Beispiel #1
0
func storeCert(alias string, der []byte, t *testing.T) {
	err := ioutil.WriteFile(filepath.Join(".obcca/", alias), utils.DERCertToPEM(der), 0700)
	if err != nil {
		t.Logf("Failed storing certificate [%s]: [%s]", alias, err)
		t.Fail()
	}
}
Beispiel #2
0
func (node *nodeImpl) retrieveTCACertsChain(userID string) error {
	// Retrieve TCA certificate and verify it
	tcaCertRaw, err := node.getTCACertificate()
	if err != nil {
		node.log.Error("Failed getting TCA certificate [%s].", err.Error())

		return err
	}
	node.log.Debug("TCA certificate [%s]", utils.EncodeBase64(tcaCertRaw))

	// TODO: Test TCA cert againt root CA
	_, err = utils.DERToX509Certificate(tcaCertRaw)
	if err != nil {
		node.log.Error("Failed parsing TCA certificate [%s].", err.Error())

		return err
	}

	// Store TCA cert
	node.log.Debug("Storing TCA certificate for validator [%s]...", userID)

	err = ioutil.WriteFile(node.conf.getTCACertsChainPath(), utils.DERCertToPEM(tcaCertRaw), 0700)
	if err != nil {
		node.log.Error("Failed storing tca certificate [%s].", err.Error())
		return err
	}

	return nil
}
Beispiel #3
0
func (node *nodeImpl) retrieveTLSCertificate(id, affiliation string) error {
	key, tlsCertRaw, err := node.getTLSCertificateFromTLSCA(id, affiliation)
	if err != nil {
		node.log.Error("Failed getting tls certificate [id=%s] %s", id, err)

		return err
	}
	node.log.Info("Register:cert %s", utils.EncodeBase64(tlsCertRaw))

	// Store enrollment  key
	node.log.Info("Storing enrollment key and certificate for user [%s]...", id)

	rawKey, err := utils.PrivateKeyToPEM(key)
	if err != nil {
		node.log.Error("Failed converting tls key to PEM [id=%s]: %s", id, err)
		return err
	}

	err = ioutil.WriteFile(node.conf.getTLSKeyPath(), rawKey, 0700)
	if err != nil {
		node.log.Error("Failed storing tls key [id=%s]: %s", id, err)
		return err
	}

	// Store tls cert
	err = ioutil.WriteFile(node.conf.getTLSCertPath(), utils.DERCertToPEM(tlsCertRaw), 0700)
	if err != nil {
		node.log.Error("Failed storing tls certificate [id=%s]: %s", id, err)
		return err
	}

	return nil
}
Beispiel #4
0
func (ks *keyStore) storeCert(alias string, der []byte) error {
	err := ioutil.WriteFile(ks.conf.getPathForAlias(alias), utils.DERCertToPEM(der), 0700)
	if err != nil {
		ks.log.Error("Failed storing certificate [%s]: [%s]", alias, err)
		return err
	}

	return nil
}
Beispiel #5
0
func (node *nodeImpl) retrieveEnrollmentData(userID, pwd string) error {
	key, enrollCertRaw, enrollChainKey, err := node.getEnrollmentCertificateFromECA(userID, pwd)
	if err != nil {
		node.log.Error("Failed getting enrollment certificate [id=%s]  ", userID, err)

		return err
	}
	node.log.Debug("Enrollment certificate [%s].", utils.EncodeBase64(enrollCertRaw))
	//	validatorLogger.Info("Register:key  ", utils.EncodeBase64(key))

	// Store enrollment  key
	node.log.Debug("Storing enrollment data for user [%s]...", userID)

	rawKey, err := utils.PrivateKeyToPEM(key)
	if err != nil {
		node.log.Error("Failed converting enrollment key to PEM [id=%s]: ", userID, err)
		return err
	}

	err = ioutil.WriteFile(node.conf.getEnrollmentKeyPath(), rawKey, 0700)
	if err != nil {
		node.log.Error("Failed storing enrollment key [id=%s]: ", userID, err)
		return err
	}

	// Store enrollment cert
	err = ioutil.WriteFile(node.conf.getEnrollmentCertPath(), utils.DERCertToPEM(enrollCertRaw), 0700)
	if err != nil {
		node.log.Error("Failed storing enrollment certificate [id=%s]: ", userID, err)
		return err
	}

