Skip to content

Commit

Permalink
[FAB-10474] Changed IsAdmin attr type to bool
Browse files Browse the repository at this point in the history 
IsAdmin is an attribute given to all users requesting
Idemix credential. The response to the idemix/credential
request contains a map of attribute name and value.
Currently, all values are converted to strings and sent as
strings in the map. With this change map is changed to
accept any type of value. So, a boolean value will be stored
in the map for the IsAdmin attribute.

Change-Id: I61b848cdabd65fbae88e8d1ca98f51b77396f154
Signed-off-by: Anil Ambati <[email protected]>
  • Loading branch information
Anil Ambati committed Jun 18, 2018
1 parent 4cd67f0 commit ab90eed
Show file tree
Hide file tree
Showing 10 changed files with 161 additions and 40 deletions.
8 changes: 5 additions & 3 deletions lib/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -456,13 +456,15 @@ func (c *Client) newIdemixEnrollmentResponse(identity *Identity, result *common.

// Create SignerConfig object with credential bytes from the response
// and secret key
isAdmin, _ := strconv.ParseBool(result.Attrs["Role"])
isAdmin, _ := result.Attrs["IsAdmin"].(bool)
ou, _ := result.Attrs["OU"].(string)
enrollmentID, _ := result.Attrs["EnrollmentID"].(string)
signerConfig := &idemixcred.SignerConfig{
Cred: credBytes,
Sk: idemix.BigToBytes(sk),
IsAdmin: isAdmin,
OrganizationalUnitIdentifier: result.Attrs["OU"],
EnrollmentID: result.Attrs["EnrollmentID"],
OrganizationalUnitIdentifier: ou,
EnrollmentID: enrollmentID,
CredentialRevocationInformation: criBytes,
}

Expand Down
2 changes: 1 addition & 1 deletion lib/common/serverresponses.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ type IdemixEnrollmentResponseNet struct {
// Base64 encoding of proto bytes of idemix.Credential
Credential string
// Attribute name-value pairs
Attrs map[string]string
Attrs map[string]interface{}
// Base64 encoding of proto bytes of idemix.CredentialRevocationInformation
CRI string
// Base64 encoding of the issuer nonce
Expand Down
15 changes: 9 additions & 6 deletions lib/server/idemix/enroll.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ type EnrollmentResponse struct {
// Base64 encoding of idemix Credential
Credential string
// Attribute name-value pairs
Attrs map[string]string
Attrs map[string]interface{}
// Base64 encoding of Credential Revocation information
CRI string
// Base64 encoding of the issuer nonce
Expand Down Expand Up @@ -183,9 +183,9 @@ func (h *EnrollRequestHandler) GenerateNonce() *fp256bn.BIG {

// GetAttributeValues returns attribute values of the caller of Idemix enroll request
func (h *EnrollRequestHandler) GetAttributeValues(caller spi.User, ipk *idemix.IssuerPublicKey,
rh *fp256bn.BIG) (map[string]string, []*fp256bn.BIG, error) {
rh *fp256bn.BIG) (map[string]interface{}, []*fp256bn.BIG, error) {
rc := []*fp256bn.BIG{}
attrMap := make(map[string]string)
attrMap := make(map[string]interface{})
for _, attrName := range ipk.AttributeNames {
if attrName == AttrEnrollmentID {
idBytes := []byte(caller.GetName())
Expand All @@ -203,18 +203,21 @@ func (h *EnrollRequestHandler) GetAttributeValues(caller spi.User, ipk *idemix.I
} else if attrName == AttrRevocationHandle {
rc = append(rc, rh)
attrMap[attrName] = util.B64Encode(idemix.BigToBytes(rh))
} else if attrName == AttrRole {
} else if attrName == AttrIsAdmin {
isAdmin := false
attrObj, err := caller.GetAttribute("isAdmin")
if err == nil {
isAdmin, err = strconv.ParseBool(attrObj.GetValue())
if err != nil {
log.Debugf("isAdmin attribute of user %s must be a boolean value", caller.GetName())
}
}
role := 0
if isAdmin {
role = 1
}
rc = append(rc, fp256bn.NewBIGint(int(role)))
attrMap[attrName] = strconv.FormatBool(isAdmin)
rc = append(rc, fp256bn.NewBIGint(role))
attrMap[attrName] = isAdmin
} else {
attrObj, err := caller.GetAttribute(attrName)
if err != nil {
Expand Down
6 changes: 3 additions & 3 deletions lib/server/idemix/issuercredential.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ import (
const (
// AttrEnrollmentID is the attribute name for enrollment ID
AttrEnrollmentID = "EnrollmentID"
// AttrRole is the attribute name for role
AttrRole = "Role"
// AttrIsAdmin is the attribute name for role
AttrIsAdmin = "IsAdmin"
// AttrOU is the attribute name for OU
AttrOU = "OU"
// AttrRevocationHandle is the attribute name for revocation handle
Expand Down Expand Up @@ -160,5 +160,5 @@ func (ic *caIdemixCredential) NewIssuerKey() (*idemix.IssuerKey, error) {

