Enable to bypass gossip security identity checks

In order to enable peer to connect to the organization leaders using same certificate adding a new configuration key which allows bypassing identity verification. Following parameter has to be added to the list of env variables or core.yaml: - CORE_PEER_GOSSIP_IGNORESECURITY=true Change-Id: I2cc18f290f1d36ad3900fe3ded4997fbc3d885c5 Signed-off-by: Artem Barger <bartem@il.ibm.com>

Enable to bypass gossip security identity checks
In order to enable peer to connect to the organization leaders using same certificate adding a new configuration key which allows bypassing identity verification. Following parameter has to be added to the list of env variables or core.yaml: - CORE_PEER_GOSSIP_IGNORESECURITY=true Change-Id: I2cc18f290f1d36ad3900fe3ded4997fbc3d885c5 Signed-off-by: Artem Barger <bartem@il.ibm.com>
c7b3fe02 · Artem Barger · 0c2dff7f · c7b3fe02 · c7b3fe02
Unverified Commit c7b3fe02 authored Jan 31, 2017 by Artem Barger
Hide whitespace changes
Inline Side-by-side

Showing with 47 additions and 0 deletions

gossip/integration/integration.go gossip/integration/integration.go +41 -0

peer/common/anchors.go peer/common/anchors.go +6 -0

No files found.
--- a/gossip/integration/integration.go
+++ b/gossip/integration/integration.go
@@ -21,9 +21,12 @@ import (
 	"strings"
 	"time"

+	"github.com/hyperledger/fabric/gossip/api"
+	"github.com/hyperledger/fabric/gossip/common"
 	"github.com/hyperledger/fabric/gossip/gossip"
 	"github.com/hyperledger/fabric/peer/gossip/mcs"
 	"github.com/hyperledger/fabric/peer/gossip/sa"
+	"github.com/spf13/viper"
 	"google.golang.org/grpc"
 )

@@ -58,5 +61,43 @@ func NewGossipComponent(identity []byte, endpoint string, s *grpc.Server, dialOp
 	conf := newConfig(endpoint, bootPeers...)
 	cryptSvc := mcs.NewMessageCryptoService()
 	secAdv := sa.NewSecurityAdvisor()
+	if viper.GetBool("peer.gossip.ignoresecurity") {
+		sec := &secImpl{[]byte(endpoint)}
+		cryptSvc = sec
+		secAdv = sec
+		identity = []byte(endpoint)
+	}
 	return gossip.NewGossipService(conf, s, secAdv, cryptSvc, identity, dialOpts...)
 }
+
+type secImpl struct {
+	identity []byte
+}
+
+func (*secImpl) OrgByPeerIdentity(api.PeerIdentityType) api.OrgIdentityType {
+	return api.OrgIdentityType("DEFAULT")
+}
+
+func (s *secImpl) GetPKIidOfCert(peerIdentity api.PeerIdentityType) common.PKIidType {
+	return common.PKIidType(peerIdentity)
+}
+
+func (s *secImpl) VerifyBlock(chainID common.ChainID, signedBlock api.SignedBlock) error {
+	return nil
+}
+
+func (s *secImpl) Sign(msg []byte) ([]byte, error) {
+	return msg, nil
+}
+
+func (s *secImpl) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
+	return nil
+}
+
+func (s *secImpl) VerifyByChannel(chainID common.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error {
+	return nil
+}
+
+func (s *secImpl) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
+	return nil
+}
--- a/peer/common/anchors.go
+++ b/peer/common/anchors.go
@@ -27,6 +27,7 @@ import (

 	"github.com/hyperledger/fabric/msp"
 	"github.com/hyperledger/fabric/protos/peer"
+	"github.com/spf13/viper"
 )

 type AnchorPeerParser struct {
@@ -126,6 +127,11 @@ func anchorPeerFromFile(filename string) (*peer.AnchorPeer, error) {
 		Port: int32(port),
 		Cert: identity,
 	}
+
+	if viper.GetBool("peer.gossip.ignoresecurity") {
+		ap.Cert = []byte(fmt.Sprintf("%s:%d", ap.Host, ap.Port))
+	}
+
 	return ap, nil
 }