Enable to bypass gossip security identity checks

In order to enable peer to connect to the organization leaders using same certificate adding a new configuration key which allows bypassing identity verification. Following parameter has to be added to the list of env variables or core.yaml: - CORE_PEER_GOSSIP_IGNORESECURITY=true Change-Id: I2cc18f290f1d36ad3900fe3ded4997fbc3d885c5 Signed-off-by: Artem Barger <bartem@il.ibm.com>
hyperledger · Jan 31, 2017 · c7b3fe0 · c7b3fe0
1 parent 0c2dff7
commit c7b3fe0
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 0 deletions.
diff --git a/gossip/integration/integration.go b/gossip/integration/integration.go
@@ -21,9 +21,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/hyperledger/fabric/gossip/api"
+	"github.com/hyperledger/fabric/gossip/common"
 	"github.com/hyperledger/fabric/gossip/gossip"
 	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	"github.com/hyperledger/fabric/peer/gossip/sa"
+	"github.com/spf13/viper"
 	"google.golang.org/grpc"
 )
 
@@ -58,5 +61,43 @@ func NewGossipComponent(identity []byte, endpoint string, s *grpc.Server, dialOp
 	conf := newConfig(endpoint, bootPeers...)
 	cryptSvc := mcs.NewMessageCryptoService()
 	secAdv := sa.NewSecurityAdvisor()
+	if viper.GetBool("peer.gossip.ignoresecurity") {
+		sec := &secImpl{[]byte(endpoint)}
+		cryptSvc = sec
+		secAdv = sec
+		identity = []byte(endpoint)
+	}
 	return gossip.NewGossipService(conf, s, secAdv, cryptSvc, identity, dialOpts...)
 }
+
+type secImpl struct {
+	identity []byte
+}
+
+func (*secImpl) OrgByPeerIdentity(api.PeerIdentityType) api.OrgIdentityType {
+	return api.OrgIdentityType("DEFAULT")
+}
+
+func (s *secImpl) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType {
+	return common.PKIidType(peerIdentity)
+}
+
+func (s *secImpl) VerifyBlock(chainID common.ChainID, signedBlock api.SignedBlock) error {
+	return nil
+}
+
+func (s *secImpl) Sign(msg []byte) ([]byte, error) {
+	return msg, nil
+}
+
+func (s *secImpl) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
+	return nil
+}
+
+func (s *secImpl) VerifyByChannel(chainID common.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error {
+	return nil
+}
+
+func (s *secImpl) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
+	return nil
+}
diff --git a/peer/common/anchors.go b/peer/common/anchors.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/hyperledger/fabric/msp"
 	"github.com/hyperledger/fabric/protos/peer"
+	"github.com/spf13/viper"
 )
 
 type AnchorPeerParser struct {
@@ -126,6 +127,11 @@ func anchorPeerFromFile(filename string) (*peer.AnchorPeer, error) {
 		Port: int32(port),
 		Cert: identity,
 	}
+
+	if viper.GetBool("peer.gossip.ignoresecurity") {
+		ap.Cert = []byte(fmt.Sprintf("%s:%d", ap.Host, ap.Port))
+	}
+
 	return ap, nil
 }