diff --git a/src/main/java/org/hyperledger/fabric/sdk/Channel.java b/src/main/java/org/hyperledger/fabric/sdk/Channel.java index 376ca10a..32969c45 100644 --- a/src/main/java/org/hyperledger/fabric/sdk/Channel.java +++ b/src/main/java/org/hyperledger/fabric/sdk/Channel.java @@ -1627,25 +1627,25 @@ public Orderer addOrderer(SDOrdererAdditionInfo sdOrdererAdditionInfo) throws In String protocol = (String) findClientProp(config, "protocol", mspid, endpoint, sdOrdererAdditionInfo.isTLS() ? "grpcs:" : "grpc:"); - String clientCertFile = (String) findClientProp(config, "clientCertFile", mspid, endpoint, null); + String clientCertFile = (String) findClientProp(config, NetworkConfig.CLIENT_CERT_FILE, mspid, endpoint, null); if (null != clientCertFile) { - properties.put("clientCertFile", clientCertFile); + properties.put(NetworkConfig.CLIENT_CERT_FILE, clientCertFile); } - String clientKeyFile = (String) findClientProp(config, "clientKeyFile", mspid, endpoint, null); + String clientKeyFile = (String) findClientProp(config, NetworkConfig.CLIENT_KEY_FILE, mspid, endpoint, null); if (null != clientKeyFile) { - properties.put("clientKeyFile", clientKeyFile); + properties.put(NetworkConfig.CLIENT_KEY_FILE, clientKeyFile); } - byte[] clientCertBytes = (byte[]) findClientProp(config, "clientCertBytes", mspid, endpoint, null); + byte[] clientCertBytes = (byte[]) findClientProp(config, NetworkConfig.CLIENT_CERT_BYTES, mspid, endpoint, null); if (null != clientCertBytes) { - properties.put("clientCertBytes", clientCertBytes); + properties.put(NetworkConfig.CLIENT_CERT_BYTES, clientCertBytes); } - byte[] clientKeyBytes = (byte[]) findClientProp(config, "clientKeyBytes", mspid, endpoint, null); + byte[] clientKeyBytes = (byte[]) findClientProp(config, NetworkConfig.CLIENT_KEY_BYTES, mspid, endpoint, null); if (null != clientKeyBytes) { - properties.put("clientKeyBytes", clientKeyBytes); + properties.put(NetworkConfig.CLIENT_KEY_BYTES, clientKeyBytes); } String hostnameOverride = (String) findClientProp(config, "hostnameOverride", mspid, endpoint, null); @@ -1693,23 +1693,23 @@ public Peer addPeer(SDPeerAdditionInfo sdPeerAddition) throws InvalidArgumentExc } - String clientCertFile = (String) findClientProp(config, "clientCertFile", mspid, endpoint, null); + String clientCertFile = (String) findClientProp(config, NetworkConfig.CLIENT_CERT_FILE, mspid, endpoint, null); - byte[] clientCertBytes = (byte[]) findClientProp(config, "clientCertBytes", mspid, endpoint, null); + byte[] clientCertBytes = (byte[]) findClientProp(config, NetworkConfig.CLIENT_CERT_BYTES, mspid, endpoint, null); if (null != clientCertBytes) { - properties.put("clientCertBytes", clientCertBytes); + properties.put(NetworkConfig.CLIENT_CERT_BYTES, clientCertBytes); } else if (null != clientCertFile) { - properties.put("clientCertFile", clientCertFile); + properties.put(NetworkConfig.CLIENT_CERT_FILE, clientCertFile); } properties.put(Peer.PEER_ORGANIZATION_MSPID_PROPERTY, sdPeerAddition.getMspId()); - byte[] clientKeyBytes = (byte[]) findClientProp(config, "clientKeyBytes", mspid, endpoint, null); - String clientKeyFile = (String) findClientProp(config, "clientKeyFile", mspid, endpoint, null); + byte[] clientKeyBytes = (byte[]) findClientProp(config, NetworkConfig.CLIENT_KEY_BYTES, mspid, endpoint, null); + String clientKeyFile = (String) findClientProp(config, NetworkConfig.CLIENT_KEY_FILE, mspid, endpoint, null); if (null != clientKeyBytes) { - properties.put("clientKeyBytes", clientKeyBytes); + properties.put(NetworkConfig.CLIENT_KEY_BYTES, clientKeyBytes); } else