github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/internal/pkg/comm/connection_test.go (about) 1 /* 2 Copyright hechain. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package comm 8 9 import ( 10 "crypto/tls" 11 "fmt" 12 "io/ioutil" 13 "path/filepath" 14 "testing" 15 16 "github.com/stretchr/testify/require" 17 ) 18 19 const ( 20 numOrgs = 2 21 numChildOrgs = 2 22 ) 23 24 // string for cert filenames 25 var ( 26 orgCACert = filepath.Join("testdata", "certs", "Org%d-cert.pem") 27 childCACert = filepath.Join("testdata", "certs", "Org%d-child%d-cert.pem") 28 ) 29 30 var badPEM = `-----BEGIN CERTIFICATE----- 31 MIICRDCCAemgAwIBAgIJALwW//dz2ZBvMAoGCCqGSM49BAMCMH4xCzAJBgNVBAYT 32 AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv 33 MRgwFgYDVQQKDA9MaW51eEZvdW5kYXRpb24xFDASBgNVBAsMC0h5cGVybGVkZ2Vy 34 MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTYxMjA0MjIzMDE4WhcNMjYxMjAyMjIz 35 MDE4WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE 36 BwwNU2FuIEZyYW5jaXNjbzEYMBYGA1UECgwPTGludXhGb3VuZGF0aW9uMRQwEgYD 37 VQQLDAtIeXBlcmxlZGdlcjESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C 38 -----END CERTIFICATE----- 39 ` 40 41 // utility function to load up our test root certificates from testdata/certs 42 func loadRootCAs() [][]byte { 43 rootCAs := [][]byte{} 44 for i := 1; i <= numOrgs; i++ { 45 root, err := ioutil.ReadFile(fmt.Sprintf(orgCACert, i)) 46 if err != nil { 47 return [][]byte{} 48 } 49 rootCAs = append(rootCAs, root) 50 for j := 1; j <= numChildOrgs; j++ { 51 root, err := ioutil.ReadFile(fmt.Sprintf(childCACert, i, j)) 52 if err != nil { 53 return [][]byte{} 54 } 55 rootCAs = append(rootCAs, root) 56 } 57 } 58 return rootCAs 59 } 60 61 func TestNewCredentialSupport(t *testing.T) { 62 expected := &CredentialSupport{ 63 appRootCAsByChain: make(map[string][][]byte), 64 } 65 require.Equal(t, expected, NewCredentialSupport()) 66 67 rootCAs := [][]byte{ 68 []byte("certificate-one"), 69 []byte("certificate-two"), 70 } 71 expected.serverRootCAs = rootCAs[:] 72 require.Equal(t, expected, NewCredentialSupport(rootCAs...)) 73 } 74 75 func TestCredentialSupport(t *testing.T) { 76 t.Parallel() 77 rootCAs := loadRootCAs() 78 t.Logf("loaded %d root certificates", len(rootCAs)) 79 if len(rootCAs) != 6 { 80 t.Fatalf("failed to load root certificates") 81 } 82 83 cs := &CredentialSupport{ 84 appRootCAsByChain: make(map[string][][]byte), 85 } 86 cert := tls.Certificate{Certificate: [][]byte{}} 87 cs.SetClientCertificate(cert) 88 require.Equal(t, cert, cs.clientCert) 89 require.Equal(t, cert, cs.GetClientCertificate()) 90 91 cs.appRootCAsByChain["channel1"] = [][]byte{rootCAs[0]} 92 cs.appRootCAsByChain["channel2"] = [][]byte{rootCAs[1]} 93 cs.appRootCAsByChain["channel3"] = [][]byte{rootCAs[2]} 94 cs.serverRootCAs = [][]byte{rootCAs[5]} 95 96 creds := cs.GetPeerCredentials() 97 require.Equal(t, "1.2", creds.Info().SecurityVersion, 98 "Expected Security version to be 1.2") 99 100 // append some bad certs and make sure things still work 101 cs.serverRootCAs = append(cs.serverRootCAs, []byte("badcert")) 102 cs.serverRootCAs = append(cs.serverRootCAs, []byte(badPEM)) 103 creds = cs.GetPeerCredentials() 104 require.Equal(t, "1.2", creds.Info().SecurityVersion, 105 "Expected Security version to be 1.2") 106 }