[FAB-4874] admins must be members

This change set ensures that the certificate of an MSP admin is also a valid
member of that MSP according to that MSP's validation rules (including
expiration and OUs).

Change-Id: I520e36b5a8def564cd5dd2481d726bff5cb01870
Signed-off-by: Alessandro Sorniotti <[email protected]>

Author: ale-linux

bddtests/steps/bootstrap_util.py

@@ -824,7 +824,9 @@ class PathType(Enum):
 
 
 def getMSPConfig(org, directory):
-    adminCerts = [org.getCertAsPEM()]
+    # CA certificates can't be admins of an MSP
+    # adminCerts = [org.getCertAsPEM()]
+    adminCerts = []
     # Find the mspAdmin Tuple for org and add to admincerts folder
     for pnt, cert in [(nat, cert) for nat, cert in directory.ordererAdminTuples.items() if
                       org.name == nat.organization and "configadmin" in nat.nodeName.lower()]:

common/tools/cryptogen/msp/generator.go

@@ -25,6 +25,7 @@ import (
 	"io"
 
 	"github.com/hyperledger/fabric/bccsp"
+	"github.com/hyperledger/fabric/bccsp/factory"
 	"github.com/hyperledger/fabric/common/tools/cryptogen/ca"
 	"github.com/hyperledger/fabric/common/tools/cryptogen/csp"
 )
@@ -66,14 +67,31 @@ func GenerateLocalMSP(baseDir, name string, sans []string, rootCA *ca.CA) error
 	}
 
 	// write artifacts to MSP folders
-	folders := []string{"admincerts", "cacerts"}
+
+	// the CA certificate goes into cacerts
+	folders := []string{"cacerts"}
 	for _, folder := range folders {
 		err = x509Export(filepath.Join(mspDir, folder, x509Filename(rootCA.Name)), rootCA.SignCert)
 		if err != nil {
 			return err
 		}
 	}
 
+	// the signing identity goes into admincerts.
+	// This means that the signing identity
+	// of this MSP is also an admin of this MSP
+	// NOTE: the admincerts folder is going to be
+	// cleared up anyway by copyAdminCert, but
+	// we leave a valid admin for now for the sake
+	// of unit tests
+	folders = []string{"admincerts"}
+	for _, folder := range folders {
+		err = x509Export(filepath.Join(mspDir, folder, x509Filename(rootCA.Name)), cert)
+		if err != nil {
+			return err
+		}
+	}
+
 	// write artifacts to TLS folder
 	err = x509Export(filepath.Join(tlsDir, "ca.crt"), rootCA.SignCert)
 	if err != nil {
@@ -99,7 +117,7 @@ func GenerateVerifyingMSP(baseDir string, rootCA *ca.CA) error {
 	err := createFolderStructure(baseDir)
 	if err == nil {
 		// write MSP cert to appropriate folders
-		folders := []string{"admincerts", "cacerts", "signcerts"}
+		folders := []string{"cacerts", "signcerts"}
 		for _, folder := range folders {
 			err = x509Export(filepath.Join(baseDir, folder, x509Filename(rootCA.Name)), rootCA.SignCert)
 			if err != nil {
@@ -108,6 +126,22 @@ func GenerateVerifyingMSP(baseDir string, rootCA *ca.CA) error {
 		}
 	}
 
+	// create a throwaway cert to act as an admin cert
+	// NOTE: the admincerts folder is going to be
+	// cleared up anyway by copyAdminCert, but
+	// we leave a valid admin for now for the sake
+	// of unit tests
+	bcsp := factory.GetDefault()
+	priv, err := bcsp.KeyGen(&bccsp.ECDSAP256KeyGenOpts{Temporary: true})
+	ecPubKey, err := csp.GetECPublicKey(priv)
+	if err != nil {
+		return err
+	}
+	_, err = rootCA.SignCertificate(filepath.Join(baseDir, "admincerts"), rootCA.Name, []string{""}, ecPubKey)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 

msp/msp_test.go

@@ -269,6 +269,22 @@ func TestValidateCAIdentity(t *testing.T) {
 	assert.Error(t, err)
 }
 
