github.com/blockchain-gm/fabric-ca@v0.0.0-20200423072702-b2c40c7ac69c/lib/serverrevoke_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package lib 8 9 import ( 10 "os" 11 "testing" 12 13 "github.com/hyperledger/fabric-ca/api" 14 "github.com/hyperledger/fabric-ca/util" 15 "github.com/stretchr/testify/assert" 16 ) 17 18 func TestParseInput(t *testing.T) { 19 input := "01:AA:22:bb" 20 21 parsedInput := parseInput(input) 22 23 assert.NotContains(t, parsedInput, ":", "failed to correctly remove colons from input") 24 assert.NotEqual(t, string(parsedInput[0]), "0", "failed to correctly remove leading zeros from input") 25 assert.NotContains(t, parsedInput, "AA", "failed to correctly lowercase capital letters") 26 } 27 28 func TestIdemixCredRevokedUser(t *testing.T) { 29 srv := TestGetRootServer(t) 30 err := srv.Start() 31 util.FatalError(t, err, "Failed to start server") 32 defer srv.Stop() 33 defer os.RemoveAll(rootDir) 34 defer os.RemoveAll(rootClientDir) 35 36 c := TestGetRootClient() 37 req := &api.EnrollmentRequest{ 38 Name: "admin", 39 Secret: "adminpw", 40 } 41 42 enrollResp, err := c.Enroll(req) 43 util.FatalError(t, err, "Failed to enroll 'admin'") 44 admin := enrollResp.Identity 45 46 _, err = admin.Register(&api.RegistrationRequest{ 47 Name: "user1", 48 Secret: "user1pw", 49 }) 50 util.FatalError(t, err, "Failed to register 'user1' by 'admin' user") 51 52 // Enroll a user to get back Idemix credential 53 req.Name = "user1" 54 req.Secret = "user1pw" 55 req.Type = "idemix" 56 57 enrollIdmixResp, err := c.Enroll(req) 58 util.FatalError(t, err, "Failed to enroll 'user1'") 59 idemixUser := enrollIdmixResp.Identity 60 61 // Revoke the user that only posses an Idemix credential 62 _, err = admin.Revoke(&api.RevocationRequest{ 63 Name: "user1", 64 }) 65 util.FatalError(t, err, "Failed to revoke 'user1' by 'admin' user") 66 67 // Revoked user should not be able to make requests to the Fabric CA server 68 _, err = idemixUser.Register(&api.RegistrationRequest{ 69 Name: "user2", 70 Secret: "user2pw", 71 }) 72 t.Log("Error: ", err) 73 util.ErrorContains(t, err, "71", "Revoked user with only Idemix credential, should not be able to make requests to the server") 74 } 75 76 // Test to make sure the UpdateNextandLastHandle SQL statement executes currently agains a database 77 func TestUpdatingRevocationHandleQuery(t *testing.T) { 78 srv := TestGetRootServer(t) 79 srv.CA.Config.Idemix.RHPoolSize = 5 80 err := srv.Start() 81 util.FatalError(t, err, "Failed to start server") 82 defer srv.Stop() 83 defer os.RemoveAll(rootDir) 84 85 c := TestGetRootClient() 86 req := &api.EnrollmentRequest{ 87 Name: "admin", 88 Secret: "adminpw", 89 Type: "idemix", 90 } 91 92 // Exhaust the RHPoolSize, trigging updating the database with a new revocation handle 93 for i := 1; i <= 6; i++ { 94 _, err := c.Enroll(req) 95 assert.NoError(t, err, "Failed to enroll 'admin'") 96 } 97 } 98 99 func TestRevokeSelf(t *testing.T) { 100 var err error 101 srv := TestGetRootServer(t) 102 err = srv.Start() 103 util.FatalError(t, err, "Failed to start server") 104 defer srv.Stop() 105 defer os.RemoveAll("rootDir") 106 defer os.RemoveAll("../testdata/msp") 107 108 client := getTestClient(7075) 109 resp, err := client.Enroll(&api.EnrollmentRequest{ 110 Name: "admin", 111 Secret: "adminpw", 112 }) 113 util.FatalError(t, err, "Failed to enroll user 'admin'") 114 115 admin := resp.Identity 116 name := "testuser" 117 password := "password" 118 _, err = admin.Register(&api.RegistrationRequest{ 119 Name: name, 120 Secret: password, 121 }) 122 util.FatalError(t, err, "Failed to register user 'testuser'") 123 124 resp, err = client.Enroll(&api.EnrollmentRequest{ 125 Name: name, 126 Secret: password, 127 }) 128 util.FatalError(t, err, "Failed to enroll user 'testuser'") 129 testuser := resp.Identity 130 131 db := srv.CA.CertDBAccessor() 132 cert, err := db.GetCertificatesByID("testuser") 133 util.FatalError(t, err, "Failed to get certificvate for 'testuser'") 134 135 _, err = testuser.Revoke(&api.RevocationRequest{ 136 Serial: cert[0].Serial, 137 AKI: cert[0].AKI, 138 }) 139 assert.NoError(t, err, "Failed to revoke one's own certificate using serial and AKI") 140 141 resp, err = client.Enroll(&api.EnrollmentRequest{ 142 Name: name, 143 Secret: password, 144 }) 145 util.FatalError(t, err, "Failed to enroll user 'testuser'") 146 testuser = resp.Identity 147 148 _, err = testuser.RevokeSelf() 149 assert.NoError(t, err, "Failed to revoke one self") 150 }