Add additional tests for common GRPCServer

This changeset adds a couple of new tests for
TLS using certficates signed by both root and
intermediate certificate authorities.  It also
populates the testdata/certs directory with
certificates which will be used in the next
phases of the implmentation and adds a
generator utility for these certificates

*updated patch set corrects error in
certificate generation and cleans up unneeded
certificates in the testdata/certs directory
*latest update removes specific check for
"host not found" and simply checks for error
as some systems resolve all DNS names to a remote
address

Enhances FAB-1259

Change-Id: Ic519b1d8c607c56db4644a3cae60e082743b4ac7
Signed-off-by: Gari Singh <[email protected]>

Author: mastersingh24

core/comm/server_test.go

@@ -19,7 +19,9 @@ package comm_test
 import (
 	"crypto/tls"
 	"crypto/x509"
+	"io/ioutil"
 	"net"
+	"path/filepath"
 	"testing"
 	"time"
 
@@ -61,7 +63,7 @@ zA85vv7JhfMkvZYGPELC7I2K8V7ZAiEA9KcthV3HtDXKNDsA6ULT+qUkyoHRzCzr
 A4QaL2VU6i4=
 -----END CERTIFICATE-----
 `
-var timeout = time.Second * 10
+var timeout = time.Second * 3
 
 type testServiceServer struct{}
 
@@ -133,12 +135,8 @@ func TestNewGRPCServerInvalidParameters(t *testing.T) {
 
 	//bad hostname
 	_, err = comm.NewGRPCServer("hostdoesnotexist.localdomain:9050", nil, nil, nil, nil)
-	//check for error
-	msg = "no such host"
-	if assert.Error(t, err, "%s error expected", msg) {
-		assert.Contains(t, err.Error(), msg) //use contains here as error message inconsistent
-	}
-
+	//check for error only - there are a few possibilities depending on DNS resolution but will get an error
+	assert.Error(t, err, "%s error expected", msg)
 	if err != nil {
 		t.Log(err.Error())
 	}
@@ -225,9 +223,8 @@ func TestNewGRPCServer(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
-		t.Fatalf(err.Error())
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
@@ -277,9 +274,8 @@ func TestNewGRPCServerFromListener(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
-		t.Fatalf(err.Error())
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
@@ -336,7 +332,7 @@ func TestNewSecureGRPCServer(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
@@ -401,9 +397,168 @@ func TestNewSecureGRPCServerFromListener(t *testing.T) {
 	_, err = invokeEmptyCall(testAddress, dialOptions)
 
