Hsm reloaded (hyperledger-archives#3395)

* HSM Support

Signed-off-by: Dave Kelsey <[email protected]>

* fix rebase breaks

Signed-off-by: Dave Kelsey <[email protected]>

* fix more rebase breaks

Signed-off-by: Dave Kelsey <[email protected]>

.travis.yml

@@ -6,9 +6,9 @@ matrix:
         - {}
         - env: DOCS=full FC_TASK=docs
         - env: FVTEST=embedded,proxy,web FC_TASK=systest
-#        - env: SYSTEST=hlfv1_tls FC_TASK=systest
         - env: FVTEST=hlfv1-1_tls FC_TASK=systest
         - env: FVTEST=hlfv1-2_tls FC_TASK=systest
+        - env: FVTEST=hlfv1_hsm FC_TASK=systest
         - env: INTEST=hlfv1 FC_TASK=systest
         - env: INTEST=e2e FC_TASK=systest
 dist: trusty

.travis/before-install.sh

@@ -43,4 +43,19 @@ wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key |
 echo "deb http://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
 sudo apt-get update && sudo apt-get install cf-cli
 
+# install softhsm
+mkdir softhsm
+cd softhsm
+curl -O https://dist.opendnssec.org/source/softhsm-2.0.0.tar.gz
+tar -xvf softhsm-2.0.0.tar.gz
+cd softhsm-2.0.0
+./configure --disable-non-paged-memory --disable-gost
+make
+sudo make install
+
+# now configure slot 0 with pin
+sudo mkdir -p /var/lib/softhsm/tokens
+sudo chmod 777 /var/lib/softhsm/tokens
+softhsm2-util --init-token --slot 0 --label "ForComposer" --so-pin 1234 --pin 98765432
+
 _exit "All Complete" 0

CONTRIBUTING.md

@@ -11,8 +11,7 @@ These components are split across multiple Composer repositories within the Hype
 - [hyperledger/composer](https://github.com/hyperledger/composer) All the code, cli and documentation
 - [hyperledger/composer-sample-models](https://github.com/hyperledger/composer-sample-models) Sample Business Models
 - [hyperledger/composer-sample-networks](https://github.com/hyperledger/composer-sample-networks) Sample Business Networks
-- [hyperledger/composer-sample-applications](https://github.com/hyperledger/composer-sample-applications) Sample Applications using the Composer API (using v0.6 Hyperledger Fabric)
-- [hyperledger/composer-sample-applications-hlfv1](https://github.com/hyperledger/composer-sample-applications-hlfv1) Sample Applications using the Composer API (using v1.0.0-alpha Hyperledger Fabric).  **Note this is now archived**
+- [hyperledger/composer-sample-applications](https://github.com/hyperledger/composer-sample-applications) Sample Applications using the Composer API
 - [hyperledger/composer-atom-plugin](https://github.com/hyperledger/composer-atom-plugin) Plugin for the Atom editor
 - [hyperledger/composer-vscode-plugin](https://github.com/hyperledger/composer-vscode-plugin) Plugin for the VS Code editor
 - [hyperledger/composer-tools](https://github.com/hyperledger/composer-tools) Additional tools to help working with Composer
@@ -36,7 +35,6 @@ In order to assist anybody starting from scratch, we have produced guides on set
 * [Suggested IDE setup](./contrib-notes/ide-setup.md)
 * [Coding Guidelines](./contrib-notes/coding-guidelines.md)
 * [Pull Request Guidelines](./contrib-notes/submitting-pull-request.md)
-* [Release process](./contrib-notes/release-process/weekly-qa-validation.md)
 
 Start with the [Step-by-step development environment setup](./contrib-notes/getting-started.md)
 

contrib-notes/getting-started.md

@@ -34,6 +34,32 @@ This is a summary of the tools that will be required to work on Hyperledger Comp
 
 - **Chrome** Web test suites use **karma** to launch a browser, and consequently **Chrome** must be installed to prevent test failures without editing the karma configuration to use a supported browser that you already have installed.
 
+- **softhsm 2.0.0** required for the complete integration tests to run as well as a specific set of functional tests. 
+   - If you are on Linux first you need to install the openssl headers if not already installed, for example on Ubuntu
+```
+# install the openssl headers
+sudo apt-get -y install libssl-dev
+# install softhsm
+mkdir softhsm
+cd softhsm
+curl -O https://dist.opendnssec.org/source/softhsm-2.0.0.tar.gz
+tar -xvf softhsm-2.0.0.tar.gz
+cd softhsm-2.0.0
+./configure --disable-non-paged-memory --disable-gost
+make
+sudo make install
+
+# now configure slot 0 with pin
+sudo mkdir -p /var/lib/softhsm/tokens
+sudo chmod 777 /var/lib/softhsm/tokens
+softhsm2-util --init-token --slot 0 --label "ForComposer" --so-pin 1234 --pin 98765432
+```
+On linux the pkcs library you need to reference is usually placed at `/usr/local/lib/softhsm/libsofthsm2.so`
+
+   - For MAC, you might want to consider something like `homebrew` which can provide pre-built versions of softhsm. Make sure you specifically choose 2.0.0 rather than the latest version available. Alternatively you can build softhsm from source yourself but you would either need to obtain a prebuilt version of openssl with libraries and headers again from something like `homebrew` or you could compile openssl from source. 
+
+   - More details about softhsm can be found at https://www.opendnssec.org/softhsm/
+
 ## Forking and Cloning the Hyperledger Composer Repository
 
 Once those tools are installed you are ready to get going with the Hyperledger Composer repository. Let's show you how to create your own version of the Hyperledger Composer repository on GitHub, and clone it to your local machine to allow you to make your own changes, which you can subsequently contribute to the Hyperledger Composer project.
@@ -66,11 +92,11 @@ $ cd composer
 
 Hyperledger Composer has a number of prerequisites - for its runtime, code hygiene, tests, API documentation, and more.  Before you can develop locally, you need to install these using [npm](https://www.npmjs.com/). These prerequisites are installed as development dependencies. The packages are installed locally rather than globally so that their versions do not interfere with other projects you may be developing or global installations of these packages on your local machine.  You can also install these prerequisites globally, though it is required to have some packages locally, e.g. the test framework.
 
