[FABG-681] MSP Client: CAInfo

Change-Id: I9afe80529c1fe3f1b86f28d4507968a019a198b2
Signed-off-by: 乔伦 徐 <jamesxql@gmail.com>

Author: gotoxu

internal/github.com/hyperledger/fabric-ca/lib/client.go

@@ -157,6 +157,33 @@ func (c *Client) initHTTPClient(serverName string) error {
 	return nil
 }
 
+// GetCAInfo returns generic CA information
+func (c *Client) GetCAInfo(req *api.GetCAInfoRequest) (*GetCAInfoResponse, error) {
+	err := c.Init()
+	if err != nil {
+		return nil, err
+	}
+	body, err := util.Marshal(req, "GetCAInfo")
+	if err != nil {
+		return nil, err
+	}
+	cainforeq, err := c.newPost("cainfo", body)
+	if err != nil {
+		return nil, err
+	}
+	netSI := &common.CAInfoResponseNet{}
+	err = c.SendReq(cainforeq, netSI)
+	if err != nil {
+		return nil, err
+	}
+	localSI := &GetCAInfoResponse{}
+	err = c.net2LocalCAInfo(netSI, localSI)
+	if err != nil {
+		return nil, err
+	}
+	return localSI, nil
+}
+
 // GenCSR generates a CSR (Certificate Signing Request)
 func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, core.Key, error) {
 	log.Debugf("GenCSR %+v", req)

pkg/client/msp/ca.go

@@ -180,3 +180,18 @@ type IdentityInfo struct {
 	Attributes     []Attribute
 	MaxEnrollments int
 }
+
+// GetCAInfoResponse is the response from the GetCAInfo call
+type GetCAInfoResponse struct {
+	// CAName is the name of the CA
+	CAName string
+	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
+	// The 1st element of the chain is the root CA cert
+	CAChain []byte
+	// Idemix issuer public key of the CA
+	IssuerPublicKey []byte
+	// Idemix issuer revocation public key of the CA
+	IssuerRevocationPublicKey []byte
+	// Version of the server
+	Version string
+}

pkg/client/msp/client.go

@@ -30,6 +30,7 @@ import (
 // Client enables access to Client services
 type Client struct {
 	orgName string
+	caName  string
 	ctx     context.Client
 }
 
@@ -85,8 +86,14 @@ func New(clientProvider context.ClientProvider, opts ...ClientOption) (*Client,
 	if msp.orgName == "" {
 		return nil, errors.New("organization is not provided")
 	}
+
+	caConfig, ok := ctx.IdentityConfig().CAConfig(msp.orgName)
+	if ok {
+		msp.caName = caConfig.CAName
+	}
+
 	networkConfig := ctx.EndpointConfig().NetworkConfig()
-	_, ok := networkConfig.Organizations[strings.ToLower(msp.orgName)]
+	_, ok = networkConfig.Organizations[strings.ToLower(msp.orgName)]
 	if !ok {
 		return nil, fmt.Errorf("non-existent organization: '%s'", msp.orgName)
 	}
@@ -406,6 +413,21 @@ func (c *Client) Revoke(request *RevocationRequest) (*RevocationResponse, error)
 	}, nil
 }
 
+// GetCAInfo returns generic CA information
+func (c *Client) GetCAInfo() (*GetCAInfoResponse, error) {
+	ca, err := newCAClient(c.ctx, c.orgName)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := ca.GetCAInfo()
+	if err != nil {
+		return nil, err
+	}
+
+	return &GetCAInfoResponse{CAName: resp.CAName, CAChain: resp.CAChain[:], IssuerPublicKey: resp.IssuerPublicKey[:], IssuerRevocationPublicKey: resp.IssuerRevocationPublicKey[:], Version: resp.Version}, nil
+}
+
 // GetSigningIdentity returns signing identity for id
 //  Parameters:
 //  id is user id

pkg/fab/mocks/mockcaclient.go

@@ -91,3 +91,8 @@ func (mgr *MockCAClient) ModifyAffiliation(request *api.ModifyAffiliationRequest
 func (mgr *MockCAClient) RemoveAffiliation(request *api.AffiliationRequest) (*api.AffiliationResponse, error) {
 	return nil, errors.New("not implemented")
 }
+
+// GetCAInfo returns generic CA information
+func (mgr *MockCAClient) GetCAInfo() (*api.GetCAInfoResponse, error) {
+	return nil, errors.New("not implemented")
+}

pkg/msp/api/api.go

@@ -21,6 +21,7 @@ type CAClient interface {
 	Reenroll(enrollmentID string) error
 	Register(request *RegistrationRequest) (string, error)
 	Revoke(request *RevocationRequest) (*RevocationResponse, error)
+	GetCAInfo() (*GetCAInfoResponse, error)
 	CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)
 	GetIdentity(id, caname string) (*IdentityResponse, error)
 	ModifyIdentity(request *IdentityRequest) (*IdentityResponse, error)
@@ -206,3 +207,18 @@ type IdentityInfo struct {
 	Attributes     []Attribute
 	MaxEnrollments int
 }
+
+// GetCAInfoResponse is the response from the GetCAInfo call
+type GetCAInfoResponse struct {
+	// CAName is the name of the CA
+	CAName string
+	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
+	// The 1st element of the chain is the root CA cert
+	CAChain []byte
+	// Idemix issuer public key of the CA
+	IssuerPublicKey []byte
+	// Idemix issuer revocation public key of the CA
+	IssuerRevocationPublicKey []byte
+	// Version of the server
+	Version string
+}

