Skip to content

Commit

Permalink
[FAB-3128] Added re-enroll
Browse files Browse the repository at this point in the history
Signed-off-by: biljana lukovic <[email protected]>

Change-Id: I55862204ef71f69bc88c79fe2259f7cb8365699a
Signed-off-by: biljana lukovic <[email protected]>
  • Loading branch information
biljanaLukovic committed Apr 17, 2017
1 parent 7a66106 commit 115b0db
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 2 deletions.
36 changes: 36 additions & 0 deletions fabric-ca-client/fabricca.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ var logger = logging.MustGetLogger("fabric_sdk_go")
// Services ...
type Services interface {
Enroll(enrollmentID string, enrollmentSecret string) ([]byte, []byte, error)
//reenroll to renew user's enrollment certificate
Reenroll(user fabricclient.User) ([]byte, []byte, error)
Register(registrar fabricclient.User, request *RegistrationRequest) (string, error)
Revoke(registrar fabricclient.User, request *RevocationRequest) error
}
Expand Down Expand Up @@ -153,6 +155,40 @@ func (fabricCAServices *services) Enroll(enrollmentID string, enrollmentSecret s
return enrollmentResponse.Identity.GetECert().Key(), enrollmentResponse.Identity.GetECert().Cert(), nil
}

/**
* ReEnroll an enrolled user in order to receive a signed X509 certificate
* @param {user} fabricclient.User to be reenrolled
* @returns {[]byte} X509 certificate
* @returns {[]byte} private key
*/
func (fabricCAServices *services) Reenroll(user fabricclient.User) ([]byte, []byte, error) {
if user == nil {
return nil, nil, fmt.Errorf("User does not exist")
}
if user.GetName() == "" {
logger.Infof("Invalid re-enroll request, missing argument user")
return nil, nil, fmt.Errorf("User is empty")
}
req := &api.ReenrollmentRequest{}
// Create signing identity
identity, err := fabricCAServices.createSigningIdentity(user)
if err != nil {
logger.Infof("Invalid re-enroll request, %s is not a valid user %s\n", user.GetName(), err)
return nil, nil, fmt.Errorf("Reenroll has failed; Cannot create user identity: %s", err)
}

if identity.GetECert() == nil {
logger.Infof("Invalid re-enroll request for user '%s'. Enrollment cert does not exist %s\n", user.GetName(), err)
return nil, nil, fmt.Errorf("Reenroll has failed; enrollment cert does not exist: %s", err)
}

reenrollmentResponse, err := identity.Reenroll(req)
if err != nil {
return nil, nil, fmt.Errorf("ReEnroll failed: %s", err)
}
return reenrollmentResponse.Identity.GetECert().Key(), reenrollmentResponse.Identity.GetECert().Cert(), nil
}

// Register a User with the Fabric CA
// @param {User} registrar The User that is initiating the registration
// @param {RegistrationRequest} request Registration Request
Expand Down
28 changes: 26 additions & 2 deletions test/integration/fabric_ca_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ limitations under the License.
package integration

import (
"bytes"
"crypto/x509"
"encoding/pem"
"fmt"
Expand Down Expand Up @@ -140,11 +141,34 @@ func TestRegisterEnrollRevoke(t *testing.T) {
}
fmt.Printf("Registered User: %s, Secret: %s\n", userName, enrolmentSecret)
// Enrol the previously registered user
_, _, err = caClient.Enroll(userName, enrolmentSecret)

ekey, ecert, err := caClient.Enroll(userName, enrolmentSecret)
if err != nil {
t.Fatalf("Error enroling user: %s", err.Error())
}
//re-enroll
fmt.Printf("** Attempt to re-enrolled user: '%s'\n", userName)
keyPem, _ := pem.Decode(ekey)
if err != nil {
t.Fatalf("pem Decode return error: %v", err)
}
//convert key to bccsp
k, err := client.GetCryptoSuite().KeyImport(keyPem.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: false})
if err != nil {
t.Fatalf("KeyImport return error: %v", err)
}
//create new user object and set certificate and private key of the previously enrolled user
enrolleduser := fabricClient.NewUser(userName)
enrolleduser.SetEnrollmentCertificate(ecert)
enrolleduser.SetPrivateKey(k)
//reenroll
_, reenrollCert, err := caClient.Reenroll(enrolleduser)
if err != nil {
t.Fatalf("Error Reenroling user: %s", err.Error())
}
fmt.Printf("** User '%s' was re-enrolled \n", userName)
if bytes.Equal(ecert, reenrollCert) {
t.Fatalf("Error Reenroling user. Enrollmet and Reenrollment certificates are the same.")
}

revokeRequest := fabricCAClient.RevocationRequest{Name: userName}
err = caClient.Revoke(adminUser, &revokeRequest)
Expand Down

0 comments on commit 115b0db

Please sign in to comment.