[FAB-8846] Improved key and cert management

Added ability to configure the SDK with custom user and key
store.

For demostration, see pkg/test/integration/msp/user_data_mgmt_test.go

//
// NOTE: BCCSP SW implementation currently doesn't allow
// writting private keys out. The file store used internally
// by BCCSP has access to provate parts that are not available
// outside of BCCSP at the moment. Fot this reason, our
// example custom kay store will just hold the keys in memory.
//

Change-Id: I577d12e2fc138271b933e30f7dbe55fa16b96987
Signed-off-by: Aleksandar Likic <aleksandar.likic@securekey.com>

pkg/client/msp/msp.go

@@ -4,7 +4,6 @@ Copyright SecureKey Technologies Inc. All Rights Reserved.
 SPDX-License-Identifier: Apache-2.0
 */
 
-// Package ca enables access to CA services.
 package msp
 
 import (
@@ -37,6 +36,7 @@ func WithOrg(orgName string) Option {
 	}
 }
 
+// New creates a new MSP instance
 func New(clientProvider context.ClientProvider, opts ...Option) (*MSP, error) {
 
 	ctx, err := clientProvider()
@@ -72,7 +72,7 @@ func newCAClient(ctx context.Client, orgName string) (mspapi.CAClient, error) {
 	if !ok {
 		return nil, fmt.Errorf("identity manager not found for organization '%s", orgName)
 	}
-	caClient, err := msp.NewCAClient(orgName, identityManager, ctx.StateStore(), ctx.CryptoSuite(), ctx.Config())
+	caClient, err := msp.NewCAClient(orgName, identityManager, ctx.UserStore(), ctx.CryptoSuite(), ctx.Config())
 	if err != nil {
 		return nil, errors.WithMessage(err, "failed to create CA MSP")
 	}

pkg/context/api/core/provider.go

@@ -100,7 +100,6 @@ const (
 // Providers represents the SDK configured core providers context.
 type Providers interface {
 	CryptoSuite() CryptoSuite
-	StateStore() KVStore
 	Config() Config
 	SigningManager() SigningManager
 }

pkg/context/api/msp/provider.go

@@ -16,6 +16,7 @@ type Context interface {
 
 // Provider provides MSP services
 type Provider interface {
+	UserStore() UserStore
 	IdentityManager(orgName string) (IdentityManager, bool)
 }
 

pkg/context/api/msp/user.go

@@ -48,8 +48,8 @@ type UserData struct {
 
 // UserStore is responsible for UserData persistence
 type UserStore interface {
-	Store(UserData) error
-	Load(UserIdentifier) (UserData, error)
+	Store(*UserData) error
+	Load(UserIdentifier) (*UserData, error)
 }
 
 // UserIdentifier is the User's unique identifier

pkg/context/context.go

@@ -60,7 +60,7 @@ func (c *Channel) ChannelID() string {
 //Provider implementation for Providers interface
 type Provider struct {
 	config            core.Config
-	stateStore        core.KVStore
+	userStore         msp.UserStore
 	cryptoSuite       core.CryptoSuite
 	discoveryProvider fab.DiscoveryProvider
 	selectionProvider fab.SelectionProvider
@@ -90,9 +90,9 @@ func (c *Provider) SigningManager() core.SigningManager {
 	return c.signingManager
 }
 
-// StateStore returns state store
-func (c *Provider) StateStore() core.KVStore {
-	return c.stateStore
+// UserStore returns state store
+func (c *Provider) UserStore() msp.UserStore {
+	return c.userStore
 }
 
 // DiscoveryProvider returns discovery provider
@@ -125,10 +125,10 @@ func WithConfig(config core.Config) SDKContextParams {
 	}
 }
 
