gitee.com/zhaochuninhefei/fabric-ca-gm@v0.0.2/lib/server/operations/operations_suite_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package operations_test 8 9 import ( 10 "crypto/rand" 11 "crypto/rsa" 12 "crypto/x509/pkix" 13 "encoding/pem" 14 "fmt" 15 "io/ioutil" 16 "math/big" 17 "net" 18 "os" 19 "path/filepath" 20 "testing" 21 "time" 22 23 http "gitee.com/zhaochuninhefei/gmgo/gmhttp" 24 25 tls "gitee.com/zhaochuninhefei/gmgo/gmtls" 26 27 "gitee.com/zhaochuninhefei/gmgo/x509" 28 29 . "github.com/onsi/ginkgo" 30 . "github.com/onsi/gomega" 31 ) 32 33 func TestOperations(t *testing.T) { 34 RegisterFailHandler(Fail) 35 RunSpecs(t, "Operations Suite") 36 } 37 38 func generateCertificates(dir string) error { 39 cert, privKey, err := genRoot("server-ca", dir) 40 if err != nil { 41 return err 42 } 43 err = genCert("server", dir, cert, privKey) 44 if err != nil { 45 return err 46 } 47 cert, privKey, err = genRoot("client-ca", dir) 48 if err != nil { 49 return err 50 } 51 err = genCert("client", dir, cert, privKey) 52 if err != nil { 53 return err 54 } 55 56 return nil 57 } 58 59 func genRoot(name, dir string) ([]byte, *rsa.PrivateKey, error) { 60 template := &x509.Certificate{ 61 IsCA: true, 62 BasicConstraintsValid: true, 63 SubjectKeyId: []byte{1, 2, 3}, 64 SerialNumber: big.NewInt(1234), 65 Subject: pkix.Name{ 66 Country: []string{"CN"}, 67 Organization: []string{"gcsoft"}, 68 CommonName: "localhost", 69 }, 70 NotBefore: time.Now(), 71 NotAfter: time.Now().AddDate(5, 5, 5), 72 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 73 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, 74 DNSNames: []string{"127.0.0.1", "localhost"}, 75 } 76 77 // generate private key 78 privatekey, err := rsa.GenerateKey(rand.Reader, 2048) 79 if err != nil { 80 return nil, nil, err 81 } 82 83 publickey := &privatekey.PublicKey 84 85 // create a self-signed certificate. template = parent 86 var parent = template 87 cert, err := x509.CreateCertificate(rand.Reader, template, parent, publickey, privatekey) 88 if err != nil { 89 return nil, nil, err 90 } 91 92 // save cert 93 certOut, err := os.Create(filepath.Join(dir, fmt.Sprintf("%s.pem", name))) 94 if err != nil { 95 return nil, nil, err 96 } 97 if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { 98 return nil, nil, err 99 } 100 if err := certOut.Close(); err != nil { 101 return nil, nil, err 102 } 103 104 return cert, privatekey, nil 105 } 106 107 func genCert(name, dir string, cert []byte, privKey *rsa.PrivateKey) error { 108 template := &x509.Certificate{ 109 BasicConstraintsValid: true, 110 SubjectKeyId: []byte{1, 2, 3}, 111 SerialNumber: big.NewInt(1234), 112 Subject: pkix.Name{ 113 Country: []string{"CN"}, 114 CommonName: "localhost", 115 }, 116 NotBefore: time.Now(), 117 NotAfter: time.Now().AddDate(5, 5, 5), 118 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 119 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, 120 DNSNames: []string{"127.0.0.1", "localhost"}, 121 IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, 122 } 123 124 // generate private key 125 privatekey, err := rsa.GenerateKey(rand.Reader, 2048) 126 if err != nil { 127 return err 128 } 129 130 publickey := &privatekey.PublicKey 131 if err != nil { 132 return err 133 } 134 135 parentCert, err := x509.ParseCertificate(cert) 136 if err != nil { 137 return err 138 } 139 140 // create a self-signed certificate. template = parent 141 cert, err = x509.CreateCertificate(rand.Reader, template, parentCert, publickey, privKey) 142 if err != nil { 143 return err 144 } 145 146 certOut, err := os.Create(filepath.Join(dir, fmt.Sprintf("%s-cert.pem", name))) 147 if err != nil { 148 return err 149 } 150 if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { 151 return err 152 } 153 if err := certOut.Close(); err != nil { 154 return err 155 } 156 157 pemfile, _ := os.Create(filepath.Join(dir, fmt.Sprintf("%s-key.pem", name))) 158 var pemkey = &pem.Block{ 159 Type: "RSA PRIVATE KEY", 160 Bytes: x509.MarshalPKCS1PrivateKey(privatekey)} 161 pem.Encode(pemfile, pemkey) 162 pemfile.Close() 163 164 return nil 165 } 166 167 func newHTTPClient(tlsDir string, withClientCert bool) *http.Client { 168 clientCertPool := x509.NewCertPool() 169 caCert, err := ioutil.ReadFile(filepath.Join(tlsDir, "server-ca.pem")) 170 Expect(err).NotTo(HaveOccurred()) 171 clientCertPool.AppendCertsFromPEM(caCert) 172 173 tlsClientConfig := &tls.Config{ 174 RootCAs: clientCertPool, 175 } 176 if withClientCert { 177 clientCert, err := tls.LoadX509KeyPair( 178 filepath.Join(tlsDir, "client-cert.pem"), 179 filepath.Join(tlsDir, "client-key.pem"), 180 ) 181 Expect(err).NotTo(HaveOccurred()) 182 tlsClientConfig.Certificates = []tls.Certificate{clientCert} 183 } 184 185 return &http.Client{ 186 Transport: &http.Transport{ 187 TLSClientConfig: tlsClientConfig, 188 }, 189 } 190 }