// login confirms the enrollmentID and secret password of the client with the
// CA and stores the enrollment certificate and key in the Devops server.
func networkLogin(args []string) error {
logger.Info("CLI client login...")
// Check for username argument
if len(args) == 0 {
return errors.New("Must supply username")
}
// Check for other extraneous arguments
if len(args) != 1 {
return errors.New("Must supply username as the 1st and only parameter")
}
// Retrieve the CLI data storage path
// Returns /var/openchain/production/client/
localStore := util.GetCliFilePath()
logger.Infof("Local data store for client loginToken: %s", localStore)
// If the user is already logged in, return
if _, err := os.Stat(localStore + "loginToken_" + args[0]); err == nil {
logger.Infof("User '%s' is already logged in.\n", args[0])
return err
}
// If the '--password' flag is not specified, need read it from the terminal
if loginPW == "" {
// User is not logged in, prompt for password
fmt.Printf("Enter password for user '%s': ", args[0])
pw, err := gopass.GetPasswdMasked()
if err != nil {
return fmt.Errorf("Error trying to read password from console: %s", err)
}
loginPW = string(pw)
}
// Log in the user
logger.Infof("Logging in user '%s' on CLI interface...\n", args[0])
// Get a devopsClient to perform the login
clientConn, err := peer.NewPeerClientConnection()
if err != nil {
return fmt.Errorf("Error trying to connect to local peer: %s", err)
}
devopsClient := pb.NewDevopsClient(clientConn)
// Build the login spec and login
loginSpec := &pb.Secret{EnrollId: args[0], EnrollSecret: loginPW}
loginResult, err := devopsClient.Login(context.Background(), loginSpec)
// Check if login is successful
if loginResult.Status == pb.Response_SUCCESS {
// If /var/openchain/production/client/ directory does not exist, create it
if _, err := os.Stat(localStore); err != nil {
if os.IsNotExist(err) {
// Directory does not exist, create it
if err := os.Mkdir(localStore, 0755); err != nil {
panic(fmt.Errorf("Fatal error when creating %s directory: %s\n", localStore, err))
}
} else {
// Unexpected error
panic(fmt.Errorf("Fatal error on os.Stat of %s directory: %s\n", localStore, err))
}
}
// Store client security context into a file
logger.Infof("Storing login token for user '%s'.\n", args[0])
err = ioutil.WriteFile(localStore+"loginToken_"+args[0], []byte(args[0]), 0755)
if err != nil {
panic(fmt.Errorf("Fatal error when storing client login token: %s\n", err))
}
logger.Infof("Login successful for user '%s'.\n", args[0])
} else {
return fmt.Errorf("Error on client login: %s", string(loginResult.Msg))
}
return nil
}
func getChaincodeSpecification(cmd *cobra.Command) (*pb.ChaincodeSpec, error) {
spec := &pb.ChaincodeSpec{}
if err := checkChaincodeCmdParams(cmd); err != nil {
return spec, err
}
// Build the spec
input := &pb.ChaincodeInput{}
if err := json.Unmarshal([]byte(chaincodeCtorJSON), &input); err != nil {
return spec, fmt.Errorf("Chaincode argument error: %s", err)
}
var attributes []string
if err := json.Unmarshal([]byte(chaincodeAttributesJSON), &attributes); err != nil {
return spec, fmt.Errorf("Chaincode argument error: %s", err)
}
chaincodeLang = strings.ToUpper(chaincodeLang)
spec = &pb.ChaincodeSpec{
Type: pb.ChaincodeSpec_Type(pb.ChaincodeSpec_Type_value[chaincodeLang]),
ChaincodeID: &pb.ChaincodeID{Path: chaincodePath, Name: chaincodeName},
CtorMsg: input,
Attributes: attributes,
}
// If security is enabled, add client login token
if core.SecurityEnabled() {
if chaincodeUsr == common.UndefinedParamValue {
return spec, errors.New("Must supply username for chaincode when security is enabled")
}
// Retrieve the CLI data storage path
// Returns /var/openchain/production/client/
localStore := util.GetCliFilePath()
// Check if the user is logged in before sending transaction
if _, err := os.Stat(localStore + "loginToken_" + chaincodeUsr); err == nil {
logger.Infof("Local user '%s' is already logged in. Retrieving login token.\n", chaincodeUsr)
// Read in the login token
token, err := ioutil.ReadFile(localStore + "loginToken_" + chaincodeUsr)
if err != nil {
panic(fmt.Errorf("Fatal error when reading client login token: %s\n", err))
}
// Add the login token to the chaincodeSpec
spec.SecureContext = string(token)
// If privacy is enabled, mark chaincode as confidential
if viper.GetBool("security.privacy") {
logger.Info("Set confidentiality level to CONFIDENTIAL.\n")
spec.ConfidentialityLevel = pb.ConfidentialityLevel_CONFIDENTIAL
}
} else {
// Check if the token is not there and fail
if os.IsNotExist(err) {
return spec, fmt.Errorf("User '%s' not logged in. Use the 'peer network login' command to obtain a security token.", chaincodeUsr)
}
// Unexpected error
panic(fmt.Errorf("Fatal error when checking for client login token: %s\n", err))
}
} else {
if chaincodeUsr != common.UndefinedParamValue {
logger.Warning("Username supplied but security is disabled.")
}
if viper.GetBool("security.privacy") {
panic(errors.New("Privacy cannot be enabled as requested because security is disabled"))
}
}
return spec, nil
}