From acd1d954886bb237655b617faa4f1d0db880b37f Mon Sep 17 00:00:00 2001 From: "nkl199@yahoo.co.uk" Date: Fri, 15 Feb 2019 16:36:02 +0000 Subject: [PATCH] [FABN-1140] move pkcs and edsca to mocha - new mocha unit tests replicating action of pkcs and key tape tests - delete replaced tape tests Change-Id: I6506dc5cffeb4e25b748f9c7c3d19f2ba418e9e8 Signed-off-by: nkl199@yahoo.co.uk --- fabric-client/lib/impl/ecdsa/key.js | 2 - fabric-client/test/impl/bccsp_pkcs11.js | 143 +++++++++ fabric-client/test/impl/ecdsa/key.js | 371 ++++++++++++++++++++++++ test/unit/cryptosuite-pkcs11.js | 261 ----------------- test/unit/ecdsa-key.js | 177 ----------- 5 files changed, 514 insertions(+), 440 deletions(-) create mode 100644 fabric-client/test/impl/bccsp_pkcs11.js create mode 100644 fabric-client/test/impl/ecdsa/key.js delete mode 100644 test/unit/cryptosuite-pkcs11.js delete mode 100644 test/unit/ecdsa-key.js diff --git a/fabric-client/lib/impl/ecdsa/key.js b/fabric-client/lib/impl/ecdsa/key.js index 6ac76550fe..d1d27ce072 100644 --- a/fabric-client/lib/impl/ecdsa/key.js +++ b/fabric-client/lib/impl/ecdsa/key.js @@ -148,8 +148,6 @@ module.exports = class ECDSA_KEY extends Key { } try { - // var before = Date.now() - 60000; - // var after = Date.now() + 60000; const certPEM = asn1.x509.X509Util.newCertPEM({ serial: {int: 4}, sigalg: {name: 'SHA256withECDSA'}, diff --git a/fabric-client/test/impl/bccsp_pkcs11.js b/fabric-client/test/impl/bccsp_pkcs11.js new file mode 100644 index 0000000000..926ad68ab0 --- /dev/null +++ b/fabric-client/test/impl/bccsp_pkcs11.js @@ -0,0 +1,143 @@ +/** + * Copyright 2019 IBM All Rights Reserved. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +'use strict'; + +const rewire = require('rewire'); +const PKCS11_Rewire = rewire('../../lib/impl/bccsp_pkcs11'); + +const chai = require('chai'); +chai.should(); +const sinon = require('sinon'); + +describe('CryptoSuite_PKCS11', () => { + + const sandbox = sinon.createSandbox(); + let utilsStub; + let configStub; + + beforeEach(() => { + configStub = sandbox.stub(); + configStub.withArgs('crypto-pkcs11-lib').returns('/temp'); + configStub.withArgs('crypto-pkcs11-slot').returns(2); + configStub.withArgs('crypto-pkcs11-usertype').returns(2); + configStub.withArgs('crypto-pkcs11-readwrite').returns('true'); + configStub.withArgs('crypto-pkcs11-pin').returns('pin'); + configStub.withArgs('crypto-hash-algo').returns('sha2'); + + utilsStub = { + getConfigSetting: configStub + }; + }); + + afterEach(() => { + sandbox.restore(); + }); + + describe('#constructor', () => { + it('should throw when no params are given', () => { + (() => { + new PKCS11_Rewire(); + }).should.throw(/keySize must be specified/); + }); + + it('should throw when unsupported bits key sizes are given', () => { + (() => { + new PKCS11_Rewire(222); + }).should.throw(/only 256 or 384 bits key sizes are supported/); + }); + + it('should throw when no library path is given', () => { + (() => { + new PKCS11_Rewire(256); + }).should.throw(/PKCS11 library path must be specified/); + }); + + it('should throw when no library path is given', () => { + (() => { + new PKCS11_Rewire(256); + }).should.throw(/PKCS11 library path must be specified/); + }); + + it('should throw if pkcs11 slot not given', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp'}); + }).should.throw(/PKCS11 slot must be specified/); + }); + + it('should throw if invalid [string] pkcs11 slot given', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp', slot: 'a'}); + }).should.throw(/PKCS11 slot number invalid/); + }); + + it('should throw if invalid [double] pkcs11 slot given', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp', slot: 2.2}); + }).should.throw(/PKCS11 slot number invalid/); + }); + + it('should throw if pkcs11 slot PIN not given', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp', slot: 2}); + }).should.throw(/PKCS11 PIN must be set/); + }); + + it('should throw if pkcs11 slot PIN is not a string', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp', slot: 2, pin: 7}); + }).should.throw(/PKCS11 PIN must be set/); + }); + + it('should throw if invalid usertype', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp', slot: 2, pin: 'pin', usertype: 'invalid'}); + }).should.throw(/usertype number invalid/); + }); + + it('should throw if invalid readwrite', () => { + (() => { + new PKCS11_Rewire(256, 'sha2', {lib: '/temp', slot: 2, pin: 'pin', usertype: 2, readwrite: 'not'}); + }).should.throw(/readwrite setting must be "true" or "false"/); + }); + + it('should retrieve crypto-pkcs11-lib from config setting if no opts specified', () => { + PKCS11_Rewire.__set__('utils', utilsStub); + PKCS11_Rewire.prototype._pkcs11OpenSession = sandbox.stub(); + new PKCS11_Rewire(256, 'sha2'); + sinon.assert.calledWith(configStub, 'crypto-pkcs11-lib'); + }); + + it('should retrieve crypto-pkcs11-slot from config setting if no opts specified', () => { + PKCS11_Rewire.__set__('utils', utilsStub); + PKCS11_Rewire.prototype._pkcs11OpenSession = sandbox.stub(); + new PKCS11_Rewire(256, 'sha2'); + sinon.assert.calledWith(configStub, 'crypto-pkcs11-slot'); + }); + + it('should retrieve crypto-pkcs11-usertype from config setting if no opts specified', () => { + PKCS11_Rewire.__set__('utils', utilsStub); + PKCS11_Rewire.prototype._pkcs11OpenSession = sandbox.stub(); + new PKCS11_Rewire(256, 'sha2'); + sinon.assert.calledWith(configStub, 'crypto-pkcs11-usertype'); + }); + + it('should retrieve crypto-pkcs11-readwrite from config setting if no opts specified', () => { + PKCS11_Rewire.__set__('utils', utilsStub); + PKCS11_Rewire.prototype._pkcs11OpenSession = sandbox.stub(); + new PKCS11_Rewire(256, 'sha2'); + sinon.assert.calledWith(configStub, 'crypto-pkcs11-readwrite'); + }); + + it('should retrieve crypto-hash-algo from config setting if not provided', () => { + PKCS11_Rewire.__set__('utils', utilsStub); + PKCS11_Rewire.prototype._pkcs11OpenSession = sandbox.stub(); + new PKCS11_Rewire(256); + sinon.assert.calledWith(configStub, 'crypto-hash-algo'); + }); + + }); +}); diff --git a/fabric-client/test/impl/ecdsa/key.js b/fabric-client/test/impl/ecdsa/key.js new file mode 100644 index 0000000000..2d9820cd05 --- /dev/null +++ b/fabric-client/test/impl/ecdsa/key.js @@ -0,0 +1,371 @@ +/** + * Copyright 2019 IBM All Rights Reserved. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +'use strict'; + +const rewire = require('rewire'); +const ECDSA_KEY_REWIRE = rewire('../../../lib/impl/ecdsa/key'); +const jsrsa = require('jsrsasign'); +const KEYUTIL = jsrsa.KEYUTIL; + +const chai = require('chai'); +chai.should(); +const sinon = require('sinon'); + +describe('ECDSA_KEY', () => { + + describe('constructor', () => { + + it('should throw when no params are given', () => { + (() => { + new ECDSA_KEY_REWIRE(); + }).should.throw(/The key parameter is required by this key class implementation, whether this instance is for the public key or private key/); + }); + + it('should throw when invalid param passed', () => { + (() => { + new ECDSA_KEY_REWIRE({}); + }).should.throw(/This key implementation only supports keys generated by jsrsasign.KEYUTIL. It must have a "type" property of value "EC"/); + }); + + it('should throw when invalid key type passed', () => { + (() => { + new ECDSA_KEY_REWIRE({type: 'RSA'}); + }).should.throw(/This key implementation only supports keys generated by jsrsasign.KEYUTIL. It must have a "type" property of value "EC"/); + }); + + it('should throw when parameter with missing pubKeyHex passed', () => { + (() => { + new ECDSA_KEY_REWIRE({type: 'EC', prvKeyHex: 