diff --git a/api/apicryptosuite/cryptosuite.go b/api/apicryptosuite/cryptosuite.go index d1df4029d7..fd6122bddb 100644 --- a/api/apicryptosuite/cryptosuite.go +++ b/api/apicryptosuite/cryptosuite.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ /* -Notice: This file is a modified version of ‘third_party/github.com/hyperledger/fabric/bccsp/bccsp.go’ +Notice: This file is a modified version of ‘internal/github.com/hyperledger/fabric/bccsp/bccsp.go’ where interfaces and functions are removed to minimize for Hyperledger Fabric SDK Go usage. CryptoSuite interface defined in this file acts as a wrapper for diff --git a/def/fabapi/context/defprovider/org.go b/def/fabapi/context/defprovider/org.go index 03932250df..3b3e1c13cd 100644 --- a/def/fabapi/context/defprovider/org.go +++ b/def/fabapi/context/defprovider/org.go @@ -26,8 +26,8 @@ func NewOrgClientFactory() *OrgClientFactory { } // NewMSPClient returns a new default implmentation of the MSP client -func (f *OrgClientFactory) NewMSPClient(orgName string, config apiconfig.Config) (fabca.FabricCAClient, error) { - mspClient, err := fabricCAClient.NewFabricCAClient(config, orgName) +func (f *OrgClientFactory) NewMSPClient(orgName string, config apiconfig.Config, cryptoProvider apicryptosuite.CryptoSuite) (fabca.FabricCAClient, error) { + mspClient, err := fabricCAClient.NewFabricCAClient(orgName, config, cryptoProvider) if err != nil { return nil, errors.WithMessage(err, "NewFabricCAClient failed") } diff --git a/def/fabapi/context/defprovider/sdk.go b/def/fabapi/context/defprovider/sdk.go index d70b00281b..a3eeed5b4d 100644 --- a/def/fabapi/context/defprovider/sdk.go +++ b/def/fabapi/context/defprovider/sdk.go @@ -13,7 +13,8 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/def/fabapi/opt" configImpl "github.com/hyperledger/fabric-sdk-go/pkg/config" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" + cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" "github.com/hyperledger/fabric-sdk-go/pkg/errors" kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore" signingMgr "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/signingmgr" @@ -56,7 +57,12 @@ func (f *DefaultProviderFactory) NewStateStoreProvider(o opt.StateStoreOpts, con // NewCryptoSuiteProvider returns a new default implementation of BCCSP func (f *DefaultProviderFactory) NewCryptoSuiteProvider(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { - return cryptosuite.GetSuiteByConfig(config) + cryptoSuiteProvider, err := cryptosuiteimpl.GetSuiteByConfig(config) + //Setting this cryptosuite as a factory default too + if cryptoSuiteProvider != nil { + cryptosuite.SetDefault(cryptoSuiteProvider) + } + return cryptoSuiteProvider, err } // NewSigningManager returns a new default implementation of signing manager diff --git a/def/fabapi/context/provider.go b/def/fabapi/context/provider.go index c893d6681e..eae78bf63a 100644 --- a/def/fabapi/context/provider.go +++ b/def/fabapi/context/provider.go @@ -30,7 +30,7 @@ type SDKProviderFactory interface { // OrgClientFactory allows overriding default clients and providers of an organization // Currently, a context is created for each organization that the client app needs. type OrgClientFactory interface { - NewMSPClient(orgName string, config apiconfig.Config) (fabca.FabricCAClient, error) + NewMSPClient(orgName string, config apiconfig.Config, cryptoProvider apicryptosuite.CryptoSuite) (fabca.FabricCAClient, error) NewCredentialManager(orgName string, config apiconfig.Config, cryptoProvider apicryptosuite.CryptoSuite) (fab.CredentialManager, error) } diff --git a/def/fabapi/pkgfactory.go b/def/fabapi/pkgfactory.go index 991afae503..5c139b0566 100644 --- a/def/fabapi/pkgfactory.go +++ b/def/fabapi/pkgfactory.go @@ -186,8 +186,8 @@ func NewConfigManager(configFile string) (config.Config, error) { } // NewCAClient returns a new default implmentation of the MSP client -func NewCAClient(orgName string, config config.Config) (fabca.FabricCAClient, error) { - mspClient, err := fabricCAClient.NewFabricCAClient(config, orgName) +func NewCAClient(orgName string, config config.Config, cryptoSuite apicryptosuite.CryptoSuite) (fabca.FabricCAClient, error) { + mspClient, err := fabricCAClient.NewFabricCAClient(orgName, config, cryptoSuite) if err != nil { return nil, errors.WithMessage(err, "NewFabricCAClient failed") } diff --git a/internal/github.com/hyperledger/fabric-ca/lib/client.go b/internal/github.com/hyperledger/fabric-ca/lib/client.go index 79b6adbb35..93156d243f 100644 --- a/internal/github.com/hyperledger/fabric-ca/lib/client.go +++ b/internal/github.com/hyperledger/fabric-ca/lib/client.go @@ -94,11 +94,7 @@ func (c *Client) Init() error { if err != nil { return errors.Wrap(err, "Failed to create cacerts directory") } - // Initialize BCCSP (the crypto layer) - c.csp, err = util.InitBCCSP(&cfg.CSP, mspDir, c.HomeDir) - if err != nil { - return err - } + c.csp = cfg.CSP // Create http.Client object and associate it with this client err = c.initHTTPClient() if err != nil { diff --git a/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go b/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go index cea8b1d85c..d77e328c5b 100644 --- a/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go +++ b/internal/github.com/hyperledger/fabric-ca/lib/clientconfig.go @@ -21,9 +21,9 @@ Please review third_party pinning scripts and patches for more details. package lib import ( + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/tls" - factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" ) // ClientConfig is the fabric-ca client's config @@ -37,6 +37,6 @@ type ClientConfig struct { ID api.RegistrationRequest Revoke api.RevocationRequest CAInfo api.GetCAInfoRequest - CAName string `help:"Name of CA"` - CSP *factory.FactoryOpts `mapstructure:"bccsp"` + CAName string `help:"Name of CA"` + CSP apicryptosuite.CryptoSuite `mapstructure:"bccsp"` } diff --git a/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go index 677aa8b3ce..876e13e01f 100644 --- a/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +++ b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -18,9 +18,8 @@ import ( "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" ) const ( @@ -54,18 +53,9 @@ type FactoryOpts struct { *factory.FactoryOpts } -//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) -func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { - bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) - if err != nil { - return nil, err - } - return cryptosuite.GetSuite(bccsp), nil -} - -//InitFactories is a bridge for bccsp factory.InitFactories(config) -func InitFactories(config *FactoryOpts) error { - return factory.InitFactories(getFactoryOpts(config)) +// NewCspSigner is a bridge for bccsp signer.New call +func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { + return cspsigner.New(csp, key) } // PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() @@ -78,46 +68,9 @@ func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { return utils.PrivateKeyToDER(privateKey) } -// NewCspsigner is a bridge for bccsp signer.New call -func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { - return