[FABG-779]Add an function to modify enroll request

With function type EnrollmentRequestOption, you can
modify enrollment request's profile,type and attrReqs before enrolling.

Change-Id: I756d0e3f488136ad443d192442159762f9d2ffa6
Signed-off-by: baoyangc <cxyboy_1@aliyun.com>
Signed-off-by: 乔伦 徐 <jamesxql@gmail.com>

Author: gopherchai

pkg/client/msp/client.go

@@ -105,7 +105,11 @@ func newCAClient(ctx context.Client, orgName string) (mspapi.CAClient, error) {
 
 // enrollmentOptions represent enrollment options
 type enrollmentOptions struct {
-	secret string
+	secret   string
+	profile  string
+	label    string
+	typ      string
+	attrReqs []*AttributeRequest
 }
 
 // EnrollmentOption describes a functional parameter for Enroll
@@ -119,6 +123,38 @@ func WithSecret(secret string) EnrollmentOption {
 	}
 }
 
+// WithProfile enrollment option
+func WithProfile(profile string) EnrollmentOption {
+	return func(o *enrollmentOptions) error {
+		o.profile = profile
+		return nil
+	}
+}
+
+// WithType enrollment option
+func WithType(typ string) EnrollmentOption {
+	return func(o *enrollmentOptions) error {
+		o.typ = typ
+		return nil
+	}
+}
+
+// WithLabel enrollment option
+func WithLabel(label string) EnrollmentOption {
+	return func(o *enrollmentOptions) error {
+		o.label = label
+		return nil
+	}
+}
+
+// WithAttributeRequests enrollment option
+func WithAttributeRequests(attrReqs []*AttributeRequest) EnrollmentOption {
+	return func(o *enrollmentOptions) error {
+		o.attrReqs = attrReqs
+		return nil
+	}
+}
+
 // CreateIdentity creates a new identity with the Fabric CA server. An enrollment secret is returned which can then be used,
 // along with the enrollment ID, to enroll a new identity.
 //  Parameters:
@@ -328,7 +364,24 @@ func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error {
 	if err != nil {
 		return err
 	}
-	return ca.Enroll(enrollmentID, eo.secret)
+
+	req := &mspapi.EnrollmentRequest{
+		Name:    enrollmentID,
+		Secret:  eo.secret,
+		Profile: eo.profile,
+		Type:    eo.typ,
+		Label:   eo.label,
+	}
+
+	if len(eo.attrReqs) > 0 {
+		attrs := make([]*mspapi.AttributeRequest, 0)
+		for _, attr := range eo.attrReqs {
+			attrs = append(attrs, &mspapi.AttributeRequest{Name: attr.Name, Optional: attr.Optional})
+		}
+		req.AttrReqs = attrs
+	}
+
+	return ca.Enroll(req)
 }
 
 // Reenroll reenrolls an enrolled user in order to obtain a new signed X509 certificate
@@ -337,12 +390,33 @@ func (c *Client) Enroll(enrollmentID string, opts ...EnrollmentOption) error {
 //
 //  Returns:
 //  an error if re-enrollment fails
-func (c *Client) Reenroll(enrollmentID string) error {
+func (c *Client) Reenroll(enrollmentID string, opts ...EnrollmentOption) error {
+	eo := enrollmentOptions{}
+	for _, param := range opts {
+		err := param(&eo)
+		if err != nil {
+			return errors.WithMessage(err, "failed to enroll")
+		}
+	}
+
 	ca, err := newCAClient(c.ctx, c.orgName)
 	if err != nil {
 		return err
 	}
-	return ca.Reenroll(enrollmentID)
+
+	req := &mspapi.ReenrollmentRequest{
+		Name:    enrollmentID,
+		Profile: eo.profile,
+		Label:   eo.label,
+	}
+	if len(eo.attrReqs) > 0 {
+		attrs := make([]*mspapi.AttributeRequest, 0)
+		for _, attr := range eo.attrReqs {
+			attrs = append(attrs, &mspapi.AttributeRequest{Name: attr.Name, Optional: attr.Optional})
+		}
+		req.AttrReqs = attrs
+	}
+	return ca.Reenroll(req)
 }
 
 // Register registers a User with the Fabric CA

pkg/client/msp/client_test.go

@@ -27,6 +27,8 @@ import (
 	"github.com/hyperledger/fabric-sdk-go/pkg/fabsdk"
 	mspImpl "github.com/hyperledger/fabric-sdk-go/pkg/msp"
 	"github.com/hyperledger/fabric-sdk-go/pkg/msp/test/mockmsp"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 const (
@@ -90,6 +92,123 @@ func TestMSP(t *testing.T) {
 
