223 lines
8.0 KiB
Go
223 lines
8.0 KiB
Go
/*
|
|
Copyright IBM Corp. All Rights Reserved.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
package msp_test
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/hyperledger/fabric/internal/cryptogen/ca"
|
|
"github.com/hyperledger/fabric/internal/cryptogen/msp"
|
|
fabricmsp "github.com/hyperledger/fabric/msp"
|
|
"github.com/stretchr/testify/require"
|
|
"gopkg.in/yaml.v2"
|
|
)
|
|
|
|
const (
|
|
testCAOrg = "example.com"
|
|
testCAName = "ca" + "." + testCAOrg
|
|
testName = "peer0"
|
|
testCountry = "US"
|
|
testProvince = "California"
|
|
testLocality = "San Francisco"
|
|
testOrganizationalUnit = "Hyperledger Fabric"
|
|
testStreetAddress = "testStreetAddress"
|
|
testPostalCode = "123456"
|
|
)
|
|
|
|
var testDir = filepath.Join(os.TempDir(), "msp-test")
|
|
|
|
func testGenerateLocalMSP(t *testing.T, nodeOUs bool) {
|
|
cleanup(testDir)
|
|
|
|
err := msp.GenerateLocalMSP(testDir, testName, nil, &ca.CA{}, &ca.CA{}, msp.PEER, nodeOUs)
|
|
require.Error(t, err, "Empty CA should have failed")
|
|
|
|
caDir := filepath.Join(testDir, "ca")
|
|
tlsCADir := filepath.Join(testDir, "tlsca")
|
|
mspDir := filepath.Join(testDir, "msp")
|
|
tlsDir := filepath.Join(testDir, "tls")
|
|
|
|
// generate signing CA
|
|
signCA, err := ca.NewCA(caDir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
|
|
require.NoError(t, err, "Error generating CA")
|
|
// generate TLS CA
|
|
tlsCA, err := ca.NewCA(tlsCADir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
|
|
require.NoError(t, err, "Error generating CA")
|
|
|
|
require.NotEmpty(t, signCA.SignCert.Subject.Country, "country cannot be empty.")
|
|
require.Equal(t, testCountry, signCA.SignCert.Subject.Country[0], "Failed to match country")
|
|
require.NotEmpty(t, signCA.SignCert.Subject.Province, "province cannot be empty.")
|
|
require.Equal(t, testProvince, signCA.SignCert.Subject.Province[0], "Failed to match province")
|
|
require.NotEmpty(t, signCA.SignCert.Subject.Locality, "locality cannot be empty.")
|
|
require.Equal(t, testLocality, signCA.SignCert.Subject.Locality[0], "Failed to match locality")
|
|
require.NotEmpty(t, signCA.SignCert.Subject.OrganizationalUnit, "organizationalUnit cannot be empty.")
|
|
require.Equal(t, testOrganizationalUnit, signCA.SignCert.Subject.OrganizationalUnit[0], "Failed to match organizationalUnit")
|
|
require.NotEmpty(t, signCA.SignCert.Subject.StreetAddress, "streetAddress cannot be empty.")
|
|
require.Equal(t, testStreetAddress, signCA.SignCert.Subject.StreetAddress[0], "Failed to match streetAddress")
|
|
require.NotEmpty(t, signCA.SignCert.Subject.PostalCode, "postalCode cannot be empty.")
|
|
require.Equal(t, testPostalCode, signCA.SignCert.Subject.PostalCode[0], "Failed to match postalCode")
|
|
|
|
// generate local MSP for nodeType=PEER
|
|
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.PEER, nodeOUs)
|
|
require.NoError(t, err, "Failed to generate local MSP")
|
|
|
|
// check to see that the right files were generated/saved
|
|
mspFiles := []string{
|
|
filepath.Join(mspDir, "cacerts", testCAName+"-cert.pem"),
|
|
filepath.Join(mspDir, "tlscacerts", testCAName+"-cert.pem"),
|
|
filepath.Join(mspDir, "keystore"),
|
|
filepath.Join(mspDir, "signcerts", testName+"-cert.pem"),
|
|
}
|
|
if nodeOUs {
|
|
mspFiles = append(mspFiles, filepath.Join(mspDir, "config.yaml"))
|
|
} else {
|
|
mspFiles = append(mspFiles, filepath.Join(mspDir, "admincerts", testName+"-cert.pem"))
|
|
}
|
|
|
|
tlsFiles := []string{
|
|
filepath.Join(tlsDir, "ca.crt"),
|
|
filepath.Join(tlsDir, "server.key"),
|
|
filepath.Join(tlsDir, "server.crt"),
|
|
}
|
|
|
|
for _, file := range mspFiles {
|
|
require.Equal(t, true, checkForFile(file),
|
|
"Expected to find file "+file)
|
|
}
|
|
for _, file := range tlsFiles {
|
|
require.Equal(t, true, checkForFile(file),
|
|
"Expected to find file "+file)
|
|
}
|
|
|
|
// generate local MSP for nodeType=CLIENT
|
|
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.CLIENT, nodeOUs)
|
|
require.NoError(t, err, "Failed to generate local MSP")
|
|
// check all
|
|
for _, file := range mspFiles {
|
|
require.Equal(t, true, checkForFile(file),
|
|
"Expected to find file "+file)
|
|
}
|
|
|
|
for _, file := range tlsFiles {
