-
Notifications
You must be signed in to change notification settings - Fork 3.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Read first client cert from cert directory
Allow client applications to work regardless of whether network was creating using a CA or cryptogen since they create different client certificate file names. Signed-off-by: Mark S. Lewis <[email protected]>
- Loading branch information
1 parent
db86460
commit 983c46b
Showing
11 changed files
with
146 additions
and
96 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,8 +28,8 @@ import ( | |
| const ( | ||
| mspID = "Org1MSP" | ||
| cryptoPath = "../../test-network/organizations/peerOrganizations/org1.example.com" | ||
| certPath = cryptoPath + "/users/[email protected]/msp/signcerts/cert.pem" | ||
| keyPath = cryptoPath + "/users/[email protected]/msp/keystore/" | ||
| certPath = cryptoPath + "/users/[email protected]/msp/signcerts" | ||
| keyPath = cryptoPath + "/users/[email protected]/msp/keystore" | ||
| tlsCertPath = cryptoPath + "/peers/peer0.org1.example.com/tls/ca.crt" | ||
| peerEndpoint = "localhost:7051" | ||
| gatewayPeer = "peer0.org1.example.com" | ||
|
|
@@ -86,7 +86,12 @@ func main() { | |
|
|
||
| // newGrpcConnection creates a gRPC connection to the Gateway server. | ||
| func newGrpcConnection() *grpc.ClientConn { | ||
| certificate, err := loadCertificate(tlsCertPath) | ||
| certificatePEM, err := os.ReadFile(tlsCertPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read TLS certifcate file: %w", err)) | ||
| } | ||
|
|
||
| certificate, err := identity.CertificateFromPEM(certificatePEM) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
@@ -105,7 +110,12 @@ func newGrpcConnection() *grpc.ClientConn { | |
|
|
||
| // newIdentity creates a client identity for this Gateway connection using an X.509 certificate. | ||
| func newIdentity() *identity.X509Identity { | ||
| certificate, err := loadCertificate(certPath) | ||
| certificatePEM, err := readFirstFile(certPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read certificate file: %w", err)) | ||
| } | ||
|
|
||
| certificate, err := identity.CertificateFromPEM(certificatePEM) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
@@ -118,22 +128,9 @@ func newIdentity() *identity.X509Identity { | |
| return id | ||
| } | ||
|
|
||
| func loadCertificate(filename string) (*x509.Certificate, error) { | ||
| certificatePEM, err := os.ReadFile(filename) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to read certificate file: %w", err) | ||
| } | ||
| return identity.CertificateFromPEM(certificatePEM) | ||
| } | ||
|
|
||
| // newSign creates a function that generates a digital signature from a message digest using a private key. | ||
| func newSign() identity.Sign { | ||
| files, err := os.ReadDir(keyPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read private key directory: %w", err)) | ||
| } | ||
| privateKeyPEM, err := os.ReadFile(path.Join(keyPath, files[0].Name())) | ||
|
|
||
| privateKeyPEM, err := readFirstFile(keyPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read private key file: %w", err)) | ||
| } | ||
|
|
@@ -151,6 +148,20 @@ func newSign() identity.Sign { | |
| return sign | ||
| } | ||
|
|
||
| func readFirstFile(dirPath string) ([]byte, error) { | ||
| dir, err := os.Open(dirPath) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| fileNames, err := dir.Readdirnames(1) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| return os.ReadFile(path.Join(dirPath, fileNames[0])) | ||
| } | ||
|
|
||
| // This type of transaction would typically only be run once by an application the first time it was started after its | ||
| // initial deployment. A new version of the chaincode deployed later would likely not need to run an "init" function. | ||
| func initLedger(contract *client.Contract) { | ||
|
|
@@ -235,20 +246,24 @@ func exampleErrorHandling(contract *client.Contract) { | |
|
|
||
| fmt.Println("*** Successfully caught the error:") | ||
|
|
||
| switch err := err.(type) { | ||
| case *client.EndorseError: | ||
| fmt.Printf("Endorse error for transaction %s with gRPC status %v: %s\n", err.TransactionID, status.Code(err), err) | ||
| case *client.SubmitError: | ||
| fmt.Printf("Submit error for transaction %s with gRPC status %v: %s\n", err.TransactionID, status.Code(err), err) | ||
