Skip to content

Commit

Permalink
[FAB-3924] Improve test coverage of lib
Browse files Browse the repository at this point in the history 
This change set improves the coverage of the
lib package to over 85%. Most of the changes
are to test files.

The changes to none test files are either improvments
to debug/error messages or the removal of code that
was no longer being used. All of which help to
improve test coverage.

Change-Id: I91816df990ac446182118c67f0de18440805ad5c
Signed-off-by: Keith Smith <bksmith@us.ibm.com>
Signed-off-by: rennman <eabailey@us.ibm.com>
Signed-off-by: Saad Karim <skarim@us.ibm.com>
  • Loading branch information
@rennman
Keith Smith authored and rennman committed Aug 7, 2017
1 parent e2bde12 commit c6fc16b
Show file tree
Hide file tree
Showing 37 changed files with 2,142 additions and 134 deletions.
23 changes: 1 addition & 22 deletions lib/ca.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -409,7 +409,7 @@ func (ca *CA) initConfig() (err error) {
defaultIssuedCertificateExpiration,
false)
// Set log level if debug is true
if ca.server.Config.Debug {
if ca.server != nil && ca.server.Config != nil && ca.server.Config.Debug {
log.Level = log.LevelDebug
}
ca.normalizeStringSlices()
Expand Down Expand Up @@ -727,27 +727,6 @@ func (ca *CA) convertAttrs(inAttrs map[string]string) []api.Attribute {
return outAttrs
}

// Get max enrollments relative to the configured max
func (ca *CA) getMaxEnrollments(requestedMax int) (int, error) {
configuredMax := ca.Config.Registry.MaxEnrollments
if requestedMax < 0 {
return configuredMax, nil
}
if configuredMax == 0 {
// no limit, so grant any request
return requestedMax, nil
}
if requestedMax == 0 && configuredMax != 0 {
return 0, fmt.Errorf("Infinite enrollments is not permitted; max is %d",
configuredMax)
}
if requestedMax > configuredMax {
return 0, fmt.Errorf("Max enrollments of %d is not permitted; max is %d",
requestedMax, configuredMax)
}
return requestedMax, nil
}

// Make all file names in the CA config absolute
func (ca *CA) makeFileNamesAbsolute() error {
log.Debug("Making CA filenames absolute")
Expand Down
170 changes: 169 additions & 1 deletion lib/ca_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,19 @@ package lib
import (
"crypto/x509"
"io/ioutil"
"os"
"path/filepath"
"testing"

"github.com/hyperledger/fabric-ca/util"
"github.com/hyperledger/fabric/bccsp/factory"
"github.com/hyperledger/fabric/bccsp/pkcs11"
"github.com/stretchr/testify/assert"
)

const (
testdir = "../testdata"
dbname = "fabric-ca-server.db"
badcert = "../testdata/expiredcert.pem"
dsacert = "../testdata/dsa-cert.pem"
lowbitcert = "../testdata/lowbitcert.pem"
Expand All @@ -47,11 +53,11 @@ func TestBadCACertificates(t *testing.T) {
}

testValidDates(cert, t)
testValidUsages(cert, t)
testValidCA(cert, t)
testValidKeyType(cert, t)
testValidKeySize(cert, t)
testValidMatchingKeys(cert, t)
testValidUsages(cert, t)
}

func testValidDates(cert *x509.Certificate, t *testing.T) {
Expand Down Expand Up @@ -179,3 +185,165 @@ func testValidMatchingKeys(cert *x509.Certificate, t *testing.T) {
t.Error("Should have failed, public key and private key do not match")
}
}

func TestCAInit(t *testing.T) {
var cfg CAConfig
var srv Server
var caCert = "ca-cert.pem"
var caKey = "ca-key.pem"

wd, err := os.Getwd()
if err != nil {
t.Fatalf("failed to get cwd")
}
t.Logf("====== wd %v", wd)
confDir, err := cdTmpTestDir("TestCAInit")
if err != nil {
t.Fatalf("failed to cd to tmp dir")
}
t.Logf("confDir: %v", confDir)

ca, err := NewCA(confDir, &cfg, &srv, false)
if err != nil {
t.Fatal("NewCA FAILED")
}

// BCCSP error
swo := &factory.SwOpts{}
pko := &pkcs11.PKCS11Opts{}
ca.Config.CSP = &factory.FactoryOpts{ProviderName: "PKCS11", SwOpts: swo, Pkcs11Opts: pko}
ca.HomeDir = ""
err = ca.init(false)
t.Logf("ca.init error: %v", err)
if err == nil {
t.Fatalf("Server init should have failed: BCCSP err")
}

