From fdeaed1d76568f4dcf6dbaaad130621171959119 Mon Sep 17 00:00:00 2001 From: Troy Ronda Date: Tue, 2 Jan 2018 16:39:24 -0500 Subject: [PATCH] [FAB-7577] Separate cryptosuite pkgs This patch splits the cryptosuite packages for sw & pkcs11 along with the underlying BCCSP factory packages for sw, pkcs11 & plugin. Usage of the default BCCSP methods are also removed. PKCS11 testing is split into its own package and now repeats the e2e test with a PKCS11 configuration. Change-Id: I484df92094588d07c0655f97c7e27abe5967d99e Signed-off-by: Troy Ronda --- Makefile | 10 +- README.md | 4 +- def/fabapi/context/defprovider/sdk.go | 2 +- def/fabapi/fabapi_test.go | 11 +- def/fabapi/pkgfactory.go | 2 +- .../cryptosuitebridge/cryptosuitebridge.go | 6 - .../fabric/bccsp/factory/factory.go | 97 ----------- .../fabric/bccsp/factory/nopkcs11.go | 103 ------------ .../hyperledger/fabric/bccsp/factory/opts.go | 39 ----- .../fabric/bccsp/factory/pkcs11.go | 122 -------------- .../factory/{ => pkcs11}/pkcs11factory.go | 10 +- .../factory/{ => plugin}/pluginfactory.go | 20 +-- .../sdkpatch_pluginfactory_noplugin.go | 44 ----- .../bccsp/factory/{ => sw}/swfactory.go | 8 +- .../cryptosuitebridge/cryptosuitebridge.go | 6 - pkg/cryptosuite/bccsp/cryptosuiteimpl.go | 100 ----------- .../bccsp/multisuite/cryptosuiteimpl.go | 27 +++ .../bccsp/multisuite/cryptosuiteimpl_test.go | 95 +++++++++++ pkg/cryptosuite/bccsp/nopkcs11.go | 42 ----- pkg/cryptosuite/bccsp/nopkcs11_test.go | 36 ---- pkg/cryptosuite/bccsp/pkcs11.go | 62 ------- .../bccsp/pkcs11/cryptosuiteimpl.go | 64 +++++++ .../bccsp/pkcs11/cryptosuiteimpl_test.go | 75 +++++++-- pkg/cryptosuite/bccsp/pkcs11_test.go | 40 ----- pkg/cryptosuite/bccsp/sw/cryptosuiteimpl.go | 82 +++++++++ .../bccsp/sw/cryptosuiteimpl_test.go | 92 ++++++++++ .../bccsp/wrapper/cryptosuiteimpl.go | 95 +++++++++++ .../{ => wrapper}/cryptosuiteimpl_test.go | 19 +-- .../bccsp/wrapper/mocksuite_test.go | 53 ++++++ pkg/cryptosuite/cryptosuite.go | 17 +- pkg/cryptosuite/cryptosuite_test.go | 11 +- pkg/fabric-ca-client/fabricca_test.go | 5 +- pkg/fabric-client/client_test.go | 8 +- pkg/fabric-client/identity/identity_test.go | 4 +- .../signingmgr/signingmgr_test.go | 4 +- .../fabric-ca/patches/0004-cryptosuite.patch | 12 +- .../fabric/apply_fabric_client_utils.sh | 50 ++++-- ...Build-flags-to-disable-BCCSP-plugins.patch | 82 --------- ...yptosuite.patch => 0003-cryptosuite.patch} | 12 +- .../dockerenv/docker-compose-pkcs11-test.yaml | 2 +- test/integration/e2e/end_to_end.go | 158 ++++++++++++++++++ test/integration/e2e/end_to_end_test.go | 141 +--------------- test/integration/env.go | 2 - test/integration/fab/fabric_ca_test.go | 2 +- test/integration/pkcs11/e2e_test.go | 38 +++++ .../{pkcs11_env.go => pkcs11/env.go} | 4 +- .../sdk/custom_cryptosuite_test.go | 43 +++-- test/scripts/integration.sh | 11 +- test/scripts/unit-pkcs11.sh | 44 +++++ test/scripts/unit.sh | 6 +- 50 files changed, 956 insertions(+), 1066 deletions(-) delete mode 100644 internal/github.com/hyperledger/fabric/bccsp/factory/factory.go delete mode 100644 internal/github.com/hyperledger/fabric/bccsp/factory/nopkcs11.go delete mode 100644 internal/github.com/hyperledger/fabric/bccsp/factory/opts.go delete mode 100644 internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11.go rename internal/github.com/hyperledger/fabric/bccsp/factory/{ => pkcs11}/pkcs11factory.go (91%) rename internal/github.com/hyperledger/fabric/bccsp/factory/{ => plugin}/pluginfactory.go (75%) delete mode 100644 internal/github.com/hyperledger/fabric/bccsp/factory/sdkpatch_pluginfactory_noplugin.go rename internal/github.com/hyperledger/fabric/bccsp/factory/{ => sw}/swfactory.go (94%) delete mode 100644 pkg/cryptosuite/bccsp/cryptosuiteimpl.go create mode 100644 pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl.go create mode 100644 pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl_test.go delete mode 100644 pkg/cryptosuite/bccsp/nopkcs11.go delete mode 100644 pkg/cryptosuite/bccsp/nopkcs11_test.go delete mode 100644 pkg/cryptosuite/bccsp/pkcs11.go create mode 100644 pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl.go rename test/integration/pkcs11_config_test.go => pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl_test.go (58%) delete mode 100644 pkg/cryptosuite/bccsp/pkcs11_test.go create mode 100644 pkg/cryptosuite/bccsp/sw/cryptosuiteimpl.go create mode 100644 pkg/cryptosuite/bccsp/sw/cryptosuiteimpl_test.go create mode 100644 pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl.go rename pkg/cryptosuite/bccsp/{ => wrapper}/cryptosuiteimpl_test.go (95%) create mode 100644 pkg/cryptosuite/bccsp/wrapper/mocksuite_test.go delete mode 100644 scripts/third_party_pins/fabric/patches/0003-Build-flags-to-disable-BCCSP-plugins.patch rename scripts/third_party_pins/fabric/patches/{0004-cryptosuite.patch => 0003-cryptosuite.patch} (93%) create mode 100644 test/integration/e2e/end_to_end.go create mode 100644 test/integration/pkcs11/e2e_test.go rename test/integration/{pkcs11_env.go => pkcs11/env.go} (86%) create mode 100755 test/scripts/unit-pkcs11.sh diff --git a/Makefile b/Makefile index c85296eb94..23dceef074 100644 --- a/Makefile +++ b/Makefile @@ -41,7 +41,6 @@ FABRIC_DEVSTABLE_VERSION_MAJOR := 1 GO_LDFLAGS ?= -s GO_TESTFLAGS ?= FABRIC_SDK_EXPERIMENTAL ?= true -FABRIC_SDK_PKCS11 ?= false FABRIC_SDK_EXTRA_GO_TAGS ?= FABRIC_SDK_POPULATE_VENDOR ?= true @@ -138,7 +137,6 @@ FABRIC_STABLE_PKCS11_INTTEST := true FABRIC_PREV_INTTEST := true FABRIC_PRERELEASE_INTTEST := true FABRIC_DEVSTABLE_INTTEST := true -FABRIC_SDK_PKCS11 := true endif # Setup Go Tags @@ -146,9 +144,6 @@ GO_TAGS := $(FABRIC_SDK_EXTRA_GO_TAGS) ifeq ($(FABRIC_SDK_EXPERIMENTAL),true) GO_TAGS += experimental endif -ifeq ($(FABRIC_SDK_PKCS11),true) -GO_TAGS += pkcs11 -endif # Detect subtarget execution ifdef FABRIC_SDKGO_SUBTARGET @@ -214,6 +209,11 @@ unit-test: checks depend populate .PHONY: unit-tests unit-tests: unit-test +.PHONY: unit-tests-pkcs11 +unit-tests-pkcs11: checks depend populate + @FABRIC_SDKGO_CODELEVEL=$(FABRIC_CODELEVEL_UNITTEST_TAG) FABRIC_SDKGO_CODELEVEL_VER=$(FABRIC_CODELEVEL_UNITTEST_VER) $(TEST_SCRIPTS_PATH)/unit-pkcs11.sh + + .PHONY: integration-tests-stable integration-tests-stable: clean depend populate @cd $(FIXTURE_DOCKERENV_PATH) && \ diff --git a/README.md b/README.md index 64f8d0e036..d4317c4418 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,10 @@ You're good to go, happy coding! Check out the examples for usage demonstrations ### Examples -- [E2E Test](test/integration/e2e/end_to_end_test.go): Basic example that uses SDK to query and execute transaction +- [E2E Test](test/integration/e2e/end_to_end.go): Basic example that uses SDK to query and execute transaction - [Multi Org Test](test/integration/orgs/multiple_orgs_test.go): An example that has multiple organisations involved in transaction - [Dynamic Endorser Selection](test/integration/sdk/sdk_provider_test.go): An example that uses dynamic endorser selection (based on chaincode policy) +- [E2E PKCS11 Test](test/integration/pkcs11/e2e_test.go): E2E Test using a PKCS11 crypto suite and configuration - [CLI](https://github.com/securekey/fabric-examples/tree/master/fabric-cli/): An example CLI for Fabric built with the Go SDK. - More examples needed! @@ -68,7 +69,6 @@ make clean ### Go Tags The following Go tags can be supplied to enable additional functionality: -- pkcs11: includes support for configuring BCCSP with PKCS11 provider. Note: libltdl must be installed. - experimental: includes support for experimental features. ## Contributing to the Go SDK diff --git a/def/fabapi/context/defprovider/sdk.go b/def/fabapi/context/defprovider/sdk.go index 4d0fa1729d..e8a72a5ba1 100644 --- a/def/fabapi/context/defprovider/sdk.go +++ b/def/fabapi/context/defprovider/sdk.go @@ -14,7 +14,7 @@ import ( "github.com/hyperledger/fabric-sdk-go/def/fabapi/opt" configImpl "github.com/hyperledger/fabric-sdk-go/pkg/config" "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" - cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" "github.com/hyperledger/fabric-sdk-go/pkg/errors" kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore" signingMgr "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/signingmgr" diff --git a/def/fabapi/fabapi_test.go b/def/fabapi/fabapi_test.go index d31bd20299..6e26aca0cc 100644 --- a/def/fabapi/fabapi_test.go +++ b/def/fabapi/fabapi_test.go @@ -222,14 +222,11 @@ func TestNewDefaultSDKFromByte(t *testing.T) { }, } - defer func() { - if r := recover(); r == nil { - t.Errorf("The code did not panic") - } - }() - // new SDK expected to panic due to wrong config type which didn't load the configs - NewSDK(setup) + _, err = NewSDK(setup) + if err == nil { + t.Fatalf("NewSDK should have returned error due to bad config") + } } diff --git a/def/fabapi/pkgfactory.go b/def/fabapi/pkgfactory.go index 5c139b0566..138ef75595 100644 --- a/def/fabapi/pkgfactory.go +++ b/def/fabapi/pkgfactory.go @@ -12,7 +12,7 @@ import ( fabca "github.com/hyperledger/fabric-sdk-go/api/apifabca" fab "github.com/hyperledger/fabric-sdk-go/api/apifabclient" configImpl "github.com/hyperledger/fabric-sdk-go/pkg/config" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" "github.com/hyperledger/fabric-sdk-go/pkg/errors" fabricCAClient "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client" clientImpl "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client" diff --git a/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go index 876e13e01f..b54cadb372 100644 --- a/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +++ b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -16,7 +16,6 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" @@ -48,11 +47,6 @@ const ( X509Certificate = bccsp.X509Certificate ) -// FactoryOpts holds configuration information used to initialize bccsp factory implementations -type FactoryOpts struct { - *factory.FactoryOpts -} - // NewCspSigner is a bridge for bccsp signer.New call func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { return cspsigner.New(csp, key) diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/factory.go b/internal/github.com/hyperledger/fabric/bccsp/factory/factory.go deleted file mode 100644 index 142f45fcc6..0000000000 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/factory.go +++ /dev/null @@ -1,97 +0,0 @@ -/* -Copyright IBM Corp. 2016 All Rights Reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -/* -Notice: This file has been modified for Hyperledger Fabric SDK Go usage. -Please review third_party pinning scripts and patches for more details. -*/ -package factory - -import ( - "sync" - - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - flogging "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/sdkpatch/logbridge" - "github.com/hyperledger/fabric-sdk-go/pkg/errors" -) - -var ( - // Default BCCSP - defaultBCCSP bccsp.BCCSP - - // when InitFactories has not been called yet (should only happen - // in test cases), use this BCCSP temporarily - bootBCCSP bccsp.BCCSP - - // BCCSP Factories - bccspMap map[string]bccsp.BCCSP - - // factories' Sync on Initialization - factoriesInitOnce sync.Once - bootBCCSPInitOnce sync.Once - - // Factories' Initialization Error - factoriesInitError error - - logger = flogging.MustGetLogger("bccsp") -) - -// BCCSPFactory is used to get instances of the BCCSP interface. -// A Factory has name used to address it. -type BCCSPFactory interface { - - // Name returns the name of this factory - Name() string - - // Get returns an instance of BCCSP using opts. - Get(opts *FactoryOpts) (bccsp.BCCSP, error) -} - -// GetDefault returns a non-ephemeral (long-term) BCCSP -func GetDefault() bccsp.BCCSP { - if defaultBCCSP == nil { - logger.Warning("Before using