func getDevopsClient(peerAddress string) (obc.DevopsClient, error) {
var opts []grpc.DialOption
if viper.GetBool("pki.validity-period.tls.enabled") {
var sn string
if viper.GetString("pki.validity-period.tls.server-host-override") != "" {
sn = viper.GetString("pki.validity-period.tls.server-host-override")
}
var creds credentials.TransportAuthenticator
if viper.GetString("pki.validity-period.tls.cert.file") != "" {
var err error
creds, err = credentials.NewClientTLSFromFile(viper.GetString("pki.validity-period.tls.cert.file"), sn)
if err != nil {
grpclog.Fatalf("Failed to create TLS credentials %v", err)
}
} else {
creds = credentials.NewClientTLSFromCert(nil, sn)
}
opts = append(opts, grpc.WithTransportCredentials(creds))
}
opts = append(opts, grpc.WithTimeout(systemChaincodeTimeout))
opts = append(opts, grpc.WithBlock())
opts = append(opts, grpc.WithInsecure())
conn, err := grpc.Dial(peerAddress, opts...)
if err != nil {
return nil, fmt.Errorf("Error trying to connect to local peer: %s", err)
}
devopsClient := obc.NewDevopsClient(conn)
return devopsClient, nil
}
func getDevopsClient(cmd *cobra.Command) (pb.DevopsClient, error) {
clientConn, err := peer.NewPeerClientConnection()
if err != nil {
return nil, fmt.Errorf("Error trying to connect to local peer: %s", err)
}
devopsClient := pb.NewDevopsClient(clientConn)
return devopsClient, nil
}
// login confirms the enrollmentID and secret password of the client with the
// CA and stores the enrollment certificate and key in the Devops server.
func login(args []string) {
logger.Info("CLI client login...")
// Check for username argument
if len(args) == 0 {
logger.Error("Error: must supply username.\n")
return
}
// Check for other extraneous arguments
if len(args) != 1 {
logger.Error("Error: must supply username as the 1st and only parameter.\n")
return
}
// Retrieve the CLI data storage path
// Returns /var/openchain/production/client/
localStore := getCliFilePath()
logger.Info("Local data store for client loginToken: %s", localStore)
// If the user is already logged in, return
if _, err := os.Stat(localStore + "loginToken_" + args[0]); err == nil {
logger.Info("User '%s' is already logged in.\n", args[0])
return
}
// User is not logged in, prompt for password
fmt.Printf("Enter password for user '%s': ", args[0])
pw := gopass.GetPasswdMasked()
// Log in the user
logger.Info("Logging in user '%s' on CLI interface...\n", args[0])
// Get a devopsClient to perform the login
clientConn, err := peer.NewPeerClientConnection()
if err != nil {
logger.Error(fmt.Sprintf("Error trying to connect to local peer: %s", err))
return
}
devopsClient := pb.NewDevopsClient(clientConn)
// Build the login spec and login
loginSpec := &pb.Secret{EnrollId: args[0], EnrollSecret: string(pw)}
loginResult, err := devopsClient.Login(context.Background(), loginSpec)
// Check if login is successful
if loginResult.Status == pb.Response_SUCCESS {
// If /var/openchain/production/client/ directory does not exist, create it
if _, err := os.Stat(localStore); err != nil {
if os.IsNotExist(err) {
// Directory does not exist, create it
if err := os.Mkdir(localStore, 0755); err != nil {
panic(fmt.Errorf("Fatal error when creating %s directory: %s\n", localStore, err))
}
} else {
// Unexpected error
panic(fmt.Errorf("Fatal error on os.Stat of %s directory: %s\n", localStore, err))
}
}
// Store client security context into a file
logger.Info("Storing login token for user '%s'.\n", args[0])
err = ioutil.WriteFile(localStore+"loginToken_"+args[0], []byte(args[0]), 0755)
if err != nil {
panic(fmt.Errorf("Fatal error when storing client login token: %s\n", err))
}
logger.Info("Login successful for user '%s'.\n", args[0])
} else {
logger.Error(fmt.Sprintf("Error on client login: %s", string(loginResult.Msg)))
}
return
}
// Register confirms the enrollmentID and secret password of the client with the
// CA and stores the enrollment certificate and key in the Devops server.
func (s *ServerOpenchainREST) Register(rw web.ResponseWriter, req *web.Request) {
restLogger.Info("REST client login...")
