github.com/hxx258456/fabric-ca-gm@v0.0.3-0.20221111064038-a268ad7e3a37/test/integration/certexpiry/certexpiry_test.go (about) 1 /* 2 Copyright IBM Corp. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package defserver 8 9 import ( 10 "fmt" 11 "os" 12 "testing" 13 "time" 14 15 log "gitee.com/zhaochuninhefei/zcgolog/zclog" 16 "github.com/hxx258456/cfssl-gm/config" 17 "github.com/hxx258456/fabric-ca-gm/cmd/fabric-ca-client/command" 18 "github.com/hxx258456/fabric-ca-gm/internal/pkg/util" 19 "github.com/hxx258456/fabric-ca-gm/lib" 20 "github.com/hxx258456/fabric-ca-gm/lib/metadata" 21 ) 22 23 const ( 24 cmdName = "fabric-ca-client" 25 ) 26 27 var ( 28 defaultServer *lib.Server 29 defaultServerPort = 7055 30 defaultServerEnrollURL = fmt.Sprintf("http://admin:adminpw@localhost:%d", defaultServerPort) 31 defaultServerHomeDir = "certExpiryServerDir" 32 storeCertsDir = "/tmp/testCertsCertExpiry" 33 clientCAHome = "/tmp/certExpiryCaHome" 34 ) 35 36 func TestMain(m *testing.M) { 37 var err error 38 39 metadata.Version = "1.1.0" 40 os.Setenv("FABRIC_CA_SERVER_SIGNING_DEFAULT_EXPIRY", "1m") 41 os.Setenv("FABRIC_CA_CLIENT_HOME", clientCAHome) 42 43 os.RemoveAll(defaultServerHomeDir) 44 os.RemoveAll(storeCertsDir) 45 os.RemoveAll(clientCAHome) 46 defaultServer, err = getDefaultServer() 47 if err != nil { 48 log.Errorf("Failed to get instance of server: %s", err) 49 os.Exit(1) 50 } 51 52 err = defaultServer.Start() 53 if err != nil { 54 log.Errorf("Failed to start server: %s", err) 55 os.Exit(1) 56 } 57 58 rc := m.Run() 59 60 err = defaultServer.Stop() 61 if err != nil { 62 log.Errorf("Failed to stop server: %s, integration test results: %d", err, rc) 63 os.Exit(1) 64 } 65 66 os.RemoveAll(defaultServerHomeDir) 67 os.RemoveAll(storeCertsDir) 68 os.RemoveAll(clientCAHome) 69 os.Exit(rc) 70 } 71 72 func TestReenrollExpiredCert(t *testing.T) { 73 var err error 74 75 // Enroll a user that will be used for subsequent certificate commands 76 err = command.RunMain([]string{cmdName, "enroll", "-u", defaultServerEnrollURL, "-d"}) 77 util.FatalError(t, err, "Failed to enroll user") 78 79 // Register a new user 80 err = command.RunMain([]string{cmdName, "register", "-u", defaultServerEnrollURL, "-d", "--csr.keyrequest.reusekey", "--id.name", "user1", "--id.secret", "user1pw", "--id.type", "client"}) 81 util.FatalError(t, err, "Failed to register new user1") 82 83 userServiceEnrollURL := fmt.Sprintf("http://user1:user1pw@localhost:%d", defaultServerPort) 84 85 // Enroll and then reenroll to check 86 err = command.RunMain([]string{cmdName, "enroll", "-u", userServiceEnrollURL, "-d"}) 87 util.FatalError(t, err, "Failed to enroll user1") 88 89 err = command.RunMain([]string{cmdName, "reenroll", "-u", userServiceEnrollURL, "-d", "--csr.keyrequest.reusekey"}) 90 util.FatalError(t, err, "Failed to reenroll user1") 91 92 log.Infof("Tested re-enroll of id, waiting for cert to expiry before testing re-enroll\n") 93 time.Sleep(2 * time.Minute) 94 95 // within the setting in the CA config reenrollIgnoreCertExpiry this call would normally fail 96 err = command.RunMain([]string{cmdName, "reenroll", "-u", userServiceEnrollURL, "-d", "--csr.keyrequest.reusekey"}) 97 util.FatalError(t, err, "Failed to reenroll user1 %s", time.Now()) 98 } 99 100 func getDefaultServer() (*lib.Server, error) { 101 affiliations := map[string]interface{}{ 102 "hyperledger": map[string]interface{}{ 103 "fabric": []string{"ledger", "orderer", "security"}, 104 "fabric-ca": nil, 105 "sdk": nil, 106 }, 107 "org2": []string{"dept1"}, 108 "org1": nil, 109 "org2dept1": nil, 110 } 111 profiles := map[string]*config.SigningProfile{ 112 "tls": &config.SigningProfile{ 113 Usage: []string{"signing", "key encipherment", "server auth", "client auth", "key agreement"}, 114 ExpiryString: "1m", 115 }, 116 "ca": &config.SigningProfile{ 117 Usage: []string{"cert sign", "crl sign"}, 118 ExpiryString: "1m", 119 CAConstraint: config.CAConstraint{ 120 IsCA: true, 121 MaxPathLen: 0, 122 }, 123 }, 124 } 125 defaultProfile := &config.SigningProfile{ 126 Usage: []string{"cert sign"}, 127 ExpiryString: "1m", 128 Expiry: time.Minute * 1, // set to force certs to expiry quickly 129 } 130 srv := &lib.Server{ 131 Config: &lib.ServerConfig{ 132 Port: defaultServerPort, 133 Debug: true, 134 }, 135 CA: lib.CA{ 136 Config: &lib.CAConfig{ 137 Intermediate: lib.IntermediateCA{ 138 ParentServer: lib.ParentServer{ 139 URL: "", 140 }, 141 }, 142 CA: lib.CAInfo{ 143 ReenrollIgnoreCertExpiry: true, 144 }, 145 Affiliations: affiliations, 146 Registry: lib.CAConfigRegistry{ 147 MaxEnrollments: -1, 148 }, 149 Signing: &config.Signing{ 150 Profiles: profiles, 151 Default: defaultProfile, 152 }, 153 Version: "1.1.0", // The default test server/ca should use the latest version 154 }, 155 }, 156 HomeDir: defaultServerHomeDir, 157 } 158 // The bootstrap user's affiliation is the empty string, which 159 // means the user is at the affiliation root 160 err := srv.RegisterBootstrapUser("admin", "adminpw", "") 161 if err != nil { 162 return nil, err 163 } 164 return srv, nil 165 }