BCCSP, please call InitFactories(). Falling back to bootBCCSP.") - bootBCCSPInitOnce.Do(func() { - var err error - f := &SWFactory{} - bootBCCSP, err = f.Get(GetDefaultOpts()) - if err != nil { - panic("BCCSP Internal error, failed initialization with GetDefaultOpts!") - } - }) - return bootBCCSP - } - return defaultBCCSP -} - -// GetBCCSP returns a BCCSP created according to the options passed in input. -func GetBCCSP(name string) (bccsp.BCCSP, error) { - csp, ok := bccspMap[name] - if !ok { - return nil, errors.Errorf("Could not find BCCSP, no '%s' provider", name) - } - return csp, nil -} - -func initBCCSP(f BCCSPFactory, config *FactoryOpts) error { - csp, err := f.Get(config) - if err != nil { - return errors.Errorf("Could not initialize BCCSP %s [%s]", f.Name(), err) - } - - logger.Debugf("Initialize BCCSP [%s]", f.Name()) - bccspMap[f.Name()] = csp - return nil -} diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/nopkcs11.go b/internal/github.com/hyperledger/fabric/bccsp/factory/nopkcs11.go deleted file mode 100644 index 8f174f4977..0000000000 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/nopkcs11.go +++ /dev/null @@ -1,103 +0,0 @@ -// +build !pkcs11 - -/* -Copyright IBM Corp. 2017 All Rights Reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -/* -Notice: This file has been modified for Hyperledger Fabric SDK Go usage. -Please review third_party pinning scripts and patches for more details. -*/ -package factory - -import ( - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/pkg/errors" -) - -// FactoryOpts holds configuration information used to initialize factory implementations -type FactoryOpts struct { - ProviderName string `mapstructure:"default" json:"default" yaml:"Default"` - SwOpts *SwOpts `mapstructure:"SW,omitempty" json:"SW,omitempty" yaml:"SwOpts"` - PluginOpts *PluginOpts `mapstructure:"PLUGIN,omitempty" json:"PLUGIN,omitempty" yaml:"PluginOpts"` -} - -// InitFactories must be called before using factory interfaces -// It is acceptable to call with config = nil, in which case -// some defaults will get used -// Error is returned only if defaultBCCSP cannot be found -func InitFactories(config *FactoryOpts) error { - factoriesInitOnce.Do(func() { - // Take some precautions on default opts - if config == nil { - config = GetDefaultOpts() - } - - if config.ProviderName == "" { - config.ProviderName = "SW" - } - - if config.SwOpts == nil { - config.SwOpts = GetDefaultOpts().SwOpts - } - - // Initialize factories map - bccspMap = make(map[string]bccsp.BCCSP) - - // Software-Based BCCSP - if config.SwOpts != nil { - f := &SWFactory{} - err := initBCCSP(f, config) - if err != nil { - factoriesInitError = errors.Wrapf(err, "Failed initializing BCCSP.") - } - } - - // BCCSP Plugin - if config.PluginOpts != nil { - f := &PluginFactory{} - err := initBCCSP(f, config) - if err != nil { - factoriesInitError = errors.Wrapf(err, "Failed initializing PKCS11.BCCSP %s", factoriesInitError) - } - } - - var ok bool - defaultBCCSP, ok = bccspMap[config.ProviderName] - if !ok { - factoriesInitError = errors.Errorf("%s\nCould not find default `%s` BCCSP", factoriesInitError, config.ProviderName) - } - }) - - return factoriesInitError -} - -// GetBCCSPFromOpts returns a BCCSP created according to the options passed in input. -func GetBCCSPFromOpts(config *FactoryOpts) (bccsp.BCCSP, error) { - var f BCCSPFactory - switch config.ProviderName { - case "SW": - f = &SWFactory{} - case "PLUGIN": - f = &PluginFactory{} - default: - return nil, errors.Errorf("Could not find BCCSP, no '%s' provider", config.ProviderName) - } - - csp, err := f.Get(config) - if err != nil { - return nil, errors.Wrapf(err, "Could not initialize BCCSP %s", f.Name()) - } - return csp, nil -} diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/opts.go b/internal/github.com/hyperledger/fabric/bccsp/factory/opts.go deleted file mode 100644 index 75e273af5f..0000000000 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/opts.go +++ /dev/null @@ -1,39 +0,0 @@ -/* -Copyright IBM Corp. 2016 All Rights Reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -/* -Notice: This file has been modified for Hyperledger Fabric SDK Go usage. -Please review third_party pinning scripts and patches for more details. -*/ -package factory - -// GetDefaultOpts offers a default implementation for Opts -// returns a new instance every time -func GetDefaultOpts() *FactoryOpts { - return &FactoryOpts{ - ProviderName: "SW", - SwOpts: &SwOpts{ - HashFamily: "SHA2", - SecLevel: 256, - - Ephemeral: true, - }, - } -} - -// FactoryName returns the name of the provider -func (o *FactoryOpts) FactoryName() string { - return o.ProviderName -} diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11.go b/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11.go deleted file mode 100644 index cd9be7076c..0000000000 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11.go +++ /dev/null @@ -1,122 +0,0 @@ -// +build pkcs11 - -/* -Copyright IBM Corp. 2017 All Rights Reserved. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -/* -Notice: This file has been modified for Hyperledger Fabric SDK Go usage. -Please review third_party pinning scripts and patches for more details. -*/ -package factory - -import ( - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" - "github.com/hyperledger/fabric-sdk-go/pkg/errors" -) - -// FactoryOpts holds configuration information used to initialize factory implementations -type FactoryOpts struct { - ProviderName string `mapstructure:"default" json:"default" yaml:"Default"` - SwOpts *SwOpts `mapstructure:"SW,omitempty" json:"SW,omitempty" yaml:"SwOpts"` - PluginOpts *PluginOpts `mapstructure:"PLUGIN,omitempty" json:"PLUGIN,omitempty" yaml:"PluginOpts"` - Pkcs11Opts *pkcs11.PKCS11Opts `mapstructure:"PKCS11,omitempty" json:"PKCS11,omitempty" yaml:"PKCS11"` -} - -// InitFactories must be called before using factory interfaces -// It is acceptable to call with config = nil, in which case -// some defaults will get used -// Error is returned only if defaultBCCSP cannot be found -func InitFactories(config *FactoryOpts) error { - factoriesInitOnce.Do(func() { - setFactories(config) - }) - - return factoriesInitError -} - -func setFactories(config *FactoryOpts) error { - // Take some precautions on default opts - if config == nil { - config = GetDefaultOpts() - } - - if config.ProviderName == "" { - config.ProviderName = "SW" - } - - if config.SwOpts == nil { - config.SwOpts = GetDefaultOpts().SwOpts - } - - // Initialize factories map - bccspMap = make(map[string]bccsp.BCCSP) - - // Software-Based BCCSP - if config.SwOpts != nil { - f := &SWFactory{} - err := initBCCSP(f, config) - if err != nil { - factoriesInitError = errors.Wrap(err, "Failed initializing SW.BCCSP") - } - } - - // PKCS11-Based BCCSP - if config.Pkcs11Opts != nil { - f := &PKCS11Factory{} - err := initBCCSP(f, config) - if err != nil { - factoriesInitError = errors.Wrapf(err, "Failed initializing PKCS11.BCCSP %s", factoriesInitError) - } - } - - // BCCSP Plugin - if config.PluginOpts != nil { - f := &PluginFactory{} - err := initBCCSP(f, config) - if err != nil { - factoriesInitError = errors.Wrapf(err, "Failed initializing PKCS11.BCCSP %s", factoriesInitError) - } - } - - var ok bool - defaultBCCSP, ok = bccspMap[config.ProviderName] - if !ok { - factoriesInitError = errors.Errorf("%s\nCould not find default `%s` BCCSP", factoriesInitError, config.ProviderName) - } - - return factoriesInitError -} - -// GetBCCSPFromOpts returns a BCCSP created according to the options passed in input. -func GetBCCSPFromOpts(config *FactoryOpts) (bccsp.BCCSP, error) { - var f BCCSPFactory - switch config.ProviderName { - case "SW": - f = &SWFactory{} - case "PKCS11": - f = &PKCS11Factory{} - case "PLUGIN": - f = &PluginFactory{} - default: - return nil, errors.Errorf("Could not find BCCSP, no '%s' provider", config.ProviderName) - } - - csp, err := f.Get(config) - if err != nil { - return nil, errors.Wrapf(err, "Could not initialize BCCSP %s", f.Name()) - } - return csp, nil -} diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11factory.go b/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11/pkcs11factory.go similarity index 91% rename from internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11factory.go rename to internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11/pkcs11factory.go index 524e0ca71c..7a73d83866 100644 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11factory.go +++ b/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11/pkcs11factory.go @@ -1,5 +1,3 @@ -// +build pkcs11 - /* Copyright IBM Corp. 2016 All Rights Reserved. @@ -19,7 +17,7 @@ limitations under the License. Notice: This file has been modified for Hyperledger Fabric SDK Go usage. Please review third_party pinning scripts and patches for more details. */ -package factory +package pkcs11 import ( "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" @@ -42,14 +40,12 @@ func (f *PKCS11Factory) Name() string { } // Get returns an instance of BCCSP using Opts. -func (f *PKCS11Factory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { +func (f *PKCS11Factory) Get(p11Opts *pkcs11.PKCS11Opts) (bccsp.BCCSP, error) { // Validate arguments - if config == nil || config.Pkcs11Opts == nil { + if p11Opts == nil { return nil, errors.New("Invalid config. It must not be nil.") } - p11Opts := config.Pkcs11Opts - //TODO: PKCS11 does not need a keystore, but we have not migrated all of PKCS11 BCCSP to PKCS11 yet var ks bccsp.KeyStore if p11Opts.Ephemeral == true { diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/pluginfactory.go b/internal/github.com/hyperledger/fabric/bccsp/factory/plugin/pluginfactory.go similarity index 75% rename from internal/github.com/hyperledger/fabric/bccsp/factory/pluginfactory.go rename to internal/github.com/hyperledger/fabric/bccsp/factory/plugin/pluginfactory.go index 3d5a9374cd..12fc8a00d9 100644 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/pluginfactory.go +++ b/internal/github.com/hyperledger/fabric/bccsp/factory/plugin/pluginfactory.go @@ -1,5 +1,3 @@ -// +build linux,!nobccspplugin - /* Copyright IBM Corp. All Rights Reserved. @@ -9,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0 Notice: This file has been modified for Hyperledger Fabric SDK Go usage. Please review third_party pinning scripts and patches for more details. */ -package factory +package plugin import ( "errors" @@ -42,26 +40,26 @@ func (f *PluginFactory) Name() string { } // Get returns an instance of BCCSP using Opts. -func (f *PluginFactory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { +func (f *PluginFactory) Get(pluginOpts *PluginOpts) (bccsp.BCCSP, error) { // check for valid config - if config == nil || config.PluginOpts == nil { + if pluginOpts == nil { return nil, errors.New("Invalid config. It must not be nil.") } // Library is required property - if config.PluginOpts.Library == "" { + if pluginOpts.Library == "" { return nil, errors.New("Invalid config: missing property 'Library'") } // make sure the library exists - if _, err := os.Stat(config.PluginOpts.Library); err != nil { - return nil, fmt.Errorf("Could not find library '%s' [%s]", config.PluginOpts.Library, err) + if _, err := os.Stat(pluginOpts.Library); err != nil { + return nil, fmt.Errorf("Could not find library '%s' [%s]", pluginOpts.Library, err) } // attempt to load the library as a plugin - plug, err := plugin.Open(config.PluginOpts.Library) + plug, err := plugin.Open(pluginOpts.Library) if err != nil { - return nil, fmt.Errorf("Failed to load plugin '%s' [%s]", config.PluginOpts.Library, err) + return nil, fmt.Errorf("Failed to load plugin '%s' [%s]", pluginOpts.Library, err) } // lookup the required symbol 'New' @@ -76,5 +74,5 @@ func (f *PluginFactory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { return nil, fmt.Errorf("Plugin does not implement the required function signature for 'New'") } - return new(config.PluginOpts.Config) + return new(pluginOpts.Config) } diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/sdkpatch_pluginfactory_noplugin.go b/internal/github.com/hyperledger/fabric/bccsp/factory/sdkpatch_pluginfactory_noplugin.go deleted file mode 100644 index 84a14bc78e..0000000000 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/sdkpatch_pluginfactory_noplugin.go +++ /dev/null @@ -1,44 +0,0 @@ -// +build !linux,!nobccspplugin nobccspplugin - -/* -Copyright IBM Corp., SecureKey Technologies Inc. