[FAB-2979]Fixed TLS Config for fabric CA client

Change-Id: I4425d49b692ed578e41247769b46c75b93b2e480
Signed-off-by: biljana lukovic <biljana.lukovic@securekey.com>

Author: biljanaLukovic

config/config.go

@@ -21,7 +21,6 @@ package config
 
 import (
 	"crypto/x509"
-	"encoding/json"
 	"encoding/pem"
 	"fmt"
 	"io/ioutil"
@@ -43,15 +42,6 @@ type PeerConfig struct {
 	TLSServerHostOverride string
 }
 
-type fabricCAConfig struct {
-	ServerURL string   `json:"serverURL"`
-	Certfiles []string `json:"certfiles"`
-	Client    struct {
-		Keyfile  string `json:"keyfile"`
-		Certfile string `json:"certfile"`
-	} `json:"client"`
-}
-
 var myViper = viper.New()
 var log = logging.MustGetLogger("fabric_sdk_go")
 var format = logging.MustStringFormatter(
@@ -74,7 +64,7 @@ func InitConfig(configFile string) error {
 			return fmt.Errorf("Fatal error config file: %v", err)
 		}
 	}
-
+	log.Debug(myViper.GetString("client.fabricCA.serverURL"))
 	backend := logging.NewLogBackend(os.Stderr, "", 0)
 	backendFormatter := logging.NewBackendFormatter(backend, format)
 
@@ -93,6 +83,36 @@ func InitConfig(configFile string) error {
 	return nil
 }
 
+//GetServerURL Read configuration option for the fabric CA server URL
+func GetServerURL() string {
+	return strings.Replace(myViper.GetString("client.fabricCA.serverURL"), "$GOPATH", os.Getenv("GOPATH"), -1)
+}
+
+//GetServerCertFiles Read configuration option for the server certificate files
+func GetServerCertFiles() []string {
+	certFiles := myViper.GetStringSlice("client.fabricCA.certfiles")
+	certFileModPath := make([]string, len(certFiles))
+	for i, v := range certFiles {
+		certFileModPath[i] = strings.Replace(v, "$GOPATH", os.Getenv("GOPATH"), -1)
+	}
+	return certFileModPath
+}
+
+//GetFabricCAClientKeyFile Read configuration option for the fabric CA client key file
+func GetFabricCAClientKeyFile() string {
+	return strings.Replace(myViper.GetString("client.fabricCA.client.keyfile"), "$GOPATH", os.Getenv("GOPATH"), -1)
+}
+
+//GetFabricCAClientCertFile Read configuration option for the fabric CA client cert file
+func GetFabricCAClientCertFile() string {
+	return strings.Replace(myViper.GetString("client.fabricCA.client.keyfile"), "$GOPATH", os.Getenv("GOPATH"), -1)
+}
+
+//GetFabricCATLSEnabledFlag Read configuration option for the fabric CA TLS flag
+func GetFabricCATLSEnabledFlag() bool {
+	return myViper.GetBool("client.fabricCA.tlsEnabled")
+}
+
 // GetFabricClientViper returns the internal viper instance used by the
 // SDK to read configuration options
 func GetFabricClientViper() *viper.Viper {
@@ -221,25 +241,6 @@ func GetFabricCAID() string {
 	return myViper.GetString("client.fabricCA.id")
 }
 
-// GetFabricCAClientPath This method will read the fabric-ca configurations from the
-// config yaml file and return the path to a json client config file
-// in the format that is expected by the fabric-ca client
-func GetFabricCAClientPath() (string, error) {
-	filePath := "/tmp/client-config.json"
-	fabricCAConf := fabricCAConfig{}
-	err := myViper.UnmarshalKey("client.fabricCA", &fabricCAConf)
-	if err != nil {
-		return "", err
-	}
-	jsonConfig, err := json.Marshal(fabricCAConf)
-	if err != nil {
-		return "", err
-	}
-
-	err = ioutil.WriteFile(filePath, jsonConfig, 0644)
-	return filePath, err
-}
-
 // GetKeyStorePath ...
 func GetKeyStorePath() string {
 	return myViper.GetString("client.keystore.path")

fabric-ca-client/fabricca.go

@@ -21,13 +21,15 @@ package fabricca
 
 import (
 	"fmt"
-	"os"
+	"strings"
 
 	"github.com/hyperledger/fabric-ca/api"
 	fabric_ca "github.com/hyperledger/fabric-ca/lib"
 	"github.com/hyperledger/fabric-sdk-go/config"
 	fabricclient "github.com/hyperledger/fabric-sdk-go/fabric-client"
 
