[FAB-6258] Bump fabric third_party revision

Change-Id: I2de1ebf52442a957928b4245020f3011e9cd32e0
Signed-off-by: Troy Ronda <troy.ronda@securekey.com>

Makefile

@@ -46,10 +46,10 @@ FABRIC_TOOLS_IMAGE  ?= hyperledger/fabric-tools
 FABRIC_TOOLS_TAG    ?= $(ARCH)-$(FABRIC_TOOLS_VERSION)
 
 # Upstream fabric patching (overridable)
-THIRDPARTY_FABRIC_CA_BRANCH ?= release
-THIRDPARTY_FABRIC_CA_COMMIT ?= v1.0.2
+THIRDPARTY_FABRIC_CA_BRANCH ?= master
+THIRDPARTY_FABRIC_CA_COMMIT ?= 2f9617379ec6c253e610ac02b60b3f963f95ad1d
 THIRDPARTY_FABRIC_BRANCH    ?= master
-THIRDPARTY_FABRIC_COMMIT    ?= a657db28a0ff53ed512bd6f4ac4786a0f4ca709c
+THIRDPARTY_FABRIC_COMMIT    ?= 505eb68f64493db86859b649b91e7b7068139e6f
 
 # Local variables used by makefile
 PACKAGE_NAME := github.com/hyperledger/fabric-sdk-go

internal/github.com/hyperledger/fabric-ca/api/client.go

@@ -29,11 +29,11 @@ type RegistrationRequest struct {
 	// Name is the unique name of the identity
 	Name string `json:"id" help:"Unique name of the identity"`
 	// Type of identity being registered (e.g. "peer, app, user")
-	Type string `json:"type" help:"Type of identity being registered (e.g. 'peer, app, user')"`
+	Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
 	// Secret is an optional password.  If not specified,
 	// a random secret is generated.  In both cases, the secret
 	// is returned in the RegistrationResponse.
-	Secret string `json:"secret,omitempty" help:"The enrollment secret for the identity being registered"`
+	Secret string `json:"secret,omitempty" secret:"password" help:"The enrollment secret for the identity being registered"`
 	// MaxEnrollments is the maximum number of times the secret can
 	// be reused to enroll.
 	MaxEnrollments int `json:"max_enrollments,omitempty" def:"-1" help:"The maximum number of times the secret can be reused to enroll."`
@@ -67,6 +67,9 @@ type EnrollmentRequest struct {
 	CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"`
 	// CAName is the name of the CA to connect to
 	CAName string `json:"caname,omitempty" skip:"true"`
+	// AttrReqs are requests for attributes to add to the certificate.
+	// Each attribute is added only if the requestor owns the attribute.
+	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
 }
 
 // ReenrollmentRequest is a request to reenroll an identity.
@@ -80,6 +83,9 @@ type ReenrollmentRequest struct {
 	CSR *CSRInfo `json:"csr,omitempty"`
 	// CAName is the name of the CA to connect to
 	CAName string `json:"caname,omitempty" skip:"true"`
+	// AttrReqs are requests for attributes to add to the certificate.
+	// Each attribute is added only if the requestor owns the attribute.
+	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
 }
 
 // RevocationRequest is a revocation request for a single certificate or all certificates
@@ -109,7 +115,7 @@ type GetCAInfoRequest struct {
 	CAName string `json:"caname,omitempty" skip:"true"`
 }
 
-// CSRInfo is Certificate Signing Request information
+// CSRInfo is Certificate Signing Request (CSR) Information
 type CSRInfo struct {
 	CN           string               `json:"CN"`
 	Names        []csr.Name           `json:"names,omitempty"`
@@ -123,4 +129,32 @@ type CSRInfo struct {
 type Attribute struct {
 	Name  string `json:"name"`
 	Value string `json:"value"`
+	ECert bool   `json:"ecert,omitempty"`
+}
+
+// GetName returns the name of the attribute
+func (a *Attribute) GetName() string {
+	return a.Name
+}
+
+// GetValue returns the value of the attribute
+func (a *Attribute) GetValue() string {
+	return a.Value
+}
+
+// AttributeRequest is a request for an attribute.
+// This implements the certmgr/AttributeRequest interface.
+type AttributeRequest struct {
+	Name    string `json:"name"`
+	Require bool   `json:"require,omitempty"`
+}
+
+// GetName returns the name of an attribute being requested
+func (ar *AttributeRequest) GetName() string {
+	return ar.Name
+}
+
+// IsRequired returns true if the attribute being requested is required
+func (ar *AttributeRequest) IsRequired() bool {
+	return ar.Require
 }

