Skip to content

Commit

Permalink
FABG-965: Change MSP base option to v1.4.3 (#78)
Browse files Browse the repository at this point in the history 
Validation of certificates generated by versions of Fabric >= 1.4.3 is failing because it is applying rules that have not been updated to support Node OU roles
(see https://hyperledger-fabric.readthedocs.io/en/release-1.4/membership/membership.html#node-ou-roles-and-msps)

Consequently transactions cannot be submitted to these later versions of Fabric.

This commit updates  to the latest msp validation version, and regenerates the certificates in the membership_test.go file to include the OU client role (new certificates have 10 year expiry as before).

This has been tested against Fabric v1.4.6 and v2.1.1

Signed-off-by: andrew-coleman <andrew_coleman@uk.ibm.com>
  • Loading branch information
@andrew-coleman
andrew-coleman authored Jun 17, 2020
1 parent fdb9508 commit 9338f54
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 28 deletions.
2 changes: 1 addition & 1 deletion pkg/fab/channel/membership/membership.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ func loadMSPs(mspConfigs []*mb.MSPConfig, cs core.CryptoSuite) ([]msp.MSP, error
// TODO: Configure MSP version
mspOpts := msp.BCCSPNewOpts{
NewBaseOpts: msp.NewBaseOpts{
Version: msp.MSPv1_1,
Version: msp.MSPv1_4_3,
},
}
newMSP, err := msp.New(&mspOpts, cs)
Expand Down
62 changes: 35 additions & 27 deletions pkg/fab/channel/membership/membership_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,13 @@ func buildfabricMSPConfig(name string, root []byte) *mb.FabricMSPConfig {
RootCerts: [][]byte{root},
RevocationList: [][]byte{[]byte(newCRL)},
SigningIdentity: nil,
FabricNodeOus: &mb.FabricNodeOUs{
Enable: true,
AdminOuIdentifier: &mb.FabricOUIdentifier{OrganizationalUnitIdentifier: "admin"},
ClientOuIdentifier: &mb.FabricOUIdentifier{OrganizationalUnitIdentifier: "client"},
PeerOuIdentifier: &mb.FabricOUIdentifier{OrganizationalUnitIdentifier: "peer"},
OrdererOuIdentifier: &mb.FabricOUIdentifier{OrganizationalUnitIdentifier: "client"},
},
}

return config
Expand All @@ -234,35 +241,36 @@ func marshalOrPanic(pb proto.Message) []byte {
}

var validRootCA = `-----BEGIN CERTIFICATE-----
MIICQzCCAemgAwIBAgIQYZpqGmcswky9Iy1SHBIm8zAKBggqhkjOPQQDAjBzMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu
b3JnMS5leGFtcGxlLmNvbTAeFw0xNzA3MjgxNDI3MjBaFw0yNzA3MjYxNDI3MjBa
MHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMRwwGgYDVQQD
ExNjYS5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
3WtPeUzseT9Wp9VUtkx6mF84plyhgTlI2pbrHa4wYKFSoQGmrt83px6Q5Qu9EmhW
1y6Fr8DxkHvvg1NX0bCGyaNfMF0wDgYDVR0PAQH/BAQDAgGmMA8GA1UdJQQIMAYG
BFUdJQAwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQgh5HRNj6JUV+a+gQrBpOi
xwS7jdldKPl9NUmiuePENS0wCgYIKoZIzj0EAwIDSAAwRQIhALUmxdk1FP8uL1so
nLdU8D8CS2PW5DLbaMjhR1KVK3b7AiAD5vkgX1PXPRsFFYlbkp/Y+nDdDy+mk3N7
K7xCT/QO7Q==
-----END CERTIFICATE-----
`
MIICJzCCAc2gAwIBAgIUHS1hbKgmtURco9FMkOTAVynQKCgwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjE3MTA0ODAwWhcNMzUwNjE0MTA0ODAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMbm
0K7nntIdKITqDvm0iA2IdXE30gcPijD+b5mNUbmkSTfekU7Y2Dn6+1mG9VRp0a6U
iFeo2l9nG2VZpODzaMGjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQ8GSzQHrtf9oKIO89wav9TRCxYbTAKBggqhkjOPQQD
AgNIADBFAiEAgWNqI8SKF1EkDhEkNpRiBC/JH+IWdpXM4XBvRKvx3T0CICb+AKil
nalNCQP6jt4Z9Dvj19Xn/19D75PMhMms7sB0
-----END CERTIFICATE-----`

var certPem = `-----BEGIN CERTIFICATE-----
MIICGDCCAb+gAwIBAgIQXOaCoTss6vG3zb/vRGWXuDAKBggqhkjOPQQDAjBzMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu
b3JnMS5leGFtcGxlLmNvbTAeFw0xNzA3MjgxNDI3MjBaFw0yNzA3MjYxNDI3MjBa
MFsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMR8wHQYDVQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkw
EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWXupBEBzx/Mnjz1hzIUeOGiVR4CV/7aS
Qv0aokqJanTD+x8MaavBNYbPUwwzUNc7c1Ydd12gUNHPnyj/r1YyuaNNMEswDgYD
VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgh5HRNj6JUV+a
+gQrBpOixwS7jdldKPl9NUmiuePENS0wCgYIKoZIzj0EAwIDRwAwRAIgT2CAHCtr
Ro1YX8QuD6dSZUAOmptC+xU5xhp+2MeY2BkCIHmLOMBU5KIyJ5Rah4QeiswJ/pge
0eiDDUjXWGduFy4x
MIICrzCCAlWgAwIBAgIURgJ5whz9lvp3Fkk+xapPLxxgsgswCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjE3MTA0ODAwWhcNMzAwNjE1MTA1MzAw
WjBdMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExFDASBgNV
BAoTC0h5cGVybGVkZ2VyMQ8wDQYDVQQLEwZjbGllbnQxDjAMBgNVBAMTBXVzZXIx
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErrVSd6NA3YdlhsfRRLhSaeYeKA/h
fNKK7oBJUtLxUPXbHqxZ4u2s9UeuFrC5WVzHVAWvAHFKHkEEmPkWB48v/6OB3zCB
3DAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUF4jYTs6j
Vod3ahqMumslAHl+zXIwHwYDVR0jBBgwFoAUPBks0B67X/aCiDvPcGr/U0QsWG0w
IgYDVR0RBBswGYIXQW5kcmV3cy1NQlAtOS5icm9hZGJhbmQwWAYIKgMEBQYHCAEE
THsiYXR0cnMiOnsiaGYuQWZmaWxpYXRpb24iOiIiLCJoZi5FbnJvbGxtZW50SUQi
OiJ1c2VyMSIsImhmLlR5cGUiOiJjbGllbnQifX0wCgYIKoZIzj0EAwIDSAAwRQIh
ANqxuLKIvWlpSr+jklS+jcfb68hXqnC2zshR7y0aAEQCAiAHOsxSK8s42/ynDWYM
Rxtk8baO32vSrjao5ESHgew8Nw==
-----END CERTIFICATE-----`

var invalidSignaturePem = `-----BEGIN CERTIFICATE-----
Expand Down

0 comments on commit 9338f54

Please sign in to comment.