github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/lib/servertcert.go

github.com/silveraid/fabric-ca@v1.1.0-preview.0.20180127000700-71974f53ab08/lib/servertcert.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package lib
    18  
    19  import (
    20  	"github.com/hyperledger/fabric-ca/api"
    21  	tcert "github.com/hyperledger/fabric-ca/lib/tcert"
    22  	"github.com/hyperledger/fabric/bccsp"
    23  	"github.com/pkg/errors"
    24  )
    25  
    26  func newTCertEndpoint(s *Server) *serverEndpoint {
    27  	return &serverEndpoint{
    28  		Methods: []string{"POST"},
    29  		Handler: tcertHandler,
    30  		Server:  s,
    31  	}
    32  }
    33  
    34  // Handle a tcert request
    35  func tcertHandler(ctx *serverRequestContext) (interface{}, error) {
    36  	// Authenticate caller
    37  	id, err := ctx.TokenAuthentication()
    38  	if err != nil {
    39  		return nil, err
    40  	}
    41  	// Read request body
    42  	req := &api.GetTCertBatchRequestNet{}
    43  	err = ctx.ReadBody(req)
    44  	if err != nil {
    45  		return nil, err
    46  	}
    47  	// Get the targeted CA
    48  	ca, err := ctx.GetCA()
    49  	if err != nil {
    50  		return nil, err
    51  	}
    52  	// Get requested attribute values for caller and affiliation path
    53  	caller, err := ctx.GetCaller()
    54  	if err != nil {
    55  		return nil, err
    56  	}
    57  	attrs, err := caller.GetAttributes(req.AttrNames)
    58  	if err != nil {
    59  		return nil, errors.Errorf("Failed to get attributes '%s': %s", req.AttrNames, err)
    60  	}
    61  	affiliationPath := caller.GetAffiliationPath()
    62  	// Get the prekey associated with the affiliation path
    63  	prekey, err := ca.keyTree.GetKey(affiliationPath)
    64  	if err != nil {
    65  		return nil, newHTTPErr(500, ErrNoPreKey, "Failed to get prekey for identity %s: %s", id, err)
    66  	}
    67  	// TODO: When the TCert library is based on BCCSP, we will pass the prekey
    68  	//       directly.  Converting the SKI to a string is a temporary kludge
    69  	//       which isn't correct.
    70  	prekeyStr := string(prekey.SKI())
    71  	// Call the tcert library to get the batch of tcerts
    72  	tcertReq := &tcert.GetTCertBatchRequest{}
    73  	tcertReq.Count = req.Count
    74  	tcertReq.Attrs = attrs
    75  	tcertReq.EncryptAttrs = req.EncryptAttrs
    76  	tcertReq.ValidityPeriod = req.ValidityPeriod
    77  	tcertReq.PreKey = prekeyStr
    78  	resp, err := ca.tcertMgr.GetBatch(tcertReq, ctx.GetECert())
    79  	if err != nil {
    80  		return nil, err
    81  	}
    82  	// Successful response
    83  	return resp, nil
    84  }
    85  
    86  // genRootKey generates a new root key
    87  func genRootKey(csp bccsp.BCCSP) (bccsp.Key, error) {
    88  	opts := &bccsp.AES256KeyGenOpts{Temporary: true}
    89  	return csp.KeyGen(opts)
    90  }