github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric-config/configtx/example_test.go

/*
Copyright IBM Corp All Rights Reserved.

SPDX-License-Identifier: Apache-2.0
*/

package configtx_test

import (
	"crypto/elliptic"
	"crypto/rand"
	"encoding/pem"
	"fmt"
	"github.com/hellobchain/newcryptosm/ecdsa"
	"github.com/hellobchain/newcryptosm/x509"
	"github.com/hellobchain/newcryptosm/x509/pkix"
	configtx2 "github.com/hellobchain/third_party/hyperledger/fabric-config/configtx"
	"github.com/hellobchain/third_party/hyperledger/fabric-config/configtx/membership"
	"github.com/hellobchain/third_party/hyperledger/fabric-config/configtx/orderer"
	"log"
	"math/big"
	"testing"
	"time"

	"github.com/golang/protobuf/proto"
	cb "github.com/hyperledger/fabric-protos-go/common"
	mb "github.com/hyperledger/fabric-protos-go/msp"
	ob "github.com/hyperledger/fabric-protos-go/orderer"
	pb "github.com/hyperledger/fabric-protos-go/peer"
	. "github.com/onsi/gomega"
)

const (
	// Arbitrary valid pem encoded x509 certificate from crypto/x509 tests.
	// The contents of the certifcate don't matter, we just need a valid certificate
	// to pass marshaling/unmarshalling.
	dummyCert = `-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIRAKQkkrFx1T/dgB/Go/xBM5swDQYJKoZIhvcNAQELBQAw
EjEQMA4GA1UEChMHQWNtZSBDbzAeFw0xNjA4MTcyMDM2MDdaFw0xNzA4MTcyMDM2
MDdaMBIxEDAOBgNVBAoTB0FjbWUgQ28wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDAoJtjG7M6InsWwIo+l3qq9u+g2rKFXNu9/mZ24XQ8XhV6PUR+5HQ4
jUFWC58ExYhottqK5zQtKGkw5NuhjowFUgWB/VlNGAUBHtJcWR/062wYrHBYRxJH
qVXOpYKbIWwFKoXu3hcpg/CkdOlDWGKoZKBCwQwUBhWE7MDhpVdQ+ZljUJWL+FlK
yQK5iRsJd5TGJ6VUzLzdT4fmN2DzeK6GLeyMpVpU3sWV90JJbxWQ4YrzkKzYhMmB
EcpXTG2wm+ujiHU/k2p8zlf8Sm7VBM/scmnMFt0ynNXop4FWvJzEm1G0xD2t+e2I
5Utr04dOZPCgkm++QJgYhtZvgW7ZZiGTAgMBAAGjUjBQMA4GA1UdDwEB/wQEAwIF
oDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMBsGA1UdEQQUMBKC
EHRlc3QuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQELBQADggEBADpqKQxrthH5InC7
X96UP0OJCu/lLEMkrjoEWYIQaFl7uLPxKH5AmQPH4lYwF7u7gksR7owVG9QU9fs6
1fK7II9CVgCd/4tZ0zm98FmU4D0lHGtPARrrzoZaqVZcAvRnFTlPX5pFkPhVjjai
/mkxX9LpD8oK1445DFHxK5UjLMmPIIWd8EOi+v5a+hgGwnJpoW7hntSl8kHMtTmy
fnnktsblSUV4lRCit0ymC7Ojhe+gzCCwkgs5kDzVVag+tnl/0e2DloIjASwOhpbH
KVcg7fBd484ht/sS+l0dsB4KDOSpd8JzVDMF8OZqlaydizoJO0yWr9GbCN1+OKq5
EhLrEqU=
-----END CERTIFICATE-----
`

	// Arbitrary valid pem encoded ec private key.
	// The contents of the private key don't matter, we just need a valid
	// EC private key to pass marshaling/unmarshalling.
	dummyPrivateKey = `-----BEGIN EC PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgDZUgDvKixfLi8cK8
/TFLY97TDmQV3J2ygPpvuI8jSdihRANCAARRN3xgbPIR83dr27UuDaf2OJezpEJx
UC3v06+FD8MUNcRAboqt4akehaNNSh7MMZI+HdnsM4RXN2y8NePUQsPL
-----END EC PRIVATE KEY-----
`

