FAB-5892 Facilitate Integration with configuration

Change-Id: Id571d1e30a57bcfe3db671d000cbf2d82c66a86f
Signed-off-by: rickr <cr22rc@gmail.com>

pom.xml

@@ -98,7 +98,7 @@
         <dependency>
             <groupId>com.google.protobuf</groupId>
             <artifactId>protobuf-java</artifactId>
-            <version>3.3.1</version>
+            <version>3.4.0</version>
         </dependency>
         <!-- https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on -->
         <dependency>

src/main/java/org/hyperledger/fabric/sdk/Endpoint.java

@@ -14,9 +14,12 @@
 
 package org.hyperledger.fabric.sdk;
 
-import java.io.File;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -44,7 +47,6 @@
 import org.bouncycastle.asn1.x500.style.BCStyle;
 import org.bouncycastle.asn1.x500.style.IETFUtils;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
-import org.hyperledger.fabric.sdk.helper.Utils;
 import org.hyperledger.fabric.sdk.security.CryptoPrimitives;
 
 import static org.hyperledger.fabric.sdk.helper.Utils.parseGrpcUrl;
@@ -64,10 +66,10 @@ class Endpoint {
         logger.trace(String.format("Creating endpoint for url %s", url));
         this.url = url;
 
-        String pem = null;
         String cn = null;
         String sslp = null;
         String nt = null;
+        byte[] pemBytes = null;
 
         Properties purl = parseGrpcUrl(url);
         String protocol = purl.getProperty("protocol");
@@ -76,33 +78,42 @@ class Endpoint {
 
         if (properties != null) {
             if ("grpcs".equals(protocol)) {
-                try {
-                    pem = properties.getProperty("pemFile");
-                    cn = properties.getProperty("hostnameOverride");
-
-                    if (cn == null && "true".equals(properties.getProperty("trustServerCertificate"))) {
+                if (properties.containsKey("pemFile") && properties.containsKey("pemBytes")) {
+                    throw new RuntimeException("Properties \"pemBytes\" and \"pemBytes\" can not be both set.");
+                }
+                if (properties.containsKey("pemFile")) {
+                    Path path = Paths.get(properties.getProperty("pemFile"));
+                    try {
+                        pemBytes = Files.readAllBytes(path);
+                    } catch (IOException e) {
+                        throw new RuntimeException(e);
+                    }
+                } else if (properties.containsKey("pemBytes")) {
+                    pemBytes = (byte[]) properties.get("pemBytes");
+                }
+                if (null != pemBytes) {
+                    try {
+                        cn = properties.getProperty("hostnameOverride");
 
-                        File pemF = new File(pem);
-                        final String cnKey = pemF.getAbsolutePath() + pemF.length() + pemF.lastModified();
+                        if (cn == null && "true".equals(properties.getProperty("trustServerCertificate"))) {
+                            final String cnKey = new String(pemBytes, StandardCharsets.UTF_8);
 
-                        cn = CN_CACHE.get(cnKey);
-                        if (cn == null) {
-                            Path path = Paths.get(pem);
-                            byte[] data = Files.readAllBytes(path);
+                            cn = CN_CACHE.get(cnKey);
+                            if (cn == null) {
+                                CryptoPrimitives cp = new CryptoPrimitives();
 
-                            CryptoPrimitives cp = new CryptoPrimitives();
+                                X500Name x500name = new JcaX509CertificateHolder((X509Certificate) cp.bytesToCertificate(pemBytes)).getSubject();
+                                RDN rdn = x500name.getRDNs(BCStyle.CN)[0];
+                                cn = IETFUtils.valueToString(rdn.getFirst().getValue());
+                                CN_CACHE.put(cnKey, cn);
+                            }
 
-                            X500Name x500name = new JcaX509CertificateHolder((X509Certificate) cp.bytesToCertificate(data)).getSubject();
-                            RDN rdn = x500name.getRDNs(BCStyle.CN)[0];
-                            cn = IETFUtils.valueToString(rdn.getFirst().getValue());
-                            CN_CACHE.put(cnKey, cn);
                         }
+                    } catch (Exception e) {
+                        /// Mostly a development env. just log it.
+                        logger.error("Error getting Subject CN from certificate. Try setting it specifically with hostnameOverride property. " + e.getMessage());
 
