github.com/tw-bc-group/fabric-ca@v2.0.0-alpha+incompatible/util/csp_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package util_test 18 19 import ( 20 "crypto/x509" 21 "errors" 22 "os" 23 "testing" 24 25 "github.com/cloudflare/cfssl/csr" 26 . "github.com/hyperledger/fabric-ca/util" 27 "github.com/hyperledger/fabric-ca/util/mocks" 28 "github.com/hyperledger/fabric/bccsp" 29 "github.com/hyperledger/fabric/bccsp/factory" 30 "github.com/stretchr/testify/assert" 31 ) 32 33 var csp bccsp.BCCSP 34 35 func TestGetBCCSPFromOpts(t *testing.T) { 36 opts := factory.GetDefaultOpts() 37 opts.SwOpts.FileKeystore = &factory.FileKeystoreOpts{KeyStorePath: os.TempDir()} 38 opts.SwOpts.Ephemeral = false 39 var err error 40 csp, err = factory.GetBCCSPFromOpts(opts) 41 if err != nil { 42 t.Errorf("Could not initialize BCCSP Factories [%s]", err) 43 } 44 } 45 46 func testKeyGenerate(t *testing.T, kr csr.KeyRequest, mustFail bool) { 47 req := csr.CertificateRequest{ 48 KeyRequest: kr, 49 } 50 51 key, cspSigner, err := BCCSPKeyRequestGenerate(&req, csp) 52 if mustFail { 53 if err == nil { 54 t.Fatalf("BCCSPKeyRequestGenerate should had failed") 55 } 56 } else { 57 if err != nil { 58 t.Fatalf("BCCSPKeyRequestGenerate failed: %s", err) 59 } 60 if key == nil { 61 t.Fatalf("BCCSPKeyRequestGenerate key cannot be nil") 62 } 63 if cspSigner == nil { 64 t.Fatalf("BCCSPKeyRequestGenerate cspSigner cannot be nil") 65 } 66 } 67 } 68 69 func TestGetDefaultBCCSP(t *testing.T) { 70 csp := GetDefaultBCCSP() 71 if csp == nil { 72 t.Fatal("Failed to get default BCCSP") 73 } 74 } 75 76 func TestInitBCCSP(t *testing.T) { 77 mspDir := "msp" 78 var opts *factory.FactoryOpts 79 _, err := InitBCCSP(&opts, "", mspDir) 80 if err != nil { 81 t.Fatalf("Failed initialization 1 of BCCSP: %s", err) 82 } 83 cfg := &factory.FactoryOpts{ProviderName: "SW"} 84 _, err = InitBCCSP(&cfg, "msp2", mspDir) 85 if err != nil { 86 t.Fatalf("Failed initialization 2 of BCCSP: %s", err) 87 } 88 _, err = InitBCCSP(nil, "", mspDir) 89 if err == nil { 90 t.Fatalf("Initialization 3 of BCCSP should have failed but did not") 91 } 92 } 93 94 func TestKeyGenerate(t *testing.T) { 95 t.Run("256", func(t *testing.T) { testKeyGenerate(t, csr.NewBasicKeyRequest(), false) }) 96 t.Run("384", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "ecdsa", S: 384}, false) }) 97 t.Run("521", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "ecdsa", S: 521}, true) }) 98 t.Run("521", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "ecdsa", S: 224}, true) }) 99 t.Run("512", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 512}, true) }) 100 t.Run("1024", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 1024}, true) }) 101 t.Run("2048", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 2048}, false) }) 102 t.Run("3072", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 3072}, false) }) 103 t.Run("4096", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 4096}, false) }) 104 t.Run("4097", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 4097}, true) }) 105 t.Run("10000", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{A: "rsa", S: 10000}, true) }) 106 t.Run("empty", func(t *testing.T) { testKeyGenerate(t, &csr.BasicKeyRequest{}, true) }) 107 t.Run("nil", func(t *testing.T) { testKeyGenerate(t, nil, false) }) 108 } 109 110 func testGetSignerFromCertFile(t *testing.T, keyFile, certFile