From 89148e944a2c5a138ed7128eef0d6457dbdec163 Mon Sep 17 00:00:00 2001 From: yacovm Date: Mon, 21 Aug 2017 14:08:07 +0300 Subject: [PATCH] [FAB-5778] Add Expiration to msp/Identity interface This commit adds a new method: ExpiresAt() time.Time to the Identity interface. Change-Id: I130abf58cb19192ebcbabeb0cef52414b397dfe6 Signed-off-by: yacovm --- common/cauthdsl/cauthdsl_test.go | 8 ++++++-- common/mocks/msp/noopmsp.go | 6 ++++++ core/policy/mocks/mocks.go | 9 ++++++--- msp/identities.go | 6 ++++++ msp/msp.go | 8 ++++++++ msp/msp_test.go | 10 ++++++++++ msp/testdata/expiration/admincerts/User1.pem | 13 +++++++++++++ msp/testdata/expiration/cacerts/ca.pem | 14 ++++++++++++++ ...1afa1dfbcb4463a1fff381d7dba9b9378b51a5ef9e77_sk | 5 +++++ msp/testdata/expiration/signcerts/cert.pem | 13 +++++++++++++ peer/gossip/mocks/mocks.go | 9 ++++++--- 11 files changed, 93 insertions(+), 8 deletions(-) create mode 100644 msp/testdata/expiration/admincerts/User1.pem create mode 100644 msp/testdata/expiration/cacerts/ca.pem create mode 100755 msp/testdata/expiration/keystore/83c4189d96988eab469b1afa1dfbcb4463a1fff381d7dba9b9378b51a5ef9e77_sk create mode 100644 msp/testdata/expiration/signcerts/cert.pem diff --git a/common/cauthdsl/cauthdsl_test.go b/common/cauthdsl/cauthdsl_test.go index cfeaf3b1552..a7f8fad08dc 100644 --- a/common/cauthdsl/cauthdsl_test.go +++ b/common/cauthdsl/cauthdsl_test.go @@ -20,12 +20,12 @@ import ( "bytes" "errors" "testing" + "time" + "github.com/golang/protobuf/proto" "github.com/hyperledger/fabric/msp" cb "github.com/hyperledger/fabric/protos/common" mb "github.com/hyperledger/fabric/protos/msp" - - "github.com/golang/protobuf/proto" logging "github.com/op/go-logging" "github.com/stretchr/testify/assert" ) @@ -40,6 +40,10 @@ type mockIdentity struct { idBytes []byte } +func (id *mockIdentity) ExpiresAt() time.Time { + return time.Time{} +} + func (id *mockIdentity) SatisfiesPrincipal(p *mb.MSPPrincipal) error { if bytes.Compare(id.idBytes, p.Principal) == 0 { return nil diff --git a/common/mocks/msp/noopmsp.go b/common/mocks/msp/noopmsp.go index 029489756c7..696268b0490 100644 --- a/common/mocks/msp/noopmsp.go +++ b/common/mocks/msp/noopmsp.go @@ -17,6 +17,8 @@ limitations under the License. package msp import ( + "time" + m "github.com/hyperledger/fabric/msp" "github.com/hyperledger/fabric/protos/msp" ) @@ -95,6 +97,10 @@ func (id *noopidentity) SatisfiesPrincipal(*msp.MSPPrincipal) error { return nil } +func (id *noopidentity) ExpiresAt() time.Time { + return time.Time{} +} + func (id *noopidentity) GetIdentifier() *m.IdentityIdentifier { return &m.IdentityIdentifier{Mspid: "NOOP", Id: "Bob"} } diff --git a/core/policy/mocks/mocks.go b/core/policy/mocks/mocks.go index 5d19f987334..e66ed5d313d 100644 --- a/core/policy/mocks/mocks.go +++ b/core/policy/mocks/mocks.go @@ -18,10 +18,9 @@ package mocks import ( "bytes" - - "fmt" - "errors" + "fmt" + "time" "github.com/hyperledger/fabric/common/policies" "github.com/hyperledger/fabric/msp" @@ -92,6 +91,10 @@ func (id *MockIdentity) SatisfiesPrincipal(p *mspproto.MSPPrincipal) error { return nil } +func (id *MockIdentity) ExpiresAt() time.Time { + return time.Time{} +} + func (id *MockIdentity) GetIdentifier() *msp.IdentityIdentifier { return &msp.IdentityIdentifier{Mspid: "mock", Id: "mock"} } diff --git a/msp/identities.go b/msp/identities.go index 0d2704aa10d..8fc2c2ab2fb 100644 --- a/msp/identities.go +++ b/msp/identities.go @@ -24,6 +24,7 @@ import ( "encoding/pem" "errors" "fmt" + "time" "github.com/golang/protobuf/proto" "github.com/hyperledger/fabric/bccsp" @@ -79,6 +80,11 @@ func newIdentity(cert *x509.Certificate, pk bccsp.Key, msp *bccspmsp) (Identity, return &identity{id: id, cert: cert, pk: pk, msp: msp}, nil } +// ExpiresAt returns the time at which the Identity expires. +func (id *identity) ExpiresAt() time.Time { + return id.cert.NotAfter +} + // SatisfiesPrincipal returns null if this instance matches the supplied principal or an error otherwise func (id *identity) SatisfiesPrincipal(principal *msp.MSPPrincipal) error { return id.msp.SatisfiesPrincipal(id, principal) diff --git a/msp/msp.go b/msp/msp.go index 1e87bfadad2..30a20362e2f 100644 --- a/msp/msp.go +++ b/msp/msp.go @@ -7,6 +7,8 @@ SPDX-License-Identifier: Apache-2.0 package msp import ( + "time" + "github.com/hyperledger/fabric/protos/msp" ) @@ -113,6 +115,12 @@ type OUIdentifier struct { // with, and verifying signatures that correspond to these certificates./// type Identity interface { + // ExpiresAt returns the time at which the Identity expires. + // If the returned time is the zero value, it implies + // the Identity does not expire, or that its expiration + // time is unknown + ExpiresAt() time.Time + // GetIdentifier returns the identifier of that identity GetIdentifier() *IdentityIdentifier diff --git a/msp/msp_test.go b/msp/msp_test.go index 3f7a231f67e..9594d7e5010 100644 --- a/msp/msp_test.go +++ b/msp/msp_test.go @@ -27,6 +27,7 @@ import ( "path/filepath" "reflect" "testing" + "time" "github.com/golang/protobuf/proto" "github.com/hyperledger/fabric/bccsp" @@ -747,6 +748,15 @@ func TestAdminPolicyPrincipalFails(t *testing.T) { assert.Error(t, err) } +func TestIdentityExpiresAt(t *testing.T) { + thisMSP := getLocalMSP(t, "testdata/expiration") + assert.NotNil(t, thisMSP) + si, err := thisMSP.GetDefaultSigningIdentity() + assert.NoError(t, err) + expirationDate := si.GetPublicVersion().ExpiresAt() + assert.Equal(t, time.Date(2027, 8, 17, 12, 19, 48, 0, time.UTC), expirationDate) +} + func TestIdentityPolicyPrincipal(t *testing.T) { id, err := localMsp.GetDefaultSigningIdentity() assert.NoError(t, err) diff --git a/msp/testdata/expiration/admincerts/User1.pem b/msp/testdata/expiration/admincerts/User1.pem new file mode 100644 index 00000000000..5db61af4484 --- /dev/null +++ b/msp/testdata/expiration/admincerts/User1.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCDCCAa6gAwIBAgIRANLH5Ue5a6tHuzCQtap1BP8wCgYIKoZIzj0EAwIwZzEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xEzARBgNVBAoTCmhybC5pYm0uaWwxFjAUBgNVBAMTDWNhLmhybC5p +Ym0uaWwwHhcNMTcwODE5MTIxOTQ4WhcNMjcwODE3MTIxOTQ4WjBVMQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEZMBcGA1UEAwwQVXNlcjFAaHJsLmlibS5pbDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABE7fF65KsF0nxNgIBFVA2x/QU0LuAyuTsRaSWc/ycQAuLQfCti5bYp4W +WaQUc5sBaKAmVbFQTm9RhmOhtIz7PL6jTTBLMA4GA1UdDwEB/wQEAwIHgDAMBgNV +HRMBAf8EAjAAMCsGA1UdIwQkMCKAIMjiBsyFZlbO6pRxo7VgoqKhl78Ujd9sdWUk +epB05fodMAoGCCqGSM49BAMCA0gAMEUCIQCiOzbaApF46NVobwh3wqHf8ID1zxja +j23HPXR3FjjFZgIgXLujyDGETptNrELaytjG+dxO3Kzq/SM07K2zPUg4368= +-----END CERTIFICATE----- diff --git a/msp/testdata/expiration/cacerts/ca.pem b/msp/testdata/expiration/cacerts/ca.pem new file mode 100644 index 00000000000..a7655288a85 --- /dev/null +++ b/msp/testdata/expiration/cacerts/ca.