Enhancements for cryptogen

Added a few additional features and fixed
a minor bug

- corrected folder name for orderer orgs to use
captial "O" to be in line with naming convention used
elsewhere

- generate an admin user for each org and properly
populate the admincerts folder for the org MSP

- added new command line flag "-peerOrgUsers" which
will generate the specified number of users for each
peer organization

Prior to this change the root certificates generated
for each org's CA could not be use as TLS server certs.
This change adds the server auth useage extension to
those certs

Change-Id: I949d99468422c6cfd00f83f6faad9c572fc08a03
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>

common/tools/cryptogen/ca/generator.go

@@ -64,7 +64,7 @@ func NewCA(baseDir, name string) (*CA, error) {
 	//this is a CA
 	template.IsCA = true
 	template.KeyUsage |= x509.KeyUsageCertSign | x509.KeyUsageCRLSign
-	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny}
+	template.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageAny, x509.ExtKeyUsageServerAuth}
 
 	//set the organization for the subject
 	subject := subjectTemplate()

common/tools/cryptogen/main.go

@@ -18,6 +18,7 @@ package main
 import (
 	"flag"
 	"fmt"
+	"io"
 	"os"
 	"path/filepath"
 
@@ -28,8 +29,10 @@ import (
 const (
 	peerOrgBaseName  = "peerOrg"
 	peerBaseName     = "Peer"
+	userBaseName     = "User"
+	adminBaseName    = "Admin"
 	orderOrgBaseName = "ordererOrg"
-	ordererBaseName  = "orderer"
+	ordererBaseName  = "Orderer"
 )
 
 //command line flags
@@ -38,6 +41,8 @@ var (
 		"number of unique organizations with peers")
 	numPeers = flag.Int("peersPerOrg", 1,
 		"number of peers per organization")
+	numPeerOrgUsers = flag.Int("peerOrgUsers", 1,
+		"number of users per peer organization")
 	numOrderers = flag.Int("ordererNodes", 1,
 		"number of ordering service nodes")
 	baseDir = flag.String("baseDir", ".",
@@ -87,6 +92,8 @@ func generatePeerOrgs(baseDir string, orgNames []string) {
 		caDir := filepath.Join(orgDir, "ca")
 		mspDir := filepath.Join(orgDir, "msp")
 		peersDir := filepath.Join(orgDir, "peers")
+		usersDir := filepath.Join(orgDir, "users")
+		adminCertsDir := filepath.Join(mspDir, "admincerts")
 		rootCA, err := ca.NewCA(caDir, orgName)
 		if err != nil {
 			fmt.Printf("Error generating CA for org %s:\n%v\n", orgName, err)
@@ -106,9 +113,52 @@ func generatePeerOrgs(baseDir string, orgNames []string) {
 				orgName, peerBaseName, i))
 		}
 		generateNodes(peersDir, peerNames, rootCA)
+
+		// TODO: add ability to specify usernames
+		usernames := []string{}
+		for j := 1; j <= *numPeerOrgUsers; j++ {
+			usernames = append(usernames, fmt.Sprintf("%s%s%d",
+				orgName, userBaseName, j))
+		}
+		// add an admin user
+		usernames = append(usernames, fmt.Sprintf("%s%s",
+			orgName, adminBaseName))
+		generateNodes(usersDir, usernames, rootCA)
+
+		// copy the admin cert to the org's MSP admincerts
+		adminUserName := fmt.Sprintf("%s%s",
+			orgName, adminBaseName)
+		err = copyAdminCert(usersDir, adminCertsDir, adminUserName)
+		if err != nil {
+			fmt.Printf("Error copying admin cert for org %s:\n%v\n",
+				orgName, err)
+			os.Exit(1)
+		}
+
 	}
 }
 
+func copyAdminCert(usersDir, adminCertsDir, adminUserName string) error {
+	// delete the contents of admincerts
+	err := os.RemoveAll(adminCertsDir)
+	if err != nil {
+		return err
+	}
+	// recreate the admincerts directory
+	err = os.MkdirAll(adminCertsDir, 0755)
+	if err != nil {
+		return err
+	}
+	err = copyFile(filepath.Join(usersDir, adminUserName, "signcerts",
+		adminUserName+"-cert.pem"), filepath.Join(adminCertsDir,
+		adminUserName+"-cert.pem"))
+	if err != nil {
+		return err
+	}
+	return nil
+
+}
+
 func generateNodes(baseDir string, nodeNames []string, rootCA *ca.CA) {
 
 	for _, nodeName := range nodeNames {
@@ -129,6 +179,8 @@ func generateOrdererOrg(baseDir, orgName string) {
 	caDir := filepath.Join(orgDir, "ca")
 	mspDir := filepath.Join(orgDir, "msp")
 	orderersDir := filepath.Join(orgDir, "orderers")
+	usersDir := filepath.Join(orgDir, "users")
+	adminCertsDir := filepath.Join(mspDir, "admincerts")
 	rootCA, err := ca.NewCA(caDir, orgName)
 	if err != nil {
 		fmt.Printf("Error generating CA for org %s:\n%v\n", orgName, err)
@@ -149,4 +201,40 @@ func generateOrdererOrg(baseDir, orgName string) {
 	}
 	generateNodes(orderersDir, ordererNames, rootCA)
 
+	// generate an admin for the orderer org
+	usernames := []string{}
+	// add an admin user
+	usernames = append(usernames, fmt.Sprintf("%s%s",
+		orgName, adminBaseName))
+	generateNodes(usersDir, usernames, rootCA)
+
+	// copy the admin cert to the org's MSP admincerts
+	adminUserName := fmt.Sprintf("%s%s",
+		orgName, adminBaseName)
+	err = copyAdminCert(usersDir, adminCertsDir, adminUserName)
+	if err != nil {
+		fmt.Printf("Error copying admin cert for org %s:\n%v\n",
+			orgName, err)
+		os.Exit(1)
+	}
+
+}
+
+func copyFile(src, dst string) error {
+	in, err := os.Open(src)
+	if err != nil {
+		return err
+	}
+	defer in.Close()
+	out, err := os.Create(dst)
+	if err != nil {
+		return err
+	}
+	defer out.Close()
+	_, err = io.Copy(out, in)
+	cerr := out.Close()
+	if err != nil {
+		return err
+	}
+	return cerr
 }