def _enroll_and_register_consortium_(script_manager, ca_node, node):
# --- Generate Keys and certificates for (enroll) the CA admin ---
consortium_addr = node['addr'] # 'example.com'
ca_addr = node['owner'] # 'ca.example.com'
ca_name = node['owner'] # FIX_ME 'ca.example.com'
ca_port = node['ports'] # '7051'
username = '******'
password = PasswordManager.decrypt(ca_node['password'])
conn = 'localhost'
ca_tls_cert = os.getcwd(
) + os.sep + ConfigRepo.FABIC_CA_TARGET_REPO + os.sep + ca_addr + os.sep + 'tls-cert.pem'
url = 'https://' + username + ':' + password + '@' + conn + ':' + ca_port
environment = {
'FABRIC_CA_CLIENT_HOME':
os.getcwd() + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep +
consortium_addr
}
script_manager.add([
'fabric-ca-client', 'enroll', '-u', url, '--caname', ca_name,
'--tls.certfiles', ca_tls_cert
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
def _generate_fabric_ca_scripts_(cls, component_dict):
bcc_fabric_ca_list = cls._get_list_of_fabric_ca_(component_dict)
net_template_processor = NetworkTemplateProcessor()
for elem in bcc_fabric_ca_list:
bcc_fabric_ca_addr = read_and_strip(elem['addr'])
bcc_fabric_ca_organization = read_and_strip(elem['org'])
bcc_fabric_ca_country = read_and_strip(elem['country'])
bcc_fabric_ca_state = read_and_strip(elem['state'])
bcc_fabric_ca_locality = read_and_strip(elem['locality'])
bcc_fabric_ca_port = read_and_strip(elem['port'])
bcc_fabric_ca_admin = 'admin' # FIX_ME
bcc_fabric_ca_password = PasswordManager.decrypt(elem['password'])
# Instantiate only if used
if bcc_fabric_ca_port:
output = net_template_processor.process(
'fabric-ca-server-config.yaml',
BCC_FABRIC_CA_NAME=bcc_fabric_ca_organization,
BCC_FABRIC_CA_ADMIN=bcc_fabric_ca_admin,
BCC_FABRIC_CA_PASSWORD=bcc_fabric_ca_password,
BCC_FABRIC_CA_ADDR=bcc_fabric_ca_addr,
BCC_FABRIC_CA_PORT=bcc_fabric_ca_port,
BCC_FABRIC_CA_ORGANIZATION=bcc_fabric_ca_organization,
BCC_FABRIC_CA_COUNTRY=bcc_fabric_ca_country,
BCC_FABRIC_CA_STATE=bcc_fabric_ca_state,
BCC_FABRIC_CA_LOCALITY=bcc_fabric_ca_locality)
target_dir = ConfigRepo.FABIC_CA_TARGET_REPO + os.sep + bcc_fabric_ca_addr
os.makedirs(target_dir, exist_ok=True)
with open(target_dir + os.sep + 'fabric-ca-server-config.yaml',
'w') as f:
f.write(output)
def add_user(cls, username, password):
for userid in cls.user_dict:
if cls.user_dict[userid]['username'] == username:
return "User already exists"
hashed_pass = PasswordManager.hash(password)
id = str(len(cls.user_dict) + 1)
cls.user_dict[id] = User(id, username, hashed_pass)
return None
def set_password(self, addr, username, password):
user_path = UserManager._find_user_path_(addr, username)
if not user_path:
return 'username ' + username + 'of addr ' + addr + ' not found', None
user_dict = UserManager._load_user_dict_(user_path, username)
user_dict['password'] = PasswordManager.encrypt(password)
UserManager._save_user_dict_(user_dict, user_path, username)
return self._build_user_list_(addr)
def set_password(self, addr, password):
component_path = ComponentManager._find_component_path_(addr)
if not component_path:
return 'Component address ' + addr + ' not found', None
component_dict = ComponentManager._load_component_dict_(
component_path, addr)
component_dict['password'] = PasswordManager.encrypt(password)
ComponentManager._save_component_dict_(component_dict, component_path,
addr)
return self._return_list_()
def modify_user(cls, username, password):
for userid in cls.user_dict:
if cls.user_dict[userid]['username'] == username:
hashed_pass = PasswordManager.hash(password)
cls.user_dict[id].set_password(hashed_pass)
def set_password(self, password):
self._password = PasswordManager.hash(password)
def authenticate(self, password):
if self._password == PasswordManager.hash(password):
