github.com/darrenli6/fabric-sdk-example@v0.0.0-20220109053535-94b13b56df8c/msp/msp_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2017 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package msp
    18  
    19  import (
    20  	"errors"
    21  	"fmt"
    22  	"os"
    23  	"path/filepath"
    24  	"reflect"
    25  	"testing"
    26  
    27  	"github.com/golang/protobuf/proto"
    28  	"github.com/hyperledger/fabric/bccsp"
    29  	"github.com/hyperledger/fabric/bccsp/sw"
    30  	"github.com/hyperledger/fabric/core/config"
    31  	"github.com/hyperledger/fabric/protos/msp"
    32  	"github.com/stretchr/testify/assert"
    33  )
    34  
    35  var notACert = `-----BEGIN X509 CRL-----
    36  MIIBYzCCAQgCAQEwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxEzARBgNVBAgT
    37  CkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xHzAdBgNVBAoTFklu
    38  dGVybmV0IFdpZGdldHMsIEluYy4xDDAKBgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhh
    39  bXBsZS5jb20XDTE3MDEyMzIwNTYyMFoXDTE3MDEyNjIwNTYyMFowJzAlAhQERXCx
    40  LHROap1vM3CV40EHOghPTBcNMTcwMTIzMjA0NzMxWqAvMC0wHwYDVR0jBBgwFoAU
    41  F2dCPaqegj/ExR2fW8OZ0bWcSBAwCgYDVR0UBAMCAQgwCgYIKoZIzj0EAwIDSQAw
    42  RgIhAOTTpQYkGO+gwVe1LQOcNMD5fzFViOwBUraMrk6dRMlmAiEA8z2dpXKGwHrj
    43  FRBbKkDnSpaVcZgjns+mLdHV2JkF0gk=
    44  -----END X509 CRL-----`
    45  
    46  func TestMSPParsers(t *testing.T) {
    47  	_, _, err := localMsp.(*bccspmsp).getIdentityFromConf(nil)
    48  	assert.Error(t, err)
    49  	_, _, err = localMsp.(*bccspmsp).getIdentityFromConf([]byte("barf"))
    50  	assert.Error(t, err)
    51  	_, _, err = localMsp.(*bccspmsp).getIdentityFromConf([]byte(notACert))
    52  	assert.Error(t, err)
    53  
    54  	_, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(nil)
    55  	assert.Error(t, err)
    56  
    57  	sigid := &msp.SigningIdentityInfo{PublicSigner: []byte("barf"), PrivateSigner: nil}
    58  	_, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid)
    59  
    60  	keyinfo := &msp.KeyInfo{KeyIdentifier: "PEER", KeyMaterial: nil}
    61  	sigid = &msp.SigningIdentityInfo{PublicSigner: []byte("barf"), PrivateSigner: keyinfo}
    62  	_, err = localMsp.(*bccspmsp).getSigningIdentityFromConf(sigid)
    63  	assert.Error(t, err)
    64  }
    65  
    66  func TestMSPSetupNoCryptoConf(t *testing.T) {
    67  	mspDir, err := config.GetDevMspDir()
    68  	if err != nil {
    69  		fmt.Printf("Errog getting DevMspDir: %s", err)
    70  		os.Exit(-1)
    71  	}
    72  
    73  	conf, err := GetLocalMspConfig(mspDir, nil, "DEFAULT")
    74  	if err != nil {
    75  		fmt.Printf("Setup should have succeeded, got err %s instead", err)
    76  		os.Exit(-1)
    77  	}
    78  
    79  	mspconf := &msp.FabricMSPConfig{}
    80  	err = proto.Unmarshal(conf.Config, mspconf)
    81  	assert.NoError(t, err)
    82  
    83  	// here we test the case of an MSP configuration
    84  	// where the hash function to be used to obtain
    85  	// the identity identifier is unspecified - a
    86  	// sane default should be picked
    87  	mspconf.CryptoConfig.IdentityIdentifierHashFunction = ""
    88  	b, err := proto.Marshal(mspconf)
    89  	assert.NoError(t, err)
    90  	conf.Config = b
    91  	newmsp, err := NewBccspMsp()
    92  	assert.NoError(t, err)
    93  	err = newmsp.Setup(conf)
    94  	assert.NoError(t, err)
    95  
    96  	// here we test the case of an MSP configuration
    97  	// where the hash function to be used to compute
    98  	// signatures is unspecified - a sane default
    99  	// should be picked
   100  	mspconf.CryptoConfig.SignatureHashFamily = ""
   101  	b, err = proto.Marshal(mspconf)
   102  	assert.NoError(t, err)
   103  	conf.Config = b
   104  	newmsp, err = NewBccspMsp()
   105  	assert.NoError(t, err)
   106  	err = newmsp.Setup(conf)
   107  	assert.NoError(t, err)
   108  
   109  	// here we test the case of an MSP configuration
   110  	// that has NO crypto configuration specified;