+func TestBadAdminIdentity(t *testing.T) {
+	conf, err := GetLocalMspConfig("testdata/badadmin", nil, "DEFAULT")
+	assert.NoError(t, err)
+
+	thisMSP, err := NewBccspMsp()
+	assert.NoError(t, err)
+	ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join("testdata/badadmin", "keystore"), true)
+	assert.NoError(t, err)
+	csp, err := sw.New(256, "SHA2", ks)
+	assert.NoError(t, err)
+	thisMSP.(*bccspmsp).bccsp = csp
+
+	err = thisMSP.Setup(conf)
+	assert.Error(t, err)
+}
+
 func TestValidateAdminIdentity(t *testing.T) {
 	caID := getIdentity(t, admincerts)
 

msp/mspimpl.go

@@ -439,6 +439,16 @@ func (msp *bccspmsp) Setup(conf1 *m.MSPConfig) error {
 		return err
 	}
 
+	// make sure that admins are valid members as well
+	// this way, when we validate an admin MSP principal
+	// we can simply check for exact match of certs
+	for i, admin := range msp.admins {
+		err = admin.Validate()
+		if err != nil {
+			return fmt.Errorf("admin %d is invalid, validation error %s", i, err)
+		}
+	}
+
 	return nil
 }
 
@@ -593,6 +603,9 @@ func (msp *bccspmsp) SatisfiesPrincipal(id Identity, principal *m.MSPPrincipal)
 			// id is exactly one of our admins
 			for _, admincert := range msp.admins {
 				if bytes.Equal(id.(*identity).cert.Raw, admincert.(*identity).cert.Raw) {
+					// we do not need to check whether the admin is a valid identity
+					// according to this MSP, since we already check this at Setup time
+					// if there is a match, we can just return
 					return nil
 				}
 			}

msp/testdata/badadmin/admincerts/cert-COP1.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAcigAwIBAgIBATAKBggqhkjOPQQDAjApMQwwCgYDVQQKDANDT1AxDDAK
+BgNVBAsMA0NPUDELMAkGA1UEAwwCQ0EwHhcNMTcwNjIwMDkwOTQwWhcNMzcwNjE1
+MDkwOTQwWjA6MQwwCgYDVQQKDANDT1AxDDAKBgNVBAsMA0NPUDENMAsGA1UECwwE
+Q09QMTENMAsGA1UEAwwEQ09QMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHaO
+/lWmVlTHbGlYcRxKiM3fq4aYumXSKPazeGVYHhfE19m20pJOgiHSqST40dY2KY7z
+sSlbRdVK7isb86RWz0Ojgc8wgcwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUzJvC4p2/qAJOaV9YLKP3WXAtQ98wHwYDVR0jBBgw
+FoAUBeUxuEtl5Cul1bUlFut6aTUzdnUwDgYDVR0PAQH/BAQDAgXgMCcGA1UdJQQg
+MB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIgAJ9r6JU15ZHd1HR+gy3jOE1f3+2YGeoUnmFDgIBvHHoCIQDF7NR1gbJgcm/U
+xFnZpFxlRp7+JjmhBHj/bnllE0x1gQ==
+-----END CERTIFICATE-----