string, mustFail int) { 111 key, err := ImportBCCSPKeyFromPEM(keyFile, csp, false) 112 if mustFail == 1 { 113 if err == nil { 114 t.Fatalf("ImportBCCSPKeyFromPEM should had failed") 115 } 116 return 117 } 118 119 if err != nil { 120 t.Fatalf("ImportBCCSPKeyFromPEM failed: %s", err) 121 } 122 if key == nil { 123 t.Fatalf("ImportBCCSPKeyFromPEM key cannot be nil") 124 } 125 126 key, signer, cert, err := GetSignerFromCertFile(certFile, csp) 127 if mustFail == 2 { 128 if err == nil { 129 t.Fatalf("ImportBCCSPKeyFromPEM should had failed") 130 } 131 } else { 132 if err != nil { 133 t.Fatalf("GetSignerFromCertFile failed: %s", err) 134 } 135 if key == nil { 136 t.Fatalf("GetSignerFromCertFile key cannot be nil") 137 } 138 if signer == nil { 139 t.Fatalf("GetSignerFromCertFile signer cannot be nil") 140 } 141 if cert == nil { 142 t.Fatalf("GetSignerFromCertFile cert cannot be nil") 143 } 144 } 145 146 cer, err := LoadX509KeyPair(certFile, keyFile, csp) 147 if mustFail == 2 { 148 if err == nil { 149 t.Fatalf("LoadX509KeyPair should had failed") 150 } 151 } else { 152 if err != nil { 153 t.Fatalf("LoadX509KeyPair failed: %s", err) 154 } 155 if cer.Certificate[0] == nil { 156 t.Fatalf("LoadX509KeyPair cert cannot be nil") 157 } 158 } 159 } 160 161 func TestGetSignerFromCertFile(t *testing.T) { 162 t.Run("ec", func(t *testing.T) { 163 testGetSignerFromCertFile(t, "../testdata/ec-key.pem", "../testdata/ec.pem", 0) 164 }) 165 t.Run("nokey", func(t *testing.T) { 166 testGetSignerFromCertFile(t, "doesnotexist.pem", "../testdata/ec.pem", 1) 167 }) 168 t.Run("nocert", func(t *testing.T) { 169 testGetSignerFromCertFile(t, "../testdata/ec-key.pem", "doesnotexist.pem", 2) 170 }) 171 t.Run("cert4key", func(t *testing.T) { 172 testGetSignerFromCertFile(t, "../testdata/ec.pem", "../testdata/ec.pem", 1) 173 }) 174 t.Run("rsa", func(t *testing.T) { 175 testGetSignerFromCertFile(t, "../testdata/rsa-key.pem", "../testdata/rsa.pem", 1) 176 }) 177 t.Run("wrongcert", func(t *testing.T) { 178 testGetSignerFromCertFile(t, "../testdata/ec-key.pem", "../testdata/test.pem", 2) 179 }) 180 } 181 182 func TestBccspBackedSigner(t *testing.T) { 183 signer, err := BccspBackedSigner("", "", nil, csp) 184 if signer != nil { 185 t.Fatalf("BccspBackedSigner should not be valid for empty cert: %s", err) 186 } 187 188 signer, err = BccspBackedSigner("doesnotexist.pem", "", nil, csp) 189 if err == nil { 190 t.Fatal("BccspBackedSigner should had failed to load cert") 191 } 192 if signer != nil { 193 t.Fatal("BccspBackedSigner should not be valid for non-existent cert") 194 } 195 196 signer, err = BccspBackedSigner("../testdata/ec.pem", "../testdata/ec-key.pem", nil, csp) 197 if signer == nil { 198 t.Fatalf("BccspBackedSigner should had found cert: %s", err) 199 } 200 } 201 202 func TestGetSignerFromCertInvalidArgs(t *testing.T) { 203 _, _, err := GetSignerFromCert(nil, nil) 204 assert.Error(t, err) 205 assert.Contains(t, err.Error(), "CSP was not initialized") 206 207 csp := &mocks.BCCSP{} 208 csp.On("KeyImport", (*x509.Certificate)(nil), &bccsp.X509PublicKeyImportOpts{Temporary: true}).Return(bccsp.Key(nil), errors.New("mock key import error")) 209 _, _, err = GetSignerFromCert(nil, csp) 210 assert.Error(t, err) 211 assert.Contains(t, err.Error(), "Failed to import certificate's public key: mock key import error") 212 } 213 214 func TestClean(t *testing.T) { 215 os.RemoveAll("csp") 216 }