[FAB-10279] fabric-ca client updates

- to resolve 'Error Code: 20 - Authorization failure'
in latest fabric-ca (devstable build)
- need fabric-ca latest image to test it


Change-Id: Ia87d571a9bdcf895ab770ed11e8766a3c4d80fd3
Signed-off-by: Sudesh Shetty <sudesh.shetty@securekey.com>

Makefile

@@ -64,7 +64,7 @@ FABRIC_DEV_REGISTRY_PRE_CMD ?= docker login -u docker -p docker nexus3.hyperledg
 
 # Upstream fabric patching (overridable)
 THIRDPARTY_FABRIC_CA_BRANCH ?= master
-THIRDPARTY_FABRIC_CA_COMMIT ?= v1.1.0
+THIRDPARTY_FABRIC_CA_COMMIT ?= 77dc5a6c072721e5e5c840391215c4146b72bef2
 THIRDPARTY_FABRIC_BRANCH    ?= master
 THIRDPARTY_FABRIC_COMMIT    ?= d78be9f4567d98e8c14542446a85ec5f8fcb5e5a
 

internal/github.com/hyperledger/fabric-ca/api/client.go

@@ -1,17 +1,7 @@
 /*
-Copyright IBM Corp. 2016 All Rights Reserved.
+Copyright IBM Corp. All Rights Reserved.
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-                 http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+SPDX-License-Identifier: Apache-2.0
 */
 /*
 Notice: This file has been modified for Hyperledger Fabric SDK Go usage.
@@ -67,17 +57,20 @@ type EnrollmentRequest struct {
 	Name string `json:"name" skip:"true"`
 	// The secret returned via Register
 	Secret string `json:"secret,omitempty" skip:"true" mask:"password"`
-	// Profile is the name of the signing profile to use in issuing the certificate
-	Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"`
-	// Label is the label to use in HSM operations
-	Label string `json:"label,omitempty" help:"Label to use in HSM operations"`
-	// CSR is Certificate Signing Request info
-	CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"`
 	// CAName is the name of the CA to connect to
 	CAName string `json:"caname,omitempty" skip:"true"`
 	// AttrReqs are requests for attributes to add to the certificate.
 	// Each attribute is added only if the requestor owns the attribute.
 	AttrReqs []*AttributeRequest `json:"attr_reqs,omitempty"`
+	// Profile is the name of the signing profile to use in issuing the X509 certificate
+	Profile string `json:"profile,omitempty" help:"Name of the signing profile to use in issuing the certificate"`
+	// Label is the label to use in HSM operations
+	Label string `json:"label,omitempty" help:"Label to use in HSM operations"`
+	// CSR is Certificate Signing Request info
+	CSR *CSRInfo `json:"csr,omitempty" help:"Certificate Signing Request info"`
+	// The type of the enrollment request: x509 or idemix
+	// The default is a request for an X509 enrollment certificate
+	Type string `def:"x509" help:"The type of enrollment request: 'x509' or 'idemix'"`
 }
 
 func (er EnrollmentRequest) String() string {
@@ -197,6 +190,17 @@ type GenCRLResponse struct {
 	CRL []byte
 }
 
+// GetCRIRequest is a request to send to server to get Idemix credential revocation information
+type GetCRIRequest struct {
+	CAName string `json:"caname,omitempty" skip:"true"`
+}
+
+// GetCRIResponse is the response from the server for get CRI request
+type GetCRIResponse struct {
+	// CRI is base64 encoded proto bytes of idemix.CredentialRevocationInformation
+	CRI string
+}
+
 // AddIdentityRequest represents the request to add a new identity to the
 // fabric-ca-server
 type AddIdentityRequest struct {
@@ -317,6 +321,33 @@ type CSRInfo struct {
 	SerialNumber string           `json:"serial_number,omitempty"`
 }
 
+// GetCertificatesRequest represents the request to get certificates from the server
+// per the enrollment ID and/or AKI and Serial. If neither ID or AKI/Serial are
+// provided all certificates are returned which are in or under the caller's affiliation.
+// By default all certificates are returned. However, only revoked and/or expired
+// certificates can be requested by providing a time range.
+type GetCertificatesRequest struct {
+	ID         string    `skip:"true"`                                    // Get certificates for this enrollment ID
+	AKI        string    `help:"Get certificates for this AKI"`           // Get certificate that matches this AKI
+	Serial     string    `help:"Get certificates for this serial number"` // Get certificate that matches this serial
+	Revoked    TimeRange `skip:"true"`                                    // Get certificates which were revoked between the specified time range
+	Expired    TimeRange `skip:"true"`                                    // Get certificates which expire between the specified time range
+	NotExpired bool      `help:"Don't return expired certificates"`       // Don't return expired certificates
+	NotRevoked bool      `help:"Don't return revoked certificates"`       // Don't return revoked certificates
+	CAName     string    `skip:"true"`                                    // Name of CA to send request to within the server
+}
+
+// CertificateResponse contains the response from Get or Delete certificate request.
+type CertificateResponse struct {
+	Certs []string `json:"certs"`
+}
+
+// TimeRange specifies a range of time
+type TimeRange struct {
+	StartTime string
+	EndTime   string
+}
+
 // BasicKeyRequest encapsulates size and algorithm for the key to be generated
 type BasicKeyRequest struct {
 	Algo string `json:"algo" yaml:"algo"`

internal/github.com/hyperledger/fabric-ca/api/net.go

@@ -99,6 +99,11 @@ type ModifyAffiliationRequestNet struct {
 	ModifyAffiliationRequest
 }
 
+// GetCertificatesRequestNet is a network request for getting certificates
+type GetCertificatesRequestNet struct {
+	GetCertificatesRequest
+}
+
 // KeySig is a public key, signature, and signature algorithm tuple
 type KeySig struct {
 	// Key is a public key