Merge "[FAB-3121] Improve Intermediate CA error message"

hyperledger · May 23, 2017 · f9de9ab · f9de9ab
2 parents 4aead96 + 52f09ed
commit f9de9ab
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/docs/source/users-guide.rst b/docs/source/users-guide.rst
@@ -649,9 +649,13 @@ command again.
 The ``fabric-ca-server init`` command generates a self-signed CA certificate
 unless the ``-u <parent-fabric-ca-server-URL>`` option is specified.
 If the ``-u`` is specified, the server's CA certificate is signed by the
-parent Fabric CA server.  The ``fabric-ca-server init`` command also
-generates a default configuration file named **fabric-ca-server-config.yaml**
-in the server's home directory.
+parent Fabric CA server.
+In order to authenticate to the parent Fabric CA server, the URL must
+be of the form ``<scheme>://<enrollmentID>:<secret>@<host>:<port>``, where
+<enrollmentID> and <secret> correspond to an identity with an 'hf.IntermediateCA'
+attribute whose value equals 'true'.
+The ``fabric-ca-server init`` command also generates a default configuration
+file named **fabric-ca-server-config.yaml** in the server's home directory.
 
 Algorithms and key sizes
 

diff --git a/lib/clientconfig.go b/lib/clientconfig.go
@@ -17,6 +17,7 @@ limitations under the License.
 package lib
 
 import (
+	"fmt"
 	"net/url"
 
 	"github.com/hyperledger/fabric-ca/api"
@@ -54,6 +55,14 @@ func (c *ClientConfig) Enroll(rawurl, home string) (*EnrollmentResponse, error)
 		c.Enrollment.Secret = secret
 		purl.User = nil
 	}
+	if c.Enrollment.Name == "" {
+		expecting := fmt.Sprintf(
+			"%s://<enrollmentID>:<secret>@%s",
+			purl.Scheme, purl.Host)
+		return nil, fmt.Errorf(
+			"The URL of the fabric CA server is missing the enrollment ID and secret;"+
+				" found '%s' but expecting '%s'", rawurl, expecting)
+	}
 	c.Enrollment.CAName = c.CAName
 	c.URL = purl.String()
 	c.TLS.Enabled = purl.Scheme == "https"