FAB-4454 Increase test coverage for sdk.security

. Increased test coverage for CryptoPrimitives
. Added new methods to TestUtils
. Minor changes to main code to facilitate unit tests
. Fixed minor issue with Config ExtraLogLevel
. Set ExtraLogLevel to 10 in cirun.sh to help ensure logger output is
covered

Change-Id: I75e507b41339cbaffe4ba21206153883ccb9f75d
Signed-off-by: Chris Murphy <chrism@fast.au.fujitsu.com>

Author: chrism28282828

src/main/java/org/hyperledger/fabric/sdk/helper/Config.java

@@ -287,7 +287,7 @@ public boolean extraLogLevel(int val) {
             extraLogLevel = Integer.parseInt(getProperty(EXTRALOGLEVEL));
         }
 
-        return val < extraLogLevel;
+        return val <= extraLogLevel;
 
     }
 }

src/main/java/org/hyperledger/fabric/sdk/security/CryptoPrimitives.java

@@ -249,10 +249,15 @@ public KeyStore getTrustStore() throws CryptoException {
      */
     public void addCACertificateToTrustStore(File caCertPem, String alias) throws CryptoException, InvalidArgumentException {
 
+        if (caCertPem == null) {
+            throw new InvalidArgumentException("The certificate cannot be null");
+        }
+
         if (alias == null || alias.isEmpty()) {
-            throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store.");
+            throw new InvalidArgumentException("You must assign an alias to a certificate when adding to the trust store");
         }
 
+
         BufferedInputStream bis;
         try {
 
@@ -304,9 +309,8 @@ public void loadCACertificates(Collection<Certificate> certificates) throws Cryp
                 addCACertificateToTrustStore(cert, Integer.toString(cert.hashCode()));
             }
         } catch (InvalidArgumentException e) {
-            String emsg = "Unable to add certificate to trust store. Error: " + e.getMessage();
-            logger.error(emsg, e);
-            throw new CryptoException(emsg, e);
+            // Note: This can currently never happen (as cert<>null and alias<>null)
+            throw new CryptoException("Unable to add certificate to trust store. Error: " + e.getMessage(), e);
         }
     }
 
@@ -361,9 +365,6 @@ boolean validateCertificate(Certificate cert) {
 
         try {
             KeyStore keyStore = getTrustStore();
-            if (keyStore == null) {
-                throw new CryptoException("Crypto does not have a trust store. No certificate can be validated", null);
-            }
 
             PKIXParameters parms = new PKIXParameters(keyStore);
             parms.setRevocationEnabled(false);
@@ -708,11 +709,10 @@ public void init() throws CryptoException, InvalidArgumentException {
     private Digest getHashDigest() {
         if (this.hashAlgorithm.equalsIgnoreCase("SHA3")) {
             return new SHA3Digest();
-        } else if (this.hashAlgorithm.equalsIgnoreCase("SHA2")) {
+        } else {
+            // Default to SHA2
             return new SHA256Digest();
         }
-
-        return new SHA256Digest(); // default Digest?
     }
 
 //    /**
@@ -795,15 +795,17 @@ public Properties getProperties() {
 
     public byte[] certificateToDER(String certificatePEM) {
 
+        byte[] content = null;
+
         try (PemReader pemReader = new PemReader(new StringReader(certificatePEM))) {
             final PemObject pemObject = pemReader.readPemObject();
-            return pemObject.getContent();
+            content = pemObject.getContent();
 
         } catch (IOException e) {
             // best attempt
         }
-        return null;
 
+        return content;
     }
 
 }

src/test/cirun.sh

@@ -15,6 +15,7 @@ export ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CA_TLS=--tls.enabled
 
 export ORG_HYPERLEDGER_FABRIC_SDK_LOGLEVEL=TRACE
 export ORG_HYPERLEDGER_FABRIC_CA_SDK_LOGLEVEL=TRACE
+export ORG_HYPERLEDGER_FABRIC_SDK_LOG_EXTRALOGLEVEL=10
 
 cd $WD/src/test/fixture/sdkintegration
 ./fabric.sh restart >dockerlogfile.log 2>&1 &

