[FAB-7931] Update to fabric v1.1.0-alpha

Change-Id: Iba54a77cee7c79c952f198a897cb76c749745f53
Signed-off-by: Troy Ronda <troy@troyronda.com>

Author: troyronda

Makefile

@@ -32,7 +32,7 @@ FABRIC_STABLE_VERSION_MINOR     := 1.0
 FABRIC_STABLE_VERSION_MAJOR     := 1
 FABRIC_BASEIMAGE_STABLE_VERSION := 0.4.2
 
-FABRIC_PRERELEASE_VERSION       := 1.1.0-preview
+FABRIC_PRERELEASE_VERSION       := 1.1.0-alpha
 FABRIC_PREV_VERSION             := 1.0.0
 FABRIC_DEVSTABLE_VERSION_MINOR  := 1.1
 FABRIC_DEVSTABLE_VERSION_MAJOR  := 1
@@ -63,9 +63,9 @@ FABRIC_DEV_REGISTRY_PRE_CMD ?= docker login -u docker -p docker nexus3.hyperledg
 
 # Upstream fabric patching (overridable)
 THIRDPARTY_FABRIC_CA_BRANCH ?= master
-THIRDPARTY_FABRIC_CA_COMMIT ?= v1.1.0-preview
+THIRDPARTY_FABRIC_CA_COMMIT ?= 437d27e179fa1ed18940af88267d4e19df6dc175
 THIRDPARTY_FABRIC_BRANCH    ?= master
-THIRDPARTY_FABRIC_COMMIT    ?= a58d8f4446767054965ecefe42035da17429973d
+THIRDPARTY_FABRIC_COMMIT    ?= v1.1.0-alpha
 
 # Force removal of images in cleanup (overridable)
 FIXTURE_DOCKER_REMOVE_FORCE ?= false

api/apifabca/fabricca.go

@@ -8,6 +8,7 @@ package apifabca
 
 import (
 	"github.com/hyperledger/fabric-sdk-go/api/apicryptosuite"
+	api "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
 )
 
 // FabricCAClient is the client interface for fabric-ca
@@ -17,7 +18,7 @@ type FabricCAClient interface {
 	// Reenroll to renew user's enrollment certificate
 	Reenroll(user User) (apicryptosuite.Key, []byte, error)
 	Register(registrar User, request *RegistrationRequest) (string, error)
-	Revoke(registrar User, request *RevocationRequest) error
+	Revoke(registrar User, request *RevocationRequest) (*api.RevocationResponse, error)
 }
 
 // RegistrationRequest defines the attributes required to register a user with the CA

internal/github.com/hyperledger/fabric-ca/api/client.go

@@ -21,6 +21,7 @@ Please review third_party pinning scripts and patches for more details.
 package api
 
 import (
+	"math/big"
 	"time"
 
