Let cryptogen set attributes in certificates

[johannww]

This extends cryptogen functionality and allows testing ABAC chaincodes with cryptogen credentials. All defined non-admin users earn all attributes.

Type of change

• New feature

Description

Extends cryptogen to embed user-defined attributes into X.509 certificates as a custom extension (OID 1.2.3.4.5.6.7.8.1), using the same JSON format as fabric-ca. This enables ABAC chaincode testing with cryptogen-generated credentials without requiring a Fabric CA.

This is useful for fast testing environments, without the requirement to boot a CA up and make requests user by user.

Changes:

• NodeSpec and UsersSpec gain an Attrs map[string]string YAML field
• CA.SignCertificate accepts and embeds attributes via a new pkix.Extension
• msp.GenerateLocalMSP forwards attributes to the signing step (TLS certs are unaffected)
• Sample config updated with an abac.creator: "true" example under Users.Attrs
• Tests updated to cover the new signature and verify the extension is correctly serialized

Additional details

Unit tests were added and some generations were run and tested in a kubernetes deploy.

Release Note

Users' cryptogen-generated certs will have the attribute abac.creator set to true by default.