[FAB-8300] Expose member mgmt through ChannelService

Change-Id: Iead4e5e51a084a1645bc043c36475b1376abe4cd
Signed-off-by: Divyank Katira <Divyank.Katira@securekey.com>

Author: d1vyank

pkg/client/channel/chclient.go

@@ -11,12 +11,11 @@ import (
 	"reflect"
 	"time"
 
-	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/core"
-
 	"github.com/hyperledger/fabric-sdk-go/pkg/client/channel/invoke"
 	"github.com/hyperledger/fabric-sdk-go/pkg/client/common/discovery"
 	"github.com/hyperledger/fabric-sdk-go/pkg/client/common/discovery/greylist"
 	"github.com/hyperledger/fabric-sdk-go/pkg/context"
+	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/core"
 	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/fab"
 	"github.com/hyperledger/fabric-sdk-go/pkg/errors/multi"
 	"github.com/hyperledger/fabric-sdk-go/pkg/errors/retry"
@@ -40,7 +39,7 @@ type Client struct {
 	context    context.ProviderContext
 	discovery  fab.DiscoveryService
 	selection  fab.SelectionService
-	channel    fab.Channel
+	membership fab.ChannelMembership
 	transactor fab.Transactor
 	eventHub   fab.EventHub
 	greylist   *greylist.Filter
@@ -68,18 +67,17 @@ func New(c Context) (*Client, error) {
 		return nil, errors.WithMessage(err, "transactor creation failed")
 	}
 
-	// TODO - this should be removed once MSP is split out.
-	channel, err := c.ChannelService.Channel()
+	membership, err := c.ChannelService.Membership()
 	if err != nil {
-		return nil, errors.WithMessage(err, "channel client creation failed")
+		return nil, errors.WithMessage(err, "membership creation failed")
 	}
 
 	channelClient := Client{
 		greylist:   greylistProvider,
 		context:    c,
 		discovery:  discovery.NewDiscoveryFilterService(c.DiscoveryService, greylistProvider),
 		selection:  c.SelectionService,
-		channel:    channel,
+		membership: membership,
 		transactor: transactor,
 		eventHub:   eventHub,
 	}
@@ -162,7 +160,7 @@ func (cc *Client) prepareHandlerContexts(request Request, o opts) (*invoke.Reque
 	clientContext := &invoke.ClientContext{
 		Selection:  cc.selection,
 		Discovery:  cc.discovery,
-		Channel:    cc.channel,
+		Membership: cc.membership,
 		Transactor: cc.transactor,
 		EventHub:   cc.eventHub,
 	}

pkg/client/channel/invoke/api.go

@@ -50,7 +50,7 @@ type ClientContext struct {
 	CryptoSuite core.CryptoSuite
 	Discovery   fab.DiscoveryService
 	Selection   fab.SelectionService
-	Channel     fab.Channel // TODO: this should be removed when we have MSP split out.
+	Membership  fab.ChannelMembership
 	Transactor  fab.Transactor
 	EventHub    fab.EventHub
 }

pkg/client/channel/invoke/signature.go

@@ -7,15 +7,12 @@ SPDX-License-Identifier: Apache-2.0
 package invoke
 
 import (
+	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/fab"
 	"github.com/hyperledger/fabric-sdk-go/pkg/errors/status"
 
-	"github.com/golang/protobuf/proto"
-
 	"github.com/pkg/errors"
 
-	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/fab"
 	"github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/common"
-	"github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/msp"
 	pb "github.com/hyperledger/fabric-sdk-go/third_party/github.com/hyperledger/fabric/protos/peer"
 )
 
@@ -31,7 +28,6 @@ type SignatureValidationHandler struct {
 
 //Handle for Filtering proposal response
 func (f *SignatureValidationHandler) Handle(requestContext *RequestContext, clientContext *ClientContext) {
-
 	//Filter tx proposal responses
 	err := f.validate(requestContext.Response.Responses, clientContext)
 	if err != nil {
@@ -46,7 +42,6 @@ func (f *SignatureValidationHandler) Handle(requestContext *RequestContext, clie
 }
 
 func (f *SignatureValidationHandler) validate(txProposalResponse []*fab.TransactionProposalResponse, ctx *ClientContext) error {
-
 	for _, r := range txProposalResponse {
 		if r.ProposalResponse.GetResponse().Status != int32(common.Status_SUCCESS) {
 			return status.NewFromProposalResponse(r.ProposalResponse, r.Endorser)
@@ -58,45 +53,15 @@ func (f *SignatureValidationHandler) validate(txProposalResponse []*fab.Transact
 	}
 
 	return nil
-
 }
 
 func verifyProposalResponse(res *pb.ProposalResponse, ctx *ClientContext) error {
-
 	if res.GetEndorsement() == nil {
 		return errors.Errorf("Missing endorsement in proposal response")
 	}
+	creatorID := res.GetEndorsement().Endorser
 