if (null != clientKeyFile) { - properties.put("clientKeyFile", clientKeyFile); + properties.put(NetworkConfig.CLIENT_KEY_FILE, clientKeyFile); } String hostnameOverride = (String) findClientProp(config, "hostnameOverride", mspid, endpoint, null); diff --git a/src/main/java/org/hyperledger/fabric/sdk/Endpoint.java b/src/main/java/org/hyperledger/fabric/sdk/Endpoint.java index 02d57296..70fa055f 100644 --- a/src/main/java/org/hyperledger/fabric/sdk/Endpoint.java +++ b/src/main/java/org/hyperledger/fabric/sdk/Endpoint.java @@ -66,6 +66,7 @@ import static org.hyperledger.fabric.sdk.helper.Utils.parseGrpcUrl; class Endpoint { + private static final Log logger = LogFactory.getLog(Endpoint.class); private static final String SSLPROVIDER = Config.getConfig().getDefaultSSLProvider(); @@ -172,28 +173,28 @@ class Endpoint { } // check for mutual TLS - both clientKey and clientCert must be present byte[] ckb = null, ccb = null; - if (properties.containsKey("clientKeyFile") && properties.containsKey("clientKeyBytes")) { + if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) && properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES)) { throw new RuntimeException("Properties \"clientKeyFile\" and \"clientKeyBytes\" must cannot both be set"); - } else if (properties.containsKey("clientCertFile") && properties.containsKey("clientCertBytes")) { + } else if (properties.containsKey(NetworkConfig.CLIENT_CERT_FILE) && properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) { throw new RuntimeException("Properties \"clientCertFile\" and \"clientCertBytes\" must cannot both be set"); - } else if (properties.containsKey("clientKeyFile") || properties.containsKey("clientCertFile")) { - if ((properties.getProperty("clientKeyFile") != null) && (properties.getProperty("clientCertFile") != null)) { + } else if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) || properties.containsKey(NetworkConfig.CLIENT_CERT_FILE)) { + if ((properties.getProperty(NetworkConfig.CLIENT_KEY_FILE) != null) && (properties.getProperty(NetworkConfig.CLIENT_CERT_FILE) != null)) { try { - logger.trace(format("Endpoint %s reading clientKeyFile: %s", url, properties.getProperty("clientKeyFile"))); - ckb = Files.readAllBytes(Paths.get(properties.getProperty("clientKeyFile"))); - logger.trace(format("Endpoint %s reading clientCertFile: %s", url, properties.getProperty("clientCertFile"))); - ccb = Files.readAllBytes(Paths.get(properties.getProperty("clientCertFile"))); + logger.trace(format("Endpoint %s reading clientKeyFile: %s", url, properties.getProperty(NetworkConfig.CLIENT_KEY_FILE))); + ckb = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE))); + logger.trace(format("Endpoint %s reading clientCertFile: %s", url, properties.getProperty(NetworkConfig.CLIENT_CERT_FILE))); + ccb = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE))); } catch (IOException e) { throw new RuntimeException("Failed to parse TLS client key and/or cert", e); } } else { - throw new RuntimeException("Properties \"clientKeyFile\" and \"clientCertFile\" must both be set or both be null"); + throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_FILE, NetworkConfig.CLIENT_CERT_FILE)); } - } else if (properties.containsKey("clientKeyBytes") || properties.containsKey("clientCertBytes")) { - ckb = (byte[]) properties.get("clientKeyBytes"); - ccb = (byte[]) properties.get("clientCertBytes"); + } else if (properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES) || properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) { + ckb = (byte[]) properties.get(NetworkConfig.CLIENT_KEY_BYTES); + ccb = (byte[]) properties.get(NetworkConfig.CLIENT_CERT_BYTES); if ((ckb == null) || (ccb == null)) { - throw new RuntimeException("Properties \"clientKeyBytes\" and \"clientCertBytes\" must both be set or both be null"); + throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_BYTES, NetworkConfig.CLIENT_CERT_BYTES)); } } @@ -400,28 +401,28 @@ AbstractMap.SimpleImmutableEntry getClientTLSProp // check for mutual TLS - both clientKey and clientCert must be present byte[] ckb = null, ccb = null; - if (properties.containsKey("clientKeyFile") && properties.containsKey("clientKeyBytes")) { + if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) && properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES)) { throw new RuntimeException("Properties \"clientKeyFile\" and \"clientKeyBytes\" must cannot both be set"); - } else if (properties.containsKey("clientCertFile") && properties.containsKey("clientCertBytes")) { + } else if (properties.containsKey(NetworkConfig.CLIENT_CERT_FILE) && properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) { throw new RuntimeException("Properties \"clientCertFile\" and \"clientCertBytes\" must cannot both be set"); - } else if (properties.containsKey("clientKeyFile") || properties.containsKey("clientCertFile")) { - if ((properties.getProperty("clientKeyFile") != null) && (properties.getProperty("clientCertFile") != null)) { + } else if (properties.containsKey(NetworkConfig.CLIENT_KEY_FILE) || properties.containsKey(NetworkConfig.CLIENT_CERT_FILE)) { + if ((properties.getProperty(NetworkConfig.CLIENT_KEY_FILE) != null) && (properties.getProperty(NetworkConfig.CLIENT_CERT_FILE) != null)) { try { - logger.trace(format("Endpoint %s reading clientKeyFile: %s", url, new File(properties.getProperty("clientKeyFile")).getAbsolutePath())); - ckb = Files.readAllBytes(Paths.get(properties.getProperty("clientKeyFile"))); - logger.trace(format("Endpoint %s reading clientCertFile: %s", url, new File(properties.getProperty("clientCertFile")).getAbsolutePath())); - ccb = Files.readAllBytes(Paths.get(properties.getProperty("clientCertFile"))); + logger.trace(format("Endpoint %s reading clientKeyFile: %s", url, new File(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE)).getAbsolutePath())); + ckb = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE))); + logger.trace(format("Endpoint %s reading clientCertFile: %s", url, new File(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE)).getAbsolutePath())); + ccb = Files.readAllBytes(Paths.get(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE))); } catch (IOException e) { throw new RuntimeException("Failed to parse TLS client key and/or cert", e); } } else { - throw new RuntimeException("Properties \"clientKeyFile\" and \"clientCertFile\" must both be set or both be null"); + throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_FILE, NetworkConfig.CLIENT_CERT_FILE)); } - } else if (properties.containsKey("clientKeyBytes") || properties.containsKey("clientCertBytes")) { - ckb = (byte[]) properties.get("clientKeyBytes"); - ccb = (byte[]) properties.get("clientCertBytes"); + } else if (properties.containsKey(NetworkConfig.CLIENT_KEY_BYTES) || properties.containsKey(NetworkConfig.CLIENT_CERT_BYTES)) { + ckb = (byte[]) properties.get(NetworkConfig.CLIENT_KEY_BYTES); + ccb = (byte[]) properties.get(NetworkConfig.CLIENT_CERT_BYTES); if ((ckb == null) || (ccb == null)) { - throw