| case *client.CommitStatusError: | ||
| var endorseErr *client.EndorseError | ||
| var submitErr *client.SubmitError | ||
| var commitStatusErr *client.CommitStatusError | ||
| var commitErr *client.CommitError | ||
|
|
||
| if errors.As(err, &endorseErr) { | ||
| fmt.Printf("Endorse error for transaction %s with gRPC status %v: %s\n", endorseErr.TransactionID, status.Code(endorseErr), endorseErr) | ||
| } else if errors.As(err, &submitErr) { | ||
| fmt.Printf("Submit error for transaction %s with gRPC status %v: %s\n", submitErr.TransactionID, status.Code(submitErr), submitErr) | ||
| } else if errors.As(err, &commitStatusErr) { | ||
| if errors.Is(err, context.DeadlineExceeded) { | ||
| fmt.Printf("Timeout waiting for transaction %s commit status: %s", err.TransactionID, err) | ||
| fmt.Printf("Timeout waiting for transaction %s commit status: %s", commitStatusErr.TransactionID, commitStatusErr) | ||
| } else { | ||
| fmt.Printf("Error obtaining commit status for transaction %s with gRPC status %v: %s\n", err.TransactionID, status.Code(err), err) | ||
| fmt.Printf("Error obtaining commit status for transaction %s with gRPC status %v: %s\n", commitStatusErr.TransactionID, status.Code(commitStatusErr), commitStatusErr) | ||
| } | ||
| case *client.CommitError: | ||
| fmt.Printf("Transaction %s failed to commit with status %d: %s\n", err.TransactionID, int32(err.Code), err) | ||
| default: | ||
| } else if errors.As(err, &commitErr) { | ||
| fmt.Printf("Transaction %s failed to commit with status %d: %s\n", commitErr.TransactionID, int32(commitErr.Code), err) | ||
| } else { | ||
| panic(fmt.Errorf("unexpected error type %T: %w", err, err)) | ||
| } | ||
|
|
||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -41,7 +41,7 @@ public final class App { | |
| // Path to crypto materials. | ||
| private static final Path CRYPTO_PATH = Paths.get("../../test-network/organizations/peerOrganizations/org1.example.com"); | ||
| // Path to user certificate. | ||
| private static final Path CERT_PATH = CRYPTO_PATH.resolve(Paths.get("users/[email protected]/msp/signcerts/cert.pem")); | ||
| private static final Path CERT_DIR_PATH = CRYPTO_PATH.resolve(Paths.get("users/[email protected]/msp/signcerts")); | ||
| // Path to user private key directory. | ||
| private static final Path KEY_DIR_PATH = CRYPTO_PATH.resolve(Paths.get("users/[email protected]/msp/keystore")); | ||
| // Path to peer tls certificate. | ||
|
|
@@ -84,21 +84,21 @@ private static ManagedChannel newGrpcConnection() throws IOException { | |
| } | ||
|
|
||
| private static Identity newIdentity() throws IOException, CertificateException { | ||
| var certReader = Files.newBufferedReader(CERT_PATH); | ||
| var certificate = Identities.readX509Certificate(certReader); | ||
|
|
||
| return new X509Identity(MSP_ID, certificate); | ||
| try (var certReader = Files.newBufferedReader(getFirstFilePath(CERT_DIR_PATH))) { | ||
| var certificate = Identities.readX509Certificate(certReader); | ||
| return new X509Identity(MSP_ID, certificate); | ||
| } | ||
| } | ||
|
|
||
| private static Signer newSigner() throws IOException, InvalidKeyException { | ||
| var keyReader = Files.newBufferedReader(getPrivateKeyPath()); | ||
| var privateKey = Identities.readPrivateKey(keyReader); | ||
|
|
||
| return Signers.newPrivateKeySigner(privateKey); | ||
| try (var keyReader = Files.newBufferedReader(getFirstFilePath(KEY_DIR_PATH))) { | ||
| var privateKey = Identities.readPrivateKey(keyReader); | ||
| return Signers.newPrivateKeySigner(privateKey); | ||
| } | ||
| } | ||
|
|
||
| private static Path getPrivateKeyPath() throws IOException { | ||
| try (var keyFiles = Files.list(KEY_DIR_PATH)) { | ||
| private static Path getFirstFilePath(Path dirPath) throws IOException { | ||
| try (var keyFiles = Files.list(dirPath)) { | ||
| return keyFiles.findFirst().orElseThrow(); | ||
| } | ||
| } | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,8 +21,8 @@ const cryptoPath = envOrDefault('CRYPTO_PATH', path.resolve(__dirname, '..', '.. | |
| // Path to user private key directory. | ||
| const keyDirectoryPath = envOrDefault('KEY_DIRECTORY_PATH', path.resolve(cryptoPath, 'users', '[email protected]', 'msp', 'keystore')); | ||
|
|
||
| // Path to user certificate. | ||
