FAB-1453 Use Identity class in User.js

the new Identity class abstracts out the management of
certificates and signature verification capabilities, as well as
relationship to MSP implementations. The User class needs to use
the Identity class to manage serialization (to send certificates
to peers along with signatures) and signature verification

The following tests can successfully run with the latest fabric:
- endorser-tests.js
- end-to-end.js (step1, step2)

Change-Id: Ida531d565f985937aeca736832bc33ab29ca475d
Signed-off-by: Jim Zhang <jzhang@us.ibm.com>

Author: jimthematrix

hfc-cop/lib/FabricCOPImpl.js

@@ -78,7 +78,7 @@ var FabricCOPServices = class {
 	 * @param req Enrollment request
 	 * @param {string} req.enrollmentID The registered ID to use for enrollment
 	 * @param {string} req.enrollmentSecret The secret associated with the enrollment ID
-	 * @returns Promise for [Enrollment]{@link module:api.Enrollment}
+	 * @returns Promise for an object with "key" for private key and "certificate" for the signed certificate
 	 */
 	enroll(req) {
 		var self = this;
@@ -107,7 +107,10 @@ var FabricCOPServices = class {
 						self._fabricCOPClient.enroll(req.enrollmentID, req.enrollmentSecret, csr)
 							.then(
 							function (csrPEM) {
-								return resolve(new api.Enrollment(privateKey, csrPEM));
+								return resolve({
+									key: privateKey,
+									certificate: csrPEM
+								});
 							},
 							function (err) {
 								return reject(err);

hfc/lib/Chain.js

@@ -372,9 +372,9 @@ var Chain = class {
 							return self._clientContext.getUserContext()
 							.then(
 								function(userContext) {
-									header = Chain._buildHeader(userContext.getEnrollment().certificate, request.chainId, 'lccc', request.txId, request.nonce);
+									header = Chain._buildHeader(userContext.getIdentity(), request.chainId, 'lccc', request.txId, request.nonce);
 									proposal = self._buildProposal(lcccSpec, header);
-									let signed_proposal = self._signProposal(userContext.getEnrollment(), proposal);
+									let signed_proposal = self._signProposal(userContext.getSigningIdentity(), proposal);
 
 									return Chain._sendPeersProposal(request.targets, signed_proposal);
 								}
@@ -452,9 +452,9 @@ var Chain = class {
 		return this._clientContext.getUserContext()
 		.then(
 			function(userContext) {
-				header = Chain._buildHeader(userContext.getEnrollment().certificate, request.chainId, request.chaincodeId, request.txId, request.nonce);
+				header = Chain._buildHeader(userContext.getIdentity(), request.chainId, request.chaincodeId, request.txId, request.nonce);
 				proposal = self._buildProposal(invokeSpec, header);
-				let signed_proposal = self._signProposal(userContext.getEnrollment(), proposal);
+				let signed_proposal = self._signProposal(userContext.getSigningIdentity(), proposal);
 
 				return Chain._sendPeersProposal(request.targets, signed_proposal);
 			}
@@ -567,7 +567,7 @@ var Chain = class {
 		return this._clientContext.getUserContext()
 		.then(
 			function(userContext) {
-				let sig = self.cryptoPrimitives.sign(userContext.getEnrollment().privateKey, payload_bytes);
+				let sig = self.cryptoPrimitives.sign(userContext.getSigningIdentity().key, payload_bytes);
 				let signature = Buffer.from(sig.toDER());
 
 				// building manually or will get protobuf errors on send
@@ -645,7 +645,7 @@ var Chain = class {
 
 		let signatureHeader = new _commonProto.SignatureHeader();
 