-	serializedIdentity := &msp.SerializedIdentity{}
-	if err := proto.Unmarshal(res.GetEndorsement().Endorser, serializedIdentity); err != nil {
-		return errors.WithMessage(err, "Unmarshal endorser error")
-	}
-
-	// TODO ctx.Channel is temporary and needs to be replaced with an MSP interface from channel service.
-	if ctx.Channel.MSPManager() == nil {
-		return errors.Errorf("Channel %s msp manager is nil", ctx.Channel.Name())
-	}
-
-	msps, err := ctx.Channel.MSPManager().GetMSPs()
-	if err != nil {
-		return errors.WithMessage(err, "GetMSPs return error:%v")
-	}
-	if len(msps) == 0 {
-		return errors.Errorf("Channel %s msps is empty", ctx.Channel.Name())
-	}
-
-	msp := msps[serializedIdentity.Mspid]
-	if msp == nil {
-		return errors.Errorf("MSP %s not found", serializedIdentity.Mspid)
-	}
-
-	creator, err := msp.DeserializeIdentity(res.GetEndorsement().Endorser)
-	if err != nil {
-		return errors.WithMessage(err, "Failed to deserialize creator identity")
-	}
-
-	// ensure that creator is a valid certificate
-	err = creator.Validate()
+	err := ctx.Membership.Validate(creatorID)
 	if err != nil {
 		return errors.WithMessage(err, "The creator certificate is not valid")
 	}
@@ -105,7 +70,7 @@ func verifyProposalResponse(res *pb.ProposalResponse, ctx *ClientContext) error
 	digest := append(res.GetPayload(), res.GetEndorsement().Endorser...)
 
 	// validate the signature
-	err = creator.Verify(digest, res.GetEndorsement().Signature)
+	err = ctx.Membership.Verify(creatorID, digest, res.GetEndorsement().Signature)
 	if err != nil {
 		return errors.WithMessage(err, "The creator's signature over the proposal is not valid")
 	}

pkg/client/channel/invoke/signature_test.go

@@ -11,12 +11,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/stretchr/testify/assert"
-
-	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/msp"
 	txnmocks "github.com/hyperledger/fabric-sdk-go/pkg/client/common/mocks"
 	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/fab"
 	fcmocks "github.com/hyperledger/fabric-sdk-go/pkg/fab/mocks"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestSignatureValidationHandlerSuccess(t *testing.T) {
@@ -27,97 +25,29 @@ func TestSignatureValidationHandlerSuccess(t *testing.T) {
 
 	mockPeer1 := &fcmocks.MockPeer{MockName: "Peer1", MockURL: "http://peer1.com", MockRoles: []string{}, MockCert: nil, MockMSP: "Org1MSP", Status: 200, Payload: []byte("value")}
 
-	// Add mock msp to msp manager
-	msps := make(map[string]msp.MSP)
-	msps["Org1MSP"] = fcmocks.NewMockMSP(nil)
-
-	clientContext := setupContextForSignatureValidation(fcmocks.NewMockMSPManager(msps), []fab.Peer{mockPeer1}, t)
+	clientContext := setupContextForSignatureValidation(nil, nil, []fab.Peer{mockPeer1}, t)
 
 	handler := NewQueryHandler()
 	handler.Handle(requestContext, clientContext)
 	assert.Nil(t, requestContext.Error)
 }
 
