github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/common/cauthdsl/cauthdsl_test.go

github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/common/cauthdsl/cauthdsl_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2016 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8                   http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package cauthdsl
    18  
    19  import (
    20  	"bytes"
    21  	"errors"
    22  	"testing"
    23  
    24  	"github.com/hyperledger/fabric/msp"
    25  
    26  	"github.com/golang/protobuf/proto"
    27  	cb "github.com/hyperledger/fabric/protos/common"
    28  	mb "github.com/hyperledger/fabric/protos/msp"
    29  )
    30  
    31  var invalidSignature = []byte("badsigned")
    32  
    33  type mockIdentity struct {
    34  	idBytes []byte
    35  }
    36  
    37  func (id *mockIdentity) SatisfiesPrincipal(p *mb.MSPPrincipal) error {
    38  	if bytes.Compare(id.idBytes, p.Principal) == 0 {
    39  		return nil
    40  	} else {
    41  		return errors.New("Principals do not match")
    42  	}
    43  }
    44  
    45  func (id *mockIdentity) GetIdentifier() *msp.IdentityIdentifier {
    46  	return &msp.IdentityIdentifier{Mspid: "Mock", Id: "Bob"}
    47  }
    48  
    49  func (id *mockIdentity) GetMSPIdentifier() string {
    50  	return "Mock"
    51  }
    52  
    53  func (id *mockIdentity) Validate() error {
    54  	return nil
    55  }
    56  
    57  func (id *mockIdentity) GetOrganizationalUnits() []mb.FabricOUIdentifier {
    58  	return nil
    59  }
    60  
    61  func (id *mockIdentity) Verify(msg []byte, sig []byte) error {
    62  	if bytes.Compare(sig, invalidSignature) == 0 {
    63  		return errors.New("Invalid signature")
    64  	} else {
    65  		return nil
    66  	}
    67  }
    68  
    69  func (id *mockIdentity) VerifyOpts(msg []byte, sig []byte, opts msp.SignatureOpts) error {
    70  	return nil
    71  }
    72  
    73  func (id *mockIdentity) VerifyAttributes(proof []byte, spec *msp.AttributeProofSpec) error {
    74  	return nil
    75  }
    76  
    77  func (id *mockIdentity) Serialize() ([]byte, error) {
    78  	return id.idBytes, nil
    79  }
    80  
    81  func toSignedData(data [][]byte, identities [][]byte, signatures [][]byte) ([]*cb.SignedData, []bool) {
    82  	signedData := make([]*cb.SignedData, len(data))
    83  	for i := range signedData {
    84  		signedData[i] = &cb.SignedData{
    85  			Data:      data[i],
    86  			Identity:  identities[i],
    87  			Signature: signatures[i],
    88  		}
    89  	}
    90  	return signedData, make([]bool, len(signedData))
    91  }
    92  
    93  type mockDeserializer struct {
    94  }
    95  
    96  func NewMockDeserializer() msp.IdentityDeserializer {
    97  	return &mockDeserializer{}
    98  }
    99  
   100  func (md *mockDeserializer) DeserializeIdentity(serializedIdentity []byte) (msp.Identity, error) {
   101  	return &mockIdentity{idBytes: serializedIdentity}, nil
   102  }
   103  
   104  var validSignature = []byte("signed")
   105  var signers = [][]byte{[]byte("signer0"), []byte("signer1")}
   106  var msgs = [][]byte{nil, nil}
   107  var moreMsgs = [][]byte{nil, nil, nil}
   108  
   109  func TestSimpleSignature(t *testing.T) {
   110  	policy := Envelope(SignedBy(0), signers)
   111  
   112  	spe, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
   113  	if err != nil {
   114  		t.Fatalf("Could not create a new SignaturePolicyEvaluator using the given policy, crypto-helper: %s", err)
   115  	}
   116  
   117  	if !spe(toSignedData([][]byte{nil}, [][]byte{signers[0]}, [][]byte{validSignature})) {
