github.com/paul-lee-attorney/fabric-ca-1.4.7-gm@v0.0.0-20201120102036-c7ad827cf9ac/lib/servertcert.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package lib 8 9 import ( 10 "github.com/hyperledger/fabric-ca/api" 11 "github.com/paul-lee-attorney/fabric-2.1-gm/bccsp" 12 "github.com/paul-lee-attorney/fabric-ca-1.4.7-gm/lib/caerrors" 13 tcert "github.com/paul-lee-attorney/fabric-ca-1.4.7-gm/lib/tcert" 14 "github.com/pkg/errors" 15 ) 16 17 func newTCertEndpoint(s *Server) *serverEndpoint { 18 return &serverEndpoint{ 19 Path: "tcert", 20 Methods: []string{"POST"}, 21 Handler: tcertHandler, 22 Server: s, 23 } 24 } 25 26 // Handle a tcert request 27 func tcertHandler(ctx *serverRequestContextImpl) (interface{}, error) { 28 // Authenticate caller 29 id, err := ctx.TokenAuthentication() 30 if err != nil { 31 return nil, err 32 } 33 // Read request body 34 req := &api.GetTCertBatchRequestNet{} 35 err = ctx.ReadBody(req) 36 if err != nil { 37 return nil, err 38 } 39 // Get the targeted CA 40 ca, err := ctx.GetCA() 41 if err != nil { 42 return nil, err 43 } 44 // Get requested attribute values for caller and affiliation path 45 caller, err := ctx.GetCaller() 46 if err != nil { 47 return nil, err 48 } 49 attrs, err := caller.GetAttributes(req.AttrNames) 50 if err != nil { 51 return nil, errors.Errorf("Failed to get attributes '%s': %s", req.AttrNames, err) 52 } 53 affiliationPath := caller.GetAffiliationPath() 54 // Get the prekey associated with the affiliation path 55 prekey, err := ca.keyTree.GetKey(affiliationPath) 56 if err != nil { 57 return nil, caerrors.NewHTTPErr(500, caerrors.ErrNoPreKey, "Failed to get prekey for identity %s: %s", id, err) 58 } 59 // TODO: When the TCert library is based on BCCSP, we will pass the prekey 60 // directly. Converting the SKI to a string is a temporary kludge 61 // which isn't correct. 62 prekeyStr := string(prekey.SKI()) 63 // Call the tcert library to get the batch of tcerts 64 tcertReq := &tcert.GetTCertBatchRequest{} 65 tcertReq.Count = req.Count 66 tcertReq.Attrs = attrs 67 tcertReq.EncryptAttrs = req.EncryptAttrs 68 tcertReq.ValidityPeriod = req.ValidityPeriod 69 tcertReq.PreKey = prekeyStr 70 resp, err := ca.tcertMgr.GetBatch(tcertReq, ctx.GetECert()) 71 if err != nil { 72 return nil, err 73 } 74 // Successful response 75 return resp, nil 76 } 77 78 // genRootKey generates a new root key 79 func genRootKey(csp bccsp.BCCSP) (bccsp.Key, error) { 80 // opts := &bccsp.AES256KeyGenOpts{Temporary: true} 81 opts := &bccsp.SM4KeyGenOpts{Temporary: true} 82 83 return csp.KeyGen(opts) 84 }