Examples with Attribute org.hyperledger.fabric_ca.sdk.Attribute used on opensource projects

Example 1 with Attribute

use of org.hyperledger.fabric_ca.sdk.Attribute in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testCreateAndGetIdentity.

// Tests getting an identity
@Test
public void testCreateAndGetIdentity() throws Exception {
    if (testConfig.isRunningAgainstFabric10()) {
        // needs v1.1
        return;
    }
    HFCAIdentity ident = getIdentityReq("testuser1", HFCAClient.HFCA_TYPE_PEER);
    ident.create(admin);
    HFCAIdentity identGet = client.newHFCAIdentity(ident.getEnrollmentId());
    identGet.read(admin);
    assertEquals("Incorrect response for id", ident.getEnrollmentId(), identGet.getEnrollmentId());
    assertEquals("Incorrect response for type", ident.getType(), identGet.getType());
    assertEquals("Incorrect response for affiliation", ident.getAffiliation(), identGet.getAffiliation());
    assertEquals("Incorrect response for max enrollments", ident.getMaxEnrollments(), identGet.getMaxEnrollments());
    Collection<Attribute> attrs = identGet.getAttributes();
    Boolean found = false;
    for (Attribute attr : attrs) {
        if (attr.getName().equals("testattr1")) {
            found = true;
            break;
        }
    }
    if (!found) {
        fail("Incorrect response for attribute");
    }
}

Example 2 with Attribute

use of org.hyperledger.fabric_ca.sdk.Attribute in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testCertificateRevoke.

// Tests revoking a certificate
@Test
public void testCertificateRevoke() throws Exception {
    SampleUser user = getTestUser(TEST_USER1_ORG);
    if (!user.isRegistered()) {
        RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
        String password = "testUserRevoke";
        rr.setSecret(password);
        rr.addAttribute(new Attribute("user.role", "department lead"));
        rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
        // Admin can register other users.
        user.setEnrollmentSecret(client.register(rr, admin));
        if (!user.getEnrollmentSecret().equals(password)) {
            fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
        }
    }
    if (!user.isEnrolled()) {
        EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
        req.addHost("example3.ibm.com");
        user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
    }
    // verify
    String cert = user.getEnrollment().getCert();
    BufferedInputStream pem = new BufferedInputStream(new ByteArrayInputStream(cert.getBytes()));
    CertificateFactory certFactory = CertificateFactory.getInstance(Config.getConfig().getCertificateFormat());
    X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(pem);
    // get its serial number
    String serial = DatatypeConverter.printHexBinary(certificate.getSerialNumber().toByteArray());
    // get its aki
    // 2.5.29.35 : AuthorityKeyIdentifier
    byte[] extensionValue = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
    ASN1OctetString akiOc = ASN1OctetString.getInstance(extensionValue);
    String aki = DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(akiOc.getOctets()).getKeyIdentifier());
    int startedWithRevokes = -1;
    if (!testConfig.isRunningAgainstFabric10()) {
        // prevent clock skewing. make sure we request started with revokes.
        Thread.sleep(1000);
        // one more after we do this revoke.
        startedWithRevokes = getRevokes(null).length;
        // prevent clock skewing. make sure we request started with revokes.
        Thread.sleep(1000);
    }
    // revoke all enrollment of this user
    client.revoke(admin, serial, aki, "revoke certificate");
    if (!testConfig.isRunningAgainstFabric10()) {
        final int newRevokes = getRevokes(null).length;
        assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
    }
}

Example 3 with Attribute

use of org.hyperledger.fabric_ca.sdk.Attribute in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testRegisterAttributes.

// Tests attributes
@Test
public void testRegisterAttributes() throws Exception {
    if (testConfig.isRunningAgainstFabric10()) {
        // needs v1.1
        return;
    }
    SampleUser user = new SampleUser("mrAttributes", TEST_ADMIN_ORG, sampleStore);
    RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
    String password = "mrAttributespassword";
    rr.setSecret(password);
    rr.addAttribute(new Attribute("testattr1", "mrAttributesValue1"));
    rr.addAttribute(new Attribute("testattr2", "mrAttributesValue2"));
    rr.addAttribute(new Attribute("testattrDEFAULTATTR", "mrAttributesValueDEFAULTATTR", true));
    user.setEnrollmentSecret(client.register(rr, admin));
    if (!user.getEnrollmentSecret().equals(password)) {
        fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
    }
    EnrollmentRequest req = new EnrollmentRequest();
    req.addAttrReq("testattr2").setOptional(false);
    user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
    Enrollment enrollment = user.getEnrollment();
    String cert = enrollment.getCert();
    String certdec = getStringCert(cert);
    assertTrue(format("Missing testattr2 in certficate decoded: %s", certdec), certdec.contains("\"testattr2\":\"mrAttributesValue2\""));
    // Since request had specific attributes don't expect defaults.
    assertFalse(format("Contains testattrDEFAULTATTR in certificate decoded: %s", certdec), certdec.contains("\"testattrDEFAULTATTR\"") || certdec.contains("\"mrAttributesValueDEFAULTATTR\""));
    assertFalse(format("Contains testattr1 in certificate decoded: %s", certdec), certdec.contains("\"testattr1\"") || certdec.contains("\"mrAttributesValue1\""));
}

