github.com/hellobchain/third_party@v0.0.0-20230331131523-deb0478a2e52/hyperledger/fabric-config/configtx/msp_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package configtx 8 9 import ( 10 "bytes" 11 "crypto/rand" 12 "encoding/base64" 13 "fmt" 14 "github.com/hellobchain/newcryptosm/ecdsa" 15 "github.com/hellobchain/newcryptosm/x509" 16 "github.com/hellobchain/newcryptosm/x509/pkix" 17 "github.com/hellobchain/third_party/hyperledger/fabric-config/configtx/membership" 18 "github.com/hellobchain/third_party/hyperledger/fabric-config/configtx/orderer" 19 "github.com/hellobchain/third_party/hyperledger/fabric-config/protolator" 20 "math/big" 21 "testing" 22 "time" 23 24 "github.com/golang/protobuf/proto" 25 cb "github.com/hyperledger/fabric-protos-go/common" 26 mb "github.com/hyperledger/fabric-protos-go/msp" 27 . "github.com/onsi/gomega" 28 ) 29 30 func TestMSPConfigurationFailures(t *testing.T) { 31 t.Parallel() 32 33 badCert := &x509.Certificate{} 34 35 tests := []struct { 36 name string 37 orgType string 38 consortiumName string 39 orgName string 40 mspMod func(*MSP) 41 expectedErr string 42 }{ 43 { 44 name: "Bad root cert", 45 orgType: OrdererGroupKey, 46 orgName: "OrdererOrg", 47 mspMod: func(msp *MSP) { 48 badCert := &x509.Certificate{} 49 msp.RootCerts = append(msp.RootCerts, badCert) 50 }, 51 expectedErr: "parsing root certs: asn1: syntax error: sequence truncated", 52 }, 53 { 54 name: "Bad intermediate cert", 55 orgType: OrdererGroupKey, 56 orgName: "OrdererOrg", 57 mspMod: func(msp *MSP) { 58 msp.IntermediateCerts = append(msp.IntermediateCerts, badCert) 59 }, 60 expectedErr: "parsing intermediate certs: asn1: syntax error: sequence truncated", 61 }, 62 { 63 name: "Bad admin cert", 64 orgType: OrdererGroupKey, 65 orgName: "OrdererOrg", 66 mspMod: func(msp *MSP) { 67 msp.Admins = append(msp.Admins, badCert) 68 }, 69 expectedErr: "parsing admin certs: asn1: syntax error: sequence truncated", 70 }, 71 { 72 name: "Bad OU Identifier cert", 73 orgType: OrdererGroupKey, 74 orgName: "OrdererOrg", 75 mspMod: func(msp *MSP) { 76 msp.OrganizationalUnitIdentifiers[0].Certificate = badCert 77 }, 78 expectedErr: "parsing ou identifiers: asn1: syntax error: sequence truncated", 79 }, 80 { 81 name: "Bad tls root cert", 82 orgType: OrdererGroupKey, 83 orgName: "OrdererOrg", 84 mspMod: func(msp *MSP) { 85 msp.TLSRootCerts = append(msp.TLSRootCerts, badCert) 86 }, 87 expectedErr: "parsing tls root certs: asn1: syntax error: sequence truncated", 88 }, 89 { 90 name: "Bad tls intermediate cert", 91 orgType: OrdererGroupKey, 92 orgName: "OrdererOrg", 93 mspMod: func(msp *MSP) { 94 msp.TLSIntermediateCerts = append(msp.TLSIntermediateCerts, badCert) 95 }, 96 expectedErr: "parsing tls intermediate certs: asn1: syntax error: sequence truncated", 97 }, 98 { 99 name: "Bad Client OU Identifier cert", 100 orgType: OrdererGroupKey, 101 orgName: "OrdererOrg", 102 mspMod: func(msp *MSP) { 103 msp.NodeOUs.ClientOUIdentifier.Certificate = badCert 104 }, 105 expectedErr: "parsing client ou identifier cert: asn1: syntax error: sequence truncated", 106 }, 107 { 108 name: "Bad Peer OU Identifier cert", 109 orgType: OrdererGroupKey, 110 orgName: "OrdererOrg", 111 mspMod: func(msp *MSP) { 112 msp.NodeOUs.PeerOUIdentifier.Certificate = badCert 113 }, 114 expectedErr: "parsing peer ou identifier cert: asn1: syntax error: sequence truncated", 115 }, 116 { 117 name: "Bad Admin OU Identifier cert", 118 orgType: OrdererGroupKey, 119 orgName: "OrdererOrg", 120 mspMod: func(msp *MSP) { 121 msp.NodeOUs.AdminOUIdentifier.Certificate = badCert 122 }, 123 expectedErr: "parsing admin ou identifier cert: asn1: syntax error: sequence truncated", 124 }, 125 { 126 name: "Bad Orderer OU Identifier cert", 127 orgType: OrdererGroupKey, 128 orgName: "OrdererOrg", 129 mspMod: func(msp *MSP) { 130 msp.NodeOUs.OrdererOUIdentifier.Certificate = badCert 131 }, 132 expectedErr: "parsing orderer ou identifier cert: asn1: syntax error: sequence truncated", 133 }, 134 } 135 136 for _, tt := range tests { 137 tt := tt 138 t.Run(tt.name, func(t *testing.T) { 139 t.Parallel() 140 141 gt := NewGomegaWithT(t) 142 143 consortiums, _ := baseConsortiums(t) 144 consortiumsGroup, err := newConsortiumsGroup(consortiums) 145 gt.Expect(err).NotTo(HaveOccurred()) 146 147 orderer, _ := baseSoloOrderer(t) 148 ordererGroup, err := newOrdererGroup(orderer) 149 gt.Expect(err).NotTo(HaveOccurred()) 150 151 application, _ := baseApplication(t) 152 applicationGroup, err := newApplicationGroup(application) 153 gt.Expect(err).NotTo(HaveOccurred()) 154 155 config := &cb.Config{ 156 ChannelGroup: &cb.ConfigGroup{ 157 Groups: map[string]*cb.ConfigGroup{ 158 ConsortiumsGroupKey: consortiumsGroup, 159 OrdererGroupKey: ordererGroup, 160 ApplicationGroupKey: applicationGroup, 161 }, 162 }, 163 } 164 165 c := &ConfigTx{ 166 original: config, 167 updated: config, 168 } 169 if tt.mspMod != nil && tt.orgType != ConsortiumsGroupKey { 170 baseMSP, _ := baseMSP(t) 171 172 tt.mspMod(&baseMSP) 173 174 orgGroup := c.updated.ChannelGroup.Groups[tt.orgType].Groups[tt.orgName] 175 fabricMSPConfig, err := baseMSP.toProto() 176 gt.Expect(err).NotTo(HaveOccurred()) 177 178 conf, err := proto.Marshal(fabricMSPConfig) 179 gt.Expect(err).NotTo(HaveOccurred()) 180 181 mspConfig := &mb.MSPConfig{ 182 Config: conf, 183 } 184 185 err = setValue(orgGroup, mspValue(mspConfig), AdminsPolicyKey) 