Idemix MSP structure incompatible with Fabric

This change changes the Idemix MSP folder structure to match the
structure expected by Fabric. It replicates the changes previously
delivered (and subsequently reverted) in the following commits:

- acea746
- 29e083e
- 0fcf897
- dfd29fe
- 77c54da

Signed-off-by: Mark S. Lewis <Mark.S.Lewis@outlook.com>
Co-authored-by: Angelo De Caro <adc@zurich.ibm.com>

Author: adecaro

api/serverresponses.go

@@ -20,7 +20,7 @@ type CAInfoResponseNet struct {
 	// Base64 encoding of Idemix issuer public key
 	IssuerPublicKey string
 	// Base64 encoding of PEM-encoded Idemix issuer revocation public key
-	IssuerRevocationPublicKey string
+	RevocationPublicKey string
 	// Version of the server
 	Version string
 }

cmd/fabric-ca-client/command/enroll.go

@@ -88,5 +88,5 @@ func (c *enrollCmd) runEnroll(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	return storeIssuerRevocationPublicKey(cfg, &resp.CAInfo)
+	return storeRevocationPublicKey(cfg, &resp.CAInfo)
 }

cmd/fabric-ca-client/command/getcainfo.go

@@ -102,7 +102,7 @@ func (c *getCAInfoCmd) runGetCACert(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	return storeIssuerRevocationPublicKey(client.Config, si)
+	return storeRevocationPublicKey(client.Config, si)
 }
 
 // Store the CAChain in the CACerts folder of MSP (Membership Service Provider)
@@ -200,9 +200,9 @@ func storeIssuerPublicKey(config *lib.ClientConfig, si *lib.GetCAInfoResponse) e
 	return nil
 }
 
-func storeIssuerRevocationPublicKey(config *lib.ClientConfig, si *lib.GetCAInfoResponse) error {
-	if len(si.IssuerRevocationPublicKey) > 0 {
-		err := storeToFile("Issuer revocation public key", config.MSPDir, "IssuerRevocationPublicKey", si.IssuerRevocationPublicKey)
+func storeRevocationPublicKey(config *lib.ClientConfig, si *lib.GetCAInfoResponse) error {
+	if len(si.RevocationPublicKey) > 0 {
+		err := storeToFile("Issuer revocation public key", config.MSPDir, "RevocationPublicKey", si.RevocationPublicKey)
 		if err != nil {
 			return err
 		}

cmd/fabric-ca-client/command/main_test.go

@@ -2188,7 +2188,7 @@ func TestCleanUp(t *testing.T) {
 	os.Remove(filepath.Join(tdDir, "ca-key.pem"))
 	os.Remove(filepath.Join(tdDir, "IssuerPublicKey"))
 	os.Remove(filepath.Join(tdDir, "IssuerSecretKey"))
-	os.Remove(filepath.Join(tdDir, "IssuerRevocationPublicKey"))
+	os.Remove(filepath.Join(tdDir, "RevocationPublicKey"))
 	os.Remove(testYaml)
 	os.Remove(fabricCADB)
 	os.RemoveAll(moptionDir)
@@ -2199,7 +2199,7 @@ func cleanMultiCADir() {
 	caFolder := filepath.Join(tdDir, "ca/rootca")
 	nestedFolders := []string{"ca1", "ca2"}
 	removeFiles := []string{"msp", "ca-cert.pem",
-		"fabric-ca-server.db", "fabric-ca2-server.db", "ca-chain.pem", "IssuerPublicKey", "IssuerSecretKey", "IssuerRevocationPublicKey"}
+		"fabric-ca-server.db", "fabric-ca2-server.db", "ca-chain.pem", "IssuerPublicKey", "IssuerSecretKey", "RevocationPublicKey"}
 
 	for _, nestedFolder := range nestedFolders {
 		path := filepath.Join(caFolder, nestedFolder)

