github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/integration/msp/msp_test.go (about) 1 /* 2 Copyright hechain. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package msp 8 9 import ( 10 "fmt" 11 "io" 12 "io/ioutil" 13 "os" 14 "path/filepath" 15 "syscall" 16 17 docker "github.com/fsouza/go-dockerclient" 18 "github.com/hechain20/hechain/integration/nwo" 19 "github.com/hechain20/hechain/integration/nwo/commands" 20 . "github.com/onsi/ginkgo" 21 . "github.com/onsi/gomega" 22 "github.com/onsi/gomega/gbytes" 23 "github.com/onsi/gomega/gexec" 24 "github.com/tedsuo/ifrit" 25 ) 26 27 var _ = Describe("MSP identity test on a network with mutual TLS required", func() { 28 var ( 29 client *docker.Client 30 tempDir string 31 network *nwo.Network 32 process ifrit.Process 33 ) 34 35 BeforeEach(func() { 36 var err error 37 tempDir, err = ioutil.TempDir("", "msp") 38 Expect(err).NotTo(HaveOccurred()) 39 40 client, err = docker.NewClientFromEnv() 41 Expect(err).NotTo(HaveOccurred()) 42 43 network = nwo.New(nwo.BasicSolo(), tempDir, client, StartPort(), components) 44 }) 45 46 AfterEach(func() { 47 // Shutdown processes and cleanup 48 process.Signal(syscall.SIGTERM) 49 Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive()) 50 51 if network != nil { 52 network.Cleanup() 53 } 54 os.RemoveAll(tempDir) 55 }) 56 57 It("invokes chaincode on a peer that does not have a valid endorser identity", func() { 58 By("setting TLS ClientAuthRequired to be true for all peers and orderers") 59 network.ClientAuthRequired = true 60 61 By("disabling NodeOU for org2") 62 // Org2 Peer0 is used to test chaincode endorsement policy not satisfied due to peer's MSP 63 // does not define Node OU. 64 Org2 := network.Organization("Org2") 65 Org2.EnableNodeOUs = false 66 67 network.GenerateConfigTree() 68 network.Bootstrap() 69 70 By("starting all processes for fabric") 71 networkRunner := network.NetworkGroupRunner() 72 process = ifrit.Invoke(networkRunner) 73 Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed()) 74 75 org1Peer0 := network.Peer("Org1", "peer0") 76 org2Peer0 := network.Peer("Org2", "peer0") 77 orderer := network.Orderer("orderer") 78 79 By("creating and joining channels") 80 network.CreateAndJoinChannels(orderer) 81 By("enabling new lifecycle capabilities") 82 nwo.EnableCapabilities(network, "testchannel", "Application", "V2_0", orderer, network.Peer("Org1", "peer0"), network.Peer("Org2", "peer0")) 83 84 chaincode := nwo.Chaincode{ 85 Name: "mycc", 86 Version: "0.0", 87 Path: "github.com/hechain20/hechain/integration/chaincode/simple/cmd", 88 Lang: "golang", 89 PackageFile: filepath.Join(tempDir, "simplecc.tar.gz"), 90 Ctor: `{"Args":["init","a","100","b","200"]}`, 91 SignaturePolicy: `OR ('Org1MSP.peer', 'Org2MSP.peer')`, 92 Sequence: "1", 93 InitRequired: true, 94 Label: "my_simple_chaincode", 95 } 96 97 By("deploying the chaincode") 98 nwo.DeployChaincode(network, "testchannel", orderer, chaincode) 99 100 By("querying and invoking chaincode with mutual TLS enabled") 101 RunQueryInvokeQuery(network, orderer, org1Peer0, 100) 102 103 By("querying the chaincode with org2 peer") 104 sess, err := network.PeerUserSession(org2Peer0, "User1", commands.ChaincodeQuery{ 105 ChannelID: "testchannel", 106 Name: "mycc", 107 Ctor: `{"Args":["query","a"]}`, 108 }) 109 Expect(err).NotTo(HaveOccurred()) 110 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 111 Expect(sess).To(gbytes.Say("90")) 112 113 // Testing scenario one: chaincode endorsement policy not satisfied due to peer's MSP does not define 114 // the peer node OU. 115 By("attempting to invoke chaincode on a peer that does not have a valid endorser identity (endorsing peer has member identity)") 116 sess, err = network.PeerUserSession(org2Peer0, "User1", commands.ChaincodeInvoke{ 117 ChannelID: "testchannel", 118 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 119 Name: "mycc", 120 Ctor: `{"Args":["invoke","a","b","10"]}`, 121 PeerAddresses: []string{ 122 network.PeerAddress(network.Peer("Org2", "peer0"), nwo.ListenPort), 123 }, 124 WaitForEvent: true, 125 ClientAuth: network.ClientAuthRequired, 126 }) 127 Expect(err).NotTo(HaveOccurred()) 128 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(1)) 129 Expect(sess.Err).To(gbytes.Say(`(ENDORSEMENT_POLICY_FAILURE)`)) 130 131 By("reverifying the channel was not affected by the unauthorized endorsement") 132 sess, err = network.PeerUserSession(org2Peer0, "User1", commands.ChaincodeQuery{ 133 ChannelID: "testchannel", 134 Name: "mycc", 135 Ctor: `{"Args":["query","a"]}`, 136 }) 137 Expect(err).NotTo(HaveOccurred()) 138 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 139 Expect(sess).To(gbytes.Say("90")) 140 141 // Testing scenario two: chaincode endorsement policy not satisfied due to peer's signer cert does not 142 // satisfy endorsement policy. 