186 gt.Expect(err).NotTo(HaveOccurred()) 187 } 188 189 switch tt.orgType { 190 case ApplicationGroupKey: 191 _, err := c.Application().Organization(tt.orgName).MSP().Configuration() 192 gt.Expect(err).To(MatchError(tt.expectedErr)) 193 case OrdererGroupKey: 194 _, err := c.Orderer().Organization(tt.orgName).MSP().Configuration() 195 gt.Expect(err).To(MatchError(tt.expectedErr)) 196 case ConsortiumsGroupKey: 197 _, err := c.Consortium(tt.consortiumName).Organization(tt.orgName).MSP().Configuration() 198 gt.Expect(err).To(MatchError(tt.expectedErr)) 199 default: 200 t.Fatalf("invalid org type %s", tt.orgType) 201 } 202 }) 203 } 204 } 205 206 func TestMSPToProto(t *testing.T) { 207 t.Parallel() 208 209 gt := NewGomegaWithT(t) 210 211 msp, _ := baseMSP(t) 212 certBase64, crlBase64 := certCRLBase64(t, msp) 213 214 expectedFabricMSPConfigProtoJSON := fmt.Sprintf(` 215 { 216 "admins": [ 217 "%[1]s" 218 ], 219 "crypto_config": { 220 "identity_identifier_hash_function": "SHA256", 221 "signature_hash_family": "SHA3" 222 }, 223 "fabric_node_ous": { 224 "admin_ou_identifier": { 225 "certificate": "%[1]s", 226 "organizational_unit_identifier": "OUID" 227 }, 228 "client_ou_identifier": { 229 "certificate": "%[1]s", 230 "organizational_unit_identifier": "OUID" 231 }, 232 "enable": false, 233 "orderer_ou_identifier": { 234 "certificate": "%[1]s", 235 "organizational_unit_identifier": "OUID" 236 }, 237 "peer_ou_identifier": { 238 "certificate": "%[1]s", 239 "organizational_unit_identifier": "OUID" 240 } 241 }, 242 "intermediate_certs": [ 243 "%[1]s" 244 ], 245 "name": "MSPID", 246 "organizational_unit_identifiers": [ 247 { 248 "certificate": "%[1]s", 249 "organizational_unit_identifier": "OUID" 250 } 251 ], 252 "revocation_list": [ 253 "%[2]s" 254 ], 255 "root_certs": [ 256 "%[1]s" 257 ], 258 "signing_identity": null, 259 "tls_intermediate_certs": [ 260 "%[1]s" 261 ], 262 "tls_root_certs": [ 263 "%[1]s" 264 ] 265 } 266 `, certBase64, crlBase64) 267 expectedFabricMSPConfigProto := &mb.FabricMSPConfig{} 268 err := protolator.DeepUnmarshalJSON(bytes.NewBufferString(expectedFabricMSPConfigProtoJSON), expectedFabricMSPConfigProto) 269 gt.Expect(err).NotTo(HaveOccurred()) 270 271 fabricMSPConfigProto, err := msp.toProto() 272 gt.Expect(err).NotTo(HaveOccurred()) 273 gt.Expect(fabricMSPConfigProto).To(Equal(expectedFabricMSPConfigProto)) 274 } 275 276 func TestMSPToProtoNoNodeOUs(t *testing.T) { 277 t.Parallel() 278 279 gt := NewGomegaWithT(t) 280 281 msp, _ := baseMSP(t) 282 msp.NodeOUs = membership.NodeOUs{} 283 certBase64, crlBase64 := certCRLBase64(t, msp) 284 285 expectedFabricMSPConfigProtoJSON := fmt.Sprintf(` 286 { 287 "admins": [ 288 "%[1]s" 289 ], 290 "crypto_config": { 291 "identity_identifier_hash_function": "SHA256", 292 "signature_hash_family": "SHA3" 293 }, 294 "fabric_node_ous": null, 295 "intermediate_certs": [ 296 "%[1]s" 297 ], 298 "name": "MSPID", 299 "organizational_unit_identifiers": [ 300 { 301 "certificate": "%[1]s", 302 "organizational_unit_identifier": "OUID" 303 } 304 ], 305 "revocation_list": [ 306 "%[2]s" 307 ], 308 "root_certs": [ 309 "%[1]s" 310 ], 311 "signing_identity": null, 312 "tls_intermediate_certs": [ 313 "%[1]s" 314 ], 315 "tls_root_certs": [ 316 "%[1]s" 317 ] 318 } 319 `, certBase64, crlBase64) 320 expectedFabricMSPConfigProto := &mb.FabricMSPConfig{} 321 err := protolator.DeepUnmarshalJSON(bytes.NewBufferString(expectedFabricMSPConfigProtoJSON), expectedFabricMSPConfigProto) 322 gt.Expect(err).NotTo(HaveOccurred()) 323 324 fabricMSPConfigProto, err := msp.toProto() 325 gt.Expect(err).NotTo(HaveOccurred()) 326 gt.Expect(fabricMSPConfigProto).To(Equal(expectedFabricMSPConfigProto)) 327 } 328 329 func TestParseCertificateFromBytesFailure(t *testing.T) { 330 t.Parallel() 331 gt := NewGomegaWithT(t) 332 333 errCert := ` 334 -----END CERTIFICATE----- 335 ` 336 337 _, err := parseCertificateFromBytes([]byte(errCert)) 338 gt.Expect(err).NotTo(BeNil()) 339 gt.Expect(err.Error()).To(ContainSubstring("no PEM data found in cert[")) 340 341 _, err = parseCertificateFromBytes(nil) 342 gt.Expect(err).To(MatchError("no PEM data found in cert[]")) 343 } 344 345 func TestParseCRLFailure(t *testing.T) { 346 t.Parallel() 347 gt := NewGomegaWithT(t) 348 349 errCRL := ` 350 -----END X509 CRL----- 351 ` 352 353 _, err := parseCRL([][]byte{[]byte(errCRL)}) 354 gt.Expect(err).NotTo(BeNil()) 355 gt.Expect(err.Error()).To(ContainSubstring("no PEM data found in CRL[")) 356 357 _, err = parseCRL([][]byte{nil, []byte(errCRL)}) 358 gt.Expect(err).To(MatchError("no PEM data found in CRL[]")) 359 } 360 361 func TestParsePrivateKeyFromBytesFailure(t *testing.T) { 362 t.Parallel() 363 gt := NewGomegaWithT(t) 364 365 errPrivateKey := ` 366 -----END EC PRIVATE KEY----- 367 ` 368 369 _, err := parsePrivateKeyFromBytes([]byte(errPrivateKey)) 370 gt.Expect(err).NotTo(BeNil()) 371 gt.Expect(err.Error()).To(ContainSubstring("no PEM data found in private key[")) 372 } 373 374 func TestAddAdminCert(t *testing.T) { 375 t.Parallel() 376 gt := NewGomegaWithT(t) 377 378 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 379 gt.Expect(err).NotTo(HaveOccurred()) 380 381 config := &cb.Config{ 382 ChannelGroup: channelGroup, 383 } 384 c := New(config) 385 386 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 387 388 newCert := generateCert(t, "anothercert-org1.example.com") 389 390 err = ordererMSP.AddAdminCert(newCert) 