 	if err != nil {
-		t.Logf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
 			testAddress, err)
 	} else {
 		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
 	}
 }
+
+//prior tests used self-signed certficates loaded by the GRPCServer and the test client
+//here we'll use certificates signed by certificate authorities
+func TestWithSignedRootCertificates(t *testing.T) {
+
+	//use Org1 testdata
+	fileBase := "Org1"
+	certPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-server1-cert.pem"))
+	keyPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-server1-key.pem"))
+	caPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-cert.pem"))
+
+	if err != nil {
+		t.Fatalf("Failed to load test certificates: %v", err)
+	}
+	testAddress := "localhost:9057"
+	//create our listener
+	lis, err := net.Listen("tcp", testAddress)
+
+	if err != nil {
+		t.Fatalf("Failed to create listener: %v", err)
+	}
+
+	srv, err := comm.NewGRPCServerFromListener(lis, keyPEMBlock,
+		certPEMBlock, nil, nil)
+	//check for error
+	if err != nil {
+		t.Fatalf("Failed to return new GRPC server: %v", err)
+	}
+
+	//register the GRPC test server
+	testpb.RegisterTestServiceServer(srv.Server(), &testServiceServer{})
+
+	//start the server
+	go srv.Start()
+
+	defer srv.Stop()
+	//should not be needed
+	time.Sleep(10 * time.Millisecond)
+
+	//create the client credentials
+	certPoolServer := x509.NewCertPool()
+
+	//use the server certificate only
+	if !certPoolServer.AppendCertsFromPEM(certPEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+
+	creds := credentials.NewClientTLSFromCert(certPoolServer, "")
+
+	//GRPC client options
+	var dialOptions []grpc.DialOption
+	dialOptions = append(dialOptions, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err = invokeEmptyCall(testAddress, dialOptions)
+
+	//client should not be able to connect
+	//for now we can only test that we get a timeout error
+	assert.EqualError(t, err, grpc.ErrClientConnTimeout.Error())
+	t.Logf("assert.EqualError: %s", err.Error())
+
+	//now use the CA certificate
+	certPoolCA := x509.NewCertPool()
+	if !certPoolCA.AppendCertsFromPEM(caPEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+	creds = credentials.NewClientTLSFromCert(certPoolCA, "")
+	var dialOptionsCA []grpc.DialOption
+	dialOptionsCA = append(dialOptionsCA, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err2 := invokeEmptyCall(testAddress, dialOptionsCA)
+
+	if err2 != nil {
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+			testAddress, err2)
+	} else {
+		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
+	}
+}
+
+//here we'll use certificates signed by intermediate certificate authorities
+func TestWithSignedIntermediateCertificates(t *testing.T) {
+
+	//use Org1 testdata
+	fileBase := "Org1"
+	certPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-child1-server1-cert.pem"))
+	keyPEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-child1-server1-key.pem"))
+	intermediatePEMBlock, err := ioutil.ReadFile(filepath.Join("testdata", "certs", fileBase+"-child1-cert.pem"))
+
+	if err != nil {
+		t.Fatalf("Failed to load test certificates: %v", err)
+	}
+	testAddress := "localhost:9058"
+	//create our listener
+	lis, err := net.Listen("tcp", testAddress)
+
+	if err != nil {
+		t.Fatalf("Failed to create listener: %v", err)
+	}
+
+	srv, err := comm.NewGRPCServerFromListener(lis, keyPEMBlock,
+		certPEMBlock, nil, nil)
+	//check for error
+	if err != nil {
+		t.Fatalf("Failed to return new GRPC server: %v", err)
+	}
+
+	//register the GRPC test server
+	testpb.RegisterTestServiceServer(srv.Server(), &testServiceServer{})
+
+	//start the server
+	go srv.Start()
+
+	defer srv.Stop()
+	//should not be needed
+	time.Sleep(10 * time.Millisecond)
+
+	//create the client credentials
+	certPoolServer := x509.NewCertPool()
+
+	//use the server certificate only
+	if !certPoolServer.AppendCertsFromPEM(certPEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+
+	creds := credentials.NewClientTLSFromCert(certPoolServer, "")
+
+	//GRPC client options
+	var dialOptions []grpc.DialOption
+	dialOptions = append(dialOptions, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err = invokeEmptyCall(testAddress, dialOptions)
+
+	//client should not be able to connect
+	//for now we can only test that we get a timeout error
+	assert.EqualError(t, err, grpc.ErrClientConnTimeout.Error())
+	t.Logf("assert.EqualError: %s", err.Error())
+
+	//now use the CA certificate
+	certPoolCA := x509.NewCertPool()
+	if !certPoolCA.AppendCertsFromPEM(intermediatePEMBlock) {
+		t.Fatal("Failed to append certificate to client credentials")
+	}
+	creds = credentials.NewClientTLSFromCert(certPoolCA, "")
+	var dialOptionsCA []grpc.DialOption
+	dialOptionsCA = append(dialOptionsCA, grpc.WithTransportCredentials(creds))
+
+	//invoke the EmptyCall service
+	_, err2 := invokeEmptyCall(testAddress, dialOptionsCA)
+
+	if err2 != nil {
+		t.Fatalf("GRPC client failed to invoke the EmptyCall service on %s: %v",
+			testAddress, err2)
+	} else {
+		t.Log("GRPC client successfully invoked the EmptyCall service: " + testAddress)
+	}
+}

core/comm/testdata/certs/Org1-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB5zCCAYygAwIBAgIQBoqyusG6LOG7fdzjrfvW8DAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMFgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRPcmcx
+MQ0wCwYDVQQDEwRPcmcxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgm/Cr5PM
+QasIdK2Ez8ghs43OjC9syqlJsZ3UCfvd671pDr2hZtbFsG1pHElUvcYjuXrh/Jso
+YItEXmAJ2jZZsKM4MDYwDgYDVR0PAQH/BAQDAgGmMBMGA1UdJQQMMAoGCCsGAQUF
+BwMBMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAIAMGQk4gvE+
+RlaxBVqsv6FarhtN9EfAMYu/gFrv3vUqAiEAu3MPm/0iZpa53N8PAhIKus6UIx4g
+nXzhP2sbDMVjccA=
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child1-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8zCCAZqgAwIBAgIQYKUEm2IXkwb7hhfmFKH0lTAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcx
+LWNoaWxkMTEUMBIGA1UEAxMLT3JnMS1jaGlsZDEwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAAQd0zt95LaDV7TYJGpS9rCNeURgVJUJLtQZtgxAIP+k8je+1yXC1WqR
+qMKtBm3aQP04kcJd8xaXj5yl3p1/qk/bozgwNjAOBgNVHQ8BAf8EBAMCAaYwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNH
+ADBEAh9HoG8o8aljiYEal3PumepBWpbIcDv9Pc4oLmDgh6PNAiEAh9MT72bmCdrh
+qSSazVaZxgmrH7DyNn7Y5ij4XDRjhwQ=
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child1-client1-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBDCCAaugAwIBAgIQXS8mfkPPbSh05Kbty0/mwjAKBggqhkjOPQQDAjBmMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzEUMBIGA1UEChMLT3JnMS1jaGlsZDExFDASBgNVBAMTC09yZzEtY2hp
+bGQxMB4XDTE2MTIxOTEyMTQ1NFoXDTI2MTIxNzEyMTQ1NFowbDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+HDAaBgNVBAoTE09yZzEtY2hpbGQxLWNsaWVudDExEjAQBgNVBAMTCWxvY2FsaG9z
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOLHdFSFvnTbYcLr63Wi/wjdBaVo
+6Vo7y1zSyxSZ1G7kI2cfg+lDfdzUD1WM4SUZV1pIlYS6MpokZn9Dyd7SfM+jNTAz
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMAoGCCqGSM49BAMCA0cAMEQCICk/fL44adOAlXJxvuql5+3xx7bGzgCIfoVz
+sAqDScfsAiAH4C/z+jCKK4WpywxlE/U3wz0FwZwGGXDON4AXVg3Mow==
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child1-client1-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJOlMLzN+kRVbnCTDeIeO5VmYVr4ILNr7MqD7a72HaLFoAoGCCqGSM49
+AwEHoUQDQgAE4sd0VIW+dNthwuvrdaL/CN0FpWjpWjvLXNLLFJnUbuQjZx+D6UN9
+3NQPVYzhJRlXWkiVhLoymiRmf0PJ3tJ8zw==
+-----END EC PRIVATE KEY-----

