[FAB-8195] Loading embedded certs is broken

Aleksandar Likic · Aleksandar Likic · commit ac89b893ff8d · 2018-02-09T21:32:42.000-05:00
Change-Id: I3207cbd64b426070c00fed5b4c5e0506b1caf72c
Signed-off-by: Aleksandar Likic &lt;aleksandar.likic@securekey.com&gt;
diff --git a/pkg/fabric-client/credentialmgr/credentialmgr.go b/pkg/fabric-client/credentialmgr/credentialmgr.go
@@ -94,31 +94,31 @@ func (mgr *CredentialManager) GetSigningIdentity(userName string) (*apifabclient
 		return nil, errors.New("username is required")
 	}
 
-	privateKey, err := mgr.getEmbeddedPrivateKey(userName)
+	certBytes, err := mgr.getEmbeddedCertBytes(userName)
+
 	if err != nil {
-		return nil, errors.WithMessage(err, "fetching embedded private key failed")
+		return nil, errors.WithMessage(err, "fetching embedded cert failed")
 	}
 
-	mspID, err := mgr.config.MspID(mgr.orgName)
+	if certBytes == nil {
+		certBytes, err = mgr.getStoredCertBytes(userName)
+
+		if err != nil {
+			return nil, errors.WithMessage(err, "fetching cert from store failed")
+		}
+	}
+
+	if certBytes == nil {
+		return nil, fmt.Errorf("cert not found for user [%s]", userName)
+	}
+
+	privateKey, err := mgr.getEmbeddedPrivateKey(userName)
+
 	if err != nil {
-		return nil, errors.WithMessage(err, "MSP ID config read failed")
+		return nil, errors.WithMessage(err, "fetching embedded private key failed")
 	}
 
-	var certBytes []byte
 	if privateKey == nil {
-		certBytes, err = mgr.getEmbeddedCertBytes(userName)
-		if err != nil {
-			return nil, errors.WithMessage(err, "fetching enbedded cert failed")
-		}
-		if certBytes == nil {
-			certBytes, err = mgr.getStoredCertBytes(userName)
-			if err != nil {
-				return nil, errors.WithMessage(err, "fetching cert from store failed")
-			}
-		}
-		if certBytes == nil {
-			return nil, fmt.Errorf("cert not found for user [%s]", userName)
-		}
 		privateKey, err = mgr.getPivateKeyFromCert(userName, certBytes)
 		if err != nil {
 			return nil, errors.Wrapf(err, "getting private key from cert failed")
@@ -129,6 +129,12 @@ func (mgr *CredentialManager) GetSigningIdentity(userName string) (*apifabclient
 		return nil, fmt.Errorf("unable to find private key for user [%s]", userName)
 	}
 
+	mspID, err := mgr.config.MspID(mgr.orgName)
+
+	if err != nil {
+		return nil, errors.WithMessage(err, "MSP ID config read failed")
+	}
+
 	signingIdentity := &apifabclient.SigningIdentity{MspID: mspID, PrivateKey: privateKey, EnrollmentCert: certBytes}
 
 	return signingIdentity, nil
diff --git a/pkg/fabric-client/credentialmgr/credentialmgr_test.go b/pkg/fabric-client/credentialmgr/credentialmgr_test.go
@@ -9,9 +9,11 @@ package credentialmgr
 import (
 	"testing"
 
+	"github.com/hyperledger/fabric-sdk-go/api/apifabclient"
 	"github.com/hyperledger/fabric-sdk-go/pkg/config"
 	"github.com/hyperledger/fabric-sdk-go/pkg/cryptosuite"
 	fcmocks "github.com/hyperledger/fabric-sdk-go/pkg/fabric-client/mocks"
+	"github.com/pkg/errors"
 )
 
 func TestCredentialManager(t *testing.T) {
@@ -36,11 +38,29 @@ func TestCredentialManager(t *testing.T) {
 		t.Fatalf("Should have failed to retrieve signing identity for non-existent user")
 	}
 
-	_, err = credentialMgr.GetSigningIdentity("User1")
+	id, err := credentialMgr.GetSigningIdentity("User1")
 	if err != nil {
 		t.Fatalf("Failed to retrieve signing identity: %s", err)
 	}
+	if err := checkSigningIdentity(id); err != nil {
+		t.Fatalf("checkSigningIdentity failes: %s", err)
+	}
+}
 
+func checkSigningIdentity(id *apifabclient.SigningIdentity) error {
+	if id == nil {
+		return errors.New("SigningIdentity is nil")
+	}
+	if id.EnrollmentCert == nil {
+		return errors.New("Enrollment cert is missing")
+	}
+	if id.MspID == "" {
+		return errors.New("MspID is missing")
+	}
+	if id.PrivateKey == nil {
+		return errors.New("private key is missing")
+	}
+	return nil
 }
 
 func TestInvalidOrgCredentialManager(t *testing.T) {
@@ -80,23 +100,35 @@ func TestCredentialManagerFromEmbeddedCryptoConfig(t *testing.T) {
 		t.Fatalf("Should have failed to retrieve signing identity for non-existent user")
 	}
 
-	_, err = credentialMgr.GetSigningIdentity("EmbeddedUser")
+	id, err := credentialMgr.GetSigningIdentity("EmbeddedUser")
 	if err != nil {
 		t.Fatalf("Failed to retrieve signing identity: %+v", err)
 	}
+	if err := checkSigningIdentity(id); err != nil {
+		t.Fatalf("checkSigningIdentity failes: %s", err)
+	}
 
-	_, err = credentialMgr.GetSigningIdentity("EmbeddedUserWithPaths")
+	id, err = credentialMgr.GetSigningIdentity("EmbeddedUserWithPaths")
 	if err != nil {
 		t.Fatalf("Failed to retrieve signing identity: %+v", err)
 	}
+	if err := checkSigningIdentity(id); err != nil {
+		t.Fatalf("checkSigningIdentity failes: %s", err)
+	}
 
-	_, err = credentialMgr.GetSigningIdentity("EmbeddedUserMixed")
+	id, err = credentialMgr.GetSigningIdentity("EmbeddedUserMixed")
 	if err != nil {
 		t.Fatalf("Failed to retrieve signing identity: %+v", err)
 	}
+	if err := checkSigningIdentity(id); err != nil {
+		t.Fatalf("checkSigningIdentity failes: %s", err)
+	}
 
-	_, err = credentialMgr.GetSigningIdentity("EmbeddedUserMixed2")
+	id, err = credentialMgr.GetSigningIdentity("EmbeddedUserMixed2")
 	if err != nil {
 		t.Fatalf("Failed to retrieve signing identity: %+v", err)
 	}
+	if err := checkSigningIdentity(id); err != nil {
+		t.Fatalf("checkSigningIdentity failes: %s", err)
+	}
 }