   111  	// the code will use appropriate defaults
   112  	mspconf.CryptoConfig = nil
   113  	b, err = proto.Marshal(mspconf)
   114  	assert.NoError(t, err)
   115  	conf.Config = b
   116  	newmsp, err = NewBccspMsp()
   117  	assert.NoError(t, err)
   118  	err = newmsp.Setup(conf)
   119  	assert.NoError(t, err)
   120  }
   121  
   122  func TestGetters(t *testing.T) {
   123  	typ := localMsp.GetType()
   124  	assert.Equal(t, typ, FABRIC)
   125  	assert.NotNil(t, localMsp.GetTLSRootCerts())
   126  	assert.NotNil(t, localMsp.GetTLSIntermediateCerts())
   127  }
   128  
   129  func TestMSPSetupBad(t *testing.T) {
   130  	_, err := GetLocalMspConfig("barf", nil, "DEFAULT")
   131  	if err == nil {
   132  		t.Fatalf("Setup should have failed on an invalid config file")
   133  		return
   134  	}
   135  
   136  	mgr := NewMSPManager()
   137  	err = mgr.Setup(nil)
   138  	assert.Error(t, err)
   139  	err = mgr.Setup([]MSP{})
   140  	assert.Error(t, err)
   141  }
   142  
   143  func TestDoubleSetup(t *testing.T) {
   144  	// note that we've already called setup once on this
   145  	err := mspMgr.Setup(nil)
   146  	assert.NoError(t, err)
   147  }
   148  
   149  type bccspNoKeyLookupKS struct {
   150  	bccsp.BCCSP
   151  }
   152  
   153  func (*bccspNoKeyLookupKS) GetKey(ski []byte) (k bccsp.Key, err error) {
   154  	return nil, errors.New("not found")
   155  }
   156  
   157  func TestNotFoundInBCCSP(t *testing.T) {
   158  	dir, err := config.GetDevMspDir()
   159  	assert.NoError(t, err)
   160  	conf, err := GetLocalMspConfig(dir, nil, "DEFAULT")
   161  
   162  	assert.NoError(t, err)
   163  
   164  	thisMSP, err := NewBccspMsp()
   165  	assert.NoError(t, err)
   166  	ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true)
   167  	assert.NoError(t, err)
   168  	csp, err := sw.New(256, "SHA2", ks)
   169  	assert.NoError(t, err)
   170  	thisMSP.(*bccspmsp).bccsp = &bccspNoKeyLookupKS{csp}
   171  
   172  	err = thisMSP.Setup(conf)
   173  	assert.Error(t, err)
   174  	assert.Contains(t, "KeyMaterial not found in SigningIdentityInfo", err.Error())
   175  }
   176  
   177  func TestGetIdentities(t *testing.T) {
   178  	_, err := localMsp.GetDefaultSigningIdentity()
   179  	if err != nil {
   180  		t.Fatalf("GetDefaultSigningIdentity failed with err %s", err)
   181  		return
   182  	}
   183  }
   184  
   185  func TestDeserializeIdentityFails(t *testing.T) {
   186  	_, err := localMsp.DeserializeIdentity([]byte("barf"))
   187  	assert.Error(t, err)
   188  
   189  	id := &msp.SerializedIdentity{Mspid: "DEFAULT", IdBytes: []byte("barfr")}
   190  	b, err := proto.Marshal(id)
   191  	assert.NoError(t, err)
   192  	_, err = localMsp.DeserializeIdentity(b)
   193  	assert.Error(t, err)
   194  
   195  	id = &msp.SerializedIdentity{Mspid: "DEFAULT", IdBytes: []byte(notACert)}
   196  	b, err = proto.Marshal(id)
   197  	assert.NoError(t, err)
   198  	_, err = localMsp.DeserializeIdentity(b)
   199  	assert.Error(t, err)
   200  }
   201  
   202  func TestGetSigningIdentityFromVerifyingMSP(t *testing.T) {
   203  	mspDir, err := config.GetDevMspDir()
   204  	if err != nil {
   205  		fmt.Printf("Errog getting DevMspDir: %s", err)
   206  		os.Exit(-1)
   207  	}
   208  
   209  	conf, err = GetVerifyingMspConfig(mspDir, "DEFAULT")
   210  	if err != nil {
   211  		fmt.Printf("Setup should have succeeded, got err %s instead", err)
   212  		os.Exit(-1)
   213  	}
   214  
   215  	newmsp, err := NewBccspMsp()
   216  	assert.NoError(t, err)
   217  	err = newmsp.Setup(conf)
   218  	assert.NoError(t, err)
   219  
   220  	_, err = newmsp.GetDefaultSigningIdentity()
   221  	assert.Error(t, err)
   222  	_, err = newmsp.GetSigningIdentity(nil)
   223  	assert.Error(t, err)
   224  }
   225  
   226  func TestValidateDefaultSigningIdentity(t *testing.T) {
   227  	id, err := localMsp.GetDefaultSigningIdentity()
   228  	assert.NoError(t, err)
   229  
