github.com/darrenli6/fabric-sdk-example@v0.0.0-20220109053535-94b13b56df8c/msp/msp_test.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package msp 18 19 import ( 20 "errors" 21 "fmt" 22 "os" 23 "path/filepath" 24 "reflect" 25 "testing" 26 27 "github.com/golang/protobuf/proto" 28 "github.com/hyperledger/fabric/bccsp" 29 "github.com/hyperledger/fabric/bccsp/sw" 30 "github.com/hyperledger/fabric/core/config" 31 "github.com/hyperledger/fabric/protos/msp" 32 "github.com/stretchr/testify/assert" 33 ) 34 35 var notACert = `-----BEGIN X509 CRL----- 36 MIIBYzCCAQgCAQEwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgT 37 CkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFklu 38 dGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhh 39 bXBsZS5jb20XDTE3MDEyMzIwNTYyMFoXDTE3MDEyNjIwNTYyMFowJzAlAhQERXCx 40 LHROap1vM3CV40EHOghPTBcNMTcwMTIzMjA0NzMxWqAvMC0wHwYDVR0jBBgwFoAU 41 F2dCPaqegj/ExR2fW8OZ0bWcSBAwCgYDVR0UBAMCAQgwCgYIKoZIzj0EAwIDSQAw 42 RgIhAOTTpQYkGO+gwVe1LQOcNMD5fzFViOwBUraMrk6dRMlmAiEA8z2dpXKGwHrj 43 FRBbKkDnSpaVcZgjns+mLdHV2JkF0gk= 44 -----END X509 CRL-----` 45 46 func TestMSPParsers(t *testing.T) { 47 _, _, err := localMsp.(*bccspmsp).getIdentityFromConf(nil) 48 assert.Error(t, err) 49 _, _, err = localMsp.(*bccspmsp).getIdentityFromConf([]byte("barf")) 50 assert.Error(t, err) 51 _, _, err = localMsp.(*bccspmsp).getIdentityFromConf([]byte(notACert)) 52 assert.Error(t, err) 53 54 _, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(nil) 55 assert.Error(t, err) 56 57 sigid := &msp.SigningIdentityInfo{PublicSigner: []byte("barf"), PrivateSigner: nil} 58 _, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid) 59 60 keyinfo := &msp.KeyInfo{KeyIdentifier: "PEER", KeyMaterial: nil} 61 sigid = &msp.SigningIdentityInfo{PublicSigner: []byte("barf"), PrivateSigner: keyinfo} 62 _, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid) 63 assert.Error(t, err) 64 } 65 66 func TestMSPSetupNoCryptoConf(t *testing.T) { 67 mspDir, err := config.GetDevMspDir() 68 if err != nil { 69 fmt.Printf("Errog getting DevMspDir: %s", err) 70 os.Exit(-1) 71 } 72 73 conf, err := GetLocalMspConfig(mspDir, nil, "DEFAULT") 74 if err != nil { 75 fmt.Printf("Setup should have succeeded, got err %s instead", err) 76 os.Exit(-1) 77 } 78 79 mspconf := &msp.FabricMSPConfig{} 80 err = proto.Unmarshal(conf.Config, mspconf) 81 assert.NoError(t, err) 82 83 // here we test the case of an MSP configuration 84 // where the hash function to be used to obtain 85 // the identity identifier is unspecified - a 86 // sane default should be picked 87 mspconf.CryptoConfig.IdentityIdentifierHashFunction = "" 88 b, err := proto.Marshal(mspconf) 89 assert.NoError(t, err) 90 conf.Config = b 91 newmsp, err := NewBccspMsp() 92 assert.NoError(t, err) 93 err = newmsp.Setup(conf) 94 assert.NoError(t, err) 95 96 // here we test the case of an MSP configuration 97 // where the hash function to be used to compute 98 // signatures is unspecified - a sane default 99 // should be picked 100 mspconf.CryptoConfig.SignatureHashFamily = "" 101 b, err = proto.Marshal(mspconf) 102 assert.NoError(t, err) 103 conf.Config = b 104 newmsp, err = NewBccspMsp() 105 assert.NoError(t, err) 106 err = newmsp.Setup(conf) 107 assert.NoError(t, err) 108 109 // here we test the case of an MSP configuration 110 // that has NO crypto configuration