From 5f41e41cb7281fafa40a0df56a0023a9fc4ad3c4 Mon Sep 17 00:00:00 2001 From: Genady Gurevich Date: Tue, 30 Jun 2026 16:25:42 +0300 Subject: [PATCH] Test mTLS from application client (#548) Signed-off-by: Genady Gurevich --- common/tools/armageddon/armageddon.go | 22 +++ common/tools/armageddon/armageddon_test.go | 8 + common/tools/armageddon/cryptogen.go | 161 +++++++++++++++++- config/config_test.go | 2 +- config/generate/config_block_gen.go | 31 +++- config/generate/network_config.go | 1 + .../consensus/consensus_real_reconfig_test.go | 2 +- test/basic/router_basic_test.go | 101 ++++++++++- testutil/configutil/config_update_utils.go | 26 +-- testutil/signutil/signer.go | 6 +- testutil/utils.go | 1 + 11 files changed, 327 insertions(+), 34 deletions(-) diff --git a/common/tools/armageddon/armageddon.go b/common/tools/armageddon/armageddon.go index 35bdfbee1..8879dc9ec 100644 --- a/common/tools/armageddon/armageddon.go +++ b/common/tools/armageddon/armageddon.go @@ -369,6 +369,28 @@ func generateConfigAndCrypto(genConfigFile **os.File, outputDir *string, sampleC os.Exit(-1) } } + + // generate user config yaml file for each peer + for _, peer := range networkConfig.Peers { + userTLSPrivateKeyPath := filepath.Join(*outputDir, "crypto", "peerOrganizations", peer, "tls", "key.pem") + userTLSCertPath := filepath.Join(*outputDir, "crypto", "peerOrganizations", peer, "tls", "tls-cert.pem") + mspDir := filepath.Join(*outputDir, "crypto", "peerOrganizations", peer, "msp") + + userConfig, err := NewUserConfig(mspDir, userTLSPrivateKeyPath, userTLSCertPath, tlsCACertsBytesPartiesCollection, networkConfig) + if err != nil { + fmt.Fprintf(os.Stderr, "Error creating user config: %s", err) + os.Exit(-1) + } + + peerConfigDir := path.Join(*outputDir, "config", peer) + os.MkdirAll(peerConfigDir, 0o755) + + err = utils.WriteToYAML(userConfig, filepath.Join(peerConfigDir, "user_config.yaml")) + if err != nil { + fmt.Fprintf(os.Stderr, "Error generating user config yaml: %s", err) + os.Exit(-1) + } + } } func getConfigFileContent(genConfigFile **os.File) (*genconfig.Network, error) { diff --git a/common/tools/armageddon/armageddon_test.go b/common/tools/armageddon/armageddon_test.go index 142057cec..749455d96 100644 --- a/common/tools/armageddon/armageddon_test.go +++ b/common/tools/armageddon/armageddon_test.go @@ -611,6 +611,14 @@ func checkConfigDir(outputDir string) error { partyDir := filepath.Join(configPath, party.Name()) + if strings.HasPrefix(party.Name(), "peer") { + filePath := filepath.Join(partyDir, "user_config.yaml") + if !fileExists(filePath) { + return fmt.Errorf("missing file: %s\n", filePath) + } + continue + } + for _, file := range requiredPartyFiles { filePath := filepath.Join(partyDir, file) if !fileExists(filePath) { diff --git a/common/tools/armageddon/cryptogen.go b/common/tools/armageddon/cryptogen.go index 47be3d0ed..60ba64f22 100644 --- a/common/tools/armageddon/cryptogen.go +++ b/common/tools/armageddon/cryptogen.go @@ -118,6 +118,34 @@ func createNetworkCryptoMaterial(dir string, network *genconfig.Network) error { // collect all node IPs as they are includes as SANs when generating TLS certificates. nodesIPs := getNodeIPs(network) + peersTLSCAs, peersSignCAs, err := createCAsPerPeer(dir, network) + if err != nil { + return err + } + + // create crypto material for each peer and write the crypto into files + for _, peer := range network.Peers { + // choose a TLS CA and a signing CA of the peer + signCA := peersSignCAs[peer] + tlsCA := peersTLSCAs[peer] + + // signing crypto to admin of the organization + err = createAdminSignCertAndPrivateKeyForPeer(signCA, dir, peer) + if err != nil { + return err + } + // create TLS and signing crypto for the peer + err = createTLSCertKeyPairForPeer(tlsCA, dir, peer, nodesIPs) + if err != nil { + return err + } + // create signing crypto for the peer + err = createSignCertAndPrivateKeyForPeer(signCA, dir, peer, nodesIPs) + if err != nil { + return err + } + } + // create crypto material for each party's nodes and write the crypto into files for _, party := range network.Parties { // choose a TLS CA and a signing CA of the party @@ -268,6 +296,42 @@ func createCAsPerParty(dir string, network *genconfig.Network) (map[types.PartyI return partiesTLSCAs, partiesSignCAs, nil } +// createCAsPerPeer creates a TLS CA and a signing CA for each peer and write the ca's certificates into files. +func createCAsPerPeer(dir string, network *genconfig.Network) (map[string]*ca.CA, map[string]*ca.CA, error) { + peersTLSCAs := make(map[string]*ca.CA) + peersSignCAs := make(map[string]*ca.CA) + + for _, peer := range network.Peers { + // create a TLS CA for the peer + pathToTLSCACert := filepath.Join(dir, "crypto", "peerOrganizations", peer, "tlsca") + tlsCA, err := ca.NewCA(pathToTLSCACert, "tlsCA", "tlsca", "US", "California", "San Francisco", "ARMA", "addr", "12345", "ecdsa") + if err != nil { + return nil, nil, fmt.Errorf("err: %s, failed creating a TLS CA for peer %s", err, peer) + } + err = copyPEMFiles(pathToTLSCACert, filepath.Join(dir, "crypto", "peerOrganizations", peer, "msp", "tlscacerts")) + if err != nil { + return nil, nil, err + } + + peersTLSCAs[peer] = tlsCA + + // create a Signing CA for the peer + pathToSignCACert := filepath.Join(dir, "crypto", "peerOrganizations", peer, "ca") + signCA, err := ca.NewCA(pathToSignCACert, "signCA", "ca", "US", "California", "San Francisco", "ARMA", "addr", "12345", "ecdsa") + if err != nil { + return nil, nil, fmt.Errorf("err: %s, failed creating a signing CA for peer %s", err, peer) + } + err = copyPEMFiles(pathToSignCACert, filepath.Join(dir, "crypto", "peerOrganizations", peer, "msp", "cacerts")) + if err != nil { + return nil, nil, err + } + + peersSignCAs[peer] = signCA + } + + return peersTLSCAs, peersSignCAs, nil +} + // createTLSCertKeyPairForNode creates a TLS cert,key pair signed by a corresponding CA for an Arma node and write them into files. func createTLSCertKeyPairForNode(ca *ca.CA, dir string, endpoint string, role string, partyID types.PartyID, nodesIPs []string) error { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) @@ -290,6 +354,31 @@ func createTLSCertKeyPairForNode(ca *ca.CA, dir string, endpoint string, role st return nil } +// createTLSCertKeyPairForPeer creates a TLS cert,key pair signed by a corresponding CA for a peer and write them into files. +func createTLSCertKeyPairForPeer(ca *ca.CA, dir string, peer string, nodesIPs []string) error { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return fmt.Errorf("err: %s, failed creating private key for %s", err, peer) + } + privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + return fmt.Errorf("err: %s, failed marshaling private key for %s", err, peer) + } + + _, err = ca.SignCertificate(filepath.Join(dir, "crypto", "peerOrganizations", peer, "tls"), "tls", nil, nodesIPs, GetPublicKey(privateKey), x509.KeyUsageCertSign|x509.KeyUsageCRLSign, []x509.ExtKeyUsage{ + x509.ExtKeyUsageClientAuth, + x509.ExtKeyUsageServerAuth, + }) + if err != nil { + return err + } + err = utils.WritePEMToFile(filepath.Join(dir, "crypto", "peerOrganizations", peer, "tls", "key.pem"), "PRIVATE KEY", privateKeyBytes) + if err != nil { + return err + } + return nil +} + // createUserTLSCertKeyPair creates a TLS cert,key pair signed by a corresponding CA for a user. func createUserTLSCertKeyPair(ca *ca.CA, dir string, partyID types.PartyID, nodesIPs []string) error { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) @@ -332,6 +421,28 @@ func createSignCertAndPrivateKeyForNode(ca *ca.CA, dir string, endpoint string, return nil } +// createSignCertAndPrivateKeyForPeer creates a signed certificate with a corresponding private key used for signing and write them into files. +func createSignCertAndPrivateKeyForPeer(ca *ca.CA, dir string, peer string, nodesIPs []string) error { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return fmt.Errorf("err: %s, failed creating private key for %s", err, peer) + } + privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + return fmt.Errorf("err: %s, failed marshaling private key for %s", err, peer) + } + + _, err = ca.SignCertificate(filepath.Join(dir, "crypto", "peerOrganizations", peer, "signcerts"), "sign", nil, nodesIPs, GetPublicKey(privateKey), x509.KeyUsageDigitalSignature, []x509.ExtKeyUsage{}) + if err != nil { + return err + } + err = utils.WritePEMToFile(filepath.Join(dir, "crypto", "peerOrganizations", peer, "keystore", "priv_sk"), "PRIVATE KEY", privateKeyBytes) + if err != nil { + return err + } + return nil +} + // createUserSignCertAndPrivateKey creates for user a signed certificate with a corresponding private key used for signing and write them into files. func createUserSignCertAndPrivateKey(ca *ca.CA, dir string, partyID types.PartyID, nodesIPs []string) error { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) @@ -376,16 +487,45 @@ func createAdminSignCertAndPrivateKey(ca *ca.CA, dir string, partyID types.Party return nil } +// createAdminSignCertAndPrivateKeyForPeer creates for admin of a peer a signed certificate with a corresponding private key. +func createAdminSignCertAndPrivateKeyForPeer(ca *ca.CA, dir string, peer string) error { + privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + return fmt.Errorf("err: %s, failed creating private key for admin of org %s", err, peer) + } + privateKeyBytes, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + return fmt.Errorf("err: %s, failed marshaling private key for admin of org %s", err, peer) + } + + _, err = ca.SignCertificate(filepath.Join(dir, "crypto", "peerOrganizations", peer, "msp", "admincerts"), fmt.Sprintf("Admin@%s", peer), []string{msp.ADMINOU}, nil, GetPublicKey(privateKey), x509.KeyUsageDigitalSignature, []x509.ExtKeyUsage{}) + if err != nil { + return err + } + err = utils.WritePEMToFile(filepath.Join(dir, "crypto", "peerOrganizations", peer, "msp", "admincerts", "keystore", "priv_sk"), "PRIVATE KEY", privateKeyBytes) + if err != nil { + return err + } + return nil +} + // generateNetworkCryptoConfigFolderStructure creates folders where the crypto material is written to. func generateNetworkCryptoConfigFolderStructure(dir string, network *genconfig.Network) error { var folders []string - rootDir := filepath.Join(dir, "crypto", "ordererOrganizations") - folders = append(folders, rootDir) + ordererRootDir := filepath.Join(dir, "crypto", "ordererOrganizations") + folders = append(folders, ordererRootDir) + peerRootDir := filepath.Join(dir, "crypto", "peerOrganizations") + folders = append(folders, peerRootDir) for _, p := range network.Parties { - folders = generateOrdererOrg(rootDir, folders, int(p.ID), len(p.BatchersEndpoints)) + folders = generateOrdererOrg(ordererRootDir, folders, int(p.ID), len(p.BatchersEndpoints)) + } + + for _, peer := range network.Peers { + folders = generatePeerOrg(peerRootDir, folders, peer) } + for _, folder := range folders { err := os.MkdirAll(folder, 0o755) if err != nil { @@ -395,6 +535,21 @@ func generateNetworkCryptoConfigFolderStructure(dir string, network *genconfig.N return nil } +// generatePeerOrg generates folders for a peer organization. +func generatePeerOrg(rootDir string, folders []string, peerID