	// Arbitrary valid pem encoded x509 crl.
	// The contents of the CRL don't matter, we just need a valid
	// CRL to pass marshaling/unmarshalling.
	dummyCRL = `-----BEGIN X509 CRL-----
MIIBYDCBygIBATANBgkqhkiG9w0BAQUFADBDMRMwEQYKCZImiZPyLGQBGRYDY29t
MRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTETMBEGA1UEAxMKRXhhbXBsZSBDQRcN
MDUwMjA1MTIwMDAwWhcNMDUwMjA2MTIwMDAwWjAiMCACARIXDTA0MTExOTE1NTcw
M1owDDAKBgNVHRUEAwoBAaAvMC0wHwYDVR0jBBgwFoAUCGivhTPIOUp6+IKTjnBq
SiCELDIwCgYDVR0UBAMCAQwwDQYJKoZIhvcNAQEFBQADgYEAItwYffcIzsx10NBq
m60Q9HYjtIFutW2+DvsVFGzIF20f7pAXom9g5L2qjFXejoRvkvifEBInr0rUL4Xi
NkR9qqNMJTgV/wD9Pn7uPSYS69jnK2LiK8NGgO94gtEVxtCccmrLznrtZ5mLbnCB
fUNCdMGmr8FVF6IzTNYGmCuk/C4=
-----END X509 CRL-----
`
)

// This example shows the basic usage of the package: modifying, computing, and signing
// a config update.
func Example_basic() {
	baseConfig := fetchSystemChannelConfig()
	c := configtx2.New(baseConfig)

	err := c.Consortium("SampleConsortium").SetChannelCreationPolicy(configtx2.Policy{
		Type: configtx2.ImplicitMetaPolicyType,
		Rule: "MAJORITY Admins",
	})
	if err != nil {
		panic(err)
	}

	// Compute the delta
	marshaledUpdate, err := c.ComputeMarshaledUpdate("testsyschannel")
	if err != nil {
		panic(err)
	}

	// Collect the necessary signatures
	// The example respresents a 2 peer 1 org channel, to meet the policies defined
	// the transaction will be signed by both peers
	configSignatures := []*cb.ConfigSignature{}

	peer1SigningIdentity := createSigningIdentity()
	peer2SigningIdentity := createSigningIdentity()

	signingIdentities := []configtx2.SigningIdentity{
		peer1SigningIdentity,
		peer2SigningIdentity,
	}

	for _, si := range signingIdentities {
		// Create a signature for the config update with the specified signer identity
		configSignature, err := si.CreateConfigSignature(marshaledUpdate)
		if err != nil {
			panic(err)
		}

		configSignatures = append(configSignatures, configSignature)
	}

	// Create the envelope with the list of config signatures
	env, err := configtx2.NewEnvelope(marshaledUpdate, configSignatures...)
	if err != nil {
		panic(err)
	}

	// Sign the envelope with a signing identity
	err = peer1SigningIdentity.SignEnvelope(env)
	if err != nil {
		panic(err)
	}
}

// This example updates an existing orderer configuration.
func ExampleOrdererGroup_SetConfiguration() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	o := c.Orderer()

	// Must retrieve the current orderer configuration from block and modify
	// the desired values
	oConfig, err := o.Configuration()
	if err != nil {
		panic(err)
	}

	oConfig.Kafka.Brokers = []string{"kafka0:9092", "kafka1:9092", "kafka2:9092"}
	oConfig.BatchSize.MaxMessageCount = 500

	err = o.SetConfiguration(oConfig)
	if err != nil {
		panic(nil)
	}
}

// This example shows the addition and removal of ACLs.
func Example_aCLs() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	a := c.Application()

	acls := map[string]string{
		"peer/Propose": "/Channel/Application/Writers",
	}

	err := a.SetACLs(acls)
	if err != nil {
		panic(err)
	}

	aclsToDelete := []string{"event/Block"}

	err = a.RemoveACLs(aclsToDelete)
	if err != nil {
		panic(err)
	}
}

// This example shows the addition of an anchor peer and the removal of
// an existing anchor peer.
func Example_anchorPeers() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	applicationOrg1 := c.Application().Organization("Org1")

	newAnchorPeer := configtx2.Address{
		Host: "127.0.0.2",
		Port: 7051,
	}

	// Add a new anchor peer
	err := applicationOrg1.AddAnchorPeer(newAnchorPeer)
	if err != nil {
		panic(err)
	}

	oldAnchorPeer := configtx2.Address{
		Host: "127.0.0.1",
		Port: 7051,
	}

	// Remove an anchor peer
	err = applicationOrg1.RemoveAnchorPeer(oldAnchorPeer)
	if err != nil {
		panic(err)
	}
}

