github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/gossip/comm/crypto_test.go

github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/gossip/comm/crypto_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package comm
    18  
    19  import (
    20  	"crypto/tls"
    21  	"fmt"
    22  	"net"
    23  	"os"
    24  	"sync"
    25  	"testing"
    26  	"time"
    27  
    28  	"github.com/hyperledger/fabric/gossip/util"
    29  	proto "github.com/hyperledger/fabric/protos/gossip"
    30  	"github.com/stretchr/testify/assert"
    31  	"golang.org/x/net/context"
    32  	"google.golang.org/grpc"
    33  	"google.golang.org/grpc/credentials"
    34  )
    35  
    36  type gossipTestServer struct {
    37  	lock           sync.Mutex
    38  	remoteCertHash []byte
    39  	selfCertHash   []byte
    40  	ll             net.Listener
    41  	s              *grpc.Server
    42  }
    43  
    44  func init() {
    45  	util.SetupTestLogging()
    46  }
    47  
    48  func createTestServer(t *testing.T, cert *tls.Certificate) *gossipTestServer {
    49  	tlsConf := &tls.Config{
    50  		Certificates:       []tls.Certificate{*cert},
    51  		ClientAuth:         tls.RequestClientCert,
    52  		InsecureSkipVerify: true,
    53  	}
    54  	s := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConf)))
    55  	ll, err := net.Listen("tcp", fmt.Sprintf("%s:%d", "", 5611))
    56  	assert.NoError(t, err, "%v", err)
    57  
    58  	srv := &gossipTestServer{s: s, ll: ll, selfCertHash: certHashFromRawCert(cert.Certificate[0])}
    59  	proto.RegisterGossipServer(s, srv)
    60  	go s.Serve(ll)
    61  	return srv
    62  }
    63  
    64  func (s *gossipTestServer) stop() {
    65  	s.s.Stop()
    66  	s.ll.Close()
    67  }
    68  
    69  func (s *gossipTestServer) GossipStream(stream proto.Gossip_GossipStreamServer) error {
    70  	s.lock.Lock()
    71  	defer s.lock.Unlock()
    72  	s.remoteCertHash = extractCertificateHashFromContext(stream.Context())
    73  	return nil
    74  }
    75  
    76  func (s *gossipTestServer) getClientCertHash() []byte {
    77  	s.lock.Lock()
    78  	defer s.lock.Unlock()
    79  	return s.remoteCertHash
    80  }
    81  
    82  func (s *gossipTestServer) Ping(context.Context, *proto.Empty) (*proto.Empty, error) {
    83  	return &proto.Empty{}, nil
    84  }
    85  
    86  func TestCertificateExtraction(t *testing.T) {
    87  	err := generateCertificates("key.pem", "cert.pem")
    88  	defer os.Remove("cert.pem")
    89  	defer os.Remove("key.pem")
    90  	assert.NoError(t, err, "%v", err)
    91  	serverCert, err := tls.LoadX509KeyPair("cert.pem", "key.pem")
    92  	assert.NoError(t, err, "%v", err)
    93  
    94  	srv := createTestServer(t, &serverCert)
    95  	defer srv.stop()
    96  
    97  	generateCertificates("key2.pem", "cert2.pem")
    98  	defer os.Remove("cert2.pem")
    99  	defer os.Remove("key2.pem")
   100  	clientCert, err := tls.LoadX509KeyPair("cert2.pem", "key2.pem")
   101  	clientCertHash := certHashFromRawCert(clientCert.Certificate[0])
   102  	assert.NoError(t, err)
   103  	ta := credentials.NewTLS(&tls.Config{
   104  		Certificates:       []tls.Certificate{clientCert},
   105  		InsecureSkipVerify: true,
   106  	})
   107  	assert.NoError(t, err, "%v", err)
   108  	ac := &authCreds{tlsCreds: ta}
   109  	assert.Equal(t, "1.2", ac.Info().SecurityVersion)
   110  	assert.Equal(t, "tls", ac.Info().SecurityProtocol)
   111  	conn, err := grpc.Dial("localhost:5611", grpc.WithTransportCredentials(ac), grpc.WithBlock(), grpc.WithTimeout(time.Second))
   112  	assert.NoError(t, err, "%v", err)
   113  
   114  	cl := proto.NewGossipClient(conn)
   115  	stream, err := cl.GossipStream(context.Background())
   116  	assert.NoError(t, err, "%v", err)
   117  	if err != nil {
   118  		return
   119  	}
   120  
   121  	time.Sleep(time.Second)
   122  	clientSideCertHash := extractCertificateHashFromContext(stream.Context())
   123  	serverSideCertHash := srv.getClientCertHash()
   124  
   125  	assert.NotNil(t, clientSideCertHash)
   126  	assert.NotNil(t, serverSideCertHash)
   127  
   128  	assert.Equal(t, 32, len(clientSideCertHash), "client side cert hash is %v", clientSideCertHash)
   129  	assert.Equal(t, 32, len(serverSideCertHash), "server side cert hash is %v", serverSideCertHash)
   130  
   131  	assert.Equal(t, clientSideCertHash, srv.selfCertHash, "Server self hash isn't equal to client side hash")
   132  	assert.Equal(t, clientCertHash, srv.remoteCertHash, "Server side and client hash aren't equal")
   133  }