self._authenticated = True
return self._authenticated
def main(cls):
response = cls._input_param_(
'Do you want to install and configure the application?', 'y',
'Y/n')
if response[0].lower() == 'n':
return
if not cls.prerequisites():
sys.exit(-1)
while True:
host = cls._input_param_('server hostname', 'localhost')
break
while True:
sport = cls._input_param_('listening port', '8080')
try:
port = int(sport)
except:
cls._error_('Port must be a number above 1024')
sleep(0.3)
continue
if port <= 1024:
cls._error_('Only port number above 1024 are permitted')
sleep(0.3)
continue
break
while True:
data_path = cls._input_param_('Data directory', os.getcwd())
if not os.path.exists(data_path):
create_path = cls._input_param_(
'data directory "' + data_path +
'" does not exist. Do you want to create it?', 'y', 'Y/n')
if create_path[0] == 'y':
try:
os.makedirs(data_path)
break
except:
cls._error_('Unable to create "' + data_path +
'". Review path or check permissions')
continue
if not os.access(data_path, os.W_OK) or not os.access(
data_path, os.R_OK):
cls._error_("You don't have read and write permission for \"" +
data_path)
continue
break
while True:
log_path = cls._input_param_('Log directory',
os.getcwd() + os.sep + 'log')
if not os.path.exists(log_path):
create_path = cls._input_param_(
'log directory "' + log_path +
'" does not exist. Do you want to create it?', 'y', 'Y/n')
if create_path[0] == 'y':
try:
os.makedirs(log_path)
break
except:
cls._error_('Unable to create "' + log_path +
'". Review path or check permissions')
continue
if not os.access(log_path, os.W_OK) or not os.access(
data_path, os.R_OK):
cls._error_("You don't have read and write permission for \"" +
log_path)
continue
break
while True:
config_path = cls._input_param_('Path for the configuration file',
os.path.join(data_path, 'config'))
if not os.path.exists(config_path):
create_path = cls._input_param_(
'Config path "' + config_path +
'" does not exist. Do you want to create it?', 'y', 'Y/n')
if create_path[0].lower() == 'y':
try:
os.makedirs(config_path)
break
except:
cls._error_('Unable to create "' + config_path +
'". Review path or check permissions')
continue
if not os.access(config_path, os.W_OK) or not os.access(
data_path, os.R_OK):
cls._error_("You don't have read and write permission for " +
config_path)
continue
break
secret_key = os.urandom(12).hex()
while True:
password = cls._input_password_('Administrator\'s password')
msg = PasswordManager.validate(password)
if msg:
cls._error_(msg)
continue
confirm = cls._input_password_('Confirm (re-enter) password')
if password != confirm:
cls._error_('Password differs, please, re-enter')
continue
break
# Generate keys
PasswordManager.create_keys(data_path, password)
# Create locally example folders (if required i.e. from pyinstaller)
source_path = os.path.dirname(os.path.realpath(__file__))
if source_path != os.getcwd():
copytree(source_path + os.sep + 'example-network',
data_path + os.sep + 'example-network')
copytree(source_path + os.sep + 'example-attach',
data_path + os.sep + 'example-attach')
# Download docker images
for image in cls.images:
if not cls._pull_and_tag_docker_image_(image[0], image[1]):
cls._error_('Installation failed on pulling docker images')
# Write config file
with open(os.path.join(config_path, 'SocialFabric.json'), 'w') as f:
json.dump(
{
'HOST': host,
'PORT': port,
'SECRET_KEY': secret_key,
'DATA_PATH': data_path,
'LOG_PATH': log_path,
'LOG_MAX_SIZE': 1000000,
'LOG_MAX_FILES': 10,
'ENV': 'production',
'DEBUG': False
}, f)
cls._info_('configuration file ' +
os.path.join(config_path, 'SocialFabric.json') +
' created')
# Write dockerclean.sh file
with open(os.path.join(data_path, 'dockerclean.sh'), 'w') as f:
f.write('#!/bin/bash\n' + '\ndocker kill `docker ps -q`\n' +
