github.com/yous1230/fabric@v2.0.0-beta.0.20191224111736-74345bee6ac2+incompatible/core/comm/creds_test.go

github.com/yous1230/fabric@v2.0.0-beta.0.20191224111736-74345bee6ac2+incompatible/core/comm/creds_test.go (about)

     1  /*
     2  Copyright IBM Corp. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package comm_test
     8  
     9  import (
    10  	"context"
    11  	"crypto/tls"
    12  	"crypto/x509"
    13  	"io/ioutil"
    14  	"net"
    15  	"path/filepath"
    16  	"sync"
    17  	"testing"
    18  
    19  	"github.com/hyperledger/fabric/common/flogging/floggingtest"
    20  	"github.com/hyperledger/fabric/core/comm"
    21  	"github.com/stretchr/testify/assert"
    22  )
    23  
    24  func TestCreds(t *testing.T) {
    25  	t.Parallel()
    26  
    27  	caPEM, err := ioutil.ReadFile(filepath.Join("testdata", "certs", "Org1-cert.pem"))
    28  	if err != nil {
    29  		t.Fatalf("failed to read root certificate: %v", err)
    30  	}
    31  	certPool := x509.NewCertPool()
    32  	ok := certPool.AppendCertsFromPEM(caPEM)
    33  	if !ok {
    34  		t.Fatalf("failed to create certPool")
    35  	}
    36  	cert, err := tls.LoadX509KeyPair(
    37  		filepath.Join("testdata", "certs", "Org1-server1-cert.pem"),
    38  		filepath.Join("testdata", "certs", "Org1-server1-key.pem"),
    39  	)
    40  	if err != nil {
    41  		t.Fatalf("failed to load TLS certificate [%s]", err)
    42  	}
    43  	tlsConfig := &tls.Config{
    44  		Certificates: []tls.Certificate{cert},
    45  	}
    46  
    47  	logger, recorder := floggingtest.NewTestLogger(t)
    48  
    49  	creds := comm.NewServerTransportCredentials(tlsConfig, logger)
    50  	_, _, err = creds.ClientHandshake(context.Background(), "", nil)
    51  	assert.EqualError(t, err, comm.ErrClientHandshakeNotImplemented.Error())
    52  	err = creds.OverrideServerName("")
    53  	assert.EqualError(t, err, comm.ErrOverrideHostnameNotSupported.Error())
    54  	clone := creds.Clone()
    55  	assert.Equal(t, creds, clone)
    56  	assert.Equal(t, "1.2", creds.Info().SecurityVersion)
    57  	assert.Equal(t, "tls", creds.Info().SecurityProtocol)
    58  
    59  	lis, err := net.Listen("tcp", "localhost:0")
    60  	if err != nil {
    61  		t.Fatalf("failed to start listener [%s]", err)
    62  	}
    63  	defer lis.Close()
    64  
    65  	_, port, err := net.SplitHostPort(lis.Addr().String())
    66  	assert.NoError(t, err)
    67  	addr := net.JoinHostPort("localhost", port)
    68  
    69  	handshake := func(wg *sync.WaitGroup) {
    70  		defer wg.Done()
    71  		conn, err := lis.Accept()
    72  		if err != nil {
    73  			t.Logf("failed to accept connection [%s]", err)
    74  		}
    75  		_, _, err = creds.ServerHandshake(conn)
    76  		if err != nil {
    77  			t.Logf("ServerHandshake error [%s]", err)
    78  		}
    79  	}
    80  
    81  	wg := &sync.WaitGroup{}
    82  	wg.Add(1)
    83  	go handshake(wg)
    84  	_, err = tls.Dial("tcp", addr, &tls.Config{RootCAs: certPool})
    85  	wg.Wait()
    86  	assert.NoError(t, err)
    87  
    88  	wg = &sync.WaitGroup{}
    89  	wg.Add(1)
    90  	go handshake(wg)
    91  	_, err = tls.Dial("tcp", addr, &tls.Config{
    92  		RootCAs:    certPool,
    93  		MaxVersion: tls.VersionTLS10,
    94  	})
    95  	wg.Wait()
    96  	assert.Contains(t, err.Error(), "protocol version not supported")
    97  	assert.Contains(t, recorder.Messages()[0], "TLS handshake failed with error")
    98  }