src/test/java/org/hyperledger/fabric/sdk/security/CryptoPrimitivesTest.java

@@ -20,6 +20,9 @@
 import java.io.FileInputStream;
 import java.io.FileReader;
 import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.KeyStore;
@@ -44,14 +47,19 @@
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.util.encoders.Hex;
 import org.hyperledger.fabric.sdk.exception.CryptoException;
 import org.hyperledger.fabric.sdk.exception.InvalidArgumentException;
 import org.hyperledger.fabric.sdk.helper.Config;
+import org.hyperledger.fabric.sdk.testutils.TestUtils;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
+import org.junit.Rule;
 import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.junit.rules.TemporaryFolder;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.assertEquals;
@@ -64,6 +72,15 @@
 
 public class CryptoPrimitivesTest {
 
+    @Rule
+    public ExpectedException thrown = ExpectedException.none();
+
+    // Create a temp folder to hold temp files for various file I/O operations
+    // These are automatically deleted when each test completes
+    @Rule
+    public final TemporaryFolder tempFolder = new TemporaryFolder();
+
+
     // run End2EndIT test and copy from first peer ProposalResponse ( fabric at
     // commit level 230f3cc )
     public static final String PLAIN_TEXT_HEX = "0A205E87B04D3B137E4F2BD2B7E435C96D86E62F3DA5147863A2051F39803AB519BD12E60F0AE30F02046C636363010D6578616D706C655F63632E676F00010D6578616D706C655F63632E676F009D0F0A0D6578616D706C655F63632E676F1201301A880F0A2B0801120F120D6578616D706C655F63632E676F1A160A04696E69740A01610A033130300A01620A03323030120708B2B4FFAF9D2B1ACF0E1F8B08000000000000FFED586D73DA4610CE57F42BB69A26869420C0A49E71EB0F603B2D93165C709A64624FE610075C2D24727702D34EFE7B77EF2410183B4E4CD2990E3B9380B8BBBD67DF9E5DF924F2AFB81C88803FFA6A52AE94CB3FD66A50B6B2FE59AE1E54A0B25FAE552BFBD5F2F30328572ACF0F6A8FA0FCF5202D25569AC947E507DFB56EDC16A07D0B79D169FF0EA3F984CB80F7875C7A03D693C27FE6FB3C9C3A8072DC3E7B0B25F8FE97F659FDFC574F49DFEBC522E83FF3474C847ED4E79ED9F7BADD7979D2ECA41BCD6F9D572D18462042747210C0DA3980274F603C5DA8EE89705DF5CA1ABF66E349C0DFFB7E6918FDD78EFB9FC8B7F0E9DDF55FA9D69E574DFD570EF66BCF0FF6B1FEABD5DAC1AEFEBF85784F9DE36832976238D2D06CFC0EC7919C94A05AAEFC08752CD90E2D28E870C5E594F74B8EF39B406A50BC0F71D8E712F488437DC27CFC48568AF027974A4421544B65C8D3063759720B3F39F32886319B4318698815470542013520E0D73E9F68640BF0234C4AC1429FC34CE891B924515172DE260AA29E46960086BB27F834C8EE02A61D27978391D69343CF9BCD66256640962239F402BB4979BF358F4F5BDDD36708D4715E8501570A24FF100B89F6F5E6C02608C3673D0417B0194412D850725CD3446A3093428B705804150DF48C49EEF485D252F462BDE29F14141A9ADD801E6221B8F52E34BB2E34EADD66B7E8BC6E9EFFDA7E750EAFEB9D4EBD75DE3CED42BB8324DC3A699E37DB2D7C7A01F5D65B78D96C9D1481A377F0127E3D91841D010AF21C05AACBF9CAE583C8825113EE8B81F0D1A27018B32147869E7219A221806D602C14C54E21B4BE1388B1D04C9BE71BE6949CA79EE3A057AF48C91863E1380E5E1F490D7927E7722923A95CFC36186BFA40CBFD289CBA18197788C0E35E0903EDDDEC3E9E1F49EE2DFB8B1A89B1EB141CC7F3A04B06F2E3458348080C94F91D960BE679CC438BDFD178CB8DC38828F635FCE37C749C411CFA98ADF0746D53019AA1D079A5E31E1090D262A58B3F35438DE313F3715BFEDD656FAE31FD8DE105D49A7B5F0426870A0E8F80CE977EE1FA055E4380EA61FF8C4936E6785EE50B4E6ECA24D48BD02050140B1434F734D498635C25EB5316E016FC1FD34FD37A5D29AE6114057D3C93ECC2FB2D0674B41840C0C33CA128C0774750235839C9752C43084590A055A5169FE5DD26DA2525479784F1B887E1C6AAC2A331B95195E0F41A7387321E6A2E2246A7E51002B947B040FC6DF36D11362757872363FFBBF2253E18EC848D9C6132A154D79130D8DE552E0B062CAD234C447627D02512F403C7CC01D41EDB24675997589CB9468AA48A481A7722D9FFBA48B0164A6718603DC8BBE412C4F0B89FC494BE5E846E3113E782F5F16B641AEB5E6C57F42D320FB66A9C5C6A0BA6D859ACBBB4258