391 gt.Expect(err).NotTo(HaveOccurred()) 392 393 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 394 err = ordererMSP.AddAdminCert(msp.Admins[0]) 395 gt.Expect(err).NotTo(HaveOccurred()) 396 397 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 398 gt.Expect(err).NotTo(HaveOccurred()) 399 gt.Expect(msp.Admins).Should(ContainElement(newCert)) 400 gt.Expect(msp.Admins).Should(HaveLen(2)) 401 } 402 403 func TestAddAdminCertFailure(t *testing.T) { 404 t.Parallel() 405 406 gt := NewGomegaWithT(t) 407 408 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 409 gt.Expect(err).NotTo(HaveOccurred()) 410 411 config := &cb.Config{ 412 ChannelGroup: channelGroup, 413 } 414 c := New(config) 415 416 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 417 ordererMSP.configGroup = &cb.ConfigGroup{} 418 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 419 err = ordererMSP.AddAdminCert(msp.Admins[0]) 420 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 421 } 422 423 func TestRemoveAdminCert(t *testing.T) { 424 t.Parallel() 425 gt := NewGomegaWithT(t) 426 427 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 428 gt.Expect(err).NotTo(HaveOccurred()) 429 430 config := &cb.Config{ 431 ChannelGroup: channelGroup, 432 } 433 c := New(config) 434 435 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 436 msp, err := ordererMSP.Configuration() 437 gt.Expect(err).NotTo(HaveOccurred()) 438 existingCert := msp.Admins[0] 439 440 err = ordererMSP.RemoveAdminCert(existingCert) 441 gt.Expect(err).NotTo(HaveOccurred()) 442 443 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 444 gt.Expect(err).NotTo(HaveOccurred()) 445 gt.Expect(msp.Admins).Should(HaveLen(0)) 446 gt.Expect(msp.Admins).ShouldNot(ContainElement(existingCert)) 447 } 448 449 func TestRemoveAdminCertFailure(t *testing.T) { 450 t.Parallel() 451 452 gt := NewGomegaWithT(t) 453 454 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 455 gt.Expect(err).NotTo(HaveOccurred()) 456 457 config := &cb.Config{ 458 ChannelGroup: channelGroup, 459 } 460 c := New(config) 461 462 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 463 ordererMSP.configGroup = &cb.ConfigGroup{} 464 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 465 err = ordererMSP.RemoveAdminCert(msp.Admins[0]) 466 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 467 } 468 469 func TestAddRootCert(t *testing.T) { 470 t.Parallel() 471 gt := NewGomegaWithT(t) 472 473 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 474 gt.Expect(err).NotTo(HaveOccurred()) 475 476 config := &cb.Config{ 477 ChannelGroup: channelGroup, 478 } 479 c := New(config) 480 481 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 482 483 newCert, _ := generateCACertAndPrivateKey(t, "ca-org1.example.com") 484 485 err = ordererMSP.AddRootCert(newCert) 486 gt.Expect(err).NotTo(HaveOccurred()) 487 488 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 489 err = ordererMSP.AddRootCert(msp.RootCerts[0]) 490 gt.Expect(err).NotTo(HaveOccurred()) 491 492 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 493 gt.Expect(err).NotTo(HaveOccurred()) 494 gt.Expect(msp.RootCerts).Should(ContainElement(newCert)) 495 gt.Expect(msp.RootCerts).Should(HaveLen(2)) 496 } 497 498 func TestAddRootCertFailure(t *testing.T) { 499 t.Parallel() 500 501 gt := NewGomegaWithT(t) 502 503 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 504 gt.Expect(err).NotTo(HaveOccurred()) 505 506 config := &cb.Config{ 507 ChannelGroup: channelGroup, 508 } 509 c := New(config) 510 511 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 512 err = ordererMSP.AddRootCert(&x509.Certificate{}) 513 gt.Expect(err).To(MatchError("invalid root cert: KeyUsage must be x509.KeyUsageCertSign. serial number: <nil>")) 514 515 ordererMSP.configGroup = &cb.ConfigGroup{} 516 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 517 err = ordererMSP.AddRootCert(msp.RootCerts[0]) 518 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 519 } 520 521 func TestRemoveRootCert(t *testing.T) { 522 t.Parallel() 523 gt := NewGomegaWithT(t) 524 525 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 526 gt.Expect(err).NotTo(HaveOccurred()) 527 528 config := &cb.Config{ 529 ChannelGroup: channelGroup, 530 } 531 c := New(config) 532 533 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 534 msp, err := ordererMSP.Configuration() 535 gt.Expect(err).NotTo(HaveOccurred()) 536 537 newCert, _ := generateCACertAndPrivateKey(t, "ca-org1.example.com") 538 539 err = ordererMSP.AddRootCert(newCert) 540 gt.Expect(err).NotTo(HaveOccurred()) 541 542 err = ordererMSP.RemoveRootCert(newCert) 543 gt.Expect(err).NotTo(HaveOccurred()) 544 545 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 546 gt.Expect(err).NotTo(HaveOccurred()) 547 gt.Expect(msp.RootCerts).Should(HaveLen(1)) 548 gt.Expect(msp.RootCerts).ShouldNot(ContainElement(newCert)) 549 } 550 551 func TestRemoveRootCertFailure(t *testing.T) { 552 t.Parallel() 553 554 gt := NewGomegaWithT(t) 555 556 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 557 gt.Expect(err).NotTo(HaveOccurred()) 558 559 config := &cb.Config{ 560 ChannelGroup: channelGroup, 561 } 562 c := New(config) 563 564 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 565 ordererMSP.configGroup = &cb.ConfigGroup{} 566 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 567 err = ordererMSP.RemoveRootCert(msp.RootCerts[0]) 568 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 569 } 570 571 func TestAddIntermediateCert(t *testing.T) { 572 t.Parallel() 573 gt := NewGomegaWithT(t) 574 575 channelGroup, privKeys, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 576 gt.Expect(err).NotTo(HaveOccurred()) 577 578 config := &cb.Config{ 579 ChannelGroup: channelGroup, 580 } 581 c := New(config) 582 583 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 584 msp, err := ordererMSP.Configuration() 585 gt.Expect(err).NotTo(HaveOccurred()) 586 newIntermediateCert, _ := generateIntermediateCACertAndPrivateKey(t, "ca-org1.example.com", msp.RootCerts[0], privKeys[0]) 587 588 err = ordererMSP.AddIntermediateCert(newIntermediateCert) 589 gt.Expect(err).NotTo(HaveOccurred()) 590 591 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 592 err = ordererMSP.AddIntermediateCert(msp.IntermediateCerts[0]) 593 gt.Expect(err).NotTo(HaveOccurred()) 594 595 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 596 gt.Expect(err).NotTo(HaveOccurred()) 597 gt.Expect(msp.IntermediateCerts).Should(ContainElement(newIntermediateCert)) 598 gt.Expect(msp.IntermediateCerts).Should(HaveLen(2)) 599 } 600 601 func TestAddIntermediateCertFailure(t *testing.T) { 602 t.Parallel() 603 604 gt := NewGomegaWithT(t) 605 606 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 607 gt.Expect(err).NotTo(HaveOccurred()) 608 609 config := &cb.Config{ 610 ChannelGroup: channelGroup, 611 } 612 c := New(config) 613 614 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 615 ordererMSP.configGroup = &cb.ConfigGroup{} 616 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 617 err = ordererMSP.AddIntermediateCert(msp.IntermediateCerts[0]) 618 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 619 } 620 621 func TestRemoveIntermediateCert(t *testing.T) { 622 t.Parallel() 623 gt := NewGomegaWithT(t) 624 625 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 626 gt.Expect(err).NotTo(HaveOccurred()) 627 628 config := &cb.Config{ 629 ChannelGroup: channelGroup, 630 } 631 c := New(config) 632 633 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 634 msp, err := ordererMSP.Configuration() 635 gt.Expect(err).NotTo(HaveOccurred()) 636 existingCert := msp.IntermediateCerts[0] 637 638 err = ordererMSP.RemoveIntermediateCert(existingCert) 639 gt.Expect(err).NotTo(HaveOccurred()) 640 641 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 642 gt.Expect(err).NotTo(HaveOccurred()) 643 gt.Expect(msp.IntermediateCerts).Should(HaveLen(0)) 644 gt.Expect(msp.IntermediateCerts).ShouldNot(ContainElement(existingCert)) 645 } 646 647 func TestRemoveIntermediateCertFailure(t *testing.T) { 648 t.Parallel() 649 650 gt := NewGomegaWithT(t) 651 652 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 653 gt.Expect(err).NotTo(HaveOccurred()) 654 655 config := &cb.Config{ 656 ChannelGroup: channelGroup, 657 } 658 c := New(config) 659 660 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 661 ordererMSP.configGroup = &cb.ConfigGroup{} 662 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 663 err = ordererMSP.RemoveIntermediateCert(msp.IntermediateCerts[0]) 664 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 665 } 666 667 func TestAddOUIdentifier(t *testing.T) { 668 t.Parallel() 669 gt := NewGomegaWithT(t) 670 671 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 672 gt.Expect(err).NotTo(HaveOccurred()) 673 674 config := &cb.Config{ 675 ChannelGroup: channelGroup, 676 } 677 c := New(config) 678 679 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 680 681 newCert := generateCert(t, "anothercert-org1.example.com") 682 newOU := membership.OUIdentifier{ 683 Certificate: newCert, 684 } 685 686 err = ordererMSP.AddOUIdentifier(newOU) 687 gt.Expect(err).NotTo(HaveOccurred()) 688 689 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 690 err = ordererMSP.AddOUIdentifier(msp.OrganizationalUnitIdentifiers[0]) 691 gt.Expect(err).NotTo(HaveOccurred()) 692 693 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 694 gt.Expect(err).NotTo(HaveOccurred()) 695 gt.Expect(msp.OrganizationalUnitIdentifiers).Should(ContainElement(newOU)) 696 } 697 698 func TestAddOUIdentifierFailures(t *testing.T) { 699 t.Parallel() 700 gt := NewGomegaWithT(t) 701 702 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 703 gt.Expect(err).NotTo(HaveOccurred()) 704 705 config := &cb.Config{ 706 ChannelGroup: channelGroup, 707 } 708 c := New(config) 709 710 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 711 712 newCert := generateCert(t, "anothercert-org1.example.com") 713 newOU := membership.OUIdentifier{ 714 Certificate: newCert, 715 } 716 717 ordererMSP.configGroup = &cb.ConfigGroup{} 718 err = ordererMSP.AddOUIdentifier(newOU) 719 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 720 } 721 722 func TestRemoveOUIdentifier(t *testing.T) { 723 t.Parallel() 724 gt := NewGomegaWithT(t) 725 726 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 727 gt.Expect(err).NotTo(HaveOccurred()) 728 729 config := &cb.Config{ 730 ChannelGroup: channelGroup, 731 } 732 c := New(config) 733 734 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 735 msp, err := ordererMSP.Configuration() 736 gt.Expect(err).NotTo(HaveOccurred()) 737 existingOU := msp.OrganizationalUnitIdentifiers[0] 738 739 err = ordererMSP.RemoveOUIdentifier(existingOU) 740 