specified; 111 // the code will use appropriate defaults 112 mspconf.CryptoConfig = nil 113 b, err = proto.Marshal(mspconf) 114 assert.NoError(t, err) 115 conf.Config = b 116 newmsp, err = NewBccspMsp() 117 assert.NoError(t, err) 118 err = newmsp.Setup(conf) 119 assert.NoError(t, err) 120 } 121 122 func TestGetters(t *testing.T) { 123 typ := localMsp.GetType() 124 assert.Equal(t, typ, FABRIC) 125 assert.NotNil(t, localMsp.GetTLSRootCerts()) 126 assert.NotNil(t, localMsp.GetTLSIntermediateCerts()) 127 } 128 129 func TestMSPSetupBad(t *testing.T) { 130 _, err := GetLocalMspConfig("barf", nil, "DEFAULT") 131 if err == nil { 132 t.Fatalf("Setup should have failed on an invalid config file") 133 return 134 } 135 136 mgr := NewMSPManager() 137 err = mgr.Setup(nil) 138 assert.Error(t, err) 139 err = mgr.Setup([]MSP{}) 140 assert.Error(t, err) 141 } 142 143 func TestDoubleSetup(t *testing.T) { 144 // note that we've already called setup once on this 145 err := mspMgr.Setup(nil) 146 assert.NoError(t, err) 147 } 148 149 type bccspNoKeyLookupKS struct { 150 bccsp.BCCSP 151 } 152 153 func (*bccspNoKeyLookupKS) GetKey(ski []byte) (k bccsp.Key, err error) { 154 return nil, errors.New("not found") 155 } 156 157 func TestNotFoundInBCCSP(t *testing.T) { 158 dir, err := config.GetDevMspDir() 159 assert.NoError(t, err) 160 conf, err := GetLocalMspConfig(dir, nil, "DEFAULT") 161 162 assert.NoError(t, err) 163 164 thisMSP, err := NewBccspMsp() 165 assert.NoError(t, err) 166 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 167 assert.NoError(t, err) 168 csp, err := sw.New(256, "SHA2", ks) 169 assert.NoError(t, err) 170 thisMSP.(*bccspmsp).bccsp = &bccspNoKeyLookupKS{csp} 171 172 err = thisMSP.Setup(conf) 173 assert.Error(t, err) 174 assert.Contains(t, "KeyMaterial not found in SigningIdentityInfo", err.Error()) 175 } 176 177 func TestGetIdentities(t *testing.T) { 178 _, err := localMsp.GetDefaultSigningIdentity() 179 if err != nil { 180 t.Fatalf("GetDefaultSigningIdentity failed with err %s", err) 181 return 182 } 183 } 184 185 func TestDeserializeIdentityFails(t *testing.T) { 186 _, err := localMsp.DeserializeIdentity([]byte("barf")) 187 assert.Error(t, err) 188 189 id := &msp.SerializedIdentity{Mspid: "DEFAULT", IdBytes: []byte("barfr")} 190 b, err := proto.Marshal(id) 191 assert.NoError(t, err) 192 _, err = localMsp.DeserializeIdentity(b) 193 assert.Error(t, err) 194 195 id = &msp.SerializedIdentity{Mspid: "DEFAULT", IdBytes: []byte(notACert)} 196 b, err = proto.Marshal(id) 197 assert.NoError(t, err) 198 _, err = localMsp.DeserializeIdentity(b) 199 assert.Error(t, err) 200 } 201 202 func TestGetSigningIdentityFromVerifyingMSP(t *testing.T) { 203 mspDir, err := config.GetDevMspDir() 204 if err != nil { 205 fmt.Printf("Errog getting DevMspDir: %s", err) 206 os.Exit(-1) 207 } 208 209 conf, err = GetVerifyingMspConfig(mspDir, "DEFAULT") 210 if err != nil { 211 fmt.Printf("Setup should have succeeded, got err %s instead", err) 212 os.Exit(-1) 213 } 214 215 newmsp, err := NewBccspMsp() 216 assert.NoError(t, err) 217 err = newmsp.Setup(conf) 218 assert.NoError(t, err) 219 220 _, err = newmsp.GetDefaultSigningIdentity() 221 assert.Error(t, err) 222 _, err = newmsp.GetSigningIdentity(nil) 223 assert.Error(t, err) 224 } 225 226 func TestValidateDefaultSigningIdentity(t *testing.T) { 227 id, err := localMsp.GetDefaultSigningIdentity() 228 assert.NoError(t, err) 229 230 err = localMsp.Validate(id.GetPublicVersion()) 231 assert.NoError(t, err) 232 } 233 234 func TestSerializeIdentities(t *testing.T) { 235 id, err := localMsp.GetDefaultSigningIdentity() 236 if err != nil { 237 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 238 return 239 } 240 241 serializedID, err := id.Serialize() 242 if err != nil { 243 t.Fatalf("Serialize should have succeeded, got err %s", err) 244 return 245 } 246 247 idBack, err := localMsp.DeserializeIdentity(serializedID) 248 if err != nil { 249 t.Fatalf("DeserializeIdentity should have succeeded, got err %s", err) 250 return 251 } 252 253 err = localMsp.Validate(idBack) 254 if err != nil { 255 t.Fatalf("The identity should be valid, got err %s", err) 256 return 257 } 258 259 if !reflect.DeepEqual(id.GetPublicVersion(), idBack) { 260 t.Fatalf("Identities should be equal (%s) (%s)", id, idBack) 261 return 262 } 263 } 264 265 func TestValidateCAIdentity(t *testing.T) { 266 caID := getIdentity(t, cacerts) 267 268 err := localMsp.Validate(caID) 269 assert.Error(t, err) 270 } 271 272 func TestBadAdminIdentity(t *testing.T) { 273 conf, err := GetLocalMspConfig("testdata/badadmin", nil, "DEFAULT") 274 assert.NoError(t, err) 275 276 thisMSP, err := NewBccspMsp() 277 assert.NoError(t, err) 278 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join("testdata/badadmin", "keystore"), true) 279 assert.NoError(t, err) 280 csp, err := sw.New(256, "SHA2", ks) 281 assert.NoError(t, err) 282 thisMSP.(*bccspmsp).bccsp = csp 283 284 err = thisMSP.Setup(conf) 285 assert.Error(t, err) 286 } 287 288 func TestValidateAdminIdentity(t *testing.T) { 289 caID := getIdentity(t, admincerts) 290 291 err := localMsp.Validate(caID) 292 assert.NoError(t, err) 293 } 294 295 func TestSerializeIdentitiesWithWrongMSP(t *testing.T) { 296 id, err := localMsp.GetDefaultSigningIdentity() 297 if err != nil { 298 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 299 return 300 } 301 302 serializedID, err := id.Serialize() 303 if err != nil { 304 t.Fatalf("Serialize should have succeeded, got err %s", err) 305 return 306 } 307 308 sid := &msp.SerializedIdentity{} 309 err = proto.Unmarshal(serializedID, sid) 310 assert.NoError(t, err) 311 312 sid.Mspid += "BARF" 313 314 serializedID, err = proto.Marshal(sid) 315 assert.NoError(t, err) 316 317 _, err = localMsp.DeserializeIdentity(serializedID) 318 assert.Error(t, err) 319 } 320 321 func TestSerializeIdentitiesWithMSPManager(t *testing.T) { 322 id, err := localMsp.GetDefaultSigningIdentity() 323 if err != nil { 324 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 325 return 326 } 327 328 serializedID, err := id.Serialize() 329 if err != nil { 330 t.Fatalf("Serialize should have succeeded, got err %s", err) 331 return 332 } 333 334 _, err = mspMgr.DeserializeIdentity(serializedID) 335 assert.NoError(t, err) 336 337 sid := &msp.SerializedIdentity{} 338 err = proto.Unmarshal(serializedID, sid) 339 assert.NoError(t, err) 340 341 sid.Mspid += "BARF" 342 343 serializedID, err = proto.Marshal(sid) 344 assert.NoError(t, err) 345 346 _, err = mspMgr.DeserializeIdentity(serializedID) 347 assert.Error(t, err) 348 } 349 350 func TestIdentitiesGetters(t *testing.T) { 351 id, err := localMsp.GetDefaultSigningIdentity() 352 if err != nil { 353 