Search in sources :

Example 1 with EnrollmentRequest

use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testCertificateRevoke.

// Tests revoking a certificate
@Test
public void testCertificateRevoke() throws Exception {
    SampleUser user = getTestUser(TEST_USER1_ORG);
    if (!user.isRegistered()) {
        RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
        String password = "testUserRevoke";
        rr.setSecret(password);
        rr.addAttribute(new Attribute("user.role", "department lead"));
        rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
        // Admin can register other users.
        user.setEnrollmentSecret(client.register(rr, admin));
        if (!user.getEnrollmentSecret().equals(password)) {
            fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
        }
    }
    if (!user.isEnrolled()) {
        EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
        req.addHost("example3.ibm.com");
        user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
    }
    // verify
    String cert = user.getEnrollment().getCert();
    BufferedInputStream pem = new BufferedInputStream(new ByteArrayInputStream(cert.getBytes()));
    CertificateFactory certFactory = CertificateFactory.getInstance(Config.getConfig().getCertificateFormat());
    X509Certificate certificate = (X509Certificate) certFactory.generateCertificate(pem);
    // get its serial number
    String serial = DatatypeConverter.printHexBinary(certificate.getSerialNumber().toByteArray());
    // get its aki
    // 2.5.29.35 : AuthorityKeyIdentifier
    byte[] extensionValue = certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId());
    ASN1OctetString akiOc = ASN1OctetString.getInstance(extensionValue);
    String aki = DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(akiOc.getOctets()).getKeyIdentifier());
    int startedWithRevokes = -1;
    if (!testConfig.isRunningAgainstFabric10()) {
        // prevent clock skewing. make sure we request started with revokes.
        Thread.sleep(1000);
        // one more after we do this revoke.
        startedWithRevokes = getRevokes(null).length;
        // prevent clock skewing. make sure we request started with revokes.
        Thread.sleep(1000);
    }
    // revoke all enrollment of this user
    client.revoke(admin, serial, aki, "revoke certificate");
    if (!testConfig.isRunningAgainstFabric10()) {
        final int newRevokes = getRevokes(null).length;
        assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
    }
}
Also used : ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) EnrollmentRequest(org.hyperledger.fabric_ca.sdk.EnrollmentRequest) Attribute(org.hyperledger.fabric_ca.sdk.Attribute) BufferedInputStream(java.io.BufferedInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RegistrationRequest(org.hyperledger.fabric_ca.sdk.RegistrationRequest) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) SampleUser(org.hyperledger.fabric.sdkintegration.SampleUser) Test(org.junit.Test)

Example 2 with EnrollmentRequest

use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testRegisterAttributes.

// Tests attributes
@Test
public void testRegisterAttributes() throws Exception {
    if (testConfig.isRunningAgainstFabric10()) {
        // needs v1.1
        return;
    }
    SampleUser user = new SampleUser("mrAttributes", TEST_ADMIN_ORG, sampleStore);
    RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
    String password = "mrAttributespassword";
    rr.setSecret(password);
    rr.addAttribute(new Attribute("testattr1", "mrAttributesValue1"));
    rr.addAttribute(new Attribute("testattr2", "mrAttributesValue2"));
    rr.addAttribute(new Attribute("testattrDEFAULTATTR", "mrAttributesValueDEFAULTATTR", true));
    user.setEnrollmentSecret(client.register(rr, admin));
    if (!user.getEnrollmentSecret().equals(password)) {
        fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
    }
    EnrollmentRequest req = new EnrollmentRequest();
    req.addAttrReq("testattr2").setOptional(false);
    user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
    Enrollment enrollment = user.getEnrollment();
    String cert = enrollment.getCert();
    String certdec = getStringCert(cert);
    assertTrue(format("Missing testattr2 in certficate decoded: %s", certdec), certdec.contains("\"testattr2\":\"mrAttributesValue2\""));
    // Since request had specific attributes don't expect defaults.
    assertFalse(format("Contains testattrDEFAULTATTR in certificate decoded: %s", certdec), certdec.contains("\"testattrDEFAULTATTR\"") || certdec.contains("\"mrAttributesValueDEFAULTATTR\""));
    assertFalse(format("Contains testattr1 in certificate decoded: %s", certdec), certdec.contains("\"testattr1\"") || certdec.contains("\"mrAttributesValue1\""));
}
Also used : EnrollmentRequest(org.hyperledger.fabric_ca.sdk.EnrollmentRequest) Attribute(org.hyperledger.fabric_ca.sdk.Attribute) Enrollment(org.hyperledger.fabric.sdk.Enrollment) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RegistrationRequest(org.hyperledger.fabric_ca.sdk.RegistrationRequest) SampleUser(org.hyperledger.fabric.sdkintegration.SampleUser) Test(org.junit.Test)

Example 3 with EnrollmentRequest

use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testReenrollAndRevoke.

