def test_revoke_unreachable_server_address(self):
"""Test revoke unreachable server address.
"""
self._ca_server_address = "test:80"
ca_service = CAService("http://" + self._ca_server_address)
enrollment = Enrollment(None, '', ca_service)
with self.assertRaises(Exception):
enrollment.revoke('foo')
def setUp(self):
self._enrollment_id = ENROLLMENT_ID
self._enrollment_secret = ENROLLMENT_SECRET
if os.getenv("CA_ADDR"):
self._ca_server_address = os.getenv("CA_ADDR")
else:
self._ca_server_address = "localhost:7054"
# get an enrollment for registering
self._enrollment = Enrollment(None, '', '')
def get_orderer_org_admin(client):
"""Loads the admin user for a given orderer org and
returns an user object.
"""
orderer_admin_base_path = os.path.join(
os.getcwd(),
'test/fixtures/e2e_cli/crypto-config/ordererOrganizations/'
'example.com/users/[email protected]/msp/')
key_path = os.path.join(
orderer_admin_base_path, 'keystore/',
E2E_CONFIG['test-network']['orderer']['users']['admin']['private_key'])
cert_path = os.path.join(
orderer_admin_base_path, 'signcerts',
E2E_CONFIG['test-network']['orderer']['users']['admin']['cert'])
with open(key_path, 'rb') as key:
key_pem = key.read()
with open(cert_path, 'rb') as cert:
cert_pem = cert.read()
orderer_admin = User('ordererAdmin', 'example.com', client.state_store)
private_key = load_pem_private_key(key_pem, None, default_backend())
enrollment = Enrollment(private_key, cert_pem)
orderer_admin.enrollment = enrollment
orderer_admin.msp_id = E2E_CONFIG['test-network']['orderer']['mspid']
return orderer_admin
def create_user(name, org, state_store, msp_id, key_path, cert_path):
"""Create user
Args:
name: user's name
org: org name
state_store: user state store
msp_id: msp id for the user
key_path: identity private key path
cert_path: identity public cert path
Returns: a user instance
"""
_logger.debug("Create user with {}:{}:{}:{}:{}:{}".format(
name, org, state_store, msp_id, key_path, cert_path))
with open(key_path, 'rb') as key:
key_pem = key.read()
with open(cert_path, 'rb') as cert:
cert_pem = cert.read()
private_key = load_pem_private_key(key_pem, None, default_backend())
enrollment = Enrollment(private_key, cert_pem)
user = User(name, org, state_store)
user.enrollment = enrollment
user.msp_id = msp_id
return validate(user)
def create_user(self, enrollment_id, org, msp_id, state_store=None):
"""Returns an instance of a user whose identity
is stored in the CouchDBWallet
:param enrollment_id: enrollment id
:param org: organization
:param msp_id: MSP id
:param state_store: (Default value = None)
:return: a validated user instance
"""
crypto_suit = ecies()
if not self.exists(enrollment_id):
raise AttributeError('"user" does not exist')
key_pem = self.db[enrollment_id]['PrivateKey']
cert_pem = self.db[enrollment_id]['EnrollmentCert']
private_key = load_pem_private_key(key_pem, None, default_backend())
enrollment = Enrollment(private_key, cert_pem)
user = User(enrollment_id, org, state_store)
user.enrollment = enrollment
user.msp_id = msp_id
user.cryptoSuite = crypto_suit
return validate(user)
def _restore_state(self):
"""Restore user state."""
