登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

peter / fabric

代码 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
msp.go 7.01 KB
一键复制 编辑 原始数据 按行查看 历史
Chongxin Luo 提交于 2019-10-18 11:10 . [FAB-16873] fix cryptogen server TLS to admins
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336
/*

Copyright IBM Corp. All Rights Reserved.



SPDX-License-Identifier: Apache-2.0

*/

package msp



import (

	"crypto/x509"

	"encoding/pem"

	"os"

	"path/filepath"



	"github.com/hyperledger/fabric/internal/cryptogen/ca"

	"github.com/hyperledger/fabric/internal/cryptogen/csp"

	fabricmsp "github.com/hyperledger/fabric/msp"

	"github.com/pkg/errors"

	"gopkg.in/yaml.v2"

)



const (

	CLIENT = iota

	ORDERER

	PEER

	ADMIN

)



const (

	CLIENTOU  = "client"

	PEEROU    = "peer"

	ADMINOU   = "admin"

	ORDEREROU = "orderer"

)



var nodeOUMap = map[int]string{

	CLIENT:  CLIENTOU,

	PEER:    PEEROU,

	ADMIN:   ADMINOU,

	ORDERER: ORDEREROU,

}



func GenerateLocalMSP(

	baseDir,

	name string,

	sans []string,

	signCA *ca.CA,

	tlsCA *ca.CA,

	nodeType int,

	nodeOUs bool,

) error {



	// create folder structure

	mspDir := filepath.Join(baseDir, "msp")

	tlsDir := filepath.Join(baseDir, "tls")



	err := createFolderStructure(mspDir, true)

	if err != nil {

		return err

	}



	err = os.MkdirAll(tlsDir, 0755)

	if err != nil {

		return err

	}



	/*

		Create the MSP identity artifacts

	*/

	// get keystore path

	keystore := filepath.Join(mspDir, "keystore")



	// generate private key

	priv, err := csp.GeneratePrivateKey(keystore)

	if err != nil {

		return err

	}



	// generate X509 certificate using signing CA

	var ous []string

	if nodeOUs {

		ous = []string{nodeOUMap[nodeType]}

	}

	cert, err := signCA.SignCertificate(

		filepath.Join(mspDir, "signcerts"),

		name,

		ous,

		nil,

		&priv.PublicKey,

		x509.KeyUsageDigitalSignature,

		[]x509.ExtKeyUsage{},

	)

	if err != nil {

		return err

	}



	// write artifacts to MSP folders



	// the signing CA certificate goes into cacerts

	err = x509Export(

		filepath.Join(mspDir, "cacerts", x509Filename(signCA.Name)),

		signCA.SignCert,

	)

	if err != nil {

		return err

	}

	// the TLS CA certificate goes into tlscacerts

	err = x509Export(

		filepath.Join(mspDir, "tlscacerts", x509Filename(tlsCA.Name)),

		tlsCA.SignCert,

	)

	if err != nil {

		return err

	}



	// generate config.yaml if required

	if nodeOUs {



		exportConfig(mspDir, filepath.Join("cacerts", x509Filename(signCA.Name)), true)

	}



	// the signing identity goes into admincerts.

	// This means that the signing identity

	// of this MSP is also an admin of this MSP

	// NOTE: the admincerts folder is going to be

	// cleared up anyway by copyAdminCert, but

	// we leave a valid admin for now for the sake

	// of unit tests

	if !nodeOUs {

		err = x509Export(filepath.Join(mspDir, "admincerts", x509Filename(name)), cert)

		if err != nil {

			return err

		}

	}



	/*

		Generate the TLS artifacts in the TLS folder

	*/



	// generate private key

	tlsPrivKey, err := csp.GeneratePrivateKey(tlsDir)

	if err != nil {

		return err

	}



	// generate X509 certificate using TLS CA

	_, err = tlsCA.SignCertificate(

		filepath.Join(tlsDir),

		name,

		nil,

		sans,

		&tlsPrivKey.PublicKey,

		x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment,

		[]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth,

			x509.ExtKeyUsageClientAuth},

	)

	if err != nil {

		return err

	}

	err = x509Export(filepath.Join(tlsDir, "ca.crt"), tlsCA.SignCert)

	if err != nil {

		return err

	}



	// rename the generated TLS X509 cert

	tlsFilePrefix := "server"

	if nodeType == CLIENT || nodeType == ADMIN {

		tlsFilePrefix = "client"