'some key value'}); + }).should.throw(/This key implementation only supports keys generated by jsrsasign.KEYUTIL. It must have a "pubKeyHex" property/); + }); + + it('should set the passed key', () => { + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + }); + }); + + describe('#getSKI', () => { + + it('should generate SKI hash string for 256 curve keys', () => { + const key = new ECDSA_KEY_REWIRE(KEYUTIL.generateKeypair('EC', 'secp256r1').prvKeyObj); + key.getSKI().length.should.equal(64); + }); + + it('should generate SKI hash string for 384 curve keys', () => { + const key = new ECDSA_KEY_REWIRE(KEYUTIL.generateKeypair('EC', 'secp384r1').prvKeyObj); + key.getSKI().length.should.equal(64); + }); + + it('should generate SKI hash string for 256 curve public keys', () => { + const key = new ECDSA_KEY_REWIRE(KEYUTIL.generateKeypair('EC', 'secp256r1').pubKeyObj); + key.getSKI().length.should.equal(64); + }); + + it('should generate SKI hash string for 384 curve public keys', () => { + const key = new ECDSA_KEY_REWIRE(KEYUTIL.generateKeypair('EC', 'secp384r1').pubKeyObj); + key.getSKI().length.should.equal(64); + }); + }); + + describe('#isSymmetric', () => { + + const keyPair = KEYUTIL.generateKeypair('EC', 'secp256r1'); + + it('should return false', () => { + const key = new ECDSA_KEY_REWIRE(keyPair.prvKeyObj); + key.isSymmetric().should.equal(false); + }); + }); + + describe('#isPrivate', () => { + const keyPair = KEYUTIL.generateKeypair('EC', 'secp256r1'); + + it('should return true if prvKeyHex exists', () => { + const key = new ECDSA_KEY_REWIRE(keyPair.prvKeyObj); + key._key.prvKeyHex = true; + key.isPrivate().should.equal(true); + }); + + it('should return false if null prvKeyHex', () => { + const key = new ECDSA_KEY_REWIRE(keyPair.prvKeyObj); + key._key.prvKeyHex = null; + key.isPrivate().should.equal(false); + }); + }); + + describe('#getPublicKey', () => { + + it('should return direct if public', () => { + + }); + + it('should generate and return a new key if not public', () => { + + }); + }); + + describe('#generateCSR', () => { + + let revert; + afterEach(() => { + if (revert) { + revert(); + } + revert = null; + }); + + it('should throw when trying to generate if public', () => { + (() => { + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(false); + myKey.generateCSR('CN=publickey'); + }).should.throw(/A CSR cannot be generated from a public key/); + }); + + it('should rethrow internal errors', () => { + (() => { + const pemStub = sinon.stub().throws(new Error('MY_ERROR')); + const fakeAnsn1 = { + csr: { + CSRUtil: { + newCSRPEM: pemStub + } + }, + x509: { + X500Name: { + ldapToOneline: sinon.stub() + } + } + }; + + revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1); + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(true); + myKey.generateCSR('CN=publickey'); + }).should.throw(/MY_ERROR/); + }); + + it('should call into jsra lib if private', () => { + + const pemStub = sinon.stub().returns('your PEM sir'); + const fakeAnsn1 = { + csr: { + CSRUtil: { + newCSRPEM: pemStub + } + }, + x509: { + X500Name: { + ldapToOneline: sinon.stub() + } + } + }; + + revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1); + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(true); + const csr = myKey.generateCSR('CN=publickey'); + + csr.should.equal('your PEM sir'); + sinon.assert.calledOnce(pemStub); + }); + }); + + describe('#generateX509Certificate', () => { + + let revert; + afterEach(() => { + if (revert) { + revert(); + } + revert = null; + }); + + it('should throw when trying to generate if public', () => { + (() => { + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(false); + myKey.generateX509Certificate('CN=publickey'); + }).should.throw(/An X509 certificate cannot be generated from a public