gt.Expect(err).NotTo(HaveOccurred()) 741 742 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 743 gt.Expect(err).NotTo(HaveOccurred()) 744 gt.Expect(msp.OrganizationalUnitIdentifiers).Should(HaveLen(0)) 745 gt.Expect(msp.OrganizationalUnitIdentifiers).ShouldNot(ContainElement(existingOU)) 746 } 747 748 func TestRemoveOUIdentifierFailures(t *testing.T) { 749 t.Parallel() 750 gt := NewGomegaWithT(t) 751 752 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 753 gt.Expect(err).NotTo(HaveOccurred()) 754 755 config := &cb.Config{ 756 ChannelGroup: channelGroup, 757 } 758 c := New(config) 759 760 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 761 762 newCert := generateCert(t, "anothercert-org1.example.com") 763 newOU := membership.OUIdentifier{ 764 Certificate: newCert, 765 } 766 767 ordererMSP.configGroup = &cb.ConfigGroup{} 768 err = ordererMSP.RemoveOUIdentifier(newOU) 769 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 770 } 771 772 func TestSetCryptoConfig(t *testing.T) { 773 t.Parallel() 774 gt := NewGomegaWithT(t) 775 776 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 777 gt.Expect(err).NotTo(HaveOccurred()) 778 779 config := &cb.Config{ 780 ChannelGroup: channelGroup, 781 } 782 c := New(config) 783 784 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 785 786 cryptoConfig := membership.CryptoConfig{} 787 788 err = ordererMSP.SetCryptoConfig(cryptoConfig) 789 gt.Expect(err).NotTo(HaveOccurred()) 790 791 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 792 gt.Expect(err).NotTo(HaveOccurred()) 793 gt.Expect(msp.CryptoConfig).To(Equal(cryptoConfig)) 794 } 795 796 func TestSetCryptoConfigFailures(t *testing.T) { 797 t.Parallel() 798 gt := NewGomegaWithT(t) 799 800 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 801 gt.Expect(err).NotTo(HaveOccurred()) 802 803 config := &cb.Config{ 804 ChannelGroup: channelGroup, 805 } 806 c := New(config) 807 808 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 809 810 cryptoConfig := membership.CryptoConfig{} 811 ordererMSP.configGroup = &cb.ConfigGroup{} 812 err = ordererMSP.SetCryptoConfig(cryptoConfig) 813 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 814 } 815 816 func TestAddTLSRootCert(t *testing.T) { 817 t.Parallel() 818 gt := NewGomegaWithT(t) 819 820 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 821 gt.Expect(err).NotTo(HaveOccurred()) 822 823 config := &cb.Config{ 824 ChannelGroup: channelGroup, 825 } 826 c := New(config) 827 828 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 829 830 newCert, _ := generateCACertAndPrivateKey(t, "ca-org1.example.com") 831 832 err = ordererMSP.AddTLSRootCert(newCert) 833 gt.Expect(err).NotTo(HaveOccurred()) 834 835 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 836 gt.Expect(err).NotTo(HaveOccurred()) 837 gt.Expect(msp.TLSRootCerts).Should(ContainElement(newCert)) 838 } 839 840 func TestAddTLSRootCertFailure(t *testing.T) { 841 t.Parallel() 842 843 gt := NewGomegaWithT(t) 844 845 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 846 gt.Expect(err).NotTo(HaveOccurred()) 847 848 config := &cb.Config{ 849 ChannelGroup: channelGroup, 850 } 851 c := New(config) 852 853 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 854 ordererMSP.configGroup = &cb.ConfigGroup{} 855 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 856 err = ordererMSP.AddTLSRootCert(msp.TLSRootCerts[0]) 857 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 858 } 859 860 func TestRemoveTLSRootCert(t *testing.T) { 861 t.Parallel() 862 gt := NewGomegaWithT(t) 863 864 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 865 gt.Expect(err).NotTo(HaveOccurred()) 866 867 config := &cb.Config{ 868 ChannelGroup: channelGroup, 869 } 870 c := New(config) 871 872 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 873 msp, err := ordererMSP.Configuration() 874 gt.Expect(err).NotTo(HaveOccurred()) 875 876 newCert, _ := generateCACertAndPrivateKey(t, "ca-org1.example.com") 877 878 err = ordererMSP.AddTLSRootCert(newCert) 879 gt.Expect(err).NotTo(HaveOccurred()) 880 881 err = ordererMSP.RemoveTLSRootCert(newCert) 882 gt.Expect(err).NotTo(HaveOccurred()) 883 884 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 885 gt.Expect(err).NotTo(HaveOccurred()) 886 gt.Expect(msp.TLSRootCerts).Should(HaveLen(1)) 887 gt.Expect(msp.TLSRootCerts).ShouldNot(ContainElement(newCert)) 888 } 889 890 func TestRemoveTLSRootCertFailure(t *testing.T) { 891 t.Parallel() 892 893 gt := NewGomegaWithT(t) 894 895 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 896 gt.Expect(err).NotTo(HaveOccurred()) 897 898 config := &cb.Config{ 899 ChannelGroup: channelGroup, 900 } 901 c := New(config) 902 903 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 904 ordererMSP.configGroup = &cb.ConfigGroup{} 905 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 906 err = ordererMSP.RemoveTLSRootCert(msp.TLSRootCerts[0]) 907 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 908 } 909 910 func TestRemoveTLSRootCertVerifyFailure(t *testing.T) { 911 t.Parallel() 912 gt := NewGomegaWithT(t) 913 914 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 915 gt.Expect(err).NotTo(HaveOccurred()) 916 917 config := &cb.Config{ 918 ChannelGroup: channelGroup, 919 } 920 c := New(config) 921 922 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 923 msp, err := ordererMSP.Configuration() 924 