[FAB-6860] Update third_party fabric to v1.1.0-preview

Change-Id: Ic886dab98a0f26922f70ae1668c7ad4f11ea0da1 Signed-off-by: Troy Ronda <troy@troyronda.com>
hyperledger · Nov 1, 2017 · 8b685f6 · 8b685f6
1 parent b36fe41
commit 8b685f6
Show file tree

Hide file tree

Showing 16 changed files with 603 additions and 222 deletions.
diff --git a/Makefile b/Makefile
@@ -47,9 +47,9 @@ FABRIC_TOOLS_TAG    ?= $(ARCH)-$(FABRIC_TOOLS_VERSION)
 
 # Upstream fabric patching (overridable)
 THIRDPARTY_FABRIC_CA_BRANCH ?= master
-THIRDPARTY_FABRIC_CA_COMMIT ?= 2886abda6792cf3b5e708ed18dbde07106597071
+THIRDPARTY_FABRIC_CA_COMMIT ?= v1.1.0-preview
 THIRDPARTY_FABRIC_BRANCH    ?= master
-THIRDPARTY_FABRIC_COMMIT    ?= f754f40d3165571cecf5fce43c8a034559983311
+THIRDPARTY_FABRIC_COMMIT    ?= v1.1.0-preview
 
 # Local variables used by makefile
 PACKAGE_NAME := github.com/hyperledger/fabric-sdk-go

diff --git a/internal/github.com/hyperledger/fabric/events/consumer/consumer.go b/internal/github.com/hyperledger/fabric/events/consumer/consumer.go
@@ -24,6 +24,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/golang/protobuf/ptypes/timestamp"
 	flogging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge"
 	ehpb "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/peer"
 )
@@ -38,3 +39,10 @@ type EventsClient struct {
 	stream      ehpb.Events_ChatClient
 	adapter     EventAdapter
 }
+
+// RegistrationConfig holds the information to be used when registering for
+// events from the eventhub
+type RegistrationConfig struct {
+	InterestedEvents []*ehpb.Interest
+	Timestamp        *timestamp.Timestamp
+}
diff --git a/internal/github.com/hyperledger/fabric/msp/configbuilder.go b/internal/github.com/hyperledger/fabric/msp/configbuilder.go
@@ -10,13 +10,39 @@ Please review third_party pinning scripts and patches for more details.
 
 package msp
 
+// OrganizationalUnitIdentifiersConfiguration is used to represent an OU
+// and an associated trusted certificate
 type OrganizationalUnitIdentifiersConfiguration struct {
-	Certificate                  string `yaml:"Certificate,omitempty"`
+	// Certificate is the path to a root or intermediate certificate
+	Certificate string `yaml:"Certificate,omitempty"`
+	// OrganizationalUnitIdentifier is the name of the OU
 	OrganizationalUnitIdentifier string `yaml:"OrganizationalUnitIdentifier,omitempty"`
 }
 
+// NodeOUs contains information on how to tell apart clients, peers and orderers
+// based on OUs. If the check is enforced, by setting Enabled to true,
+// the MSP will consider an identity valid if it is an identity of a client, a peer or
+// an orderer. An identity should have only one of these special OUs.
+type NodeOUs struct {
+	// Enable activates the OU enforcement
+	Enable bool `yaml:"Enable,omitempty"`
+	// ClientOUIdentifier specifies how to recognize clients by OU
+	ClientOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"ClientOUIdentifier,omitempty"`
+	// PeerOUIdentifier specifies how to recognize peers by OU
+	PeerOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"PeerOUIdentifier,omitempty"`
+	// OrdererOUIdentifier specifies how to recognize orderers by OU
+	OrdererOUIdentifier *OrganizationalUnitIdentifiersConfiguration `yaml:"OrdererOUIdentifier,omitempty"`
+}
+
+// Configuration represents the accessory configuration an MSP can be equipped with.
+// By default, this configuration is stored in a yaml file
 type Configuration struct {
+	// OrganizationalUnitIdentifiers is a list of OUs. If this is set, the MSP
+	// will consider an identity valid only it contains at least one of these OUs
 	OrganizationalUnitIdentifiers []*OrganizationalUnitIdentifiersConfiguration `yaml:"OrganizationalUnitIdentifiers,omitempty"`
+	// NodeOUs enables the MSP to tell apart clients, peers and orderers based
+	// on the identity's OU.
+	NodeOUs *NodeOUs `yaml:"NodeOUs,omitempty"`
 }
 
 const (
@@ -31,5 +57,9 @@ const (
 	tlsintermediatecerts = "tlsintermediatecerts"
 )
 
