cleaned up code and tests

Signed-off-by: hfuss <hayden.fuss@kaleido.io>

Author: onelapahead

internal/apiserver/route_get_subscription_events_filtered_test.go

@@ -82,4 +82,4 @@ func TestGetSubscriptionEventsFilteredNoSequenceIDsProvided(t *testing.T) {
 
 	r.ServeHTTP(res, req)
 	assert.Equal(t, 200, res.Result().StatusCode)
-}
+}

internal/database/sqlcommon/event_sql_test.go

@@ -107,7 +107,7 @@ func TestGetEventsInSequenceRangeE2EWithDB(t *testing.T) {
 			Type:       core.EventTypeMessageConfirmed,
 			Reference:  fftypes.NewUUID(),
 			Correlator: fftypes.NewUUID(),
-			Topic:      fmt.Sprintf("topic%d", i % 2),
+			Topic:      fmt.Sprintf("topic%d", i%2),
 			Created:    fftypes.Now(),
 		}
 		err := s.InsertEvent(ctx, event)
@@ -322,10 +322,9 @@ func TestGetEventsInSequenceRangeBuildQueryFail(t *testing.T) {
 
 func TestGetEventsInSequenceRangeShouldCallGetEventsWhenNoSequencedProvidedAndThrowAnError(t *testing.T) {
 	s, mock := newMockProvider().init()
-	mock.ExpectQuery("SELECT .*").WillReturnRows(sqlmock.NewRows([]string{"id", }).AddRow("only one"))
+	mock.ExpectQuery("SELECT .*").WillReturnRows(sqlmock.NewRows([]string{"id"}).AddRow("only one"))
 	f := database.EventQueryFactory.NewFilter(context.Background()).And()
 	_, _, err := s.GetEventsInSequenceRange(context.Background(), "ns1", f, -1, -1)
 	assert.NotNil(t, err)
 	assert.NoError(t, mock.ExpectationsWereMet())
 }
-

internal/dataexchange/ffdx/ffdx.go

@@ -18,11 +18,17 @@ package ffdx
 
 import (
 	"context"
+	"crypto/x509"
 	"encoding/json"
+	"encoding/pem"
+	"errors"
 	"fmt"
 	"io"
 	"strings"
 	"sync"
+	"time"
+
+	"github.com/hyperledger/firefly/internal/metrics"
 
 	"github.com/go-resty/resty/v2"
 	"github.com/hyperledger/firefly-common/pkg/config"
@@ -54,6 +60,8 @@ type FFDX struct {
 	retry           *retry.Retry
 	backgroundStart bool
 	backgroundRetry *retry.Retry
+
+	metrics metrics.Manager // optional
 }
 
 type dxNode struct {
@@ -168,7 +176,7 @@ func (h *FFDX) Name() string {
 	return "ffdx"
 }
 
-func (h *FFDX) Init(ctx context.Context, cancelCtx context.CancelFunc, config config.Section) (err error) {
+func (h *FFDX) Init(ctx context.Context, cancelCtx context.CancelFunc, config config.Section, metrics metrics.Manager) (err error) {
 	h.ctx = log.WithLogField(ctx, "dx", "https")
 	h.cancelCtx = cancelCtx
 	h.ackChannel = make(chan *ack)
@@ -179,6 +187,7 @@ func (h *FFDX) Init(ctx context.Context, cancelCtx context.CancelFunc, config co
 	}
 	h.needsInit = config.GetBool(DataExchangeInitEnabled)
 	h.nodes = make(map[string]*dxNode)
+	h.metrics = metrics
 
 	if config.GetString(ffresty.HTTPConfigURL) == "" {
 		return i18n.NewError(ctx, coremsgs.MsgMissingPluginConfig, "url", "dataexchange.ffdx")
@@ -456,6 +465,79 @@ func (h *FFDX) TransferBlob(ctx context.Context, nsOpID string, peer, sender fft
 	return nil
 }
 