string) []string { + orgDir := filepath.Join(rootDir, peerID) + folders = append(folders, orgDir) + folders = append(folders, filepath.Join(orgDir, "tls")) + folders = append(folders, filepath.Join(orgDir, signcerts)) + folders = append(folders, filepath.Join(orgDir, keystore)) + folders = append(folders, filepath.Join(orgDir, "msp", cacerts)) + folders = append(folders, filepath.Join(orgDir, "msp", tlscacerts)) + folders = append(folders, filepath.Join(orgDir, "msp", admincerts)) + folders = append(folders, filepath.Join(orgDir, "msp", admincerts, keystore)) + + return folders +} + // generateOrdererOrg generates folders for an orderer organization. // In general, an organization can include one or more parties, but this crypto-gen tool is designed for the scenario where each organization corresponds to a single party. // A local MSP directory is also created for each party's node (i.e., Router, Batcher, Consenter and Assembler) which defines the identity of that node. diff --git a/config/config_test.go b/config/config_test.go index 100bb4ba7..c25126b86 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -71,7 +71,7 @@ func TestExtractAppTrustedRootsFromConfigBlock(t *testing.T) { require.NoError(t, err) res := config.ExtractAppTrustedRootsFromConfigBlock(bundle) - require.Equal(t, len(res), 4) + require.Equal(t, len(res), 1) }) } diff --git a/config/generate/config_block_gen.go b/config/generate/config_block_gen.go index 008fde234..296faad2b 100644 --- a/config/generate/config_block_gen.go +++ b/config/generate/config_block_gen.go @@ -8,6 +8,7 @@ package generate import ( "fmt" + "os" "path/filepath" "strings" @@ -68,13 +69,17 @@ func CreateProfile(dir string, sharedConfigYaml *config.SharedConfigYaml, shared profile.Orderer.Arma.Path = sharedConfigPath templateAppOrg := profile.Application.Organizations[0] - profile.Application.Organizations = make([]*configtxgen.Organization, len(sharedConfigYaml.PartiesConfig)) + peers, err := buildPeerNames(filepath.Join(dir, "crypto", "peerOrganizations")) + if err != nil { + return nil, err + } + profile.Application.Organizations = make([]*configtxgen.Organization, len(peers)) - for i := range sharedConfigYaml.PartiesConfig { + for i, peer := range peers { org := &configtxgen.Organization{ - Name: fmt.Sprintf("org%d", i+1), - ID: fmt.Sprintf("org%d", i+1), - MSPDir: filepath.Join(dir, "crypto", "ordererOrganizations", fmt.Sprintf("org%d", i+1), "msp"), + Name: peer, + ID: peer, + MSPDir: filepath.Join(dir, "crypto", "peerOrganizations", peer, "msp"), MSPType: templateAppOrg.MSPType, Policies: make(map[string]*configtxgen.Policy), AnchorPeers: templateAppOrg.AnchorPeers, @@ -86,7 +91,7 @@ func CreateProfile(dir string, sharedConfigYaml *config.SharedConfigYaml, shared for key, policy := range templateAppOrg.Policies { orgPolicy := &configtxgen.Policy{ Type: policy.Type, - Rule: strings.ReplaceAll(policy.Rule, "SampleOrg", fmt.Sprintf("org%d", i+1)), + Rule: strings.ReplaceAll(policy.Rule, "SampleOrg", peer), } org.Policies[key] = orgPolicy } @@ -126,6 +131,20 @@ func CreateProfile(dir string, sharedConfigYaml *config.SharedConfigYaml, shared return profile, nil } +func buildPeerNames(path string) ([]string, error) { + entries, err := os.ReadDir(path) + if err != nil { + return nil, err + } + var peers []string + for _, e := range entries { + if e.IsDir() { + peers = append(peers, filepath.Base(filepath.Join(path, e.Name()))) + } + } + return peers, nil +} + func buildOrdererEndpoints(id uint32, routerHost string, routerPort int, assemblerHost string, assemblerPort int) []*types.OrdererEndpoint { return []*types.OrdererEndpoint{ {Host: routerHost, Port: routerPort, ID: id, API: []string{types.Broadcast}}, diff --git