Example 4 with Attribute

use of org.hyperledger.fabric_ca.sdk.Attribute in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testUserRevokeNullReason.

// Tests attempting to revoke a user with Null reason
@Test
public void testUserRevokeNullReason() throws Exception {
    thrown.expect(EnrollmentException.class);
    thrown.expectMessage("Failed to re-enroll user");
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, -1);
    // avoid any clock skewing.
    Date revokedTinyBitAgoTime = calendar.getTime();
    SampleUser user = getTestUser(TEST_USER1_ORG);
    if (!user.isRegistered()) {
        RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
        String password = "testUserRevoke";
        rr.setSecret(password);
        rr.addAttribute(new Attribute("user.role", "department lead"));
        rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
        // Admin can register other users.
        user.setEnrollmentSecret(client.register(rr, admin));
        if (!user.getEnrollmentSecret().equals(password)) {
            fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
        }
    }
    sleepALittle();
    if (!user.isEnrolled()) {
        EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
        req.addHost("example3.ibm.com");
        user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
        // verify
        String cert = user.getEnrollment().getCert();
        verifyOptions(cert, req);
    }
    sleepALittle();
    int startedWithRevokes = -1;
    if (!testConfig.isRunningAgainstFabric10()) {
        // one more after we do this revoke.
        startedWithRevokes = getRevokes(null).length;
    }
    // revoke all enrollment of this user
    client.revoke(admin, user.getName(), null);
    if (!testConfig.isRunningAgainstFabric10()) {
        final int newRevokes = getRevokes(null).length;
        assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
    }
    // trying to reenroll the revoked user should fail with an EnrollmentException
    client.reenroll(user);
}

Example 5 with Attribute

use of org.hyperledger.fabric_ca.sdk.Attribute in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testUserRevokeGenCRL.

// Tests revoking a user with genCRL using the revoke API
@Test
public void testUserRevokeGenCRL() throws Exception {
    if (testConfig.isRunningAgainstFabric10()) {
        // needs v1.1
        return;
    }
    thrown.expect(EnrollmentException.class);
    thrown.expectMessage("Failed to re-enroll user");
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, -1);
    // avoid any clock skewing.
    Date revokedTinyBitAgoTime = calendar.getTime();
    SampleUser user1 = getTestUser(TEST_USER1_ORG);
    SampleUser user2 = getTestUser(TEST_USER1_ORG);
    SampleUser[] users = new SampleUser[] { user1, user2 };
    for (SampleUser user : users) {
        if (!user.isRegistered()) {
            RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
            String password = "testUserRevoke";
            rr.setSecret(password);
            rr.addAttribute(new Attribute("user.role", "department lead"));
            rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
            // Admin can register other users.
            user.setEnrollmentSecret(client.register(rr, admin));
            if (!user.getEnrollmentSecret().equals(password)) {
                fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
            }
        }
        sleepALittle();
        if (!user.isEnrolled()) {
            EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
            req.addHost("example3.ibm.com");
            user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
            // verify
            String cert = user.getEnrollment().getCert();
            verifyOptions(cert, req);
        }
    }
    sleepALittle();
    int startedWithRevokes = -1;
    // one more after we do this revoke.
    startedWithRevokes = getRevokes(null).length;
    // revoke all enrollment of this user and request back a CRL
    String crl = client.revoke(admin, user1.getName(), null, true);
    assertNotNull("Failed to get CRL using the Revoke API", crl);
    final int newRevokes = getRevokes(null).length;
    assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
    final int crlLength = parseCRL(crl).length;
    assertEquals(format("The number of revokes %d does not equal the number of revoked certificates (%d) in crl", newRevokes, crlLength), newRevokes, crlLength);
    // trying to reenroll the revoked user should fail with an EnrollmentException
    client.reenroll(user1);
    String crl2 = client.revoke(admin, user2.getName(), null, false);
    assertEquals("CRL not requested, CRL should be empty", "", crl2);
}