gt.Expect(err).NotTo(HaveOccurred()) 925 926 newCert, _ := generateCACertAndPrivateKey(t, "org1.example.com") 927 newCert.SerialNumber = big.NewInt(7) 928 929 msp.TLSIntermediateCerts = append(msp.TLSIntermediateCerts, newCert) 930 931 err = ordererMSP.RemoveTLSRootCert(msp.TLSRootCerts[0]) 932 gt.Expect(err).To(MatchError("x509: certificate signed by unknown authority")) 933 } 934 935 func TestAddTLSIntermediateCert(t *testing.T) { 936 t.Parallel() 937 gt := NewGomegaWithT(t) 938 939 channelGroup, privKeys, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 940 gt.Expect(err).NotTo(HaveOccurred()) 941 942 config := &cb.Config{ 943 ChannelGroup: channelGroup, 944 } 945 c := New(config) 946 947 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 948 msp, err := ordererMSP.Configuration() 949 gt.Expect(err).NotTo(HaveOccurred()) 950 newTLSIntermediateCert, _ := generateIntermediateCACertAndPrivateKey(t, "ca-org1.example.com", msp.RootCerts[0], privKeys[0]) 951 952 err = ordererMSP.AddTLSIntermediateCert(newTLSIntermediateCert) 953 gt.Expect(err).NotTo(HaveOccurred()) 954 955 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 956 err = ordererMSP.AddTLSIntermediateCert(msp.TLSIntermediateCerts[0]) 957 gt.Expect(err).NotTo(HaveOccurred()) 958 959 gt.Expect(err).NotTo(HaveOccurred()) 960 gt.Expect(msp.TLSIntermediateCerts).Should(ContainElement(newTLSIntermediateCert)) 961 gt.Expect(msp.TLSIntermediateCerts).Should(HaveLen(2)) 962 } 963 964 func TestAddTLSIntermediateCertFailure(t *testing.T) { 965 t.Parallel() 966 967 gt := NewGomegaWithT(t) 968 969 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 970 gt.Expect(err).NotTo(HaveOccurred()) 971 972 config := &cb.Config{ 973 ChannelGroup: channelGroup, 974 } 975 c := New(config) 976 977 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 978 ordererMSP.configGroup = &cb.ConfigGroup{} 979 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 980 err = ordererMSP.AddTLSIntermediateCert(msp.TLSIntermediateCerts[0]) 981 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 982 } 983 984 func TestRemoveTLSIntermediateCert(t *testing.T) { 985 t.Parallel() 986 gt := NewGomegaWithT(t) 987 988 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 989 gt.Expect(err).NotTo(HaveOccurred()) 990 991 config := &cb.Config{ 992 ChannelGroup: channelGroup, 993 } 994 c := New(config) 995 996 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 997 msp, err := ordererMSP.Configuration() 998 gt.Expect(err).NotTo(HaveOccurred()) 999 existingCert := msp.TLSIntermediateCerts[0] 1000 1001 err = ordererMSP.RemoveTLSIntermediateCert(existingCert) 1002 gt.Expect(err).NotTo(HaveOccurred()) 1003 1004 msp, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1005 gt.Expect(err).NotTo(HaveOccurred()) 1006 gt.Expect(msp.TLSIntermediateCerts).Should(HaveLen(0)) 1007 gt.Expect(msp.TLSIntermediateCerts).ShouldNot(ContainElement(existingCert)) 1008 } 1009 1010 func TestRemoveTLSIntermediateCertFailure(t *testing.T) { 1011 t.Parallel() 1012 1013 gt := NewGomegaWithT(t) 1014 1015 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1016 gt.Expect(err).NotTo(HaveOccurred()) 1017 1018 config := &cb.Config{ 1019 ChannelGroup: channelGroup, 1020 } 1021 c := New(config) 1022 1023 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1024 ordererMSP.configGroup = &cb.ConfigGroup{} 1025 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1026 err = ordererMSP.RemoveTLSIntermediateCert(msp.TLSIntermediateCerts[0]) 1027 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1028 } 1029 1030 func TestSetClientOUIdentifier(t *testing.T) { 1031 t.Parallel() 1032 gt := NewGomegaWithT(t) 1033 1034 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1035 gt.Expect(err).NotTo(HaveOccurred()) 1036 1037 config := &cb.Config{ 1038 ChannelGroup: channelGroup, 1039 } 1040 c := New(config) 1041 1042 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1043 1044 newCert := generateCert(t, "anothercert-org1.example.com") 1045 newOU := membership.OUIdentifier{ 1046 Certificate: newCert, 1047 } 1048 1049 err = ordererMSP.SetClientOUIdentifier(newOU) 1050 gt.Expect(err).NotTo(HaveOccurred()) 1051 1052 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1053 gt.Expect(err).NotTo(HaveOccurred()) 1054 gt.Expect(msp.NodeOUs.ClientOUIdentifier).To(Equal(newOU)) 1055 } 1056 1057 func TestSetClientOUIdentifierFailures(t *testing.T) { 1058 t.Parallel() 1059 gt := NewGomegaWithT(t) 1060 1061 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1062 gt.Expect(err).NotTo(HaveOccurred()) 1063 1064 config := &cb.Config{ 1065 ChannelGroup: channelGroup, 1066 } 1067 c := New(config) 1068 1069 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1070 1071 newCert := generateCert(t, "anothercert-org1.example.com") 1072 newOU := membership.OUIdentifier{ 1073 Certificate: newCert, 1074 } 1075 1076 ordererMSP.configGroup = &cb.ConfigGroup{} 1077 err = ordererMSP.SetClientOUIdentifier(newOU) 1078 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1079 } 1080 1081 func TestSetPeerOUIdentifier(t *testing.T) { 1082 t.Parallel() 1083 gt := NewGomegaWithT(t) 1084 1085 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1086 gt.Expect(err).NotTo(HaveOccurred()) 1087 1088 config := &cb.Config{ 1089 ChannelGroup: channelGroup, 1090 } 1091 c := New(config) 1092 1093 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1094 1095 