[FAB-6983] fabric-ca to reuse sdk cryptosuite

- fabric-ca will reuse sdk cryptosuite while creating
 new fabric-client
- removed unused internal fabric-ca code
- msp.NewBccspMsp will reuse cryptosuite from fabric client
- pkg\cryptosuite\bccsp test coverage - 100%
- pkg\cryptosuite test coverage - 100%


Change-Id: I946d1b6f9d0219d51b5bf354ebb45d745d50340b
Signed-off-by: Sudesh Shetty <sudesh.shetty@securekey.com>

api/apicryptosuite/cryptosuite.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 /*
-Notice: This file is a modified version of ‘third_party/github.com/hyperledger/fabric/bccsp/bccsp.go’
+Notice: This file is a modified version of ‘internal/github.com/hyperledger/fabric/bccsp/bccsp.go’
 where interfaces and functions are removed to minimize for Hyperledger Fabric SDK Go usage.
 
 CryptoSuite interface defined in this file acts as a wrapper for

def/fabapi/context/defprovider/org.go

@@ -26,8 +26,8 @@ func NewOrgClientFactory() *OrgClientFactory {
 }
 
 // NewMSPClient returns a new default implmentation of the MSP client
-func (f *OrgClientFactory) NewMSPClient(orgName string, config apiconfig.Config) (fabca.FabricCAClient, error) {
-	mspClient, err := fabricCAClient.NewFabricCAClient(config, orgName)
+func (f *OrgClientFactory) NewMSPClient(orgName string, config apiconfig.Config, cryptoProvider apicryptosuite.CryptoSuite) (fabca.FabricCAClient, error) {
+	mspClient, err := fabricCAClient.NewFabricCAClient(orgName, config, cryptoProvider)
 	if err != nil {
 		return nil, errors.WithMessage(err, "NewFabricCAClient failed")
 	}

def/fabapi/context/defprovider/sdk.go

@@ -13,7 +13,8 @@ import (
 	"github.com/hyperledger/fabric-sdk-go/api/apicryptosuite"
 	"github.com/hyperledger/fabric-sdk-go/def/fabapi/opt"
 	configImpl "github.com/hyperledger/fabric-sdk-go/pkg/config"
-	cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp"
+	"github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite"
+	cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp"
 	"github.com/hyperledger/fabric-sdk-go/pkg/errors"
 	kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore"
 	signingMgr "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/signingmgr"
@@ -56,7 +57,12 @@ func (f *DefaultProviderFactory) NewStateStoreProvider(o opt.StateStoreOpts, con
 
 // NewCryptoSuiteProvider returns a new default implementation of BCCSP
 func (f *DefaultProviderFactory) NewCryptoSuiteProvider(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) {
-	return cryptosuite.GetSuiteByConfig(config)
+	cryptoSuiteProvider, err := cryptosuiteimpl.GetSuiteByConfig(config)
+	//Setting this cryptosuite as a factory default too
+	if cryptoSuiteProvider != nil {
+		cryptosuite.SetDefault(cryptoSuiteProvider)
+	}
+	return cryptoSuiteProvider, err
 }
 
 // NewSigningManager returns a new default implementation of signing manager

def/fabapi/context/provider.go

@@ -30,7 +30,7 @@ type SDKProviderFactory interface {
 // OrgClientFactory allows overriding default clients and providers of an organization
 // Currently, a context is created for each organization that the client app needs.
 type OrgClientFactory interface {
-	NewMSPClient(orgName string, config apiconfig.Config) (fabca.FabricCAClient, error)
+	NewMSPClient(orgName string, config apiconfig.Config, cryptoProvider apicryptosuite.CryptoSuite) (fabca.FabricCAClient, error)
 	NewCredentialManager(orgName string, config apiconfig.Config, cryptoProvider apicryptosuite.CryptoSuite) (fab.CredentialManager, error)
 }
 

def/fabapi/pkgfactory.go

@@ -186,8 +186,8 @@ func NewConfigManager(configFile string) (config.Config, error) {
 }
 