'docker rm `docker ps -aq`\n' +
'docker volume prune -f\n' + 'docker network prune -f\n')
os.fchmod(
f.fileno(),
stat.S_IRWXU | stat.S_IRWXG | stat.S_IROTH | stat.S_IXOTH)
cls._info_('configuration file ' +
os.path.join(data_path, 'dockerclean.sh') + ' created')
# Write distclean.sh file
with open(os.path.join(data_path, 'distclean.sh'), 'w') as f:
f.write('#!/bin/bash\n' + '\nrm -rf social_fabric/ors-network\n' +
'rm -rf social_fabric/ors-attach' +
'rm -f social_fabric/log/*\n' +
'rm -f social_fabric/config/working.json\n' +
'rm -rf social_fabric/__pycache__\n' +
'rm -rf SocialFabric.egg-info' + 'rm -rf __pycache__\n' +
'rm -rf dist\n')
os.fchmod(
f.fileno(),
stat.S_IRWXU | stat.S_IRWXG | stat.S_IROTH | stat.S_IXOTH)
cls._info_('configuration file ' +
os.path.join(data_path, 'distclean.sh') + ' created')
# Installation successful
cls._success_('Installation and configuration completed')
cls._success_('You may start the server with:')
cls._info_(' ' + os.getcwd() + os.sep +
'SocialFabric.bin --config ' + config_path + os.sep +
'SocialFabric.json\n')
sys.exit(0)
def set_password(self, addr, password):
owner_dict = OwnerManager._load_owner_dict_(ConfigRepo.FABIC_CA_SRC_REPO + os.sep + addr, addr)
owner_dict['password'] = PasswordManager.encrypt(password)
OwnerManager._save_owner_dict_(owner_dict, ConfigRepo.FABIC_CA_SRC_REPO + os.sep + addr, addr)
return None, self.build_owner_list()
else:
log.setLevel(logging.INFO)
root.setLevel(logging.INFO)
app.logger.setLevel(logging.INFO)
app.logger.info('SocialFabric Component Administration Started')
app.logger.info('SocialFabric Configuration File: ' + config_file)
app.logger.info('SocialFabric Bin Directory: ' + ConfigRepo.BIN_REPO)
app.logger.info('SocialFabric Data Directory: ' + ConfigRepo.DATA_REPO)
app.logger.info('SocialFabric Log Directory: ' + app.config['LOG_PATH'])
# ----------------------------
# flask-login
# ----------------------------
PasswordManager.init(app.config['DATA_PATH'])
UserLoggon.init(app.config['DATA_PATH'])
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = "do_login"
# ----------------------------
# managers
# ----------------------------
app.user_manager = UserManager()
app.owner_manager = OwnerManager()
app.component_manager = ComponentManager(app.config, app.owner_manager)
# FIX_ME
# callback to reload the user object
def _enroll_and_register_elem_(script_manager, org_node, target_type,
target_node):
ca_addr = org_node['owner']
ca_name = org_node['owner']
ca_port = org_node['ports']
org_addr = org_node['addr']
org_type = org_node['type']
target_addr = target_node['addr']
target_name = target_node['name']
target_passwd = PasswordManager.decrypt(target_node['password'])
conn = 'localhost' # FIX_ME
target_cert = conn + '-' + ca_port + '-' + ca_addr.replace(
'.', '-') + '.pem'
target_tls_cert = 'tls-' + target_cert
if org_type == 'consortium':
environment = {
'FABRIC_CA_CLIENT_HOME':
os.getcwd() + os.sep + ConfigRepo.ORDERER_TARGET_REPO +
os.sep + org_addr
}
else:
environment = {
'FABRIC_CA_CLIENT_HOME':
os.getcwd() + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep +
org_addr
}
ca_tls_cert = os.getcwd(
) + os.sep + ConfigRepo.FABIC_CA_TARGET_REPO + os.sep + ca_addr + os.sep + 'tls-cert.pem'
# --- Register element ---
script_manager.add([
'fabric-ca-client', 'register', '--caname', ca_name, '--id.name',
target_name, '--id.secret', target_passwd, '--id.type',
target_type, '--tls.certfiles', ca_tls_cert
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
# ---- Generate certificates
url = 'https://' + target_name + ':' + target_passwd + '@' + conn + ':' + ca_port
if target_type == 'peer':
target_dir = os.getcwd(
) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'peers' + os.sep + target_addr
elif target_type == 'orderer':
