github.com/adnan-c/fabric_e2e_couchdb@v0.6.1-preview.0.20170228180935-21ce6b23cf91/accesscontrol/crypto/attr/attr_support_test.go (about) 1 /* 2 Copyright IBM Corp. 2016 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package attr 18 19 import ( 20 "bytes" 21 "crypto/x509" 22 "encoding/pem" 23 "errors" 24 "io/ioutil" 25 "testing" 26 27 "github.com/hyperledger/fabric/accesscontrol" 28 "github.com/hyperledger/fabric/core/crypto/primitives" 29 ) 30 31 var ( 32 attributeNames = []string{"company", "position"} 33 ) 34 35 type chaincodeStubMock struct { 36 callerCert []byte 37 /* 38 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 39 metadata []byte 40 */ 41 } 42 43 // GetCreator returns caller certificate 44 func (shim *chaincodeStubMock) GetCreator() ([]byte, error) { 45 return shim.callerCert, nil 46 } 47 48 /* 49 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 50 // GetCallerMetadata returns caller metadata 51 func (shim *chaincodeStubMock) GetCallerMetadata() ([]byte, error) { 52 return shim.metadata, nil 53 } 54 */ 55 56 type certErrorMock struct { 57 /* 58 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 59 metadata []byte 60 */ 61 } 62 63 // GetCreator returns caller certificate 64 func (shim *certErrorMock) GetCreator() ([]byte, error) { 65 return nil, errors.New("GetCreator error") 66 } 67 68 /* 69 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 70 // GetCallerMetadata returns caller metadata 71 func (shim *certErrorMock) GetCallerMetadata() ([]byte, error) { 72 return shim.metadata, nil 73 }*/ 74 75 type metadataErrorMock struct { 76 callerCert []byte 77 } 78 79 // GetCreator returns caller certificate 80 func (shim *metadataErrorMock) GetCreator() ([]byte, error) { 81 return shim.callerCert, nil 82 } 83 84 /* 85 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 86 // GetCallerMetadata returns caller metadata 87 func (shim *metadataErrorMock) GetCallerMetadata() ([]byte, error) { 88 return nil, errors.New("GetCreator error") 89 }*/ 90 91 func TestVerifyAttribute(t *testing.T) { 92 primitives.SetSecurityLevel("SHA3", 256) 93 94 /* 95 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 96 tcert, prek0, err := loadTCertAndPreK0() */ 97 tcert, err := loadTCertClear() 98 if err != nil { 99 t.Error(err) 100 } 101 tcertder := tcert.Raw 102 /* 103 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 104 metadata := []byte{32, 64} 105 106 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 107 if err != nil { 108 t.Error(err) 109 } 110 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 111 stub := &chaincodeStubMock{callerCert: tcertder} 112 handler, err := NewAttributesHandlerImpl(stub) 113 if err != nil { 114 t.Error(err) 115 } 116 117 isOk, err := handler.VerifyAttribute("position", []byte("Software Engineer")) 118 if err != nil { 119 t.Error(err) 120 } 121 122 if !isOk { 123 t.Fatal("Attribute not verified.") 124 } 125 } 126 127 /* 128 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 129 func TestVerifyAttribute_InvalidAttributeMetadata(t *testing.T) { 130 primitives.SetSecurityLevel("SHA3", 256) 131 132 tcert, _, err := loadTCertAndPreK0() 133 if err != nil { 134 t.Error(err) 135 } 136 137 tcertder := tcert.Raw 138 139 attributeMetadata := []byte{123, 22, 34, 56, 78, 44} 140 141 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata} 142 handler, err := NewAttributesHandlerImpl(stub) 143 if err != nil { 144 t.Error(err) 145 } 146 keySize := len(handler.keys) 147 if keySize != 0 { 148 t.Errorf("Test failed expected [%v] keys but found [%v]", keySize, 0) 149 } 150 }*/ 151 152 func TestNewAttributesHandlerImpl_CertificateError(t *testing.T) { 153 primitives.SetSecurityLevel("SHA3", 256) 154 155 /* 156 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 157 tcert, prek0, err := loadTCertAndPreK0() 158 tcert, err := loadTCertClear() 159 if err != nil { 160 t.Error(err) 161 } 162 tcertder := tcert.Raw 163 metadata := []byte{32, 64} 164 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 165 if err != nil { 166 t.Error(err) 167 } 168 stub := &certErrorMock{metadata: attributeMetadata}*/ 169 stub := &certErrorMock{} 170 _, err := NewAttributesHandlerImpl(stub) 171 if err == nil { 172 t.Fatal("Error shouldn't be nil") 173 } 174 } 175 176 /* 177 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 178 func TestNewAttributesHandlerImpl_MetadataError(t *testing.T) { 179 primitives.SetSecurityLevel("SHA3", 256) 180 181 tcert, _, err := loadTCertAndPreK0() 182 if err != nil { 183 t.Error(err) 184 } 185 tcertder := tcert.Raw 186 if err != nil { 187 t.Error(err) 188 } 189 stub := &metadataErrorMock{callerCert: tcertder} 190 _, err = NewAttributesHandlerImpl(stub) 191 if err == nil { 192 t.Fatal("Error shouldn't be nil") 193 } 194 }*/ 195 196 func TestNewAttributesHandlerImpl_InvalidCertificate(t *testing.T) { 197 primitives.SetSecurityLevel("SHA3", 256) 198 tcert, _, err := loadTCertAndPreK0() 199 if err != nil { 200 t.Error(err) 201 } 202 tcertder := tcert.Raw 203 if err != nil { 204 t.Error(err) 205 } 206 tcertder[0] = tcertder[0] + 1 207 stub := &metadataErrorMock{callerCert: tcertder} 208 _, err = NewAttributesHandlerImpl(stub) 209 if err == nil { 210 t.Fatal("Error shouldn't be nil") 211 } 212 } 213 214 func TestNewAttributesHandlerImpl_NullCertificate(t *testing.T) { 215 primitives.SetSecurityLevel("SHA3", 256) 216 217 /* 218 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 219 tcert, prek0, err := loadTCertAndPreK0() 220 tcert, err := loadTCertClear() 221 if err != nil { 222 t.Error(err) 223 } 224 metadata := []byte{32, 64} 225 tcertder := tcert.Raw 226 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 227 if err != nil { 228 t.Error(err) 229 } 230 stub := &chaincodeStubMock{callerCert: nil, metadata: attributeMetadata}*/ 231 stub := &chaincodeStubMock{callerCert: nil} 232 _, err := NewAttributesHandlerImpl(stub) 233 if err == nil { 234 t.Fatal("Error can't be nil.") 235 } 236 } 237 238 /* 239 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 240 func TestNewAttributesHandlerImpl_NullMetadata(t *testing.T) { 241 primitives.SetSecurityLevel("SHA3", 256) 242 243 tcert, _, err := loadTCertAndPreK0() 244 if err != nil { 245 t.Error(err) 246 } 247 tcertder := tcert.Raw 248 if err != nil { 249 t.Error(err) 250 } 251 stub := &chaincodeStubMock{callerCert: tcertder, metadata: nil} 252 handler, err := NewAttributesHandlerImpl(stub) 253 if err != nil { 254 t.Error(err) 255 } 256 keySize := len(handler.keys) 257 if keySize != 0 { 258 t.Errorf("Test failed expected [%v] keys but found [%v]", keySize, 0) 259 } 260 }*/ 261 262 func TestVerifyAttributes(t *testing.T) { 263 primitives.SetSecurityLevel("SHA3", 256) 264 265 /* 266 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 267 tcert, prek0, err := loadTCertAndPreK0() */ 268 tcert, err := loadTCertClear() 269 if err != nil { 270 t.Error(err) 271 } 272 tcertder := tcert.Raw 273 274 /* 275 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 276 metadata := []byte{32,64} 277 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 278 if err != nil { 279 t.Error(err) 280 } 281 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata} */ 282 stub := &chaincodeStubMock{callerCert: tcertder} 283 handler, err := NewAttributesHandlerImpl(stub) 284 if err != nil { 285 t.Error(err) 286 } 287 288 isOk, err := handler.VerifyAttributes(&accesscontrol.Attribute{Name: "position", Value: []byte("Software Engineer")}) 289 if err != nil { 290 t.Error(err) 291 } 292 293 if !isOk { 294 t.Fatal("Attribute not verified.") 