github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/lib/servertcert.go

github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/lib/servertcert.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package lib
     8  
     9  import (
    10  	"github.com/hyperledger/fabric-ca/api"
    11  	"github.com/hyperledger/fabric-ca/lib/caerrors"
    12  	tcert "github.com/hyperledger/fabric-ca/lib/tcert"
    13  	"github.com/hyperledger/fabric/bccsp"
    14  	"github.com/pkg/errors"
    15  )
    16  
    17  func newTCertEndpoint(s *Server) *serverEndpoint {
    18  	return &serverEndpoint{
    19  		Path:    "tcert",
    20  		Methods: []string{"POST"},
    21  		Handler: tcertHandler,
    22  		Server:  s,
    23  	}
    24  }
    25  
    26  // Handle a tcert request
    27  func tcertHandler(ctx *serverRequestContextImpl) (interface{}, error) {
    28  	// Authenticate caller
    29  	id, err := ctx.TokenAuthentication()
    30  	if err != nil {
    31  		return nil, err
    32  	}
    33  	// Read request body
    34  	req := &api.GetTCertBatchRequestNet{}
    35  	err = ctx.ReadBody(req)
    36  	if err != nil {
    37  		return nil, err
    38  	}
    39  	// Get the targeted CA
    40  	ca, err := ctx.GetCA()
    41  	if err != nil {
    42  		return nil, err
    43  	}
    44  	// Get requested attribute values for caller and affiliation path
    45  	caller, err := ctx.GetCaller()
    46  	if err != nil {
    47  		return nil, err
    48  	}
    49  	attrs, err := caller.GetAttributes(req.AttrNames)
    50  	if err != nil {
    51  		return nil, errors.Errorf("Failed to get attributes '%s': %s", req.AttrNames, err)
    52  	}
    53  	affiliationPath := caller.GetAffiliationPath()
    54  	// Get the prekey associated with the affiliation path
    55  	prekey, err := ca.keyTree.GetKey(affiliationPath)
    56  	if err != nil {
    57  		return nil, caerrors.NewHTTPErr(500, caerrors.ErrNoPreKey, "Failed to get prekey for identity %s: %s", id, err)
    58  	}
    59  	// TODO: When the TCert library is based on BCCSP, we will pass the prekey
    60  	//       directly.  Converting the SKI to a string is a temporary kludge
    61  	//       which isn't correct.
    62  	prekeyStr := string(prekey.SKI())
    63  	// Call the tcert library to get the batch of tcerts
    64  	tcertReq := &tcert.GetTCertBatchRequest{}
    65  	tcertReq.Count = req.Count
    66  	tcertReq.Attrs = attrs
    67  	tcertReq.EncryptAttrs = req.EncryptAttrs
    68  	tcertReq.ValidityPeriod = req.ValidityPeriod
    69  	tcertReq.PreKey = prekeyStr
    70  	resp, err := ca.tcertMgr.GetBatch(tcertReq, ctx.GetECert())
    71  	if err != nil {
    72  		return nil, err
    73  	}
    74  	// Successful response
    75  	return resp, nil
    76  }
    77  
    78  // genRootKey generates a new root key
    79  func genRootKey(csp bccsp.BCCSP) (bccsp.Key, error) {
    80  	opts := &bccsp.AES256KeyGenOpts{Temporary: true}
    81  	return csp.KeyGen(opts)
    82  }