 	"github.com/cloudflare/cfssl/csr"
@@ -32,7 +33,7 @@ type RegistrationRequest struct {
 	// Name is the unique name of the identity
 	Name string `json:"id" help:"Unique name of the identity"`
 	// Type of identity being registered (e.g. "peer, app, user")
-	Type string `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
+	Type string `json:"type" def:"client" help:"Type of identity being registered (e.g. 'peer, app, user')"`
 	// Secret is an optional password.  If not specified,
 	// a random secret is generated.  In both cases, the secret
 	// is returned in the RegistrationResponse.
@@ -119,6 +120,61 @@ type RevocationRequest struct {
 	Reason string `json:"reason,omitempty" opt:"r" help:"Reason for revocation"`
 	// CAName is the name of the CA to connect to
 	CAName string `json:"caname,omitempty" skip:"true"`
+	// GenCRL specifies whether to generate a CRL
+	GenCRL bool `def:"false" skip:"true" json:"gencrl,omitempty"`
+}
+
+// RevocationResponse represents response from the server for a revocation request
+type RevocationResponse struct {
+	// RevokedCerts is an array of certificates that were revoked
+	RevokedCerts []RevokedCert
+	// CRL is PEM-encoded certificate revocation list (CRL) that contains all unexpired revoked certificates
+	CRL []byte
+}
+
+// RevokedCert represents a revoked certificate
+type RevokedCert struct {
+	// Serial number of the revoked certificate
+	Serial string
+	// AKI of the revoked certificate
+	AKI string
+}
+
+// GetTCertBatchRequest is input provided to identity.GetTCertBatch
+type GetTCertBatchRequest struct {
+	// Number of TCerts in the batch.
+	Count int `json:"count"`
+	// The attribute names whose names and values are to be sealed in the issued TCerts.
+	AttrNames []string `json:"attr_names,omitempty"`
+	// EncryptAttrs denotes whether to encrypt attribute values or not.
+	// When set to true, each issued TCert in the batch will contain encrypted attribute values.
+	EncryptAttrs bool `json:"encrypt_attrs,omitempty"`
+	// Certificate Validity Period.  If specified, the value used
+	// is the minimum of this value and the configured validity period
+	// of the TCert manager.
+	ValidityPeriod time.Duration `json:"validity_period,omitempty"`
+	// The pre-key to be used for key derivation.
+	PreKey string `json:"prekey"`
+	// DisableKeyDerivation if true disables key derivation so that a TCert is not
+	// cryptographically related to an ECert.  This may be necessary when using an
+	// HSM which does not support the TCert's key derivation function.
+	DisableKeyDerivation bool `json:"disable_kdf,omitempty"`
+	// CAName is the name of the CA to connect to
+	CAName string `json:"caname,omitempty" skip:"true"`
+}
+
+// GetTCertBatchResponse is the return value of identity.GetTCertBatch
+type GetTCertBatchResponse struct {
+	ID     *big.Int  `json:"id"`
+	TS     time.Time `json:"ts"`
+	Key    []byte    `json:"key"`
+	TCerts []TCert   `json:"tcerts"`
+}
+
+// TCert encapsulates a signed transaction certificate and optionally a map of keys
+type TCert struct {
+	Cert []byte            `json:"cert"`
+	Keys map[string][]byte `json:"keys,omitempty"` //base64 encoded string as value
 }
 
 // GetCAInfoRequest is request to get generic CA information
@@ -137,17 +193,134 @@ type GenCRLRequest struct {
 
