[FAB-4886] Add tls_root_certs to MSPConfig etc.

Now add the tls_root_certs field to updated
FabricMSPConfig proto structure.

Now create intermediate ca certs folder and new
tlscacerts folder for local MSP config.

Recommented the doNotDecompose option for feature.

Change-Id: Ie406b6d74b03314b53f7eb9ee81627e572811ee5
Signed-off-by: Jeff Garratt <[email protected]>

Author: jeffgarratt

bddtests/features/bootstrap.feature

@@ -16,7 +16,7 @@ Feature: Bootstrap
   As a blockchain entrepreneur
   I want to bootstrap a new blockchain network
 
-    @doNotDecompose
+#    @doNotDecompose
     @generateDocs
   Scenario Outline: Bootstrap a development network with 4 peers (2 orgs)  and 1 orderer (1 org), each having a single independent root of trust (No fabric-ca, just openssl)
     #creates 1 self-signed key/cert pair per orderer organization

bddtests/msp/identities_pb2.py

@@ -1,5 +1,3 @@
 # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
 import grpc
-from grpc.framework.common import cardinality
-from grpc.framework.interfaces.face import utilities as face_utilities
 

bddtests/msp/identities_pb2_grpc.py

@@ -1,5 +1,3 @@
 # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
 import grpc
-from grpc.framework.common import cardinality
-from grpc.framework.interfaces.face import utilities as face_utilities
 

bddtests/msp/msp_config_pb2.py

@@ -1,5 +1,3 @@
 # Generated by the gRPC Python protocol compiler plugin. DO NOT EDIT!
 import grpc
-from grpc.framework.common import cardinality
-from grpc.framework.interfaces.face import utilities as face_utilities
 

bddtests/msp/msp_config_pb2_grpc.py

@@ -830,9 +830,10 @@ def getMSPConfig(org, directory):
                       org.name == nat.organization and "configadmin" in nat.nodeName.lower()]:
         adminCerts.append(crypto.dump_certificate(crypto.FILETYPE_PEM, cert))
     cacerts = [org.getCertAsPEM()]
+    tls_root_certs = [org.getCertAsPEM()]
     # Currently only 1 component, CN=<orgName>
     # name = self.getSelfSignedCert().get_subject().getComponents()[0][1]
-    fabricMSPConfig = msp_config_pb2.FabricMSPConfig(admins=adminCerts, root_certs=cacerts, name=org.name)
+    fabricMSPConfig = msp_config_pb2.FabricMSPConfig(admins=adminCerts, root_certs=cacerts, name=org.name, tls_root_certs=tls_root_certs)
     mspConfig = msp_config_pb2.MSPConfig(config=fabricMSPConfig.SerializeToString(), type=0)
     return mspConfig
 
@@ -891,7 +892,12 @@ def _writeMspFiles(self, directory , project_name, compose_service, network):
         os.makedirs("{0}/{1}".format(localMspConfigPath, "signcerts"))
         os.makedirs("{0}/{1}".format(localMspConfigPath, "admincerts"))
         os.makedirs("{0}/{1}".format(localMspConfigPath, "cacerts"))
+        #TODO: Consider how to accomodate intermediate CAs
+        os.makedirs("{0}/{1}".format(localMspConfigPath, "intermediatecacerts"))
         os.makedirs("{0}/{1}".format(localMspConfigPath, "keystore"))
+        os.makedirs("{0}/{1}".format(localMspConfigPath, "tlscacerts"))
+        #TODO: Consider how to accomodate intermediate CAs
+        os.makedirs("{0}/{1}".format(localMspConfigPath, "tlsintermediatecacerts"))
 
         # Find the peer signer Tuple for this peer and add to signcerts folder
         for pnt, cert in [(peerNodeTuple, cert) for peerNodeTuple, cert in directory.ordererAdminTuples.items() if
@@ -908,6 +914,8 @@ def _writeMspFiles(self, directory , project_name, compose_service, network):
             org_cert_as_pem =  directory.getOrganization(pnt.organization).getCertAsPEM()
             with open("{0}/cacerts/{1}.pem".format(localMspConfigPath, pnt.organization), "w") as f:
                 f.write(org_cert_as_pem)
+            with open("{0}/tlscacerts/{1}.pem".format(localMspConfigPath, pnt.organization), "w") as f:
+                f.write(org_cert_as_pem)
 
         # Find the peer admin Tuple for this peer and add to admincerts folder
         for pnt, cert in [(peerNodeTuple, cert) for peerNodeTuple, cert in directory.ordererAdminTuples.items() if