   118  		t.Errorf("Expected authentication to succeed with valid signatures")
   119  	}
   120  	if spe(toSignedData([][]byte{nil}, [][]byte{signers[0]}, [][]byte{invalidSignature})) {
   121  		t.Errorf("Expected authentication to fail given the invalid signature")
   122  	}
   123  	if spe(toSignedData([][]byte{nil}, [][]byte{signers[1]}, [][]byte{validSignature})) {
   124  		t.Errorf("Expected authentication to fail because signers[1] is not authorized in the policy, despite his valid signature")
   125  	}
   126  }
   127  
   128  func TestMultipleSignature(t *testing.T) {
   129  	policy := Envelope(And(SignedBy(0), SignedBy(1)), signers)
   130  
   131  	spe, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
   132  	if err != nil {
   133  		t.Fatalf("Could not create a new SignaturePolicyEvaluator using the given policy, crypto-helper: %s", err)
   134  	}
   135  
   136  	if !spe(toSignedData(msgs, signers, [][]byte{validSignature, validSignature})) {
   137  		t.Errorf("Expected authentication to succeed with  valid signatures")
   138  	}
   139  	if spe(toSignedData(msgs, signers, [][]byte{validSignature, invalidSignature})) {
   140  		t.Errorf("Expected authentication to fail given one of two invalid signatures")
   141  	}
   142  	if spe(toSignedData(msgs, [][]byte{signers[0], signers[0]}, [][]byte{validSignature, validSignature})) {
   143  		t.Errorf("Expected authentication to fail because although there were two valid signatures, one was duplicated")
   144  	}
   145  }
   146  
   147  func TestComplexNestedSignature(t *testing.T) {
   148  	policy := Envelope(And(Or(And(SignedBy(0), SignedBy(1)), And(SignedBy(0), SignedBy(0))), SignedBy(0)), signers)
   149  
   150  	spe, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
   151  	if err != nil {
   152  		t.Fatalf("Could not create a new SignaturePolicyEvaluator using the given policy, crypto-helper: %s", err)
   153  	}
   154  
   155  	if !spe(toSignedData(moreMsgs, append(signers, [][]byte{[]byte("signer0")}...), [][]byte{validSignature, validSignature, validSignature})) {
   156  		t.Errorf("Expected authentication to succeed with valid signatures")
   157  	}
   158  	if !spe(toSignedData(moreMsgs, [][]byte{[]byte("signer0"), []byte("signer0"), []byte("signer0")}, [][]byte{validSignature, validSignature, validSignature})) {
   159  		t.Errorf("Expected authentication to succeed with valid signatures")
   160  	}
   161  	if spe(toSignedData(msgs, signers, [][]byte{validSignature, validSignature})) {
   162  		t.Errorf("Expected authentication to fail with too few signatures")
   163  	}
   164  	if spe(toSignedData(moreMsgs, append(signers, [][]byte{[]byte("signer0")}...), [][]byte{validSignature, invalidSignature, validSignature})) {
   165  		t.Errorf("Expected authentication failure as the signature of signer[1] was invalid")
   166  	}
   167  	if spe(toSignedData(moreMsgs, append(signers, [][]byte{[]byte("signer1")}...), [][]byte{validSignature, validSignature, validSignature})) {
   168  		t.Errorf("Expected authentication failure as there was a signature from signer[0] missing")
   169  	}
   170  }
   171  
   172  func TestNegatively(t *testing.T) {
   173  	rpolicy := Envelope(And(SignedBy(0), SignedBy(1)), signers)
   174  	rpolicy.Policy.Type = nil
   175  	b, _ := proto.Marshal(rpolicy)
   176  	policy := &cb.SignaturePolicyEnvelope{}
   177  	_ = proto.Unmarshal(b, policy)
   178  	_, err := compile(policy.Policy, policy.Identities, &mockDeserializer{})
   179  	if err == nil {
   180  		t.Fatal("Should have errored compiling because the Type field was nil")
   181  	}
   182  }