FAB-9418 Default for SSL neg/provider

Change-Id: Ic0f909e656584972e15051dc2415a34d5be362fc
Signed-off-by: rickr <cr22rc@gmail.com>

Author: cr22rc

config.properties

@@ -33,6 +33,10 @@
 ## If true the SDK will perform a check on the endorsed proposals to guarantee they are consistent. This will be checked by the endorsing peers
 ## prior to committing the block and will fail regardless.
 #org.hyperledger.fabric.sdk.proposal.consistency_validation=true
+## Default ssl provider on grpc connections  (openSSL, JDK)
+#org.hyperledger.fabric.sdk.connections.ssl.sslProvider=openSSL
+## Default negotiation type for grpc ssl connections. (TLS, plainText)
+#org.hyperledger.fabric.sdk.connections.ssl.negotiationType=TLS
 
 # System wide defaults for CryptoPrimitives objects. You can customize further by using the
 # CryptoPrimitives.setProperties() method.

src/main/java/org/hyperledger/fabric/sdk/Endpoint.java

@@ -53,14 +53,19 @@
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.hyperledger.fabric.sdk.exception.CryptoException;
+import org.hyperledger.fabric.sdk.helper.Config;
 import org.hyperledger.fabric.sdk.security.CryptoPrimitives;
 
+import static java.lang.String.format;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.hyperledger.fabric.sdk.helper.Utils.parseGrpcUrl;
 
 class Endpoint {
     private static final Log logger = LogFactory.getLog(Endpoint.class);
 
+    private static final String SSLPROVIDER = Config.getConfig().getDefaultSSLProvider();
+    private static final String SSLNEGOTIATION = Config.getConfig().getDefaultSSLNegotiationType();
+
     private final String addr;
     private final int port;
     private final String url;
@@ -71,7 +76,7 @@ class Endpoint {
     private static final Map<String, String> CN_CACHE = Collections.synchronizedMap(new HashMap<>());
 
     Endpoint(String url, Properties properties) {
-        logger.trace(String.format("Creating endpoint for url %s", url));
+        logger.trace(format("Creating endpoint for url %s", url));
         this.url = url;
         String cn = null;
         String sslp = null;
@@ -168,19 +173,23 @@ class Endpoint {
                 }
 
                 sslp = properties.getProperty("sslProvider");
-                if (sslp == null) {
-                    throw new RuntimeException("Property of sslProvider expected");
+
+                if (null == sslp) {
+                    sslp = SSLPROVIDER;
+                    logger.trace(format("Endpoint %s specific SSL provider not found use global value: %s ", url, SSLPROVIDER));
                 }
-                if (!sslp.equals("openSSL") && !sslp.equals("JDK")) {
-                    throw new RuntimeException("Property of sslProvider has to be either openSSL or JDK");
+                if (!"openSSL".equals(sslp) && !"JDK".equals(sslp)) {
+                    throw new RuntimeException(format("Endpoint %s property of sslProvider has to be either openSSL or JDK. value: '%s'", url, sslp));
                 }
 
                 nt = properties.getProperty("negotiationType");
-                if (nt == null) {
-                    throw new RuntimeException("Property of negotiationType expected");
+                if (null == nt) {
+                    nt = SSLNEGOTIATION;
+                    logger.trace(format("Endpoint %s specific Negotiation type not found use global value: %s ", url, SSLNEGOTIATION));
                 }
-                if (!nt.equals("TLS") && !nt.equals("plainText")) {
-                    throw new RuntimeException("Property of negotiationType has to be either TLS or plainText");
+
+                if (!"TLS".equals(nt) && !"plainText".equals(nt)) {
+                    throw new RuntimeException(format("Endpoint %s property of negotiationType has to be either TLS or plainText. value: '%s'", url, nt));
                 }
             }
         }
@@ -197,6 +206,7 @@ class Endpoint {
                 } else {
                     try {
 
+                        logger.trace(format("Endpoint %s Negotiation type: '%s', SSLprovider: '%s'", url, nt, sslp));
                         SslProvider sslprovider = sslp.equals("openSSL") ? SslProvider.OPENSSL : SslProvider.JDK;
                         NegotiationType ntype = nt.equals("TLS") ? NegotiationType.TLS : NegotiationType.PLAINTEXT;
 
@@ -331,7 +341,7 @@ private void addNettyBuilderProps(NettyChannelBuilder channelBuilder, Properties
                     sep = ", ";
 
                 }
-                logger.trace(String.format("Endpoint with url: %s set managed channel builder method %s (%s) ", url,
+                logger.trace(format("Endpoint with url: %s set managed channel builder method %s (%s) ", url,
                         method, sb.toString()));
 
             }

src/main/java/org/hyperledger/fabric/sdk/NetworkConfig.java

@@ -77,10 +77,6 @@ public class NetworkConfig {
     // Organizations, keyed on org name (and not on mspid!)
     private Map<String, OrgInfo> organizations;
 