// GetAttributeNames returns attribute names supported by the Fabric CA for Idemix credentials
func GetAttributeNames() []string {
return []string{AttrOU, AttrRole, AttrEnrollmentID, AttrRevocationHandle}
return []string{AttrOU, AttrIsAdmin, AttrEnrollmentID, AttrRevocationHandle}
}
68 changes: 50 additions & 18 deletions swagger/swagger-fabric-ca.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -319,11 +319,11 @@
"Result": {
"type": "object",
"properties": {
"cert": {
"Cert": {
"type": "string",
"description": "The enrollment certificate in base 64 encoded format."
},
"cainfo": {
"ServerInfo": {
"type": "object",
"properties": {
"CAName": {
Expand Down Expand Up @@ -467,24 +467,24 @@
"Result": {
"type": "object",
"properties": {
"credential": {
"Credential": {
"type": "string",
"description": "The credential in base64 encoding of the bytes of the idemix.Credential proto buffer"
},
"nonce": {
"Nonce": {
"type": "string",
"description": "The nonce in base 64 encoded format"
},
"attrs": {
"Attrs": {
"type": "object",
"properties": {
"OU": {
"type": "string",
"description": "The Organizational Unit of the identity that requested the credential"
},
"IsAdmin": {
"type": "string",
"description": "'true' if the identity that requested the credential is an admin"
"type": "boolean",
"description": "true if the identity that requested the credential is an admin"
},
"EnrollmentID": {
"type": "string",
Expand All @@ -497,11 +497,11 @@
"EnrollmentID"
]
},
"cri": {
"CRI": {
"type": "string",
"description": "The cri base64 encoding of the bytes of the idemix.CredentialRevocationInformation proto buffer"
},
"cainfo": {
"CAInfo": {
"type": "object",
"properties": {
"CAName": {
Expand Down Expand Up @@ -797,9 +797,41 @@
"Result": {
"type": "object",
"properties": {
"cert": {
"Cert": {
"type": "string",
"description": "The enrollment certificate in base 64 encoded format."
},
"ServerInfo": {
"type": "object",
"properties": {
"CAName": {
"type": "string",
"description": "The name of the CA that issued the credential"
},
"CAChain": {
"type": "string",
"description": "Base 64 encoded PEM-encoded certificate chain of the CA's signing certificate"
},
"IssuerPublicKey": {
"type": "string",
"description": "Base 64 encoding of proto bytes of the CA's Idemix issuer public key"
},
"IssuerRevocationPublicKey": {
"type": "string",
"description": "Base 64 encoding of PEM-encoded bytes of the CA's Idemix issuer revocation public key"
},
"Version": {
"type": "string",
"description": "Version of the server"
}
},
"required": [
"CAName",
"CAChain",
"IssuerPublicKey",
"IssuerRevocationPublicKey",
"Version"
]
}
}
},
Expand Down Expand Up @@ -964,13 +996,13 @@
"Result": {
"type": "object",
"properties": {
"credentials": {
"secret": {
"type": "string",
"description": "The base64 encoded enrollment secret of the newly registered identity."
}
},
"required": [
"credentials"
"secret"
]
},
"Errors": {
Expand Down Expand Up @@ -1114,25 +1146,25 @@
"Result": {
"type": "object",
"properties": {
"revokedcerts": {
"RevokedCerts": {
"type": "array",
"description": "An array of revoked certificates",
"items": {
"type": "object",
"description": "A revoked certificate",
"properties": {
"serial": {
"Serial": {
