github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/lib/servertcert.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package lib 18 19 import ( 20 "github.com/hyperledger/fabric-ca/api" 21 tcert "github.com/hyperledger/fabric-ca/lib/tcert" 22 "github.com/hyperledger/fabric/bccsp" 23 "github.com/pkg/errors" 24 ) 25 26 func newTCertEndpoint(s *Server) *serverEndpoint { 27 return &serverEndpoint{ 28 Methods: []string{"POST"}, 29 Handler: tcertHandler, 30 Server: s, 31 } 32 } 33 34 // Handle a tcert request 35 func tcertHandler(ctx *serverRequestContext) (interface{}, error) { 36 // Authenticate caller 37 id, err := ctx.TokenAuthentication() 38 if err != nil { 39 return nil, err 40 } 41 // Read request body 42 req := &api.GetTCertBatchRequestNet{} 43 err = ctx.ReadBody(req) 44 if err != nil { 45 return nil, err 46 } 47 // Get the targeted CA 48 ca, err := ctx.GetCA() 49 if err != nil { 50 return nil, err 51 } 52 // Get requested attribute values for caller and affiliation path 53 caller, err := ctx.GetCaller() 54 if err != nil { 55 return nil, err 56 } 57 attrs, err := caller.GetAttributes(req.AttrNames) 58 if err != nil { 59 return nil, errors.Errorf("Failed to get attributes '%s': %s", req.AttrNames, err) 60 } 61 affiliationPath := caller.GetAffiliationPath() 62 // Get the prekey associated with the affiliation path 63 prekey, err := ca.keyTree.GetKey(affiliationPath) 64 if err != nil { 65 return nil, newHTTPErr(500, ErrNoPreKey, "Failed to get prekey for identity %s: %s", id, err) 66 } 67 // TODO: When the TCert library is based on BCCSP, we will pass the prekey 68 // directly. Converting the SKI to a string is a temporary kludge 69 // which isn't correct. 70 prekeyStr := string(prekey.SKI()) 71 // Call the tcert library to get the batch of tcerts 72 tcertReq := &tcert.GetTCertBatchRequest{} 73 tcertReq.Count = req.Count 74 tcertReq.Attrs = attrs 75 tcertReq.EncryptAttrs = req.EncryptAttrs 76 tcertReq.ValidityPeriod = req.ValidityPeriod 77 tcertReq.PreKey = prekeyStr 78 resp, err := ca.tcertMgr.GetBatch(tcertReq, ctx.GetECert()) 79 if err != nil { 80 return nil, err 81 } 82 // Successful response 83 return resp, nil 84 } 85 86 // genRootKey generates a new root key 87 func genRootKey(csp bccsp.BCCSP) (bccsp.Key, error) { 88 opts := &bccsp.AES256KeyGenOpts{Temporary: true} 89 return csp.KeyGen(opts) 90 }