From 6e7ba7e4a577672dd6a9153ae36f1583d55b527d Mon Sep 17 00:00:00 2001
From: YACOVM <YACOVM@il.ibm.com>
Date: Wed, 17 May 2017 23:57:41 +0300
Subject: [PATCH] [FAB-3992] Improve msp code coverage to 85.6%

fabric/msp code coverage is 84%.
I added a few test cases to make it 85.6%

- TestNotFoundInBCCSP: The msp setup can't find a matching key in BCCSP KS
- Expanded TestRevocation to have a CRL with an invalid signature, so that
  the identity shouldn't be revoked even though the CRL exists

Change-Id: I98e6e072959968c0c741605dbe2f19a6d650268e
Signed-off-by: Yacov Manevich <yacovm@il.ibm.com>
---
 msp/msp_test.go                               | 52 +++++++++++++++++--
 msp/revocation_test.go                        | 20 ++++++-
 msp/testdata/revocation2/admincerts/admin.pem | 15 ++++++
 msp/testdata/revocation2/cacerts/cacert.pem   | 15 ++++++
 msp/testdata/revocation2/crls/crl.pem         | 10 ++++
 msp/testdata/revocation2/keystore/key.pem     |  5 ++
 .../revocation2/signcerts/signcert.pem        | 16 ++++++
 7 files changed, 127 insertions(+), 6 deletions(-)
 create mode 100644 msp/testdata/revocation2/admincerts/admin.pem
 create mode 100644 msp/testdata/revocation2/cacerts/cacert.pem
 create mode 100644 msp/testdata/revocation2/crls/crl.pem
 create mode 100644 msp/testdata/revocation2/keystore/key.pem
 create mode 100644 msp/testdata/revocation2/signcerts/signcert.pem

diff --git a/msp/msp_test.go b/msp/msp_test.go
index e9281221dfa..d2ddce4e528 100644
--- a/msp/msp_test.go
+++ b/msp/msp_test.go
@@ -17,14 +17,13 @@ limitations under the License.
 package msp
 
 import (
+	"errors"
+	"fmt"
 	"os"
+	"path/filepath"
 	"reflect"
 	"testing"
 
-	"fmt"
-
-	"path/filepath"
-
 	"github.com/golang/protobuf/proto"
 	"github.com/hyperledger/fabric/bccsp"
 	"github.com/hyperledger/fabric/bccsp/sw"
@@ -147,6 +146,34 @@ func TestDoubleSetup(t *testing.T) {
 	assert.NoError(t, err)
 }
 
+type bccspNoKeyLookupKS struct {
+	bccsp.BCCSP
+}
+
+func (*bccspNoKeyLookupKS) GetKey(ski []byte) (k bccsp.Key, err error) {
+	return nil, errors.New("not found")
+}
+
+func TestNotFoundInBCCSP(t *testing.T) {
+	dir, err := config.GetDevMspDir()
+	assert.NoError(t, err)
+	conf, err := GetLocalMspConfig(dir, nil, "DEFAULT")
+
+	assert.NoError(t, err)
+
+	thisMSP, err := NewBccspMsp()
+	assert.NoError(t, err)
+	ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true)
+	assert.NoError(t, err)
+	csp, err := sw.New(256, "SHA2", ks)
+	assert.NoError(t, err)
+	thisMSP.(*bccspmsp).bccsp = &bccspNoKeyLookupKS{csp}
+
+	err = thisMSP.Setup(conf)
+	assert.Error(t, err)
+	assert.Contains(t, "KeyMaterial not found in SigningIdentityInfo", err.Error())
+}
+
 func TestGetIdentities(t *testing.T) {
 	_, err := localMsp.GetDefaultSigningIdentity()
 	if err != nil {
@@ -844,6 +871,23 @@ func TestMain(m *testing.M) {
 		os.Exit(-1)
 	}
 