"type": "string",
"description": "Serial number of the revoked certificate"
},
"aki": {
"AKI": {
"type": "string",
"description": "Authority Key Identifier (AKI) of the revoked certificate"
}
}
}
},
"crl": {
"CRL": {
"type": "string",
"description": "base64 encoded PEM-encoded CRL"
}
Expand Down Expand Up @@ -1272,13 +1304,13 @@
"Result": {
"type": "object",
"properties": {
"crl": {
"CRL": {
"type": "string",
"description": "base64 encoded PEM-encoded CRL"
}
},
"required": [
"crl"
"CRL"
]
},
"Errors": {
Expand Down
Binary file modified testdata/IdemixPublicKey
View file
Binary file not shown.
2 changes: 1 addition & 1 deletion testdata/IdemixSecretKey
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
T�ɟPbA5��$&�^"v,ԉu�}�V��2
�Zf���G����+��sO��m��g��a˔mǓ
2 changes: 1 addition & 1 deletion testdata/IdemixSignerConfig
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"Cred":"CkQKIHI9eH0EytkPRRIa0qSeEnIYjf4nnZ4irAtIaE0ZNWPeEiC9z/0kv0cqxUorqJDRlrq+Jt1TrvmGtmhFHo8AfYci6RJECiCQw6rOdjSXdyHXXIb7FsgqtsGmNkNQXnXLXy7fC17KsxIgCkW6P7tofG5etEBKTGgteeMDA1vbaaAFPRAtbr0yIwsaIAUVLSRASlZc7+ql/4SDKNbbrDxiD6pJEeaZzrvtM/d5IiDDQRbdG9mxvArDKRrrMv1SSUrdymfR9SPhifSMS5G0tiog47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFUqIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKiCMaXbltUEEFb3pCL1N7hXfsWepyHP8S7ioH28qtEipGCogAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=","Sk":"ZIHrXtZbdr+JDLXGleDeUD2FPZW5v1wURfH9RfO+JWc=","enrollment_id":"admin","credential_revocation_information":"CAESiAEKIP4MM1C0yWwgKFYPV3wokTrOHFOaEr+EPNImFraJwJ77EiBOpmBXc4rAVNta4cY32BO5JN144ofQNYnSae00o35qKxogcCBG58VCo7N2dw11Ek4+Ue/LJHWNYVhI6Qm0gb7cJ/8iIAVU47zTiMKQQu6mSSl+sp+LTL6AghqYs+ASgRFKrQSbGmCR3hzRBkhQN7JFUGDAOPtpOTwn7HN0ZlIKAi3xGm4qjGZ+4NXZKUV/D99Vmp88fTb6Nh7KrFt/sUPy+jl2y0SksfLzpiejrOvVtcsMt7fivZcggfoqtgUjeBgCxCHPN38="}
{"Cred":"CkQKIANA0MxA4nlDiJLazLl2Shze2Kp7c1IgQQU3Cs0yGtxgEiAmK8THjo4BghMg680kAz0hMxDA6c6yNn6WdvkIMUzoOhJECiBDhNbtosc6w8XWohyXyph53vbnPJVfSpVlOOAQg66kVBIgMSojMFJGyAOcbhpfiJ4R4uF7GtaytklgaSNUJ3vA5g8aIEL0K/xFis/htNVeGc7bcpBgkl6t3ITETr0zN23EfhCuIiDPDYVkzsy4hXtr/HckaIHeTC2esPSKGBPPuV6mVjQHKiog47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFUqIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKiCMaXbltUEEFb3pCL1N7hXfsWepyHP8S7ioH28qtEipGCogAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE=","Sk":"g5ulj4NjVbZ0tmupk2oHcbhS9owj3ktVZ6ZANTvCbVw=","enrollment_id":"admin","credential_revocation_information":"CAESiAEKIP4MM1C0yWwgKFYPV3wokTrOHFOaEr+EPNImFraJwJ77EiBOpmBXc4rAVNta4cY32BO5JN144ofQNYnSae00o35qKxogcCBG58VCo7N2dw11Ek4+Ue/LJHWNYVhI6Qm0gb7cJ/8iIAVU47zTiMKQQu6mSSl+sp+LTL6AghqYs+ASgRFKrQSbGmCg7mxyBleswYrP/l8uv4j4UuEgHFNW1OA5X1i74RCpTmvaijwkzky5D2+YDI2l0GBBC3A3ea9EvQqn1dN4JG/fDMM4MFf7ph0M//sqkeppR6KOl1p+ECZVVeNjn2omXcc="}
2 changes: 1 addition & 1 deletion util/util.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -355,7 +355,7 @@ func GetRSAPrivateKey(raw []byte) (*rsa.PrivateKey, error) {
if err == nil {
return RSAprivKey, nil
}
key, err2 := x509.ParsePKCS8PrivateKey(raw)
key, err2 := x509.ParsePKCS8PrivateKey(decoded.Bytes)
if err2 == nil {
switch key.(type) {
case *ecdsa.PrivateKey:
Expand Down
Loading

0 comments on commit ab90eed

Please sign in to comment.