github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/initializer/ca/config/tls.go (about)

     1  /*
     2   * Copyright contributors to the Hyperledger Fabric Operator project
     3   *
     4   * SPDX-License-Identifier: Apache-2.0
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at:
     9   *
    10   * 	  http://www.apache.org/licenses/LICENSE-2.0
    11   *
    12   * Unless required by applicable law or agreed to in writing, software
    13   * distributed under the License is distributed on an "AS IS" BASIS,
    14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15   * See the License for the specific language governing permissions and
    16   * limitations under the License.
    17   */
    18  
    19  package config
    20  
    21  import (
    22  	"fmt"
    23  	"path/filepath"
    24  )
    25  
    26  func (c *Config) ParseTLSBlock() (map[string][]byte, error) {
    27  	if !c.ServerConfig.TLS.IsEnabled() {
    28  		log.Info("TLS disabled for Fabric CA server")
    29  		return nil, nil
    30  	}
    31  
    32  	if c.tlsCrypto == nil {
    33  		c.tlsCrypto = map[string][]byte{}
    34  	}
    35  
    36  	log.Info("Parsing TLS block")
    37  
    38  	certFile := c.ServerConfig.TLS.CertFile
    39  	keyFile := c.ServerConfig.TLS.KeyFile
    40  
    41  	// Values for both TLS certfile and keyfile required for Operations configuration.
    42  	// TLS key look up is not supported via BCCSP
    43  	err := ValidCryptoInput(certFile, keyFile)
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  
    48  	err = c.HandleCertInput(certFile, "tls-cert.pem", c.tlsCrypto)
    49  	if err != nil {
    50  		return nil, err
    51  	}
    52  	c.ServerConfig.TLS.CertFile = filepath.Join(c.HomeDir, "tls-cert.pem")
    53  
    54  	err = c.HandleKeyInput(keyFile, "tls-key.pem", c.tlsCrypto)
    55  	if err != nil {
    56  		return nil, err
    57  	}
    58  	c.ServerConfig.TLS.KeyFile = filepath.Join(c.HomeDir, "tls-key.pem")
    59  
    60  	certFiles := c.ServerConfig.TLS.ClientAuth.CertFiles
    61  	for index, certFile := range certFiles {
    62  		fileLocation := filepath.Join(c.HomeDir, fmt.Sprintf("tls-certfile%d.pem", index))
    63  		err = c.HandleCertInput(certFile, fmt.Sprintf("tls-certfile%d.pem", index), c.tlsCrypto)
    64  		if err != nil {
    65  			return nil, err
    66  		}
    67  		certFiles[index] = fileLocation
    68  	}
    69  	c.ServerConfig.TLS.ClientAuth.CertFiles = certFiles
    70  
    71  	return c.tlsCrypto, nil
    72  }
    73  
    74  func (c *Config) TLSMountPath() {
    75  	c.ServerConfig.TLS.CertFile = filepath.Join(c.MountPath, "tls-cert.pem")
    76  	c.ServerConfig.TLS.KeyFile = filepath.Join(c.MountPath, "tls-key.pem")
    77  
    78  	certFiles := c.ServerConfig.TLS.ClientAuth.CertFiles
    79  	for index, _ := range certFiles {
    80  		certFiles[index] = filepath.Join(c.MountPath, fmt.Sprintf("tls-certfile%d.pem", index))
    81  	}
    82  	c.ServerConfig.TLS.ClientAuth.CertFiles = certFiles
    83  }