                     }
-                } catch (Exception e) {
-                    /// Mostly a development env. just log it.
-                    logger.error("Error getting Subject CN from certificate. Try setting it specifically with hostnameOverride property. " + e.getMessage());
-
                 }
 
                 sslp = properties.getProperty("sslProvider");
@@ -130,7 +141,7 @@ class Endpoint {
                         .usePlaintext(true);
                 addNettyBuilderProps(channelBuilder, properties);
             } else if (protocol.equalsIgnoreCase("grpcs")) {
-                if (Utils.isNullOrEmpty(pem)) {
+                if (pemBytes == null) {
                     // use root certificate
                     this.channelBuilder = NettyChannelBuilder.forAddress(addr, port);
                     addNettyBuilderProps(channelBuilder, properties);
@@ -140,8 +151,9 @@ class Endpoint {
                         SslProvider sslprovider = sslp.equals("openSSL") ? SslProvider.OPENSSL : SslProvider.JDK;
                         NegotiationType ntype = nt.equals("TLS") ? NegotiationType.TLS : NegotiationType.PLAINTEXT;
 
+                        InputStream myInputStream = new ByteArrayInputStream(pemBytes);
                         SslContext sslContext = GrpcSslContexts.forClient()
-                                .trustManager(new File(pem))
+                                .trustManager(myInputStream)
                                 .sslProvider(sslprovider)
                                 .build();
                         this.channelBuilder = NettyChannelBuilder.forAddress(addr, port)

src/main/java/org/hyperledger/fabric/sdk/EventHub.java

@@ -303,7 +303,7 @@ public void onCompleted() {
 
         }
 
-        logger.info(format("Eventhub %s connect is done with connect status: %b ", name, connected));
+        logger.debug(format("Eventhub %s connect is done with connect status: %b ", name, connected));
 
         if (connected) {
             eventStream = eventStreamLocal;

src/main/java/org/hyperledger/fabric/sdk/security/CryptoPrimitives.java

@@ -257,18 +257,47 @@ public void addCACertificateToTrustStore(File caCertPem, String alias) throws Cr
             throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store");
         }
 
-
         BufferedInputStream bis;
         try {
 
             bis = new BufferedInputStream(new ByteArrayInputStream(FileUtils.readFileToByteArray(caCertPem)));
             Certificate caCert = cf.generateCertificate(bis);
-            this.addCACertificateToTrustStore(caCert, alias);
+            addCACertificateToTrustStore(caCert, alias);
         } catch (CertificateException | IOException e) {
             throw new CryptoException("Unable to add CA certificate to trust store. Error: " + e.getMessage(), e);
         }
     }
 
+    /**
+     * addCACertificateToTrustStore adds a CA cert to the set of certificates used for signature validation
+     *
+     * @param bytes an X.509 certificate in PEM format in bytes
+     * @param alias an alias associated with the certificate. Used as shorthand for the certificate during crypto operations
+     * @throws CryptoException
+     * @throws InvalidArgumentException
+     */
+    public void addCACertificateToTrustStore(byte[] bytes, String alias) throws CryptoException, InvalidArgumentException {
+
+        if (bytes == null) {
+            throw new InvalidArgumentException("The certificate cannot be null");
+        }
+
+        if (alias == null || alias.isEmpty()) {
+            throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store");
+        }
+
+        BufferedInputStream bis;
+        try {
+
+            bis = new BufferedInputStream(new ByteArrayInputStream(bytes));
+            Certificate caCert = cf.generateCertificate(bis);
+            addCACertificateToTrustStore(caCert, alias);
+
+        } catch (CertificateException e) {
+            throw new CryptoException("Unable to add CA certificate to trust store. Error: " + e.getMessage(), e);
+        }
+    }
+
     /**
      * addCACertificateToTrustStore adds a CA cert to the set of certificates used for signature validation
      *