FB96413329FDAD8D411CB93EA42E13E26DA006F52DDD8ACBAF199AAB33FE27F7717E11F3197F32FABC25B63F72ABC0AA359082A9E106B2125FB38A662A03E1AAA39972C54CC542BD2DB15573061732A052A8B374888023BE3404663A853401A7752C834BAE25F067F9030C667708909417A8EE2E00A03C0BD973B1607136F9860AD10C9CF50DD0E8F308D5A99D250CDDC9350061C21EE3E0FD02A8B1B4372621EA9390127669C5BFF53204C612C31E9923D6A7C6E5DB7F9860F94588B0BE849AC5C7043EF87452666D4AE6B1D634FFD22D474F086F24F458C250982038E7F65986120247A35F57911C638E7428FE3CCC129187BD6397B45D833E6E017E4AB3DBA7CCFE6FFEDB9BC4078572627C9FAEED276B38D898D9E4961A1676C866EB30FBE318B0B59AB6843D3DFAE61169765358882209AD909B30A21D6AD99B6A06231A595B0E89E95CBD506663C87E59FE907269FB21D818C6D9FB40F717EA6176F8ED07DD336466C8AEEA6E338DE1B3A37654E4BE959F22EC54AD92699219CA4B37C56837CC170B63713F310211BB8EEA264165751D17CB2D5DADAA117874184E368A2C626C3FBF5666ED327BFB8A140ADB4F109D31ADB33ADB105D31A779AD658310D237E86B517499B08FC9AFBB1997C736FB636EC601BC3410F2DCED4111B23606418BE24F5D551281326C4603E9EC11B6B1CFE603E7EA01FB6331AF51851E0FF613EF2BCF50929DD976827877527198F1DA5FE2277AD3AABB098B16E6F48B619DDCEFC998EFA50EE5FA7D9CA7668B6B224CFC3257B3ACB266CD2E28ACF978C69B306DFE6B3C99212031E7A18E7599765B961E3DC8BF8CC806BB8D864B0E4F44A4FD141B308A7E9D3C6F0CC2BD6EDB1FA70AF79F91EA14A3A6EDA8E6FF4E2BB9AE796A6446A91E91F782638E222EBA06BEDE0B6A159DEA73F7E598FFB0BAFEE7035A1FDEE3F17EE295973E11E5E6C6A05E615D0456AABE33FF7C2FDE8DEEE8B54F17244DDD8196FBFBF853B2C133FE0DA75F52DF4BBD19E5157BC70EBE69EC5C28D46BBBC37CBE836BF497D142A7EF858193ACF2048306622937D29A4BF2FE50D75A4F1A2ACC660499D0FD194F502D818BF2C1EE33B8A94343966CF2F4BEB101E2BD738CB38E7A3F35FFFA576273BD9C94E76B2939DEC64273BD9C94E1E26FF02F35EC2D1002800000D6578616D706C655F63632E676F000201610003313030016200033230300A0744454641554C54129A072D2D2D2D2D424547494E202D2D2D2D2D0A4D4949436A444343416A4B6741774942416749554245567773537830546D7164627A4E776C654E42427A6F4954307777436759494B6F5A497A6A3045417749770A667A454C4D416B474131554542684D4356564D78457A415242674E5642416754436B4E6862476C6D62334A7561574578466A415542674E564241635444564E680A62694247636D467559326C7A59323878487A416442674E5642416F54466B6C7564475679626D5630494664705A47646C64484D7349456C75597934784444414B0A42674E564241735441316458567A45554D4249474131554541784D4C5A586868625842735A53356A623230774868634E4D5459784D5445784D5463774E7A41770A5768634E4D5463784D5445784D5463774E7A4177576A426A4D517377435159445651514745774A56557A45584D4255474131554543424D4F546D3979644767670A5132467962327870626D45784544414F42674E564241635442314A68624756705A326778477A415A42674E5642416F54456B6835634756796247566B5A3256790A49455A68596E4A70597A454D4D416F474131554543784D44513039514D466B77457759484B6F5A497A6A3043415159494B6F5A497A6A304441516344516741450A4842754B73414F34336873344A4770466669474D6B422F7873494C54734F766D4E32576D77707350485A4E4C36773848576533784350517464472F584A4A765A0A2B433735364B457355424D337977355054666B7538714F42707A43427044414F42674E56485138424166384542414D4342614177485159445652306C424259770A464159494B7759424251554841774547434373474151554642774D434D41774741315564457745422F7751434D414177485159445652304F42425945464F46430A6463555A346573336C746943674156446F794C66567050494D42384741315564497751594D4261414642646E516A32716E6F492F784D55646E3176446D6447310A6E4567514D43554741315564455151654D427943436D31356147397A6443356A62323243446E6433647935746557687663335175593239744D416F47434371470A534D343942414D43413067414D4555434944663948626C34786E337A3445774E4B6D696C4D396C58324671346A5770416152564239374F6D56456579416945410A32356144505148474771324176684B54307776743038635831475447434962666D754C704D774B516A33383D0A2D2D2D2D2D454E44202D2D2D2D2D0A";
@@ -129,6 +146,29 @@ public void setUp() throws Exception {
         pem.close();
     }
 