295 } 296 } 297 298 func TestVerifyAttributes_Invalid(t *testing.T) { 299 primitives.SetSecurityLevel("SHA3", 256) 300 301 /* 302 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 303 tcert, prek0, err := loadTCertAndPreK0() */ 304 tcert, err := loadTCertClear() 305 if err != nil { 306 t.Error(err) 307 } 308 309 tcertder := tcert.Raw 310 /* 311 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 312 metadata := []byte{32,64} 313 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 314 if err != nil { 315 t.Error(err) 316 } 317 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 318 stub := &chaincodeStubMock{callerCert: tcertder} 319 handler, err := NewAttributesHandlerImpl(stub) 320 if err != nil { 321 t.Error(err) 322 } 323 324 isOk, err := handler.VerifyAttributes(&accesscontrol.Attribute{Name: "position", Value: []byte("Software Engineer")}, &accesscontrol.Attribute{Name: "position", Value: []byte("18")}) 325 if err != nil { 326 t.Error(err) 327 } 328 329 if isOk { 330 t.Fatal("Attribute position=18 should have failed") 331 } 332 } 333 334 func TestVerifyAttributes_InvalidHeader(t *testing.T) { 335 primitives.SetSecurityLevel("SHA3", 256) 336 337 /* 338 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 339 tcert, prek0, err := loadTCertAndPreK0() */ 340 tcert, err := loadTCertClear() 341 if err != nil { 342 t.Error(err) 343 } 344 345 //Change header extensions 346 tcert.Raw[583] = tcert.Raw[583] + 124 347 348 tcertder := tcert.Raw 349 /* 350 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 351 metadata := []byte{32,64} 352 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 353 if err != nil { 354 t.Error(err) 355 } 356 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 357 stub := &chaincodeStubMock{callerCert: tcertder} 358 handler, err := NewAttributesHandlerImpl(stub) 359 if err != nil { 360 t.Error(err) 361 } 362 363 _, err = handler.VerifyAttributes(&accesscontrol.Attribute{Name: "position", Value: []byte("Software Engineer")}) 364 if err == nil { 365 t.Fatal("Error can't be nil.") 366 } 367 } 368 369 func TestVerifyAttributes_InvalidAttributeValue(t *testing.T) { 370 primitives.SetSecurityLevel("SHA3", 256) 371 372 /* 373 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 374 tcert, prek0, err := loadTCertAndPreK0() */ 375 tcert, err := loadTCertClear() 376 if err != nil { 377 t.Error(err) 378 } 379 380 //Change header extensions 381 /* 382 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 337 is the offset in encrypted tcert. 383 tcert.Raw[371] = tcert.Raw[371] + 124*/ 384 tcert.Raw[558] = tcert.Raw[558] + 124 385 386 tcertder := tcert.Raw 387 /* 388 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 389 metadata := []byte{32,64} 390 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 391 if err != nil { 392 t.Error(err) 393 } 394 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata} */ 395 stub := &chaincodeStubMock{callerCert: tcertder} 396 handler, err := NewAttributesHandlerImpl(stub) 397 if err != nil { 398 t.Fatalf("Error creating attribute handlder %v", err) 399 } 400 401 v, err := handler.GetValue("position") 402 if err == nil { 403 t.Fatal("Error can't be nil." + string(v)) 404 } 405 } 406 407 func TestVerifyAttributes_Null(t *testing.T) { 408 primitives.SetSecurityLevel("SHA3", 256) 409 410 /* 411 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 412 