t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err) 354 return 355 } 356 357 idid := id.GetIdentifier() 358 assert.NotNil(t, idid) 359 mspid := id.GetMSPIdentifier() 360 assert.NotNil(t, mspid) 361 } 362 363 func TestSignAndVerify(t *testing.T) { 364 id, err := localMsp.GetDefaultSigningIdentity() 365 if err != nil { 366 t.Fatalf("GetSigningIdentity should have succeeded") 367 return 368 } 369 370 serializedID, err := id.Serialize() 371 if err != nil { 372 t.Fatalf("Serialize should have succeeded") 373 return 374 } 375 376 idBack, err := localMsp.DeserializeIdentity(serializedID) 377 if err != nil { 378 t.Fatalf("DeserializeIdentity should have succeeded") 379 return 380 } 381 382 msg := []byte("foo") 383 sig, err := id.Sign(msg) 384 if err != nil { 385 t.Fatalf("Sign should have succeeded") 386 return 387 } 388 389 err = id.Verify(msg, sig) 390 if err != nil { 391 t.Fatalf("The signature should be valid") 392 return 393 } 394 395 err = idBack.Verify(msg, sig) 396 if err != nil { 397 t.Fatalf("The signature should be valid") 398 return 399 } 400 401 err = id.Verify(msg[1:], sig) 402 assert.Error(t, err) 403 err = id.Verify(msg, sig[1:]) 404 assert.Error(t, err) 405 } 406 407 func TestSignAndVerifyFailures(t *testing.T) { 408 msg := []byte("foo") 409 410 id, err := localMspBad.GetDefaultSigningIdentity() 411 if err != nil { 412 t.Fatalf("GetSigningIdentity should have succeeded") 413 return 414 } 415 416 hash := id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily 417 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = "barf" 418 419 sig, err := id.Sign(msg) 420 assert.Error(t, err) 421 422 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash 423 424 sig, err = id.Sign(msg) 425 if err != nil { 426 t.Fatalf("Sign should have succeeded") 427 return 428 } 429 430 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = "barf" 431 432 err = id.Verify(msg, sig) 433 assert.Error(t, err) 434 435 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash 436 } 437 438 func TestSignAndVerifyOtherHash(t *testing.T) { 439 id, err := localMsp.GetDefaultSigningIdentity() 440 if err != nil { 441 t.Fatalf("GetSigningIdentity should have succeeded") 442 return 443 } 444 445 hash := id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily 446 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = bccsp.SHA3 447 448 msg := []byte("foo") 449 sig, err := id.Sign(msg) 450 if err != nil { 451 t.Fatalf("Sign should have succeeded") 452 return 453 } 454 455 err = id.Verify(msg, sig) 456 assert.NoError(t, err) 457 458 id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash 459 } 460 461 func TestSignAndVerify_longMessage(t *testing.T) { 462 id, err := localMsp.GetDefaultSigningIdentity() 463 if err != nil { 464 t.Fatalf("GetSigningIdentity should have succeeded") 465 return 466 } 467 468 serializedID, err := id.Serialize() 469 if err != nil { 470 t.Fatalf("Serialize should have succeeded") 471 return 472 } 473 474 idBack, err := localMsp.DeserializeIdentity(serializedID) 475 if err != nil { 476 t.Fatalf("DeserializeIdentity should have succeeded") 477 return 478 } 479 480 msg := []byte("ABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFG") 481 sig, err := id.Sign(msg) 482 if err != nil { 483 t.Fatalf("Sign should have succeeded") 484 return 485 } 486 487 err = id.Verify(msg, sig) 488 if err != nil { 489 t.Fatalf("The signature should be valid") 490 return 491 } 492 493 err = idBack.Verify(msg, sig) 494 if err != nil { 495 t.Fatalf("The signature should be valid") 496 return 497 } 498 } 499 500 func TestGetOU(t *testing.T) { 501 id, err := localMsp.GetDefaultSigningIdentity() 502 if err != nil { 503 t.Fatalf("GetSigningIdentity should have succeeded") 504 return 505 } 506 507 assert.Equal(t, "COP", id.