cspsigner.New(csp, key) -} - -//NewEmptySwOpts creates new empty bccsp factory.SwOpts -func NewSwOpts() *factory.SwOpts { - return &factory.SwOpts{} -} - -//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts -func NewFileKeystoreOpts() *factory.FileKeystoreOpts { - return &factory.FileKeystoreOpts{} -} - -//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default +//GetDefault returns default cryptosuite from bccsp factory default func GetDefault() apicryptosuite.CryptoSuite { - return cryptosuite.GetSuite(factory.GetDefault()) -} - -//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() -func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) { - return sw.SignatureToLowS(k, signature) -} - -//GetHashOpt is a bridge for bccsp util GetHashOpt -func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { - return bccsp.GetHashOpt(hashFunction) -} - -func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { - if config == nil { - return nil - } - return &factory.FactoryOpts{ - SwOpts: config.SwOpts, - ProviderName: config.ProviderName, - Pkcs11Opts: config.Pkcs11Opts, - PluginOpts: config.PluginOpts, - } + return cryptosuite.GetDefault() } //GetSHAOpts returns options for computing SHA. diff --git a/internal/github.com/hyperledger/fabric-ca/util/csp.go b/internal/github.com/hyperledger/fabric-ca/util/csp.go index 5b498aab96..f13d82f4dd 100644 --- a/internal/github.com/hyperledger/fabric-ca/util/csp.go +++ b/internal/github.com/hyperledger/fabric-ca/util/csp.go @@ -29,106 +29,16 @@ import ( "encoding/pem" "fmt" "io/ioutil" - "path" "strings" "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/pkg/errors" "github.com/cloudflare/cfssl/csr" - "github.com/cloudflare/cfssl/helpers" factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" log "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/logbridge" ) -// InitBCCSP initializes BCCSP -func InitBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) (apicryptosuite.CryptoSuite, error) { - err := ConfigureBCCSP(optsPtr, mspDir, homeDir) - if err != nil { - return nil, err - } - csp, err := GetBCCSP(*optsPtr, homeDir) - if err != nil { - return nil, err - } - return csp, nil -} - -// ConfigureBCCSP configures BCCSP, using -func ConfigureBCCSP(optsPtr **factory.FactoryOpts, mspDir, homeDir string) error { - var err error - if optsPtr == nil { - return errors.New("nil argument not allowed") - } - opts := *optsPtr - if opts == nil { - opts = &factory.FactoryOpts{} - } - if opts.ProviderName == "" { - opts.ProviderName = "SW" - } - if strings.ToUpper(opts.ProviderName) == "SW" { - if opts.SwOpts == nil { - opts.SwOpts = factory.NewSwOpts() - } - if opts.SwOpts.HashFamily == "" { - opts.SwOpts.HashFamily = "SHA2" - } - if opts.SwOpts.SecLevel == 0 { - opts.SwOpts.SecLevel = 256 - } - if opts.SwOpts.FileKeystore == nil { - opts.SwOpts.FileKeystore = factory.NewFileKeystoreOpts() - } - // The mspDir overrides the KeyStorePath; otherwise, if not set, set default - if mspDir != "" { - opts.SwOpts.FileKeystore.KeyStorePath = path.Join(mspDir, "keystore") - } else if opts.SwOpts.FileKeystore.KeyStorePath == "" { - opts.SwOpts.FileKeystore.KeyStorePath = path.Join("msp", "keystore") - } - } - err = makeFileNamesAbsolute(opts, homeDir) - if err != nil { - return errors.WithMessage(err, "Failed to make BCCSP files absolute") - } - log.Debugf("Initializing BCCSP: %+v", opts) - if opts.SwOpts != nil { - log.Debugf("Initializing BCCSP with software options %+v", opts.SwOpts) - } - if opts.Pkcs11Opts != nil { - log.Debugf("Initializing BCCSP with PKCS11 options %+v", opts.Pkcs11Opts) - } - // Init the BCCSP factories - err = factory.InitFactories(opts) - if err != nil { - return errors.WithMessage(err, "Failed to initialize BCCSP Factories") - } - *optsPtr = opts - return nil -} - -// GetBCCSP returns BCCSP -func GetBCCSP(opts *factory.FactoryOpts, homeDir string) (apicryptosuite.CryptoSuite, error) { - - // Get BCCSP from the opts - csp, err := factory.GetBCCSPFromOpts(opts) - if err != nil { - return nil, errors.WithMessage(err, "Failed to get BCCSP with opts") - } - return csp, nil -} - -// makeFileNamesAbsolute makes all relative file names associated with CSP absolute, -// relative to 'homeDir'. -func makeFileNamesAbsolute(opts *factory.FactoryOpts, homeDir string) error { - var err error - if opts != nil && opts.SwOpts != nil && opts.SwOpts.FileKeystore != nil { - fks := opts.SwOpts.FileKeystore - fks.KeyStorePath, err = MakeFileAbs(fks.KeyStorePath, homeDir) - } - return err -} - // getBCCSPKeyOpts generates a key as specified in the request. // This supports ECDSA and RSA. func getBCCSPKeyOpts(kr csr.KeyRequest, ephemeral bool) (opts apicryptosuite.KeyGenOpts, err error) { @@ -183,30 +93,13 @@ func GetSignerFromCert(cert *x509.Certificate, csp apicryptosuite.CryptoSuite) ( return nil, nil, errors.WithMessage(err, "Could not find matching private key for SKI") } // Construct and initialize the signer - signer, err := factory.NewCspsigner(csp, privateKey) + signer, err := factory.NewCspSigner(csp, privateKey) if err != nil { return nil, nil, errors.WithMessage(err, "Failed to load ski from bccsp") } return privateKey, signer, nil } -// GetSignerFromCertFile load skiFile and load private key represented by ski and return bccsp signer that conforms to crypto.Signer -func GetSignerFromCertFile(certFile string, csp apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, *x509.Certificate, error) { - // Load cert file - certBytes, err := ioutil.ReadFile(certFile) - if err != nil { - return nil, nil, nil, errors.Wrapf(err, "Could not read certFile '%s'", certFile) - } - // Parse certificate - parsedCa, err := helpers.ParseCertificatePEM(certBytes) - if err != nil { - return nil, nil, nil, err - } - // Get the signer from the cert - key, cspSigner, err := GetSignerFromCert(parsedCa, csp) - return key, cspSigner, parsedCa, err -} - // BCCSPKeyRequestGenerate generates keys through BCCSP // somewhat mirroring to cfssl/req.KeyRequest.Generate() func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error) { @@ -220,7 +113,7 @@ func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.C return nil, nil, err } - cspSigner, err := factory.NewCspsigner(myCSP, key) + cspSigner, err := factory.NewCspSigner(myCSP, key) if err != nil { return nil, nil, errors.WithMessage(err, "Failed initializing CryptoSigner") } diff --git a/internal/github.com/hyperledger/fabric/msp/mspimpl.go b/internal/github.com/hyperledger/fabric/msp/mspimpl.go index 654025241b..921ead7c4a 100644 --- a/internal/github.com/hyperledger/fabric/msp/mspimpl.go +++ b/internal/github.com/hyperledger/fabric/msp/mspimpl.go @@ -97,13 +97,12 @@ type bccspmsp struct { // crypto provider. It handles x.509 certificates and can // generate identities and signing identities backed by // certificates and keypairs -func NewBccspMsp(version MSPVersion) (MSP, error) { +func NewBccspMsp(version MSPVersion, cryptoSuite apicryptosuite.CryptoSuite) (MSP, error) { mspLogger.Debugf("Creating BCCSP-based MSP instance") - bccsp := factory.GetDefault() theMsp := &bccspmsp{} theMsp.version = version - theMsp.bccsp = bccsp + theMsp.bccsp = cryptoSuite switch version { case MSPv1_0: theMsp.internalSetupFunc = theMsp.setupV1 @@ -185,7 +184,7 @@ func (msp *bccspmsp) getSigningIdentityFromConf(sidInfo *m.SigningIdentityInfo) } // get the peer signer - peerSigner, err := factory.NewCspsigner(msp.bccsp, privKey) + peerSigner, err := factory.NewCspSigner(msp.bccsp, privKey) if err != nil { return nil, errors.WithMessage(err, "getIdentityFromBytes error: Failed initializing bccspCryptoSigner") } diff --git a/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go index 677aa8b3ce..cd9c4bbf34 100644 --- a/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +++ b/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -19,8 +19,7 @@ import ( "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" ) const ( @@ -54,48 +53,14 @@ type FactoryOpts struct { *factory.FactoryOpts } -//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) -func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { - bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) - if err != nil { - return nil, err - } - return cryptosuite.GetSuite(bccsp), nil -} - -//InitFactories is a bridge for bccsp factory.InitFactories(config) -func InitFactories(config *FactoryOpts) error { - return factory.InitFactories(getFactoryOpts(config)) -} - -// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() -func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) { - return utils.PEMtoPrivateKey(raw, pwd) -} - -// PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER -func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { - return utils.PrivateKeyToDER(privateKey) -} - -// NewCspsigner is a bridge for bccsp signer.New call -func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { +// NewCspSigner is a bridge for bccsp signer.New call +func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { return cspsigner.New(csp, key) } -//NewEmptySwOpts creates new empty bccsp factory.SwOpts -func NewSwOpts() *factory.SwOpts { - return &factory.SwOpts{} -} - -//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts -func NewFileKeystoreOpts() *factory.FileKeystoreOpts { - return &factory.FileKeystoreOpts{} -} - //GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default func GetDefault() apicryptosuite.CryptoSuite { - return cryptosuite.GetSuite(factory.GetDefault()) + return cryptosuite.GetDefault() } //SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() @@ -108,18 +73,6 @@ func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { return bccsp.GetHashOpt(hashFunction) } -func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { - if config == nil { - return nil - } - return &factory.FactoryOpts{ - SwOpts: config.SwOpts, - ProviderName: config.ProviderName, - Pkcs11Opts: config.Pkcs11Opts, - PluginOpts: config.PluginOpts, - } -} - //GetSHAOpts returns options for computing SHA. func GetSHAOpts() apicryptosuite.HashOpts { return &bccsp.SHAOpts{} diff --git a/pkg/cryptosuite/bccsp/cryptosuite.go b/pkg/cryptosuite/bccsp/cryptosuiteimpl.go similarity index 100% rename from pkg/cryptosuite/bccsp/cryptosuite.go rename to pkg/cryptosuite/bccsp/cryptosuiteimpl.go diff --git a/pkg/cryptosuite/bccsp/cryptosuite_test.go b/pkg/cryptosuite/bccsp/cryptosuiteimpl_test.go similarity index 84% rename from pkg/cryptosuite/bccsp/cryptosuite_test.go rename to pkg/cryptosuite/bccsp/cryptosuiteimpl_test.go index 28b16c7984..f85801e2c0 100644 --- a/pkg/cryptosuite/bccsp/cryptosuite_test.go +++ b/pkg/cryptosuite/bccsp/cryptosuiteimpl_test.go @@ -127,6 +127,63 @@ func TestCryptoSuiteByConfigFailures(t *testing.T) { } +// TestCreateInvalidBCCSPSecurityLevel will test cryptsuite creation with invalid BCCSP options +func TestCreateInvalidBCCSPSecurityLevel(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + + mockConfig.EXPECT().SecurityProvider().Return("SW") + mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") + mockConfig.EXPECT().SecurityLevel().Return(100) + mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") + mockConfig.EXPECT().Ephemeral().Return(false) + + _, err := GetSuiteByConfig(mockConfig) + if !strings.Contains(err.Error(), "Security level not supported [100]") { + t.Fatalf("Expected invalid security level error, but got %v", err.Error()) + } + +} + +// TestCreateInvalidBCCSPHashFamily will test cryptsuite creation with bad HashFamily +func TestCreateInvalidBCCSPHashFamily(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + + mockConfig.EXPECT().SecurityProvider().Return("SW") + mockConfig.EXPECT().SecurityAlgorithm().Return("ABC") + mockConfig.EXPECT().SecurityLevel().Return(256) + mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") + mockConfig.EXPECT().Ephemeral().Return(false) + + _, err := GetSuiteByConfig(mockConfig) + if !strings.Contains(err.Error(), "Hash Family not supported [ABC]") { + t.Fatalf("Expected invalid hash family error, but got %v", err.Error()) + } +} + +// TestCreateInvalidSecurityProviderPanic will test cryptsuite creation with bad HashFamily +func TestCreateInvalidSecurityProviderPanic(t *testing.T) { + + defer func() { + if r := recover(); r == nil { + t.Errorf("was supposed to panic") + } + }() + + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + + mockConfig.EXPECT().SecurityProvider().Return("XYZ") + mockConfig.EXPECT().SecurityProvider().Return("XYZ") + + GetSuiteByConfig(mockConfig) + t.Fatalf("Getting cryptosuite with invalid security provider supposed to panic") +} + func verifyCryptoSuite(t *testing.T, samplecryptoSuite apicryptosuite.CryptoSuite) { //Test cryptosuite.Sign signedBytes, err := samplecryptoSuite.Sign(GetKey(getMockKey(signingKey)), nil, nil) diff --git a/pkg/cryptosuite/cryptosuite.go b/pkg/cryptosuite/cryptosuite.go new file mode 100644 index 0000000000..39ab371dac --- /dev/null +++ b/pkg/cryptosuite/cryptosuite.go @@ -0,0 +1,74 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package cryptosuite + +import ( + "sync/atomic" + + "errors" + + "sync" + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/pkg/logging" +) + +var logger = logging.NewLogger("fabric_sdk_go") + +var initOnce sync.Once +var defaultCryptoSuite apicryptosuite.CryptoSuite +var initialized int32 + +func initSuite(defaultSuite apicryptosuite.CryptoSuite) error { + if defaultSuite == nil { + return errors.New("attempting to set invalid default suite") + } + initOnce.Do(func() { + defaultCryptoSuite = defaultSuite + atomic.StoreInt32(&initialized, 1) + }) + return nil +} + +//GetDefault returns default apicryptosuite +func GetDefault() apicryptosuite.CryptoSuite { + if atomic.LoadInt32(&initialized) > 0 { + return defaultCryptoSuite + } + //Set default suite + logger.Info("No default cryptosuite found, using bccsp factory default implementation") + initSuite(cryptosuiteimpl.GetSuite(factory.GetDefault())) + return defaultCryptoSuite +} + +//SetDefault sets default suite if one is not already set or created +//Make sure you set default suite before very first call to GetDefault(), +//otherwise this function will return an error +func SetDefault(newDefaultSuite apicryptosuite.CryptoSuite) error { + if atomic.LoadInt32(&initialized) > 0 { + return errors.New("default crypto suite is already set") + } + return initSuite(newDefaultSuite) +} + +//GetSHA256Opts returns