FAB-2564 crypto configuration

PS 5 Addressed Jim's review.

Change-Id: Iabc0f86962e63f3a0828e5399f6a5f0e322e80c0
Signed-off-by: rickr <cr22rc@gmail.com>

Author: cr22rc

src/main/java/org/hyperledger/fabric/sdk/HFClient.java

@@ -48,8 +48,10 @@ public class HFClient {
 
     private CryptoSuite cryptoSuite;
 
+
     static {
 
+
         if (null == System.getProperty("org.hyperledger.fabric.sdk.logGRPC")) {
             // Turn this off by default!
             Logger.getLogger("io.netty").setLevel(Level.OFF);
@@ -87,16 +89,26 @@ public CryptoSuite getCryptoSuite() {
     }
 
     public void setCryptoSuite(CryptoSuite cryptoSuite) throws CryptoException, InvalidArgumentException {
-        if (this.cryptoSuite != null) {
+        if (null == cryptoSuite) {
+            throw new InvalidArgumentException("CryptoSuite paramter is null.");
+        }
+        if (this.cryptoSuite != null && cryptoSuite != this.cryptoSuite) {
             throw new InvalidArgumentException("CryptoSuite may only be set once.");
 
         }
+//        if (cryptoSuiteFactory == null) {
+//            cryptoSuiteFactory = cryptoSuite.getCryptoSuiteFactory();
+//        } else {
+//            if (cryptoSuiteFactory != cryptoSuite.getCryptoSuiteFactory()) {
+//                throw new InvalidArgumentException("CryptoSuite is not derivied from cryptosuite factory");
+//            }
+//        }
 
-        cryptoSuite.init();
         this.cryptoSuite = cryptoSuite;
 
     }
 
+
     /**
      * createNewInstance create a new instance of the HFClient
      *
@@ -592,6 +604,7 @@ private void clientCheck() throws InvalidArgumentException {
             throw new InvalidArgumentException("No cryptoSuite has been set.");
         }
 
+
         userContextCheck(userContext);
 
     }

src/main/java/org/hyperledger/fabric/sdk/SDKUtils.java

@@ -47,17 +47,21 @@ private SDKUtils() {
      * @throws IOException
      * @throws InvalidArgumentException
      */
-    public static byte[] calculateBlockHash(long blockNumber, byte[] previousHash, byte[] dataHash) throws IOException, InvalidArgumentException {
+    public static byte[] calculateBlockHash(HFClient client, long blockNumber, byte[] previousHash, byte[] dataHash) throws IOException, InvalidArgumentException {
 
         if (previousHash == null) {
             throw new InvalidArgumentException("previousHash parameter is null.");
         }
         if (dataHash == null) {
             throw new InvalidArgumentException("dataHash parameter is null.");
         }
+        if (null == client) {
+            throw new InvalidArgumentException("client parameter is null.");
+        }
 
-        if (null == suite) {
-            suite = CryptoSuite.Factory.getCryptoSuite();
+        CryptoSuite cryptoSuite = client.getCryptoSuite();
+        if (null == client) {
+            throw new InvalidArgumentException("Client crypto suite has not  been set.");
         }
 
         ByteArrayOutputStream s = new ByteArrayOutputStream();
@@ -66,7 +70,7 @@ public static byte[] calculateBlockHash(long blockNumber, byte[] previousHash, b
         seq.addObject(new DEROctetString(previousHash));
         seq.addObject(new DEROctetString(dataHash));
         seq.close();
-        return suite.hash(s.toByteArray());
+        return cryptoSuite.hash(s.toByteArray());
 
     }
 

src/main/java/org/hyperledger/fabric/sdk/helper/Config.java

@@ -16,11 +16,17 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Properties;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.log4j.Level;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import static java.lang.String.format;
 
