From 33fb2b016636db335eeb364aabd1630f4eb5b4cb Mon Sep 17 00:00:00 2001 From: cdaughtr Date: Thu, 18 May 2017 16:46:04 -0400 Subject: [PATCH] FAB-4019 Add newCryptoKeyStore to FabricCAClientImpl Since the fabric-ca-client module can be used independently, the FabricCAClientImpl class needs to also include a newCryptoKeyStore function like the one provided with fabric-client on the Client class. Also made some doc updates, mostly formatting, to newCryptoSuite and newCryptoKeyStore in both Client and FabricCAClientImpl. Change-Id: I863c269186a2eb136b8fedeccc5b1d4d25aeeba8 Signed-off-by: cdaughtr --- fabric-ca-client/lib/FabricCAClientImpl.js | 45 +++++++++++++++++----- fabric-client/lib/Client.js | 25 ++++++------ test/unit/fabric-ca-client.js | 36 +++++++++++++++++ 3 files changed, 84 insertions(+), 22 deletions(-) diff --git a/fabric-ca-client/lib/FabricCAClientImpl.js b/fabric-ca-client/lib/FabricCAClientImpl.js index 1a80e2d3cc..47c5788f73 100644 --- a/fabric-ca-client/lib/FabricCAClientImpl.js +++ b/fabric-ca-client/lib/FabricCAClientImpl.js @@ -48,11 +48,11 @@ var FabricCAServices = class { * a single server. If omitted or null or an empty string, then the default CA is the target of requests * @param {CryptoSuite} cryptoSuite The optional cryptoSuite instance to be used if options other than defaults are needed. * If not specified, an instance of {@link CryptoSuite} will be constructed based on the current configuration settings: - * crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) - * crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA + *
- crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) + *
- crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA * is supported and the valid key sizes are 256 and 384 - * crypto-hash-algo: hashing algorithm - * key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A {@link CryptoKeyStore} + *
- crypto-hash-algo: hashing algorithm + *
- key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A {@link CryptoKeyStore} * is provided for this purpose, which can be used on top of any implementation of the {@link KeyValueStore} interface, * such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting. */ @@ -82,18 +82,27 @@ var FabricCAServices = class { /** * Returns a new instance of the CryptoSuite API implementation * + * If not specified, an instance of {@link CryptoSuite} will be constructed based on the current configuration settings: + *
- crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) + *
- crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA + * is supported and the valid key sizes are 256 and 384 + *
- crypto-hash-algo: hashing algorithm + *
- key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A {@link CryptoKeyStore} + * is provided for this purpose, which can be used on top of any implementation of the {@link KeyValueStore} interface, + * such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting. + * * @param {object} setting This optional parameter is an object with the following optional properties: - * - software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false) + *
- software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false) * default is true (for software based implementation), specific implementation module is specified * in the setting 'crypto-suite-software' - * - keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize' - * - algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" - * - hash {string}: 'SHA2' or 'SHA3' + *
- keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize' + *
- algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" + *
- hash {string}: 'SHA2' or 'SHA3' * @param {function} KVSImplClass Optional. The built-in key store saves private keys. The key store may be backed by different * {@link KeyValueStore} implementations. If specified, the value of the argument must point to a module implementing the * KeyValueStore interface. * @param {object} opts Implementation-specific option object used in the constructor - * returns a new instance of the CryptoSuite API implementation + * @returns a new instance of the CryptoSuite API implementation */ static newCryptoSuite(setting, KVSImplClass, opts) { return utils.newCryptoSuite(setting, KVSImplClass, opts); @@ -103,6 +112,24 @@ var FabricCAServices = class { return this.cryptoPrimitives; } + /** + * Returns a new instance of the CryptoKeyStore. + * + * When the application needs to use a key store other than the default, + * it should create a new CryptoKeyStore and set it on the CryptoSuite. + * + *

cryptosuite.setCryptoKeyStore(CAClient.newCryptoKeyStore(KVSImplClass, opts)) + * + * @param {function} KVSImplClass Optional. The built-in key store saves private keys. The key store may be backed by different + * {@link KeyValueStore} implementations. If specified, the value of the argument must point to a module implementing the + * KeyValueStore interface. + * @param {object} opts Implementation-specific option object used in the constructor + * @returns a new instance of the CryptoKeystore + */ + static newCryptoKeyStore (KVSImplClass, opts) { + return utils.newCryptoKeyStore(KVSImplClass, opts); + } + /** * Register the member and return an enrollment secret. * @param {Object} req Registration request with the following fields: diff --git a/fabric-client/lib/Client.js b/fabric-client/lib/Client.js index 985ca1e505..5396010aab 100644 --- a/fabric-client/lib/Client.js +++ b/fabric-client/lib/Client.js @@ -75,25 +75,24 @@ var Client = class { * Returns a new instance of the CryptoSuite API implementation. * * Creating a new CryptoSuite is optional and should be used if options other than defaults are needed. - * This instance should be set on the User and the Fabric CA Client. * * If not specified, an instance of {@link CryptoSuite} will be constructed based on the current configuration settings: - * crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) - * crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA + *
- crypto-hsm: use an implementation for Hardware Security Module (if set to true) or software-based key management (if set to false) + *
- crypto-keysize: security level, or key size, to use with the digital signature public key algorithm. Currently ECDSA * is supported and the valid key sizes are 256 and 384 - * crypto-hash-algo: hashing algorithm - * key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A {@link CryptoKeyStore} + *
- crypto-hash-algo: hashing algorithm + *
- key-value-store: some CryptoSuite implementation requires a key store to persist private keys. A {@link CryptoKeyStore} * is provided for this purpose, which can be used on top of any implementation of the {@link KeyValueStore} interface, * such as a file-based store or a database-based one. The specific implementation is determined by the value of this configuration setting. * * @param {object} setting This optional parameter is an object with the following optional properties: - * - software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false) + *
- software {boolean}: Whether to load a software-based implementation (true) or HSM implementation (false) * default is true (for software based implementation), specific implementation module is specified * in the setting 'crypto-suite-software' - * - keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize' - * - algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" - * - hash {string}: 'SHA2' or 'SHA3' - * returns a new instance of the CryptoSuite API implementation + *
- keysize {number}: The key size to use for the crypto suite instance. default is value of the setting 'crypto-keysize' + *
- algorithm {string}: Digital signature algorithm, currently supporting ECDSA only with value "EC" + *
- hash {string}: 'SHA2' or 'SHA3' + * @returns a new instance of the CryptoSuite API implementation */ newCryptoSuite(setting) { this._cryptoSuite = sdkUtils.newCryptoSuite(setting); @@ -114,13 +113,13 @@ var Client = class { * When the application needs to use a key store other than the default, * it should create a new CryptoKeyStore and set it on the CryptoSuite. * - * cryptosuite.setCryptoKeyStore(client.newCryptoKeyStore(KVSImplClass, opts)) + *

cryptosuite.setCryptoKeyStore(client.newCryptoKeyStore(KVSImplClass, opts)) * * @param {function} KVSImplClass Optional. The built-in key store saves private keys. The key store may be backed by different * {@link KeyValueStore} implementations. If specified, the value of the argument must point to a module implementing the * KeyValueStore interface. * @param {object} opts Implementation-specific option object used in the constructor - * returns a new instance of the CryptoKeystore + * @returns a new instance of the CryptoKeystore */ newCryptoKeyStore (KVSImplClass, opts) { return sdkUtils.newCryptoKeyStore(KVSImplClass, opts); @@ -229,7 +228,7 @@ var Client = class { } /** - * build an new MSP with the definition. + * Build a new MSP with the definition. * @parm {Object} which has the following the following fields: *
`id`: {string} value for the identifier of this instance *
`rootCerts`: array of {@link Identity} representing trust anchors for validating diff --git a/test/unit/fabric-ca-client.js b/test/unit/fabric-ca-client.js index 79edc7376a..95532a5c8e 100644 --- a/test/unit/fabric-ca-client.js +++ b/test/unit/fabric-ca-client.js @@ -234,6 +234,42 @@ test('FabricCAServices: Test newCryptoSuite() function', function(t) { t.end(); }); +// Test newCryptoKeyStore() function +test('FabricCAServices: Test newCryptoKeyStore() function', function(t) { + var tlsOptions = { + trustedRoots: [], + verify: false + }; + var CAClient = require('fabric-ca-client'); + + var crypto = CAClient.newCryptoSuite({software: true, keysize: 384}); + var keyValStorePath = path.join(testutil.getTempDir(), 'kvsTemp'); + if (!crypto._cryptoKeyStore) { + t.pass('cryptoKeyStore is not set on a new cryptoSuite'); + } else { + t.fail('cryptoKeyStore should not be set on a new cryptoSuite'); + } + + var cks = CAClient.newCryptoKeyStore({path:keyValStorePath}); + crypto.setCryptoKeyStore(cks); + + var client = new CAClient('http://localhost:7054', tlsOptions, 'peerOrg1', crypto); + + var crypto = client.getCrypto(); + + if (crypto && crypto._cryptoKeyStore) { + t.pass('Successfully called getCrypto() with cryptoKeyStore set'); + } + else { + if (!crypto) { + t.fail('getCrypto() did not return an object'); + } else { + t.fail('getCrypto() should contain a cryptoKeyStore'); + } + } + t.end(); +}); + // Test getCrypto() function test('FabricCAServices: Test getCrypto() function', function(t) { var ca = new FabricCAServices('http://localhost:7054');