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier) 508 } 509 510 func TestGetOUFail(t *testing.T) { 511 id, err := localMspBad.GetDefaultSigningIdentity() 512 if err != nil { 513 t.Fatalf("GetSigningIdentity should have succeeded") 514 return 515 } 516 517 certTmp := id.(*signingidentity).cert 518 id.(*signingidentity).cert = nil 519 ou := id.GetOrganizationalUnits() 520 assert.Nil(t, ou) 521 522 id.(*signingidentity).cert = certTmp 523 524 opts := id.(*signingidentity).msp.opts 525 id.(*signingidentity).msp.opts = nil 526 ou = id.GetOrganizationalUnits() 527 assert.Nil(t, ou) 528 529 id.(*signingidentity).msp.opts = opts 530 } 531 532 func TestCertificationIdentifierComputation(t *testing.T) { 533 id, err := localMsp.GetDefaultSigningIdentity() 534 assert.NoError(t, err) 535 536 chain, err := localMsp.(*bccspmsp).getCertificationChain(id.GetPublicVersion()) 537 assert.NoError(t, err) 538 539 // Hash the chain 540 // Use the hash of the identity's certificate as id in the IdentityIdentifier 541 hashOpt, err := bccsp.GetHashOpt(localMsp.(*bccspmsp).cryptoConfig.IdentityIdentifierHashFunction) 542 assert.NoError(t, err) 543 544 hf, err := localMsp.(*bccspmsp).bccsp.GetHash(hashOpt) 545 assert.NoError(t, err) 546 // Skipping first cert because it belongs to the identity 547 for i := 1; i < len(chain); i++ { 548 hf.Write(chain[i].Raw) 549 } 550 sum := hf.Sum(nil) 551 552 assert.Equal(t, sum, id.GetOrganizationalUnits()[0].CertifiersIdentifier) 553 } 554 555 func TestOUPolicyPrincipal(t *testing.T) { 556 id, err := localMsp.GetDefaultSigningIdentity() 557 assert.NoError(t, err) 558 559 cid, err := localMsp.(*bccspmsp).getCertificationChainIdentifier(id.GetPublicVersion()) 560 assert.NoError(t, err) 561 562 ou := &msp.OrganizationUnit{ 563 OrganizationalUnitIdentifier: "COP", 564 MspIdentifier: "DEFAULT", 565 CertifiersIdentifier: cid, 566 } 567 bytes, err := proto.Marshal(ou) 568 assert.NoError(t, err) 569 570 principal := &msp.MSPPrincipal{ 571 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 572 Principal: bytes, 573 } 574 575 err = id.SatisfiesPrincipal(principal) 576 assert.NoError(t, err) 577 } 578 579 func TestOUPolicyPrincipalBadPrincipal(t *testing.T) { 580 id, err := localMsp.GetDefaultSigningIdentity() 581 assert.NoError(t, err) 582 583 principal := &msp.MSPPrincipal{ 584 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 585 Principal: []byte("barf"), 586 } 587 588 err = id.SatisfiesPrincipal(principal) 589 assert.Error(t, err) 590 } 591 592 func TestOUPolicyPrincipalBadMSPID(t *testing.T) { 593 id, err := localMsp.GetDefaultSigningIdentity() 594 assert.NoError(t, err) 595 596 cid, err := localMsp.