Depricate using gossip ignore security

Since there is tool for generating peer crypto material
there is no more need to allow bypassing security checks
within gossip layer because each peer will have unique
identity.

Change-Id: Ic4cd40c724823afa7a7d04c68db45247a0c38f9f
Signed-off-by: Artem Barger <[email protected]>

Author: C0rWin

examples/e2e_cli/docker-compose.yaml

@@ -193,7 +193,6 @@ services:
       - CORE_PEER_ENDORSER_ENABLED=true
       # - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer0:7050
       - CORE_PEER_ADDRESS=peer0:7051
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
       - CORE_PEER_LOCALMSPID=Org0MSP
       - CORE_PEER_TLS_ENABLED=true
       - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peer/peer0/localMspConfig/signcerts/peer0Signer.pem

examples/sfhackfest/channel_test.sh

@@ -27,7 +27,7 @@ EOF
 
 #create
 echo "Creating channel on Orderer"
-CORE_PEER_GOSSIP_IGNORESECURITY=true CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp/sampleconfig CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050 peer channel create -c myc1 -a anchorPeer.txt >>log.txt 2>&1
+CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp/sampleconfig CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050 peer channel create -c myc1 -a anchorPeer.txt >>log.txt 2>&1
 cat log.txt
    grep -q "Exiting" log.txt
    if [ $? -ne 0 ]; then

examples/sfhackfest/docker-compose-gettingstarted.yml

@@ -65,8 +65,6 @@ services:
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
       - CORE_PEER_GOSSIP_ORGLEADER=true
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
-
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
 
     command: peer node start --peer-defaultchain=false
@@ -95,7 +93,6 @@ services:
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
       - CORE_PEER_GOSSIP_ORGLEADER=true
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
     ports:
       - 8055:7051
@@ -123,7 +120,6 @@ services:
       - CORE_PEER_PROFILE_ENABLED=true
       - CORE_PEER_COMMITTER_LEDGER_ORDERER=orderer:7050
       - CORE_PEER_GOSSIP_ORGLEADER=true
-      - CORE_PEER_GOSSIP_IGNORESECURITY=true
     working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
 
     ports:

gossip/service/gossip_service.go

@@ -137,14 +137,6 @@ func InitGossipServiceCustomDeliveryFactory(peerIdentity []byte, endpoint string
 			endpoint = overrideEndpoint
 		}
 
-		if viper.GetBool("peer.gossip.ignoreSecurity") {
-			logger.Info("This peer ignoring security in gossip")
-			sec := &secImpl{[]byte(endpoint)}
-			mcs = sec
-			secAdv = sec
-			peerIdentity = []byte(endpoint)
-		}
-
 		idMapper := identity.NewIdentityMapper(mcs)
 		idMapper.Put(mcs.GetPKIidOfCert(peerIdentity), peerIdentity)
 
@@ -312,35 +304,3 @@ func orgListFromConfig(config Config) []string {
 	}
 	return orgList
 }
-
-type secImpl struct {
-	identity []byte
-}
-
-func (*secImpl) OrgByPeerIdentity(api.PeerIdentityType) api.OrgIdentityType {
-	return api.OrgIdentityType("DEFAULT")
-}
-
-func (s *secImpl) GetPKIidOfCert(peerIdentity api.PeerIdentityType) gossipCommon.PKIidType {
-	return gossipCommon.PKIidType(peerIdentity)
-}
-
-func (s *secImpl) VerifyBlock(chainID gossipCommon.ChainID, signedBlock []byte) error {
-	return nil
-}
-
-func (s *secImpl) Sign(msg []byte) ([]byte, error) {
-	return msg, nil
-}
-
-func (s *secImpl) Verify(peerIdentity api.PeerIdentityType, signature, message []byte) error {
-	return nil
-}
-
-func (s *secImpl) VerifyByChannel(chainID gossipCommon.ChainID, peerIdentity api.PeerIdentityType, signature, message []byte) error {
-	return nil
-}
-
-func (s *secImpl) ValidateIdentity(peerIdentity api.PeerIdentityType) error {
-	return nil
-}

peer/core.yaml

@@ -112,8 +112,6 @@ peer:
         publishCertPeriod: 10s
         # Should we skip verifying block messages or not
         skipBlockVerification: false
-        # Should we ignore security or not
-        ignoreSecurity: false
         # Dial timeout(unit: second)
         dialTimeout: 3s
         # Connection timeout(unit: second)