target_dir = os.getcwd(
) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'orderers' + os.sep + target_addr
elif target_type in ('client', 'admin'):
if org_type == 'consortium':
target_dir = os.getcwd(
) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'users' + os.sep + target_addr
else:
target_dir = os.getcwd(
) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'users' + os.sep + target_addr
else:
raise Exception("Unknown type " + target_type)
# --- Generate MSP Certificate and key ---
script_manager.add([
'fabric-ca-client', 'enroll', '-u', url, '--caname', ca_name, '-M',
target_dir + os.sep + 'msp', '--tls.certfiles', ca_tls_cert
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
# --- Copy and rename certificate
if target_type in ('peer', 'orderer'):
if target_type == 'orderer':
dest_dir = os.getcwd(
) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'ca'
else:
dest_dir = os.getcwd(
) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'ca'
script_manager.add(['mkdir', '-p', dest_dir],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
script_manager.add([
'cp', target_dir + os.sep + 'msp' + os.sep + 'cacerts' +
os.sep + target_cert,
dest_dir + os.sep + 'ca.' + org_addr + '-cert.pem'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
# --- Generate TLS Certificate and key ---
if target_type in ('orderer', 'peer'):
script_manager.add([
'fabric-ca-client', 'enroll', '-u', url, '--caname', ca_name,
'-M', target_dir + os.sep + 'tls', '--enrollment.profile',
'tls', '--csr.hosts', target_addr, '--csr.hosts', conn,
'--tls.certfiles', ca_tls_cert
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
# Copy and rename certificates
script_manager.add([
'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' +
os.sep + target_tls_cert,
target_dir + os.sep + 'tls' + os.sep + 'ca.crt'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
script_manager.add([
'cp', target_dir + os.sep + 'tls' + os.sep + 'signcerts' +
os.sep + 'cert.pem',
target_dir + os.sep + 'tls' + os.sep + 'server.crt'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
#script_manager.add(['echo', '"cp ' + target_dir + os.sep + 'tls' + os.sep + 'keystore' + os.sep + '* ' +
# target_dir + os.sep + 'tls' + os.sep + 'server.key"', '|', 'bash'],
# directory = ConfigRepo.NETWORK_NAME,
# environment = environment)
if target_type == 'orderer':
dest_dir = os.getcwd(
) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'orderers' + os.sep + target_addr + os.sep + 'msp' + os.sep + 'tlscacerts'
script_manager.add(['mkdir', '-p', dest_dir],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
script_manager.add([
'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' +
os.sep + target_tls_cert,
dest_dir + os.sep + 'tlsca.' + org_addr + '-cert.pem'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
dest_dir = os.getcwd(
) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'msp' + os.sep + 'tlscacerts'
script_manager.add(['mkdir', '-p', dest_dir],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
script_manager.add([
'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' +
os.sep + target_tls_cert,
dest_dir + os.sep + 'tlsca.' + org_addr + '-cert.pem'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
else: # peer
dest_dir = os.getcwd(
) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'msp' + os.sep + 'tlscacerts'
script_manager.add(['mkdir', '-p', dest_dir],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
script_manager.add([
'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' +
os.sep + target_tls_cert, dest_dir + os.sep + 'ca.crt'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
dest_dir = os.getcwd(
) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'tlsca'
