From 217c510979ff60107780b418fd5ddfccf8e0f2de Mon Sep 17 00:00:00 2001 From: sapthasurendran Date: Mon, 4 Jul 2022 14:24:46 +0530 Subject: [PATCH] hsm script changes Readme changes Added npm prepare Signed-off-by: sapthasurendran --- .../application-gateway-hsm/README.md | 9 ++--- .../application-gateway-hsm/node/package.json | 1 + .../scripts/generate-hsm-user.sh | 34 ++++++++++++------- ci/scripts/run-test-network-basic.sh | 4 +-- 4 files changed, 28 insertions(+), 20 deletions(-) diff --git a/asset-transfer-basic/application-gateway-hsm/README.md b/asset-transfer-basic/application-gateway-hsm/README.md index 4b7cdb23..efca5f0f 100644 --- a/asset-transfer-basic/application-gateway-hsm/README.md +++ b/asset-transfer-basic/application-gateway-hsm/README.md @@ -82,15 +82,17 @@ To be able to register and enroll identities using an HSM you need a PKCS#11 ena To install this use the following command ```bash -go get -tags 'pkcs11' github.com/hyperledger/fabric-ca/cmd/fabric-ca-client +go install -tags 'pkcs11' github.com/hyperledger/fabric-ca/cmd/fabric-ca-client@latest ``` ## Enroll the HSM User -A user, `HSMUser`, who is HSM managed needs to be registered then enrolled for the sample +A user, `HSMUser`, who is HSM managed needs to be registered then enrolled for the sample. + +If the "standard" PKCS11 library locations checked for by the script don't include the library(libsofthsm2.so) location for your environment set the `PKCS11_LIB` environment variable to define the library location. ```bash cd scripts -./generate-hsm-user.sh HSMUser +PKCS11_LIB='' ./generate-hsm-user.sh HSMUser ``` This will register a user `HSMUser` with the CA in Org1 (if not already registered) and then enroll that user which will @@ -110,7 +112,6 @@ go run -tags pkcs11 hsm-sample.go ``` cd application-gateway-hsm/node npm install -npm run build npm start ``` diff --git a/asset-transfer-basic/application-gateway-hsm/node/package.json b/asset-transfer-basic/application-gateway-hsm/node/package.json index 18a517a7..d960b672 100644 --- a/asset-transfer-basic/application-gateway-hsm/node/package.json +++ b/asset-transfer-basic/application-gateway-hsm/node/package.json @@ -7,6 +7,7 @@ "node": "^14.15.0 || ^16.13.0" }, "scripts": { + "prepare": "npm run build", "build": "npm-run-all clean compile lint", "clean": "rimraf dist", "compile": "tsc", diff --git a/asset-transfer-basic/application-gateway-hsm/scripts/generate-hsm-user.sh b/asset-transfer-basic/application-gateway-hsm/scripts/generate-hsm-user.sh index 481ca22b..ac5a93a1 100755 --- a/asset-transfer-basic/application-gateway-hsm/scripts/generate-hsm-user.sh +++ b/asset-transfer-basic/application-gateway-hsm/scripts/generate-hsm-user.sh @@ -6,19 +6,27 @@ CA_HOST=localhost CA_URL=${CA_HOST}:7054 TLS_CERT='../../../test-network/organizations/fabric-ca/org1/tls-cert.pem' -# try to locate the Soft HSM library -POSSIBLE_LIB_LOC=('/usr/lib/softhsm/libsofthsm2.so' \ -'/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' \ -'/usr/local/lib/softhsm/libsofthsm2.so' \ -'/usr/lib/libacsp-pkcs11.so' -) -for TEST_LIB in "${POSSIBLE_LIB_LOC[@]}" -do - if [ -f $TEST_LIB ]; then - HSM2_LIB=$TEST_LIB - break +LocateHsmLib() { + if [[ -n "${PKCS11_LIB}" && -f "${PKCS11_LIB}" ]]; then + echo "${PKCS11_LIB}" + return fi -done + + local POSSIBLE_LIB_LOC=( \ + '/usr/lib/softhsm/libsofthsm2.so' \ + '/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' \ + '/usr/local/lib/softhsm/libsofthsm2.so' \ + '/usr/lib/libacsp-pkcs11.so' \ + ) + for TEST_LIB in "${POSSIBLE_LIB_LOC[@]}"; do + if [ -f "${TEST_LIB}" ]; then + echo "${TEST_LIB}" + return + fi + done +} + +HSM2_LIB=$(LocateHsmLib) [ -z $HSM2_LIB ] && echo No SoftHSM PKCS11 Library found, ensure you have installed softhsm2 && exit 1 # create a softhsm2.conf file if one doesn't exist @@ -50,4 +58,4 @@ HSMUSER=$1 SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://$CAADMIN:$CAADMIN_PW@$CA_URL --mspdir $CRYPTO_PATH/$CAADMIN --csr.hosts example.com --tls.certfiles ${TLS_CERT} ! SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client register -c $CLIENT_CONFIG --mspdir $CRYPTO_PATH/$CAADMIN --id.name $HSMUSER --id.secret $HSMUSER --id.type client --caname ca-org1 --id.maxenrollments 0 -m example.com -u https://$CA_URL --tls.certfiles ${TLS_CERT} && echo user probably already registered, continuing -SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://$HSMUSER:$HSMUSER@$CA_URL --mspdir $CRYPTO_PATH/$HSMUSER --csr.hosts example.com --tls.certfiles ${TLS_CERT} +SOFTHSM2_CONF=$HSM2_CONF fabric-ca-client enroll -c $CLIENT_CONFIG -u https://$HSMUSER:$HSMUSER@$CA_URL --mspdir $CRYPTO_PATH/$HSMUSER --csr.hosts example.com --tls.certfiles ${TLS_CERT} \ No newline at end of file diff --git a/ci/scripts/run-test-network-basic.sh b/ci/scripts/run-test-network-basic.sh index 08a5cef8..cf6db805 100755 --- a/ci/scripts/run-test-network-basic.sh +++ b/ci/scripts/run-test-network-basic.sh @@ -113,10 +113,8 @@ pushd ../asset-transfer-basic/application-gateway-hsm/scripts/ print "Enroll and register User in HSM" ./generate-hsm-user.sh HSMUser pushd ../node/ -print "install dependencies" +print "install dependencies and prepare for running" npm install -print "Building hsm-sample.ts" -npm run build print "Running the output app" npm run start popd