github.com/kaituanwang/hyperledger@v2.0.1+incompatible/msp/mspimplsetup_test.go

github.com/kaituanwang/hyperledger@v2.0.1+incompatible/msp/mspimplsetup_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package msp
     8  
     9  import (
    10  	"crypto/x509"
    11  	"testing"
    12  
    13  	"github.com/hyperledger/fabric-protos-go/msp"
    14  
    15  	"github.com/onsi/gomega"
    16  )
    17  
    18  var (
    19  	caCert = `-----BEGIN CERTIFICATE-----
    20  MIIB8jCCAZigAwIBAgIRANxd4D3sY0656NqOh8Rha0AwCgYIKoZIzj0EAwIwWDEL
    21  MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
    22  cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTcwNTA4
    23  MDkzMDM0WhcNMjcwNTA2MDkzMDM0WjBYMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
    24  Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMET3Jn
    25  MjENMAsGA1UEAxMET3JnMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDYy+qzS
    26  J/8CMfhpBFhUhhz+7up4+lwjBWDSS01koszNh8camHTA8vS4ZsN+DZ2DRsSmRZgs
    27  tG2oogLLIdh6Z1CjQzBBMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUA
    28  MA8GA1UdEwEB/wQFMAMBAf8wDQYDVR0OBAYEBAECAwQwCgYIKoZIzj0EAwIDSAAw
    29  RQIgWnMmH0yxAjub3qfzxQioHKQ8+WvUjAXm0ejId9Q+rDICIQDr30UCPj+SXzOb
    30  Cu4psMMBfLujKoiBNdLE1KEpt8lN1g==
    31  -----END CERTIFICATE-----`
    32  
    33  	nonCACert = `-----BEGIN CERTIFICATE-----
    34  MIICNjCCAd2gAwIBAgIRAMnf9/dmV9RvCCVw9pZQUfUwCgYIKoZIzj0EAwIwgYEx
    35  CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g
    36  RnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQwwCgYDVQQLEwND
    37  T1AxHDAaBgNVBAMTE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTcxMTEyMTM0MTEx
    38  WhcNMjcxMTEwMTM0MTExWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
    39  cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEMMAoGA1UECxMDQ09QMR8wHQYD
    40  VQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D
    41  AQcDQgAEZ8S4V71OBJpyMIVZdwYdFXAckItrpvSrCf0HQg40WW9XSoOOO76I+Umf
    42  EkmTlIJXP7/AyRRSRU38oI8Ivtu4M6NNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1Ud
    43  EwEB/wQCMAAwKwYDVR0jBCQwIoAginORIhnPEFZUhXm6eWBkm7K7Zc8R4/z7LW4H
    44  ossDlCswCgYIKoZIzj0EAwIDRwAwRAIgVikIUZzgfuFsGLQHWJUVJCU7pDaETkaz
    45  PzFgsCiLxUACICgzJYlW7nvZxP7b6tbeu3t8mrhMXQs956mD4+BoKuNI
    46  -----END CERTIFICATE-----`
    47  
    48  	caWithoutSKI = `-----BEGIN CERTIFICATE-----
    49  MIIDVjCCAj6gAwIBAgIJAKsK4xHz4yA2MA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNV
    50  BAYTAlVTMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
    51  aWRnaXRzIFB0eSBMdGQxFDASBgNVBAMMC2ZhYnJpYy50ZXN0MB4XDTE4MTExNTE5
    52  MTA1MloXDTI5MTAyODE5MTA1MlowWzELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNv
    53  bWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEUMBIG
    54  A1UEAwwLZmFicmljLnRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
    55  AQDjpNeST0vgoT+MNTFiI6pB6cCXlF5drW+b3BVlGYtvRK7y6szSV+XH46kxyGt3
    56  038tuVUOuPTyc40LxWQngGO8H5zwRYV5ELu57cfeLnI9MArOF4mUSQ5lkrG7zq4F
    57  neDDSYWGfItetsNc75ut+HiN0KK6gZ1xMG7Op8mFCwlVvDCJ8tJjhltwta3ZbDIC
    58  eLeNYtqvyZul+bNRIw883XXY1hBW8BW+tW0r0YTQPdXEwp/yEBkZhhkCmkt1l0tM
    59  utfkxFsUM1kWqqG/NUuz7BqQ9FL59btXeYirD3+njLTERNdzDMEAn2aOgVwWAnye
    60  KnOZ1P51T+YJAgTyQilf7py9AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
    61  BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCBtomvDwLqQh89IfjPpbwOduQDWyqp
    62  BxGIlSNBaZkHR9WlnzRl13HZ4JklsaT/DRhKcnB5EuUHMHKUdPuhjx94F51WxlYc
    63  f0wttSk8l5LfPAvLfL3/NwTT2YcyICA0glWF4D8FDUPKRTiOerR9KByrn4ktIjzd
