[FABG-999] Update pinning to Fabric v2.2.0 (hyperledger#102)

Signed-off-by: Troy Ronda <[email protected]>
KarolosLykos · Jul 21, 2020 · a336df6 · a336df6
1 parent e11d47b
commit a336df6
Show file tree

Hide file tree

Showing 47 changed files with 501 additions and 556 deletions.
diff --git a/Makefile b/Makefile
@@ -73,7 +73,7 @@ BASE_GO_VERSION = "1.14"
 THIRDPARTY_FABRIC_CA_BRANCH ?= master
 THIRDPARTY_FABRIC_CA_COMMIT ?= 02fe02b0a6f224aac8ac6fd813cecc590ec2a024
 THIRDPARTY_FABRIC_BRANCH    ?= master
-THIRDPARTY_FABRIC_COMMIT    ?= v2.0.0-beta
+THIRDPARTY_FABRIC_COMMIT    ?= v2.2.0
 
 # Force removal of images in cleanup (overridable)
 FIXTURE_DOCKER_REMOVE_FORCE ?= false

diff --git a/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go b/internal/github.com/hyperledger/fabric-ca/sdkpatch/cryptosuitebridge/cryptosuitebridge.go
@@ -14,9 +14,9 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 
+	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric-ca/sdkpatch/keyutil"
 	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp"
 	cspsigner "github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/signer"
-	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
 	"github.com/hyperledger/fabric-sdk-go/pkg/core/cryptosuite"
 )
@@ -49,12 +49,12 @@ func NewCspSigner(csp core.CryptoSuite, key core.Key) (crypto.Signer, error) {
 
 // PEMtoPrivateKey is a bridge for bccsp utils.PEMtoPrivateKey()
 func PEMtoPrivateKey(raw []byte, pwd []byte) (interface{}, error) {
-	return utils.PEMtoPrivateKey(raw, pwd)
+	return keyutil.PEMToPrivateKey(raw, pwd)
 }
 
 // PrivateKeyToDER marshals is bridge for utils.PrivateKeyToDER
 func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) {
-	return utils.PrivateKeyToDER(privateKey)
+	return keyutil.PrivateKeyToDER(privateKey)
 }
 
 //GetDefault returns default cryptosuite from bccsp factory default

diff --git a/internal/github.com/hyperledger/fabric-ca/sdkpatch/keyutil/keys.go b/internal/github.com/hyperledger/fabric-ca/sdkpatch/keyutil/keys.go
@@ -0,0 +1,81 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+/*
+Notice: This file has been modified for Hyperledger Fabric SDK Go usage.
+Please review third_party pinning scripts and patches for more details.
+*/
+
+package keyutil
+
+import (
+	"crypto/ecdsa"
+	"crypto/x509"
+	"encoding/pem"
+	"errors"
+	"fmt"
+)
+
+func PrivateKeyToDER(privateKey *ecdsa.PrivateKey) ([]byte, error) {
+	if privateKey == nil {
+		return nil, errors.New("invalid ecdsa private key. It must be different from nil")
+	}
+
+	return x509.MarshalECPrivateKey(privateKey)
+}
+
+func derToPrivateKey(der []byte) (key interface{}, err error) {
+
+	if key, err = x509.ParsePKCS1PrivateKey(der); err == nil {
+		return key, nil
+	}
+
+	if key, err = x509.ParsePKCS8PrivateKey(der); err == nil {
+		switch key.(type) {
+		case *ecdsa.PrivateKey:
+			return
+		default:
+			return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
+		}
+	}
+
+	if key, err = x509.ParseECPrivateKey(der); err == nil {
+		return
+	}
+
+	return nil, errors.New("invalid key type. The DER must contain an ecdsa.PrivateKey")
+}
+
+func PEMToPrivateKey(raw []byte, pwd []byte) (interface{}, error) {
+	block, _ := pem.Decode(raw)
+	if block == nil {
+		return nil, fmt.Errorf("failed decoding PEM. Block must be different from nil [% x]", raw)
+	}
+
+	// TODO: derive from header the type of the key
+
+	if x509.IsEncryptedPEMBlock(block) {
+		if len(pwd) == 0 {
+			return nil, errors.New("encrypted Key. Need a password")
+		}
+
+		decrypted, err := x509.DecryptPEMBlock(block, pwd)
+		if err != nil {
+			return nil, fmt.Errorf("failed PEM decryption: [%s]", err)
+		}
+
+		key, err := derToPrivateKey(decrypted)
+		if err != nil {
+			return nil, err
+		}
+		return key, err
+	}
+
+	cert, err := derToPrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return cert, err
+}
diff --git a/internal/github.com/hyperledger/fabric/bccsp/pkcs11/ecdsa.go b/internal/github.com/hyperledger/fabric/bccsp/pkcs11/ecdsa.go
@@ -24,7 +24,7 @@ func (csp *impl) signECDSA(k ecdsaPrivateKey, digest []byte, opts bccsp.SignerOp
 		return nil, err
 	}
 