-    // CAs keyed on name
-    private Map<String, CAInfo> certificateAuthorities;
-    private Map<String, CAInfo> certificateAuthoritiesJSON;
-
     private static final Log logger = LogFactory.getLog(NetworkConfig.class);
 
     private NetworkConfig(JsonObject jsonConfig) throws InvalidArgumentException, NetworkConfigurationException {

src/main/java/org/hyperledger/fabric/sdk/helper/Config.java

@@ -76,6 +76,14 @@ public class Config {
     public static final String LOGGERLEVEL = "org.hyperledger.fabric.sdk.loglevel";  // ORG_HYPERLEDGER_FABRIC_SDK_LOGLEVEL=TRACE,DEBUG
     public static final String DIAGNOTISTIC_FILE_DIRECTORY = "org.hyperledger.fabric.sdk.diagnosticFileDir"; //ORG_HYPERLEDGER_FABRIC_SDK_DIAGNOSTICFILEDIR
 
+    /**
+     * Connections settings
+     */
+
+    public static final String CONN_SSL_PROVIDER = "org.hyperledger.fabric.sdk.connections.ssl.sslProvider";
+    public static final String CONN_SSL_NEGTYPE = "org.hyperledger.fabric.sdk.connections.ssl.negotiationType";
+
+
     /**
      * Miscellaneous settings
      **/
@@ -133,6 +141,13 @@ private Config() {
             defaultProperty(CERTIFICATE_FORMAT, "X.509");
             defaultProperty(SIGNATURE_ALGORITHM, "SHA256withECDSA");
 
+            /**
+             * Connection defaults
+             */
+
+            defaultProperty(CONN_SSL_PROVIDER, "openSSL");
+            defaultProperty(CONN_SSL_NEGTYPE, "TLS");
+
             /**
              * Logging settings
              **/
@@ -271,6 +286,28 @@ public String getHashAlgorithm() {
 
     }
 
+    /**
+     * The default ssl provider for grpc connection
+     *
+     * @return The default ssl provider for grpc connection
+     */
+    public String getDefaultSSLProvider() {
+        return getProperty(CONN_SSL_PROVIDER);
+
+    }
+
+    /**
+     * The default ssl negotiation type
+     *
+     * @return The default ssl negotiation type
+     */
+
+    public String getDefaultSSLNegotiationType() {
+        return getProperty(CONN_SSL_NEGTYPE);
+
+    }
+
+
     private Map<Integer, String> curveMapping = null;
 
     /**

src/test/fixture/sdkintegration/network_configs/network-config-tls.yaml

@@ -256,8 +256,8 @@ peers:
     grpcOptions:
       ssl-target-name-override: peer0.org1.example.com
       grpc.http2.keepalive_time: 15
-      negotiationType: TLS
-      sslProvider: openSSL
+     # negotiationType: TLS  ### purposely commented out to verify these are the defaults
+     # sslProvider: openSSL
       hostnameOverride: peer1.org1.example.com
 
     tlsCACerts:

src/test/java/org/hyperledger/fabric/sdk/EndpointTest.java

@@ -68,8 +68,6 @@ public void testEndpointNonPEM() {
 
     @Test
     public void testNullPropertySslProvider() {
-        thrown.expect(RuntimeException.class);
-        thrown.expectMessage("Property of sslProvider expected");
 
         Properties testprops = new Properties();
         testprops.setProperty("hostnameOverride", "override");
@@ -80,19 +78,17 @@ public void testNullPropertySslProvider() {
     @Test
     public void testEmptyPropertySslProvider() {
         thrown.expect(RuntimeException.class);
-        thrown.expectMessage("Property of sslProvider has to be either openSSL or JDK");
+        thrown.expectMessage("property of sslProvider has to be either openSSL or JDK");
 
         Properties testprops = new Properties();
-        testprops.setProperty("sslProvider", "");
+        testprops.setProperty("sslProvider", "closedSSL");
         testprops.setProperty("hostnameOverride", "override");
 
         new Endpoint("grpcs://localhost:594", testprops);
     }
 
     @Test
     public void testNullPropertyNegotiationType() {
-        thrown.expect(RuntimeException.class);
-        thrown.expectMessage("Property of negotiationType expected");
 
         Properties testprops = new Properties();
         testprops.setProperty("sslProvider", "openSSL");
@@ -104,7 +100,7 @@ public void testNullPropertyNegotiationType() {
     @Test
     public void testEmptyPropertyNegotiationType() {
         thrown.expect(RuntimeException.class);
-        thrown.expectMessage("Property of negotiationType has to be either TLS or plainText");
+        thrown.expectMessage("property of negotiationType has to be either TLS or plainText");
 
         Properties testprops = new Properties();
         testprops.setProperty("sslProvider", "openSSL");