key/); + }); + + + it('should rethrow errors', () => { + (() => { + const pemStub = sinon.stub().throws(new Error('FORCED_ERROR')); + const fakeAnsn1 = { + csr: { + CSRUtil: { + newCSRPEM: pemStub + } + }, + x509: { + X500Name: { + ldapToOneline: sinon.stub() + }, + X509Util: { + newCertPEM: pemStub + } + } + }; + + revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1); + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(true); + myKey.generateX509Certificate('CN=publickey'); + }).should.throw(/FORCED_ERROR/); + }); + + it('should call into jsra lib if private', () => { + + const pemStub = sinon.stub().returns('your PEM sir'); + const fakeAnsn1 = { + csr: { + CSRUtil: { + newCSRPEM: pemStub + } + }, + x509: { + X500Name: { + ldapToOneline: sinon.stub() + }, + X509Util: { + newCertPEM: pemStub + } + } + }; + + revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1); + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(true); + const csr = myKey.generateX509Certificate('CN=publickey'); + + csr.should.equal('your PEM sir'); + sinon.assert.calledOnce(pemStub); + }); + + it('should set CN to self if no commonName passed', () => { + const pemStub = sinon.stub().returns('your PEM sir'); + const fakeAnsn1 = { + csr: { + CSRUtil: { + newCSRPEM: pemStub + } + }, + x509: { + X500Name: { + ldapToOneline: sinon.stub() + }, + X509Util: { + newCertPEM: pemStub + } + } + }; + + revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1); + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(true); + const csr = myKey.generateX509Certificate(); + + csr.should.equal('your PEM sir'); + sinon.assert.calledOnce(pemStub); + const call = pemStub.getCall(0).args[0]; + call.issuer.str.should.equal('/CN=self'); + call.subject.str.should.equal('/CN=self'); + call.sigalg.name.should.equal('SHA256withECDSA'); + }); + + it('should set CN if passed', () => { + const pemStub = sinon.stub().returns('your PEM sir'); + const fakeAnsn1 = { + csr: { + CSRUtil: { + newCSRPEM: pemStub + } + }, + x509: { + X500Name: { + ldapToOneline: sinon.stub() + }, + X509Util: { + newCertPEM: pemStub + } + } + }; + + revert = ECDSA_KEY_REWIRE.__set__('asn1', fakeAnsn1); + const fakeKey = {type: 'EC', prvKeyHex: 'privateKey', pubKeyHex: 'publicKey'}; + const myKey = new ECDSA_KEY_REWIRE(fakeKey); + myKey._key.should.deep.equal(fakeKey); + myKey.isPrivate = sinon.stub().returns(true); + const csr = myKey.generateX509Certificate('penguin'); + + csr.should.equal('your PEM sir'); + sinon.assert.calledOnce(pemStub); + const call = pemStub.getCall(0).args[0]; + call.issuer.str.should.equal('/CN=penguin'); + call.subject.str.should.equal('/CN=penguin'); + call.sigalg.name.should.equal('SHA256withECDSA'); + }); + }); + + describe('#toBytes', () => { + + const keyPair = KEYUTIL.generateKeypair('EC', 'secp256r1'); + + let revert; + let utilStub; + let pemStub; + beforeEach(() => { + pemStub = sinon.stub(); + utilStub = { + getPEM: pemStub + }; + revert = ECDSA_KEY_REWIRE.__set__('KEYUTIL', utilStub); + }); + + afterEach(() => { + revert(); + }); + + it('should call key util with key and base if private', () => { + const key = new ECDSA_KEY_REWIRE(keyPair.prvKeyObj); + key.isPrivate = sinon.stub().returns(true); + key.toBytes(); + const args = pemStub.getCall(0).args; + args.length.should.equal(2); + args[0].should.deep.equal(key._key); + args[1].should.equal('PKCS8PRV'); + }); + + it('should call key util with key if not private', () => { + const key = new ECDSA_KEY_REWIRE(keyPair.prvKeyObj); + key.isPrivate = sinon.stub().returns(false); + key.toBytes(); + const args = pemStub.getCall(0).args; + args.length.should.equal(1); + args[0].should.deep.equal(key._key); + }); + }); + +}); diff --git a/test/unit/cryptosuite-pkcs11.js b/test/unit/cryptosuite-pkcs11.js deleted file mode 100644 