Skip to content

Commit

Permalink
[FAB-9175] update fabric-ca-client IdentityService
Browse files Browse the repository at this point in the history
update fabric-ca-client IdentityService to setup caName for
getOne() and getAll() method

Change-Id: Iab9ad02af8b9431bf974401008119f45f9224de9
Signed-off-by: zhaochy <[email protected]>
  • Loading branch information
zhaochy1990 committed Mar 27, 2018
1 parent 763dc5d commit 1223f39
Show file tree
Hide file tree
Showing 2 changed files with 108 additions and 56 deletions.
12 changes: 8 additions & 4 deletions fabric-ca-client/lib/IdentityService.js
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ class IdentityService {
throw new Error('Can not get signingIdentity from registrar');
}

const url = 'identities/' + enrollmentID;
const url = 'identities/' + enrollmentID + '?ca='+this.client._caName;;
return this.client.get(url, signingIdentity);
}

Expand All @@ -190,17 +190,18 @@ class IdentityService {
throw new Error('Can not get signingIdentity from registrar');
}

return this.client.get('identities', signingIdentity);
return this.client.get('identities?ca=' + this.client._caName, signingIdentity);
}

/**
* Delete an existing identity. The caller must have `hf.Registrar` authority.
*
* @param {string} enrollmentID
* @param {User} registrar
* @param {boolean} force - Optional. With force, some identity can delete itself
* @return {Promise} {@link ServiceResponse}
*/
delete(enrollmentID, registrar) {
delete(enrollmentID, registrar, force) {
if (!enrollmentID || typeof enrollmentID !== 'string') {
throw new Error('Missing required argument "enrollmentID", or argument "enrollmentID" is not a valid string');
}
Expand All @@ -211,7 +212,10 @@ class IdentityService {
throw new Error('Can not get signingIdentity from registrar');
}

const url = 'identities/' + enrollmentID;
let url = 'identities/' + enrollmentID;
if (force === true) {
url = url + '?force=true';
}
return this.client.delete(url, signingIdentity);
}

Expand Down
152 changes: 100 additions & 52 deletions test/integration/fabric-ca-identity-service-tests.js
Original file line number Diff line number Diff line change
Expand Up @@ -6,86 +6,134 @@ let _test = require('tape-promise');
let test = _test(tape);
const path = require('path');
let FabricCAServices = require('../../fabric-ca-client');
const HFCAIdentityAttributes = require('../../fabric-ca-client/lib/IdentityService').HFCAIdentityAttributes;
const User = require('../../fabric-ca-client/lib/User');

let userOrg = 'org1';
let userOrg1 = 'org1';
let userOrg2 = 'org2';
let tlsOptions = {
trustedRoots: [],
verify: false
};

let ORGS;

test('\n\n ** FabricCAServices - IdentityService Test **\n\n', (t) => {
test('\n\n ** FabricCAServices - IdentityService Test **\n\n', async (t) => {

FabricCAServices.addConfigFile(path.join(__dirname, 'e2e', 'config.json'));
ORGS = FabricCAServices.getConfigSetting('test-network');

let fabricCAEndpoint = ORGS[userOrg].ca.url;
const fabricCAEndpoint1 = ORGS[userOrg1].ca.url;
const fabricCAEndpoint2 = ORGS[userOrg2].ca.url;

FabricCAServices.getConfigSetting('crypto-keysize', '256'); //force for gulp test
FabricCAServices.setConfigSetting('crypto-hash-algo', 'SHA2'); //force for gulp test

let caService = new FabricCAServices(fabricCAEndpoint, tlsOptions, ORGS[userOrg].ca.name);
let caService1 = new FabricCAServices(fabricCAEndpoint1, tlsOptions, ORGS[userOrg1].ca.name);
let caService2 = new FabricCAServices(fabricCAEndpoint2, tlsOptions, ORGS[userOrg2].ca.name);

let bootstrapUser = {
enrollmentID: 'admin',
enrollmentSecret: 'adminpw'
};

let admin;
let admin1;
let admin2;
let testIdentity = {
enrollmentID: 'user_' + Math.random().toFixed(2).toString(),
enrollmentID: 'user_' + Math.random().toFixed(3).toString(),
enrollmentSecret: 'userpw',
affiliation: 'org1'
affiliation: 'org1',
// set this identity can manage identities of the role client
attrs: [{ name: HFCAIdentityAttributes.HFREGISTRARROLES, value: 'client' }]
};

// update the enrollment secret for testIdentity
let update = {
affiliation: 'org2',
enrollmentSecret: 'mysecret'
};
let hfcaIdentityService;

caService.enroll(bootstrapUser)
.then((enrollment) => {
t.pass('Successfully enrolled \'' + bootstrapUser.enrollmentID + '\'.');
admin = new User('admin');
return admin.setEnrollment(enrollment.key, enrollment.certificate, 'Org1MSP');
}).then(() => {
t.pass('Successfully set enrollment for user admin');
hfcaIdentityService = caService.newIdentityService();

