github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/bccsp/factory/pkcs11factory.go

github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/bccsp/factory/pkcs11factory.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  package factory
    17  
    18  import (
    19  	"errors"
    20  	"fmt"
    21  
    22  	"github.com/hyperledger/fabric/bccsp"
    23  	"github.com/hyperledger/fabric/bccsp/pkcs11"
    24  	"github.com/hyperledger/fabric/bccsp/sw"
    25  )
    26  
    27  const (
    28  	// PKCS11BasedFactoryName is the name of the factory of the hsm-based BCCSP implementation
    29  	PKCS11BasedFactoryName = "PKCS11"
    30  )
    31  
    32  // PKCS11Factory is the factory of the HSM-based BCCSP.
    33  type PKCS11Factory struct{}
    34  
    35  // Name returns the name of this factory
    36  func (f *PKCS11Factory) Name() string {
    37  	return PKCS11BasedFactoryName
    38  }
    39  
    40  // Get returns an instance of BCCSP using Opts.
    41  func (f *PKCS11Factory) Get(config *FactoryOpts) (bccsp.BCCSP, error) {
    42  	// Validate arguments
    43  	if config == nil || config.SwOpts == nil {
    44  		return nil, errors.New("Invalid config. It must not be nil.")
    45  	}
    46  
    47  	p11Opts := config.Pkcs11Opts
    48  
    49  	//TODO: PKCS11 does not need a keystore, but we have not migrated all of PKCS11 BCCSP to PKCS11 yet
    50  	var ks bccsp.KeyStore
    51  	if p11Opts.Ephemeral == true {
    52  		ks = sw.NewDummyKeyStore()
    53  	} else if p11Opts.FileKeystore != nil {
    54  		fks, err := sw.NewFileBasedKeyStore(nil, p11Opts.FileKeystore.KeyStorePath, false)
    55  		if err != nil {
    56  			return nil, fmt.Errorf("Failed to initialize software key store: %s", err)
    57  		}
    58  		ks = fks
    59  	} else {
    60  		// Default to DummyKeystore
    61  		ks = sw.NewDummyKeyStore()
    62  	}
    63  	err := pkcs11.InitPKCS11(p11Opts.Library, p11Opts.Pin, p11Opts.Label)
    64  	if err != nil {
    65  		return nil, fmt.Errorf("Failed initializing PKCS11 library %s %s [%s]",
    66  			p11Opts.Library, p11Opts.Label, err)
    67  	}
    68  	return pkcs11.New(p11Opts.SecLevel, p11Opts.HashFamily, ks)
    69  }
    70  
    71  // PKCS11Opts contains options for the P11Factory
    72  type PKCS11Opts struct {
    73  	// Default algorithms when not specified (Deprecated?)
    74  	SecLevel   int    `mapstructure:"security" json:"security"`
    75  	HashFamily string `mapstructure:"hash" json:"hash"`
    76  
    77  	// Keystore options
    78  	Ephemeral     bool               `mapstructure:"tempkeys,omitempty" json:"tempkeys,omitempty"`
    79  	FileKeystore  *FileKeystoreOpts  `mapstructure:"filekeystore,omitempty" json:"filekeystore,omitempty"`
    80  	DummyKeystore *DummyKeystoreOpts `mapstructure:"dummykeystore,omitempty" json:"dummykeystore,omitempty"`
    81  
    82  	// PKCS11 options
    83  	Library    string `mapstructure:"library" json:"library"`
    84  	Label      string `mapstructure:"label" json:"label"`
    85  	Pin        string `mapstructure:"pin" json:"pin"`
    86  	Sensitive  bool   `mapstructure:"sensitivekeys,omitempty" json:"sensitivekeys,omitempty"`
    87  	SoftVerify bool   `mapstructure:"softwareverify,omitempty" json:"softwareverify,omitempty"`
    88  }