(*bccspmsp).getCertificationChainIdentifier(id.GetPublicVersion()) 597 assert.NoError(t, err) 598 599 ou := &msp.OrganizationUnit{ 600 OrganizationalUnitIdentifier: "COP", 601 MspIdentifier: "DEFAULTbarfbarf", 602 CertifiersIdentifier: cid, 603 } 604 bytes, err := proto.Marshal(ou) 605 assert.NoError(t, err) 606 607 principal := &msp.MSPPrincipal{ 608 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 609 Principal: bytes, 610 } 611 612 err = id.SatisfiesPrincipal(principal) 613 assert.Error(t, err) 614 } 615 616 func TestOUPolicyPrincipalBadPath(t *testing.T) { 617 id, err := localMsp.GetDefaultSigningIdentity() 618 assert.NoError(t, err) 619 620 ou := &msp.OrganizationUnit{ 621 OrganizationalUnitIdentifier: "COP", 622 MspIdentifier: "DEFAULT", 623 CertifiersIdentifier: nil, 624 } 625 bytes, err := proto.Marshal(ou) 626 assert.NoError(t, err) 627 628 principal := &msp.MSPPrincipal{ 629 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 630 Principal: bytes, 631 } 632 633 err = id.SatisfiesPrincipal(principal) 634 assert.Error(t, err) 635 636 ou = &msp.OrganizationUnit{ 637 OrganizationalUnitIdentifier: "COP", 638 MspIdentifier: "DEFAULT", 639 CertifiersIdentifier: []byte{0, 1, 2, 3, 4}, 640 } 641 bytes, err = proto.Marshal(ou) 642 assert.NoError(t, err) 643 644 principal = &msp.MSPPrincipal{ 645 PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT, 646 Principal: bytes, 647 } 648 649 err = id.SatisfiesPrincipal(principal) 650 assert.Error(t, err) 651 } 652 653 func TestPolicyPrincipalBogusType(t *testing.T) { 654 id, err := localMsp.GetDefaultSigningIdentity() 655 assert.NoError(t, err) 656 657 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 35, MspIdentifier: "DEFAULT"}) 658 assert.NoError(t, err) 659 660 principal := &msp.MSPPrincipal{ 661 PrincipalClassification: 35, 662 Principal: principalBytes} 663 664 err = id.SatisfiesPrincipal(principal) 665 assert.Error(t, err) 666 } 667 668 func TestPolicyPrincipalBogusRole(t *testing.T) { 669 id, err := localMsp.GetDefaultSigningIdentity() 670 assert.NoError(t, err) 671 672 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 35, MspIdentifier: "DEFAULT"}) 673 assert.NoError(t, err) 674 675 principal := &msp.MSPPrincipal{ 676 PrincipalClassification: msp.MSPPrincipal_ROLE, 677 Principal: principalBytes} 678 679 err = id.SatisfiesPrincipal(principal) 680 assert.Error(t, err) 681 } 682 683 func TestPolicyPrincipalWrongMSPID(t *testing.T) { 684 id, err := localMsp.GetDefaultSigningIdentity() 685 assert.NoError(t, err) 686 687 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "DEFAULTBARFBARF"}) 688 assert.NoError(t, err) 689 690 principal := &msp.MSPPrincipal{ 691 PrincipalClassification: msp.MSPPrincipal_ROLE, 692 Principal: principalBytes} 693 694 err = id.SatisfiesPrincipal(principal) 695 assert.Error(t, err) 696 } 697 698 func TestMemberPolicyPrincipal(t *testing.T) { 699 id, err := localMsp.GetDefaultSigningIdentity() 700 assert.NoError(t, err) 701 702 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "DEFAULT"}) 703 assert.NoError(t, err) 704 705 principal := &msp.MSPPrincipal{ 706 PrincipalClassification: msp.MSPPrincipal_ROLE, 707 Principal: principalBytes} 708 709 err = id.SatisfiesPrincipal(principal) 710 assert.NoError(t, err) 711 } 712 713 func TestAdminPolicyPrincipal(t *testing.T) { 714 id, err := localMsp.GetDefaultSigningIdentity() 715 assert.NoError(t, err) 716 717 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "DEFAULT"}) 718 assert.NoError(t, err) 719 720 principal := &msp.MSPPrincipal{ 721 PrincipalClassification: msp.MSPPrincipal_ROLE, 