[FAB-7553] Refactor comm.SecureConfig

A simple change which renames a few fields
so that SecureConfig can be used by clients
as well as servers.

Change-Id: I2f8a7a947eb3b568e45efa6c0ad34beec85c7853
Signed-off-by: Gari Singh <gari.r.singh@gmail.com>

Author: mastersingh24

core/comm/config.go

@@ -53,15 +53,15 @@ type ServerConfig struct {
 // SecureOptions defines the security parameters (e.g. TLS) for a
 // GRPCServer instance
 type SecureOptions struct {
-	// PEM-encoded X509 public key to be used by the server for TLS communication
-	ServerCertificate []byte
-	// PEM-encoded private key to be used by the server for TLS communication
-	ServerKey []byte
-	// Set of PEM-encoded X509 certificate authorities to optionally send
-	// as part of the server handshake
+	// PEM-encoded X509 public key to be used for TLS communication
+	Certificate []byte
+	// PEM-encoded private key to be used for TLS communication
+	Key []byte
+	// Set of PEM-encoded X509 certificate authorities used by clients to
+	// verify server certificates
 	ServerRootCAs [][]byte
-	// Set of PEM-encoded X509 certificate authorities to use when verifying
-	// client certificates
+	// Set of PEM-encoded X509 certificate authorities used by servers to
+	// verify client certificates
 	ClientRootCAs [][]byte
 	// Whether or not to use TLS for communication
 	UseTLS bool

core/comm/connection_test.go

@@ -86,19 +86,19 @@ func TestClientConnections(t *testing.T) {
 			name: "ValidConnectionTLS",
 			sc: ServerConfig{
 				SecOpts: &SecureOptions{
-					UseTLS:            true,
-					ServerCertificate: certPEMBlock,
-					ServerKey:         keyPEMBlock}},
+					UseTLS:      true,
+					Certificate: certPEMBlock,
+					Key:         keyPEMBlock}},
 			creds:      credentials.NewClientTLSFromCert(certPool, ""),
 			serverPort: 8052,
 		},
 		{
 			name: "InvalidConnectionTLS",
 			sc: ServerConfig{
 				SecOpts: &SecureOptions{
-					UseTLS:            true,
-					ServerCertificate: certPEMBlock,
-					ServerKey:         keyPEMBlock}},
+					UseTLS:      true,
+					Certificate: certPEMBlock,
+					Key:         keyPEMBlock}},
 			creds:      credentials.NewClientTLSFromCert(nil, ""),
 			fail:       true,
 			serverPort: 8053,
@@ -284,9 +284,9 @@ func newServer(org string, port int) *srv {
 	}
 	gSrv, err := NewGRPCServerFromListener(l, ServerConfig{
 		SecOpts: &SecureOptions{
-			ServerCertificate: certs["server.crt"],
-			ServerKey:         certs["server.key"],
-			UseTLS:            true,
+			Certificate: certs["server.crt"],
+			Key:         certs["server.key"],
+			UseTLS:      true,
 		},
 	})
 	if err != nil {

core/comm/server.go

@@ -109,10 +109,10 @@ func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig)
 	secureConfig := serverConfig.SecOpts
 	if secureConfig != nil && secureConfig.UseTLS {
 		//both key and cert are required
-		if secureConfig.ServerKey != nil && secureConfig.ServerCertificate != nil {
+		if secureConfig.Key != nil && secureConfig.Certificate != nil {
 			grpcServer.tlsEnabled = true
 			//load server public and private keys
-			cert, err := tls.X509KeyPair(secureConfig.ServerCertificate, secureConfig.ServerKey)
+			cert, err := tls.X509KeyPair(secureConfig.Certificate, secureConfig.Key)
 			if err != nil {
 				return nil, err
 			}
@@ -155,8 +155,8 @@ func NewGRPCServerFromListener(listener net.Listener, serverConfig ServerConfig)
 			creds := NewServerTransportCredentials(grpcServer.tlsConfig)
 			serverOpts = append(serverOpts, grpc.Creds(creds))
 		} else {
-			return nil, errors.New("serverConfig.SecOpts must contain both ServerKey and " +
-				"ServerCertificate when UseTLS is true")
+			return nil, errors.New("serverConfig.SecOpts must contain both Key and " +
+				"Certificate when UseTLS is true")
 		}
 	}
 	// set max send and recv msg sizes