// Tests re-enrolling a user that has had an enrollment revoked
@Test
public void testReenrollAndRevoke() throws Exception {
    SampleUser user = getTestUser(TEST_ADMIN_ORG);
    if (!user.isRegistered()) {
        // users need to be registered AND enrolled
        RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
        String password = "testReenrollAndRevoke";
        rr.setSecret(password);
        user.setEnrollmentSecret(client.register(rr, admin));
        if (!user.getEnrollmentSecret().equals(password)) {
            fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
        }
    }
    if (!user.isEnrolled()) {
        user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret()));
    }
    sleepALittle();
    // get another enrollment
    EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 1", null);
    req.addHost("example1.ibm.com");
    req.addHost("example2.ibm.com");
    Enrollment tmpEnroll = client.reenroll(user, req);
    // verify
    String cert = tmpEnroll.getCert();
    verifyOptions(cert, req);
    sleepALittle();
    // revoke one enrollment of this user
    client.revoke(admin, tmpEnroll, "remove user 2");
    // trying to reenroll should be ok (revocation above is only for a particular enrollment of this user)
    client.reenroll(user);
}
Also used : EnrollmentRequest(org.hyperledger.fabric_ca.sdk.EnrollmentRequest) Enrollment(org.hyperledger.fabric.sdk.Enrollment) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RegistrationRequest(org.hyperledger.fabric_ca.sdk.RegistrationRequest) SampleUser(org.hyperledger.fabric.sdkintegration.SampleUser) Test(org.junit.Test)

Example 4 with EnrollmentRequest

use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.

the class End2endIT method enrollUsersSetup.

/**
 * Will register and enroll users persisting them to samplestore.
 *
 * @param sampleStore
 * @throws Exception
 */
public void enrollUsersSetup(SampleStore sampleStore) throws Exception {
    for (SampleOrg sampleOrg : testSampleOrgs) {
        HFCAClient ca = sampleOrg.getCAClient();
        final String orgName = sampleOrg.getName();
        final String mspid = sampleOrg.getMSPID();
        ca.setCryptoSuite(CryptoSuite.Factory.getCryptoSuite());
        if (testConfig.isRunningFabricTLS()) {
            // This shows how to get a client TLS certificate from Fabric CA
            // we will use one client TLS certificate for orderer peers etc.
            final EnrollmentRequest enrollmentRequestTLS = new EnrollmentRequest();
            enrollmentRequestTLS.addHost("localhost");
            enrollmentRequestTLS.setProfile("tls");
            final Enrollment enroll = ca.enroll("admin", "adminpw", enrollmentRequestTLS);
            final String tlsCertPEM = enroll.getCert();
            final String tlsKeyPEM = getPEMStringFromPrivateKey(enroll.getKey());
            final Properties tlsProperties = new Properties();
            tlsProperties.put("clientKeyBytes", tlsKeyPEM.getBytes(UTF_8));
            tlsProperties.put("clientCertBytes", tlsCertPEM.getBytes(UTF_8));
            clientTLSProperties.put(sampleOrg.getName(), tlsProperties);
            // Save in samplestore for follow on tests.
            sampleStore.storeClientPEMTLCertificate(sampleOrg, tlsCertPEM);
            sampleStore.storeClientPEMTLSKey(sampleOrg, tlsKeyPEM);
        }
        // just check if we connect at all.
        HFCAInfo info = ca.info();
        assertNotNull(info);
        String infoName = info.getCAName();
        if (infoName != null && !infoName.isEmpty()) {
            assertEquals(ca.getCAName(), infoName);
        }
        SampleUser admin = sampleStore.getMember(TEST_ADMIN_NAME, orgName);
        if (!admin.isEnrolled()) {
            // Preregistered admin only needs to be enrolled with Fabric caClient.
            admin.setEnrollment(ca.enroll(admin.getName(), "adminpw"));
            admin.setMspId(mspid);
        }
        // The admin of this org --
        sampleOrg.setAdmin(admin);
        SampleUser user = sampleStore.getMember(TESTUSER_1_NAME, sampleOrg.getName());
        if (!user.isRegistered()) {
            // users need to be registered AND enrolled
            RegistrationRequest rr = new RegistrationRequest(user.getName(), "org1.department1");
            user.setEnrollmentSecret(ca.register(rr, admin));
        }
        if (!user.isEnrolled()) {
            user.setEnrollment(ca.enroll(user.getName(), user.getEnrollmentSecret()));
            user.setMspId(mspid);
        }
        // Remember user belongs to this Org
        sampleOrg.addUser(user);
        final String sampleOrgName = sampleOrg.getName();
        final String sampleOrgDomainName = sampleOrg.getDomainName();
        // src/test/fixture/sdkintegration/e2e-2Orgs/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/
        SampleUser peerOrgAdmin = sampleStore.getMember(sampleOrgName + "Admin", sampleOrgName, sampleOrg.getMSPID(), Util.findFileSk(Paths.get(testConfig.getTestChannelPath(), "crypto-config/peerOrganizations/", sampleOrgDomainName, format("/users/Admin@%s/msp/keystore", sampleOrgDomainName)).toFile()), Paths.get(testConfig.getTestChannelPath(), "crypto-config/peerOrganizations/", sampleOrgDomainName, format("/users/Admin@%s/msp/signcerts/Admin@%s-cert.pem", sampleOrgDomainName, sampleOrgDomainName)).toFile());
        // A special user that can create channels, join peers and install chaincode
        sampleOrg.setPeerAdmin(peerOrgAdmin);
    }
}
Also used : EnrollmentRequest(org.hyperledger.fabric_ca.sdk.EnrollmentRequest) Enrollment(org.hyperledger.fabric.sdk.Enrollment) Properties(java.util.Properties) RegistrationRequest(org.hyperledger.fabric_ca.sdk.RegistrationRequest) HFCAClient(org.hyperledger.fabric_ca.sdk.HFCAClient) HFCAInfo(org.hyperledger.fabric_ca.sdk.HFCAInfo)