// This example shows the addition and removal policies from different config
// groups.
func Example_policies() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	applicationOrg1 := c.Application().Organization("Org1")

	err := applicationOrg1.SetPolicy(
		"TestPolicy",
		configtx2.Policy{
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Endorsement",
		})
	if err != nil {
		panic(err)
	}

	err = applicationOrg1.RemovePolicy(configtx2.WritersPolicyKey)
	if err != nil {
		panic(err)
	}

	o := c.Orderer()
	ordererOrg := o.Organization("OrdererOrg")

	err = ordererOrg.RemovePolicy(configtx2.WritersPolicyKey)
	if err != nil {
		panic(err)
	}

	err = ordererOrg.SetPolicy(
		"TestPolicy",
		configtx2.Policy{
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Endorsement",
		})
	if err != nil {
		panic(err)
	}

	err = o.RemovePolicy(configtx2.WritersPolicyKey)
	if err != nil {
		panic(err)
	}

	err = o.SetPolicy("TestPolicy", configtx2.Policy{
		Type: configtx2.ImplicitMetaPolicyType,
		Rule: "MAJORITY Endorsement",
	})
	if err != nil {
		panic(err)
	}
}

// This example shows the bulk replacement of multiple policies
// for different config groups.
func Example_policies2() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)

	a := c.Application()
	newAppPolicies := map[string]configtx2.Policy{
		configtx2.ReadersPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "ANY Readers",
		},
		configtx2.WritersPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "ANY Writers",
		},
		configtx2.AdminsPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Admins",
		},
		configtx2.EndorsementPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Endorsement",
		},
		configtx2.LifecycleEndorsementPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Endorsement",
		},
		"TestPolicy1": {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Endorsement",
		},
		"TestPolicy2": {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Admins",
		},
	}
	err := a.SetPolicies(newAppPolicies)
	if err != nil {
		panic(err)
	}

	o := c.Orderer()
	newOrdererPolicies := map[string]configtx2.Policy{
		configtx2.ReadersPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "ANY Readers",
		},
		configtx2.WritersPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "ANY Writers",
		},
		configtx2.AdminsPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Admins",
		},
		configtx2.BlockValidationPolicyKey: {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "ANY Writers",
		},
		"TestPolicy1": {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Admins",
		},
		"TestPolicy2": {
			Type: configtx2.ImplicitMetaPolicyType,
			Rule: "MAJORITY Writers",
		},
	}
	err = o.SetPolicies(newOrdererPolicies)
	if err != nil {
		panic(err)
	}
}

// This example shows the addition of an orderer endpoint and the removal of
// an existing orderer endpoint.
func Example_ordererEndpoints() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	ordererOrg := c.Orderer().Organization("OrdererOrg")

	err := ordererOrg.SetEndpoint(
		configtx2.Address{Host: "127.0.0.3", Port: 8050},
	)
	if err != nil {
		panic(err)
	}

	err = ordererOrg.RemoveEndpoint(
		configtx2.Address{Host: "127.0.0.1", Port: 9050},
	)
	if err != nil {
		panic(err)
	}
}

// This example shows the addition and removal of organizations from
// config groups.
func Example_organizations() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	a := c.Application()

	appOrg := configtx2.Organization{
		Name: "Org2",
		MSP:  baseMSP(&testing.T{}),
		Policies: map[string]configtx2.Policy{
			configtx2.AdminsPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "MAJORITY Admins",
			},
			configtx2.EndorsementPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "MAJORITY Endorsement",
			},
			configtx2.LifecycleEndorsementPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "MAJORITY Endorsement",
			},
			configtx2.ReadersPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "ANY Readers",
			},
			configtx2.WritersPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "ANY Writers",
			},
		},
		AnchorPeers: []configtx2.Address{
			{
				Host: "127.0.0.1",
				Port: 7051,
			},
		},
	}

	err := a.SetOrganization(appOrg)
	if err != nil {
		panic(err)
	}

	a.RemoveOrganization("Org2")

	o := c.Orderer()

	// Orderer Organization
	ordererOrg := appOrg
	ordererOrg.Name = "OrdererOrg2"
	ordererOrg.AnchorPeers = nil

	err = o.SetOrganization(ordererOrg)
	if err != nil {
		panic(err)
	}

	o.RemoveOrganization("OrdererOrg2")
}

// This example shows updating the individual orderer configuration values.
func ExampleOrdererGroup_SetConfiguration_individual() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	o := c.Orderer()

	err := o.BatchSize().SetMaxMessageCount(500)
	if err != nil {
		panic(err)
	}

	err = o.AddConsenter(orderer.Consenter{
		Address:       orderer.EtcdAddress{Host: "host1", Port: 7050},
		ClientTLSCert: generateCert(),
		ServerTLSCert: generateCert(),
	})
	if err != nil {
		panic(err)
	}

