From 9b011deb980e19e8f2ec80babd5a469b4d68eadf Mon Sep 17 00:00:00 2001 From: Jeff Garratt Date: Tue, 20 Jun 2017 11:09:13 -0400 Subject: [PATCH] [FAB-4886] Add tls_root_certs to MSPConfig etc. Now add the tls_root_certs field to updated FabricMSPConfig proto structure. Now create intermediate ca certs folder and new tlscacerts folder for local MSP config. Recommented the doNotDecompose option for feature. Change-Id: Ie406b6d74b03314b53f7eb9ee81627e572811ee5 Signed-off-by: Jeff Garratt --- bddtests/features/bootstrap.feature | 2 +- bddtests/msp/identities_pb2.py | 4 +- bddtests/msp/identities_pb2_grpc.py | 2 - bddtests/msp/msp_config_pb2.py | 90 ++++++++++++++++++++++---- bddtests/msp/msp_config_pb2_grpc.py | 2 - bddtests/msp/msp_principal_pb2.py | 4 +- bddtests/msp/msp_principal_pb2_grpc.py | 2 - bddtests/steps/bootstrap_util.py | 10 ++- 8 files changed, 93 insertions(+), 23 deletions(-) diff --git a/bddtests/features/bootstrap.feature b/bddtests/features/bootstrap.feature index 15218a5d0f0..881b79e713c 100644 --- a/bddtests/features/bootstrap.feature +++ b/bddtests/features/bootstrap.feature @@ -16,7 +16,7 @@ Feature: Bootstrap As a blockchain entrepreneur I want to bootstrap a new blockchain network - @doNotDecompose +# @doNotDecompose @generateDocs Scenario Outline: Bootstrap a development network with 4 peers (2 orgs) and 1 orderer (1 org), each having a single independent root of trust (No fabric-ca, just openssl) #creates 1 self-signed key/cert pair per orderer organization diff --git a/bddtests/msp/identities_pb2.py b/bddtests/msp/identities_pb2.py index 434acb53e67..9aafe5c77ac 100644 --- a/bddtests/msp/identities_pb2.py +++ b/bddtests/msp/identities_pb2.py @@ -79,10 +79,10 @@ # THESE ELEMENTS WILL BE DEPRECATED. # Please use the generated *_pb2_grpc.py files instead. import grpc - from grpc.framework.common import cardinality - from grpc.framework.interfaces.face import utilities as face_utilities from grpc.beta import implementations as beta_implementations from grpc.beta import interfaces as beta_interfaces + from grpc.framework.common import cardinality + from grpc.framework.interfaces.face import utilities as face_utilities except ImportError: pass # @@protoc_insertion_point(module_scope) diff --git a/bddtests/msp/identities_pb2_grpc.py b/bddtests/msp/identities_pb2_grpc.py index d5557c12314..a89435267cb 100644 --- a/bddtests/msp/identities_pb2_grpc.py +++ b/bddtests/msp/identities_pb2_grpc.py @@ -1,5 +1,3 @@ # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! import grpc -from grpc.framework.common import cardinality -from grpc.framework.interfaces.face import utilities as face_utilities diff --git a/bddtests/msp/msp_config_pb2.py b/bddtests/msp/msp_config_pb2.py index c09ab07679c..8f6752b173f 100644 --- a/bddtests/msp/msp_config_pb2.py +++ b/bddtests/msp/msp_config_pb2.py @@ -19,7 +19,7 @@ name='msp/msp_config.proto', package='msp', syntax='proto3', - serialized_pb=_b('\n\x14msp/msp_config.proto\x12\x03msp\")\n\tMSPConfig\x12\x0c\n\x04type\x18\x01 \x01(\x05\x12\x0e\n\x06\x63onfig\x18\x02 \x01(\x0c\"\xee\x01\n\x0f\x46\x61\x62ricMSPConfig\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x12\n\nroot_certs\x18\x02 \x03(\x0c\x12\x1a\n\x12intermediate_certs\x18\x03 \x03(\x0c\x12\x0e\n\x06\x61\x64mins\x18\x04 \x03(\x0c\x12\x17\n\x0frevocation_list\x18\x05 \x03(\x0c\x12\x32\n\x10signing_identity\x18\x06 \x01(\x0b\x32\x18.msp.SigningIdentityInfo\x12@\n\x1forganizational_unit_identifiers\x18\x07 \x03(\x0b\x32\x17.msp.FabricOUIdentifier\"R\n\x13SigningIdentityInfo\x12\x15\n\rpublic_signer\x18\x01 \x01(\x0c\x12$\n\x0eprivate_signer\x18\x02 \x01(\x0b\x32\x0c.msp.KeyInfo\"7\n\x07KeyInfo\x12\x16\n\x0ekey_identifier\x18\x01 \x01(\t\x12\x14\n\x0ckey_material\x18\x02 \x01(\x0c\"[\n\x12\x46\x61\x62ricOUIdentifier\x12\x1d\n\x15\x63\x65rtifiers_identifier\x18\x01 \x01(\x0c\x12&\n\x1eorganizational_unit_identifier\x18\x02 \x01(\tB_\n!org.hyperledger.fabric.protos.mspB\x10MspConfigPackageZ(github.com/hyperledger/fabric/protos/mspb\x06proto3') + serialized_pb=_b('\n\x14msp/msp_config.proto\x12\x03msp\")\n\tMSPConfig\x12\x0c\n\x04type\x18\x01 \x01(\x05\x12\x0e\n\x06\x63onfig\x18\x02 \x01(\x0c\"\xd6\x02\n\x0f\x46\x61\x62ricMSPConfig\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x12\n\nroot_certs\x18\x02 \x03(\x0c\x12\x1a\n\x12intermediate_certs\x18\x03 \x03(\x0c\x12\x0e\n\x06\x61\x64mins\x18\x04 \x03(\x0c\x12\x17\n\x0frevocation_list\x18\x05 \x03(\x0c\x12\x32\n\x10signing_identity\x18\x06 \x01(\x0b\x32\x18.msp.SigningIdentityInfo\x12@\n\x1forganizational_unit_identifiers\x18\x07 \x03(\x0b\x32\x17.msp.FabricOUIdentifier\x12.\n\rcrypto_config\x18\x08 \x01(\x0b\x32\x17.msp.FabricCryptoConfig\x12\x16\n\x0etls_root_certs\x18\t \x03(\x0c\x12\x1e\n\x16tls_intermediate_certs\x18\n \x03(\x0c\"^\n\x12\x46\x61\x62ricCryptoConfig\x12\x1d\n\x15signature_hash_family\x18\x01 \x01(\t\x12)\n!identity_identifier_hash_function\x18\x02 \x01(\t\"R\n\x13SigningIdentityInfo\x12\x15\n\rpublic_signer\x18\x01 \x01(\x0c\x12$\n\x0eprivate_signer\x18\x02 \x01(\x0b\x32\x0c.msp.KeyInfo\"7\n\x07KeyInfo\x12\x16\n\x0ekey_identifier\x18\x01 \x01(\t\x12\x14\n\x0ckey_material\x18\x02 \x01(\x0c\"Q\n\x12\x46\x61\x62ricOUIdentifier\x12\x13\n\x0b\x63\x65rtificate\x18\x01 \x01(\x0c\x12&\n\x1eorganizational_unit_identifier\x18\x02 \x01(\tB_\n!org.hyperledger.fabric.protos.mspB\x10MspConfigPackageZ(github.com/hyperledger/fabric/protos/mspb\x06proto3') ) _sym_db.RegisterFileDescriptor(DESCRIPTOR) @@ -120,6 +120,27 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None), + _descriptor.FieldDescriptor( + name='crypto_config', full_name='msp.FabricMSPConfig.crypto_config', index=7, + number=8, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None), + _descriptor.FieldDescriptor( + name='tls_root_certs', full_name='msp.FabricMSPConfig.tls_root_certs', index=8, + number=9, type=12, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None), + _descriptor.FieldDescriptor( + name='tls_intermediate_certs', full_name='msp.FabricMSPConfig.tls_intermediate_certs', index=9, + number=10, type=12, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None), ], extensions=[ ], @@ -133,7 +154,45 @@ oneofs=[ ], serialized_start=73, - serialized_end=311, + serialized_end=415, +) + + +_FABRICCRYPTOCONFIG = _descriptor.Descriptor( + name='FabricCryptoConfig', + full_name='msp.FabricCryptoConfig', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='signature_hash_family', full_name='msp.FabricCryptoConfig.signature_hash_family', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None), + _descriptor.FieldDescriptor( + name='identity_identifier_hash_function', full_name='msp.FabricCryptoConfig.identity_identifier_hash_function', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=417, + serialized_end=511, ) @@ -170,8 +229,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=313, - serialized_end=395, + serialized_start=513, + serialized_end=595, ) @@ -208,8 +267,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=397, - serialized_end=452, + serialized_start=597, + serialized_end=652, ) @@ -221,7 +280,7 @@ containing_type=None, fields=[ _descriptor.FieldDescriptor( - name='certifiers_identifier', full_name='msp.FabricOUIdentifier.certifiers_identifier', index=0, + name='certificate', full_name='msp.FabricOUIdentifier.certificate', index=0, number=1, type=12, cpp_type=9, label=1, has_default_value=False, default_value=_b(""), message_type=None, enum_type=None, containing_type=None, @@ -246,15 +305,17 @@ extension_ranges=[], oneofs=[ ], - serialized_start=454, - serialized_end=545, + serialized_start=654, + serialized_end=735, ) _FABRICMSPCONFIG.fields_by_name['signing_identity'].message_type = _SIGNINGIDENTITYINFO _FABRICMSPCONFIG.fields_by_name['organizational_unit_identifiers'].message_type = _FABRICOUIDENTIFIER +_FABRICMSPCONFIG.fields_by_name['crypto_config'].message_type = _FABRICCRYPTOCONFIG _SIGNINGIDENTITYINFO.fields_by_name['private_signer'].message_type = _KEYINFO DESCRIPTOR.message_types_by_name['MSPConfig'] = _MSPCONFIG DESCRIPTOR.message_types_by_name['FabricMSPConfig'] = _FABRICMSPCONFIG +DESCRIPTOR.message_types_by_name['FabricCryptoConfig'] = _FABRICCRYPTOCONFIG DESCRIPTOR.message_types_by_name['SigningIdentityInfo'] = _SIGNINGIDENTITYINFO DESCRIPTOR.message_types_by_name['KeyInfo'] = _KEYINFO DESCRIPTOR.message_types_by_name['FabricOUIdentifier'] = _FABRICOUIDENTIFIER @@ -273,6 +334,13 @@ )) _sym_db.RegisterMessage(FabricMSPConfig) +FabricCryptoConfig = _reflection.GeneratedProtocolMessageType('FabricCryptoConfig', (_message.Message,), dict( + DESCRIPTOR = _FABRICCRYPTOCONFIG, + __module__ = 'msp.msp_config_pb2' + # @@protoc_insertion_point(class_scope:msp.FabricCryptoConfig) + )) +_sym_db.RegisterMessage(FabricCryptoConfig) + SigningIdentityInfo = _reflection.GeneratedProtocolMessageType('SigningIdentityInfo', (_message.Message,), dict( DESCRIPTOR = _SIGNINGIDENTITYINFO, __module__ = 'msp.msp_config_pb2' @@ -301,10 +369,10 @@ # THESE ELEMENTS WILL BE DEPRECATED. # Please use the generated *_pb2_grpc.py files instead. import grpc - from grpc.framework.common import cardinality - from grpc.framework.interfaces.face import utilities as face_utilities from grpc.beta import implementations as beta_implementations from grpc.beta import interfaces as beta_interfaces + from grpc.framework.common import cardinality + from grpc.framework.interfaces.face import utilities as face_utilities except ImportError: pass # @@protoc_insertion_point(module_scope) diff --git a/bddtests/msp/msp_config_pb2_grpc.py b/bddtests/msp/msp_config_pb2_grpc.py index d5557c12314..a89435267cb 100644 --- a/bddtests/msp/msp_config_pb2_grpc.py +++ b/bddtests/msp/msp_config_pb2_grpc.py @@ -1,5 +1,3 @@ # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! import grpc -from grpc.framework.common import cardinality -from grpc.framework.interfaces.face import utilities as face_utilities diff --git a/bddtests/msp/msp_principal_pb2.py b/bddtests/msp/msp_principal_pb2.py index 96a06ce3646..a03db4f229c 100644 --- a/bddtests/msp/msp_principal_pb2.py +++ b/bddtests/msp/msp_principal_pb2.py @@ -232,10 +232,10 @@ # THESE ELEMENTS WILL BE DEPRECATED. # Please use the generated *_pb2_grpc.py files instead. import grpc - from grpc.framework.common import cardinality - from grpc.framework.interfaces.face import utilities as face_utilities from grpc.beta import implementations as beta_implementations from grpc.beta import interfaces as beta_interfaces + from grpc.framework.common import cardinality + from grpc.framework.interfaces.face import utilities as face_utilities except ImportError: pass # @@protoc_insertion_point(module_scope) diff --git a/bddtests/msp/msp_principal_pb2_grpc.py b/bddtests/msp/msp_principal_pb2_grpc.py index d5557c12314..a89435267cb 100644 --- a/bddtests/msp/msp_principal_pb2_grpc.py +++ b/bddtests/msp/msp_principal_pb2_grpc.py @@ -1,5 +1,3 @@ # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT! import grpc -from grpc.framework.common import cardinality -from grpc.framework.interfaces.face import utilities as face_utilities diff --git a/bddtests/steps/bootstrap_util.py b/bddtests/steps/bootstrap_util.py index 55a05c336ee..0c8a9a473f3 100644 --- a/bddtests/steps/bootstrap_util.py +++ b/bddtests/steps/bootstrap_util.py @@ -830,9 +830,10 @@ def getMSPConfig(org, directory): org.name == nat.organization and "configadmin" in nat.nodeName.lower()]: adminCerts.append(crypto.dump_certificate(crypto.FILETYPE_PEM, cert)) cacerts = [org.getCertAsPEM()] + tls_root_certs = [org.getCertAsPEM()] # Currently only 1 component, CN= # name = self.getSelfSignedCert().get_subject().getComponents()[0][1] - fabricMSPConfig = msp_config_pb2.FabricMSPConfig(admins=adminCerts, root_certs=cacerts, name=org.name) + fabricMSPConfig = msp_config_pb2.FabricMSPConfig(admins=adminCerts, root_certs=cacerts, name=org.name, tls_root_certs=tls_root_certs) mspConfig = msp_config_pb2.MSPConfig(config=fabricMSPConfig.SerializeToString(), type=0) return mspConfig @@ -891,7 +892,12 @@ def _writeMspFiles(self, directory , project_name, compose_service, network): os.makedirs("{0}/{1}".format(localMspConfigPath, "signcerts")) os.makedirs("{0}/{1}".format(localMspConfigPath, "admincerts")) os.makedirs("{0}/{1}".format(localMspConfigPath, "cacerts")) + #TODO: Consider how to accomodate intermediate CAs + os.makedirs("{0}/{1}".format(localMspConfigPath, "intermediatecacerts")) os.makedirs("{0}/{1}".format(localMspConfigPath, "keystore")) + os.makedirs("{0}/{1}".format(localMspConfigPath, "tlscacerts")) + #TODO: Consider how to accomodate intermediate CAs + os.makedirs("{0}/{1}".format(localMspConfigPath, "tlsintermediatecacerts")) # Find the peer signer Tuple for this peer and add to signcerts folder for pnt, cert in [(peerNodeTuple, cert) for peerNodeTuple, cert in directory.ordererAdminTuples.items() if @@ -908,6 +914,8 @@ def _writeMspFiles(self, directory , project_name, compose_service, network): org_cert_as_pem = directory.getOrganization(pnt.organization).getCertAsPEM() with open("{0}/cacerts/{1}.pem".format(localMspConfigPath, pnt.organization), "w") as f: f.write(org_cert_as_pem) + with open("{0}/tlscacerts/{1}.pem".format(localMspConfigPath, pnt.organization), "w") as f: + f.write(org_cert_as_pem) # Find the peer admin Tuple for this peer and add to admincerts folder for pnt, cert in [(peerNodeTuple, cert) for peerNodeTuple, cert in directory.ordererAdminTuples.items() if