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICKTCCAdCgAwIBAgIPALI3Zpyi/75v3hhXSJJcMAoGCCqGSM49BAMCMGcxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRMwEQYDVQQKEwpocmwuaWJtLmlsMRYwFAYDVQQDEw1jYS5ocmwuaWJt +LmlsMB4XDTE3MDgxOTEyMTk0OFoXDTI3MDgxNzEyMTk0OFowZzELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x +EzARBgNVBAoTCmhybC5pYm0uaWwxFjAUBgNVBAMTDWNhLmhybC5pYm0uaWwwWTAT +BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQGJd5u4DmkEoScKT2vOGfnyG/hQ9vLwBbt +6zCimNoE2p2plJgRxT5y2Or0qc0xkmpMomJXO8IJ4vtpbRDqu5b/o18wXTAOBgNV +HQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MCkG +A1UdDgQiBCDI4gbMhWZWzuqUcaO1YKKioZe/FI3fbHVlJHqQdOX6HTAKBggqhkjO +PQQDAgNHADBEAiBqUahujAMCSV77pjiho/n3iEGsjX8PA6meVq7mhQgakAIgFHAI +tmkcJ2ilCK5QxG+gtlnLm0rbmqKnB4JHqdF3tcU= +-----END CERTIFICATE----- diff --git a/msp/testdata/expiration/keystore/83c4189d96988eab469b1afa1dfbcb4463a1fff381d7dba9b9378b51a5ef9e77_sk b/msp/testdata/expiration/keystore/83c4189d96988eab469b1afa1dfbcb4463a1fff381d7dba9b9378b51a5ef9e77_sk new file mode 100755 index 00000000000..8d2f7d5fa46 --- /dev/null +++ b/msp/testdata/expiration/keystore/83c4189d96988eab469b1afa1dfbcb4463a1fff381d7dba9b9378b51a5ef9e77_sk @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXxOy/nD/twU+d4DL +veUvrzae6jsrmT4vBnZR0cHkjKehRANCAARO3xeuSrBdJ8TYCARVQNsf0FNC7gMr +k7EWklnP8nEALi0HwrYuW2KeFlmkFHObAWigJlWxUE5vUYZjobSM+zy+ +-----END PRIVATE KEY----- diff --git a/msp/testdata/expiration/signcerts/cert.pem b/msp/testdata/expiration/signcerts/cert.pem new file mode 100644 index 00000000000..5db61af4484 --- /dev/null +++ b/msp/testdata/expiration/signcerts/cert.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICCDCCAa6gAwIBAgIRANLH5Ue5a6tHuzCQtap1BP8wCgYIKoZIzj0EAwIwZzEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xEzARBgNVBAoTCmhybC5pYm0uaWwxFjAUBgNVBAMTDWNhLmhybC5p +Ym0uaWwwHhcNMTcwODE5MTIxOTQ4WhcNMjcwODE3MTIxOTQ4WjBVMQswCQYDVQQG +EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEZMBcGA1UEAwwQVXNlcjFAaHJsLmlibS5pbDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABE7fF65KsF0nxNgIBFVA2x/QU0LuAyuTsRaSWc/ycQAuLQfCti5bYp4W +WaQUc5sBaKAmVbFQTm9RhmOhtIz7PL6jTTBLMA4GA1UdDwEB/wQEAwIHgDAMBgNV +HRMBAf8EAjAAMCsGA1UdIwQkMCKAIMjiBsyFZlbO6pRxo7VgoqKhl78Ujd9sdWUk +epB05fodMAoGCCqGSM49BAMCA0gAMEUCIQCiOzbaApF46NVobwh3wqHf8ID1zxja +j23HPXR3FjjFZgIgXLujyDGETptNrELaytjG+dxO3Kzq/SM07K2zPUg4368= +-----END CERTIFICATE----- diff --git a/peer/gossip/mocks/mocks.go b/peer/gossip/mocks/mocks.go index 2ff4463a542..8d4914e3510 100644 --- a/peer/gossip/mocks/mocks.go +++ b/peer/gossip/mocks/mocks.go @@ -18,10 +18,9 @@ package mocks import ( "bytes" - - "fmt" - "errors" + "fmt" + "time" mockpolicies "github.com/hyperledger/fabric/common/mocks/policies" "github.com/hyperledger/fabric/common/policies" @@ -111,6 +110,10 @@ type Identity struct { Msg []byte } +func (id *Identity) ExpiresAt() time.Time { + return time.Time{} +} + func (id *Identity) SatisfiesPrincipal(*mspproto.MSPPrincipal) error { return nil }