*Identity, error) {
return newIdentity(c, name, key, cert), nil
}

// LoadCSRInfo reads CSR (Certificate Signing Request) from a file
// @parameter path The path to the file contains CSR info in JSON format
func (c *Client) LoadCSRInfo(path string) (*api.CSRInfo, error) {
csrJSON, err := ioutil.ReadFile(path)
if err != nil {
return nil, err
}
var csrInfo api.CSRInfo
err = util.Unmarshal(csrJSON, &csrInfo, "LoadCSRInfo")
if err != nil {
return nil, err
}
return &csrInfo, nil
}

// GetCertFilePath returns the path to the certificate file for this client
func (c *Client) GetCertFilePath() string {
return c.certFile
}

// NewGet create a new GET request
func (c *Client) newGet(endpoint string) (*http.Request, error) {
curl, err := c.getURL(endpoint)
if err != nil {
return nil, err
}
req, err := http.NewRequest("GET", curl, bytes.NewReader([]byte{}))
if err != nil {
return nil, errors.Wrapf(err, "Failed creating GET request for %s", curl)
}
return req, nil
}

// NewPost create a new post request
func (c *Client) newPost(endpoint string, reqBody []byte) (*http.Request, error) {
curl, err := c.getURL(endpoint)
Expand Down Expand Up @@ -480,29 +373,6 @@ func (c *Client) getURL(endpoint string) (string, error) {
return rtn, nil
}

// CheckEnrollment returns an error if this client is not enrolled
func (c *Client) CheckEnrollment() error {
err := c.Init()
if err != nil {
return err
}
keyFileExists := util.FileExists(c.keyFile)
certFileExists := util.FileExists(c.certFile)
if keyFileExists && certFileExists {
return nil
}
// If key file does not exist, but certFile does, key file is probably
// stored by bccsp, so check to see if this is the case
if certFileExists {
_, _, _, err := util.GetSignerFromCertFile(c.certFile, c.csp)
if err == nil {
// Yes, the key is stored by BCCSP
return nil
}
}
return errors.New("Enrollment information does not exist. Please execute enroll command first. Example: fabric-ca-client enroll -u http://user:userpw@serverAddr:serverPort")
}

// NormalizeURL normalizes a URL (from cfssl)
func NormalizeURL(addr string) (*url.URL, error) {
addr = strings.TrimSpace(addr)
Expand All @@ -514,7 +384,7 @@ func NormalizeURL(addr string) (*url.URL, error) {
u.Host = net.JoinHostPort(u.Scheme, u.Opaque)
u.Opaque = ""
} else if u.Path != "" && !strings.Contains(u.Path, ":") {
u.Host = net.JoinHostPort(u.Path, util.GetServerPort())
u.Host = net.JoinHostPort(u.Path, "")
u.Path = ""
} else if u.Scheme == "" {
u.Host = u.Path
Expand All @@ -525,7 +395,7 @@ func NormalizeURL(addr string) (*url.URL, error) {
}
_, port, err := net.SplitHostPort(u.Host)
if err != nil {
_, port, err = net.SplitHostPort(u.Host + ":" + util.GetServerPort())
_, port, err = net.SplitHostPort(u.Host + ":" + "")
if err != nil {
return nil, err
}
Expand Down
67 changes: 0 additions & 67 deletions internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,8 @@ Please review third_party pinning scripts and patches for more details.
package lib

import (
"fmt"
"net/url"
"path"

"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/logbridge"
"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/tls"
"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/util"
"github.com/hyperledger/fabric-sdk-go/pkg/errors"
"github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/bccsp/factory"
)

Expand All @@ -47,63 +40,3 @@ type ClientConfig struct {
CAName string `help:"Name of CA"`
CSP *factory.FactoryOpts `mapstructure:"bccsp"`
}

// Enroll a client given the server's URL and the client's home directory.
// The URL may be of the form: http://user:pass@host:port where user and pass
// are the enrollment ID and secret, respectively.
func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error) {
purl, err := url.Parse(rawurl)
if err != nil {
return nil, err
}
if purl.User != nil {
name := purl.User.Username()
secret, _ := purl.User.Password()
c.Enrollment.Name = name
c.Enrollment.Secret = secret
purl.User = nil
}
if c.Enrollment.Name == "" {
expecting := fmt.Sprintf(
"%s://<enrollmentID>:<secret>@%s",
purl.Scheme, purl.Host)
return nil, errors.Errorf(
"The URL of the fabric CA server is missing the enrollment ID and secret;"+
" found '%s' but expecting '%s'", rawurl, expecting)
}
c.Enrollment.CAName = c.CAName
c.URL = purl.String()
c.TLS.Enabled = purl.Scheme == "https"
c.Enrollment.CSR = &c.CSR
client := &Client{HomeDir: home, Config: c}
return client.Enroll(&c.Enrollment)
}

// GenCSR generates a certificate signing request and writes the CSR to a file.
func (c *ClientConfig) GenCSR(home string) error {

client := &Client{HomeDir: home, Config: c}
// Generate the CSR

err := client.Init()
if err != nil {
return err
}

if c.CSR.CN == "" {
return errors.Errorf("CSR common name not specified; use '--csr.cn' flag")
}

csrPEM, _, err := client.GenCSR(&c.CSR, c.CSR.CN)
if err != nil {
return err
}

csrFile := path.Join(client.Config.MSPDir, "signcerts", fmt.Sprintf("%s.csr", c.CSR.CN))
err = util.WriteFile(csrFile, csrPEM, 0644)
if err != nil {
return errors.WithMessage(err, "Failed to store the CSR")
}
log.Infof("Stored CSR at %s", csrFile)
return nil
}
Loading

0 comments on commit e216f82

Please sign in to comment.