	err = o.EtcdRaftOptions().SetElectionInterval(50)
	if err != nil {
		panic(err)
	}
}

func ExampleNewSystemChannelGenesisBlock() {
	channel := configtx2.Channel{
		Consortiums: []configtx2.Consortium{
			{
				Name: "Consortium1",
				Organizations: []configtx2.Organization{
					{
						Name: "Org1MSP",
						Policies: map[string]configtx2.Policy{
							configtx2.ReadersPolicyKey: {
								Type: configtx2.SignaturePolicyType,
								Rule: "OR('Org1MSP.admin', 'Org1MSP.peer'," +
									"'Org1MSP.client')",
							},
							configtx2.WritersPolicyKey: {
								Type: configtx2.SignaturePolicyType,
								Rule: "OR('Org1MSP.admin', 'Org1MSP.client')",
							},
							configtx2.AdminsPolicyKey: {
								Type: configtx2.SignaturePolicyType,
								Rule: "OR('Org1MSP.admin')",
							},
							configtx2.EndorsementPolicyKey: {
								Type: configtx2.SignaturePolicyType,
								Rule: "OR('Org1MSP.peer')",
							},
						},
						MSP: baseMSP(&testing.T{}),
					},
				},
			},
		},
		Orderer: configtx2.Orderer{
			Policies: map[string]configtx2.Policy{
				configtx2.ReadersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Readers",
				},
				configtx2.WritersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Writers",
				},
				configtx2.AdminsPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Admins",
				},
				configtx2.BlockValidationPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Writers",
				},
			},
			OrdererType: orderer.ConsensusTypeSolo,
			Organizations: []configtx2.Organization{
				{
					Name: "OrdererMSP",
					Policies: map[string]configtx2.Policy{
						configtx2.ReadersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('OrdererMSP.member')",
						},
						configtx2.WritersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('OrdererMSP.member')",
						},
						configtx2.AdminsPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('OrdererMSP.admin')",
						},
					},
					OrdererEndpoints: []string{
						"localhost:123",
					},
					MSP: baseMSP(&testing.T{}),
				},
			},
			Capabilities: []string{"V1_3"},
			BatchSize: orderer.BatchSize{
				MaxMessageCount:   100,
				AbsoluteMaxBytes:  100,
				PreferredMaxBytes: 100,
			},
			BatchTimeout: 2 * time.Second,
			State:        orderer.ConsensusStateNormal,
		},
		Capabilities: []string{"V2_0"},
		Policies: map[string]configtx2.Policy{
			configtx2.ReadersPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "ANY Readers",
			},
			configtx2.WritersPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "ANY Writers",
			},
			configtx2.AdminsPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "MAJORITY Admins",
			},
		},
		Consortium: "",
	}

	channelID := "testSystemChannel"
	_, err := configtx2.NewSystemChannelGenesisBlock(channel, channelID)
	if err != nil {
		panic(err)
	}
}

