diff --git a/msp/nodeous_test.go b/msp/nodeous_test.go index e676190c0ba..71dc80ac979 100644 --- a/msp/nodeous_test.go +++ b/msp/nodeous_test.go @@ -293,6 +293,37 @@ func TestLoad142MSPWithInvalidAdminConfiguration(t *testing.T) { assert.Equal(t, "administrators must be declared when no admin ou classification is set", err.Error()) } +func TestAdminInAdmincertsWith143MSP(t *testing.T) { + // testdata/nodeouadminclient enables NodeOU classification and contains in the admincerts folder + // a certificate classified as client. This test checks that that identity is considered an admin anyway. + // testdata/nodeouadminclient2 enables NodeOU classification and contains in the admincerts folder + // a certificate classified as client. This test checks that that identity is considered an admin anyway. + // Notice that the configuration used is one that is usually expected for MSP version < 1.4.3 which + // only define peer and client OU. + testFolders := []string{"testdata/nodeouadminclient", "testdata/nodeouadminclient2"} + + for _, testFolder := range testFolders { + localMSP := getLocalMSPWithVersion(t, testFolder, MSPv1_4_3) + + cert, err := readFile(filepath.Join(testFolder, "admincerts", "admin.pem")) + assert.NoError(t, err) + + id, _, err := localMSP.(*bccspmsp).getIdentityFromConf(cert) + assert.NoError(t, err) + for _, ou := range id.GetOrganizationalUnits() { + assert.NotEqual(t, "admin", ou.OrganizationalUnitIdentifier) + } + + principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "SampleOrg"}) + assert.NoError(t, err) + principal := &msp.MSPPrincipal{ + PrincipalClassification: msp.MSPPrincipal_ROLE, + Principal: principalBytes} + err = id.SatisfiesPrincipal(principal) + assert.NoError(t, err) + } +} + func TestSatisfiesPrincipalOrderer(t *testing.T) { // testdata/nodeouorderer: // the configuration enables NodeOUs (with orderOU) diff --git a/msp/testdata/nodeouadminclient/admincerts/admin.pem b/msp/testdata/nodeouadminclient/admincerts/admin.pem new file mode 100644 index 00000000000..d4a90794c91 --- /dev/null +++ b/msp/testdata/nodeouadminclient/admincerts/admin.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcKgAwIBAgIRAN5DkOBs583C+swyjC7nHS0wCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGcxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMQ8wDQYDVQQLEwZjbGllbnQxGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29t +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3H+SsKIPqOTCn2YBHDYTkgsvYtr0 +6Kz3mEp4jfNmRt0Mz/Sjyg+E3AUjBah/Qj6WBqVYhmJeFsMoNvk8OhdHg6NNMEsw +DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAg3+GALQue +CGamN/C2yq8S+ET/YsjAltoJS2hjlwUXxZ8wCgYIKoZIzj0EAwIDRwAwRAIgXvE1 +Dsw0Vd2Tz+mxCfyf62lzQ8IN2BE4qsEQNgcsL94CIH26gcvFF7u0j+FVkjA4Awuq +10yaq8RzytoLpOz4SDkw +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem b/msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem new file mode 100644 index 00000000000..932a013b439 --- /dev/null +++ b/msp/testdata/nodeouadminclient/cacerts/ca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICPzCCAeSgAwIBAgIRAONi5v8ImyejqCrCatbAW1QwCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGkxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQAfjOlLCdB/6SsdPlbDHUsdK+b +gRuEN38QOFZ0Ws3aFAsER8ImqV3UIlsbKi5JnDs+OQnzrr3hrKA8downRRy/o20w +azAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN/hgC0LnghmpjfwtsqvEvhE/2LI +wJbaCUtoY5cFF8WfMAoGCCqGSM49BAMCA0kAMEYCIQDhhgAHx0l7V5uAG2hATgCs +bvsbHiJpHUtiK7f1Qfxf2AIhANeukSgRU+AeGSzyVmAOKhIUS+grsPyspksUwVvB +ehXv +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient/config.yaml b/msp/testdata/nodeouadminclient/config.yaml new file mode 