options relating to SHA-256. +func GetSHA256Opts() apicryptosuite.HashOpts { + return &bccsp.SHA256Opts{} +} + +//GetSHAOpts returns options for computing SHA. +func GetSHAOpts() apicryptosuite.HashOpts { + return &bccsp.SHAOpts{} +} + +//GetECDSAP256KeyGenOpts returns options for ECDSA key generation with curve P-256. +func GetECDSAP256KeyGenOpts(ephemeral bool) apicryptosuite.KeyGenOpts { + return &bccsp.ECDSAP256KeyGenOpts{Temporary: ephemeral} +} diff --git a/pkg/cryptosuite/cryptosuite_test.go b/pkg/cryptosuite/cryptosuite_test.go new file mode 100644 index 0000000000..f94720e2fe --- /dev/null +++ b/pkg/cryptosuite/cryptosuite_test.go @@ -0,0 +1,110 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package cryptosuite + +import ( + "os" + "testing" + + "sync/atomic" + + "github.com/hyperledger/fabric-sdk-go/pkg/logging" + "github.com/hyperledger/fabric-sdk-go/pkg/logging/deflogger" + "github.com/hyperledger/fabric-sdk-go/pkg/logging/utils" + + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" +) + +const ( + shaHashOptsAlgorithm = "SHA" + sha256HashOptsAlgorithm = "SHA256" + ecdsap256KeyGenOpts = "ECDSAP256" + setDefAlreadySetErrorMsg = "default crypto suite is already set" + InvalidDefSuiteSetErrorMsg = "attempting to set invalid default suite" +) + +// TestMain Load testing config +func TestMain(m *testing.M) { + if !logging.IsLoggerInitialized() { + logging.InitLogger(deflogger.GetLoggingProvider()) + } + + os.Exit(m.Run()) +} + +func TestGetDefault(t *testing.T) { + + //At the beginning default suite is nil if no attempts have been made to set or get one + utils.VerifyEmpty(t, defaultCryptoSuite, "default suite should be nil if no attempts have been made to set or get one") + + //Now try to get default, it will create one and return + defSuite := GetDefault() + utils.VerifyNotEmpty(t, defSuite, "Not supposed to be nil defaultCryptSuite") + utils.VerifyNotEmpty(t, defaultCryptoSuite, "default suite should have been initialized") + utils.VerifyTrue(t, atomic.LoadInt32(&initialized) > 0, "'initialized' flag supposed to be set to 1") + + hashbytes, err := defSuite.Hash([]byte("Sample message"), GetSHAOpts()) + utils.VerifyEmpty(t, err, "Not supposed to get error on defaultCryptSuite.Hash() call : %s", err) + utils.VerifyNotEmpty(t, hashbytes, "Supposed to get valid hash from defaultCryptSuite.Hash()") + + //Now try to get default, which is already created + defSuite = GetDefault() + utils.VerifyNotEmpty(t, defSuite, "Not supposed to be nil defaultCryptSuite") + utils.VerifyNotEmpty(t, defaultCryptoSuite, "default suite should have been initialized") + utils.VerifyTrue(t, atomic.LoadInt32(&initialized) > 0, "'initialized' flag supposed to be set to 1") + + hashbytes, err = defSuite.Hash([]byte("Sample message"), GetSHAOpts()) + utils.VerifyEmpty(t, err, "Not supposed to get error on defaultCryptSuite.Hash() call : %s", err) + utils.VerifyNotEmpty(t, hashbytes, "Supposed to get valid hash from defaultCryptSuite.Hash()") + + //Now attempt to set default suite + err = SetDefault(nil) + utils.VerifyNotEmpty(t, err, "supposed to get error when SetDefault() gets called after GetDefault()") + utils.VerifyTrue(t, err.Error() == setDefAlreadySetErrorMsg, "unexpected error : expected [%s], got [%s]", setDefAlreadySetErrorMsg, err.Error()) + + //Reset + defaultCryptoSuite = nil + atomic.StoreInt32(&initialized, 0) + + //Now attempt to set invalid default suite + err = SetDefault(nil) + utils.VerifyNotEmpty(t, err, "supposed to get error when invalid default suite is set") + utils.VerifyTrue(t, err.Error() == InvalidDefSuiteSetErrorMsg, "unexpected error : expected [%s], got [%s]", InvalidDefSuiteSetErrorMsg, err.Error()) + + err = SetDefault(cryptosuiteimpl.GetSuite(factory.GetDefault())) + utils.VerifyEmpty(t, err, "Not supposed to get error when valid default suite is set") + +} + +func TestHashOpts(t *testing.T) { + + //Get CryptoSuite SHA Opts + hashOpts := GetSHAOpts() + utils.VerifyNotEmpty(t, hashOpts, "Not supposed to be empty shaHashOpts") + utils.VerifyTrue(t, hashOpts.Algorithm() == shaHashOptsAlgorithm, "Unexpected SHA hash opts, expected [%s], got [%s]", shaHashOptsAlgorithm, hashOpts.Algorithm()) + + //Get CryptoSuite SHA256 Opts + hashOpts = GetSHA256Opts() + utils.VerifyNotEmpty(t, hashOpts, "Not supposed to be empty sha256HashOpts") + utils.VerifyTrue(t, hashOpts.Algorithm() == sha256HashOptsAlgorithm, "Unexpected SHA hash opts, expected [%v], got [%v]", sha256HashOptsAlgorithm, hashOpts.Algorithm()) + +} + +func TestKeyGenOpts(t *testing.T) { + + keygenOpts := GetECDSAP256KeyGenOpts(true) + utils.VerifyNotEmpty(t, keygenOpts, "Not supposed to be empty ECDSAP256KeyGenOpts") + utils.VerifyTrue(t, keygenOpts.Ephemeral(), "Expected keygenOpts.Ephemeral() ==> true") + utils.VerifyTrue(t, keygenOpts.Algorithm() == ecdsap256KeyGenOpts, "Unexpected SHA hash opts, expected [%v], got [%v]", ecdsap256KeyGenOpts, keygenOpts.Algorithm()) + + keygenOpts = GetECDSAP256KeyGenOpts(false) + utils.VerifyNotEmpty(t, keygenOpts, "Not supposed to be empty ECDSAP256KeyGenOpts") + utils.VerifyFalse(t, keygenOpts.Ephemeral(), "Expected keygenOpts.Ephemeral() ==> false") + utils.VerifyTrue(t, keygenOpts.Algorithm() == ecdsap256KeyGenOpts, "Unexpected SHA hash opts, expected [%v], got [%v]", ecdsap256KeyGenOpts, keygenOpts.Algorithm()) + +} diff --git a/pkg/fabric-ca-client/fabricca.go b/pkg/fabric-ca-client/fabricca.go index c726f0f019..82c1715519 100644 --- a/pkg/fabric-ca-client/fabricca.go +++ b/pkg/fabric-ca-client/fabricca.go @@ -17,8 +17,6 @@ import ( "github.com/hyperledger/fabric-sdk-go/pkg/logging" "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ) var logger = logging.NewLogger("fabric_sdk_go") @@ -29,13 +27,13 @@ type FabricCA struct { } // NewFabricCAClient creates a new fabric-ca client -// @param {api.Config} client config for fabric-ca services // @param {string} organization for this CA +// @param {api.Config} client config for fabric-ca services // @returns {api.FabricCAClient} FabricCAClient implementation // @returns {error} error, if any -func NewFabricCAClient(config config.Config, org string) (*FabricCA, error) { - if org == "" || config == nil { - return nil, errors.New("organization and config are required to load CA config") +func NewFabricCAClient(org string, config config.Config, cryptoSuite apicryptosuite.CryptoSuite) (*FabricCA, error) { + if org == "" || config == nil || cryptoSuite == nil { + return nil, errors.New("organization, config and cryptoSuite are required to load CA config") } // Create new Fabric-ca client without configs @@ -84,8 +82,7 @@ func NewFabricCAClient(config config.Config, org string) (*FabricCA, error) { c.Config.MSPDir = config.CAKeyStorePath() //Factory opts - opts := cryptosuite.GetOptsByConfig(config) - c.Config.CSP = &factory.FactoryOpts{opts} + c.Config.CSP = cryptoSuite fabricCAClient := FabricCA{fabricCAClient: c} diff --git a/pkg/fabric-ca-client/fabricca_test.go b/pkg/fabric-ca-client/fabricca_test.go index d2223cf517..0197846d5f 100644 --- a/pkg/fabric-ca-client/fabricca_test.go +++ b/pkg/fabric-ca-client/fabricca_test.go @@ -20,14 +20,16 @@ import ( config "github.com/hyperledger/fabric-sdk-go/api/apiconfig" ca "github.com/hyperledger/fabric-sdk-go/api/apifabca" - factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" + cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client/mocks" "github.com/hyperledger/fabric-sdk-go/pkg/logging" "github.com/hyperledger/fabric-sdk-go/pkg/logging/deflogger" ) var configImp config.Config +var cryptoSuiteProvider apicryptosuite.CryptoSuite var org1 = "peerorg1" var caServerURL = "http://localhost:8090" var wrongCAServerURL = "http://localhost:8091" @@ -38,6 +40,10 @@ func TestMain(m *testing.M) { logging.InitLogger(deflogger.GetLoggingProvider()) } configImp = mocks.NewMockConfig(caServerURL) + cryptoSuiteProvider, _ = cryptosuiteimpl.GetSuiteByConfig(configImp) + if cryptoSuiteProvider == nil { + panic("Failed initialize cryptoSuiteProvider") + } // Start Http Server go mocks.StartFabricCAMockServer(strings.TrimPrefix(caServerURL, "http://")) // Allow HTTP server to start @@ -48,7 +54,7 @@ func TestMain(m *testing.M) { // TestEnroll will test multiple enrol scenarios func TestEnroll(t *testing.T) { - fabricCAClient, err := NewFabricCAClient(configImp, org1) + fabricCAClient, err := NewFabricCAClient(org1, configImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient return error: %v", err) } @@ -72,7 +78,7 @@ func TestEnroll(t *testing.T) { } wrongConfigImp := mocks.NewMockConfig(wrongCAServerURL) - fabricCAClient, err = NewFabricCAClient(wrongConfigImp, org1) + fabricCAClient, err = NewFabricCAClient(org1, wrongConfigImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient return error: %v", err) } @@ -89,7 +95,7 @@ func TestEnroll(t *testing.T) { // TestRegister tests multiple scenarios of registering a test (mocked or nil user) and their certs func TestRegister(t *testing.T) { - fabricCAClient, err := NewFabricCAClient(configImp, org1) + fabricCAClient, err := NewFabricCAClient(org1, configImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient returned error: %v", err) } @@ -121,7 +127,7 @@ func TestRegister(t *testing.T) { } user.SetEnrollmentCertificate(readCert(t)) - key, err := factory.GetDefault().KeyGen(factory.GetECDSAP256KeyGenOpts(true)) + key, err := cryptosuite.GetDefault().KeyGen(cryptosuite.GetECDSAP256KeyGenOpts(true)) if err != nil { t.Fatalf("KeyGen return error %v", err) } @@ -149,11 +155,16 @@ func TestRegister(t *testing.T) { // TestRevoke will test multiple revoking a user with a nil request or a nil user func TestRevoke(t *testing.T) { - fabricCAClient, err := NewFabricCAClient(configImp, org1) + cryptoSuiteProvider, err := cryptosuiteimpl.GetSuiteByConfig(configImp) + if err != nil { + t.Fatalf("cryptosuite.GetSuiteByConfig returned error: %v", err) + } + + fabricCAClient, err := NewFabricCAClient(org1, configImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient returned error: %v", err) } - mockKey := cryptosuite.GetKey(&mocks.MockKey{}) + mockKey := cryptosuiteimpl.GetKey(&mocks.MockKey{}) user := mocks.NewMockUser("test") // Revoke with nil request err = fabricCAClient.Revoke(user, nil) @@ -182,7 +193,7 @@ func TestRevoke(t *testing.T) { // TestReenroll will test multiple scenarios of re enrolling a user func TestReenroll(t *testing.T) { - fabricCAClient, err := NewFabricCAClient(configImp, org1) + fabricCAClient, err := NewFabricCAClient(org1, configImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient returned error: %v", err) } @@ -214,7 +225,7 @@ func TestReenroll(t *testing.T) { } // Reenroll with appropriate user user.SetEnrollmentCertificate(readCert(t)) - key, err := factory.GetDefault().KeyGen(factory.GetECDSAP256KeyGenOpts(true)) + key, err := cryptosuite.GetDefault().KeyGen(cryptosuite.GetECDSAP256KeyGenOpts(true)) if err != nil { t.Fatalf("KeyGen return error %v", err) } @@ -226,7 +237,7 @@ func TestReenroll(t *testing.T) { // Reenroll with wrong fabric-ca server url wrongConfigImp := mocks.NewMockConfig(wrongCAServerURL) - fabricCAClient, err = NewFabricCAClient(wrongConfigImp, org1) + fabricCAClient, err = NewFabricCAClient(org1, wrongConfigImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient return error: %v", err) } @@ -241,7 +252,7 @@ func TestReenroll(t *testing.T) { // TestGetCAName will test the CAName is properly created once a new FabricCAClient is created func TestGetCAName(t *testing.T) { - fabricCAClient, err := NewFabricCAClient(configImp, org1) + fabricCAClient, err := NewFabricCAClient(org1, configImp, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient returned error: %v", err) } @@ -252,14 +263,19 @@ func TestGetCAName(t *testing.T) { // TestCreateNewFabricCAClientOrgAndConfigMissingFailure tests for newFabricCA Client creation with a missing Config and Org func TestCreateNewFabricCAClientOrgAndConfigMissingFailure(t *testing.T) { - _, err := NewFabricCAClient(configImp, "") - if err.Error() != "organization and config are required to load CA config" { + _, err := NewFabricCAClient("", configImp, cryptoSuiteProvider) + if err.Error() != "organization, config and cryptoSuite are required to load CA config" { t.Fatalf("Expected error without oganization information. Got: %s", err.Error()) } - _, err = NewFabricCAClient(nil, org1) - if err.Error() != "organization and config are required to load CA config" { + _, err = NewFabricCAClient(org1, nil, cryptoSuiteProvider) + if err.Error() != "organization, config and cryptoSuite are required to load CA config" { t.Fatalf("Expected error without config information. Got: %s", err.Error()) } + + _, err = NewFabricCAClient(org1, configImp, nil) + if err.Error() != "organization, config and cryptoSuite are required to load CA config" { + t.Fatalf("Expected error without cryptosuite information. Got: %s", err.Error()) + } } // TestCreateNewFabricCAClientCAConfigMissingFailure will test newFabricCA Client creation with with CAConfig @@ -270,7 +286,7 @@ func TestCreateNewFabricCAClientCAConfigMissingFailure(t *testing.T) { mockConfig.EXPECT().CAConfig(org1).Return(nil, errors.New("CAConfig error")) - _, err := NewFabricCAClient(mockConfig, org1) + _, err := NewFabricCAClient(org1, mockConfig, cryptoSuiteProvider) if err.Error() != "CAConfig error" { t.Fatalf("Expected error from CAConfig. Got: %s", err.Error()) } @@ -283,7 +299,7 @@ func TestCreateNewFabricCAClientCertFilesMissingFailure(t *testing.T) { mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) mockConfig.EXPECT().CAConfig(org1).Return(&config.CAConfig{URL: ""}, nil) mockConfig.EXPECT().CAServerCertFiles(org1).Return(nil, errors.New("CAServerCertFiles error")) - _, err := NewFabricCAClient(mockConfig, org1) + _, err := NewFabricCAClient(org1, mockConfig, cryptoSuiteProvider) if err.Error() != "CAServerCertFiles error" { t.Fatalf("Expected error from CAServerCertFiles. Got: %s", err.Error()) } @@ -297,7 +313,7 @@ func TestCreateNewFabricCAClientCertFileErrorFailure(t *testing.T) { mockConfig.EXPECT().CAConfig(org1).Return(&config.CAConfig{URL: ""}, nil) mockConfig.EXPECT().CAServerCertFiles(org1).Return([]string{"test"}, nil) mockConfig.EXPECT().CAClientCertFile(org1).Return("", errors.New("CAClientCertFile error")) - _, err := NewFabricCAClient(mockConfig, org1) + _, err := NewFabricCAClient(org1, mockConfig, cryptoSuiteProvider) if