 // NewCAClient returns a new default implmentation of the MSP client
-func NewCAClient(orgName string, config config.Config) (fabca.FabricCAClient, error) {
-	mspClient, err := fabricCAClient.NewFabricCAClient(config, orgName)
+func NewCAClient(orgName string, config config.Config, cryptoSuite apicryptosuite.CryptoSuite) (fabca.FabricCAClient, error) {
+	mspClient, err := fabricCAClient.NewFabricCAClient(orgName, config, cryptoSuite)
 	if err != nil {
 		return nil, errors.WithMessage(err, "NewFabricCAClient failed")
 	}

internal/github.com/hyperledger/fabric-ca/lib/client.go

@@ -94,11 +94,7 @@ func (c *Client) Init() error {
 		if err != nil {
 			return errors.Wrap(err, "Failed to create cacerts directory")
 		}
-		// Initialize BCCSP (the crypto layer)
-		c.csp, err = util.InitBCCSP(&cfg.CSP, mspDir, c.HomeDir)
-		if err != nil {
-			return err
-		}
+		c.csp = cfg.CSP
 		// Create http.Client object and associate it with this client
 		err = c.initHTTPClient()
 		if err != nil {

internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go

@@ -21,9 +21,9 @@ Please review third_party pinning scripts and patches for more details.
 package lib
 
 import (
+	"github.com/hyperledger/fabric-sdk-go/api/apicryptosuite"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/tls"
-	factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge"
 )
 
 // ClientConfig is the fabric-ca client's config
@@ -37,6 +37,6 @@ type ClientConfig struct {
 	ID         api.RegistrationRequest
 	Revoke     api.RevocationRequest
 	CAInfo     api.GetCAInfoRequest
-	CAName     string               `help:"Name of CA"`
-	CSP        *factory.FactoryOpts `mapstructure:"bccsp"`
+	CAName     string                     `help:"Name of CA"`
+	CSP        apicryptosuite.CryptoSuite `mapstructure:"bccsp"`
 }

internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go

@@ -18,9 +18,8 @@ import (
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory"
 	cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer"
-	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils"
-	cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp"
+	"github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite"
 )
 
 const (
@@ -54,18 +53,9 @@ type FactoryOpts struct {
 	*factory.FactoryOpts
 }
 
-//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config)
-func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) {
-	bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config))
-	if err != nil {
-		return nil, err
-	}
-	return cryptosuite.GetSuite(bccsp), nil
-}
-
-//InitFactories is a bridge for bccsp factory.InitFactories(config)
-func InitFactories(config *FactoryOpts) error {
-	return factory.InitFactories(getFactoryOpts(config))
+// NewCspSigner is a bridge for bccsp signer.New call
+func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) {
+	return cspsigner.New(csp, key)
 }
 
 // PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey()
@@ -78,46 +68,9 @@ func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) {
 	return utils.PrivateKeyToDER(privateKey)
 }
 
-// NewCspsigner is a bridge for bccsp signer.New call
-func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) {
-	return cspsigner.New(csp, key)
-}
-
-//NewEmptySwOpts creates new empty bccsp factory.SwOpts
-func NewSwOpts() *factory.SwOpts {
-	return &factory.SwOpts{}
-}
-
-//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts
-func NewFileKeystoreOpts() *factory.FileKeystoreOpts {
-	return &factory.FileKeystoreOpts{}
-}
-
-//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default
+//GetDefault returns default cryptosuite from bccsp factory default
 func GetDefault() apicryptosuite.CryptoSuite {
-	return cryptosuite.GetSuite(factory.GetDefault())
-}
-
-//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS()
-func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) {
-	return sw.SignatureToLowS(k, signature)
-}
-
-//GetHashOpt is a bridge for bccsp util GetHashOpt
-func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) {
-	return bccsp.GetHashOpt(hashFunction)
-}
-
-func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts {
-	if config == nil {
-		return nil
-	}
-	return &factory.FactoryOpts{
-		SwOpts:       config.SwOpts,
-		ProviderName: config.ProviderName,
-		Pkcs11Opts:   config.Pkcs11Opts,
-		PluginOpts:   config.PluginOpts,
-	}
+	return cryptosuite.GetDefault()
 }
 