Example 5 with EnrollmentRequest

use of org.hyperledger.fabric_ca.sdk.EnrollmentRequest in project fabric-sdk-java by hyperledger.

the class HFCAClientIT method testUserRevokeNullReason.

// Tests attempting to revoke a user with Null reason
@Test
public void testUserRevokeNullReason() throws Exception {
    thrown.expect(EnrollmentException.class);
    thrown.expectMessage("Failed to re-enroll user");
    // gets a calendar using the default time zone and locale.
    Calendar calendar = Calendar.getInstance();
    calendar.add(Calendar.SECOND, -1);
    // avoid any clock skewing.
    Date revokedTinyBitAgoTime = calendar.getTime();
    SampleUser user = getTestUser(TEST_USER1_ORG);
    if (!user.isRegistered()) {
        RegistrationRequest rr = new RegistrationRequest(user.getName(), TEST_USER1_AFFILIATION);
        String password = "testUserRevoke";
        rr.setSecret(password);
        rr.addAttribute(new Attribute("user.role", "department lead"));
        rr.addAttribute(new Attribute(HFCAClient.HFCA_ATTRIBUTE_HFREVOKER, "true"));
        // Admin can register other users.
        user.setEnrollmentSecret(client.register(rr, admin));
        if (!user.getEnrollmentSecret().equals(password)) {
            fail("Secret returned from RegistrationRequest not match : " + user.getEnrollmentSecret());
        }
    }
    sleepALittle();
    if (!user.isEnrolled()) {
        EnrollmentRequest req = new EnrollmentRequest(DEFAULT_PROFILE_NAME, "label 2", null);
        req.addHost("example3.ibm.com");
        user.setEnrollment(client.enroll(user.getName(), user.getEnrollmentSecret(), req));
        // verify
        String cert = user.getEnrollment().getCert();
        verifyOptions(cert, req);
    }
    sleepALittle();
    int startedWithRevokes = -1;
    if (!testConfig.isRunningAgainstFabric10()) {
        // one more after we do this revoke.
        startedWithRevokes = getRevokes(null).length;
    }
    // revoke all enrollment of this user
    client.revoke(admin, user.getName(), null);
    if (!testConfig.isRunningAgainstFabric10()) {
        final int newRevokes = getRevokes(null).length;
        assertEquals(format("Expected one more revocation %d, but got %d", startedWithRevokes + 1, newRevokes), startedWithRevokes + 1, newRevokes);
    }
    // trying to reenroll the revoked user should fail with an EnrollmentException
    client.reenroll(user);
}
Also used : EnrollmentRequest(org.hyperledger.fabric_ca.sdk.EnrollmentRequest) Attribute(org.hyperledger.fabric_ca.sdk.Attribute) Calendar(java.util.Calendar) ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString) RegistrationRequest(org.hyperledger.fabric_ca.sdk.RegistrationRequest) Date(java.util.Date) SampleUser(org.hyperledger.fabric.sdkintegration.SampleUser) Test(org.junit.Test)

Aggregations

EnrollmentRequest (org.hyperledger.fabric_ca.sdk.EnrollmentRequest)9 SampleUser (org.hyperledger.fabric.sdkintegration.SampleUser)8 RegistrationRequest (org.hyperledger.fabric_ca.sdk.RegistrationRequest)8 Test (org.junit.Test)8 ASN1OctetString (org.bouncycastle.asn1.ASN1OctetString)7 Attribute (org.hyperledger.fabric_ca.sdk.Attribute)6 Enrollment (org.hyperledger.fabric.sdk.Enrollment)4 Calendar (java.util.Calendar)3 Date (java.util.Date)3 BufferedInputStream (java.io.BufferedInputStream)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 CertificateFactory (java.security.cert.CertificateFactory)1 X509Certificate (java.security.cert.X509Certificate)1 Properties (java.util.Properties)1 HFCAClient (org.hyperledger.fabric_ca.sdk.HFCAClient)1 HFCAInfo (org.hyperledger.fabric_ca.sdk.HFCAInfo)1