// delete everything and start over
// initKeyMaterial error
os.Chdir("..")
confDir1 := confDir
confDir, err = cdTmpTestDir("TestCAInit")
if err != nil {
t.Fatalf("failed to cd to tmp dir")
}
t.Logf("confDir: %v", confDir)

ca.Config.CSP = &factory.FactoryOpts{ProviderName: "SW", SwOpts: swo, Pkcs11Opts: pko}
ca, err = NewCA(confDir, &cfg, &srv, true)
if err != nil {
t.Fatal("NewCA FAILED", err)
}
ca.Config.CA.Keyfile = caKey
ca.Config.CA.Certfile = caCert
err = os.Link("../ec256-1-key.pem", caKey)
if err != nil {
t.Fatal("symlink error: ", err)
}
err = os.Link("../ec256-2-cert.pem", caCert)
if err != nil {
t.Fatal("symlink error: ", err)
}
err = ca.init(false)
t.Logf("init err: %v", err)
if err == nil {
t.Fatal("Should have failed: ")
}

err = os.Remove(caKey)
err = os.Remove(caCert)
ca.Config.CA.Keyfile = ""
ca.Config.CA.Certfile = ""
ca.Config.DB.Datasource = ""
ca, err = NewCA(confDir, &cfg, &srv, true)
if err != nil {
t.Fatal("NewCA FAILED")
}
err = ca.init(false)
t.Logf("init err: %v", err)
if err != nil {
t.Fatal("ca init failed", err)
}

// initDB error
ca.Config.LDAP.Enabled = true
err = ca.init(false)
t.Logf("init err: %v", err)
if err == nil {
t.Fatal("Should have failed: ")
}

// initEnrollmentSigner error
ca.Config.LDAP.Enabled = false
ca, err = NewCA(confDir, &cfg, &srv, false)
if err != nil {
t.Fatal("NewCA FAILED")
}
err = os.RemoveAll("./msp")
if err != nil {
t.Fatalf("os.Remove msp failed: %v", err)
}
err = os.Remove(caCert)
if err != nil {
t.Fatalf("os.Remove failed: %v", err)
}
err = os.Link("../rsa2048-1-key.pem", caKey)
if err != nil {
t.Fatal("symlink error: ", err)
}
err = os.Link("../rsa2048-1-cert.pem", caCert)
if err != nil {
t.Fatal("symlink error: ", err)
}
ca.Config.CA.Keyfile = caKey
ca.Config.CA.Certfile = caCert
err = ca.init(false)
t.Logf("init err: %v", err)
if err == nil {
t.Fatal("Should have failed")
}

os.Chdir("..")
wd, err = os.Getwd()
if err != nil {
t.Fatalf("failed to get cwd")
}
t.Logf("changed to ====== wd %v", wd)
t.Logf("Removing %s", confDir)
err = os.RemoveAll(confDir)
if err != nil {
t.Fatalf("os.RemoveAll failed: %v", err)
}
t.Logf("Removing %s", confDir1)
err = os.RemoveAll(confDir1)
if err != nil {
t.Fatalf("os.RemoveAll failed: %v", err)
}

t.Logf(" changing to ====== wd %v", wd)
os.Chdir(wd)
wd, err = os.Getwd()
if err != nil {
t.Fatalf("failed to get cwd")
}
t.Logf("changed to ====== wd %v", wd)
}

func getTestDir(d string) (string, error) {
td, err := ioutil.TempDir(".", d)
if err != nil {
return string(""), err
}
_, d2 := filepath.Split(td)
return d2, nil
}

func cdTmpTestDir(name string) (string, error) {
os.Chdir(testdir)
tmpDir, err := getTestDir(name)
if err != nil {
return "", err
}
os.Chdir(tmpDir)
return tmpDir, nil
}
16 changes: 5 additions & 11 deletions lib/certdbaccessor.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,6 @@ func (d *CertDBAccessor) checkDB() error {
// SetDB changes the underlying sql.DB object Accessor is manipulating.
func (d *CertDBAccessor) SetDB(db *sqlx.DB) {
d.db = db
return
}

// InsertCertificate puts a CertificateRecord into db.
Expand Down Expand Up @@ -243,31 +242,26 @@ func (d *CertDBAccessor) RevokeCertificate(serial, aki string, reasonCode int) e

// InsertOCSP puts a new certdb.OCSPRecord into the db.
func (d *CertDBAccessor) InsertOCSP(rr certdb.OCSPRecord) error {
err := d.accessor.InsertOCSP(rr)
return err
return d.accessor.InsertOCSP(rr)
}

// GetOCSP retrieves a certdb.OCSPRecord from db by serial.
func (d *CertDBAccessor) GetOCSP(serial, aki string) (ors []certdb.OCSPRecord, err error) {
ors, err = d.accessor.GetOCSP(serial, aki)
return ors, err
return d.accessor.GetOCSP(serial, aki)
}

// GetUnexpiredOCSPs retrieves all unexpired certdb.OCSPRecord from db.
func (d *CertDBAccessor) GetUnexpiredOCSPs() (ors []certdb.OCSPRecord, err error) {
ors, err = d.accessor.GetUnexpiredOCSPs()
return ors, err
return d.accessor.GetUnexpiredOCSPs()
}

// UpdateOCSP updates a ocsp response record with a given serial number.
func (d *CertDBAccessor) UpdateOCSP(serial, aki, body string, expiry time.Time) error {
err := d.accessor.UpdateOCSP(serial, aki, body, expiry)
return err
return d.accessor.UpdateOCSP(serial, aki, body, expiry)
}

// UpsertOCSP update a ocsp response record with a given serial number,
// or insert the record if it doesn't yet exist in the db
func (d *CertDBAccessor) UpsertOCSP(serial, aki, body string, expiry time.Time) error {
err := d.accessor.UpsertOCSP(serial, aki, body, expiry)
return err
return d.accessor.UpsertOCSP(serial, aki, body, expiry)
}
Loading

0 comments on commit c6fc16b

Please sign in to comment.