[FAB-17052] pretty print EndpointCriteria TLS CAs

This change set makes the TLS CAs in the EndpointCriteria be printed as certificate attributes and not as decimal byte arrays. Change-Id: I1628851f2509c050eb40aa38eed9217b7e9e3dce Signed-off-by: yacovm <yacovm@il.ibm.com>
hyperledger · Nov 15, 2019 · b268b11 · b268b11
1 parent af69416
commit b268b11
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 0 deletions.
diff --git a/orderer/common/cluster/util.go b/orderer/common/cluster/util.go
@@ -8,8 +8,11 @@ package cluster
 
 import (
 	"bytes"
+	"crypto/x509"
 	"encoding/hex"
+	"encoding/json"
 	"encoding/pem"
+	"fmt"
 	"sync"
 	"sync/atomic"
 	"time"
@@ -346,6 +349,47 @@ type EndpointCriteria struct {
 	TLSRootCAs [][]byte // PEM encoded TLS root CA certificates
 }
 
+// String returns a string representation of this EndpointCriteria
+func (ep EndpointCriteria) String() string {
+	var formattedCAs []interface{}
+	for _, rawCAFile := range ep.TLSRootCAs {
+		var bl *pem.Block
+		pemContent := rawCAFile
+		for {
+			bl, pemContent = pem.Decode(pemContent)
+			if bl == nil {
+				break
+			}
+			cert, err := x509.ParseCertificate(bl.Bytes)
+			if err != nil {
+				break
+			}
+
+			issuedBy := cert.Issuer.String()
+			if cert.Issuer.String() == cert.Subject.String() {
+				issuedBy = "self"
+			}
+
+			info := make(map[string]interface{})
+			info["Expired"] = time.Now().After(cert.NotAfter)
+			info["Subject"] = cert.Subject.String()
+			info["Issuer"] = issuedBy
+			formattedCAs = append(formattedCAs, info)
+		}
+	}
+
+	formattedEndpointCriteria := make(map[string]interface{})
+	formattedEndpointCriteria["Endpoint"] = ep.Endpoint
+	formattedEndpointCriteria["CAs"] = formattedCAs
+
+	rawJSON, err := json.Marshal(formattedEndpointCriteria)
+	if err != nil {
+		return fmt.Sprintf("{\"Endpoint\": \"%s\"}", ep.Endpoint)
+	}
+
+	return string(rawJSON)
+}
+
 // EndpointconfigFromConfigBlock retrieves TLS CA certificates and endpoints
 // from a config block.
 func EndpointconfigFromConfigBlock(block *common.Block, bccsp bccsp.BCCSP) ([]EndpointCriteria, error) {

diff --git a/orderer/common/cluster/util_test.go b/orderer/common/cluster/util_test.go
@@ -10,6 +10,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
+	"fmt"
 	"io/ioutil"
 	"strings"
 	"sync"
@@ -1136,3 +1137,38 @@ func injectAdditionalTLSCAEndpointPair(t *testing.T, block *common.Block, endpoi
 	env.Payload = protoutil.MarshalOrPanic(payload)
 	block.Data.Data[0] = protoutil.MarshalOrPanic(env)
 }
+
+func TestEndpointCriteriaString(t *testing.T) {
+	// The top cert is the issuer of the bottom cert
+	certs := `-----BEGIN CERTIFICATE-----
+MIIBozCCAUigAwIBAgIQMXmzUnikiAZDr4VsrBL+rzAKBggqhkjOPQQDAjAxMS8w
+LQYDVQQFEyY2NTc2NDA3Njc5ODcwOTA3OTEwNDM5NzkxMTAwNzA0Mzk3Njg3OTAe
+Fw0xOTExMTEyMDM5MDRaFw0yOTExMDkyMDM5MDRaMDExLzAtBgNVBAUTJjY1NzY0
+MDc2Nzk4NzA5MDc5MTA0Mzk3OTExMDA3MDQzOTc2ODc5MFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAEzBBkRvWgasCKf1pejwpOu+1Fv9FffOZMHnna/7lfMrAqOs8d
+HMDVU7mSexu7YNTpAwm4vkdHXi35H8zlVABTxaNCMEAwDgYDVR0PAQH/BAQDAgGm
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/
+MAoGCCqGSM49BAMCA0kAMEYCIQCXqXoYLAJN9diIdGxPlRQJgJLju4brWXZfyt3s
+E9TjFwIhAOuUJjcOchdP6UA9WLnVWciEo1Omf59NgfHL1gUPb/t6
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIBpDCCAUqgAwIBAgIRAIyvtL0z1xQ+NecXeH1HmmAwCgYIKoZIzj0EAwIwMTEv
+MC0GA1UEBRMmNjU3NjQwNzY3OTg3MDkwNzkxMDQzOTc5MTEwMDcwNDM5NzY4Nzkw
+HhcNMTkxMTExMjAzOTA0WhcNMTkxMTEyMjAzOTA0WjAyMTAwLgYDVQQFEycxODcw
+MDQyMzcxODQwMjY5Mzk2ODUxNzk1NzM3MzIyMTc2OTA3MjAwWTATBgcqhkjOPQIB
+BggqhkjOPQMBBwNCAARZBFDBOfC7T9RbsX+PgyE6sM7ocuwn6krIGjc00ICivFgQ
+qdHMU7hiswiYwSvwh9MDHlprCRW3ycSgEYQgKU5to0IwQDAOBgNVHQ8BAf8EBAMC
+BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdEQQIMAaHBH8A
+AAEwCgYIKoZIzj0EAwIDSAAwRQIhAK6G7qr/ClszCFP25gsflA31+7eoss5vi3o4
+qz8bY+s6AiBvO0aOfE8M4ibjmRE4vSXo0+gkOIJKqZcmiRdnJSr8Xw==
+-----END CERTIFICATE-----`
+
+	epc := cluster.EndpointCriteria{
+		Endpoint:   "orderer.example.com:7050",
+		TLSRootCAs: [][]byte{[]byte(certs)},
+	}
+
+	actual := fmt.Sprint(epc)
+	expected := `{"CAs":[{"Expired":false,"Issuer":"self","Subject":"SERIALNUMBER=65764076798709079104397911007043976879"},{"Expired":true,"Issuer":"SERIALNUMBER=65764076798709079104397911007043976879","Subject":"SERIALNUMBER=187004237184026939685179573732217690720"}],"Endpoint":"orderer.example.com:7050"}`
+	assert.Equal(t, expected, actual)
+}