diff --git a/core/container/externalbuilders/externalbuilders.go b/core/container/externalbuilders/externalbuilders.go index bce3009440d..f9329040ae3 100644 --- a/core/container/externalbuilders/externalbuilders.go +++ b/core/container/externalbuilders/externalbuilders.go @@ -381,9 +381,9 @@ func (b *Builder) Release(buildContext *BuildContext) error { type RunConfig struct { CCID string `json:"chaincode_id"` PeerAddress string `json:"peer_address"` - ClientCert []byte `json:"client_cert"` - ClientKey []byte `json:"client_key"` - RootCert []byte `json:"root_cert"` + ClientCert string `json:"client_cert"` // PEM encoded client certifcate + ClientKey string `json:"client_key"` // PEM encoded client key + RootCert string `json:"root_cert"` // PEM encoded peer chaincode certificate } type RunStatus struct { @@ -422,9 +422,9 @@ func (b *Builder) Run(ccid, bldDir string, peerConnection *ccintf.PeerConnection } if peerConnection.TLSConfig != nil { - lc.ClientCert = peerConnection.TLSConfig.ClientCert - lc.ClientKey = peerConnection.TLSConfig.ClientKey - lc.RootCert = peerConnection.TLSConfig.RootCert + lc.ClientCert = string(peerConnection.TLSConfig.ClientCert) + lc.ClientKey = string(peerConnection.TLSConfig.ClientKey) + lc.RootCert = string(peerConnection.TLSConfig.RootCert) } launchDir, err := ioutil.TempDir("", "fabric-run") diff --git a/core/container/externalbuilders/testdata/goodbuilder/bin/run b/core/container/externalbuilders/testdata/goodbuilder/bin/run index 980371c8fd9..87caa36d3bd 100755 --- a/core/container/externalbuilders/testdata/goodbuilder/bin/run +++ b/core/container/externalbuilders/testdata/goodbuilder/bin/run @@ -1,11 +1,12 @@ #!/bin/bash -OUTPUT_JSON="$(jq -S . $2/chaincode.json)" +OUTPUT_JSON="$(jq -S . "$2/chaincode.json")" -EXPECTED_JSON="$(echo '{"chaincode_id":"test-ccid","peer_address":"fake-peer-address","client_cert":"ZmFrZS1jbGllbnQtY2VydA==","client_key":"ZmFrZS1jbGllbnQta2V5","root_cert":"ZmFrZS1yb290LWNlcnQ="}' | jq -S .)" +EXPECTED_JSON="$(echo '{"chaincode_id":"test-ccid","peer_address":"fake-peer-address","client_cert":"fake-client-cert","client_key":"fake-client-key","root_cert":"fake-root-cert"}' | jq -S .)" if [ "$OUTPUT_JSON" = "$EXPECTED_JSON" ] ; then exit 0 fi +echo "got $OUTPUT_JSON; want $EXPECTED_JSON" exit 1 diff --git a/integration/externalbuilders/binary/bin/run b/integration/externalbuilders/binary/bin/run index a7042aeaf26..78b8790d48f 100755 --- a/integration/externalbuilders/binary/bin/run +++ b/integration/externalbuilders/binary/bin/run @@ -14,21 +14,19 @@ fi OUTPUT=$1 ARTIFACTS=$2 -export CORE_CHAINCODE_ID_NAME="$(jq -r .chaincode_id $ARTIFACTS/chaincode.json)" -export CORE_TLS_CLIENT_CERT_PATH="$ARTIFACTS/client.crt" -export CORE_TLS_CLIENT_KEY_PATH="$ARTIFACTS/client.key" +# shellcheck disable=SC2155 +export CORE_CHAINCODE_ID_NAME="$(jq -r .chaincode_id "$ARTIFACTS/chaincode.json")" +export CORE_PEER_TLS_ENABLED="true" +export CORE_TLS_CLIENT_CERT_FILE="$ARTIFACTS/client.crt" +export CORE_TLS_CLIENT_KEY_FILE="$ARTIFACTS/client.key" export CORE_PEER_TLS_ROOTCERT_FILE="$ARTIFACTS/root.crt" -# Note, for strange historical reasons, the chaincode expects the cert and key -# to be base64 encoded, but not the root cert. -jq -r .client_cert $ARTIFACTS/chaincode.json > "$CORE_TLS_CLIENT_CERT_PATH" -jq -r .client_key $ARTIFACTS/chaincode.json > "$CORE_TLS_CLIENT_KEY_PATH" -jq -r .root_cert $ARTIFACTS/chaincode.json | base64 --decode > "$CORE_PEER_TLS_ROOTCERT_FILE" +jq -r .client_cert "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_CERT_FILE" +jq -r .client_key "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_KEY_FILE" +jq -r .root_cert "$ARTIFACTS/chaincode.json" > "$CORE_PEER_TLS_ROOTCERT_FILE" -if [ -z "$(cat $CORE_TLS_CLIENT_CERT_PATH)" ] ; then - export CORE_PEER_TLS_ENABLED=false -else - export CORE_PEER_TLS_ENABLED=true +if [ -z "$(jq -r .client_cert "$ARTIFACTS/chaincode.json")" ]; then + export CORE_PEER_TLS_ENABLED="false" fi -exec "$OUTPUT/chaincode" -peer.address=$(jq -r .peer_address "$ARTIFACTS/chaincode.json") +exec "$OUTPUT/chaincode" -peer.address="$(jq -r .peer_address "$ARTIFACTS/chaincode.json")" diff --git a/integration/externalbuilders/golang/bin/run b/integration/externalbuilders/golang/bin/run index 19a271fb0c9..78b8790d48f 100755 --- a/integration/externalbuilders/golang/bin/run +++ b/integration/externalbuilders/golang/bin/run @@ -21,9 +21,9 @@ export CORE_TLS_CLIENT_CERT_FILE="$ARTIFACTS/client.crt" export CORE_TLS_CLIENT_KEY_FILE="$ARTIFACTS/client.key" export CORE_PEER_TLS_ROOTCERT_FILE="$ARTIFACTS/root.crt" -jq -r .root_cert "$ARTIFACTS/chaincode.json" | base64 --decode > "$CORE_PEER_TLS_ROOTCERT_FILE" -jq -r .client_key "$ARTIFACTS/chaincode.json" | base64 --decode > "$CORE_TLS_CLIENT_KEY_FILE" -jq -r .client_cert "$ARTIFACTS/chaincode.json" | base64 --decode > "$CORE_TLS_CLIENT_CERT_FILE" +jq -r .client_cert "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_CERT_FILE" +jq -r .client_key "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_KEY_FILE" +jq -r .root_cert "$ARTIFACTS/chaincode.json" > "$CORE_PEER_TLS_ROOTCERT_FILE" if [ -z "$(jq -r .client_cert "$ARTIFACTS/chaincode.json")" ]; then export CORE_PEER_TLS_ENABLED="false"