tcert, prek0, err := loadTCertAndPreK0() */ 413 tcert, err := loadTCertClear() 414 if err != nil { 415 t.Error(err) 416 } 417 tcertder := tcert.Raw 418 419 /* 420 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 421 metadata := []byte{32,64} 422 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 423 if err != nil { 424 t.Error(err) 425 } 426 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 427 stub := &chaincodeStubMock{callerCert: tcertder} 428 handler, err := NewAttributesHandlerImpl(stub) 429 if err != nil { 430 t.Error(err) 431 } 432 433 isOk, err := handler.VerifyAttribute("position", nil) 434 if err != nil { 435 t.Error(err) 436 } 437 438 if isOk { 439 t.Fatal("Attribute null is ok.") 440 } 441 } 442 443 func TestGetValue(t *testing.T) { 444 primitives.SetSecurityLevel("SHA3", 256) 445 446 /* 447 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 448 tcert, prek0, err := loadTCertAndPreK0() */ 449 tcert, err := loadTCertClear() 450 if err != nil { 451 t.Error(err) 452 } 453 tcertder := tcert.Raw 454 /* 455 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 456 metadata := []byte{32, 64} 457 458 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 459 if err != nil { 460 t.Error(err) 461 } 462 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 463 stub := &chaincodeStubMock{callerCert: tcertder} 464 handler, err := NewAttributesHandlerImpl(stub) 465 if err != nil { 466 t.Error(err) 467 } 468 469 value, err := handler.GetValue("position") 470 if err != nil { 471 t.Error(err) 472 } 473 474 if bytes.Compare(value, []byte("Software Engineer")) != 0 { 475 t.Fatalf("Value expected was [%v] and result was [%v].", []byte("Software Engineer"), value) 476 } 477 478 //Second time read from cache. 479 value, err = handler.GetValue("position") 480 if err != nil { 481 t.Error(err) 482 } 483 484 if bytes.Compare(value, []byte("Software Engineer")) != 0 { 485 t.Fatalf("Value expected was [%v] and result was [%v].", []byte("Software Engineer"), value) 486 } 487 } 488 489 func TestGetValue_Clear(t *testing.T) { 490 primitives.SetSecurityLevel("SHA3", 256) 491 492 tcert, err := loadTCertClear() 493 if err != nil { 494 t.Error(err) 495 } 496 tcertder := tcert.Raw 497 value, err := GetValueFrom("position", tcertder) 498 if err != nil { 499 t.Error(err) 500 } 501 502 if bytes.Compare(value, []byte("Software Engineer")) != 0 { 503 t.Fatalf("Value expected was [%v] and result was [%v].", []byte("Software Engineer"), value) 504 } 505 506 //Second time read from cache. 507 value, err = GetValueFrom("position", tcertder) 508 if err != nil { 509 t.Error(err) 510 } 511 512 if bytes.Compare(value, []byte("Software Engineer")) != 0 { 513 t.Fatalf("Value expected was [%v] and result was [%v].", []byte("Software Engineer"), value) 514 } 515 } 516 517 func TestGetValue_BadHeaderTCert(t *testing.T) { 518 primitives.SetSecurityLevel("SHA3", 256) 519 520 tcert, err := loadTCertFromFile("./test_resources/tcert_bad.dump") 521 if err != nil { 522 t.Error(err) 523 } 524 tcertder := tcert.Raw 525 _, err = GetValueFrom("position", tcertder) 526 if err == nil { 527 t.Fatal("Test should be fail due TCert has an invalid header.") 