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ -/* -Notice: This file has been modified for Hyperledger Fabric SDK Go usage. -Please review third_party pinning scripts and patches for more details. -*/ -package factory - -import ( - "github.com/hyperledger/fabric-sdk-go/pkg/errors" - - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" -) - -const ( - // PluginFactoryName is the factory name for BCCSP plugins - PluginFactoryName = "PLUGIN" -) - -// PluginOpts contains the options for the PluginFactory -type PluginOpts struct { - // Path to plugin library - Library string - // Config map for the plugin library - Config map[string]interface{} -} - -// PluginFactory is the factory for BCCSP plugins -type PluginFactory struct{} - -// Name returns the name of this factory -func (f *PluginFactory) Name() string { - return PluginFactoryName -} - -// Get returns an instance of BCCSP using Opts. -func (f *PluginFactory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { - return nil, errors.New("not supported") -} diff --git a/internal/github.com/hyperledger/fabric/bccsp/factory/swfactory.go b/internal/github.com/hyperledger/fabric/bccsp/factory/sw/swfactory.go similarity index 94% rename from internal/github.com/hyperledger/fabric/bccsp/factory/swfactory.go rename to internal/github.com/hyperledger/fabric/bccsp/factory/sw/swfactory.go index dec8aa577f..e8d2b71cce 100644 --- a/internal/github.com/hyperledger/fabric/bccsp/factory/swfactory.go +++ b/internal/github.com/hyperledger/fabric/bccsp/factory/sw/swfactory.go @@ -17,7 +17,7 @@ limitations under the License. Notice: This file has been modified for Hyperledger Fabric SDK Go usage. Please review third_party pinning scripts and patches for more details. */ -package factory +package sw import ( "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" @@ -39,14 +39,12 @@ func (f *SWFactory) Name() string { } // Get returns an instance of BCCSP using Opts. -func (f *SWFactory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { +func (f *SWFactory) Get(swOpts *SwOpts) (bccsp.BCCSP, error) { // Validate arguments - if config == nil || config.SwOpts == nil { + if swOpts == nil { return nil, errors.New("Invalid config. It must not be nil.") } - swOpts := config.SwOpts - var ks bccsp.KeyStore if swOpts.Ephemeral == true { ks = sw.NewDummyKeyStore() diff --git a/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go index 7c6b25df35..c7f79b9c78 100644 --- a/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go +++ b/internal/github.com/hyperledger/fabric/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -16,7 +16,6 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" @@ -48,11 +47,6 @@ const ( X509Certificate = bccsp.X509Certificate ) -// FactoryOpts holds configuration information used to initialize bccsp factory implementations -type FactoryOpts struct { - *factory.FactoryOpts -} - // NewCspSigner is a bridge for bccsp signer.New call func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { return cspsigner.New(csp, key) diff --git a/pkg/cryptosuite/bccsp/cryptosuiteimpl.go b/pkg/cryptosuite/bccsp/cryptosuiteimpl.go deleted file mode 100644 index fa8d213286..0000000000 --- a/pkg/cryptosuite/bccsp/cryptosuiteimpl.go +++ /dev/null @@ -1,100 +0,0 @@ -/* -Copyright SecureKey Technologies Inc. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package bccsp - -import ( - "hash" - - "github.com/hyperledger/fabric-sdk-go/api/apiconfig" - "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - "github.com/hyperledger/fabric-sdk-go/pkg/logging" -) - -var logger = logging.NewLogger("fabric_sdk_go") - -//GetSuite returns cryptosuite adaptor for given bccsp.BCCSP implementation -func GetSuite(bccsp bccsp.BCCSP) apicryptosuite.CryptoSuite { - return &cryptoSuite{bccsp} -} - -//GetSuiteByConfig returns cryptosuite adaptor for bccsp loaded according to given config -func GetSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { - opts := GetOptsByConfig(config) - bccsp, err := bccspFactory.GetBCCSPFromOpts(opts) - - if err != nil { - return nil, err - } - return &cryptoSuite{bccsp}, nil -} - -//GetKey returns implementation of of cryptosuite.Key -func GetKey(newkey bccsp.Key) apicryptosuite.Key { - return &key{newkey} -} - -type cryptoSuite struct { - bccsp bccsp.BCCSP -} - -func (c *cryptoSuite) KeyGen(opts apicryptosuite.KeyGenOpts) (k apicryptosuite.Key, err error) { - key, err := c.bccsp.KeyGen(opts) - return GetKey(key), err -} - -func (c *cryptoSuite) KeyImport(raw interface{}, opts apicryptosuite.KeyImportOpts) (k apicryptosuite.Key, err error) { - key, err := c.bccsp.KeyImport(raw, opts) - return GetKey(key), err -} - -func (c *cryptoSuite) GetKey(ski []byte) (k apicryptosuite.Key, err error) { - key, err := c.bccsp.GetKey(ski) - return GetKey(key), err -} - -func (c *cryptoSuite) Hash(msg []byte, opts apicryptosuite.HashOpts) (hash []byte, err error) { - return c.bccsp.Hash(msg, opts) -} - -func (c *cryptoSuite) GetHash(opts apicryptosuite.HashOpts) (h hash.Hash, err error) { - return c.bccsp.GetHash(opts) -} - -func (c *cryptoSuite) Sign(k apicryptosuite.Key, digest []byte, opts apicryptosuite.SignerOpts) (signature []byte, err error) { - return c.bccsp.Sign(k.(*key).key, digest, opts) -} - -func (c *cryptoSuite) Verify(k apicryptosuite.Key, signature, digest []byte, opts apicryptosuite.SignerOpts) (valid bool, err error) { - return c.bccsp.Verify(k.(*key).key, signature, digest, opts) -} - -type key struct { - key bccsp.Key -} - -func (k *key) Bytes() ([]byte, error) { - return k.key.Bytes() -} - -func (k *key) SKI() []byte { - return k.key.SKI() -} - -func (k *key) Symmetric() bool { - return k.key.Symmetric() -} - -func (k *key) Private() bool { - return k.key.Private() -} - -func (k *key) PublicKey() (apicryptosuite.Key, error) { - key, err := k.key.PublicKey() - return GetKey(key), err -} diff --git a/pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl.go b/pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl.go new file mode 100644 index 0000000000..4f57e3d9ec --- /dev/null +++ b/pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl.go @@ -0,0 +1,27 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package multisuite + +import ( + "github.com/hyperledger/fabric-sdk-go/api/apiconfig" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/pkcs11" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" + "github.com/hyperledger/fabric-sdk-go/pkg/errors" +) + +//GetSuiteByConfig returns cryptosuite adaptor for bccsp loaded according to given config +func GetSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { + switch config.SecurityProvider() { + case "SW": + return sw.GetSuiteByConfig(config) + case "PKCS11": + return pkcs11.GetSuiteByConfig(config) + } + + return nil, errors.Errorf("Unsupported security provider requested: %s", config.SecurityProvider()) +} diff --git a/pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl_test.go b/pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl_test.go new file mode 100644 index 0000000000..0d5607925d --- /dev/null +++ b/pkg/cryptosuite/bccsp/multisuite/cryptosuiteimpl_test.go @@ -0,0 +1,95 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package multisuite + +import ( + "reflect" + "testing" + + "github.com/golang/mock/gomock" + "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" +) + +func TestBadConfig(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("UNKNOWN") + mockConfig.EXPECT().SecurityProvider().Return("UNKNOWN") + + //Get cryptosuite using config + _, err := GetSuiteByConfig(mockConfig) + if err == nil { + t.Fatalf("Unknown security provider should return error") + } +} + +func TestCryptoSuiteByConfigSW(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("SW") + mockConfig.EXPECT().SecurityProvider().Return("SW") + mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") + mockConfig.EXPECT().SecurityLevel().Return(256) + mockConfig.EXPECT().KeyStorePath().Return("") + mockConfig.EXPECT().Ephemeral().Return(true) + + //Get cryptosuite using config + c, err := GetSuiteByConfig(mockConfig) + if err != nil { + t.Fatalf("Not supposed to get error, but got: %v", err) + } + + verifySuiteType(t, c, "*sw.impl") +} + +func TestCryptoSuiteByConfigPKCS11(t *testing.T) { + + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + //Prepare Config + providerLib, softHSMPin, softHSMTokenLabel := pkcs11.FindPKCS11Lib() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("PKCS11") + mockConfig.EXPECT().SecurityProvider().Return("PKCS11") + mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") + mockConfig.EXPECT().SecurityLevel().Return(256) + mockConfig.EXPECT().KeyStorePath().Return("") + mockConfig.EXPECT().Ephemeral().Return(true) + mockConfig.EXPECT().SecurityProviderLibPath().Return(providerLib) + mockConfig.EXPECT().SecurityProviderLabel().Return(softHSMTokenLabel) + mockConfig.EXPECT().SecurityProviderPin().Return(softHSMPin) + mockConfig.EXPECT().SoftVerify().Return(true) + + //Get cryptosuite using config + c, err := GetSuiteByConfig(mockConfig) + if err != nil { + t.Fatalf("Not supposed to get error, but got: %v", err) + } + + verifySuiteType(t, c, "*pkcs11.impl") +} + +func verifySuiteType(t *testing.T, c apicryptosuite.CryptoSuite, expectedType string) { + w, ok := c.(*wrapper.CryptoSuite) + if !ok { + t.Fatal("Unexpected cryptosuite type") + } + + suiteType := reflect.TypeOf(w.BCCSP) + if suiteType.String() != expectedType { + t.Fatalf("Unexpected cryptosuite type: %s", suiteType) + } +} diff --git a/pkg/cryptosuite/bccsp/nopkcs11.go b/pkg/cryptosuite/bccsp/nopkcs11.go deleted file mode 100644 index f054c3ef31..0000000000 --- a/pkg/cryptosuite/bccsp/nopkcs11.go +++ /dev/null @@ -1,42 +0,0 @@ -// +build !pkcs11 - -/* -Copyright SecureKey Technologies Inc. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package bccsp - -import ( - "fmt" - - "github.com/hyperledger/fabric-sdk-go/api/apiconfig" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" -) - -//GetOptsByConfig Returns Factory opts for given SDK config -func GetOptsByConfig(c apiconfig.Config) *bccspFactory.FactoryOpts { - var opts *bccspFactory.FactoryOpts - - switch c.SecurityProvider() { - case "SW": - opts = &bccspFactory.FactoryOpts{ - ProviderName: "SW", - SwOpts: &bccspFactory.SwOpts{ - HashFamily: c.SecurityAlgorithm(), - SecLevel: c.SecurityLevel(), - FileKeystore: &bccspFactory.FileKeystoreOpts{ - KeyStorePath: c.KeyStorePath(), - }, - Ephemeral: c.Ephemeral(), - }, - } - logger.Debug("Initialized SW ") - bccspFactory.InitFactories(opts) - return opts - - default: - panic(fmt.Sprintf("Unsupported BCCSP Provider: %s", c.SecurityProvider())) - } -} diff --git a/pkg/cryptosuite/bccsp/nopkcs11_test.go b/pkg/cryptosuite/bccsp/nopkcs11_test.go deleted file mode 100644 index f1d1b10496..0000000000 --- a/pkg/cryptosuite/bccsp/nopkcs11_test.go +++ /dev/null @@ -1,36 +0,0 @@ -// +build !pkcs11 - -/* -Copyright SecureKey Technologies Inc. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package bccsp - -import ( - "testing" - - "github.com/golang/mock/gomock" - "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" -) - -func TestCryptoSuiteByConfigPKCS11Unsupported(t *testing.T) { - defer func() { - if r := recover(); r == nil { - t.Errorf("was supposed to panic") - } - }() - - //Prepare Config - mockCtrl := gomock.NewController(t) - defer mockCtrl.Finish() - //Prepare Config - mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) - mockConfig.EXPECT().SecurityProvider().Return("PKCS11") - mockConfig.EXPECT().SecurityProvider().Return("PKCS11") - - //Get cryptosuite using config - GetSuiteByConfig(mockConfig) - t.Fatalf("Getting cryptosuite with unsupported pkcs11 security provider supposed to panic") -} diff --git a/pkg/cryptosuite/bccsp/pkcs11.go b/pkg/cryptosuite/bccsp/pkcs11.go deleted file mode 100644 index 76b1928bfc..0000000000 --- a/pkg/cryptosuite/bccsp/pkcs11.go +++ /dev/null @@ -1,62 +0,0 @@ -// +build pkcs11 - -/* -Copyright SecureKey Technologies Inc. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package bccsp - -import ( - "fmt" - - "github.com/hyperledger/fabric-sdk-go/api/apiconfig" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" -) - -//GetOptsByConfig Returns Factory opts for given SDK config -func GetOptsByConfig(c apiconfig.Config) *bccspFactory.FactoryOpts { - var opts *bccspFactory.FactoryOpts - - switch c.SecurityProvider() { - case "SW": - opts = &bccspFactory.FactoryOpts{ - ProviderName: "SW", - SwOpts: &bccspFactory.SwOpts{ - HashFamily: c.SecurityAlgorithm(), - SecLevel: c.SecurityLevel(), - FileKeystore: &bccspFactory.FileKeystoreOpts{ - KeyStorePath: c.KeyStorePath(), - }, - Ephemeral: c.Ephemeral(), - }, - } - logger.Debug("Initialized SW ") - bccspFactory.InitFactories(opts) - return opts - - case "PKCS11": - pkks := pkcs11.FileKeystoreOpts{KeyStorePath: c.KeyStorePath()} - opts = &bccspFactory.FactoryOpts{ - ProviderName: "PKCS11", - Pkcs11Opts: &pkcs11.PKCS11Opts{ - SecLevel: c.SecurityLevel(), - HashFamily: c.SecurityAlgorithm(), - Ephemeral: c.Ephemeral(), - FileKeystore: &pkks, - Library: c.SecurityProviderLibPath(), - Pin: c.SecurityProviderPin(), - Label: c.SecurityProviderLabel(), - SoftVerify: c.SoftVerify(), - }, - } - logger.Debug("Initialized PKCS11 ") - bccspFactory.InitFactories(opts) - return opts - default: - panic(fmt.Sprintf("Unsupported BCCSP Provider: %s", c.SecurityProvider())) - - } -} diff --git a/pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl.go b/pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl.go new file mode 100644 index 0000000000..faddc2eae1 --- /dev/null +++ b/pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl.go @@ -0,0 +1,64 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package pkcs11 + +import ( + "github.com/hyperledger/fabric-sdk-go/api/apiconfig" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + bccspPkcs11 "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" + "github.com/hyperledger/fabric-sdk-go/pkg/errors" + "github.com/hyperledger/fabric-sdk-go/pkg/logging" +) + +var logger = logging.NewLogger("fabric_sdk_go") + +//GetSuiteByConfig returns cryptosuite adaptor for bccsp loaded according to given config +func GetSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { + // TODO: delete this check? + if config.SecurityProvider() != "PKCS11" { + return nil, errors.Errorf("Unsupported BCCSP Provider: %s", config.SecurityProvider()) + } + + opts := getOptsByConfig(config) + bccsp, err := getBCCSPFromOpts(opts) + + if err != nil { + return nil, err + } + return &wrapper.CryptoSuite{BCCSP: bccsp}, nil +} + +func getBCCSPFromOpts(config *pkcs11.PKCS11Opts) (bccsp.BCCSP, error) { + f := &bccspPkcs11.PKCS11Factory{} + + csp, err := f.Get(config) + if err != nil { + return nil, errors.Wrapf(err, "Could not initialize BCCSP %s", f.Name()) + } + return csp, nil +} + +//getOptsByConfig Returns Factory opts for given SDK config +func getOptsByConfig(c apiconfig.Config) *pkcs11.PKCS11Opts { + pkks := pkcs11.FileKeystoreOpts{KeyStorePath: c.KeyStorePath()} + opts := &pkcs11.PKCS11Opts{ + SecLevel: c.SecurityLevel(), + HashFamily: c.SecurityAlgorithm(), + Ephemeral: c.Ephemeral(), + FileKeystore: &pkks, + Library: c.SecurityProviderLibPath(), + Pin: c.SecurityProviderPin(), + Label: c.SecurityProviderLabel(), + SoftVerify: c.SoftVerify(), + } + logger.Debug("Initialized PKCS11 cryptosuite") + + return opts +} diff --git a/test/integration/pkcs11_config_test.go b/pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl_test.go similarity index 58% rename from test/integration/pkcs11_config_test.go rename to pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl_test.go index 87aae8b5a2..b9695f6821 100644 --- a/test/integration/pkcs11_config_test.go +++ b/pkg/cryptosuite/bccsp/pkcs11/cryptosuiteimpl_test.go @@ -1,14 +1,14 @@ -// +build testpkcs11 - /* Copyright SecureKey Technologies Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package integration +package pkcs11 import ( + "bytes" + "crypto/sha256" "os" "testing" @@ -16,9 +16,11 @@ import ( api "github.com/hyperledger/fabric-sdk-go/api/apiconfig" "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" - pkcsFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - pkcs11 "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + pkcsFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory/pkcs11" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/pkcs11" + "github.com/hyperledger/fabric-sdk-go/pkg/logging/utils" ) var configImpl api.Config @@ -28,6 +30,20 @@ const ( providerTypePKCS11 = "PKCS11" ) +func TestBadConfig(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("UNKNOWN") + mockConfig.EXPECT().SecurityProvider().Return("UNKNOWN") + + //Get cryptosuite using config + _, err := GetSuiteByConfig(mockConfig) + if err == nil { + t.Fatalf("Unknown security provider should return error") + } +} func TestCryptoSuiteByConfigPKCS11(t *testing.T) { mockCtrl := gomock.NewController(t) @@ -48,10 +64,35 @@ func TestCryptoSuiteByConfigPKCS11(t *testing.T) { mockConfig.EXPECT().SoftVerify().Return(true) //Get cryptosuite using config - _, err := cryptosuite.GetSuiteByConfig(mockConfig) + c, err := GetSuiteByConfig(mockConfig) if err != nil { t.Fatalf("Not supposed to get error, but got: %v", err) } + + verifyHashFn(t, c) +} + +func TestCryptoSuiteByConfigPKCS11Failure(t *testing.T) { + + //Prepare Config + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + //Prepare Config + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("PKCS11") + mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") + mockConfig.EXPECT().SecurityLevel().Return(256) + mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") + mockConfig.EXPECT().Ephemeral().Return(false) + mockConfig.EXPECT().SecurityProviderLibPath().Return("") + mockConfig.EXPECT().SecurityProviderLabel().Return("") + mockConfig.EXPECT().SecurityProviderPin().Return("") + mockConfig.EXPECT().SoftVerify().Return(true) + + //Get cryptosuite using config + samplecryptoSuite, err := GetSuiteByConfig(mockConfig) + utils.VerifyNotEmpty(t, err, "Supposed to get error on GetSuiteByConfig call : %s", err) + utils.VerifyEmpty(t, samplecryptoSuite, "Not supposed to get valid cryptosuite") } func TestPKCS11CSPConfigWithValidOptions(t *testing.T) { @@ -103,7 +144,7 @@ func TestPKCS11CSPConfigWithEmptyProviderName(t *testing.T) { } } -func configurePKCS11Options(hashFamily string, securityLevel int) *pkcsFactory.FactoryOpts { +func configurePKCS11Options(hashFamily string, securityLevel int) *pkcs11.PKCS11Opts { providerLib, softHSMPin, softHSMTokenLabel := pkcs11.FindPKCS11Lib() pkks := pkcs11.FileKeystoreOpts{KeyStorePath: os.TempDir()} @@ -118,11 +159,19 @@ func configurePKCS11Options(hashFamily string, securityLevel int) *pkcsFactory.F Ephemeral: false, } - opts := &pkcsFactory.FactoryOpts{ - ProviderName: providerTypePKCS11, - Pkcs11Opts: &pkcsOpt, + return &pkcsOpt + +} + +func verifyHashFn(t *testing.T, c apicryptosuite.CryptoSuite) { + msg := []byte("Hello") + e := sha256.Sum256(msg) + a, err := c.Hash(msg, &bccsp.SHA256Opts{}) + if err != nil { + t.Fatalf("Not supposed to get error, but got: %v", err) } - pkcsFactory.InitFactories(opts) - return opts + if bytes.Compare(a, e[:]) != 0 { + t.Fatalf("Expected SHA 256 hash function") + } } diff --git a/pkg/cryptosuite/bccsp/pkcs11_test.go b/pkg/cryptosuite/bccsp/pkcs11_test.go deleted file mode 100644 index 4657b8fa82..0000000000 --- a/pkg/cryptosuite/bccsp/pkcs11_test.go +++ /dev/null @@ -1,40 +0,0 @@ -// +build pkcs11 - -/* -Copyright SecureKey Technologies Inc. All Rights Reserved. - -SPDX-License-Identifier: Apache-2.0 -*/ - -package bccsp - -import ( - "testing" - - "github.com/golang/mock/gomock" - "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" - "github.com/hyperledger/fabric-sdk-go/pkg/logging/utils" -) - -func TestCryptoSuiteByConfigPKCS11Failure(t *testing.T) { - - //Prepare Config - mockCtrl := gomock.NewController(t) - defer mockCtrl.Finish() - //Prepare Config - mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) - mockConfig.EXPECT().SecurityProvider().Return("PKCS11") - mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") - mockConfig.EXPECT().SecurityLevel().Return(256) - mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") - mockConfig.EXPECT().Ephemeral().Return(false) - mockConfig.EXPECT().SecurityProviderLibPath().Return("") - mockConfig.EXPECT().SecurityProviderLabel().Return("") - mockConfig.EXPECT().SecurityProviderPin().Return("") - mockConfig.EXPECT().SoftVerify().Return(true) - - //Get cryptosuite using config - samplecryptoSuite, err := GetSuiteByConfig(mockConfig) - utils.VerifyNotEmpty(t, err, "Supposed to get error on GetSuiteByConfig call : %s", err) - utils.VerifyEmpty(t, samplecryptoSuite, "Not supposed to get valid cryptosuite") -} diff --git a/pkg/cryptosuite/bccsp/sw/cryptosuiteimpl.go b/pkg/cryptosuite/bccsp/sw/cryptosuiteimpl.go new file mode 100644 index 0000000000..4212428b27 --- /dev/null +++ b/pkg/cryptosuite/bccsp/sw/cryptosuiteimpl.go @@ -0,0 +1,82 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package sw + +import ( + "github.com/hyperledger/fabric-sdk-go/api/apiconfig" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + bccspSw "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory/sw" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" + "github.com/hyperledger/fabric-sdk-go/pkg/errors" + "github.com/hyperledger/fabric-sdk-go/pkg/logging" +) + +var logger = logging.NewLogger("fabric_sdk_go") + +//GetSuiteByConfig returns cryptosuite adaptor for bccsp loaded according to given config +func GetSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { + // TODO: delete this check? + if config.SecurityProvider() != "SW" { + return nil, errors.Errorf("Unsupported BCCSP Provider: %s", config.SecurityProvider()) + } + + opts := getOptsByConfig(config) + bccsp, err := getBCCSPFromOpts(opts) + + if err != nil { + return nil, err + } + return &wrapper.CryptoSuite{BCCSP: bccsp}, nil +} + +//GetSuiteWithDefaultEphemeral returns cryptosuite adaptor for bccsp with default ephemeral options (intended to aid testing) +func GetSuiteWithDefaultEphemeral() (apicryptosuite.CryptoSuite, error) { + opts := getEphemeralOpts() + bccsp, err := getBCCSPFromOpts(opts) + + if err != nil { + return nil, err + } + return &wrapper.CryptoSuite{BCCSP: bccsp}, nil +} + +func getBCCSPFromOpts(config *bccspSw.SwOpts) (bccsp.BCCSP, error) { + f := &bccspSw.SWFactory{} + + csp, err := f.Get(config) + if err != nil { + return nil, errors.Wrapf(err, "Could not initialize BCCSP %s", f.Name()) + } + return csp, nil +} + +//GetOptsByConfig Returns Factory opts for given SDK config +func getOptsByConfig(c apiconfig.Config) *bccspSw.SwOpts { + opts := &bccspSw.SwOpts{ + HashFamily: c.SecurityAlgorithm(), + SecLevel: c.SecurityLevel(), + FileKeystore: &bccspSw.FileKeystoreOpts{ + KeyStorePath: c.KeyStorePath(), + }, + Ephemeral: c.Ephemeral(), + } + logger.Debug("Initialized SW cryptosuite") + + return opts +} + +func getEphemeralOpts() *bccspSw.SwOpts { + opts := &bccspSw.SwOpts{ + HashFamily: "SHA2", + SecLevel: 256, + Ephemeral: true, + } + logger.Debug("Initialized ephemeral SW cryptosuite with default opts") + + return opts +} diff --git a/pkg/cryptosuite/bccsp/sw/cryptosuiteimpl_test.go b/pkg/cryptosuite/bccsp/sw/cryptosuiteimpl_test.go new file mode 100644 index 0000000000..d7576c9463 --- /dev/null +++ b/pkg/cryptosuite/bccsp/sw/cryptosuiteimpl_test.go @@ -0,0 +1,92 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package sw + +import ( + "bytes" + "crypto/sha256" + "testing" + + "github.com/golang/mock/gomock" + "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" +) + +func TestBadConfig(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("UNKNOWN") + mockConfig.EXPECT().SecurityProvider().Return("UNKNOWN") + + //Get cryptosuite using config + _, err := GetSuiteByConfig(mockConfig) + if err == nil { + t.Fatalf("Unknown security provider should return error") + } +} + +func TestCryptoSuiteByConfigSW(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("SW") + mockConfig.EXPECT().SecurityAlgorithm().Return("SHA2") + mockConfig.EXPECT().SecurityLevel().Return(256) + mockConfig.EXPECT().KeyStorePath().Return("") + mockConfig.EXPECT().Ephemeral().Return(true) + + //Get cryptosuite using config + c, err := GetSuiteByConfig(mockConfig) + if err != nil { + t.Fatalf("Not supposed to get error, but got: %v", err) + } + + verifyHashFn(t, c) +} + +func TestCryptoSuiteByBadConfigSW(t *testing.T) { + mockCtrl := gomock.NewController(t) + defer mockCtrl.Finish() + + mockConfig := mock_apiconfig.NewMockConfig(mockCtrl) + mockConfig.EXPECT().SecurityProvider().Return("SW") + mockConfig.EXPECT().SecurityAlgorithm().Return("SHA0") + mockConfig.EXPECT().SecurityLevel().Return(256) + mockConfig.EXPECT().KeyStorePath().Return("") + mockConfig.EXPECT().Ephemeral().Return(true) + + //Get cryptosuite using config + _, err := GetSuiteByConfig(mockConfig) + if err == nil { + t.Fatalf("Bad configuration should return error") + } +} + +func TestCryptoSuiteDefaultEphemeral(t *testing.T) { + c, err := GetSuiteWithDefaultEphemeral() + if err != nil { + t.Fatalf("Not supposed to get error, but got: %v", err) + } + verifyHashFn(t, c) +} + +func verifyHashFn(t *testing.T, c apicryptosuite.CryptoSuite) { + msg := []byte("Hello") + e := sha256.Sum256(msg) + a, err := c.Hash(msg, &bccsp.SHA256Opts{}) + if err != nil { + t.Fatalf("Not supposed to get error, but got: %v", err) + } + + if bytes.Compare(a, e[:]) != 0 { + t.Fatalf("Expected SHA 256 hash function") + } +} diff --git a/pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl.go b/pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl.go new file mode 100644 index 0000000000..7d313285fc --- /dev/null +++ b/pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl.go @@ -0,0 +1,95 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package wrapper + +import ( + "hash" + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + "github.com/hyperledger/fabric-sdk-go/pkg/logging" +) + +var logger = logging.NewLogger("fabric_sdk_go") + +//NewCryptoSuite returns cryptosuite adaptor for given bccsp.BCCSP implementation +func NewCryptoSuite(bccsp bccsp.BCCSP) CryptoSuite { + return CryptoSuite{bccsp} +} + +//GetKey returns implementation of of cryptosuite.Key +func GetKey(newkey bccsp.Key) apicryptosuite.Key { + return &key{newkey} +} + +// CryptoSuite provides a wrapper of BCCSP +type CryptoSuite struct { + BCCSP bccsp.BCCSP +} + +// KeyGen is a wrapper of BCCSP.KeyGen +func (c *CryptoSuite) KeyGen(opts apicryptosuite.KeyGenOpts) (k apicryptosuite.Key, err error) { + key, err := c.BCCSP.KeyGen(opts) + return GetKey(key), err +} + +// KeyImport is a wrapper of BCCSP.KeyImport +func (c *CryptoSuite) KeyImport(raw interface{}, opts apicryptosuite.KeyImportOpts) (k apicryptosuite.Key, err error) { + key, err := c.BCCSP.KeyImport(raw, opts) + return GetKey(key), err +} + +// GetKey is a wrapper of BCCSP.GetKey +func (c *CryptoSuite) GetKey(ski []byte) (k apicryptosuite.Key, err error) { + key, err := c.BCCSP.GetKey(ski) + return GetKey(key), err +} + +// Hash is a wrapper of BCCSP.Hash +func (c *CryptoSuite) Hash(msg []byte, opts apicryptosuite.HashOpts) (hash []byte, err error) { + return c.BCCSP.Hash(msg, opts) +} + +// GetHash is a wrapper of BCCSP.GetHash +func (c *CryptoSuite) GetHash(opts apicryptosuite.HashOpts) (h hash.Hash, err error) { + return c.BCCSP.GetHash(opts) +} + +// Sign is a wrapper of BCCSP.Sign +func (c *CryptoSuite) Sign(k apicryptosuite.Key, digest []byte, opts apicryptosuite.SignerOpts) (signature []byte, err error) { + return c.BCCSP.Sign(k.(*key).key, digest, opts) +} + +// Verify is a wrapper of BCCSP.Verify +func (c *CryptoSuite) Verify(k apicryptosuite.Key, signature, digest []byte, opts apicryptosuite.SignerOpts) (valid bool, err error) { + return c.BCCSP.Verify(k.(*key).key, signature, digest, opts) +} + +type key struct { + key bccsp.Key +} + +func (k *key) Bytes() ([]byte, error) { + return k.key.Bytes() +} + +func (k *key) SKI() []byte { + return k.key.SKI() +} + +func (k *key) Symmetric() bool { + return k.key.Symmetric() +} + +func (k *key) Private() bool { + return k.key.Private() +} + +func (k *key) PublicKey() (apicryptosuite.Key, error) { + key, err := k.key.PublicKey() + return GetKey(key), err +} diff --git a/pkg/cryptosuite/bccsp/cryptosuiteimpl_test.go b/pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl_test.go similarity index 95% rename from pkg/cryptosuite/bccsp/cryptosuiteimpl_test.go rename to pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl_test.go index 1087ac8ba4..64e81e3180 100644 --- a/pkg/cryptosuite/bccsp/cryptosuiteimpl_test.go +++ b/pkg/cryptosuite/bccsp/wrapper/cryptosuiteimpl_test.go @@ -4,7 +4,7 @@ Copyright SecureKey Technologies Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package bccsp +package wrapper import ( "errors" @@ -15,7 +15,6 @@ import ( "github.com/golang/mock/gomock" "github.com/hyperledger/fabric-sdk-go/api/apiconfig/mocks" - "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" "github.com/hyperledger/fabric-sdk-go/pkg/logging/utils" ) @@ -37,7 +36,7 @@ func TestCryptoSuite(t *testing.T) { samplebccsp := getMockBCCSP(mockIdentifier) //Get cryptosuite - samplecryptoSuite := GetSuite(samplebccsp) + samplecryptoSuite := NewCryptoSuite(samplebccsp) //Verify CryptSuite verifyCryptoSuite(t, samplecryptoSuite) @@ -57,7 +56,7 @@ func TestCryptoSuiteByConfig(t *testing.T) { mockConfig.EXPECT().Ephemeral().Return(false) //Get cryptosuite using config - samplecryptoSuite, err := GetSuiteByConfig(mockConfig) + samplecryptoSuite, err := getSuiteByConfig(mockConfig) utils.VerifyEmpty(t, err, "Not supposed to get error on GetSuiteByConfig call : %s", err) utils.VerifyNotEmpty(t, samplecryptoSuite, "Supposed to get valid cryptosuite") @@ -80,11 +79,11 @@ func TestCryptoSuiteByConfigFailures(t *testing.T) { mockConfig.EXPECT().Ephemeral().Return(false) //Get cryptosuite using config - samplecryptoSuite, err := GetSuiteByConfig(mockConfig) + samplecryptoSuite, err := getSuiteByConfig(mockConfig) utils.VerifyNotEmpty(t, err, "Supposed to get error on GetSuiteByConfig call : %s", err) utils.VerifyEmpty(t, samplecryptoSuite, "Not supposed to get valid cryptosuite") - if !strings.HasPrefix(err.Error(), "Could not initialize BCCSP SW") { + if !strings.HasPrefix(err.Error(), "Failed initializing configuration") { t.Fatalf("Didn't get expected failure, got %s instead", err) } @@ -102,7 +101,7 @@ func TestCreateInvalidBCCSPSecurityLevel(t *testing.T) { mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") mockConfig.EXPECT().Ephemeral().Return(false) - _, err := GetSuiteByConfig(mockConfig) + _, err := getSuiteByConfig(mockConfig) if !strings.Contains(err.Error(), "Security level not supported [100]") { t.Fatalf("Expected invalid security level error, but got %v", err.Error()) } @@ -121,7 +120,7 @@ func TestCreateInvalidBCCSPHashFamily(t *testing.T) { mockConfig.EXPECT().KeyStorePath().Return("/tmp/msp") mockConfig.EXPECT().Ephemeral().Return(false) - _, err := GetSuiteByConfig(mockConfig) + _, err := getSuiteByConfig(mockConfig) if !strings.Contains(err.Error(), "Hash Family not supported [ABC]") { t.Fatalf("Expected invalid hash family error, but got %v", err.Error()) } @@ -143,11 +142,11 @@ func TestCreateInvalidSecurityProviderPanic(t *testing.T) { mockConfig.EXPECT().SecurityProvider().Return("XYZ") mockConfig.EXPECT().SecurityProvider().Return("XYZ") - GetSuiteByConfig(mockConfig) + getSuiteByConfig(mockConfig) t.Fatalf("Getting cryptosuite with invalid security provider supposed to panic") } -func verifyCryptoSuite(t *testing.T, samplecryptoSuite apicryptosuite.CryptoSuite) { +func verifyCryptoSuite(t *testing.T, samplecryptoSuite CryptoSuite) { //Test cryptosuite.Sign signedBytes, err := samplecryptoSuite.Sign(GetKey(getMockKey(signingKey)), nil, nil) utils.VerifyEmpty(t, err, "Not supposed to get any error for samplecryptoSuite.GetKey : %s", err) diff --git a/pkg/cryptosuite/bccsp/wrapper/mocksuite_test.go b/pkg/cryptosuite/bccsp/wrapper/mocksuite_test.go new file mode 100644 index 0000000000..d97ae9eab3 --- /dev/null +++ b/pkg/cryptosuite/bccsp/wrapper/mocksuite_test.go @@ -0,0 +1,53 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package wrapper + +import ( + "fmt" + + "github.com/hyperledger/fabric-sdk-go/api/apiconfig" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" + bccspSw "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory/sw" +) + +//getSuiteByConfig returns cryptosuite adaptor for bccsp loaded according to given config +func getSuiteByConfig(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { + opts := getOptsByConfig(config) + bccsp, err := getBCCSPFromOpts(opts) + + if err != nil { + return nil, err + } + return &CryptoSuite{BCCSP: bccsp}, nil +} + +func getBCCSPFromOpts(config *bccspSw.SwOpts) (bccsp.BCCSP, error) { + f := &bccspSw.SWFactory{} + + return f.Get(config) +} + +//getOptsByConfig Returns Factory opts for given SDK config +func getOptsByConfig(c apiconfig.Config) *bccspSw.SwOpts { + // TODO: delete this check + if c.SecurityProvider() != "SW" { + panic(fmt.Sprintf("Unsupported BCCSP Provider: %s", c.SecurityProvider())) + } + + opts := &bccspSw.SwOpts{ + HashFamily: c.SecurityAlgorithm(), + SecLevel: c.SecurityLevel(), + FileKeystore: &bccspSw.FileKeystoreOpts{ + KeyStorePath: c.KeyStorePath(), + }, + Ephemeral: c.Ephemeral(), + } + logger.Debug("Initialized mock cryptosuite") + + return opts +} diff --git a/pkg/cryptosuite/cryptosuite.go b/pkg/cryptosuite/cryptosuite.go index 39ab371dac..9f015c4f03 100644 --- a/pkg/cryptosuite/cryptosuite.go +++ b/pkg/cryptosuite/cryptosuite.go @@ -15,8 +15,7 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" "github.com/hyperledger/fabric-sdk-go/pkg/logging" ) @@ -43,8 +42,18 @@ func GetDefault() apicryptosuite.CryptoSuite { return defaultCryptoSuite } //Set default suite - logger.Info("No default cryptosuite found, using bccsp factory default implementation") - initSuite(cryptosuiteimpl.GetSuite(factory.GetDefault())) + logger.Info("No default cryptosuite found, using default SW implementation") + + // Use SW as the default cryptosuite when not initialized properly - should be for testing only + s, err := sw.GetSuiteWithDefaultEphemeral() + if err != nil { + logger.Panicf("Could not initialize default cryptosuite: %v", err) + } + err = initSuite(s) + if err != nil { + logger.Panicf("Could not set default cryptosuite: %v", err) + } + return defaultCryptoSuite } diff --git a/pkg/cryptosuite/cryptosuite_test.go