[FAB-5778] Add Expiration to msp/Identity interface

This commit adds a new method: ExpiresAt() time.Time
to the Identity interface.

Change-Id: I130abf58cb19192ebcbabeb0cef52414b397dfe6
Signed-off-by: yacovm <yacovm@il.ibm.com>

Author: yacovm

common/cauthdsl/cauthdsl_test.go

@@ -20,12 +20,12 @@ import (
 	"bytes"
 	"errors"
 	"testing"
+	"time"
 
+	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric/msp"
 	cb "github.com/hyperledger/fabric/protos/common"
 	mb "github.com/hyperledger/fabric/protos/msp"
-
-	"github.com/golang/protobuf/proto"
 	logging "github.com/op/go-logging"
 	"github.com/stretchr/testify/assert"
 )
@@ -40,6 +40,10 @@ type mockIdentity struct {
 	idBytes []byte
 }
 
+func (id *mockIdentity) ExpiresAt() time.Time {
+	return time.Time{}
+}
+
 func (id *mockIdentity) SatisfiesPrincipal(p *mb.MSPPrincipal) error {
 	if bytes.Compare(id.idBytes, p.Principal) == 0 {
 		return nil

common/mocks/msp/noopmsp.go

@@ -17,6 +17,8 @@ limitations under the License.
 package msp
 
 import (
+	"time"
+
 	m "github.com/hyperledger/fabric/msp"
 	"github.com/hyperledger/fabric/protos/msp"
 )
@@ -95,6 +97,10 @@ func (id *noopidentity) SatisfiesPrincipal(*msp.MSPPrincipal) error {
 	return nil
 }
 
+func (id *noopidentity) ExpiresAt() time.Time {
+	return time.Time{}
+}
+
 func (id *noopidentity) GetIdentifier() *m.IdentityIdentifier {
 	return &m.IdentityIdentifier{Mspid: "NOOP", Id: "Bob"}
 }

core/policy/mocks/mocks.go

@@ -18,10 +18,9 @@ package mocks
 
 import (
 	"bytes"
-
-	"fmt"
-
 	"errors"
+	"fmt"
+	"time"
 
 	"github.com/hyperledger/fabric/common/policies"
 	"github.com/hyperledger/fabric/msp"
@@ -92,6 +91,10 @@ func (id *MockIdentity) SatisfiesPrincipal(p *mspproto.MSPPrincipal) error {
 	return nil
 }
 
+func (id *MockIdentity) ExpiresAt() time.Time {
+	return time.Time{}
+}
+
 func (id *MockIdentity) GetIdentifier() *msp.IdentityIdentifier {
 	return &msp.IdentityIdentifier{Mspid: "mock", Id: "mock"}
 }

msp/identities.go

@@ -24,6 +24,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric/bccsp"
@@ -79,6 +80,11 @@ func newIdentity(cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity,
 	return &identity{id: id, cert: cert, pk: pk, msp: msp}, nil
 }
 
+// ExpiresAt returns the time at which the Identity expires.
+func (id *identity) ExpiresAt() time.Time {
+	return id.cert.NotAfter
+}
+
 // SatisfiesPrincipal returns null if this instance matches the supplied principal or an error otherwise
 func (id *identity) SatisfiesPrincipal(principal *msp.MSPPrincipal) error {
 	return id.msp.SatisfiesPrincipal(id, principal)

msp/msp.go

@@ -7,6 +7,8 @@ SPDX-License-Identifier: Apache-2.0
 package msp
 
 import (
+	"time"
+
 	"github.com/hyperledger/fabric/protos/msp"
 )
 
@@ -113,6 +115,12 @@ type OUIdentifier struct {
 // with, and verifying signatures that correspond to these certificates.///
 type Identity interface {
 
+	// ExpiresAt returns the time at which the Identity expires.
+	// If the returned time is the zero value, it implies
+	// the Identity does not expire, or that its expiration
+	// time is unknown
+	ExpiresAt() time.Time
+
 	// GetIdentifier returns the identifier of that identity
 	GetIdentifier() *IdentityIdentifier
 

msp/msp_test.go

@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 	"reflect"
 	"testing"
+	"time"
 
 	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric/bccsp"
@@ -747,6 +748,15 @@ func TestAdminPolicyPrincipalFails(t *testing.T) {
 	assert.Error(t, err)
 }
 
