go_study/fabric-main/internal/cryptogen/msp/msp_test.go

223 lines
8.0 KiB
Go

/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package msp_test
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
"github.com/hyperledger/fabric/internal/cryptogen/ca"
"github.com/hyperledger/fabric/internal/cryptogen/msp"
fabricmsp "github.com/hyperledger/fabric/msp"
"github.com/stretchr/testify/require"
"gopkg.in/yaml.v2"
)
const (
testCAOrg = "example.com"
testCAName = "ca" + "." + testCAOrg
testName = "peer0"
testCountry = "US"
testProvince = "California"
testLocality = "San Francisco"
testOrganizationalUnit = "Hyperledger Fabric"
testStreetAddress = "testStreetAddress"
testPostalCode = "123456"
)
var testDir = filepath.Join(os.TempDir(), "msp-test")
func testGenerateLocalMSP(t *testing.T, nodeOUs bool) {
cleanup(testDir)
err := msp.GenerateLocalMSP(testDir, testName, nil, &ca.CA{}, &ca.CA{}, msp.PEER, nodeOUs)
require.Error(t, err, "Empty CA should have failed")
caDir := filepath.Join(testDir, "ca")
tlsCADir := filepath.Join(testDir, "tlsca")
mspDir := filepath.Join(testDir, "msp")
tlsDir := filepath.Join(testDir, "tls")
// generate signing CA
signCA, err := ca.NewCA(caDir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
require.NoError(t, err, "Error generating CA")
// generate TLS CA
tlsCA, err := ca.NewCA(tlsCADir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
require.NoError(t, err, "Error generating CA")
require.NotEmpty(t, signCA.SignCert.Subject.Country, "country cannot be empty.")
require.Equal(t, testCountry, signCA.SignCert.Subject.Country[0], "Failed to match country")
require.NotEmpty(t, signCA.SignCert.Subject.Province, "province cannot be empty.")
require.Equal(t, testProvince, signCA.SignCert.Subject.Province[0], "Failed to match province")
require.NotEmpty(t, signCA.SignCert.Subject.Locality, "locality cannot be empty.")
require.Equal(t, testLocality, signCA.SignCert.Subject.Locality[0], "Failed to match locality")
require.NotEmpty(t, signCA.SignCert.Subject.OrganizationalUnit, "organizationalUnit cannot be empty.")
require.Equal(t, testOrganizationalUnit, signCA.SignCert.Subject.OrganizationalUnit[0], "Failed to match organizationalUnit")
require.NotEmpty(t, signCA.SignCert.Subject.StreetAddress, "streetAddress cannot be empty.")
require.Equal(t, testStreetAddress, signCA.SignCert.Subject.StreetAddress[0], "Failed to match streetAddress")
require.NotEmpty(t, signCA.SignCert.Subject.PostalCode, "postalCode cannot be empty.")
require.Equal(t, testPostalCode, signCA.SignCert.Subject.PostalCode[0], "Failed to match postalCode")
// generate local MSP for nodeType=PEER
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.PEER, nodeOUs)
require.NoError(t, err, "Failed to generate local MSP")
// check to see that the right files were generated/saved
mspFiles := []string{
filepath.Join(mspDir, "cacerts", testCAName+"-cert.pem"),
filepath.Join(mspDir, "tlscacerts", testCAName+"-cert.pem"),
filepath.Join(mspDir, "keystore"),
filepath.Join(mspDir, "signcerts", testName+"-cert.pem"),
}
if nodeOUs {
mspFiles = append(mspFiles, filepath.Join(mspDir, "config.yaml"))
} else {
mspFiles = append(mspFiles, filepath.Join(mspDir, "admincerts", testName+"-cert.pem"))
}
tlsFiles := []string{
filepath.Join(tlsDir, "ca.crt"),
filepath.Join(tlsDir, "server.key"),
filepath.Join(tlsDir, "server.crt"),
}
for _, file := range mspFiles {
require.Equal(t, true, checkForFile(file),
"Expected to find file "+file)
}
for _, file := range tlsFiles {
require.Equal(t, true, checkForFile(file),
"Expected to find file "+file)
}
// generate local MSP for nodeType=CLIENT
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.CLIENT, nodeOUs)
require.NoError(t, err, "Failed to generate local MSP")
// check all
for _, file := range mspFiles {
