diff --git a/integration/nwo/token/common/ppmgen.go b/integration/nwo/token/common/ppmgen.go index 6b478621b..49b74561a 100644 --- a/integration/nwo/token/common/ppmgen.go +++ b/integration/nwo/token/common/ppmgen.go @@ -13,13 +13,13 @@ import ( msp "github.com/IBM/idemix" math3 "github.com/IBM/mathlib" - "github.com/hyperledger-labs/fabric-smart-client/platform/fabric/core/generic/msp/x509" "github.com/hyperledger-labs/fabric-token-sdk/integration/nwo/token/generators" "github.com/hyperledger-labs/fabric-token-sdk/integration/nwo/token/generators/dlog" "github.com/hyperledger-labs/fabric-token-sdk/integration/nwo/token/topology" "github.com/hyperledger-labs/fabric-token-sdk/token/core/fabtoken" cryptodlog "github.com/hyperledger-labs/fabric-token-sdk/token/core/zkatdlog/crypto" msp2 "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity/msp" + "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity/msp/x509" "github.com/pkg/errors" ) @@ -54,7 +54,7 @@ func (f *FabTokenPublicParamsGenerator) Generate(tms *topology.TMS, wallets *gen } for _, auditor := range wallets.Auditors { // Build an MSP Identity - provider, err := x509.NewProviderWithBCCSPConfig(auditor.Path, "", msp2.AuditorMSPID, nil, auditor.Opts) + provider, _, err := x509.NewProvider(auditor.Path, "", msp2.AuditorMSPID, nil, auditor.Opts) if err != nil { return nil, errors.WithMessage(err, "failed to create x509 provider") } @@ -74,7 +74,7 @@ func (f *FabTokenPublicParamsGenerator) Generate(tms *topology.TMS, wallets *gen } for _, issuer := range wallets.Issuers { // Build an MSP Identity - provider, err := x509.NewProviderWithBCCSPConfig(issuer.Path, "", msp2.AuditorMSPID, nil, issuer.Opts) + provider, _, err := x509.NewProvider(issuer.Path, "", msp2.AuditorMSPID, nil, issuer.Opts) if err != nil { return nil, errors.WithMessage(err, "failed to create x509 provider") } @@ -148,7 +148,7 @@ func (d *DLogPublicParamsGenerator) Generate(tms *topology.TMS, wallets *generat } for _, auditor := range wallets.Auditors { // Build an MSP Identity - provider, err := x509.NewProviderWithBCCSPConfig(auditor.Path, "", msp2.AuditorMSPID, nil, auditor.Opts) + provider, _, err := x509.NewProvider(auditor.Path, "", msp2.AuditorMSPID, nil, auditor.Opts) if err != nil { return nil, errors.WithMessage(err, "failed to create x509 provider") } @@ -168,7 +168,7 @@ func (d *DLogPublicParamsGenerator) Generate(tms *topology.TMS, wallets *generat } for _, issuer := range wallets.Issuers { // Build an MSP Identity - provider, err := x509.NewProviderWithBCCSPConfig(issuer.Path, "", msp2.AuditorMSPID, nil, issuer.Opts) + provider, _, err := x509.NewProvider(issuer.Path, "", msp2.AuditorMSPID, nil, issuer.Opts) if err != nil { return nil, errors.WithMessage(err, "failed to create x509 provider") } diff --git a/integration/nwo/token/generators/fabtoken/fabtoken.go b/integration/nwo/token/generators/fabtoken/fabtoken.go index 34a66b296..21cefa305 100644 --- a/integration/nwo/token/generators/fabtoken/fabtoken.go +++ b/integration/nwo/token/generators/fabtoken/fabtoken.go @@ -16,10 +16,11 @@ import ( "text/template" "time" + "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity/msp/x509/msp" + "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/api" "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/common" "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fabric/commands" - "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fabric/network" ftopology "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fabric/topology" "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fsc/node" "github.com/hyperledger-labs/fabric-smart-client/platform/view/services/flogging" @@ -215,13 +216,15 @@ func (d *CryptoMaterialGenerator) Generate(tms *topology.TMS, n *node.Node, wall } if wallet == "issuers" || wallet == "auditors" { + var err error if userSpecs[i].HSM { // PKCS11 - id.Opts = network.BCCSPOpts("PKCS11") + id.Opts, err = msp.BCCSPOpts("PKCS11") } else { // SW - id.Opts = network.BCCSPOpts("SW") + id.Opts, err = msp.BCCSPOpts("SW") } + Expect(err).NotTo(HaveOccurred(), "failed generating identity [%s]", userSpecs[i]) } identities = append(identities, id) diff --git a/integration/nwo/token/generators/wallet.go b/integration/nwo/token/generators/wallet.go index fe114ebae..70b007a7c 100644 --- a/integration/nwo/token/generators/wallet.go +++ b/integration/nwo/token/generators/wallet.go @@ -6,14 +6,16 @@ SPDX-License-Identifier: Apache-2.0 package generators -import "github.com/hyperledger-labs/fabric-smart-client/integration/nwo/fabric/topology" +import ( + "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity/msp/x509/msp" +) type Identity struct { ID string Type string Path string Default bool - Opts *topology.BCCSP + Opts *msp.BCCSP Raw []byte } diff --git a/token/services/identity/msp/x509/msp/config.go b/token/services/identity/msp/x509/msp/config.go index 25451d3c0..6e3620c7b 100644 --- a/token/services/identity/msp/x509/msp/config.go +++ b/token/services/identity/msp/x509/msp/config.go @@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0 package msp import ( - "github.com/hyperledger/fabric/bccsp/pkcs11" + "github.com/hyperledger-labs/fabric-token-sdk/token/services/identity/msp/x509/msp/pkcs11" "github.com/pkg/errors" "gopkg.in/yaml.v2" ) @@ -82,3 +82,29 @@ func ToPKCS11OptsOpts(o *PKCS11) *pkcs11.PKCS11Opts { } return res } + +// BCCSPOpts returns a `BCCSP` instance. `defaultProvider` sets the `Default` value of the BCCSP, +// that is denoting the which provider impl is used. `defaultProvider` currently supports `SW` and `PKCS11`. +func BCCSPOpts(defaultProvider string) (*BCCSP, error) { + bccsp := &BCCSP{ + Default: defaultProvider, + SW: &SoftwareProvider{ + Hash: "SHA2", + Security: 256, + }, + PKCS11: &PKCS11{ + Hash: "SHA2", + Security: 256, + }, + } + if defaultProvider == "PKCS11" { + lib, pin, label, err := pkcs11.FindPKCS11Lib() + if err != nil { + return nil, errors.Wrapf(err, "faild to find PKCS11 lib [%s]", defaultProvider) + } + bccsp.PKCS11.Pin = pin + bccsp.PKCS11.Label = label + bccsp.PKCS11.Library = lib + } + return bccsp, nil +} diff --git a/token/services/identity/msp/x509/msp/pkcs11/pkcs11.go b/token/services/identity/msp/x509/msp/pkcs11/pkcs11.go new file mode 100644 index 000000000..ca6d9d831 --- /dev/null +++ b/token/services/identity/msp/x509/msp/pkcs11/pkcs11.go @@ -0,0 +1,55 @@ +/* +Copyright IBM Corp. All Rights Reserved. + +SPDX-License-Identifier: Apache-2.0 +*/ + +package pkcs11 + +import ( + "os" + + "github.com/hyperledger/fabric/bccsp/pkcs11" + "github.com/pkg/errors" +) + +const ( + EnvPin = "PKCS11_PIN" + EnvLabel = "PKCS11_LABEL" + DefaultPin = "98765432" + DefaultLabel = "ForFSC" +) + +type ( + PKCS11Opts = pkcs11.PKCS11Opts + KeyIDMapping = pkcs11.KeyIDMapping +) + +// FindPKCS11Lib attempts to find the PKCS11 library based on the given configuration +func FindPKCS11Lib() (lib, pin, label string, err error) { + if lib = os.Getenv("PKCS11_LIB"); lib == "" { + possibilities := []string{ + "/usr/lib/softhsm/libsofthsm2.so", // Debian + "/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so", // Ubuntu + "/usr/local/lib/softhsm/libsofthsm2.so", + "/usr/lib/libacsp-pkcs11.so", + } + for _, path := range possibilities { + if _, err := os.Stat(path); !os.IsNotExist(err) { + lib = path + break + } + } + } + if len(lib) == 0 { + err = errors.New("cannot find PKCS11 lib") + } + if pin = os.Getenv(EnvPin); pin == "" { + pin = DefaultPin + } + if label = os.Getenv(EnvLabel); label == "" { + label = DefaultLabel + } + + return +}