diff --git a/common/tools/cryptogen/ca/ca_test.go b/common/tools/cryptogen/ca/ca_test.go index a56cf368042..8d2b84f8578 100644 --- a/common/tools/cryptogen/ca/ca_test.go +++ b/common/tools/cryptogen/ca/ca_test.go @@ -38,7 +38,7 @@ var testDir = filepath.Join(os.TempDir(), "ca-test") func TestNewCA(t *testing.T) { caDir := filepath.Join(testDir, "ca") - rootCA, err := ca.NewCA(caDir, testCAName) + rootCA, err := ca.NewCA(caDir, testCAName, testCAName) assert.NoError(t, err, "Error generating CA") assert.NotNil(t, rootCA, "Failed to return CA") assert.NotNil(t, rootCA.Signer, @@ -68,7 +68,7 @@ func TestGenerateSignCertificate(t *testing.T) { assert.NotNil(t, ecPubKey, "Failed to generate signed certificate") // create our CA - rootCA, err := ca.NewCA(caDir, testCA2Name) + rootCA, err := ca.NewCA(caDir, testCA2Name, testCA2Name) assert.NoError(t, err, "Error generating CA") _, err = rootCA.SignCertificate(certDir, testName, ecPubKey) diff --git a/common/tools/cryptogen/ca/generator.go b/common/tools/cryptogen/ca/generator.go index 95eb012a8f3..3d991d627b0 100644 --- a/common/tools/cryptogen/ca/generator.go +++ b/common/tools/cryptogen/ca/generator.go @@ -40,7 +40,7 @@ type CA struct { // NewCA creates an instance of CA and saves the signing key pair in // baseDir/name -func NewCA(baseDir, name string) (*CA, error) { +func NewCA(baseDir, org, name string) (*CA, error) { var response error var ca *CA @@ -62,7 +62,7 @@ func NewCA(baseDir, name string) (*CA, error) { //set the organization for the subject subject := subjectTemplate() - subject.Organization = []string{name} + subject.Organization = []string{org} subject.CommonName = name template.Subject = subject diff --git a/common/tools/cryptogen/main.go b/common/tools/cryptogen/main.go index d403888f073..75d1308f345 100644 --- a/common/tools/cryptogen/main.go +++ b/common/tools/cryptogen/main.go @@ -70,6 +70,7 @@ type UsersSpec struct { type OrgSpec struct { Name string `yaml:"Name"` Domain string `yaml:"Domain"` + CA NodeSpec `yaml:"CA"` Template NodeTemplate `yaml:"Template"` Specs []NodeSpec `yaml:"Specs"` Users UsersSpec `yaml:"Users"` @@ -107,6 +108,15 @@ PeerOrgs: - Name: Org1 Domain: org1.example.com + # --------------------------------------------------------------------------- + # "CA" + # --------------------------------------------------------------------------- + # Uncomment this section to enable the explicit definition of the CA for this + # organization. This entry is a Spec. See "Specs" section below for details. + # --------------------------------------------------------------------------- + # CA: + # Hostname: ca # implicitly ca.org1.example.com + # --------------------------------------------------------------------------- # "Specs" # --------------------------------------------------------------------------- @@ -263,6 +273,15 @@ func parseTemplate(input, defaultInput string, data interface{}) (string, error) return output.String(), nil } +func renderCN(domain string, spec NodeSpec) (string, error) { + data := CommonNameData{ + Hostname: spec.Hostname, + Domain: domain, + } + + return parseTemplate(spec.CommonName, defaultCNTemplate, data) +} + func generateNodeSpec(orgSpec *OrgSpec, prefix string) error { // First process all of our templated nodes for i := 0; i < orgSpec.Template.Count; i++ { @@ -281,14 +300,9 @@ func generateNodeSpec(orgSpec *OrgSpec, prefix string) error { orgSpec.Specs = append(orgSpec.Specs, spec) } - // And finally touch up all specs to add the domain + // Touch up all general node-specs to add the domain for idx, spec := range orgSpec.Specs { - data := CommonNameData{ - Hostname: spec.Hostname, - Domain: orgSpec.Domain, - } - - finalCN, err := parseTemplate(spec.CommonName, defaultCNTemplate, data) + finalCN, err := renderCN(orgSpec.Domain, spec) if err != nil { return err } @@ -296,6 +310,16 @@ func generateNodeSpec(orgSpec *OrgSpec, prefix string) error { orgSpec.Specs[idx].CommonName = finalCN } + // Process the CA node-spec in the same manner + if len(orgSpec.CA.Hostname) == 0 { + orgSpec.CA.Hostname = "ca" + } + finalCN, err := renderCN(orgSpec.Domain, orgSpec.CA) + if err != nil { + return err + } + orgSpec.CA.CommonName = finalCN + return nil } @@ -311,7 +335,7 @@ func generatePeerOrg(baseDir string, orgSpec OrgSpec) { peersDir := filepath.Join(orgDir, "peers") usersDir := filepath.Join(orgDir, "users") adminCertsDir := filepath.Join(mspDir, "admincerts") - rootCA, err := ca.NewCA(caDir, orgName) + rootCA, err := ca.NewCA(caDir, orgName, orgSpec.CA.CommonName) if err != nil { fmt.Printf("Error generating CA for org %s:\n%v\n", orgName, err) os.Exit(1) @@ -407,7 +431,7 @@ func generateOrdererOrg(baseDir string, orgSpec OrgSpec) { orderersDir := filepath.Join(orgDir, "orderers") usersDir := filepath.Join(orgDir, "users") adminCertsDir := filepath.Join(mspDir, "admincerts") - rootCA, err := ca.NewCA(caDir, orgName) + rootCA, err := ca.NewCA(caDir, orgName, orgSpec.CA.CommonName) if err != nil { fmt.Printf("Error generating CA for org %s:\n%v\n", orgName, err) os.Exit(1) diff --git a/common/tools/cryptogen/msp/msp_test.go b/common/tools/cryptogen/msp/msp_test.go index 389db2b35c0..fb6d1d59b7e 100644 --- a/common/tools/cryptogen/msp/msp_test.go +++ b/common/tools/cryptogen/msp/msp_test.go @@ -27,7 +27,8 @@ import ( ) const ( - testCAName = "root0" + testCAOrg = "example.com" + testCAName = "ca" + "." + testCAOrg testName = "peer0" ) @@ -42,7 +43,7 @@ func TestGenerateLocalMSP(t *testing.T) { caDir := filepath.Join(testDir, "ca") mspDir := filepath.Join(testDir, "msp") - rootCA, err := ca.NewCA(caDir, testCAName) + rootCA, err := ca.NewCA(caDir, testCAOrg, testCAName) assert.NoError(t, err, "Error generating CA") err = msp.GenerateLocalMSP(testDir, testName, rootCA) assert.NoError(t, err, "Failed to generate local MSP") @@ -80,7 +81,7 @@ func TestGenerateVerifyingMSP(t *testing.T) { caDir := filepath.Join(testDir, "ca") mspDir := filepath.Join(testDir, "msp") - rootCA, err := ca.NewCA(caDir, testCAName) + rootCA, err := ca.NewCA(caDir, testCAOrg, testCAName) assert.NoError(t, err, "Failed to create new CA") err = msp.GenerateVerifyingMSP(mspDir, rootCA)