Skip to content

Commit

Permalink
BE-773 Add Fabric CA support (#135)
Browse files Browse the repository at this point in the history
When specifying certificateAuthorities in connection profile,
generate certificates for admin user to access fabric network
using Fabric CA.

Signed-off-by: Atsushi Neki <atsushin@fast.au.fujitsu.com>
  • Loading branch information
nekia authored Jul 9, 2020
1 parent 8cccc2c commit 864b622
Show file tree
Hide file tree
Showing 8 changed files with 167 additions and 68 deletions.
1 change: 1 addition & 0 deletions app/platform/fabric/FabricClient.js
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ class FabricClient {
} catch (error) {
// TODO in case of the failure, should terminate explorer?
logger.error(error);
throw new ExplorerError(error);
}

// Getting channels from queryChannels
Expand Down
58 changes: 47 additions & 11 deletions app/platform/fabric/FabricConfig.js
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ class FabricConfig {
* @memberof FabricConfig
*/
getAdminUser() {
return this.config.client.adminUser;
return this.config.client.adminCredential.id;
}

/**
Expand All @@ -116,8 +116,8 @@ class FabricConfig {
* @returns
* @memberof FabricConfig
*/
getNetworkName() {
return this.config.name;
getAdminPassword() {
return this.config.client.adminCredential.password;
}

/**
Expand All @@ -126,8 +126,38 @@ class FabricConfig {
* @returns
* @memberof FabricConfig
*/
getAdminPassword() {
return this.config.client.adminPassword;
getAdminAffiliation() {
return this.config.client.adminCredential.affiliation;
}

/**
*
*
* @returns
* @memberof FabricConfig
*/
getCaAdminUser() {
return this.config.client.caCredential.id;
}

/**
*
*
* @returns
* @memberof FabricConfig
*/
getCaAdminPassword() {
return this.config.client.caCredential.password;
}

/**
*
*
* @returns
* @memberof FabricConfig
*/
getNetworkName() {
return this.config.name;
}

/**
Expand Down Expand Up @@ -178,14 +208,20 @@ class FabricConfig {
* @returns
* @memberof FabricConfig
*/
getOrganizationsConfig() {
getOrgSignedCertPath() {
const organization = this.config.organizations[this.getOrganization()];
return organization.signedCert.path;
}

const orgMsp = organization.mspid;
const adminPrivateKeyPath = organization.adminPrivateKey.path;
const signedCertPath = organization.signedCert.path;

return { orgMsp, adminPrivateKeyPath, signedCertPath };
/**
*
*
* @returns
* @memberof FabricConfig
*/
getOrgAdminPrivateKeyPath() {
const organization = this.config.organizations[this.getOrganization()];
return organization.adminPrivateKey.path;
}

/**
Expand Down
23 changes: 21 additions & 2 deletions app/platform/fabric/connection-profile/first-network.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@
"license": "Apache-2.0",
"client": {
"tlsEnable": true,
"adminUser": "admin",
"adminPassword": "adminpw",
"caCredential": {
"id": "admin",
"password": "adminpw"
},
"adminCredential": {
"id": "exploreradmin",
"password": "exploreradminpw",
"affiliation": "org1.department1"
},
"enableAuthentication": true,
"organization": "Org1MSP",
"connection": {
Expand Down Expand Up @@ -55,5 +62,17 @@
"ssl-target-name-override": "peer0.org1.example.com"
}
}
},
"certificateAuthorities": {
"ca0": {
"url": "https://localhost:7054",
"httpOptions": {
"verify": false
},
"tlsCACerts": {
"path": "/fabric-path/fabric-samples/first-network/crypto-config/peerOrganizations/org1/ca/ca.org1-cert.pem"
},
"caName": "ca0-org1"
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@
"license": "Apache-2.0",
"client": {
"tlsEnable": true,
"adminUser": "admin",
"adminPassword": "adminpw",
"caCredential": {
"id": "admin",
"password": "adminpw"
},
"adminCredential": {
"id": "exploreradmin",
"password": "exploreradminpw",
"affiliation": "org1.department1"
},
"enableAuthentication": false,
"organization": "org1",
"connection": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,15 @@
"license": "Apache-2.0",
"client": {
"tlsEnable": true,
"adminUser": "admin",
"adminPassword": "adminpw",
"caCredential": {
"id": "admin",
"password": "adminpw"
},
"adminCredential": {
"id": "exploreradmin",
"password": "exploreradminpw",
"affiliation": "org2.department1"
},
"organization": "org2",
"enableAuthentication": false,
"connection": {
Expand Down
24 changes: 12 additions & 12 deletions app/platform/fabric/e2e-test/specs/apitest_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,12 +132,12 @@ var _ = Describe("REST API Test Suite - Single profile", func() {

It("login to org1-network", func() {

resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{})
resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{})
result := resp.Result().(*LoginResponse)
token = result.Token

Expect(result.User.Message).Should(Equal("logged in"))
Expect(result.User.Name).Should(Equal("admin"))
Expect(result.User.Name).Should(Equal("exploreradmin"))
})

It("get channels", func() {
Expand Down Expand Up @@ -374,24 +374,24 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() {

Context("/auth/login", func() {
It("login to org1-network", func() {
resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{})
resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{})
result := resp.Result().(*LoginResponse)
Expect(result.User.Message).Should(Equal("logged in"))
Expect(result.User.Name).Should(Equal("admin"))
Expect(result.User.Name).Should(Equal("exploreradmin"))
})

It("login to org2-network", func() {
resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{})
resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{})
result := resp.Result().(*LoginResponse)
Expect(result.User.Message).Should(Equal("logged in"))
Expect(result.User.Name).Should(Equal("admin"))
Expect(result.User.Name).Should(Equal("exploreradmin"))
})
})

Context("/api/channels", func() {
It("get channels for Org1", func() {
// For org1
resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{})
resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{})
resultLogin := resp.Result().(*LoginResponse)
token := resultLogin.Token
Expect(resultLogin.User.Message).Should(Equal("logged in"))
Expand All @@ -404,7 +404,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() {

It("get channels for Org2", func() {
// For org2
resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{})
resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{})
resultLogin := resp.Result().(*LoginResponse)
token := resultLogin.Token
Expect(resultLogin.User.Message).Should(Equal("logged in"))
Expand All @@ -420,7 +420,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() {

It("get channels info for org1", func() {

resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{})
resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{})
result1 := resp1.Result().(*LoginResponse)
token := result1.Token
Expect(result1.User.Message).Should(Equal("logged in"))
Expand Down Expand Up @@ -484,7 +484,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() {

It("get channels info for org2", func() {

resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{})
resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{})
result1 := resp1.Result().(*LoginResponse)
token := result1.Token
Expect(result1.User.Message).Should(Equal("logged in"))
Expand Down Expand Up @@ -552,7 +552,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() {

It("get block info for org1", func() {

resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{})
resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{})
result1 := resp1.Result().(*LoginResponse)
token := result1.Token
Expect(result1.User.Message).Should(Equal("logged in"))
Expand Down Expand Up @@ -583,7 +583,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() {

It("get block info for org2", func() {

resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{})
resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{})
result1 := resp1.Result().(*LoginResponse)
token := result1.Token
Expect(result1.User.Message).Should(Equal("logged in"))
Expand Down
Loading

0 comments on commit 864b622

Please sign in to comment.