github.com/Hnampk/fabric@v2.1.1+incompatible/common/grpclogging/grpclogging_suite_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package grpclogging_test 8 9 import ( 10 "bytes" 11 "crypto/ecdsa" 12 "crypto/elliptic" 13 "crypto/rand" 14 "crypto/tls" 15 "crypto/x509" 16 "crypto/x509/pkix" 17 "encoding/pem" 18 "math/big" 19 "net" 20 "testing" 21 "time" 22 23 "github.com/hyperledger/fabric/common/grpclogging/testpb" 24 . "github.com/onsi/ginkgo" 25 . "github.com/onsi/gomega" 26 ) 27 28 //go:generate protoc --proto_path=testpb --go_out=plugins=grpc,paths=source_relative:testpb testpb/echo.proto 29 30 func TestGrpclogging(t *testing.T) { 31 RegisterFailHandler(Fail) 32 RunSpecs(t, "Grpclogging Suite") 33 } 34 35 var ( 36 clientCertWithKey tls.Certificate 37 serverCertWithKey tls.Certificate 38 39 caCertPool *x509.CertPool 40 clientTLSConfig *tls.Config 41 serverTLSConfig *tls.Config 42 ) 43 44 var _ = BeforeSuite(func() { 45 var err error 46 caCert, caKey := generateCA("test-ca", "127.0.0.1") 47 clientCert, clientKey := issueCertificate(caCert, caKey, "client", "127.0.0.1") 48 clientCertWithKey, err = tls.X509KeyPair(clientCert, clientKey) 49 Expect(err).NotTo(HaveOccurred()) 50 serverCert, serverKey := issueCertificate(caCert, caKey, "server", "127.0.0.1") 51 serverCertWithKey, err = tls.X509KeyPair(serverCert, serverKey) 52 Expect(err).NotTo(HaveOccurred()) 53 54 caCertPool = x509.NewCertPool() 55 added := caCertPool.AppendCertsFromPEM(caCert) 56 Expect(added).To(BeTrue()) 57 58 serverTLSConfig = &tls.Config{ 59 Certificates: []tls.Certificate{serverCertWithKey}, 60 ClientAuth: tls.VerifyClientCertIfGiven, 61 ClientCAs: caCertPool, 62 RootCAs: caCertPool, 63 } 64 serverTLSConfig.BuildNameToCertificate() 65 66 clientTLSConfig = &tls.Config{ 67 Certificates: []tls.Certificate{clientCertWithKey}, 68 RootCAs: caCertPool, 69 ClientSessionCache: tls.NewLRUClientSessionCache(10), 70 } 71 clientTLSConfig.BuildNameToCertificate() 72 }) 73 74 //go:generate counterfeiter -o fakes/echo_service.go --fake-name EchoServiceServer . echoServiceServer 75 76 type echoServiceServer interface { 77 testpb.EchoServiceServer 78 } 79 80 func newTemplate(subjectCN string, hosts ...string) x509.Certificate { 81 notBefore := time.Now().Add(-1 * time.Minute) 82 notAfter := time.Now().Add(time.Duration(365 * 24 * time.Hour)) 83 84 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) 85 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) 86 Expect(err).NotTo(HaveOccurred()) 87 88 template := x509.Certificate{ 89 Subject: pkix.Name{CommonName: subjectCN}, 90 SerialNumber: serialNumber, 91 NotBefore: notBefore, 92 NotAfter: notAfter, 93 KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, 94 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, 95 BasicConstraintsValid: true, 96 } 97 for _, h := range hosts { 98 if ip := net.ParseIP(h); ip != nil { 99 template.IPAddresses = append(template.IPAddresses, ip) 100 } else { 101 template.DNSNames = append(template.DNSNames, h) 102 } 103 } 104 105 return template 106 } 107 108 func pemEncode(derCert []byte, key *ecdsa.PrivateKey) (pemCert, pemKey []byte) { 109 certBuf := &bytes.Buffer{} 110 err := pem.Encode(certBuf, &pem.Block{Type: "CERTIFICATE", Bytes: derCert}) 111 Expect(err).NotTo(HaveOccurred()) 112 113 keyBytes, err := x509.MarshalECPrivateKey(key) 114 Expect(err).NotTo(HaveOccurred()) 115 116 keyBuf := &bytes.Buffer{} 117 err = pem.Encode(keyBuf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}) 118 Expect(err).NotTo(HaveOccurred()) 119 120 return certBuf.Bytes(), keyBuf.Bytes() 121 } 122 123 func generateCA(subjectCN string, hosts ...string) (pemCert, pemKey []byte) { 124 privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) 125 Expect(err).NotTo(HaveOccurred()) 126 publicKey := privateKey.Public() 127 128 template := newTemplate(subjectCN, hosts...) 129 template.KeyUsage |= x509.KeyUsageCertSign 130 template.IsCA = true 131 132 derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey, privateKey) 133 Expect(err).NotTo(HaveOccurred()) 134 135 return pemEncode(derBytes, privateKey) 136 } 137 138 func issueCertificate(caCert, caKey []byte, subjectCN string, hosts ...string) (pemCert, pemKey []byte) { 139 tlsCert, err := tls.X509KeyPair(caCert, caKey) 140 Expect(err).NotTo(HaveOccurred()) 141 142 ca, err := x509.ParseCertificate(tlsCert.Certificate[0]) 143 Expect(err).NotTo(HaveOccurred()) 144 145 privateKey, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) 146 Expect(err).NotTo(HaveOccurred()) 147 publicKey := privateKey.Public() 148 149 template := newTemplate(subjectCN, hosts...) 150 derBytes, err := x509.CreateCertificate(rand.Reader, &template, ca, publicKey, tlsCert.PrivateKey) 151 Expect(err).NotTo(HaveOccurred()) 152 153 return pemEncode(derBytes, privateKey) 154 }