new RuntimeException("Properties \"clientKeyBytes\" and \"clientCertBytes\" must both be set or both be null"); + throw new RuntimeException(String.format("Properties \"%s\" and \"%s\" must both be set or both be null", NetworkConfig.CLIENT_KEY_BYTES, NetworkConfig.CLIENT_CERT_BYTES)); } } diff --git a/src/main/java/org/hyperledger/fabric/sdk/NetworkConfig.java b/src/main/java/org/hyperledger/fabric/sdk/NetworkConfig.java index 7a48456d..8ecd81d6 100755 --- a/src/main/java/org/hyperledger/fabric/sdk/NetworkConfig.java +++ b/src/main/java/org/hyperledger/fabric/sdk/NetworkConfig.java @@ -72,6 +72,14 @@ */ public class NetworkConfig { + public static final String CLIENT_CERT_BYTES = "clientCertBytes"; + + public static final String CLIENT_KEY_BYTES = "clientKeyBytes"; + + public static final String CLIENT_CERT_FILE = "clientCertFile"; + + public static final String CLIENT_KEY_FILE = "clientKeyFile"; + private static final String URL_PROP_NAME = "url"; private final JsonObject jsonConfig; @@ -843,22 +851,22 @@ private void getTLSCerts(JsonObject jsonOrderer, Properties props) { String certfile = getJsonValueAsString(jsonTlsClientCerts.get("certfile")); if (keyfile != null) { - props.put("tlsClientKeyFile", keyfile); + props.put(CLIENT_KEY_FILE, keyfile); } if (certfile != null) { - props.put("tlsClientCertFile", certfile); + props.put(CLIENT_CERT_FILE, certfile); } String keyBytes = getJsonValueAsString(jsonTlsClientCerts.get("keyPem")); String certBytes = getJsonValueAsString(jsonTlsClientCerts.get("certPem")); if (keyBytes != null) { - props.put("tlsClientKeyBytes", keyBytes.getBytes()); + props.put(CLIENT_KEY_BYTES, keyBytes.getBytes()); } if (certBytes != null) { - props.put("tlsClientCertBytes", certBytes.getBytes()); + props.put(CLIENT_CERT_BYTES, certBytes.getBytes()); } } } diff --git a/src/main/java/org/hyperledger/fabric_ca/sdk/HFCAClient.java b/src/main/java/org/hyperledger/fabric_ca/sdk/HFCAClient.java index 7eb378f8..f5c495a0 100644 --- a/src/main/java/org/hyperledger/fabric_ca/sdk/HFCAClient.java +++ b/src/main/java/org/hyperledger/fabric_ca/sdk/HFCAClient.java @@ -1617,17 +1617,17 @@ private void setUpSSL() throws InvalidArgumentException { } } - String tlsClientKeyFile = properties.getProperty("tlsClientKeyFile"); - String tlsClientCertFile = properties.getProperty("tlsClientCertFile"); + String tlsClientKeyFile = properties.getProperty(NetworkConfig.CLIENT_KEY_FILE); + String tlsClientCertFile = properties.getProperty(NetworkConfig.CLIENT_CERT_FILE); - byte[] tlsClientKeyAsBytes = (byte[]) properties.get("tlsClientKeyBytes"); + byte[] tlsClientKeyAsBytes = (byte[]) properties.get(NetworkConfig.CLIENT_KEY_BYTES); if (tlsClientKeyFile != null && tlsClientKeyAsBytes != null) { logger.warn("SSL CA client key is specified as bytes and as a file path. Using client key specified as bytes."); } if (tlsClientKeyFile != null && tlsClientKeyAsBytes == null) { tlsClientKeyAsBytes = Files.readAllBytes(Paths.get(tlsClientKeyFile)); } - byte[] tlsClientCertAsBytes = (byte[]) properties.get("tlsClientCertBytes"); + byte[] tlsClientCertAsBytes = (byte[]) properties.get(NetworkConfig.CLIENT_CERT_BYTES); if (tlsClientCertFile != null && tlsClientCertAsBytes != null) { logger.warn("SSL CA client cert is specified as bytes and as a file path. Using client cert specified as bytes."); } diff --git a/src/test/fixture/sdkintegration/network_configs/network-config-client-tls.json b/src/test/fixture/sdkintegration/network_configs/network-config-client-tls.json new file mode 