-### Installing the npm Dependencies
-
-You must bootstrap the repository so that all of the dependencies are installed and all of the packages are linked together:
+To install these dependencies, ensure you are in the top level directory of the composer repository you have just cloned and issue
 
-    $ npm run bootstrap
+```bash
+$ npm install
+```
 
 You can then work with the packages under [packages/](packages/) on a per-package
 basis as any normal node.js package.

contrib-notes/submitting-pull-request.md

@@ -16,5 +16,3 @@
 - Commit any changes using a descriptive commit message.
 - Pull requests that have associated builds that are not 100% clean will be closed.
 
-# Next step
-Move on to read [Release process](./release-process/weekly-qa-validation.md)

packages/composer-admin/lib/adminconnection.js

@@ -91,10 +91,10 @@ class AdminConnection {
                 }
             })
             .then(() => {
-                // if we have a certificate and privateKey we should ask the connection manager to import
+                // if we have a certificate and optionally a privateKey we should ask the connection manager to import
                 let certificate = card.getCredentials().certificate;
                 let privateKey = card.getCredentials().privateKey;
-                if (certificate && privateKey){
+                if (certificate){
                     return connectionManager.importIdentity(connectionProfileData.name, connectionProfileData, card.getUserName(), certificate, privateKey);
                 }
             })

packages/composer-cli/lib/cmds/card/createCommand.js

@@ -46,9 +46,6 @@ module.exports.builder = function (yargs) {
     // enforce the option after these options
     yargs.requiresArg(['file','businessNetworkName','connectionProfileFile','user','enrollSecret','certificate','privateKey','roles']);
 
-    yargs.implies('certificate','privateKey');
-    yargs.implies('privateKey','certificate');
-
     yargs.check(checkFn);
 
     return yargs;

packages/composer-cli/lib/cmds/card/lib/list.js

@@ -135,9 +135,15 @@ class List {
             listOutput.secretSet='Secret set';
         }
 
-        if (Object.keys(card.getCredentials()).length>0){
-            listOutput.credentialsSet='Credentials set';
-        }else {
+        let credCount = Object.keys(card.getCredentials()).length;
+        if (credCount > 0) {
+            if (credCount  === 1){
+                listOutput.credentialsSet = 'Credentials set, HSM managed';
+            }
+            else {
+                listOutput.credentialsSet='Credentials set';
+            }
+        } else {
             listOutput.credentialsSet='No Credentials set';
         }
         cmdUtil.log(Pretty.render(listOutput,{

packages/composer-cli/lib/cmds/identity/lib/request.js

@@ -41,7 +41,9 @@ class Request {
             .then((result) => {
                 mkdirp.sync(actualLocation);
                 fs.writeFileSync(path.join(actualLocation, result.enrollId + '-pub.pem'), result.certificate);
-                fs.writeFileSync(path.join(actualLocation, result.enrollId + '-priv.pem'), result.key);
+                if (result.key) {
+                    fs.writeFileSync(path.join(actualLocation, result.enrollId + '-priv.pem'), result.key);
+                }
                 fs.writeFileSync(path.join(actualLocation, result.caName + '-root.pem'), result.rootCertificate);
                 cmdUtil.log(`'${result.enrollId}' was successfully requested and the certificates stored in '${actualLocation}'`);
             });

packages/composer-connector-hlfv1/lib/hlfconnection.js

@@ -201,7 +201,7 @@ class HLFConnection extends Connection {
             eventHub.connect();
         });
 
-        if (this.businessNetworkIdentifier) {
+        if (this.businessNetworkIdentifier && this.eventHubs.length > 0) {
 
             // register a chaincode event listener on the first peer only.
             let ccid = this.businessNetworkIdentifier;
@@ -216,20 +216,22 @@ class HLFConnection extends Connection {
 
         LOG.debug(method, 'register exit listener for connector');
 
-        this.exitListener = () => {
-            this.eventHubs.forEach((eventHub, index) => {
-                if (eventHub.isconnected()) {
-                    eventHub.disconnect();
-                }
+        if (this.eventHubs.length > 0) {
+            this.exitListener = () => {
+                this.eventHubs.forEach((eventHub, index) => {
+                    if (eventHub.isconnected()) {
+                        eventHub.disconnect();
+                    }
 
-                // unregister any eventhub chaincode event registrations
-                if (this.ccEvents[index]) {
-                    this.eventHubs[index].unregisterChaincodeEvent(this.ccEvents[index]);
-                }
-            });
-        };
+                    // unregister any eventhub chaincode event registrations
+                    if (this.ccEvents[index]) {
+                        this.eventHubs[index].unregisterChaincodeEvent(this.ccEvents[index]);
+                    }
+                });
+            };
 
-        process.on('exit', this.exitListener);
+            process.on('exit', this.exitListener);
+        }
 
         LOG.exit(method);
     }