100644 index 00000000000..8846e9d4d92 --- /dev/null +++ b/msp/testdata/nodeouadminclient/config.yaml @@ -0,0 +1,14 @@ +NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: peer + AdminOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: admin + OrdererOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: orderer diff --git a/msp/testdata/nodeouadminclient/keystore/priv_sk b/msp/testdata/nodeouadminclient/keystore/priv_sk new file mode 100644 index 00000000000..c5ddc42760f --- /dev/null +++ b/msp/testdata/nodeouadminclient/keystore/priv_sk @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3XkpMssR+HPUfA+C +SvrEalkm9qz1RvDZzWpeJZJgzHuhRANCAATttnug4BR0dA3fL8XFWdcAz2KBYXNu +o1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBd +-----END PRIVATE KEY----- diff --git a/msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem b/msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem new file mode 100644 index 00000000000..6655403f305 --- /dev/null +++ b/msp/testdata/nodeouadminclient/signcerts/orderer.example.com-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAcSgAwIBAgIQSEQ9WMdyikoUBDZC1SCNYjAKBggqhkjOPQQDAjBpMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w +bGUuY29tMB4XDTE5MDcwNDE2MjcwMFoXDTI5MDcwMTE2MjcwMFowajELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz +Y28xEDAOBgNVBAsTB29yZGVyZXIxHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATttnug4BR0dA3fL8XFWdcAz2KB +YXNuo1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBdo00w +SzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNVHSMEJDAigCDf4YAt +C54IZqY38LbKrxL4RP9iyMCW2glLaGOXBRfFnzAKBggqhkjOPQQDAgNIADBFAiEA +6moSx8Ny5hOtKgR5ixwMclqefiFDW5p1OQ1mOakYe3MCIGuqooZlekXL/xCVpuNZ +V4ODyvgvMEgQBg7lpg7RapWZ +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem b/msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem new file mode 100644 index 00000000000..5a7c4e639e4 --- /dev/null +++ b/msp/testdata/nodeouadminclient/tlscacerts/tlsca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRTCCAeqgAwIBAgIRAJCUl0CdwlkfiNTXt/gxVlgwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGwxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh +bXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiqvojiDlos4TH6hOh +2Sg16UMVs4xG/s6M0MxICfAJSkwD3PRwKOinv8wD7OT7FxevPa6THKZONsXJwhWR +Lbero20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG +AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIEcM31EymEUj64aNdHFZ +0OCICQC3vXXeGLXrrc28liw6MAoGCCqGSM49BAMCA0kAMEYCIQCgfmcPMxf8ojnD +UbfnxXFHHHqAQ03X+bISVaKVtpcqjwIhAOwrN+SL40ORnkRgKBzyL8SzyiDXwqf0 +RqgngKsp/XOT +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/admincerts/admin.pem b/msp/testdata/nodeouadminclient2/admincerts/admin.pem new file mode 100644 index 00000000000..d4a90794c91 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/admincerts/admin.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICGzCCAcKgAwIBAgIRAN5DkOBs583C+swyjC7nHS0wCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGcxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMQ8wDQYDVQQLEwZjbGllbnQxGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29t +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3H+SsKIPqOTCn2YBHDYTkgsvYtr0 +6Kz3mEp4jfNmRt0Mz/Sjyg+E3AUjBah/Qj6WBqVYhmJeFsMoNvk8OhdHg6NNMEsw +DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAg3+GALQue +CGamN/C2yq8S+ET/YsjAltoJS2hjlwUXxZ8wCgYIKoZIzj0EAwIDRwAwRAIgXvE1 +Dsw0Vd2Tz+mxCfyf62lzQ8IN2BE4qsEQNgcsL94CIH26gcvFF7u0j+FVkjA4Awuq +10yaq8RzytoLpOz4SDkw +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem b/msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem new file mode 100644 index 