722 Principal: principalBytes} 723 724 err = id.SatisfiesPrincipal(principal) 725 assert.NoError(t, err) 726 } 727 728 func TestAdminPolicyPrincipalFails(t *testing.T) { 729 id, err := localMsp.GetDefaultSigningIdentity() 730 assert.NoError(t, err) 731 732 principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "DEFAULT"}) 733 assert.NoError(t, err) 734 735 principal := &msp.MSPPrincipal{ 736 PrincipalClassification: msp.MSPPrincipal_ROLE, 737 Principal: principalBytes} 738 739 // remove the admin so validation will fail 740 localMsp.(*bccspmsp).admins = make([]Identity, 0) 741 742 err = id.SatisfiesPrincipal(principal) 743 assert.Error(t, err) 744 } 745 746 func TestIdentityPolicyPrincipal(t *testing.T) { 747 id, err := localMsp.GetDefaultSigningIdentity() 748 assert.NoError(t, err) 749 750 idSerialized, err := id.Serialize() 751 assert.NoError(t, err) 752 753 principal := &msp.MSPPrincipal{ 754 PrincipalClassification: msp.MSPPrincipal_IDENTITY, 755 Principal: idSerialized} 756 757 err = id.SatisfiesPrincipal(principal) 758 assert.NoError(t, err) 759 } 760 761 func TestIdentityPolicyPrincipalBadBytes(t *testing.T) { 762 id, err := localMsp.GetDefaultSigningIdentity() 763 assert.NoError(t, err) 764 765 principal := &msp.MSPPrincipal{ 766 PrincipalClassification: msp.MSPPrincipal_IDENTITY, 767 Principal: []byte("barf")} 768 769 err = id.SatisfiesPrincipal(principal) 770 assert.Error(t, err) 771 } 772 773 func TestMSPOus(t *testing.T) { 774 // Set the OUIdentifiers 775 backup := localMsp.(*bccspmsp).ouIdentifiers 776 defer func() { localMsp.(*bccspmsp).ouIdentifiers = backup }() 777 778 id, err := localMsp.GetDefaultSigningIdentity() 779 assert.NoError(t, err) 780 781 localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{ 782 "COP": {id.GetOrganizationalUnits()[0].CertifiersIdentifier}, 783 } 784 assert.NoError(t, localMsp.Validate(id.GetPublicVersion())) 785 786 localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{ 787 "COP2": {id.GetOrganizationalUnits()[0].CertifiersIdentifier}, 788 } 789 assert.Error(t, localMsp.Validate(id.GetPublicVersion())) 790 791 localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{ 792 "COP": {{0, 1, 2, 3, 4}}, 793 } 794 assert.Error(t, localMsp.Validate(id.GetPublicVersion())) 795 } 796 797 const othercert = `-----BEGIN CERTIFICATE----- 798 MIIDAzCCAqigAwIBAgIBAjAKBggqhkjOPQQDAjBsMQswCQYDVQQGEwJHQjEQMA4G 799 A1UECAwHRW5nbGFuZDEOMAwGA1UECgwFQmFyMTkxDjAMBgNVBAsMBUJhcjE5MQ4w 800 DAYDVQQDDAVCYXIxOTEbMBkGCSqGSIb3DQEJARYMQmFyMTktY2xpZW50MB4XDTE3 801 MDIwOTE2MDcxMFoXDTE4MDIxOTE2MDcxMFowfDELMAkGA1UEBhMCR0IxEDAOBgNV 802 BAgMB0VuZ2xhbmQxEDAOBgNVBAcMB0lwc3dpY2gxDjAMBgNVBAoMBUJhcjE5MQ4w 803 DAYDVQQLDAVCYXIxOTEOMAwGA1UEAwwFQmFyMTkxGTAXBgkqhkiG9w0BCQEWCkJh 804 cjE5LXBlZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlRSnAyD+ND6qmaRV7 805 AS/BPJKX5dZt3gBe1v/RewOpc1zJeXQNWACAk0ae3mv5u9l0HxI6TXJIAQSwJACu 806 Rqsyo4IBKTCCASUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZI 807 AYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAd 808 BgNVHQ4EFgQUwHzbLJQMaWd1cpHdkSaEFxdKB1owgYsGA1UdIwSBgzCBgIAUYxFe 809 +cXOD5iQ223bZNdOuKCRiTKhZaRjMGExCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdF 810 bmdsYW5kMRAwDgYDVQQHDAdJcHN3aWNoMQ4wDAYDVQQKDAVCYXIxOTEOMAwGA1UE 811 CwwFQmFyMTkxDjAMBgNVBAMMBUJhcjE5ggEBMA4GA1UdDwEB/wQEAwIFoDATBgNV 812 HSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJADBGAiEAuMq65lOaie4705Ol 813 Ow52DjbaO2YuIxK2auBCqNIu0gECIQCDoKdUQ/sa+9Ah1mzneE6iz/f/YFVWo4EP 814 HeamPGiDTQ== 815 -----END CERTIFICATE----- 816 ` 817 818 func TestIdentityPolicyPrincipalFails(t *testing.T) { 819 id, err := localMsp.GetDefaultSigningIdentity() 820 assert.NoError(t, err) 821 822 sid, err := NewSerializedIdentity("DEFAULT", []byte(othercert)) 823 assert.NoError(t, err) 824 825 principal := &msp.MSPPrincipal{ 826 PrincipalClassification: msp.MSPPrincipal_IDENTITY, 827 Principal: sid} 828 829 err = id.SatisfiesPrincipal(principal) 830 assert.Error(t, err) 831 } 832 833 var conf *msp.MSPConfig 834 var localMsp MSP 835 836 // Required because deleting the cert or msp options from localMsp causes parallel tests to fail 837 var localMspBad MSP 838 var mspMgr MSPManager 839 840 func TestMain(m *testing.M) { 841 var err error 842 mspDir, err := config.GetDevMspDir() 843 if err != nil { 844 fmt.Printf("Errog getting DevMspDir: %s", err) 845 os.Exit(-1) 846 } 847 848 conf, err = GetLocalMspConfig(mspDir, nil, "DEFAULT") 849 if err != nil { 850 fmt.Printf("Setup should have succeeded, got err %s instead", err) 851 os.Exit(-1) 852 } 853 854 localMsp, err = NewBccspMsp() 855 if err != nil { 856 fmt.Printf("Constructor for msp should have succeeded, got err %s instead", err) 857 os.Exit(-1) 858 } 859 860 localMspBad, err = NewBccspMsp() 861 if err != nil { 862 fmt.Printf("Constructor for msp should have succeeded, got err %s instead", err) 863 os.Exit(-1) 864 } 865 866 err = localMsp.Setup(conf) 867 if err != nil { 868 fmt.Printf("Setup for msp should have succeeded, got err %s instead", err) 869 os.Exit(-1) 870 } 871 872 err = localMspBad.Setup(conf) 873 if err != nil { 874 fmt.Printf("Setup for msp should have succeeded, got err %s instead", err) 875 os.Exit(-1) 876 } 877 878 mspMgr = NewMSPManager() 879 err = mspMgr.Setup([]MSP{localMsp}) 880 if err != nil { 881 fmt.Printf("Setup for msp manager should have succeeded, got err %s instead", err) 882 os.Exit(-1) 883 } 884 885 id, err := localMsp.GetIdentifier() 886 if err != nil { 887 fmt.Println("Failed obtaining identifier for localMSP") 888 os.Exit(-1) 889 } 890 891 msps, err := mspMgr.GetMSPs() 892 if err != nil { 893 fmt.Println("Failed obtaining MSPs from MSP manager") 894 os.Exit(-1) 895 } 896 897 if msps[id] == nil { 898 fmt.Println("Couldn't find localMSP in MSP manager") 899 os.Exit(-1) 900 } 901 902 retVal := m.Run() 903 os.Exit(retVal) 904 } 905 906 func getIdentity(t *testing.T, path string) Identity { 907 mspDir, err := config.GetDevMspDir() 908 assert.NoError(t, err) 909 910 pems, err := getPemMaterialFromDir(filepath.Join(mspDir, path)) 911 assert.NoError(t, err) 912 913 id, _, err := localMsp.(*bccspmsp).getIdentityFromConf(pems[0]) 914 assert.NoError(t, err) 915 916 return id 917 } 918 919 func getLocalMSP(t *testing.T, dir string) MSP { 920 conf, err := GetLocalMspConfig(dir, nil, "DEFAULT") 921 assert.NoError(t, err) 922 923 thisMSP, err := NewBccspMsp() 924 assert.NoError(t, err) 925 ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true) 926 assert.NoError(t, err) 927 csp, err := sw.New(256, "SHA2", ks) 928 assert.NoError(t, err) 929 thisMSP.(*bccspmsp).bccsp = csp 930 931 err = thisMSP.Setup(conf) 932 assert.NoError(t, err) 933 934 return thisMSP 935 }