github.com/hxx258456/fabric-ca-gm@v0.0.3-0.20221111064038-a268ad7e3a37/internal/pkg/util/csp_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package util_test 8 9 import ( 10 "fmt" 11 "io/ioutil" 12 "os" 13 "path/filepath" 14 "testing" 15 16 . "github.com/hxx258456/fabric-ca-gm/internal/pkg/util" 17 "github.com/hxx258456/fabric-gm/bccsp" 18 "github.com/hxx258456/fabric-gm/bccsp/factory" 19 20 "github.com/hxx258456/ccgo/x509" 21 "github.com/hxx258456/cfssl-gm/csr" 22 "github.com/stretchr/testify/assert" 23 ) 24 25 var csp bccsp.BCCSP 26 27 func TestMain(m *testing.M) { 28 os.Exit(testMain(m)) 29 } 30 31 func testMain(m *testing.M) int { 32 err := factory.InitFactories(nil) 33 if err != nil { 34 fmt.Printf("Could not initialize BCCSP factory interfaces [%s]", err) 35 return -1 36 } 37 38 tmpDir, err := ioutil.TempDir("", "keystore") 39 if err != nil { 40 fmt.Printf("Could not create keystore directory [%s]", err) 41 return -1 42 } 43 defer os.RemoveAll(tmpDir) 44 45 opts := factory.GetDefaultOpts() 46 opts.SwOpts.FileKeystore = &factory.FileKeystoreOpts{KeyStorePath: tmpDir} 47 csp, err = factory.GetBCCSPFromOpts(opts) 48 if err != nil { 49 fmt.Printf("Could not initialize BCCSP Factories [%s]", err) 50 return -1 51 } 52 53 return m.Run() 54 } 55 56 func TestInitBCCSP(t *testing.T) { 57 mspDir, err := ioutil.TempDir("", "util-bccsp-msp") 58 assert.NoError(t, err) 59 defer os.RemoveAll(mspDir) 60 61 var opts *factory.FactoryOpts 62 _, err = InitBCCSP(&opts, "", mspDir) 63 assert.NoError(t, err, "first initialization of BCCSP failed") 64 65 cfg := &factory.FactoryOpts{ProviderName: "SW"} 66 _, err = InitBCCSP(&cfg, "msp2", mspDir) 67 assert.NoError(t, err, "second initialization of BCCSP failed") 68 69 _, err = InitBCCSP(nil, "", mspDir) 70 assert.Error(t, err, "third initialization of BCCSP should have failed") 71 } 72 73 func TestGetDefaultBCCSP(t *testing.T) { 74 csp := GetDefaultBCCSP() 75 assert.NotNil(t, csp, "failed to get default BCCSP") 76 } 77 78 func testKeyGenerate(t *testing.T, kr *csr.KeyRequest, mustFail bool) { 79 req := csr.CertificateRequest{KeyRequest: kr} 80 key, cspSigner, err := BCCSPKeyRequestGenerate(&req, csp) 81 if mustFail { 82 assert.Error(t, err, "BCCSPKeyRequestGenerate should fail") 83 return 84 } 85 86 assert.NoError(t, err, "BCCSPKeyRequestGenerate failed") 87 assert.NotNil(t, key, "created key must not be nil") 88 assert.NotNil(t, cspSigner, "created signer must not be nil") 89 } 90 91 func TestKeyGenerate(t *testing.T) { 92 t.Run("256", func(t *testing.T) { testKeyGenerate(t, csr.NewKeyRequest(), false) }) 93 t.Run("384", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "ecdsa", S: 384}, false) }) 94 t.Run("521", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "ecdsa", S: 521}, true) }) 95 t.Run("521", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "ecdsa", S: 224}, true) }) 96 t.Run("512", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 512}, true) }) 97 t.Run("1024", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 1024}, true) }) 98 t.Run("2048", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 2048}, false) }) 99 t.Run("3072", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 3072}, false) }) 100 t.Run("4096", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 4096}, false) }) 101 t.Run("4097", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 4097}, true) }) 102 t.Run("10000", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{A: "rsa", S: 10000}, true) }) 103 t.Run("empty", func(t *testing.T) { testKeyGenerate(t, &csr.KeyRequest{}, true) }) 104 t.Run("nil", func(t *testing.T) { testKeyGenerate(t, nil, false) }) 105 } 106 107 func testGetSignerFromCertFile(t *testing.T, keyFile, certFile string, mustFail int) { 108 key, err := ImportBCCSPKeyFromPEM(keyFile, csp, false) 109 if mustFail == 1 { 110 assert.Error(t, err, "ImportBCCSPKeyFromPEM should had failed") 111 return 112 } 113 114 assert.NoError(t, err, "ImportBCCSPKeyFromPEM failed") 115 assert.NotNil(t, key, "imported key must not be nil") 116 117 key, signer, cert, err := GetSignerFromCertFile(certFile, csp) 118 if mustFail == 2 { 119 assert.Error(t, err, "GetSignerFromCertFile should had failed") 120 } else { 121 assert.NoError(t, err, "GetSignerFromCertFile failed") 122 assert.NotNil(t, key, "key from GetSignerFromCertFile must not be nil") 123 assert.NotNil(t, signer, "signer from GetSignerFromCertFile must not be nil") 124 assert.NotNil(t, cert, "cert from GetSignerFromCertFile must not be nil") 125 } 126 127 cer, err := LoadX509KeyPair(certFile, keyFile, csp) 128 if mustFail == 2 { 129 assert.Error(t, err, "LoadX509KeyPair should had failed") 130 } else { 131 assert.NoError(t, err, "LoadX509KeyPair failed") 132 assert.NotNil(t, cer.Certificate[0], "LoadX509KeyPair cert cannot be nil") 133 } 134 } 135 136 func TestGetSignerFromCertFile(t *testing.T) { 137 t.Run("ec", func(t *testing.T) { 138 testGetSignerFromCertFile(t, filepath.Join("testdata", "ec-key.pem"), filepath.Join("testdata", "ec.pem"), 0) 139 }) 140 t.Run("nokey", func(t *testing.T) { 141 testGetSignerFromCertFile(t, "doesnotexist.pem", filepath.Join("testdata", "ec.pem"), 1) 142 }) 143 t.Run("nocert", func(t *testing.T) { 144 testGetSignerFromCertFile(t, filepath.Join("testdata", "ec-key.pem"), "doesnotexist.pem", 2) 145 }) 146 t.Run("cert4key", func(t *testing.T) { 147 testGetSignerFromCertFile(t, filepath.Join("testdata", "ec.pem"), filepath.Join("testdata", "ec.pem"), 1) 148 }) 149 t.Run("rsa", func(t *testing.T) { 150 testGetSignerFromCertFile(t, filepath.Join("testdata", "rsa-key.pem"), filepath.Join("testdata", "rsa.pem"), 1) 151 }) 152 t.Run("wrongcert", func(t *testing.T) { 153 testGetSignerFromCertFile(t, filepath.Join("testdata", "ec-key.pem"), filepath.Join("testdata", "test.pem"), 2) 154 }) 155 } 156 157 func TestBccspBackedSigner(t *testing.T) { 158 signer, err := BccspBackedSigner("", "", nil, csp) 159 assert.Error(t, err, "BccspBackedSigner should have failed for empty cert") 160 assert.Nil(t, signer, "BccspBackedSigner must be nil for empty cert") 161 162 signer, err = BccspBackedSigner("doesnotexist.pem", "", nil, csp) 163 assert.Error(t, err, "BccspBackedSigner should have failed to load cert") 164 assert.Nil(t, signer, "BccspBackedSigner must be nil for non-existent cert") 165 166 signer, err = BccspBackedSigner(filepath.Join("testdata", "ec.pem"), filepath.Join("testdata", "ec-key.pem"), nil, csp) 167 assert.NoError(t, err, "BccspBackedSigner failed to load certificate") 168 assert.NotNil(t, signer, "BccspBackedSigner should had found cert") 169 } 170 171 func TestGetSignerFromCertInvalidArgs(t *testing.T) { 172 _, _, err := GetSignerFromCert(nil, nil) 173 assert.Error(t, err) 174 assert.Contains(t, err.Error(), "CSP was not initialized") 175 176 _, _, err = GetSignerFromCert(&x509.Certificate{}, csp) 177 assert.Error(t, err) 178 assert.Contains(t, err.Error(), "Failed to import certificate's public key:") 179 assert.Contains(t, err.Error(), "Certificate's public key type not recognized.") 180 }