-//WithStateStore sets state store to FabContext
-func WithStateStore(stateStore core.KVStore) SDKContextParams {
+// WithUserStore sets user store to FabContext
+func WithUserStore(userStore msp.UserStore) SDKContextParams {
 	return func(ctx *Provider) {
-		ctx.stateStore = stateStore
+		ctx.userStore = userStore
 	}
 }
 

pkg/core/cryptosuite/bccsp/sw/cryptosuiteimpl.go

@@ -9,6 +9,7 @@ package sw
 import (
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp"
 	bccspSw "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/factory/sw"
+	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/sw"
 	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/core"
 	"github.com/hyperledger/fabric-sdk-go/pkg/core/cryptosuite/bccsp/wrapper"
 	"github.com/hyperledger/fabric-sdk-go/pkg/logging"
@@ -53,6 +54,16 @@ func getBCCSPFromOpts(config *bccspSw.SwOpts) (bccsp.BCCSP, error) {
 	return csp, nil
 }
 
+// GetSuite returns a new instance of the software-based BCCSP
+// set at the passed security level, hash family and KeyStore.
+func GetSuite(securityLevel int, hashFamily string, keyStore bccsp.KeyStore) (core.CryptoSuite, error) {
+	bccsp, err := sw.New(securityLevel, hashFamily, keyStore)
+	if err != nil {
+		return nil, err
+	}
+	return wrapper.NewCryptoSuite(bccsp), nil
+}
+
 //GetOptsByConfig Returns Factory opts for given SDK config
 func getOptsByConfig(c core.Config) *bccspSw.SwOpts {
 	opts := &bccspSw.SwOpts{

pkg/core/mocks/mockcorecontext.go

@@ -8,13 +8,14 @@ package mocks
 
 import (
 	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/core"
+	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/msp"
 )
 
 // MockCoreContext is a mock core context
 type MockCoreContext struct {
 	MockConfig         core.Config
 	MockCcryptoSuite   core.CryptoSuite
-	MockStateStore     core.KVStore
+	MockUserStore      msp.UserStore
 	MockSigningManager core.SigningManager
 }
 
@@ -28,9 +29,9 @@ func (m *MockCoreContext) CryptoSuite() core.CryptoSuite {
 	return m.MockCcryptoSuite
 }
 
-// StateStore ...
-func (m *MockCoreContext) StateStore() core.KVStore {
-	return m.MockStateStore
+// UserStore ...
+func (m *MockCoreContext) UserStore() msp.UserStore {
+	return m.MockUserStore
 }
 
 // SigningManager ...

pkg/fab/mocks/mockconfig.go

@@ -187,12 +187,12 @@ func (c *MockConfig) RandomOrdererConfig() (*config.OrdererConfig, error) {
 	return nil, nil
 }
 
-//SetCustomOrdererCfg sets custom orderer config for unit-tests
+//SetCustomNetworkPeerCfg sets custom orderer config for unit-tests
 func (c *MockConfig) SetCustomNetworkPeerCfg(customNetworkPeerCfg []config.NetworkPeer) {
 	c.customNetworkPeerCfg = customNetworkPeerCfg
 }
 
-//SetCustomOrdererCfg sets custom orderer config for unit-tests
+//SetCustomPeerCfg sets custom orderer config for unit-tests
 func (c *MockConfig) SetCustomPeerCfg(customPeerCfg *config.PeerConfig) {
 	c.customPeerCfg = customPeerCfg
 }

pkg/fab/mocks/mockcontext.go

@@ -17,6 +17,7 @@ import (
 	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/fab"
 	"github.com/hyperledger/fabric-sdk-go/pkg/context/api/msp"
 	"github.com/hyperledger/fabric-sdk-go/pkg/core/mocks"
+	mspmocks "github.com/hyperledger/fabric-sdk-go/pkg/msp/mocks"
 