-func TestSignatureValidationMspErrors(t *testing.T) {
-
-	// Sample request
-	request := Request{ChaincodeID: "testCC", Fcn: "invoke", Args: [][]byte{[]byte("query"), []byte("b")}}
-	requestContext := prepareRequestContext(request, Opts{}, t)
-	handler := NewQueryHandler()
-
-	mockPeer1 := &fcmocks.MockPeer{MockName: "Peer1", MockURL: "http://peer1.com", MockRoles: []string{}, MockCert: nil, MockMSP: "Org1MSP", Status: 200, Payload: []byte("value")}
-
-	// Test #1: GetMSPs error
-	msps := make(map[string]msp.MSP)
-	clientContext := setupContextForSignatureValidation(fcmocks.NewMockMSPManagerWithError(msps, errors.New("GetMSPs")), []fab.Peer{mockPeer1}, t)
-	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "GetMSPs return error", t)
-
-	// Test #2: MPS manager has no mps
-	clientContext = setupContextForSignatureValidation(fcmocks.NewMockMSPManager(nil), []fab.Peer{mockPeer1}, t)
-	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "is empty", t)
-
-	// Test #3: MSP not found
-	msps = make(map[string]msp.MSP)
-	msps["NotOrg1MSP"] = fcmocks.NewMockMSP(nil)
-	clientContext = setupContextForSignatureValidation(fcmocks.NewMockMSPManager(msps), []fab.Peer{mockPeer1}, t)
-	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "not found", t)
-}
-
-func TestSignatureValidationUnmarshallEndorserError(t *testing.T) {
-
-	// Sample request
-	request := Request{ChaincodeID: "testCC", Fcn: "invoke", Args: [][]byte{[]byte("query"), []byte("b")}}
-	requestContext := prepareRequestContext(request, Opts{}, t)
-	handler := NewQueryHandler()
-
-	mockPeer1 := &fcmocks.MockPeer{MockName: "Peer1", MockURL: "http://peer1.com", MockRoles: []string{}, MockCert: nil, MockMSP: "Org1MSP", Status: 200, Payload: []byte("value")}
-
-	// Unmarshall endorser error
-	msps := make(map[string]msp.MSP)
-	msps["Org1MSP"] = fcmocks.NewMockMSP(nil)
-	mockPeer1.Endorser = []byte("Invalid")
-	clientContext := setupContextForSignatureValidation(fcmocks.NewMockMSPManager(msps), []fab.Peer{mockPeer1}, t)
-	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "Unmarshal endorser error", t)
-
-}
-
-func TestSignatureValidationDeserializeIdentityError(t *testing.T) {
-
-	// Sample request
-	request := Request{ChaincodeID: "testCC", Fcn: "invoke", Args: [][]byte{[]byte("query"), []byte("b")}}
-	requestContext := prepareRequestContext(request, Opts{}, t)
-	handler := NewQueryHandler()
-
-	mockPeer1 := &fcmocks.MockPeer{MockName: "Peer1", MockURL: "http://peer1.com", MockRoles: []string{}, MockCert: nil, MockMSP: "Org1MSP", Status: 200, Payload: []byte("value")}
-
-	msps := make(map[string]msp.MSP)
-	msps["Org1MSP"] = fcmocks.NewMockMSP(errors.New("DeserializeIdentity"))
-	clientContext := setupContextForSignatureValidation(fcmocks.NewMockMSPManager(msps), []fab.Peer{mockPeer1}, t)
-	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "Failed to deserialize creator identity", t)
-}
-
 func TestSignatureValidationCreatorValidateError(t *testing.T) {
-
+	validateErr := errors.New("ValidateErr")
 	// Sample request
 	request := Request{ChaincodeID: "testCC", Fcn: "invoke", Args: [][]byte{[]byte("query"), []byte("b")}}
 	requestContext := prepareRequestContext(request, Opts{}, t)
 	handler := NewQueryHandler()
 
 	mockPeer1 := &fcmocks.MockPeer{MockName: "Peer1", MockURL: "http://peer1.com", MockRoles: []string{}, MockCert: nil, MockMSP: "Org1MSP", Status: 200, Payload: []byte("value")}
 
-	msps := make(map[string]msp.MSP)
-	msps["Org1MSP"] = fcmocks.NewMockMSP(errors.New("Validate"))
-	clientContext := setupContextForSignatureValidation(fcmocks.NewMockMSPManager(msps), []fab.Peer{mockPeer1}, t)
+	clientContext := setupContextForSignatureValidation(nil, validateErr, []fab.Peer{mockPeer1}, t)
 	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "The creator certificate is not valid", t)
+	verifyExpectedError(requestContext, validateErr.Error(), t)
 }
 
 func TestSignatureValidationCreatorVerifyError(t *testing.T) {
+	verifyErr := errors.New("Verify")
 
 	// Sample request
 	request := Request{ChaincodeID: "testCC", Fcn: "invoke", Args: [][]byte{[]byte("query"), []byte("b")}}
@@ -126,11 +56,9 @@ func TestSignatureValidationCreatorVerifyError(t *testing.T) {
 
 	mockPeer1 := &fcmocks.MockPeer{MockName: "Peer1", MockURL: "http://peer1.com", MockRoles: []string{}, MockCert: nil, MockMSP: "Org1MSP", Status: 200, Payload: []byte("value")}
 