core/comm/server_test.go

@@ -196,8 +196,8 @@ func (org *testOrg) testServers(port int, clientRootCAs [][]byte) []testServer {
 			comm.ServerConfig{
 				SecOpts: &comm.SecureOptions{
 					UseTLS:            true,
-					ServerCertificate: serverCert.certPEM,
-					ServerKey:         serverCert.keyPEM,
+					Certificate:       serverCert.certPEM,
+					Key:               serverCert.keyPEM,
 					RequireClientCert: true,
 					ClientRootCAs:     clientRootCAs,
 				},
@@ -395,39 +395,39 @@ func TestNewGRPCServerInvalidParameters(t *testing.T) {
 		t.Log(err.Error())
 	}
 
-	//missing serverCertificate
+	//missing server Certificate
 	_, err = comm.NewGRPCServer(":9041",
 		comm.ServerConfig{
 			SecOpts: &comm.SecureOptions{
-				UseTLS:            true,
-				ServerCertificate: []byte{}}})
+				UseTLS:      true,
+				Certificate: []byte{}}})
 	//check for error
-	msg = "serverConfig.SecOpts must contain both ServerKey and " +
-		"ServerCertificate when UseTLS is true"
+	msg = "serverConfig.SecOpts must contain both Key and " +
+		"Certificate when UseTLS is true"
 	assert.EqualError(t, err, msg)
 	if err != nil {
 		t.Log(err.Error())
 	}
 
-	//missing serverKey
+	//missing server Key
 	_, err = comm.NewGRPCServer(":9042",
 		comm.ServerConfig{
 			SecOpts: &comm.SecureOptions{
-				UseTLS:            true,
-				ServerCertificate: []byte{}}})
+				UseTLS:      true,
+				Certificate: []byte{}}})
 	//check for error
 	assert.EqualError(t, err, msg)
 	if err != nil {
 		t.Log(err.Error())
 	}
 
-	//bad serverKey
+	//bad server Key
 	_, err = comm.NewGRPCServer(":9043",
 		comm.ServerConfig{
 			SecOpts: &comm.SecureOptions{
-				UseTLS:            true,
-				ServerCertificate: []byte(selfSignedCertPEM),
-				ServerKey:         []byte{}}})
+				UseTLS:      true,
+				Certificate: []byte(selfSignedCertPEM),
+				Key:         []byte{}}})
 
 	//check for error
 	msg = "tls: failed to find any PEM data in key input"
@@ -436,13 +436,13 @@ func TestNewGRPCServerInvalidParameters(t *testing.T) {
 		t.Log(err.Error())
 	}
 
-	//bad serverCertificate
+	//bad server Certificate
 	_, err = comm.NewGRPCServer(":9044",
 		comm.ServerConfig{
 			SecOpts: &comm.SecureOptions{
-				UseTLS:            true,
-				ServerCertificate: []byte{},
-				ServerKey:         []byte(selfSignedKeyPEM)}})
+				UseTLS:      true,
+				Certificate: []byte{},
+				Key:         []byte(selfSignedKeyPEM)}})
 	//check for error
 	msg = "tls: failed to find any PEM data in certificate input"
 	assert.EqualError(t, err, msg)
@@ -454,8 +454,8 @@ func TestNewGRPCServerInvalidParameters(t *testing.T) {
 		comm.ServerConfig{
 			SecOpts: &comm.SecureOptions{
 				UseTLS:            true,
-				ServerCertificate: []byte(selfSignedCertPEM),
-				ServerKey:         []byte(selfSignedKeyPEM),
+				Certificate:       []byte(selfSignedCertPEM),
+				Key:               []byte(selfSignedKeyPEM),
 				RequireClientCert: true}})
 	badRootCAs := [][]byte{[]byte(badPEM)}
 	err = srv.SetClientRootCAs(badRootCAs)
@@ -576,9 +576,9 @@ func TestNewSecureGRPCServer(t *testing.T) {
 	testAddress := "localhost:9055"
 	srv, err := comm.NewGRPCServer(testAddress, comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			UseTLS:            true,
-			ServerCertificate: []byte(selfSignedCertPEM),
-			ServerKey:         []byte(selfSignedKeyPEM)}})
+			UseTLS:      true,
+			Certificate: []byte(selfSignedCertPEM),
+			Key:         []byte(selfSignedKeyPEM)}})
 	//check for error
 	if err != nil {
 		t.Fatalf("Failed to return new GRPC server: %v", err)
@@ -661,9 +661,9 @@ func TestNewSecureGRPCServerFromListener(t *testing.T) {
 