internal/github.com/hyperledger/fabric-ca/api/net.go

@@ -43,14 +43,16 @@ type RegistrationResponseNet struct {
 // EnrollmentRequestNet is a request to enroll an identity
 type EnrollmentRequestNet struct {
 	signer.SignRequest
-	CAName string
+	CAName   string
+	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
 }
 
 // ReenrollmentRequestNet is a request to reenroll an identity.
 // This is useful to renew a certificate before it has expired.
 type ReenrollmentRequestNet struct {
 	signer.SignRequest
-	CAName string
+	CAName   string
+	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
 }
 
 // RevocationRequestNet is a revocation request which flows over the network

internal/github.com/hyperledger/fabric-ca/lib/client.go

@@ -23,7 +23,6 @@ package lib
 import (
 	"bytes"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -34,6 +33,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/hyperledger/fabric-sdk-go/pkg/errors"
+
 	cfsslapi "github.com/cloudflare/cfssl/api"
 	"github.com/cloudflare/cfssl/csr"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
@@ -56,6 +57,8 @@ type Client struct {
 	keyFile, certFile, caCertsDir string
 	// The crypto service provider (BCCSP)
 	csp bccsp.BCCSP
+	// HTTP client associated with this Fabric CA client
+	httpClient *http.Client
 }
 
 // Init initializes the client
@@ -75,33 +78,59 @@ func (c *Client) Init() error {
 		keyDir := path.Join(mspDir, "keystore")
 		err = os.MkdirAll(keyDir, 0700)
 		if err != nil {
-			return fmt.Errorf("Failed to create keystore directory: %s", err)
+			return errors.Wrap(err, "Failed to create keystore directory")
 		}
 		c.keyFile = path.Join(keyDir, "key.pem")
 		// Cert directory and file
 		certDir := path.Join(mspDir, "signcerts")
 		err = os.MkdirAll(certDir, 0755)
 		if err != nil {
-			return fmt.Errorf("Failed to create signcerts directory: %s", err)
+			return errors.Wrap(err, "Failed to create signcerts directory")
 		}
 		c.certFile = path.Join(certDir, "cert.pem")
 		// CA certs directory
 		c.caCertsDir = path.Join(mspDir, "cacerts")
 		err = os.MkdirAll(c.caCertsDir, 0755)
 		if err != nil {
-			return fmt.Errorf("Failed to create cacerts directory: %s", err)
+			return errors.Wrap(err, "Failed to create cacerts directory")
 		}
 		// Initialize BCCSP (the crypto layer)
 		c.csp, err = util.InitBCCSP(&cfg.CSP, mspDir, c.HomeDir)
 		if err != nil {
 			return err
 		}
+		// Create http.Client object and associate it with this client
+		err = c.initHTTPClient()
+		if err != nil {
+			return err
+		}
+
 		// Successfully initialized the client
 		c.initialized = true
 	}
 	return nil
 }
 
+func (c *Client) initHTTPClient() error {
+	tr := new(http.Transport)
+	if c.Config.TLS.Enabled {
+		log.Info("TLS Enabled")
+
+		err := tls.AbsTLSClient(&c.Config.TLS, c.HomeDir)
+		if err != nil {
+			return err
+		}
+
+		tlsConfig, err2 := tls.GetClientTLSConfig(&c.Config.TLS, c.csp)
+		if err2 != nil {
+			return fmt.Errorf("Failed to get client TLS config: %s", err2)
+		}
+		tr.TLSClientConfig = tlsConfig
+	}
+	c.httpClient = &http.Client{Transport: tr}
+	return nil
+}
+
 // GetServerInfoResponse is the response from the GetServerInfo call
 type GetServerInfoResponse struct {
 	// CAName is the name of the CA
@@ -168,11 +197,12 @@ func (c *Client) Enroll(req *api.EnrollmentRequest) (*EnrollmentResponse, error)
 	// Generate the CSR
 	csrPEM, key, err := c.GenCSR(req.CSR, req.Name)
 	if err != nil {
-		return nil, fmt.Errorf("Failure generating CSR: %s", err)
+		return nil, errors.WithMessage(err, "Failure generating CSR")
 	}
 