func ExampleNewApplicationChannelGenesisBlock() {
	channel := configtx2.Channel{
		Orderer: configtx2.Orderer{
			OrdererType: orderer.ConsensusTypeEtcdRaft,
			Organizations: []configtx2.Organization{
				{
					Name: "OrdererMSP",
					Policies: map[string]configtx2.Policy{
						configtx2.ReadersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('OrdererMSP.member')",
						},
						configtx2.WritersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('OrdererMSP.member')",
						},
						configtx2.AdminsPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('OrdererMSP.admin')",
						},
					},
					OrdererEndpoints: []string{
						"host1:7050",
					},
					MSP: baseMSP(&testing.T{}),
				},
			},
			EtcdRaft: orderer.EtcdRaft{
				Consenters: []orderer.Consenter{
					{
						Address: orderer.EtcdAddress{
							Host: "host1",
							Port: 7050,
						},
						ClientTLSCert: generateCert(),
						ServerTLSCert: generateCert(),
					},
				},
				Options: orderer.EtcdRaftOptions{
					TickInterval:         "500ms",
					ElectionTick:         10,
					HeartbeatTick:        1,
					MaxInflightBlocks:    5,
					SnapshotIntervalSize: 16 * 1024 * 1024,
				},
			},
			Policies: map[string]configtx2.Policy{
				configtx2.ReadersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Readers",
				},
				configtx2.WritersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Writers",
				},
				configtx2.AdminsPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Admins",
				},
				configtx2.BlockValidationPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Writers",
				},
			},
			Capabilities: []string{"V2_0"},
			BatchSize: orderer.BatchSize{
				MaxMessageCount:   100,
				AbsoluteMaxBytes:  100,
				PreferredMaxBytes: 100,
			},
			BatchTimeout: 2 * time.Second,
			State:        orderer.ConsensusStateNormal,
		},
		Application: configtx2.Application{
			Organizations: []configtx2.Organization{
				{
					Name: "Org1MSP",
					Policies: map[string]configtx2.Policy{
						configtx2.ReadersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org1MSP.admin', 'Org1MSP.peer'," +
								"'Org1MSP.client')",
						},
						configtx2.WritersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org1MSP.admin', 'Org1MSP.client')",
						},
						configtx2.AdminsPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org1MSP.admin')",
						},
						configtx2.EndorsementPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org1MSP.peer')",
						},
					},
					MSP: baseMSP(&testing.T{}),
				},
				{
					Name: "Org2MSP",
					Policies: map[string]configtx2.Policy{
						configtx2.ReadersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org2MSP.admin', 'Org2MSP.peer'," +
								"'Org2MSP.client')",
						},
						configtx2.WritersPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org2MSP.admin', 'Org2MSP.client')",
						},
						configtx2.AdminsPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org2MSP.admin')",
						},
						configtx2.EndorsementPolicyKey: {
							Type: configtx2.SignaturePolicyType,
							Rule: "OR('Org2MSP.peer')",
						},
					},
					MSP: baseMSP(&testing.T{}),
				},
			},
			Capabilities: []string{"V2_0"},
			ACLs: map[string]string{
				"event/Block": "/Channel/Application/Readers",
			},
			Policies: map[string]configtx2.Policy{
				configtx2.ReadersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Readers",
				},
				configtx2.WritersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Writers",
				},
				configtx2.AdminsPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Admins",
				},
				configtx2.EndorsementPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Endorsement",
				},
				configtx2.LifecycleEndorsementPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Endorsement",
				},
			},
		},
		Capabilities: []string{"V2_0"},
		Policies: map[string]configtx2.Policy{
			configtx2.ReadersPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "ANY Readers",
			},
			configtx2.WritersPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "ANY Writers",
			},
			configtx2.AdminsPolicyKey: {
				Type: configtx2.ImplicitMetaPolicyType,
				Rule: "MAJORITY Admins",
			},
		},
	}

	channelID := "testchannel"
	_, err := configtx2.NewApplicationChannelGenesisBlock(channel, channelID)
	if err != nil {
		panic(err)
	}
}

func ExampleNewMarshaledCreateChannelTx() {
	channel := configtx2.Channel{
		Consortium: "SampleConsortium",
		Application: configtx2.Application{
			Organizations: []configtx2.Organization{
				{
					Name: "Org1",
				},
				{
					Name: "Org2",
				},
			},
			Capabilities: []string{"V1_3"},
			ACLs: map[string]string{
				"event/Block": "/Channel/Application/Readers",
			},
			Policies: map[string]configtx2.Policy{
				configtx2.ReadersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Readers",
				},
				configtx2.WritersPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "ANY Writers",
				},
				configtx2.AdminsPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Admins",
				},
				configtx2.EndorsementPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Endorsement",
				},
				configtx2.LifecycleEndorsementPolicyKey: {
					Type: configtx2.ImplicitMetaPolicyType,
					Rule: "MAJORITY Endorsement",
				},
			},
		},
	}

	_, err := configtx2.NewMarshaledCreateChannelTx(channel, "testchannel")
	if err != nil {
		panic(err)
	}
}

// This example shows the addition of a certificate to an application org's intermediate
// certificate list.
func ExampleApplicationOrg_SetMSP() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	applicationOrg1 := c.Application().Organization("Org1")

	msp, err := applicationOrg1.MSP().Configuration()
	if err != nil {
		panic(err)
	}

	newIntermediateCert := &x509.Certificate{
		KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		IsCA:     true,
	}

	msp.IntermediateCerts = append(msp.IntermediateCerts, newIntermediateCert)

	err = applicationOrg1.SetMSP(msp)
	if err != nil {
		panic(err)
	}
}

// This example shows the addition of a certificate to an orderer org's intermediate
// certificate list.
func ExampleOrdererOrg_SetMSP() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	ordererOrg := c.Orderer().Organization("OrdererOrg")

	msp, err := ordererOrg.MSP().Configuration()
	if err != nil {
		panic(err)
	}

	newIntermediateCert := &x509.Certificate{
		KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		IsCA:     true,
	}

	msp.IntermediateCerts = append(msp.IntermediateCerts, newIntermediateCert)