index ff426a1605..0000000000 --- a/test/unit/cryptosuite-pkcs11.js +++ /dev/null @@ -1,261 +0,0 @@ -/** - * Copyright 2018 IBM All Rights Reserved. - * - * SPDX-License-Identifier: Apache-2.0 - */ -'use strict'; - -const tape = require('tape'); -const _test = require('tape-promise').default; -const test = _test(tape); -const testutil = require('./util.js'); -const Client = require('fabric-client'); -const PKCS11 = require('fabric-client/lib/impl/bccsp_pkcs11.js'); - -test('\n\n** bccsp_pkcs11 tests **\n\n', (t) => { - testutil.resetDefaults(); - - t.throws( - () => { - new PKCS11(); - }, - /keySize must be specified/, - 'Checking: keySize must be specified' - ); - t.throws( - () => { - new PKCS11(222); - }, - /only 256 or 384 bits key sizes are supported/, - 'Checking: only 256 or 384 bits key sizes are supported' - ); - t.throws( - () => { - new PKCS11(256); - }, - /PKCS11 library path must be specified/, - 'Checking: PKCS11 key size is specified and valid' - ); - const opts = {lib: '/temp'}; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /PKCS11 slot must be specified/, - 'Checking: PKCS11 lib must be specified' - ); - opts.slot = 'a'; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /PKCS11 slot number invalid/, - 'Checking: PKCS11 slot number invalid:' + opts.slot - ); - opts.slot = 2.1; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /PKCS11 slot number invalid/, - 'Checking: PKCS11 slot number invalid:' + opts.slot - ); - opts.slot = 2; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /PKCS11 PIN must be set/, - 'Checking: PKCS11 slot must be set to a number' - ); - opts.pin = 7; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /PKCS11 PIN must be set/, - 'Checking: PKCS11 PIN must be set to a string' - ); - - // getting the missing file or image means the same thing to these tests - // that we have gotten a good respond to the parameter and the failure is - // after that check, so that parameter that is being tested is valid - const checkError = (error, msg) => { - const error_msg = error.toString(); - if (error_msg.indexOf('no suitable image found') > -1 || error_msg.indexOf('No such file or directory') > -1 || - error_msg.includes('image not found')) { - t.pass(msg); - } else { - t.fail(msg + ' failed with ::' + error_msg); - } - }; - - opts.pin = 'pin'; - let testing = 'Checking: for valid PIN'; - try { - new PKCS11(256, 'sha2', opts); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - opts.usertype = 'a'; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /usertype number invalid/, - 'Checking: for valid usertype' - ); - opts.usertype = 2; - testing = 'Checking: for valid usertype'; - try { - new PKCS11(256, 'sha2', opts); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - opts.readwrite = 'not'; - t.throws( - () => { - new PKCS11(256, 'sha2', opts); - }, - /readwrite setting must be "true" or "false"/, - 'Checking: for valid readwrite' - ); - opts.readwrite = false; - testing = 'Checking: for valid readwrite'; - try { - new PKCS11(256, 'sha2', opts); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - Client.setConfigSetting('crypto-pkcs11-lib', '/temp'); - t.throws( - () => { - new PKCS11(256, 'sha2'); - }, - /PKCS11 slot must be specified/, - 'Checking: PKCS11 lib must be specified' - ); - Client.setConfigSetting('crypto-pkcs11-slot', 2); - t.throws( - () => { - new PKCS11(256, 'sha2'); - }, - /PKCS11 PIN must be set/, - 'Checking: PKCS11 slot must be set to a number' - ); - Client.setConfigSetting('crypto-pkcs11-pin', 'PIN'); - testing = 'Checking: for valid PIN in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - Client.setConfigSetting('crypto-pkcs11-usertype', 'not'); - t.throws( - () => { - new PKCS11(256, 'sha2'); - }, - /usertype number invalid/, - 'Checking: for valid