Skip to content

Commit

Permalink
fix up
Browse files Browse the repository at this point in the history
Signed-off-by: Sam Yuan <[email protected]>
  • Loading branch information
SamYuan1990 committed Mar 13, 2022
1 parent cc87e6d commit 6e375fe
Show file tree
Hide file tree
Showing 6 changed files with 35 additions and 47 deletions.
24 changes: 24 additions & 0 deletions bccsp/bccsp.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,12 @@ import (
"crypto"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"hash"
"math/big"
"time"

"github.com/pkg/errors"
)

type Cert interface {
Expand Down Expand Up @@ -163,3 +166,24 @@ type BCCSP interface {
// The opts argument should be appropriate for the algorithm used.
Decrypt(k Key, ciphertext []byte, opts DecrypterOpts) (plaintext []byte, err error)
}

func GetCertFromPem(idBytes []byte) (*x509.Certificate, error) {
if idBytes == nil {
return nil, errors.New("getCertFromPem error: nil idBytes")
}

// Decode the pem bytes
pemCert, _ := pem.Decode(idBytes)
if pemCert == nil {
return nil, errors.Errorf("getCertFromPem error: could not decode pem bytes [%v]", idBytes)
}

// get a cert
var cert *x509.Certificate
cert, err := x509.ParseCertificate(pemCert.Bytes)
if err != nil {
return nil, errors.Wrap(err, "getCertFromPem error: failed to parse x509 cert")
}

return cert, nil
}
2 changes: 1 addition & 1 deletion msp/identities.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ func newIdentity(idBytes []byte, msp *bccspmsp) (Identity, error) {
}

// get a cert
cert, err := msp.getCertFromPem(idBytes)
cert, err := bccsp.GetCertFromPem(idBytes)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion msp/msp_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -823,7 +823,7 @@ func TestCertificationIdentifierComputation(t *testing.T) {
id, err := localMsp.GetDefaultSigningIdentity()
require.NoError(t, err)

chain, err := localMsp.(*bccspmsp).getCertificationChain(id.GetPublicVersion())
chain, err := localMsp.(*bccspmsp).getCertificationChainForBCCSPIdentity(id.GetPublicVersion().(*identity))
require.NoError(t, err)

// Hash the chain
Expand Down
38 changes: 1 addition & 37 deletions msp/mspimpl.go
Original file line number Diff line number Diff line change
Expand Up @@ -163,27 +163,6 @@ func NewBccspMspWithKeyStore(version MSPVersion, keyStore bccsp.KeyStore, bccsp
return thisMSP, nil
}

func (msp *bccspmsp) getCertFromPem(idBytes []byte) (*x509.Certificate, error) {
if idBytes == nil {
return nil, errors.New("getCertFromPem error: nil idBytes")
}

// Decode the pem bytes
pemCert, _ := pem.Decode(idBytes)
if pemCert == nil {
return nil, errors.Errorf("getCertFromPem error: could not decode pem bytes [%v]", idBytes)
}

// get a cert
var cert *x509.Certificate
cert, err := x509.ParseCertificate(pemCert.Bytes)
if err != nil {
return nil, errors.Wrap(err, "getCertFromPem error: failed to parse x509 cert")
}

return cert, nil
}

func (msp *bccspmsp) getIdentityFromBytes(idBytes []byte) (Identity, error) {
if idBytes == nil {
return nil, errors.New("getCertFromPem error: nil idBytes")
Expand Down Expand Up @@ -649,21 +628,6 @@ func (msp *bccspmsp) isInAdmins(id *identity) bool {
return false
}

// getCertificationChain returns the certification chain of the passed identity within this msp
func (msp *bccspmsp) getCertificationChain(id Identity) ([]*x509.Certificate, error) {
mspLogger.Debugf("MSP %s getting certification chain", msp.name)

switch id := id.(type) {
// If this identity is of this specific type,
// this is how I can validate it given the
// root of trust this MSP has
case *identity:
return msp.getCertificationChainForBCCSPIdentity(id)
default:
return nil, errors.New("identity type not recognized")
}
}