 }
 
+func TestMSPWithProfile(t *testing.T) {
+	f := testFixture{}
+	sdk := f.setup()
+	defer sdk.Close()
+
+	ctxProvider := sdk.Context()
+	msp, err := New(ctxProvider)
+	require.NoError(t, err)
+
+	enrollUsername := randomUsername()
+	_, err = msp.GetSigningIdentity(enrollUsername)
+	if err != ErrUserNotFound {
+		t.Fatal("Expected to not find user")
+	}
+
+	err = msp.Enroll(enrollUsername, WithSecret("enrollmentSecret"), WithProfile("tls"))
+	require.NoError(t, err)
+
+	enrolledUser, err := msp.GetSigningIdentity(enrollUsername)
+	require.NoError(t, err)
+
+	assert.Equal(t, enrollUsername, enrolledUser.Identifier().ID)
+	assert.Equal(t, "Org1MSP", enrolledUser.Identifier().MSPID)
+
+	err = msp.Reenroll(enrolledUser.Identifier().ID, WithProfile("tls"))
+	if err != nil {
+		t.Fatalf("Reenroll return error %s", err)
+	}
+}
+
+func TestMSPWithType(t *testing.T) {
+	f := testFixture{}
+	sdk := f.setup()
+	defer sdk.Close()
+
+	ctxProvider := sdk.Context()
+	msp, err := New(ctxProvider)
+	require.NoError(t, err)
+
+	enrollUsername := randomUsername()
+	_, err = msp.GetSigningIdentity(enrollUsername)
+	if err != ErrUserNotFound {
+		t.Fatal("Expected to not find user")
+	}
+
+	err = msp.Enroll(enrollUsername, WithSecret("enrollmentSecret"), WithType("idemix"))
+	if err == nil {
+		t.Fatal("idemix enroll not supported")
+	}
+
+	err = msp.Reenroll(enrollUsername, WithType("idemix"))
+	if err == nil {
+		t.Fatal("idemix enroll not supported")
+	}
+}
+
+func TestMSPWithLabel(t *testing.T) {
+	f := testFixture{}
+	sdk := f.setup()
+	defer sdk.Close()
+
+	ctxProvider := sdk.Context()
+	msp, err := New(ctxProvider)
+	require.NoError(t, err)
+
+	enrollUsername := randomUsername()
+	_, err = msp.GetSigningIdentity(enrollUsername)
+	if err != ErrUserNotFound {
+		t.Fatal("Expected to not find user")
+	}
+
+	err = msp.Enroll(enrollUsername, WithSecret("enrollmentSecret"), WithLabel("ForFabric"))
+	require.NoError(t, err)
+
+	enrolledUser, err := msp.GetSigningIdentity(enrollUsername)
+	require.NoError(t, err)
+
+	assert.Equal(t, enrollUsername, enrolledUser.Identifier().ID)
+	assert.Equal(t, "Org1MSP", enrolledUser.Identifier().MSPID)
+
+	err = msp.Reenroll(enrolledUser.Identifier().ID, WithLabel("ForFabric"))
+	if err != nil {
+		t.Fatalf("Reenroll return error %s", err)
+	}
+}
+
+func TestMSPWithAttributeRequests(t *testing.T) {
+	f := testFixture{}
+	sdk := f.setup()
+	defer sdk.Close()
+
+	ctxProvider := sdk.Context()
+	msp, err := New(ctxProvider)
+	require.NoError(t, err)
+
+	enrollUsername := randomUsername()
+	_, err = msp.GetSigningIdentity(enrollUsername)
+	if err != ErrUserNotFound {
+		t.Fatal("Expected to not find user")
+	}
+
+	attrReqs := []*AttributeRequest{{Name: "name1", Optional: true}}
+	err = msp.Enroll(enrollUsername, WithSecret("enrollmentSecret"), WithAttributeRequests(attrReqs))
+	require.NoError(t, err)
+
+	enrolledUser, err := msp.GetSigningIdentity(enrollUsername)
+	require.NoError(t, err)
+
+	assert.Equal(t, enrollUsername, enrolledUser.Identifier().ID)
+	assert.Equal(t, "Org1MSP", enrolledUser.Identifier().MSPID)
+
+	err = msp.Reenroll(enrolledUser.Identifier().ID, WithAttributeRequests(attrReqs))
+	if err != nil {
+		t.Fatalf("Reenroll return error %s", err)
+	}
+}
+
 func TestWithNonExistentOrganization(t *testing.T) {
 	// Instantiate the SDK
 	sdk, err := fabsdk.New(config.FromFile(configPath))

