github.com/canhui/fabric_ca2_2@v2.0.0-alpha+incompatible/lib/server/operations/operations_suite_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package operations_test 8 9 import ( 10 "crypto/rand" 11 "crypto/rsa" 12 "crypto/tls" 13 "crypto/x509" 14 "crypto/x509/pkix" 15 "encoding/pem" 16 "fmt" 17 "io/ioutil" 18 "math/big" 19 "net" 20 "net/http" 21 "os" 22 "path/filepath" 23 "testing" 24 "time" 25 26 . "github.com/onsi/ginkgo" 27 . "github.com/onsi/gomega" 28 ) 29 30 func TestOperations(t *testing.T) { 31 RegisterFailHandler(Fail) 32 RunSpecs(t, "Operations Suite") 33 } 34 35 func generateCertificates(dir string) error { 36 cert, privKey, err := genRoot("server-ca", dir) 37 if err != nil { 38 return err 39 } 40 err = genCert("server", dir, cert, privKey) 41 if err != nil { 42 return err 43 } 44 cert, privKey, err = genRoot("client-ca", dir) 45 if err != nil { 46 return err 47 } 48 err = genCert("client", dir, cert, privKey) 49 if err != nil { 50 return err 51 } 52 53 return nil 54 } 55 56 func genRoot(name, dir string) ([]byte, *rsa.PrivateKey, error) { 57 template := &x509.Certificate{ 58 IsCA: true, 59 BasicConstraintsValid: true, 60 SubjectKeyId: []byte{1, 2, 3}, 61 SerialNumber: big.NewInt(1234), 62 Subject: pkix.Name{ 63 Country: []string{"US"}, 64 Organization: []string{"ORG"}, 65 CommonName: "localhost", 66 }, 67 NotBefore: time.Now(), 68 NotAfter: time.Now().AddDate(5, 5, 5), 69 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 70 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, 71 DNSNames: []string{"127.0.0.1", "localhost"}, 72 } 73 74 // generate private key 75 privatekey, err := rsa.GenerateKey(rand.Reader, 2048) 76 if err != nil { 77 return nil, nil, err 78 } 79 80 publickey := &privatekey.PublicKey 81 82 // create a self-signed certificate. template = parent 83 var parent = template 84 cert, err := x509.CreateCertificate(rand.Reader, template, parent, publickey, privatekey) 85 if err != nil { 86 return nil, nil, err 87 } 88 89 // save cert 90 certOut, err := os.Create(filepath.Join(dir, fmt.Sprintf("%s.pem", name))) 91 if err != nil { 92 return nil, nil, err 93 } 94 if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { 95 return nil, nil, err 96 } 97 if err := certOut.Close(); err != nil { 98 return nil, nil, err 99 } 100 101 return cert, privatekey, nil 102 } 103 104 func genCert(name, dir string, cert []byte, privKey *rsa.PrivateKey) error { 105 template := &x509.Certificate{ 106 BasicConstraintsValid: true, 107 SubjectKeyId: []byte{1, 2, 3}, 108 SerialNumber: big.NewInt(1234), 109 Subject: pkix.Name{ 110 Country: []string{"US"}, 111 CommonName: "localhost", 112 }, 113 NotBefore: time.Now(), 114 NotAfter: time.Now().AddDate(5, 5, 5), 115 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth}, 116 KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, 117 DNSNames: []string{"127.0.0.1", "localhost"}, 118 IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, 119 } 120 121 // generate private key 122 privatekey, err := rsa.GenerateKey(rand.Reader, 2048) 123 if err != nil { 124 return err 125 } 126 127 publickey := &privatekey.PublicKey 128 if err != nil { 129 return err 130 } 131 132 parentCert, err := x509.ParseCertificate(cert) 133 134 // create a self-signed certificate. template = parent 135 cert, err = x509.CreateCertificate(rand.Reader, template, parentCert, publickey, privKey) 136 if err != nil { 137 return err 138 } 139 140 certOut, err := os.Create(filepath.Join(dir, fmt.Sprintf("%s-cert.pem", name))) 141 if err != nil { 142 return err 143 } 144 if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert}); err != nil { 145 return err 146 } 147 if err := certOut.Close(); err != nil { 148 return err 149 } 150 151 pemfile, _ := os.Create(filepath.Join(dir, fmt.Sprintf("%s-key.pem", name))) 152 var pemkey = &pem.Block{ 153 Type: "RSA PRIVATE KEY", 154 Bytes: x509.MarshalPKCS1PrivateKey(privatekey)} 155 pem.Encode(pemfile, pemkey) 156 pemfile.Close() 157 158 return nil 159 } 160 161 func newHTTPClient(tlsDir string, withClientCert bool) *http.Client { 162 clientCertPool := x509.NewCertPool() 163 caCert, err := ioutil.ReadFile(filepath.Join(tlsDir, "server-ca.pem")) 164 Expect(err).NotTo(HaveOccurred()) 165 clientCertPool.AppendCertsFromPEM(caCert) 166 167 tlsClientConfig := &tls.Config{ 168 RootCAs: clientCertPool, 169 } 170 if withClientCert { 171 clientCert, err := tls.LoadX509KeyPair( 172 filepath.Join(tlsDir, "client-cert.pem"), 173 filepath.Join(tlsDir, "client-key.pem"), 174 ) 175 Expect(err).NotTo(HaveOccurred()) 176 tlsClientConfig.Certificates = []tls.Certificate{clientCert} 177 } 178 179 return &http.Client{ 180 Transport: &http.Transport{ 181 TLSClientConfig: tlsClientConfig, 182 }, 183 } 184 }