[FABG-973] Remove legacy CA auth token (#92)

Signed-off-by: Troy Ronda <troy@troyronda.com>

README.md

@@ -61,14 +61,6 @@ When the 'prev' code level is updated, the last tested fabric-sdk-go commit or t
 - fabric v1.1: f7ae259
 - fabric v1.0: 5ac5226
 
-### Auth Token payload compatibility between Fabric CA v1.4 and earlier releases
-Fabric CA v1.4 introduced a more secure Auth Token payload signing which requires a non compatible update.
-In order to maintain compatibility with Fabric CA v1.3, the CA client queries the server to fetch the version and 
-determine if compatibility with pre v1.4 is required.
-
-Once v1.3 is retired, the above client code logic will need to be removed as well. No change is required from the Go SDK users.
-
-
 ### Running the test suite
 
 Obtain the client SDK packages for Fabric and Fabric CA.

internal/github.com/hyperledger/fabric-ca/lib/client.go

@@ -612,13 +612,3 @@ func NormalizeURL(addr string) (*url.URL, error) {
 	}
 	return u, nil
 }
-
-// GetFabCAVersion is a utility function to fetch the Fabric CA version for this client
-// TODO remove the function below once Fabric CA v1.3 is not supported by the SDK anymore
-func (c *Client) GetFabCAVersion() (string, error) {
-	i, e := c.GetCAInfo(&api.GetCAInfoRequest{CAName: c.Config.CAName})
-	if e != nil {
-		return "", e
-	}
-	return i.Version, nil
-}

internal/github.com/hyperledger/fabric-ca/lib/client/credential/credential.go

@@ -36,7 +36,7 @@ type Credential interface {
 	Load() error
 	// CreateToken returns authorization token for the specified request with
 	// specified body
-	CreateToken(req *http.Request, reqBody []byte, fabCACompatibilityMode bool) (string, error)
+	CreateToken(req *http.Request, reqBody []byte) (string, error)
 	// Submits revoke request to the Fabric CA server to revoke this credential
 	RevokeSelf() (*api.RevocationResponse, error)
 }

internal/github.com/hyperledger/fabric-ca/lib/client/credential/x509/credential.go

@@ -108,8 +108,8 @@ func (cred *Credential) Store() error {
 }
 
 // CreateToken creates token based on this X509 credential
-func (cred *Credential) CreateToken(req *http.Request, reqBody []byte, fabCACompatibilityMode bool) (string, error) {
-	return util.CreateToken(cred.getCSP(), cred.val.certBytes, cred.val.key, req.Method, req.URL.RequestURI(), reqBody, fabCACompatibilityMode)
+func (cred *Credential) CreateToken(req *http.Request, reqBody []byte) (string, error) {
+	return util.CreateToken(cred.getCSP(), cred.val.certBytes, cred.val.key, req.Method, req.URL.RequestURI(), reqBody)
 }
 
 // RevokeSelf revokes this X509 credential

internal/github.com/hyperledger/fabric-ca/lib/identity.go

@@ -15,7 +15,6 @@ import (
 	"fmt"
 	"net/http"
 	"strconv"
-	"strings"
 
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/api"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/lib/client/credential"
@@ -430,18 +429,11 @@ func (i *Identity) Post(endpoint string, reqBody []byte, result interface{}, que
 }
 
 func (i *Identity) addTokenAuthHdr(req *http.Request, body []byte) error {
-	// TODO remove the below compatibility logic once Fabric CA v1.3 is not supported by the SDK anymore
-	caVer, e := i.client.GetFabCAVersion()
-	if e != nil {
-		return errors.WithMessage(e, "Failed to add token authorization header because client is unable to fetch the Fabric CA version")
-	}
-	compatibility := isCompatibleFabCA(caVer)
-
 	log.Debug("Adding token-based authorization header")
 	var token string
 	var err error
 	for _, cred := range i.creds {
-		token, err = cred.CreateToken(req, body, compatibility)
+		token, err = cred.CreateToken(req, body)
 		if err != nil {
 			return errors.WithMessage(err, "Failed to add token authorization header")
 		}
@@ -450,29 +442,3 @@ func (i *Identity) addTokenAuthHdr(req *http.Request, body []byte) error {
 	req.Header.Set("authorization", token)
 	return nil
 }
-
-// TODO remove the function below once Fabric CA v1.3 is not supported by the SDK anymore
-func isCompatibleFabCA(caVersion string) bool {
-	versions := strings.Split(caVersion, ".")
-	// 1.0-1.3 -> set Compatible CA to true, otherwise (1.4 and above) set false
-	if len(versions) > 1 {
-		majv, e := strconv.Atoi(versions[0])
-		if e != nil {
-			log.Debugf("Fabric CA version retrieval format returned error, will not use Compatible Fabric CA setup in the client: %s", e)
-			return false
-		}
-		if majv == 0 {
-			return true
-		}
-
-		minv, e := strconv.Atoi(versions[1])
-		if e != nil {
-			log.Debugf("Fabric CA version retrieval format returned error, will not use Compatible Fabric CA setup in the client: %s", e)
-			return false
-		}
-		if majv == 1 && minv < 4 {
-			return true
-		}
-	}
-	return false
-}

