[FAB-7368]Make cryptogen tool support extend

This patchset add a new command 'extend' in
cryptogen tool. It make cryptogen tool can
generate new artifacts on existing crypto
artifacts. It is useful for adding new peer,
orderer, user and org.
For example,
1.cryptogen generate --config config.yaml --output xxx
2.modify config.yaml for adding peer/org/orderer/user
3.cryptogen extend --config config.yaml --input xxx

Change-Id: I1f501e3bef56c445796579b11d03091326fa050c
Signed-off-by: grapebaba <281165273@qq.com>

Author: GrapeBaBa

common/tools/cryptogen/ca/ca_test.go

@@ -31,8 +31,10 @@ import (
 const (
 	testCAName             = "root0"
 	testCA2Name            = "root1"
+	testCA3Name            = "root2"
 	testName               = "cert0"
 	testName2              = "cert1"
+	testName3              = "cert2"
 	testIP                 = "172.16.10.31"
 	testCountry            = "US"
 	testProvince           = "California"
@@ -44,6 +46,38 @@ const (
 
 var testDir = filepath.Join(os.TempDir(), "ca-test")
 
+func TestLoadCertificateECDSA(t *testing.T) {
+	caDir := filepath.Join(testDir, "ca")
+	certDir := filepath.Join(testDir, "certs")
+	// generate private key
+	priv, _, err := csp.GeneratePrivateKey(certDir)
+	assert.NoError(t, err, "Failed to generate signed certificate")
+
+	// get EC public key
+	ecPubKey, err := csp.GetECPublicKey(priv)
+	assert.NoError(t, err, "Failed to generate signed certificate")
+	assert.NotNil(t, ecPubKey, "Failed to generate signed certificate")
+
+	// create our CA
+	rootCA, err := ca.NewCA(caDir, testCA3Name, testCA3Name, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
+	assert.NoError(t, err, "Error generating CA")
+
+	cert, err := rootCA.SignCertificate(certDir, testName3, nil, ecPubKey,
+		x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment,
+		[]x509.ExtKeyUsage{x509.ExtKeyUsageAny})
+	assert.NoError(t, err, "Failed to generate signed certificate")
+	// KeyUsage should be x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment
+	assert.Equal(t, x509.KeyUsageDigitalSignature|x509.KeyUsageKeyEncipherment,
+		cert.KeyUsage)
+	assert.Contains(t, cert.ExtKeyUsage, x509.ExtKeyUsageAny)
+
+	loadedCert, err := ca.LoadCertificateECDSA(certDir)
+	assert.NotNil(t, loadedCert, "Should load cert")
+	assert.Equal(t, cert.SerialNumber, loadedCert.SerialNumber, "Should have same serial number")
+	assert.Equal(t, cert.Subject.CommonName, loadedCert.Subject.CommonName, "Should have same CN")
+	cleanup(testDir)
+}
+
 func TestNewCA(t *testing.T) {
 
 	caDir := filepath.Join(testDir, "ca")

common/tools/cryptogen/ca/generator.go

@@ -22,13 +22,15 @@ import (
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/pem"
+	"io/ioutil"
 	"math/big"
 	"net"
 	"os"
-	"time"
-
 	"path/filepath"
+	"strings"
+	"time"
 
+	"github.com/hyperledger/fabric/bccsp/utils"
 	"github.com/hyperledger/fabric/common/tools/cryptogen/csp"
 )
 
@@ -219,3 +221,28 @@ func genCertificateECDSA(baseDir, name string, template, parent *x509.Certificat
 	}
 	return x509Cert, nil
 }
+
+// LoadCertificateECDSA load a ecdsa cert from a file in cert path
+func LoadCertificateECDSA(certPath string) (*x509.Certificate, error) {
+	var cert *x509.Certificate
+	var err error
+
+	walkFunc := func(path string, info os.FileInfo, err error) error {
+		if strings.HasSuffix(path, ".pem") {
+			rawCert, err := ioutil.ReadFile(path)
+			if err != nil {
+				return err
+			}
+			block, _ := pem.Decode(rawCert)
+			cert, err = utils.DERToX509Certificate(block.Bytes)
+		}
+		return nil
+	}
+
+	err = filepath.Walk(certPath, walkFunc)
+	if err != nil {
+		return nil, err
+	}
+
+	return cert, err
+}

common/tools/cryptogen/csp/csp.go

@@ -19,12 +19,71 @@ import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/x509"
+	"encoding/pem"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
 
 	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/bccsp/factory"
 	"github.com/hyperledger/fabric/bccsp/signer"
 )
 
+// LoadPrivateKey loads a private key from file in keystorePath
+func LoadPrivateKey(keystorePath string) (bccsp.Key, crypto.Signer, error) {
+	var err error
+	var priv bccsp.Key
+	var s crypto.Signer
+
+	opts := &factory.FactoryOpts{
+		ProviderName: "SW",
+		SwOpts: &factory.SwOpts{
+			HashFamily: "SHA2",
+			SecLevel:   256,
+
+			FileKeystore: &factory.FileKeystoreOpts{
+				KeyStorePath: keystorePath,
+			},
+		},
+	}
+
+	csp, err := factory.GetBCCSPFromOpts(opts)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	walkFunc := func(path string, info os.FileInfo, err error) error {
+		if strings.HasSuffix(path, "_sk") {
+			rawKey, err := ioutil.ReadFile(path)
+			if err != nil {
+				return err
+			}
+
+			block, _ := pem.Decode(rawKey)
+			priv, err = csp.KeyImport(block.Bytes, &bccsp.ECDSAPrivateKeyImportOpts{Temporary: true})
+			if err != nil {
+				return err
+			}
+
+			s, err = signer.New(csp, priv)
+			if err != nil {
+				return err
+			}
+
+			return nil
+		}
+		return nil
+	}
+
+	err = filepath.Walk(keystorePath, walkFunc)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return priv, s, err
+}
+
 // GeneratePrivateKey creates a private key and stores it in keystorePath
 func GeneratePrivateKey(keystorePath string) (bccsp.Key,
 	crypto.Signer, error) {

common/tools/cryptogen/csp/csp_test.go

@@ -57,6 +57,17 @@ func (mk *mockKey) Private() bool { return false }
 
 var testDir = filepath.Join(os.TempDir(), "csp-test")
 
+func TestLoadPrivateKey(t *testing.T) {
+	priv, _, _ := csp.GeneratePrivateKey(testDir)
+	pkFile := filepath.Join(testDir, hex.EncodeToString(priv.SKI())+"_sk")
+	assert.Equal(t, true, checkForFile(pkFile),
+		"Expected to find private key file")
+	loadedPriv, _, _ := csp.LoadPrivateKey(testDir)
+	assert.NotNil(t, loadedPriv, "Should have returned a bccsp.Key")
+	assert.Equal(t, priv.SKI(), loadedPriv.SKI(), "Should have same subject identifier")
+	cleanup(testDir)
+}
+
 func TestGeneratePrivateKey(t *testing.T) {
 
 	priv, signer, err := csp.GeneratePrivateKey(testDir)