try:
state = self._state_store.get_value(self._state_store_key)
if state:
state_dict = pickle.loads(
binascii.unhexlify(state.encode("utf-8")))
self._name = state_dict['name']
self.enrollment_secret = state_dict['enrollment_secret']
enrollment = state_dict[
'enrollment'] if 'enrollment' in state_dict else None
if enrollment:
private_key = serialization.load_pem_private_key(
enrollment['private_key'],
password=None,
backend=default_backend())
cert = enrollment['cert']
self.enrollment = Enrollment(private_key, cert)
self.affiliation = state_dict['affiliation']
self.account = state_dict['account']
self.roles = state_dict['roles']
self._org = state_dict['org']
self.msp_id = state_dict['msp_id']
except Exception as e:
raise IOError("Cannot deserialize the user", e)
def create_user(name, org, state_store, msp_id, key_pem, cert_pem,
crypto_suite=ecies()):
"""Create user
:param name: user's name
:param org: org name
:param state_store: user state store
:param msp_id: msp id for the user
:param crypto_suite: the cryptoSuite used to store crypto and key store
settings (Default value = ecies())
:param key_pem: identity private key pem encoded
:param cert_pem: identity public cert pem encoded
:return: a user instance
"""
_logger.debug("Create user with {}:{}:{}:{}:{}".format(
name, org, state_store, msp_id, cert_pem
))
private_key = load_pem_private_key(key_pem, None, default_backend())
enrollment = Enrollment(private_key, cert_pem)
user = User(name, org, state_store)
user.enrollment = enrollment
user.msp_id = msp_id
user.cryptoSuite = crypto_suite
return validate(user)
def _get_enrollment(self, identity):
if self.hsm and not identity.hsm:
raise Exception('HSM configuration specified, but specified identity does not use HSM')
elif not self.hsm and identity.hsm:
raise Exception('Specified identity uses HSM, but no HSM configuration specified')
elif self.hsm:
cert = x509.load_pem_x509_certificate(identity.cert, default_backend())
ecpt = cert.public_key().public_bytes(serialization.Encoding.X962, serialization.PublicFormat.UncompressedPoint)
hash = hashlib.sha256(ecpt)
ski = hash.digest()
private_key = self.crypto.get_private_key(ski)
else:
private_key = serialization.load_pem_private_key(identity.private_key, password=None, backend=default_backend())
return Enrollment(private_key, identity.cert, service=self.ca_service)
def get_peer_org_admin(client, peer_org):
"""Loads the admin user for a given peer org
and returns a user object.
"""
peer_admin_base_path = os.path.join(
os.getcwd(),
'test/fixtures/e2e_cli/crypto-config/peerOrganizations/{0}'
'/users/Admin@{0}/msp/'.format(peer_org))
key_path = os.path.join(
peer_admin_base_path, 'keystore/',
E2E_CONFIG['test-network'][peer_org]['users']['admin']['private_key'])
cert_path = os.path.join(
peer_admin_base_path, 'signcerts/',
E2E_CONFIG['test-network'][peer_org]['users']['admin']['cert'])
with open(key_path, 'rb') as key:
key_pem = key.read()
with open(cert_path, 'rb') as cert:
cert_pem = cert.read()
org_admin = User('peer' + peer_org + 'Admin', peer_org, client.state_store)
# wrap the key in a 'cryptography' private key object
# so that all the methods can be used
private_key = load_pem_private_key(key_pem, None, default_backend())
enrollment = Enrollment(private_key, cert_pem)
org_admin.enrollment = enrollment
org_admin.msp_id = E2E_CONFIG['test-network'][peer_org]['mspid']
return org_admin
def _get_enrollment(self, identity):
private_key = serialization.load_pem_private_key(
identity.private_key, password=None, backend=default_backend())
return Enrollment(private_key, identity.cert, service=self.ca_service)
class CATest(unittest.TestCase):
"""Test for ca module. """
def setUp(self):
self._enrollment_id = ENROLLMENT_ID
self._enrollment_secret = ENROLLMENT_SECRET
if os.getenv("CA_ADDR"):
self._ca_server_address = os.getenv("CA_ADDR")
else:
self._ca_server_address = "localhost:7054"
# get an enrollment for registering
self._enrollment = Enrollment(None, '', '')
def test_enroll_missing_enrollment_id(self):
"""Test enroll missing enrollment id.