+func (h *FFDX) CheckNodeIdentityStatus(ctx context.Context, dxPeer fftypes.JSONObject, node *core.Identity) error {
+	if err := h.checkInitialized(h.ctx); err != nil {
+		return err
+	}
+
+	if dxPeer.GetString("cert") == "" {
+		log.L(ctx).Warnf("DX peer does not have a 'cert', DX plugin may be unsupported")
+		return nil
+	}
+
+	if node.Profile == nil || node.Profile.GetString("cert") == "" {
+		return i18n.NewError(ctx, coremsgs.MsgDXInfoMissingID) // TODO
+	}
+
+	var mismatchState = metrics.NodeIdentityDXCertMismatchStatusUnknown
+	defer func() {
+		if h.metrics != nil && h.metrics.IsMetricsEnabled() {
+			h.metrics.NodeIdentityDXCertMismatch(node.Namespace, mismatchState)
+		}
+	}()
+
+	mismatchState = metrics.NodeIdentityDXCertMismatchStatusHealthy
+	if dxPeer.GetString("cert") != node.Profile.GetString("cert") {
+		mismatchState = metrics.NodeIdentityDXCertMismatchStatusMismatched
+	}
+
+	if h.metrics != nil && h.metrics.IsMetricsEnabled() {
+		expiry, err := extractSoonestExpiryFromCertBundle(dxPeer.GetString("cert"))
+		if err == nil {
+			if expiry.Before(time.Now()) {
+				log.L(ctx).Warnf("Certificate for node '%s' has expired", node.Name)
+			}
+
+			h.metrics.NodeIdentityDXCertExpiry(node.Namespace, expiry)
+		} else {
+			log.L(ctx).Errorf("Failed to find x509 cert within DX cert bundle node='%s' namespace='%s'", node.Name, node.Namespace)
+		}
+	}
+
+	return nil
+}
+
+// we assume the cert with the soonest expiry is the leaf cert, but even if its the CA,
+// thats what will invalidate the leaf anyways, so really we only care about the soonest expiry
+func extractSoonestExpiryFromCertBundle(certBundle string) (time.Time, error) {
+	var leafCert *x509.Certificate
+	var block *pem.Block
+	var rest = []byte(certBundle)
+
+	for {
+		block, rest = pem.Decode(rest)
+		if block == nil {
+			break
+		}
+		if block.Type != "CERTIFICATE" {
+			continue
+		}
+		cert, err := x509.ParseCertificate(block.Bytes)
+		if err != nil {
+			return time.Time{}, fmt.Errorf("failed to parse certificate: %v", err)
+		}
+		if leafCert == nil || cert.NotAfter.Before(leafCert.NotAfter) {
+			leafCert = cert
+		}
+	}
+
+	if leafCert == nil {
+		return time.Time{}, errors.New("no valid certificate found")
+	}
+
+	return leafCert.NotAfter.UTC(), nil
+}
+
 func (h *FFDX) ackLoop() {
 	for {
 		select {

internal/dataexchange/ffdx/ffdx_test.go

@@ -26,6 +26,8 @@ import (
 	"net/url"
 	"testing"
 
+	"github.com/hyperledger/firefly/mocks/metricsmocks"
+
 	"github.com/hyperledger/firefly-common/pkg/config"
 	"github.com/hyperledger/firefly-common/pkg/ffresty"
 	"github.com/hyperledger/firefly-common/pkg/fftls"
@@ -45,6 +47,55 @@ import (
 
 var utConfig = config.RootSection("ffdx_unit_tests")
 
