[FAB-3128] Added re-enroll

Signed-off-by: biljana lukovic <biljana.lukovic@securekey.com>

Change-Id: I55862204ef71f69bc88c79fe2259f7cb8365699a
Signed-off-by: biljana lukovic <biljana.lukovic@securekey.com>

Author: biljanaLukovic

fabric-ca-client/fabricca.go

@@ -38,6 +38,8 @@ var logger = logging.MustGetLogger("fabric_sdk_go")
 // Services ...
 type Services interface {
 	Enroll(enrollmentID string, enrollmentSecret string) ([]byte, []byte, error)
+	//reenroll  to renew user's enrollment certificate
+	Reenroll(user fabricclient.User) ([]byte, []byte, error)
 	Register(registrar fabricclient.User, request *RegistrationRequest) (string, error)
 	Revoke(registrar fabricclient.User, request *RevocationRequest) error
 }
@@ -153,6 +155,40 @@ func (fabricCAServices *services) Enroll(enrollmentID string, enrollmentSecret s
 	return enrollmentResponse.Identity.GetECert().Key(), enrollmentResponse.Identity.GetECert().Cert(), nil
 }
 
+/**
+ * ReEnroll an enrolled user in order to receive a signed X509 certificate
+ * @param {user} fabricclient.User to be reenrolled
+ * @returns {[]byte} X509 certificate
+ * @returns {[]byte} private key
+ */
+func (fabricCAServices *services) Reenroll(user fabricclient.User) ([]byte, []byte, error) {
+	if user == nil {
+		return nil, nil, fmt.Errorf("User does not exist")
+	}
+	if user.GetName() == "" {
+		logger.Infof("Invalid re-enroll request, missing argument user")
+		return nil, nil, fmt.Errorf("User is empty")
+	}
+	req := &api.ReenrollmentRequest{}
+	// Create signing identity
+	identity, err := fabricCAServices.createSigningIdentity(user)
+	if err != nil {
+		logger.Infof("Invalid re-enroll request, %s is not a valid user  %s\n", user.GetName(), err)
+		return nil, nil, fmt.Errorf("Reenroll has failed; Cannot create user identity: %s", err)
+	}
+
+	if identity.GetECert() == nil {
+		logger.Infof("Invalid re-enroll request for user '%s'. Enrollment cert does not exist %s\n", user.GetName(), err)
+		return nil, nil, fmt.Errorf("Reenroll has failed; enrollment cert does not exist: %s", err)
+	}
+
+	reenrollmentResponse, err := identity.Reenroll(req)
+	if err != nil {
+		return nil, nil, fmt.Errorf("ReEnroll failed: %s", err)
+	}
+	return reenrollmentResponse.Identity.GetECert().Key(), reenrollmentResponse.Identity.GetECert().Cert(), nil
+}
+
 // Register a User with the Fabric CA
 // @param {User} registrar The User that is initiating the registration
 // @param {RegistrationRequest} request Registration Request

test/integration/fabric_ca_test.go

@@ -20,6 +20,7 @@ limitations under the License.
 package integration
 
 import (
+	"bytes"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@@ -140,11 +141,34 @@ func TestRegisterEnrollRevoke(t *testing.T) {
 	}
 	fmt.Printf("Registered User: %s, Secret: %s\n", userName, enrolmentSecret)
 	// Enrol the previously registered user
-	_, _, err = caClient.Enroll(userName, enrolmentSecret)
-
+	ekey, ecert, err := caClient.Enroll(userName, enrolmentSecret)
 	if err != nil {
 		t.Fatalf("Error enroling user: %s", err.Error())
 	}
+	//re-enroll
+	fmt.Printf("** Attempt to re-enrolled user:  '%s'\n", userName)
+	keyPem, _ := pem.Decode(ekey)
+	if err != nil {
+		t.Fatalf("pem Decode return error: %v", err)
+	}
+	//convert key to bccsp
+	k, err := client.GetCryptoSuite().KeyImport(keyPem.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: false})
+	if err != nil {
+		t.Fatalf("KeyImport return error: %v", err)
+	}
+	//create new user object and set certificate and private key of the previously enrolled user
+	enrolleduser := fabricClient.NewUser(userName)
+	enrolleduser.SetEnrollmentCertificate(ecert)
+	enrolleduser.SetPrivateKey(k)
+	//reenroll
+	_, reenrollCert, err := caClient.Reenroll(enrolleduser)
+	if err != nil {
+		t.Fatalf("Error Reenroling user: %s", err.Error())
+	}
+	fmt.Printf("** User '%s' was re-enrolled \n", userName)
+	if bytes.Equal(ecert, reenrollCert) {
+		t.Fatalf("Error Reenroling user. Enrollmet and Reenrollment certificates are the same.")
+	}
 
 	revokeRequest := fabricCAClient.RevocationRequest{Name: userName}
 	err = caClient.Revoke(adminUser, &revokeRequest)