	err = ordererOrg.SetMSP(msp)
	if err != nil {
		panic(err)
	}
}

// This example shows the addition of a certificate to a consortium org's intermediate
// certificate list.
func ExampleConsortiumOrg_SetMSP() {
	baseConfig := fetchSystemChannelConfig()
	c := configtx2.New(baseConfig)

	sampleConsortiumOrg1 := c.Consortium("SampleConsortium").Organization("Org1")

	msp, err := sampleConsortiumOrg1.MSP().Configuration()
	if err != nil {
		panic(err)
	}

	newIntermediateCert := &x509.Certificate{
		KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
		IsCA:     true,
	}

	msp.IntermediateCerts = append(msp.IntermediateCerts, newIntermediateCert)

	err = sampleConsortiumOrg1.SetMSP(msp)
	if err != nil {
		panic(err)
	}
}

func ExampleOrdererGroup_RemoveLegacyKafkaBrokers() {
	baseConfig := fetchChannelConfig()
	c := configtx2.New(baseConfig)
	ordererConfig, err := c.Orderer().Configuration()
	if err != nil {
		panic(err)
	}
	ordererConfig.OrdererType = orderer.ConsensusTypeEtcdRaft
	ordererConfig.EtcdRaft = orderer.EtcdRaft{
		Consenters: []orderer.Consenter{
			{
				Address: orderer.EtcdAddress{
					Host: "host1",
					Port: 7050,
				},
				ClientTLSCert: generateCert(),
				ServerTLSCert: generateCert(),
			},
		},
	}
	c.Orderer().RemoveLegacyKafkaBrokers()
}