script_manager.add(['mkdir', '-p', dest_dir],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
script_manager.add([
'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' +
os.sep + target_tls_cert,
dest_dir + os.sep + 'tlsca.' + org_addr + '-cert.pem'
],
directory=ConfigRepo.NETWORK_NAME,
environment=environment)
def _generate_docker_compose_scripts_(cls, component_dict, working_mode):
net_template_processor = NetworkTemplateProcessor()
bcc_user_id = str(os.getuid()) + ':' + str(os.getgid())
bcc_fabric_ca_list = cls._get_list_of_fabric_ca_(component_dict)
bcc_consortium_node, bcc_orderer_list, bcc_org_list, bcc_peer_dict = cls._get_lists_of_nodes_(
component_dict)
bcc_consortium_addr = read_and_strip(bcc_consortium_node['addr'])
bcc_peer_list = []
for org in bcc_org_list:
bcc_peer_list += bcc_peer_dict[org['addr']]
output = net_template_processor.process(
'docker-compose-prefix.yaml',
BCC_NETWORK_DOMAIN=bcc_consortium_addr,
BCC_ORDERER_LIST=bcc_orderer_list,
BCC_PEER_LIST=bcc_peer_list)
for elem in bcc_fabric_ca_list:
bcc_ca_addr = read_and_strip(elem['addr'])
bcc_ca_public_cert = bcc_ca_addr + OwnerManager.CERT_SUFFIX
bcc_ca_private_key = bcc_ca_addr + OwnerManager.KEY_SUFFIX
bcc_ca_admin_name = 'admin' # FIX_ME
bcc_ca_admin_password = PasswordManager.decrypt(elem['password'])
bcc_ca_port = read_and_strip(elem['port'])
# Instantiate only if used
if bcc_ca_port:
output += net_template_processor.process(
'docker-compose-ca.yaml',
BCC_USER_ID=bcc_user_id,
BCC_NETWORK_DOMAIN=bcc_consortium_addr,
BCC_CA_ADDR=bcc_ca_addr,
BCC_CA_PORT=bcc_ca_port,
BCC_CA_PUBLIC_CERT=bcc_ca_public_cert,
BCC_CA_PRIVATE_KEY=bcc_ca_private_key,
BCC_CA_ADMIN_NAME=bcc_ca_admin_name,
BCC_CA_ADMIN_PASSWORD=bcc_ca_admin_password)
# --- Orderers ---
if working_mode == 'CreateNetwork':
for node in bcc_orderer_list:
bcc_orderer_addr = read_and_strip(node['addr'])
bcc_orderer_name = read_and_strip(node['name'])
bcc_orderer_port = read_and_strip(node['ports'])
output += net_template_processor.process(
'docker-compose-orderer.yaml',
BCC_NETWORK_DOMAIN=bcc_consortium_addr,
BCC_ORDERER_NAME=bcc_orderer_name,
BCC_ORDERER_ADDR=bcc_orderer_addr,
BCC_ORDERER_PORT=bcc_orderer_port)
for org_node in bcc_org_list:
bcc_org_addr = read_and_strip(org_node['addr'])
bcc_org_name = read_and_strip(org_node['name'])
for node in bcc_peer_dict[bcc_org_addr]:
bcc_peer_addr = read_and_strip(node['addr'])
bcc_couchdb_addr = 'couchdb.' + bcc_peer_addr
ports = read_and_strip(node['ports']).split(';')
bcc_peer_port = ports[0].strip()
bcc_couchdb_port = ports[1].strip()
bcc_org_admin_user_addr = None
user_list = UserManager.find_all_users(bcc_org_addr)
for user in user_list:
user_dict = UserManager.get_user_dict(bcc_org_addr, user)
if user_dict['admin']:
bcc_org_admin_user_addr = user
bcc_cli_addr = 'cli.' + bcc_peer_addr
output += net_template_processor.process(
'docker-compose-couchdb.yaml',
BCC_NETWORK_DOMAIN=bcc_consortium_addr,
BCC_COUCHDB_ADDR=bcc_couchdb_addr,
BCC_COUCHDB_PORT=bcc_couchdb_port)
output += net_template_processor.process(
'docker-compose-peer.yaml',
BCC_NETWORK_DOMAIN=bcc_consortium_addr,
BCC_ORG_ADDR=bcc_org_addr,
BCC_ORG_NAME=bcc_org_name,
BCC_PEER_ADDR=bcc_peer_addr,
BCC_PEER_PORT=bcc_peer_port,
BCC_COUCHDB_ADDR=bcc_couchdb_addr,
BCC_COUCHDB_PORT=bcc_couchdb_port)
output += net_template_processor.process(
'docker-compose-cli.yaml',
BCC_NETWORK_DOMAIN=bcc_consortium_addr,
BCC_ORG_ADDR=bcc_org_addr,
BCC_ORG_NAME=bcc_org_name,
BCC_PEER_ADDR=bcc_peer_addr,
BCC_PEER_PORT=bcc_peer_port,
BCC_CLI_ADDR=bcc_cli_addr,
BCC_ORG_ADMIN_USER_ADDR=bcc_org_admin_user_addr)
os.makedirs(ConfigRepo.NETWORK_NAME + os.sep + ConfigRepo.DOCKER_REPO,
exist_ok=True)
with open(
ConfigRepo.NETWORK_NAME + os.sep + ConfigRepo.DOCKER_REPO +
os.sep + 'docker-compose.yaml', 'w') as f:
f.write(output)