b/pkg/cryptosuite/cryptosuite_test.go index e527530743..b80e025139 100644 --- a/pkg/cryptosuite/cryptosuite_test.go +++ b/pkg/cryptosuite/cryptosuite_test.go @@ -11,10 +11,8 @@ import ( "sync/atomic" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" "github.com/hyperledger/fabric-sdk-go/pkg/logging/utils" - - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" ) const ( @@ -64,7 +62,12 @@ func TestGetDefault(t *testing.T) { utils.VerifyNotEmpty(t, err, "supposed to get error when invalid default suite is set") utils.VerifyTrue(t, err.Error() == InvalidDefSuiteSetErrorMsg, "unexpected error : expected [%s], got [%s]", InvalidDefSuiteSetErrorMsg, err.Error()) - err = SetDefault(cryptosuiteimpl.GetSuite(factory.GetDefault())) + s, err := sw.GetSuiteWithDefaultEphemeral() + if err != nil { + t.Fatalf("Unable to get default cryptosuite") + } + + err = SetDefault(s) utils.VerifyEmpty(t, err, "Not supposed to get error when valid default suite is set") } diff --git a/pkg/fabric-ca-client/fabricca_test.go b/pkg/fabric-ca-client/fabricca_test.go index e6dc270e42..ebf1bccf8a 100644 --- a/pkg/fabric-ca-client/fabricca_test.go +++ b/pkg/fabric-ca-client/fabricca_test.go @@ -22,7 +22,8 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" - cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + cryptosuiteimpl "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" + bccspwrapper "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client/mocks" ) @@ -159,7 +160,7 @@ func TestRevoke(t *testing.T) { if err != nil { t.Fatalf("NewFabricCAClient returned error: %v", err) } - mockKey := cryptosuiteimpl.GetKey(&mocks.MockKey{}) + mockKey := bccspwrapper.GetKey(&mocks.MockKey{}) user := mocks.NewMockUser("test") // Revoke with nil request err = fabricCAClient.Revoke(user, nil) diff --git a/pkg/fabric-client/client_test.go b/pkg/fabric-client/client_test.go index 000b31bf54..73e6e336d8 100644 --- a/pkg/fabric-client/client_test.go +++ b/pkg/fabric-client/client_test.go @@ -15,10 +15,9 @@ import ( "time" fab "github.com/hyperledger/fabric-sdk-go/api/apifabclient" - "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" "github.com/hyperledger/fabric-sdk-go/test/metadata" - "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/identity" kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore" mocks "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/mocks" @@ -31,12 +30,13 @@ func TestClientMethods(t *testing.T) { if client.CryptoSuite() != nil { t.Fatalf("Client CryptoSuite should initially be nil") } - err := factory.InitFactories(nil) + + s, err := sw.GetSuiteWithDefaultEphemeral() if err != nil { t.Fatalf("Failed getting ephemeral software-based BCCSP [%s]", err) } - client.SetCryptoSuite(cryptosuite.GetDefault()) + client.SetCryptoSuite(s) if client.CryptoSuite() == nil { t.Fatalf("Client CryptoSuite should not be nil after setCryptoSuite") } diff --git a/pkg/fabric-client/identity/identity_test.go b/pkg/fabric-client/identity/identity_test.go index 2de9ba6d85..5868c00f31 100644 --- a/pkg/fabric-client/identity/identity_test.go +++ b/pkg/fabric-client/identity/identity_test.go @@ -11,7 +11,7 @@ import ( "io/ioutil" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + bccspwrapper "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client/mocks" ) @@ -37,7 +37,7 @@ func TestUserMethods(t *testing.T) { } // test PrivateKey - privateKey := cryptosuite.GetKey(&mocks.MockKey{}) + privateKey := bccspwrapper.GetKey(&mocks.MockKey{}) user.SetPrivateKey(privateKey) diff --git a/pkg/fabric-client/signingmgr/signingmgr_test.go b/pkg/fabric-client/signingmgr/signingmgr_test.go index 945ceb10ba..03593f36ca 100644 --- a/pkg/fabric-client/signingmgr/signingmgr_test.go +++ b/pkg/fabric-client/signingmgr/signingmgr_test.go @@ -10,7 +10,7 @@ import ( "bytes" "testing" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + bccspwrapper "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client/mocks" fcmocks "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/mocks" ) @@ -37,7 +37,7 @@ func TestSigningManager(t *testing.T) { t.Fatalf("Should have failed to sign object with nil key") } - signedObj, err := signingMgr.Sign([]byte("Hello"), cryptosuite.GetKey(&mocks.MockKey{})) + signedObj, err := signingMgr.Sign([]byte("Hello"), bccspwrapper.GetKey(&mocks.MockKey{})) if err != nil { t.Fatalf("Failed to sign object: %s", err) } diff --git a/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch b/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch index 8bcfdbe143..cde81639ef 100644 --- a/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch +++ b/scripts/third_party_pins/fabric-ca/patches/0004-cryptosuite.patch @@ -8,8 +8,8 @@ SPDX-License-Identifier: Apache-2.0 Signed-off-by: Sudesh Shetty --- - .../cryptosuitebridge/cryptosuitebridge.go | 121 +++++++++++++++++++++ - 1 file changed, 121 insertions(+) + .../cryptosuitebridge/cryptosuitebridge.go | 115 +++++++++++++++++++++ + 1 file changed, 115 insertions(+) create mode 100644 sdkpatch/cryptosuitebridge/cryptosuitebridge.go diff --git a/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -17,7 +17,7 @@ new file mode 100644 index 0000000..0af4fd3 --- /dev/null +++ b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go -@@ -0,0 +1,121 @@ +@@ -0,0 +1,115 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + @@ -32,7 +32,6 @@ index 0000000..0af4fd3 + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" -+ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite" @@ -64,11 +63,6 @@ index 0000000..0af4fd3 + X509Certificate = bccsp.X509Certificate +) + -+// FactoryOpts holds configuration information used to initialize bccsp factory implementations -+type FactoryOpts struct { -+ *factory.FactoryOpts -+} -+ +// NewCspSigner is a bridge for bccsp signer.New call +func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { + return cspsigner.New(csp, key) diff --git a/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh b/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh index 5b12f7e93f..b2eab75dc8 100755 --- a/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh +++ b/scripts/third_party_pins/fabric/apply_fabric_client_utils.sh @@ -19,7 +19,9 @@ GOFILTER_CMD="go run scripts/_go/cmd/gofilter/gofilter.go" declare -a PKGS=( "bccsp" - "bccsp/factory" + "bccsp/factory/sw" + "bccsp/factory/pkcs11" + "bccsp/factory/plugin" "bccsp/pkcs11" "bccsp/signer" "bccsp/sw" @@ -58,14 +60,9 @@ declare -a FILES=( "bccsp/opts.go" "bccsp/rsaopts.go" - "bccsp/factory/factory.go" - "bccsp/factory/nopkcs11.go" - "bccsp/factory/opts.go" - "bccsp/factory/pkcs11.go" - "bccsp/factory/pkcs11factory.go" - "bccsp/factory/swfactory.go" - "bccsp/factory/pluginfactory.go" - "bccsp/factory/sdkpatch_pluginfactory_noplugin.go" + "bccsp/factory/pkcs11/pkcs11factory.go" + "bccsp/factory/sw/swfactory.go" + "bccsp/factory/plugin/pluginfactory.go" "bccsp/pkcs11/conf.go" "bccsp/pkcs11/ecdsa.go" @@ -316,15 +313,32 @@ FILTER_FILENAME="msp/mgmt/mgmt.go" FILTER_FN="GetLocalMSP" gofilter -# adjust bccsp pkcs11 build tags -FILTER_FILENAME="bccsp/factory/pkcs11factory.go" -sed -i'' -e 's/\+build !nopkcs11/\+build pkcs11/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" - -FILTER_FILENAME="bccsp/factory/pkcs11.go" -sed -i'' -e 's/\+build !nopkcs11/\+build pkcs11/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" - -FILTER_FILENAME="bccsp/factory/nopkcs11.go" -sed -i'' -e 's/\+build nopkcs11/\+build !pkcs11/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +# Split BCCSP factory into subpackages +mkdir ${TMP_PROJECT_PATH}/bccsp/factory/sw +mkdir ${TMP_PROJECT_PATH}/bccsp/factory/pkcs11 +mkdir ${TMP_PROJECT_PATH}/bccsp/factory/plugin +mv ${TMP_PROJECT_PATH}/bccsp/factory/swfactory.go ${TMP_PROJECT_PATH}/bccsp/factory/sw/swfactory.go +mv ${TMP_PROJECT_PATH}/bccsp/factory/pkcs11factory.go ${TMP_PROJECT_PATH}/bccsp/factory/pkcs11/pkcs11factory.go +mv ${TMP_PROJECT_PATH}/bccsp/factory/pluginfactory.go ${TMP_PROJECT_PATH}/bccsp/factory/plugin/pluginfactory.go + +FILTER_FILENAME="bccsp/factory/pkcs11/pkcs11factory.go" +sed -i'' -e '/\+build !nopkcs11/d' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/package factory/package pkcs11/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/config \*FactoryOpts/p11Opts \*pkcs11.PKCS11Opts/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/if config == nil || config.Pkcs11Opts == nil/if p11Opts == nil/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e '/p11Opts := config.Pkcs11Opts/d' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" + +FILTER_FILENAME="bccsp/factory/sw/swfactory.go" +sed -i'' -e 's/package factory/package sw/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/config \*FactoryOpts/swOpts \*SwOpts/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/if config == nil || config.SwOpts == nil/if swOpts == nil/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e '/swOpts := config.SwOpts/d' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" + +FILTER_FILENAME="bccsp/factory/plugin/pluginfactory.go" +sed -i'' -e 's/package factory/package plugin/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/config \*FactoryOpts/pluginOpts \*PluginOpts/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/if config == nil || config.PluginOpts == nil/if pluginOpts == nil/g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" +sed -i'' -e 's/config.PluginOpts./pluginOpts./g' "${TMP_PROJECT_PATH}/${FILTER_FILENAME}" echo "Filtering Go sources for allowed declarations ..." FILTERS_ENABLED="gen,type" diff --git a/scripts/third_party_pins/fabric/patches/0003-Build-flags-to-disable-BCCSP-plugins.patch b/scripts/third_party_pins/fabric/patches/0003-Build-flags-to-disable-BCCSP-plugins.patch deleted file mode 100644 index da0c48444b..0000000000 --- a/scripts/third_party_pins/fabric/patches/0003-Build-flags-to-disable-BCCSP-plugins.patch +++ /dev/null @@ -1,82 +0,0 @@ -From b4e3609ad67eae03109cd80957793e0ec33eac1e Mon Sep 17 00:00:00 2001 -From: Troy Ronda -Date: Thu, 19 Oct 2017 11:59:49 -0400 -Subject: [PATCH] Build flags to disable BCCSP plugins - -Change-Id: Id00605ebfb1a75cfcd5ae9ecd950d3fdd215a588 -Signed-off-by: Troy Ronda -Signed-off-by: Divyank Katira ---- - bccsp/factory/pluginfactory.go | 4 ++- - bccsp/factory/sdkpatch_pluginfactory_noplugin.go | 40 ++++++++++++++++++++++++ - 2 files changed, 43 insertions(+), 1 deletion(-) - create mode 100644 bccsp/factory/sdkpatch_pluginfactory_noplugin.go - -diff --git a/bccsp/factory/pluginfactory.go b/bccsp/factory/pluginfactory.go -index 3870bbcd..fd95e9f3 100644 ---- a/bccsp/factory/pluginfactory.go -+++ b/bccsp/factory/pluginfactory.go -@@ -1,3 +1,5 @@ -+// +build linux,!nobccspplugin -+ - /* - Copyright IBM Corp. All Rights Reserved. - -@@ -11,7 +13,7 @@ import ( - "os" - "plugin" - -- "github.com/hyperledger/fabric/bccsp" -+ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - ) - - const ( -diff --git a/bccsp/factory/sdkpatch_pluginfactory_noplugin.go b/bccsp/factory/sdkpatch_pluginfactory_noplugin.go -new file mode 100644 -index 00000000..4011a1e0 ---- /dev/null -+++ b/bccsp/factory/sdkpatch_pluginfactory_noplugin.go -@@ -0,0 +1,40 @@ -+// +build !linux,!nobccspplugin nobccspplugin -+ -+/* -+Copyright IBM Corp., SecureKey Technologies Inc. All Rights Reserved. -+ -+SPDX-License-Identifier: Apache-2.0 -+*/ -+package factory -+ -+import ( -+ "github.com/pkg/errors" -+ -+ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" -+) -+ -+const ( -+ // PluginFactoryName is the factory name for BCCSP plugins -+ PluginFactoryName = "PLUGIN" -+) -+ -+// PluginOpts contains the options for the PluginFactory -+type PluginOpts struct { -+ // Path to plugin library -+ Library string -+ // Config map for the plugin library -+ Config map[string]interface{} -+} -+ -+// PluginFactory is the factory for BCCSP plugins -+type PluginFactory struct{} -+ -+// Name returns the name of this factory -+func (f *PluginFactory) Name() string { -+ return PluginFactoryName -+} -+ -+// Get returns an instance of BCCSP using Opts. -+func (f *PluginFactory) Get(config *FactoryOpts) (bccsp.BCCSP, error) { -+ return nil, errors.New("not supported") -+} --- -2.14.1 - diff --git a/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch b/scripts/third_party_pins/fabric/patches/0003-cryptosuite.patch similarity index 93% rename from scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch rename to scripts/third_party_pins/fabric/patches/0003-cryptosuite.patch index e53430d152..0f0d13c0dc 100644 --- a/scripts/third_party_pins/fabric/patches/0004-cryptosuite.patch +++ b/scripts/third_party_pins/fabric/patches/0003-cryptosuite.patch @@ -8,8 +8,8 @@ SPDX-License-Identifier: Apache-2.0 Signed-off-by: Sudesh Shetty --- - .../cryptosuitebridge/cryptosuitebridge.go | 122 +++++++++++++++++++++ - 1 file changed, 122 insertions(+) + .../cryptosuitebridge/cryptosuitebridge.go | 116 +++++++++++++++++++++ + 1 file changed, 116 insertions(+) create mode 100644 sdkpatch/cryptosuitebridge/cryptosuitebridge.go diff --git a/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go @@ -17,7 +17,7 @@ new file mode 100644 index 0000000..a260c06 --- /dev/null +++ b/sdkpatch/cryptosuitebridge/cryptosuitebridge.go -@@ -0,0 +1,122 @@ +@@ -0,0 +1,116 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + @@ -32,7 +32,6 @@ index 0000000..a260c06 + + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" -+ "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" + cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw" + "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils" @@ -65,11 +64,6 @@ index 0000000..a260c06 + X509Certificate = bccsp.X509Certificate +) + -+// FactoryOpts holds configuration information used to initialize bccsp factory implementations -+type FactoryOpts struct { -+ *factory.FactoryOpts -+} -+ +// NewCspSigner is a bridge for bccsp signer.New call +func NewCspSigner(csp apicryptosuite.CryptoSuite, key apicryptosuite.Key) (crypto.Signer, error) { + return cspsigner.New(csp, key) diff --git a/test/fixtures/dockerenv/docker-compose-pkcs11-test.yaml b/test/fixtures/dockerenv/docker-compose-pkcs11-test.yaml index d5641f0b23..a397b4b7ce 100644 --- a/test/fixtures/dockerenv/docker-compose-pkcs11-test.yaml +++ b/test/fixtures/dockerenv/docker-compose-pkcs11-test.yaml @@ -17,7 +17,7 @@ services: - FABRIC_SDKGO_CODELEVEL_VER volumes: - ../../../:/opt/gopath/src/github.com/hyperledger/fabric-sdk-go - command: /opt/gopath/src/github.com/hyperledger/fabric-sdk-go/test/scripts/integration.sh + command: bash -c "/opt/gopath/src/github.com/hyperledger/fabric-sdk-go/test/scripts/unit-pkcs11.sh && /opt/gopath/src/github.com/hyperledger/fabric-sdk-go/test/scripts/integration.sh" depends_on: - org1ca1 - org2ca1 diff --git a/test/integration/e2e/end_to_end.go b/test/integration/e2e/end_to_end.go new file mode 100644 index 0000000000..749216b627 --- /dev/null +++ b/test/integration/e2e/end_to_end.go @@ -0,0 +1,158 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package e2e + +import ( + "path" + "strconv" + "testing" + "time" + + "github.com/hyperledger/fabric-sdk-go/api/apitxn" + "github.com/hyperledger/fabric-sdk-go/def/fabapi" + "github.com/hyperledger/fabric-sdk-go/test/integration" + "github.com/hyperledger/fabric-sdk-go/test/metadata" + "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/common/cauthdsl" + + chmgmt "github.com/hyperledger/fabric-sdk-go/api/apitxn/chmgmtclient" + resmgmt "github.com/hyperledger/fabric-sdk-go/api/apitxn/resmgmtclient" + + packager "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/ccpackager/gopackager" +) + +const ( + channelID = "mychannel" + orgName = "Org1" + orgAdmin = "Admin" + ccID = "e2eExampleCC" +) + +func runWithConfigFixture(t *testing.T) { + // Create SDK setup for the integration tests + sdkOptions := fabapi.Options{ + ConfigFile: "../" + integration.ConfigTestFile, + } + + Run(t, sdkOptions) +} + +// Run enables testing an end-to-end scenario against the supplied SDK options +func Run(t *testing.T, sdkOptions fabapi.Options) { + + sdk, err := fabapi.NewSDK(sdkOptions) + if err != nil { + t.Fatalf("Failed to create new SDK: %s", err) + } + + // Channel management client is responsible for managing channels (create/update channel) + // Supply user that has privileges to create channel (in this case orderer admin) + chMgmtClient, err := sdk.NewChannelMgmtClientWithOpts("Admin", &fabapi.ChannelMgmtClientOpts{OrgName: "ordererorg"}) + if err != nil { + t.Fatalf("Failed to create channel management client: %s", err) + } + + // Org admin user is signing user for creating channel + orgAdminUser, err := sdk.NewPreEnrolledUser(orgName, orgAdmin) + if err != nil { + t.Fatalf("NewPreEnrolledUser failed for %s, %s: %s", orgName, orgAdmin, err) + } + + // Create channel + req := chmgmt.SaveChannelRequest{ChannelID: channelID, ChannelConfig: path.Join("../../../", metadata.ChannelConfigPath, "mychannel.tx"), SigningUser: orgAdminUser} + if err = chMgmtClient.SaveChannel(req); err != nil { + t.Fatal(err) + } + + // Allow orderer to process channel creation + time.Sleep(time.Second * 3) + + // Org resource management client (Org1 is default org) + orgResMgmt, err := sdk.NewResourceMgmtClient(orgAdmin) + if err != nil { + t.Fatalf("Failed to create new resource management client: %s", err) + } + + // Org peers join channel + if err = orgResMgmt.JoinChannel(channelID); err != nil { + t.Fatalf("Org peers failed to JoinChannel: %s", err) + } + + // Create chaincode package for example cc + ccPkg, err := packager.NewCCPackage("github.com/example_cc", "../../fixtures/testdata") + if err != nil { + t.Fatal(err) + } + + // Install example cc to org peers + installCCReq := resmgmt.InstallCCRequest{Name: ccID, Path: "github.com/example_cc", Version: "0", Package: ccPkg} + _, err = orgResMgmt.InstallCC(installCCReq) + if err != nil { + t.Fatal(err) + } + + // Set up chaincode policy + ccPolicy := cauthdsl.SignedByAnyMember([]string{"Org1MSP"}) + + // Org resource manager will instantiate 'example_cc' on channel + err = orgResMgmt.InstantiateCC(channelID, resmgmt.InstantiateCCRequest{Name: ccID, Path: "github.com/example_cc", Version: "0", Args: integration.ExampleCCInitArgs(), Policy: ccPolicy}) + if err != nil { + t.Fatal(err) + } + + // ************ Test setup complete ************** // + + // Channel client is used to query and execute transactions + chClient, err := sdk.NewChannelClient(channelID, "User1") + if err != nil { + t.Fatalf("Failed to create new channel client: %s", err) + } + + // Release all channel client resources + defer chClient.Close() + + value, err := chClient.Query(apitxn.QueryRequest{ChaincodeID: ccID, Fcn: "invoke", Args: integration.ExampleCCQueryArgs()}) + if err != nil { + t.Fatalf("Failed to query funds: %s", err) + } + + eventID := "test([a-zA-Z]+)" + + // Register chaincode event (pass in channel which receives event details when the event is complete) + notifier := make(chan *apitxn.CCEvent) + rce := chClient.RegisterChaincodeEvent(notifier, ccID, eventID) + + // Move funds + _, err = chClient.ExecuteTx(apitxn.ExecuteTxRequest{ChaincodeID: ccID, Fcn: "invoke", Args: integration.ExampleCCTxArgs()}) + if err != nil { + t.Fatalf("Failed to move funds: %s", err) + } + + select { + case ccEvent := <-notifier: + t.Logf("Received CC event: %s\n", ccEvent) + case <-time.After(time.Second * 20): + t.Fatalf("Did NOT receive CC event for eventId(%s)\n", eventID) + } + + // Unregister chain code event using registration handle + err = chClient.UnregisterChaincodeEvent(rce) + if err != nil { + t.Fatalf("Unregister cc event failed: %s", err) + } + + // Verify move funds transaction result + valueAfterInvoke, err := chClient.Query(apitxn.QueryRequest{ChaincodeID: ccID, Fcn: "invoke", Args: integration.ExampleCCQueryArgs()}) + if err != nil { + t.Fatalf("Failed to query funds after transaction: %s", err) + } + + valueInt, _ := strconv.Atoi(string(value)) + valueAfterInvokeInt, _ := strconv.Atoi(string(valueAfterInvoke)) + if valueInt+1 != valueAfterInvokeInt { + t.Fatalf("ExecuteTx failed. Before: %s, after: %s", value, valueAfterInvoke) + } +} diff --git a/test/integration/e2e/end_to_end_test.go b/test/integration/e2e/end_to_end_test.go index d6d351f8b9..70ba504ce1 100644 --- a/test/integration/e2e/end_to_end_test.go +++ b/test/integration/e2e/end_to_end_test.go @@ -7,148 +7,9 @@ SPDX-License-Identifier: Apache-2.0 package e2e import ( - "path" - "strconv" "testing" - "time" - - "github.com/hyperledger/fabric-sdk-go/api/apitxn" - "github.com/hyperledger/fabric-sdk-go/def/fabapi" - "github.com/hyperledger/fabric-sdk-go/test/integration" - "github.com/hyperledger/fabric-sdk-go/test/metadata" - "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/common/cauthdsl" - - chmgmt "github.com/hyperledger/fabric-sdk-go/api/apitxn/chmgmtclient" - resmgmt "github.com/hyperledger/fabric-sdk-go/api/apitxn/resmgmtclient" - - packager "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/ccpackager/gopackager" -) - -const ( - channelID = "mychannel" - orgName = "Org1" - orgAdmin = "Admin" - ccID = "e2eExampleCC" ) func TestE2E(t *testing.T) { - - // Create SDK setup for the integration tests - sdkOptions := fabapi.Options{ - ConfigFile: "../" + integration.ConfigTestFile, - } - - sdk, err := fabapi.NewSDK(sdkOptions) - if err != nil { - t.Fatalf("Failed to create new SDK: %s", err) - } - - // Channel management client is responsible for managing channels (create/update channel) - // Supply user that has privileges to create channel (in this case orderer admin) - chMgmtClient, err := sdk.NewChannelMgmtClientWithOpts("Admin", &fabapi.ChannelMgmtClientOpts{OrgName: "ordererorg"}) - if err != nil { - t.Fatalf("Failed to create channel management client: %s", err) - } - - // Org admin user is signing user for creating channel - orgAdminUser, err := sdk.NewPreEnrolledUser(orgName, orgAdmin) - if err != nil { - t.Fatalf("NewPreEnrolledUser failed for %s, %s: %s", orgName, orgAdmin, err) - } - - // Create channel - req := chmgmt.SaveChannelRequest{ChannelID: channelID, ChannelConfig: path.Join("../../../", metadata.ChannelConfigPath, "mychannel.tx"), SigningUser: orgAdminUser} - if err = chMgmtClient.SaveChannel(req); err != nil { - t.Fatal(err) - } - - // Allow orderer to process channel creation - time.Sleep(time.Second * 3) - - // Org resource management client (Org1 is default org) - orgResMgmt, err := sdk.NewResourceMgmtClient(orgAdmin) - if err != nil { - t.Fatalf("Failed to create new resource management client: %s", err) - } - - // Org peers join channel - if err = orgResMgmt.JoinChannel(channelID); err != nil { - t.Fatalf("Org peers failed to JoinChannel: %s", err) - } - - // Create chaincode package for example cc - ccPkg, err := packager.NewCCPackage("github.com/example_cc", "../../fixtures/testdata") - if err != nil { - t.Fatal(err) - } - - // Install example cc to org peers - installCCReq := resmgmt.InstallCCRequest{Name: ccID, Path: "github.com/example_cc", Version: "0", Package: ccPkg} - _, err = orgResMgmt.InstallCC(installCCReq) - if err != nil { - t.Fatal(err) - } - - // Set up chaincode policy - ccPolicy := cauthdsl.SignedByAnyMember([]string{"Org1MSP"}) - - // Org resource manager will instantiate 'example_cc' on channel - err = orgResMgmt.InstantiateCC(channelID, resmgmt.InstantiateCCRequest{Name: ccID, Path: "github.com/example_cc", Version: "0", Args: integration.ExampleCCInitArgs(), Policy: ccPolicy}) - if err != nil { - t.Fatal(err) - } - - // ************ Test setup complete ************** // - - // Channel client