msp/testdata/badadmin/admincerts/cert-COP2.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAcigAwIBAgIBAjAKBggqhkjOPQQDAjApMQwwCgYDVQQKDANDT1AxDDAK
+BgNVBAsMA0NPUDELMAkGA1UEAwwCQ0EwHhcNMTcwNjIwMDkwOTQwWhcNMzcwNjE1
+MDkwOTQwWjA6MQwwCgYDVQQKDANDT1AxDDAKBgNVBAsMA0NPUDENMAsGA1UECwwE
+Q09QMjENMAsGA1UEAwwEQ09QMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA9X
+Y4AsHRMAfrCptswm01BU3ejzZIOCM81bIKSVyByCC4CNRUH+Cpi28I3hvd06Klqo
+x5ev1wSGNpy/STWfJHKjgc8wgcwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQURJZ2HHiYHMsfkGKfad/tyNQ2hPkwHwYDVR0jBBgw
+FoAUBeUxuEtl5Cul1bUlFut6aTUzdnUwDgYDVR0PAQH/BAQDAgXgMCcGA1UdJQQg
+MB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIgbtZhiH3Y7X/JHkvJMqnza6WI6ImFEOo8Vltuxb5Ajt0CIQD2WM1PVR/LlTK+
+VuXjgxinGZ8WAI3TbTMdeS5XD1NuEQ==
+-----END CERTIFICATE-----

msp/testdata/badadmin/cacerts/cacert-COP.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrTCCAVKgAwIBAgIJAK8/QQKPJc5dMAoGCCqGSM49BAMCMCkxDDAKBgNVBAoM
+A0NPUDEMMAoGA1UECwwDQ09QMQswCQYDVQQDDAJDQTAeFw0xNzA2MjAwOTA5NDBa
+Fw0zNzA2MTUwOTA5NDBaMCkxDDAKBgNVBAoMA0NPUDEMMAoGA1UECwwDQ09QMQsw
+CQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLVK0PcjQjZ/pUsW
+Y7NHYJSHaPrc7qY/NK9xfLZogZi1axlOz55k6xQH2LIUILffmzXMm3h391Bim3b9
+rPdsvjqjYzBhMB0GA1UdDgQWBBQF5TG4S2XkK6XVtSUW63ppNTN2dTAfBgNVHSME
+GDAWgBQF5TG4S2XkK6XVtSUW63ppNTN2dTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAwhPOEE7bfSlDd0WglM1dNHTY
+hU2p/Lx0mgPha/5HW0UCIQCp6q+qL/OEP+mUms6C9nnMSu2eVDZQQ2MJgRNBVHjC
+cw==
+-----END CERTIFICATE-----

msp/testdata/badadmin/cacerts/cacert.pem

@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrTCCAVKgAwIBAgIJAK8/QQKPJc5dMAoGCCqGSM49BAMCMCkxDDAKBgNVBAoM
+A0NPUDEMMAoGA1UECwwDQ09QMQswCQYDVQQDDAJDQTAeFw0xNzA2MjAwOTA5NDBa
+Fw0zNzA2MTUwOTA5NDBaMCkxDDAKBgNVBAoMA0NPUDEMMAoGA1UECwwDQ09QMQsw
+CQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLVK0PcjQjZ/pUsW
+Y7NHYJSHaPrc7qY/NK9xfLZogZi1axlOz55k6xQH2LIUILffmzXMm3h391Bim3b9
+rPdsvjqjYzBhMB0GA1UdDgQWBBQF5TG4S2XkK6XVtSUW63ppNTN2dTAfBgNVHSME
+GDAWgBQF5TG4S2XkK6XVtSUW63ppNTN2dTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAwhPOEE7bfSlDd0WglM1dNHTY
+hU2p/Lx0mgPha/5HW0UCIQCp6q+qL/OEP+mUms6C9nnMSu2eVDZQQ2MJgRNBVHjC
+cw==
+-----END CERTIFICATE-----

msp/testdata/badadmin/config.yaml

@@ -0,0 +1,8 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+OrganizationalUnitIdentifiers:
+  - Certificate: "cacerts/cacert.pem"
+    OrganizationalUnitIdentifier: "COP1"

