From e717e0f2094a823f372424c34f6b577a9ae3fc12 Mon Sep 17 00:00:00 2001
From: hfuss <haydenfuss@gmail.com>
Date: Fri, 2 Jul 2021 11:51:04 -0400
Subject: [PATCH 1/3] Decoupling Peers from config.json

Signed-off-by: hfuss <haydenfuss@gmail.com>
---
 src/lib/config.ts  | 23 +++++++++++++++++------
 src/lib/utils.ts   |  1 +
 src/routers/api.ts |  6 +++---
 3 files changed, 21 insertions(+), 9 deletions(-)

diff --git a/src/lib/config.ts b/src/lib/config.ts
index 856719c..d48d9f7 100644
--- a/src/lib/config.ts
+++ b/src/lib/config.ts
@@ -24,16 +24,27 @@ import path from 'path';
 const ajv = new Ajv();
 const validateConfig = ajv.compile(configSchema);
 const configFilePath = path.join(utils.constants.DATA_DIRECTORY, utils.constants.CONFIG_FILE_NAME);
+const peersFilePath = path.join(utils.constants.DATA_DIRECTORY, utils.constants.PEERS_FILE_NAME);
 
 export let config: IConfig;
 
 export const init = async () => {
-  await loadConfigFile();
+  await loadConfig();
 };
 
-const loadConfigFile = async () => {
+const loadConfig = async () => {
   try {
     const data = JSON.parse(await fs.readFile(configFilePath, 'utf8'));
+    try {
+      data.peers = JSON.parse(await fs.readFile(peersFilePath, 'utf8'));
+    } catch (err) {
+      // if file does not exist, just set peers to empty list
+      if (err.code === 'ENOENT') {
+        data.peers = [];
+      } else {
+        throw err;
+      }
+    }
     if(validateConfig(data)) {
       config = data as IConfig;
       for(const peer of config.peers) {
@@ -42,13 +53,13 @@ const loadConfigFile = async () => {
         }
       }
     } else {
-      throw new Error('Invalid configuration file');
+      throw new Error('Invalid configuration files');
     }
   } catch(err) {
-    throw new Error(`Failed to read configuration file. ${err}`);
+    throw new Error(`Failed to read configuration files. ${err}`);
   }
 };
 
-export const persistConfig = async () => {
-  await fs.writeFile(configFilePath, JSON.stringify(config, null, 2));
+export const persistPeers = async () => {
+  await fs.writeFile(peersFilePath, JSON.stringify(config.peers, null, 2));
 };
\ No newline at end of file
diff --git a/src/lib/utils.ts b/src/lib/utils.ts
index 8c6a941..5ca88c1 100644
--- a/src/lib/utils.ts
+++ b/src/lib/utils.ts
@@ -31,6 +31,7 @@ export const constants = {
   METADATA_SUFFIX: '.metadata.json',
   RECEIVED_BLOBS_SUBDIRECTORY: 'received',
   CONFIG_FILE_NAME: 'config.json',
+  PEERS_FILE_NAME: 'peers/data.json',
   CERT_FILE: 'cert.pem',
   KEY_FILE: 'key.pem',
   CA_FILE: 'ca.pem',
diff --git a/src/routers/api.ts b/src/routers/api.ts
index 606b7b3..997eaf6 100644
--- a/src/routers/api.ts
+++ b/src/routers/api.ts
@@ -23,7 +23,7 @@ import * as blobsHandler from '../handlers/blobs';
 import * as eventsHandler from '../handlers/events';
 import * as messagesHandler from '../handlers/messages';
 import { ca, cert, key, peerID } from '../lib/cert';
-import { config, persistConfig } from '../lib/config';
+import { config, persistPeers } from '../lib/config';
 import { IStatus } from '../lib/interfaces';
 import RequestError from '../lib/request-error';
 import * as utils from '../lib/utils';
@@ -98,7 +98,7 @@ router.put('/peers/:id', async (req, res, next) => {
       };
       config.peers.push(peer);
     }
-    await persistConfig();
+    await persistPeers();
     await refreshCACerts();
     res.send({ status: 'added' });
   } catch (err) {
@@ -119,7 +119,7 @@ router.delete('/peers/:id', async (req, res, next) => {
       }
     }
     config.peers = config.peers.filter(peer => peer.id !== req.params.id);
-    await persistConfig();
+    await persistPeers();
     res.send({ status: 'removed' });
   } catch (err) {
     next(err);

