[FAB-15951] Adding BCCSP in ConsenterCertificate

- Inserting BCCCSP crypto provider into ConsenterCertificate
structure for orderer/etcdraft.
- Rename BCCSP with CryptoProvider in both Chain and replicationInitiator.

Change-Id: Ic1ccb4f45b462fdee46b66cc4daf612131580237
Signed-off-by: Chongxin Luo <Chongxin.Luo@ibm.com>

Author: DereckLuo

orderer/common/server/main.go

@@ -338,7 +338,7 @@ func createReplicator(
 		conf:              conf,
 		lf:                ledgerFactory,
 		signer:            signer,
-		bccsp:             bccsp,
+		cryptoProvider:    bccsp,
 	}
 }
 

orderer/common/server/main_test.go

@@ -364,7 +364,7 @@ func TestInitializeMultiChainManager(t *testing.T) {
 		bootBlock := encoder.New(genesisconfig.Load(genesisconfig.SampleDevModeSoloProfile)).GenesisBlockForChannel("system")
 		initializeMultichannelRegistrar(
 			bootBlock,
-			&replicationInitiator{bccsp: cryptoProvider},
+			&replicationInitiator{cryptoProvider: cryptoProvider},
 			&cluster.PredicateDialer{},
 			comm.ServerConfig{},
 			nil,
@@ -444,7 +444,7 @@ func TestUpdateTrustedRoots(t *testing.T) {
 
 	initializeMultichannelRegistrar(
 		bootBlock,
-		&replicationInitiator{bccsp: cryptoProvider},
+		&replicationInitiator{cryptoProvider: cryptoProvider},
 		&cluster.PredicateDialer{},
 		comm.ServerConfig{},
 		nil,
@@ -495,7 +495,7 @@ func TestUpdateTrustedRoots(t *testing.T) {
 	}
 	initializeMultichannelRegistrar(
 		bootBlock,
-		&replicationInitiator{bccsp: cryptoProvider},
+		&replicationInitiator{cryptoProvider: cryptoProvider},
 		predDialer,
 		comm.ServerConfig{},
 		nil,
@@ -754,7 +754,7 @@ func TestInitializeEtcdraftConsenter(t *testing.T) {
 		&localconfig.TopLevel{},
 		rlf,
 		&cluster.PredicateDialer{},
-		genesisBlock, &replicationInitiator{bccsp: cryptoProvider},
+		genesisBlock, &replicationInitiator{cryptoProvider: cryptoProvider},
 		comm.ServerConfig{
 			SecOpts: comm.SecureOptions{
 				Certificate: crt.Cert,

orderer/common/server/onboarding.go

@@ -39,7 +39,7 @@ type replicationInitiator struct {
 	conf              *localconfig.TopLevel
 	lf                cluster.LedgerFactory
 	signer            identity.SignerSerializer
-	bccsp             bccsp.BCCSP
+	cryptoProvider    bccsp.BCCSP
 }
 
 func (ri *replicationInitiator) replicateIfNeeded(bootstrapBlock *common.Block) {
@@ -51,13 +51,17 @@ func (ri *replicationInitiator) replicateIfNeeded(bootstrapBlock *common.Block)
 }
 
 func (ri *replicationInitiator) createReplicator(bootstrapBlock *common.Block, filter func(string) bool) *cluster.Replicator {
-	consenterCert := etcdraft.ConsenterCertificate(ri.secOpts.Certificate)
+	consenterCert := &etcdraft.ConsenterCertificate{
+		ConsenterCertificate: ri.secOpts.Certificate,
+		CryptoProvider:       ri.cryptoProvider,
+	}
+
 	systemChannelName, err := protoutil.GetChainIDFromBlock(bootstrapBlock)
 	if err != nil {
 		ri.logger.Panicf("Failed extracting system channel name from bootstrap block: %v", err)
 	}
 	pullerConfig := cluster.PullerConfigFromTopLevelConfig(systemChannelName, ri.conf, ri.secOpts.Key, ri.secOpts.Certificate, ri.signer)
-	puller, err := cluster.BlockPullerFromConfigBlock(pullerConfig, bootstrapBlock, ri.verifierRetriever, ri.bccsp)
+	puller, err := cluster.BlockPullerFromConfigBlock(pullerConfig, bootstrapBlock, ri.verifierRetriever, ri.cryptoProvider)
 	if err != nil {
 		ri.logger.Panicf("Failed creating puller config from bootstrap block: %v", err)
 	}

