github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/common/policies/convert_test.go (about) 1 /* 2 Copyright hechain. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package policies_test 8 9 import ( 10 "testing" 11 12 "github.com/hechain20/hechain/common/cauthdsl" 13 "github.com/hechain20/hechain/common/policies" 14 "github.com/hechain20/hechain/common/policydsl" 15 "github.com/hechain20/hechain/msp" 16 "github.com/hechain20/hechain/protoutil" 17 cb "github.com/hyperledger/fabric-protos-go/common" 18 mb "github.com/hyperledger/fabric-protos-go/msp" 19 "github.com/pkg/errors" 20 "github.com/stretchr/testify/require" 21 ) 22 23 func TestImplicitMetaPolicy_Convert(t *testing.T) { 24 // Scenario: we attempt the conversion of a simple metapolicy requiring 25 // ALL of 2 sub-policies, each of which are plain signedby 26 27 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 28 29 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 30 Version: 0, 31 Rule: policydsl.SignedBy(0), 32 Identities: []*mb.MSPPrincipal{ 33 { 34 PrincipalClassification: mb.MSPPrincipal_ROLE, 35 Principal: protoutil.MarshalOrPanic( 36 &mb.MSPRole{ 37 Role: mb.MSPRole_MEMBER, 38 MspIdentifier: "A", 39 }, 40 ), 41 }, 42 }, 43 }) 44 require.NotNil(t, p1) 45 require.NoError(t, err) 46 47 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 48 Version: 0, 49 Rule: policydsl.SignedBy(0), 50 Identities: []*mb.MSPPrincipal{ 51 { 52 PrincipalClassification: mb.MSPPrincipal_ROLE, 53 Principal: protoutil.MarshalOrPanic( 54 &mb.MSPRole{ 55 Role: mb.MSPRole_MEMBER, 56 MspIdentifier: "B", 57 }, 58 ), 59 }, 60 }, 61 }) 62 require.NotNil(t, p2) 63 require.NoError(t, err) 64 65 p := &policies.PolicyLogger{ 66 Policy: &policies.ImplicitMetaPolicy{ 67 Threshold: 2, 68 SubPolicyName: "mypolicy", 69 SubPolicies: []policies.Policy{p1, p2}, 70 }, 71 } 72 73 spe, err := p.Convert() 74 require.NoError(t, err) 75 require.NotNil(t, spe) 76 require.Equal(t, &cb.SignaturePolicyEnvelope{ 77 Version: 0, 78 Rule: policydsl.And( 79 policydsl.SignedBy(0), 80 policydsl.SignedBy(1), 81 ), 82 Identities: []*mb.MSPPrincipal{ 83 { 84 PrincipalClassification: mb.MSPPrincipal_ROLE, 85 Principal: protoutil.MarshalOrPanic( 86 &mb.MSPRole{ 87 Role: mb.MSPRole_MEMBER, 88 MspIdentifier: "A", 89 }, 90 ), 91 }, 92 { 93 PrincipalClassification: mb.MSPPrincipal_ROLE, 94 Principal: protoutil.MarshalOrPanic( 95 &mb.MSPRole{ 96 Role: mb.MSPRole_MEMBER, 97 MspIdentifier: "B", 98 }, 99 ), 100 }, 101 }, 102 }, spe) 103 } 104 105 func TestImplicitMetaPolicy_Convert1(t *testing.T) { 106 // Scenario: we attempt the conversion of a metapolicy requiring 107 // ALL of 2 sub-policies, where the first one is an OR of 2 and 108 // the second one is an OR of 1, with a principal that is already 109 // referenced by the first 110 111 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 112 113 p1, err := pfs.NewPolicy(policydsl.SignedByAnyMember([]string{"A", "B"})) 114 require.NotNil(t, p1) 115 require.NoError(t, err) 116 117 p2, err := pfs.NewPolicy(policydsl.SignedByAnyMember([]string{"B"})) 