-	s, _, err = utils.ToLowS(k.pub.pub, s)
+	s, err = utils.ToLowS(k.pub.pub, s)
 	if err != nil {
 		return nil, err
 	}

diff --git a/internal/github.com/hyperledger/fabric/bccsp/pkcs11/impl.go b/internal/github.com/hyperledger/fabric/bccsp/pkcs11/impl.go
@@ -219,17 +219,13 @@ func (csp *impl) Decrypt(k bccsp.Key, ciphertext []byte, opts bccsp.DecrypterOpt
 // This is a convenience function. Useful to self-configure, for tests where usual configuration is not
 // available
 func FindPKCS11Lib() (lib, pin, label string) {
-	//FIXME: Till we workout the configuration piece, look for the libraries in the familiar places
 	lib = os.Getenv("PKCS11_LIB")
 	if lib == "" {
 		pin = "98765432"
 		label = "ForFabric"
 		possibilities := []string{
-			"/usr/lib/softhsm/libsofthsm2.so",                            //Debian
-			"/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so",           //Ubuntu
-			"/usr/lib/s390x-linux-gnu/softhsm/libsofthsm2.so",            //Ubuntu
-			"/usr/lib/powerpc64le-linux-gnu/softhsm/libsofthsm2.so",      //Power
-			"/usr/local/Cellar/softhsm/2.5.0/lib/softhsm/libsofthsm2.so", //MacOS
+			"/usr/lib/softhsm/libsofthsm2.so",                  //Debian
+			"/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so", //Ubuntu
 		}
 		for _, path := range possibilities {
 			if _, err := os.Stat(path); !os.IsNotExist(err) {

diff --git a/internal/github.com/hyperledger/fabric/bccsp/pkcs11/pkcs11.go b/internal/github.com/hyperledger/fabric/bccsp/pkcs11/pkcs11.go
@@ -125,7 +125,6 @@ func (csp *impl) generateECKey(curve asn1.ObjectIdentifier, ephemeral bool) (ski
 		pkcs11.NewAttribute(pkcs11.CKA_TOKEN, !ephemeral),
 		pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
 		pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, marshaledOID),
-		pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, false),
 
 		pkcs11.NewAttribute(pkcs11.CKA_ID, publabel),
 		pkcs11.NewAttribute(pkcs11.CKA_LABEL, publabel),

diff --git a/internal/github.com/hyperledger/fabric/bccsp/signer/signer.go b/internal/github.com/hyperledger/fabric/bccsp/signer/signer.go
@@ -12,13 +12,12 @@ package signer
 
 import (
 	"crypto"
-
-	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
-
+	"crypto/x509"
 	"io"
 
-	"github.com/hyperledger/fabric-sdk-go/internal/github.com/hyperledger/fabric/bccsp/utils"
 	"github.com/pkg/errors"
+
+	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/core"
 )
 
 // bccspCryptoSigner is the BCCSP-based implementation of a crypto.Signer
@@ -53,7 +52,7 @@ func New(csp core.CryptoSuite, key core.Key) (crypto.Signer, error) {
 		return nil, errors.Wrap(err, "failed marshalling public key")
 	}
 
-	pk, err := utils.DERToPublicKey(raw)
+	pk, err := x509.ParsePKIXPublicKey(raw)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed marshalling der to public key")
 	}

diff --git a/internal/github.com/hyperledger/fabric/bccsp/sw/ecdsa.go b/internal/github.com/hyperledger/fabric/bccsp/sw/ecdsa.go
@@ -34,7 +34,7 @@ func signECDSA(k *ecdsa.PrivateKey, digest []byte, opts bccsp.SignerOpts) ([]byt
 		return nil, err
 	}
 
-	s, _, err = utils.ToLowS(&k.PublicKey, s)
+	s, err = utils.ToLowS(&k.PublicKey, s)
 	if err != nil {
 		return nil, err
 	}