 //GetSHAOpts returns options for computing SHA.

internal/github.com/hyperledger/fabric-ca/util/csp.go

@@ -29,106 +29,16 @@ import (
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
-	"path"
 	"strings"
 
 	"github.com/hyperledger/fabric-sdk-go/api/apicryptosuite"
 	"github.com/hyperledger/fabric-sdk-go/pkg/errors"
 
 	"github.com/cloudflare/cfssl/csr"
-	"github.com/cloudflare/cfssl/helpers"
 	factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge"
 	log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/logbridge"
 )
 
-// InitBCCSP initializes BCCSP
-func InitBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) (apicryptosuite.CryptoSuite, error) {
-	err := ConfigureBCCSP(optsPtr, mspDir, homeDir)
-	if err != nil {
-		return nil, err
-	}
-	csp, err := GetBCCSP(*optsPtr, homeDir)
-	if err != nil {
-		return nil, err
-	}
-	return csp, nil
-}
-
-// ConfigureBCCSP configures BCCSP, using
-func ConfigureBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) error {
-	var err error
-	if optsPtr == nil {
-		return errors.New("nil argument not allowed")
-	}
-	opts := *optsPtr
-	if opts == nil {
-		opts = &factory.FactoryOpts{}
-	}
-	if opts.ProviderName == "" {
-		opts.ProviderName = "SW"
-	}
-	if strings.ToUpper(opts.ProviderName) == "SW" {
-		if opts.SwOpts == nil {
-			opts.SwOpts = factory.NewSwOpts()
-		}
-		if opts.SwOpts.HashFamily == "" {
-			opts.SwOpts.HashFamily = "SHA2"
-		}
-		if opts.SwOpts.SecLevel == 0 {
-			opts.SwOpts.SecLevel = 256
-		}
-		if opts.SwOpts.FileKeystore == nil {
-			opts.SwOpts.FileKeystore = factory.NewFileKeystoreOpts()
-		}
-		// The mspDir overrides the KeyStorePath; otherwise, if not set, set default
-		if mspDir != "" {
-			opts.SwOpts.FileKeystore.KeyStorePath = path.Join(mspDir, "keystore")
-		} else if opts.SwOpts.FileKeystore.KeyStorePath == "" {
-			opts.SwOpts.FileKeystore.KeyStorePath = path.Join("msp", "keystore")
-		}
-	}
-	err = makeFileNamesAbsolute(opts, homeDir)
-	if err != nil {
-		return errors.WithMessage(err, "Failed to make BCCSP files absolute")
-	}
-	log.Debugf("Initializing BCCSP: %+v", opts)
-	if opts.SwOpts != nil {
-		log.Debugf("Initializing BCCSP with software options %+v", opts.SwOpts)
-	}
-	if opts.Pkcs11Opts != nil {
-		log.Debugf("Initializing BCCSP with PKCS11 options %+v", opts.Pkcs11Opts)
-	}
-	// Init the BCCSP factories
-	err = factory.InitFactories(opts)
-	if err != nil {
-		return errors.WithMessage(err, "Failed to initialize BCCSP Factories")
-	}
-	*optsPtr = opts
-	return nil
-}
-
-// GetBCCSP returns BCCSP
-func GetBCCSP(opts *factory.FactoryOpts, homeDir string) (apicryptosuite.CryptoSuite, error) {
-
-	// Get BCCSP from the opts
-	csp, err := factory.GetBCCSPFromOpts(opts)
-	if err != nil {
-		return nil, errors.WithMessage(err, "Failed to get BCCSP with opts")
-	}
-	return csp, nil
-}
-
-// makeFileNamesAbsolute makes all relative file names associated with CSP absolute,
-// relative to 'homeDir'.
-func makeFileNamesAbsolute(opts *factory.FactoryOpts, homeDir string) error {
-	var err error
-	if opts != nil && opts.SwOpts != nil && opts.SwOpts.FileKeystore != nil {
-		fks := opts.SwOpts.FileKeystore
-		fks.KeyStorePath, err = MakeFileAbs(fks.KeyStorePath, homeDir)
-	}
-	return err
-}
-
 // getBCCSPKeyOpts generates a key as specified in the request.
 // This supports ECDSA and RSA.
 func getBCCSPKeyOpts(kr csr.KeyRequest, ephemeral bool) (opts apicryptosuite.KeyGenOpts, err error) {
@@ -183,30 +93,13 @@ func GetSignerFromCert(cert *x509.Certificate, csp apicryptosuite.CryptoSuite) (
 		return nil, nil, errors.WithMessage(err, "Could not find matching private key for SKI")
 	}
 	// Construct and initialize the signer
-	signer, err := factory.NewCspsigner(csp, privateKey)
+	signer, err := factory.NewCspSigner(csp, privateKey)
 	if err != nil {
 		return nil, nil, errors.WithMessage(err, "Failed to load ski from bccsp")
 	}
 	return privateKey, signer, nil
 }
 