is used to query and execute transactions - chClient, err := sdk.NewChannelClient(channelID, "User1") - if err != nil { - t.Fatalf("Failed to create new channel client: %s", err) - } - - value, err := chClient.Query(apitxn.QueryRequest{ChaincodeID: ccID, Fcn: "invoke", Args: integration.ExampleCCQueryArgs()}) - if err != nil { - t.Fatalf("Failed to query funds: %s", err) - } - - eventID := "test([a-zA-Z]+)" - - // Register chaincode event (pass in channel which receives event details when the event is complete) - notifier := make(chan *apitxn.CCEvent) - rce := chClient.RegisterChaincodeEvent(notifier, ccID, eventID) - - // Move funds - _, err = chClient.ExecuteTx(apitxn.ExecuteTxRequest{ChaincodeID: ccID, Fcn: "invoke", Args: integration.ExampleCCTxArgs()}) - if err != nil { - t.Fatalf("Failed to move funds: %s", err) - } - - select { - case ccEvent := <-notifier: - t.Logf("Received CC event: %s\n", ccEvent) - case <-time.After(time.Second * 20): - t.Fatalf("Did NOT receive CC event for eventId(%s)\n", eventID) - } - - // Unregister chain code event using registration handle - err = chClient.UnregisterChaincodeEvent(rce) - if err != nil { - t.Fatalf("Unregister cc event failed: %s", err) - } - - // Verify move funds transaction result - valueAfterInvoke, err := chClient.Query(apitxn.QueryRequest{ChaincodeID: ccID, Fcn: "invoke", Args: integration.ExampleCCQueryArgs()}) - if err != nil { - t.Fatalf("Failed to query funds after transaction: %s", err) - } - - valueInt, _ := strconv.Atoi(string(value)) - valueAfterInvokeInt, _ := strconv.Atoi(string(valueAfterInvoke)) - if valueInt+1 != valueAfterInvokeInt { - t.Fatalf("ExecuteTx failed. Before: %s, after: %s", value, valueAfterInvoke) - } - - // Release all channel client resources - chClient.Close() - + runWithConfigFixture(t) } diff --git a/test/integration/env.go b/test/integration/env.go index b601dd0893..48b958057b 100644 --- a/test/integration/env.go +++ b/test/integration/env.go @@ -1,5 +1,3 @@ -// +build !testpkcs11 - /* Copyright SecureKey Technologies Inc. All Rights Reserved. diff --git a/test/integration/fab/fabric_ca_test.go b/test/integration/fab/fabric_ca_test.go index 31d63b8df7..7945fcb501 100644 --- a/test/integration/fab/fabric_ca_test.go +++ b/test/integration/fab/fabric_ca_test.go @@ -18,13 +18,13 @@ import ( "github.com/hyperledger/fabric-sdk-go/api/apiconfig" ca "github.com/hyperledger/fabric-sdk-go/api/apifabca" + cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/sw" client "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/identity" kvs "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/keyvaluestore" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/peer" "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/signingmgr" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" fabricCAClient "github.com/hyperledger/fabric-sdk-go/pkg/fabric-ca-client" ) diff --git a/test/integration/pkcs11/e2e_test.go b/test/integration/pkcs11/e2e_test.go new file mode 100644 index 0000000000..1c74a93dcc --- /dev/null +++ b/test/integration/pkcs11/e2e_test.go @@ -0,0 +1,38 @@ +/* +Copyright SecureKey Technologies Inc. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package pkcs11 + +import ( + "testing" + + "github.com/hyperledger/fabric-sdk-go/api/apiconfig" + "github.com/hyperledger/fabric-sdk-go/api/apicryptosuite" + "github.com/hyperledger/fabric-sdk-go/def/fabapi" + "github.com/hyperledger/fabric-sdk-go/def/fabapi/context/defprovider" + cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/pkcs11" + "github.com/hyperledger/fabric-sdk-go/test/integration/e2e" +) + +func TestE2E(t *testing.T) { + // Create SDK setup for the integration tests + sdkOptions := fabapi.Options{ + ConfigFile: "../" + ConfigTestFile, + ProviderFactory: &CustomCryptoSuiteProviderFactory{}, + } + + e2e.Run(t, sdkOptions) +} + +// CustomCryptoSuiteProviderFactory is will provide custom cryptosuite (bccsp.BCCSP) +type CustomCryptoSuiteProviderFactory struct { + defprovider.DefaultProviderFactory +} + +// NewCryptoSuiteProvider returns a new default implementation of BCCSP +func (f *CustomCryptoSuiteProviderFactory) NewCryptoSuiteProvider(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { + return cryptosuite.GetSuiteByConfig(config) +} diff --git a/test/integration/pkcs11_env.go b/test/integration/pkcs11/env.go similarity index 86% rename from test/integration/pkcs11_env.go rename to test/integration/pkcs11/env.go index e35ef78ee7..266dad955a 100644 --- a/test/integration/pkcs11_env.go +++ b/test/integration/pkcs11/env.go @@ -1,12 +1,10 @@ -// +build testpkcs11 - /* Copyright SecureKey Technologies Inc. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ -package integration +package pkcs11 const ( // ConfigTestFile contains the path and filename of the config for integration tests diff --git a/test/integration/sdk/custom_cryptosuite_test.go b/test/integration/sdk/custom_cryptosuite_test.go index e9a0351fbd..ced91c2dac 100644 --- a/test/integration/sdk/custom_cryptosuite_test.go +++ b/test/integration/sdk/custom_cryptosuite_test.go @@ -18,8 +18,8 @@ import ( "github.com/hyperledger/fabric-sdk-go/def/fabapi" "github.com/hyperledger/fabric-sdk-go/def/fabapi/context/defprovider" "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp" - bccspFactory "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory" - cryptosuite "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp" + bccspSw "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory/sw" + "github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite/bccsp/wrapper" "github.com/hyperledger/fabric-sdk-go/test/integration" "github.com/hyperledger/fabric-sdk-go/test/metadata" ) @@ -95,28 +95,37 @@ type CustomCryptoSuiteProviderFactory struct { // NewCryptoSuiteProvider returns a new default implementation of BCCSP func (f *CustomCryptoSuiteProviderFactory) NewCryptoSuiteProvider(config apiconfig.Config) (apicryptosuite.CryptoSuite, error) { - return cryptosuite.GetSuite(f.bccspProvider), nil + c := wrapper.NewCryptoSuite(f.bccspProvider) + return &c, nil } func getTestBCCSP(config apiconfig.Config) bccsp.BCCSP { + opts := getOptsByConfig(config) + s, err := getBCCSPFromOpts(opts) + if err != nil { + panic(fmt.Sprintf("Failed getting software-based BCCSP [%s]", err)) + } + + return s +} - // Initialize bccsp factories before calling get client - err := bccspFactory.InitFactories(&bccspFactory.FactoryOpts{ - ProviderName: config.SecurityProvider(), - SwOpts: &bccspFactory.SwOpts{ - HashFamily: config.SecurityAlgorithm(), - SecLevel: config.SecurityLevel(), - FileKeystore: &bccspFactory.FileKeystoreOpts{ - KeyStorePath: config.KeyStorePath(), - }, - Ephemeral: false, +func getBCCSPFromOpts(config *bccspSw.SwOpts) (bccsp.BCCSP, error) { + f := &bccspSw.SWFactory{} + + return f.Get(config) +} + +func getOptsByConfig(c apiconfig.Config) *bccspSw.SwOpts { + opts := &bccspSw.SwOpts{ + HashFamily: c.SecurityAlgorithm(), + SecLevel: c.SecurityLevel(), + FileKeystore: &bccspSw.FileKeystoreOpts{ + KeyStorePath: c.KeyStorePath(), }, - }) - if err != nil { - panic(fmt.Sprintf("Failed getting ephemeral software-based BCCSP [%s]", err)) + Ephemeral: c.Ephemeral(), } - return bccspFactory.GetDefault() + return opts } func TestCustomCryptoSuite(t *testing.T) { diff --git a/test/scripts/integration.sh b/test/scripts/integration.sh index a5dc9d6496..487d9b004f 100755 --- a/test/scripts/integration.sh +++ b/test/scripts/integration.sh @@ -18,9 +18,12 @@ FABRIC_SDKGO_CODELEVEL_TAG="${FABRIC_SDKGO_CODELEVEL_TAG:-stable}" FABRIC_CRYPTOCONFIG_VERSION="${FABRIC_CRYPTOCONFIG_VERSION:-v1}" # TODO: better default handling for FABRIC_CRYPTOCONFIG_VERSION +REPO="github.com/hyperledger/fabric-sdk-go" + # Packages to include in test run -PKGS=`$GO_CMD list github.com/hyperledger/fabric-sdk-go/test/integration/... 2> /dev/null | \ - grep -v /vendor/` +PKGS=`$GO_CMD list $REPO/test/integration/... 2> /dev/null | \ + grep -v ^$REPO/test/integration/pkcs11 | \ + grep -v ^$REPO/test/integration\$` echo "Running integration tests ..." RACEFLAG="" @@ -35,8 +38,8 @@ GO_TAGS="$GO_TAGS $FABRIC_SDKGO_CODELEVEL_TAG" if [ "$FABRIC_SDK_CLIENT_BCCSP_SECURITY_DEFAULT_PROVIDER" == "PKCS11" ]; then echo "Testing with PKCS11 ..." - GO_TAGS="$GO_TAGS testpkcs11 pkcs11" + PKGS="$REPO/test/integration/pkcs11" fi GO_LDFLAGS="$GO_LDFLAGS -X github.com/hyperledger/fabric-sdk-go/test/metadata.ChannelConfigPath=test/fixtures/fabric/${FABRIC_SDKGO_CODELEVEL_VER}/channel -X github.com/hyperledger/fabric-sdk-go/test/metadata.CryptoConfigPath=test/fixtures/fabric/${FABRIC_CRYPTOCONFIG_VERSION}/crypto-config" -$GO_CMD test $RACEFLAG -cover -tags "$GO_TAGS" $GO_TESTFLAGS -ldflags="$GO_LDFLAGS" $PKGS -p 1 -timeout=40m +$GO_CMD test $RACEFLAG -tags "$GO_TAGS" $GO_TESTFLAGS -ldflags="$GO_LDFLAGS" $PKGS -p 1 -timeout=40m diff --git a/test/scripts/unit-pkcs11.sh b/test/scripts/unit-pkcs11.sh new file mode 100755 index 0000000000..ff5337afdc --- /dev/null +++ b/test/scripts/unit-pkcs11.sh @@ -0,0 +1,44 @@ +#!/bin/bash +# +# Copyright SecureKey Technologies Inc. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# +# Environment variables that affect this script: +# GO_TESTFLAGS: Flags are added to the go test command. +# GO_LDFLAGS: Flags are added to the go test command (example: -s). +# FABRIC_SDKGO_CODELEVEL_TAG: Go tag that represents the fabric code target +# FABRIC_SDKGO_CODELEVEL_VER: Version that represents the fabric code target (primarily for fixture lookup) +# FABRIC_CRYPTOCONFIG_VERSION: Version of cryptoconfig fixture to use + +set -e + +GO_CMD="${GO_CMD:-go}" +FABRIC_SDKGO_CODELEVEL_TAG="${FABRIC_SDKGO_CODELEVEL_TAG:-devstable}" +FABRIC_CRYPTOCONFIG_VERSION="${FABRIC_CRYPTOCONFIG_VERSION:-v1}" + +REPO="github.com/hyperledger/fabric-sdk-go" + +PKGS="$PKGS $REPO/pkg/cryptosuite/bccsp/pkcs11 $REPO/pkg/cryptosuite/bccsp/multisuite" +echo "Running PKCS11 unit tests (libltdl and softhsm required)..." + +RACEFLAG="" +ARCH=$(uname -m) + +if [ "$ARCH" == "x86_64" ]; then + RACEFLAG="-race" +fi + +# detect softhsm +# created using command: softhsm2-util --init-token --slot 0 --label "ForFabric" --so-pin 1234 --pin 98765432 +SOFTHSM=`softhsm2-util --show-slots 2> /dev/null | grep ForFabric` || SOFTHSM="" +if [ "$SOFTHSM" == "" ]; then + echo "SoftHSM with ForFabric token not detected ..." + exit 1 +fi + +echo "Testing with code level $FABRIC_SDKGO_CODELEVEL_TAG (Fabric ${FABRIC_SDKGO_CODELEVEL_VER}) ..." +GO_TAGS="$GO_TAGS $FABRIC_SDKGO_CODELEVEL_TAG" + +GO_LDFLAGS="$GO_LDFLAGS -X github.com/hyperledger/fabric-sdk-go/test/metadata.ChannelConfigPath=test/fixtures/fabric/${FABRIC_SDKGO_CODELEVEL_VER}/channel -X github.com/hyperledger/fabric-sdk-go/test/metadata.CryptoConfigPath=test/fixtures/fabric/${FABRIC_CRYPTOCONFIG_VERSION}/crypto-config" +$GO_CMD test $RACEFLAG -cover -tags "testing $GO_TAGS" $GO_TESTFLAGS -ldflags="$GO_LDFLAGS" $PKGS -p 1 -timeout=40m \ No newline at end of file diff --git a/test/scripts/unit.sh b/test/scripts/unit.sh index c8a86383b4..7100ed0612 100755 --- a/test/scripts/unit.sh +++ b/test/scripts/unit.sh @@ -19,19 +19,19 @@ FABRIC_CRYPTOCONFIG_VERSION="${FABRIC_CRYPTOCONFIG_VERSION:-v1}" REPO="github.com/hyperledger/fabric-sdk-go" -# Packages to exclude +# Packages to include in test run PKGS=`$GO_CMD list $REPO... 2> /dev/null | \ grep -v ^$REPO/api/ | \ grep -v ^$REPO/pkg/fabric-ca-client/mocks | grep -v ^$REPO/pkg/fabric-client/mocks | \ grep -v ^$REPO/internal/github.com/ | grep -v ^$REPO/third_party/ | \ + grep -v ^$REPO/pkg/cryptosuite/bccsp/pkcs11 | grep -v ^$REPO/pkg/cryptosuite/bccsp/multisuite | \ grep -v ^$REPO/vendor/ | grep -v ^$REPO/test/` echo "Running unit tests..." RACEFLAG="" ARCH=$(uname -m) -if [ "$ARCH" == "x86_64" ] -then +if [ "$ARCH" == "x86_64" ]; then RACEFLAG="-race" fi