+func TestIdentityExpiresAt(t *testing.T) {
+	thisMSP := getLocalMSP(t, "testdata/expiration")
+	assert.NotNil(t, thisMSP)
+	si, err := thisMSP.GetDefaultSigningIdentity()
+	assert.NoError(t, err)
+	expirationDate := si.GetPublicVersion().ExpiresAt()
+	assert.Equal(t, time.Date(2027, 8, 17, 12, 19, 48, 0, time.UTC), expirationDate)
+}
+
 func TestIdentityPolicyPrincipal(t *testing.T) {
 	id, err := localMsp.GetDefaultSigningIdentity()
 	assert.NoError(t, err)

msp/testdata/expiration/admincerts/User1.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCDCCAa6gAwIBAgIRANLH5Ue5a6tHuzCQtap1BP8wCgYIKoZIzj0EAwIwZzEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xEzARBgNVBAoTCmhybC5pYm0uaWwxFjAUBgNVBAMTDWNhLmhybC5p
+Ym0uaWwwHhcNMTcwODE5MTIxOTQ4WhcNMjcwODE3MTIxOTQ4WjBVMQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
+bzEZMBcGA1UEAwwQVXNlcjFAaHJsLmlibS5pbDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABE7fF65KsF0nxNgIBFVA2x/QU0LuAyuTsRaSWc/ycQAuLQfCti5bYp4W
+WaQUc5sBaKAmVbFQTm9RhmOhtIz7PL6jTTBLMA4GA1UdDwEB/wQEAwIHgDAMBgNV
+HRMBAf8EAjAAMCsGA1UdIwQkMCKAIMjiBsyFZlbO6pRxo7VgoqKhl78Ujd9sdWUk
+epB05fodMAoGCCqGSM49BAMCA0gAMEUCIQCiOzbaApF46NVobwh3wqHf8ID1zxja
+j23HPXR3FjjFZgIgXLujyDGETptNrELaytjG+dxO3Kzq/SM07K2zPUg4368=
+-----END CERTIFICATE-----

msp/testdata/expiration/cacerts/ca.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKTCCAdCgAwIBAgIPALI3Zpyi/75v3hhXSJJcMAoGCCqGSM49BAMCMGcxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh
+bmNpc2NvMRMwEQYDVQQKEwpocmwuaWJtLmlsMRYwFAYDVQQDEw1jYS5ocmwuaWJt
+LmlsMB4XDTE3MDgxOTEyMTk0OFoXDTI3MDgxNzEyMTk0OFowZzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+EzARBgNVBAoTCmhybC5pYm0uaWwxFjAUBgNVBAMTDWNhLmhybC5pYm0uaWwwWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQGJd5u4DmkEoScKT2vOGfnyG/hQ9vLwBbt
+6zCimNoE2p2plJgRxT5y2Or0qc0xkmpMomJXO8IJ4vtpbRDqu5b/o18wXTAOBgNV
+HQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MCkG
+A1UdDgQiBCDI4gbMhWZWzuqUcaO1YKKioZe/FI3fbHVlJHqQdOX6HTAKBggqhkjO
+PQQDAgNHADBEAiBqUahujAMCSV77pjiho/n3iEGsjX8PA6meVq7mhQgakAIgFHAI
+tmkcJ2ilCK5QxG+gtlnLm0rbmqKnB4JHqdF3tcU=
+-----END CERTIFICATE-----

msp/testdata/expiration/keystore/83c4189d96988eab469b1afa1dfbcb4463a1fff381d7dba9b9378b51a5ef9e77_sk

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXxOy/nD/twU+d4DL
+veUvrzae6jsrmT4vBnZR0cHkjKehRANCAARO3xeuSrBdJ8TYCARVQNsf0FNC7gMr
+k7EWklnP8nEALi0HwrYuW2KeFlmkFHObAWigJlWxUE5vUYZjobSM+zy+
+-----END PRIVATE KEY-----

msp/testdata/expiration/signcerts/cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCDCCAa6gAwIBAgIRANLH5Ue5a6tHuzCQtap1BP8wCgYIKoZIzj0EAwIwZzEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xEzARBgNVBAoTCmhybC5pYm0uaWwxFjAUBgNVBAMTDWNhLmhybC5p
+Ym0uaWwwHhcNMTcwODE5MTIxOTQ4WhcNMjcwODE3MTIxOTQ4WjBVMQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
+bzEZMBcGA1UEAwwQVXNlcjFAaHJsLmlibS5pbDBZMBMGByqGSM49AgEGCCqGSM49
+AwEHA0IABE7fF65KsF0nxNgIBFVA2x/QU0LuAyuTsRaSWc/ycQAuLQfCti5bYp4W
+WaQUc5sBaKAmVbFQTm9RhmOhtIz7PL6jTTBLMA4GA1UdDwEB/wQEAwIHgDAMBgNV
+HRMBAf8EAjAAMCsGA1UdIwQkMCKAIMjiBsyFZlbO6pRxo7VgoqKhl78Ujd9sdWUk
+epB05fodMAoGCCqGSM49BAMCA0gAMEUCIQCiOzbaApF46NVobwh3wqHf8ID1zxja
+j23HPXR3FjjFZgIgXLujyDGETptNrELaytjG+dxO3Kzq/SM07K2zPUg4368=
+-----END CERTIFICATE-----