msp/testdata/badadmin/keystore/key-COP1.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAGR4/FR6CVRgwG4gqim4CKKd5NH+CbDSQdd9YD5zqVJoAoGCCqGSM49
+AwEHoUQDQgAEdo7+VaZWVMdsaVhxHEqIzd+rhpi6ZdIo9rN4ZVgeF8TX2bbSkk6C
+IdKpJPjR1jYpjvOxKVtF1UruKxvzpFbPQw==
+-----END EC PRIVATE KEY-----

msp/testdata/badadmin/signcerts/cert-COP1.pem

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAcigAwIBAgIBATAKBggqhkjOPQQDAjApMQwwCgYDVQQKDANDT1AxDDAK
+BgNVBAsMA0NPUDELMAkGA1UEAwwCQ0EwHhcNMTcwNjIwMDkwOTQwWhcNMzcwNjE1
+MDkwOTQwWjA6MQwwCgYDVQQKDANDT1AxDDAKBgNVBAsMA0NPUDENMAsGA1UECwwE
+Q09QMTENMAsGA1UEAwwEQ09QMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHaO
+/lWmVlTHbGlYcRxKiM3fq4aYumXSKPazeGVYHhfE19m20pJOgiHSqST40dY2KY7z
+sSlbRdVK7isb86RWz0Ojgc8wgcwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUzJvC4p2/qAJOaV9YLKP3WXAtQ98wHwYDVR0jBBgw
+FoAUBeUxuEtl5Cul1bUlFut6aTUzdnUwDgYDVR0PAQH/BAQDAgXgMCcGA1UdJQQg
+MB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIgAJ9r6JU15ZHd1HR+gy3jOE1f3+2YGeoUnmFDgIBvHHoCIQDF7NR1gbJgcm/U
+xFnZpFxlRp7+JjmhBHj/bnllE0x1gQ==
+-----END CERTIFICATE-----

msp/testdata/badconfigou/admincerts/admincert.pem

@@ -1,16 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICjDCCAjKgAwIBAgIUBEVwsSx0TmqdbzNwleNBBzoIT0wwCgYIKoZIzj0EAwIw
-fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
-biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
-BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMTExMTcwNzAw
-WhcNMTcxMTExMTcwNzAwWjBjMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGgg
-Q2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxGzAZBgNVBAoTEkh5cGVybGVkZ2Vy
-IEZhYnJpYzEMMAoGA1UECxMDQ09QMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-HBuKsAO43hs4JGpFfiGMkB/xsILTsOvmN2WmwpsPHZNL6w8HWe3xCPQtdG/XJJvZ
-+C756KEsUBM3yw5PTfku8qOBpzCBpDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOFC
-dcUZ4es3ltiCgAVDoyLfVpPIMB8GA1UdIwQYMBaAFBdnQj2qnoI/xMUdn1vDmdG1
-nEgQMCUGA1UdEQQeMByCCm15aG9zdC5jb22CDnd3dy5teWhvc3QuY29tMAoGCCqG
-SM49BAMCA0gAMEUCIDf9Hbl4xn3z4EwNKmilM9lX2Fq4jWpAaRVB97OmVEeyAiEA
-25aDPQHGGq2AvhKT0wvt08cX1GTGCIbfmuLpMwKQj38=
+MIICIjCCAcigAwIBAgIBATAKBggqhkjOPQQDAjApMQwwCgYDVQQKDANDT1AxDDAK
+BgNVBAsMA0NPUDELMAkGA1UEAwwCQ0EwHhcNMTcwNjIwMDkwOTQwWhcNMzcwNjE1
+MDkwOTQwWjA6MQwwCgYDVQQKDANDT1AxDDAKBgNVBAsMA0NPUDENMAsGA1UECwwE
+Q09QMTENMAsGA1UEAwwEQ09QMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHaO
+/lWmVlTHbGlYcRxKiM3fq4aYumXSKPazeGVYHhfE19m20pJOgiHSqST40dY2KY7z
+sSlbRdVK7isb86RWz0Ojgc8wgcwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQUzJvC4p2/qAJOaV9YLKP3WXAtQ98wHwYDVR0jBBgw
+FoAUBeUxuEtl5Cul1bUlFut6aTUzdnUwDgYDVR0PAQH/BAQDAgXgMCcGA1UdJQQg
+MB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIgAJ9r6JU15ZHd1HR+gy3jOE1f3+2YGeoUnmFDgIBvHHoCIQDF7NR1gbJgcm/U
+xFnZpFxlRp7+JjmhBHj/bnllE0x1gQ==
 -----END CERTIFICATE-----