 	srv, err := comm.NewGRPCServerFromListener(lis, comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			UseTLS:            true,
-			ServerCertificate: []byte(selfSignedCertPEM),
-			ServerKey:         []byte(selfSignedKeyPEM)}})
+			UseTLS:      true,
+			Certificate: []byte(selfSignedCertPEM),
+			Key:         []byte(selfSignedKeyPEM)}})
 	//check for error
 	if err != nil {
 		t.Fatalf("Failed to return new GRPC server: %v", err)
@@ -743,9 +743,9 @@ func TestWithSignedRootCertificates(t *testing.T) {
 
 	srv, err := comm.NewGRPCServerFromListener(lis, comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			UseTLS:            true,
-			ServerCertificate: certPEMBlock,
-			ServerKey:         keyPEMBlock}})
+			UseTLS:      true,
+			Certificate: certPEMBlock,
+			Key:         keyPEMBlock}})
 	//check for error
 	if err != nil {
 		t.Fatalf("Failed to return new GRPC server: %v", err)
@@ -822,9 +822,9 @@ func TestWithSignedIntermediateCertificates(t *testing.T) {
 
 	srv, err := comm.NewGRPCServerFromListener(lis, comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			UseTLS:            true,
-			ServerCertificate: certPEMBlock,
-			ServerKey:         keyPEMBlock}})
+			UseTLS:      true,
+			Certificate: certPEMBlock,
+			Key:         keyPEMBlock}})
 	//check for error
 	if err != nil {
 		t.Fatalf("Failed to return new GRPC server: %v", err)
@@ -1444,9 +1444,9 @@ func TestUpdateTLSCert(t *testing.T) {
 
 	cfg := comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			UseTLS:            true,
-			ServerKey:         key,
-			ServerCertificate: cert,
+			UseTLS:      true,
+			Key:         key,
+			Certificate: cert,
 		},
 	}
 	srv, err := comm.NewGRPCServer("localhost:8333", cfg)
@@ -1536,9 +1536,9 @@ func TestCipherSuites(t *testing.T) {
 
 	serverConfig := comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			ServerCertificate: certPEM,
-			ServerKey:         keyPEM,
-			UseTLS:            true,
+			Certificate: certPEM,
+			Key:         keyPEM,
+			UseTLS:      true,
 		}}
 
 	var tests = []struct {

core/comm/util_test.go

@@ -153,9 +153,9 @@ func (is *inspectingServer) inspect(envelope *common.Envelope) error {
 func newInspectingServer(addr string, inspector comm.BindingInspector) *inspectingServer {
 	srv, err := comm.NewGRPCServer(addr, comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
-			UseTLS:            true,
-			ServerCertificate: []byte(selfSignedCertPEM),
-			ServerKey:         []byte(selfSignedKeyPEM),
+			UseTLS:      true,
+			Certificate: []byte(selfSignedCertPEM),
+			Key:         []byte(selfSignedKeyPEM),
 		}})
 	if err != nil {
 		panic(err)

core/deliverservice/requester_test.go

@@ -42,8 +42,8 @@ func TestTLSBinding(t *testing.T) {
 	s, err := comm.NewGRPCServer("localhost:9435", comm.ServerConfig{
 		SecOpts: &comm.SecureOptions{
 			RequireClientCert: true,
-			ServerKey:         serverKey,
-			ServerCertificate: serverCert,
+			Key:               serverKey,
+			Certificate:       serverCert,
 			ClientRootCAs:     [][]byte{caCert},
 			UseTLS:            true,
 		},

