Merge "External launch metadata uses PEM encoding"

mastersingh24 · Gerrit Code Review · commit ce7aca8b7780 · 2019-11-12T16:54:32.000Z
diff --git a/core/container/externalbuilders/externalbuilders.go b/core/container/externalbuilders/externalbuilders.go
@@ -381,9 +381,9 @@ func (b *Builder) Release(buildContext *BuildContext) error {
 type RunConfig struct {
 	CCID        string `json:"chaincode_id"`
 	PeerAddress string `json:"peer_address"`
-	ClientCert  []byte `json:"client_cert"`
-	ClientKey   []byte `json:"client_key"`
-	RootCert    []byte `json:"root_cert"`
+	ClientCert  string `json:"client_cert"` // PEM encoded client certifcate
+	ClientKey   string `json:"client_key"`  // PEM encoded client key
+	RootCert    string `json:"root_cert"`   // PEM encoded peer chaincode certificate
 }
 
 type RunStatus struct {
@@ -422,9 +422,9 @@ func (b *Builder) Run(ccid, bldDir string, peerConnection *ccintf.PeerConnection
 	}
 
 	if peerConnection.TLSConfig != nil {
-		lc.ClientCert = peerConnection.TLSConfig.ClientCert
-		lc.ClientKey = peerConnection.TLSConfig.ClientKey
-		lc.RootCert = peerConnection.TLSConfig.RootCert
+		lc.ClientCert = string(peerConnection.TLSConfig.ClientCert)
+		lc.ClientKey = string(peerConnection.TLSConfig.ClientKey)
+		lc.RootCert = string(peerConnection.TLSConfig.RootCert)
 	}
 
 	launchDir, err := ioutil.TempDir("", "fabric-run")
diff --git a/core/container/externalbuilders/testdata/goodbuilder/bin/run b/core/container/externalbuilders/testdata/goodbuilder/bin/run
@@ -1,11 +1,12 @@
 #!/bin/bash
 
-OUTPUT_JSON="$(jq -S . $2/chaincode.json)"
+OUTPUT_JSON="$(jq -S . "$2/chaincode.json")"
 
-EXPECTED_JSON="$(echo '{"chaincode_id":"test-ccid","peer_address":"fake-peer-address","client_cert":"ZmFrZS1jbGllbnQtY2VydA==","client_key":"ZmFrZS1jbGllbnQta2V5","root_cert":"ZmFrZS1yb290LWNlcnQ="}' | jq -S .)"
+EXPECTED_JSON="$(echo '{"chaincode_id":"test-ccid","peer_address":"fake-peer-address","client_cert":"fake-client-cert","client_key":"fake-client-key","root_cert":"fake-root-cert"}' | jq -S .)"
 	
 if [ "$OUTPUT_JSON" = "$EXPECTED_JSON" ] ; then
     exit 0
 fi
 
+echo "got $OUTPUT_JSON; want $EXPECTED_JSON"
 exit 1
diff --git a/integration/externalbuilders/binary/bin/run b/integration/externalbuilders/binary/bin/run
@@ -14,21 +14,19 @@ fi
 OUTPUT=$1
 ARTIFACTS=$2
 
-export CORE_CHAINCODE_ID_NAME="$(jq -r .chaincode_id $ARTIFACTS/chaincode.json)"
-export CORE_TLS_CLIENT_CERT_PATH="$ARTIFACTS/client.crt"
-export CORE_TLS_CLIENT_KEY_PATH="$ARTIFACTS/client.key"
+# shellcheck disable=SC2155
+export CORE_CHAINCODE_ID_NAME="$(jq -r .chaincode_id "$ARTIFACTS/chaincode.json")"
+export CORE_PEER_TLS_ENABLED="true"
+export CORE_TLS_CLIENT_CERT_FILE="$ARTIFACTS/client.crt"
+export CORE_TLS_CLIENT_KEY_FILE="$ARTIFACTS/client.key"
 export CORE_PEER_TLS_ROOTCERT_FILE="$ARTIFACTS/root.crt"
 
-# Note, for strange historical reasons, the chaincode expects the cert and key
-# to be base64 encoded, but not the root cert.
-jq -r .client_cert $ARTIFACTS/chaincode.json > "$CORE_TLS_CLIENT_CERT_PATH"
-jq -r .client_key $ARTIFACTS/chaincode.json > "$CORE_TLS_CLIENT_KEY_PATH"
-jq -r .root_cert $ARTIFACTS/chaincode.json | base64 --decode > "$CORE_PEER_TLS_ROOTCERT_FILE"
+jq -r .client_cert "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_CERT_FILE"
+jq -r .client_key  "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_KEY_FILE"
+jq -r .root_cert   "$ARTIFACTS/chaincode.json" > "$CORE_PEER_TLS_ROOTCERT_FILE"
 
-if [ -z "$(cat $CORE_TLS_CLIENT_CERT_PATH)" ]  ; then
-    export CORE_PEER_TLS_ENABLED=false
-else
-    export CORE_PEER_TLS_ENABLED=true
+if [ -z "$(jq -r .client_cert "$ARTIFACTS/chaincode.json")" ]; then
+    export CORE_PEER_TLS_ENABLED="false"
 fi
 
-exec "$OUTPUT/chaincode" -peer.address=$(jq -r .peer_address "$ARTIFACTS/chaincode.json")
+exec "$OUTPUT/chaincode" -peer.address="$(jq -r .peer_address "$ARTIFACTS/chaincode.json")"
diff --git a/integration/externalbuilders/golang/bin/run b/integration/externalbuilders/golang/bin/run
@@ -21,9 +21,9 @@ export CORE_TLS_CLIENT_CERT_FILE="$ARTIFACTS/client.crt"
 export CORE_TLS_CLIENT_KEY_FILE="$ARTIFACTS/client.key"
 export CORE_PEER_TLS_ROOTCERT_FILE="$ARTIFACTS/root.crt"
 
-jq -r .root_cert   "$ARTIFACTS/chaincode.json" | base64 --decode > "$CORE_PEER_TLS_ROOTCERT_FILE"
-jq -r .client_key  "$ARTIFACTS/chaincode.json" | base64 --decode > "$CORE_TLS_CLIENT_KEY_FILE"
-jq -r .client_cert "$ARTIFACTS/chaincode.json" | base64 --decode > "$CORE_TLS_CLIENT_CERT_FILE"
+jq -r .client_cert "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_CERT_FILE"
+jq -r .client_key  "$ARTIFACTS/chaincode.json" > "$CORE_TLS_CLIENT_KEY_FILE"
+jq -r .root_cert   "$ARTIFACTS/chaincode.json" > "$CORE_PEER_TLS_ROOTCERT_FILE"
 
 if [ -z "$(jq -r .client_cert "$ARTIFACTS/chaincode.json")" ]; then
     export CORE_PEER_TLS_ENABLED="false"
