From 0a9c409bff1b14d681f82f6d6c8e6fa740c116bb Mon Sep 17 00:00:00 2001 From: Varad Ramamoorthy Date: Wed, 2 May 2018 14:30:39 -0400 Subject: [PATCH] enable client tls --- package.json | 4 ++-- utils/connection_profile_lib/index.js | 21 +++++++++++++++++++ utils/connection_profile_lib/parts/orderer.js | 9 +++++++- utils/connection_profile_lib/parts/peer.js | 9 +++++++- 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/package.json b/package.json index b7b15b040..e8a6fb09c 100644 --- a/package.json +++ b/package.json @@ -13,8 +13,8 @@ "cors": "2.8.*", "express": "4.14.*", "express-session": "1.14.*", - "fabric-ca-client": "1.0.5", - "fabric-client": "1.0.5", + "fabric-ca-client": "1.1.0", + "fabric-client": "1.1.0", "pug": "2.0.0-beta11", "serve-static": "1.11.*", "winston": "2.2.*", diff --git a/utils/connection_profile_lib/index.js b/utils/connection_profile_lib/index.js index 853edbbc2..78b389405 100644 --- a/utils/connection_profile_lib/index.js +++ b/utils/connection_profile_lib/index.js @@ -78,6 +78,27 @@ module.exports = function (config_filename, logger) { return ret; }; + cp.getClientTLSCerts = function (msp_id) { + var clientKey = ''; + var clientCert = ''; + var path2cert = path.join(__dirname, '../../config/crypto/' + msp_id); + try { + if (fs.lstatSync(path2cert).isDirectory()) { + var keystorePath = path2cert + '/keystore/'; + var signCertsPath = path2cert + '/signcerts/cert.pem'; + if (fs.lstatSync(keystorePath).isDirectory()) { + const priv_cert = fs.readdirSync(keystorePath); + clientKey = fs.readFileSync(keystorePath+priv_cert[0], 'utf8') + '\r\n'; + clientCert = fs.readFileSync(signCertsPath, 'utf8') + '\r\n'; + } + } + } catch(e) { + console.log('Could not find Client TLS folder for ', msp_id, ' not using Client TLS'); + return null; + } + return {clientKey, clientCert}; + }; + // get the very first channel name from creds cp.getFirstChannelId = function () { if (cp.creds && cp.creds.channels) { diff --git a/utils/connection_profile_lib/parts/orderer.js b/utils/connection_profile_lib/parts/orderer.js index 0834a8eda..12a0ba01e 100644 --- a/utils/connection_profile_lib/parts/orderer.js +++ b/utils/connection_profile_lib/parts/orderer.js @@ -48,7 +48,14 @@ module.exports = function (cp, logger) { throw new Error('Orderer\'s key not passed'); } else { let orderer = helper.getOrderer(key); - return cp.buildTlsOpts(orderer); + var orderer_opts = cp.buildTlsOpts(orderer); + var org = cp.getClientOrg(); + var client_tls = cp.getClientTLSCerts(org); + if (client_tls) { + orderer_opts.clientKey = client_tls.clientKey; + orderer_opts.clientCert = client_tls.clientCert; + } + return orderer_opts; } }; diff --git a/utils/connection_profile_lib/parts/peer.js b/utils/connection_profile_lib/parts/peer.js index 431a1db0b..f93151cf5 100644 --- a/utils/connection_profile_lib/parts/peer.js +++ b/utils/connection_profile_lib/parts/peer.js @@ -83,7 +83,14 @@ module.exports = function (cp, logger) { throw new Error('Peer\'s key not passed'); } else { let peer = helper.getPeer(key); - return cp.buildTlsOpts(peer); + var peer_opts = cp.buildTlsOpts(peer); + var org = cp.getClientOrg(); + var client_tls = cp.getClientTLSCerts(org); + if (client_tls) { + peer_opts.clientKey = client_tls.clientKey; + peer_opts.clientCert = client_tls.clientCert; + } + return peer_opts; } };