 // GenCRLResponse represents a response to get CRL
 type GenCRLResponse struct {
-	CRL string
+	// CRL is PEM-encoded certificate revocation list (CRL) that contains requested unexpired revoked certificates
+	CRL []byte
+}
+
+// AddIdentityRequest represents the request to add a new identity to the
+// fabric-ca-server
+type AddIdentityRequest struct {
+	ID             string      `json:"id" skip:"true"`
+	Type           string      `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
+	Affiliation    string      `json:"affiliation" help:"The identity's affiliation"`
+	Attributes     []Attribute `json:"attrs" mapstructure:"attrs" `
+	MaxEnrollments int         `json:"max_enrollments" mapstructure:"max_enrollments"  def:"-1" help:"The maximum number of times the secret can be reused to enroll."`
+	// Secret is an optional password.  If not specified,
+	// a random secret is generated.  In both cases, the secret
+	// is returned in the RegistrationResponse.
+	Secret string `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity being added"`
+	CAName string `json:"caname,omitempty" skip:"true"`
+}
+
+// ModifyIdentityRequest represents the request to modify an existing identity on the
+// fabric-ca-server
+type ModifyIdentityRequest struct {
+	ID             string      `skip:"true"`
+	Type           string      `json:"type" def:"user" help:"Type of identity being registered (e.g. 'peer, app, user')"`
+	Affiliation    string      `json:"affiliation" help:"The identity's affiliation"`
+	Attributes     []Attribute `mapstructure:"attrs" json:"attrs"`
+	MaxEnrollments int         `mapstructure:"max_enrollments" json:"max_enrollments" def:"-1" help:"The maximum number of times the secret can be reused to enroll."`
+	Secret         string      `json:"secret,omitempty" mask:"password" help:"The enrollment secret for the identity"`
+	CAName         string      `json:"caname,omitempty" skip:"true"`
+}
+
+// RemoveIdentityRequest represents the request to remove an existing identity from the
+// fabric-ca-server
+type RemoveIdentityRequest struct {
+	ID     string `skip:"true"`
+	Force  bool   `json:"force"`
+	CAName string `json:"caname,omitempty" skip:"true"`
+}
+
+// GetIDResponse is the response from the GetIdentity call
+type GetIDResponse struct {
+	ID             string      `json:"id" skip:"true"`
+	Type           string      `json:"type" def:"user"`
+	Affiliation    string      `json:"affiliation"`
+	Attributes     []Attribute `json:"attrs" mapstructure:"attrs" `
+	MaxEnrollments int         `json:"max_enrollments" mapstructure:"max_enrollments"`
+	CAName         string      `json:"caname,omitempty"`
+}
+
+// GetAllIDsResponse is the response from the GetAllIdentities call
+type GetAllIDsResponse struct {
+	Identities []IdentityInfo `json:"identities"`
+	CAName     string         `json:"caname,omitempty"`
+}
+
+// IdentityResponse is the response from the any add/modify/remove identity call
+type IdentityResponse struct {
+	ID             string      `json:"id" skip:"true"`
+	Type           string      `json:"type,omitempty"`
+	Affiliation    string      `json:"affiliation"`
+	Attributes     []Attribute `json:"attrs,omitempty" mapstructure:"attrs"`
+	MaxEnrollments int         `json:"max_enrollments,omitempty" mapstructure:"max_enrollments"`
+	Secret         string      `json:"secret,omitempty"`
+	CAName         string      `json:"caname,omitempty"`
+}
+
+// IdentityInfo contains information about an identity
+type IdentityInfo struct {
+	ID             string      `json:"id"`
+	Type           string      `json:"type"`
+	Affiliation    string      `json:"affiliation"`
+	Attributes     []Attribute `json:"attrs" mapstructure:"attrs"`
+	MaxEnrollments int         `json:"max_enrollments" mapstructure:"max_enrollments"`
+}
+
+// AddAffiliationRequest represents the request to add a new affiliation to the
+// fabric-ca-server
+type AddAffiliationRequest struct {
+	Name   string `json:"name"`
+	Force  bool   `json:"force"`
+	CAName string `json:"caname,omitempty"`
+}
+
+// ModifyAffiliationRequest represents the request to modify an existing affiliation on the
+// fabric-ca-server
+type ModifyAffiliationRequest struct {
+	Name    string
+	NewName string `json:"name"`
+	Force   bool   `json:"force"`
+	CAName  string `json:"caname,omitempty"`
+}
+
+// RemoveAffiliationRequest represents the request to remove an existing affiliation from the
+// fabric-ca-server
+type RemoveAffiliationRequest struct {
+	Name   string
+	Force  bool   `json:"force"`
+	CAName string `json:"caname,omitempty"`
+}
+
+// AffiliationResponse contains the response for get, add, modify, and remove an affiliation
+type AffiliationResponse struct {
+	AffiliationInfo `mapstructure:",squash"`
+	CAName          string `json:"caname,omitempty"`
+}
+
+// AffiliationInfo contains the affiliation name, child affiliation info, and identities
+// associated with this affiliation.
+type AffiliationInfo struct {
+	Name         string            `json:"name"`
+	Affiliations []AffiliationInfo `json:"affiliations,omitempty"`
+	Identities   []IdentityInfo    `json:"identities,omitempty"`
 }
 
 // CSRInfo is Certificate Signing Request (CSR) Information
 type CSRInfo struct {
-	CN           string               `json:"CN"`
-	Names        []csr.Name           `json:"names,omitempty"`
-	Hosts        []string             `json:"hosts,omitempty"`
-	KeyRequest   *csr.BasicKeyRequest `json:"key,omitempty"`
-	CA           *csr.CAConfig        `json:"ca,omitempty"`
-	SerialNumber string               `json:"serial_number,omitempty"`
+	CN           string           `json:"CN"`
+	Names        []csr.Name       `json:"names,omitempty"`
+	Hosts        []string         `json:"hosts,omitempty"`
+	KeyRequest   *BasicKeyRequest `json:"key,omitempty"`
+	CA           *csr.CAConfig    `json:"ca,omitempty"`
+	SerialNumber string           `json:"serial_number,omitempty"`
+}
+
+// BasicKeyRequest encapsulates size and algorithm for the key to be generated
+type BasicKeyRequest struct {
+	Algo string `json:"algo" yaml:"algo"`
+	Size int    `json:"size" yaml:"size"`
 }
 