   230  	err = localMsp.Validate(id.GetPublicVersion())
   231  	assert.NoError(t, err)
   232  }
   233  
   234  func TestSerializeIdentities(t *testing.T) {
   235  	id, err := localMsp.GetDefaultSigningIdentity()
   236  	if err != nil {
   237  		t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err)
   238  		return
   239  	}
   240  
   241  	serializedID, err := id.Serialize()
   242  	if err != nil {
   243  		t.Fatalf("Serialize should have succeeded, got err %s", err)
   244  		return
   245  	}
   246  
   247  	idBack, err := localMsp.DeserializeIdentity(serializedID)
   248  	if err != nil {
   249  		t.Fatalf("DeserializeIdentity should have succeeded, got err %s", err)
   250  		return
   251  	}
   252  
   253  	err = localMsp.Validate(idBack)
   254  	if err != nil {
   255  		t.Fatalf("The identity should be valid, got err %s", err)
   256  		return
   257  	}
   258  
   259  	if !reflect.DeepEqual(id.GetPublicVersion(), idBack) {
   260  		t.Fatalf("Identities should be equal (%s) (%s)", id, idBack)
   261  		return
   262  	}
   263  }
   264  
   265  func TestValidateCAIdentity(t *testing.T) {
   266  	caID := getIdentity(t, cacerts)
   267  
   268  	err := localMsp.Validate(caID)
   269  	assert.Error(t, err)
   270  }
   271  
   272  func TestBadAdminIdentity(t *testing.T) {
   273  	conf, err := GetLocalMspConfig("testdata/badadmin", nil, "DEFAULT")
   274  	assert.NoError(t, err)
   275  
   276  	thisMSP, err := NewBccspMsp()
   277  	assert.NoError(t, err)
   278  	ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join("testdata/badadmin", "keystore"), true)
   279  	assert.NoError(t, err)
   280  	csp, err := sw.New(256, "SHA2", ks)
   281  	assert.NoError(t, err)
   282  	thisMSP.(*bccspmsp).bccsp = csp
   283  
   284  	err = thisMSP.Setup(conf)
   285  	assert.Error(t, err)
   286  }
   287  
   288  func TestValidateAdminIdentity(t *testing.T) {
   289  	caID := getIdentity(t, admincerts)
   290  
   291  	err := localMsp.Validate(caID)
   292  	assert.NoError(t, err)
   293  }
   294  
   295  func TestSerializeIdentitiesWithWrongMSP(t *testing.T) {
   296  	id, err := localMsp.GetDefaultSigningIdentity()
   297  	if err != nil {
   298  		t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err)
   299  		return
   300  	}
   301  
   302  	serializedID, err := id.Serialize()
   303  	if err != nil {
   304  		t.Fatalf("Serialize should have succeeded, got err %s", err)
   305  		return
   306  	}
   307  
   308  	sid := &msp.SerializedIdentity{}
   309  	err = proto.Unmarshal(serializedID, sid)
   310  	assert.NoError(t, err)
   311  
   312  	sid.Mspid += "BARF"
   313  
   314  	serializedID, err = proto.Marshal(sid)
   315  	assert.NoError(t, err)
   316  
   317  	_, err = localMsp.DeserializeIdentity(serializedID)
   318  	assert.Error(t, err)
   319  }
   320  
   321  func TestSerializeIdentitiesWithMSPManager(t *testing.T) {
   322  	id, err := localMsp.GetDefaultSigningIdentity()
   323  	if err != nil {
   324  		t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err)
   325  		return
   326  	}
   327  
   328  	serializedID, err := id.Serialize()
   329  	if err != nil {
   330  		t.Fatalf("Serialize should have succeeded, got err %s", err)
   331  		return
   332  	}
   333  
   334  	_, err = mspMgr.DeserializeIdentity(serializedID)
   335  	assert.NoError(t, err)
   336  
   337  	sid := &msp.SerializedIdentity{}
   338  	err = proto.Unmarshal(serializedID, sid)
   339  	assert.NoError(t, err)
   340  
   341  	sid.Mspid += "BARF"
   342  
   343  	serializedID, err = proto.Marshal(sid)
   344  	assert.NoError(t, err)
   345  
   346  	_, err = mspMgr.DeserializeIdentity(serializedID)
   347  	assert.Error(t, err)
   348  }
   349  
   350  func TestIdentitiesGetters(t *testing.T) {
   351  	id, err := localMsp.GetDefaultSigningIdentity()
   352  	if err != nil {
   353  		t.Fatalf("GetSigningIdentity should have succeeded, got err %s", err)
   354  		return