+const (
+	testCertBundle = `
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIUbZT+Ds4f2oDmGpgVi+SaQq9gxvcwDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCkV4YW1wbGUgQ0ExEzARBgNVBAMMCmV4
+YW1wbGUtY2EwHhcNMjUwMjI4MTkzMDM4WhcNMzUwMjI2MTkzMDM4WjBkMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
+aXNjbzETMBEGA1UECgwKRXhhbXBsZSBDQTETMBEGA1UEAwwKZXhhbXBsZS1jYTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOWBryFqk0YqQ6pzGJvBDjbV
+4BnkMzsv+Fq869Xks09OP4eW44oqfFUmpCFyS3fEmRCz+389t4mKvxcCRIJMW0f5
+K9jffG1QKUKL4UuNfEPFpM0MXTwhI+dCdvofdelzc+KBGA6CDYlnWYcCKFSuWeSu
+xrb/qCEvhcCaSYt3e2WcRHRuK+OLzM3REeJctC4G/pq858OUV5CZU2B6aGV/9uFL
+ZW3TCrOaj+Khzzt5FNvjVdLiUw0FS8VESxFA4kH8p+XUshs9S0e7LfIBSID2NU8+
++5D6HliqNqikbsny1Ps6GhLa+nI37LOVj7nFcG7uk+gb6HUN1+0YvjOJ0/zvnLEC
+AwEAAaNTMFEwHQYDVR0OBBYEFJfNoXmIn5S6W7Lcj5G/huW5q1YQMB8GA1UdIwQY
+MBaAFJfNoXmIn5S6W7Lcj5G/huW5q1YQMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBALsdRYJHQMkhjLcrO4Yha1KXh2d+irmi8AqQqQgbLIsSzuqG
+bKFiYnJ8PKHaISHlev2xRM9kEjDZ/9q8T4aUELg4eBjj7VK+gs+gSBO6peJ+AcEg
+TepsE5GHmhoIIiE/3dIP6XnaM6NBb8q0ewsIg1c5vLlrt8W96LY6Og7f+742VvoV
+H31srpGjy7c5nYjBTn/Bu84eb5Lxfvy10sJjnenkXDJvzkUcnfbRzDQ9k5ZuPa05
+x+BsxonN0iaeZH91F+Y3kgJidLnU5EhIB/1KXYjuEbl9qUxD6GFHRststPRPeOmj
+7C+BtJCIjjavysSqVMvQWLQ6rXms3SpRPAimWqM=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDqjCCApKgAwIBAgIUWnobAQ4vq8gWBAXZBf7XZG3oSiUwDQYJKoZIhvcNAQEL
+BQAwZDELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
+DVNhbiBGcmFuY2lzY28xEzARBgNVBAoMCkV4YW1wbGUgQ0ExEzARBgNVBAMMCmV4
+YW1wbGUtY2EwHhcNMjUwMjI4MTkzMDU3WhcNMjgwMjI4MTkzMDU3WjB2MQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j
+aXNjbzEcMBoGA1UECgwTSHlwZXJsZWRnZXIgRmlyZWZseTEcMBoGA1UEAwwTaHlw
+ZXJsZWRnZXItZmlyZWZseTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKlbQ+7cWWS0+QPp03PrdxsnAAtG2tWOk2CEG7HS3AlBU82YImhCidKOw+jQPS68
+2f2d0tYBhugqB2Ki6HsfYMGTjHDLbUQ5y+cLk6PFbvhjm39Ayd+WGmhWht5qFtRN
+gllTa/SbG8+iGaSPIVFCyvg1IzxsFnBGn+05Gu+KjpL4i0l1RqDmy5ItxKGP77in
+RPEUkejiUozg/X3v2TWAGagIVF5+EQ2Cswot9W1faAvyu/QmSGLLfSH22GdEDHXa
+U4DV5ArJ2U2eNkOuasSWGKBopa/Wh1SZjKrNsy5Gw84ihAI4k7ARoP+vu1dIPdaX
+ElipmGMtUWu0Azn2l9QJZpMCAwEAAaNCMEAwHQYDVR0OBBYEFL798jEmX2+hw70t
+SmfJA78PZnnHMB8GA1UdIwQYMBaAFJfNoXmIn5S6W7Lcj5G/huW5q1YQMA0GCSqG
+SIb3DQEBCwUAA4IBAQBY1NXTuQJZvjip33dRXyWP6GsSDKbXTSCcSF38P4/m+pcH
+r/q/upo+K+8eTtPqUwBsIywH5bypWqoIPtM+rkd3FVBe7uti2FExufpcOruzEGsY
+rNTfiFZbc7eHmFRTkKXWW4j6b6ElygrBvV999BhCRNf6NS0/syjqsbALHkFGeIcl
+78wdaR+m2XVJBV7SmPmZ/EQzxvhCZONNVyU5zvW2sehI7sRbZt9/FG5U1Ng0LarW
+R0gnXX/IZFnLhLh6UpLOBB0KIGENh75EEU7755jMKDKFj16D0uA1Lzrh5YxicTMy
+ydFYQLpLycsWl2oV3JB4pO5TIzjY9awkRE0MeMMc
+-----END CERTIFICATE-----
+`
+)
+
 func newTestFFDX(t *testing.T, manifestEnabled bool) (h *FFDX, toServer, fromServer chan string, httpURL string, done func()) {
 	mockedClient := &http.Client{}
 	httpmock.ActivateNonDefault(mockedClient)
@@ -64,8 +115,9 @@ func newTestFFDX(t *testing.T, manifestEnabled bool) (h *FFDX, toServer, fromSer
 	h = &FFDX{initialized: true}
 	h.InitConfig(utConfig)
 
