[FAB-11135] int tests - discovery peer msp id

- added integration tests to e2e/orgs to test if msp id is being used from
discovered peer not from endpoint config

- added multi org test with SDK config having only one org

- cleaned up integration tests local. Removed custom config file
overrides for local tests.




Change-Id: I3352f38aae438257b6e32b9e48f4ce2e0278c92d
Signed-off-by: Sudesh Shetty <sudesh.shetty@securekey.com>

Author: sudeshrshetty

pkg/common/providers/test/mockfab/mockconfig.go

@@ -43,6 +43,18 @@ func DefaultMockConfig(mockCtrl *gomock.Controller) *MockEndpointConfig {
 	return config
 }
 
+// CustomMockConfig returns a custom mock config with custom certpool for testing
+func CustomMockConfig(mockCtrl *gomock.Controller, certPool *x509.CertPool) *MockEndpointConfig {
+	config := NewMockEndpointConfig(mockCtrl)
+
+	config.EXPECT().TLSCACertPool().Return(&MockCertPool{CertPool: certPool}).AnyTimes()
+
+	config.EXPECT().Timeout(fab.EndorserConnection).Return(time.Second * 5).AnyTimes()
+	config.EXPECT().TLSClientCerts().Return([]tls.Certificate{TLSCert}).AnyTimes()
+
+	return config
+}
+
 // BadTLSClientMockConfig returns a mock config for testing with TLSClientCerts() that always returns an error
 func BadTLSClientMockConfig(mockCtrl *gomock.Controller) *MockEndpointConfig {
 	config := NewMockEndpointConfig(mockCtrl)

pkg/core/config/comm/comm.go

@@ -18,22 +18,18 @@ import (
 // TLSConfig returns the appropriate config for TLS including the root CAs,
 // certs for mutual TLS, and server host override. Works with certs loaded either from a path or embedded pem.
 func TLSConfig(cert *x509.Certificate, serverName string, config fab.EndpointConfig) (*tls.Config, error) {
-	certPool, err := config.TLSCACertPool().Get()
+
+	certPool, err := config.TLSCACertPool().Get(cert)
 	if err != nil {
 		return nil, err
 	}
 
-	if cert == nil && (certPool == nil || len(certPool.Subjects()) == 0) {
-		//Return empty tls config if there is no cert provided or if certpool unavailable
+	if certPool == nil || len(certPool.Subjects()) == 0 {
+		//Return empty tls config if certpool is unavailable
 		return &tls.Config{}, nil
 	}
 
-	tlsCaCertPool, err := config.TLSCACertPool().Get(cert)
-	if err != nil {
-		return nil, err
-	}
-
-	return &tls.Config{RootCAs: tlsCaCertPool, Certificates: config.TLSClientCerts(), ServerName: serverName}, nil
+	return &tls.Config{RootCAs: certPool, Certificates: config.TLSClientCerts(), ServerName: serverName}, nil
 }
 
 // TLSCertHash is a utility method to calculate the SHA256 hash of the configured certificate (for usage in channel headers)

pkg/core/config/comm/comm_test.go

@@ -9,6 +9,7 @@ package comm
 import (
 	"bytes"
 	"encoding/hex"
+	"strconv"
 	"testing"
 
 	"strings"
@@ -17,6 +18,8 @@ import (
 
 	"reflect"
 
+	"crypto/x509"
+
 	"github.com/golang/mock/gomock"
 	"github.com/hyperledger/fabric-sdk-go/pkg/common/providers/test/mockfab"
 )
@@ -58,7 +61,11 @@ func TestTLSConfigHappyPath(t *testing.T) {
 	mockCtrl := gomock.NewController(t)
 	defer mockCtrl.Finish()
 
-	config := mockfab.DefaultMockConfig(mockCtrl)
+	testCertPool := x509.NewCertPool()
+	certs := createNCerts(1)
+	testCertPool.AddCert(certs[0])
+
+	config := mockfab.CustomMockConfig(mockCtrl, testCertPool)
 
 	serverHostOverride := "servernamebeingoverriden"
 
@@ -71,7 +78,7 @@ func TestTLSConfigHappyPath(t *testing.T) {
 		t.Fatal("Incorrect server name!")
 	}
 
-	if tlsConfig.RootCAs != mockfab.CertPool {
+	if tlsConfig.RootCAs != testCertPool {
 		t.Fatal("Incorrect cert pool")
 	}
 
