107 lines
2.9 KiB
Go
107 lines
2.9 KiB
Go
/*
|
|
Copyright IBM Corp. All Rights Reserved.
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
package comm
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const (
|
|
numOrgs = 2
|
|
numChildOrgs = 2
|
|
)
|
|
|
|
// string for cert filenames
|
|
var (
|
|
orgCACert = filepath.Join("testdata", "certs", "Org%d-cert.pem")
|
|
childCACert = filepath.Join("testdata", "certs", "Org%d-child%d-cert.pem")
|
|
)
|
|
|
|
var badPEM = `-----BEGIN CERTIFICATE-----
|
|
MIICRDCCAemgAwIBAgIJALwW//dz2ZBvMAoGCCqGSM49BAMCMH4xCzAJBgNVBAYT
|
|
AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv
|
|
MRgwFgYDVQQKDA9MaW51eEZvdW5kYXRpb24xFDASBgNVBAsMC0h5cGVybGVkZ2Vy
|
|
MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTYxMjA0MjIzMDE4WhcNMjYxMjAyMjIz
|
|
MDE4WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE
|
|
BwwNU2FuIEZyYW5jaXNjbzEYMBYGA1UECgwPTGludXhGb3VuZGF0aW9uMRQwEgYD
|
|
VQQLDAtIeXBlcmxlZGdlcjESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
|
|
-----END CERTIFICATE-----
|
|
`
|
|
|
|
// utility function to load up our test root certificates from testdata/certs
|
|
func loadRootCAs() [][]byte {
|
|
rootCAs := [][]byte{}
|
|
for i := 1; i <= numOrgs; i++ {
|
|
root, err := ioutil.ReadFile(fmt.Sprintf(orgCACert, i))
|
|
if err != nil {
|
|
return [][]byte{}
|
|
}
|
|
rootCAs = append(rootCAs, root)
|
|
for j := 1; j <= numChildOrgs; j++ {
|
|
root, err := ioutil.ReadFile(fmt.Sprintf(childCACert, i, j))
|
|
if err != nil {
|
|
return [][]byte{}
|
|
}
|
|
rootCAs = append(rootCAs, root)
|
|
}
|
|
}
|
|
return rootCAs
|
|
}
|
|
|
|
func TestNewCredentialSupport(t *testing.T) {
|
|
expected := &CredentialSupport{
|
|
appRootCAsByChain: make(map[string][][]byte),
|
|
}
|
|
require.Equal(t, expected, NewCredentialSupport())
|
|
|
|
rootCAs := [][]byte{
|
|
[]byte("certificate-one"),
|
|
[]byte("certificate-two"),
|
|
}
|
|
expected.serverRootCAs = rootCAs[:]
|
|
require.Equal(t, expected, NewCredentialSupport(rootCAs...))
|
|
}
|
|
|
|
func TestCredentialSupport(t *testing.T) {
|
|
t.Parallel()
|
|
rootCAs := loadRootCAs()
|
|
t.Logf("loaded %d root certificates", len(rootCAs))
|
|
if len(rootCAs) != 6 {
|
|
t.Fatalf("failed to load root certificates")
|
|
}
|
|
|
|
cs := &CredentialSupport{
|
|
appRootCAsByChain: make(map[string][][]byte),
|
|
}
|
|
cert := tls.Certificate{Certificate: [][]byte{}}
|
|
cs.SetClientCertificate(cert)
|
|
require.Equal(t, cert, cs.clientCert)
|
|
require.Equal(t, cert, cs.GetClientCertificate())
|
|
|
|
cs.appRootCAsByChain["channel1"] = [][]byte{rootCAs[0]}
|
|
cs.appRootCAsByChain["channel2"] = [][]byte{rootCAs[1]}
|
|
cs.appRootCAsByChain["channel3"] = [][]byte{rootCAs[2]}
|
|
cs.serverRootCAs = [][]byte{rootCAs[5]}
|
|
|
|
creds := cs.GetPeerCredentials()
|
|
require.Equal(t, "1.2", creds.Info().SecurityVersion,
|
|
"Expected Security version to be 1.2")
|
|
|
|
// append some bad certs and make sure things still work
|
|
cs.serverRootCAs = append(cs.serverRootCAs, []byte("badcert"))
|
|
cs.serverRootCAs = append(cs.serverRootCAs, []byte(badPEM))
|
|
creds = cs.GetPeerCredentials()
|
|
require.Equal(t, "1.2", creds.Info().SecurityVersion,
|
|
"Expected Security version to be 1.2")
|
|
}
|