github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/integration/msp/msp_test.go (about)

     1  /*
     2  Copyright hechain. All Rights Reserved.
     3  
     4  SPDX-License-Identifier: Apache-2.0
     5  */
     6  
     7  package msp
     8  
     9  import (
    10  	"fmt"
    11  	"io"
    12  	"io/ioutil"
    13  	"os"
    14  	"path/filepath"
    15  	"syscall"
    16  
    17  	docker "github.com/fsouza/go-dockerclient"
    18  	"github.com/hechain20/hechain/integration/nwo"
    19  	"github.com/hechain20/hechain/integration/nwo/commands"
    20  	. "github.com/onsi/ginkgo"
    21  	. "github.com/onsi/gomega"
    22  	"github.com/onsi/gomega/gbytes"
    23  	"github.com/onsi/gomega/gexec"
    24  	"github.com/tedsuo/ifrit"
    25  )
    26  
    27  var _ = Describe("MSP identity test on a network with mutual TLS required", func() {
    28  	var (
    29  		client  *docker.Client
    30  		tempDir string
    31  		network *nwo.Network
    32  		process ifrit.Process
    33  	)
    34  
    35  	BeforeEach(func() {
    36  		var err error
    37  		tempDir, err = ioutil.TempDir("", "msp")
    38  		Expect(err).NotTo(HaveOccurred())
    39  
    40  		client, err = docker.NewClientFromEnv()
    41  		Expect(err).NotTo(HaveOccurred())
    42  
    43  		network = nwo.New(nwo.BasicSolo(), tempDir, client, StartPort(), components)
    44  	})
    45  
    46  	AfterEach(func() {
    47  		// Shutdown processes and cleanup
    48  		process.Signal(syscall.SIGTERM)
    49  		Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive())
    50  
    51  		if network != nil {
    52  			network.Cleanup()
    53  		}
    54  		os.RemoveAll(tempDir)
    55  	})
    56  
    57  	It("invokes chaincode on a peer that does not have a valid endorser identity", func() {
    58  		By("setting TLS ClientAuthRequired to be true for all peers and orderers")
    59  		network.ClientAuthRequired = true
    60  
    61  		By("disabling NodeOU for org2")
    62  		// Org2 Peer0 is used to test chaincode endorsement policy not satisfied due to peer's MSP
    63  		// does not define Node OU.
    64  		Org2 := network.Organization("Org2")
    65  		Org2.EnableNodeOUs = false
    66  
    67  		network.GenerateConfigTree()
    68  		network.Bootstrap()
    69  
    70  		By("starting all processes for fabric")
    71  		networkRunner := network.NetworkGroupRunner()
    72  		process = ifrit.Invoke(networkRunner)
    73  		Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed())
    74  
    75  		org1Peer0 := network.Peer("Org1", "peer0")
    76  		org2Peer0 := network.Peer("Org2", "peer0")
    77  		orderer := network.Orderer("orderer")
    78  
    79  		By("creating and joining channels")
    80  		network.CreateAndJoinChannels(orderer)
    81  		By("enabling new lifecycle capabilities")
    82  		nwo.EnableCapabilities(network, "testchannel", "Application", "V2_0", orderer, network.Peer("Org1", "peer0"), network.Peer("Org2", "peer0"))
    83  
    84  		chaincode := nwo.Chaincode{
    85  			Name:            "mycc",
    86  			Version:         "0.0",
    87  			Path:            "github.com/hechain20/hechain/integration/chaincode/simple/cmd",
    88  			Lang:            "golang",
    89  			PackageFile:     filepath.Join(tempDir, "simplecc.tar.gz"),
    90  			Ctor:            `{"Args":["init","a","100","b","200"]}`,
    91  			SignaturePolicy: `OR ('Org1MSP.peer', 'Org2MSP.peer')`,
    92  			Sequence:        "1",
    93  			InitRequired:    true,
    94  			Label:           "my_simple_chaincode",
    95  		}
    96  
    97  		By("deploying the chaincode")
    98  		nwo.DeployChaincode(network, "testchannel", orderer, chaincode)
    99  
   100  		By("querying and invoking chaincode with mutual TLS enabled")
   101  		RunQueryInvokeQuery(network, orderer, org1Peer0, 100)
   102  
   103  		By("querying the chaincode with org2 peer")
   104  		sess, err := network.PeerUserSession(org2Peer0, "User1", commands.ChaincodeQuery{
   105  			ChannelID: "testchannel",
   106  			Name:      "mycc",
   107  			Ctor:      `{"Args":["query","a"]}`,
   108  		})
   109  		Expect(err).NotTo(HaveOccurred())
   110  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0))
   111  		Expect(sess).To(gbytes.Say("90"))
   112  
   113  		// Testing scenario one: chaincode endorsement policy not satisfied due to peer's MSP does not define
   114  		// the peer node OU.
   115  		By("attempting to invoke chaincode on a peer that does not have a valid endorser identity (endorsing peer has member identity)")
   116  		sess, err = network.PeerUserSession(org2Peer0, "User1", commands.ChaincodeInvoke{
   117  			ChannelID: "testchannel",
   118  			Orderer:   network.OrdererAddress(orderer, nwo.ListenPort),
   119  			Name:      "mycc",
   120  			Ctor:      `{"Args":["invoke","a","b","10"]}`,
   121  			PeerAddresses: []string{
   122  				network.PeerAddress(network.Peer("Org2", "peer0"), nwo.ListenPort),
   123  			},
   124  			WaitForEvent: true,
   125  			ClientAuth:   network.ClientAuthRequired,
   126  		})
   127  		Expect(err).NotTo(HaveOccurred())
   128  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(1))
   129  		Expect(sess.Err).To(gbytes.Say(`(ENDORSEMENT_POLICY_FAILURE)`))
   130  
   131  		By("reverifying the channel was not affected by the unauthorized endorsement")
   132  		sess, err = network.PeerUserSession(org2Peer0, "User1", commands.ChaincodeQuery{
   133  			ChannelID: "testchannel",
   134  			Name:      "mycc",
   135  			Ctor:      `{"Args":["query","a"]}`,
   136  		})
   137  		Expect(err).NotTo(HaveOccurred())
   138  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0))
   139  		Expect(sess).To(gbytes.Say("90"))
   140  
   141  		// Testing scenario two: chaincode endorsement policy not satisfied due to peer's signer cert does not
   142  		// satisfy endorsement policy.