118 require.NotNil(t, p2) 119 require.NoError(t, err) 120 121 p := &policies.ImplicitMetaPolicy{ 122 Threshold: 2, 123 SubPolicyName: "mypolicy", 124 SubPolicies: []policies.Policy{p1, p2}, 125 } 126 127 spe, err := p.Convert() 128 require.NoError(t, err) 129 require.NotNil(t, spe) 130 require.Equal(t, &cb.SignaturePolicyEnvelope{ 131 Version: 0, 132 Rule: policydsl.And( 133 policydsl.Or( 134 policydsl.SignedBy(0), 135 policydsl.SignedBy(1), 136 ), 137 policydsl.NOutOf(1, 138 []*cb.SignaturePolicy{policydsl.SignedBy(1)}, 139 ), 140 ), 141 Identities: []*mb.MSPPrincipal{ 142 { 143 PrincipalClassification: mb.MSPPrincipal_ROLE, 144 Principal: protoutil.MarshalOrPanic( 145 &mb.MSPRole{ 146 Role: mb.MSPRole_MEMBER, 147 MspIdentifier: "A", 148 }, 149 ), 150 }, 151 { 152 PrincipalClassification: mb.MSPPrincipal_ROLE, 153 Principal: protoutil.MarshalOrPanic( 154 &mb.MSPRole{ 155 Role: mb.MSPRole_MEMBER, 156 MspIdentifier: "B", 157 }, 158 ), 159 }, 160 }, 161 }, spe) 162 } 163 164 func TestImplicitMetaPolicy_Convert2(t *testing.T) { 165 // Scenario: we attempt the conversion of a metapolicy requiring 166 // ALL of 2 sub-policies, where the first one is an OR of an AND 167 // of 2 and an OR of 1 and the second one is an AND of 2, with 168 // principal deduplication required 169 170 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 171 172 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 173 Version: 0, 174 Rule: policydsl.NOutOf(1, 175 []*cb.SignaturePolicy{ 176 policydsl.NOutOf(2, 177 []*cb.SignaturePolicy{ 178 policydsl.SignedBy(0), 179 policydsl.SignedBy(1), 180 }, 181 ), 182 policydsl.NOutOf(1, 183 []*cb.SignaturePolicy{ 184 policydsl.SignedBy(2), 185 }, 186 ), 187 }, 188 ), 189 Identities: []*mb.MSPPrincipal{ 190 { 191 PrincipalClassification: mb.MSPPrincipal_ROLE, 192 Principal: protoutil.MarshalOrPanic( 193 &mb.MSPRole{ 194 Role: mb.MSPRole_MEMBER, 195 MspIdentifier: "B", 196 }, 197 ), 198 }, 199 { 200 PrincipalClassification: mb.MSPPrincipal_ROLE, 201 Principal: protoutil.MarshalOrPanic( 202 &mb.MSPRole{ 203 Role: mb.MSPRole_MEMBER, 204 MspIdentifier: "C", 205 }, 206 ), 207 }, 208 { 209 PrincipalClassification: mb.MSPPrincipal_ROLE, 210 Principal: protoutil.MarshalOrPanic( 211 &mb.MSPRole{ 212 Role: mb.MSPRole_MEMBER, 213 MspIdentifier: "D", 214 }, 215 ), 216 }, 217 }, 218 }) 219 require.NotNil(t, p1) 220 require.NoError(t, err) 221 222 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 223 Version: 0, 224 Rule: policydsl.NOutOf(2, 225 []*cb.SignaturePolicy{ 226 policydsl.SignedBy(0), 227 policydsl.SignedBy(1), 228 }, 229 ), 230 Identities: []*mb.MSPPrincipal{ 231 { 232 PrincipalClassification: mb.MSPPrincipal_ROLE, 233 Principal: protoutil.MarshalOrPanic( 234 &mb.MSPRole{ 235 Role: mb.MSPRole_MEMBER, 236 MspIdentifier: "A", 237 }, 238 ), 239 }, 240 { 241 PrincipalClassification: mb.MSPPrincipal_ROLE, 242 Principal: protoutil.MarshalOrPanic( 243 &mb.MSPRole{ 244 Role: mb.MSPRole_MEMBER, 245 MspIdentifier: "B", 246 }, 247 ), 248 }, 249 }, 250 }) 251 require.NotNil(t, p2) 252 require.NoError(t, err) 253 