+	mmm := metricsmocks.NewManager(t)
 	dxCtx, dxCancel := context.WithCancel(context.Background())
-	err := h.Init(dxCtx, dxCancel, utConfig)
+	err := h.Init(dxCtx, dxCancel, utConfig, mmm)
 	assert.NoError(t, err)
 	assert.Equal(t, "ffdx", h.Name())
 	assert.NotNil(t, h.Capabilities())
@@ -114,7 +166,7 @@ func TestInitBadURL(t *testing.T) {
 	h.InitConfig(utConfig)
 	utConfig.Set(ffresty.HTTPConfigURL, "::::////")
 	ctx, cancel := context.WithCancel(context.Background())
-	err := h.Init(ctx, cancel, utConfig)
+	err := h.Init(ctx, cancel, utConfig, nil)
 	assert.Regexp(t, "FF00149", err)
 }
 
@@ -127,7 +179,7 @@ func TestInitBadTLS(t *testing.T) {
 	tlsConfig.Set(fftls.HTTPConfTLSEnabled, true)
 	tlsConfig.Set(fftls.HTTPConfTLSCAFile, "badCA")
 	ctx, cancel := context.WithCancel(context.Background())
-	err := h.Init(ctx, cancel, utConfig)
+	err := h.Init(ctx, cancel, utConfig, nil)
 	assert.Regexp(t, "FF00153", err)
 }
 
@@ -136,7 +188,7 @@ func TestInitMissingURL(t *testing.T) {
 	h := &FFDX{}
 	h.InitConfig(utConfig)
 	ctx, cancel := context.WithCancel(context.Background())
-	err := h.Init(ctx, cancel, utConfig)
+	err := h.Init(ctx, cancel, utConfig, nil)
 	assert.Regexp(t, "FF10138", err)
 }
 
@@ -159,7 +211,7 @@ func TestInitWithBackgroundStart(t *testing.T) {
 
 	h.InitConfig(utConfig)
 	ctx, cancel := context.WithCancel(context.Background())
-	err := h.Init(ctx, cancel, utConfig)
+	err := h.Init(ctx, cancel, utConfig, nil)
 	assert.NoError(t, err)
 
 	assert.NotNil(t, h.backgroundRetry)
@@ -453,7 +505,7 @@ func TestBackgroundStartWSFail(t *testing.T) {
 
 	dxCtx, dxCancel := context.WithCancel(context.Background())
 	defer dxCancel()
-	err := h.Init(dxCtx, dxCancel, utConfig)
+	err := h.Init(dxCtx, dxCancel, utConfig, nil)
 	assert.NoError(t, err)
 	assert.Equal(t, "ffdx", h.Name())
 	assert.NotNil(t, h.Capabilities())
@@ -480,7 +532,7 @@ func TestMessageEventsBackgroundStart(t *testing.T) {
 	// Starting in background mode and making sure the event loop are started as well
 	// to listen to messages
 	utConfig.Set(DataExchangeBackgroundStart, true)
-	h.Init(h.ctx, h.cancelCtx, utConfig)
+	h.Init(h.ctx, h.cancelCtx, utConfig, nil)
 
 	mcb := &dataexchangemocks.Callbacks{}
 	h.SetHandler("ns1", "node1", mcb)
@@ -811,7 +863,7 @@ func TestWebsocketWithReinit(t *testing.T) {
 
 	h.InitConfig(utConfig)
 	ctx, cancel := context.WithCancel(context.Background())
-	err := h.Init(ctx, cancel, utConfig)
+	err := h.Init(ctx, cancel, utConfig, nil)
 	assert.NoError(t, err)
 	h.AddNode(context.Background(), "ns1", "node1", fftypes.JSONObject{})
 
