[FAB-15900] Add pkcs11 section to orderer.yaml

As part of effort to add HSM docs and configuration to Fabric. Section is already in core.yaml and user would have to add manually Change-Id: I12b9c13c36ae5d7e9fcd91ef83f3b0942fde9f49 Signed-off-by: NIKHIL E GUPTA <negupta@us.ibm.com> Signed-off-by: Jason Yellick <jyellick@us.ibm.com>
hyperledger · Nov 21, 2019 · ecec58b · ecec58b
1 parent fc53b9d
commit ecec58b
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/common/viperutil/config_util.go b/common/viperutil/config_util.go
@@ -20,6 +20,7 @@ import (
 
 	"github.com/Shopify/sarama"
 	version "github.com/hashicorp/go-version"
+	"github.com/hyperledger/fabric/bccsp/factory"
 	"github.com/hyperledger/fabric/common/flogging"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
@@ -305,6 +306,21 @@ func kafkaVersionDecodeHook() mapstructure.DecodeHookFunc {
 	}
 }
 
+func bccspHook(f reflect.Type, t reflect.Type, data interface{}) (interface{}, error) {
+	if t != reflect.TypeOf(&factory.FactoryOpts{}) {
+		return data, nil
+	}
+
+	config := factory.GetDefaultOpts()
+
+	err := mapstructure.Decode(data, config)
+	if err != nil {
+		return nil, errors.Wrap(err, "could not decode bcssp type")
+	}
+
+	return config, nil
+}
+
 // EnhancedExactUnmarshal is intended to unmarshal a config file into a structure
 // producing error when extraneous variables are introduced and supporting
 // the time.Duration type
@@ -330,6 +346,7 @@ func EnhancedExactUnmarshal(v *viper.Viper, output interface{}) error {
 		Result:           output,
 		WeaklyTypedInput: true,
 		DecodeHook: mapstructure.ComposeDecodeHookFunc(
+			bccspHook,
 			customDecodeHook(),
 			byteSizeDecodeHook(),
 			stringFromFileDecodeHook(),

diff --git a/sampleconfig/orderer.yaml b/sampleconfig/orderer.yaml
@@ -124,13 +124,27 @@ General:
             FileKeyStore:
                 KeyStore:
 
+        # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
+        PKCS11:
+            # Location of the PKCS11 module library
+            Library:
+            # Token Label
+            Label:
+            # User PIN
+            Pin:
+            Hash:
+            Security:
+            FileKeyStore:
+                KeyStore:
+
     # Authentication contains configuration parameters related to authenticating
     # client messages
     Authentication:
         # the acceptable difference between the current server time and the
         # client's time as specified in a client request message
         TimeWindow: 15m
 
+
 ################################################################################
 #
 #   SECTION: File Ledger