-// IdemixConfig is the filename of the idemix msp config file
-const IdemixConfig = "idemixmspconfig"
+const (
+	IdemixConfigDirMsp              = "msp"
+	IdemixConfigDirUser             = "user"
+	IdemixConfigFileIssuerPublicKey = "IssuerPublicKey"
+	IdemixConfigFileSigner          = "SignerConfig"
+)
diff --git a/internal/github.com/hyperledger/fabric/msp/factory.go b/internal/github.com/hyperledger/fabric/msp/factory.go
@@ -0,0 +1,39 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+/*
+Notice: This file has been modified for Hyperledger Fabric SDK Go usage.
+Please review third_party pinning scripts and patches for more details.
+*/
+
+package msp
+
+type MSPVersion int
+
+const (
+	MSPv1_0 = iota
+	MSPv1_1
+)
+
+// NewOpts represent
+type NewOpts interface {
+	// GetVersion returns the MSP's version to be instantiated
+	GetVersion() MSPVersion
+}
+
+// NewBaseOpts is the default base type for all MSP instantiation Opts
+type NewBaseOpts struct {
+	Version MSPVersion
+}
+
+// BCCSPNewOpts contains the options to instantiate a new BCCSP-based (X509) MSP
+type BCCSPNewOpts struct {
+	NewBaseOpts
+}
+
+// IdemixNewOpts contains the options to instantiate a new Idemix-based MSP
+type IdemixNewOpts struct {
+	NewBaseOpts
+}
diff --git a/internal/github.com/hyperledger/fabric/msp/msp.go b/internal/github.com/hyperledger/fabric/msp/msp.go
@@ -69,6 +69,9 @@ type MSP interface {
 	// Setup the MSP instance according to configuration information
 	Setup(config *msp.MSPConfig) error
 
+	// GetVersion returns the version of this MSP
+	GetVersion() MSPVersion
+
 	// GetType returns the provider type
 	GetType() ProviderType
 
@@ -199,4 +202,9 @@ const (
 	FABRIC ProviderType = iota // MSP is of FABRIC type
 	IDEMIX                     // MSP is of IDEMIX type
 	OTHER                      // MSP is of OTHER TYPE
+
+	// NOTE: as new types are added to this set,
+	// the mspTypes array below must be extended
 )
+
+var mspTypeStrings []string = []string{"bccsp", "idemix"}
diff --git a/internal/github.com/hyperledger/fabric/msp/mspimpl.go b/internal/github.com/hyperledger/fabric/msp/mspimpl.go
@@ -26,9 +26,25 @@ import (
 	m "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/msp"
 )
 
+// mspSetupFuncType is the prototype of the setup function
+type mspSetupFuncType func(config *m.FabricMSPConfig) error
+
+// validateIdentityOUsFuncType is the prototype of the function to validate identity's OUs
+type validateIdentityOUsFuncType func(id *identity) error
+
 // This is an instantiation of an MSP that
 // uses BCCSP for its cryptographic primitives.
 type bccspmsp struct {
+	// version specifies the behaviour of this msp
+	version MSPVersion
+	// The following function pointers are used to change the behaviour
+	// of this MSP depending on its version.
+	// internalSetupFunc is the pointer to the setup function
+	internalSetupFunc mspSetupFuncType
+
+	// internalValidateIdentityOusFunc is the pointer to the function to validate identity's OUs
+	internalValidateIdentityOusFunc validateIdentityOUsFuncType
+
 	// list of CA certs we trust
 	rootCerts []Identity
 