msp/testdata/badconfigou/cacerts/cacert.pem

@@ -1,15 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIICYjCCAgmgAwIBAgIUB3CTDOU47sUC5K4kn/Caqnh114YwCgYIKoZIzj0EAwIw
-fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
-biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
-BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMDEyMTkzMTAw
-WhcNMjExMDExMTkzMTAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
-cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEfMB0GA1UEChMWSW50ZXJuZXQg
-V2lkZ2V0cywgSW5jLjEMMAoGA1UECxMDV1dXMRQwEgYDVQQDEwtleGFtcGxlLmNv
-bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIH5b2JaSmqiQXHyqC+cmknICcF
-i5AddVjsQizDV6uZ4v6s+PWiJyzfA/rTtMvYAPq/yeEHpBUB1j053mxnpMujYzBh
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXZ0I9
-qp6CP8TFHZ9bw5nRtZxIEDAfBgNVHSMEGDAWgBQXZ0I9qp6CP8TFHZ9bw5nRtZxI
-EDAKBggqhkjOPQQDAgNHADBEAiAHp5Rbp9Em1G/UmKn8WsCbqDfWecVbZPQj3RK4
-oG5kQQIgQAe4OOKYhJdh3f7URaKfGTf492/nmRmtK+ySKjpHSrU=
+MIIBrTCCAVKgAwIBAgIJAK8/QQKPJc5dMAoGCCqGSM49BAMCMCkxDDAKBgNVBAoM
+A0NPUDEMMAoGA1UECwwDQ09QMQswCQYDVQQDDAJDQTAeFw0xNzA2MjAwOTA5NDBa
+Fw0zNzA2MTUwOTA5NDBaMCkxDDAKBgNVBAoMA0NPUDEMMAoGA1UECwwDQ09QMQsw
+CQYDVQQDDAJDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLVK0PcjQjZ/pUsW
+Y7NHYJSHaPrc7qY/NK9xfLZogZi1axlOz55k6xQH2LIUILffmzXMm3h391Bim3b9
+rPdsvjqjYzBhMB0GA1UdDgQWBBQF5TG4S2XkK6XVtSUW63ppNTN2dTAfBgNVHSME
+GDAWgBQF5TG4S2XkK6XVtSUW63ppNTN2dTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAKBggqhkjOPQQDAgNJADBGAiEAwhPOEE7bfSlDd0WglM1dNHTY
+hU2p/Lx0mgPha/5HW0UCIQCp6q+qL/OEP+mUms6C9nnMSu2eVDZQQ2MJgRNBVHjC
+cw==
 -----END CERTIFICATE-----

msp/testdata/badconfigou/config.yaml

@@ -5,4 +5,4 @@
 
 OrganizationalUnitIdentifiers:
   - Certificate: "cacerts/cacert.pem"
-    OrganizationalUnitIdentifier: "COP2"
+    OrganizationalUnitIdentifier: "COP1"

msp/testdata/badconfigou/keystore/key.pem

@@ -1,5 +1,5 @@
 -----BEGIN EC PRIVATE KEY-----
-MHcCAQEEIAsWwFunEzqz1Rh6nvD4MiPkKCtmoxzh3jTquG5MSbeLoAoGCCqGSM49
-AwEHoUQDQgAEHBuKsAO43hs4JGpFfiGMkB/xsILTsOvmN2WmwpsPHZNL6w8HWe3x
-CPQtdG/XJJvZ+C756KEsUBM3yw5PTfku8g==
+MHcCAQEEIAu4YO8nk0V76CpJLoAZlqXhUE3dpDnQgOkkKkhcUu4FoAoGCCqGSM49
+AwEHoUQDQgAED1djgCwdEwB+sKm2zCbTUFTd6PNkg4IzzVsgpJXIHIILgI1FQf4K
+mLbwjeG93ToqWqjHl6/XBIY2nL9JNZ8kcg==
 -----END EC PRIVATE KEY-----

