github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/core/policy/policy_test.go (about)

     1  /*
     2  Copyright IBM Corp. 2017 All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  		 http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package policy
    18  
    19  import (
    20  	"testing"
    21  
    22  	"github.com/hyperledger/fabric/common/policies"
    23  	"github.com/hyperledger/fabric/msp/mgmt"
    24  	"github.com/hyperledger/fabric/protos/peer"
    25  	"github.com/hyperledger/fabric/protos/utils"
    26  	"github.com/stretchr/testify/assert"
    27  )
    28  
    29  func TestPolicyChecker(t *testing.T) {
    30  	policyManagerGetter := &MockChannelPolicyManagerGetter{
    31  		map[string]policies.Manager{
    32  			"A": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}},
    33  			"B": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}},
    34  			"C": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}},
    35  		},
    36  	}
    37  	identityDeserializer := &MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}
    38  	pc := NewPolicyChecker(
    39  		policyManagerGetter,
    40  		identityDeserializer,
    41  		&MockMSPPrincipalGetter{Principal: []byte("Alice")},
    42  	)
    43  
    44  	// Check that (non-empty channel, empty policy) fails
    45  	err := pc.CheckPolicy("A", "", nil)
    46  	assert.Error(t, err)
    47  
    48  	// Check that (empty channel, empty policy) fails
    49  	err = pc.CheckPolicy("", "", nil)
    50  	assert.Error(t, err)
    51  
    52  	// Check that (non-empty channel, non-empty policy, nil proposal) fails
    53  	err = pc.CheckPolicy("A", "A", nil)
    54  	assert.Error(t, err)
    55  
    56  	// Check that (empty channel, non-empty policy, nil proposal) fails
    57  	err = pc.CheckPolicy("", "A", nil)
    58  	assert.Error(t, err)
    59  
    60  	// Validate Alice signatures against channel A's readers
    61  	sProp, _ := utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1"))
    62  	policyManagerGetter.Managers["A"].(*MockChannelPolicyManager).MockPolicy.(*MockPolicy).Deserializer.(*MockIdentityDeserializer).Msg = sProp.ProposalBytes
    63  	sProp.Signature = sProp.ProposalBytes
    64  	err = pc.CheckPolicy("A", "readers", sProp)
    65  	assert.NoError(t, err)
    66  
    67  	// Proposal from Alice for channel A should fail against channel B, where Alice is not involved
    68  	err = pc.CheckPolicy("B", "readers", sProp)
    69  	assert.Error(t, err)
    70  
    71  	// Proposal from Alice for channel A should fail against channel C, where Alice is involved but signature is not valid
    72  	err = pc.CheckPolicy("C", "readers", sProp)
    73  	assert.Error(t, err)
    74  
    75  	// Alice is a member of the local MSP, policy check must succeed
    76  	identityDeserializer.Msg = sProp.ProposalBytes
    77  	err = pc.CheckPolicyNoChannel(mgmt.Members, sProp)
    78  	assert.NoError(t, err)
    79  
    80  	sProp, _ = utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Bob"), []byte("msg2"))
    81  	// Bob is not a member of the local MSP, policy check must fail
    82  	err = pc.CheckPolicyNoChannel(mgmt.Members, sProp)
    83  	assert.Error(t, err)
    84  }