+	"io/ioutil"
+
 	"github.com/op/go-logging"
 )
 
@@ -85,18 +87,40 @@ type Attribute struct {
  * @param {string} clientConfigFile for fabric-ca services"
  */
 func NewFabricCAClient() (Services, error) {
-	configPath, err := config.GetFabricCAClientPath()
+
+	// Create new Fabric-ca client without configs
+	c, err := fabric_ca.NewClient("")
 	if err != nil {
-		return nil, fmt.Errorf("error setting up fabric-ca configurations: %s", err.Error())
+		return nil, fmt.Errorf("New fabricCAClient failed: %s", err)
+	}
+
+	certFile := config.GetFabricCAClientCertFile()
+	keyFile := config.GetFabricCAClientKeyFile()
+	serverCertFiles := config.GetServerCertFiles()
+
+	//set server URL
+	c.Config.URL = config.GetServerURL()
+	//certs file list
+	c.Config.TLS.CertFilesList = serverCertFiles
+	//concat cert files
+	c.Config.TLS.CertFiles = strings.Join(serverCertFiles[:], ",")
+	//set cert file into TLS context
+	file, err := ioutil.ReadFile(certFile)
+	if err != nil {
+		logger.Errorf("Error reading fabric ca client propertiy certfile: %v", err)
+		return nil, fmt.Errorf("New fabricCAClient failed: %s", err)
 	}
-	//Remove temporary config file after setup
-	defer os.Remove(configPath)
-	// Create new Fabric-ca client with configs
-	c, err := fabric_ca.NewClient(configPath)
+	c.Config.TLS.Client.CertFile = string(file)
+	//set key file into TLS context
+	keyfile, err := ioutil.ReadFile(keyFile)
 	if err != nil {
+		logger.Errorf("Error reading fabric ca client property keyfile: %v", err)
 		return nil, fmt.Errorf("New fabricCAClient failed: %s", err)
 	}
+	c.Config.TLS.Client.KeyFile = string(keyfile)
 
+	//TLS falg enabled/disabled
+	c.Config.TLS.Enabled = config.GetFabricCATLSEnabledFlag()
 	fabricCAClient := &services{fabricCAClient: c}
 	logger.Infof("Constructed fabricCAClient instance: %v", fabricCAClient)
 

fabric-ca-client/fabricca_test.go

@@ -28,6 +28,7 @@ import (
 )
 
 func TestEnrollWithMissingParameters(t *testing.T) {
+
 	fabricCAClient, err := NewFabricCAClient()
 	if err != nil {
 		t.Fatalf("NewFabricCAClient return error: %v", err)
@@ -49,6 +50,7 @@ func TestEnrollWithMissingParameters(t *testing.T) {
 }
 
 func TestRegister(t *testing.T) {
+
 	fabricCAClient, err := NewFabricCAClient()
 	if err != nil {
 		t.Fatalf("NewFabricCAClient returned error: %v", err)
@@ -94,6 +96,7 @@ func TestRegister(t *testing.T) {
 }
 
 func TestRevoke(t *testing.T) {
+
 	fabricCAClient, err := NewFabricCAClient()
 	if err != nil {
 		t.Fatalf("NewFabricCAClient returned error: %v", err)

test/fixtures/config/config_test.yaml

@@ -44,13 +44,14 @@ client:
   level: info
 
  fabricCA:
+  tlsEnabled: true
   id: "Org1MSP"
-  serverURL: "http://localhost:7054"
+  serverURL: "http://localhost:9054"
   certfiles :
-    - "../test/fixtures/root.pem"
+    - "$GOPATH/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/root.pem"
   client:
-   keyfile: "../test/fixtures/tls_client-key.pem"
-   certfile: "../test/fixtures/tls_client-cert.pem"
+   keyfile: "$GOPATH/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/tls_client-key.pem"
+   certfile: "$GOPATH/src/github.com/hyperledger/fabric-sdk-go/test/fixtures/tls_client-cert.pem"
 
  keystore:
-  path: "/tmp/keystore"
+  path: "/tmp/keystore"

test/fixtures/docker-compose.yaml

@@ -6,7 +6,7 @@ services:
     environment:
       - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
     ports:
-      - "7054:7054"
+      - "9054:7054"
     command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/peerOrg1-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/d8a5b3cac1b821f6e4b487ceaf1fd239cdcfc310894150908b90f05e9179556a_sk -b admin:adminpw' -d
     volumes:
       - ./channel/crypto-config/peerOrganizations/peerOrg1/ca/:/etc/hyperledger/fabric-ca-server-config