Skip to content

Commit

Permalink
Update MSP config for application org
Browse files Browse the repository at this point in the history
FAB-17642

Signed-off-by: Tiffany Harris <tiffany.harris@ibm.com>
Signed-off-by: Will Lahti <wtlahti@us.ibm.com>
  • Loading branch information
wlahti authored and sykesm committed Mar 25, 2020
1 parent cdc2f68 commit edd5908
Show file tree
Hide file tree
Showing 2 changed files with 580 additions and 1 deletion.
92 changes: 91 additions & 1 deletion pkg/config/msp.go
Original file line number Diff line number Diff line change
Expand Up @@ -554,6 +554,96 @@ func AddRootCAToMSP(config *cb.Config, rootCA *x509.Certificate, orgName string)
return nil
}

// UpdateMSP updates the MSP for the provided config application org group.
func UpdateMSP(config *cb.Config, updatedMSP MSP, orgName string) error {
currentMSP, err := GetMSPConfigurationForApplicationOrg(config, orgName)
if err != nil {
return fmt.Errorf("retrieving msp: %v", err)
}

if currentMSP.Name != updatedMSP.Name {
return errors.New("MSP name cannot be changed")
}

err = validateMSPCACerts(updatedMSP)
if err != nil {
return err
}

err = setMSPConfigForOrg(config, updatedMSP, orgName)
if err != nil {
return err
}

return nil
}

func setMSPConfigForOrg(config *cb.Config, updatedMSP MSP, orgName string) error {
fabricMSPConfig, err := updatedMSP.toProto()
if err != nil {
return err
}

conf, err := proto.Marshal(fabricMSPConfig)
if err != nil {
return fmt.Errorf("marshaling msp config: %v", err)
}

mspConfig := &mb.MSPConfig{
Config: conf,
}

orgGroup, err := getApplicationOrg(config, orgName)
if err != nil {
return err
}

err = addValue(orgGroup, mspValue(mspConfig), AdminsPolicyKey)
if err != nil {
return err
}

return nil
}

func validateMSPCACerts(msp MSP) error {
err := validateCACerts(msp.RootCerts)
if err != nil {
return fmt.Errorf("invalid root cert: %v", err)
}

err = validateCACerts(msp.IntermediateCerts)
if err != nil {
return fmt.Errorf("invalid intermediate cert: %v", err)
}

err = validateCACerts(msp.TLSRootCerts)
if err != nil {
return fmt.Errorf("invalid tls root cert: %v", err)
}

err = validateCACerts(msp.TLSIntermediateCerts)
if err != nil {
return fmt.Errorf("invalid tls intermediate cert: %v", err)
}

return nil
}

func validateCACerts(caCerts []*x509.Certificate) error {
for _, caCert := range caCerts {
if (caCert.KeyUsage & x509.KeyUsageCertSign) == 0 {
return fmt.Errorf("KeyUsage must be x509.KeyUsageCertSign. serial number: %d", caCert.SerialNumber)
}

if !caCert.IsCA {
return fmt.Errorf("must be a CA certificate. serial number: %d", caCert.SerialNumber)
}
}

return nil
}

func getFabricMSPConfig(org *cb.ConfigGroup) (*mb.FabricMSPConfig, error) {
configValue, err := getOrgMSPValue(org)
if err != nil {
Expand Down Expand Up @@ -663,7 +753,7 @@ func RevokeCertificateFromMSP(config *cb.Config, orgName string, caCert *x509.Ce
return nil
}

// validateCerts check if a cert was issued by a given MSP based
// validateCert checks if a cert was issued by a given MSP based
// on the root and intermediate CA certs.
func validateCert(cert *x509.Certificate, fabricMSPConfig *mb.FabricMSPConfig) error {
caCerts := []*x509.Certificate{}
Expand Down
Loading

0 comments on commit edd5908

Please sign in to comment.