This CR add a simple nil check before calling close function
on blockfile stream instance. In addition, a couple of tests
are added.

Change-Id: I053b289b32c5dfeab5824eb866a954dc4aa5cfa9
Signed-off-by: manish <manish.sethi@gmail.com>

Sometimees the test TestClientConnections failes.
It is probably due to the port being incremented non atomically
while the tests are being run in parallel.

I made the ports be different per test.

Change-Id: Ia0120794a04343e438ec3e65cbab0346bd203ed9
Signed-off-by: yacovm <yacovm@il.ibm.com>

Background: A common "known problem" is a misconfiguration of the peer
which ripples to the chaincode shim, and then prevents the shim
to connect to the peer, when TLS is enabled.

This is due to the fact that the TLS certificate SAN needs to match
to the configuration, but this is impossible in some cases,
and tricky in other cases.

Another aspect is that the chaincode container shouldn't actually
use organizational credentials to connect to the peer, since
the chaincode is logically an extension of the peer and managed
by it, and not by the organization.

This change set:
- Removes the code that bakes the peer's TLS CA certificate
  into the docker image.
- Instead, it adds to the uploaded files at chaincode container startup,
  the TLS CA certificate that is self-signed by the peer at startup.
- It also makes the chaincode service use a TLS certificate that is
  signed by that CA's private key, with the same SAN that the peer
  passes to the chaincode shim at its startup.
- Changes the unit tests of the core/chaincode/accesscontrol to reflect
  the change, and imitate a chaincode shim that is given the TLS CA cert
  and the mock chaincode service to use a TLS certificate signed
  by the CA.

Change-Id: Ife1e2a42b163b5e2372a127f118eccff0027780c
Signed-off-by: yacovm <yacovm@il.ibm.com>

Prior to this change, the peer used the
TLS server key pair when making client
TLS connections.  In many cases, this
will be fine, but in cases where the
TLS server key pair is issued by
a public CA (e.g. Verisign), this is
an issue as now any client certificate
issued by Versign will be valid.

So this change simply adds an optional
TLS client key pair to the peer config.

Change-Id: I0195407ef0ecef58059e726a6c9eb6e473926cc8
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>

Prior to this change, running
go test for the core/comm package
required the TestEnv.  With this
change you can now simply run
go test locally.

Change-Id: If75456c85330cdda30aa6f11c449c2585f6b6110
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>

The main purpose of function ccEpFunc is to compute chaincode
endpoint and return error if needed. It will be better to do
all checks and computation during the node start up phase.

The CR will do all the necessary checks in node/start.go and
panic if unexpected error. Therefore, it will pass only the
chaincode endpoint value (as string) to the follow up function.

Also, the CR moves panic from createChaincodeServer to serve
function and revises UT to cover all chaincode endpoint
computation cases.

Change-Id: Ie4802472f0dd04c3a3da1e1ac6e30f90463fb0b2
Signed-off-by: Boliang Chen <cblsjtu@gmail.com>

Currently when the peer is started via peer node start,
it crashes because it cannot detect an endpoint to be used as the
address that a chaincode shim will connect to the peer,
because all config endpoints point to 0.0.0.0

The change set makes the peer fallback to an auto-detected address
in this case.

Change-Id: Ie38ec70c244860fed34c051ff9c6ef2cc974ce50
Signed-off-by: yacovm <yacovm@il.ibm.com>

No peer commands make use of the
--test.coverprofile flag so it
should be removed.

Change-Id: Ib1712d272a052427b7ce0e8740941f69bdeafcd6
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>

This change-set sets add the licence header
that was missing in some file in the bccsp package

Change-Id: I69ef8d2663fbaa6d13b0bdc21363e252a109fc71
Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

Currently, when chaincode is instantiated, the pulling of baseos
is explicitly set to false. This commit adds a new configuration
option under the docker section which allows one to force the
pulling of baseos. By default, it is set to false which maintains
the current behaviour.

This change may help address situations where a base image is updated
(eg: to patch vulnerabilities) and a peer cluster is using a generic
moving tag for baseos such as "latest".

Change-Id: I39af030ce26dcd3282ec4e762f8ed217ea6dfe9b
Signed-off-by: gbolo <george.bolo@gmail.com>

fix d/l short link

Change-Id: I96e791e3c53f888ef0f7ad79ac860284d40f5597
Signed-off-by: Christopher Ferris <chrisfer@us.ibm.com>

There are few golint warning on gossip module packages, this commit
takes care to address them.

Change-Id: I13a85ad990f981a0da42446962ac0993383cc8b5
Signed-off-by: Artem Barger <bartem@il.ibm.com>

There is data type in coordinator.go module which is no longer in use
and could be safely removed, this commit cleans up and removes this
data type.

Change-Id: I7664376832e31f976f473a7850d670d343fb74b4
Signed-off-by: Artem Barger <bartem@il.ibm.com>

This integration test that checks that leader election yields and causes
the deliver service to shutdown at yield, and for another leader get elected
was brittle and was disabled.

I ran 200 interations of this version and both z and x86 jobs pass now.

Change-Id: Iac1f0b46661058096274317a21b3f0f02a3e5a8a
Signed-off-by: yacovm <yacovm@il.ibm.com>

Currently while gossip forward the message during distribution it
selects peers from the current membership view, while not filtering
the peer which delivered the message. As a consequence message might be
send to the source peer one again. This commit extends the peers
selection logic by adding the check which allows to avoid sending same
message to the source peer back again.

Change-Id: I76ceafba2335c27e1186f511d3cdab8a24d600af
Signed-off-by: Artem Barger <bartem@il.ibm.com>

The BCCSP sw and pkcs11 implementations are actually duplicate
some ECDSA-related code and the MSP package is importing the
sw package just to use these function as well.
This chage-set moves this common ECDSA-related code
under the bccsp/util package to streamline its usage.

Change-Id: Idbe6e27aa7c86d4b38cf11576ee00ab276439797
Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

This change-set does the following:
- It adds support for MSPPrincipal.Role.Client/Peer/Orderer
to identity#SatisfiesPrinciapl.
- It enforces that administrators of an MSP are clients

Tests have been added to verify the change-set

Change-Id: I9663df5ba242db505c4d5fcbbed19c050825f97f
Signed-off-by: Angelo De Caro <adc@zurich.ibm.com>

As described in issue FAB-6333, when using hostname for fabric peers,
the changed IP address after reconnect causes a problem as the
original chaincode listener continues to listen on the old address
that was resolved by the hostname when the peer was started.

The CR will fix this issue by adding the param "chaincodeAddress"
to peer, which is the connecting host name for the chaincode, while
the param "chaincodeListenAddress" is stil used to set listen address.
Also, it updates core.yaml to reflect this change.

At last, it refactors getting chaincode endpoint part into a single function.

What's more, it removes unused "peerAddress" from core.yaml chaincode section.

Change-Id: I85e273a10b66859077f10c7b0774cda55d3e9cb8
Signed-off-by: Boliang Chen <cblsjtu@gmail.com>

The enccc_example.go was modified to clearly show the user
the crypto function(s) being available for transactional data
that has transient data passed for operations to include:
- encrypt
- decrypt
- sign
- verify

The patch set removed the 'PUT' and 'GET' parameters for sample clarity.
The README.md was also modified and the go tests modfied to
test the modified and new functions added.

Change-Id: I16b7894c1118cc7b9f722801ffe3a113be5dbece
Signed-off-by: Barry Mosakowski <barry_moz@yahoo.com>