254 p := &policies.ImplicitMetaPolicy{ 255 Threshold: 2, 256 SubPolicyName: "mypolicy", 257 SubPolicies: []policies.Policy{p1, p2}, 258 } 259 260 spe, err := p.Convert() 261 require.NoError(t, err) 262 require.NotNil(t, spe) 263 require.Equal(t, &cb.SignaturePolicyEnvelope{ 264 Version: 0, 265 Rule: policydsl.And( 266 policydsl.NOutOf(1, 267 []*cb.SignaturePolicy{ 268 policydsl.NOutOf(2, 269 []*cb.SignaturePolicy{ 270 policydsl.SignedBy(0), 271 policydsl.SignedBy(1), 272 }, 273 ), 274 policydsl.NOutOf(1, 275 []*cb.SignaturePolicy{ 276 policydsl.SignedBy(2), 277 }, 278 ), 279 }, 280 ), 281 policydsl.NOutOf(2, 282 []*cb.SignaturePolicy{ 283 policydsl.SignedBy(3), 284 policydsl.SignedBy(0), 285 }, 286 ), 287 ), 288 Identities: []*mb.MSPPrincipal{ 289 { 290 PrincipalClassification: mb.MSPPrincipal_ROLE, 291 Principal: protoutil.MarshalOrPanic( 292 &mb.MSPRole{ 293 Role: mb.MSPRole_MEMBER, 294 MspIdentifier: "B", 295 }, 296 ), 297 }, 298 { 299 PrincipalClassification: mb.MSPPrincipal_ROLE, 300 Principal: protoutil.MarshalOrPanic( 301 &mb.MSPRole{ 302 Role: mb.MSPRole_MEMBER, 303 MspIdentifier: "C", 304 }, 305 ), 306 }, 307 { 308 PrincipalClassification: mb.MSPPrincipal_ROLE, 309 Principal: protoutil.MarshalOrPanic( 310 &mb.MSPRole{ 311 Role: mb.MSPRole_MEMBER, 312 MspIdentifier: "D", 313 }, 314 ), 315 }, 316 { 317 PrincipalClassification: mb.MSPPrincipal_ROLE, 318 Principal: protoutil.MarshalOrPanic( 319 &mb.MSPRole{ 320 Role: mb.MSPRole_MEMBER, 321 MspIdentifier: "A", 322 }, 323 ), 324 }, 325 }, 326 }, spe) 327 } 328 329 func TestImplicitMetaPolicy_Convert3(t *testing.T) { 330 // Scenario: we attempt the conversion of a metapolicy requiring 331 // ALL of 2 sub-policies, where the first one is a metapolicy itself, 332 // requiring ALL of 2 simple subpolicies to be satisfied and the 333 // second is a simple subpolicy, with no principal deduplication 334 335 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 336 337 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 338 Version: 0, 339 Rule: policydsl.SignedBy(0), 340 Identities: []*mb.MSPPrincipal{ 341 { 342 PrincipalClassification: mb.MSPPrincipal_ROLE, 343 Principal: protoutil.MarshalOrPanic( 344 &mb.MSPRole{ 345 Role: mb.MSPRole_MEMBER, 346 MspIdentifier: "A", 347 }, 348 ), 349 }, 350 }, 351 }) 352 require.NotNil(t, p1) 353 require.NoError(t, err) 354 355 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 356 Version: 0, 357 Rule: policydsl.SignedBy(0), 358 Identities: []*mb.MSPPrincipal{ 359 { 360 PrincipalClassification: mb.MSPPrincipal_ROLE, 361 Principal: protoutil.MarshalOrPanic( 362 &mb.MSPRole{ 363 Role: mb.MSPRole_MEMBER, 364 MspIdentifier: "B", 365 }, 366 ), 367 }, 368 }, 369 }) 370 require.NotNil(t, p2) 371 require.NoError(t, err) 372 373 p3, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 374 Version: 0, 375 Rule: policydsl.SignedBy(0), 376 Identities: []*mb.MSPPrincipal{ 377 { 378 PrincipalClassification: mb.MSPPrincipal_ROLE, 379 Principal: protoutil.MarshalOrPanic( 380 &mb.MSPRole{ 381 Role: mb.MSPRole_MEMBER, 382 MspIdentifier: "C", 383 }, 384 ), 385 }, 386 }, 387 }) 388 require.NotNil(t, p3) 389 require.NoError(t, err) 390 391 mp1 := &policies.ImplicitMetaPolicy{ 392 Threshold: 2, 393 SubPolicyName: "mypolicy", 394 SubPolicies: []policies.Policy{p1, p2}, 395 } 396 397 mp2 := &policies.ImplicitMetaPolicy{ 398 Threshold: 2, 399 SubPolicyName: "mypolicy", 400 SubPolicies: []policies.Policy{mp1, p3}, 401 } 402 403 spe, err := mp2.Convert() 404 require.NoError(t, err) 405 require.NotNil(t, spe) 406 require.Equal(t, &cb.SignaturePolicyEnvelope{ 407 Version: 0, 408 Rule: policydsl.And( 409 policydsl.And( 410 policydsl.SignedBy(0), 411 policydsl.SignedBy(1), 412 ), 413 policydsl.SignedBy(2), 414 ), 415 Identities: []*mb.MSPPrincipal{ 416 { 417 PrincipalClassification: mb.MSPPrincipal_ROLE, 418 Principal: protoutil.MarshalOrPanic( 419 &mb.MSPRole{ 420 Role: mb.MSPRole_MEMBER, 421 MspIdentifier: "A", 422 }, 423 ), 424 }, 425 { 426 PrincipalClassification: mb.MSPPrincipal_ROLE, 427 Principal: protoutil.MarshalOrPanic( 428 &mb.MSPRole{ 429 Role: mb.MSPRole_MEMBER, 430 MspIdentifier: "B", 431 }, 432 ), 433 }, 434 { 435 PrincipalClassification: mb.MSPPrincipal_ROLE, 436 Principal: protoutil.MarshalOrPanic( 437 &mb.MSPRole{ 438 Role: mb.MSPRole_MEMBER, 439 MspIdentifier: "C", 440 }, 441 ), 442 }, 443 }, 444 }, spe) 445 } 446 447 func TestImplicitMetaPolicy_Convert4(t *testing.T) { 448 // Scenario: we attempt the conversion of a metapolicy requiring 449 // ALL of 2 sub-policies, where the first one is a metapolicy itself, 450 // requiring ALL of 2 simple subpolicies to be satisfied and the 451 // second is a simple subpolicy, with principal deduplication 452 453 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 454 455 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 456 Version: 0, 457 Rule: policydsl.SignedBy(0), 458 Identities: []*mb.MSPPrincipal{ 459 { 460 PrincipalClassification: mb.MSPPrincipal_ROLE, 461 Principal: protoutil.MarshalOrPanic( 462 &mb.MSPRole{ 463 Role: mb.MSPRole_MEMBER, 464 MspIdentifier: "A", 465 }, 466 ), 467 }, 468 }, 469 }) 470 require.NotNil(t, p1) 471 require.NoError(t, err) 472 473 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 474 Version: 0, 475 Rule: policydsl.SignedBy(0), 476 Identities: []*mb.MSPPrincipal{ 477 { 478 PrincipalClassification: mb.MSPPrincipal_ROLE, 479 Principal: protoutil.MarshalOrPanic( 480 &mb.MSPRole{ 481 Role: mb.MSPRole_MEMBER, 482 MspIdentifier: "A", 483 }, 484 ), 485 }, 486 }, 487 }) 488 require.NotNil(t, p2) 489 require.NoError(t, err) 490 491 p3, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 492 Version: 0, 493 Rule: policydsl.SignedBy(0), 494 Identities: []*mb.MSPPrincipal{ 495 { 496 PrincipalClassification: mb.MSPPrincipal_ROLE, 497 Principal: protoutil.MarshalOrPanic( 498 &mb.MSPRole{ 499 Role: mb.MSPRole_MEMBER, 500 MspIdentifier: "A", 501 }, 502 ), 503 }, 504 }, 505 }) 506 require.NotNil(t, p3) 507 require.NoError(t, err) 508 509 mp1 := &policies.ImplicitMetaPolicy{ 510 Threshold: 2, 511 SubPolicyName: "mypolicy", 512 SubPolicies: []policies.Policy{p1, p2}, 513 } 514 515 mp2 := &policies.ImplicitMetaPolicy{ 516 Threshold: 2, 517 SubPolicyName: "mypolicy", 518 SubPolicies: []policies.Policy{mp1, p3}, 519 } 520 521 spe, err := mp2.Convert() 522 require.NoError(t, err) 523 require.NotNil(t, spe) 524 require.Equal(t, &cb.SignaturePolicyEnvelope{ 525 Version: 0, 526 Rule: policydsl.And( 527 policydsl.And( 528 policydsl.SignedBy(0), 529 policydsl.SignedBy(0), 530 ), 531 policydsl.SignedBy(0), 532 ), 533 Identities: []*mb.MSPPrincipal{ 534 { 535 PrincipalClassification: mb.MSPPrincipal_ROLE, 536 Principal: protoutil.MarshalOrPanic( 537 &mb.MSPRole{ 538 Role: mb.MSPRole_MEMBER, 539 MspIdentifier: "A", 540 }, 541 ), 542 }, 543 }, 544 }, spe) 545 } 546 547 func TestImplicitMetaPolicy_Convert5(t *testing.T) { 548 // Scenario: we attempt the conversion of a metapolicy requiring 549 // ALL of 2 sub-policies, where the first one is an OR of an AND 550 // of 2 and an OR of 1 and the second one is an AND of 2, with 551 // principal deduplication required both across the two subpolicies 552 // and within the first 553 554 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 555 556 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 557 Version: 0, 558 Rule: policydsl.NOutOf(1, 559 []*cb.SignaturePolicy{ 560 policydsl.NOutOf(2, 561 []*cb.SignaturePolicy{ 562 policydsl.SignedBy(0), 563 policydsl.SignedBy(1), 564 }, 565 ), 566 policydsl.NOutOf(1, 567 []*cb.SignaturePolicy{ 568 policydsl.SignedBy(2), 569 }, 570 ), 571 }, 572 ), 573 Identities: []*mb.MSPPrincipal{ 574 { 575 PrincipalClassification: mb.MSPPrincipal_ROLE, 576 Principal: protoutil.MarshalOrPanic( 577 &mb.MSPRole{ 578 Role: mb.MSPRole_MEMBER, 579 MspIdentifier: "B", 580 }, 581 ), 582 }, 583 { 584 PrincipalClassification: mb.MSPPrincipal_ROLE, 585 Principal: protoutil.MarshalOrPanic( 586 &mb.MSPRole{ 587 Role: mb.MSPRole_MEMBER, 588 MspIdentifier: "C", 589 }, 590 ), 591 }, 592 { 593 PrincipalClassification: mb.MSPPrincipal_ROLE, 594 Principal: protoutil.MarshalOrPanic( 595 &mb.MSPRole{ 596 Role: mb.MSPRole_MEMBER, 597 MspIdentifier: "B", 598 }, 599 ), 600 }, 601 }, 602 }) 603 require.NotNil(t, p1) 604 require.NoError(t, err) 605 606 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 607 Version: 0, 608 Rule: policydsl.NOutOf(2, 609 []*cb.SignaturePolicy{ 610 policydsl.SignedBy(0), 611 policydsl.SignedBy(1), 612 }, 613 ), 614 Identities: []*mb.MSPPrincipal{ 615 { 616 PrincipalClassification: mb.MSPPrincipal_ROLE, 617 Principal: protoutil.MarshalOrPanic( 618 &mb.MSPRole{ 619 Role: mb.MSPRole_MEMBER, 620 MspIdentifier: "A", 621 }, 622 ), 623 }, 624 { 625 PrincipalClassification: mb.MSPPrincipal_ROLE, 626 Principal: protoutil.MarshalOrPanic( 627 &mb.MSPRole{ 628 Role: mb.MSPRole_MEMBER, 629 MspIdentifier: "B", 630 }, 631 ), 632 }, 633 }, 634 }) 635 require.NotNil(t, p2) 636 require.NoError(t, err) 637 638 p := &policies.ImplicitMetaPolicy{ 639 Threshold: 2, 640 SubPolicyName: "mypolicy", 641 SubPolicies: []policies.Policy{p1, p2}, 642 } 643 644 spe, err := p.Convert() 645 require.NoError(t, err) 646 require.NotNil(t, spe) 647 