   355  	}
   356  
   357  	idid := id.GetIdentifier()
   358  	assert.NotNil(t, idid)
   359  	mspid := id.GetMSPIdentifier()
   360  	assert.NotNil(t, mspid)
   361  }
   362  
   363  func TestSignAndVerify(t *testing.T) {
   364  	id, err := localMsp.GetDefaultSigningIdentity()
   365  	if err != nil {
   366  		t.Fatalf("GetSigningIdentity should have succeeded")
   367  		return
   368  	}
   369  
   370  	serializedID, err := id.Serialize()
   371  	if err != nil {
   372  		t.Fatalf("Serialize should have succeeded")
   373  		return
   374  	}
   375  
   376  	idBack, err := localMsp.DeserializeIdentity(serializedID)
   377  	if err != nil {
   378  		t.Fatalf("DeserializeIdentity should have succeeded")
   379  		return
   380  	}
   381  
   382  	msg := []byte("foo")
   383  	sig, err := id.Sign(msg)
   384  	if err != nil {
   385  		t.Fatalf("Sign should have succeeded")
   386  		return
   387  	}
   388  
   389  	err = id.Verify(msg, sig)
   390  	if err != nil {
   391  		t.Fatalf("The signature should be valid")
   392  		return
   393  	}
   394  
   395  	err = idBack.Verify(msg, sig)
   396  	if err != nil {
   397  		t.Fatalf("The signature should be valid")
   398  		return
   399  	}
   400  
   401  	err = id.Verify(msg[1:], sig)
   402  	assert.Error(t, err)
   403  	err = id.Verify(msg, sig[1:])
   404  	assert.Error(t, err)
   405  }
   406  
   407  func TestSignAndVerifyFailures(t *testing.T) {
   408  	msg := []byte("foo")
   409  
   410  	id, err := localMspBad.GetDefaultSigningIdentity()
   411  	if err != nil {
   412  		t.Fatalf("GetSigningIdentity should have succeeded")
   413  		return
   414  	}
   415  
   416  	hash := id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily
   417  	id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = "barf"
   418  
   419  	sig, err := id.Sign(msg)
   420  	assert.Error(t, err)
   421  
   422  	id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash
   423  
   424  	sig, err = id.Sign(msg)
   425  	if err != nil {
   426  		t.Fatalf("Sign should have succeeded")
   427  		return
   428  	}
   429  
   430  	id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = "barf"
   431  
   432  	err = id.Verify(msg, sig)
   433  	assert.Error(t, err)
   434  
   435  	id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash
   436  }
   437  
   438  func TestSignAndVerifyOtherHash(t *testing.T) {
   439  	id, err := localMsp.GetDefaultSigningIdentity()
   440  	if err != nil {
   441  		t.Fatalf("GetSigningIdentity should have succeeded")
   442  		return
   443  	}
   444  
   445  	hash := id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily
   446  	id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = bccsp.SHA3
   447  
   448  	msg := []byte("foo")
   449  	sig, err := id.Sign(msg)
   450  	if err != nil {
   451  		t.Fatalf("Sign should have succeeded")
   452  		return
   453  	}
   454  
   455  	err = id.Verify(msg, sig)
   456  	assert.NoError(t, err)
   457  
   458  	id.(*signingidentity).msp.cryptoConfig.SignatureHashFamily = hash
   459  }
   460  
   461  func TestSignAndVerify_longMessage(t *testing.T) {
   462  	id, err := localMsp.GetDefaultSigningIdentity()
   463  	if err != nil {
   464  		t.Fatalf("GetSigningIdentity should have succeeded")
   465  		return
   466  	}
   467  
   468  	serializedID, err := id.Serialize()
   469  	if err != nil {
   470  		t.Fatalf("Serialize should have succeeded")
   471  		return
   472  	}
   473  
   474  	idBack, err := localMsp.DeserializeIdentity(serializedID)
   475  	if err != nil {
   476  		t.Fatalf("DeserializeIdentity should have succeeded")
   477  		return
   478  	}
   479  
   480  	msg := []byte("ABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFGABCDEFG")
   481  	sig, err := id.Sign(msg)
   482  	if err != nil {
   483  		t.Fatalf("Sign should have succeeded")
   484  		return
   485  	}
   486  
   487  	err = id.Verify(msg, sig)
