diff --git a/app/platform/fabric/FabricClient.js b/app/platform/fabric/FabricClient.js index 61e236b4b..15c55e5f8 100644 --- a/app/platform/fabric/FabricClient.js +++ b/app/platform/fabric/FabricClient.js @@ -64,6 +64,7 @@ class FabricClient { } catch (error) { // TODO in case of the failure, should terminate explorer? logger.error(error); + throw new ExplorerError(error); } // Getting channels from queryChannels diff --git a/app/platform/fabric/FabricConfig.js b/app/platform/fabric/FabricConfig.js index 7a227855e..8e04329a2 100644 --- a/app/platform/fabric/FabricConfig.js +++ b/app/platform/fabric/FabricConfig.js @@ -107,7 +107,7 @@ class FabricConfig { * @memberof FabricConfig */ getAdminUser() { - return this.config.client.adminUser; + return this.config.client.adminCredential.id; } /** @@ -116,8 +116,8 @@ class FabricConfig { * @returns * @memberof FabricConfig */ - getNetworkName() { - return this.config.name; + getAdminPassword() { + return this.config.client.adminCredential.password; } /** @@ -126,8 +126,38 @@ class FabricConfig { * @returns * @memberof FabricConfig */ - getAdminPassword() { - return this.config.client.adminPassword; + getAdminAffiliation() { + return this.config.client.adminCredential.affiliation; + } + + /** + * + * + * @returns + * @memberof FabricConfig + */ + getCaAdminUser() { + return this.config.client.caCredential.id; + } + + /** + * + * + * @returns + * @memberof FabricConfig + */ + getCaAdminPassword() { + return this.config.client.caCredential.password; + } + + /** + * + * + * @returns + * @memberof FabricConfig + */ + getNetworkName() { + return this.config.name; } /** @@ -178,14 +208,20 @@ class FabricConfig { * @returns * @memberof FabricConfig */ - getOrganizationsConfig() { + getOrgSignedCertPath() { const organization = this.config.organizations[this.getOrganization()]; + return organization.signedCert.path; + } - const orgMsp = organization.mspid; - const adminPrivateKeyPath = organization.adminPrivateKey.path; - const signedCertPath = organization.signedCert.path; - - return { orgMsp, adminPrivateKeyPath, signedCertPath }; + /** + * + * + * @returns + * @memberof FabricConfig + */ + getOrgAdminPrivateKeyPath() { + const organization = this.config.organizations[this.getOrganization()]; + return organization.adminPrivateKey.path; } /** diff --git a/app/platform/fabric/connection-profile/first-network.json b/app/platform/fabric/connection-profile/first-network.json index ece8e3d81..3dd3efec5 100644 --- a/app/platform/fabric/connection-profile/first-network.json +++ b/app/platform/fabric/connection-profile/first-network.json @@ -4,8 +4,15 @@ "license": "Apache-2.0", "client": { "tlsEnable": true, - "adminUser": "admin", - "adminPassword": "adminpw", + "caCredential": { + "id": "admin", + "password": "adminpw" + }, + "adminCredential": { + "id": "exploreradmin", + "password": "exploreradminpw", + "affiliation": "org1.department1" + }, "enableAuthentication": true, "organization": "Org1MSP", "connection": { @@ -55,5 +62,17 @@ "ssl-target-name-override": "peer0.org1.example.com" } } + }, + "certificateAuthorities": { + "ca0": { + "url": "https://localhost:7054", + "httpOptions": { + "verify": false + }, + "tlsCACerts": { + "path": "/fabric-path/fabric-samples/first-network/crypto-config/peerOrganizations/org1/ca/ca.org1-cert.pem" + }, + "caName": "ca0-org1" + } } } diff --git a/app/platform/fabric/e2e-test/configs/connection-profile/org1-network.json b/app/platform/fabric/e2e-test/configs/connection-profile/org1-network.json index b6a030a26..19fa88912 100644 --- a/app/platform/fabric/e2e-test/configs/connection-profile/org1-network.json +++ b/app/platform/fabric/e2e-test/configs/connection-profile/org1-network.json @@ -4,8 +4,15 @@ "license": "Apache-2.0", "client": { "tlsEnable": true, - "adminUser": "admin", - "adminPassword": "adminpw", + "caCredential": { + "id": "admin", + "password": "adminpw" + }, + "adminCredential": { + "id": "exploreradmin", + "password": "exploreradminpw", + "affiliation": "org1.department1" + }, "enableAuthentication": false, "organization": "org1", "connection": { diff --git a/app/platform/fabric/e2e-test/configs/connection-profile/org2-network.json b/app/platform/fabric/e2e-test/configs/connection-profile/org2-network.json index d6a78a213..196b0d4de 100644 --- a/app/platform/fabric/e2e-test/configs/connection-profile/org2-network.json +++ b/app/platform/fabric/e2e-test/configs/connection-profile/org2-network.json @@ -4,8 +4,15 @@ "license": "Apache-2.0", "client": { "tlsEnable": true, - "adminUser": "admin", - "adminPassword": "adminpw", + "caCredential": { + "id": "admin", + "password": "adminpw" + }, + "adminCredential": { + "id": "exploreradmin", + "password": "exploreradminpw", + "affiliation": "org2.department1" + }, "organization": "org2", "enableAuthentication": false, "connection": { diff --git a/app/platform/fabric/e2e-test/specs/apitest_test.go b/app/platform/fabric/e2e-test/specs/apitest_test.go index 2414a23af..c5535665d 100644 --- a/app/platform/fabric/e2e-test/specs/apitest_test.go +++ b/app/platform/fabric/e2e-test/specs/apitest_test.go @@ -132,12 +132,12 @@ var _ = Describe("REST API Test Suite - Single profile", func() { It("login to org1-network", func() { - resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{}) + resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{}) result := resp.Result().(*LoginResponse) token = result.Token Expect(result.User.Message).Should(Equal("logged in")) - Expect(result.User.Name).Should(Equal("admin")) + Expect(result.User.Name).Should(Equal("exploreradmin")) }) It("get channels", func() { @@ -374,24 +374,24 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() { Context("/auth/login", func() { It("login to org1-network", func() { - resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{}) + resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{}) result := resp.Result().(*LoginResponse) Expect(result.User.Message).Should(Equal("logged in")) - Expect(result.User.Name).Should(Equal("admin")) + Expect(result.User.Name).Should(Equal("exploreradmin")) }) It("login to org2-network", func() { - resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{}) + resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{}) result := resp.Result().(*LoginResponse) Expect(result.User.Message).Should(Equal("logged in")) - Expect(result.User.Name).Should(Equal("admin")) + Expect(result.User.Name).Should(Equal("exploreradmin")) }) }) Context("/api/channels", func() { It("get channels for Org1", func() { // For org1 - resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{}) + resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{}) resultLogin := resp.Result().(*LoginResponse) token := resultLogin.Token Expect(resultLogin.User.Message).Should(Equal("logged in")) @@ -404,7 +404,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() { It("get channels for Org2", func() { // For org2 - resp := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{}) + resp := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{}) resultLogin := resp.Result().(*LoginResponse) token := resultLogin.Token Expect(resultLogin.User.Message).Should(Equal("logged in")) @@ -420,7 +420,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() { It("get channels info for org1", func() { - resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{}) + resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{}) result1 := resp1.Result().(*LoginResponse) token := result1.Token Expect(result1.User.Message).Should(Equal("logged in")) @@ -484,7 +484,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() { It("get channels info for org2", func() { - resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{}) + resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{}) result1 := resp1.Result().(*LoginResponse) token := result1.Token Expect(result1.User.Message).Should(Equal("logged in")) @@ -552,7 +552,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() { It("get block info for org1", func() { - resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org1-network"}, &LoginResponse{}) + resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org1-network"}, &LoginResponse{}) result1 := resp1.Result().(*LoginResponse) token := result1.Token Expect(result1.User.Message).Should(Equal("logged in")) @@ -583,7 +583,7 @@ var _ = Describe("REST API Test Suite - Multiple profile", func() { It("get block info for org2", func() { - resp1 := restPost("/auth/login", map[string]interface{}{"user": "admin", "password": "adminpw", "network": "org2-network"}, &LoginResponse{}) + resp1 := restPost("/auth/login", map[string]interface{}{"user": "exploreradmin", "password": "exploreradminpw", "network": "org2-network"}, &LoginResponse{}) result1 := resp1.Result().