core/comm/testdata/certs/Org1-child1-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIANJY6KInPgTmezBBoE/Vq0g6y/FwoBo54rbJjmXnedhoAoGCCqGSM49
+AwEHoUQDQgAEHdM7feS2g1e02CRqUvawjXlEYFSVCS7UGbYMQCD/pPI3vtclwtVq
+kajCrQZt2kD9OJHCXfMWl4+cpd6df6pP2w==
+-----END EC PRIVATE KEY-----

core/comm/testdata/certs/Org1-child1-server1-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaugAwIBAgIQGJLwRu+fdXkVBXqn4Q/D9TAKBggqhkjOPQQDAjBmMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzEUMBIGA1UEChMLT3JnMS1jaGlsZDExFDASBgNVBAMTC09yZzEtY2hp
+bGQxMB4XDTE2MTIxOTEyMTQ1NFoXDTI2MTIxNzEyMTQ1NFowbDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+HDAaBgNVBAoTE09yZzEtY2hpbGQxLXNlcnZlcjExEjAQBgNVBAMTCWxvY2FsaG9z
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPPWSE1Hwcb6/gkkLUQTiGqJbaEc
+fXc6ua+gZabJtEZgoO+RjTDq8X1OVFKJYnVUsqdYoA4ymclbZh1p90fGB/+jNTAz
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMAoGCCqGSM49BAMCA0gAMEUCIGhtRzuHGz8e/I/Wkv8fSzVeRUyiRrdp33MW
+APfmqW+uAiEAzToTwUh4qXosee/gh3zG2kfiEgrSa4nfMz0T9dBfF68=
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child1-server1-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFq1dZOPEkCC5VuAdtB0vb9Ncz1zIfBPTe9eCN9rfkWloAoGCCqGSM49
+AwEHoUQDQgAE89ZITUfBxvr+CSQtRBOIaoltoRx9dzq5r6Blpsm0RmCg75GNMOrx
+fU5UUolidVSyp1igDjKZyVtmHWn3R8YH/w==
+-----END EC PRIVATE KEY-----

core/comm/testdata/certs/Org1-child1-server2-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBzCCAaygAwIBAgIRAO+oRnnA09sDNeNBFP4J/mcwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzEtY2hpbGQxMRQwEgYDVQQDEwtPcmcxLWNo
+aWxkMTAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcxLWNoaWxkMS1zZXJ2ZXIyMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8+DMyiKGF+MmGOUDR5Ba0DdEs
+Ea8r5wc3Qwt+kbE5rh0J+pMV+ZB1nvuGk/P7wUSMMyCae1Z9TwmGVQyhfNw4ozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNJADBGAiEAvnm6cyeF3YKA/WiQdsP8iASlNkFMnuek
+jZdLCgDs4XICIQDzn9j9S4aJvZwKQ96d3dIpJ/8910w6VF6apgpJ6WnYBQ==
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child1-server2-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIG9/X7NuNj1A9WGsTVzDUBE5hp1hN4q/EAOEjjO3oYKEoAoGCCqGSM49
+AwEHoUQDQgAEvPgzMoihhfjJhjlA0eQWtA3RLBGvK+cHN0MLfpGxOa4dCfqTFfmQ
+dZ77hpPz+8FEjDMgmntWfU8JhlUMoXzcOA==
+-----END EC PRIVATE KEY-----

