[FAB-8451] Fix certificate close to expire

Addresses certificate in fabric-ca/testdata
that is about expire

Change-Id: I48136fa9371988021ccc4e6586efc11006454b8a
Signed-off-by: Saad Karim <[email protected]>

.gitignore

@@ -9,5 +9,6 @@ testdata/fabric*ca.db
 testdata/initFabricCaFvt.json
 testdata/openssl.cnf.base.this
 testdata/runFabricCaFvt.json
+testdata/ec_cert.pem
 fabric-ca
 vendor/github.com/cloudflare/cfssl/vendor/github.com/cloudflare/cfssl_trust/ca-bundle/http:*.crt

lib/ca_test.go

@@ -182,7 +182,9 @@ func testValidKeySize(cert *x509.Certificate, t *testing.T) {
 }
 
 func testValidMatchingKeys(cert *x509.Certificate, t *testing.T) {
-	cert, err := getCertFromFile(ecCert)
+	err := GenerateECDSATestCert()
+	util.FatalError(t, err, "Failed to generate certificate for testing")
+	cert, err = getCertFromFile(ecCert)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -742,6 +744,8 @@ func TestCAVerifyCertificate(t *testing.T) {
 		t.Error("VerifyCertificate should have failed")
 	}
 
+	err = GenerateECDSATestCert()
+	util.FatalError(t, err, "Failed to generate certificate for testing")
 	caCert1, err := ioutil.ReadFile("../testdata/ec_cert.pem")
 	caCert2 := append(caCert1, util.RandomString(128)...)
 	err = ioutil.WriteFile(filepath.Join(os.TempDir(), "ca-chainfile.pem"), caCert2, 0644)

lib/client_test.go

@@ -1385,6 +1385,8 @@ func TestRevokedIdentity(t *testing.T) {
 		t.Error("Sending post with bad TLS config should have failed")
 	}
 
+	err = GenerateECDSATestCert()
+	util.FatalError(t, err, "Failed to generate certificate for testing")
 	kc.CertFile = "../testdata/ec_cert.pem"
 	c.Config.TLS.Client = kc
 	req, _ = http.NewRequest("POST", curl, bytes.NewReader(reqBody))

lib/client_whitebox_test.go

@@ -520,6 +520,8 @@ func TestCWBCAConfig(t *testing.T) {
 	}
 
 	//Non error cases
+	err = GenerateECDSATestCert()
+	util.FatalError(t, err, "Failed to generate certificate for testing")
 	ca.Config.CA.Chainfile = "../testdata/ec.pem"
 	_, err = ca.getCAChain()
 	t.Logf("getCAChain err: %v", err)

lib/test-util.go

@@ -17,12 +17,20 @@ limitations under the License.
 package lib
 
 import (
+	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"math/big"
 	"os"
 	"path"
 	"strconv"
 	"testing"
+	"time"
 
 	"github.com/cloudflare/cfssl/config"
 )
@@ -155,3 +163,51 @@ func CopyFile(src, dst string) error {
 	}
 	return nil
 }
+
+// GenerateECDSATestCert generates EC based certificate for testing purposes
+func GenerateECDSATestCert() error {
+	template := &x509.Certificate{
+		IsCA: true,
+		BasicConstraintsValid: true,
+		SubjectKeyId:          []byte{1, 2, 3},
+		SerialNumber:          big.NewInt(1234),
+		Subject: pkix.Name{
+			Country:      []string{"US"},
+			Organization: []string{"IBM"},
+		},
+		NotBefore:   time.Now(),
+		NotAfter:    time.Now().AddDate(15, 0, 0),
+		ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:    x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+	}
+
+	privKey, err := ioutil.ReadFile("../testdata/ec_key.pem")
+	if err != nil {
+		return err
+	}
+
+	decoded, _ := pem.Decode(privKey)
+	if decoded == nil {
+		return errors.New("Failed to decode the PEM-encoded ECDSA key")
+	}
+	privateKey, err := x509.ParseECPrivateKey(decoded.Bytes)
+	if err != nil {
+		return err
+	}
+
+	publicKey := &privateKey.PublicKey
+
+	var parent = template
+	cert, err := x509.CreateCertificate(rand.Reader, template, parent, publicKey, privateKey)
+	if err != nil {
+		return err
+	}
+
+	certOut, err := os.Create("../testdata/ec_cert.pem")
+	if err != nil {
+		return err
+	}
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: cert})
+
+	return nil
+}