orderer/common/server/onboarding_test.go

@@ -273,7 +273,7 @@ func TestOnboardingChannelUnavailable(t *testing.T) {
 		logger:            flogging.MustGetLogger("testOnboarding"),
 		conf:              config,
 		secOpts:           secConfig,
-		bccsp:             cryptoProvider,
+		cryptoProvider:    cryptoProvider,
 	}
 
 	type event struct {
@@ -694,9 +694,9 @@ func TestReplicate(t *testing.T) {
 				logger:            flogging.MustGetLogger("testReplicateIfNeeded"),
 				signer:            testCase.signer,
 
-				conf:    testCase.conf,
-				secOpts: testCase.secOpts,
-				bccsp:   cryptoProvider,
+				conf:           testCase.conf,
+				secOpts:        testCase.secOpts,
+				cryptoProvider: cryptoProvider,
 			}
 
 			if testCase.panicValue != "" {

orderer/consensus/etcdraft/chain.go

@@ -20,6 +20,7 @@ import (
 	"github.com/hyperledger/fabric-protos-go/orderer"
 	"github.com/hyperledger/fabric-protos-go/orderer/etcdraft"
 	"github.com/hyperledger/fabric/bccsp"
+	"github.com/hyperledger/fabric/bccsp/factory"
 	"github.com/hyperledger/fabric/common/flogging"
 	"github.com/hyperledger/fabric/orderer/common/cluster"
 	"github.com/hyperledger/fabric/orderer/consensus"
@@ -194,7 +195,7 @@ type Chain struct {
 	periodicChecker *PeriodicCheck
 
 	// BCCSP instane
-	BCCSP bccsp.BCCSP
+	CryptoProvider bccsp.BCCSP
 }
 
 // NewChain constructs a chain object.
@@ -274,8 +275,9 @@ func NewChain(
 			NormalProposalsReceived: opts.Metrics.NormalProposalsReceived.With("channel", support.ChannelID()),
 			ConfigProposalsReceived: opts.Metrics.ConfigProposalsReceived.With("channel", support.ChannelID()),
 		},
-		logger: lg,
-		opts:   opts,
+		logger:         lg,
+		opts:           opts,
+		CryptoProvider: factory.GetDefault(),
 	}
 
 	// Sets initial values for metrics
@@ -1318,8 +1320,13 @@ func (c *Chain) suspectEviction() bool {
 }
 
 func (c *Chain) newEvictionSuspector() *evictionSuspector {
+	consenterCertificate := &ConsenterCertificate{
+		ConsenterCertificate: c.opts.Cert,
+		CryptoProvider:       c.CryptoProvider,
+	}
+
 	return &evictionSuspector{
-		amIInChannel:               ConsenterCertificate(c.opts.Cert).IsConsenterOfChannel,
+		amIInChannel:               consenterCertificate.IsConsenterOfChannel,
 		evictionSuspicionThreshold: c.opts.EvictionSuspicion,
 		writeBlock:                 c.support.Append,
 		createPuller:               c.createPuller,

orderer/consensus/etcdraft/consenter_test.go

@@ -113,7 +113,7 @@ var _ = Describe("Consenter", func() {
 
 	When("the consenter is asked for a chain", func() {
 		cryptoProvider, _ := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore())
-		chainInstance := &etcdraft.Chain{}
+		chainInstance := &etcdraft.Chain{CryptoProvider: cryptoProvider}
 		cs := &multichannel.ChainSupport{
 			Chain: chainInstance,
 			BCCSP: cryptoProvider,

orderer/consensus/etcdraft/util.go

@@ -19,7 +19,7 @@ import (
 	"github.com/hyperledger/fabric-protos-go/common"
 	"github.com/hyperledger/fabric-protos-go/orderer"
 	"github.com/hyperledger/fabric-protos-go/orderer/etcdraft"
-	"github.com/hyperledger/fabric/bccsp/factory"
+	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/common/channelconfig"
 	"github.com/hyperledger/fabric/common/configtx"
 	"github.com/hyperledger/fabric/common/flogging"
@@ -266,7 +266,12 @@ func validateCert(pemData []byte, certRole string) error {
 }
 