// create a new Identity with admin
return hfcaIdentityService.create(testIdentity, admin);
}).then((resp) => {
t.equal(resp, testIdentity.enrollmentSecret);
t.pass('Successfully created new Identity ' + testIdentity.enrollmentID);

// get this Identity
return hfcaIdentityService.getOne(testIdentity.enrollmentID, admin);
}).then((resp) => {
t.pass('Successfully get indentity ' + testIdentity.enrollmentID);
t.equal(resp.success, true);
t.equal(resp.result.id, testIdentity.enrollmentID);
t.equal(resp.result.affiliation, testIdentity.affiliation);

return hfcaIdentityService.update(testIdentity.enrollmentID, update, admin);
}).then((resp) => {
t.equal(resp.result.secret, update.enrollmentSecret);
t.equal(resp.result.affiliation, update.affiliation);
t.pass('Successfully updated indentity ' + testIdentity.enrollmentID);

return hfcaIdentityService.getAll(admin);
}).then((resp)=>{
t.equal(resp.success, true);
// should be two identities, 'admin' and the new created user
t.equal(resp.result.identities.length, 2);

return hfcaIdentityService.delete(testIdentity.enrollmentID, admin);
}).then((resp)=>{
t.pass('Successfully deleted identity ' + testIdentity.enrollmentID);
t.end();
}).catch((e) => {
t.fail(e.message);
let hfcaIdentityService1;
let hfcaIdentityService2;

try {
const enrollment1 = await caService1.enroll(bootstrapUser);
t.pass('Successfully enrolled admin at ca_Org1');

const enrollment2 = await caService2.enroll(bootstrapUser);
t.pass('Successfully enrolled admin at ca_Org2');

admin1 = new User('admin');
await admin1.setEnrollment(enrollment1.key, enrollment1.certificate, 'Org1MSP');
t.pass('Successfully set enrollment for user admin1');

admin2 = new User('admin2');
await admin2.setEnrollment(enrollment2.key, enrollment2.certificate, 'Org2MSP');
t.pass('Successfully set enrollment for user admin2');

hfcaIdentityService1 = caService1.newIdentityService();
hfcaIdentityService2 = caService2.newIdentityService();

// create a new Identity with admin1
let resp = await hfcaIdentityService1.create(testIdentity, admin1);
t.equal(resp, testIdentity.enrollmentSecret);
t.pass('Successfully created new Identity %s by admin1', testIdentity.enrollmentID);

let enrollment;
let identity;
// enroll the new created user at ca_Org1
enrollment = await caService1.enroll({ enrollmentID: testIdentity.enrollmentID, enrollmentSecret: testIdentity.enrollmentSecret });
t.pass(`Successfully enrolled ${testIdentity.enrollmentID} at ca_Org1`);
identity = new User(testIdentity.enrollmentID);
await identity.setEnrollment(enrollment.key, enrollment.certificate, 'Org1MSP');

// should throw error if we enroll this new identity at ca_Org2
try {
enrollment = await caService2.enroll({ enrollmentID: testIdentity.enrollmentID, enrollmentSecret: testIdentity.enrollmentSecret });
t.fail('should throw error if we enroll this new identity at ca_Org2');
t.end();
});
} catch (e) {
t.equal(e.message.indexOf('"message":"Authorization failure"') >= 0, true);
t.pass('should throw error if we enroll this new identity at ca_Org2');
}

// get this Identity from ca_Org1 by identity
resp = await hfcaIdentityService1.getOne(testIdentity.enrollmentID, identity);
t.pass(`Successfully get indentity ${testIdentity.enrollmentID}`);
t.equal(resp.success, true);
t.equal(resp.result.id, testIdentity.enrollmentID);
t.equal(resp.result.affiliation, testIdentity.affiliation);

// get this Identity from ca_Org1 by admin1
resp = await hfcaIdentityService1.getOne(testIdentity.enrollmentID, admin1);
t.equal(resp.success, true);

// identity can only find itself
resp = await hfcaIdentityService1.getAll(identity);
t.equal(resp.success, true);
t.equal(resp.result.identities.length, 1);

// admin of ca1 can find two identities
resp = await hfcaIdentityService1.getAll(admin1);
t.equal(resp.success, true);
t.equal(resp.result.identities.length, 2);

// admin of ca2 can only find 1 identity
resp = await hfcaIdentityService2.getAll(admin2);
t.equal(resp.success, true);
t.equal(resp.result.identities.length, 1);

// update test identity with admin1
resp = await hfcaIdentityService1.update(identity._name, update, admin1);
t.equal(resp.result.secret, update.enrollmentSecret);
t.pass('Successfully updated indentity ' + identity._name);

// identity delete itself
resp = await hfcaIdentityService1.delete(identity._name, identity, true);
t.equal(resp.success, true);
t.equal(resp.result.id, identity._name);
t.pass('Successfully deleted identity ' + identity._name);
t.end();
} catch (e) {
t.fail(e);
t.end();
}
});

0 comments on commit 1223f39

Please sign in to comment.