From 80c09fab1d3f25ea9afd9c15e4cb7b68d3798494 Mon Sep 17 00:00:00 2001
From: hfuss <haydenfuss@gmail.com>
Date: Tue, 6 Jul 2021 22:20:21 -0400
Subject: [PATCH 2/3] Logging and fixing bug when EBS volumes are used for peer
 certs directory

Signed-off-by: hfuss <haydenfuss@gmail.com>
---
 src/lib/cert.ts   | 10 +++++++++-
 src/lib/config.ts | 10 ++++++++--
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/lib/cert.ts b/src/lib/cert.ts
index 44c3364..bb21290 100644
--- a/src/lib/cert.ts
+++ b/src/lib/cert.ts
@@ -27,7 +27,9 @@ export let ca: string[] = [];
 export let peerID: string;
 
 export const init = async () => {
+  log.debug("Reading key file");
   key = (await fs.readFile(path.join(utils.constants.DATA_DIRECTORY, utils.constants.KEY_FILE))).toString();
+  log.debug("Reading cert file");
   cert = (await fs.readFile(path.join(utils.constants.DATA_DIRECTORY, utils.constants.CERT_FILE))).toString();
   const certData = utils.getCertData(cert);
   peerID = utils.getPeerID(certData.organization, certData.organizationUnit);
@@ -36,9 +38,15 @@ export const init = async () => {
 
 export const loadCAs = async () => {
   const peerCertsPath = path.join(utils.constants.DATA_DIRECTORY, utils.constants.PEER_CERTS_SUBDIRECTORY);
+  log.debug(`Reading peer CAs from ${peerCertsPath}`);
   const peerCerts = await fs.readdir(peerCertsPath);
   for(const peerCert of peerCerts) {
-    ca.push((await fs.readFile(path.join(peerCertsPath, peerCert))).toString());
+    if (peerCert.endsWith(".pem")) {
+      log.debug(`Reading peer CA ${peerCert}`);
+      ca.push((await fs.readFile(path.join(peerCertsPath, peerCert))).toString());
+    } else {
+      log.warn(`Ignoring non-PEM extension file or directory ${peerCert} when loading CAs`);
+    }
   }
   log.debug(`Loaded ${ca.length} peer certificate(s)`);
 };
diff --git a/src/lib/config.ts b/src/lib/config.ts
index d48d9f7..54246a3 100644
--- a/src/lib/config.ts
+++ b/src/lib/config.ts
@@ -20,6 +20,9 @@ import configSchema from '../schemas/config.json';
 import * as utils from './utils';
 import { IConfig } from './interfaces';
 import path from 'path';
+import {Logger} from "./logger";
+
+const log = new Logger('lib/config.ts')
 
 const ajv = new Ajv();
 const validateConfig = ajv.compile(configSchema);
@@ -34,13 +37,16 @@ export const init = async () => {
 
 const loadConfig = async () => {
   try {
+    log.debug(`Reading config file ${configFilePath}`);
     const data = JSON.parse(await fs.readFile(configFilePath, 'utf8'));
     try {
+      log.debug(`Reading peers file ${peersFilePath}`);
       data.peers = JSON.parse(await fs.readFile(peersFilePath, 'utf8'));
     } catch (err) {
-      // if file does not exist, just set peers to empty list
+      // if file does not exist, just set peers to either the peers from config.json (if migrating from older version) or to an empty list
+      log.debug(`Error code when reading peers file ${err.code}`);
       if (err.code === 'ENOENT') {
-        data.peers = [];
+        data.peers = data.peers || [];
       } else {
         throw err;
       }

From f226f6f36b1cad461163d089e6bc17f7a06011b2 Mon Sep 17 00:00:00 2001
From: Gabriel Indik <gabriel.indik@kaleido.io>
Date: Wed, 7 Jul 2021 17:10:22 -0400
Subject: [PATCH 3/3] Case insensitive compare for CAs

Signed-off-by: Gabriel Indik <gabriel.indik@kaleido.io>
---
 src/lib/cert.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/cert.ts b/src/lib/cert.ts
index bb21290..1856c54 100644
--- a/src/lib/cert.ts
+++ b/src/lib/cert.ts
@@ -41,7 +41,7 @@ export const loadCAs = async () => {
   log.debug(`Reading peer CAs from ${peerCertsPath}`);
   const peerCerts = await fs.readdir(peerCertsPath);
   for(const peerCert of peerCerts) {
-    if (peerCert.endsWith(".pem")) {
+    if (peerCert.toLowerCase().endsWith(".pem")) {
       log.debug(`Reading peer CA ${peerCert}`);
       ca.push((await fs.readFile(path.join(peerCertsPath, peerCert))).toString());
     } else {