@@ -859,7 +911,7 @@ func TestWebsocketWithEmptyNodesInit(t *testing.T) {
 
 	h.InitConfig(utConfig)
 	ctx, cancel := context.WithCancel(context.Background())
-	err := h.Init(ctx, cancel, utConfig)
+	err := h.Init(ctx, cancel, utConfig, nil)
 	assert.NoError(t, err)
 
 	err = h.Start()
@@ -909,3 +961,14 @@ func TestDeleteBlobFail(t *testing.T) {
 	err := h.DeleteBlob(context.Background(), fmt.Sprintf("ns1/%s", u))
 	assert.Regexp(t, "FF10229", err)
 }
+
+//
+//matchingProfile := fftypes.JSONAnyPtr(fmt.Sprintf(`{"cert": "%s" }`, strings.ReplaceAll(testCertBundle, "\n", `\n`))).JSONObject()
+//
+//nm.identity.(*identitymanagermocks.Manager).On("GetLocalNode", ctx).Return(&core.Identity{
+//IdentityProfile: core.IdentityProfile{
+//Profile: matchingProfile,
+//},
+//}, nil)
+//
+//expiry := time.Unix(1835379057, 0).UTC()

internal/events/websockets/websockets_test.go

@@ -1219,4 +1219,4 @@ func TestHandleStartWrongNamespace(t *testing.T) {
 	err := wc.handleStart(startMessage)
 	assert.Error(t, err)
 	assert.Regexp(t, "FF10462", err)
-}
+}

internal/namespace/configreload_test.go

@@ -413,7 +413,7 @@ func mockInitConfig(nmm *nmMocks) {
 	nmm.mdi.On("Init", mock.Anything, mock.Anything).Return(nil)
 	nmm.mdi.On("SetHandler", database.GlobalHandler, mock.Anything).Return()
 	nmm.mbi.On("Init", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
-	nmm.mdx.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil)
+	nmm.mdx.On("Init", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
 	nmm.mps.On("Init", mock.Anything, mock.Anything).Return(nil)
 	nmm.mti[1].On("Init", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil)
 	nmm.mei[0].On("Init", mock.Anything, mock.Anything).Return(nil)

internal/namespace/manager.go

@@ -702,7 +702,7 @@ func (nm *namespaceManager) initPlugins(pluginsToStart map[string]*plugin) (err
 				return err
 			}
 		case pluginCategoryDataexchange:
-			if err = p.dataexchange.Init(p.ctx, nm.cancelCtx /* allow plugin to stop whole process */, p.config); err != nil {
+			if err = p.dataexchange.Init(p.ctx, nm.cancelCtx /* allow plugin to stop whole process */, p.config, nm.metrics); err != nil {
 				return err
 			}
 		case pluginCategorySharedstorage:

internal/namespace/manager_test.go

@@ -273,7 +273,7 @@ func newTestNamespaceManager(t *testing.T, initConfig bool) (*namespaceManager,
 		nmm.mdi.On("Init", mock.Anything, mock.Anything).Return(nil).Once()
 		nmm.mdi.On("SetHandler", database.GlobalHandler, mock.Anything).Return().Once()
 		nmm.mbi.On("Init", mock.Anything, mock.Anything, mock.Anything, nmm.mmi, mock.Anything).Return(nil).Once()
-		nmm.mdx.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(nil).Once()
+		nmm.mdx.On("Init", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(nil).Once()
 		nmm.mps.On("Init", mock.Anything, mock.Anything).Return(nil).Once()
 		nmm.mti[0].On("Init", mock.Anything, mock.Anything, "erc721", mock.Anything).Return(nil).Once()
 		nmm.mti[1].On("Init", mock.Anything, mock.Anything, "erc1155", mock.Anything).Return(nil).Once()
@@ -363,7 +363,7 @@ func TestInitDataExchangeFail(t *testing.T) {
 	nm, nmm, cleanup := newTestNamespaceManager(t, true)
 	defer cleanup()
 
-	nmm.mdx.On("Init", mock.Anything, mock.Anything, mock.Anything).Return(fmt.Errorf("pop"))
+	nmm.mdx.On("Init", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(fmt.Errorf("pop"))
 
 	err := nm.initPlugins(map[string]*plugin{
 		"ffdx": nm.plugins["ffdx"],