+	id, err := localMsp.GetIdentifier()
+	if err != nil {
+		fmt.Println("Failed obtaining identifier for localMSP")
+		os.Exit(-1)
+	}
+
+	msps, err := mspMgr.GetMSPs()
+	if err != nil {
+		fmt.Println("Failed obtaining MSPs from MSP manager")
+		os.Exit(-1)
+	}
+
+	if msps[id] == nil {
+		fmt.Println("Couldn't find localMSP in MSP manager")
+		os.Exit(-1)
+	}
+
 	retVal := m.Run()
 	os.Exit(retVal)
 }
diff --git a/msp/revocation_test.go b/msp/revocation_test.go
index d718e37619c..e0b3787a22c 100644
--- a/msp/revocation_test.go
+++ b/msp/revocation_test.go
@@ -17,15 +17,19 @@ limitations under the License.
 package msp
 
 import (
-	"testing"
-
 	"path/filepath"
+	"testing"
 
 	"github.com/hyperledger/fabric/bccsp/sw"
 	"github.com/hyperledger/fabric/protos/msp"
+	"github.com/op/go-logging"
 	"github.com/stretchr/testify/assert"
 )
 
+func init() {
+	logging.SetLevel(logging.DEBUG, "msp/identity")
+}
+
 func TestRevocation(t *testing.T) {
 	// testdata/revocation
 	// 1) a key and a signcert (used to populate the default signing identity);
@@ -39,6 +43,18 @@ func TestRevocation(t *testing.T) {
 	// the certificate associated to this id is revoked and so validation should fail!
 	err = id.Validate()
 	assert.Error(t, err)
+
+	// This MSP is identical to the previous one, with only 1 difference:
+	// the signature on the CRL is invalid
+	thisMSP = getLocalMSP(t, "testdata/revocation2")
+
+	id, err = thisMSP.GetDefaultSigningIdentity()
+	assert.NoError(t, err)
+
+	// the certificate associated to this id is revoked but the signature on the CRL is invalid
+	// so validation should succeed
+	err = id.Validate()
+	assert.NoError(t, err, "Identity found revoked although the signature over the CRL is invalid")
 }
 
