github.com/IBM-Blockchain/fabric-operator@v1.0.4/pkg/initializer/common/config/config_test.go (about)

     1  /*
     2   * Copyright contributors to the Hyperledger Fabric Operator project
     3   *
     4   * SPDX-License-Identifier: Apache-2.0
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License");
     7   * you may not use this file except in compliance with the License.
     8   * You may obtain a copy of the License at:
     9   *
    10   * 	  http://www.apache.org/licenses/LICENSE-2.0
    11   *
    12   * Unless required by applicable law or agreed to in writing, software
    13   * distributed under the License is distributed on an "AS IS" BASIS,
    14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15   * See the License for the specific language governing permissions and
    16   * limitations under the License.
    17   */
    18  
    19  package config_test
    20  
    21  import (
    22  	"crypto/ecdsa"
    23  	"crypto/elliptic"
    24  	"crypto/rand"
    25  	"crypto/x509"
    26  	"crypto/x509/pkix"
    27  	"encoding/pem"
    28  	"math/big"
    29  
    30  	"github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/config"
    31  	common "github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/config"
    32  	"github.com/IBM-Blockchain/fabric-operator/pkg/initializer/common/config/mocks"
    33  	. "github.com/onsi/ginkgo/v2"
    34  	. "github.com/onsi/gomega"
    35  	"github.com/pkg/errors"
    36  )
    37  
    38  var _ = Describe("Peer configuration", func() {
    39  	Context("verify cert OU", func() {
    40  		var (
    41  			resp         *common.Response
    42  			certtemplate *x509.Certificate
    43  		)
    44  
    45  		BeforeEach(func() {
    46  			certtemplate = &x509.Certificate{
    47  				SerialNumber: big.NewInt(1),
    48  				Subject: pkix.Name{
    49  					OrganizationalUnit: []string{"peer", "orderer", "admin"},
    50  				},
    51  			}
    52  			certBytes := createCertBytes(certtemplate)
    53  
    54  			resp = &common.Response{
    55  				SignCert:   certBytes,
    56  				AdminCerts: [][]byte{certBytes},
    57  			}
    58  		})
    59  
    60  		It("returns error if peer signcert doesn't have OU type 'peer'", func() {
    61  			certtemplate.Subject.OrganizationalUnit = []string{"invalidou"}
    62  			certbytes := createCertBytes(certtemplate)
    63  			resp.SignCert = certbytes
    64  
    65  			err := resp.VerifyCertOU("peer")
    66  			Expect(err).To(HaveOccurred())
    67  			Expect(err.Error()).To(Equal("invalid OU for signcert: cert does not have right OU, expecting 'peer'"))
    68  		})
    69  
    70  		It("return error if sign cert has no OU defined", func() {
    71  			certtemplate.Subject.OrganizationalUnit = nil
    72  			certbytes := createCertBytes(certtemplate)
    73  			resp.SignCert = certbytes
    74  
    75  			err := resp.VerifyCertOU("peer")
    76  			Expect(err).To(HaveOccurred())
    77  			Expect(err.Error()).To(Equal("invalid OU for signcert: OU not defined"))
    78  		})
    79  
    80  		It("verifies that peer signcert has correct OU", func() {
    81  			err := resp.VerifyCertOU("peer")
    82  			Expect(err).NotTo(HaveOccurred())
    83  		})
    84  
    85  		It("verifies that orderer signcert and admincerts have correct OU", func() {
    86  			err := resp.VerifyCertOU("orderer")
    87  			Expect(err).NotTo(HaveOccurred())
    88  		})
    89  	})
    90  
    91  	Context("generate crypto response", func() {
    92  		var (
    93  			cryptos          *config.Cryptos
    94  			enrollmentCrypto *mocks.Crypto
    95  			tlsCrypto        *mocks.Crypto
    96  			clientAuthCrypto *mocks.Crypto
    97  		)
    98  
    99  		BeforeEach(func() {
   100  			enrollmentCrypto = &mocks.Crypto{}
   101  			tlsCrypto = &mocks.Crypto{}
   102  			clientAuthCrypto = &mocks.Crypto{}
   103  
   104  			cryptos = &config.Cryptos{
   105  				Enrollment: enrollmentCrypto,
   106  				TLS:        tlsCrypto,
   107  				ClientAuth: clientAuthCrypto,
   108  			}
   109  		})
   110  
   111  		Context("enrollment", func() {
   112  			It("returns an error on failure", func() {
   113  				msg := "could not enrollment get crypto"
   114  				enrollmentCrypto.GetCryptoReturns(nil, errors.New(msg))
   115  				_, err := cryptos.GenerateCryptoResponse()
   116  				Expect(err).To(HaveOccurred())
   117  				Expect(err.Error()).To(Equal(msg))
   118  			})
   119  		})
   120  
   121  		Context("tls", func() {
   122  			It("returns an error on failure", func() {
   123  				msg := "could not tls get crypto"
   124  				tlsCrypto.GetCryptoReturns(nil, errors.New(msg))
   125  				_, err := cryptos.GenerateCryptoResponse()
   126  				Expect(err).To(HaveOccurred())
   127  				Expect(err.Error()).To(Equal(msg))
   128  			})
   129  		})
   130  
   131  		Context("client auth", func() {
   132  			It("returns an error on failure", func() {
   133  				msg := "could not client auth get crypto"
   134  				clientAuthCrypto.GetCryptoReturns(nil, errors.New(msg))
   135  				_, err := cryptos.GenerateCryptoResponse()
   136  				Expect(err).To(HaveOccurred())
   137  				Expect(err.Error()).To(Equal(msg))
   138  			})
   139  		})
   140  
   141  		It("gets crypto", func() {
   142  			resp, err := cryptos.GenerateCryptoResponse()
   143  			Expect(err).NotTo(HaveOccurred())
   144  			Expect(resp).NotTo(BeNil())
   145  		})
   146  	})
   147  })
   148  
   149  func createCertBytes(certTemplate *x509.Certificate) []byte {
   150  	priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
   151  	Expect(err).NotTo(HaveOccurred())
   152  
   153  	cert, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &priv.PublicKey, priv)
   154  	Expect(err).NotTo(HaveOccurred())
   155  
   156  	block := &pem.Block{
   157  		Type:  "CERTIFICATE",
   158  		Bytes: cert,
   159  	}
   160  
   161  	return pem.EncodeToMemory(block)
   162  }