00000000000..932a013b439 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/cacerts/ca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICPzCCAeSgAwIBAgIRAONi5v8ImyejqCrCatbAW1QwCgYIKoZIzj0EAwIwaTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt +cGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGkxCzAJBgNV +BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQAfjOlLCdB/6SsdPlbDHUsdK+b +gRuEN38QOFZ0Ws3aFAsER8ImqV3UIlsbKi5JnDs+OQnzrr3hrKA8downRRy/o20w +azAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIN/hgC0LnghmpjfwtsqvEvhE/2LI +wJbaCUtoY5cFF8WfMAoGCCqGSM49BAMCA0kAMEYCIQDhhgAHx0l7V5uAG2hATgCs +bvsbHiJpHUtiK7f1Qfxf2AIhANeukSgRU+AeGSzyVmAOKhIUS+grsPyspksUwVvB +ehXv +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/config.yaml b/msp/testdata/nodeouadminclient2/config.yaml new file mode 100644 index 00000000000..b7994ee4289 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/config.yaml @@ -0,0 +1,8 @@ +NodeOUs: + Enable: true + ClientOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: client + PeerOUIdentifier: + Certificate: cacerts/ca.example.com-cert.pem + OrganizationalUnitIdentifier: peer \ No newline at end of file diff --git a/msp/testdata/nodeouadminclient2/keystore/priv_sk b/msp/testdata/nodeouadminclient2/keystore/priv_sk new file mode 100644 index 00000000000..c5ddc42760f --- /dev/null +++ b/msp/testdata/nodeouadminclient2/keystore/priv_sk @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg3XkpMssR+HPUfA+C +SvrEalkm9qz1RvDZzWpeJZJgzHuhRANCAATttnug4BR0dA3fL8XFWdcAz2KBYXNu +o1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBd +-----END PRIVATE KEY----- diff --git a/msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem b/msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem new file mode 100644 index 00000000000..6655403f305 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/signcerts/orderer.example.com-cert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICHjCCAcSgAwIBAgIQSEQ9WMdyikoUBDZC1SCNYjAKBggqhkjOPQQDAjBpMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w +bGUuY29tMB4XDTE5MDcwNDE2MjcwMFoXDTI5MDcwMTE2MjcwMFowajELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz +Y28xEDAOBgNVBAsTB29yZGVyZXIxHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5j +b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATttnug4BR0dA3fL8XFWdcAz2KB +YXNuo1ZoZtYoXuTBQmIAp9gzE3n4WZlx1Q20auf3LyheORimUmRokuMkzDBdo00w +SzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNVHSMEJDAigCDf4YAt +C54IZqY38LbKrxL4RP9iyMCW2glLaGOXBRfFnzAKBggqhkjOPQQDAgNIADBFAiEA +6moSx8Ny5hOtKgR5ixwMclqefiFDW5p1OQ1mOakYe3MCIGuqooZlekXL/xCVpuNZ +V4ODyvgvMEgQBg7lpg7RapWZ +-----END CERTIFICATE----- diff --git a/msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem b/msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem new file mode 100644 index 00000000000..5a7c4e639e4 --- /dev/null +++ b/msp/testdata/nodeouadminclient2/tlscacerts/tlsca.example.com-cert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICRTCCAeqgAwIBAgIRAJCUl0CdwlkfiNTXt/gxVlgwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MDQxNjI3MDBaFw0yOTA3MDExNjI3MDBaMGwxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEaMBgGA1UEAxMRdGxzY2EuZXhh +bXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASiqvojiDlos4TH6hOh +2Sg16UMVs4xG/s6M0MxICfAJSkwD3PRwKOinv8wD7OT7FxevPa6THKZONsXJwhWR +Lbero20wazAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG +AQUFBwMBMA8GA1UdEwEB/wQFMAMBAf8wKQYDVR0OBCIEIEcM31EymEUj64aNdHFZ +0OCICQC3vXXeGLXrrc28liw6MAoGCCqGSM49BAMCA0kAMEYCIQCgfmcPMxf8ojnD +UbfnxXFHHHqAQ03X+bISVaKVtpcqjwIhAOwrN+SL40ORnkRgKBzyL8SzyiDXwqf0 +RqgngKsp/XOT +-----END CERTIFICATE-----