 func TestIdentityPolicyPrincipalAgainstRevokedIdentity(t *testing.T) {
diff --git a/msp/testdata/revocation2/admincerts/admin.pem b/msp/testdata/revocation2/admincerts/admin.pem
new file mode 100644
index 00000000000..8c0429bacd9
--- /dev/null
+++ b/msp/testdata/revocation2/admincerts/admin.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICYjCCAgmgAwIBAgIUB3CTDOU47sUC5K4kn/Caqnh114YwCgYIKoZIzj0EAwIw
+fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
+biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
+BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMDEyMTkzMTAw
+WhcNMjExMDExMTkzMTAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
+cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEfMB0GA1UEChMWSW50ZXJuZXQg
+V2lkZ2V0cywgSW5jLjEMMAoGA1UECxMDV1dXMRQwEgYDVQQDEwtleGFtcGxlLmNv
+bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIH5b2JaSmqiQXHyqC+cmknICcF
+i5AddVjsQizDV6uZ4v6s+PWiJyzfA/rTtMvYAPq/yeEHpBUB1j053mxnpMujYzBh
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXZ0I9
+qp6CP8TFHZ9bw5nRtZxIEDAfBgNVHSMEGDAWgBQXZ0I9qp6CP8TFHZ9bw5nRtZxI
+EDAKBggqhkjOPQQDAgNHADBEAiAHp5Rbp9Em1G/UmKn8WsCbqDfWecVbZPQj3RK4
+oG5kQQIgQAe4OOKYhJdh3f7URaKfGTf492/nmRmtK+ySKjpHSrU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/msp/testdata/revocation2/cacerts/cacert.pem b/msp/testdata/revocation2/cacerts/cacert.pem
new file mode 100644
index 00000000000..8c0429bacd9
--- /dev/null
+++ b/msp/testdata/revocation2/cacerts/cacert.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICYjCCAgmgAwIBAgIUB3CTDOU47sUC5K4kn/Caqnh114YwCgYIKoZIzj0EAwIw
+fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
+biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
+BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMDEyMTkzMTAw
+WhcNMjExMDExMTkzMTAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
+cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEfMB0GA1UEChMWSW50ZXJuZXQg
+V2lkZ2V0cywgSW5jLjEMMAoGA1UECxMDV1dXMRQwEgYDVQQDEwtleGFtcGxlLmNv
+bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIH5b2JaSmqiQXHyqC+cmknICcF
+i5AddVjsQizDV6uZ4v6s+PWiJyzfA/rTtMvYAPq/yeEHpBUB1j053mxnpMujYzBh
+MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXZ0I9
+qp6CP8TFHZ9bw5nRtZxIEDAfBgNVHSMEGDAWgBQXZ0I9qp6CP8TFHZ9bw5nRtZxI
+EDAKBggqhkjOPQQDAgNHADBEAiAHp5Rbp9Em1G/UmKn8WsCbqDfWecVbZPQj3RK4
+oG5kQQIgQAe4OOKYhJdh3f7URaKfGTf492/nmRmtK+ySKjpHSrU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/msp/testdata/revocation2/crls/crl.pem b/msp/testdata/revocation2/crls/crl.pem
new file mode 100644
index 00000000000..93fdd04966e
--- /dev/null
+++ b/msp/testdata/revocation2/crls/crl.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBYzCCAQgCAQEwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFklu
+dGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhh
+bXBsZS5jb20XDTE3MDEyMzIwNTYyMFoXDTE3MDEyNjIwNTYyMFowJzAlAhQERXCx
+LHROap1vM3CV40EHOghPTBcNMTcwMTIzMjA0NzMxWqAvMC0wHwYDVR0jBBgwFoAU
+F2dCPaqegj/ExR2fW8OZ0bWcSBAwCgYDVR0UBAMCAQgwCgYIKoZIzj0EAwIDSQAw
+RgIhAOTTpQYkAO+gwVe1LQOcNMD5fzFViOwBUraMrk6dRMlmAiEA8z2dpXKGwHrj
+FRBbKkDnSpaVcZgjns+mLdHV2JkF0gk=
+-----END X509 CRL-----
diff --git a/msp/testdata/revocation2/keystore/key.pem b/msp/testdata/revocation2/keystore/key.pem
new file mode 100644
index 00000000000..d389af24c8c
--- /dev/null
+++ b/msp/testdata/revocation2/keystore/key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIAsWwFunEzqz1Rh6nvD4MiPkKCtmoxzh3jTquG5MSbeLoAoGCCqGSM49
+AwEHoUQDQgAEHBuKsAO43hs4JGpFfiGMkB/xsILTsOvmN2WmwpsPHZNL6w8HWe3x
+CPQtdG/XJJvZ+C756KEsUBM3yw5PTfku8g==
+-----END EC PRIVATE KEY-----
\ No newline at end of file
diff --git a/msp/testdata/revocation2/signcerts/signcert.pem b/msp/testdata/revocation2/signcerts/signcert.pem
new file mode 100644
index 00000000000..a14b7e849b7
--- /dev/null
+++ b/msp/testdata/revocation2/signcerts/signcert.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICjDCCAjKgAwIBAgIUBEVwsSx0TmqdbzNwleNBBzoIT0wwCgYIKoZIzj0EAwIw
+fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh
+biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK
+BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMTExMTcwNzAw
+WhcNMTcxMTExMTcwNzAwWjBjMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGgg
+Q2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVpZ2gxGzAZBgNVBAoTEkh5cGVybGVkZ2Vy
+IEZhYnJpYzEMMAoGA1UECxMDQ09QMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+HBuKsAO43hs4JGpFfiGMkB/xsILTsOvmN2WmwpsPHZNL6w8HWe3xCPQtdG/XJJvZ
++C756KEsUBM3yw5PTfku8qOBpzCBpDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFOFC
+dcUZ4es3ltiCgAVDoyLfVpPIMB8GA1UdIwQYMBaAFBdnQj2qnoI/xMUdn1vDmdG1
+nEgQMCUGA1UdEQQeMByCCm15aG9zdC5jb22CDnd3dy5teWhvc3QuY29tMAoGCCqG
+SM49BAMCA0gAMEUCIDf9Hbl4xn3z4EwNKmilM9lX2Fq4jWpAaRVB97OmVEeyAiEA
+25aDPQHGGq2AvhKT0wvt08cX1GTGCIbfmuLpMwKQj38=
+-----END CERTIFICATE-----
\ No newline at end of file