100755 index 00000000..c043b19a --- /dev/null +++ b/src/test/fixture/sdkintegration/network_configs/network-config-client-tls.json @@ -0,0 +1,120 @@ +{ + "name": "global-trade-network", + "x-type": "hlfv1", + "description": "The network to be in if you want to stay in the global trade business", + "version": "1.0.0", + "client": { + "organization": "Org1", + "credentialStore": { + "path": "/tmp/hfc-kvs", + "cryptoStore": { + "path": "/tmp/hfc-cvs" + }, + "wallet": "wallet-name" + } + }, + "channels": { + "mychannel": { + "orderers": [ + "orderer.example.com" + ], + "peers": { + "peer0.org1.example.com": { + "endorsingPeer": true, + "chaincodeQuery": true, + "ledgerQuery": true, + "eventSource": true + + }, + "peer1.org1.example.com": { + "endorsingPeer": true, + "chaincodeQuery": true, + "ledgerQuery": true, + "eventSource": true + } + }, + "chaincodes": [ + "example02:v1", + "marbles:1.0" + ] + } + }, + "organizations": { + "Org1": { + "mspid": "Org1MSP", + "peers": [ + "peer0.org1.example.com", + "peer1.org1.example.com" + ], + "certificateAuthorities": [ + "ca-org1" + ], + "adminPrivateKey": { + "pem": "-----BEGIN PRIVATE KEY-----\nMIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQghnA7rdgbZi/wndusiXjyf0KgE6OKZjQ+5INjwelRAC6hRANCAASb3u+hY+U/FZvhYDN6d08HJ1v56UJUyz/n2NHyJgTg6kC05AaJMeGIinEF0JeJtRDNVQGzoQJQYjnzUTS9FvGh\n-----END PRIVATE KEY-----" + }, + "signedCert": { + "path": "src/test/fixture/sdkintegration/e2e-2Orgs/v1.3/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem" + } + } + }, + "orderers": { + "orderer.example.com": { + "url": "grpcs://localhost:7050", + "grpcOptions": { + "ssl-target-name-override": "orderer.example.com", + "grpc-max-send-message-length": 15 + }, + "tlsCACerts": { + "pem": "-----BEGIN CERTIFICATE----- " + } + } + }, + "peers": { + "peer0.org1.example.com": { + "url": "grpcs://localhost:7051", + "grpcOptions": { + "ssl-target-name-override": "peer0.org1.example.com", + "grpc.http2.keepalive_time": 15 + }, + "tlsCACerts": { + "path": "src/test/fixture/sdkintegration/e2e-2Orgs/v1.3/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt", + "client": { + "certfile": "./tls/sign.pem", + "keyfile": "./tls/key.pem" + } + } + }, + "peer1.org1.example.com": { + "url": "grpcs://localhost:7051", + "grpcOptions": { + "ssl-target-name-override": "peer1.org1.example.com", + "grpc.http2.keepalive_time": 15 + }, + "tlsCACerts": { + "path": "src/test/fixture/sdkintegration/e2e-2Orgs/v1.3/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.crt", + "client": { + "certPem": "-----BEGIN CERTIFICATE----- ", + "keyPem": "-----BEGIN PRIVATE KEY----- " + } + } + } + },"certificateAuthorities": { + "ca-org1": { + "url": "https://localhost:7054", + "httpOptions": { + "verify": true + }, + "tlsCACerts": { + "path": "peerOrganizations/org1.example.com/ca/org1.example.com-cert.pem", + "pem": "-----BEGIN CERTIFICATE----- " + }, + "registrar": [ + { + "enrollId": "admin", + "enrollSecret": "adminpw" + } + ], + "caName": "caNameHere" + } + } +} diff --git a/src/test/fixture/testPems/client.key b/src/test/fixture/testPems/client.key new file mode 100644 index 00000000..441aa403 --- /dev/null +++ b/src/test/fixture/testPems/client.key @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEILaiKBtmV7pPCel9NBp74A6jJWHc/Vobug5AyMkncB3ToAoGCCqGSM49 +AwEHoUQDQgAEJT+fZ/nl8t38QY6VmddSvjB9HMITio6JUFZhDJ3qoAqCVAfKi6EI +sH+zLZuZA/324j3iHRYkNFUqkNA9wU91qw== +-----END EC PRIVATE KEY----- diff --git a/src/test/fixture/testPems/client.pem b/src/test/fixture/testPems/client.pem new file mode 100644 index 00000000..d41e00b2 --- /dev/null +++ b/src/test/fixture/testPems/client.