// fetchChannelConfig mocks retrieving the config transaction from the most recent configuration block.
func fetchChannelConfig() *cb.Config {
	return &cb.Config{
		ChannelGroup: &cb.ConfigGroup{
			Groups: map[string]*cb.ConfigGroup{
				configtx2.OrdererGroupKey: {
					Version: 1,
					Groups: map[string]*cb.ConfigGroup{
						"OrdererOrg": {
							Groups: map[string]*cb.ConfigGroup{},
							Values: map[string]*cb.ConfigValue{
								configtx2.EndpointsKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Value: marshalOrPanic(&cb.OrdererAddresses{
										Addresses: []string{"127.0.0.1:7050"},
									}),
								},
								configtx2.MSPKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Value: marshalOrPanic(&mb.MSPConfig{
										Config: []byte{},
									}),
								},
							},
							Policies: map[string]*cb.ConfigPolicy{
								configtx2.AdminsPolicyKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Policy: &cb.Policy{
										Type: 3,
										Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
											Rule:      cb.ImplicitMetaPolicy_MAJORITY,
											SubPolicy: configtx2.AdminsPolicyKey,
										}),
									},
								},
								configtx2.ReadersPolicyKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Policy: &cb.Policy{
										Type: 3,
										Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
											Rule:      cb.ImplicitMetaPolicy_ANY,
											SubPolicy: configtx2.ReadersPolicyKey,
										}),
									},
								},
								configtx2.WritersPolicyKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Policy: &cb.Policy{
										Type: 3,
										Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
											Rule:      cb.ImplicitMetaPolicy_ANY,
											SubPolicy: configtx2.WritersPolicyKey,
										}),
									},
								},
							},
							ModPolicy: configtx2.AdminsPolicyKey,
						},
					},
					Values: map[string]*cb.ConfigValue{
						orderer.ConsensusTypeKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Value: marshalOrPanic(&ob.ConsensusType{
								Type: orderer.ConsensusTypeKafka,
							}),
						},
						orderer.ChannelRestrictionsKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Value: marshalOrPanic(&ob.ChannelRestrictions{
								MaxCount: 1,
							}),
						},
						configtx2.CapabilitiesKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Value: marshalOrPanic(&cb.Capabilities{
								Capabilities: map[string]*cb.Capability{
									"V1_3": {},
								},
							}),
						},
						orderer.KafkaBrokersKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Value: marshalOrPanic(&ob.KafkaBrokers{
								Brokers: []string{"kafka0:9092", "kafka1:9092"},
							}),
						},
						orderer.BatchTimeoutKey: {
							Value: marshalOrPanic(&ob.BatchTimeout{
								Timeout: "15s",
							}),
						},
						orderer.BatchSizeKey: {
							Value: marshalOrPanic(&ob.BatchSize{
								MaxMessageCount:   100,
								AbsoluteMaxBytes:  100,
								PreferredMaxBytes: 100,
							}),
						},
					},
					Policies: map[string]*cb.ConfigPolicy{
						configtx2.AdminsPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_MAJORITY,
									SubPolicy: configtx2.AdminsPolicyKey,
								}),
							},
						},
						configtx2.ReadersPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_ANY,
									SubPolicy: configtx2.ReadersPolicyKey,
								}),
							},
						},
						configtx2.WritersPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_ANY,
									SubPolicy: configtx2.WritersPolicyKey,
								}),
							},
						},
						configtx2.BlockValidationPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_ANY,
									SubPolicy: configtx2.WritersPolicyKey,
								}),
							},
						},
					},
				},
				configtx2.ApplicationGroupKey: {
					Groups: map[string]*cb.ConfigGroup{
						"Org1": {
							Groups: map[string]*cb.ConfigGroup{},
							Values: map[string]*cb.ConfigValue{
								configtx2.AnchorPeersKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Value: marshalOrPanic(&pb.AnchorPeers{
										AnchorPeers: []*pb.AnchorPeer{
											{Host: "127.0.0.1", Port: 7050},
										},
									}),
								},
								configtx2.MSPKey: {
									ModPolicy: configtx2.AdminsPolicyKey,
									Value: marshalOrPanic(&mb.MSPConfig{
										Config: []byte{},
									}),
								},
							},
						},
					},
					Values: map[string]*cb.ConfigValue{
						configtx2.ACLsKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Value: marshalOrPanic(&pb.ACLs{
								Acls: map[string]*pb.APIResource{
									"event/block": {PolicyRef: "/Channel/Application/Readers"},
								},
							}),
						},
						configtx2.CapabilitiesKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Value: marshalOrPanic(&cb.Capabilities{
								Capabilities: map[string]*cb.Capability{
									"V1_3": {},
								},
							}),
						},
					},
					Policies: map[string]*cb.ConfigPolicy{
						configtx2.LifecycleEndorsementPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_MAJORITY,
									SubPolicy: configtx2.AdminsPolicyKey,
								}),
							},
						},
						configtx2.AdminsPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_MAJORITY,
									SubPolicy: configtx2.AdminsPolicyKey,
								}),
							},
						},
						configtx2.ReadersPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_ANY,
									SubPolicy: configtx2.ReadersPolicyKey,
								}),
							},
						},
						configtx2.WritersPolicyKey: {
							ModPolicy: configtx2.AdminsPolicyKey,
							Policy: &cb.Policy{
								Type: 3,
								Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
									Rule:      cb.ImplicitMetaPolicy_ANY,
									SubPolicy: configtx2.WritersPolicyKey,
								}),
							},
						},
					},
				},
			},
			Values: map[string]*cb.ConfigValue{},
			Policies: map[string]*cb.ConfigPolicy{
				configtx2.AdminsPolicyKey: {
					ModPolicy: configtx2.AdminsPolicyKey,
					Policy: &cb.Policy{
						Type: 3,
						Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
							Rule:      cb.ImplicitMetaPolicy_MAJORITY,
							SubPolicy: configtx2.AdminsPolicyKey,
						}),
					},
				},
				configtx2.ReadersPolicyKey: {
					ModPolicy: configtx2.AdminsPolicyKey,
					Policy: &cb.Policy{
						Type: 3,
						Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
							Rule:      cb.ImplicitMetaPolicy_ANY,
							SubPolicy: configtx2.ReadersPolicyKey,
						}),
					},
				},
				configtx2.WritersPolicyKey: {
					ModPolicy: configtx2.AdminsPolicyKey,
					Policy: &cb.Policy{
						Type: 3,
						Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
							Rule:      cb.ImplicitMetaPolicy_ANY,
							SubPolicy: configtx2.WritersPolicyKey,
						}),
					},
				},
			},
		},
	}
}

// marshalOrPanic is a helper for proto marshal.
func marshalOrPanic(pb proto.Message) []byte {
	data, err := proto.Marshal(pb)
	if err != nil {
		panic(err)
	}

	return data
}

// createSigningIdentity returns a identity that can be used for signing transactions.
// Signing identity can be retrieved from MSP configuration for each peer.
func createSigningIdentity() configtx2.SigningIdentity {
	privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	if err != nil {
		panic(fmt.Sprintf("Failed to generate private key: %v", err))
	}

	return configtx2.SigningIdentity{
		Certificate: generateCert(),
		PrivateKey:  privKey,
		MSPID:       "Org1MSP",
	}
}