 /**
  * Config allows for a global config of the toolkit. Central location for all
@@ -37,28 +43,40 @@ public class Config {
 
     private static final String DEFAULT_CONFIG = "config.properties";
     public static final String ORG_HYPERLEDGER_FABRIC_SDK_CONFIGURATION = "org.hyperledger.fabric.sdk.configuration";
-    public static final String SECURITY_LEVEL = "org.hyperledger.fabric.sdk.security_level";
-    public static final String HASH_ALGORITHM = "org.hyperledger.fabric.sdk.hash_algorithm";
+    /**
+     * Timeout settings
+     **/
     public static final String PROPOSAL_WAIT_TIME = "org.hyperledger.fabric.sdk.proposal.wait.time";
     public static final String CHANNEL_CONFIG_WAIT_TIME = "org.hyperledger.fabric.sdk.channelconfig.wait_time";
     public static final String ORDERER_RETRY_WAIT_TIME = "org.hyperledger.fabric.sdk.orderer_retry.wait_time";
     public static final String ORDERER_WAIT_TIME = "org.hyperledger.fabric.sdk.orderer.ordererWaitTimeMilliSecs";
     public static final String EVENTHUB_CONNECTION_WAIT_TIME = "org.hyperledger.fabric.sdk.eventhub_connection.wait_time";
-    public static final String PROPOSAL_CONSISTENCY_VALIDATION = "org.hyperledger.fabric.sdk.proposal.consistency_validation";
     public static final String GENESISBLOCK_WAIT_TIME = "org.hyperledger.fabric.sdk.channel.genesisblock_wait_time";
+    /**
+     * Crypto configuration settings
+     **/
+    public static final String DEFAULT_CRYPTO_SUITE_FACTORY = "org.hyperledger.fabric.sdk.crypto.default_crypto_suite_factory";
+    public static final String SECURITY_LEVEL = "org.hyperledger.fabric.sdk.security_level";
+    public static final String SECURITY_PROVIDER_CLASS_NAME = "org.hyperledger.fabric.sdk.security_provider_class_name";
+    public static final String SECURITY_CURVE_MAPPING = "org.hyperledger.fabric.sdk.security_curve_mapping";
+    public static final String HASH_ALGORITHM = "org.hyperledger.fabric.sdk.hash_algorithm";
     public static final String ASYMMETRIC_KEY_TYPE = "org.hyperledger.fabric.sdk.crypto.asymmetric_key_type";
-    public static final String KEY_AGREEMENT_ALGORITHM = "org.hyperledger.fabric.sdk.crypto.key_agreement_algorithm";
-    public static final String SYMMETRIC_KEY_TYPE = "org.hyperledger.fabric.sdk.crypto.symmetric_key_type";
-    public static final String SYMMETRIC_KEY_BYTE_COUNT = "org.hyperledger.fabric.sdk.crypto.symmetric_key_byte_count";
-    public static final String SYMMETRIC_ALGORITHM = "org.hyperledger.fabric.sdk.crypto.symmetric_algorithm";
-    public static final String MAC_KEY_BYTE_COUNT = "org.hyperledger.fabric.sdk.crypto.mac_key_byte_count";
+
     public static final String CERTIFICATE_FORMAT = "org.hyperledger.fabric.sdk.crypto.certificate_format";
     public static final String SIGNATURE_ALGORITHM = "org.hyperledger.fabric.sdk.crypto.default_signature_algorithm";
+    /**
+     * Logging settings
+     **/
     public static final String MAX_LOG_STRING_LENGTH = "org.hyperledger.fabric.sdk.log.stringlengthmax";
     public static final String EXTRALOGLEVEL = "org.hyperledger.fabric.sdk.log.extraloglevel";
     public static final String LOGGERLEVEL = "org.hyperledger.fabric.sdk.loglevel";  // ORG_HYPERLEDGER_FABRIC_SDK_LOGLEVEL=TRACE,DEBUG
     public static final String DIAGNOTISTIC_FILE_DIRECTORY = "org.hyperledger.fabric.sdk.diagnosticFileDir"; //ORG_HYPERLEDGER_FABRIC_SDK_DIAGNOSTICFILEDIR
 
