github.com/cactusblossom/fabric-ca@v0.0.0-20200611062428-0082fc643826/util/csp_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package util_test 18 19 import ( 20 "crypto/x509" 21 "errors" 22 "fmt" 23 "io/ioutil" 24 "os" 25 "testing" 26 27 "github.com/cloudflare/cfssl/csr" 28 . "github.com/hyperledger/fabric-ca/util" 29 "github.com/hyperledger/fabric-ca/util/mocks" 30 "github.com/hyperledger/fabric/bccsp" 31 "github.com/hyperledger/fabric/bccsp/factory" 32 "github.com/stretchr/testify/assert" 33 ) 34 35 var csp bccsp.BCCSP 36 37 func TestMain(m *testing.M) { 38 os.Exit(testMain(m)) 39 } 40 41 func testMain(m *testing.M) int { 42 err := factory.InitFactories(nil) 43 if err != nil { 44 fmt.Printf("Could not initialize BCCSP factory interfaces [%s]", err) 45 return -1 46 } 47 48 tmpDir, err := ioutil.TempDir("", "keystore") 49 if err != nil { 50 fmt.Printf("Could not create keystore directory [%s]", err) 51 return -1 52 } 53 defer os.RemoveAll(tmpDir) 54 55 opts := factory.GetDefaultOpts() 56 opts.SwOpts.FileKeystore = &factory.FileKeystoreOpts{KeyStorePath: tmpDir} 57 opts.SwOpts.Ephemeral = false 58 csp, err = factory.GetBCCSPFromOpts(opts) 59 if err != nil { 60 fmt.Printf("Could not initialize BCCSP Factories [%s]", err) 61 return -1 62 } 63 64 return m.Run() 65 } 66 67 func testKeyGenerate(t *testing.T, kr csr.KeyRequest, mustFail bool) { 68 req := csr.CertificateRequest{ 69 KeyRequest: kr, 70 } 71 72 key, cspSigner, err := BCCSPKeyRequestGenerate(&req, csp) 73 if mustFail { 74 if err == nil { 75 t.Fatalf("BCCSPKeyRequestGenerate should had failed") 76 } 77 } else { 78 if err != nil { 79 t.Fatalf("BCCSPKeyRequestGenerate failed: %s", err) 80 } 81 if key == nil { 82 t.Fatalf("BCCSPKeyRequestGenerate key cannot be nil") 83 } 84 if cspSigner == nil { 85 t.Fatalf("BCCSPKeyRequestGenerate cspSigner cannot be nil") 86 } 87 } 88 } 89 90 func TestGetDefaultBCCSP(t *testing.T) { 91 csp := GetDefaultBCCSP() 92 if csp == nil { 93 t.Fatal("Failed to get default BCCSP") 94 } 95 } 96 97 func TestInitBCCSP(t *testing.T) { 98 mspDir := "msp" 99 var opts *factory.FactoryOpts 100 _, err := InitBCCSP(&opts, "", mspDir) 101 if err != nil { 102 t.Fatalf("Failed initialization 1 of BCCSP: %s", err) 103 } 104 cfg := &factory.FactoryOpts{ProviderName: "SW"} 105 _, err = InitBCCSP(&cfg, "msp2", mspDir) 106 if err != nil { 107 t.Fatalf("Failed initialization 2 of BCCSP: %s", err) 108 } 109 _, err = InitBCCSP(nil, "", mspDir) 110 if err == nil { 111 t.Fatalf("Initialization 3 of BCCSP should have failed but did not") 112 } 113 } 114 115 func TestKeyGenerate(t *testing.T) { 116 t.Run("256", func(t *testing.T) { testKeyGenerate(t, csr.NewBasicKeyRequest(), false) }) 117 t.Run("384", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "ecdsa", S: 384}, false) }) 118 t.Run("521", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "ecdsa", S: 521}, true) }) 119 t.Run("521", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "ecdsa", S: 224}, true) }) 120 t.Run("512", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 512}, true) }) 121 t.Run("1024", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 1024}, true) }) 122 t.Run("2048", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 2048}, false) }) 123 t.Run("3072", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 3072}, false) }) 124 t.Run("4096", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 4096}, false) }) 125 t.Run("4097", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 4097}, true) }) 126 t.Run("10000", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 10000}, true) }) 127 