// generateCert creates a certificate for the SigningIdentity.
func generateCert() *x509.Certificate {
	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
	if err != nil {
		log.Fatalf("Failed to generate serial number: %s", err)
	}

	return &x509.Certificate{
		SerialNumber: serialNumber,
		Subject: pkix.Name{
			CommonName:   "Wile E. Coyote",
			Organization: []string{"Acme Co"},
		},
		NotBefore:             time.Now(),
		NotAfter:              time.Now().Add(365 * 24 * time.Hour),
		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
		BasicConstraintsValid: true,
	}
}

func fetchSystemChannelConfig() *cb.Config {
	return &cb.Config{
		ChannelGroup: &cb.ConfigGroup{
			Groups: map[string]*cb.ConfigGroup{
				configtx2.ConsortiumsGroupKey: {
					Groups: map[string]*cb.ConfigGroup{
						"SampleConsortium": {
							Groups: map[string]*cb.ConfigGroup{
								"Org1": {
									Groups:    map[string]*cb.ConfigGroup{},
									Policies:  map[string]*cb.ConfigPolicy{},
									Values:    map[string]*cb.ConfigValue{},
									ModPolicy: "Admins",
									Version:   0,
								},
								"Org2": {
									Groups:    map[string]*cb.ConfigGroup{},
									Policies:  map[string]*cb.ConfigPolicy{},
									Values:    map[string]*cb.ConfigValue{},
									ModPolicy: "Admins",
									Version:   0,
								},
							},
							Values: map[string]*cb.ConfigValue{
								configtx2.ChannelCreationPolicyKey: {
									ModPolicy: "/Channel/Orderer/Admins",
									Value: marshalOrPanic(&cb.Policy{
										Type: 3,
										Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
											Rule:      cb.ImplicitMetaPolicy_ANY,
											SubPolicy: configtx2.AdminsPolicyKey,
										}),
									}),
								},
							},
						},
						"SampleConsortium2": {
							Groups: map[string]*cb.ConfigGroup{},
							Values: map[string]*cb.ConfigValue{
								configtx2.ChannelCreationPolicyKey: {
									ModPolicy: "/Channel/Orderer/Admins",
									Value: marshalOrPanic(&cb.Policy{
										Type: 3,
										Value: marshalOrPanic(&cb.ImplicitMetaPolicy{
											Rule:      cb.ImplicitMetaPolicy_ANY,
											SubPolicy: configtx2.AdminsPolicyKey,
										}),
									}),
								},
							},
						},
					},
					Values:   map[string]*cb.ConfigValue{},
					Policies: map[string]*cb.ConfigPolicy{},
				},
			},
		},
	}
}

// baseMSP creates a basic MSP struct for organization.
func baseMSP(t *testing.T) configtx2.MSP {
	gt := NewGomegaWithT(t)

	certBlock, _ := pem.Decode([]byte(dummyCert))
	gt.Expect(certBlock).NotTo(BeNil())
	cert, err := x509.ParseCertificate(certBlock.Bytes)
	gt.Expect(err).NotTo(HaveOccurred())

	crlBlock, _ := pem.Decode([]byte(dummyCRL))
	gt.Expect(crlBlock).NotTo(BeNil())
	crl, err := x509.ParseCRL(crlBlock.Bytes)
	gt.Expect(err).NotTo(HaveOccurred())

	return configtx2.MSP{
		Name:              "MSPID",
		RootCerts:         []*x509.Certificate{cert},
		IntermediateCerts: []*x509.Certificate{cert},
		Admins:            []*x509.Certificate{cert},
		RevocationList:    []*pkix.CertificateList{crl},
		OrganizationalUnitIdentifiers: []membership.OUIdentifier{
			{
				Certificate:                  cert,
				OrganizationalUnitIdentifier: "OUID",
			},
		},
		CryptoConfig: membership.CryptoConfig{
			SignatureHashFamily:            "SHA3",
			IdentityIdentifierHashFunction: "SHA256",
		},
		TLSRootCerts:         []*x509.Certificate{cert},
		TLSIntermediateCerts: []*x509.Certificate{cert},
		NodeOUs: membership.NodeOUs{
			ClientOUIdentifier: membership.OUIdentifier{
				Certificate:                  cert,
				OrganizationalUnitIdentifier: "OUID",
			},
			PeerOUIdentifier: membership.OUIdentifier{
				Certificate:                  cert,
				OrganizationalUnitIdentifier: "OUID",
			},
			AdminOUIdentifier: membership.OUIdentifier{
				Certificate:                  cert,
				OrganizationalUnitIdentifier: "OUID",
			},
			OrdererOUIdentifier: membership.OUIdentifier{
				Certificate:                  cert,
				OrganizationalUnitIdentifier: "OUID",
			},
		},
	}
}