require.Equal(t, &cb.SignaturePolicyEnvelope{ 648 Version: 0, 649 Rule: policydsl.And( 650 policydsl.NOutOf(1, 651 []*cb.SignaturePolicy{ 652 policydsl.NOutOf(2, 653 []*cb.SignaturePolicy{ 654 policydsl.SignedBy(0), 655 policydsl.SignedBy(1), 656 }, 657 ), 658 policydsl.NOutOf(1, 659 []*cb.SignaturePolicy{ 660 policydsl.SignedBy(0), 661 }, 662 ), 663 }, 664 ), 665 policydsl.NOutOf(2, 666 []*cb.SignaturePolicy{ 667 policydsl.SignedBy(2), 668 policydsl.SignedBy(0), 669 }, 670 ), 671 ), 672 Identities: []*mb.MSPPrincipal{ 673 { 674 PrincipalClassification: mb.MSPPrincipal_ROLE, 675 Principal: protoutil.MarshalOrPanic( 676 &mb.MSPRole{ 677 Role: mb.MSPRole_MEMBER, 678 MspIdentifier: "B", 679 }, 680 ), 681 }, 682 { 683 PrincipalClassification: mb.MSPPrincipal_ROLE, 684 Principal: protoutil.MarshalOrPanic( 685 &mb.MSPRole{ 686 Role: mb.MSPRole_MEMBER, 687 MspIdentifier: "C", 688 }, 689 ), 690 }, 691 { 692 PrincipalClassification: mb.MSPPrincipal_ROLE, 693 Principal: protoutil.MarshalOrPanic( 694 &mb.MSPRole{ 695 Role: mb.MSPRole_MEMBER, 696 MspIdentifier: "A", 697 }, 698 ), 699 }, 700 }, 701 }, spe) 702 } 703 704 func TestImplicitMetaPolicy_Convert6(t *testing.T) { 705 // Scenario: we attempt the conversion of a metapolicy requiring 706 // ALL of 2 sub-policies, where the first one is an OR of an AND 707 // of 2 and an OR of 1 and the second one is an AND of 2, with 708 // principal deduplication required both across the two subpolicies 709 // and within the first and the second 710 711 pfs := &cauthdsl.EnvelopeBasedPolicyProvider{} 712 713 p1, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 714 Version: 0, 715 Rule: policydsl.NOutOf(1, 716 []*cb.SignaturePolicy{ 717 policydsl.NOutOf(2, 718 []*cb.SignaturePolicy{ 719 policydsl.SignedBy(0), 720 policydsl.SignedBy(1), 721 }, 722 ), 723 policydsl.NOutOf(1, 724 []*cb.SignaturePolicy{ 725 policydsl.SignedBy(2), 726 }, 727 ), 728 }, 729 ), 730 Identities: []*mb.MSPPrincipal{ 731 { 732 PrincipalClassification: mb.MSPPrincipal_ROLE, 733 Principal: protoutil.MarshalOrPanic( 734 &mb.MSPRole{ 735 Role: mb.MSPRole_MEMBER, 736 MspIdentifier: "B", 737 }, 738 ), 739 }, 740 { 741 PrincipalClassification: mb.MSPPrincipal_ROLE, 742 Principal: protoutil.MarshalOrPanic( 743 &mb.MSPRole{ 744 Role: mb.MSPRole_MEMBER, 745 MspIdentifier: "C", 746 }, 747 ), 748 }, 749 { 750 PrincipalClassification: mb.MSPPrincipal_ROLE, 751 Principal: protoutil.MarshalOrPanic( 752 &mb.MSPRole{ 753 Role: mb.MSPRole_MEMBER, 754 MspIdentifier: "B", 755 }, 756 ), 757 }, 758 }, 759 }) 760 require.NotNil(t, p1) 761 require.NoError(t, err) 762 763 p2, err := pfs.NewPolicy(&cb.SignaturePolicyEnvelope{ 764 Version: 0, 765 Rule: policydsl.NOutOf(2, 766 []*cb.SignaturePolicy{ 767 policydsl.SignedBy(0), 768 policydsl.SignedBy(1), 769 }, 770 ), 771 Identities: []*mb.MSPPrincipal{ 772 { 773 PrincipalClassification: mb.MSPPrincipal_ROLE, 774 Principal: protoutil.MarshalOrPanic( 775 &mb.MSPRole{ 776 Role: mb.MSPRole_MEMBER, 777 MspIdentifier: "B", 778 }, 779 ), 780 }, 781 { 782 PrincipalClassification: mb.MSPPrincipal_ROLE, 783 Principal: