FAB-1220 update ecert persistence to PEM

per discussion with Gari Singh and Alessandro Sorniotti it's more
common to persist certificates in PEM format rather than DER.
Ale has agreed to update the endorser logic that checks certificates
to unmarshall as PEM instead of DER. this change is
https://gerrit.hyperledger.org/r/#/c/2701/1

the README and test/fixtures/docker-compose.yaml have been updated

- removed unnecessary comment regarding PEM to DER conversion

Change-Id: I0f09aafb43f0527b68c8e6e2a13c30c8527fdd9d
Signed-off-by: Jim Zhang <jzhang@us.ibm.com>

README.md

@@ -23,9 +23,8 @@ Clone the project and launch the following commands in the project root folder t
 The following tests require setting up a local blockchain network as the target. Because v1.0 is still in active development, you still need the vagrant environment to build the necessary Docker images needed to run the network. Follow the steps below to set it up.
 * `cd fabric/devenv`
 * Open the file `Vagrantfile` and insert the following statement below the existing `config.vm.network` statements:
-  * `  config.vm.network :forwarded_port, guest: 5151, host: 5151 # orderer service`
-  * `  config.vm.network :forwarded_port, guest: 7056, host: 7056 # Openchain gRPC services`
-  * `  config.vm.network :forwarded_port, guest: 7058, host: 7058 # GRPCCient gRPC services`
+  * `  config.vm.network :forwarded_port, guest: 7056, host: 7056 # gRPC services port for peer vp1`
+  * `  config.vm.network :forwarded_port, guest: 8888, host: 8888 # http port for COP server`
 
 * run `vagrant up` to launch the vagrant VM
 * Once inside vagrant, `cd $GOPATH/src/github.com/hyperledger/fabric`

lib/Member.js

@@ -658,7 +658,7 @@ var Member = class {
 
 		let signatureHeader = new _commonProto.SignatureHeader();
 
-		signatureHeader.setCreator(Buffer.from(creator, 'hex'));
+		signatureHeader.setCreator(Buffer.from(creator));
 		signatureHeader.setNonce(crypto.randomBytes(sdkUtils.getConfigSetting('nonce-size', 24)));
 
 		let header = new _commonProto.Header();

lib/impl/FabricCOPImpl.js

@@ -108,8 +108,7 @@ var FabricCOPServices = class {
 						self._fabricCOPClient.enroll(req.enrollmentID, req.enrollmentSecret, csr)
 							.then(
 							function (csrPEM) {
-								//Need to convert from PEM to DER and hex encode the response
-								return resolve(new api.Enrollment(privateKey, FabricCOPClient.pemToDER(csrPEM)));
+								return resolve(new api.Enrollment(privateKey, csrPEM));
 							},
 							function (err) {
 								return reject(err);

test/fixtures/docker-compose.yml

@@ -1,9 +1,3 @@
-membersrvc:
-  image: hyperledger/fabric-membersrvc
-  command: membersrvc
-  ports:
-    - 7054:7054
-
 orderer:
   image: hyperledger/fabric-orderer
   environment:
@@ -12,13 +6,12 @@ orderer:
     - ORDERER_GENERAL_BATCHSIZE=10
     - ORDERER_GENERAL_MAXWINDOWSIZE=1000
     - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
-    - ORDERER_GENERAL_LISTENPORT=5005
     - ORDERER_RAMLEDGER_HISTORY_SIZE=100
     - ORDERER_GENERAL_ORDERERTYPE=solo
   working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
   command: orderer
   ports:
-    - 5151:5005
+    - 7050:7050
 
 vp0:
   image: hyperledger/fabric-peer
@@ -29,25 +22,16 @@ vp0:
     - CORE_PEER_NETWORKID=${CORE_PEER_NETWORKID}
     - CORE_NEXT=true
     - CORE_PEER_ENDORSER_ENABLED=true
-    - CORE_SECURITY_ENABLED=false
-    - CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
-    - CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
-    - CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
-    - CORE_PEER_PKI_TLS_ROOTCERT_FILE=./bddtests/tlsca.cert
     - CORE_PEER_ID=vp0
-    - CORE_SECURITY_ENROLLID=test_vp0
-    - CORE_SECURITY_ENROLLSECRET=MwYpmSRjupbT
     - CORE_PEER_PROFILE_ENABLED=true
-    - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:5005
+    - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
   volumes:
       - /var/run/:/host/var/run/
   command: peer node start
   links:
-    - membersrvc
     - orderer
   ports:
     - 7051:7051
-    - 7053:7053
 