a/config/generate/network_config.go b/config/generate/network_config.go index 2da088669..4183e14fe 100644 --- a/config/generate/network_config.go +++ b/config/generate/network_config.go @@ -20,6 +20,7 @@ type Network struct { UseTLSRouter string `yaml:"UseTLSRouter"` UseTLSAssembler string `yaml:"UseTLSAssembler"` MaxPartyID types.PartyID `yaml:"MaxPartyID"` + Peers []string `yaml:"Peers"` } type Party struct { diff --git a/node/consensus/consensus_real_reconfig_test.go b/node/consensus/consensus_real_reconfig_test.go index 090597e4d..7008149a0 100644 --- a/node/consensus/consensus_real_reconfig_test.go +++ b/node/consensus/consensus_real_reconfig_test.go @@ -361,7 +361,7 @@ func TestConsensusWithRealConfigUpdate(t *testing.T) { require.NoError(t, err) configUpdateBuilder := configutil.NewConfigUpdateBuilder(t, dir, filepath.Join(oneMoreConfigBlockStoreDir, "config.block")) configUpdatePbData := configUpdateBuilder.UpdateOrderingEndpoint(t, consenterPartyToUpdate, nodeIP, newPort) - env := configutil.CreateConfigTX(t, dir, parties[0:4], 1, configUpdatePbData) + env := configutil.CreateConfigTX(t, dir, parties[0:4], int(parties[0]), configUpdatePbData) configReq := &protos.Request{ Payload: env.Payload, Signature: env.Signature, diff --git a/test/basic/router_basic_test.go b/test/basic/router_basic_test.go index 4bd7d17c3..6f19fdadf 100644 --- a/test/basic/router_basic_test.go +++ b/test/basic/router_basic_test.go @@ -11,6 +11,7 @@ import ( "fmt" "math" "os" + "path" "path/filepath" "regexp" "testing" @@ -285,7 +286,7 @@ func TestMTLSFromClientNotSpecifiedInLocalConfig(t *testing.T) { require.NoError(t, err) require.NotNil(t, uc) - // 6. Send transactions to the routers. + // Send transactions to the routers. totalTxNumber := 10 // rate limiter parameters fillInterval := 10 * time.Millisecond @@ -314,14 +315,10 @@ func TestMTLSFromClientNotSpecifiedInLocalConfig(t *testing.T) { require.NoError(t, err) } - parties := []types.PartyID{1} - for partyID := range numOfParties { - parties = append(parties, types.PartyID(partyID+1)) - } pullRequestSigner := signutil.CreateTestSigner(t, "org1", dir) test_utils.PullFromAssemblers(t, &test_utils.BlockPullerOptions{ UserConfig: uc, - Parties: parties, + Parties: []types.PartyID{types.PartyID(1)}, StartBlock: 0, EndBlock: math.MaxUint64, Transactions: totalTxNumber, @@ -351,8 +348,98 @@ func TestMTLSFromClientNotSpecifiedInLocalConfig(t *testing.T) { // Attempt to pull blocks from assemblers and expect failure due to mTLS verification. test_utils.PullFromAssemblers(t, &test_utils.BlockPullerOptions{ UserConfig: uc, - Parties: parties, + Parties: []types.PartyID{types.PartyID(1)}, ErrString: "failed to create a gRPC client connection to assembler: %d", Signer: pullRequestSigner, }) } + +// TestMTLSFromApplicationClient tests that a router and assembler configured to use mTLS correctly accepts transactions +// and delivery requests from a client whose certificate is specified in application local configuration. +func TestMTLSFromApplicationClient(t *testing.T) { + // compile arma + armaBinaryPath, err := gexec.BuildWithEnvironment("github.com/hyperledger/fabric-x-orderer/cmd/arma", []string{"GOPRIVATE=" + os.Getenv("GOPRIVATE")}) + t.Cleanup(func() { + gexec.CleanupBuildArtifacts() + }) + require.NoError(t, err) + require.NotNil(t, armaBinaryPath) + + // Number of parties in the test + numOfParties := 1 + numOfShards := 1 + + t.Logf("Running test with %d parties and %d shards", numOfParties, numOfShards) + + // create a temporary directory for the test. + dir, err := os.MkdirTemp("", t.Name()) + require.NoError(t, err) + t.Cleanup(func() { + os.RemoveAll(dir) + }) + + // create a config YAML file in the temporary directory. + configPath := filepath.Join(dir, "config.yaml") + netInfo := testutil.CreateNetwork(t, configPath, numOfParties, numOfShards, "mTLS", "mTLS") + t.Cleanup(func() { + netInfo.CleanUp() + }) + + numOfArmaNodes := len(netInfo) + + // generate the config files in the temporary directory using the armageddon generate command. + armageddon.NewCLI().Run([]string{"generate", "--config", configPath, "--output", dir}) + + // run the arma nodes. + // NOTE: if one of the nodes is not started within 10 seconds, there is no point in continuing the test, so fail it + readyChan := make(chan string, numOfArmaNodes) + armaNetwork := testutil.RunArmaNodes(t, dir, armaBinaryPath, readyChan, netInfo) + t.Cleanup(func() { + armaNetwork.Stop() + }) + + testutil.WaitReady(t, readyChan, numOfArmaNodes, 10) + + f, err := os.Open(path.Join(dir, "config", "peer1", "user_config.yaml")) + require.NoError(t, err) + uc, err := armageddon.ReadUserConfig(&f) + require.NoError(t, err) + + // Send transactions to the routers. + totalTxNumber := 10 + // rate limiter parameters + fillInterval := 10 * time.Millisecond + fillFrequency := 1000 / int(fillInterval.Milliseconds()) + rate := 500 + + capacity := rate / fillFrequency + rl, err := armageddon.NewRateLimiter(rate, fillInterval, capacity) + require.NoError(t, err) + + broadcastClient := client.NewBroadcastTxClient(uc, 10*time.Second) + t.Cleanup(func() { + broadcastClient.Stop() + }) + + for i := range totalTxNumber { + status := rl.GetToken() + require.True(t, status, "failed to send tx %d", i+1) + txContent := tx.PrepareTxWithTimestamp(i, 64, []byte("sessionNumber")) + env := tx.CreateStructuredEnvelope(txContent) + err = broadcastClient.SendTx(env) + require.NoError(t, err) + } + + pullRequestSigner, err := signutil.CreateSignerForUser(filepath.Join(dir, "crypto", "peerOrganizations", "peer1")) + require.NoError(t, err) + test_utils.PullFromAssemblers(t, &test_utils.BlockPullerOptions{ + UserConfig: uc, + Parties: []types.PartyID{types.PartyID(1)}, + StartBlock: 0, + EndBlock: math.MaxUint64, + Transactions: totalTxNumber, + NeedVerification: true, + ErrString: "cancelled pull from assembler: %d", + Signer: pullRequestSigner, + }) +} diff --git a/testutil/configutil/config_update_utils.go b/testutil/configutil/config_update_utils.go index 00f7acee5..5cd5d63ff 100644 --- a/testutil/configutil/config_update_utils.go +++ b/testutil/configutil/config_update_utils.go @@ -527,7 +527,7 @@ func (c *ConfigUpdateBuilder) UpdatePartyTLSCACerts(t *testing.T, partyID types. org := fmt.Sprintf("org%d", partyID) overwriteNestedJSONValue(t, c.configData, tlsCACerts, "channel_group", "groups", "Orderer", "groups", org, "values", "MSP", "value", "config", "tls_root_certs") - overwriteNestedJSONValue(t, c.configData, tlsCACerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "tls_root_certs") + // overwriteNestedJSONValue(t, c.configData, tlsCACerts, "channel_group", "groups", "Application", "groups", "peer1", "values", "MSP", "value", "config", "tls_root_certs") return c.createConfigUpdate(t, c.configData) } @@ -556,11 +556,11 @@ func (c *ConfigUpdateBuilder) AppendPartyTLSCACerts(t *testing.T, partyID types. } overwriteNestedJSONValue(t, c.configData, ordererCerts, "channel_group", "groups", "Orderer", "groups", org, "values", "MSP", "value", "config", "tls_root_certs") - applicationCerts := getNestedJSONValue(t, c.configData, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "tls_root_certs").([]any) - for _, cert := range tlsCACerts { - applicationCerts = append(applicationCerts, cert) - } - overwriteNestedJSONValue(t, c.configData, applicationCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "tls_root_certs") + // applicationCerts := getNestedJSONValue(t, c.configData, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "tls_root_certs").