use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.
the class HFCAClientIT method testCertificateRevoke.
// Tests revoking a certificate
@Test
public void testCertificateRevoke() throws Exception {
SampleUser user = getTestUser(TEST_USER1_ORG);
if (!user.isRegistered()) {
RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
String password = "testUserRevoke";
rr.setSecret(password);
rr.addAttribute(new Attribute("user.role", "department lead"));
rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
// Admin can register other users.
user.setEnrollmentSecret(client.register(rr, admin));
if (!user.getEnrollmentSecret().equals(password)) {
fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
}
}
if (!user.isEnrolled()) {
EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
req.addHost("example3.ibm.com");
user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
}
// verify
String cert = user.getEnrollment().getCert();
BufferedInputStream pem = new BufferedInputStream(new ByteArrayInputStream(cert.getBytes()));
CertificateFactory certFactory = CertificateFactory.getInstance(Config.getConfig().getCertificateFormat());
X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(pem);
// get its serial number
String serial = DatatypeConverter.printHexBinary(certificate.getSerialNumber().toByteArray());
// get its aki
// 2.5.29.35 : AuthorityKeyIdentifier
byte[] extensionValue = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
ASN1OctetString akiOc = ASN1OctetString.getInstance(extensionValue);
String aki = DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(akiOc.getOctets()).getKeyIdentifier());
int startedWithRevokes = -1;
if (!testConfig.isRunningAgainstFabric10()) {
// prevent clock skewing. make sure we request started with revokes.
Thread.sleep(1000);
// one more after we do this revoke.
startedWithRevokes = getRevokes(null).length;
// prevent clock skewing. make sure we request started with revokes.
Thread.sleep(1000);
}
// revoke all enrollment of this user
client.revoke(admin, serial, aki, "revoke certificate");
if (!testConfig.isRunningAgainstFabric10()) {
final int newRevokes = getRevokes(null).length;
assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
}
}
use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.
the class HFCAClientIT method testRegisterAttributes.
// Tests attributes
@Test
public void testRegisterAttributes() throws Exception {
if (testConfig.isRunningAgainstFabric10()) {
// needs v1.1
return;
}
SampleUser user = new SampleUser("mrAttributes", TEST_ADMIN_ORG, sampleStore);
RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
String password = "mrAttributespassword";
rr.setSecret(password);
rr.addAttribute(new Attribute("testattr1", "mrAttributesValue1"));
rr.addAttribute(new Attribute("testattr2", "mrAttributesValue2"));
rr.addAttribute(new Attribute("testattrDEFAULTATTR", "mrAttributesValueDEFAULTATTR", true));
user.setEnrollmentSecret(client.register(rr, admin));
if (!user.getEnrollmentSecret().equals(password)) {
fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
}
EnrollmentRequest req = new EnrollmentRequest();
req.addAttrReq("testattr2").setOptional(false);
user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
Enrollment enrollment = user.getEnrollment();
String cert = enrollment.getCert();
String certdec = getStringCert(cert);
assertTrue(format("Missing testattr2 in certficate decoded: %s", certdec), certdec.contains("\"testattr2\":\"mrAttributesValue2\""));
// Since request had specific attributes don't expect defaults.
assertFalse(format("Contains testattrDEFAULTATTR in certificate decoded: %s", certdec), certdec.contains("\"testattrDEFAULTATTR\"") || certdec.contains("\"mrAttributesValueDEFAULTATTR\""));
assertFalse(format("Contains testattr1 in certificate decoded: %s", certdec), certdec.contains("\"testattr1\"") || certdec.contains("\"mrAttributesValue1\""));
}
use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.
the class HFCAClientIT method testReenrollAndRevoke.
// Tests re-enrolling a user that has had an enrollment revoked
@Test
public void testReenrollAndRevoke() throws Exception {
SampleUser user = getTestUser(TEST_ADMIN_ORG);
if (!user.isRegistered()) {
// users need to be registered AND enrolled
RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
String password = "testReenrollAndRevoke";
rr.setSecret(password);
user.setEnrollmentSecret(client.register(rr, admin));
if (!user.getEnrollmentSecret().equals(password)) {
fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
}
}
if (!user.isEnrolled()) {
user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret()));
}
sleepALittle();
// get another enrollment
EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 1", null);
req.addHost("example1.ibm.com");
req.addHost("example2.ibm.com");
Enrollment tmpEnroll = client.reenroll(user, req);
// verify
String cert = tmpEnroll.getCert();
verifyOptions(cert, req);
sleepALittle();
// revoke one enrollment of this user
client.revoke(admin, tmpEnroll, "remove user 2");
// trying to reenroll should be ok (revocation above is only for a particular enrollment of this user)
client.reenroll(user);
}
use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.
the class End2endIT method enrollUsersSetup.
/**
* Will register and enroll users persisting them to samplestore.
