diff --git a/core/comm/connection_test.go b/core/comm/connection_test.go index 8483b323f1b..ac56e48085b 100644 --- a/core/comm/connection_test.go +++ b/core/comm/connection_test.go @@ -18,14 +18,39 @@ package comm import ( "fmt" + "io/ioutil" + "path/filepath" "testing" "github.com/spf13/viper" "github.com/hyperledger/fabric/core/config" + "github.com/stretchr/testify/assert" "google.golang.org/grpc" ) +const ( + numOrgs = 2 + numChildOrgs = 2 +) + +//string for cert filenames +var ( + orgCACert = filepath.Join("testdata", "certs", "Org%d-cert.pem") + childCACert = filepath.Join("testdata", "certs", "Org%d-child%d-cert.pem") +) + +var badPEM = `-----BEGIN CERTIFICATE----- +MIICRDCCAemgAwIBAgIJALwW//dz2ZBvMAoGCCqGSM49BAMCMH4xCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2Nv +MRgwFgYDVQQKDA9MaW51eEZvdW5kYXRpb24xFDASBgNVBAsMC0h5cGVybGVkZ2Vy +MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMTYxMjA0MjIzMDE4WhcNMjYxMjAyMjIz +MDE4WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UE +BwwNU2FuIEZyYW5jaXNjbzEYMBYGA1UECgwPTGludXhGb3VuZGF0aW9uMRQwEgYD +VQQLDAtIeXBlcmxlZGdlcjESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C +-----END CERTIFICATE----- +` + func TestConnection_Correct(t *testing.T) { config.SetupTestConfig("./../../peer") viper.Set("ledger.blockchain.deploy-system-chaincode", "false") @@ -59,3 +84,69 @@ func TestConnection_WrongAddress(t *testing.T) { tmpConn.Close() } } + +// utility function to load up our test root certificates from testdata/certs +func loadRootCAs() [][]byte { + + rootCAs := [][]byte{} + for i := 1; i <= numOrgs; i++ { + root, err := ioutil.ReadFile(fmt.Sprintf(orgCACert, i)) + if err != nil { + return [][]byte{} + } + rootCAs = append(rootCAs, root) + for j := 1; j <= numChildOrgs; j++ { + root, err := ioutil.ReadFile(fmt.Sprintf(childCACert, i, j)) + if err != nil { + return [][]byte{} + } + rootCAs = append(rootCAs, root) + } + } + return rootCAs +} + +func TestCASupport(t *testing.T) { + + rootCAs := loadRootCAs() + t.Logf("loaded %d root certificates", len(rootCAs)) + if len(rootCAs) != 6 { + t.Fatalf("failed to load root certificates") + } + + cas := GetCASupport() + cas.AppRootCAsByChain["channel1"] = [][]byte{rootCAs[0]} + cas.AppRootCAsByChain["channel2"] = [][]byte{rootCAs[1]} + cas.OrdererRootCAsByChain["channel1"] = [][]byte{(rootCAs[2])} + cas.OrdererRootCAsByChain["channel2"] = [][]byte{rootCAs[3]} + cas.ServerRootCAs = [][]byte{rootCAs[4]} + cas.ClientRootCAs = [][]byte{rootCAs[4], rootCAs[5]} + + appServerRoots, ordererServerRoots := cas.GetServerRootCAs() + t.Logf("%d appServerRoots | %d ordererServerRoots", len(appServerRoots), + len(ordererServerRoots)) + assert.Equal(t, 3, len(appServerRoots), "Expected 3 app server root CAs") + assert.Equal(t, 3, len(ordererServerRoots), "Expected 3 orderer server root CAs") + + appClientRoots, ordererClientRoots := cas.GetClientRootCAs() + t.Logf("%d appClientRoots | %d ordererClientRoots", len(appClientRoots), + len(ordererClientRoots)) + assert.Equal(t, 4, len(appClientRoots), "Expected 4 app server root CAs") + assert.Equal(t, 4, len(ordererClientRoots), "Expected 4 orderer server root CAs") + + // make sure we really have a singleton + casClone := GetCASupport() + assert.Exactly(t, casClone, cas, "Expected GetCASupport to be a singleton") + + creds := cas.GetDeliverServiceCredentials() + assert.Equal(t, "1.2", creds.Info().SecurityVersion, + "Expected Security version to be 1.2") + + // append some bad certs and make sure things still work + cas.ServerRootCAs = append(cas.ServerRootCAs, []byte("badcert")) + cas.ServerRootCAs = append(cas.ServerRootCAs, []byte(badPEM)) + creds = cas.GetDeliverServiceCredentials() + assert.Equal(t, "1.2", creds.Info().SecurityVersion, + "Expected Security version to be 1.2") + +}