 vp1:
   image: hyperledger/fabric-peer
@@ -58,24 +42,15 @@ vp1:
     - CORE_PEER_NETWORKID=${CORE_PEER_NETWORKID}
     - CORE_NEXT=true
     - CORE_PEER_ENDORSER_ENABLED=true
-    - CORE_SECURITY_ENABLED=false
-    - CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
-    - CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
-    - CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
-    - CORE_PEER_PKI_TLS_ROOTCERT_FILE=./bddtests/tlsca.cert
     - CORE_PEER_ID=vp1
-    - CORE_SECURITY_ENROLLID=test_vp1
-    - CORE_SECURITY_ENROLLSECRET=5wgHK9qqYaPy
     - CORE_PEER_PROFILE_ENABLED=true
-    - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:5005
+    - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
     - CORE_PEER_DISCOVERY_ROOTNODE=vp0:7051
   volumes:
       - /var/run/:/host/var/run/
   command: peer node start
   links:
-    - membersrvc
     - orderer
     - vp0
   ports:
     - 7056:7051
-    - 7058:7053

test/unit/end-to-end.js

@@ -36,20 +36,17 @@ var chaincode_id = 'mycc1';
 
 testUtil.setupChaincodeDeploy();
 
-// need to override the default key size 384 to match the member service backend
-// otherwise the client will not be able to decrypt the enrollment challenge
-utils.setConfigSetting('crypto-keysize', 256);
-
 // need to override the default hash algorithm (SHA3) to SHA2 (aka SHA256 when combined
 // with the key size 256 above), in order to match what the peer and COP use
 utils.setConfigSetting('crypto-hash-algo', 'SHA2');
+utils.setConfigSetting('crypto-keysize', 256);
 
 chain.setKeyValueStore(hfc.newKeyValueStore({
 	path: testUtil.KVS
 }));
 
 chain.setMemberServicesUrl('http://localhost:8888');
-chain.setOrderer('grpc://localhost:5151');
+chain.setOrderer('grpc://localhost:7050');
 
 test('End-to-end flow of chaincode deploy, transaction invocation, and query', function(t) {
 	chain.enroll('admin', 'adminpw')

test/unit/endorser-tests.js

@@ -23,11 +23,17 @@ var hfc = require('../..');
 var util = require('util');
 var fs = require('fs');
 var testUtil = require('./util.js');
+var utils = require('../../lib/utils.js');
 
 var keyValStorePath = testUtil.KVS;
 
 testUtil.setupChaincodeDeploy();
 
+// need to override the default hash algorithm (SHA3) to SHA2 (aka SHA256 when combined
+// with the key size 256 above), in order to match what the peer and COP use
+utils.setConfigSetting('crypto-hash-algo', 'SHA2');
+utils.setConfigSetting('crypto-keysize', 256);
+
 //
 //Run the failing endorser test
 //
@@ -39,9 +45,9 @@ test('\n\n** TEST ** endorser test - missing targets', function(t) {
 		path: keyValStorePath
 	}));
 
-	chain.setMemberServicesUrl('grpc://localhost:7054');
+	chain.setMemberServicesUrl('http://localhost:8888');
 
-	chain.enroll('admin', 'Xurw3yU9zI0l')
+	chain.enroll('admin', 'adminpw')
 	.then(
 		function(admin) {
 			t.pass('Successfully enrolled user \'admin\'');
@@ -92,9 +98,9 @@ test('\n\n** TEST ** endorse transaction missing chaincodeId test', function(t)
 		path: keyValStorePath
 	}));
 
-	chain.setMemberServicesUrl('grpc://localhost:7054');
+	chain.setMemberServicesUrl('http://localhost:8888');
 
-	chain.enroll('admin', 'Xurw3yU9zI0l')
+	chain.enroll('admin', 'adminpw')
 	.then(
 		function(admin) {
 			t.pass('Successfully enrolled user \'admin\'');
@@ -146,9 +152,9 @@ test('\n\n** TEST ** endorse chaincode deployment good test', function(t) {
 		path: keyValStorePath
 	}));
 
-	chain.setMemberServicesUrl('grpc://localhost:7054');
+	chain.setMemberServicesUrl('http://localhost:8888');
 
-	chain.enroll('admin', 'Xurw3yU9zI0l')
+	chain.enroll('admin', 'adminpw')
 	.then(
 		function(admin) {
 			t.pass('Successfully enrolled user \'admin\'');

test/unit/marbles.js

@@ -37,20 +37,17 @@ var chaincode_id = 'marblescc';
 
 testUtil.setupChaincodeDeploy();
 
-// need to override the default key size 384 to match the member service backend
-// otherwise the client will not be able to decrypt the enrollment challenge
-utils.setConfigSetting('crypto-keysize', 256);
-
 // need to override the default hash algorithm (SHA3) to SHA2 (aka SHA256 when combined
 // with the key size 256 above), in order to match what the peer and COP use
 utils.setConfigSetting('crypto-hash-algo', 'SHA2');
+utils.setConfigSetting('crypto-keysize', 256);
 
 chain.setKeyValueStore(hfc.newKeyValueStore({
 	path: testUtil.KVS
 }));
 
 chain.setMemberServicesUrl('http://localhost:8888');
-chain.setOrderer('grpc://localhost:5151');
+chain.setOrderer('grpc://localhost:7050');
 
 test('End-to-end flow of chaincode deploy, transaction invocation, and query', function(t) {
 	chain.enroll('admin', 'adminpw')