core/peer/config.go

@@ -140,8 +140,8 @@ func GetServerConfig() (comm.ServerConfig, error) {
 		if err != nil {
 			return serverConfig, fmt.Errorf("error loading TLS certificate (%s)", err)
 		}
-		secureOptions.ServerCertificate = serverCert
-		secureOptions.ServerKey = serverKey
+		secureOptions.Certificate = serverCert
+		secureOptions.Key = serverKey
 		secureOptions.RequireClientCert = viper.GetBool("peer.tls.clientAuthRequired")
 		if secureOptions.RequireClientCert {
 			var clientRoots [][]byte

core/peer/pkg_test.go

@@ -236,8 +236,8 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 			serverConfig: comm.ServerConfig{
 				SecOpts: &comm.SecureOptions{
 					UseTLS:            true,
-					ServerCertificate: org1Server1Cert,
-					ServerKey:         org1Server1Key,
+					Certificate:       org1Server1Cert,
+					Key:               org1Server1Key,
 					ServerRootCAs:     [][]byte{org1CA},
 					RequireClientCert: true,
 				},
@@ -254,8 +254,8 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 			serverConfig: comm.ServerConfig{
 				SecOpts: &comm.SecureOptions{
 					UseTLS:            true,
-					ServerCertificate: org1Server1Cert,
-					ServerKey:         org1Server1Key,
+					Certificate:       org1Server1Cert,
+					Key:               org1Server1Key,
 					ServerRootCAs:     [][]byte{org1CA},
 					RequireClientCert: true,
 				},
@@ -274,8 +274,8 @@ func TestUpdateRootsFromConfigBlock(t *testing.T) {
 			serverConfig: comm.ServerConfig{
 				SecOpts: &comm.SecureOptions{
 					UseTLS:            true,
-					ServerCertificate: org1Server1Cert,
-					ServerKey:         org1Server1Key,
+					Certificate:       org1Server1Cert,
+					Key:               org1Server1Key,
 					ServerRootCAs:     [][]byte{org1CA},
 					RequireClientCert: true,
 				},

orderer/common/server/main.go

@@ -141,7 +141,7 @@ func initializeServerConfig(conf *config.TopLevel) comm.ServerConfig {
 		// load crypto material from files
 		serverCertificate, err := ioutil.ReadFile(conf.General.TLS.Certificate)
 		if err != nil {
-			logger.Fatalf("Failed to load ServerCertificate file '%s' (%s)",
+			logger.Fatalf("Failed to load server Certificate file '%s' (%s)",
 				conf.General.TLS.Certificate, err)
 		}
 		serverKey, err := ioutil.ReadFile(conf.General.TLS.PrivateKey)
@@ -169,8 +169,8 @@ func initializeServerConfig(conf *config.TopLevel) comm.ServerConfig {
 			}
 			msg = "mutual TLS"
 		}
-		secureOpts.ServerKey = serverKey
-		secureOpts.ServerCertificate = serverCertificate
+		secureOpts.Key = serverKey
+		secureOpts.Certificate = serverCertificate
 		secureOpts.ServerRootCAs = serverRootCAs
 		secureOpts.ClientRootCAs = clientRootCAs
 		logger.Infof("Starting orderer with %s enabled", msg)

peer/node/start.go

@@ -389,8 +389,8 @@ func createChaincodeServer(ca accesscontrol.CA, peerHostname string) (srv comm.G
 			// Trust only client certificates signed by ourselves
 			ClientRootCAs: [][]byte{ca.CertBytes()},
 			// Use our own self-signed TLS certificate and key
-			ServerCertificate: certKeyPair.Cert,
-			ServerKey:         certKeyPair.Key,
+			Certificate: certKeyPair.Cert,
+			Key:         certKeyPair.Key,
 			// No point in specifying server root CAs since this TLS config is only used for
 			// a gRPC server and not a client
 			ServerRootCAs: nil,