-		signatureHeader.setCreator(Buffer.from(creator));
+		signatureHeader.setCreator(creator.serialize());
 		signatureHeader.setNonce(nonce);
 
 		let header = new _commonProto.Header();
@@ -725,10 +725,10 @@ var Chain = class {
 	/**
 	 * @private
 	 */
-	_signProposal(enrollment, proposal) {
+	_signProposal(signingIdentity, proposal) {
 		let proposal_bytes = proposal.toBuffer();
 		// sign the proposal
-		let sig = this.cryptoPrimitives.sign(enrollment.privateKey, proposal_bytes);
+		let sig = this.cryptoPrimitives.sign(signingIdentity.key, proposal_bytes);
 		let signature = Buffer.from(sig.toDER());
 
 		logger.debug('_signProposal - signature::'+JSON.stringify(signature));

hfc/lib/User.js

@@ -18,7 +18,10 @@
 
 var util = require('util');
 var sdkUtils = require('./utils.js');
+var api = require('./api.js');
 var logger = sdkUtils.getLogger('Client.js');
+var Identity = require('./msp/identity.js');
+var MSP = require('./msp/msp.js');
 
 /**
  * The User class represents users that have been enrolled and represented by
@@ -59,10 +62,20 @@ var User = class {
 		}
 
 		this._enrollmentSecret = '';
-		this._enrollment = null;
+		this._identity = null;
+		this._signingIdentity = null;
 
 		this._client = client;
 		this.cryptoPrimitives = sdkUtils.getCryptoSuite();
+
+		// TODO: this should be using config properties obtained from the environment
+		this.mspImpl = new MSP({
+			trustedCerts: [],
+			signer: 'blah',
+			admins: [],
+			id: 'DEFAULT',
+			cryptoSuite: this.cryptoPrimitives
+		});
 	}
 
 	/**
@@ -106,27 +119,43 @@ var User = class {
 	}
 
 	/**
-	 * Get the enrollment object for this User instance
-	 * @returns {Enrollment} the enrollment object
+	 * Get the {@link Identity} object for this User instance, used to verify signatures
+	 * @returns {Identity} the identity object that encapsulates the user's enrollment certificate
+	 */
+	getIdentity() {
+		return this._identity;
+	}
+
+	/**
+	 * Get the {@link SigningIdentity} object for this User instance, used to generate signatures
+	 * @returns {SigningIdentity} the identity object that encapsulates the user's private key for signing
 	 */
-	getEnrollment() {
-		return this._enrollment;
+	getSigningIdentity() {
+		return this._signingIdentity;
 	}
 
 	/**
 	 * Set the enrollment object for this User instance
-	 * @param {Enrollment} the enrollment object
+	 * @param {Key} privateKey the private key object
+	 * @param {string} certificate the PEM-encoded string of certificate
 	 */
-	setEnrollment(enrollment) {
-		if (typeof enrollment.privateKey === 'undefined' || enrollment.privateKey === null || enrollment.privateKey === '') {
-			throw new Error('Invalid enrollment object. Must have a valid private key.');
+	setEnrollment(privateKey, certificate) {
+		if (typeof privateKey === 'undefined' || privateKey === null || privateKey === '') {
+			throw new Error('Invalid parameter. Must have a valid private key.');
 		}
 
-		if (typeof enrollment.certificate === 'undefined' || enrollment.certificate === null || enrollment.certificate === '') {
-			throw new Error('Invalid enrollment object. Must have a valid certificate.');
+		if (typeof certificate === 'undefined' || certificate === null || certificate === '') {
+			throw new Error('Invalid parameter. Must have a valid certificate.');
 		}
 
-		this._enrollment = enrollment;
+		var pubKey = this.cryptoPrimitives.importKey(certificate, { algorithm: api.CryptoAlgorithms.X509Certificate });
+		var identity = new Identity('testIdentity', certificate, pubKey, this.mspImpl);
+		this._identity = identity;
+
+		// TODO: to be encapsulated by a new class SigningIdentity
+		this._signingIdentity = {
+			key: privateKey
+		};
 	}
 
