github.com/tenywen/fabric@v1.0.0-beta.0.20170620030522-a5b1ed380643/gossip/comm/crypto_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package comm 18 19 import ( 20 "crypto/tls" 21 "fmt" 22 "net" 23 "sync" 24 "testing" 25 "time" 26 27 "github.com/hyperledger/fabric/gossip/util" 28 proto "github.com/hyperledger/fabric/protos/gossip" 29 "github.com/stretchr/testify/assert" 30 "golang.org/x/net/context" 31 "google.golang.org/grpc" 32 "google.golang.org/grpc/credentials" 33 ) 34 35 type gossipTestServer struct { 36 lock sync.Mutex 37 remoteCertHash []byte 38 selfCertHash []byte 39 ll net.Listener 40 s *grpc.Server 41 } 42 43 func init() { 44 util.SetupTestLogging() 45 } 46 47 func createTestServer(t *testing.T, cert *tls.Certificate) *gossipTestServer { 48 tlsConf := &tls.Config{ 49 Certificates: []tls.Certificate{*cert}, 50 ClientAuth: tls.RequestClientCert, 51 InsecureSkipVerify: true, 52 } 53 s := grpc.NewServer(grpc.Creds(credentials.NewTLS(tlsConf))) 54 ll, err := net.Listen("tcp", fmt.Sprintf("%s:%d", "", 5611)) 55 assert.NoError(t, err, "%v", err) 56 57 srv := &gossipTestServer{s: s, ll: ll, selfCertHash: certHashFromRawCert(cert.Certificate[0])} 58 proto.RegisterGossipServer(s, srv) 59 go s.Serve(ll) 60 return srv 61 } 62 63 func (s *gossipTestServer) stop() { 64 s.s.Stop() 65 s.ll.Close() 66 } 67 68 func (s *gossipTestServer) GossipStream(stream proto.Gossip_GossipStreamServer) error { 69 s.lock.Lock() 70 defer s.lock.Unlock() 71 s.remoteCertHash = extractCertificateHashFromContext(stream.Context()) 72 return nil 73 } 74 75 func (s *gossipTestServer) getClientCertHash() []byte { 76 s.lock.Lock() 77 defer s.lock.Unlock() 78 return s.remoteCertHash 79 } 80 81 func (s *gossipTestServer) Ping(context.Context, *proto.Empty) (*proto.Empty, error) { 82 return &proto.Empty{}, nil 83 } 84 85 func TestCertificateExtraction(t *testing.T) { 86 cert := GenerateCertificatesOrPanic() 87 srv := createTestServer(t, &cert) 88 defer srv.stop() 89 90 clientCert := GenerateCertificatesOrPanic() 91 clientCertHash := certHashFromRawCert(clientCert.Certificate[0]) 92 ta := credentials.NewTLS(&tls.Config{ 93 Certificates: []tls.Certificate{clientCert}, 94 InsecureSkipVerify: true, 95 }) 96 conn, err := grpc.Dial("localhost:5611", grpc.WithTransportCredentials(ta), grpc.WithBlock(), grpc.WithTimeout(time.Second)) 97 assert.NoError(t, err, "%v", err) 98 99 cl := proto.NewGossipClient(conn) 100 stream, err := cl.GossipStream(context.Background()) 101 assert.NoError(t, err, "%v", err) 102 if err != nil { 103 return 104 } 105 106 time.Sleep(time.Second) 107 clientSideCertHash := extractCertificateHashFromContext(stream.Context()) 108 serverSideCertHash := srv.getClientCertHash() 109 110 assert.NotNil(t, clientSideCertHash) 111 assert.NotNil(t, serverSideCertHash) 112 113 assert.Equal(t, 32, len(clientSideCertHash), "client side cert hash is %v", clientSideCertHash) 114 assert.Equal(t, 32, len(serverSideCertHash), "server side cert hash is %v", serverSideCertHash) 115 116 assert.Equal(t, clientSideCertHash, srv.selfCertHash, "Server self hash isn't equal to client side hash") 117 assert.Equal(t, clientCertHash, srv.remoteCertHash, "Server side and client hash aren't equal") 118 }