core/comm/testdata/certs/Org1-child2-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8zCCAZqgAwIBAgIQO2kTviFxObnIfvpvm5INczAKBggqhkjOPQQDAjBYMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzENMAsGA1UEChMET3JnMTENMAsGA1UEAxMET3JnMTAeFw0xNjEyMTkx
+MjE0NTRaFw0yNjEyMTcxMjE0NTRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD
+YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcx
+LWNoaWxkMjEUMBIGA1UEAxMLT3JnMS1jaGlsZDIwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAATT8hJlwkqlhum6LXTyUENBmuvG1D47Yaoo7xolqB4rgaQ66twGXIbm
+/kBd++4glU0tdHFxiNEx+NFGBjRydbGgozgwNjAOBgNVHQ8BAf8EBAMCAaYwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNH
+ADBEAiBqdAbBd0Iy4iEiPegzzJFDDCO/p0O/4kPq0W/TCC4QbQIgSCNE54c6WuB3
+s1015/Hh5OfZVYfwNdtdUnLDqWaRqZc=
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child2-client1-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBjCCAaygAwIBAgIRAPjPkGnHmU7cf0H+Tl9LuNQwCgYIKoZIzj0EAwIwZjEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
+cmFuY2lzY28xFDASBgNVBAoTC09yZzEtY2hpbGQyMRQwEgYDVQQDEwtPcmcxLWNo
+aWxkMjAeFw0xNjEyMTkxMjE0NTRaFw0yNjEyMTcxMjE0NTRaMGwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv
+MRwwGgYDVQQKExNPcmcxLWNoaWxkMi1jbGllbnQxMRIwEAYDVQQDEwlsb2NhbGhv
+c3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATPYg/tCw3jPT7wEaxNAaae52Ix
+qyew7c5np0fOD+phVSC4Pd1HqU4geVZtLR88KUJdG6BibgxJOK8gBvsSMoZjozUw
+MzAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
+BAIwADAKBggqhkjOPQQDAgNIADBFAiBQNm7l7CNEkAYbWskaMZe7W6qK7YOqGPKC
+mZe4f+JyEAIhAIyW9AupkwIVqAf4Y+qLXWw6Ou72P2cxacwnU/EqY5v3
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child2-client1-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIJ8099eKaVtltKkoSsgxtDZ8nly8hEF8mzpoxgIUTKbPoAoGCCqGSM49
+AwEHoUQDQgAEz2IP7QsN4z0+8BGsTQGmnudiMasnsO3OZ6dHzg/qYVUguD3dR6lO
+IHlWbS0fPClCXRugYm4MSTivIAb7EjKGYw==
+-----END EC PRIVATE KEY-----

core/comm/testdata/certs/Org1-child2-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILD5s03CCydQC/fk15bPBIST29zSR640HZ6EFkljXQVvoAoGCCqGSM49
+AwEHoUQDQgAE0/ISZcJKpYbpui108lBDQZrrxtQ+O2GqKO8aJageK4GkOurcBlyG
+5v5AXfvuIJVNLXRxcYjRMfjRRgY0cnWxoA==
+-----END EC PRIVATE KEY-----

core/comm/testdata/certs/Org1-child2-server1-cert.pem

@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICBTCCAaugAwIBAgIQBWuPAYs8k+OxJCws3MC9jDAKBggqhkjOPQQDAjBmMQsw
+CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
+YW5jaXNjbzEUMBIGA1UEChMLT3JnMS1jaGlsZDIxFDASBgNVBAMTC09yZzEtY2hp
+bGQyMB4XDTE2MTIxOTEyMTQ1NFoXDTI2MTIxNzEyMTQ1NFowbDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28x
+HDAaBgNVBAoTE09yZzEtY2hpbGQyLXNlcnZlcjExEjAQBgNVBAMTCWxvY2FsaG9z
+dDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN10+yKShT7e72Eg4spl29gN8JWj
+FtrNF+7Htz8iuOXTjh0bXDaA39ZgXPQXPHHXb2qBOhFFty+IKjCKwtq9SJ6jNTAz
+MA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8E
+AjAAMAoGCCqGSM49BAMCA0gAMEUCIBamPit5An50gI0xmEgxKqdJXqKwMsbAsYlb
+WW61cdLqAiEAmNfaObAswKqpZ01uK9gef3Sq6h75Dvx3Y/Mi+YPL+6g=
+-----END CERTIFICATE-----

core/comm/testdata/certs/Org1-child2-server1-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBP5H0bLYye1oMhE/Nju+tYDqN0tHJzS1AssVSoEQMnKoAoGCCqGSM49
+AwEHoUQDQgAE3XT7IpKFPt7vYSDiymXb2A3wlaMW2s0X7se3PyK45dOOHRtcNoDf
+1mBc9Bc8cddvaoE6EUW3L4gqMIrC2r1Ing==
+-----END EC PRIVATE KEY-----