github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/certificate/reenroller/reenroller_test.go (about) 1 /* 2 * Copyright contributors to the Hyperledger Fabric Operator project 3 * 4 * SPDX-License-Identifier: Apache-2.0 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); 7 * you may not use this file except in compliance with the License. 8 * You may obtain a copy of the License at: 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, software 13 * distributed under the License is distributed on an "AS IS" BASIS, 14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 * See the License for the specific language governing permissions and 16 * limitations under the License. 17 */ 18 19 package reenroller_test 20 21 import ( 22 "fmt" 23 "time" 24 25 current "github.com/IBM-Blockchain/fabric-operator/api/v1beta1" 26 "github.com/IBM-Blockchain/fabric-operator/pkg/certificate/reenroller" 27 "github.com/IBM-Blockchain/fabric-operator/pkg/certificate/reenroller/mocks" 28 "github.com/hyperledger/fabric-ca/lib" 29 "github.com/hyperledger/fabric-ca/lib/client/credential" 30 fabricx509 "github.com/hyperledger/fabric-ca/lib/client/credential/x509" 31 "github.com/hyperledger/fabric-ca/lib/tls" 32 . "github.com/onsi/ginkgo/v2" 33 . "github.com/onsi/gomega" 34 "github.com/pkg/errors" 35 ) 36 37 const ( 38 homeDir = "test-reenroller-dir" 39 testkey = "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ3hRUXdSVFFpVUcwREo1UHoKQTJSclhIUEtCelkxMkxRa0MvbVlveWo1bEhDaFJBTkNBQVN5bE1YLzFqdDlmUGt1RTZ0anpvSTlQbGt4LzZuVQpCMHIvMU56TTdrYnBjUk8zQ3RIeXQ2TXlQR21FOUZUN29pYXphU3J1TW9JTDM0VGdBdUpIOU9ZWQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==" 40 ) 41 42 var _ = Describe("Reenroller", func() { 43 BeforeEach(func() { 44 mockIdentity = &mocks.Identity{} 45 46 config = ¤t.Enrollment{ 47 CAHost: serverUrlObj.Hostname(), 48 CAPort: serverUrlObj.Port(), 49 EnrollID: "admin", 50 EnrollSecret: "adminpw", 51 CATLS: ¤t.CATLS{ 52 CACert: serverCert, 53 }, 54 CSR: ¤t.CSR{ 55 Hosts: []string{"csrhost"}, 56 }, 57 } 58 59 client := &lib.Client{ 60 HomeDir: homeDir, 61 Config: &lib.ClientConfig{ 62 TLS: tls.ClientTLSConfig{ 63 Enabled: true, 64 CertFiles: []string{"tlsCert.pem"}, 65 }, 66 URL: fmt.Sprintf("https://%s:%s", config.CAHost, config.CAPort), 67 }, 68 } 69 70 timeout, _ := time.ParseDuration("10s") 71 testReenroller = &reenroller.Reenroller{ 72 Client: client, 73 Identity: mockIdentity, 74 Config: config, 75 HomeDir: homeDir, 76 Timeout: timeout, 77 } 78 79 signer := &fabricx509.Signer{} 80 cred := &fabricx509.Credential{} 81 cred.SetVal(signer) 82 mockIdentity.ReenrollReturns(&lib.EnrollmentResponse{ 83 Identity: lib.NewIdentity(&lib.Client{}, "caIdentity", []credential.Credential{cred}), 84 }, nil) 85 }) 86 87 Context("Enrollment configuration validation", func() { 88 It("returns an error if missing CA host", func() { 89 config.CAHost = "" 90 _, err = reenroller.New(config, homeDir, nil, "", true) 91 Expect(err).To(HaveOccurred()) 92 Expect(err.Error()).To(Equal("unable to reenroll, CA host not specified")) 93 }) 94 95 It("returns an error if missing CA Port", func() { 96 config.CAPort = "" 97 _, err = reenroller.New(config, homeDir, nil, "", true) 98 Expect(err).To(HaveOccurred()) 99 Expect(err.Error()).To(Equal("unable to reenroll, CA port not specified")) 100 }) 101 102 It("returns an error if missing enrollment ID", func() { 103 config.EnrollID = "" 104 _, err = reenroller.New(config, homeDir, nil, "", true) 105 Expect(err).To(HaveOccurred()) 106 Expect(err.Error()).To(Equal("unable to reenroll, enrollment ID not specified")) 107 }) 108 109 It("returns an error if missing TLS cert", func() { 110 config.CATLS.CACert = "" 111 _, err = reenroller.New(config, homeDir, nil, "", true) 112 Expect(err).To(HaveOccurred()) 113 Expect(err.Error()).To(Equal("unable to reenroll, CA TLS certificate not specified")) 114 }) 115 }) 116 117 Context("test avaialability of CA", func() { 118 It("returns false if CA is not reachable", func() { 119 timeout, _ := time.ParseDuration("0.5s") 120 testReenroller.Timeout = timeout 121 testReenroller.Config.CAHost = "unreachable.test" 122 reachable := testReenroller.IsCAReachable() 123 Expect(reachable).To(BeFalse()) 124 }) 125 It("returns true if CA is reachable", func() { 126 timeout, _ := time.ParseDuration("0.5s") 127 testReenroller.Timeout = timeout 128 testReenroller.Config.CAHost = serverUrlObj.Hostname() 129 testReenroller.Config.CAPort = serverUrlObj.Port() 130 testReenroller.Config.CATLS.CACert = serverCert 131 reachable := testReenroller.IsCAReachable() 132 Expect(reachable).To(BeTrue()) 133 }) 134 }) 135 136 Context("init client", func() { 137 It("returns an error if failed to initialize CA client", func() { 138 testReenroller.Config.CATLS.CACert = "" 139 err = testReenroller.InitClient() 140 Expect(err).To(HaveOccurred()) 141 Expect(err.Error()).To(Equal("unable to init client for re-enroll, CA is not reachable")) 142 }) 143 144 It("returns initializes CA client", func() { 145 err = testReenroller.InitClient() 146 Expect(err).NotTo(HaveOccurred()) 147 }) 148 }) 149 150 Context("reenrolls with CA", func() { 151 152 It("returns an error if reenrollment with CA fails", func() { 153 mockIdentity.ReenrollReturns(nil, errors.New("bad reenrollment")) 154 _, err = testReenroller.Reenroll() 155 Expect(err).To(HaveOccurred()) 156 Expect(err.Error()).To(Equal("failed to re-enroll with CA: bad reenrollment")) 157 }) 158 159 It("reenrolls with CA for new certificate", func() { 160 _, err = testReenroller.Reenroll() 161 Expect(err).NotTo(HaveOccurred()) 162 }) 163 }) 164 165 })