@@ -84,6 +91,18 @@ func TestTLSConfigHappyPath(t *testing.T) {
 	}
 }
 
+func createNCerts(n int) []*x509.Certificate {
+	var certs []*x509.Certificate
+	for i := 0; i < n; i++ {
+		cert := &x509.Certificate{
+			RawSubject: []byte(strconv.Itoa(i)),
+			Raw:        []byte(strconv.Itoa(i)),
+		}
+		certs = append(certs, cert)
+	}
+	return certs
+}
+
 func TestNoTlsCertHash(t *testing.T) {
 	mockCtrl := gomock.NewController(t)
 	defer mockCtrl.Finish()

pkg/core/config/comm/tls/certpool.go

@@ -22,7 +22,6 @@ var logger = logging.NewLogger("fabsdk/core")
 type certPool struct {
 	useSystemCertPool bool
 	certs             []*x509.Certificate
-	certPool          *x509.CertPool
 	certsByName       map[string][]int
 	lock              sync.RWMutex
 }
@@ -32,38 +31,35 @@ func NewCertPool(useSystemCertPool bool) fab.CertPool {
 	return &certPool{
 		useSystemCertPool: useSystemCertPool,
 		certsByName:       make(map[string][]int),
-		certPool:          x509.NewCertPool(),
 	}
 }
 
 func (c *certPool) Get(certs ...*x509.Certificate) (*x509.CertPool, error) {
-	c.lock.RLock()
-	if len(certs) == 0 || c.containsCerts(certs...) {
-		defer c.lock.RUnlock()
-		return c.certPool, nil
+
+	if len(certs) > 0 {
+		c.lock.Lock()
+		//add certs to SDK cert list
+		for _, newCert := range certs {
+			c.addCert(newCert)
+		}
+		c.lock.Unlock()
 	}
-	c.lock.RUnlock()
 
-	// We have a cert we have not encountered before, recreate the cert pool
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+
+	// create the cert pool
 	certPool, err := c.loadSystemCertPool()
 	if err != nil {
 		return nil, err
 	}
 
-	c.lock.Lock()
-	defer c.lock.Unlock()
-
-	//add certs to SDK cert list
-	for _, newCert := range certs {
-		c.addCert(newCert)
-	}
 	//add all certs to cert pool
 	for _, cert := range c.certs {
 		certPool.AddCert(cert)
 	}
-	c.certPool = certPool
 
-	return c.certPool, nil
+	return certPool, nil
 }
 
 func (c *certPool) addCert(newCert *x509.Certificate) {
@@ -88,15 +84,6 @@ func (c *certPool) containsCert(newCert *x509.Certificate) bool {
 	return false
 }
 
-func (c *certPool) containsCerts(certs ...*x509.Certificate) bool {
-	for _, cert := range certs {
-		if cert != nil && !c.containsCert(cert) {
-			return false
-		}
-	}
-	return true
-}
-
 func (c *certPool) loadSystemCertPool() (*x509.CertPool, error) {
 	if !c.useSystemCertPool {
 		return x509.NewCertPool(), nil

pkg/core/config/comm/tls/certpool_test.go

@@ -26,7 +26,6 @@ func TestTLSCAConfig(t *testing.T) {
 	_, err := tlsCertPool.Get(goodCert)
 	require.NoError(t, err)
 	assert.Equal(t, true, tlsCertPool.useSystemCertPool)
-	assert.NotNil(t, tlsCertPool.certPool)
 	assert.NotNil(t, tlsCertPool.certsByName)
 
 	originalLength := len(tlsCertPool.certs)
@@ -37,10 +36,10 @@ func TestTLSCAConfig(t *testing.T) {
 
 	// Test with system cert pool disabled
 	tlsCertPool = NewCertPool(false).(*certPool)
-	_, err = tlsCertPool.Get(goodCert)
+	certPool, err := tlsCertPool.Get(goodCert)
 	require.NoError(t, err)
 	assert.Len(t, tlsCertPool.certs, 1)
-	assert.Len(t, tlsCertPool.certPool.Subjects(), 1)
+	assert.Len(t, certPool.Subjects(), 1)
 }
 
 func TestTLSCAPoolManyCerts(t *testing.T) {
@@ -103,7 +102,9 @@ func TestConcurrent(t *testing.T) {
 	}
 
 	assert.Len(t, tlsCertPool.certs, concurrency)
-	assert.Len(t, tlsCertPool.certPool.Subjects(), concurrency)
+	certPool, err := tlsCertPool.Get()
+	require.NoError(t, err)
+	assert.Len(t, certPool.Subjects(), concurrency)
 }
 
 func createNCerts(n int) []*x509.Certificate {

pkg/fab/comm/network_test.go

@@ -16,7 +16,7 @@ import (
 )
 
 const configTestFilePath = "../../core/config/testdata/config_test.yaml"
-const entityMatcherTestFilePath = "../../core/config/testdata/config_test_entity_matchers.yaml"
+const entityMatcherTestFilePath = "../../core/config/testdata/config_test.yaml"
 const localOverrideEntityMatcher = "../../../test/fixtures/config/overrides/local_entity_matchers.yaml"
 
 func TestNetworkPeerConfigFromURL(t *testing.T) {