| const certPath = envOrDefault('CERT_PATH', path.resolve(cryptoPath, 'users', '[email protected]', 'msp', 'signcerts', 'cert.pem')); | ||
| // Path to user certificate directory. | ||
| const certDirectoryPath = envOrDefault('CERT_DIRECTORY_PATH', path.resolve(cryptoPath, 'users', '[email protected]', 'msp', 'signcerts')); | ||
|
|
||
| // Path to peer tls certificate. | ||
| const tlsCertPath = envOrDefault('TLS_CERT_PATH', path.resolve(cryptoPath, 'peers', 'peer0.org1.example.com', 'tls', 'ca.crt')); | ||
|
|
@@ -106,13 +106,18 @@ async function newGrpcConnection(): Promise<grpc.Client> { | |
| } | ||
|
|
||
| async function newIdentity(): Promise<Identity> { | ||
| const certPath = await getFirstDirFileName(certDirectoryPath); | ||
| const credentials = await fs.readFile(certPath); | ||
| return { mspId, credentials }; | ||
| } | ||
|
|
||
| async function getFirstDirFileName(dirPath: string): Promise<string> { | ||
| const files = await fs.readdir(dirPath); | ||
| return path.join(dirPath, files[0]); | ||
| } | ||
|
|
||
| async function newSigner(): Promise<Signer> { | ||
| const files = await fs.readdir(keyDirectoryPath); | ||
| const keyPath = path.resolve(keyDirectoryPath, files[0]); | ||
| const keyPath = await getFirstDirFileName(keyDirectoryPath); | ||
| const privateKeyPem = await fs.readFile(keyPath); | ||
| const privateKey = crypto.createPrivateKey(privateKeyPem); | ||
| return signers.newPrivateKeySigner(privateKey); | ||
|
|
@@ -231,7 +236,7 @@ async function displayInputParameters(): Promise<void> { | |
| console.log(`mspId: ${mspId}`); | ||
| console.log(`cryptoPath: ${cryptoPath}`); | ||
| console.log(`keyDirectoryPath: ${keyDirectoryPath}`); | ||
| console.log(`certPath: ${certPath}`); | ||
| console.log(`certDirectoryPath: ${certDirectoryPath}`); | ||
| console.log(`tlsCertPath: ${tlsCertPath}`); | ||
| console.log(`peerEndpoint: ${peerEndpoint}`); | ||
| console.log(`peerHostAlias: ${peerHostAlias}`); | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -20,16 +20,21 @@ import ( | |
| const ( | ||
| mspID = "Org1MSP" | ||
| cryptoPath = "../../test-network/organizations/peerOrganizations/org1.example.com" | ||
| certPath = cryptoPath + "/users/[email protected]/msp/signcerts/cert.pem" | ||
| keyPath = cryptoPath + "/users/[email protected]/msp/keystore/" | ||
| certPath = cryptoPath + "/users/[email protected]/msp/signcerts" | ||
| keyPath = cryptoPath + "/users/[email protected]/msp/keystore" | ||
| tlsCertPath = cryptoPath + "/peers/peer0.org1.example.com/tls/ca.crt" | ||
| peerEndpoint = "localhost:7051" | ||
| gatewayPeer = "peer0.org1.example.com" | ||
| ) | ||
|
|
||
| // newGrpcConnection creates a gRPC connection to the Gateway server. | ||
| func newGrpcConnection() *grpc.ClientConn { | ||
| certificate, err := loadCertificate(tlsCertPath) | ||
| certificatePEM, err := os.ReadFile(tlsCertPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read TLS certifcate file: %w", err)) | ||
| } | ||
|
|
||
| certificate, err := identity.CertificateFromPEM(certificatePEM) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
@@ -48,7 +53,12 @@ func newGrpcConnection() *grpc.ClientConn { | |
|
|
||
| // newIdentity creates a client identity for this Gateway connection using an X.509 certificate. | ||
| func newIdentity() *identity.X509Identity { | ||
| certificate, err := loadCertificate(certPath) | ||
| certificatePEM, err := readFirstFile(certPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read certificate file: %w", err)) | ||
| } | ||
|
|
||
| certificate, err := identity.CertificateFromPEM(certificatePEM) | ||
| if err != nil { | ||
| panic(err) | ||
| } | ||
|
|
@@ -71,12 +81,7 @@ func loadCertificate(filename string) (*x509.Certificate, error) { | |
|
|
||
| // newSign creates a function that generates a digital signature from a message digest using a private key. | ||
| func newSign() identity.Sign { | ||
| files, err := os.ReadDir(keyPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read private key directory: %w", err)) | ||
| } | ||
| privateKeyPEM, err := os.ReadFile(path.Join(keyPath, files[0].Name())) | ||
|
|
||
| privateKeyPEM, err := readFirstFile(keyPath) | ||
| if err != nil { | ||
| panic(fmt.Errorf("failed to read private key file: %w", err)) | ||
| } | ||
|
|