 	"strings"
 )
@@ -26,7 +27,7 @@ type MockProviderContext struct {
 	config            config.Config
 	cryptoSuite       core.CryptoSuite
 	signingManager    core.SigningManager
-	stateStore        core.KVStore
+	userStore         msp.UserStore
 	identityManager   map[string]msp.IdentityManager
 	discoveryProvider fab.DiscoveryProvider
 	selectionProvider fab.SelectionProvider
@@ -44,7 +45,7 @@ func NewMockProviderContext() *MockProviderContext {
 		config:            NewMockConfig(),
 		signingManager:    mocks.NewMockSigningManager(),
 		cryptoSuite:       &MockCryptoSuite{},
-		stateStore:        &MockStateStore{},
+		userStore:         &mspmocks.MockUserStore{},
 		identityManager:   im,
 		discoveryProvider: &MockStaticDiscoveryProvider{},
 		selectionProvider: &MockSelectionProvider{},
@@ -55,12 +56,12 @@ func NewMockProviderContext() *MockProviderContext {
 }
 
 // NewMockProviderContextCustom creates a MockProviderContext consisting of the arguments
-func NewMockProviderContextCustom(config config.Config, cryptoSuite core.CryptoSuite, signer core.SigningManager, stateStore core.KVStore, identityManager map[string]msp.IdentityManager) *MockProviderContext {
+func NewMockProviderContextCustom(config config.Config, cryptoSuite core.CryptoSuite, signer core.SigningManager, userStore msp.UserStore, identityManager map[string]msp.IdentityManager) *MockProviderContext {
 	context := MockProviderContext{
 		config:          config,
 		signingManager:  signer,
 		cryptoSuite:     cryptoSuite,
-		stateStore:      stateStore,
+		userStore:       userStore,
 		identityManager: identityManager,
 	}
 	return &context
@@ -86,9 +87,9 @@ func (pc *MockProviderContext) SigningManager() core.SigningManager {
 	return pc.signingManager
 }
 
-// StateStore returns the mock state store
-func (pc *MockProviderContext) StateStore() core.KVStore {
-	return pc.stateStore
+// UserStore returns the mock usser store
+func (pc *MockProviderContext) UserStore() msp.UserStore {
+	return pc.userStore
 }
 
 // IdentityManager returns the identity manager

pkg/fabsdk/api/factory.go

@@ -21,15 +21,15 @@ type Providers interface {
 
 // CoreProviderFactory allows overriding of primitives and the fabric core object provider
 type CoreProviderFactory interface {
-	CreateStateStoreProvider(config core.Config) (core.KVStore, error)
 	CreateCryptoSuiteProvider(config core.Config) (core.CryptoSuite, error)
 	CreateSigningManager(cryptoProvider core.CryptoSuite, config core.Config) (core.SigningManager, error)
 	CreateInfraProvider(config core.Config) (fab.InfraProvider, error)
 }
 
 // MSPProviderFactory allows overriding providers of MSP services
 type MSPProviderFactory interface {
-	CreateProvider(config core.Config, cryptoProvider core.CryptoSuite, stateStore core.KVStore) (msp.Provider, error)
+	CreateUserStore(config core.Config) (msp.UserStore, error)
+	CreateProvider(config core.Config, cryptoProvider core.CryptoSuite, userStore msp.UserStore) (msp.Provider, error)
 }
 
 // ServiceProviderFactory allows overriding default service providers (such as peer discovery)

pkg/fabsdk/context.go

@@ -45,6 +45,8 @@ func WithOrg(org string) ContextOption {
 	}
 }
 
+// ErrAnonymousIdentity is returned when options for identity creation
+// don't include neither username nor identity
 var ErrAnonymousIdentity = errors.New("missing credentials")
 
 func (sdk *FabricSDK) newIdentity(options ...ContextOption) (msp.Identity, error) {

pkg/fabsdk/defpkgsuite_test.go

@@ -19,6 +19,14 @@ func TestNewPkgSuite(t *testing.T) {
 		t.Fatalf("Core is nil")
 	}
 
+	msp, err := pkgsuite.MSP()
+	if err != nil {
+		t.Fatalf("Unexpected error getting default MSP factory")
+	}
+	if msp == nil {
+		t.Fatalf("MSP is nil")
+	}
+
 	service, err := pkgsuite.Service()
 	if err != nil {
 		t.Fatalf("Unexpected error getting default service factory")