usertype' - ); - Client.setConfigSetting('crypto-pkcs11-usertype', 1.2); - t.throws( - () => { - new PKCS11(256, 'sha2'); - }, - /usertype number invalid/, - 'Checking: for valid usertype' - ); - Client.setConfigSetting('crypto-pkcs11-usertype', 2); - testing = 'Checking: for valid usertype in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - Client.setConfigSetting('crypto-pkcs11-usertype', '2'); - testing = 'Checking: for valid usertype in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - Client.setConfigSetting('crypto-pkcs11-readwrite', 99); - t.throws( - () => { - new PKCS11(256, 'sha2'); - }, - /readwrite setting must be a boolean value/, - 'Checking: for valid readwrite' - ); - Client.setConfigSetting('crypto-pkcs11-readwrite', 'not'); - t.throws( - () => { - new PKCS11(256, 'sha2'); - }, - /readwrite setting must be "true" or "false"/, - 'Checking: for valid readwrite' - ); - Client.setConfigSetting('crypto-pkcs11-readwrite', 'false'); - testing = 'Checking: for valid readwrite in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - Client.setConfigSetting('crypto-pkcs11-readwrite', 'true'); - testing = 'Checking: for valid readwrite in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - Client.setConfigSetting('crypto-pkcs11-readwrite', 'False'); - testing = 'Checking: for valid readwrite in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - Client.setConfigSetting('crypto-pkcs11-readwrite', 'True'); - testing = 'Checking: for valid readwrite in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - Client.setConfigSetting('crypto-pkcs11-readwrite', false); - testing = 'Checking: for valid readwrite in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - Client.setConfigSetting('crypto-pkcs11-readwrite', true); - testing = 'Checking: for valid readwrite in config'; - try { - new PKCS11(256, 'sha2'); - t.fail(testing); - } catch (error) { - checkError(error, testing); - } - - t.end(); -}); diff --git a/test/unit/ecdsa-key.js b/test/unit/ecdsa-key.js deleted file mode 100644 index ddc604c010..0000000000 --- a/test/unit/ecdsa-key.js +++ /dev/null @@ -1,177 +0,0 @@ -/** - * Copyright 2016-2017 IBM All Rights Reserved. - * - * SPDX-License-Identifier: Apache-2.0 - */ - -'use strict'; - -const tape = require('tape'); -const _test = require('tape-promise').default; -const test = _test(tape); - -const testutil = require('./util.js'); -const ecdsaKey = require('fabric-client/lib/impl/ecdsa/key.js'); - -const jsrsa = require('jsrsasign'); -const KEYUTIL = jsrsa.KEYUTIL; -const asn1 = jsrsa.asn1; -const X509 = require('@ampretia/x509'); - -test('\n\n ** ECDSA Key Impl tests **\n\n', (t) => { - testutil.resetDefaults(); - - t.throws( - () => { - new ecdsaKey(); - }, - /^Error: The key parameter is required by this key class implementation, whether this instance is for the public key or private key/, - 'ECDSA Impl test: catch missing key param' - ); - - t.throws( - () => { - new ecdsaKey('dummy private key'); - }, - /^Error: This key implementation only supports keys generated by jsrsasign.KEYUTIL. It must have a "type" property of value "EC"/, - 'ECDSA Impl test: catch missing key type of "EC"' - ); - - t.throws( - () => { - new ecdsaKey({type: 'RSA'}); - }, - /^Error: This key implementation only supports keys generated by jsrsasign.KEYUTIL. It must have a "type" property of value "EC"/, - 'ECDSA Impl test: catch invalid key type' - ); - - t.throws( - () => { - new ecdsaKey({type: 'EC', prvKeyHex: 'some key value'}); - }, - /^Error: This key implementation only supports keys generated by jsrsasign.KEYUTIL. It must have a "pubKeyHex" property/, - 'ECDSA Impl test: catch missing "pubKeyHex" property' - ); - - t.doesNotThrow( - () => { - new ecdsaKey({type: 'EC', prvKeyHex: null, pubKeyHex: 'some random value'}); - }, - 'ECDSA Impl