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB9DCCAZkCCQCmIOuczbyLyDAKBggqhkjOPQQDAjBzMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZMBcG +A1UECgwQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAwwTY2Eub3JnMS5leGFtcGxl +LmNvbTAgFw0yMzAyMDYxMDQyNTVaGA8yMDUwMDYyNDEwNDI1NVowgY0xCzAJBgNV +BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp +c2NvMRkwFwYDVQQKDBBvcmcxLmV4YW1wbGUuY29tMRwwGgYDVQQLDBNjYS5vcmcx +LmV4YW1wbGUuY29tMRgwFgYDVQQDDA90ZXN0LWNsaWVudC10bHMwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQlP59n+eXy3fxBjpWZ11K+MH0cwhOKjolQVmEMneqg +CoJUB8qLoQiwf7Mtm5kD/fbiPeIdFiQ0VSqQ0D3BT3WrMAoGCCqGSM49BAMCA0kA +MEYCIQCZUkbolLixLdXyFu5KJiwnC5leT7XBHiNbnFoG1VZTqAIhANyQCvhmfGPz +A/UdQJekD5Ukib+sRJln9nzody03dby2 +-----END CERTIFICATE----- diff --git a/src/test/java/org/hyperledger/fabric/sdk/NetworkConfigTest.java b/src/test/java/org/hyperledger/fabric/sdk/NetworkConfigTest.java index 02a284b5..95f1c62a 100755 --- a/src/test/java/org/hyperledger/fabric/sdk/NetworkConfigTest.java +++ b/src/test/java/org/hyperledger/fabric/sdk/NetworkConfigTest.java @@ -47,12 +47,14 @@ import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; public class NetworkConfigTest { private static final Path NETWORK_CONFIG_DIR = Paths.get("src", "test", "fixture", "sdkintegration", "network_configs"); private static final Path NETWORK_CONFIG_JSON = NETWORK_CONFIG_DIR.resolve("network-config.json"); private static final Path NETWORK_CONFIG_YAML = NETWORK_CONFIG_DIR.resolve("network-config.yaml"); + private static final Path NETWORK_CONFIG_CLIENT_TLS_JSON = NETWORK_CONFIG_DIR.resolve("network-config-client-tls.json"); private static final String CHANNEL_NAME = "myChannel"; private static final String CLIENT_ORG_NAME = "Org1"; @@ -318,6 +320,53 @@ public void testLoadFromConfigFileYamlNOOverrides() throws Exception { } + @Test + public void testLoadFromConfigFileJsonNOOverridesClientTls() throws Exception { + + File f = NETWORK_CONFIG_CLIENT_TLS_JSON.toFile(); + NetworkConfig config = NetworkConfig.fromJsonFile(f); + + assertNotNull(config); + + String peer0 = "peer0.org1.example.com"; + String peer1 = "peer1.org1.example.com"; + // Check JsonPeers' properties + Properties peer0Properties = config.getPeerProperties(peer0); + assertEquals(peer0Properties.getProperty(NetworkConfig.CLIENT_CERT_FILE), "./tls/sign.pem"); + assertEquals(peer0Properties.getProperty(NetworkConfig.CLIENT_KEY_FILE), "./tls/key.pem"); + + Properties peer1Properties = config.getPeerProperties(peer1); + byte[] clientKeyBytes = (byte[]) peer1Properties.get(NetworkConfig.CLIENT_KEY_BYTES); + byte[] clientCertBytes = (byte[]) peer1Properties.get(NetworkConfig.CLIENT_CERT_BYTES); + assertTrue(Arrays.equals(clientCertBytes, "-----BEGIN CERTIFICATE----- ".getBytes())); + assertTrue(Arrays.equals(clientKeyBytes, "-----BEGIN PRIVATE KEY----- ".getBytes())); + + // Check Peer nodes' properties + HFClient client = HFClient.createNewInstance(); + client.setCryptoSuite(CryptoSuite.Factory.getCryptoSuite()); + client.setUserContext(TestUtils.getMockUser(USER_NAME, USER_MSP_ID)); + + Channel channel = client.loadChannelFromConfig("mychannel", config); + assertNotNull(channel); + + assertFalse(channel.getPeers().isEmpty()); + + for (Peer peer : channel.getPeers()) { + Properties properties = peer.getProperties(); + assertNotNull(properties); + if (peer.getName().equals(peer0)) { + assertEquals(properties.getProperty(NetworkConfig.CLIENT_CERT_FILE), "./tls/sign.pem"); + assertEquals(properties.getProperty(NetworkConfig.CLIENT_KEY_FILE), "./tls/key.pem"); + } else if (peer.getName().equals(peer1)) { + byte[] nodeClientKeyBytes = (byte[]) properties.get(NetworkConfig.CLIENT_KEY_BYTES); + byte[] nodeClientCertBytes = (byte[]) properties.get(NetworkConfig.CLIENT_CERT_BYTES); + assertTrue(Arrays.equals(nodeClientCertBytes, "-----BEGIN CERTIFICATE----- ".getBytes())); + assertTrue(Arrays.equals(nodeClientKeyBytes, "-----BEGIN PRIVATE KEY----- ".getBytes())); + } + } + } + + @Test public void testLoadFromConfigFileYamlNOOverridesButSet() throws Exception { diff --git a/src/test/java/org/hyperledger/fabric_ca/sdk/HFCAClientTest.java b/src/test/java/org/hyperledger/fabric_ca/sdk/HFCAClientTest.java index 093eef92..f7cf4191 100644 --- a/src/test/java/org/hyperledger/fabric_ca/sdk/HFCAClientTest.java +++ b/src/test/java/org/hyperledger/fabric_ca/sdk/HFCAClientTest.java @@ -20,6 +20,7 @@ import java.net.URISyntaxException; import java.nio.file.Files; import java.nio.file.Paths; +import java.security.Key; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; @@ -31,6 +32,7 @@ import java.util.Set; import org.hyperledger.fabric.sdk.Enrollment; +import org.hyperledger.fabric.sdk.NetworkConfig; import org.hyperledger.fabric.sdk.exception.CryptoException; import org.hyperledger.fabric.sdk.identity.IdemixEnrollment; import org.hyperledger.fabric.sdk.identity.IdemixRoles; @@ -55,6 +57,7 @@ import static org.hyperledger.fabric.sdk.testutils.TestUtils.invokeMethod; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; public class HFCAClientTest { @@ -497,6 +500,45 @@ public void testTLSTrustedCertProperites() throws Throwable { assertEquals("Number of CA certificates mismatch", expected.size(), count); } + @Test + public void testClientTlsTrustedCertProperites() throws Throwable { + + // Test clientCertFile and clientKeyFile + Properties testprops = new Properties(); + testprops.setProperty(NetworkConfig.CLIENT_KEY_FILE, "src/test/fixture/testPems/client.key"); + testprops.setProperty(NetworkConfig.CLIENT_CERT_FILE, "src/test/fixture/testPems/client.pem"); + + CryptoPrimitives crypto = new CryptoPrimitives(); + crypto.init(); + + HFCAClient client = HFCAClient.createNewInstance("client", "https://localhost:99", testprops); + client.setCryptoSuite(crypto); + + invokeMethod(client, "setUpSSL"); + + KeyStore trustStore = client.cryptoPrimitives.getTrustStore(); + Key key = (Key) trustStore.getKey("11970826868249889736", new char[0]); + assertNotNull(key); + + // Test clientCertBytes and clientKeyBytes + testprops = new Properties(); + testprops.put(NetworkConfig.CLIENT_KEY_BYTES, Files.readAllBytes(Paths.get("src/test/fixture/testPems/client.key"))); + testprops.put(NetworkConfig.CLIENT_CERT_BYTES, Files.readAllBytes(Paths.get("src/test/fixture/testPems/client.pem"))); + + crypto = new CryptoPrimitives(); + crypto.init(); + + client = HFCAClient.createNewInstance("client", "https://localhost:99", testprops); + client.setCryptoSuite(crypto); + + invokeMethod(client, "setUpSSL"); + + trustStore = client.cryptoPrimitives.getTrustStore(); + key = (Key) trustStore.getKey("11970826868249889736", new char[0]); + assertNotNull(key); + } + + @Test public void testIdemixNullEnrollment() throws Exception { @@ -542,4 +584,4 @@ public void testAddCAToURL() throws MalformedURLException, URISyntaxException, I String url2 = client.addCAToURL(url); assertEquals(url + "?ca=ca1", url2); } -} \ No newline at end of file +}