// getCertificationChainForBCCSPIdentity returns the certification chain of the passed bccsp identity within this msp
func (msp *bccspmsp) getCertificationChainForBCCSPIdentity(id *identity) ([]*x509.Certificate, error) {
if id == nil {
Expand Down Expand Up @@ -828,7 +792,7 @@ func (msp *bccspmsp) getValidationChain(cert *x509.Certificate, isIntermediateCh
// getCertificationChainIdentifier returns the certification chain identifier of the passed identity within this msp.
// The identifier is computes as the SHA256 of the concatenation of the certificates in the chain.
func (msp *bccspmsp) getCertificationChainIdentifier(id Identity) ([]byte, error) {
chain, err := msp.getCertificationChain(id)
chain, err := msp.getCertificationChainForBCCSPIdentity(id.(*identity))
if err != nil {
return nil, errors.WithMessagef(err, "failed getting certification chain for [%v]", id)
}
Expand Down
10 changes: 5 additions & 5 deletions msp/mspimplsetup.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (

func (msp *bccspmsp) getCertifiersIdentifier(certRaw []byte) ([]byte, error) {
// 1. check that certificate is registered in msp.rootCerts or msp.intermediateCerts
cert, err := msp.getCertFromPem(certRaw)
cert, err := bccsp.GetCertFromPem(certRaw)
if err != nil {
return nil, fmt.Errorf("Failed getting certificate for [%v]: [%s]", certRaw, err)
}
Expand Down Expand Up @@ -114,14 +114,14 @@ func (msp *bccspmsp) setupCAs(conf *m.FabricMSPConfig) error {
// will be recreated using the sanitized certs.
msp.opts = &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()}
for _, v := range conf.RootCerts {
cert, err := msp.getCertFromPem(v)
cert, err := bccsp.GetCertFromPem(v)
if err != nil {
return err
}
msp.opts.Roots.AddCert(cert)
}
for _, v := range conf.IntermediateCerts {
cert, err := msp.getCertFromPem(v)
cert, err := bccsp.GetCertFromPem(v)
if err != nil {
return err
}
Expand Down Expand Up @@ -456,7 +456,7 @@ func (msp *bccspmsp) setupTLSCAs(conf *m.FabricMSPConfig) error {
msp.tlsRootCerts = make([][]byte, len(conf.TlsRootCerts))
rootCerts := make([]*x509.Certificate, len(conf.TlsRootCerts))
for i, trustedCert := range conf.TlsRootCerts {
cert, err := msp.getCertFromPem(trustedCert)
cert, err := bccsp.GetCertFromPem(trustedCert)
if err != nil {
return err
}
Expand All @@ -470,7 +470,7 @@ func (msp *bccspmsp) setupTLSCAs(conf *m.FabricMSPConfig) error {
msp.tlsIntermediateCerts = make([][]byte, len(conf.TlsIntermediateCerts))
intermediateCerts := make([]*x509.Certificate, len(conf.TlsIntermediateCerts))
for i, trustedCert := range conf.TlsIntermediateCerts {
cert, err := msp.getCertFromPem(trustedCert)
cert, err := bccsp.GetCertFromPem(trustedCert)
if err != nil {
return err
}
Expand Down
6 changes: 3 additions & 3 deletions msp/mspimplsetup_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func TestCAValidation(t *testing.T) {
mspImpl := &bccspmsp{
opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
}
cert, err := mspImpl.getCertFromPem([]byte(caCert))
cert, err := bccsp.GetCertFromPem([]byte(caCert))
gt.Expect(err).NotTo(gomega.HaveOccurred())

mspImpl.opts.Roots.AddCert(cert)
Expand All @@ -129,7 +129,7 @@ func TestCAValidation(t *testing.T) {
mspImpl := &bccspmsp{
opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
}
cert, err := mspImpl.getCertFromPem([]byte(nonCACert))
cert, err := bccsp.GetCertFromPem([]byte(nonCACert))
gt.Expect(err).NotTo(gomega.HaveOccurred())

mspImpl.opts.Roots.AddCert(cert)
Expand All @@ -145,7 +145,7 @@ func TestCAValidation(t *testing.T) {
mspImpl := &bccspmsp{
opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
}
cert, err := mspImpl.getCertFromPem([]byte(caWithoutSKI))
cert, err := bccsp.GetCertFromPem([]byte(caWithoutSKI))
gt.Expect(err).NotTo(gomega.HaveOccurred())

mspImpl.opts.Roots.AddCert(cert)
Expand Down

0 comments on commit 6e375fe

Please sign in to comment.