t.Run("empty", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{}, true) }) 128 t.Run("nil", func(t *testing.T) { testKeyGenerate(t, nil, false) }) 129 } 130 131 func testGetSignerFromCertFile(t *testing.T, keyFile, certFile string, mustFail int) { 132 key, err := ImportBCCSPKeyFromPEM(keyFile, csp, false) 133 if mustFail == 1 { 134 if err == nil { 135 t.Fatalf("ImportBCCSPKeyFromPEM should had failed") 136 } 137 return 138 } 139 140 if err != nil { 141 t.Fatalf("ImportBCCSPKeyFromPEM failed: %s", err) 142 } 143 if key == nil { 144 t.Fatalf("ImportBCCSPKeyFromPEM key cannot be nil") 145 } 146 147 key, signer, cert, err := GetSignerFromCertFile(certFile, csp) 148 if mustFail == 2 { 149 if err == nil { 150 t.Fatalf("ImportBCCSPKeyFromPEM should had failed") 151 } 152 } else { 153 if err != nil { 154 t.Fatalf("GetSignerFromCertFile failed: %s", err) 155 } 156 if key == nil { 157 t.Fatalf("GetSignerFromCertFile key cannot be nil") 158 } 159 if signer == nil { 160 t.Fatalf("GetSignerFromCertFile signer cannot be nil") 161 } 162 if cert == nil { 163 t.Fatalf("GetSignerFromCertFile cert cannot be nil") 164 } 165 } 166 167 cer, err := LoadX509KeyPair(certFile, keyFile, csp) 168 if mustFail == 2 { 169 if err == nil { 170 t.Fatalf("LoadX509KeyPair should had failed") 171 } 172 } else { 173 if err != nil { 174 t.Fatalf("LoadX509KeyPair failed: %s", err) 175 } 176 if cer.Certificate[0] == nil { 177 t.Fatalf("LoadX509KeyPair cert cannot be nil") 178 } 179 } 180 } 181 182 func TestGetSignerFromCertFile(t *testing.T) { 183 t.Run("ec", func(t *testing.T) { 184 testGetSignerFromCertFile(t, "../testdata/ec-key.pem", "../testdata/ec.pem", 0) 185 }) 186 t.Run("nokey", func(t *testing.T) { 187 testGetSignerFromCertFile(t, "doesnotexist.pem", "../testdata/ec.pem", 1) 188 }) 189 t.Run("nocert", func(t *testing.T) { 190 testGetSignerFromCertFile(t, "../testdata/ec-key.pem", "doesnotexist.pem", 2) 191 }) 192 t.Run("cert4key", func(t *testing.T) { 193 testGetSignerFromCertFile(t, "../testdata/ec.pem", "../testdata/ec.pem", 1) 194 }) 195 t.Run("rsa", func(t *testing.T) { 196 testGetSignerFromCertFile(t, "../testdata/rsa-key.pem", "../testdata/rsa.pem", 1) 197 }) 198 t.Run("wrongcert", func(t *testing.T) { 199 testGetSignerFromCertFile(t, "../testdata/ec-key.pem", "../testdata/test.pem", 2) 200 }) 201 } 202 203 func TestBccspBackedSigner(t *testing.T) { 204 signer, err := BccspBackedSigner("", "", nil, csp) 205 if signer != nil { 206 t.Fatalf("BccspBackedSigner should not be valid for empty cert: %s", err) 207 } 208 209 signer, err = BccspBackedSigner("doesnotexist.pem", "", nil, csp) 210 if err == nil { 211 t.Fatal("BccspBackedSigner should had failed to load cert") 212 } 213 if signer != nil { 214 t.Fatal("BccspBackedSigner should not be valid for non-existent cert") 215 } 216 217 signer, err = BccspBackedSigner("../testdata/ec.pem", "../testdata/ec-key.pem", nil, csp) 218 if signer == nil { 219 t.Fatalf("BccspBackedSigner should had found cert: %s", err) 220 } 221 } 222 223 func TestGetSignerFromCertInvalidArgs(t *testing.T) { 224 _, _, err := GetSignerFromCert(nil, nil) 225 assert.Error(t, err) 226 assert.Contains(t, err.Error(), "CSP was not initialized") 227 228 csp := &mocks.BCCSP{} 229 csp.On("KeyImport", (*x509.Certificate)(nil), &bccsp.X509PublicKeyImportOpts{Temporary: true}).Return(bccsp.Key(nil), errors.New("mock key import error")) 230 _, _, err = GetSignerFromCert(nil, csp) 231 assert.Error(t, err) 232 assert.Contains(t, err.Error(), "Failed to import certificate's public key: mock key import error") 233 } 234 235 func TestClean(t *testing.T) { 236 os.RemoveAll("csp") 237 }