Skip to content

Commit

Permalink
Enable to bypass gossip security identity checks
Browse files Browse the repository at this point in the history
In order to enable peer to connect to the organization leaders
using same certificate adding a new configuration key which
allows bypassing identity verification.

Following parameter has to be added to the list of env variables
or core.yaml:

 - CORE_PEER_GOSSIP_IGNORESECURITY=true

Change-Id: I2cc18f290f1d36ad3900fe3ded4997fbc3d885c5
Signed-off-by: Artem Barger <bartem@il.ibm.com>
  • Loading branch information
C0rWin committed Jan 31, 2017
1 parent 0c2dff7 commit c7b3fe0
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 0 deletions.
41 changes: 41 additions & 0 deletions gossip/integration/integration.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,12 @@ import (
"strings"
"time"

"github.com/hyperledger/fabric/gossip/api"
"github.com/hyperledger/fabric/gossip/common"
"github.com/hyperledger/fabric/gossip/gossip"
"github.com/hyperledger/fabric/peer/gossip/mcs"
"github.com/hyperledger/fabric/peer/gossip/sa"
"github.com/spf13/viper"
"google.golang.org/grpc"
)

Expand Down Expand Up @@ -58,5 +61,43 @@ func NewGossipComponent(identity []byte, endpoint string, s *grpc.Server, dialOp
conf := newConfig(endpoint, bootPeers...)
cryptSvc := mcs.NewMessageCryptoService()
secAdv := sa.NewSecurityAdvisor()
if viper.GetBool("peer.gossip.ignoresecurity") {
sec := &secImpl{[]byte(endpoint)}
cryptSvc = sec
secAdv = sec
identity = []byte(endpoint)
}
return gossip.NewGossipService(conf, s, secAdv, cryptSvc, identity, dialOpts...)
}

type secImpl struct {
identity []byte
}

func (*secImpl) OrgByPeerIdentity(api.PeerIdentityType) api.OrgIdentityType {
return api.OrgIdentityType("DEFAULT")
}

func (s *secImpl) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType {
return common.PKIidType(peerIdentity)
}

func (s *secImpl) VerifyBlock(chainID common.ChainID, signedBlock api.SignedBlock) error {
return nil
}

func (s *secImpl) Sign(msg []byte) ([]byte, error) {
return msg, nil
}

func (s *secImpl) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
return nil
}

func (s *secImpl) VerifyByChannel(chainID common.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error {
return nil
}

func (s *secImpl) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
return nil
}
6 changes: 6 additions & 0 deletions peer/common/anchors.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (

"github.com/hyperledger/fabric/msp"
"github.com/hyperledger/fabric/protos/peer"
"github.com/spf13/viper"
)

type AnchorPeerParser struct {
Expand Down Expand Up @@ -126,6 +127,11 @@ func anchorPeerFromFile(filename string) (*peer.AnchorPeer, error) {
Port: int32(port),
Cert: identity,
}

if viper.GetBool("peer.gossip.ignoresecurity") {
ap.Cert = []byte(fmt.Sprintf("%s:%d", ap.Host, ap.Port))
}

return ap, nil
}

Expand Down

0 comments on commit c7b3fe0

Please sign in to comment.