-// GetSignerFromCertFile load skiFile and load private key represented by ski and return bccsp signer that conforms to crypto.Signer
-func GetSignerFromCertFile(certFile string, csp apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, *x509.Certificate, error) {
-	// Load cert file
-	certBytes, err := ioutil.ReadFile(certFile)
-	if err != nil {
-		return nil, nil, nil, errors.Wrapf(err, "Could not read certFile '%s'", certFile)
-	}
-	// Parse certificate
-	parsedCa, err := helpers.ParseCertificatePEM(certBytes)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-	// Get the signer from the cert
-	key, cspSigner, err := GetSignerFromCert(parsedCa, csp)
-	return key, cspSigner, parsedCa, err
-}
-
 // BCCSPKeyRequestGenerate generates keys through BCCSP
 // somewhat mirroring to cfssl/req.KeyRequest.Generate()
 func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error) {
@@ -220,7 +113,7 @@ func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.C
 		return nil, nil, err
 	}
 
-	cspSigner, err := factory.NewCspsigner(myCSP, key)
+	cspSigner, err := factory.NewCspSigner(myCSP, key)
 	if err != nil {
 		return nil, nil, errors.WithMessage(err, "Failed initializing CryptoSigner")
 	}

internal/github.com/hyperledger/fabric/msp/mspimpl.go

@@ -97,13 +97,12 @@ type bccspmsp struct {
 // crypto provider. It handles x.509 certificates and can
 // generate identities and signing identities backed by
 // certificates and keypairs
-func NewBccspMsp(version MSPVersion) (MSP, error) {
+func NewBccspMsp(version MSPVersion, cryptoSuite apicryptosuite.CryptoSuite) (MSP, error) {
 	mspLogger.Debugf("Creating BCCSP-based MSP instance")
 
-	bccsp := factory.GetDefault()
 	theMsp := &bccspmsp{}
 	theMsp.version = version
-	theMsp.bccsp = bccsp
+	theMsp.bccsp = cryptoSuite
 	switch version {
 	case MSPv1_0:
 		theMsp.internalSetupFunc = theMsp.setupV1
@@ -185,7 +184,7 @@ func (msp *bccspmsp) getSigningIdentityFromConf(sidInfo *m.SigningIdentityInfo)
 	}
 
 	// get the peer signer
-	peerSigner, err := factory.NewCspsigner(msp.bccsp, privKey)
+	peerSigner, err := factory.NewCspSigner(msp.bccsp, privKey)
 	if err != nil {
 		return nil, errors.WithMessage(err, "getIdentityFromBytes error: Failed initializing bccspCryptoSigner")
 	}