err.Error() != "CAClientCertFile error" { t.Fatalf("Expected error from CAClientCertFile. Got: %s", err.Error()) } @@ -312,60 +328,12 @@ func TestCreateNewFabricCAClientKeyFileErrorFailure(t *testing.T) { mockConfig.EXPECT().CAServerCertFiles(org1).Return([]string{"test"}, nil) mockConfig.EXPECT().CAClientCertFile(org1).Return("", nil) mockConfig.EXPECT().CAClientKeyFile(org1).Return("", errors.New("CAClientKeyFile error")) - _, err := NewFabricCAClient(mockConfig, org1) + _, err := NewFabricCAClient(org1, mockConfig, cryptoSuiteProvider) if err.Error() != "CAClientKeyFile error" { t.Fatalf("Expected error from CAClientKeyFile. Got: %s", err.Error()) } } -// TestCreateInvalidBCCSPSecurityLevelForNewFabricClient will test newFabricCA Client creation with invalid BCCSP options -func TestCreateInvalidBCCSPSecurityLevelForNewFabricClient(t *testing.T) { - mockCtrl := gomock.NewController(t) - defer mockCtrl.Finish() - mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) - clientMockObject := &config.ClientConfig{Organization: "org1", Logging: config.LoggingType{Level: "info"}, CryptoConfig: config.CCType{Path: "test/path"}} - - mockConfig.EXPECT().CAConfig(org1).Return(&config.CAConfig{}, nil) - mockConfig.EXPECT().CAServerCertFiles(org1).Return([]string{"test"}, nil) - mockConfig.EXPECT().CAClientCertFile(org1).Return("", nil) - mockConfig.EXPECT().CAClientKeyFile(org1).Return("", nil) - mockConfig.EXPECT().CAKeyStorePath().Return(os.TempDir()) - mockConfig.EXPECT().SecurityProvider().Return("SW") - mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") - mockConfig.EXPECT().SecurityLevel().Return(100) - mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") - mockConfig.EXPECT().Ephemeral().Return(false) - mockConfig.EXPECT().Client().Return(clientMockObject, nil) - client, err := NewFabricCAClient(mockConfig, org1) - if !strings.Contains(err.Error(), "init failed") { - t.Fatalf("Expected error from client %v init. Got: %s", client, err.Error()) - } -} - -// TestCreateInvalidBCCSPHashFamilyForNewFabricClient will test newFabricCA Client creation with bad HashFamily -func TestCreateInvalidBCCSPHashFamilyForNewFabricClient(t *testing.T) { - mockCtrl := gomock.NewController(t) - defer mockCtrl.Finish() - mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) - clientMockObject := &config.ClientConfig{Organization: "org1", Logging: config.LoggingType{Level: "info"}, CryptoConfig: config.CCType{Path: "test/path"}} - - mockConfig.EXPECT().CAConfig(org1).Return(&config.CAConfig{}, nil) - mockConfig.EXPECT().CAServerCertFiles(org1).Return([]string{"test"}, nil) - mockConfig.EXPECT().CAClientCertFile(org1).Return("", nil) - mockConfig.EXPECT().CAClientKeyFile(org1).Return("", nil) - mockConfig.EXPECT().CAKeyStorePath().Return(os.TempDir()) - mockConfig.EXPECT().Client().Return(clientMockObject, nil) - mockConfig.EXPECT().SecurityProvider().Return("SW") - mockConfig.EXPECT().SecurityAlgorithm().Return("ABC") - mockConfig.EXPECT().SecurityLevel().Return(256) - mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") - mockConfig.EXPECT().Ephemeral().Return(false) - client, err := NewFabricCAClient(mockConfig, org1) - if !strings.Contains(err.Error(), "init failed") { - t.Fatalf("Expected error init failed. Got: %s (client %v)", err.Error(), client) - } -} - // TestCreateValidBCCSPOptsForNewFabricClient test newFabricCA Client creation with valid inputs, successful scenario func TestCreateValidBCCSPOptsForNewFabricClient(t *testing.T) { mockCtrl := gomock.NewController(t) @@ -384,7 +352,14 @@ func TestCreateValidBCCSPOptsForNewFabricClient(t *testing.T) { mockConfig.EXPECT().SecurityLevel().Return(256) mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") mockConfig.EXPECT().Ephemeral().Return(false) - _, err := NewFabricCAClient(mockConfig, org1) + + newCryptosuiteProvider, err := cryptosuiteimpl.GetSuiteByConfig(mockConfig) + + if err != nil { + t.Fatalf("Expected fabric client ryptosuite to be created with SW BCCS provider, but got %v", err.Error()) + } + + _, err = NewFabricCAClient(org1, mockConfig, newCryptosuiteProvider) if err != nil { t.Fatalf("Expected fabric client to be created with SW BCCS provider, but got %v", err.Error()) } diff --git a/pkg/fabric-client/channel/channel.go b/pkg/fabric-client/channel/channel.go index fb4251008a..d7a1b613cf 100644 --- a/pkg/fabric-client/channel/channel.go +++ b/pkg/fabric-client/channel/channel.go @@ -11,6 +11,7 @@ import ( fab "github.com/hyperledger/fabric-sdk-go/api/apifabclient" "github.com/hyperledger/fabric-sdk-go/api/apitxn" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/msp" "github.com/hyperledger/fabric-sdk-go/pkg/errors" "github.com/hyperledger/fabric-sdk-go/pkg/logging" @@ -37,6 +38,7 @@ type ClientContext interface { SigningManager() fab.SigningManager NewTxnID() (apitxn.TransactionID, error) Config() config.Config + CryptoSuite() apicryptosuite.CryptoSuite } // NewChannel represents a channel in a Fabric network. diff --git a/pkg/fabric-client/channel/config.go b/pkg/fabric-client/channel/config.go index f6a13e17b1..d9d7869b80 100644 --- a/pkg/fabric-client/channel/config.go +++ b/pkg/fabric-client/channel/config.go @@ -215,7 +215,7 @@ func (c *Channel) loadMSPs(mspConfigs []*mb.MSPConfig) ([]msp.MSP, error) { // TODO: Do something with orgs // TODO: Configure MSP version (rather than MSP 1.0) - newMSP, err := msp.NewBccspMsp(msp.MSPv1_0) + newMSP, err := msp.NewBccspMsp(msp.MSPv1_0, c.clientContext.CryptoSuite()) if err != nil { return nil, errors.Wrap(err, "instantiate MSP failed") } diff --git a/pkg/fabric-client/client_test.go b/pkg/fabric-client/client_test.go index 448959cf0a..fed700a9f9 100644 --- a/pkg/fabric-client/client_test.go +++ b/pkg/fabric-client/client_test.go @@ -14,7 +14,9 @@ import ( "time" fab "github.com/hyperledger/fabric-sdk-go/api/apifabclient" - factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/identity" kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore" mocks "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/mocks" @@ -32,7 +34,7 @@ func TestClientMethods(t *testing.T) { t.Fatalf("Failed getting ephemeral software-based BCCSP [%s]", err) } - client.SetCryptoSuite(factory.GetDefault()) + client.SetCryptoSuite(cryptosuite.GetDefault()) if client.CryptoSuite() == nil { t.Fatalf("Client CryptoSuite should not be nil after setCryptoSuite") } diff --git a/pkg/fabric-client/events/eventmocks.go b/pkg/fabric-client/events/eventmocks.go index 716635f843..98f60890fa 100644 --- a/pkg/fabric-client/events/eventmocks.go +++ b/pkg/fabric-client/events/eventmocks.go @@ -18,7 +18,7 @@ import ( ledger_util "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/core/ledger/util" fcConsumer "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/events/consumer" - factory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" "github.com/hyperledger/fabric-sdk-go/pkg/errors" client "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client" internal "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/internal" @@ -316,9 +316,9 @@ func generateTxID() apitxn.TransactionID { if err != nil { panic(errors.WithMessage(err, "GenerateRandomNonce failed")) } - digest, err := factory.GetDefault().Hash( + digest, err := cryptosuite.GetDefault().Hash( nonce, - factory.GetSHA256Opts()) + cryptosuite.GetSHA256Opts()) if err != nil { panic(errors.Wrap(err, "hashing nonce failed")) } diff --git a/pkg/fabric-client/signingmgr/signingmgr.go b/pkg/fabric-client/signingmgr/signingmgr.go index 5547ef7bac..3c5f766991 100644 --- a/pkg/fabric-client/signingmgr/signingmgr.go +++ b/pkg/fabric-client/signingmgr/signingmgr.go @@ -10,7 +10,7 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apiconfig" "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" "github.com/hyperledger/fabric-sdk-go/pkg/errors" ) @@ -26,7 +26,7 @@ type SigningManager struct { // @param {Config} config - configuration provider // @returns {SigningManager} new signing manager func NewSigningManager(cryptoProvider apicryptosuite.CryptoSuite, config apiconfig.Config) (*SigningManager, error) { - return &SigningManager{cryptoProvider: cryptoProvider, hashOpts: cryptosuitebridge.GetSHAOpts()}, nil + return &SigningManager{cryptoProvider: cryptoProvider, hashOpts: cryptosuite.GetSHAOpts()}, nil } // Sign will sign the given object using provided key diff --git a/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh b/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh index 03259e918f..30bb4599cc 100755 --- a/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh +++ b/scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh @@ -77,6 +77,8 @@ sed -i'' -e '/log "github.com\// a\ ' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/\/\/ Initialize BCCSP (the crypto layer)/c.csp = cfg.CSP/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e '/c.csp, err = util.InitBCCSP(&cfg.CSP, mspDir, c.HomeDir)/,+3 d' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" FILTER_FILENAME="lib/identity.go" FILTER_FN="newIdentity,Revoke,Post,addTokenAuthHdr,GetECert,Reenroll,Register,GetName" @@ -99,6 +101,8 @@ sed -i'' -e 's/bccsp.Key/apicryptosuite.Key/g' "${TMP_PROJECT_PATH}/${FILTER_FIL FILTER_FILENAME="lib/clientconfig.go" FILTER_FN= gofilter +sed -i'' -e 's/*factory.FactoryOpts/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" + FILTER_FILENAME="lib/util.go" FILTER_FN="GetCertID,BytesToX509Cert" @@ -114,9 +118,7 @@ sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${ FILTER_FILENAME="util/csp.go" -FILTER_FN="InitBCCSP,ConfigureBCCSP,GetBCCSP,makeFileNamesAbsolute" -FILTER_FN+=",getBCCSPKeyOpts,ImportBCCSPKeyFromPEM,LoadX509KeyPair,GetSignerFromCert" -FILTER_FN+=",BCCSPKeyRequestGenerate,GetSignerFromCertFile" +FILTER_FN=",getBCCSPKeyOpts,ImportBCCSPKeyFromPEM,LoadX509KeyPair,GetSignerFromCert,BCCSPKeyRequestGenerate" gofilter sed -i'' -e '/_.\"time\"/d' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e '/\"github.com\/cloudflare\/cfssl\/cli\"/d' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" @@ -137,7 +139,7 @@ sed -i'' -e 's/&bccsp.ECDSAP384KeyGenOpts{Temporary: ephemeral}/factory.GetECDSA sed -i'' -e 's/&bccsp.ECDSAP512KeyGenOpts{Temporary: ephemeral}/factory.GetECDSAP512KeyGenOpts(ephemeral)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/&bccsp.X509PublicKeyImportOpts{Temporary: true}/factory.GetX509PublicKeyImportOpts(true)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/&bccsp.ECDSAPrivateKeyImportOpts{Temporary: temporary}/factory.GetECDSAPrivateKeyImportOpts(temporary)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e 's/cspsigner.New(/factory.NewCspsigner(/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/cspsigner.New(/factory.NewCspSigner(/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/utils.PrivateKeyToDER/factory.PrivateKeyToDER/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/utils.PEMtoPrivateKey/factory.PEMtoPrivateKey/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" diff --git a/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch b/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch index 5763754011..8bcfdbe143 100644 --- a/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch +++ b/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch @@ -1,6 +1,6 @@ -From 162c758b47c8f90c1967b7e5979c18739d83913a Mon Sep 17 00:00:00 2001 +From 3fd31224fcb58c5b8b8ad9317278aed92de82958 Mon Sep 17 00:00:00 2001 From: Sudesh Shetty -Date: Wed, 22 Nov 2017 15:40:22 -0500 +Date: Mon, 27 Nov 2017 11:37:22 -0500 Subject: [PATCH] cryptosuite Copyright SecureKey Technologies Inc. All Rights Reserved. @@ -8,16 +8,16 @@ SPDX-License-Identifier: Apache-2.0 Signed-off-by: Sudesh Shetty --- - .../cryptosuitebridge/cryptosuitebridge.go | 168 +++++++++++++++++++++ - 1 file changed, 168 insertions(+) + .../cryptosuitebridge/cryptosuitebridge.go | 121 +++++++++++++++++++++ + 1 file changed, 121 insertions(+) create mode 100644 sdkpatch/cryptosuitebridge/cryptosuitebridge.go diff --git a/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go new file mode 100644 -index 0000000..31d17ca +index 0000000..0af4fd3 --- /dev/null +++ b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go -@@ -0,0 +1,168 @@ +@@ -0,0 +1,121 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + @@ -34,9 +34,8 @@ index 0000000..31d17ca + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" -+ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" -+ cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ++ "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" +) + +const ( @@ -70,18 +69,9 @@ index 0000000..31d17ca + *factory.FactoryOpts +} + -+//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) -+func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { -+ bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) -+ if err != nil { -+ return nil, err -+ } -+ return cryptosuite.GetSuite(bccsp), nil -+} -+ -+//InitFactories is a bridge for bccsp factory.InitFactories(config) -+func InitFactories(config *FactoryOpts) error { -+ return factory.InitFactories(getFactoryOpts(config)) ++// NewCspSigner is a bridge for bccsp signer.New call ++func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { ++ return cspsigner.New(csp, key) +} + +// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() @@ -94,46 +84,9 @@ index 0000000..31d17ca + return utils.PrivateKeyToDER(privateKey) +} + -+// NewCspsigner is a bridge for bccsp signer.New call -+func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { -+ return cspsigner.New(csp, key) -+} -+ -+//NewEmptySwOpts creates new empty bccsp factory.SwOpts -+func NewSwOpts() *factory.SwOpts { -+ return &factory.SwOpts{} -+} -+ -+//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts -+func NewFileKeystoreOpts() *factory.FileKeystoreOpts { -+ return &factory.FileKeystoreOpts{} -+} -+ -+//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default ++//GetDefault returns default cryptosuite from bccsp factory default +func GetDefault() apicryptosuite.CryptoSuite { -+ return cryptosuite.GetSuite(factory.GetDefault()) -+} -+ -+//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() -+func SignatureToLowS(k *ecdsa.PublicKey, signature []byte) ([]byte, error) { -+ return sw.SignatureToLowS(k, signature) -+} -+ -+//GetHashOpt is a bridge for bccsp util GetHashOpt -+func GetHashOpt(hashFunction string) (apicryptosuite.HashOpts, error) { -+ return bccsp.GetHashOpt(hashFunction) -+} -+ -+func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { -+ if config == nil { -+ return nil -+ } -+ return &factory.FactoryOpts{ -+ SwOpts: config.SwOpts, -+ ProviderName: config.ProviderName, -+ Pkcs11Opts: config.Pkcs11Opts, -+ PluginOpts: config.PluginOpts, -+ } ++ return cryptosuite.GetDefault() +} + +//GetSHAOpts returns options for computing SHA. diff --git a/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh b/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh index baa2f1406a..d728f93b3a 100755 --- a/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh +++ b/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh @@ -273,11 +273,14 @@ FILTER_FN+=",newBccspMsp,IsWellFormed,GetVersion" gofilter # TODO - adapt to msp/factory.go rather than changing newBccspMsp sed -i'' -e 's/newBccspMsp/NewBccspMsp/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/NewBccspMsp(version MSPVersion)/NewBccspMsp(version MSPVersion, cryptoSuite apicryptosuite.CryptoSuite)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/bccsp := factory.GetDefault()//g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/theMsp.bccsp = bccsp/theMsp.bccsp = cryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/"github.com\/hyperledger\/fabric\/bccsp\/factory"/factory "github.com\/hyperledger\/fabric-sdk-go\/internal\/github.com\/hyperledger\/fabric\/sdkpatch\/cryptosuitebridge"/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.BCCSP/apicryptosuite.CryptoSuite/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.Key,/apicryptosuite.Key,/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/bccsp.GetHashOpt/factory.GetHashOpt/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" -sed -i'' -e 's/signer.New(/factory.NewCspsigner(/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/signer.New(/factory.NewCspSigner(/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/&bccsp.ECDSAPrivateKeyImportOpts{Temporary: true}/factory.GetECDSAPrivateKeyImportOpts(true)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" sed -i'' -e 's/&bccsp.X509PublicKeyImportOpts{Temporary: true}/factory.GetX509PublicKeyImportOpts(true)/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" diff --git a/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch b/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch index 5763754011..77a6c4cc21 100644 --- a/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch +++ b/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch @@ -1,6 +1,6 @@ -From 162c758b47c8f90c1967b7e5979c18739d83913a Mon Sep 17 00:00:00 2001 +From 4f46791ad0248604a813ec6583c2a868404082b0 Mon Sep 17 00:00:00 2001 From: Sudesh Shetty -Date: Wed, 22 Nov 2017 15:40:22 -0500 +Date: Mon, 27 Nov 2017 11:34:49 -0500 Subject: [PATCH] cryptosuite Copyright SecureKey Technologies Inc. All Rights Reserved. @@ -8,16 +8,16 @@ SPDX-License-Identifier: Apache-2.0 Signed-off-by: Sudesh Shetty --- - .../cryptosuitebridge/cryptosuitebridge.go | 168 +++++++++++++++++++++ - 1 file changed, 168 insertions(+) + .../cryptosuitebridge/cryptosuitebridge.go | 121 +++++++++++++++++++++ + 1 file changed, 121 insertions(+) create mode 100644 sdkpatch/cryptosuitebridge/cryptosuitebridge.go diff --git a/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go new file mode 100644 -index 0000000..31d17ca +index 0000000..a260c06 --- /dev/null +++ b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go -@@ -0,0 +1,168 @@ +@@ -0,0 +1,121 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + @@ -35,8 +35,7 @@ index 0000000..31d17ca + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" -+ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" -+ cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ++ "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" +) + +const ( @@ -70,48 +69,14 @@ index 0000000..31d17ca + *factory.FactoryOpts +} + -+//GetBCCSPFromOpts is a bridge for factory.GetBCCSPFromOpts(config) -+func GetBCCSPFromOpts(config *FactoryOpts) (apicryptosuite.CryptoSuite, error) { -+ bccsp, err := factory.GetBCCSPFromOpts(getFactoryOpts(config)) -+ if err != nil { -+ return nil, err -+ } -+ return cryptosuite.GetSuite(bccsp), nil -+} -+ -+//InitFactories is a bridge for bccsp factory.InitFactories(config) -+func InitFactories(config *FactoryOpts) error { -+ return factory.InitFactories(getFactoryOpts(config)) -+} -+ -+// PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey() -+func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) { -+ return utils.PEMtoPrivateKey(raw, pwd) -+} -+ -+// PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER -+func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) { -+ return utils.PrivateKeyToDER(privateKey) -+} -+ -+// NewCspsigner is a bridge for bccsp signer.New call -+func NewCspsigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { ++// NewCspSigner is a bridge for bccsp signer.New call ++func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { + return cspsigner.New(csp, key) +} + -+//NewEmptySwOpts creates new empty bccsp factory.SwOpts -+func NewSwOpts() *factory.SwOpts { -+ return &factory.SwOpts{} -+} -+ -+//NewEmptyFileKeystoreOpts creates new empty bccsp factory.FileKeystoreOpts -+func NewFileKeystoreOpts() *factory.FileKeystoreOpts { -+ return &factory.FileKeystoreOpts{} -+} -+ +//GetFactoryDefaultCryptoSuite creates new cryptosuite from bccsp factory default +func GetDefault() apicryptosuite.CryptoSuite { -+ return cryptosuite.GetSuite(factory.GetDefault()) ++ return cryptosuite.GetDefault() +} + +//SignatureToLowS is a bridge for bccsp sw.SignatureToLowS() @@ -124,18 +89,6 @@ index 0000000..31d17ca + return bccsp.GetHashOpt(hashFunction) +} + -+func getFactoryOpts(config *FactoryOpts) *factory.FactoryOpts { -+ if config == nil { -+ return nil -+ } -+ return &factory.FactoryOpts{ -+ SwOpts: config.SwOpts, -+ ProviderName: config.ProviderName, -+ Pkcs11Opts: config.Pkcs11Opts, -+ PluginOpts: config.PluginOpts, -+ } -+} -+ +//GetSHAOpts returns options for computing SHA. +func GetSHAOpts() apicryptosuite.HashOpts { + return &bccsp.SHAOpts{} diff --git a/test/integration/fabric_ca_test.go b/test/integration/fabric_ca_test.go index d33ca13088..3c6032c45a 100644 --- a/test/integration/fabric_ca_test.go +++ b/test/integration/fabric_ca_test.go @@ -55,7 +55,7 @@ func TestRegisterEnrollRevoke(t *testing.T) { } client.SetStateStore(stateStore) - caClient, err := fabricCAClient.NewFabricCAClient(testFabricConfig, org1Name) + caClient, err := fabricCAClient.NewFabricCAClient(org1Name, testFabricConfig, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient return error: %v", err) } @@ -150,7 +150,12 @@ func TestRegisterEnrollRevoke(t *testing.T) { func TestEnrollOrg2(t *testing.T) { - caClient, err := fabricCAClient.NewFabricCAClient(testFabricConfig, org2Name) + cryptoSuiteProvider, err := cryptosuite.GetSuiteByConfig(testFabricConfig) + if err != nil { + t.Fatalf("Failed getting cryptosuite from config : %s", err) + } + + caClient, err := fabricCAClient.NewFabricCAClient(org2Name, testFabricConfig, cryptoSuiteProvider) if err != nil { t.Fatalf("NewFabricCAClient return error: %v", err) }