 	reqNet := &api.EnrollmentRequestNet{
-		CAName: req.CAName,
+		CAName:   req.CAName,
+		AttrReqs: req.AttrReqs,
 	}
 
 	if req.CSR != nil {
@@ -211,7 +241,7 @@ func (c *Client) newEnrollmentResponse(result *enrollmentResponseNet, id string,
 	log.Debugf("newEnrollmentResponse %s", id)
 	certByte, err := util.B64Decode(result.Cert)
 	if err != nil {
-		return nil, fmt.Errorf("Invalid response format from server: %s", err)
+		return nil, errors.WithMessage(err, "Invalid response format from server")
 	}
 	resp := &EnrollmentResponse{
 		Identity: newIdentity(c, id, key, certByte),
@@ -298,7 +328,7 @@ func (c *Client) StoreMyIdentity(cert []byte) error {
 	}
 	err = util.WriteFile(c.certFile, cert, 0644)
 	if err != nil {
-		return fmt.Errorf("Failed to store my certificate: %s", err)
+		return errors.WithMessage(err, "Failed to store my certificate")
 	}
 	log.Infof("Stored client certificate at %s", c.certFile)
 	return nil
@@ -322,7 +352,7 @@ func (c *Client) LoadIdentity(keyFile, certFile string) (*Identity, error) {
 		log.Debugf("No key found in BCCSP keystore, attempting fallback")
 		key, err = util.ImportBCCSPKeyFromPEM(keyFile, c.csp, true)
 		if err != nil {
-			return nil, fmt.Errorf("Could not find the private key in BCCSP keystore nor in keyfile %s: %s", keyFile, err)
+			return nil, errors.WithMessage(err, fmt.Sprintf("Could not find the private key in BCCSP keystore nor in keyfile %s", keyFile))
 		}
 	}
 	return c.NewIdentity(key, cert)
@@ -365,7 +395,7 @@ func (c *Client) newGet(endpoint string) (*http.Request, error) {
 	}
 	req, err := http.NewRequest("GET", curl, bytes.NewReader([]byte{}))
 	if err != nil {
-		return nil, fmt.Errorf("Failed creating GET request for %s: %s", curl, err)
+		return nil, errors.Wrapf(err, "Failed creating GET request for %s", curl)
 	}
 	return req, nil
 }
@@ -378,7 +408,7 @@ func (c *Client) newPost(endpoint string, reqBody []byte) (*http.Request, error)
 	}
 	req, err := http.NewRequest("POST", curl, bytes.NewReader(reqBody))
 	if err != nil {
-		return nil, fmt.Errorf("Failed posting to %s: %s", curl, err)
+		return nil, errors.Wrapf(err, "Failed posting to %s", curl)
 	}
 	return req, nil
 }
@@ -394,35 +424,21 @@ func (c *Client) SendReq(req *http.Request, result interface{}) (err error) {
 		return err
 	}
 