newCert := generateCert(t, "anothercert-org1.example.com") 1096 newOU := membership.OUIdentifier{ 1097 Certificate: newCert, 1098 } 1099 1100 err = ordererMSP.SetPeerOUIdentifier(newOU) 1101 gt.Expect(err).NotTo(HaveOccurred()) 1102 1103 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1104 gt.Expect(err).NotTo(HaveOccurred()) 1105 gt.Expect(msp.NodeOUs.PeerOUIdentifier).To(Equal(newOU)) 1106 } 1107 1108 func TestSetPeerOUIdentifierFailures(t *testing.T) { 1109 t.Parallel() 1110 gt := NewGomegaWithT(t) 1111 1112 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1113 gt.Expect(err).NotTo(HaveOccurred()) 1114 1115 config := &cb.Config{ 1116 ChannelGroup: channelGroup, 1117 } 1118 c := New(config) 1119 1120 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1121 1122 newCert := generateCert(t, "anothercert-org1.example.com") 1123 newOU := membership.OUIdentifier{ 1124 Certificate: newCert, 1125 } 1126 1127 ordererMSP.configGroup = &cb.ConfigGroup{} 1128 err = ordererMSP.SetPeerOUIdentifier(newOU) 1129 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1130 } 1131 1132 func TestSetAdminOUIdentifier(t *testing.T) { 1133 t.Parallel() 1134 gt := NewGomegaWithT(t) 1135 1136 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1137 gt.Expect(err).NotTo(HaveOccurred()) 1138 1139 config := &cb.Config{ 1140 ChannelGroup: channelGroup, 1141 } 1142 c := New(config) 1143 1144 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1145 1146 newCert := generateCert(t, "anothercert-org1.example.com") 1147 newOU := membership.OUIdentifier{ 1148 Certificate: newCert, 1149 } 1150 1151 err = ordererMSP.SetAdminOUIdentifier(newOU) 1152 gt.Expect(err).NotTo(HaveOccurred()) 1153 1154 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1155 gt.Expect(err).NotTo(HaveOccurred()) 1156 gt.Expect(msp.NodeOUs.AdminOUIdentifier).To(Equal(newOU)) 1157 } 1158 1159 func TestSetAdminOUIdentifierFailures(t *testing.T) { 1160 t.Parallel() 1161 gt := NewGomegaWithT(t) 1162 1163 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1164 gt.Expect(err).NotTo(HaveOccurred()) 1165 1166 config := &cb.Config{ 1167 ChannelGroup: channelGroup, 1168 } 1169 c := New(config) 1170 1171 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1172 1173 newCert := generateCert(t, "anothercert-org1.example.com") 1174 newOU := membership.OUIdentifier{ 1175 Certificate: newCert, 1176 } 1177 1178 ordererMSP.configGroup = &cb.ConfigGroup{} 1179 err = ordererMSP.SetAdminOUIdentifier(newOU) 1180 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1181 } 1182 1183 func TestSetOrdererOUIdentifier(t *testing.T) { 1184 t.Parallel() 1185 gt := NewGomegaWithT(t) 1186 1187 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1188 gt.Expect(err).NotTo(HaveOccurred()) 1189 1190 config := &cb.Config{ 1191 ChannelGroup: channelGroup, 1192 } 1193 c := New(config) 1194 1195 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1196 1197 newCert := generateCert(t, "anothercert-org1.example.com") 1198 newOU := membership.OUIdentifier{ 1199 Certificate: newCert, 1200 } 1201 1202 err = ordererMSP.SetOrdererOUIdentifier(newOU) 1203 gt.Expect(err).NotTo(HaveOccurred()) 1204 1205 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1206 gt.Expect(err).NotTo(HaveOccurred()) 1207 gt.Expect(msp.NodeOUs.OrdererOUIdentifier).To(Equal(newOU)) 1208 } 1209 1210 func TestSetOrdererOUIdentifierFailures(t *testing.T) { 1211 t.Parallel() 1212 gt := NewGomegaWithT(t) 1213 1214 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1215 gt.Expect(err).NotTo(HaveOccurred()) 1216 1217 config := &cb.Config{ 1218 ChannelGroup: channelGroup, 1219 } 1220 c := New(config) 1221 1222 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1223 1224 newCert := generateCert(t, "anothercert-org1.example.com") 1225 newOU := membership.OUIdentifier{ 1226 Certificate: newCert, 1227 } 1228 1229 ordererMSP.configGroup = &cb.ConfigGroup{} 1230 err = ordererMSP.SetOrdererOUIdentifier(newOU) 1231 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1232 } 1233 1234 func TestSetEnableNodeOUs(t *testing.T) { 1235 t.Parallel() 1236 gt := NewGomegaWithT(t) 1237 1238 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1239 gt.Expect(err).NotTo(HaveOccurred()) 1240 1241 config := &cb.Config{ 1242 ChannelGroup: channelGroup, 1243 } 1244 c := New(config) 1245 1246 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1247 1248 err = ordererMSP.SetEnableNodeOUs(true) 1249 gt.Expect(err).NotTo(HaveOccurred()) 1250 1251 msp, err := c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1252 gt.Expect(err).NotTo(HaveOccurred()) 1253 gt.Expect(msp.NodeOUs.Enable).To(BeTrue()) 1254 } 1255 1256 func TestSetEnableNodeOUsFailures(t *testing.T) { 1257 t.Parallel() 1258 gt := NewGomegaWithT(t) 1259 1260 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1261 gt.Expect(err).NotTo(HaveOccurred()) 1262 1263 config := &cb.Config{ 1264 ChannelGroup: channelGroup, 1265 } 1266 c := New(config) 1267 1268 ordererMSP := c.Orderer().Organization("OrdererOrg").MSP() 1269 ordererMSP.configGroup = &cb.ConfigGroup{} 1270 err = ordererMSP.SetEnableNodeOUs(true) 1271 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1272 } 1273 1274 func TestAddCRL(t *testing.T) { 1275 t.Parallel() 1276 gt := NewGomegaWithT(t) 1277 1278 channelGroup, privKeys, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1279 gt.Expect(err).NotTo(HaveOccurred()) 