   488  	if err != nil {
   489  		t.Fatalf("The signature should be valid")
   490  		return
   491  	}
   492  
   493  	err = idBack.Verify(msg, sig)
   494  	if err != nil {
   495  		t.Fatalf("The signature should be valid")
   496  		return
   497  	}
   498  }
   499  
   500  func TestGetOU(t *testing.T) {
   501  	id, err := localMsp.GetDefaultSigningIdentity()
   502  	if err != nil {
   503  		t.Fatalf("GetSigningIdentity should have succeeded")
   504  		return
   505  	}
   506  
   507  	assert.Equal(t, "COP", id.GetOrganizationalUnits()[0].OrganizationalUnitIdentifier)
   508  }
   509  
   510  func TestGetOUFail(t *testing.T) {
   511  	id, err := localMspBad.GetDefaultSigningIdentity()
   512  	if err != nil {
   513  		t.Fatalf("GetSigningIdentity should have succeeded")
   514  		return
   515  	}
   516  
   517  	certTmp := id.(*signingidentity).cert
   518  	id.(*signingidentity).cert = nil
   519  	ou := id.GetOrganizationalUnits()
   520  	assert.Nil(t, ou)
   521  
   522  	id.(*signingidentity).cert = certTmp
   523  
   524  	opts := id.(*signingidentity).msp.opts
   525  	id.(*signingidentity).msp.opts = nil
   526  	ou = id.GetOrganizationalUnits()
   527  	assert.Nil(t, ou)
   528  
   529  	id.(*signingidentity).msp.opts = opts
   530  }
   531  
   532  func TestCertificationIdentifierComputation(t *testing.T) {
   533  	id, err := localMsp.GetDefaultSigningIdentity()
   534  	assert.NoError(t, err)
   535  
   536  	chain, err := localMsp.(*bccspmsp).getCertificationChain(id.GetPublicVersion())
   537  	assert.NoError(t, err)
   538  
   539  	// Hash the chain
   540  	// Use the hash of the identity's certificate as id in the IdentityIdentifier
   541  	hashOpt, err := bccsp.GetHashOpt(localMsp.(*bccspmsp).cryptoConfig.IdentityIdentifierHashFunction)
   542  	assert.NoError(t, err)
   543  
   544  	hf, err := localMsp.(*bccspmsp).bccsp.GetHash(hashOpt)
   545  	assert.NoError(t, err)
   546  	// Skipping first cert because it belongs to the identity
   547  	for i := 1; i < len(chain); i++ {
   548  		hf.Write(chain[i].Raw)
   549  	}
   550  	sum := hf.Sum(nil)
   551  
   552  	assert.Equal(t, sum, id.GetOrganizationalUnits()[0].CertifiersIdentifier)
   553  }
   554  
   555  func TestOUPolicyPrincipal(t *testing.T) {
   556  	id, err := localMsp.GetDefaultSigningIdentity()
   557  	assert.NoError(t, err)
   558  
   559  	cid, err := localMsp.(*bccspmsp).getCertificationChainIdentifier(id.GetPublicVersion())
   560  	assert.NoError(t, err)
   561  
   562  	ou := &msp.OrganizationUnit{
   563  		OrganizationalUnitIdentifier: "COP",
   564  		MspIdentifier:                "DEFAULT",
   565  		CertifiersIdentifier:         cid,
   566  	}
   567  	bytes, err := proto.Marshal(ou)
   568  	assert.NoError(t, err)
   569  
   570  	principal := &msp.MSPPrincipal{
   571  		PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT,
   572  		Principal:               bytes,
   573  	}
   574  
   575  	err = id.SatisfiesPrincipal(principal)
   576  	assert.NoError(t, err)
   577  }
   578  
   579  func TestOUPolicyPrincipalBadPrincipal(t *testing.T) {
   580  	id, err := localMsp.GetDefaultSigningIdentity()
   581  	assert.NoError(t, err)
   582  
   583  	principal := &msp.MSPPrincipal{
   584  		PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT,
   585  		Principal:               []byte("barf"),
   586  	}
   587  
   588  	err = id.SatisfiesPrincipal(principal)
   589  	assert.Error(t, err)
   590  }
   591  
   592  func TestOUPolicyPrincipalBadMSPID(t *testing.T) {
   593  	id, err := localMsp.GetDefaultSigningIdentity()
   594  	assert.NoError(t, err)
   595  
   596  	cid, err := localMsp.(*bccspmsp).getCertificationChainIdentifier(id.GetPublicVersion())
   597  	assert.NoError(t, err)
   598  
   599  	ou := &msp.OrganizationUnit{
   600  		OrganizationalUnitIdentifier: "COP",
   601  		MspIdentifier:                "DEFAULTbarfbarf",
   602  		CertifiersIdentifier:         cid,