msp/testdata/badconfigou/signcerts/peer.pem

@@ -1,16 +1,14 @@
 -----BEGIN CERTIFICATE-----
-MIICjDCCAjKgAwIBAgIUBEVwsSx0TmqdbzNwleNBBzoIT0wwCgYIKoZIzj0EAwIw
-fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
-biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
-BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMTExMTcwNzAw
-WhcNMTcxMTExMTcwNzAwWjBjMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGgg
-Q2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxGzAZBgNVBAoTEkh5cGVybGVkZ2Vy
-IEZhYnJpYzEMMAoGA1UECxMDQ09QMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
-HBuKsAO43hs4JGpFfiGMkB/xsILTsOvmN2WmwpsPHZNL6w8HWe3xCPQtdG/XJJvZ
-+C756KEsUBM3yw5PTfku8qOBpzCBpDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOFC
-dcUZ4es3ltiCgAVDoyLfVpPIMB8GA1UdIwQYMBaAFBdnQj2qnoI/xMUdn1vDmdG1
-nEgQMCUGA1UdEQQeMByCCm15aG9zdC5jb22CDnd3dy5teWhvc3QuY29tMAoGCCqG
-SM49BAMCA0gAMEUCIDf9Hbl4xn3z4EwNKmilM9lX2Fq4jWpAaRVB97OmVEeyAiEA
-25aDPQHGGq2AvhKT0wvt08cX1GTGCIbfmuLpMwKQj38=
+MIICIjCCAcigAwIBAgIBAjAKBggqhkjOPQQDAjApMQwwCgYDVQQKDANDT1AxDDAK
+BgNVBAsMA0NPUDELMAkGA1UEAwwCQ0EwHhcNMTcwNjIwMDkwOTQwWhcNMzcwNjE1
+MDkwOTQwWjA6MQwwCgYDVQQKDANDT1AxDDAKBgNVBAsMA0NPUDENMAsGA1UECwwE
+Q09QMjENMAsGA1UEAwwEQ09QMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA9X
+Y4AsHRMAfrCptswm01BU3ejzZIOCM81bIKSVyByCC4CNRUH+Cpi28I3hvd06Klqo
+x5ev1wSGNpy/STWfJHKjgc8wgcwwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMC
+BaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIENsaWVudCBDZXJ0
+aWZpY2F0ZTAdBgNVHQ4EFgQURJZ2HHiYHMsfkGKfad/tyNQ2hPkwHwYDVR0jBBgw
+FoAUBeUxuEtl5Cul1bUlFut6aTUzdnUwDgYDVR0PAQH/BAQDAgXgMCcGA1UdJQQg
+MB4GCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwEwCgYIKoZIzj0EAwIDSAAw
+RQIgbtZhiH3Y7X/JHkvJMqnza6WI6ImFEOo8Vltuxb5Ajt0CIQD2WM1PVR/LlTK+
+VuXjgxinGZ8WAI3TbTMdeS5XD1NuEQ==
 -----END CERTIFICATE-----

