github.com/simranvc/fabric-ca@v0.0.0-20191030094829-acc364294dde/lib/serverrevoke_test.go

github.com/simranvc/fabric-ca@v0.0.0-20191030094829-acc364294dde/lib/serverrevoke_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package lib
     8  
     9  import (
    10  	"os"
    11  	"testing"
    12  
    13  	"github.com/hyperledger/fabric-ca/api"
    14  	"github.com/hyperledger/fabric-ca/util"
    15  	"github.com/stretchr/testify/assert"
    16  )
    17  
    18  func TestParseInput(t *testing.T) {
    19  	input := "01:AA:22:bb"
    20  
    21  	parsedInput := parseInput(input)
    22  
    23  	assert.NotContains(t, parsedInput, ":", "failed to correctly remove colons from input")
    24  	assert.NotEqual(t, string(parsedInput[0]), "0", "failed to correctly remove leading zeros from input")
    25  	assert.NotContains(t, parsedInput, "AA", "failed to correctly lowercase capital letters")
    26  }
    27  
    28  func TestIdemixCredRevokedUser(t *testing.T) {
    29  	srv := TestGetRootServer(t)
    30  	err := srv.Start()
    31  	util.FatalError(t, err, "Failed to start server")
    32  	defer srv.Stop()
    33  	defer os.RemoveAll(rootDir)
    34  	defer os.RemoveAll(rootClientDir)
    35  
    36  	c := TestGetRootClient()
    37  	req := &api.EnrollmentRequest{
    38  		Name:   "admin",
    39  		Secret: "adminpw",
    40  	}
    41  
    42  	enrollResp, err := c.Enroll(req)
    43  	util.FatalError(t, err, "Failed to enroll 'admin'")
    44  	admin := enrollResp.Identity
    45  
    46  	_, err = admin.Register(&api.RegistrationRequest{
    47  		Name:   "user1",
    48  		Secret: "user1pw",
    49  	})
    50  	util.FatalError(t, err, "Failed to register 'user1' by 'admin' user")
    51  
    52  	// Enroll a user to get back Idemix credential
    53  	req.Name = "user1"
    54  	req.Secret = "user1pw"
    55  	req.Type = "idemix"
    56  
    57  	enrollIdmixResp, err := c.Enroll(req)
    58  	util.FatalError(t, err, "Failed to enroll 'user1'")
    59  	idemixUser := enrollIdmixResp.Identity
    60  
    61  	// Revoke the user that only posses an Idemix credential
    62  	_, err = admin.Revoke(&api.RevocationRequest{
    63  		Name: "user1",
    64  	})
    65  	util.FatalError(t, err, "Failed to revoke 'user1' by 'admin' user")
    66  
    67  	// Revoked user should not be able to make requests to the Fabric CA server
    68  	_, err = idemixUser.Register(&api.RegistrationRequest{
    69  		Name:   "user2",
    70  		Secret: "user2pw",
    71  	})
    72  	t.Log("Error: ", err)
    73  	util.ErrorContains(t, err, "71", "Revoked user with only Idemix credential, should not be able to make requests to the server")
    74  }
    75  
    76  // Test to make sure the UpdateNextandLastHandle SQL statement executes currently agains a database
    77  func TestUpdatingRevocationHandleQuery(t *testing.T) {
    78  	srv := TestGetRootServer(t)
    79  	srv.CA.Config.Idemix.RHPoolSize = 5
    80  	err := srv.Start()
    81  	util.FatalError(t, err, "Failed to start server")
    82  	defer srv.Stop()
    83  	defer os.RemoveAll(rootDir)
    84  
    85  	c := TestGetRootClient()
    86  	req := &api.EnrollmentRequest{
    87  		Name:   "admin",
    88  		Secret: "adminpw",
    89  		Type:   "idemix",
    90  	}
    91  
    92  	// Exhaust the RHPoolSize, trigging updating the database with a new revocation handle
    93  	for i := 1; i <= 6; i++ {
    94  		_, err := c.Enroll(req)
    95  		assert.NoError(t, err, "Failed to enroll 'admin'")
    96  	}
    97  }
    98  
    99  func TestRevokeSelf(t *testing.T) {
   100  	var err error
   101  	srv := TestGetRootServer(t)
   102  	err = srv.Start()
   103  	util.FatalError(t, err, "Failed to start server")
   104  	defer srv.Stop()
   105  	defer os.RemoveAll("rootDir")
   106  	defer os.RemoveAll("../testdata/msp")
   107  
   108  	client := getTestClient(7075)
   109  	resp, err := client.Enroll(&api.EnrollmentRequest{
   110  		Name:   "admin",
   111  		Secret: "adminpw",
   112  	})
   113  	util.FatalError(t, err, "Failed to enroll user 'admin'")
   114  
   115  	admin := resp.Identity
   116  	name := "testuser"
   117  	password := "password"
   118  	_, err = admin.Register(&api.RegistrationRequest{
   119  		Name:   name,
   120  		Secret: password,
   121  	})
   122  	util.FatalError(t, err, "Failed to register user 'testuser'")
   123  
   124  	resp, err = client.Enroll(&api.EnrollmentRequest{
   125  		Name:   name,
   126  		Secret: password,
   127  	})
   128  	util.FatalError(t, err, "Failed to enroll user 'testuser'")
   129  	testuser := resp.Identity
   130  
   131  	db := srv.CA.CertDBAccessor()
   132  	cert, err := db.GetCertificatesByID("testuser")
   133  	util.FatalError(t, err, "Failed to get certificvate for 'testuser'")
   134  
   135  	_, err = testuser.Revoke(&api.RevocationRequest{
   136  		Serial: cert[0].Serial,
   137  		AKI:    cert[0].AKI,
   138  	})
   139  	assert.NoError(t, err, "Failed to revoke one's own certificate using serial and AKI")
   140  
   141  	resp, err = client.Enroll(&api.EnrollmentRequest{
   142  		Name:   name,
   143  		Secret: password,
   144  	})
   145  	util.FatalError(t, err, "Failed to enroll user 'testuser'")
   146  	testuser = resp.Identity
   147  
   148  	_, err = testuser.RevokeSelf()
   149  	assert.NoError(t, err, "Failed to revoke one self")
   150  }