cmd/fabric-ca-server/main_test.go

@@ -434,7 +434,7 @@ func TestClean(t *testing.T) {
 	os.Remove("ca-cert.pem")
 	os.Remove("IssuerSecretKey")
 	os.Remove("IssuerPublicKey")
-	os.Remove("IssuerRevocationPublicKey")
+	os.Remove("RevocationPublicKey")
 	os.Remove("fabric-ca-server.db")
 	os.RemoveAll("keystore")
 	os.RemoveAll("msp")
@@ -443,7 +443,7 @@ func TestClean(t *testing.T) {
 	os.Remove("../../testdata/ca-cert.pem")
 	os.Remove("../../testdata/IssuerSecretKey")
 	os.Remove("../../testdata/IssuerPublicKey")
-	os.Remove("../../testdata/IssuerRevocationPublicKey")
+	os.Remove("../../testdata/RevocationPublicKey")
 	os.RemoveAll(ldapTestDir)
 	os.RemoveAll("testregattr")
 }
@@ -452,7 +452,7 @@ func cleanUpMultiCAFiles() {
 	caFolder := "../../testdata/ca/rootca"
 	nestedFolders := []string{"ca1", "ca2"}
 	removeFiles := []string{"msp", "ca-cert.pem", "ca-key.pem", "fabric-ca-server.db",
-		"fabric-ca2-server.db", "IssuerSecretKey", "IssuerPublicKey", "IssuerRevocationPublicKey"}
+		"fabric-ca2-server.db", "IssuerSecretKey", "IssuerPublicKey", "RevocationPublicKey"}
 
 	for _, nestedFolder := range nestedFolders {
 		path := filepath.Join(caFolder, nestedFolder)

docs/source/deployguide/cadeploy.md

@@ -39,11 +39,10 @@ Because you will use a single CA client to submit register and enrollment reques
 
   ```
   fabric-ca-client
-    ├── int-ca
-    ├── org1-ca
-    ├── tls-ca
-    └── tls-root-cert
-
+  ├── int-ca
+  ├── org1-ca
+  ├── tls-ca
+  └── tls-root-cert
   ```
 
 **Important:** If your Fabric CA client will transact with CAs from multiple organizations that are secured by different TLS servers, then you would need to either create different `tls-root-cert` folders to hold the TLS CA root certificate for each organization or simply name them differently inside the folder to differentiate them. Since our Fabric CA client will only be transacting with CA servers in the same organization, all of which are secured by the same TLS CA, we will only have a single root certificate in this folder.
@@ -194,8 +193,8 @@ The folder structure that we are using for these Fabric CA client commands is:
 
 ```
 fabric-ca-client
-  └── tls-ca
-  └── tls-root-cert
+├── tls-ca
+└── tls-root-cert
 ```
 
 These folders are used by the Fabric CA client to:
@@ -293,15 +292,15 @@ The resulting folder structure resembles:
 
 ```
 fabric-ca-client
-  └── tls-ca
-    └── tlsadmin
-      └── msp
-    └── rcaadmin
-      └── msp
-    └── icaadmin
-      └── msp
+└── tls-ca
+    ├── tlsadmin
+    |   └── msp
+    ├── rcaadmin
+    |   └── msp
+    ├── icaadmin
+    |   └── msp
     └── tls-root-cert
-      └── tls-ca-cert.pem
+        └── tls-ca-cert.pem
 ```
 
 **Tip:** After you have registered all your nodes with the TLS CA, it can be safely turned off.
@@ -336,19 +335,19 @@ Because you've already registered and enrolled your organization CA bootstrap id
 
   ```
   fabric-ca-client
-    └── tls-ca
-          ├── rcaadmin
-            ├── msp
-               ├── IssuerPublicKey
-               ├── IssuerRevocationPublicKey
-               ├── cacerts
-               ├── keystore
-                   └── key.pem
-               ├── signcerts
-                   └── cert.pem
+  └── tls-ca
+      └── rcaadmin
+          └── msp
+              ├── IssuerPublicKey
+              ├── RevocationPublicKey
+              ├── cacerts
+              ├── keystore
+              |   └── key.pem
+              └── signcerts
+                  └── cert.pem
   fabric-ca-server-org1
-    └── tls
-      └── cert.pem
+  └── tls
+      ├── cert.pem
       └── key.pem
   ```
 
@@ -401,7 +400,7 @@ The folder structure we are using for these commands is:
 
 ```
 fabric-ca-client
-  └── org1-ca
+  ├── org1-ca
   └── tls-root-cert
 ```
 
@@ -443,14 +442,13 @@ These folders are used by the Fabric CA client to:
    ```
    └── msp
        ├── cacerts
-           └── my-machine-example-com-7055.pem
+       |   └── my-machine-example-com-7055.pem
        ├── keystore
-           └── 60b6a16b8b5ba3fc3113c522cce86a724d7eb92d6c3961cfd9afbd27bf11c37f_sk
+       |   └── 60b6a16b8b5ba3fc3113c522cce86a724d7eb92d6c3961cfd9afbd27bf11c37f_sk
        ├── signcerts
-           └── cert.pem
-       ├── user
+       |   └── cert.pem
        ├── IssuerPublicKey
-       └── IssuerRevocationPublicKey
+       └── RevocationPublicKey
    ```
 