msp/testdata/revocation/admincerts/admin.pem

@@ -1,15 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIICYjCCAgmgAwIBAgIUB3CTDOU47sUC5K4kn/Caqnh114YwCgYIKoZIzj0EAwIw
-fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
-biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
-BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMDEyMTkzMTAw
-WhcNMjExMDExMTkzMTAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
-cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEfMB0GA1UEChMWSW50ZXJuZXQg
-V2lkZ2V0cywgSW5jLjEMMAoGA1UECxMDV1dXMRQwEgYDVQQDEwtleGFtcGxlLmNv
-bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIH5b2JaSmqiQXHyqC+cmknICcF
-i5AddVjsQizDV6uZ4v6s+PWiJyzfA/rTtMvYAPq/yeEHpBUB1j053mxnpMujYzBh
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXZ0I9
-qp6CP8TFHZ9bw5nRtZxIEDAfBgNVHSMEGDAWgBQXZ0I9qp6CP8TFHZ9bw5nRtZxI
-EDAKBggqhkjOPQQDAgNHADBEAiAHp5Rbp9Em1G/UmKn8WsCbqDfWecVbZPQj3RK4
-oG5kQQIgQAe4OOKYhJdh3f7URaKfGTf492/nmRmtK+ySKjpHSrU=
------END CERTIFICATE-----
+MIIBdjCCARsCAQkwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFklu
+dGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhh
+bXBsZS5jb20wHhcNMTcwNjIwMDk1MTMwWhcNMzcwNjE1MDk1MTMwWjAOMQwwCgYD
+VQQKDANmb28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARtvjEp4TscNO0Lj5+S
+vDOiWNA+lX1qeWvt1WruGyv9O2e5382h1wxWcy2h2gulc5Wx8mgw9RbMlLOtfEND
+UNBIMAoGCCqGSM49BAMCA0kAMEYCIQCUaOjl1reIpweZKeVl1VJxiV1+xyoT7QEs
+bFQBNL7QYQIhAIuIoWmtkgJRDEraEDniyEJ87unSrOdE0eLjGB0z0sAy
+-----END CERTIFICATE-----

msp/testdata/revocation2/admincerts/admin.pem

@@ -1,15 +1,10 @@
 -----BEGIN CERTIFICATE-----
-MIICYjCCAgmgAwIBAgIUB3CTDOU47sUC5K4kn/Caqnh114YwCgYIKoZIzj0EAwIw
-fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
-biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
-BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMDEyMTkzMTAw
-WhcNMjExMDExMTkzMTAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
-cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEfMB0GA1UEChMWSW50ZXJuZXQg
-V2lkZ2V0cywgSW5jLjEMMAoGA1UECxMDV1dXMRQwEgYDVQQDEwtleGFtcGxlLmNv
-bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIH5b2JaSmqiQXHyqC+cmknICcF
-i5AddVjsQizDV6uZ4v6s+PWiJyzfA/rTtMvYAPq/yeEHpBUB1j053mxnpMujYzBh
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXZ0I9
-qp6CP8TFHZ9bw5nRtZxIEDAfBgNVHSMEGDAWgBQXZ0I9qp6CP8TFHZ9bw5nRtZxI
-EDAKBggqhkjOPQQDAgNHADBEAiAHp5Rbp9Em1G/UmKn8WsCbqDfWecVbZPQj3RK4
-oG5kQQIgQAe4OOKYhJdh3f7URaKfGTf492/nmRmtK+ySKjpHSrU=
------END CERTIFICATE-----
+MIIBdjCCARsCAQkwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFklu
+dGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhh
+bXBsZS5jb20wHhcNMTcwNjIwMDk1MTMwWhcNMzcwNjE1MDk1MTMwWjAOMQwwCgYD
+VQQKDANmb28wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARtvjEp4TscNO0Lj5+S
+vDOiWNA+lX1qeWvt1WruGyv9O2e5382h1wxWcy2h2gulc5Wx8mgw9RbMlLOtfEND
+UNBIMAoGCCqGSM49BAMCA0kAMEYCIQCUaOjl1reIpweZKeVl1VJxiV1+xyoT7QEs
+bFQBNL7QYQIhAIuIoWmtkgJRDEraEDniyEJ87unSrOdE0eLjGB0z0sAy
+-----END CERTIFICATE-----