Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Intermediate CA certs to dial options #3225

Merged
merged 1 commit into from
Feb 11, 2022
Merged

Add Intermediate CA certs to dial options #3225

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions internal/pkg/gateway/registry.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,8 @@ func (reg *registry) connectChannelPeers(channel string, force bool) error {
for mspid, infoset := range reg.discovery.IdentityInfo().ByOrg() {
var tlsRootCerts [][]byte
if mspInfo, ok := config.GetMsps()[mspid]; ok {
tlsRootCerts = mspInfo.GetTlsRootCerts()
tlsRootCerts = append(tlsRootCerts, mspInfo.GetTlsRootCerts()...)
tlsRootCerts = append(tlsRootCerts, mspInfo.GetTlsIntermediateCerts()...)
}
for _, info := range infoset {
pkiid := info.PKIId
Expand Down Expand Up @@ -402,7 +403,8 @@ func (reg *registry) config(channel string) ([]*endpointConfig, error) {
for mspid, eps := range config.GetOrderers() {
var tlsRootCerts [][]byte
if mspInfo, ok := config.GetMsps()[mspid]; ok {
tlsRootCerts = mspInfo.GetTlsRootCerts()
tlsRootCerts = append(tlsRootCerts, mspInfo.GetTlsRootCerts()...)
tlsRootCerts = append(tlsRootCerts, mspInfo.GetTlsIntermediateCerts()...)
}
for _, ep := range eps.Endpoint {
address := fmt.Sprintf("%s:%d", ep.Host, ep.Port)
Expand All @@ -420,7 +422,9 @@ func (reg *registry) configUpdate(bundle *channelconfig.Bundle) {
var channelOrderers []*endpointConfig
for _, org := range ordererConfig.Organizations() {
mspid := org.MSPID()
tlsRootCerts := org.MSP().GetTLSRootCerts()
msp := org.MSP()
tlsRootCerts := append([][]byte{}, msp.GetTLSRootCerts()...)
tlsRootCerts = append(tlsRootCerts, msp.GetTLSIntermediateCerts()...)
for _, address := range org.Endpoints() {
channelOrderers = append(channelOrderers, &endpointConfig{address: address, mspid: mspid, tlsRootCerts: tlsRootCerts})
reg.logger.Debugw("Channel orderer", "address", address, "mspid", mspid)
Expand Down
11 changes: 8 additions & 3 deletions internal/pkg/gateway/registry_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ func TestOrdererCache(t *testing.T) {
orderers, err := test.server.registry.orderers(channelName)
require.NoError(t, err)
require.Len(t, orderers, 1)
require.Len(t, orderers[0].tlsRootCerts, 3) // 1 tlsrootCA + 2 tlsintermediateCAs

// trigger the config update callback, updating the orderers
bundle, err := createChannelConfigBundle(channelName, []string{"orderer1:7050", "orderer2:7050", "orderer3:7050"})
Expand All @@ -40,6 +41,7 @@ func TestOrdererCache(t *testing.T) {
orderers, err = test.server.registry.orderers(channelName)
require.NoError(t, err)
require.Len(t, orderers, 3)
require.Len(t, orderers[2].tlsRootCerts, 2) // 1 tlsrootCA + 1 tlsintermediateCA from sampleconfig folder
}

func TestStaleOrdererConnections(t *testing.T) {
Expand Down Expand Up @@ -75,8 +77,6 @@ func TestStaleOrdererConnections(t *testing.T) {

func TestStaleMultiChannelOrdererConnections(t *testing.T) {
channel1 := "channel1"
// channel2 := "channel2"
// channel3 := "channel3"

def := &testDef{
config: buildConfig(t, []string{"orderer1", "orderer2"}),
Expand Down Expand Up @@ -121,6 +121,10 @@ func TestStaleMultiChannelOrdererConnections(t *testing.T) {
func buildConfig(t *testing.T, orderers []string) *dp.ConfigResult {
ca, err := tlsgen.NewCA()
require.NoError(t, err)
ica1, err := ca.NewIntermediateCA()
require.NoError(t, err)
ica2, err := ica1.NewIntermediateCA()
require.NoError(t, err)
var endpoints []*dp.Endpoint
for _, o := range orderers {
endpoints = append(endpoints, &dp.Endpoint{Host: o, Port: 7050})
Expand All @@ -134,7 +138,8 @@ func buildConfig(t *testing.T, orderers []string) *dp.ConfigResult {
},
Msps: map[string]*msp.FabricMSPConfig{
"msp1": {
TlsRootCerts: [][]byte{ca.CertBytes()},
TlsRootCerts: [][]byte{ca.CertBytes()},
TlsIntermediateCerts: [][]byte{ica1.CertBytes(), ica2.CertBytes()},
},
},
}
Expand Down