From 7cb4d812f0fd8f01c3f3f65b44c1102642d23b21 Mon Sep 17 00:00:00 2001
From: Saad Karim <skarim@us.ibm.com>
Date: Thu, 13 Sep 2018 12:07:16 -0400
Subject: [PATCH] [FABC-709] Fix error message for LDAP converter

Durning enrollment for an identity LDAP, the incorrect
error message was shown as to the reason for failure.

Fixed this so that if an incorrect value is specified for
an LDAP converter, the appropriate error is returned.

Change-Id: Ic67d3b055402429e5614972f8d81c35d51bfb061
Signed-off-by: Saad Karim <skarim@us.ibm.com>
---
 lib/serverrequestcontext.go |  5 ++++-
 scripts/fvt/fabric-ca_utils | 31 ++++++++++++++++++++++---------
 scripts/fvt/ldap_test.sh    |  6 ++++++
 3 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/lib/serverrequestcontext.go b/lib/serverrequestcontext.go
index a4379b5e3..de5eb9e00 100644
--- a/lib/serverrequestcontext.go
+++ b/lib/serverrequestcontext.go
@@ -278,7 +278,10 @@ func (ctx *serverRequestContextImpl) GetAttrExtension(attrReqs []*api.AttributeR
 	if err != nil {
 		return nil, err
 	}
-	allAttrs, _ := ui.GetAttributes(nil)
+	allAttrs, err := ui.GetAttributes(nil)
+	if err != nil {
+		return nil, err
+	}
 	if attrReqs == nil {
 		attrReqs = getDefaultAttrReqs(allAttrs)
 		if attrReqs == nil {
diff --git a/scripts/fvt/fabric-ca_utils b/scripts/fvt/fabric-ca_utils
index b642b843a..19657fbb5 100755
--- a/scripts/fvt/fabric-ca_utils
+++ b/scripts/fvt/fabric-ca_utils
@@ -535,6 +535,7 @@ function genRunconfig() {
    : ${FABRIC_TLS:='false'}
    : ${FABRIC_CA_DEBUG:='false'}
    local registry=""
+   local converters=""
    setTLS
 
    case ${version:-"yaml"} in
@@ -858,6 +859,26 @@ done)
       maxEnrollments: $maxEnroll
       attrs: []"
 fi
+
+converters='
+    converters:
+      - name: hf.GenCRL
+        value: attr("memberOf") =~ "cn=Gencrl,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
+      - name: hf.Revoker
+        value: attr("memberOf") =~ "cn=Revoker,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
+      - name: hf.IntermediateCA
+        value: attr("memberOf") =~ "cn=Ca,ou=groups,dc=example,dc=com"
+      - name: hf.Registrar.Roles
+        value: map(attr("memberOf"),"roles")'
+
+if [ "$LDAP_ERROR" == "true" ]; then converters='
+    converters:
+      - name: hf.GenCRL
+        value: attr("memberOf") =~ "cn=Gencrl,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
+      - name: hf.Type
+        value: client'
+fi
+
 cat > $runconfig <<EOF
 address: $CA_HOST_ADDRESS
 port: $CA_DEFAULT_PORT
@@ -902,15 +923,7 @@ ldap:
              "uidNumber",
              "memberOf"
            ]
-    converters:
-      - name: hf.GenCRL
-        value: attr("memberOf") =~ "cn=Gencrl,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
-      - name: hf.Revoker 
-        value: attr("memberOf") =~ "cn=Revoker,ou=groups,dc=example,dc=com" || attr("memberOf") =~ "cn=pkiAdmin,ou=groups,dc=example,dc=com"
-      - name: hf.IntermediateCA
-        value: attr("memberOf") =~ "cn=Ca,ou=groups,dc=example,dc=com"
-      - name: hf.Registrar.Roles
-        value: map(attr("memberOf"),"roles")
+    $converters
     maps:
       ROLES:
          - name: cn=Client,ou=groups,dc=example,dc=com
diff --git a/scripts/fvt/ldap_test.sh b/scripts/fvt/ldap_test.sh
index 139a091f5..4c451b9e0 100755
--- a/scripts/fvt/ldap_test.sh
+++ b/scripts/fvt/ldap_test.sh
@@ -130,5 +130,11 @@ echo "User 'notadmin' is attempting to generate a crl ... "
 $FABRIC_CA_CLIENTEXEC gencrl -u $URI -H $UDIR/notadmin $TLSOPT 2>&1| grep 'Authorization failure'
 test "$?" -eq 0 || ErrorMsg "User 'notadmin' should not generate a crl"
 
+export LDAP_ERROR=true
+$SCRIPTDIR/fabric-ca_setup.sh -R
+$SCRIPTDIR/fabric-ca_setup.sh -I -a -D -X -S -n1
+CA_CFG_PATH=$UDIR enroll testUser testUserpw uid,hf.Revoker 2>&1 | grep "Failed to evaluate LDAP expression"
+test "$?" -eq 0 || ErrorMsg "Enroll should fail, incorrect LDAP converter specified"
+
 CleanUp $RC
 exit $RC