528 } 529 } 530 531 func TestGetValue_Clear_NullTCert(t *testing.T) { 532 primitives.SetSecurityLevel("SHA3", 256) 533 _, err := GetValueFrom("position", nil) 534 if err == nil { 535 t.Error(err) 536 } 537 } 538 539 func TestGetValue_InvalidAttribute(t *testing.T) { 540 primitives.SetSecurityLevel("SHA3", 256) 541 542 /* 543 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 544 tcert, prek0, err := loadTCertAndPreK0() */ 545 tcert, err := loadTCertClear() 546 if err != nil { 547 t.Error(err) 548 } 549 tcertder := tcert.Raw 550 /* 551 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 552 metadata := []byte{32, 64} 553 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 554 if err != nil { 555 t.Error(err) 556 } 557 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 558 stub := &chaincodeStubMock{callerCert: tcertder} 559 handler, err := NewAttributesHandlerImpl(stub) 560 if err != nil { 561 t.Error(err) 562 } 563 564 _, err = handler.GetValue("age") 565 if err == nil { 566 t.Error(err) 567 } 568 569 //Force invalid key 570 handler.keys["position"] = nil 571 _, err = handler.GetValue("positions") 572 if err == nil { 573 t.Error(err) 574 } 575 } 576 577 func TestGetValue_Clear_InvalidAttribute(t *testing.T) { 578 primitives.SetSecurityLevel("SHA3", 256) 579 580 tcert, err := loadTCertClear() 581 if err != nil { 582 t.Error(err) 583 } 584 tcertder := tcert.Raw 585 /* 586 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 587 metadata := []byte{32, 64} 588 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 589 if err != nil { 590 t.Error(err) 591 } 592 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 593 stub := &chaincodeStubMock{callerCert: tcertder} 594 handler, err := NewAttributesHandlerImpl(stub) 595 if err != nil { 596 t.Error(err) 597 } 598 599 value, err := handler.GetValue("age") 600 if value != nil || err == nil { 601 t.Fatalf("Test should fail [%v] \n", string(value)) 602 } 603 } 604 605 func TestGetValue_InvalidAttribute_ValidAttribute(t *testing.T) { 606 primitives.SetSecurityLevel("SHA3", 256) 607 608 /* 609 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 610 tcert, prek0, err := loadTCertAndPreK0() */ 611 tcert, err := loadTCertClear() 612 if err != nil { 613 t.Error(err) 614 } 615 tcertder := tcert.Raw 616 /* 617 TODO: ##attributes-keys-pending This code have be redefined to avoid use of metadata field. 618 metadata := []byte{32, 64} 619 attributeMetadata, err := attributes.CreateAttributesMetadata(tcertder, metadata, prek0, attributeNames) 620 if err != nil { 621 t.Error(err) 622 } 623 stub := &chaincodeStubMock{callerCert: tcertder, metadata: attributeMetadata}*/ 624 stub := &chaincodeStubMock{callerCert: tcertder} 625 handler, err := NewAttributesHandlerImpl(stub) 626 if err != nil { 627 t.Error(err) 628 } 629 630 _, err = handler.GetValue("age") 631 if err == nil { 632 t.Error(err) 633 } 634 635 //Second time read a valid attribute from the TCert. 636 value, err := handler.GetValue("position") 637 if err != nil { 638 t.Error(err) 639 } 640 641 if bytes.Compare(value, []byte("Software Engineer")) != 0 { 642 t.Fatalf("Value expected was [%v] and result was [%v].", []byte("Software Engineer"), value) 643 } 644 } 645 646 func loadTCertFromFile(filepath string) (*x509.Certificate, error) { 647 tcertRaw, err := ioutil.ReadFile(filepath) 648 if err != nil { 649 return nil, err 650 } 651 652 tcertDecoded, _ := pem.Decode(tcertRaw) 653 654 tcert, err := x509.ParseCertificate(tcertDecoded.Bytes) 655 if err != nil { 656 return nil, err 657 } 658 659 return tcert, nil 660 } 661 662 func loadTCertAndPreK0() (*x509.Certificate, []byte, error) { 663 preKey0, err := ioutil.ReadFile("./test_resources/prek0.dump") 664 if err != nil { 665 return nil, nil, err 666 } 667 668 if err != nil { 669 return nil, nil, err 670 } 671 672 tcert, err := loadTCertFromFile("./test_resources/tcert.dump") 673 if err != nil { 674 return nil, nil, err 675 } 676 677 return tcert, preKey0, nil 678 } 679 680 func loadTCertClear() (*x509.Certificate, error) { 681 return loadTCertFromFile("./test_resources/tcert_clear.dump") 682 }