+    /**
+     * Miscellaneous settings
+     **/
+    public static final String PROPOSAL_CONSISTENCY_VALIDATION = "org.hyperledger.fabric.sdk.proposal.consistency_validation";
+
     private static Config config;
     private static final Properties sdkProperties = new Properties();
 
@@ -69,39 +87,51 @@ private Config() {
         try {
             loadFile = new File(System.getProperty(ORG_HYPERLEDGER_FABRIC_SDK_CONFIGURATION, DEFAULT_CONFIG))
                     .getAbsoluteFile();
-            logger.debug(String.format("Loading configuration from %s and it is present: %b", loadFile.toString(),
+            logger.debug(format("Loading configuration from %s and it is present: %b", loadFile.toString(),
                     loadFile.exists()));
             configProps = new FileInputStream(loadFile);
             sdkProperties.load(configProps);
 
         } catch (IOException e) {
-            logger.warn(String.format("Failed to load any configuration from: %s. Using toolkit defaults",
+            logger.warn(format("Failed to load any configuration from: %s. Using toolkit defaults",
                     DEFAULT_CONFIG));
         } finally {
 
             // Default values
+            /**
+             * Timeout settings
+             **/
+            defaultProperty(PROPOSAL_WAIT_TIME, "20000");
+            defaultProperty(CHANNEL_CONFIG_WAIT_TIME, "15000");
+            defaultProperty(ORDERER_RETRY_WAIT_TIME, "200");
+            defaultProperty(ORDERER_WAIT_TIME, "3000");
+            defaultProperty(EVENTHUB_CONNECTION_WAIT_TIME, "1000");
+            defaultProperty(GENESISBLOCK_WAIT_TIME, "5000");
+
+            /**
+             * Crypto configuration settings
+             **/
+            defaultProperty(DEFAULT_CRYPTO_SUITE_FACTORY, "org.hyperledger.fabric.sdk.security.HLSDKJCryptoSuiteFactory");
+            defaultProperty(SECURITY_LEVEL, "256");
+            defaultProperty(SECURITY_PROVIDER_CLASS_NAME, BouncyCastleProvider.class.getName());
+            defaultProperty(SECURITY_CURVE_MAPPING, "256=secp256r1:384=secp384r1");
+            defaultProperty(HASH_ALGORITHM, "SHA2");
             defaultProperty(ASYMMETRIC_KEY_TYPE, "EC");
-            defaultProperty(KEY_AGREEMENT_ALGORITHM, "ECDH");
-            defaultProperty(SYMMETRIC_KEY_TYPE, "AES");
-            defaultProperty(SYMMETRIC_KEY_BYTE_COUNT, "32");
-            defaultProperty(SYMMETRIC_ALGORITHM, "AES/CFB/NoPadding");
-            defaultProperty(MAC_KEY_BYTE_COUNT, "32");
+
             defaultProperty(CERTIFICATE_FORMAT, "X.509");
             defaultProperty(SIGNATURE_ALGORITHM, "SHA256withECDSA");
-            defaultProperty(SECURITY_LEVEL, "256");
-            defaultProperty(HASH_ALGORITHM, "SHA2");
-            defaultProperty(PROPOSAL_CONSISTENCY_VALIDATION, "true");
 
-            defaultProperty(PROPOSAL_WAIT_TIME, "20000");
-            defaultProperty(GENESISBLOCK_WAIT_TIME, "5000");
+            /**
+             * Logging settings
+             **/
             defaultProperty(MAX_LOG_STRING_LENGTH, "64");
             defaultProperty(EXTRALOGLEVEL, "0");
             defaultProperty(LOGGERLEVEL, null);
             defaultProperty(DIAGNOTISTIC_FILE_DIRECTORY, null);
-            defaultProperty(CHANNEL_CONFIG_WAIT_TIME, "15000");
-            defaultProperty(ORDERER_RETRY_WAIT_TIME, "200");
-            defaultProperty(ORDERER_WAIT_TIME, "3000");
-            defaultProperty(EVENTHUB_CONNECTION_WAIT_TIME, "1000");
+            /**
+             * Miscellaneous settings
+             */
+            defaultProperty(PROPOSAL_CONSISTENCY_VALIDATION, "true");
 
             final String inLogLevel = sdkProperties.getProperty(LOGGERLEVEL);
 