    64  vpx58pjg15TqKgrZF2h+TJ5jFa48O1wBvtMhP8WL6/6O+NjOEP56UnXPGie/3HLC
    65  yvhEkMILRkzGUfd091cpuNxd+aGA37mZbwc+8UBpYbZFhq3NORL8zSxUQLzm1NcV
    66  U98sznvJPRCkRiwYp5L9C5Xq72CHG/3M6cmoN0Cl0xjZicfpfnZSA/ix
    67  -----END CERTIFICATE-----`
    68  )
    69  
    70  func TestTLSCAValidation(t *testing.T) {
    71  	gt := gomega.NewGomegaWithT(t)
    72  
    73  	t.Run("GoodCert", func(t *testing.T) {
    74  		mspImpl := &bccspmsp{
    75  			opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
    76  		}
    77  
    78  		err := mspImpl.setupTLSCAs(&msp.FabricMSPConfig{
    79  			TlsRootCerts: [][]byte{[]byte(caCert)},
    80  		})
    81  		gt.Expect(err).NotTo(gomega.HaveOccurred())
    82  	})
    83  
    84  	t.Run("NonCACert", func(t *testing.T) {
    85  		mspImpl := &bccspmsp{
    86  			opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
    87  		}
    88  
    89  		err := mspImpl.setupTLSCAs(&msp.FabricMSPConfig{
    90  			TlsRootCerts: [][]byte{[]byte(nonCACert)},
    91  		})
    92  		gt.Expect(err).To(gomega.MatchError("CA Certificate did not have the CA attribute, (SN: c9dff7f76657d46f082570f6965051f5)"))
    93  	})
    94  
    95  	t.Run("NoSKICert", func(t *testing.T) {
    96  		mspImpl := &bccspmsp{
    97  			opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
    98  		}
    99  
   100  		err := mspImpl.setupTLSCAs(&msp.FabricMSPConfig{
   101  			TlsRootCerts: [][]byte{[]byte(caWithoutSKI)},
   102  		})
   103  		gt.Expect(err).To(gomega.MatchError("CA Certificate problem with Subject Key Identifier extension, (SN: ab0ae311f3e32036): subjectKeyIdentifier not found in certificate"))
   104  	})
   105  }
   106  
   107  func TestCAValidation(t *testing.T) {
   108  	gt := gomega.NewGomegaWithT(t)
   109  
   110  	t.Run("GoodCert", func(t *testing.T) {
   111  		mspImpl := &bccspmsp{
   112  			opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
   113  		}
   114  		cert, err := mspImpl.getCertFromPem([]byte(caCert))
   115  		gt.Expect(err).NotTo(gomega.HaveOccurred())
   116  
   117  		mspImpl.opts.Roots.AddCert(cert)
   118  		mspImpl.rootCerts = []Identity{&identity{cert: cert}}
   119  
   120  		err = mspImpl.finalizeSetupCAs()
   121  		gt.Expect(err).NotTo(gomega.HaveOccurred())
   122  	})
   123  
   124  	t.Run("NonCACert", func(t *testing.T) {
   125  		mspImpl := &bccspmsp{
   126  			opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
   127  		}
   128  		cert, err := mspImpl.getCertFromPem([]byte(nonCACert))
   129  		gt.Expect(err).NotTo(gomega.HaveOccurred())
   130  
   131  		mspImpl.opts.Roots.AddCert(cert)
   132  		mspImpl.rootCerts = []Identity{&identity{cert: cert}}
   133  
   134  		err = mspImpl.finalizeSetupCAs()
   135  		gt.Expect(err).To(gomega.MatchError("CA Certificate did not have the CA attribute, (SN: c9dff7f76657d46f082570f6965051f5)"))
   136  	})
   137  
   138  	t.Run("NoSKICert", func(t *testing.T) {
   139  		mspImpl := &bccspmsp{
   140  			opts: &x509.VerifyOptions{Roots: x509.NewCertPool(), Intermediates: x509.NewCertPool()},
   141  		}
   142  		cert, err := mspImpl.getCertFromPem([]byte(caWithoutSKI))
   143  		gt.Expect(err).NotTo(gomega.HaveOccurred())
   144  
   145  		mspImpl.opts.Roots.AddCert(cert)
   146  		mspImpl.rootCerts = []Identity{&identity{cert: cert}}
   147  
   148  		err = mspImpl.finalizeSetupCAs()
   149  		gt.Expect(err).To(gomega.MatchError("CA Certificate problem with Subject Key Identifier extension, (SN: ab0ae311f3e32036): subjectKeyIdentifier not found in certificate"))
   150  	})
   151  }