@@ -70,38 +86,55 @@ type bccspmsp struct {
 
 	// cryptoConfig contains
 	cryptoConfig *m.FabricCryptoConfig
+
+	// NodeOUs configuration
+	ouEnforcement bool
+	// These are the OUIdentifiers of the clients, peers and orderers.
+	// They are used to tell apart these entities
+	clientOU, peerOU, ordererOU *OUIdentifier
 }
 
 // NewBccspMsp returns an MSP instance backed up by a BCCSP
 // crypto provider. It handles x.509 certificates and can
 // generate identities and signing identities backed by
 // certificates and keypairs
-func NewBccspMsp() (MSP, error) {
+func NewBccspMsp(version MSPVersion) (MSP, error) {
 	mspLogger.Debugf("Creating BCCSP-based MSP instance")
 
 	bccsp := factory.GetDefault()
 	theMsp := &bccspmsp{}
+	theMsp.version = version
 	theMsp.bccsp = bccsp
+	switch version {
+	case MSPv1_0:
+		theMsp.internalSetupFunc = theMsp.setupV1
+		theMsp.internalValidateIdentityOusFunc = theMsp.validateIdentityOUsV1
+	case MSPv1_1:
+		theMsp.internalSetupFunc = theMsp.setupV11
+		theMsp.internalValidateIdentityOusFunc = theMsp.validateIdentityOUsV11
+	default:
+		return nil, errors.Errorf("Invalid MSP version [%v]", version)
+	}
 
 	return theMsp, nil
 }
 
 func (msp *bccspmsp) getCertFromPem(idBytes []byte) (*x509.Certificate, error) {
 	if idBytes == nil {
-		return nil, errors.New("getIdentityFromConf error: nil idBytes")
+		return nil, errors.New("getCertFromPem error: nil idBytes")
 	}
 
 	// Decode the pem bytes
 	pemCert, _ := pem.Decode(idBytes)
 	if pemCert == nil {
-		return nil, errors.Errorf("getIdentityFromBytes error: could not decode pem bytes [%v]", idBytes)
+		return nil, errors.Errorf("getCertFromPem error: could not decode pem bytes [%v]", idBytes)
 	}
 
 	// get a cert
 	var cert *x509.Certificate
 	cert, err := x509.ParseCertificate(pemCert.Bytes)
 	if err != nil {
-		return nil, errors.Wrap(err, "getIdentityFromBytes error: failed to parse x509 cert")
+		return nil, errors.Wrap(err, "getCertFromPem error: failed to parse x509 cert")
 	}
 
 	return cert, nil
@@ -180,57 +213,13 @@ func (msp *bccspmsp) Setup(conf1 *m.MSPConfig) error {
 	msp.name = conf.Name
 	mspLogger.Debugf("Setting up MSP instance %s", msp.name)
 
-	// setup crypto config
-	if err := msp.setupCrypto(conf); err != nil {
-		return err
-	}
-
-	// Setup CAs
-	if err := msp.setupCAs(conf); err != nil {
-		return err
-	}
-
-	// Setup Admins
-	if err := msp.setupAdmins(conf); err != nil {
-		return err
-	}
-
-	// Setup CRLs
-	if err := msp.setupCRLs(conf); err != nil {
-		return err
-	}
-
-	// Finalize setup of the CAs
-	if err := msp.finalizeSetupCAs(conf); err != nil {
-		return err
-	}
-
-	// setup the signer (if present)
-	if err := msp.setupSigningIdentity(conf); err != nil {
-		return err
-	}
-
-	// setup the OUs
-	if err := msp.setupOUs(conf); err != nil {
-		return err
-	}
-
-	// setup TLS CAs
-	if err := msp.setupTLSCAs(conf); err != nil {
-		return err
-	}
-
-	// make sure that admins are valid members as well
-	// this way, when we validate an admin MSP principal
-	// we can simply check for exact match of certs
-	for i, admin := range msp.admins {
-		err = admin.Validate()
-		if err != nil {
-			return errors.WithMessage(err, fmt.Sprintf("admin %d is invalid", i))
-		}
-	}
+	// setup
+	return msp.internalSetupFunc(conf)
+}
 
-	return nil
+// GetVersion returns the version of this MSP
+func (msp *bccspmsp) GetVersion() MSPVersion {
+	return msp.version
 }
 
 // GetType returns the type for this MSP