-	msps := make(map[string]msp.MSP)
-	msps["Org1MSP"] = fcmocks.NewMockMSP(errors.New("Verify"))
-	clientContext := setupContextForSignatureValidation(fcmocks.NewMockMSPManager(msps), []fab.Peer{mockPeer1}, t)
+	clientContext := setupContextForSignatureValidation(verifyErr, nil, []fab.Peer{mockPeer1}, t)
 	handler.Handle(requestContext, clientContext)
-	verifyExpectedError(requestContext, "The creator's signature over the proposal is not valid", t)
+	verifyExpectedError(requestContext, verifyErr.Error(), t)
 }
 
 func verifyExpectedError(requestContext *RequestContext, expected string, t *testing.T) {
@@ -140,17 +68,11 @@ func verifyExpectedError(requestContext *RequestContext, expected string, t *tes
 	}
 }
 
-func setupContextForSignatureValidation(mspMgr *fcmocks.MockMSPManager, peers []fab.Peer, t *testing.T) *ClientContext {
-
-	testChannel, err := setupTestChannel()
-	if err != nil {
-		t.Fatalf("Failed to setup test channel: %s", err)
-	}
-
-	testChannel.SetMSPManager(mspMgr)
-
-	orderer := fcmocks.NewMockOrderer("", nil)
-	testChannel.AddOrderer(orderer)
+func setupContextForSignatureValidation(verifyErr, validateErr error, peers []fab.Peer, t *testing.T) *ClientContext {
+	ctx := setupTestContext()
+	membership := fcmocks.NewMockMembership()
+	membership.ValidateErr = validateErr
+	membership.VerifyErr = verifyErr
 
 	discoveryService, err := setupTestDiscovery(nil, nil)
 	if err != nil {
@@ -162,36 +84,16 @@ func setupContextForSignatureValidation(mspMgr *fcmocks.MockMSPManager, peers []
 		t.Fatalf("Failed to setup discovery service: %s", err)
 	}
 
-	ctx := setupTestContext()
 	transactor := txnmocks.MockTransactor{
 		Ctx:       ctx,
 		ChannelID: "",
 	}
 
 	return &ClientContext{
-		Channel:    testChannel,
+		Membership: membership,
 		Discovery:  discoveryService,
 		Selection:  selectionService,
 		Transactor: &transactor,
 	}
 
 }
-
-var certPem = `-----BEGIN CERTIFICATE-----
-MIIC5TCCAkagAwIBAgIUMYhiY5MS3jEmQ7Fz4X/e1Dx33J0wCgYIKoZIzj0EAwQw
-gYwxCzAJBgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3Jv
-bnRvMREwDwYDVQQKEwhsaW51eGN0bDEMMAoGA1UECxMDTGFiMTgwNgYDVQQDEy9s
-aW51eGN0bCBFQ0MgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAoTGFiKTAe
-Fw0xNzEyMDEyMTEzMDBaFw0xODEyMDEyMTEzMDBaMGMxCzAJBgNVBAYTAkNBMRAw
-DgYDVQQIEwdPbnRhcmlvMRAwDgYDVQQHEwdUb3JvbnRvMREwDwYDVQQKEwhsaW51
-eGN0bDEMMAoGA1UECxMDTGFiMQ8wDQYDVQQDDAZzZGtfZ28wdjAQBgcqhkjOPQIB
-BgUrgQQAIgNiAAT6I1CGNrkchIAEmeJGo53XhDsoJwRiohBv2PotEEGuO6rMyaOu
-pulj2VOj+YtgWw4ZtU49g4Nv6rq1QlKwRYyMwwRJSAZHIUMhYZjcDi7YEOZ3Fs1h
-xKmIxR+TTR2vf9KjgZAwgY0wDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsG
-AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFDwS3xhpAWs81OVWvZt+iUNL
-z26DMB8GA1UdIwQYMBaAFLRasbknomawJKuQGiyKs/RzTCujMBgGA1UdEQQRMA+C
-DWZhYnJpY19zZGtfZ28wCgYIKoZIzj0EAwQDgYwAMIGIAkIAk1MxMogtMtNO0rM8
-gw2rrxqbW67ulwmMQzp6EJbm/28T2pIoYWWyIwpzrquypI7BOuf8is5b7Jcgn9oz
-7sdMTggCQgF7/8ZFl+wikAAPbciIL1I+LyCXKwXosdFL6KMT6/myYjsGNeeDeMbg
-3YkZ9DhdH1tN4U/h+YulG/CkKOtUATtQxg==
------END CERTIFICATE-----`