143 By("replacing org1peer0's identity with a client identity") 144 // Org1 peer0 is used to test chaincode endorsement policy not satisfied due to peer's signer 145 // cert does not satisfy endorsement policy. 146 org1Peer0MSPDir := network.PeerLocalMSPDir(org1Peer0) 147 org1User1MSPDir := network.PeerUserMSPDir(org1Peer0, "User1") 148 149 _, err = copyFile(filepath.Join(org1User1MSPDir, "signcerts", "User1@org1.example.com-cert.pem"), filepath.Join(org1Peer0MSPDir, "signcerts", "peer0.org1.example.com-cert.pem")) 150 Expect(err).NotTo(HaveOccurred()) 151 _, err = copyFile(filepath.Join(org1User1MSPDir, "keystore", "priv_sk"), filepath.Join(org1Peer0MSPDir, "keystore", "priv_sk")) 152 Expect(err).NotTo(HaveOccurred()) 153 154 By("restarting all fabric processes to reload MSP identities") 155 process.Signal(syscall.SIGTERM) 156 Eventually(process.Wait(), network.EventuallyTimeout).Should(Receive()) 157 networkRunner = network.NetworkGroupRunner() 158 process = ifrit.Invoke(networkRunner) 159 Eventually(process.Ready(), network.EventuallyTimeout).Should(BeClosed()) 160 161 By("attempting to invoke chaincode on a peer that does not have a valid endorser identity (endorsing peer has client identity)") 162 sess, err = network.PeerUserSession(org1Peer0, "User1", commands.ChaincodeInvoke{ 163 ChannelID: "testchannel", 164 Orderer: network.OrdererAddress(orderer, nwo.ListenPort), 165 Name: "mycc", 166 Ctor: `{"Args":["invoke","a","b","10"]}`, 167 PeerAddresses: []string{ 168 network.PeerAddress(network.Peer("Org1", "peer0"), nwo.ListenPort), 169 }, 170 WaitForEvent: true, 171 ClientAuth: network.ClientAuthRequired, 172 }) 173 Expect(err).NotTo(HaveOccurred()) 174 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(1)) 175 Expect(sess.Err).To(gbytes.Say(`(ENDORSEMENT_POLICY_FAILURE)`)) 176 177 By("reverifying the channel was not affected by the unauthorized endorsement") 178 sess, err = network.PeerUserSession(org1Peer0, "User1", commands.ChaincodeQuery{ 179 ChannelID: "testchannel", 180 Name: "mycc", 181 Ctor: `{"Args":["query","a"]}`, 182 }) 183 Expect(err).NotTo(HaveOccurred()) 184 Eventually(sess, network.EventuallyTimeout).Should(gexec.Exit(0)) 185 Expect(sess).To(gbytes.Say("90")) 186 }) 187 }) 188 189 func RunQueryInvokeQuery(n *nwo.Network, orderer *nwo.Orderer, peer *nwo.Peer, initialQueryResult int) { 190 sess, err := n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{ 191 ChannelID: "testchannel", 192 Name: "mycc", 193 Ctor: `{"Args":["query","a"]}`, 194 }) 195 Expect(err).NotTo(HaveOccurred()) 196 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 197 Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult))) 198 199 sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeInvoke{ 200 ChannelID: "testchannel", 201 Orderer: n.OrdererAddress(orderer, nwo.ListenPort), 202 Name: "mycc", 203 Ctor: `{"Args":["invoke","a","b","10"]}`, 204 PeerAddresses: []string{ 205 n.PeerAddress(n.Peer("Org1", "peer0"), nwo.ListenPort), 206 n.PeerAddress(n.Peer("Org2", "peer0"), nwo.ListenPort), 207 }, 208 WaitForEvent: true, 209 ClientAuth: n.ClientAuthRequired, 210 }) 211 Expect(err).NotTo(HaveOccurred()) 212 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 213 Expect(sess.Err).To(gbytes.Say("Chaincode invoke successful. result: status:200")) 214 215 sess, err = n.PeerUserSession(peer, "User1", commands.ChaincodeQuery{ 216 ChannelID: "testchannel", 217 Name: "mycc", 218 Ctor: `{"Args":["query","a"]}`, 219 }) 220 Expect(err).NotTo(HaveOccurred()) 221 Eventually(sess, n.EventuallyTimeout).Should(gexec.Exit(0)) 222 Expect(sess).To(gbytes.Say(fmt.Sprint(initialQueryResult - 10))) 223 } 224 225 func copyFile(src, dst string) (int64, error) { 226 source, err := os.Open(src) 227 if err != nil { 228 return 0, err 229 } 230 defer source.Close() 231 232 err = os.Remove(dst) 233 if err != nil { 234 return 0, err 235 } 236 destination, err := os.Create(dst) 237 if err != nil { 238 return 0, err 239 } 240 defer destination.Close() 241 nBytes, err := io.Copy(destination, source) 242 return nBytes, err 243 }