protoutil.MarshalOrPanic( 784 &mb.MSPRole{ 785 Role: mb.MSPRole_MEMBER, 786 MspIdentifier: "B", 787 }, 788 ), 789 }, 790 }, 791 }) 792 require.NotNil(t, p2) 793 require.NoError(t, err) 794 795 p := &policies.ImplicitMetaPolicy{ 796 Threshold: 2, 797 SubPolicyName: "mypolicy", 798 SubPolicies: []policies.Policy{p1, p2}, 799 } 800 801 spe, err := p.Convert() 802 require.NoError(t, err) 803 require.NotNil(t, spe) 804 require.Equal(t, &cb.SignaturePolicyEnvelope{ 805 Version: 0, 806 Rule: policydsl.And( 807 policydsl.NOutOf(1, 808 []*cb.SignaturePolicy{ 809 policydsl.NOutOf(2, 810 []*cb.SignaturePolicy{ 811 policydsl.SignedBy(0), 812 policydsl.SignedBy(1), 813 }, 814 ), 815 policydsl.NOutOf(1, 816 []*cb.SignaturePolicy{ 817 policydsl.SignedBy(0), 818 }, 819 ), 820 }, 821 ), 822 policydsl.NOutOf(2, 823 []*cb.SignaturePolicy{ 824 policydsl.SignedBy(0), 825 policydsl.SignedBy(0), 826 }, 827 ), 828 ), 829 Identities: []*mb.MSPPrincipal{ 830 { 831 PrincipalClassification: mb.MSPPrincipal_ROLE, 832 Principal: protoutil.MarshalOrPanic( 833 &mb.MSPRole{ 834 Role: mb.MSPRole_MEMBER, 835 MspIdentifier: "B", 836 }, 837 ), 838 }, 839 { 840 PrincipalClassification: mb.MSPPrincipal_ROLE, 841 Principal: protoutil.MarshalOrPanic( 842 &mb.MSPRole{ 843 Role: mb.MSPRole_MEMBER, 844 MspIdentifier: "C", 845 }, 846 ), 847 }, 848 }, 849 }, spe) 850 } 851 852 type inconvertiblePolicy struct{} 853 854 func (i *inconvertiblePolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error { 855 return nil 856 } 857 858 func (i *inconvertiblePolicy) EvaluateIdentities(signatureSet []msp.Identity) error { 859 return nil 860 } 861 862 func TestImplicitMetaPolicy_Convert7(t *testing.T) { 863 // Scenario: we attempt the conversion of a metapolicy 864 // with an incovertible subpolicy 865 866 p := &policies.ImplicitMetaPolicy{ 867 Threshold: 2, 868 SubPolicyName: "mypolicy", 869 SubPolicies: []policies.Policy{&inconvertiblePolicy{}}, 870 } 871 872 spe, err := p.Convert() 873 require.EqualError(t, err, "subpolicy number 0 type *policies_test.inconvertiblePolicy of policy mypolicy is not convertible") 874 require.Nil(t, spe) 875 } 876 877 type convertFailurePolicy struct{} 878 879 func (i *convertFailurePolicy) EvaluateSignedData(signatureSet []*protoutil.SignedData) error { 880 return nil 881 } 882 883 func (i *convertFailurePolicy) EvaluateIdentities(identities []msp.Identity) error { 884 return nil 885 } 886 887 func (i *convertFailurePolicy) Convert() (*cb.SignaturePolicyEnvelope, error) { 888 return nil, errors.New("nope") 889 } 890 891 func TestImplicitMetaPolicy_Convert8(t *testing.T) { 892 // Scenario: we attempt the conversion of a metapolicy 893 // with a subpolicy whose conversion fails 894 895 p := &policies.PolicyLogger{ 896 Policy: &policies.ImplicitMetaPolicy{ 897 Threshold: 2, 898 SubPolicyName: "mypolicy", 899 SubPolicies: []policies.Policy{&convertFailurePolicy{}}, 900 }, 901 } 902 903 spe, err := p.Convert() 904 require.EqualError(t, err, "failed to convert subpolicy number 0 of policy mypolicy: nope") 905 require.Nil(t, spe) 906 }