test: test a valid key' - ); - - // test private keys - const pair1 = KEYUTIL.generateKeypair('EC', 'secp256r1'); - const key1 = new ecdsaKey(pair1.prvKeyObj); - t.equal(key1.getSKI().length, 64, 'Checking generated SKI hash string for 256 curve keys'); - - t.doesNotThrow( - () => { - key1.toBytes(); - }, - 'Checking that a private key instance allows toBytes()' - ); - - const pair2 = KEYUTIL.generateKeypair('EC', 'secp384r1'); - const key2 = new ecdsaKey(pair2.prvKeyObj); - t.equal(key2.getSKI().length, 64, 'Checking generated SKI hash string for 384 curve keys'); - - t.equal(key1.isSymmetric() || key2.isSymmetric(), false, 'Checking if key is symmetric'); - t.equal(key1.isPrivate() && key2.isPrivate(), true, 'Checking if key is private'); - - t.equal(key1.getPublicKey().isPrivate(), false, 'Checking isPrivate() logic'); - t.equal(key1.getPublicKey().toBytes().length, 182, 'Checking toBytes() output'); - - // test public keys - let key3 = new ecdsaKey(pair1.pubKeyObj); - t.equal(key3.getSKI().length, 64, 'Checking generated SKI hash string for 256 curve public key'); - - t.doesNotThrow( - () => { - key3.toBytes(); - }, - 'Checking to dump a public ECDSAKey object to bytes' - ); - - let key4 = new ecdsaKey(pair2.pubKeyObj); - t.equal(key4.getSKI().length, 64, 'Checking generated SKI hash string for 384 curve public key'); - - t.doesNotThrow( - () => { - key4.toBytes(); - }, - 'Checking to dump a public ECDSAKey object to bytes' - ); - - t.equal(!key3.isPrivate() && !key4.isPrivate(), true, 'Checking if both keys are public'); - t.equal(key3.getPublicKey().isPrivate(), false, 'Checking getPublicKey() logic'); - t.equal(key4.getPublicKey().toBytes().length, 220, 'Checking toBytes() output'); - - // test CSR generation - const pair3 = KEYUTIL.generateKeypair('EC', 'secp256r1'); - key3 = new ecdsaKey(pair3.prvKeyObj); - key4 = new ecdsaKey(pair3.pubKeyObj); - - t.throws( - () => { - key4.generateCSR('CN=publickey'); - }, - /A CSR cannot be generated from a public key/, - 'Checking that a CSR cannot be generated from a public key' - ); - let csrPEM; - // malformed subjectDN - try { - csrPEM = key3.generateCSR('###############'); - t.fail('Should not have generated a CSR with a malformed subject'); - } catch (err) { - t.pass('Checking that CSR is not generated for a malformed subject'); - } - - // valid CSR tests - let csrObject; - const subjectDN = 'CN=dummy'; - try { - csrPEM = key3.generateCSR(subjectDN); - csrObject = asn1.csr.CSRUtil.getInfo(csrPEM); - } catch (err) { - t.fail('Failed to generate a CSR: ' + err.stack ? err.stack : err); - } - - t.equal(asn1.x509.X500Name.onelineToLDAP(csrObject.subject.name), subjectDN, - 'Checking CSR subject matches subject from request'); - - t.equal(csrObject.pubkey.obj.pubKeyHex, key3.getPublicKey()._key.pubKeyHex, - 'Checking CSR public key matches requested public key'); - - // test X509 generation - let x509PEM; - let cert; - try { - x509PEM = key3.generateX509Certificate(); - cert = X509.parseCert(x509PEM); - t.comment(JSON.stringify(cert, '', 2)); - t.equal(cert.subject.commonName, 'self', 'Checking common name set to default'); - } catch (err) { - t.fail('Failed to generate an X509 Certificate: ' + err.stack ? err.stack : err); - } - - try { - x509PEM = key3.generateX509Certificate('testUser'); - cert = X509.parseCert(x509PEM); - t.comment(JSON.stringify(cert, '', 2)); - t.equal(cert.subject.commonName, 'testUser', 'Checking common name set to "testUser"'); - } catch (err) { - t.fail('Failed to generate an X509 Certificate: ' + err.stack ? err.stack : err); - } - - t.throws( - () => { - key3.getPublicKey().generateX509Certificate(); - }, - /An X509 certificate cannot be generated from a public key/, - 'Checking that an X509 cannot be generated from a public key' - ); - - t.end(); -});