-	var tr = new(http.Transport)
-
-	if c.Config.TLS.Enabled {
-		log.Info("TLS Enabled")
-
-		err = tls.AbsTLSClient(&c.Config.TLS, c.HomeDir)
-		if err != nil {
-			return err
-		}
-
-		tlsConfig, err2 := tls.GetClientTLSConfig(&c.Config.TLS, c.csp)
-		if err2 != nil {
-			return fmt.Errorf("Failed to get client TLS config: %s", err2)
-		}
-
-		tr.TLSClientConfig = tlsConfig
-	}
-
-	httpClient := &http.Client{Transport: tr}
-	resp, err := httpClient.Do(req)
+	resp, err := c.httpClient.Do(req)
 	if err != nil {
-		return fmt.Errorf("POST failure [%s]; not sending\n%s", err, reqStr)
+		return errors.Wrapf(err, "POST failure of request: %s", reqStr)
 	}
 	var respBody []byte
 	if resp.Body != nil {
 		respBody, err = ioutil.ReadAll(resp.Body)
-		defer resp.Body.Close()
+		defer func() {
+			err := resp.Body.Close()
+			if err != nil {
+				log.Debugf("Failed to close the response body: %s", err.Error())
+			}
+		}()
 		if err != nil {
-			return fmt.Errorf("Failed to read response [%s] of request:\n%s", err, reqStr)
+			return errors.Wrapf(err, "Failed to read response of request: %s", reqStr)
 		}
 		log.Debugf("Received response\n%s", util.HTTPResponseToString(resp))
 	}
@@ -431,22 +447,22 @@ func (c *Client) SendReq(req *http.Request, result interface{}) (err error) {
 		body = new(cfsslapi.Response)
 		err = json.Unmarshal(respBody, body)
 		if err != nil {
-			return fmt.Errorf("Failed to parse response: %s\n%s", err, respBody)
+			return errors.Wrapf(err, "Failed to parse response: %s", respBody)
 		}
 		if len(body.Errors) > 0 {
 			msg := body.Errors[0].Message
-			return fmt.Errorf("Error response from server was: %s", msg)
+			return errors.Errorf("Response from server: %s", msg)
 		}
 	}
 	scode := resp.StatusCode
 	if scode >= 400 {
-		return fmt.Errorf("Failed with server status code %d for request:\n%s", scode, reqStr)
+		return errors.Errorf("Failed with server status code %d for request:\n%s", scode, reqStr)
 	}
 	if body == nil {
-		return fmt.Errorf("Empty response body:\n%s", reqStr)
+		return errors.Errorf("Empty response body:\n%s", reqStr)
 	}
 	if !body.Success {
-		return fmt.Errorf("Server returned failure for request:\n%s", reqStr)
+		return errors.Errorf("Server returned failure for request:\n%s", reqStr)
 	}
 	log.Debugf("Response body result: %+v", body.Result)
 	if result != nil {

internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go

@@ -23,9 +23,13 @@ package lib
 import (
 	"fmt"
 	"net/url"
+	"path"
 
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
+	log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/logbridge"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/tls"
+	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/util"
+	"github.com/hyperledger/fabric-sdk-go/pkg/errors"
 	"github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/bccsp/factory"
 )
 
@@ -63,7 +67,7 @@ func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)
 		expecting := fmt.Sprintf(
 			"%s://<enrollmentID>:<secret>@%s",
 			purl.Scheme, purl.Host)
-		return nil, fmt.Errorf(
+		return nil, errors.Errorf(
 			"The URL of the fabric CA server is missing the enrollment ID and secret;"+
 				" found '%s' but expecting '%s'", rawurl, expecting)
 	}
@@ -74,3 +78,32 @@ func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)
 	client := &Client{HomeDir: home, Config: c}
 	return client.Enroll(&c.Enrollment)
 }
+
+// GenCSR generates a certificate signing request and writes the CSR to a file.
+func (c *ClientConfig) GenCSR(home string) error {
+
+	client := &Client{HomeDir: home, Config: c}
+	// Generate the CSR
+
+	err := client.Init()
+	if err != nil {
+		return err
+	}
+
+	if c.CSR.CN == "" {
+		return errors.Errorf("CSR common name not specified; use '--csr.cn' flag")
+	}
+
+	csrPEM, _, err := client.GenCSR(&c.CSR, c.CSR.CN)
+	if err != nil {
+		return err
+	}
+
+	csrFile := path.Join(client.Config.MSPDir, "signcerts", fmt.Sprintf("%s.csr", c.CSR.CN))
+	err = util.WriteFile(csrFile, csrPEM, 0644)
+	if err != nil {
+		return errors.WithMessage(err, "Failed to store the CSR")
+	}
+	log.Infof("Stored CSR at %s", csrFile)
+	return nil
+}