pkg/msp/caclient.go

@@ -23,6 +23,7 @@ var logger = logging.NewLogger("fabsdk/msp")
 // CAClientImpl implements api/msp/CAClient
 type CAClientImpl struct {
 	orgName         string
+	caName          string // Currently, an organization can be associated with only one CA
 	orgMSPID        string
 	cryptoSuite     core.CryptoSuite
 	identityManager msp.IdentityManager
@@ -77,6 +78,7 @@ func NewCAClient(orgName string, ctx contextApi.Client) (*CAClientImpl, error) {
 
 	mgr := &CAClientImpl{
 		orgName:         orgName,
+		caName:          caName,
 		orgMSPID:        orgConfig.MSPID,
 		cryptoSuite:     ctx.CryptoSuite(),
 		identityManager: identityManager,
@@ -345,6 +347,15 @@ func (c *CAClientImpl) Revoke(request *api.RevocationRequest) (*api.RevocationRe
 	return resp, nil
 }
 
+// GetCAInfo returns generic CA information
+func (c *CAClientImpl) GetCAInfo() (*api.GetCAInfoResponse, error) {
+	if c.adapter == nil {
+		return nil, fmt.Errorf("no CAs configured for organization: %s", c.orgName)
+	}
+
+	return c.adapter.GetCAInfo(c.caName)
+}
+
 // GetAffiliation returns information about the requested affiliation
 func (c *CAClientImpl) GetAffiliation(affiliation, caname string) (*api.AffiliationResponse, error) {
 	if c.adapter == nil {

pkg/msp/caclient_test.go

@@ -665,6 +665,21 @@ func TestGetAllAffiliations(t *testing.T) {
 	}
 }
 
+func TestGetCAInfo(t *testing.T) {
+	f := textFixture{}
+	f.setup()
+	defer f.close()
+
+	resp, err := f.caClient.GetCAInfo()
+	if err != nil {
+		t.Fatalf("Get CA info return error %s", err)
+	}
+
+	if resp.CAName != "123" {
+		t.Fatalf("expecting 123, got %s", resp.CAName)
+	}
+}
+
 func getCustomBackend(configPath string) ([]core.ConfigBackend, error) {
 
 	configBackends, err := config.FromFile(configPath)()

pkg/msp/fabcaadapter.go

@@ -154,6 +154,29 @@ func (c *fabricCAAdapter) Revoke(key core.Key, cert []byte, request *api.Revocat
 	}, nil
 }
 
+// GetCAInfo returns generic CA information
+func (c *fabricCAAdapter) GetCAInfo(caname string) (*api.GetCAInfoResponse, error) {
+	logger.Debugf("Get CA info [%s]", caname)
+
+	req := &caapi.GetCAInfoRequest{CAName: caname}
+	resp, err := c.caClient.GetCAInfo(req)
+	if err != nil {
+		return nil, errors.WithMessage(err, "GetCAInfo failed")
+	}
+
+	return getCAInfoResponse(resp), nil
+}
+
+func getCAInfoResponse(response *calib.GetCAInfoResponse) *api.GetCAInfoResponse {
+	return &api.GetCAInfoResponse{
+		CAName:                    response.CAName,
+		CAChain:                   response.CAChain[:],
+		IssuerPublicKey:           response.IssuerPublicKey[:],
+		IssuerRevocationPublicKey: response.IssuerRevocationPublicKey[:],
+		Version:                   response.Version,
+	}
+}
+
 // CreateIdentity creates new identity
 // key: registrar private key
 // cert: registrar enrollment certificate

pkg/msp/test/mockmsp/mockfabriccaserver.go

@@ -13,6 +13,7 @@ import (
 
 	cfsslapi "github.com/cloudflare/cfssl/api"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
+	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/util"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/logging"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
@@ -88,6 +89,7 @@ func (s *MockFabricCAServer) Start(lis net.Listener, cryptoSuite core.CryptoSuit
 	http.HandleFunc("/identities/123", s.identity)
 	http.HandleFunc("/affiliations", s.affiliations)
 	http.HandleFunc("/affiliations/123", s.affiliation)
+	http.HandleFunc("/cainfo", s.cainfo)
 
 	server := &http.Server{
 		Addr:      addr,
@@ -253,3 +255,13 @@ func (s *MockFabricCAServer) affiliation(w http.ResponseWriter, req *http.Reques
 		}
 	}
 }
+
+func (s *MockFabricCAServer) cainfo(w http.ResponseWriter, req *http.Request) {
+	switch req.Method {
+	case http.MethodPost:
+		resp := &lib.GetCAInfoResponse{CAName: "123", CAChain: []byte{}}
+		if err := cfsslapi.SendResponse(w, resp); err != nil {
+			logger.Error(err)
+		}
+	}
+}

scripts/third_party_pins/fabric-ca/apply_fabric_ca_client_utils.sh

@@ -92,7 +92,7 @@ FILTER_MODE="allow"
 FILTERS_ENABLED="fn"
 
 FILTER_FILENAME="lib/client.go"
-FILTER_FN="Enroll,GenCSR,SendReq,Init,newPost,newEnrollmentResponse,newCertificateRequest,newPut,newGet,newDelete,StreamResponse"
+FILTER_FN="Enroll,GetCAInfo,GenCSR,SendReq,Init,newPost,newEnrollmentResponse,newCertificateRequest,newPut,newGet,newDelete,StreamResponse"
 FILTER_FN+=",getURL,NormalizeURL,initHTTPClient,net2LocalServerInfo,NewIdentity,newCfsslBasicKeyRequest"
 FILTER_FN+=",handleIdemixEnroll,checkX509Enrollment,handleX509Enroll,GetCSP,NewX509Identity,net2LocalCAInfo"
 gofilter