 	/**
@@ -155,7 +184,7 @@ var User = class {
 	 * @returns {boolean} True if enrolled; otherwise, false.
 	 */
 	isEnrolled() {
-		return this._enrollment !== null;
+		return this._identity !== null && this._signingIdentity != null;
 	}
 
 	/**
@@ -174,15 +203,21 @@ var User = class {
 		this._roles = state.roles;
 		this._affiliation = state.affiliation;
 		this._enrollmentSecret = state.enrollmentSecret;
-		this._enrollment = state.enrollment;
 
 		var self = this;
 
+		var pubKey = this.cryptoPrimitives.importKey(state.enrollment.identity.certificate, { algorithm: api.CryptoAlgorithms.X509Certificate });
+		var identity = new Identity(state.enrollment.identity.id, state.enrollment.identity.certificate, pubKey, this.mspImpl);
+		this._identity = identity;
+
 		// during serialization (see toString() below) only the key's SKI are saved
 		// swap out that for the real key from the crypto provider
-		var promise = this.cryptoPrimitives.getKey(this._enrollment.privateKey)
-		.then(function(key) {
-			self._enrollment.privateKey = key;
+		var promise = this.cryptoPrimitives.getKey(state.enrollment.signingIdentity)
+		.then(function(privateKey) {
+			self._signingIdentity = {
+				key: privateKey
+			};
+
 			return self;
 		});
 
@@ -194,9 +229,16 @@ var User = class {
 	 * @return {string} The state of this member as a string
 	 */
 	toString() {
-		var serializedEnrollment = (this._enrollment) ? Object.assign({}, this._enrollment) : null;
-		if (this._enrollment && this._enrollment.privateKey) {
-			serializedEnrollment.privateKey = this._enrollment.privateKey.getSKI();
+		var serializedEnrollment = {};
+		if (this._signingIdentity) {
+			serializedEnrollment.signingIdentity = this._signingIdentity.key.getSKI();
+		}
+
+		if (this._identity) {
+			serializedEnrollment.identity = {
+				id: this._identity.getId(),
+				certificate: this._identity._certificate
+			};
 		}
 
 		var state = {

hfc/lib/api.js

@@ -272,77 +272,3 @@ module.exports.CryptoAlgorithms = {
 	// X509Certificate Label for X509 certificate related operation
 	X509Certificate: 'X509Certificate'
 };
-
-/**
- * Represents enrollment data for a user.
- *
- * @class
- */
-module.exports.Enrollment = class {
-
-	constructor(key, cert) {
-		/**
-		 * @member {Key} privateKey private key generated locally by the SDK
-		 * @memberof module:api.Enrollment.prototype
-		 */
-		this.privateKey = key;
-
-		/**
-		 * @member {string} certificate HEX encoded string for the certificate issued by member services after successful enrollment
-		 * @memberof module:api.Enrollment.prototype
-		 */
-		this.certificate = cert;
-	}
-};
-
-/**
- * The base Certificate class
- *
- * @class
- */
-module.exports.Certificate = class {
-
-	constructor(cert, privateKey) {
-		/**
-		 * @member {buffer} cert The certificate
-		 * @memberof module:api.Certificate
-		 */
-		this._cert = cert;
-
-		/**
-		 * @member {buffer} privateKey The private key
-		 * @memberof module:api.Certificate
-		 */
-		this._privateKey = privateKey;
-	}
-
-	encode() {
-		return this._cert;
-	}
-};
-
-/**
- * Enrollment certificate. These certificates are nominal.
- *
- * @class
- */
-module.exports.ECert = class extends module.exports.Certificate {
-
-	constructor(cert, privateKey) {
-		super(cert, privateKey);
-	}
-
-};
-
-/**
- * Transaction certificate. These certificates are anonymous.
- *
- * @class
- */
-module.exports.TCert = class extends module.exports.Certificate {
-
-	constructor(publicKey, privateKey) {
-		super(publicKey, privateKey);
-	}
-};
-