github.com/canhui/fabric_ca2_2@v2.0.0-alpha+incompatible/lib/server/operations/operations_suite_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package operations_test
     8  
     9  import (
    10  	"crypto/rand"
    11  	"crypto/rsa"
    12  	"crypto/tls"
    13  	"crypto/x509"
    14  	"crypto/x509/pkix"
    15  	"encoding/pem"
    16  	"fmt"
    17  	"io/ioutil"
    18  	"math/big"
    19  	"net"
    20  	"net/http"
    21  	"os"
    22  	"path/filepath"
    23  	"testing"
    24  	"time"
    25  
    26  	. "github.com/onsi/ginkgo"
    27  	. "github.com/onsi/gomega"
    28  )
    29  
    30  func TestOperations(t *testing.T) {
    31  	RegisterFailHandler(Fail)
    32  	RunSpecs(t, "Operations Suite")
    33  }
    34  
    35  func generateCertificates(dir string) error {
    36  	cert, privKey, err := genRoot("server-ca", dir)
    37  	if err != nil {
    38  		return err
    39  	}
    40  	err = genCert("server", dir, cert, privKey)
    41  	if err != nil {
    42  		return err
    43  	}
    44  	cert, privKey, err = genRoot("client-ca", dir)
    45  	if err != nil {
    46  		return err
    47  	}
    48  	err = genCert("client", dir, cert, privKey)
    49  	if err != nil {
    50  		return err
    51  	}
    52  
    53  	return nil
    54  }
    55  
    56  func genRoot(name, dir string) ([]byte, *rsa.PrivateKey, error) {
    57  	template := &x509.Certificate{
    58  		IsCA:                  true,
    59  		BasicConstraintsValid: true,
    60  		SubjectKeyId:          []byte{1, 2, 3},
    61  		SerialNumber:          big.NewInt(1234),
    62  		Subject: pkix.Name{
    63  			Country:      []string{"US"},
    64  			Organization: []string{"ORG"},
    65  			CommonName:   "localhost",
    66  		},
    67  		NotBefore:   time.Now(),
    68  		NotAfter:    time.Now().AddDate(5, 5, 5),
    69  		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
    70  		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
    71  		DNSNames:    []string{"127.0.0.1", "localhost"},
    72  	}
    73  
    74  	// generate private key
    75  	privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
    76  	if err != nil {
    77  		return nil, nil, err
    78  	}
    79  
    80  	publickey := &privatekey.PublicKey
    81  
    82  	// create a self-signed certificate. template = parent
    83  	var parent = template
    84  	cert, err := x509.CreateCertificate(rand.Reader, template, parent, publickey, privatekey)
    85  	if err != nil {
    86  		return nil, nil, err
    87  	}
    88  
    89  	// save cert
    90  	certOut, err := os.Create(filepath.Join(dir, fmt.Sprintf("%s.pem", name)))
    91  	if err != nil {
    92  		return nil, nil, err
    93  	}
    94  	if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
    95  		return nil, nil, err
    96  	}
    97  	if err := certOut.Close(); err != nil {
    98  		return nil, nil, err
    99  	}
   100  
   101  	return cert, privatekey, nil
   102  }
   103  
   104  func genCert(name, dir string, cert []byte, privKey *rsa.PrivateKey) error {
   105  	template := &x509.Certificate{
   106  		BasicConstraintsValid: true,
   107  		SubjectKeyId:          []byte{1, 2, 3},
   108  		SerialNumber:          big.NewInt(1234),
   109  		Subject: pkix.Name{
   110  			Country:    []string{"US"},
   111  			CommonName: "localhost",
   112  		},
   113  		NotBefore:   time.Now(),
   114  		NotAfter:    time.Now().AddDate(5, 5, 5),
   115  		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
   116  		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
   117  		DNSNames:    []string{"127.0.0.1", "localhost"},
   118  		IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
   119  	}
   120  
   121  	// generate private key
   122  	privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
   123  	if err != nil {
   124  		return err
   125  	}
   126  
   127  	publickey := &privatekey.PublicKey
   128  	if err != nil {
   129  		return err
   130  	}
   131  
   132  	parentCert, err := x509.ParseCertificate(cert)
   133  
   134  	// create a self-signed certificate. template = parent
   135  	cert, err = x509.CreateCertificate(rand.Reader, template, parentCert, publickey, privKey)
   136  	if err != nil {
   137  		return err
   138  	}
   139  
   140  	certOut, err := os.Create(filepath.Join(dir, fmt.Sprintf("%s-cert.pem", name)))
   141  	if err != nil {
   142  		return err
   143  	}
   144  	if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil {
   145  		return err
   146  	}
   147  	if err := certOut.Close(); err != nil {
   148  		return err
   149  	}
   150  
   151  	pemfile, _ := os.Create(filepath.Join(dir, fmt.Sprintf("%s-key.pem", name)))
   152  	var pemkey = &pem.Block{
   153  		Type:  "RSA PRIVATE KEY",
   154  		Bytes: x509.MarshalPKCS1PrivateKey(privatekey)}
   155  	pem.Encode(pemfile, pemkey)
   156  	pemfile.Close()
   157  
   158  	return nil
   159  }
   160  
   161  func newHTTPClient(tlsDir string, withClientCert bool) *http.Client {
   162  	clientCertPool := x509.NewCertPool()
   163  	caCert, err := ioutil.ReadFile(filepath.Join(tlsDir, "server-ca.pem"))
   164  	Expect(err).NotTo(HaveOccurred())
   165  	clientCertPool.AppendCertsFromPEM(caCert)
   166  
   167  	tlsClientConfig := &tls.Config{
   168  		RootCAs: clientCertPool,
   169  	}
   170  	if withClientCert {
   171  		clientCert, err := tls.LoadX509KeyPair(
   172  			filepath.Join(tlsDir, "client-cert.pem"),
   173  			filepath.Join(tlsDir, "client-key.pem"),
   174  		)
   175  		Expect(err).NotTo(HaveOccurred())
   176  		tlsClientConfig.Certificates = []tls.Certificate{clientCert}
   177  	}
   178  
   179  	return &http.Client{
   180  		Transport: &http.Transport{
   181  			TLSClientConfig: tlsClientConfig,
   182  		},
   183  	}
   184  }