pkg/client/msp/example_test.go

@@ -103,6 +103,87 @@ func ExampleWithSecret() {
 
 }
 
+func ExampleWithProfile() {
+	ctx := mockClientProvider()
+
+	// Create msp client
+	c, err := New(ctx)
+	if err != nil {
+		fmt.Println("failed to create msp client")
+		return
+	}
+
+	err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"), WithProfile("tls"))
+	if err != nil {
+		fmt.Printf("failed to enroll user: %s\n", err)
+		return
+	}
+	fmt.Println("enroll user is completed")
+
+	// Output: enroll user is completed
+}
+
+func ExampleWithType() {
+	ctx := mockClientProvider()
+
+	// Create msp client
+	c, err := New(ctx)
+	if err != nil {
+		fmt.Println("failed to create msp client")
+		return
+	}
+
+	err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"), WithType("x509") /*or idemix, which is not support now*/)
+	if err != nil {
+		fmt.Printf("failed to enroll user: %s\n", err)
+		return
+	}
+	fmt.Println("enroll user is completed")
+
+	// Output: enroll user is completed
+}
+
+func ExampleWithLabel() {
+	ctx := mockClientProvider()
+
+	// Create msp client
+	c, err := New(ctx)
+	if err != nil {
+		fmt.Println("failed to create msp client")
+		return
+	}
+
+	err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"), WithLabel("ForFabric"))
+	if err != nil {
+		fmt.Printf("failed to enroll user: %s\n", err)
+		return
+	}
+	fmt.Println("enroll user is completed")
+
+	// Output: enroll user is completed
+}
+
+func ExampleWithAttributeRequests() {
+	ctx := mockClientProvider()
+
+	// Create msp client
+	c, err := New(ctx)
+	if err != nil {
+		fmt.Println("failed to create msp client")
+		return
+	}
+
+	attrs := []*AttributeRequest{{Name: "name1", Optional: true}, {Name: "name2", Optional: true}}
+	err = c.Enroll(randomUsername(), WithSecret("enrollmentSecret"), WithAttributeRequests(attrs))
+	if err != nil {
+		fmt.Printf("failed to enroll user: %s\n", err)
+		return
+	}
+	fmt.Println("enroll user is completed")
+
+	// Output: enroll user is completed
+}
+
 func ExampleClient_Register() {
 
 	ctx := mockClientProvider()

pkg/fab/mocks/mockcaclient.go

@@ -23,12 +23,12 @@ func NewMockCAClient(orgName string, cryptoProvider core.CryptoSuite) (api.CACli
 }
 
 // Enroll enrolls a user with a Fabric network
-func (mgr *MockCAClient) Enroll(enrollmentID string, enrollmentSecret string) error {
+func (mgr *MockCAClient) Enroll(request *api.EnrollmentRequest) error {
 	return errors.New("not implemented")
 }
 
 // Reenroll re-enrolls a user
-func (mgr *MockCAClient) Reenroll(enrollmentID string) error {
+func (mgr *MockCAClient) Reenroll(request *api.ReenrollmentRequest) error {
 	return errors.New("not implemented")
 }
 

pkg/msp/api/api.go

@@ -17,8 +17,8 @@ var (
 
 // CAClient provides management of identities in a Fabric network
 type CAClient interface {
-	Enroll(enrollmentID string, enrollmentSecret string) error
-	Reenroll(enrollmentID string) error
+	Enroll(request *EnrollmentRequest) error
+	Reenroll(request *ReenrollmentRequest) error
 	Register(request *RegistrationRequest) (string, error)
 	Revoke(request *RevocationRequest) (*RevocationResponse, error)
 	CreateIdentity(request *IdentityRequest) (*IdentityResponse, error)
@@ -55,6 +55,38 @@ type RegistrationRequest struct {
 	Secret string
 }
 
+// EnrollmentRequest is a request to enroll an identity
+type EnrollmentRequest struct {
+	// The identity name to enroll
+	Name string
+	// The secret returned via Register
+	Secret string
+	// AttrReqs are requests for attributes to add to the certificate.
+	// Each attribute is added only if the requestor owns the attribute.
+	AttrReqs []*AttributeRequest
+	// Profile is the name of the signing profile to use in issuing the X509 certificate
+	Profile string
+	// Label is the label to use in HSM operations
+	Label string
+	// The type of the enrollment request: x509 or idemix
+	// The default is a request for an X509 enrollment certificate
+	Type string
+}
+
+// ReenrollmentRequest is a request to reenroll an identity.
+// This is useful to renew a certificate before it has expired.
+type ReenrollmentRequest struct {
+	// The identity name to enroll
+	Name string
+	// Profile is the name of the signing profile to use in issuing the certificate
+	Profile string
+	// Label is the label to use in HSM operations
+	Label string
+	// AttrReqs are requests for attributes to add to the certificate.
+	// Each attribute is added only if the requestor owns the attribute.
+	AttrReqs []*AttributeRequest
+}
+
 // Attribute defines additional attributes that may be passed along during registration
 type Attribute struct {
 	Name  string