|
|
require.Equal(t, true, checkForFile(file),
|
|
"Expected to find file "+file)
|
|
}
|
|
|
|
tlsCA.Name = "test/fail"
|
|
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.CLIENT, nodeOUs)
|
|
require.Error(t, err, "Should have failed with CA name 'test/fail'")
|
|
signCA.Name = "test/fail"
|
|
err = msp.GenerateLocalMSP(testDir, testName, nil, signCA, tlsCA, msp.ORDERER, nodeOUs)
|
|
require.Error(t, err, "Should have failed with CA name 'test/fail'")
|
|
t.Log(err)
|
|
cleanup(testDir)
|
|
}
|
|
|
|
func TestGenerateLocalMSPWithNodeOU(t *testing.T) {
|
|
testGenerateLocalMSP(t, true)
|
|
}
|
|
|
|
func TestGenerateLocalMSPWithoutNodeOU(t *testing.T) {
|
|
testGenerateLocalMSP(t, false)
|
|
}
|
|
|
|
func testGenerateVerifyingMSP(t *testing.T, nodeOUs bool) {
|
|
caDir := filepath.Join(testDir, "ca")
|
|
tlsCADir := filepath.Join(testDir, "tlsca")
|
|
mspDir := filepath.Join(testDir, "msp")
|
|
// generate signing CA
|
|
signCA, err := ca.NewCA(caDir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
|
|
require.NoError(t, err, "Error generating CA")
|
|
// generate TLS CA
|
|
tlsCA, err := ca.NewCA(tlsCADir, testCAOrg, testCAName, testCountry, testProvince, testLocality, testOrganizationalUnit, testStreetAddress, testPostalCode)
|
|
require.NoError(t, err, "Error generating CA")
|
|
|
|
err = msp.GenerateVerifyingMSP(mspDir, signCA, tlsCA, nodeOUs)
|
|
require.NoError(t, err, "Failed to generate verifying MSP")
|
|
|
|
// check to see that the right files were generated/saved
|
|
files := []string{
|
|
filepath.Join(mspDir, "cacerts", testCAName+"-cert.pem"),
|
|
filepath.Join(mspDir, "tlscacerts", testCAName+"-cert.pem"),
|
|
}
|
|
|
|
if nodeOUs {
|
|
files = append(files, filepath.Join(mspDir, "config.yaml"))
|
|
} else {
|
|
files = append(files, filepath.Join(mspDir, "admincerts", testCAName+"-cert.pem"))
|
|
}
|
|
|
|
for _, file := range files {
|
|
require.Equal(t, true, checkForFile(file),
|
|
"Expected to find file "+file)
|
|
}
|
|
|
|
tlsCA.Name = "test/fail"
|
|
err = msp.GenerateVerifyingMSP(mspDir, signCA, tlsCA, nodeOUs)
|
|
require.Error(t, err, "Should have failed with CA name 'test/fail'")
|
|
signCA.Name = "test/fail"
|
|
err = msp.GenerateVerifyingMSP(mspDir, signCA, tlsCA, nodeOUs)
|
|
require.Error(t, err, "Should have failed with CA name 'test/fail'")
|
|
t.Log(err)
|
|
cleanup(testDir)
|
|
}
|
|
|
|
func TestGenerateVerifyingMSPWithNodeOU(t *testing.T) {
|
|
testGenerateVerifyingMSP(t, true)
|
|
}
|
|
|
|
func TestGenerateVerifyingMSPWithoutNodeOU(t *testing.T) {
|
|
testGenerateVerifyingMSP(t, true)
|
|
}
|
|
|
|
func TestExportConfig(t *testing.T) {
|
|
path := filepath.Join(testDir, "export-test")
|
|
configFile := filepath.Join(path, "config.yaml")
|
|
caFile := "ca.pem"
|
|
t.Log(path)
|
|
err := os.MkdirAll(path, 0o755)
|
|
if err != nil {
|
|
t.Fatalf("failed to create test directory: [%s]", err)
|
|
}
|
|
|
|
err = msp.ExportConfig(path, caFile, true)
|
|
require.NoError(t, err)
|
|
|
|
configBytes, err := ioutil.ReadFile(configFile)
|
|
if err != nil {
|
|
t.Fatalf("failed to read config file: [%s]", err)
|
|
}
|
|
|
|
config := &fabricmsp.Configuration{}
|
|
err = yaml.Unmarshal(configBytes, config)
|
|
if err != nil {
|
|
t.Fatalf("failed to unmarshal config: [%s]", err)
|
|
}
|
|
require.True(t, config.NodeOUs.Enable)
|
|
require.Equal(t, caFile, config.NodeOUs.ClientOUIdentifier.Certificate)
|
|
require.Equal(t, msp.CLIENTOU, config.NodeOUs.ClientOUIdentifier.OrganizationalUnitIdentifier)
|
|
require.Equal(t, caFile, config.NodeOUs.PeerOUIdentifier.Certificate)
|
|
require.Equal(t, msp.PEEROU, config.NodeOUs.PeerOUIdentifier.OrganizationalUnitIdentifier)
|
|
require.Equal(t, caFile, config.NodeOUs.AdminOUIdentifier.Certificate)
|
|
require.Equal(t, msp.ADMINOU, config.NodeOUs.AdminOUIdentifier.OrganizationalUnitIdentifier)
|
|
require.Equal(t, caFile, config.NodeOUs.OrdererOUIdentifier.Certificate)
|
|
require.Equal(t, msp.ORDEREROU, config.NodeOUs.OrdererOUIdentifier.OrganizationalUnitIdentifier)
|
|
}
|
|
|
|
func cleanup(dir string) {
|
|
os.RemoveAll(dir)
|
|
}
|
|
|
|
func checkForFile(file string) bool {
|
|
if _, err := os.Stat(file); os.IsNotExist(err) {
|
|
return false
|
|
}
|
|
return true
|
|
}
|