+    // Tests initializing with an invalid certificate format
+    @Test
+    public void testInitInvalidCertFormat() throws Exception {
+
+        thrown.expect(CryptoException.class);
+
+        String oldVal = null;
+
+        try {
+            // Set the cert format to something invalid
+            oldVal = TestUtils.setConfigProperty(Config.CERTIFICATE_FORMAT, "abc123");
+
+            CryptoPrimitives crypto = new CryptoPrimitives();
+            crypto.init();
+
+        } finally {
+
+            // Reset the property for subsequent tests
+            TestUtils.setConfigProperty(Config.CERTIFICATE_FORMAT, oldVal);
+        }
+    }
+
+
     @Test
     public void testGetSetProperties() {
         CryptoPrimitives testCrypto = new CryptoPrimitives();
@@ -225,15 +265,42 @@ public void testSetTrustStoreDuplicateCert() {
         }
     }
 
+    @Test
+    public void testSetTrustStoreDuplicateCertUsingFile() {
+        try {
+            // Read the certificate data
+            java.net.URL certUrl = this.getClass().getResource("/ca.crt");
+            String certData = org.apache.commons.io.IOUtils.toString(certUrl, "UTF-8");
+
+            // Write this to a temp file
+            File tempFile = tempFolder.newFile("temp.txt");
+            Path tempPath = Paths.get(tempFile.getAbsolutePath());
+            Files.write(tempPath, certData.getBytes());
+
+            crypto.addCACertificateToTrustStore(tempFile, "ca"); //KeyStore overrides existing cert if same alias
+        } catch (Exception e) {
+            fail("testSetTrustStoreDuplicateCert should not have thrown Exception. Error: " + e.getMessage());
+        }
+    }
+
     @Test (expected = InvalidArgumentException.class)
-    public void testAddCACertificateToTrustStoreNoAlias() throws InvalidArgumentException {
+    public void testAddCACertificateToTrustStoreNullAlias() throws InvalidArgumentException {
         try {
             crypto.addCACertificateToTrustStore(new File("something"), null);
         } catch (CryptoException e) {
             fail("testAddCACertificateToTrustStoreNoAlias should not throw CryptoException. Error: " + e.getMessage());
         }
     }
 
+    @Test (expected = InvalidArgumentException.class)
+    public void testAddCACertificateToTrustStoreBlankAlias() throws InvalidArgumentException {
+        try {
+            crypto.addCACertificateToTrustStore(new File("something"), "");
+        } catch (CryptoException e) {
+            fail("testAddCACertificateToTrustStoreNoAlias should not throw CryptoException. Error: " + e.getMessage());
+        }
+    }
+
     @Test (expected = InvalidArgumentException.class)
     public void testAddCACertificateToTrustStoreEmptyAlias() throws InvalidArgumentException {
         try {
@@ -243,6 +310,26 @@ public void testAddCACertificateToTrustStoreEmptyAlias() throws InvalidArgumentE
         }
     }
 