   603  	}
   604  	bytes, err := proto.Marshal(ou)
   605  	assert.NoError(t, err)
   606  
   607  	principal := &msp.MSPPrincipal{
   608  		PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT,
   609  		Principal:               bytes,
   610  	}
   611  
   612  	err = id.SatisfiesPrincipal(principal)
   613  	assert.Error(t, err)
   614  }
   615  
   616  func TestOUPolicyPrincipalBadPath(t *testing.T) {
   617  	id, err := localMsp.GetDefaultSigningIdentity()
   618  	assert.NoError(t, err)
   619  
   620  	ou := &msp.OrganizationUnit{
   621  		OrganizationalUnitIdentifier: "COP",
   622  		MspIdentifier:                "DEFAULT",
   623  		CertifiersIdentifier:         nil,
   624  	}
   625  	bytes, err := proto.Marshal(ou)
   626  	assert.NoError(t, err)
   627  
   628  	principal := &msp.MSPPrincipal{
   629  		PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT,
   630  		Principal:               bytes,
   631  	}
   632  
   633  	err = id.SatisfiesPrincipal(principal)
   634  	assert.Error(t, err)
   635  
   636  	ou = &msp.OrganizationUnit{
   637  		OrganizationalUnitIdentifier: "COP",
   638  		MspIdentifier:                "DEFAULT",
   639  		CertifiersIdentifier:         []byte{0, 1, 2, 3, 4},
   640  	}
   641  	bytes, err = proto.Marshal(ou)
   642  	assert.NoError(t, err)
   643  
   644  	principal = &msp.MSPPrincipal{
   645  		PrincipalClassification: msp.MSPPrincipal_ORGANIZATION_UNIT,
   646  		Principal:               bytes,
   647  	}
   648  
   649  	err = id.SatisfiesPrincipal(principal)
   650  	assert.Error(t, err)
   651  }
   652  
   653  func TestPolicyPrincipalBogusType(t *testing.T) {
   654  	id, err := localMsp.GetDefaultSigningIdentity()
   655  	assert.NoError(t, err)
   656  
   657  	principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 35, MspIdentifier: "DEFAULT"})
   658  	assert.NoError(t, err)
   659  
   660  	principal := &msp.MSPPrincipal{
   661  		PrincipalClassification: 35,
   662  		Principal:               principalBytes}
   663  
   664  	err = id.SatisfiesPrincipal(principal)
   665  	assert.Error(t, err)
   666  }
   667  
   668  func TestPolicyPrincipalBogusRole(t *testing.T) {
   669  	id, err := localMsp.GetDefaultSigningIdentity()
   670  	assert.NoError(t, err)
   671  
   672  	principalBytes, err := proto.Marshal(&msp.MSPRole{Role: 35, MspIdentifier: "DEFAULT"})
   673  	assert.NoError(t, err)
   674  
   675  	principal := &msp.MSPPrincipal{
   676  		PrincipalClassification: msp.MSPPrincipal_ROLE,
   677  		Principal:               principalBytes}
   678  
   679  	err = id.SatisfiesPrincipal(principal)
   680  	assert.Error(t, err)
   681  }
   682  
   683  func TestPolicyPrincipalWrongMSPID(t *testing.T) {
   684  	id, err := localMsp.GetDefaultSigningIdentity()
   685  	assert.NoError(t, err)
   686  
   687  	principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "DEFAULTBARFBARF"})
   688  	assert.NoError(t, err)
   689  
   690  	principal := &msp.MSPPrincipal{
   691  		PrincipalClassification: msp.MSPPrincipal_ROLE,
   692  		Principal:               principalBytes}
   693  
   694  	err = id.SatisfiesPrincipal(principal)
   695  	assert.Error(t, err)
   696  }
   697  
   698  func TestMemberPolicyPrincipal(t *testing.T) {
   699  	id, err := localMsp.GetDefaultSigningIdentity()
   700  	assert.NoError(t, err)
   701  
   702  	principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_MEMBER, MspIdentifier: "DEFAULT"})
   703  	assert.NoError(t, err)
   704  
   705  	principal := &msp.MSPPrincipal{
   706  		PrincipalClassification: msp.MSPPrincipal_ROLE,
   707  		Principal:               principalBytes}
   708  
   709  	err = id.SatisfiesPrincipal(principal)
   710  	assert.NoError(t, err)
   711  }
   712  
   713  func TestAdminPolicyPrincipal(t *testing.T) {
   714  	id, err := localMsp.GetDefaultSigningIdentity()
   715  	assert.NoError(t, err)
   716  
   717  	principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "DEFAULT"})