   143  		By("replacing org1peer0's identity with a client identity")
   144  		// Org1 peer0 is used to test chaincode endorsement policy not satisfied due to peer's signer
   145  		// cert does not satisfy endorsement policy.
   146  		org1Peer0MSPDir := network.PeerLocalMSPDir(org1Peer0)
   147  		org1User1MSPDir := network.PeerUserMSPDir(org1Peer0, "User1")
   148  
   149  		_, err = copyFile(filepath.Join(org1User1MSPDir, "signcerts", "User1@org1.example.com-cert.pem"), filepath.Join(org1Peer0MSPDir, "signcerts", "peer0.org1.example.com-cert.pem"))
   150  		Expect(err).NotTo(HaveOccurred())
   151  		_, err = copyFile(filepath.Join(org1User1MSPDir, "keystore", "priv_sk"), filepath.Join(org1Peer0MSPDir, "keystore", "priv_sk"))
   152  		Expect(err).NotTo(HaveOccurred())
   153  
   154  		By("restarting all fabric processes to reload MSP identities")
   155  		process.Signal(syscall.SIGTERM)
   156  		Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive())
   157  		networkRunner = network.NetworkGroupRunner()
   158  		process = ifrit.Invoke(networkRunner)
   159  		Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed())
   160  
   161  		By("attempting to invoke chaincode on a peer that does not have a valid endorser identity (endorsing peer has client identity)")
   162  		sess, err = network.PeerUserSession(org1Peer0, "User1", commands.ChaincodeInvoke{
   163  			ChannelID: "testchannel",
   164  			Orderer:   network.OrdererAddress(orderer, nwo.ListenPort),
   165  			Name:      "mycc",
   166  			Ctor:      `{"Args":["invoke","a","b","10"]}`,
   167  			PeerAddresses: []string{
   168  				network.PeerAddress(network.Peer("Org1", "peer0"), nwo.ListenPort),
   169  			},
   170  			WaitForEvent: true,
   171  			ClientAuth:   network.ClientAuthRequired,
   172  		})
   173  		Expect(err).NotTo(HaveOccurred())
   174  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(1))
   175  		Expect(sess.Err).To(gbytes.Say(`(ENDORSEMENT_POLICY_FAILURE)`))
   176  
   177  		By("reverifying the channel was not affected by the unauthorized endorsement")
   178  		sess, err = network.PeerUserSession(org1Peer0, "User1", commands.ChaincodeQuery{
   179  			ChannelID: "testchannel",
   180  			Name:      "mycc",
   181  			Ctor:      `{"Args":["query","a"]}`,
   182  		})
   183  		Expect(err).NotTo(HaveOccurred())
   184  		Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0))
   185  		Expect(sess).To(gbytes.Say("90"))
   186  	})
   187  })
   188  
   189  func RunQueryInvokeQuery(n *nwo.Network, orderer *nwo.Orderer, peer *nwo.Peer, initialQueryResult int) {
   190  	sess, err := n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{
   191  		ChannelID: "testchannel",
   192  		Name:      "mycc",
   193  		Ctor:      `{"Args":["query","a"]}`,
   194  	})
   195  	Expect(err).NotTo(HaveOccurred())
   196  	Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0))
   197  	Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult)))
   198  
   199  	sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeInvoke{
   200  		ChannelID: "testchannel",
   201  		Orderer:   n.OrdererAddress(orderer, nwo.ListenPort),
   202  		Name:      "mycc",
   203  		Ctor:      `{"Args":["invoke","a","b","10"]}`,
   204  		PeerAddresses: []string{
   205  			n.PeerAddress(n.Peer("Org1", "peer0"), nwo.ListenPort),
   206  			n.PeerAddress(n.Peer("Org2", "peer0"), nwo.ListenPort),
   207  		},
   208  		WaitForEvent: true,
   209  		ClientAuth:   n.ClientAuthRequired,
   210  	})
   211  	Expect(err).NotTo(HaveOccurred())
   212  	Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0))
   213  	Expect(sess.Err).To(gbytes.Say("Chaincode invoke successful. result: status:200"))
   214  
   215  	sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{
   216  		ChannelID: "testchannel",
   217  		Name:      "mycc",
   218  		Ctor:      `{"Args":["query","a"]}`,
   219  	})
   220  	Expect(err).NotTo(HaveOccurred())
   221  	Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0))
   222  	Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult - 10)))
   223  }
   224  
   225  func copyFile(src, dst string) (int64, error) {
   226  	source, err := os.Open(src)
   227  	if err != nil {
   228  		return 0, err
   229  	}
   230  	defer source.Close()
   231  
   232  	err = os.Remove(dst)
   233  	if err != nil {
   234  		return 0, err
   235  	}
   236  	destination, err := os.Create(dst)
   237  	if err != nil {
   238  		return 0, err
   239  	}
   240  	defer destination.Close()
   241  	nBytes, err := io.Copy(destination, source)
   242  	return nBytes, err
   243  }