	}

	err = os.Rename(filepath.Join(tlsDir, x509Filename(name)),

		filepath.Join(tlsDir, tlsFilePrefix+".crt"))

	if err != nil {

		return err

	}



	err = keyExport(tlsDir, filepath.Join(tlsDir, tlsFilePrefix+".key"))

	if err != nil {

		return err

	}



	return nil

}



func GenerateVerifyingMSP(

	baseDir string,

	signCA,

	tlsCA *ca.CA,

	nodeOUs bool,

) error {



	// create folder structure and write artifacts to proper locations

	err := createFolderStructure(baseDir, false)

	if err != nil {

		return err

	}

	// the signing CA certificate goes into cacerts

	err = x509Export(

		filepath.Join(baseDir, "cacerts", x509Filename(signCA.Name)),

		signCA.SignCert,

	)

	if err != nil {

		return err

	}

	// the TLS CA certificate goes into tlscacerts

	err = x509Export(

		filepath.Join(baseDir, "tlscacerts", x509Filename(tlsCA.Name)),

		tlsCA.SignCert,

	)

	if err != nil {

		return err

	}



	// generate config.yaml if required

	if nodeOUs {

		exportConfig(baseDir, "cacerts/"+x509Filename(signCA.Name), true)

	}



	// create a throwaway cert to act as an admin cert

	// NOTE: the admincerts folder is going to be

	// cleared up anyway by copyAdminCert, but

	// we leave a valid admin for now for the sake

	// of unit tests

	if nodeOUs {

		return nil

	}



	ksDir := filepath.Join(baseDir, "keystore")

	err = os.Mkdir(ksDir, 0755)

	defer os.RemoveAll(ksDir)

	if err != nil {

		return errors.WithMessage(err, "failed to create keystore directory")

	}

	priv, err := csp.GeneratePrivateKey(ksDir)

	if err != nil {

		return err

	}

	_, err = signCA.SignCertificate(

		filepath.Join(baseDir, "admincerts"),

		signCA.Name,

		nil,

		nil,

		&priv.PublicKey,

		x509.KeyUsageDigitalSignature,

		[]x509.ExtKeyUsage{},

	)

	if err != nil {

		return err

	}



	return nil

}



func createFolderStructure(rootDir string, local bool) error {



	var folders []string

	// create admincerts, cacerts, keystore and signcerts folders

	folders = []string{

		filepath.Join(rootDir, "admincerts"),

		filepath.Join(rootDir, "cacerts"),

		filepath.Join(rootDir, "tlscacerts"),

	}

	if local {

		folders = append(folders, filepath.Join(rootDir, "keystore"),

			filepath.Join(rootDir, "signcerts"))

	}



	for _, folder := range folders {

		err := os.MkdirAll(folder, 0755)

		if err != nil {

			return err

		}

	}



	return nil

}



func x509Filename(name string) string {

	return name + "-cert.pem"

}



func x509Export(path string, cert *x509.Certificate) error {

	return pemExport(path, "CERTIFICATE", cert.Raw)

}



func keyExport(keystore, output string) error {

	return os.Rename(filepath.Join(keystore, "priv_sk"), output)

}



func pemExport(path, pemType string, bytes []byte) error {

	//write pem out to file

	file, err := os.Create(path)

	if err != nil {

		return err

	}

	defer file.Close()



	return pem.Encode(file, &pem.Block{Type: pemType, Bytes: bytes})

}



func exportConfig(mspDir, caFile string, enable bool) error {

	var config = &fabricmsp.Configuration{

		NodeOUs: &fabricmsp.NodeOUs{

			Enable: enable,

			ClientOUIdentifier: &fabricmsp.OrganizationalUnitIdentifiersConfiguration{

				Certificate:                  caFile,

				OrganizationalUnitIdentifier: CLIENTOU,

			},

			PeerOUIdentifier: &fabricmsp.OrganizationalUnitIdentifiersConfiguration{

				Certificate:                  caFile,

				OrganizationalUnitIdentifier: PEEROU,

			},

			AdminOUIdentifier: &fabricmsp.OrganizationalUnitIdentifiersConfiguration{

				Certificate:                  caFile,

				OrganizationalUnitIdentifier: ADMINOU,

			},

			OrdererOUIdentifier: &fabricmsp.OrganizationalUnitIdentifiersConfiguration{

				Certificate:                  caFile,

				OrganizationalUnitIdentifier: ORDEREROU,

			},

		},

	}



	configBytes, err := yaml.Marshal(config)

	if err != nil {

		return err

	}



	file, err := os.Create(filepath.Join(mspDir, "config.yaml"))

	if err != nil {

		return err

	}



	defer file.Close()

	_, err = file.WriteString(string(configBytes))



	return err

}
1
https://gitee.com/peter_code_git/fabric.git
git@gitee.com:peter_code_git/fabric.git
peter_code_git
fabric
fabric
v2.1.1
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部
53164aa7 5694891 3bd8fe86 5694891