(*LoginResponse) token := result1.Token Expect(result1.User.Message).Should(Equal("logged in")) diff --git a/app/platform/fabric/gateway/FabricGateway.js b/app/platform/fabric/gateway/FabricGateway.js index 2c5b750e2..93b245764 100644 --- a/app/platform/fabric/gateway/FabricGateway.js +++ b/app/platform/fabric/gateway/FabricGateway.js @@ -28,7 +28,6 @@ class FabricGateway { this.networkConfig = networkConfig; this.config = null; this.gateway = null; - this.enrollmentSecret = null; this.wallet = null; this.tlsEnable = false; this.defaultChannelName = null; @@ -51,7 +50,6 @@ class FabricGateway { this.config = this.fabricConfig.getConfig(); this.fabricCaEnabled = this.fabricConfig.isFabricCaEnabled(); this.tlsEnable = this.fabricConfig.getTls(); - this.enrollmentSecret = this.fabricConfig.getAdminPassword(); this.enableAuthentication = this.fabricConfig.getEnableAuthentication(); this.networkName = this.fabricConfig.getNetworkName(); this.FSWALLET = 'wallet/' + this.networkName; @@ -62,26 +60,9 @@ class FabricGateway { const peers = this.fabricConfig.getPeers(); this.defaultPeer = peers[0].name; this.defaultPeerUrl = peers[0].url; - let orgMsp; - let signedCertPath; - let adminPrivateKeyPath; - logger.log('========== > defaultPeer ', this.defaultPeer); + + logger.info('========== > defaultPeer ', this.defaultPeer); /* eslint-disable */ - ({ - orgMsp, - adminPrivateKeyPath, - signedCertPath - } = this.fabricConfig.getOrganizationsConfig()); - logger.log( - 'orgMsp :', - orgMsp, - '\n', - 'signedCertPath :', - signedCertPath, - '\n', - 'adminPrivateKeyPath ', - adminPrivateKeyPath - ); this.defaultChannelName = this.fabricConfig.getDefaultChannel(); /* eslint-enable */ @@ -97,15 +78,26 @@ class FabricGateway { `An identity for the admin user: ${this.fabricConfig.getAdminUser()} already exists in the wallet` ); } else { - /* - * Identity credentials to be stored in the wallet - * Look for signedCert in first-network-connection.json - */ - identity = this.enrollUserIdentity( - this.fabricConfig.getAdminUser(), - signedCertPath, - adminPrivateKeyPath - ); + logger.info('CA enabled'); + if (this.fabricCaEnabled) { + identity = await this.enrollCaIdentity( + this.fabricConfig.getAdminUser(), + this.fabricConfig.getAdminPassword() + ); + } else { + /* + * Identity credentials to be stored in the wallet + * Look for signedCert in first-network-connection.json + */ + + const signedCertPath = this.fabricConfig.getOrgSignedCertPath(); + const adminPrivateKeyPath = this.fabricConfig.getOrgAdminPrivateKeyPath(); + identity = this.enrollUserIdentity( + this.fabricConfig.getAdminUser(), + signedCertPath, + adminPrivateKeyPath + ); + } } if (!this.tlsEnable) { @@ -132,7 +124,7 @@ class FabricGateway { await this.gateway.connect(this.config, connectionOptions); // this.client = this.gateway.getClient(); } catch (error) { - logger.error(` ${error}`); + logger.error(`${error}`); throw new ExplorerError(explorer_mess.error.ERROR_1010); } } @@ -200,10 +192,11 @@ class FabricGateway { }); const enrollment = await ca.enroll({ - enrollmentID: id, - enrollmentSecret: secret + enrollmentID: this.fabricConfig.getCaAdminUser(), + enrollmentSecret: this.fabricConfig.getCaAdminPassword() }); - logger.log('>>>>>>>>>>>>>>>>>>>>>>>>> enrollment ', enrollment); + + logger.info('>>>>>>>>>>>>>>>>>>>>>>>>> enrollment : ca admin'); const identity = { credentials: { @@ -213,12 +206,45 @@ class FabricGateway { mspId: this.fabricConfig.getMspId(), type: 'X.509' }; - logger.log('identity ', identity); + // Import identity wallet - await this.wallet.put(id, identity); + await this.wallet.put(this.fabricConfig.getCaAdminUser(), identity); + + const adminUser = await this.getUserContext( + this.fabricConfig.getCaAdminUser() + ); + await ca.register( + { + affiliation: this.fabricConfig.getAdminAffiliation(), + enrollmentID: id, + enrollmentSecret: secret, + role: 'admin' + }, + adminUser + ); + + const enrollmentBEAdmin = await ca.enroll({ + enrollmentID: id, + enrollmentSecret: secret + }); + + logger.info( + '>>>>>>>>>>>>>>>>>>>>>>>>> registration & enrollment : BE admin' + ); + + const identityBEAdmin = { + credentials: { + certificate: enrollmentBEAdmin.certificate, + privateKey: enrollmentBEAdmin.key.toBytes() + }, + mspId: this.fabricConfig.getMspId(), + type: 'X.509' + }; + await this.wallet.put(id, identityBEAdmin); + logger.debug('Successfully get user enrolled and imported to wallet, ', id); - return identity; + return identityBEAdmin; } catch (error) { // TODO decide how to proceed if error logger.error('Error instantiating FabricCAServices ', error); diff --git a/client/e2e-test/configs/connection-profile/org1-network-for-guitest.json b/client/e2e-test/configs/connection-profile/org1-network-for-guitest.json index eef63a934..11bb7f0d6 100644 --- a/client/e2e-test/configs/connection-profile/org1-network-for-guitest.json +++ b/client/e2e-test/configs/connection-profile/org1-network-for-guitest.json @@ -4,8 +4,11 @@ "license": "Apache-2.0", "client": { "tlsEnable": true, - "adminUser": "admin", - "adminPassword": "adminpw", + "adminCredential": { + "id": "admin", + "password": "adminpw", + "affiliation": "org1.department1" + }, "enableAuthentication": true, "organization": "org1", "connection": {