	// Store enrollment id
	err = ioutil.WriteFile(node.conf.getEnrollmentIDPath(), []byte(userID), 0700)
	if err != nil {
		node.log.Error("Failed storing enrollment certificate [id=%s]: ", userID, err)
		return err
	}

	// Store enrollment chain key
	err = ioutil.WriteFile(node.conf.getEnrollmentChainKeyPath(), utils.AEStoPEM(enrollChainKey), 0700)
	if err != nil {
		node.log.Error("Failed storing enrollment chain key [id=%s]: ", userID, err)
		return err
	}

	return nil
}
Beispiel #6
0
// GetEnrollmentCert retrieves the enrollment certificate for a given user.
func (s *ServerOpenchainREST) GetEnrollmentCert(rw web.ResponseWriter, req *web.Request) {
	// Parse out the user enrollment ID
	enrollmentID := req.PathParams["id"]

	if restLogger.IsEnabledFor(logging.DEBUG) {
		restLogger.Debug("REST received enrollment certificate retrieval request for registrationID '%s'", enrollmentID)
	}

	// If security is enabled, initialize the crypto client
	if viper.GetBool("security.enabled") {
		if restLogger.IsEnabledFor(logging.DEBUG) {
			restLogger.Debug("Initializing secure client using context '%s'", enrollmentID)
		}

		// Initialize the security client
		sec, err := crypto.InitClient(enrollmentID, nil)
		if err != nil {
			rw.WriteHeader(http.StatusBadRequest)
			fmt.Fprintf(rw, "{\"Error\": \"%s\"}", err)
			restLogger.Error(fmt.Sprintf("{\"Error\": \"%s\"}", err))

			return
		}

		// Obtain the client CertificateHandler
		handler, err := sec.GetEnrollmentCertificateHandler()
		if err != nil {
			rw.WriteHeader(http.StatusInternalServerError)
			fmt.Fprintf(rw, "{\"Error\": \"%s\"}", err)
			restLogger.Error(fmt.Sprintf("{\"Error\": \"%s\"}", err))

			return
		}

		// Certificate handler can not be hil
		if handler == nil {
			rw.WriteHeader(http.StatusInternalServerError)
			fmt.Fprintf(rw, "{\"Error\": \"Error retrieving certificate handler.\"}")
			restLogger.Error("{\"Error\": \"Error retrieving certificate handler.\"}")

			return
		}

		// Obtain the DER encoded certificate
		certDER := handler.GetCertificate()

		// Confirm the retrieved enrollment certificate is not nil
		if certDER == nil {
			rw.WriteHeader(http.StatusInternalServerError)
			fmt.Fprintf(rw, "{\"Error\": \"Enrollment certificate is nil.\"}")
			restLogger.Error("{\"Error\": \"Enrollment certificate is nil.\"}")

			return
		}

		// Confirm the retrieved enrollment certificate has non-zero length
		if len(certDER) == 0 {
			rw.WriteHeader(http.StatusInternalServerError)
			fmt.Fprintf(rw, "{\"Error\": \"Enrollment certificate length is 0.\"}")
			restLogger.Error("{\"Error\": \"Enrollment certificate length is 0.\"}")

			return
		}

		// Transforms the DER encoded certificate to a PEM encoded certificate
		certPEM := utils.DERCertToPEM(certDER)

		// As the enrollment certifiacate contains \n characters, url encode it before outputting
		urlEncodedCert := url.QueryEscape(string(certPEM))

		// Close the security client
		crypto.CloseClient(sec)

		rw.WriteHeader(http.StatusOK)
		fmt.Fprintf(rw, "{\"OK\": \"%s\"}", urlEncodedCert)
		if restLogger.IsEnabledFor(logging.DEBUG) {
			restLogger.Debug("Sucessfully retrieved enrollment certificate for secure context '%s'", enrollmentID)
		}
	} else {
		// Security must be enabled to request enrollment certificates
		rw.WriteHeader(http.StatusBadRequest)
		fmt.Fprintf(rw, "{\"Error\": \"Security functionality must be enabled before requesting client certificates.\"}")
		restLogger.Error("{\"Error\": \"Security functionality must be enabled before requesting client certificates.\"}")

		return
	}
}