   718  	assert.NoError(t, err)
   719  
   720  	principal := &msp.MSPPrincipal{
   721  		PrincipalClassification: msp.MSPPrincipal_ROLE,
   722  		Principal:               principalBytes}
   723  
   724  	err = id.SatisfiesPrincipal(principal)
   725  	assert.NoError(t, err)
   726  }
   727  
   728  func TestAdminPolicyPrincipalFails(t *testing.T) {
   729  	id, err := localMsp.GetDefaultSigningIdentity()
   730  	assert.NoError(t, err)
   731  
   732  	principalBytes, err := proto.Marshal(&msp.MSPRole{Role: msp.MSPRole_ADMIN, MspIdentifier: "DEFAULT"})
   733  	assert.NoError(t, err)
   734  
   735  	principal := &msp.MSPPrincipal{
   736  		PrincipalClassification: msp.MSPPrincipal_ROLE,
   737  		Principal:               principalBytes}
   738  
   739  	// remove the admin so validation will fail
   740  	localMsp.(*bccspmsp).admins = make([]Identity, 0)
   741  
   742  	err = id.SatisfiesPrincipal(principal)
   743  	assert.Error(t, err)
   744  }
   745  
   746  func TestIdentityPolicyPrincipal(t *testing.T) {
   747  	id, err := localMsp.GetDefaultSigningIdentity()
   748  	assert.NoError(t, err)
   749  
   750  	idSerialized, err := id.Serialize()
   751  	assert.NoError(t, err)
   752  
   753  	principal := &msp.MSPPrincipal{
   754  		PrincipalClassification: msp.MSPPrincipal_IDENTITY,
   755  		Principal:               idSerialized}
   756  
   757  	err = id.SatisfiesPrincipal(principal)
   758  	assert.NoError(t, err)
   759  }
   760  
   761  func TestIdentityPolicyPrincipalBadBytes(t *testing.T) {
   762  	id, err := localMsp.GetDefaultSigningIdentity()
   763  	assert.NoError(t, err)
   764  
   765  	principal := &msp.MSPPrincipal{
   766  		PrincipalClassification: msp.MSPPrincipal_IDENTITY,
   767  		Principal:               []byte("barf")}
   768  
   769  	err = id.SatisfiesPrincipal(principal)
   770  	assert.Error(t, err)
   771  }
   772  
   773  func TestMSPOus(t *testing.T) {
   774  	// Set the OUIdentifiers
   775  	backup := localMsp.(*bccspmsp).ouIdentifiers
   776  	defer func() { localMsp.(*bccspmsp).ouIdentifiers = backup }()
   777  
   778  	id, err := localMsp.GetDefaultSigningIdentity()
   779  	assert.NoError(t, err)
   780  
   781  	localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{
   782  		"COP": {id.GetOrganizationalUnits()[0].CertifiersIdentifier},
   783  	}
   784  	assert.NoError(t, localMsp.Validate(id.GetPublicVersion()))
   785  
   786  	localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{
   787  		"COP2": {id.GetOrganizationalUnits()[0].CertifiersIdentifier},
   788  	}
   789  	assert.Error(t, localMsp.Validate(id.GetPublicVersion()))
   790  
   791  	localMsp.(*bccspmsp).ouIdentifiers = map[string][][]byte{
   792  		"COP": {{0, 1, 2, 3, 4}},
   793  	}
   794  	assert.Error(t, localMsp.Validate(id.GetPublicVersion()))
   795  }
   796  
   797  const othercert = `-----BEGIN CERTIFICATE-----
   798  MIIDAzCCAqigAwIBAgIBAjAKBggqhkjOPQQDAjBsMQswCQYDVQQGEwJHQjEQMA4G
   799  A1UECAwHRW5nbGFuZDEOMAwGA1UECgwFQmFyMTkxDjAMBgNVBAsMBUJhcjE5MQ4w
   800  DAYDVQQDDAVCYXIxOTEbMBkGCSqGSIb3DQEJARYMQmFyMTktY2xpZW50MB4XDTE3
   801  MDIwOTE2MDcxMFoXDTE4MDIxOTE2MDcxMFowfDELMAkGA1UEBhMCR0IxEDAOBgNV
   802  BAgMB0VuZ2xhbmQxEDAOBgNVBAcMB0lwc3dpY2gxDjAMBgNVBAoMBUJhcjE5MQ4w
   803  DAYDVQQLDAVCYXIxOTEOMAwGA1UEAwwFQmFyMTkxGTAXBgkqhkiG9w0BCQEWCkJh
   804  cjE5LXBlZXIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlRSnAyD+ND6qmaRV7
   805  AS/BPJKX5dZt3gBe1v/RewOpc1zJeXQNWACAk0ae3mv5u9l0HxI6TXJIAQSwJACu
   806  Rqsyo4IBKTCCASUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZI
   807  AYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAd
   808  BgNVHQ4EFgQUwHzbLJQMaWd1cpHdkSaEFxdKB1owgYsGA1UdIwSBgzCBgIAUYxFe
   809  +cXOD5iQ223bZNdOuKCRiTKhZaRjMGExCzAJBgNVBAYTAkdCMRAwDgYDVQQIDAdF
   810  bmdsYW5kMRAwDgYDVQQHDAdJcHN3aWNoMQ4wDAYDVQQKDAVCYXIxOTEOMAwGA1UE
   811  CwwFQmFyMTkxDjAMBgNVBAMMBUJhcjE5ggEBMA4GA1UdDwEB/wQEAwIFoDATBgNV