@@ -93,3 +98,17 @@ func newSign() identity.Sign { | |
|
|
||
| return sign | ||
| } | ||
|
|
||
| func readFirstFile(dirPath string) ([]byte, error) { | ||
| dir, err := os.Open(dirPath) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| fileNames, err := dir.Readdirnames(1) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| return os.ReadFile(path.Join(dirPath, fileNames[0])) | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,7 +24,7 @@ public final class Connections { | |
| // Path to crypto materials. | ||
| private static final Path cryptoPath = Paths.get("..", "..", "test-network", "organizations", "peerOrganizations", "org1.example.com"); | ||
| // Path to user certificate. | ||
| private static final Path certPath = cryptoPath.resolve(Paths.get("users", "[email protected]", "msp", "signcerts", "cert.pem")); | ||
| private static final Path certDirPath = cryptoPath.resolve(Paths.get("users", "[email protected]", "msp", "signcerts")); | ||
| // Path to user private key directory. | ||
| private static final Path keyDirPath = cryptoPath.resolve(Paths.get("users", "[email protected]", "msp", "keystore")); | ||
| // Path to peer tls certificate. | ||
|
|
@@ -50,22 +50,21 @@ public static ManagedChannel newGrpcConnection() throws IOException { | |
| } | ||
|
|
||
| public static Identity newIdentity() throws IOException, CertificateException { | ||
| var certReader = Files.newBufferedReader(certPath); | ||
| var certificate = Identities.readX509Certificate(certReader); | ||
|
|
||
| return new X509Identity(mspID, certificate); | ||
| try (var certReader = Files.newBufferedReader(getFirstFilePath(certDirPath))) { | ||
| var certificate = Identities.readX509Certificate(certReader); | ||
| return new X509Identity(mspID, certificate); | ||
| } | ||
| } | ||
|
|
||
| public static Signer newSigner() throws IOException, InvalidKeyException { | ||
| var keyReader = Files.newBufferedReader(getPrivateKeyPath()); | ||
| var privateKey = Identities.readPrivateKey(keyReader); | ||
|
|
||
| return Signers.newPrivateKeySigner(privateKey); | ||
| try (var keyReader = Files.newBufferedReader(getFirstFilePath(keyDirPath))) { | ||
| var privateKey = Identities.readPrivateKey(keyReader); | ||
| return Signers.newPrivateKeySigner(privateKey); | ||
| } | ||
| } | ||
|
|
||
| private static Path getPrivateKeyPath() throws IOException { | ||
| try (var keyFiles = Files.list(keyDirPath)) { | ||
| private static Path getFirstFilePath(Path dirPath) throws IOException { | ||
| try (var keyFiles = Files.list(dirPath)) { | ||
| return keyFiles.findFirst().orElseThrow(); | ||
| } | ||
| } | ||
| } | ||
| }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -19,7 +19,7 @@ const cryptoPath = path.resolve(__dirname, '..', '..', '..', 'test-network', 'or | |
| const keyDirectoryPath = path.resolve(cryptoPath, 'users', '[email protected]', 'msp', 'keystore'); | ||
|
|
||
| // Path to user certificate. | ||
| const certPath = path.resolve(cryptoPath, 'users', '[email protected]', 'msp', 'signcerts', 'cert.pem'); | ||
| const certDirectoryPath = path.resolve(cryptoPath, 'users', '[email protected]', 'msp', 'signcerts'); | ||
|
|
||
| // Path to peer tls certificate. | ||
| const tlsCertPath = path.resolve(cryptoPath, 'peers', 'peer0.org1.example.com', 'tls', 'ca.crt'); | ||
|
|
@@ -36,14 +36,19 @@ export async function newGrpcConnection(): Promise<grpc.Client> { | |
| } | ||
|
|
||
| export async function newIdentity(): Promise<Identity> { | ||
| const certPath = await getFirstDirFileName(certDirectoryPath); | ||
| const credentials = await fs.readFile(certPath); | ||
| return { mspId, credentials }; | ||
| } | ||
|
|
||
| export async function newSigner(): Promise<Signer> { | ||
| const files = await fs.readdir(keyDirectoryPath); | ||
| const keyPath = path.resolve(keyDirectoryPath, files[0]); | ||
| const keyPath = await getFirstDirFileName(keyDirectoryPath); | ||
| const privateKeyPem = await fs.readFile(keyPath); | ||
| const privateKey = crypto.createPrivateKey(privateKeyPem); | ||
| return signers.newPrivateKeySigner(privateKey); | ||
| } | ||
|
|
||
| async function getFirstDirFileName(dirPath: string): Promise<string> { | ||
| const files = await fs.readdir(dirPath); | ||
| return path.join(dirPath, files[0]); | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.