    Where:
@@ -504,22 +502,22 @@ The resulting folder structure is similar to the following structure. (Some fold
 
 ```
 fabric-ca-client
-  └── tls-ca
-        ├── icaadmin
-          ├── msp
-             ├── cacerts
-             ├── keystore
-                 └── key.pem
-             ├── signcerts
-                 └── cert.pem
-             ├── tlscacerts
-             ├── user
-             ├── IssuerPublicKey
-             └── IssuerRevocationPublicKey
+└── tls-ca
+    └── icaadmin
+        ├── user
+        └── msp
+            ├── cacerts
+            ├── keystore
+            |   └── key.pem
+            ├── signcerts
+            |   └── cert.pem
+            ├── tlscacerts
+            ├── IssuerPublicKey
+            └── RevocationPublicKey
 fabric-ca-server-int-ca
-  └── tls
-    └── tls-ca-cert.pem
-    └── cert.pem
+└── tls
+    ├── tls-ca-cert.pem
+    ├── cert.pem
     └── key.pem
 ```
 
@@ -560,8 +558,8 @@ The folder structure we are using for these commands is
 
 ```
 fabric-ca-client
-  └── int-ca
-  └── tls-root-cert
+├── int-ca
+└── tls-root-cert
 ```
 
 These folders are used by the Fabric CA client to:

docs/source/operations_guide.rst

@@ -233,16 +233,16 @@ issued form the CA. You will see files such as the ones below:
 
    admin
    ├── fabric-ca-client-config.yaml
+   ├── user
    └── msp
-      ├── IssuerPublicKey
-      ├── IssuerRevocationPublicKey
-      ├── cacerts
-      │   └── 0-0-0-0-7053.pem
-      ├── keystore
-      │   └── 60b6a16b8b5ba3fc3113c522cce86a724d7eb92d6c3961cfd9afbd27bf11c37f_sk
-      ├── signcerts
-      │   └── cert.pem
-      └── user
+       ├── IssuerPublicKey
+       ├── RevocationPublicKey
+       ├── cacerts
+       │   └── 0-0-0-0-7053.pem
+       ├── keystore
+       │   └── 60b6a16b8b5ba3fc3113c522cce86a724d7eb92d6c3961cfd9afbd27bf11c37f_sk
+       └── signcerts
+           └── cert.pem
 
 The ``fabric-ca-client-config.yaml`` is a file that is generated by the CA client,
 this file contains the configuration of the CA client. There are three other important files

go.mod

@@ -20,6 +20,7 @@ require (
 	github.com/grantae/certinfo v0.0.0-20170412194111-59d56a35515b
 	github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2
 	github.com/hyperledger/fabric-lib-go v1.1.2
+	github.com/hyperledger/fabric-protos-go-apiv2 v0.3.3
 	github.com/jinzhu/copier v0.3.5
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/kisielk/sqlstruct v0.0.0-20201105191214-5f3e10d3ab46
@@ -37,6 +38,7 @@ require (
 	github.com/spf13/viper v1.7.0
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/crypto v0.45.0
+	google.golang.org/protobuf v1.36.7
 	gopkg.in/yaml.v2 v2.4.0
 )
 
@@ -83,7 +85,6 @@ require (
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 	google.golang.org/grpc v1.65.0 // indirect
-	google.golang.org/protobuf v1.36.7 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -290,6 +290,8 @@ github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2 h1:B1Nt8hK
 github.com/hyperledger/fabric-amcl v0.0.0-20230602173724-9e02669dceb2/go.mod h1:X+DIyUsaTmalOpmpQfIvFZjKHQedrURQ5t4YqquX7lE=
 github.com/hyperledger/fabric-lib-go v1.1.2 h1:3eHwudGZC5Ex7go5UAzVKhpF34gypPZGfSZksBKLWvE=
 github.com/hyperledger/fabric-lib-go v1.1.2/go.mod h1:SHNCq8AB0VpHAmvJEtdbzabv6NNV1F48JdmDihasBjc=
+github.com/hyperledger/fabric-protos-go-apiv2 v0.3.3 h1:Xpd6fzG/KjAOHJsq7EQXY2l+qi/y8muxBaY7R6QWABk=
+github.com/hyperledger/fabric-protos-go-apiv2 v0.3.3/go.mod h1:2pq0ui6ZWA0cC8J+eCErgnMDCS1kPOEYVY+06ZAK0qE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=

lib/ca.go

@@ -1013,7 +1013,7 @@ func (ca *CA) fillCAInfo(info *api.CAInfoResponseNet) error {
 		return err
 	}
 	info.IssuerPublicKey = util.B64Encode(ipkBytes)
-	info.IssuerRevocationPublicKey = util.B64Encode(rpkBytes)
+	info.RevocationPublicKey = util.B64Encode(rpkBytes)
 	return nil
 }