 // ConsenterCertificate denotes a TLS certificate of a consenter
-type ConsenterCertificate []byte
+type ConsenterCertificate struct {
+	ConsenterCertificate []byte
+	CryptoProvider       bccsp.BCCSP
+}
+
+// type ConsenterCertificate []byte
 
 // IsConsenterOfChannel returns whether the caller is a consenter of a channel
 // by inspecting the given configuration block.
@@ -279,7 +284,7 @@ func (conCert ConsenterCertificate) IsConsenterOfChannel(configBlock *common.Blo
 	if err != nil {
 		return err
 	}
-	bundle, err := channelconfig.NewBundleFromEnvelope(envelopeConfig, factory.GetDefault())
+	bundle, err := channelconfig.NewBundleFromEnvelope(envelopeConfig, conCert.CryptoProvider)
 	if err != nil {
 		return err
 	}
@@ -293,7 +298,7 @@ func (conCert ConsenterCertificate) IsConsenterOfChannel(configBlock *common.Blo
 	}
 
 	for _, consenter := range m.Consenters {
-		if bytes.Equal(conCert, consenter.ServerTlsCert) || bytes.Equal(conCert, consenter.ClientTlsCert) {
+		if bytes.Equal(conCert.ConsenterCertificate, consenter.ServerTlsCert) || bytes.Equal(conCert.ConsenterCertificate, consenter.ClientTlsCert) {
 			return nil
 		}
 	}

orderer/consensus/etcdraft/util_test.go

@@ -18,6 +18,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric-protos-go/common"
 	etcdraftproto "github.com/hyperledger/fabric-protos-go/orderer/etcdraft"
+	"github.com/hyperledger/fabric/bccsp/sw"
 	"github.com/hyperledger/fabric/common/crypto/tlsgen"
 	"github.com/hyperledger/fabric/common/flogging"
 	"github.com/hyperledger/fabric/orderer/common/cluster"
@@ -95,7 +96,14 @@ func TestIsConsenterOfChannel(t *testing.T) {
 		},
 	} {
 		t.Run(testCase.name, func(t *testing.T) {
-			err := ConsenterCertificate(testCase.certificate).IsConsenterOfChannel(testCase.configBlock)
+			cryptoProvider, err := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore())
+			assert.NoError(t, err)
+
+			consenterCertificate := &ConsenterCertificate{
+				ConsenterCertificate: testCase.certificate,
+				CryptoProvider:       cryptoProvider,
+			}
+			err = consenterCertificate.IsConsenterOfChannel(testCase.configBlock)
 			if testCase.expectedError != "" {
 				assert.EqualError(t, err, testCase.expectedError)
 			} else {

orderer/consensus/etcdraft/validator_test.go

@@ -9,6 +9,7 @@ package etcdraft_test
 import (
 	"github.com/golang/protobuf/proto"
 	etcdraftproto "github.com/hyperledger/fabric-protos-go/orderer/etcdraft"
+	"github.com/hyperledger/fabric/bccsp/sw"
 	"github.com/hyperledger/fabric/common/crypto/tlsgen"
 	"github.com/hyperledger/fabric/orderer/consensus/etcdraft"
 	. "github.com/onsi/ginkgo"
@@ -21,7 +22,8 @@ var _ = Describe("Metadata Validation", func() {
 	)
 
 	BeforeEach(func() {
-		chain = &etcdraft.Chain{}
+		cryptoProvider, _ := sw.NewDefaultSecurityLevelWithKeystore(sw.NewDummyKeyStore())
+		chain = &etcdraft.Chain{CryptoProvider: cryptoProvider}
 		chain.ActiveNodes.Store([]uint64{})
 	})