   812  HSUEDDAKBggrBgEFBQcDATAKBggqhkjOPQQDAgNJADBGAiEAuMq65lOaie4705Ol
   813  Ow52DjbaO2YuIxK2auBCqNIu0gECIQCDoKdUQ/sa+9Ah1mzneE6iz/f/YFVWo4EP
   814  HeamPGiDTQ==
   815  -----END CERTIFICATE-----
   816  `
   817  
   818  func TestIdentityPolicyPrincipalFails(t *testing.T) {
   819  	id, err := localMsp.GetDefaultSigningIdentity()
   820  	assert.NoError(t, err)
   821  
   822  	sid, err := NewSerializedIdentity("DEFAULT", []byte(othercert))
   823  	assert.NoError(t, err)
   824  
   825  	principal := &msp.MSPPrincipal{
   826  		PrincipalClassification: msp.MSPPrincipal_IDENTITY,
   827  		Principal:               sid}
   828  
   829  	err = id.SatisfiesPrincipal(principal)
   830  	assert.Error(t, err)
   831  }
   832  
   833  var conf *msp.MSPConfig
   834  var localMsp MSP
   835  
   836  // Required because deleting the cert or msp options from localMsp causes parallel tests to fail
   837  var localMspBad MSP
   838  var mspMgr MSPManager
   839  
   840  func TestMain(m *testing.M) {
   841  	var err error
   842  	mspDir, err := config.GetDevMspDir()
   843  	if err != nil {
   844  		fmt.Printf("Errog getting DevMspDir: %s", err)
   845  		os.Exit(-1)
   846  	}
   847  
   848  	conf, err = GetLocalMspConfig(mspDir, nil, "DEFAULT")
   849  	if err != nil {
   850  		fmt.Printf("Setup should have succeeded, got err %s instead", err)
   851  		os.Exit(-1)
   852  	}
   853  
   854  	localMsp, err = NewBccspMsp()
   855  	if err != nil {
   856  		fmt.Printf("Constructor for msp should have succeeded, got err %s instead", err)
   857  		os.Exit(-1)
   858  	}
   859  
   860  	localMspBad, err = NewBccspMsp()
   861  	if err != nil {
   862  		fmt.Printf("Constructor for msp should have succeeded, got err %s instead", err)
   863  		os.Exit(-1)
   864  	}
   865  
   866  	err = localMsp.Setup(conf)
   867  	if err != nil {
   868  		fmt.Printf("Setup for msp should have succeeded, got err %s instead", err)
   869  		os.Exit(-1)
   870  	}
   871  
   872  	err = localMspBad.Setup(conf)
   873  	if err != nil {
   874  		fmt.Printf("Setup for msp should have succeeded, got err %s instead", err)
   875  		os.Exit(-1)
   876  	}
   877  
   878  	mspMgr = NewMSPManager()
   879  	err = mspMgr.Setup([]MSP{localMsp})
   880  	if err != nil {
   881  		fmt.Printf("Setup for msp manager should have succeeded, got err %s instead", err)
   882  		os.Exit(-1)
   883  	}
   884  
   885  	id, err := localMsp.GetIdentifier()
   886  	if err != nil {
   887  		fmt.Println("Failed obtaining identifier for localMSP")
   888  		os.Exit(-1)
   889  	}
   890  
   891  	msps, err := mspMgr.GetMSPs()
   892  	if err != nil {
   893  		fmt.Println("Failed obtaining MSPs from MSP manager")
   894  		os.Exit(-1)
   895  	}
   896  
   897  	if msps[id] == nil {
   898  		fmt.Println("Couldn't find localMSP in MSP manager")
   899  		os.Exit(-1)
   900  	}
   901  
   902  	retVal := m.Run()
   903  	os.Exit(retVal)
   904  }
   905  
   906  func getIdentity(t *testing.T, path string) Identity {
   907  	mspDir, err := config.GetDevMspDir()
   908  	assert.NoError(t, err)
   909  
   910  	pems, err := getPemMaterialFromDir(filepath.Join(mspDir, path))
   911  	assert.NoError(t, err)
   912  
   913  	id, _, err := localMsp.(*bccspmsp).getIdentityFromConf(pems[0])
   914  	assert.NoError(t, err)
   915  
   916  	return id
   917  }
   918  
   919  func getLocalMSP(t *testing.T, dir string) MSP {
   920  	conf, err := GetLocalMspConfig(dir, nil, "DEFAULT")
   921  	assert.NoError(t, err)
   922  
   923  	thisMSP, err := NewBccspMsp()
   924  	assert.NoError(t, err)
   925  	ks, err := sw.NewFileBasedKeyStore(nil, filepath.Join(dir, "keystore"), true)
   926  	assert.NoError(t, err)
   927  	csp, err := sw.New(256, "SHA2", ks)
   928  	assert.NoError(t, err)
   929  	thisMSP.(*bccspmsp).bccsp = csp
   930  
   931  	err = thisMSP.Setup(conf)
   932  	assert.NoError(t, err)
   933  
   934  	return thisMSP
   935  }