+    @Test
+    public void testAddCACertificateToTrustStoreBadStore() throws Exception {
+
+        thrown.expect(CryptoException.class);
+        thrown.expectMessage("Unable to add");
+
+        // Create an uninitialized key store
+        KeyStore tmpKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+        // Ensure that crypto is using that store
+        KeyStore saveKeyStore = (KeyStore) TestUtils.setField(crypto, "trustStore", tmpKeyStore);
+
+        try {
+            crypto.addCACertificateToTrustStore(testCACert, "alias");
+        } finally {
+            // Ensure we set it back so that subsequent tests will not be affected
+            TestUtils.setField(crypto, "trustStore", saveKeyStore);
+        }
+   }
+
     @Test (expected = CryptoException.class)
     public void testAddCACertificateToTrustStoreNoFile() throws CryptoException {
         try {
@@ -270,9 +357,29 @@ public void testAddCACertificateToTrustStoreNoCert() throws InvalidArgumentExcep
         }
     }
 
+    // Tests addCACertificateToTrustStore passing a certificate and null for alias
+    @Test
+    public void testAddCACertificateToTrustStoreCertNullAlias() throws Exception {
+
+        thrown.expect(InvalidArgumentException.class);
+        thrown.expectMessage("You must assign an alias");
+
+        crypto.addCACertificateToTrustStore(testCACert, null);
+    }
+
+    // Tests addCACertificateToTrustStore passing a certificate and an empty string for alias
+    @Test
+    public void testAddCACertificateToTrustStoreCertEmptyAlias() throws Exception {
+
+        thrown.expect(InvalidArgumentException.class);
+        thrown.expectMessage("You must assign an alias");
+
+        crypto.addCACertificateToTrustStore(testCACert, "");
+    }
+
     @Test (expected = InvalidArgumentException.class)
-    public void testAddCACertsNullInput() throws Exception {
-        crypto.addCACertificateToTrustStore((File) null, null);
+    public void testAddCACertificateToTrustStoreNullFile() throws Exception {
+        crypto.addCACertificateToTrustStore((File) null, "test");
     }
 
     @Test (expected = CryptoException.class)
@@ -370,8 +477,6 @@ public void testValidateNotSignedCertificate() {
 
     @Test
     public void testValidateInvalidCertificate() throws IOException, CertificateException {
-        BufferedInputStream pem = new BufferedInputStream(new ByteArrayInputStream(invalidPemCert));
-
         assertFalse(crypto.validateCertificate(invalidPemCert));
     }
 
@@ -486,6 +591,17 @@ public void testKeyGen() throws CryptoException {
         Assert.assertSame(KeyPair.class, crypto.keyGen().getClass());
     }
 
+    // Try to generate a key without initializing crypto
+    @Test
+    public void testKeyGenBadCrypto() throws CryptoException {
+
+        thrown.expect(CryptoException.class);
+        thrown.expectMessage("Unable to generate");
+
+        CryptoPrimitives tmpCrypto = new CryptoPrimitives();
+        tmpCrypto.keyGen();
+    }
+
     @Test
     public void testGenerateCertificateRequest() throws CryptoException, OperatorCreationException {
         KeyPair testKeyPair = crypto.keyGen();
@@ -508,4 +624,28 @@ public void testCertificateToDER() throws CryptoException, OperatorCreationExcep
 
         Assert.assertTrue(crypto.certificateToDER(pemGenCert).length > 0);
     }
+
+    @Test
+    public void testHashSHA2() throws Exception {
+
+        byte[] input = "TheQuickBrownFox".getBytes(UTF_8);
+        String expectedHash = "cd0b1763383f460e94a2e6f0aefc3749bbeec60db11c12d678c682da679207ad";
+
+        crypto.setHashAlgorithm("SHA2");
+        byte[] hash = crypto.hash(input);
+        Assert.assertEquals(expectedHash, Hex.toHexString(hash));
+    }
+
+    @Test
+    public void testHashSHA3() throws Exception {
+
+        byte[] input = "TheQuickBrownFox".getBytes(UTF_8);
+        String expectedHash = "feb69c5c360a15802de6af23a3f5622da9d96aff2be78c8f188cce57a3549db6";
+
+        crypto.setHashAlgorithm("sha3");
+        byte[] hash = crypto.hash(input);
+        Assert.assertEquals(expectedHash, Hex.toHexString(hash));
+    }
+
+
 }