@@ -171,7 +201,7 @@ private String getProperty(String property) {
         String ret = sdkProperties.getProperty(property);
 
         if (null == ret) {
-            logger.warn(String.format("No configuration value found for '%s'", property));
+            logger.warn(format("No configuration value found for '%s'", property));
         }
         return ret;
     }
@@ -207,6 +237,16 @@ public int getSecurityLevel() {
 
     }
 
+    /**
+     * Get the configured security provider.
+     * This is the security provider used for the default SDK crypto suite factory.
+     *
+     * @return the security provider.
+     */
+    public String getSecurityProviderClassName() {
+        return getProperty(SECURITY_PROVIDER_CLASS_NAME);
+    }
+
     /**
      * Get the name of the configured hash algorithm, used for digital signatures.
      *
@@ -217,6 +257,51 @@ public String getHashAlgorithm() {
 
     }
 
+    private Map<Integer, String> curveMapping = null;
+
+    /**
+     * Get a mapping from strength to curve desired.
+     *
+     * @return mapping from strength to curve name to use.
+     */
+    public Map<Integer, String> getSecurityCurveMapping() {
+
+        if (curveMapping == null) {
+
+            curveMapping = parseSecurityCurveMappings(getProperty(SECURITY_CURVE_MAPPING));
+        }
+
+        return Collections.unmodifiableMap(curveMapping);
+    }
+
+    public static Map<Integer, String> parseSecurityCurveMappings(final String property) {
+        Map<Integer, String> lcurveMapping = new HashMap<>(8);
+
+        if (property != null && !property.isEmpty()) { //empty will be caught later.
+
+            String[] cmaps = property.split("[ \t]*:[ \t]*");
+            for (String mape : cmaps) {
+
+                String[] ep = mape.split("[ \t]*=[ \t]*");
+                if (ep.length != 2) {
+                    logger.warn(format("Bad curve mapping for %s in property %s", mape, SECURITY_CURVE_MAPPING));
+                    continue;
+                }
+
+                try {
+                    int parseInt = Integer.parseInt(ep[0]);
+                    lcurveMapping.put(parseInt, ep[1]);
+                } catch (NumberFormatException e) {
+                    logger.warn(format("Bad curve mapping. Integer needed for strength %s for %s in property %s",
+                            ep[0], mape, SECURITY_CURVE_MAPPING));
+                }
+
+            }
+
+        }
+        return lcurveMapping;
+    }
+
     /**
      * Get the timeout for a single proposal request to endorser.
      *
@@ -265,26 +350,6 @@ public String getAsymmetricKeyType() {
         return getProperty(ASYMMETRIC_KEY_TYPE);
     }
 
-    public String getKeyAgreementAlgorithm() {
-        return getProperty(KEY_AGREEMENT_ALGORITHM);
-    }
-
-    public String getSymmetricKeyType() {
-        return getProperty(SYMMETRIC_KEY_TYPE);
-    }
-
-    public int getSymmetricKeyByteCount() {
-        return Integer.parseInt(getProperty(SYMMETRIC_KEY_BYTE_COUNT));
-    }
-
-    public String getSymmetricAlgorithm() {
-        return getProperty(SYMMETRIC_ALGORITHM);
-    }
-
-    public int getMACKeyByteCount() {
-        return Integer.parseInt(getProperty(MAC_KEY_BYTE_COUNT));
-    }
-
     public String getCertificateFormat() {
         return getProperty(CERTIFICATE_FORMAT);
     }
@@ -293,6 +358,10 @@ public String getSignatureAlgorithm() {
         return getProperty(SIGNATURE_ALGORITHM);
     }
 
+    public String getDefaultCryptoSuiteFactory() {
+        return getProperty(DEFAULT_CRYPTO_SUITE_FACTORY);
+    }
+
     public int maxLogStringLength() {
         return Integer.parseInt(getProperty(MAX_LOG_STRING_LENGTH));
     }