internal/github.com/hyperledger/fabric-ca/util/util.go

@@ -138,9 +138,8 @@ func Marshal(from interface{}, what string) ([]byte, error) {
 // @param method http method of the request
 // @param uri URI of the request
 // @param body The body of an HTTP request
-// @param fabCACompatibilityMode will set auth token signing for Fabric CA 1.3 (true) or Fabric 1.4+ (false)
 
-func CreateToken(csp core.CryptoSuite, cert []byte, key core.Key, method, uri string, body []byte, fabCACompatibilityMode bool) (string, error) {
+func CreateToken(csp core.CryptoSuite, cert []byte, key core.Key, method, uri string, body []byte) (string, error) {
 	x509Cert, err := GetX509CertificateFromPEM(cert)
 	if err != nil {
 		return "", err
@@ -151,7 +150,7 @@ func CreateToken(csp core.CryptoSuite, cert []byte, key core.Key, method, uri st
 
 	switch publicKey.(type) {
 	case *ecdsa.PublicKey:
-		token, err = GenECDSAToken(csp, cert, key, method, uri, body, fabCACompatibilityMode)
+		token, err = GenECDSAToken(csp, cert, key, method, uri, body)
 		if err != nil {
 			return "", err
 		}
@@ -160,17 +159,12 @@ func CreateToken(csp core.CryptoSuite, cert []byte, key core.Key, method, uri st
 }
 
 //GenECDSAToken signs the http body and cert with ECDSA using EC private key
-func GenECDSAToken(csp core.CryptoSuite, cert []byte, key core.Key, method, uri string, body []byte, fabCACompatibilityMode bool) (string, error) {
+func GenECDSAToken(csp core.CryptoSuite, cert []byte, key core.Key, method, uri string, body []byte) (string, error) {
 	b64body := B64Encode(body)
 	b64cert := B64Encode(cert)
 	b64uri := B64Encode([]byte(uri))
 	payload := method + "." + b64uri + "." + b64body + "." + b64cert
 
-	// TODO remove this condition once Fabric CA v1.3 is not supported by the SDK anymore
-	if fabCACompatibilityMode {
-		payload = b64body + "." + b64cert
-	}
-
 	return genECDSAToken(csp, key, b64cert, payload)
 }
 

test/fixtures/dockerenv/docker-compose.yaml

@@ -54,8 +54,6 @@ services:
       - FABRIC_CA_SERVER_TLS_CERTFILES
       - FABRIC_CA_SERVER_CFG_AFFILIATIONS_ALLOWREMOVE=true
       - FABRIC_CA_SERVER_CFG_IDENTITIES_ALLOWREMOVE=true
-      # TODO below env variable added to test Compatibility mode - remove when Fabric v1.3 is not supported anymore
-      - FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false
     #comment out logging.driver in order to render the debug logs
     logging:
       driver: none
@@ -85,8 +83,6 @@ services:
       - FABRIC_CA_SERVER_TLS_CERTFILES
       - FABRIC_CA_SERVER_CFG_AFFILIATIONS_ALLOWREMOVE=true
       - FABRIC_CA_SERVER_CFG_IDENTITIES_ALLOWREMOVE=true
-      # TODO below env variable added to test Compatibility mode - remove when Fabric v1.3 is not supported anymore
-      - FABRIC_CA_SERVER_COMPATIBILITY_MODE_V1_3=false
     #comment out logging.driver in order to render the debug logs
     logging:
       driver: none