"""
ca_client = CAClient("http://" + self._ca_server_address)
self._enrollment_id = ""
with self.assertRaises(ValueError):
ca_client.enroll(self._enrollment_id, self._enrollment_secret,
test_pem)
def test_enroll_missing_enrollment_secret(self):
"""Test enroll missing enrollment secret.
"""
ca_client = CAClient("http://" + self._ca_server_address)
self._enrollment_secret = ""
with self.assertRaises(ValueError):
ca_client.enroll(self._enrollment_id, self._enrollment_secret,
test_pem)
def test_enroll_missing_enrollment_csr(self):
"""Test enroll missing enrollment csr.
"""
ca_client = CAClient("http://" + self._ca_server_address)
with self.assertRaises(ValueError):
ca_client.enroll(self._enrollment_id, self._enrollment_secret, "")
def test_enroll_unreachable_server_address(self):
"""Test enroll unreachable server address.
"""
self._ca_server_address = "test:80"
ca_client = CAClient("http://" + self._ca_server_address)
with self.assertRaises(Exception):
ca_client.enroll(self._enrollment_id, self._enrollment_secret,
test_pem)
def test_enroll_invalid_server_address(self):
"""Test enroll invalid server address.
"""
self._ca_server_address = "test:80:90"
ca_client = CAClient("http://" + self._ca_server_address)
with self.assertRaises(RequestException):
ca_client.enroll(self._enrollment_id, self._enrollment_secret,
test_pem)
def test_register_missing_enrollment_id(self):
"""Test register missing enrollment id.
"""
with self.assertRaises(ValueError):
self._enrollment.register('')
def test_register_wrong_maxEnrollments(self):
"""Test register wrong maxEnrollments.
"""
with self.assertRaises(ValueError):
self._enrollment.register('foo', maxEnrollments='bar')
def test_register_unreachable_server_address(self):
"""Test register unreachable server address.
"""
self._ca_server_address = "test:80"
ca_service = CAService("http://" + self._ca_server_address)
enrollment = Enrollment(None, '', ca_service)
with self.assertRaises(Exception):
enrollment.register('foo')
def test_revoke_missing_enrollment_id(self):
"""Test revoke missing enrollment id.
"""
with self.assertRaises(ValueError):
self._enrollment.revoke()
def test_revoke_missing_aki(self):
"""Test revoke missing aki.
"""
serial = 'c8bd471cfd8ea393ecf5c35099ad3c074920652'
with self.assertRaises(ValueError):
self._enrollment.revoke(aki=None, serial=serial)
def test_revoke_missing_serial(self):
"""Test revoke missing serial.
"""
aki = '7943138249940b7255d4bd020e7071d31b9c16ed'
with self.assertRaises(ValueError):
self._enrollment.revoke(aki=aki, serial=None)
def test_revoke_wrong_reason(self):
"""Test revoke wrong reason.
"""
reason = 'foo'
with self.assertRaises(ValueError):
self._enrollment.revoke('user', reason=reason)
def test_revoke_unreachable_server_address(self):
"""Test revoke unreachable server address.
"""
self._ca_server_address = "test:80"
ca_service = CAService("http://" + self._ca_server_address)
enrollment = Enrollment(None, '', ca_service)
with self.assertRaises(Exception):
enrollment.revoke('foo')
def test_reenroll_no_user(self):
"""Test reenroll no user
"""
ca_service = CAService("http://" + self._ca_server_address)
with self.assertRaises(ValueError):
ca_service.reenroll('foo')
def test_reenroll_wrong_attr_req(self):
"""Test reenroll wrong attr_req
"""
ca_service = CAService("http://" + self._ca_server_address)
with self.assertRaises(AttributeError):
ca_service.reenroll(self._enrollment, [''])
def test_reenroll_unreachable_server_address(self):
"""Test reenroll unreachable server address.
"""
self._ca_server_address = "test:80"
ca_service = CAService("http://" + self._ca_server_address)
with self.assertRaises(Exception):
ca_service.reenroll(self._enrollment)