([]any) + // for _, cert := range tlsCACerts { + // applicationCerts = append(applicationCerts, cert) + // } + // overwriteNestedJSONValue(t, c.configData, applicationCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "tls_root_certs") return c.createConfigUpdate(t, c.configData) } @@ -583,7 +583,7 @@ func (c *ConfigUpdateBuilder) UpdatePartyCACerts(t *testing.T, partyID types.Par org := fmt.Sprintf("org%d", partyID) overwriteNestedJSONValue(t, c.configData, caCerts, "channel_group", "groups", "Orderer", "groups", org, "values", "MSP", "value", "config", "root_certs") - overwriteNestedJSONValue(t, c.configData, caCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "root_certs") + // overwriteNestedJSONValue(t, c.configData, caCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "root_certs") return c.createConfigUpdate(t, c.configData) } @@ -611,11 +611,11 @@ func (c *ConfigUpdateBuilder) AppendPartyCACerts(t *testing.T, partyID types.Par } overwriteNestedJSONValue(t, c.configData, ordererCerts, "channel_group", "groups", "Orderer", "groups", org, "values", "MSP", "value", "config", "root_certs") - applicationCerts := getNestedJSONValue(t, c.configData, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "root_certs").([]any) - for _, cert := range caCerts { - applicationCerts = append(applicationCerts, cert) - } - overwriteNestedJSONValue(t, c.configData, applicationCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "root_certs") + // applicationCerts := getNestedJSONValue(t, c.configData, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "root_certs").([]any) + // for _, cert := range caCerts { + // applicationCerts = append(applicationCerts, cert) + // } + // overwriteNestedJSONValue(t, c.configData, applicationCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "root_certs") return c.createConfigUpdate(t, c.configData) } @@ -658,7 +658,7 @@ func (c *ConfigUpdateBuilder) AppendMSPRootCerts(t *testing.T, partyID types.Par func (c *ConfigUpdateBuilder) UpdateMSPAdminCerts(t *testing.T, partyID types.PartyID, adminCerts [][]byte) []byte { org := fmt.Sprintf("org%d", partyID) overwriteNestedJSONValue(t, c.configData, adminCerts, "channel_group", "groups", "Orderer", "groups", org, "values", "MSP", "value", "config", "admins") - overwriteNestedJSONValue(t, c.configData, adminCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "admins") + // overwriteNestedJSONValue(t, c.configData, adminCerts, "channel_group", "groups", "Application", "groups", org, "values", "MSP", "value", "config", "admins") return c.createConfigUpdate(t, c.configData) } diff --git a/testutil/signutil/signer.go b/testutil/signutil/signer.go index 8a60d4919..09e5b3c26 100644 --- a/testutil/signutil/signer.go +++ b/testutil/signutil/signer.go @@ -94,10 +94,10 @@ func CreateSignerForUser(userMspDir string) (identity.SignerSerializer, error) { } func getMspIDfromDir(mspDir string) (string, error) { - re := regexp.MustCompile(`/ordererOrganizations/([^/]+)/`) + re := regexp.MustCompile(`/(orderer|peer)Organizations/([^/]+)(/|$)`) matches := re.FindStringSubmatch(mspDir) - if matches == nil || len(matches) > 2 { + if len(matches) < 4 { return "", fmt.Errorf("failed to extract mspID from path: %s", mspDir) } - return matches[1], nil + return matches[2], nil } diff --git a/testutil/utils.go b/testutil/utils.go index 8d35cedf0..2344784cc 100644 --- a/testutil/utils.go +++ b/testutil/utils.go @@ -168,6 +168,7 @@ func CreateNetworkWithPortAllocator(t *testing.T, configPath string, numOfPartie UseTLSRouter: useTLSRouter, UseTLSAssembler: useTLSAssembler, MaxPartyID: maxPartyID, + Peers: []string{"peer1"}, } err := utils.WriteToYAML(network, configPath)