// Decode the incoming JSON payload
var loginSpec pb.Secret
err := jsonpb.Unmarshal(req.Body, &loginSpec)
// Check for proper JSON syntax
if err != nil {
// Unmarshall returns a " character around unrecognized fields in the case
// of a schema validation failure. These must be replaced with a ' character.
// Otherwise, the returned JSON is invalid.
errVal := strings.Replace(err.Error(), "\"", "'", -1)
// Client must supply payload
if err == io.EOF {
rw.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(rw, "{\"Error\": \"Payload must contain object Secret with enrollId and enrollSecret fields.\"}")
restLogger.Error("{\"Error\": \"Payload must contain object Secret with enrollId and enrollSecret fields.\"}")
} else {
rw.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(rw, "{\"Error\": \"%s\"}", errVal)
restLogger.Error(fmt.Sprintf("{\"Error\": \"%s\"}", errVal))
}
return
}
// Check that the enrollId and enrollSecret are not left blank.
if (loginSpec.EnrollId == "") || (loginSpec.EnrollSecret == "") {
rw.WriteHeader(http.StatusBadRequest)
fmt.Fprintf(rw, "{\"Error\": \"enrollId and enrollSecret may not be blank.\"}")
restLogger.Error("{\"Error\": \"enrollId and enrollSecret may not be blank.\"}")
return
}
// Retrieve the REST data storage path
// Returns /var/openchain/production/client/
localStore := getRESTFilePath()
restLogger.Info("Local data store for client loginToken: %s", localStore)
// If the user is already logged in, return
if _, err := os.Stat(localStore + "loginToken_" + loginSpec.EnrollId); err == nil {
rw.WriteHeader(http.StatusOK)
fmt.Fprintf(rw, "{\"OK\": \"User %s is already logged in.\"}", loginSpec.EnrollId)
restLogger.Info("User '%s' is already logged in.\n", loginSpec.EnrollId)
return
}
// User is not logged in, proceed with login
restLogger.Info("Logging in user '%s' on REST interface...\n", loginSpec.EnrollId)
// Get a devopsClient to perform the login
clientConn, err := peer.NewPeerClientConnection()
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(rw, "{\"Error\": \"Error trying to connect to local peer: %s\"}", err)
restLogger.Error(fmt.Sprintf("Error trying to connect to local peer: %s", err))
return
}
devopsClient := pb.NewDevopsClient(clientConn)
// Perform the login
loginResult, err := devopsClient.Login(context.Background(), &loginSpec)
// Check if login is successful
if loginResult.Status == pb.Response_SUCCESS {
// If /var/openchain/production/client/ directory does not exist, create it
if _, err := os.Stat(localStore); err != nil {
if os.IsNotExist(err) {
// Directory does not exist, create it
if err := os.Mkdir(localStore, 0755); err != nil {
rw.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(rw, "{\"Error\": \"Fatal error -- %s\"}", err)
panic(fmt.Errorf("Fatal error when creating %s directory: %s\n", localStore, err))
}
} else {
// Unexpected error
rw.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(rw, "{\"Error\": \"Fatal error -- %s\"}", err)
panic(fmt.Errorf("Fatal error on os.Stat of %s directory: %s\n", localStore, err))
}
}
// Store client security context into a file
restLogger.Info("Storing login token for user '%s'.\n", loginSpec.EnrollId)
err = ioutil.WriteFile(localStore+"loginToken_"+loginSpec.EnrollId, []byte(loginSpec.EnrollId), 0755)
if err != nil {
rw.WriteHeader(http.StatusInternalServerError)
fmt.Fprintf(rw, "{\"Error\": \"Fatal error -- %s\"}", err)
panic(fmt.Errorf("Fatal error when storing client login token: %s\n", err))
}
rw.WriteHeader(http.StatusOK)
fmt.Fprintf(rw, "{\"OK\": \"Login successful for user '%s'.\"}", loginSpec.EnrollId)
restLogger.Info("Login successful for user '%s'.\n", loginSpec.EnrollId)
} else {
loginErr := strings.Replace(string(loginResult.Msg), "\"", "'", -1)
rw.WriteHeader(http.StatusUnauthorized)
fmt.Fprintf(rw, "{\"Error\": \"%s\"}", loginErr)
restLogger.Error(fmt.Sprintf("Error on client login: %s", loginErr))
}
return
}