1280 1281 config := &cb.Config{ 1282 ChannelGroup: channelGroup, 1283 } 1284 c := New(config) 1285 1286 msp := c.Orderer().Organization("OrdererOrg").MSP() 1287 ordererMSP, _ := msp.Configuration() 1288 1289 cert := ordererMSP.RootCerts[0] 1290 certToRevoke, _ := generateCertAndPrivateKeyFromCACert(t, "org1.example.com", cert, privKeys[0]) 1291 signingIdentity := &SigningIdentity{ 1292 Certificate: cert, 1293 PrivateKey: privKeys[0], 1294 MSPID: "MSPID", 1295 } 1296 newCRL, err := ordererMSP.CreateMSPCRL(signingIdentity, certToRevoke) 1297 1298 err = msp.AddCRL(newCRL) 1299 gt.Expect(err).NotTo(HaveOccurred()) 1300 1301 ordererMSP, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1302 gt.Expect(err).NotTo(HaveOccurred()) 1303 gt.Expect(ordererMSP.RevocationList).Should(ContainElement(newCRL)) 1304 } 1305 1306 func TestAddCRLFailures(t *testing.T) { 1307 t.Parallel() 1308 gt := NewGomegaWithT(t) 1309 1310 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1311 gt.Expect(err).NotTo(HaveOccurred()) 1312 1313 config := &cb.Config{ 1314 ChannelGroup: channelGroup, 1315 } 1316 c := New(config) 1317 1318 msp := c.Orderer().Organization("OrdererOrg").MSP() 1319 1320 msp.configGroup = &cb.ConfigGroup{} 1321 err = msp.AddCRL(&pkix.CertificateList{}) 1322 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1323 } 1324 1325 func TestAddCRLFromSigningIdentityFailures(t *testing.T) { 1326 t.Parallel() 1327 gt := NewGomegaWithT(t) 1328 1329 channelGroup, _, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1330 gt.Expect(err).NotTo(HaveOccurred()) 1331 1332 config := &cb.Config{ 1333 ChannelGroup: channelGroup, 1334 } 1335 c := New(config) 1336 1337 msp := c.Orderer().Organization("OrdererOrg").MSP() 1338 1339 msp.configGroup = &cb.ConfigGroup{} 1340 err = msp.AddCRLFromSigningIdentity(nil, nil) 1341 gt.Expect(err).To(MatchError("config does not contain value for MSP")) 1342 } 1343 1344 func TestAddCRLFromSigningIdentity(t *testing.T) { 1345 t.Parallel() 1346 gt := NewGomegaWithT(t) 1347 1348 channelGroup, privKeys, err := baseOrdererChannelGroup(t, orderer.ConsensusTypeSolo) 1349 gt.Expect(err).NotTo(HaveOccurred()) 1350 1351 config := &cb.Config{ 1352 ChannelGroup: channelGroup, 1353 } 1354 c := New(config) 1355 1356 msp := c.Orderer().Organization("OrdererOrg").MSP() 1357 ordererMSP, _ := msp.Configuration() 1358 1359 cert := ordererMSP.RootCerts[0] 1360 certToRevoke, _ := generateCertAndPrivateKeyFromCACert(t, "org1.example.com", cert, privKeys[0]) 1361 signingIdentity := &SigningIdentity{ 1362 Certificate: cert, 1363 PrivateKey: privKeys[0], 1364 MSPID: "MSPID", 1365 } 1366 1367 // newCRL, err := ordererMSP.CreateMSPCRL(signingIdentity, certToRevoke) 1368 1369 err = msp.AddCRLFromSigningIdentity(signingIdentity, certToRevoke) 1370 gt.Expect(err).NotTo(HaveOccurred()) 1371 1372 ordererMSP, err = c.Orderer().Organization("OrdererOrg").MSP().Configuration() 1373 gt.Expect(err).NotTo(HaveOccurred()) 1374 // gt.Expect(ordererMSP.RevocationList).Should(ContainElement(newCRL)) 1375 } 1376 1377 func baseMSP(t *testing.T) (MSP, *ecdsa.PrivateKey) { 1378 gt := NewGomegaWithT(t) 1379 1380 cert, privKey := generateCACertAndPrivateKey(t, "org1.example.com") 1381 crlBytes, err := cert.CreateCRL(rand.Reader, privKey, nil, time.Now(), time.Now().Add(YEAR)) 1382 gt.Expect(err).NotTo(HaveOccurred()) 1383 1384 crl, err := x509.ParseCRL(crlBytes) 1385 gt.Expect(err).NotTo(HaveOccurred()) 1386 1387 return MSP{ 1388 Name: "MSPID", 1389 RootCerts: []*x509.Certificate{cert}, 1390 IntermediateCerts: []*x509.Certificate{cert}, 1391 Admins: []*x509.Certificate{cert}, 1392 RevocationList: []*pkix.CertificateList{crl}, 1393 OrganizationalUnitIdentifiers: []membership.OUIdentifier{ 1394 { 1395 Certificate: cert, 1396 OrganizationalUnitIdentifier: "OUID", 1397 }, 1398 }, 1399 CryptoConfig: membership.CryptoConfig{ 1400 SignatureHashFamily: "SHA3", 1401 IdentityIdentifierHashFunction: "SHA256", 1402 }, 1403 TLSRootCerts: []*x509.Certificate{cert}, 1404 TLSIntermediateCerts: []*x509.Certificate{cert}, 1405 NodeOUs: membership.NodeOUs{ 1406 ClientOUIdentifier: membership.OUIdentifier{ 1407 Certificate: cert, 1408 OrganizationalUnitIdentifier: "OUID", 1409 }, 1410 PeerOUIdentifier: membership.OUIdentifier{ 1411 Certificate: cert, 1412 OrganizationalUnitIdentifier: "OUID", 1413 }, 1414 AdminOUIdentifier: membership.OUIdentifier{ 1415 Certificate: cert, 1416 OrganizationalUnitIdentifier: "OUID", 1417 }, 1418 OrdererOUIdentifier: membership.OUIdentifier{ 1419 Certificate: cert, 1420 OrganizationalUnitIdentifier: "OUID", 1421 }, 1422 }, 1423 }, privKey 1424 } 1425 1426 // certCRLBase64 returns a base64 encoded representation of 1427 // the first root certificate, the private key, and the first revocation list 1428 // for the specified MSP. These are intended for use when formatting the 1429 // expected config in JSON format. 1430 func certCRLBase64(t *testing.T, msp MSP) (string, string) { 1431 gt := NewGomegaWithT(t) 1432 1433 cert := msp.RootCerts[0] 1434 crl := msp.RevocationList[0] 1435 1436 certBase64 := base64.StdEncoding.EncodeToString(pemEncodeX509Certificate(cert)) 1437 pemCRLBytes, err := buildPemEncodedRevocationList([]*pkix.CertificateList{crl}) 1438 gt.Expect(err).NotTo(HaveOccurred()) 1439 crlBase64 := base64.StdEncoding.EncodeToString(pemCRLBytes[0]) 1440 1441 return certBase64, crlBase64 1442 }