 // Attribute is a name and value pair
@@ -183,3 +356,10 @@ func (ar *AttributeRequest) GetName() string {
 func (ar *AttributeRequest) IsRequired() bool {
 	return !ar.Optional
 }
+
+// NewBasicKeyRequest returns the BasicKeyRequest object that is constructed
+// from the object returned by the csr.NewBasicKeyRequest() function
+func NewBasicKeyRequest() *BasicKeyRequest {
+	bkr := csr.NewBasicKeyRequest()
+	return &BasicKeyRequest{Algo: bkr.A, Size: bkr.S}
+}

internal/github.com/hyperledger/fabric-ca/api/net.go

@@ -65,6 +65,40 @@ type RevocationRequestNet struct {
 	RevocationRequest
 }
 
+// GetTCertBatchRequestNet is a network request for a batch of transaction certificates
+type GetTCertBatchRequestNet struct {
+	GetTCertBatchRequest
+	// KeySigs is an optional array of public keys and corresponding signatures.
+	// If not set, the server generates it's own keys based on a key derivation function
+	// which cryptographically relates the TCerts to an ECert.
+	KeySigs []KeySig `json:"key_sigs,omitempty"`
+}
+
+// GetTCertBatchResponseNet is the network response for a batch of transaction certificates
+type GetTCertBatchResponseNet struct {
+	GetTCertBatchResponse
+}
+
+// AddIdentityRequestNet is a network request for adding a new identity
+type AddIdentityRequestNet struct {
+	AddIdentityRequest
+}
+
+// ModifyIdentityRequestNet is a network request for modifying an existing identity
+type ModifyIdentityRequestNet struct {
+	ModifyIdentityRequest
+}
+
+// AddAffiliationRequestNet is a network request for adding a new affiliation
+type AddAffiliationRequestNet struct {
+	AddAffiliationRequest
+}
+
+// ModifyAffiliationRequestNet is a network request for modifying an existing affiliation
+type ModifyAffiliationRequestNet struct {
+	ModifyAffiliationRequest
+}
+
 // KeySig is a public key, signature, and signature algorithm tuple
 type KeySig struct {
 	// Key is a public key

internal/github.com/hyperledger/fabric-ca/lib/client.go

@@ -134,6 +134,8 @@ type GetServerInfoResponse struct {
 	// CAChain is the PEM-encoded bytes of the fabric-ca-server's CA chain.
 	// The 1st element of the chain is the root CA cert
 	CAChain []byte
+	// Version of the server
+	Version string
 }
 
 // Convert from network to local server information
@@ -144,6 +146,7 @@ func (c *Client) net2LocalServerInfo(net *serverInfoResponseNet, local *GetServe
 	}
 	local.CAName = net.CAName
 	local.CAChain = caChain
+	local.Version = net.Version
 	return nil
 }
 
@@ -235,7 +238,7 @@ func (c *Client) GenCSR(req *api.CSRInfo, id string) ([]byte, apicryptosuite.Key
 	cr.CN = id
 
 	if cr.KeyRequest == nil {
-		cr.KeyRequest = csr.NewBasicKeyRequest()
+		cr.KeyRequest = newCfsslBasicKeyRequest(api.NewBasicKeyRequest())
 	}
 
 	key, cspSigner, err := util.BCCSPKeyRequestGenerate(cr, c.csp)
@@ -271,7 +274,7 @@ func (c *Client) newCertificateRequest(req *api.CSRInfo) *csr.CertificateRequest
 		}
 	}
 	if req != nil && req.KeyRequest != nil {
-		cr.KeyRequest = req.KeyRequest
+		cr.KeyRequest = newCfsslBasicKeyRequest(req.KeyRequest)
 	}
 	if req != nil {
 		cr.CA = req.CA
@@ -315,7 +318,7 @@ func (c *Client) SendReq(req *http.Request, result interface{}) (err error) {
 
 	resp, err := c.httpClient.Do(req)
 	if err != nil {
-		return errors.Wrapf(err, "POST failure of request: %s", reqStr)
+		return errors.Wrapf(err, "%s failure of request: %s", req.Method, reqStr)
 	}
 	var respBody []byte
 	if resp.Body != nil {
@@ -377,6 +380,10 @@ func (c *Client) getURL(endpoint string) (string, error) {
 	return rtn, nil
 }
 
+func newCfsslBasicKeyRequest(bkr *api.BasicKeyRequest) *csr.BasicKeyRequest {
+	return &csr.BasicKeyRequest{A: bkr.Algo, S: bkr.Size}
+}
+
 // NormalizeURL normalizes a URL (from cfssl)
 func NormalizeURL(addr string) (*url.URL, error) {
 	addr = strings.TrimSpace(addr)