github.com/leonlxy/hyperledger@v1.0.0-alpha.0.20170427033203-34922035d248/core/policy/policy_test.go (about) 1 /* 2 Copyright IBM Corp. 2017 All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package policy 18 19 import ( 20 "testing" 21 22 "github.com/hyperledger/fabric/common/policies" 23 "github.com/hyperledger/fabric/msp/mgmt" 24 "github.com/hyperledger/fabric/protos/peer" 25 "github.com/hyperledger/fabric/protos/utils" 26 "github.com/stretchr/testify/assert" 27 ) 28 29 func TestPolicyChecker(t *testing.T) { 30 policyManagerGetter := &MockChannelPolicyManagerGetter{ 31 map[string]policies.Manager{ 32 "A": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")}}}, 33 "B": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Bob"), []byte("msg2")}}}, 34 "C": &MockChannelPolicyManager{&MockPolicy{&MockIdentityDeserializer{[]byte("Alice"), []byte("msg3")}}}, 35 }, 36 } 37 identityDeserializer := &MockIdentityDeserializer{[]byte("Alice"), []byte("msg1")} 38 pc := NewPolicyChecker( 39 policyManagerGetter, 40 identityDeserializer, 41 &MockMSPPrincipalGetter{Principal: []byte("Alice")}, 42 ) 43 44 // Check that (non-empty channel, empty policy) fails 45 err := pc.CheckPolicy("A", "", nil) 46 assert.Error(t, err) 47 48 // Check that (empty channel, empty policy) fails 49 err = pc.CheckPolicy("", "", nil) 50 assert.Error(t, err) 51 52 // Check that (non-empty channel, non-empty policy, nil proposal) fails 53 err = pc.CheckPolicy("A", "A", nil) 54 assert.Error(t, err) 55 56 // Check that (empty channel, non-empty policy, nil proposal) fails 57 err = pc.CheckPolicy("", "A", nil) 58 assert.Error(t, err) 59 60 // Validate Alice signatures against channel A's readers 61 sProp, _ := utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Alice"), []byte("msg1")) 62 policyManagerGetter.Managers["A"].(*MockChannelPolicyManager).MockPolicy.(*MockPolicy).Deserializer.(*MockIdentityDeserializer).Msg = sProp.ProposalBytes 63 sProp.Signature = sProp.ProposalBytes 64 err = pc.CheckPolicy("A", "readers", sProp) 65 assert.NoError(t, err) 66 67 // Proposal from Alice for channel A should fail against channel B, where Alice is not involved 68 err = pc.CheckPolicy("B", "readers", sProp) 69 assert.Error(t, err) 70 71 // Proposal from Alice for channel A should fail against channel C, where Alice is involved but signature is not valid 72 err = pc.CheckPolicy("C", "readers", sProp) 73 assert.Error(t, err) 74 75 // Alice is a member of the local MSP, policy check must succeed 76 identityDeserializer.Msg = sProp.ProposalBytes 77 err = pc.CheckPolicyNoChannel(mgmt.Members, sProp) 78 assert.NoError(t, err) 79 80 sProp, _ = utils.MockSignedEndorserProposalOrPanic("A", &peer.ChaincodeSpec{}, []byte("Bob"), []byte("msg2")) 81 // Bob is not a member of the local MSP, policy check must fail 82 err = pc.CheckPolicyNoChannel(mgmt.Members, sProp) 83 assert.Error(t, err) 84 }