require.Equal(t, true, checkForFile(file),
"Expected to find file "+file)
}
for _, file := range tlsFiles {
require.Equal(t, true, checkForFile(file),
"Expected to find file "+file)
}
tlsCA.Name = "test/fail"
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.CLIENT, nodeOUs)
require.Error(t, err, "Should have failed with CA name 'test/fail'")
signCA.Name = "test/fail"
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.ORDERER, nodeOUs)
require.Error(t, err, "Should have failed with CA name 'test/fail'")
t.Log(err)
cleanup(testDir)
}
func TestGenerateLocalMSPWithNodeOU(t *testing.T) {
testGenerateLocalMSP(t, true)
}
func TestGenerateLocalMSPWithoutNodeOU(t *testing.T) {
testGenerateLocalMSP(t, false)
}
func testGenerateVerifyingMSP(t *testing.T, nodeOUs bool) {
caDir := filepath.Join(testDir, "ca")
tlsCADir := filepath.Join(testDir, "tlsca")
mspDir := filepath.Join(testDir, "msp")
// generate signing CA
signCA, err := ca.NewCA(caDir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
require.NoError(t, err, "Error generating CA")
// generate TLS CA
tlsCA, err := ca.NewCA(tlsCADir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
require.NoError(t, err, "Error generating CA")
err = msp.GenerateVerifyingMSP(mspDir, signCA, tlsCA, nodeOUs)
require.NoError(t, err, "Failed to generate verifying MSP")
// check to see that the right files were generated/saved
files := []string{
filepath.Join(mspDir, "cacerts", testCAName+"-cert.pem"),
filepath.Join(mspDir, "tlscacerts", testCAName+"-cert.pem"),
}
if nodeOUs {
files = append(files, filepath.Join(mspDir, "config.yaml"))
} else {
files = append(files, filepath.Join(mspDir, "admincerts", testCAName+"-cert.pem"))
}
for _, file := range files {
require.Equal(t, true, checkForFile(file),
"Expected to find file "+file)
}
tlsCA.Name = "test/fail"
err = msp.GenerateVerifyingMSP(mspDir, signCA, tlsCA, nodeOUs)
require.Error(t, err, "Should have failed with CA name 'test/fail'")
signCA.Name = "test/fail"
err = msp.GenerateVerifyingMSP(mspDir, signCA, tlsCA, nodeOUs)
require.Error(t, err, "Should have failed with CA name 'test/fail'")
t.Log(err)
cleanup(testDir)
}
func TestGenerateVerifyingMSPWithNodeOU(t *testing.T) {
testGenerateVerifyingMSP(t, true)
}
func TestGenerateVerifyingMSPWithoutNodeOU(t *testing.T) {
testGenerateVerifyingMSP(t, true)
}
func TestExportConfig(t *testing.T) {
path := filepath.Join(testDir, "export-test")
configFile := filepath.Join(path, "config.yaml")
caFile := "ca.pem"
t.Log(path)
err := os.MkdirAll(path, 0o755)
if err != nil {
t.Fatalf("failed to create test directory: [%s]", err)
}
err = msp.ExportConfig(path, caFile, true)
require.NoError(t, err)
configBytes, err := ioutil.ReadFile(configFile)
if err != nil {
t.Fatalf("failed to read config file: [%s]", err)
}
config := &fabricmsp.Configuration{}
err = yaml.Unmarshal(configBytes, config)
if err != nil {
t.Fatalf("failed to unmarshal config: [%s]", err)
}
require.True(t, config.NodeOUs.Enable)
require.Equal(t, caFile, config.NodeOUs.ClientOUIdentifier.Certificate)
require.Equal(t, msp.CLIENTOU, config.NodeOUs.ClientOUIdentifier.OrganizationalUnitIdentifier)
require.Equal(t, caFile, config.NodeOUs.PeerOUIdentifier.Certificate)
require.Equal(t, msp.PEEROU, config.NodeOUs.PeerOUIdentifier.OrganizationalUnitIdentifier)
require.Equal(t, caFile, config.NodeOUs.AdminOUIdentifier.Certificate)
require.Equal(t, msp.ADMINOU, config.NodeOUs.AdminOUIdentifier.OrganizationalUnitIdentifier)
require.Equal(t, caFile, config.NodeOUs.OrdererOUIdentifier.Certificate)
require.Equal(t, msp.ORDEREROU, config.NodeOUs.OrdererOUIdentifier.OrganizationalUnitIdentifier)
}
func cleanup(dir string) {
os.RemoveAll(dir)
}
func checkForFile(file string) bool {
if _, err := os.Stat(file); os.IsNotExist(err) {
return false
}
return true
}