func storeCert(alias string, der []byte, t *testing.T) { err := ioutil.WriteFile(filepath.Join(".obcca/", alias), utils.DERCertToPEM(der), 0700) if err != nil { t.Logf("Failed storing certificate [%s]: [%s]", alias, err) t.Fail() } }
func (node *nodeImpl) retrieveTCACertsChain(userID string) error { // Retrieve TCA certificate and verify it tcaCertRaw, err := node.getTCACertificate() if err != nil { node.log.Error("Failed getting TCA certificate [%s].", err.Error()) return err } node.log.Debug("TCA certificate [%s]", utils.EncodeBase64(tcaCertRaw)) // TODO: Test TCA cert againt root CA _, err = utils.DERToX509Certificate(tcaCertRaw) if err != nil { node.log.Error("Failed parsing TCA certificate [%s].", err.Error()) return err } // Store TCA cert node.log.Debug("Storing TCA certificate for validator [%s]...", userID) err = ioutil.WriteFile(node.conf.getTCACertsChainPath(), utils.DERCertToPEM(tcaCertRaw), 0700) if err != nil { node.log.Error("Failed storing tca certificate [%s].", err.Error()) return err } return nil }
func (node *nodeImpl) retrieveTLSCertificate(id, affiliation string) error { key, tlsCertRaw, err := node.getTLSCertificateFromTLSCA(id, affiliation) if err != nil { node.log.Error("Failed getting tls certificate [id=%s] %s", id, err) return err } node.log.Info("Register:cert %s", utils.EncodeBase64(tlsCertRaw)) // Store enrollment key node.log.Info("Storing enrollment key and certificate for user [%s]...", id) rawKey, err := utils.PrivateKeyToPEM(key) if err != nil { node.log.Error("Failed converting tls key to PEM [id=%s]: %s", id, err) return err } err = ioutil.WriteFile(node.conf.getTLSKeyPath(), rawKey, 0700) if err != nil { node.log.Error("Failed storing tls key [id=%s]: %s", id, err) return err } // Store tls cert err = ioutil.WriteFile(node.conf.getTLSCertPath(), utils.DERCertToPEM(tlsCertRaw), 0700) if err != nil { node.log.Error("Failed storing tls certificate [id=%s]: %s", id, err) return err } return nil }
func (ks *keyStore) storeCert(alias string, der []byte) error { err := ioutil.WriteFile(ks.conf.getPathForAlias(alias), utils.DERCertToPEM(der), 0700) if err != nil { ks.log.Error("Failed storing certificate [%s]: [%s]", alias, err) return err } return nil }
func (node *nodeImpl) retrieveEnrollmentData(userID, pwd string) error { key, enrollCertRaw, enrollChainKey, err := node.getEnrollmentCertificateFromECA(userID, pwd) if err != nil { node.log.Error("Failed getting enrollment certificate [id=%s] ", userID, err) return err } node.log.Debug("Enrollment certificate [%s].", utils.EncodeBase64(enrollCertRaw)) // validatorLogger.Info("Register:key ", utils.EncodeBase64(key)) // Store enrollment key node.log.Debug("Storing enrollment data for user [%s]...", userID) rawKey, err := utils.PrivateKeyToPEM(key) if err != nil { node.log.Error("Failed converting enrollment key to PEM [id=%s]: ", userID, err) return err } err = ioutil.WriteFile(node.conf.getEnrollmentKeyPath(), rawKey, 0700) if err != nil { node.log.Error("Failed storing enrollment key [id=%s]: ", userID, err) return err } // Store enrollment cert err = ioutil.WriteFile(node.conf.getEnrollmentCertPath(), utils.DERCertToPEM(enrollCertRaw), 0700) if err != nil { node.log.Error("Failed storing enrollment certificate [id=%s]: ", userID, err) return err } // Store enrollment id err = ioutil.WriteFile(node.conf.getEnrollmentIDPath(), []byte(userID), 0700) if err != nil { node.log.Error("Failed storing enrollment certificate [id=%s]: ", userID, err) return err } // Store enrollment chain key err = ioutil.WriteFile(node.conf.getEnrollmentChainKeyPath(), utils.AEStoPEM(enrollChainKey), 0700) if err != nil { node.log.Error("Failed storing enrollment chain key [id=%s]: ", userID, err) return err } return nil }
// GetEnrollmentCert retrieves the enrollment certificate for a given user. func (s *ServerOpenchainREST) GetEnrollmentCert(rw web.ResponseWriter, req *web.Request) { // Parse out the user enrollment ID enrollmentID := req.PathParams["id"] if restLogger.IsEnabledFor(logging.DEBUG) { restLogger.Debug("REST received enrollment certificate retrieval request for registrationID '%s'", enrollmentID) } // If security is enabled, initialize the crypto client if viper.GetBool("security.enabled") { if restLogger.IsEnabledFor(logging.DEBUG) { restLogger.Debug("Initializing secure client using context '%s'", enrollmentID) } // Initialize the security client sec, err := crypto.InitClient(enrollmentID, nil) if err != nil { rw.WriteHeader(http.StatusBadRequest) fmt.Fprintf(rw, "{\"Error\": \"%s\"}", err) restLogger.Error(fmt.Sprintf("{\"Error\": \"%s\"}", err)) return } // Obtain the client CertificateHandler handler, err := sec.GetEnrollmentCertificateHandler() if err != nil { rw.WriteHeader(http.StatusInternalServerError) fmt.Fprintf(rw, "{\"Error\": \"%s\"}", err) restLogger.Error(fmt.Sprintf("{\"Error\": \"%s\"}", err)) return } // Certificate handler can not be hil if handler == nil { rw.WriteHeader(http.StatusInternalServerError) fmt.Fprintf(rw, "{\"Error\": \"Error retrieving certificate handler.\"}") restLogger.Error("{\"Error\": \"Error retrieving certificate handler.\"}") return } // Obtain the DER encoded certificate certDER := handler.GetCertificate() // Confirm the retrieved enrollment certificate is not nil if certDER == nil { rw.WriteHeader(http.StatusInternalServerError) fmt.Fprintf(rw, "{\"Error\": \"Enrollment certificate is nil.\"}") restLogger.Error("{\"Error\": \"Enrollment certificate is nil.\"}") return } // Confirm the retrieved enrollment certificate has non-zero length if len(certDER) == 0 { rw.WriteHeader(http.StatusInternalServerError) fmt.Fprintf(rw, "{\"Error\": \"Enrollment certificate length is 0.\"}") restLogger.Error("{\"Error\": \"Enrollment certificate length is 0.\"}") return } // Transforms the DER encoded certificate to a PEM encoded certificate certPEM := utils.DERCertToPEM(certDER) // As the enrollment certifiacate contains \n characters, url encode it before outputting urlEncodedCert := url.QueryEscape(string(certPEM)) // Close the security client crypto.CloseClient(sec) rw.WriteHeader(http.StatusOK) fmt.Fprintf(rw, "{\"OK\": \"%s\"}", urlEncodedCert) if restLogger.IsEnabledFor(logging.DEBUG) { restLogger.Debug("Sucessfully retrieved enrollment certificate for secure context '%s'", enrollmentID) } } else { // Security must be enabled to request enrollment certificates rw.WriteHeader(http.StatusBadRequest) fmt.Fprintf(rw, "{\"Error\": \"Security functionality must be enabled before requesting client certificates.\"}") restLogger.Error("{\"Error\": \"Security functionality must be enabled before requesting client certificates.\"}") return } }