*
* @param sampleStore
* @throws Exception
*/
public void enrollUsersSetup(SampleStore sampleStore) throws Exception {
for (SampleOrg sampleOrg : testSampleOrgs) {
HFCAClient ca = sampleOrg.getCAClient();
final String orgName = sampleOrg.getName();
final String mspid = sampleOrg.getMSPID();
ca.setCryptoSuite(CryptoSuite.Factory.getCryptoSuite());
if (testConfig.isRunningFabricTLS()) {
// This shows how to get a client TLS certificate from Fabric CA
// we will use one client TLS certificate for orderer peers etc.
final EnrollmentRequest enrollmentRequestTLS = new EnrollmentRequest();
enrollmentRequestTLS.addHost("localhost");
enrollmentRequestTLS.setProfile("tls");
final Enrollment enroll = ca.enroll("admin", "adminpw", enrollmentRequestTLS);
final String tlsCertPEM = enroll.getCert();
final String tlsKeyPEM = getPEMStringFromPrivateKey(enroll.getKey());
final Properties tlsProperties = new Properties();
tlsProperties.put("clientKeyBytes", tlsKeyPEM.getBytes(UTF_8));
tlsProperties.put("clientCertBytes", tlsCertPEM.getBytes(UTF_8));
clientTLSProperties.put(sampleOrg.getName(), tlsProperties);
// Save in samplestore for follow on tests.
sampleStore.storeClientPEMTLCertificate(sampleOrg, tlsCertPEM);
sampleStore.storeClientPEMTLSKey(sampleOrg, tlsKeyPEM);
}
// just check if we connect at all.
HFCAInfo info = ca.info();
assertNotNull(info);
String infoName = info.getCAName();
if (infoName != null && !infoName.isEmpty()) {
assertEquals(ca.getCAName(), infoName);
}
SampleUser admin = sampleStore.getMember(TEST_ADMIN_NAME, orgName);
if (!admin.isEnrolled()) {
// Preregistered admin only needs to be enrolled with Fabric caClient.
admin.setEnrollment(ca.enroll(admin.getName(), "adminpw"));
admin.setMspId(mspid);
}
// The admin of this org --
sampleOrg.setAdmin(admin);
SampleUser user = sampleStore.getMember(TESTUSER_1_NAME, sampleOrg.getName());
if (!user.isRegistered()) {
// users need to be registered AND enrolled
RegistrationRequest rr = new RegistrationRequest(user.getName(), "org1.department1");
user.setEnrollmentSecret(ca.register(rr, admin));
}
if (!user.isEnrolled()) {
user.setEnrollment(ca.enroll(user.getName(), user.getEnrollmentSecret()));
user.setMspId(mspid);
}
// Remember user belongs to this Org
sampleOrg.addUser(user);
final String sampleOrgName = sampleOrg.getName();
final String sampleOrgDomainName = sampleOrg.getDomainName();
// src/test/fixture/sdkintegration/e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/
SampleUser peerOrgAdmin = sampleStore.getMember(sampleOrgName + "Admin", sampleOrgName, sampleOrg.getMSPID(), Util.findFileSk(Paths.get(testConfig.getTestChannelPath(), "crypto-config/peerOrganizations/", sampleOrgDomainName, format("/users/Admin@%s/msp/keystore", sampleOrgDomainName)).toFile()), Paths.get(testConfig.getTestChannelPath(), "crypto-config/peerOrganizations/", sampleOrgDomainName, format("/users/Admin@%s/msp/signcerts/Admin@%s-cert.pem", sampleOrgDomainName, sampleOrgDomainName)).toFile());
// A special user that can create channels, join peers and install chaincode
sampleOrg.setPeerAdmin(peerOrgAdmin);
}
}
use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.
the class HFCAClientIT method testUserRevokeNullReason.
// Tests attempting to revoke a user with Null reason
@Test
public void testUserRevokeNullReason() throws Exception {
thrown.expect(EnrollmentException.class);
thrown.expectMessage("Failed to re-enroll user");
// gets a calendar using the default time zone and locale.
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.SECOND, -1);
// avoid any clock skewing.
Date revokedTinyBitAgoTime = calendar.getTime();
SampleUser user = getTestUser(TEST_USER1_ORG);
if (!user.isRegistered()) {
RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
String password = "testUserRevoke";
rr.setSecret(password);
rr.addAttribute(new Attribute("user.role", "department lead"));
rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
// Admin can register other users.
user.setEnrollmentSecret(client.register(rr, admin));
if (!user.getEnrollmentSecret().equals(password)) {
fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
}
}
sleepALittle();
if (!user.isEnrolled()) {
EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
req.addHost("example3.ibm.com");
user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
// verify
String cert = user.getEnrollment().getCert();
verifyOptions(cert, req);
}
sleepALittle();
int startedWithRevokes = -1;
if (!testConfig.isRunningAgainstFabric10()) {
// one more after we do this revoke.
startedWithRevokes = getRevokes(null).length;
}
// revoke all enrollment of this user
client.revoke(admin, user.getName(), null);
if (!testConfig.isRunningAgainstFabric10()) {
final int newRevokes = getRevokes(null).length;
assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
}
// trying to reenroll the revoked user should fail with an EnrollmentException
client.reenroll(user);
}
Aggregations