github.com/myafeier/fabric@v1.0.1-0.20170722181825-3a4b1f2bce86/gossip/comm/crypto_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package comm
     8  
     9  import (
    10  	"crypto/tls"
    11  	"fmt"
    12  	"net"
    13  	"sync"
    14  	"testing"
    15  	"time"
    16  
    17  	"github.com/hyperledger/fabric/gossip/util"
    18  	proto "github.com/hyperledger/fabric/protos/gossip"
    19  	"github.com/stretchr/testify/assert"
    20  	"golang.org/x/net/context"
    21  	"google.golang.org/grpc"
    22  	"google.golang.org/grpc/credentials"
    23  )
    24  
    25  type gossipTestServer struct {
    26  	lock           sync.Mutex
    27  	remoteCertHash []byte
    28  	selfCertHash   []byte
    29  	ll             net.Listener
    30  	s              *grpc.Server
    31  }
    32  
    33  func init() {
    34  	util.SetupTestLogging()
    35  }
    36  
    37  func createTestServer(t *testing.T, cert *tls.Certificate) *gossipTestServer {
    38  	tlsConf := &tls.Config{
    39  		Certificates:       []tls.Certificate{*cert},
    40  		ClientAuth:         tls.RequestClientCert,
    41  		InsecureSkipVerify: true,
    42  	}
    43  	s := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConf)))
    44  	ll, err := net.Listen("tcp", fmt.Sprintf("%s:%d", "", 5611))
    45  	assert.NoError(t, err, "%v", err)
    46  
    47  	srv := &gossipTestServer{s: s, ll: ll, selfCertHash: certHashFromRawCert(cert.Certificate[0])}
    48  	proto.RegisterGossipServer(s, srv)
    49  	go s.Serve(ll)
    50  	return srv
    51  }
    52  
    53  func (s *gossipTestServer) stop() {
    54  	s.s.Stop()
    55  	s.ll.Close()
    56  }
    57  
    58  func (s *gossipTestServer) GossipStream(stream proto.Gossip_GossipStreamServer) error {
    59  	s.lock.Lock()
    60  	defer s.lock.Unlock()
    61  	s.remoteCertHash = extractCertificateHashFromContext(stream.Context())
    62  	return nil
    63  }
    64  
    65  func (s *gossipTestServer) getClientCertHash() []byte {
    66  	s.lock.Lock()
    67  	defer s.lock.Unlock()
    68  	return s.remoteCertHash
    69  }
    70  
    71  func (s *gossipTestServer) Ping(context.Context, *proto.Empty) (*proto.Empty, error) {
    72  	return &proto.Empty{}, nil
    73  }
    74  
    75  func TestCertificateExtraction(t *testing.T) {
    76  	cert := GenerateCertificatesOrPanic()
    77  	srv := createTestServer(t, &cert)
    78  	defer srv.stop()
    79  
    80  	clientCert := GenerateCertificatesOrPanic()
    81  	clientCertHash := certHashFromRawCert(clientCert.Certificate[0])
    82  	ta := credentials.NewTLS(&tls.Config{
    83  		Certificates:       []tls.Certificate{clientCert},
    84  		InsecureSkipVerify: true,
    85  	})
    86  	conn, err := grpc.Dial("localhost:5611", grpc.WithTransportCredentials(ta), grpc.WithBlock(), grpc.WithTimeout(time.Second))
    87  	assert.NoError(t, err, "%v", err)
    88  
    89  	cl := proto.NewGossipClient(conn)
    90  	stream, err := cl.GossipStream(context.Background())
    91  	assert.NoError(t, err, "%v", err)
    92  	if err != nil {
    93  		return
    94  	}
    95  
    96  	time.Sleep(time.Second)
    97  	clientSideCertHash := extractCertificateHashFromContext(stream.Context())
    98  	serverSideCertHash := srv.getClientCertHash()
    99  
   100  	assert.NotNil(t, clientSideCertHash)
   101  	assert.NotNil(t, serverSideCertHash)
   102  
   103  	assert.Equal(t, 32, len(clientSideCertHash), "client side cert hash is %v", clientSideCertHash)
   104  	assert.Equal(t, 32, len(serverSideCertHash), "server side cert hash is %v", serverSideCertHash)
   105  
   106  	assert.Equal(t, clientSideCertHash, srv.selfCertHash, "Server self hash isn't equal to client side hash")
   107  	assert.Equal(t, clientCertHash, srv.remoteCertHash, "Server side and client hash aren't equal")
   108  }